No Internet Access? Amid Protests, Here's How to Tell Whether the Government Is Behind it

Government-mandated Internet shutdowns occur far more regularly than you might expect.

Seth Rosenblatt, Contributing Writer

June 24, 2020

5 Min Read

Since the death of George Floyd at the hands of Minneapolis law enforcement on May 25, millions of people worldwide have taken to the streets to protest police violence. But one oft-used government tactic in some countries to limit the ability of their citizens to communicate and organize has been absent so far: There have been virtually no reports of state-mandated Internet shutdowns in response to the protest.

Part of the reason for that is it's much harder to diagnose cellular connectivity problems when thousands of people flood into one neighborhood, all demanding to use mobile phone infrastructure that wasn't designed to handle so many devices at once. While one of the few instances of a US government-mandated network shutdown came in 2011 – when police for the BART transit system in the San Francisco Bay Area shut down cellular service for several hours during protests that followed multiple police shootings of passengers – this time around Seth Schoen, senior staff technologies at the Electronic Frontier Foundation, said his colleagues haven't been able to confirm the rumors they've heard about government interference of mobile networks. 

"I haven't seen any hard evidence that couldn't also be easily explained by networks being overloaded," Schoen said in an email exchange. But in many cases, consumers can tell whether there has been government interference with Internet access because it will "affect people on different parts of the Internet in different ways," he added.

Government-mandated Internet shutdowns occur far more regularly than you might expect. The number of countries that shut down access for their residents jumped from 25 in 2018 to 33 in 2019, according to the annual Keep It On report published in February by nonprofit Internet advocacy group Access Now. China, Vietnam, Egypt, Iran, Syria, and Cuba are notorious in this regard and regularly cited as countries with the least Internet freedom, according to 2019's "Freedom on the Net" report, produced annually by the US-based democracy and human rights nonprofit Freedom House. But they're not the only countries that use Internet shutdowns to control the flow of information and ideas.

Among the worst offenders are India and Brazil. In the contested state of Kashmir, the Indian government blocked all Internet access, landlines, and mobile service for between August 2019 and March 2020. Brazil regularly blocks access to the messaging service WhatsApp, even as other Internet services in the country have continued unabated. Internet Research company Top10VPN estimated the cost of Internet shutdowns in 2019 to be more than $8 billion globally.

How to Discern  
Despite politically driven interference, Internet monitoring organizations point to some telltale clues that can help people determine whether their sudden inability to use the Internet is a technical glitch, such as an underwater cable cut, a distributed denial-of-service (DDoS) attack, or a government-mandated order.  

Most of the government-mandated Internet shutdowns or blocks are based on interfering with the country's Domain Name System (DNS), the protocol that maps websites to IP addresses, says Arturo Filastò, project lead at the Open Observatory of Network Interference, a nonprofit that monitors and documents Internet shutdowns. Since most of the world's DNS queries are resolved in plain text, Internet service providers can be "convinced" by the governments they operate under to restrict access to certain sites – or even all of them, he says.

"DNS hijacking is most common in the West. It's the first level because it's the easiest and cheapest," Filastò says. "Another technique under the DNS tampering umbrella is DNS spoofing, such as the Chinese Great Firewall, where they will spoof the response to a DNS query faster than the legitimate response."

Measuring Internet connectivity and shutdowns has grown more sophisticated over the years. The Center for Applied Internet Data Analysis at the University of California, San Diego, uses a combination of global Internet routing, active probing of IP addresses, and the background radiation from the Internet itself to evaluate the cause of a shutdown. 

"Some measurements will tell you that the physical [Internet] connectivity still exists during a shutdown. One of our three methods will still see the existence of connectivity," says Alberto Dainotti, research scientist with the Internet Outage Detection and Analysis group at CAIDA. 

Determining whether a shutdown is caused by a technical snafu, a DDoS attack, or government interference can be tricky. If you can't reach a website but others in your country can, it's most likely a technical issue with your network. (T-Mobile users experienced this in North America last week.) If all or most websites work for you but one specific one appears to be down, it could be a targeted attack (by malicious hackers or a government order) focused on that one site. Specific websites can be checked with the service Down for Everyone or Just Me.

Of course, it can also be a government shutdown. Several services can help Internet users identify when their service is being disrupted by a DDoS attack or a government shutdown. In its "Surveillance Self-Defense" guide, the EFF recommends using encrypted DNS, a virtual private network, or the Tor Browser to circumvent DNS-based network shutdowns. Filastò's employer also offers its OONI Probe to help users test network connectivity and identify likely reasons for the shutdown they're experiencing. 

The EFF's Schoen noted consumers should be more worried about technical problems on their devices or with their ISPs before presuming their government is blocking part or all of their Internet access – even though government-initiated Internet interference and shutdowns are on the rise. 

"Governments do actively tamper with people's devices and network connections, but less frequently than random errors and outages that aren't intentional on anyone's part," he said.

Related Content:






Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 

About the Author(s)

Seth Rosenblatt

Contributing Writer

Seth is editor-in-chief and founder of The Parallax, an online cybersecurity and privacy news magazine. He has worked in online journalism since 1999, including eight years at CNET News, where he led coverage of security, privacy, and Google. Based in San Francisco, he also writes about connected technology and pop culture.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights