Ammar 404 is dead. Long live Ammar 404!
Tunisia is in 133rd place out of 180 in the Reporters Without Borders Press Freedom Index 2014. The journalist and human rights activist Afef Abrougui writes here about the phenomenon Ammar 404, which is the error message displayed on screen to Tunisians when they attempt to access “illegal” content on the internet.
For those who never heard of him before, Ammar 404 is Tunisia’s Big Brother.
Under the rule of former dictator Zine el Abidine Ben Ali, Ammar worked very hard. He would spent days and nights, watching and censoring the internet.
Ammar had as his main job duties surveillance and censorship, since privacy and free speech are two sides of the same coin.
As an old man, Ammar always dressed in purple (purple is the favorite color of his former boss). Scissors are Ammar’s favorite work tool. He used them to cut access to web content deemed “threatening to public order”, “harming good morals”, “defamatory”, “inciting to terrorism” etc.
Ammar also used to filter pornography, which he himself enjoyed watching.
With the fall of his boss in January 2011, Ammar went into an unexpected retirement.
Shortly after, his death was announced.
That is what former minister of information and communication technologies (ICTs), Mongi Marzoug told us. (Who believes in what the politicians say anyway.)
“I announce that the death certificate of Ammar 404 had been delivered”, Marzoug said at a press conference in September, 2012. “He is dead and it is time to bury him”.
I have never taken Zombies seriously because they are fictional characters. But, I am taking Ammar seriously because he is real!
Besides, he is now stronger than ever, scarier than ever. He’s a Zombie with too many unchecked prerogatives and scissors in his hands!
The same government that announced “Ammar’s death” woke him up from his tomb on November 6, 2013 by issuing decree 4506.
The decree establishes the Technical Agency for Telecommunications (ATT) tasked with “providing technical support to judicial investigations into information and communication crimes” (article 2).
With this recent decree, Ammar is now going to be everywhere monitoring all of our communications, not just those that are internet based.
But, what are these “ICT crimes”, Ammar is supposed to monitor? Well, the decree never defines them. So, it is going to be up to Ammar’s bosses to define these crimes.
If Ammar has a good boss (with good intentions) these “ICT crimes” will hopefully be limited to serious wrongdoing such as child pronography, fraud and cyber-terrorism.
But, the problem is when Ammar’s boss has evil intentions. In this case, it is going to be disastrous and users should expect their communications to be monitored, for merely expressing themselves.
But, there is no need for such worries, because in a statement announcing the creation of the ATT, the ICT ministry stated that a “set of guarantees on ATT’s activities have been made in order to consolidate respect for human rights, personal data protection, freedom of expression on the internet and the right to access information”.
The statement was actually issued 14 days after ATT’s actual creation. That is how transparent our governments are.
They are good at talking about transparency and open governance. Yet, they meet behind closed doors to take unilateral decisions that profoundly affect citizens and their rights.
Now closing the transparency parenthesis and moving to the “guarantees”.
In the statement, the ministry said that surveillance orders will have to emanate from the judiciary and will be “specific and time-limited”.
Yes, but decree 4506 does not say anything about “specific and time-limited” orders.
But, the ministry’s statement does and that should be enough of a guarantee!
Also, no worries because only an “independent” judiciary (as if the judiciary in Tunisia is independent) will issue these surveillance requests.
Yet, the ICT ministry can have a say in these requests because article 5 requires the ATT to carry out “any other mission linked to its activity that it is assigned by the ministry of information and communications technology.”
Moving to another measure, depicted by the ministry as a guarantee against human rights violations: the creation of an oversight committee to supervise Ammar’s activities.
Ridiculously, this committee is presided by the ATT’s general director (that is Ammar himself), with a judge acting as its vice president.
Five government representatives appointed from the ministries of ICTs, Justice, Interior, National Defence and Human Rights and Transitional Justice.
How is a government-dominated committee supposed to objectively supervise and hold accountable a government agency?
How is Ammar supposed to supervise Ammar?
The government would argue that the oversight committee includes in its board, one representative from the High Commission for Human Rights and Fundamental Freedoms and another from the National Instance for the Protection of Personal Data (INPDP), which is the country’s data protection authority.
However, these two bodies are themselves in dire need of reforms. Let’s focus on the Data Protection Authority since it is more relevant to the topic of surveillance.
Established under the Ben Ali regime, an era where surveillance was systematic, massive and unchecked, this authority can be anything but an authority. It is weak, ineffective and without any authority.
The 2004 Personal Data Protection Law makes state authorities capable of collecting and processing personal data without the approval or the supervision of the so called authority.
Just like the oversight committee that is supposed to supervise Ammar’s conduct, the INPDP board is made up of government representatives from the Prime Minister’s office, and the ministries of Defence, the Interior, Scientific Research, Health and two MPs (article 78 of the 2004 Personal Data Protection Law).
Tunisia’s interim authorities love talking about reforms. But, when it comes to putting reforms into place, they do it the wrong way.
Before taking any step to establish a surveillance agency, the authorities should have legally consolidated the role of the INPDP as the country’s data protection authority by amending the 2004 privacy law.
Apparently, the government does not consider such reforms as an “urgent priority”, Mokhtar Yahyaoui, head of INPDP told me last January.
Bringing back Ammar and empowering him is, nonetheless, their priority.They also use dictatorship-era laws to put into place “post-revolutionary” laws.
Among the deficient laws used to issue decree 4506 which re-establishes Ammar 404, we find the 2001 Telecommunication Code and the 2004 Personal Data Protection Law.
For instance, article 86 of the telecommunication code stipulates that anyone convicted of “harming others or disrupting their lives through public communication networks” may face up to two years in prison.
While, the 2004 Personal Data Protection law does not ensure any personal data protection.
The government claims that the comeback of Ammar is necessary for “counterterrorism”. Over the past year Tunisian security and armed forces have been fighting extremist armed groups, which the government says they belong to Al-Qaeda in the Islamic Maghreb (AQIM). These groups waged several attacks on armed and police forces killing dozens of them.
But, Ammar should have no place in the “new and democratic” Tunisia. His history is tainted with abuse, censorship and massive surveillance.
Besides, if NSA snooping has proved to be ineffective in preventing terrorism, will Tunisia’s Ammar succeed in doing so? I doubt that.
 Ammar 404 is the expression Tunisia netizens used to refer to the internet and surveillance apparatuses under the rule of former dictator Zine el Abidine Ben Ali. In Tunisia, Ammar is a male first name, while 404 is derived from 404 Page Not Found.
 The ministries of justice and, human rights and transitional justice were recently merged together, when a new technocratic government replaced the formerly led Islamist government of Ennahdha party