Syria’s new government has banned all online and digital surveys  without prior official approval, according to a decision issued by the Ministry of Communications and Technology on April 10. While the decision is officially justified by “concerns over the leaking and misuse of personal data,” it bears a striking resemblance to measures taken under the previous Syrian government. At the same time, it raises fresh questions about the feasibility of enforcement, given Syria’s weak and fragile digital infrastructure and persistent security challenges.

Can such a ban be realistically enforced?According to some information security specialists, enforcing the decision legally and effectively faces significant and practical obstacles, from the absence of clear licensing and oversight mechanisms to the country’s weak digital infrastructure. 

Experts noted that monitoring online surveys requires advanced technical tools and tracking and analysis capabilities that official institutions in many parts of Syria currently lack.

Digital expert Dishad Othman criticized the decision on his LinkedIn account, “There is no doubt that protecting citizens’ data is a legitimate and sensitive national issue. But data sovereignty must be built on legal grounds, not by executive decisions. If a private entity violates this circular, what legal text will the courts rely on to settle the dispute?”

“The absence of clear legislation makes these measures fragile and legally non-binding,” Othman added. 

The Ministry of Communications and Technology claims it cannot access or track personal data, yet experts point out a contradiction: The ministry itself lacks the technical capacity to monitor every survey launched online. So what can the true intent behind the decision be? Is the goal behind the decision really data protection? Or is it about controlling the flow of information and preventing any form of independent expression or unsupervised social data gathering? 

“How can the ministry host data without being able to access it? From a technical standpoint, it is  illogical, especially in an environment that lacks legal guarantees and is governed by shifting circulars and exceptional circumstances. In the absence of clear, enforceable privacy laws, no entity can be confident that its data won’t be breached or used without its knowledge,” said Othman.

According to civil society activist Huda Al-Ali, it has never been standard practice for organizations to share their digital forms, whether surveys or project-related internal templates, with any governmental authority, regardless of its official capacity. The new decision explicitly names and targets civil society organizations and professional syndicates.

In an interview with SMEX, Al-Ali, who has worked as a data collector for several civil society organizations operating in Damascus, stated that ensuring utmost privacy for respondents is a top priority: “We see it as part of personal digital security. That’s why, in most survey forms used in project contexts, we intentionally omit the name field or make it optional to protect people’s privacy.”

“The Ministry of Communications and Technology’s decision  is highly contradictory, despite having focused on lack of access to personal data,” added Al-Ali. 

“How can a ministry that grants hosting domains be unable to read or at least archive the data?” questioned the activist. “Even if the decision is presented as an attempt to organize data, it ultimately undermines the freedom and confidentiality of digital security work. It’s a technically ill-considered move.”

A fragile digital security landscape The digital landscape is even more complex in northeastern Syria, where decisions issued by the new government in Damascus do not apply. RCELL,the only telecommunications provider in the region,serves as the sole gateway for internet access. However, it has faced criticism from both the local community and digital experts, following accusations that it unlawfully collects user data without  their prior consent.

In mid-2023, the company released an app that requires users to register their internet SIM cards in person at company offices, including by providing personal photographs and copies of identification documents. This procedure  is still ongoing, and has intensified fears that political adversaries could exploit or steal this sensitive data. This is particularly relevant since digital experts share a consensus that RCELL lacks the technical capabilities to properly protect user data.

The “Office of NGO Affairs,” the official body responsible for overseeing the work of local and international civil society organizations in the region, issued a decision requiring all organizations to rely on a single internet provider. While the decision was officially framed as an attempt to regulate communications, workers in both local and international organizations shared their concerns around it.

Against this backdrop of fragility in digital security, one that enables external actors to intervene, there is an urgent need to implement real cybersecurity strategies in Syria, along with effective data protection laws and regulations. 

Past incidents have shown that the misuse of personal data has been linked to targeted assassinations and threats to individuals’ safety. Türkiye, for example, has reportedly used local SIM cards and GPS technology to conduct drone assassinations in northeastern Syria. 

Over the years, many militarymen in the region have been killed in Turkish drone strikes. Kurdish security forces had also dismantled a network of collaborators with Turkish intelligence, whose primary method of targeting included exploiting local SIM cards to easily and precisely track their targets.

Between erratic decisions made under the pretense of data protection and a digital reality marked by deep vulnerability, the privacy of Syrians’ digital data remains under serious threat, from both internal and external actors. 

Discussions around effective digital security are meaningless without a corresponding legal, technical, and executive framework that guarantees Syrians’right to privacy and holds responsible entities and operators to real, enforceable accountability.

Main image: AFP.

The post Syria Bans Online Surveys Amid Fragile Digital Infrastructure appeared first on SMEX.