Studying the state of internet resilience in Afghanistan reveals the interplay between technical and sociopolitical internet resilience and how it unfolds in a crisis environment.
This case study considers the interplay between technical and sociopolitical internet resilience and how this interplay unfolds in a crisis environment, namely Afghanistan, with a focus on how the private sector was engaged in constructing – and challenging – resilience.
Definitions of what (and when) constitutes a crisis are highly subjective and driven by context. Some Afghan regions suffered sustained military action for the duration of the international coalition’s presence in the country, while others enjoyed periods of relative calm. For ease of analysis, this chapter splits the withdrawal period into three separate phases.
- First, the period before US president Joe Biden’s announcement of the full and unconditional troop withdrawal in April 2021 is regarded as ‘pre-crisis’ for the purposes of this paper. Although withdrawal itself was prolonged and politically controversial well before this point, it did not become an acute or active crisis until this moment. Hostilities – for instance, between the Taliban and (former) government forces in the Helmand province – occurred just days after NATO forces commenced their final withdrawal of their Afghanistan mission.
- Second, the period between the April 2021 announcement and early to mid-September 2021 is treated as a state of ‘active crisis’. Between May and August, Taliban forces swept through the country, taking Kabul on 15 August. But the state of active crisis is not considered to have ended until Taliban forces claimed victory in the Panjshir province, which was regarded as the final holdout of substantial anti-Taliban resistance.
- Finally, the period from the announcement of the Taliban’s interim administration to 30 November 2023 (the cut-off date for research conducted for this paper) is considered ‘post-crisis’. The establishment of the Taliban’s ‘Islamic Emirate’ was announced on 7 September 2021, and since its takeover, the Taliban has sought to normalize its relations with foreign governments and establish itself as the legitimate representative of the Afghan nation. But hopes for a slightly more moderate ‘Taliban 2.0’ at the domestic level were rapidly dashed. Indeed, Amnesty International characterized the Taliban’s first year in power as a year of ‘violence, impunity and false promises’, with oppressive and violent measures undertaken to consolidate power, quell resistance and curb political freedoms and civil rights.
Internet resilience pre-crisis
In Afghanistan, there are long-standing structural, political and economic barriers to internet connectivity, in addition to the continued disruptions posed by localized conflicts. These barriers have served to undermine the country’s overall internet resilience. Although over 90 per cent of the country receives 2G mobile network coverage, internet penetration rates in January 2021 were only around 22 per cent, compared to around 80 per cent in a country like Ukraine. Other surveys report that just 15 per cent of all Afghans have access to the internet, a figure unchanged since 2016. Several civil society organizations and research institutes have mapped the barriers to internet access in Afghanistan. These barriers are technical (such as destroyed or absent digital infrastructure); socio-economic (such as the affordability of, and access to, devices and internet connectivity); and cultural (such as social norms).
From 2001 onwards, multiple national initiatives, partnerships and foreign development projects were launched, seeking to improve Afghanistan’s internet infrastructure and put in place building blocks for both technical and sociopolitical resilience. International partners including the World Bank and NATO funded various schemes to develop the country’s ICT sector, expand internet connectivity and build cybersecurity capacity. Foreign partners including the US and UN agencies also developed, and helped to deploy, biometric data systems used for public administration. Relevant Afghan authorities – including the National Statistics and Information Authority and the Ministry of Communication and Information Technology (MCIT) – established as national priorities the building of infrastructure for digital transformation and empowering digital capabilities. Various public-private partnerships (PPPs) were also created to build and bolster internet availability. For example, state-owned Afghan Telecom struck major 2G and 3G network rollout deals with a Chinese company, ZTE. Meanwhile, the predecessor of Afghan Wireless – currently Afghanistan’s best-connected autonomous system – was formed as a joint venture between the MCIT and Telephone Systems International Ltd in 2002.
From 2001 onwards, multiple national initiatives, partnerships and foreign development projects were launched, seeking to improve Afghanistan’s internet infrastructure and put in place building blocks for both technical and sociopolitical resilience.
In the years immediately prior to the Taliban’s takeover in 2021, the country experienced direct attacks on its internet infrastructure. In 2019 alone, the Afghanistan Telecom Regulatory Authority (ATRA) reported the destruction or disruption of 220 towers by the Taliban and other groups. Targeting telecommunications infrastructure is a decades-old Taliban strategy. (In the 1990s, there were reports of the Taliban cutting internet cables.) These activities reportedly intensified in the lead-up to the 2021 takeover. According to the MCIT in 2015, ‘security issues’ were the ‘main obstacle’ for completing the country’s optical fibre network ‘backbone ring’ project, which aimed to bring broadband connection to provincial capitals. The cases of two specific telecommunications companies – Roshan and MTN – demonstrate the challenges of building internet resilience in this context.
As of 2019, Roshan was one of Afghanistan’s biggest employers. Its GSM network reaches 91 per cent of Afghanistan’s population, including remote rural areas. Roshan’s initial funding came from the Aga Khan Fund for Economic Development in 2003. Its mission to improve connectivity was motivated by both commercial incentives and philanthropic motivations. But from its launch, Roshan faced severe operational risks. For instance, Taliban forces targeted the company’s cell towers (as well as those owned by other operators) from as early as 2008, leading to significant costs incurred for repairing and replacing infrastructure. Roshan’s founder even claimed that competitors were paying protection money to avoid their towers being targeted, accusations that were denied by Afghan Wireless, Etisalat and Afghan Telecom. In 2017, a deadly truck bombing took place directly outside Roshan’s offices in Kabul, with at least 30 of its staff members reported to have been killed. This bombing took place just months after one of the company’s employees had been killed in another attack in Kabul.
MTN Afghanistan, a subsidiary of the South African telecommunications company MTN, presents a different balance of incentives and interests. The company was formerly a major guarantor of mobile connectivity in Afghanistan, but in August 2020 MTN’s leadership announced a planned exit from the Afghan market, citing reasons including ‘tough macro conditions’ and the region’s ‘increasingly complex’ situation. MTN’s rapid exit from the Afghan market – which concluded in November 2020, when Lebanon’s M1 New Ventures bought its Afghan subsidiary for approximately $35 million – may reflect the difficulties of balancing commercial incentives with on-the-ground barriers to operation (for example, navigating service provision in areas with an increasingly deteriorating security situation).
Overall, while Afghanistan’s internet ecosystem certainly contained some of the building blocks for resilience (for instance, improved accessibility, national policy buy-in and mechanisms for enhancing technical and sociopolitical drivers of resilience), substantial barriers to the internet’s continued availability for the majority of end users remained throughout the pre-crisis period, exacerbated by continual background or localized targeting of telecommunications and internet services.
Internet resilience during active crisis
According to one interviewee, the Taliban takeover ‘100 per cent’ made Afghanistan’s internet less resilient. During this period, internet resilience in Afghanistan faced heightened (and, in some cases, unprecedented) threats on both the technical and sociopolitical levels, ranging from (continued) direct disruptions to internet infrastructure at multiple levels of the stack to the disruptions of policies, processes and responses in place to ensure the internet’s continued operation and recoverability.
As noted above, telecommunications infrastructure was a long-standing target for Taliban attacks, resulting in severe service disruptions to end users as the country plunged into crisis. Often, targets appeared to be selected as measures to realize the group’s strategic military objectives and support ongoing operations in targeted regions. In early July 2021, Taliban fighters attacked optical fibre devices and systems equipment in the Herat province, leaving residents of Islam Qala without any internet connection. Then, on 9 July, Taliban fighters seized control of both Islam Qala and Torghundi.
As the Taliban aimed to consolidate power in Kabul and the country’s various regions, its members orchestrated internet shutdowns to quell resistance and dissent, thus posing a direct threat to connectivity and access. In September 2021, there were reports of a shutdown of internet and phone services provided by both Roshan and Etisalat in the Panjshir valley, one of the last remaining strongholds of anti-Taliban resistance. Also in September, in response to rising anti-Taliban protests, the group suspended internet access in Kabul.
This example, among others, serves as a stark reminder of how the internet is controlled and weaponized in different ways in conflict – through physical destruction and disruption in some cases, and appropriation and shutdown
in others.
While there is a lack of open-source reporting on the Taliban’s takeover of MCIT and ATRA, it appears that high-level directives for partial or full internet outages in Kabul and elsewhere were ad-hoc decisions – perhaps new ministerial or extra-ministerial processes – setting a dangerous precedent for the weaponization of Afghanistan’s internet infrastructure. A similar precedent was set higher up the stack, with the Taliban implementing a repressive content-moderation policy for news and media, such as the blocking of access to certain websites – according to their own estimate in August 2022, this included up to 23 million ‘immoral’ websites.
The coexistence of the Taliban’s dependence on a resilient internet and its actions to threaten it adds a layer of complication to the picture of deteriorated internet resilience in post-takeover Afghanistan.
However, Afghanistan’s previous government did not necessarily have sufficient policies, processes and responses in place to ensure internet resilience and safeguard digital rights. As explained in the previous section, there were substantial pre-existing gaps. Nevertheless, the scale of the Taliban’s abuse of the internet (ranging from disruptions of physical infrastructure to content moderation at the application layer) is a significant, and unprecedented, development.
While some of the Taliban’s actions directly threatened internet resilience, others demonstrated the group’s dependence on internet infrastructure to deliver on its propaganda objectives. This was a substantial step-change from the Taliban’s reluctance to use digital technology during its first period of rule. In the lead-up to 15 August 2021, it was reported that the Taliban insurgents’ ‘smartphones proved just as handy as rifles’. The group’s access to and use of social media platforms played an important role in their takeover of power. These uses included amplifying mis- and disinformation (including premature declarations of military victory) on X (formerly known as Twitter) and using WhatsApp for official communications. The coexistence of the Taliban’s dependence on a resilient internet and access to platforms, and its actions to threaten it, adds a layer of complication to the picture of deteriorated internet resilience in post-takeover Afghanistan.
Additionally, the instability of the crisis environment itself may have provided an opening for other actors to advance threats to resilience and impeded the capacity of targeted systems and organizations to recover. For instance, Insikt Group reports that a Chinese state-sponsored advanced persistent threat (APT) targeted telecommunications provider Roshan in 2020 and 2021. Insikt claimed that the APT was used for intelligence-gathering operations, perhaps driven by China’s strategic interest in expanding its influence in a future Taliban-led Afghanistan.
Internet resilience post-crisis
After consolidating power, the Taliban government has taken steps to rebuild internet resilience to serve strategic ends, including domestic content control. Former ATRA chairman Mohammad Najeeb Azizi noted that the Taliban ‘is eager to use the internet in their own favour’. In October 2021, the new ATRA leadership announced that telecommunication services had returned to pre-crisis levels, although there is a lack of public reporting on the repair of damaged internet infrastructure. In August 2022, acting MCIT head Najibullah Haqqani outlined aspirations to secure 4G coverage for the country.
The Taliban has also announced a set of policies and initiatives for the use of the internet and technology for governance and public administration. Despite US sanctions and constant action from Meta to close known Taliban accounts, WhatsApp is still the preferred mode of official communication for the new regime. The ‘delicate dance’ between the Taliban government and social media platforms like WhatsApp presents a unique challenge, as instead of simply blocking all access to social media, the Taliban are trying to use it to their advantage – whether for public administration and official communiques or seeking to spread and control narratives. One local government spokesperson noted that ‘if there were no WhatsApp, all our administrative and non-administrative work would be paralyzed’.
In the post-crisis period, however, the state of Afghanistan’s internet has been defined both by long-standing barriers to availability, connectivity and recoverability, and by new challenges. According to one interviewee, the resumption of internet services after the takeover was ‘particularly slow’. Open access data suggest that internet penetration and usage rates in Afghanistan have remained relatively unchanged since 2021. This is despite the Taliban raising taxes on internet and mobile phone operators during that time, in addition to ordering those companies to decrease prices for end users.
The case of Afghanistan’s internet exchange point (IXP) and the .af domain name – which (to date) remains operational – provides some insight into the new regime’s continued reliance on international mechanisms and processes to ensure technical resilience. The US-based Packet Clearing House (PCH) is a non-profit, intergovernmental treaty organization that provides operational support to internet infrastructure, namely through technological support to IXPs and the core of the DNS. Since July 2018, PCH has served the National Internet Exchange of Afghanistan (NIXA) in Kabul and reportedly continues to provide support. Similarly, Gransy, a Czechia-based registrar and registry services provider, also provides Anycast, which the .af country code top-level domain (ccTLD) reportedly relies on. During the Taliban takeover, in response to ‘political questions’ about the future of the .af ccTLD, Gransy emphasized its political neutrality and ‘social responsibility’ as part of its daily work, stating that any change to the ccTLD operator ‘is not our decision’, and is instead defined by strict guidelines set by ICANN and the Internet Assigned Numbers Authority (IANA) function.
At the telecommunications level, Voice of America (VoA) reported in February 2023 that Etisalat was among the carriers affected by Taliban orders to block access to certain websites. VoA claimed that the Afghan Media Violation Commission had not received any order to restrict access, which might imply that other parts of the Taliban government had acted unilaterally.
In 2023, meanwhile, media reports suggested that Huawei had reached a ‘verbal agreement’ with the Taliban to install surveillance systems across Afghanistan, although comprehensive, sophisticated surveillance systems are likely out of reach. Several civil society organizations have voiced concerns about the misuse of biometric and digital ID data for the surveillance and targeting of human rights defenders, dissidents, journalists, activists and other Taliban opponents.
Interviewees for this paper underlined the physical dimension of threats to resilience in post-crisis Afghanistan. While the new regime is taking steps to sharpen technical and regulatory measures to control the internet, personal devices are also just arbitrarily ‘seized’ at checkpoints, while individuals are subject to police ‘swiping through [their] apps’. As the Taliban takeover became an inevitability in 2021, many human rights defenders, activists and others took steps to bolster their online safety from emerging threats, including measures like deleting their search history and minimizing their online presence. In post-takeover Afghanistan, the threat of punitive measures may discourage end users from internet usage and pushes them towards self-censorship. In other words, even when there is no direct technical barrier to internet availability at the application layer, sociopolitical barriers manifest in the actual and perceived safety risks to the end user.
Overall, the state of internet resilience in post-crisis Afghanistan is opaque and evolving. A new network of interests, incentives and actors has emerged since the Taliban takeover, each exerting some impact on resilience. The Taliban both amplifies threats to resilience (i.e. through institutionalizing repressive measures and limiting accessibility) and pioneers or supports technical efforts to secure resilience (i.e. through the development of 4G network infrastructure). Several pertinent questions remain, which may present avenues for further research: namely, investigating the Taliban’s strategic motivations in both actively disrupting (or, in some cases, preventing via physical destruction) access to networks in some cases and enabling it in others.
The role of private sector actors is equally nuanced. Many played a proactive role in internet infrastructural development and improving connectivity in Afghanistan pre-2021, despite facing barriers and direct risks to their operations. These challenges were exacerbated and amplified during active conflict. In post-crisis Afghanistan, private sector stakeholders have carved out new roles (e.g. through blocking the Taliban’s use of platforms, as in the case of WhatsApp), pursued new opportunities (e.g. the successful bid of two telecommunications companies to roll out 4G nationwide), and continued to provide services despite new barriers to operations (e.g. due to new content moderation requirements imposed by the Taliban).