state sponsored harassment and targeting in Azerbaijan is very much alive and kicking – a year in review

Azerbaijan Internet Watch was launched around the time when more evidence kept emerging, on the use of authoritarian technology in Azerbaijan. This technology allowed the perpetrator(s) (in most cases identified as an institution or individual affiliated with the government of Azerbaijan] to target Azerbaijan’s civil society. These revelations marked a significant shift in the way the authorities were persecuting its critics. In addition to offline measures – physical intimidation through kidnapping, arrests, detentions, questioning; bogus trials, and lengthy jail times; and adoption of restrictive new laws limiting the ability of civil society to work –  there were new tools at the state’s disposal that could now deliver phishing attacks, DDoS attacks, targeted harassment, mass fake reporting on social media platforms,  hacking of personal as well as public social media accounts and emails, leaking unlawfully obtained data, online blackmail, the use of trolls and bots, and more. In none of these documented cases, it was possible to hold the state or its institutions, or the actors to account. Dismissals have been a common response. 

“By using its monopoly over the country’s information-technology infrastructure, it has disrupted internet access, placed temporary bans on social media services like TikTok, launched DDoS attacks, and used various digital-surveillance tools, including the Israeli spyware Pegasus, to target and censor activists and journalists. The democracy watchdog Freedom House now considers the internet in Azerbaijan “not free”.” Facebook is Failing Journalists, November 22, 2022, By Arzu Geybulla, for Project Syndicate

State-sponsored surveillance

In 2014, an OCCRP investigation revealed how mobile operators were directly passing on information about their users to the respective government authorities. Last year, AIW looked into the protection of personal data mechanisms that exist in the country. The research and legal analysis indicated that “the national legislation on personal data protection does not effectively protect individuals against the arbitrary use of their personal data by both public and private entities.” In addition, the analysis showed “that the national laws restrict and control personal data with intrusive measures, such as equipping telecom networks with special devices, and real-time access to vast amounts of personal data, in the absence of a criminal investigation or judicial order. As such, the absence of clear and enforceable regulations to protect personal data against arbitrariness and flawed systems due to negligence puts personal data at a higher risk of infringements.” Additional findings included the following information confirming OCCRP’s revelations in 2014:

The Presidential Decree No. 507 dated June 19, 2001 (IV) “On the division of powers of search operations’ entities while carrying out search operations,” ensures that the Ministry of Internal Affairs and the State Security Service can autonomously connect to the communication networks of telecom operators. That being said, the presidential order regulating the conduct of this kind of search and operation activity in the telecom industry dated February 15, 2017, is not public.

The above-mentioned legal environment makes subscribers’ personal data accessible to the law-enforcement authorities given that all collected user personal data is accumulated in the database established together with the law enforcement authorities or is equipped with the technical means allowing law-enforcement authorities access users’ personal information. Also, according to Article 11 (IV) of the Law on Operation and Search Activities, the decision of the court (judge) or investigative body or the authorized subject of operative search activity on the implementation of operation-search measures can be accepted not only when there is an initiated criminal case but also in a wide range of circumstances.  

In another report released in 2021, AIW identified the following loopholes grating the state further access to the personal information of citizens:

The Law on Telecommunication obligates network operators to install special equipment, provided by the State Security Service, Ministry of Internal Affairs, and Special State Protection Service onto the telecommunication networks enabling the Government to extract (intercept) data on anyone regardless of whether that person(s) is part of an investigation process or not.

The installment of special equipment within communication networks is regulated by the “Rules for equipping telecommunications operators and providers with additional technical means for conducting search operations, reconnaissance and counter-intelligence activities” issued by the Ministry of Transport, Communications, and High Technologies on  June 14, 2016. The Rule obligates telecommunication operators and providers to create technical conditions for the conduct of relevant activities within the communication networks.

The Rule defines that Telecommunication Control System (hereinafter – TCS) – is special hardware and software that provides confidential control over the exchange of information of subjects targeted by the relevant measures (such as search and operation, intelligence, and counterintelligence activities), as well as all statistical data of the network. TNS consists of data extraction facilities, transport networks, and control centers.

The Rule also indicates that relevant measures in the communication networks are carried out in accordance with the requirements of the laws of the Republic of Azerbaijan “On Operation-Search Activity” and “On Intelligence and Counterintelligence Activity”.

However, while the Law on Operation-Search Activity may allow secret surveillance and seizure of private information, there are no rules or procedures within the national legislation for secret surveillance and intercepting information by government agencies. There are also no clearly defined rules on determining the grounds for such surveillance and interception activities, their duration, and whether such activities can be stopped by a court or other higher state authority.

The above legal and investigative findings may explain how in 2012, during the Internet Governance Forum held in Baku, Neelie Kroes’s [who at the time, was the Vice-President of the European Commission responsible for the Digital Agenda for Europe] advisors had their computers hacked. At the time, Ali Hasanov, who was serving as head of the Azerbaijani Presidential Administration Social and Political Department said, “there was no such interference, and couldn’t have been.” Hasanov was “one of the key figures defining the government’s policies regarding media, freedom of speech, and political liberties,” according to an OCCRP investigation into Hasanov and his family’s media business. At home, Hasanov was also known as the “King of trolls.” And although he denied his passion for trolls, even at the time when he was leaving his office in January 2020, as it turned out, Hasanov was a troll factory supplier. In September 2021, AIW published this story revealing how the government of Azerbaijan did indeed operate its own troll factory:

Ever since the 2013 revelations about Russia’s troll factory, many in Azerbaijan wondered whether the country’s leadership too operated its very own troll factory. Unlike its Russian version, known as the Internet Research Agency, there was only anecdotal evidence of whether this was really the case in Azerbaijan. There were no former “factory” employees who came forward or undercover journalists who temporarily worked there and exposed the work carried out later. Not until this month anyway. An investigation against the executive director of the State Media Support Fund Vugar Safarli now reveals that the suspicions were valid after all. And that upon specific instructions a group of “bloggers” were responsible for monitoring Facebook and leaving comments under posts that were critical of the government or relevant government institutions.

The investigation is part of a criminal case launched against Vugar Safarli who until recently headed the State Fund for Media Development in Azerbaijan. Safarli was arrested in 2020 on charges of money laundering (allegedly 20million AZN) and abuse of authority. 

On September 2, Azerbaijan Service for Radio Free Europe, Azadliq Radio published parts of the testimony by Safarli where the former government official implicates not only that the government did indeed deploy trolls but that several high ranking officials including then Presidential advisor Ali Hasanov and former head of the Presidential Administration Ramiz Mehdiyev were well aware of this. Moreover, the building from where trolls operated belonged to Hasanov himself. 

“Ali Hasanov told me that the new rented space, will have internet bloggers who will work from there. And indeed there were a few, who sat there, working unofficially,” Safarli reportedly said in his statement according to Azadliq Radio reporting. 

Predating 2014 revelations, are a series of examples that were documented in this report showing how state-sponsored surveillance was used as early as 2008, albeit at the time, using less sophisticated technology such as black boxes and wiretaps.   

In the years that followed, the state-sponsored surveillance got worse as has been documented either here or by other platforms. The culmination was the use of Pegasus and targeted harassment of civil society activists online through the dissemination of their personal data obtained through hacking of their devices as well as social media accounts. 

As AIW described in this report:

Members of opposition political parties, independent journalists, political and human rights activists have long faced systematic pressure and persecution orchestrated by the government of Azerbaijan. The unprecedented crackdown against civil society that began in 2013, marked a new chapter, in the history of Azerbaijan’s civil society. One, marred by arrests and prosecution of high-profile activists, rights defenders, and journalists.

This systematic pressure and harassment were not only offline. It was only a matter of time, that the internet too would become a place to target activists, journalists, and human rights defenders, holding them accountable for their online criticisms on bogus accusations that often ended with lengthy jail sentences, forced apologies on public televisions (see The State of Internet Freedom in Azerbaijan report), detentions and further forms of persecution.

In a country where almost all avenues for freedom of expression and activism were eliminated, the internet, specifically online media platforms, and social media networks became new targets. To monitor discussions online, prevent citizens from accessing independent news online, or social media platforms, and to further curb freedoms online, the government of Azerbaijan embarked on a shopping spree, becoming a client of companies selling sophisticated surveillance equipment and technology.

By 2021, the government of Azerbaijan has successfully deployed a Remote Control System (RCS), Deep Packet Inspection (DPI), phishing, and spear-phishing attacks often with homegrown malware. The most recent addition to a wide variety of authoritarian technology deployed in Azerbaijan is Pegasus spyware.

The Law on Operation-Search Activity overseas phone tapping and information extraction from communication channels. Further, the third section of article 10 of the Law on Operation-Search Activity does not require a judicial act or supervision of higher authority while wiretapping and extracting information from technical communication channels unless there is a need to install technical devices such as voice, video, or photo recorders at the place of residence of the individuals.  

In other words, anyone in Azerbaijan can be subject to such a form of oversight.

In Azerbaijan, “anyone” is often, a representative of Azerbaijan’s civil society. This includes political activists, rights defenders, journalists, members of opposition political parties and movements, and feminists, to name a few. As AIW documented in its February 2023 report: 

2022 has been no different than recent years in terms of online attacks and internet censorship in Azerbaijan. Human rights defenders, activists, politicians, and media professionals in Azerbaijan are increasingly becoming victims of cybercrimes, including electronic surveillance, privacy infringement, and cyberstalking, due to their independent and legitimate professional activities. The online targeting of individuals critical of the government has become increasingly frequent and constant. And yet neither of these cases has been effectively investigated, and the perpetrators have not been identified.

Despite the active use of the criminal and administrative offenses legislation, including other technical resources to limit freedom of expression on the internet [including the blocking of key opposition and independent news websites, summoning and punishing individuals for critical opinions distributed online], the state systematically fails to provide effective investigation on the complaints of the individuals subject to unlawful covert surveillance (Pegasus), cyber-attacks, online blackmailing and hacking attempts against activists and media professionals. In most cases, reveal that online harassment against government critics is organized by the government or government-linked institutions.

In April 2022 report, Meta reported that it removed a hybrid network operated by the Ministry of Internal Affairs of Azerbaijan that combined cyber espionage with Coordinated Inauthentic Behavior (CIB) to target civil society in Azerbaijan by compromising accounts and websites to post on their behalf.

There has been a shift however in the use of technology. Based on the monitoring of cases documented by AIW, one scenario indicates that as a result of several forensic exposes tracking the source of phishing attacks and the use of other pervasive surveillance tools to the state, the latter now relies on targeting critics through online harassment and online targeting campaigns in order to damage and/or discredit their reputation. That and the use of restrictive new laws makes silencing dissent less reliant on technology. That being said, there are still cases of phishing attacks as was the case with activist Abulfaz Gurbanli, who was phished through an email and WhatsApp messages in February 2022. A file disguised as grant-related information from a known donor organization containing a virus was sent to Gurbanli via his email. On WhatsApp, the activist received a message from someone impersonating herself as a BBC Azerbaijan Service journalist. The targeting resulted in the installation of spyware on his device and the hacking of his social media accounts. At the time, AIW requested assistance from Qurium media to analyze the link shared in the email and despite the journalist’s assurances, the link did contain a virus. “The mail pointed to a RAR compressed file in Google Drive that once downloaded required a password to be decrypted. The password to decrypt the file was included in the phishing e-mail: bbc. Compressed files that are password protected are common in malware phishing attacks as the files can not be scanned by antivirus,” concluded Qurium in its preliminary report. The further forensic report identified malware written in AutoIT. Once the link (in our case the link to a drive where the alleged journalist left questions for the political activist) was opened, the hacker through the deployed malware installed a persistent backdoor in the system. “The software connects to the domain name smartappsfoursix{.}xyz to download the rest of his software requirements. It downloads gpoupdater.exe and libcurl.dll which look responsible for uploading files to the command and control server. During the execution of the malware several (10) screenshots of the Desktop were uploaded to the server,” read the Qurium analysis.

Targeted harassment: the case of Bakhtiyar Hajiyev

The most recent case of state-sponsored digital targeting is of political activist Bakhtiyar Hajiyev. Hajiyev was arrested in December 2022, shortly after his return to Azerbaijan from a trip abroad. Charged with hooliganism and contempt of court, the activist was then sentenced to 50 days in pretrial detention. That time however was extended twice, most recently until April 2023. Prior to his arrest, Hajiyev often criticized the Ministry of Internal Affairs over its targeted harassment. He was then abducted by unknown men and during his time in captivity was forced to delete his social media posts critical of the ministry. The investigations into Hajiyev’s kidnapping have not been conducted and up to this day, it remains unclear who were Hajiyev’s kidnappers. Throughout the past few years, Hajiyev was also the target of an online blackmail campaign. Three years ago, Hajiyev said there were multiple attempts to break into his social media and email accounts. 

At the end of December 2022, while Hajiyev was already behind bars, some anonymous social media accounts shared private correspondence between Hajiyev and Vusala Mahirgizi, an editor. The leaked conversations alleged Hajiyev was a marionette of one of the clans [in reference to various clans in key government positions in Azerbaijan]. Hajiyev published a statement in which the activist said, the leaked correspondence was a violation of his privacy, given it was obtained through hacking of his personal accounts and that the allegations of him being a marionette, were false.

It is worth noting that this correspondence was leaked during calls for the activist’s release. The leak was largely viewed as an attempt to turn the activist into a scapegoat and weaken the advocacy campaign calling for his release.

Since February 22, 2023, however, Hajiyev has been the target of another blackmail campaign. At least six different Telegram channels have been disseminating conversations between Hajiyev and various women:

Identified Telegram channels:

  • https://t.me/bextiyarhaciyev18

  • https://t.me/baxtiyarifsa

  • https://t.me/+SzloVHfBVkg1YjEy

  • https://t.me/BextiyarinIfsasi

  • https://t.me/BextiyarinIfsasi

  • https://t.me/+DiENXqq3ed4zMzcy

Similar information was leaked by fake Facebook accounts. The leaked correspondence also contained sexually explicit photos of women appearing with Hajiyev. The online targeting of women with their faces publicly disclosed in these groups has led to at least two women being forced to leave their homes and go into hiding from their families, fearing reprisals for ‘immorality’ from their families.

Although there is proof that some of the shared correspondence was photoshopped the targeting has tarnished Hajiyev’s public image and placed the lives of women in the photos in danger. 

The anonymous admins of these chats have also published the names of other activists, threatening to leak their conversations with Hajiyev as well. Some of these activists are advocates calling for Hajiyev’s release. 

The Ministry of Internal Affairs refuted the claims that it may have been behind the leaked information. However, according to Hajiyev’s lawyers, Hajiyev arrived at the Baku General Police Department in his car and left his phone in the car. The car stayed there for three days and it is likely his phone was compromised during this period.

In October of last year, this story explained how Telegram is being used in Azerbaijan. “In Azerbaijan, the app has become a nexus for hate speech, propaganda, and the repression of dissent. In March 2021, multiple Telegram groups were identified in Azerbaijan sharing sex tapes and nude photographs of women. Among the victims were journalists, civic activists, and female family members of exiled political activists as well as ordinary women. The groups and pictures were reported to Telegram, but it took weeks before they were taken down. The damage to the women targeted was done. The channels shared sensitive videos of journalist Fatima Movlamli, the sister of exiled dissident blogger Mahammad Mirzali, civic activist Narmin Shahmarzade and Gunel Hasanli, daughter of opposition party leader Jamil Hasanli.”

Activists in Azerbaijan also pointed out that it is not Hajiyev’s reputation that is placed on the line with this blackmail campaign, but the women too, whose photographs are shared in the absence of their consent. Last year BBC published this investigation about the use of the platform in targeting women specifically “to harass, shame and blackmail them on a massive scale.” Gulnara Mehdiyeva, a feminist activist who has been targeted herself in the past, said in a Facebook post on February 28, “Terrible things are happening in the country. The government, which is responsible for protecting the safety of citizens, deliberately and knowingly wants to make those women victims of suicide or murder.” Two years ago, Mehdiyeva was targeted in a video shared via Facebook, containing a series of leaked private audio messages, that were extracted from Mehdiyeva’s social media accounts and emails. In a February 28 Facebook post, Mehdiyeva also wrote that not only faces of these women were not blurred but the perpetrators of the blackmail campaign also shared the names of the women and at least in one correspondence leaked, the home address of one woman. One of the women whose identity has been exposed in this campaign, was Tunay Aliyeva, an actress and model who said this blackmail campaign was a “cybercrime and invasion of people’s privacy.” In a letter addressed to the First Lady and the First Vice President Mehriban Aliyev, the actress asked that the First Lady personally stepped in, as a woman and a mother herself, in order to put an end to this “abomination.”

No-war activists and feminist activists

AIW has documented how activists who openly criticized the second Karabakh war were targeted by state-sponsored harassment before:

From public Facebook posts and pages targeting the activists, with threats of violence and physical harm, calls for public shaming and punishment, to questioning at Security Services, this has no doubt been one of the harshest, collective, online public harassment campaigns observed until now in Azerbaijan.

In a recent piece published by Lossi 36, Thijs Korsten and Viktoria Kobzeva also wrote:

Following the two-day war and increased public disapproval of Azerbaijan’s actions towards Armenia, government-linked media accounts launched a social media campaign. The photos and names of individuals who condemned the government’s aggression were circulated with the hashtag “Recognise the Traitor” on Facebook and Twitter. The people who were singled out are not marginal anti-war activists but rather prominent opposition figures, who the government sees as a greater threat.

The use of Telegram for the purpose of targeting and harassment has been in use not only in the case of Hajiyev. Previously AIW documented how the platform was used to target feminist activists too:

In recent days, at least three telegram channels were reported for sharing profane content targeting women in Azerbaijan. One channel called “Wretched men club” shared sensitive videos of journalist Fatima Movlamli, and exiled dissident blogger Mahammad Mirzali’s sister. Another group called “Expose bad-mannered girls” has targeted other women activists. A third one, targeted specifically one woman whose Facebook account was hacked shortly after the International Women’s Day march in Baku. 

In the past, other women journalists and activists were targeted in an online harassment campaign. 

Activist Gulnara Mehdiyeva was targeted with a video shared on Facebook, containing a series of leaked private audio messages, that were stolen when Mehdiyeva’s social media accounts and emails were hacked last year

Activist Narmin Shahmarzade’s Facebook profile was hacked, her name changed alluding to her interference with people’s private lives. The hackers flooded her Facebook feed with private messages, some of which were fake, and shared nude photographs of her, including at least one edited photo and audio. Several hours later, a Telegram channel was set up, sharing Shahmarzade’s intimate photos. In an interview with VoA Azerbaijan service, Shahmarzade said, “When my account was hacked, video footage and other posts with criticism of the ruling government were deleted. Then, my personal messages on Facebook messenger were compromised. Some of them were shared after being edited and taken out of context. My personal phone number was exposed and as a result, I received numerous calls and messages of threatening nature.” Shahmarzade said, she has informed the Ministry of the Interior and the State Security Services and describes what happened to her, a crime and that she will be going to court. Shahmarzade also pointed out to AIW that the hacker who compromised her Facebook profile is likely the same person or member of the same group that targeted activist Gulnara Mehdiyeva last year because at least one of the audio that was shared via Shahmarzade’s hacked Facebook account targeting her, does not even belong to the activist and that she never had access to. Contrary, it was among material hijacked from Gulnara Mehdiyeva. 

Among the women targeted, is also dissident blogger Mahammad Mirzali’s sister. Mirzali told AIW that the intimate video of his sister was leaked to harm him. “On February 15 my family members and I received several messages from a US number threatening me to stop my work. Otherwise, they told me they would release the videos of my sister. They told me they were not joking. They leaked the video on March 5. Later they shared the video on telegram channels. The same video was also sent to our relatives,” explained Mirzali. Mirzali suspects the authorities are behind this nasty campaign against his family. On March 14, Mirzali was reportedly stabbed by a group of unknown men. Mirzali is currently at the hospital. 

In September 2020, activist Rustam Ismayilbeyli was intimidated by someone who presented himself as an employee of state security that unless Ismayilbeyli did not stop his activism, intimate pictures of his girlfriend would be leaked online. 

In 2019, journalist Sevinc Osmangizi was the target of a smear campaign that accused her of being a double agent and working as a spy selling government secrets. 

The same year, journalist Fatima Movlamli was targeted with a fake Facebook page created under her name, sharing intimate photos and videos of her in her bed.

In all of the incidents, the targets voiced their suspicion of the government involvement behind these attacks. No responsibility was taken.

Last year, feminist activist Sanay Yaghmur was targeted in a social media blackmail campaign. The perpetrators shared personal information about the activist which they obtained by hacking her email account. 


The practices of digital authoritarianism widely used in Azerbaijan also extend beyond its borders. Last year, Ahmad Mammadli, the leader of a political movement D-18, reported that local authorities intercepted a letter of acceptance to a Master’s program from a university in Turkey. The authorities accused Mammadli of forging the letter. 

This is not an exhaustive investigation and documentation by all means. But AIW will continue to document and monitor the situation and work with partners to keep exposing the use of information controls in Azerbaijan. 

The State of Internet Freedom in Azerbaijan – 2022 legal overview

In this final installment of legal analysis, we offer an overview of some of the key developments covered over the last year with relevant updates within what is seemingly becoming a restrictive internet freedom environment.

Summary

From gradually declining space for online media, the visible pattern of offline persecution for online speech, to the lack of protection mechanisms against personal data infringements, and the ineffectiveness of legal remedies against targeted cyber-attacks and harassment,  the research and documentation carried out by Azerbaijan Internet Watch throughout 2022, has shown that over the past year, there has been a significant negative impact, on internet freedoms.

It’s been especially tough for independent media practitioners who are facing the potential prospects of fines, complete closures, and further measures of control and intimidation. The signs of the deteriorating situation were already sown in January 2021 when the government of Azerbaijan announced the establishment of a new media body – the Media Development Agency [MEDIA] and the drafting of a new Media Law. This law which was passed in December 2021, effectively authorized the MEDIA to impose a number of restrictions on media subjects, including a requirement for mandatory registration of journalists with the authorities. As a result, the Law on Media further consolidated the state control over independent and online media.

Over the course of the past year, the general prosecutor’s office continued to persecute online speech by excessively relying on the Law on Information, Informatization, and Protection of Information combined with existing national legislation empowering the Prosecutor’s Office to take measures where it deems necessary. As a result, as documented in this but also prior reports, there have been numerous cases of social media users and media professionals facing fines, and other arbitrary punishments for exercising their right to freedom of speech, all on vaguely defined legal grounds.   

AIW also identified that the government of Azerbaijan continuously failed to protect personal data effectively, either as a result of outdated laws, lack of technical capacity, or political will to address the issue. This is evident in numerous examples of hacked databases over the decade, where obtained personal data was shared or transferred to third parties, without consent, leaving countless users vulnerable. To make matters worse, the unlimited access by law enforcement and special service agencies to users’ personal data, leaves users at risk not to mention, the absence of privacy protection. The research carried out by AIW also showed there are no proper safeguard mechanisms against the abuse of personal data especially when this information is sold for commercial purposes, with subscribers left deprived of their right to know where their data is sent or sold.

Meanwhile, law enforcement authorities failed to offer an effective response to addressing complaints requesting a criminal investigation into the personal data infringements despite there being ample evidence proving that the personal data in question was indeed obtained through stolen or hacked accounts and later unlawfully distributed online.  

The Pegasus litigations, including the targeted cyber-attacks on social media accounts of media professionals and activists, have also proved ineffective as a result of significant flaws and delays in the investigation process. The domestic litigations regarding the use of surveillance software (Pegasus) led to legal applications to the European Court of Human Rights (ECHR), exposing ill-intended practices of state secret surveillance agencies and inadequate national legislation, which has failed to ensure the protection of the rights of all users of telecommunication services as guaranteed by the Convention and the national laws.

Above mentioned domestic litigations also exposed the lack of adequate protective measures for privacy rights, especially in cases of covert surveillance and state-sponsored cyberattacks. Judicial remedies in place have been insufficient, and the existing civil and administrative avenues, require a heavy burden of proof on claimants.

As such, the European Court of Human Rights (ECtHR) remains the most effective international avenue for legal remedies against violations of internet freedoms in Azerbaijan, despite the systematic delays in executing ECtHR judgments. The legal overview carried out throughout the past year indicates that bringing more applications before international tribunals, including the ECtHR and the Human Rights Committee, is essential for protecting privacy rights and countering violations.

Meanwhile, the government of Azerbaijan must adopt effective legal remedies and procedural safeguards against unlawful access to personal data and covert surveillance.

Restricting the Media: Implications for Online Media. Post-March 2022 developments  

Online media in Azerbaijan faces significant challenges with respect to freedom of expression and internet freedoms. There are a growing number of restrictive laws regulating the internet and online content. In addition, the government of Azerbaijan systematically blocks websites, throttles internet connectivity, and carries out cyberattacks and surveillance on human rights and political activists, independent media outlets, and their staff.

On March 24, 2022, Azerbaijan Internet Watch, in its comprehensive legal opinion “New Media Law: implications for online media/journalism in Azerbaijan”, highlighted the adverse implications of the new Media law specifically for on online media and journalistic activities online in Azerbaijan.

On February 8, 2022, the president of Azerbaijan, Ilham Aliyev approved the new Media Law. The law was adopted by Parliament on December 30, 2021. It was heavily criticized by local and international rights organizations who made repeated calls on the government to refrain from adopting the new Law given its restrictive nature. Critics of the draft law worried the new legal document would seriously threaten media freedom, including online media, as it contained provisions granting discretionary powers to the state authorities, including excessive media regulation, especially of online media platforms, as well as further restrictions on the work of practicing journalists, media companies, and relevant entities. Critics were also vocal about the absence of a broad and meaningful public consultation of the law prior to its adoption. The government of Azerbaijan strongly rejected any criticism.

And yet, AIW’s legal analysis, illustrated how the new law empowered media regulatory authorities to issue sanctions, further consolidating government control over the online media environment and journalistic activity, and imposing numerous requirements and regulations on audiovisual media, print media, online media subjects, news agencies, and journalist activities in Azerbaijan. The main concerns included the poorly worded definitions, excessive requirements, and restrictions for online media content, including registration requirements within the newly set up Media Registry for online media subjects, their staff, and freelance journalists working for online media.

The Media environment was already marred with violations and censorship in Azerbaijan prior to the adoption of the law. Numerous news websites were blocked while media practitioners affiliated with independent or opposition media platforms faced persecution and widespread intimidation. The most recent World Press Freedom Index by Reporters Without Borders ranked Azerbaijan 167th out of 180 countries in 2022.

Unlike previous media regulations implemented before 2009 which were mostly indirect restrictions and failed to meet satisfactory international human rights standards, laws that were adopted, amended, or implemented in the following years focused on more formal-legal measures. The new Media Law was the culmination of these measures.

Pre-2009 restrictions mainly consisted of de facto limitations (such as the imprisonment of journalists on bogus charges that were often unrelated to the media legislation) and financial “support” (one-time financial assistance packages, individual scholarships, various orders, medals, free housing after 2011).

Ahead of its adoption in the parliament, the new Media Law was drafted behind closed doors, without public discussions. Even after the draft law was revealed to the public, recommendations and proposals offered by media experts were not taken into account. Several international human rights organizations criticized the new Media Law and urged the Government not to enact the Law.

Among some of the problematic areas of the law are:

*Article 14:

This specific article and its paragraphs require that information published and (or) disseminated in the media (including online media) must meet at least 14 requirements. The law also requires that content published by media outlets should meet the requirements of the Law on Protection of Children from Harmful Information and the Law on Information, Informatization, and Protection of Information which provides an exhaustive list of requirements criticized for vagueness.

*Article 60:

Article 60 paragraph 5, requires online media to publish at least 20 articles per day to qualify as an online media platform.

This is the first time a law defines what constitutes online media. But the rationale behind these measures is unclear. The article does not mention for instance, how newsrooms with smaller teams are meant to produce twenty articles per day. Independent journalists who have voiced concern over this specific article say, this creates an environment of news pollution with platforms focused on producing poorer stories aimed at simply meeting the imposed quota.

It also requires that online media outlets disclose their organizational information on their respective websites;

It also requires online media to register with the tax authorities, identify and appoint a person responsible for editorial;

*Article 62:

Article 62.1 reads that permission from state bodies is not required for setting up online media. But Article 62.2 requires that an online media entity must apply to the relevant executive authority (Media Registry) 7 days prior to the publication or dissemination of the relevant media material.  In other words, while there is no need to apply for creating an online media platform, there is a requirement to apply for a permit once the online resource becomes operational and starts publishing.

Article 62.4 requires an additional opinion issued by the State Committee for Work with Religious Organizations before an online media focusing on religion and religious content is set up.

*Article 74 and Media Registry

The Media Registry system became operational in October 2022. The “rules for maintaining a media registry” — are a set of regulations determining the requirements and procedures journalists must meet in order to be eligible for inclusion as well as exclusion.

The Media Registry itself is an electronic information resource managed by the Media Development Agency, which is managed by the Supervisory Board consisting of a Chairman and 6 (six) members appointed by the President of the Republic of Azerbaijan.

Article 74.2 reads that in order for journalists to be included in the registry they must prove a degree in higher education as well as a number of other merit-based criteria.

Article 74.2.5 requires that journalists obtain and provide an employment contract with a media entity which must be registered with the Media Registry.

*Article 78

According to Article 78.3 of the Media Law (transitive provisions) both print and online media shall apply to the Media Agency within six months after the media registry is established. If an application for a media platform’s registration is denied, then the applicant is not considered a legal entity. Since journalists cannot be “legal entities,” it is unclear what happens to journalists whose registration is denied. 

There is no option to opt out from the registry as it is mandatory as per Article 78.3 of the Media Law.


Already, 200 media outlets and 180 journalists applied to the media registry according to the statement by the Media Agency. The Agency claims that approximately 160 media outlets were registered already. Independent media watchdogs, say around 40 media outlets were denied registration.

On January 12, 2023, the Executive Director of the Media Development Agency, Ahmed Ismayilov said, “media entities have six months to register, those who fail to do so, will be taken to court by the agency. It will be up to the court to decide whether to continue their activities or not.”

Following this statement, a group of independent and opposition journalists and media platforms have come together under a campaign “We do not want a licensed media.” They have been organizing round table discussions both online and offline calling on the government to cancel the registry and reform the bill on Media. In January, the group also issued a statement in which signatories claimed, “the new law will have very serious negative effects on the freedom of the media and journalists, and on their freedom of movement and activity.”  The signatories of the statement also said, the law was unconstitutional and was against the European Convention on Human Rights. As such, they intend to apply to the Constitutional Court and continue onwards with the European Court of Human Rights.

The campaign led to Ismayilov’s backing from previously made statements about court proceedings. Instead, Ismayilov reportedly said, the registration was on a voluntary basis. However, it remains to be seen whether this claim holds true.

Even some pro-governmental journalists criticized the media registry based on rigid regulation and arbitrary application.

Several media organizations challenged the application to the media registry in domestic courts. Among them is 24saat.org LLC (an online media outlet), which has submitted a claim against Media Agency. The news site, was one of the first news platforms denied registration on the grounds its content was not sustainable (referring to the requirement of publishing a minimum of 20 news items on daily basis). The site raised the issues of the illegality of that decision, and its incompatibility with the Constitution and international agreements, asking instead that the agency registers the site and recognizes the violation of the right to freedom of expression. On  January 9, 2023, the Baku Administrative Court held a preparatory hearing on the claim of 24saat.org LLC against the Media Agency. The court case continues.


The increased role of law enforcement & abuse of power in prosecuting online speech: post-May 2022 developments

There are two legislative acts that regulate internet freedom: 

In addition, the Code of Administrative Offences (Articles 388 and 388-1) determines administrative offenses for violations of the above-mentioned laws (the punishment includes fines and administrative detention).

Some Articles of the Criminal Code may be applied to the violations of the above-mentioned laws (such as Article 283 – incitement to hatred and enmity). As well as, the Law on Prosecutur’s Office which allows the respective prosecutor’s offices to issue warning to persons who might breach the law, inter alia, with their statements (Article 22).

The parliament amended the Law on Information, Informatization, and Protection of Information in December 2021 broadening the responsibility of the website owners – previously owner was obligated to remove content, but as per recent amendments he/she must also block access to relevant content (article). 

In general, both laws mentioned above can be described as online content regulation. Article 13.2 of the Law on Information and Article 14 of the Media Law regulate prohibited content and website owners as well as online media outlets must comply with these regulations. Otherwise, they would be subjected to blocking, suspension, administrative punishment, or warnings. Both legislative pieces prescribe a list of prohibited information. These lists are not exhaustive and very extensive. Moreover, the language of these lists is vague and open to arbitrary interference. 

In recent months, the Office of General Prosecutor (OGP) embarked on a spree, of resorting to official warnings and legislation on administrative offenses against online media. The Law on Prosecutor’s Office authorizes the OGP and subordinate prosecutor’s offices to issue official warnings. Also, the Code of Administrative Offenses (Article 54.2) gives unlimited power to the Prosecutor’s office to initiate administrative offense cases for any other case envisaged in the Code. Thus, the prosecutor’s office has the authority to take measures of responsibility and deterrence against the dissemination of prohibited information on the Internet under the existing legislation on administrative offenses and the law of the prosecutor’s office.

AIW’s legal analysis titled “Who regulates content online in Azerbaijan. Legal analysis,” published in May 2022, shared the increased pattern of prosecuting authorities’ inclination to intervene and persecute online media speech.

Since then, OGP continued to issue warnings and leveling administrative offenses in the following cases:

*On July 27, 2022, social media users Fikret Faramez oglu, the head of the “jamaz.info” website, Agil Alishov, the head of the “miq.az” website and Facebook users – Elchin Ismayil, Ali Jabbarli, and Nurana Fataliyeva were warned by the OGP as per Article 22 of the Law “On the Prosecutor’s Office”, not to allow for such negative circumstances in the future (on the grounds of dissemination of false information to undermine the business reputation of the Azerbaijan Army, create artificial agitation among citizens, as well as overshadow the work done in the direction of strengthening the state’s defense capabilities);

*The same day, Tofiq Shahmuradov (military journalist) was accused under Article 388-1.1.1 of the Code of Administrative Offenses by the OGP, and the Nizami District Court found him guilty and sentenced the journalist to one month of administrative detention (on the grounds of disseminating false information to undermine the business reputation of the Azerbaijan Army, create artificial agitation among citizens, as well as overshadow the work done in the direction of strengthening the state’s defense capabilities);

*On July 30, 2022, the Prosecutor General’s Office of Azerbaijan warned social network users Sakhavat Mammadov, Rovshan Mammadov, Zulfugar Alasgarov, Elgun Rahimov, Fuzuli Kahramani, Zeynal Bakhshiyev, and Ruslan Izzatli within the scope of the Law on Prosecution’s Office (on the grounds – the requirements to present facts and events impartially and objectively, and not to allow one-sidedness, were not observed during the publication of information in the media);

*On August 3, 2022, the OGP warned Facebook users – Tayyar Huseynli, Mubariz Sadigli, Nijat Dadashov, and Irshad Muradov over violating relevant online content regulation (incitement to hatred, privacy violation, and defamation);

*On August 4, 2022, the OGP warned Rustam Ismayilbayli (activist) over a social media post, based on Article 22 of the Law on Prosecutor’s Office;

*On September 16, 2022, Taleh Khasmmadov (human rights defender) was warned by the OGP based on Article 22 of the Law on Prosecutor’s Office (dissemination of unspecified information about the Azerbaijani army). The rights defender was warned not to violate laws.

None of these warnings and/or administrative offense cases meet the requirements of the freedom of expression and access to a fair trial envisaged within the international human rights standards or the constitutional obligations of the Republic of Azerbaijan.

Continued targeted cyber attacks against critics: post-November 2022 developments

 In November 2022, AIW published a lengthy legal opinion, “In Azerbaijan, hasty legislative measures in response to cyber threats, leave the protection of personal data on the back burner,” providing a comprehensive analysis of the domestic legislation and the government’s use of those laws and its adverse effects for the personal data protection in Azerbaijan.

Among identified gaps, the report noted that in Azerbaijan, the national legislation on personal data protection does not effectively protect individuals against the arbitrary use of their personal data by both public and private entities.

The analysis also indicates that the national laws restrict and control personal data with intrusive measures, such as equipping telecom networks with special devices, and real-time access to vast amounts of personal data, in the absence of a criminal investigation or judicial order. As such, the absence of clear and enforceable regulations to protect personal data against arbitrariness and flawed systems due to negligence puts personal data at a higher risk of infringements.

Azerbaijan although joined Convention 108, also known as the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data, in 2009, has not ratified Additional Protocol to Convention 108 which requires each party to establish an independent body to ensure compliance with data protection principles and lays down rules on trans-border data flows.

The rights related to personal data are guaranteed by Article 32 of the Constitution of Azerbaijan, which provides the right to privacy of personal and family life, including information transmitted by various means of communication, including correspondence, telephone, mail, and telegraph. The Constitution prohibits acquiring, storing, using, and spreading information about a person’s private life without his/her consent.

There is also the Law on Personal Data, adopted in May 2010 which regulates personal data through different normation legal acts, and the Decision of the Cabinet of Ministers of Azerbaijan about “the requirements for the protection of personal data” adopted in September 2010. However, previously published analyses on the matter, point out a number of shortcomings.

The weakness of Azerbaijani safeguard mechanisms was acknowledged by Global Cybersecurity Index, which placed Azerbaijan in 40th  place among 194 countries ranked by the index. The European Union’s EU4Digital Initiative also criticized the weakness of Azerbaijani mechanisms. According to the findings, Azerbaijani legislation was described as outdated and unable to protect personal data effectively while the government of Azerbaijan demonstrated no political will to overcome this problem.

Even the intra-country public cybersecurity assessment report found flaws in protection mechanisms (a lack of cybersecurity benchmarks for digital web providers).

The government-issued national strategy for overcoming the problem has not indicated positive results yet. Cyber-attacks increased following the second Karabakh war and peaked again during the September border clashes in 2022. Large-scale cybersecurity attacks were committed against several state institutions and banks in April 2022 and August 2022 the authorities refrained from explaining the extent of the damage and did not publicize the results of counteracting measures.

Gaps in legal remedies addressing government-sponsored cyber attacks

 In February 2023, AIW, published the report “Legal overview legal remedies (or lack thereof) in cases of online targeting,” showing how Azerbaijan does not effectively protect digital rights. The report focused on two types of violations – cyber-attacks, and covert surveillance, which occur frequently but is not prevented due to inadequate legal remedies.

For instance, there is no automatic notification system for covert surveillance, and there is no independent internal review body. Additionally, there are no rules against prosecutorial discretion, no mechanism to address conflicts of interest between law enforcement and state security bodies, and challenges concerning judicial avenues.

Within existing legislation, the country’s criminal law is one that addresses cyberattacks and breaches of privacy. According to the Criminal Code (Articles 155, 156, and 271-273), cyberattacks and violations of privacy and correspondence rights are prohibited and shall be punished. According to these legal norms in case such an act is committed by law enforcement officials, they are categorized as aggravated circumstances. In these cases, the investigative authority is the prosecutor’s office.

There are civil legal remedies under tort law. However, tort law remedies are effective in practice if the relevant breaches are found in the criminal case. Domestic law in a substantive manner also contains constraints against covert surveillance.

According to domestic procedural law (Code of Criminal Procedure), initial inquiries must be conducted based on reports from victims or others. If the initial inquiry finds, reasonable suspicion on allegations it must remit its preliminary investigation. If the prosecutor’s office dismisses the allegations and refuses to initiate a criminal case, interested parties have the right to apply to district courts. District courts have the authority to remit the case back. Moreover, the relevant official bodies shall conduct disciplinary proceedings about the allegations about their officials on cyberattacks and illegal covert surveillance.

In addition, concerning cyberattacks, there is another review body within the Ministry of Digital Development and Transport – the Cyber Security Service. While the cyber security service does not possess sanctions against authorities, it does have the authority to review the cyberattack claims and issue general warnings concerning cyberattacks. Furthermore, this body may inform other investigative authorities if the problem concerns these authorities. However, it doest not have the legal power to conduct an investigation itself nor can it be considered independent.

In its February report, AIW shared recent cases demonstrating the lack of interest by the law enforcement authorities to offer protection in cases of digital rights violations despite having an ex officio power to conduct criminal investigations. Since then attacks have continued.

The most recent state-sponsored attack was against imprisoned political activist Bakhtiyar Hajiyev. Prior to his arrest, Hajiyev criticized the Government, especially the activities of the Ministry of Internal Affairs. Last year, he was abducted by unknown persons and was forced to delete posts about the Minister of Internal Affairs. Up until today, it remains unclear who abducted Hajiyev. The activist was also subjected to a nasty blackmail campaign.

In December 2022, following his return to Azerbaijan from a trip abroad, Hajiyev was summoned by the Baku General Police Department. He was charged with hooliganism and contempt of court. Based on these charges Khatai District Court applied for a remand in custody, the decision was extended until April 28, 2023. Hajiyev went on a hunger strike twice during his detention. After more than 50 days, he stopped at the end of February 2023.

At the end of December 2022, some anonymous social media accounts shared private correspondence between Hajiyev and the media editor (Vusala Mahirgizi). The leaked conversations alleged Hajiyev was a marionette of one of the clans. Hajiyev published a statement in which the activist said, the correspondence was leaked as a result of hacking of his private communication and that the allegations of Hajiyev being marionette were false.

It is worth noting that this correspondence was leaked during calls for the activist’s release. The leak was largely viewed as an attempt to weaken the advocacy campaign for the release of Hajiyev.

Since February 22, 2023, however, Hajiyev has been the target of another blackmail campaign. A number of anonymous users on Telegram under different channels [‘Exposure of Bakhtiyar Hajiyev’] have been disseminating some of Hajiyev’s private information as well as other women the activist has corresponded with were leaked. Currently, one of the Telegram accounts has 4681 subscribers. Similar information was leaked by fake Facebook accounts. In addition to leaked correspondence, sexually explicit photos of several women who appear with Hajiyev were shared by these accounts. As a result, at least two women were forced to leave their homes and hide from their families, fearing reprisals for ‘immorality’ from their families.

It has been identified, that some parts of the correspondence were probably photoshopped according to media professionals. However, there are others that may be authentic.

These anonymous users also published the names of activists threatening to leak their conversations with Hajiyev as well. Some of these activists are advocates calling for Hajiyev’s release. Some activists whose private communications were leaked said, they would submit a complaint about it.

In the meantime, the Ministry of Internal Affairs said these leaks had nothing to do with them and that during Hajiyev’s arrest, they did not seize any of his devices. However, according to Hajiyev’s lawyers, Hajiyev arrived at the Baku General Police Department in his car and left his phone in the car. The car stayed there for three days and it is likely his phone was compromised during this period.

Meanwhile, the Telegram channels are still active. Hajiyev submitted a complaint to the Prosecutor’s Office about the first incident of cyberattacks. According to his lawyers, they will add a second incident also.

What is next?

The overall analysis and reports indicate that domestic legal remedies in the substantive and procedural law do not protect privacy rights up to satisfactory levels in Azerbaijan. While substantive law at the formal level safeguards digital rights, in practice, these safeguards have no real effects. Judicial remedies are insufficient because criminal procedural avenues in some circumstances are insufficient, and in other circumstances, the district courts cannot force for initiation of the criminal case against officials as the latter still depends on investigative bodies like the prosecutor’s office who decide whether or not to open a criminal case.

Moreover, civil and administrative judicial avenues are also not operational because the heavy burden of proof lies on claimants. In addition, internal disciplinary proceedings are not effective due to a lack of independent oversight bodies. Also, Cyber Security Service lacks real mandatory power in cyberattack cases in addition to independence issues. Therefore, in the cases of covert surveillance and cyberattacks by state authorities, domestic remedies are not effective. It should be added that other aspects of domestic remedies concerning internet freedoms also have challenges. For example, blocking access and official warnings by the prosecutor’s office are especially problematic. 

It is well established by the ECtHR in several cases against Azerbaijan that the domestic courts consistently fail to conduct effective judicial oversight in politically motivated cases and instead merely uphold the position of the executive authorities (see, among others, Aliyev v Azerbaijan, appl. No. 68762/14, 71200/14, 20/09/2018, para. 224).  Consequently, it may be concluded that procedural law and its safeguards against internet freedom violations have serious flaws. Moreover, practical case studies further furnish that the relevant investigative authorities and domestic courts are not interested in pursuing criminal investigation cyberattacks, covert surveillance, and upholding internet freedoms in the cases of access blocking and official warnings. 

The European Court of Human Rights (ECtHR) might be considered one of the most effective international avenues in terms of providing legal remedies for violations of internet freedoms. The effectiveness of the ECtHR lies in its ability to issue binding judgments against member states (namely, Azerbaijan) which can result in the provision of legal remedies for the victims of rights violations. However, there are systematic delays in the execution of the ECtHR judgments by Azerbaijan*, the Committee of Ministers of the Council of Europe continuously supervises the execution of judgments of the ECtHR by the member states and urges states to obey the judgments.


 *The Committee of Ministers of the Council of Europe (to which Azerbaijan is a party) mandates that member states comply with the judgments and certain decisions of the European Court of Human Rights. And yet, the court’s decision on Khadija Ismayilova group v. Azerbaijan (Application No. 65286/13) calling on Azerbaijan to duly investigate committed acts, where they [the authorities] failed to do so, and any possible connection and links between crimes committed against journalists and their professional activities, was not complied with.


Given the existing environment, the likelihood of further cyber threats and attacks continuing is high.

The Telegram channels targeting Hajiyev remain. Unidentified persons with ties to the law enforcement authorities have access to Hajiyev’s personal data, and their goal to continue abusing this access is likely. Moreover, the state authorities have broad opportunities to compromise other activists’ accounts and to disseminate their private communications. Therefore, cyber threats currently create a difficult challenge for civil society activists. It should be added that the Government does not commit to changing personal data protection laws and taking practical steps to prevent state-oriented or third-party cyber attacks.

International human rights mechanisms, especially international tribunals are the main source of protection against violations of privacy rights and cyberattacks. Especially bringing more applications before the ECtHR and the Human Rights Committee is very important. Currently, there is no case law of the relevant international human rights mechanisms concerning cyberattacks and privacy violations against Azerbaijan. Despite Azerbaijan not adhering to the judgments of international tribunals on violations of rights, such kind of implementation procedure might help improve the situation.

Due to the current problematic situation within the legal profession (lack of lawyers, lack of interest, and fear among lawyers to take up human rights cases), many cases cannot be brought before international tribunals. Most human rights lawyers are already overwhelmed with the volume of cases they represent. Therefore, international assistance in bringing these applications before international courts is a useful tool for counteracting violations. International human rights organizations must assist local human rights lawyers in bringing cases of personal data infringements to international courts (ECtHR, UN).

In the meantime, the government of Azerbaijan must be urged to adopt effective legal remedies and procedural safeguards against arbitrary and unlawful control of personal data with excessive and broad discretion. Minimum safeguards for the exercise of discretion by public authorities must include detailed rules on (i) the nature of the offenses (grounds) which may give rise to an interception order; (ii) duration, scope, and practical review of interception orders; (iii) the precautions to be taken when communicating the data to other parties.

An independent regulatory authority should be established to supervise and review complaints about personal data breaches. The laws must also be formulated with sufficient clarity and precision to give citizens an adequate understanding of the conditions and circumstances in which the authorities are empowered to resort to this secret and potentially dangerous interference with the right to respect for private life and correspondence.

International advocacy campaigning is a useful instrument for getting attention to the problem. New campaigns may bring the attention of international public bodies to the issue.

Finally, capacity-building activities on internet security issues should be continued and potentially targeted groups should be equipped with more information and tools in this area.

another telegram channel another public targeting campaign [updated March 9]

[Update] On March 9, Hajiyev told his lawyer, that the messages leaked were fabricated, while some were more than ten years old. The imprisoned activist also said, he suspects his device was infected with Pegasus and this is how the authorities were able to extract the information they have been disseminating online via Telegram channels. Rufat Safarov, a rights defender who heads the campaign calling for Hajiyev’s release said the blackmail campaign targeting Hajiyev aimed to discredit the activist, according to reporting by Turan News Agency.


Az-Net Watch documented numerous examples when civic activists were targeted via Telegram channels in the past. Often these channels are public and share private information and/or intimate content of the person targeted. Not once, attempts to investigate how the leaked data made it into these channels were successful. While targeted activists suspect the information was leaked by officials these suspicions were often either dismissed or unaddressed. So it was not at all surprising that yet another blackmail campaign has been making rounds on Telegram.

The channel originally called “Baktiyar’s exposure” was first discovered on February 24. Since then, the channel has been renamed to “Bakhtiyar Hajiyev Expose.” The first channel shared Hajiyev’s intimate photographs. The new one has videos of his correspondence with women. By the time this story was revisited AIW counted at least six different Telegram channels targeting Hajiyev.

His friends and colleagues suspect that these were extracted from his mobile device. Hajiyev currently is in administrative detention. He was arrested on December 9 and originally sentenced to 50 days in administrative detention. Since then, his detention period has been extended, most recently on February 23, 2023, by another two months. Meanwhile, the Interior Ministry denied allegations that they were somehow involved in the information being leaked.

According to reporting by Turan News Agency, the Ministry of Interior attempted to frame Hajiyev, alleging, it was the activist who leaked this information online. However that is impossible, says Rufat Safarov, the head of the Defense Line initiative that was set up shortly after Hajiyev’s arrest. Speaking to Turan News Agency, Safarov said, “Bakhtiyar has been behind bars since December. How could he possibly distribute this information online? His personal information was stolen and leaked purposefully to discredit him.”

In October of last year, the founder of Az-Net Watch, co-authored this story for IWPR explaining how Telegram is being used in Azerbaijan. “In Azerbaijan, the app has become a nexus for hate speech, propaganda, and the repression of dissent. In March 2021, multiple Telegram groups were identified in Azerbaijan sharing sex tapes and nude photographs of women. Among the victims were journalists, civic activists, and female family members of exiled political activists as well as ordinary women. The groups and pictures were reported to Telegram, but it took weeks before they were taken down. The damage to the women targeted was done. The channels shared sensitive videos of journalist Fatima Movlamli, the sister of exiled dissident blogger Mahammad Mirzali, civic activist Narmin Shahmarzade and Gunel Hasanli, daughter of opposition party leader Jamil Hasanli.”

Telegram’s “content moderation” problems

In 2021, Telegram’s founder Pavel Durov in a post on his channel justified why the platform won’t censor misinformation: “In my 20 years of managing discussion platforms, I noticed that conspiracy theories only strengthen each time their content is removed by moderators.” Meanwhile, the platform’s Vice President Ilya Perekopsky boasted about the platform’s neutrality when it came to content moderation, and specifically misinformation: “we just think people should have their opinion, right? If they disagree they can disagree. They can use telegram to express their opinions. From our side, we always stay neutral.”

In the case of imprisoned Hajiyev, this lax approach to content moderation or lack thereof has already caused significant damage to his reputation but it has also revealed the poor editing and fabrication skills of the people behind this blackmail campaign. Azerbaijani journalist Ulviyya Ali, shared the screenshots from the videos of chat conversations Hajiyev allegedly had with women, which were shared in some of the Telegram channels targeting Hajiyev.

Targeting women 

Activists in Azerbaijan also pointed out that it is not Hajiyev’s reputation that is placed on the line with this blackmail campaign, but the women too, whose photographs are shared in the absence of their consent. Last year BBC published this investigation about the use of the platform in targeting women specifically “to harass, shame and blackmail them on a massive scale.” Gulnara Mehdiyeva, a feminist activist who has been ttargeted herself in the past, said in a Facebook post on February 28, “Terrible things are happening in the country. The government, which is responsible for protecting the safety of citizens, deliberately and knowingly wants to make those women victims of suicide or murder.” Two years ago, Mehdiyeva was targeted in a video shared via Facebook, containing a series of leaked private audio messages, that were extracted from Mehdiyeva’s social media accounts and emails. In a February 28 Facebook post, Mehdiyeva also wrote that not only faces of these women were not blurred but the perpetrators of the blackmail campaign also shared the names of the women and at least in one correspondence leaked, the home address of one woman. One of the women whose identity has been exposed in this campaign, was Tunay Aliyeva, an actress and model who said this blackmail campaign was a “cybercrime and invasion of people’s privacy.” In a letter addressed to the First Lady and the First Vice President Mehriban Aliyev, the actress asked that the First Lady personally stepped in, as a woman and a mother herself, in order to put an end to this “abomination.”

At the time of writing this update, at least six groups were still active on Telegram. A source told AIW that one of the women had to escape her family after the latter learned of what has happened. The woman’s brother is allegedly after her to clean the family’s reputation.  

 

OONI measurements show ongoing internet censorship in Azerbaijan

Azerbaijan is known to block access to independent news media websites – we previously reported on this in July 2021. At the time, we analyzed OONI measurements collected from Azerbaijan between January 2020 to May 2021 and found that ISPs in Azerbaijan were blocking access to several independent news media and circumvention tool sites. We also found that amid the 2020 Nagorno-Karabakh war, ISPs in Azerbaijan temporarily blocked access to social media services, and attempted to block access to Tor and Psiphon.

But how has Azerbaijan’s internet censorship landscape changed (if at all) over the last year?

We attempt to address this question as part of this report. Specifically, we analyzed OONI data collected from Azerbaijan between January 2022 to February 2023 with the goal of evaluating which tested services presented signs of blocking, and whether new blocks had emerged over the past year (in comparison to our previous report). 

Key Findings

As part of our analysis of OONI measurements collected from Azerbaijan between January 2022 to February 2023, we found:

  • Blocking of news media websites. Azerbaijan continues to block access to several independent news media websites. OONI data also suggests that some ISPs in Azerbaijan may have started blocking access to the Guardian on 25th December 2022.
  • Azerbaijan and Russia block each other’s news media. In early June 2022, Azerbaijan started blocking access to Russia’s state-run RIA Novosti media website. Since (at least) 7th June 2022, Russian ISPs have been blocking access to Azerbaijani news media websites (`haqqin.az`, `minval.az`, `oxu.az`, `ru.oxu.az`, `ru.baku.ws`). These blocks remain ongoing.
  • Temporary blocking of TikTok amid border clashes with Armenia. During the September 2022 border clashes, both Azerbaijan and Armenia blocked access to TikTok. While the TikTok block was lifted in Armenia by 21st September 2022 (only lasting about a week), the TikTok block remained in place in Azerbaijan until November 2022 (lasting about 2 months). 
  • Blocking of circumvention tool sites. Azerbaijan continues to block access to numerous circumvention tool websites, potentially limiting the ability to circumvent internet censorship in Azerbaijan. However, most OONI measurements suggest that tested circumvention tools (Tor and Psiphon) appear to be reachable.
  • Variance of censorship across networks. While most ISPs in Azerbaijan appear to adopt similar censorship techniques (as we continued to observe connection timeouts in most anomalous measurements across ASNs), different ISPs block access to different websites over time.

Methods

Since 2012, OONI has developed free and open source software, called OONI Probe, designed to measure various forms of internet censorship. OONI Probe is run by volunteers in around 160 countries every month, and their test results are automatically published by OONI as open data in real-time. More than a billion network measurements have been collected and published from 25 thousand networks in 241 countries and territories over the last decade.

To examine internet censorship in Azerbaijan, we analyzed OONI measurements collected from Azerbaijan between January 2022 to February 2023. The goal of our analysis was to identify which websites and apps presented signs of blocking (“anomalies”) in Azerbaijan during the analysis period, particularly in comparison to blocks previously identified as part of our past research.   

Specifically, we analyzed measurements collected from OONI’s Web Connectivity test, which is designed to measure the blocking of websites (these websites are publicly hosted on the Citizen Lab test list Github repository). This test measures the accessibility of websites by attempting to perform a DNS lookup, TCP/IP connection, and HTTP GET request from two vantage points: (1) the local vantage point of the user and (2) a control network (non-censored network). The results from both networks are automatically compared and if they match, the tested URL is annotated as “accessible” (if the testing succeeds from the control vantage point). If the results differ, the tested URL is annotated as “anomalous”, which may provide a signal of potential blocking.

Depending on why the anomaly emerges, the anomalous measurement is automatically annotated as a DNS, TCP/IP, HTTP diff, or HTTP failure anomaly. For example, if the DNS lookup resolves to an IP address which differs from that resolved from the control vantage point, the measurement is annotated as a “DNS anomaly”, which may be a sign of DNS tampering.

However, false positives can occur, which is why we look at anomalous measurements in aggregate in order to determine if a tested URL consistently presents a large volume of anomalous measurements (in comparison to successful measurements) on a tested network. If a tested URL presents a large volume of anomalies, it may provide a stronger signal of potential blocking. If the types of anomalies are consistent (for example, always presenting DNS anomalies on a tested network), they offer an even stronger signal of potential censorship (since they suggest the use of a specific censorship technique, such as DNS hijacking). But beyond aggregating anomalous measurements, we also analyze the raw data pertaining to anomalous measurements in order to identify the specific errors that occurred as part of the testing, offering insight into how a tested URL is potentially blocked.

Based on our current heuristics, we automatically confirm the blocking of websites when a block page is served and we have added the fingerprint of that blockpage to our database. We also automatically confirm the blocking of websites based on DNS answers containing IP addresses that are known to be associated with implementing internet censorship. For other forms of censorship, we analyze OONI data in order to aggregate anomalous measurements and identify why and how those anomalies occur, offering insight into additional cases of potential blocking.

Acknowledgement of limitations

The findings of this study present several limitations, including:

  • Date range of analysis. The findings are limited to OONI measurements collected from Azerbaijan between January 2022 to February 2023. As a result, findings from measurements collected in different date ranges are excluded from this study.
  • Type of measurements. As part of this study, we primarily focus on OONI Web Connectivity measurements which pertain to the testing of websites for censorship. This focus was selected due to known website censorship in the country, while aggregate views of OONI measurements from other OONI Probe experiments did not present an important volume of anomalies that would have warranted more dedicated analysis.
  • Tested websites. OONI Probe website testing in Azerbaijan is primarily limited to URLs included in 2 Citizen Lab test lists: the global list (including internationally-relevant URLs) and the Azerbaijan list (only including URLs relevant to Azerbaijan). As these lists are tested by OONI Probe users and there are bandwidth constraints, they are generally limited to around 1,000 URLs. As a result, the lists may exclude other websites which are blocked in Azerbaijan, and the findings are limited to the testing of the URLs included in these lists. Given that the lists are community-curated, we acknowledge the bias in terms of which URLs are added to the lists. 
  • Testing coverage of websites. Not all URLs included in test lists are measured equally across Azerbaijan over time. Whether OONI data is available for a particular website depends on whether, on which networks, and when an OONI Probe user in Azerbaijan tested it. As a result, tested websites received different testing coverage throughout the analysis period, which impacts the findings.  
  • Tested ASNs. The availability of OONI measurements depends on which networks OONI Probe users were connected to when performing tests. As a result, the measurement coverage varies across ASNs throughout the analysis period, impacting the findings. 
  • Measurement volume. OONI measurement coverage from Azerbaijan has been rather limited over the years (in comparison to other countries), limiting our findings and confidence in confirming censorship events. The availability of OONI data depends entirely on volunteers running OONI Probe locally in Azerbaijan, which can be challenging in light of the political environment, potential risks involved with running OONI Probe, and the relatively limited digital rights community engagement opportunities in Azerbaijan. That said, we observe an important spike in the overall measurement volume from 14th September 2022 onwards (which has subsequently remained relatively stable), increasing our ability to detect censorship events thereafter. This is visible through the following chart. 

Chart: OONI Probe Web Connectivity testing in Azerbaijan between 1st January 2022 to 23rd February 2023 (source: OONI data). 

Background

In its latest Freedom on the Net report by Freedom House, Azerbaijan was ranked “not free” among 70 countries assessed for the report. Internet freedoms have been on an overall decline in the country for a number of years, however, the situation escalated during the 2020 war between Armenia and Azerbaijan. Since then, while blocking of social media platforms, and internet throttling have reduced, the state continues to implement various forms of digital surveillance combined with offline measures targeting civil society representatives on a regular basis. 

News websites critical of the authorities remain blocked, while the Law on Media enacted in February 2022 is yet another measure imposed by the state to restrict not only media freedom, and freedom of speech but also access to independent and opposition news. 

Journalists across the country remain concerned about the new law. Most recently they have joined in calls to abolish a new media registry introduced in the Media Law. 

Meanwhile, civic activists continue to face online targeting. Az-Net Watch in its December 2022 report, shared some of the findings of such attacks, identifying persistent trends of phishing attacks, questioning by the law-enforcement bodies over criticism voiced online, interference with personal data and devices, hacking attempts and installed spyware programs.

Findings

As part of our analysis of OONI measurements collected from Azerbaijan (between January 2022 to February 2023), we found a number of independent news media websites and circumvention tool websites blocked throughout the analysis period. Many of these blocks have been in place since at least 2020. Amid border clashes in September 2022, access to TikTok was blocked in both Azerbaijan and Armenia. We share further details in the sections below.

Blocking of news media websites

Several news media websites (which have been blocked over the last few years) continue to be blocked in Azerbaijan, according to recent OONI data analysis. 

The domains that presented the largest volume of anomalies (and overall testing coverage), thereby presenting the strongest signals of blocking in our analysis period, include:

  1. `azerbaycansaati.tv`
  2. `www.24saat.org`
  3. `www.abzas.net` 
  4. `www.azadliq.info` 
  5. `www.azadliq.org`
  6. `www.meydan.tv`
  7. `www.rferl.org`
  8. `www.gununsesi.org`
  9. `ria.ru`
  10. `www.theguardian.com`

While most of the above domains have been blocked in Azerbaijan over the last few years, the testing of `www.theguardian.com` only started to present anomalies (on several networks) in late December 2022 onwards (we discuss this case in more detail in the next section of this report). Meanwhile, Azerbaijan reportedly started blocking access to RIA Novosti (Russian state-owned news media) in early June 2022 over the publication of slanderous materials against Azerbaijan. At the time, RIA Novosti’s website (`ria.ru`) was only included in other countries’ test lists; we therefore added it to the Global test list to ensure that it gets tested by OONI Probe users in Azerbaijan and around the world. This is why OONI measurement coverage of `ria.ru` in Azerbaijan only begins in June 2022.  

Independent Azerbaijani media websites (such as `azadliq.info` and `meydan.tv`) have reportedly been blocked since early 2017 for “posing a threat” to Azerbaijan’s national security. The state prosecutor reportedly accused these websites of sharing content that promotes violence, hatred, extremism, violates privacy and constitutes slander. However, the blocking of these media outlets may have been politically motivated. Azadliq, for example, reported on the business dealings of Vice President Mehriban Aliyeva’s private foundation, while the website of Gunun Sesi (which has reportedly been blocked since August 2018) is operated by Parviz Hashimli, a former political prisoner. The blocking of the RFE/RFL website (`www.rferl.org`) also reportedly began in 2017 following an Azerbaijani court order.

The following chart aggregates OONI measurement coverage (from 26 ASNs) for the news media domains that presented the strongest signals of blocking in Azerbaijan between January 2022 to February 2023.

Chart: Blocked news media websites in Azerbaijan between January 2022 to February 2023 (source: OONI data).

Most OONI measurements from the testing of these media websites (excluding `www.theguardian.com`, which is discussed in the next section) presented anomalies throughout the testing period, providing a signal of blocking. In contrast, most of the other URLs tested from the Citizen Lab test lists during this period were found accessible (on the same networks in Azerbaijan).

What is evident from the above chart is that the vast majority of anomalous measurements presented connection timeouts (for sites hosted on both HTTP and HTTPS). A consistent failure type can offer a strong signal of blocking, since it suggests the use of specific censorship techniques. In this case, the connection timeouts may indicate the use of Deep Packet Inspection (DPI) technology for the implementation of blocks, given that the timeout only happens after the TLS ClientHello message. The fact that we observe the prevalence of connection timeouts across anomalous measurements aggregated across tested ASNs further suggests that most ISPs in Azerbaijan adopt similar censorship techniques.

This is further evident when viewing a per-ASN breakdown of the specific failures in the measurement of each of the blocked news media sites. The following chart, for example, presents the specific failures that occurred when `www.24saat.org` was tested on multiple ASNs in Azerbaijan during our analysis period. 

Chart: Measurement results (`OK` and specific failures) from the testing of `www.24saat.org` on multiple ASNs in Azerbaijan (source: OONI data). 

From the above chart we can see that most failures (across most tested ASNs) involve timeout errors (annotated in red). But we also observe some successful measurements (annotated as `OK` in green) on some of those networks too. To understand why those measurements were successful, we provide a further breakdown by testing targets. The following chart only presents measurement results (including specific failures observed in anomalous measurements) for the testing of the HTTPS version of the site (`https://www.24saat.org/`) across networks.  

Chart: Measurement results (`OK` and specific failures) from the testing of `https://www.24saat.org/` on multiple ASNs in Azerbaijan (source: OONI data). 

As we can see, the testing of the HTTPS version of the site was entirely successful on some networks, and presented consistent signs of blocking (consistently presenting connection timeouts) on others. In contrast, the testing of the HTTP version of the site (shared in the next chart below) shows that it presented signs of blocking on all of these tested networks.

Chart: Measurement results (`OK` and specific failures) from the testing of `http://www.24saat.org/` on multiple ASNs in Azerbaijan (source: OONI data). 

The fact that we observe more prevalent blocking of the HTTP version of the site (even though it supports HTTPS) suggests that the block is not implemented properly on certain networks.

Similarly, we observe the prevalence of connection timeouts in the testing of many other news media websites across ASNs. The following chart provides a per-ASN breakdown of the measurement results from the testing of `azerbaycansaati.tv`, showing that none of the measurements were successful, and that most presented connection timeouts.

Chart: Measurement results (including specific failures for anomalous measurements) from the testing of `azerbaycansaati.tv` on multiple ASNs in Azerbaijan (source: OONI data). 

The fact that the testing of `azerbaycansaati.tv` was not successful on any of the networks which received the largest volume of testing coverage, and that it consistently presented connection timeouts on most networks, provides a strong signal of blocking. 

Similarly, we observe that the testing of `www.azadliq.org`, `www.meydan.tv`, and `www.rferl.org` mostly presented connection timeouts on tested networks, as illustrated through the following charts.   


Chart: Measurement results (including specific failures for anomalous measurements) from the testing of `www.azadliq.org` on multiple ASNs in Azerbaijan (source: OONI data). 

Chart: Measurement results (including specific failures for anomalous measurements) from the testing of `www.meydan.tv` on multiple ASNs in Azerbaijan (source: OONI data). 


Chart: Measurement results (including specific failures for anomalous measurements) from the testing of `www.rferl.org` on multiple ASNs in Azerbaijan (source: OONI data).

OONI data also suggests that the site (www.occrp.org) of the Organized Crime and Corruption Reporting Project (OCCRP) is blocked in Azerbaijan as well. The blocking of the OCCRP site reportedly began in September 2017, following the publication of a major investigation (“Azerbaijani Laundromat”) into corruption, bribery, and money laundering in which powerful figures were allegedly involved. The following chart provides a per-ASN breakdown of the measurement results from the testing of `www.occrp.org`, showing that (similarly to the aforementioned blocked media sites) it presented connection timeouts on most networks.

Chart: Measurement results (including specific failures for anomalous measurements) from the testing of `www.occrp.org` on multiple ASNs in Azerbaijan (source: OONI data).

Overall, the prevalence of connection timeouts (observed for different websites measured on many different networks in Azerbaijan) provides a strong signal of blocking. These blocks appear to have been implemented several years ago, and remain ongoing. 

Blocking of the Guardian?

On 25th December 2022, the testing of `www.theguardian.com` started to present anomalies in Azerbaijan. The following chart aggregates OONI measurement coverage from the testing of `www.theguardian.com` on 10 ASNs in Azerbaijan between 1st October 2022 to 24th February 2023.

Chart: OONI Probe testing of the Guardian (`www.theguardian.com`) on 10 ASNs in Azerbaijan between 1st October 2022 to 24th February 2023 (source: OONI data). 

However, these anomalies were not observed on all tested networks in Azerbaijan. To better understand the anomalies, we provide a breakdown of the specific failures observed in anomalous measurements on networks that received the largest testing coverage (through the following chart).

Chart: Measurement results (including specific failures for anomalous measurements) from ASNs in Azerbaijan where the testing of `www.theguardian.com` presented anomalies between November 2022 to February 2023 (source: OONI data).

As is evident from the above chart, all anomalous measurements presented connection timeout errors (for both the HTTP and HTTPS versions of the site). The prevalence of connection timeouts, coupled with the fact that it is the same failure that we also observe in the blocking of other news media websites (discussed previously), provides a signal of blocking. 

While the data suggests that access to `www.theguardian.com` may be blocked on a few networks in Azerbaijan (particularly on AS29049 where we observe the largest volume of anomalies, which is consistent from 25th December 2022 onwards), it’s worth noting that it’s accessible on other networks (such as AS28787, where almost all measurements are successful). As we didn’t come across any news articles reporting the recent blocking of the Guardian in Azerbaijan (which could have helped corroborate the anomalous data), and the overall measurement volume is quite low, our confidence in confirming this potential block is rather limited.  

Azerbaijani news media websites blocked in Russia

Following the blocking of Russia’s state-run RIA Novosti media website in Azerbaijan in early June 2022, we were informed that certain Azerbaijani news media websites (`haqqin.az`, `minval.az`, `oxu.az`, `ru.oxu.az`, `ru.baku.ws`) were reportedly blocked in Russia. On 7th June 2022, we added these URLs to the Russian test list so that these websites could get tested by OONI Probe users in Russia. 

OONI data confirms that these Azerbaijani websites have been blocked in Russia since at least 7th June 2022, and that these blocks remain ongoing (as illustrated below).

Chart: OONI data on the blocking of Azerbaijani news media websites in Russia between 7th June 2022 to 24th February 2023 (source: OONI data).

The above chart aggregates OONI measurement coverage from numerous networks in Russia, showing that at least 5 Azerbaijani news media domains were blocked in Russia between June 2022 to February 2023. Throughout this period, we observe that almost all measurements are anomalous, suggesting that access to these Azerbaijani media sites is blocked on most tested networks in Russia. Russian ISPs adopt a variety of censorship techniques and, on some networks, we are able to automatically confirm the blocking of these Azerbaijani news websites based on fingerprints (as IPs known to be associated with censorship are returned as part of DNS resolution).

Temporary blocking of TikTok in Azerbaijan and Armenia amid border clashes

On 12th September 2022, fighting erupted between Azerbaijani and Armenian troops along their border. The next day (13th September 2022), both Azerbaijan and Armenia started blocking access to TikTok amid the border clashes. 

On 14th September 2022, Azerbaijan’s state security services announced the temporary suspension of TikTok. According to the statement, the content circulating on the social media platform was revealing military secrets and forming wrong opinions in society. As a result, the State Security Service decided to temporarily block access to the platform. Similarly, OONI data shows that the testing of TikTok also started to present signs of blocking in Armenia from 13th September 2022 onwards.

At the time, we published a report documenting the block in both countries based on OONI data. Specifically, we found that Azerbaijan blocked access to the main TikTok website (`www.tiktok.com`) and several endpoints essential to its functionality on at least 3 networks (AS29049, AS41997, AS31721). On all networks where we identified blocking, it seemed to be implemented by means of TLS level interference by dropping packets after noticing a disallowed server_name. We also observed some level of inconsistency, as ISPs in Azerbaijan blocked TikTok based on different lists of TikTok endpoint domains.

In Armenia, TikTok was blocked on at least two networks (AS44395, AS43733). Not all tested networks in Armenia implemented the TikTok block and censorship techniques varied from network to network. TikTok interference was observed at the DNS level by returning an NXDOMAIN error, an IP address associated with www.google.com, or a set of unrelated IP addresses which offer an invalid TLS certificate (it’s an expired certificate for `it.domain.name`). Several endpoints used by the TikTok app and website were also blocked on at least one network in Armenia.

By comparing aggregate OONI measurements from the testing of TikTok’s website (`www.tiktok.com`) in Azerbaijan and Armenia between 1st September 2022 to 24th February 2023, we can see that both countries started blocking access to TikTok amid the September 2022 border clashes, but that the block remained in place in Azerbaijan for much longer than in Armenia. 

Chart: OONI Probe testing of TikTok (`www.tiktok.com`) in Armenia and Azerbaijan between 1st September 2022 to 24th February 2023 (source: OONI data).

Specifically, we observe (through the above chart) that the TikTok block was lifted in Armenia by 21st September 2022 (only lasting about a week), while the TikTok block remained in place in Azerbaijan until November 2022 (lasting about 2 months).

Similarly to the testing of `www.tiktok.com`, OONI data suggests that Azerbaijan blocked numerous TikTok endpoints as well during the same period (between mid-September 2022 to mid-November 2022), as illustrated through the following two charts.  

Chart: OONI Probe testing of TikTok endpoints in Azerbaijan between 1st September 2022 to 30th November 2022 (source: OONI data).Chart: OONI Probe testing of TikTok endpoints in Azerbaijan between 1st September 2022 to 30th November 2022 (source: OONI data).

The fact that TikTok’s website (`www.tiktok.com`) and numerous TikTok endpoints presented anomalies on multiple tested networks in Azerbaijan during the same period provides a strong signal of blocking. 

Between September to November 2022, the anomalous measurements from the testing of TikTok in Azerbaijan show that many of them time out when attempting to establish a TLS handshake to the target endpoint. While many such measurements are annotated (on OONI Explorer) as presenting DNS inconsistency, we were able to exclude that by validating that the returned IPs are able to complete a TLS handshake with a valid certificate for the target domain name. Moreover, when issuing an HTTP request with the appropriate headers, the response payload is consistent with the response from an endpoint served to a user in Europe. By inspecting the response header and server certificate, it seems to be an Akamai cache.  

Blocking of circumvention tool websites

Circumventing internet censorship in Azerbaijan can potentially be challenging, as numerous circumvention tool websites have been blocked in Azerbaijan over the past years. Our latest analysis shows that these blocks remain ongoing.

The following chart aggregates OONI measurement coverage for popular circumvention tool websites that presented a large volume of anomalies throughout the testing period in Azerbaijan.

Chart: Blocked circumvention tool websites in Azerbaijan between January 2022 to February 2023 (source: OONI data). 

Multiple circumvention tool websites (including `www.torproject.org`, `psiphon.ca`, and `www.tunnelbear.com`) continue to show signs of blocking on some networks in Azerbaijan, as illustrated through the above chart. Specifically, OONI data shows that when these sites were tested, we frequently observed the timing out of the session after the ClientHello during the TLS handshake. It’s worth noting though that these sites are not blocked on all networks in Azerbaijan, as some measurements were successful. 

While many popular circumvention tool sites appear to be blocked in Azerbaijan, it’s worth highlighting that certain circumvention tools may work in the country. OONI Probe also includes tests designed to measure the reachability of the Psiphon, Tor, and Tor Snowflake circumvention tools. 

Between January 2022 to February 2023, OONI Probe testing of Psiphon shows that it was reachable on tested networks in Azerbaijan, as illustrated below.

Chart: OONI Probe testing of Psiphon on 29 ASNs in Azerbaijan between 1st January 2022 to 25th February 2023 (source: OONI data).

Most measurements (collected from 29 ASNs during the testing period) show that it was possible to bootstrap Psiphon and use it to fetch a webpage, suggesting that the circumvention tool worked on tested networks in Azerbaijan.

While the testing of Tor presented anomalies throughout the testing period, most measurements from September 2022 onwards (when we also observe a spike in the overall measurement volume) suggest that Tor was reachable on most tested networks in Azerbaijan. 

Chart: OONI Probe testing of Tor on 28 ASNs in Azerbaijan between 1st January 2022 to 25th February 2023 (source: OONI data).

In Tor anomalous measurements, we see that attempted connections to Tor directory authorities failed on some networks. However, we also see that most connections to both Tor directory authorities and Tor bridges were successful (on many networks), indicating that it may have been possible to use Tor in Azerbaijan. 

Quite similarly, OONI data shows that it was possible to bootstrap Tor Snowflake on most networks in Azerbaijan throughout the testing period.

Chart: OONI Probe testing of Tor Snowflake on 20 ASNs in Azerbaijan between 1st January 2022 to 25th February 2023 (source: OONI data).

This suggests that while the Psiphon and Tor Project websites appear to be blocked on some networks in Azerbaijan (as discussed previously), their tools appear to work in the country (at least on tested networks). 

Conclusion

Azerbaijan continues to limit press freedom by blocking access to several independent news media websites – the blocking of which appears to be politically motivated. OONI data also suggests that some ISPs in Azerbaijan may have started blocking access to the Guardian on 25th December 2022, but the relatively limited measurement coverage and the seeming absence of news articles reporting the block limit our confidence in confirming this. 

In early June 2022, both Azerbaijan and Russia started blocking access to each other’s news media websites. In early June 2022, Azerbaijan started blocking access to Russia’s state-run RIA Novosti media website over the publication of slanderous materials against Azerbaijan. Since (at least) 7th June 2022, Russian ISPs have been blocking access to Azerbaijani news media websites (`haqqin.az`, `minval.az`, `oxu.az`, `ru.oxu.az`, `ru.baku.ws`). 

Amid the September 2022 border clashes, both Azerbaijan and Armenia started blocking access to TikTok. However, while the TikTok block was lifted in Armenia by 21st September 2022 (only lasting about a week), the TikTok block remained in place in Azerbaijan until November 2022 (lasting about 2 months). But this was not the first time that Azerbaijan blocked access to a social media platform during the conflict. Azerbaijan previously blocked access to social media platforms during the 2020 Nagorno-Karabakh war.

Both social media blocks during times of conflict and long-term news media blocks (as those seen in Azerbaijan) generally indicate government attempts to control political narratives. While numerous circumvention tool websites appear to be blocked in Azerbaijan (potentially limiting the ability to circumvent blocks), it’s worth noting that several circumvention tools (such as Tor and Psiphon) may work in the country. 

This study was carried out through the use of open methodologies, free and open source software, and open data, enabling independent third-party verification of our research findings. We encourage researchers to expand upon this study by running OONI Probe and analyzing OONI measurements from Azerbaijan.   

Acknowledgments

We thank OONI Probe users in Azerbaijan for contributing measurements, and supporting this study.

political activist arrested over social media post

Member of the opposition Popular Front party, Zaur Usubov, was arrested on February 21 and sentenced to 25 days in administrative detention according to reporting by Turan News Agency. The activist was officially charged with an all too common article – resisting police. 

Popular Front said, Usubov, was arrested over critical of the authorities’ social media posts, and that the charges leveled against the member are bogus. 

According to Turan News Agency, Usubov is the sixth party member arrested this year [2023] so far. Five of them, including Usubov, were handed administrative detention while another member is facing criminal charges while the investigation is ongoing. 

Police in Azerbaijan is accustomed to resorting to physical measures against civic activists who are critical of the authorities online. As documented by Az-Net Watch, there have been scores of similar examples in the past.  

Legal overview: legal remedies (or lack thereof) in cases of online targeting

In the last decade, the rise of the repressive policy by the government of Azerbaijan against digital rights necessitates the discussion of the legislation and legal remedy aspects of it. As such, in our following legal review, together with a legal expert, we chose to focus on how the state has been resorting to unlawful persecution measures against critics online, in particular, human rights defenders, activists, journalists, and lawyers. 

In the analysis presented below, we look at the general trends of online targeting, the existing legal remedies in domestic law, and their effectiveness.

Background information

During 2022, Azerbaijan Internet Watch documented numerous cases of prison sentences handed out on charges of defamation, the arbitrary application of provisions of the Administrative Penalty Code and the Law “On information, informatization and information protection” to limit freedom of expression on the internet, including increased reports of cyber-attacks against activists and media professionals.

In its recent annual report published on 16 December 2022, AIW indicated that overall, 2022 has been no different than recent years in terms of online attacks and internet censorship. Human rights defenders, activists, politicians, and media professionals in Azerbaijan are increasingly becoming victims of cybercrimes, including electronic surveillance, privacy infringement, and cyberstalking, due to their independent and legitimate professional activities. The online targeting of individuals critical of the government has become increasingly frequent and constant. And yet neither of these cases has been effectively investigated, and the perpetrators have not been identified.

Despite the active use of the criminal and administrative offenses legislation, including other technical resources to limit freedom of expression on the internet [including the blocking of key opposition and independent news websites, summoning and punishing individuals for critical opinions distributed online], the state systematically fails to provide effective investigation on the complaints of the individuals subject to unlawful covert surveillance (Pegasus), cyber-attacks, online blackmailing and hacking attempts against activists and media professionals. In most cases, reveal that online harassment against government critics is organized by the government or government-linked institutions.

In April 2022 report, Meta reported that it removed a hybrid network operated by the Ministry of Internal Affairs of Azerbaijan that combined cyber espionage with Coordinated Inauthentic Behavior (CIB) to target civil society in Azerbaijan by compromising accounts and websites to post on their behalf.

Domestic remedies against cybercrimes often committed against HRDs, activists, and media

In recent years, scores of human rights defenders, civic activists, journalists, and politicians in Azerbaijan have been complaining about hacking attempts (or hacking) into their personal and professional e-mails, social media accounts, and instant messaging (WhatsApp) accounts. Other complaints include impersonating social media accounts, disseminating false information on their behalf, and publishing their private correspondence, intimate photos, and videos, breaching privacy resulting from intrusion in the intimate life of individuals through illegal tapping. Furthermore, political activists sometimes face pressure from local police to share their phone passwords during arrests.

Once personal information is unlawfully seized at least several constitutional rights and freedoms, such as the right to privacy (Article 32 of the Constitution), the right to honor and dignity (Article 46 of the Constitution), and the right to freedom of thought and speech (Article 47 of the Constitution) are at stake.

Lawyers in Azerbaijan mostly use various available legal mechanisms to protect the rights of targeted individuals. Illegal interception of personal data, violation of the confidentiality of correspondence and other information, and violation of privacy, including certain cybercrimes such as illegal intrusion, illegal acquisition, and unlawful interference with computer systems are criminalized by the criminal law of Azerbaijan. As such, lawyers rely on existing criminal law when submitting complaints to law enforcement authorities, requesting to conduct a criminal investigation regarding the alleged committed act prohibited by the criminal law.

What remedies are available to counter online harassment? To what extent are they effective?

Lawyers with extensive experience defending human rights defenders and activists targeted by cybercrimes say that the Azerbaijani law enforcement authorities and the judiciary are systematically rejecting investigations of cybercrimes committed against government critics.

So in which circumstances and conditions legal safeguards and remedies are functioning and to what extent they are effective? We take a look.

General overview of the relevant legislation

Digital security rights, in a general manner, are safeguarded by the Azerbaijani legal framework. The Azerbaijani legal system enshrines the following legal regime concerning digital security.

General constitutional protection and incorporation of international law

The Constitution provides, inter alia, order public conditions on digital security. According to Article 32 of the Constitution, privacy rights are secured. The privacy rights that the Constitution prescribed are negative and positive in nature – these rights protect against possible governmental interference (negative aspect) and possible trespass by third parties. Constitutional privacy protection not only provides preservation against off-line intrusion but also implies online targeting according to its meaning. Therefore, Article 32 of the Constitution plays a role as a key to digital security rights. In addition, Article 68 of the Constitution determines the prohibition of arbitrary actions of state authorities and recognizes the right to compensation.

The Constitution also incorporates international human rights obligations of the Republic of Azerbaijan. The Azerbaijani Constitution adopts a monist type of international law implementation which means direct integration of international law rules concerning human rights regulation.

The Republic of Azerbaijan has ratified the International Covenant on Civil and Political Rights (1966) (ICCPR) and European Convention on Human Rights (1950) (ECHR). Both ICCPR (Article 19) and ECHR (Article 8), as well as, the jurisprudence of the implementation bodies (in the case of the ICCPR is the Human Rights Committee (HRC) and in the case of the ECHR is the European Court of Human Rights (ECtHR)) safeguard digital security rights as a part of privacy rights. Moreover, the Convention on Cybercrime (a.k.a. the Budapest Convention) (2001) of the Council of Europe – seeking to address Internet and computer crime (cybercrime) by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations – was ratified by Azerbaijan in 2009.

Both ICCPR and ECHR honor contracting states with two types of obligations – negative and positive. This means, that the state authorities shall not directly involve the right to privacy including digital security rights against the requirements of domestic law, without legitimate aims and against the requirement of democratic necessity, and with violation of proportionality (tripartite requirement of interference of qualified civil rights). In addition, the state authorities have a positive obligation to protect digital security under privacy rights from third parties, also to initiate effective procedural safeguards.  

As such, Azerbaijani legislation prescribes constitutional (order public) protection for digital security and harmonizes international law protection with domestic law. However, mere general constitutional protection is not enough for the effective implementation of human rights. The next level is ordinary legislation.

Substantive law

The substantive legal norms concerning digital privacy rights are mainly set out in criminal law and, in nature, prohibitory sanction rules.

Criminal law provisions are arranged in the Criminal Code. Criminal Code prescribes both general privacy rights violations and specific cybercrimes. General privacy rights violations are Articles 155 (violations of correspondence privilege) and 156 of the Criminal Code (violations of privacy rights). Specific cybercrimes are set out in Articles 271-273 of the Criminal Code (Article 271 prohibits illegal intrusion, Article 272 bans illegal acquisition, and Article 273 forbids unlawful interference). In addition, Criminal Code also proscribes violation of operational-search activity by law-enforcement bodies concerning privacy and digital rights. Both state and non-state actors are liable for violations of the above-mentioned criminal law sanctions. According to Criminal Code (Articles 156.2.1, 271.2.3, 272.2.3, 273.3.3 of the Code), the commission by the state officials of the above-mentioned criminal law rules is considered an aggravated circumstance.

In addition to criminal law, civil law/code provisions also offer protection against the violations of privacy and digital rights. codes prescribe protection for digital security. Criminal code safeguards are general protections and not specified for purposes of digital security. Article 1096 of the Civil Code sets general criminal code rules for delictual (civil wrong) liability. On the other hand, Article 1100 of the Civil Code specifies delictual liability for state authorities.

It must be noted that different codes of conduct for state officials and law enforcement bodies also enshrine the protection of privacy rights (which also implies digital security) and require disciplinary sanctions against the perpetrators.

The substantive law also contains relevant remedies for covert surveillance. The state control over compliance of the covert surveillance-related-obligations of the telecommunication operators and providers is regulated largely via the Law “On Telecommunications”, the Law on “On Personal Data”, the Law on “On Operational Search Activities”, the Criminal Procedure Code and Decrees of the President of the Republic of Azerbaijan and Decisions of the Cabinet of Ministers of the Republic of Azerbaijan.

AIW’s legal analysis on the State of Internet Freedom in Azerbaijan, a legal overview (July 29, 2021) reveals the gaps within the legislation, policy, and practice that fail to comply with international legal standards in the field of covert surveillance.

Article 11 of the Decision of the Cabinet of Ministers No. 174 dated November 7, 2002 “On additional conditions required for the issuance of special permits (licenses) depending on the nature of the activity”[2] requires the telecommunication service providers to install special-purpose equipment, determined by the State Security Service (SSS) and the Ministry of Internal Affairs. This equipment allows the security services and the ministry of the interior to access data and information across all types of telecommunication networks for the purpose of ensuring national security. And legislation requires the installment of the special equipment as an additional requirement for granting special consent (license) for the cellular (mobile) communication services/companies. In case of a refusal to install this equipment, companies/services are refused operational licenses.

Procedural law and jurisdiction

Pursuant to Articles 215.2, 215.3, and 215.5 of the Code of Criminal Procedure, if it is identified that the privacy (digital) rights violations are conducted by third parties (non-state actors), then the jurisdiction to investigable falls within the Ministry of Internal Affairs or the State Security Service (depending on their competence).

According to Articles 204-207 and 215 of the Code of Criminal Procedure, the local or qualified body of the ministry of the interior or the state security services shall initiate the criminal case based on reports of the victim or others. If the initial inquiry finds more evidence of a breach of rights, then a preliminary investigation has to be conducted. Based on the results of the preliminary investigation, perpetrators might be identified and brought to trial. Violations of privacy rights (including digital security) are considered less serious crimes by Criminal Code and therefore, the trial jurisdiction lies on ordinary district courts.

It is identified that the privacy (digital) rights violations are conducted by state officials (including law enforcement officials), then investigative jurisdiction falls within the Office of the General Prosecutor. The subordinate prosecutor’s offices or qualified bodies of the prosecutor’s office shall initiate the criminal case against officials or based on the fact, shall conduct a preliminary investigation. Based on the conclusions of the preliminary investigation, relevant official (officials) might be held accountable and brought to trial. The trial jurisdiction again belongs to the ordinary district courts.

If the relevant investigatory bodies fail to initiate the criminal case, interested parties have the right to challenge the decision or action on non-initiation of the criminal case under judicial review procedure pursuant to Articles 122 and 449 of the Code of Criminal Procedure.

Criminal Code procedures shall be conducted with ordinary district courts or administrative courts. If the statement of claim is directed against a third party, then it is accepted as a civil case and should be heard by an ordinary civil court. The relevant trial procedures are prescribed by the Code of Civil Procedure. If the statement of claim is directed against state bodies, then it is an administrative law dispute and must be heard by an administrative court following the trial procedures based on the Code of Administrative Procedure.

Disciplinary actions are initiated based on complaints or ex officio, by relevant state bodies and follow procedures that prescribe the codes of conduct or internal disciplinary reviews.

In addition, concerning cyberattacks, there is another review body within the Ministry of Digital Development and Transport – the Cyber Security Service. While the cyber security service does not possess sanctions against authorities, it does have the authority to review the cyberattack claims and issue general warnings concerning cyberattacks. Furthermore, this body may inform other investigative authorities if the problem concerns these authorities.

Specifics of the criminal law sanctions and operational-search remedies

According to Article 156 (violation of the inviolability of private life) of the Criminal Code, actions that breach the inviolability of private life are prohibited and subject to criminal liability. According to Article 156.1 of the Code, the dissemination, illegal sale or transfer, and illegal collection of information that constitutes a secret of private and family life, as well as the documents, video and photographic materials, and audio recordings containing such information, are all subject to criminal liability.

It should be noted that private life information may be collected on legal grounds and conditions in the manner prescribed by law. Relevant state bodies can do this on the grounds provided by law. However, there are no such grounds provided by law in the complainant’s case. Therefore, the collection of information about the complainant in this manner should be considered as the acts provided for in Article 156.1 of the Criminal Code, that is, the collection of information or an attempt to collect such information, which is a secret of private and family life.

According to Article 271.1 of the Criminal Code, accessing a computer system or any part of it without the right to access it or any part of it by breaching security measures in order to collect computer information stored there or with other personal intent calls for criminal liability. It should be noted that Articles 271 and 272 of the Criminal Code pertain to cybercrime and are primarily concerned with computer information. However, smartphone devices already have the potential to contain all or part of traditional computer data. In this regard, part of the complainant’s computer data is contained in the relevant parts of his/her smartphone. So when scores of civil society activists in Azerbaijan were targeted with Pegasus spyware, the perpetrators thus illegally infiltrated the complainant’s computer system and illegally acquired computer information. This action demonstrates the commission of a criminal offense under Article 271.1 of the Criminal Code.

In the case the latter offense was committed by an official while abusing his/her official interests, the act is then considered an aggravating circumstance according to Article 271.2.3 of the Criminal Code.

According to Article 272.1 of the Criminal Code, the intentional gathering of computer information not intended for public use, transmitted to the computer system, from the computer system, or within the system, including electromagnetic radiation from the computer systems, which are carriers of such computer information, using technical means by a person not entitled thereto, causes criminal liability. The above-mentioned legal analysis of Article 271.1 of the Criminal Code also applies to Article 272.1 of the Criminal Code.

Article 302 of the Criminal Code (“Violation of the legislation on operational search activities”) criminalizes violation of the law on operational search activities. According to Article 302.1 of the Criminal Code, among other things, the implementation of such activities by authorized persons in the absence of any ground established by law, entails criminal liability, if it causes a significant violation of the rights and legally protected interests of the person. According to Article 302.2 of the Criminal Code, the violation of the law on operational search activity with the intent to secretly obtain information using technical means is considered an aggravating circumstance.

The Operational-Search Activity Act (OSA) and Code of Criminal Procedure allow targeted persons to raise complaints concerning covert surveillance.

Art 4(4) of the OSA stipulates, “[a]ny person, whose rights and liberties have been violated as a result of the actions of the agents of the operative search activity, shall be entitled to complain to the head of the authority – higher in rank to the agents of the operative search activity, prosecutor or the court.”

  • The first type of claims available under Azerbaijani law is ‘internal claims’ – claims against the head of the alleged authority that conducted the surveillance.
  • The second type of claim is a claim to a prosecutor.
  • A third type of claim is a claim to a Court.

Effectiveness of legal remedies in the light of international human rights obligations

Legal remedies concerning covert surveillance

The available remedies shared above, concerning covert surveillance are not effective in practice due to the following reasons:

Firstly, given that there is no method of notification as to whether they were under surveillance or not, no domestic remedies are available to challenge and investigate instances of covert surveillance by authorities, given their inextricable link (Zakharov v Russia at [234]; see also Association for European Integration and Human Rights and Ekimdzhiev v Bulgaria App No. 62540/00, 28.06.07 at [91]; Szabo and Vissy v Hungary App No. 37138/14, 12.01.16 at [86]).

As mentioned above Art 4(4) OSA sets out relevant remedies. However, this provision does not establish a freestanding claim under the OSA – rather it merely reflects that claims are available under other procedures.

‘Internal claims’ remedies (the first type of remedy) are claims against the head of the alleged authority that conducted the surveillance. The ECtHR has found that such complaints are ineffective as they “do not meet the requisite standards of independence needed to constitute sufficient protection against the abuse of authority” (Zakharov at [292]). As such, any available internal remedies are ineffective.

Prosecutorial review is the second type of remedy. This remedy is not effective either, because it is based on prosecutorial discretion. Once the prosecutor refuses jurisdiction over a complaint or initiates a criminal case,  this remedy becomes ineffective.

In the Pegasus spyware case prosecutor general’s refusal of jurisdiction over complaints, challenged the potential victims’ procedural rights. The prosecutor general remitted the complaints to the state security services which in the case of Pegasus, were a party of interest,  and therefore, constituted a conflict of interest. By passing the investigation to the state security services, the investigation lost the requisite degree of independence given the same body was involved in carrying out the covert surveillance, which is contrary to the case-law standards (c.f. Kennedy v UK at [167-8]) of the European Court of Human Rights.

Judicial claim avenues are a third type of legal remedy. Azerbaijani legislation offers no bespoke judicial remedy for illegal surveillance (c.f. the IPT in Kennedy v UK). Instead, there are only general methods of judicial review either under the criminal procedural code or under civil or administrative law. These are ineffective remedies as well:

  • Whilst it is theoretically possible to judicially review a judicial order authorizing covert surveillance, it is impossible in practice. The decision to authorize covert surveillance is done via the closed court in the absence of the target (CPC Art 447.3.3), and targets of surveillance do not have the right to receive the judge’s decision implementing the operational-search measure (CPC Art 448.6). Whilst a decision of the judge implementing operative-search measures may be appealed within three days after the announcement of the court decision (Arts 452-54 CPC), given that the target neither has the right to be present at the hearing nor receive the decision, this right has no practical value in cases of covert surveillance;
  • A claim in the civil courts is impossible. Applicants bear the burden of proof (Code of Civil Procedure Art 77), and given that proper notification of covert surveillance is unavailable, it is impossible to meet this burden to bring a claim against an authority that also contradicts the views of the European Court of Human Rights (Zakharov at [296]);
  • While a claim under the administrative courts is theoretically possible, it is equally ineffective. Whilst an administrative court is obliged to undertake an objective investigation on their own motion (Art 24 Code of Administrative Procedure (CAP)), in practice this is not observed and a de facto burden of proof is placed on an applicant to provide prima facie evidence of the improper administrative act. Without any evidence of the body conducting alleged covert surveillance, it is impossible to lodge an administrative complaint against authorities. Further, the administrative courts have no jurisdiction over criminal procedures (CAP Art 3.2.1), and if an authority claims that an individual is under criminal investigation the administrative courts will not accept the jurisdiction. Further, the administrative court may refuse to hear cases involving an administrative act in connection with the prevention or elimination of the threat that may cause damage to public or state interests (CAP Art 21.3.2);
  • Finally, a complaint to the Constitutional Court of Azerbaijan is not an effective remedy either (Ismayilov v. Azerbaijan No 4439/04, 17 January 2008).

Remedies against cyber attacks

The above-mentioned conclusion, mutatis mutandis, is effective for cyberattacks also. For cyberattacks, the main relevant remedy is a criminal complaint to law enforcement bodies. However, due to technical issues, many people do not have the information about whom they were targeted. Under normal circumstances, such kind of technical issues should be tackled by an investigation. However, due to prosecutorial discretion and lack of effective investigation against state officials, the criminal complaint mechanism is not effective in practice. In addition, the Cyber Security Center is not an effective remedy in practice. Because this body also is not independent and has no relevant legal powers to conduct an investigation. Consequently, criminal law and administrative law remedies are not effective. In such cases, civil law remedies also cannot be effective due to burden of proof issues (see above).

Specific case studies

There are several case studies that demonstrate that law enforcement authorities are not interested in protecting digital privacy rights despite having an ex officio power to conduct a criminal investigation:

  • On May 4, 2021, a well-known lawyer Fuad Aghayev said there was an attempt to hack into his Facebook account. Lawyer said that an unknown person wrote to him from Ilham Huseyn’s (active member of Azerbaijani Popular Front Party) account and asked him to download a program similar to “Zoom”, but “safer” for an interview. The lawyer after refusing to download the “unknown app”, called Ilham Huseyn’s phone and realized that Huseyn’s account was hacked and that the message sent to the lawyer was from the perpetrator behind the hacking.
  • On March 1, 2021, a well-known lawyer Elchin Sadigov, said that smear campaigns against activists were not investigated properly and despite lodged complaints about targeted online attacks, in many cases, the courts do not investigate these complaints.
  • On May 15, 2020, the opposition Azerbaijani Popular Front Party (APFP) accused the government of cyberattacks against party activists’ social media accounts. In a statement, the Party noted that as a result of hacker attacks, the Facebook accounts of Emil Selim, Ilham Huseyn, Orkhan Selimzade, and Emin Maniyev were hijacked. In addition, fake social media accounts were created impersonating members of the party’s presidium – Fuad Kahramanli, Asif Yusifli, and Mammad Ibrahim, with the intention to harm their reputation and create chaos in society from these accounts.
  • On March 17, 2021, Bakhtiyar Hajiyev and Narmin Shahmarzade accused the Azerbaijani authorities and law enforcement agencies of the cyber-attacks they were facing. Shahmarzade’s Facebook profile was hacked and her personal images and correspondence were disseminated without her consent. One of the unlawfully disseminated correspondence was Shahmarzade’s conversation with social activist Bakhtiyar Hajiyev.
  • Another activist, Gulnara Mehdiyeva, was also targeted online. Her social media accounts, email, and communication apps were compromised. So were her backups (archives were backed on Google drive to which she lost access after her personal email was compromised). Although Mehdiyeva regained access to her accounts the damage was extensive. From the account logs, the activist discovered that the perpetrator prepared large bundles of data for download – likely including her email and social media archives, photographs, and other data. The hacker also deleted three Facebook groups dedicated to LGBTQI+ and women’s rights, which Mehdiyeva administered. The attack also exposed the identities of those in the private groups – placing many people, including minors and other vulnerable individuals, at potential risk. Forensics investigation identified two IP addresses from where the attack was carried out. One was previously used in other attacks against independent media in Azerbaijan and was connected to the internet infrastructure of the Ministry of Interior.

In Gulnara Mehdiyeva’s case, the applicant’s lawyer appealed to the Yasamal District Police, where the latter refused to launch a criminal investigation on  October 6, 2022. The lawyer appealed the decision of the Yasamal district police to the Yasamal District Court. The applicant’s lawyer referred to the legal grounds that the applicant’s account on social networks was illegally hacked and her personal information was seized, making a claim that this event creates the constituent elements of Articles 155, 156, 272, and 273 of the Criminal Code.

Dismissing the applicant’s appeal, the District Court considered that the criminal act in Article 272 of the Criminal Code is related to the interception of computer data but not the data of the social media accounts noting that computer data and social network data are different from each other.

Furthermore, the Court also considered that the criminal acts in Articles 155 and 156 of the Criminal Code are related to breaching the confidentiality of correspondence, telephone conversations, mail, telegraph, and other information and illegal gathering of confidential information of personal and family life which is not relevant to the applicant’s case.

Interestingly the Court concluded that since the hacking was of the activist’s social media account, the information shared there, was public, and thus could not be considered a secret, and that “social network was not a place where information considered “secret” was protected.”

Lawyers appealed these conclusions of the District Court, which were wrong and were a narrow interpretation of the national and international legislation in this field. The lawyer, in the appeal complaint, explained in detail, how the District Court’s misinterpretation of the national legislation contradicted the relevant international law by referring to the respective provision (Article 271.2) of the Criminal Code and article 1 of the Convention “On Cybercrime”.

The lawyer also claimed that the applicant’s information on the social network such as her personal photos, videos, and personal email correspondence were also intercepted and that all this information constituted private information, therefore, the Court’s conclusion was unfounded. The applicant’s appeals were dismissed by the Appeal and Supreme Courts and the applicant submitted a complaint to the European Court of Human Rights.

  • On November 3, 2021, the founders of Toplum TV, an online news platform, said their Facebook page was hacked. Hackers(s) removed several videos, including a discussion with an opposition politician Ali Karimli. The hacker(s) accessed the page through another founder’s Facebook account, deleted videos, and page likes, and changed the name of the page.
  • The Committee of Ministers of the Council of Europe (to which Azerbaijan is a party) mandates that member states comply with the judgments and certain decisions of the European Court of Human Rights. And yet, the court’s decision on Khadija Ismayilova group v. Azerbaijan (Application No. 65286/13) calling on Azerbaijan to duly investigate committed acts, where they [the authorities] failed to do so, and any possible connection and links between crimes committed against journalists and their professional activities, was not complied with.[3]

The cases illustrated here, are by no means exhaustive. These and other examples previously documented by Azerbaijan Internet Watch and elsewhere illustrate that the legal remedies for cyber-attacks and covert surveillance are not effective in practice. In all of the cyber-attack and covert surveillance cases that have been brought before the courts in Azerbaijan, the prosecuting authorities failed to initiate a criminal case and the district courts backed prosecuting authorities’ decisions even in cases where evidence exposed state authorities and/or related persons/entities being behind the attacks.

Conclusions

Our goal in putting together this legal overview was to demonstrate that digital security rights are not protected effectively in Azerbaijan. As we illustrate, violations of digital security rights occur on two levels: cyber-attacks and covert surveillance. Both types of violations are sophisticated and require contemporary preventive and procedural safeguards. However, existing legal remedies are not effective.

Most remedies set out in the legislation have shortcomings: there is no automatic notification system concerning covert surveillance; there is no independent internal review body; lack of rules against prosecutorial discretion; no mechanism in place addressing the conflict of interest between law enforcement and state security bodies; and challenges regarding judicial avenues.

Moreover, on cyber-attack issues the relevant qualified body-the Cyber Security Center-lacks proper legal power to conduct an investigation and is not independent. The issue of independence is important when attacks, as findings of independent digital security rights watchdogs demonstrate, are carried out by state authorities or related entities.

Practical case studies show that despite the scale of cyber-attacks, prosecuting authorities did not initiate even a single criminal case concerning attacks. This creates a culture of impunity regarding violations of digital security rights and has a chilling effect on activists’ right to freedom of expression and other political rights. Similar problems also exist in cases concerning covert surveillance – the lack of progress on Pegasus spyware investigations attests to the prosecuting authorities having no interest in initiating criminal cases.  

Consequently, digital security rights and their human rights protection both in a preventive and procedural manner and negative and positive obligations dimension have profound problems in Azerbaijan. Available domestic legal remedies are not effective both in legislation and practice to tackle the current problems.

[1] Paragraph 1 of article 39 of the Law on Telecommunications states that “operators, providers are obliged to create conditions for conducting search operations, intelligence, and counter-intelligence activities in accordance with the law; to provide telecommunications networks with additional technical means in accordance with the conditions established by the relevant executive authority; to resolve organizational issues; and to keep secret the methods used in conducting these events.” Paragraph 2 of the article states that “The operator, the provider shall be liable for the violation of these requirements in accordance with the law.”

[2] The Decision of the Cabinet of Ministers No. 174 of 7 November 2002 “On additional conditions required for the issuance of special permits (licenses) depending on the nature of the activity”, https://e-qanun.az/framework/946

[3] Case Description: Khadija Ismayilova (App. 65286/13). The shortcomings identified in the Court’s judgment need to be remedied, in particular:

  • to investigate the potential link between the applicant’s professional activity and the receipt of a threatening letter;
  • to properly question an important witness, Mr. N.J., an employee of Baktelekom, who could shed light on the identity of the possible authors of the crime regarding the installment of a hidden camera in the applicant’s flat;
  • to investigate the identity of the person who sent the threatening letter to the applicant from Moscow;
  • to investigate the websites where the intimate videos of the applicant were posted;
  • to investigate the words “SesTV Player” on the video and its potential connection with the Ses newspaper.
    • https://hudoc.exec.coe.int/eng?i=004-52409

religious activist claims his arrest was over his social media posts

Mahir Azimov, 40, is a member of the Muslim Union Movement. Azimov was arrested on drug possession charges according to reporting by Azadliq Radio, Azerbaijan Service for Radio Liberty. But activist claims the accusations are bogus, and that the real reason behind his arrest was his online activism – namely, critical posts on the state of war veterans in Azerbaijan.   

Azimov is just one of several movement members arrested in recent weeks. According to monitoring by Azerbaijan bulletin, another citizen of Azerbaijan, based in Turkey Imran Mammadli was detained and his deportation is expected. Mammadli too was critical of the Azerbaijani state on social media reports Azerbaijan bulletin. 

In his own statement, Azimov said, the day he was arrested and taken to the local police for questioning, he was questioned over his social media posts in which he criticized the authorities over their treatment of Karabakh war veterans. “They [police] showed me these posts. This is why I have been arrested,” said Azimov. 

As a result of the pressure faced during the questioning, Azimov signed a confession letter in which the religious activist claimed indeed he had drugs on him. However, in court, Azimov said the statement was signed under duress. 

A year in review – from online attacks to overall environment of internet censorship in Azerbaijan

The following overview covers some of the prolific trends which illustrate the scope of digital authoritarianism and information controls in Azerbaijan observed and documented in the past year. 

Introduction 

This report covers the online attacks targeting personal information and devices of human rights defenders, activists, and democracy advocates in 2022. The data is collected through media monitoring and information that was made available by targeted individuals who received support and assistance in mitigating the targeting.  

Overall, 2022 has been no different than recent years in terms of online attacks and internet censorship observed in Azerbaijan. Activists, human rights defenders, and democracy advocates received phishing attacks and were summoned to law-enforcement bodies for criticism voiced online where their personal data and devices were often interfered with in the absence of the owner’s consent. 

In some cases, there were reported hacking attempts and installed spyware programs. In January – December 2022, we observed overall 10 such cases.

Hacking and phishing attacks usually targeted the social media and email accounts of targeted community members. These were possible through the interception of SMS messages (set up as 2FA). In fact, SMS interception has been the main practice, leading to the hacking of scores of personal accounts, the paralyzation of social media accounts, the deletion of online posts, and the dissemination of personal information belonging to the targets.

Among some of the prominent cases was political activist Bakhtiyar Hajiyev whose social media accounts were targeted on multiple accounts. Hajiyev was also kidnapped twice in April and August 2022 and he was taken to the law-enforcement bodies. Police gained access to his social media accounts by force and removed posts that were critical of the authorities and state institutions. Hajiyev was arrested on December 9, on bogus charges, and sentenced to 50 days in administrative detention [shortly after his arrest Hajiyev announced he was going on a hunger strike. According to media reports, he stopped the strike on December 29, 2022]. 

Another civil society member, Imran Aliyev was also kidnapped by the Main Department for Combatting Organized Crime where his devices and social media accounts were compromised against his will.

Abulfaz Gurbanli, also an active member of civil society, was phished through an email and WhatsApp messages in February 2022. A file disguised as grant-related information from a known donor organization containing a virus was sent to Gurbanli via his email. On WhatsApp, the activist received a message from someone impersonating herself as a BBC Azerbaijan Service journalist. The targeting resulted in the installation of spyware on his device and the hacking of his social media accounts. 

At the time, Az-Net Watch requested assistance from Qurium media to analyze the link shared in the email and despite the journalist’s assurances, the link did contain a virus. “The mail pointed to a RAR compressed file in Google Drive that once downloaded required a password to be decrypted. The password to decrypt the file was included in the phishing e-mail: bbc. Compressed files that are password protected are common in malware phishing attacks as the files can not be scanned by antivirus,” concluded Qurium in its preliminary report. The further forensic report identified malware written in AutoIT. Once the link (in our case the link to a drive where the alleged journalist left questions for the political activist) was opened, the hacker through the deployed malware installed a persistent backdoor in the system. “The software connects to the domain name smartappsfoursix{.}xyz to download the rest of his software requirements. It downloads gpoupdater.exe and libcurl.dll which look responsible for uploading files to the command and control server. During the execution of the malware several (10) screenshots of the Desktop were uploaded to the server,” read the Qurium analysis.

Meanwhile, after taking over Gurbanli’s Facebook account, the hacker also deleted all of the content on at least seven of the community pages, where Gurbanli was an admin (screenshots below are from just two pages). 

Az-Net Watch previously documented attacks through phishing emails sent to civil society activists last year. At the time, an email impersonating a donor organization was sent to a group of activists encouraging them to apply for a Pegasus Grant. Preliminary forensic results carried out at the time indicated that the malware sent around in this email was similar to a phishing campaign from 2017, that was widely covered and reported by Amnesty International: “The victims and targets identified, as well as the political theme of bait documents, indicate that the campaign is largely targeting human rights activists, journalists, and dissidents. This campaign also aligns with findings by VirtualRoad.org in their report, “News Media Websites Attacked from Governmental Infrastructure in Azerbaijan”, which links some of the same network address blocks with “break-in attempts” and “denial of service attacks” against several independent media websites. “The malware that was observed is not sophisticated and is in some manner extremely crude. However, combined with social engineering attempts and an unprepared public, these tactics can remain effective against many targets.”

In another case, an online media outlet – ToplumTV – social media accounts were hacked by intercepting incoming SMS, set up as a two-step authentication method. This resulted in the removal of countless news posts as well as subscribers to the channel’s social media account. The media outlet was previously targeted in September and November 2021 – in both instances, the social media accounts were hacked by SMS interception.

Feminist activists also witnessed a surge in online phishing attacks and hacking attempts ahead of the International Women’s Day protest scheduled to take place on March 8, 2022. At least three activists received support to ensure online safety during this period. Similar attacks and targeting were documented last year. In addition to compromised accounts, some feminist activists have faced account impersonation. Most recently, activist Narmin Shahmarzade reported to Az-Net Watch, that a fake Instagram account impersonating the activist shared Sharmazade’s photos in the absence of her consent with inappropriate captions. Az-Net Watch is currently working with the platform to remove the fake account. 

Users of social media platforms, who posted critical of the government comments and posts, were also summoned to law- enforcement bodies where they were either forced to hand in their devices and passwords to their social media accounts or to delete their posts that were critical of the government. At least in 5 cases, activists and bloggers faced administrative arrests and interference with their social media accounts for their criticism online and activism. 

One of the most recently documented cases includes a blogger who was called into questioning after sharing a video on Facebook of the traffic police accepting a bribe. The blogger was forced to remove the video after the questioning at the police station. Aziz told Meydan TV that police threatened to keep him less he removed the video. After Aziz told the local media about the pressure from the police, the blogger was called back into the questioning together with his parents. 

In November, prominent lawyer, Elchin Sadigov said the law enforcement refused to return his mobile devices after the lawyer, would not share his passwords. Sadigov was arrested in September 2022 together with an editor of an independent outlet. In an interview with Meydan TV, Sadigov said, he considered demands that he shares his login credentials were a violation of privacy. 

Also in November, a member of D18 political movement, Afiaddin Mammadov, who was arrested on bogus charges and sentenced to 30 days in administrative detention said he was tortured by the local police officers after refusing to share his password to his device.

Other documented instances of social media users targeted over their online criticism this year include: 

In April, Meta released its pilot quarterly Adversarial Threat Report in which the platform said it identified “a hybrid network operated by the Ministry of the Internal Affairs.” According to the document, this network relied on, what Meta refers to as, “Coordinated Inauthentic Behavior [CIB]” in combination with cyber espionage, “compromising accounts and websites to post” on behalf of the Ministry. According to the report, these coordinated online cyberattacks targeted journalists, civil society activists, human rights defenders, and members of opposition parties and movements in Azerbaijan. The ministry’s press office was quick to dismiss the findings, saying the findings were fictitious. 

Azerbaijan was also among countries identified in Pegasus leaks targeting some 80 government critics among one thousand other Azerbaijanis identified in the targeting with Pegasus spyware. 

The attacks and support provided, in the course of the past year, illustrate that no matter how well-prepared political activists and members of civil society are in Azerbaijan, digital security awareness is insufficient in autocratic contexts like Azerbaijan. 

We also observed that existing legal remedies in the country are insufficient to find perpetrators behind such targeting and hold them to account. While in a few instances targeted community members filed official complaints, the investigative authorities showed reluctance in effectively investigating the incidents. 

This year, Az-Net Watch published this detailed report about litigating Pegasus in Azerbaijan in which together with a legal expert we conclude that existing national legislation concerning privacy and surveillance is insufficient, and is left to vague and often overt interpretation in the hands of law enforcement and prosecutor office. As such, Azerbaijan continues to systematically fail in providing effective legal remedies and sound investigations against state-sponsored digital attacks and surveillance. Moreover, despite evidence-based reports of targeted and coordinated cyber attacks against activists, the government thus far has not investigated and/or provided effective legal guarantees. And in all cases filed for investigations, nearly a year later after Pegasus spyware has been identified to be in use, the law enforcement authorities are yet to take formal investigative actions. 

In another report published this year together with a legal expert, Az-Net Watch identified serious gaps in data privacy protection mechanisms in Azerbaijan. Our analysis indicated that the national legislation on personal data protection does not effectively protect individuals against the arbitrary use of their personal data by both public and private entities. The analysis also indicated that the national laws restrict and control personal data with intrusive measures, such as equipping telecom networks with special devices, and real-time access to vast amounts of personal data, in the absence of a criminal investigation or judicial order. 

Conclusion 

These and other instances of digital threats and offline persecution for online activism illustrate that internet freedom in Azerbaijan continues to decline with no signs of abating. For yet another year, Azerbaijan was ranked “not free” in Freedom on the Net 2022 report released by Freedom House. In addition to scores of news websites currently blocked in the country (a practice observed since 2017), the state has also resorted to blocking or throttling access to social media platforms and communication applications in recent years. In September 2022 the state demonstrated its control over the internet by blocking access to TikTok on the grounds the platform was casting a shadow over military activities, revealing military secrets, and forming wrong public opinion. The blocking was carried out amid renewed military tensions between Armenia and Azerbaijan. Other users said they experienced issues accessing WhatsApp, Telegram, and slow internet connectivity speeds. Previously, during the second Karabakh war (in 2020), users in Azerbaijan faced internet restrictions as well. 

Civic activists in Azerbaijan express concern over state control of the internet at a time, when social media platforms, and independent as well as opposition online news sites have become the sole sources of alternative information accessible to the public outside of traditional media. 

The present environment is further exacerbated by the continued crackdown on civic activists as in the case of Bakhtiyar Hajiyev mentioned earlier in the report. In addition, a number of critical bills approved by the parliament this year, demonstrate a profound lack of interest on behalf of the state to ensure basic freedoms including freedom of the media and of association. As of February 2022, a restrictive new media law compels online media outlets to register with the government agency and has imposed a number of other critical requirements and criteria that critics say only serve the purpose of silencing independent journalists and news platforms. 

On December 16, 2022, the parliament also approved a critical bill on political parties, introducing a new set of exhaustive restrictions on political parties. 

As such, Azerbaijani civil society is facing a turbulent year ahead both offline and online in an environment dominated by state control on all forms of dissent leaving many wondering how far the state is willing to go to silence the critics. 

blogger facing pressure over a video shared on Facebook

Azerbaijani blogger Elmar Aziz was called into questioning on December 1 over what the blogger said was a video he shared about the traffic police. According to Turan News Agency, in the video shared by Aziz, traffic police are seen taking bribes from drivers. Aziz shared the video on Facebook.

In an interview with Meydan TV, Aziz said he posted the video of traffic police bribing drivers on Facebook and tagged the head Elshad Hadjiyev – the head of press relations at the Ministry of the Interior. 

The blogger was forced to remove the video after the questioning at the police station. Aziz told Meydan TV that police threatened to keep him less he removed the video. 

After Aziz told the local media about the pressure from the police, the blogger was called back into the questioning together with his parents. 

Speaking to Turan News Agency, the head of press relations at the Ministry of the Interior, Elshad Hadjiyev refuted the blogger’s claim that he was questioned together with his parents by the local police after informing the media that he was forced to remove the video from Facebook. 

former member of the parliament faces criminal charges

Gultekin Hajibeyli, the former member of the parliament told Meydan TV she is facing criminal charges over a comment she left on Facebook. According to Meydan TV reporting, Hajibeyli was held at the airport on her return from a work trip to Brussels and was informed she is facing slander charges. Hajibeyli said she was then taken to the Nasimi district police station after two-hour-long questioning at the airport. 

In an interview with Meydan TV, Hajibeyli said, the complaint was filed by a woman named Leyla Arif. “Imagine that I am facing criminal charges over a comment I posted under a post shared by a user named Leyla Arif on Facebook. That post was later deleted. So I am facing criminal charges over a post that no longer exists.”

Arif then posted an explanation on her Facebook saying she was called a “separatist” by Hajibeyli.