Author: aiw_admin

the trickery behind blocking news websites in Azerbaijan

Posted on by aiw_admin

Azerbaijan started blocking access to independent news websites in 2017 [more on how this blocking has taken place here]. At the time, the state argued the reasons for blocking these websites were, calls aimed at “forcible change of the constitutional order,” “organization of mass riots,” and other illegal activities. In reality, these websites were considered independent and/or platforms affiliated with opposition parties. As a result, the decision to block them was based on legal claims that lacked evidence. This was further reflected in the review process when the decision to block these platforms was implemented. According to EHRAC, “no effective and independent review took place in the first instance decision to block access to the websites in 2017, and in subsequent appeals. The courts simply accepted the authorities’ allegations at face value and made no attempt to adequately consider or explain why the content was unlawful.”

The intentions behind the blocking decision were further reflected in subsequent actions taken by the Government of Azerbaijan against the online platforms. Such that, at the time of the first decision to block these websites for access in 2017, the Azerbaijani Government claimed these websites continued disseminating their content through VPN services or social media platforms and therefore the action taken against them did not cause significant changes to the published content. However, in February 2020, the Ministry of Transportation, Communications and High Technologies “requested the domestic courts to impose a ban on the applicants’ ability to share their content through VPN services and social media platforms.”

In a report published in February 2023, in partnership with OONI, we identified the blocking not only continued but expanded to blocking news websites from other countries as well as social media platforms [OONI measurements collected from Azerbaijan between January 2022 to February 2023]: 

  • Blocking of news media websites. Azerbaijan continues to block access to several independent news media websites. OONI data also suggests that some ISPs in Azerbaijan may have started blocking access to the Guardian on 25th December 2022.
  • Azerbaijan and Russia block each other’s news media. In early June 2022, Azerbaijan started blocking access to Russia’s state-run RIA Novosti media website. Since (at least) 7th June 2022, Russian ISPs have been blocking access to Azerbaijani news media websites (`haqqin.az`, `minval.az`, `oxu.az`, `ru.oxu.az`, `ru.baku.ws`). These blocks remain ongoing.
  • Temporary blocking of TikTok amid border clashes with Armenia. During the September 2022 border clashes, both Azerbaijan and Armenia blocked access to TikTok. While the TikTok block was lifted in Armenia by 21st September 2022 (only lasting about a week), the TikTok block remained in place in Azerbaijan until November 2022 (lasting about 2 months). 
  • Blocking of circumvention tool sites. Azerbaijan continues to block access to numerous circumvention tool websites, potentially limiting the ability to circumvent internet censorship in Azerbaijan. However, most OONI measurements suggest that tested circumvention tools (Tor and Psiphon) appear to be reachable.
  • Variance of censorship across networks. While most ISPs in Azerbaijan appear to adopt similar censorship techniques (as we continued to observe connection timeouts in most anomalous measurements across ASNs), different ISPs block access to different websites over time.

The intentional blocking and total control in the hands of the state in implementing these blocks were once again highlighted in June 2023 when co-rapporteurs from the Parliamentary Assembly of the Council of Europe (PACE), Jan Liddel-Granger and Liz Kristoffersen visited Azerbaijan. According to reporting by Meydan TV, throughout the visit of the co-rapporteurs access to blocked websites was restored. 

In the past, a similar temporary lifting of restrictions was observed in Azerbaijan during visits of international organizations. 

In Azerbaijan an online television channel temporarily suspends its work

Posted on by aiw_admin

An online television channel – Red Line Channel, temporarily suspended its work on May 5. According to the founder of the channel, Samira Gasimli, while the channel took a pause on its work a few months back, as the team was considering restructuring the format of its programs, the work of the team was put on a pause, when the team learned they were being moved from the office where it was located.

In an interview with Meydan TV, Gasimli said the timing of the eviction was surprising. According to Gasimli, the channel was planning to start daily live broadcasts as of May 1. This is when the team received the call from the landlord, who informed them they must vacate the office space as of May 1. 

Previously the team was evicted from a studio.

Gasimli told Meydan TV, the team was not looking for a new office given it was futile. Instead, they were trying to find another way.  

In March, AIW reported on a targeted digital attack against the channel’s social media accounts. 

activist sentenced to 25 days in administrative detention over social media posts

Posted on by aiw_admin

On March 18, civic activist, Elvin Mustafayev (known online as Atilla Khan) was sentenced to 25 days in administrative detention on charges of petty hooliganism and disobeying police in Saatli province of Azerbaijan. According to Mustafayev’s friends, the activist was reprimanded for his critical-of-the-authorities comments and posts on Facebook. Since mid-March, residents of Saatli have been protesting water shortage.

Mustafayev lives in Saatli himself and he wrote about the protest and police violence he witnessed. Shortly after he was called in for questioning and arrested on the spot on bogus allegations. According to reports, riot police used rubber bullets and tear gas against local residents who took the streets to voice their grievances.

Local opposition parties recognized Mustafayev’s detention as politically motivated

News platform’s Facebook page hacked, year worth of content deleted

Posted on by aiw_admin

An online news platform in Azerbaijan, had its Facebook page hacked by unknown hackers. The incident was reported by the editor-in-chief Samira Gasimli via a Facebook post.

Translation: “Dear RLC followers, For the past two months we have been working on new shows and formats. We are getting ready to release new, more interesting, and different formats. If you have noticed, we have stopped sharing shows on our channel as a result. Despite the inactive channel, a few days ago, RLC’s Facebook page was hacked and all of the content shared in the past year was deleted, its format was changed, and so was the profile picture. We have experienced previous interventions to our Facebook page admin panel but we were able to mitigate the risk. We have reached out to Facebook in the meantime, requesting to reinstate all of the content that was deleted. The editor in chief of RLC, Samira Gasimli.”

The user who was able to hack the account – Jn Alaza – has a Facebook profile and a list of 40+ friends some of whom appear to be fake. There is no further information available. The profile photo did not lead to any results when running a reverse image search.  

The news platform’s admins are trying to recover the deleted content but as previous experience has shown, Facebook has never (at least in the case of Azerbaijan) helped with content recovery.  

blogger accused of disobeying police

Posted on by aiw_admin

Nurlan Jafarli, an Azerbaijani blogger was sentenced to 15 days in administrative detention for disobeying police and petty hooliganism according to reporting by MeydanTV. 

Jafarli was arrested during a protest outside the Ministry of Justice on March 30. According to the reports, Jafarli, who was among the journalists covering the protest, shared via his Facebook an inquiry addressed to the Ministry of the Interior and the spokesperson for the ministry. In the post shared on the social media platform, Jafarli wrote about police violence the blogger was subject to while filming the protest for an online YouTube channel, Time TV, and that as a result, his phone was broken. “The officer you see in the video first hit me, then knocked me to the ground. As a result, I dropped my phone and cracked the screen […] I personally promise in front public that either the police officer will contact me and fix my phone himself, or I will be arrested on the grounds of using violence against a police officer.”

Jafarli, freelances for various online television channels. 

The Ministry of the Interior alleged Jafarli was arrested for interrupting police and acting outside journalism ethics.

state sponsored harassment and targeting in Azerbaijan is very much alive and kicking – a year in review

Posted on by aiw_admin

Azerbaijan Internet Watch was launched around the time when more evidence kept emerging, on the use of authoritarian technology in Azerbaijan. This technology allowed the perpetrator(s) (in most cases identified as an institution or individual affiliated with the government of Azerbaijan] to target Azerbaijan’s civil society. These revelations marked a significant shift in the way the authorities were persecuting its critics. In addition to offline measures – physical intimidation through kidnapping, arrests, detentions, questioning; bogus trials, and lengthy jail times; and adoption of restrictive new laws limiting the ability of civil society to work –  there were new tools at the state’s disposal that could now deliver phishing attacks, DDoS attacks, targeted harassment, mass fake reporting on social media platforms,  hacking of personal as well as public social media accounts and emails, leaking unlawfully obtained data, online blackmail, the use of trolls and bots, and more. In none of these documented cases, it was possible to hold the state or its institutions, or the actors to account. Dismissals have been a common response. 

“By using its monopoly over the country’s information-technology infrastructure, it has disrupted internet access, placed temporary bans on social media services like TikTok, launched DDoS attacks, and used various digital-surveillance tools, including the Israeli spyware Pegasus, to target and censor activists and journalists. The democracy watchdog Freedom House now considers the internet in Azerbaijan “not free”.” Facebook is Failing Journalists, November 22, 2022, By Arzu Geybulla, for Project Syndicate

State-sponsored surveillance

In 2014, an OCCRP investigation revealed how mobile operators were directly passing on information about their users to the respective government authorities. Last year, AIW looked into the protection of personal data mechanisms that exist in the country. The research and legal analysis indicated that “the national legislation on personal data protection does not effectively protect individuals against the arbitrary use of their personal data by both public and private entities.” In addition, the analysis showed “that the national laws restrict and control personal data with intrusive measures, such as equipping telecom networks with special devices, and real-time access to vast amounts of personal data, in the absence of a criminal investigation or judicial order. As such, the absence of clear and enforceable regulations to protect personal data against arbitrariness and flawed systems due to negligence puts personal data at a higher risk of infringements.” Additional findings included the following information confirming OCCRP’s revelations in 2014:

The Presidential Decree No. 507 dated June 19, 2001 (IV) “On the division of powers of search operations’ entities while carrying out search operations,” ensures that the Ministry of Internal Affairs and the State Security Service can autonomously connect to the communication networks of telecom operators. That being said, the presidential order regulating the conduct of this kind of search and operation activity in the telecom industry dated February 15, 2017, is not public.

The above-mentioned legal environment makes subscribers’ personal data accessible to the law-enforcement authorities given that all collected user personal data is accumulated in the database established together with the law enforcement authorities or is equipped with the technical means allowing law-enforcement authorities access users’ personal information. Also, according to Article 11 (IV) of the Law on Operation and Search Activities, the decision of the court (judge) or investigative body or the authorized subject of operative search activity on the implementation of operation-search measures can be accepted not only when there is an initiated criminal case but also in a wide range of circumstances.  

In another report released in 2021, AIW identified the following loopholes grating the state further access to the personal information of citizens:

The Law on Telecommunication obligates network operators to install special equipment, provided by the State Security Service, Ministry of Internal Affairs, and Special State Protection Service onto the telecommunication networks enabling the Government to extract (intercept) data on anyone regardless of whether that person(s) is part of an investigation process or not.

The installment of special equipment within communication networks is regulated by the “Rules for equipping telecommunications operators and providers with additional technical means for conducting search operations, reconnaissance and counter-intelligence activities” issued by the Ministry of Transport, Communications, and High Technologies on  June 14, 2016. The Rule obligates telecommunication operators and providers to create technical conditions for the conduct of relevant activities within the communication networks.

The Rule defines that Telecommunication Control System (hereinafter – TCS) – is special hardware and software that provides confidential control over the exchange of information of subjects targeted by the relevant measures (such as search and operation, intelligence, and counterintelligence activities), as well as all statistical data of the network. TNS consists of data extraction facilities, transport networks, and control centers.

The Rule also indicates that relevant measures in the communication networks are carried out in accordance with the requirements of the laws of the Republic of Azerbaijan “On Operation-Search Activity” and “On Intelligence and Counterintelligence Activity”.

However, while the Law on Operation-Search Activity may allow secret surveillance and seizure of private information, there are no rules or procedures within the national legislation for secret surveillance and intercepting information by government agencies. There are also no clearly defined rules on determining the grounds for such surveillance and interception activities, their duration, and whether such activities can be stopped by a court or other higher state authority.

The above legal and investigative findings may explain how in 2012, during the Internet Governance Forum held in Baku, Neelie Kroes’s [who at the time, was the Vice-President of the European Commission responsible for the Digital Agenda for Europe] advisors had their computers hacked. At the time, Ali Hasanov, who was serving as head of the Azerbaijani Presidential Administration Social and Political Department said, “there was no such interference, and couldn’t have been.” Hasanov was “one of the key figures defining the government’s policies regarding media, freedom of speech, and political liberties,” according to an OCCRP investigation into Hasanov and his family’s media business. At home, Hasanov was also known as the “King of trolls.” And although he denied his passion for trolls, even at the time when he was leaving his office in January 2020, as it turned out, Hasanov was a troll factory supplier. In September 2021, AIW published this story revealing how the government of Azerbaijan did indeed operate its own troll factory:

Ever since the 2013 revelations about Russia’s troll factory, many in Azerbaijan wondered whether the country’s leadership too operated its very own troll factory. Unlike its Russian version, known as the Internet Research Agency, there was only anecdotal evidence of whether this was really the case in Azerbaijan. There were no former “factory” employees who came forward or undercover journalists who temporarily worked there and exposed the work carried out later. Not until this month anyway. An investigation against the executive director of the State Media Support Fund Vugar Safarli now reveals that the suspicions were valid after all. And that upon specific instructions a group of “bloggers” were responsible for monitoring Facebook and leaving comments under posts that were critical of the government or relevant government institutions.

The investigation is part of a criminal case launched against Vugar Safarli who until recently headed the State Fund for Media Development in Azerbaijan. Safarli was arrested in 2020 on charges of money laundering (allegedly 20million AZN) and abuse of authority. 

On September 2, Azerbaijan Service for Radio Free Europe, Azadliq Radio published parts of the testimony by Safarli where the former government official implicates not only that the government did indeed deploy trolls but that several high ranking officials including then Presidential advisor Ali Hasanov and former head of the Presidential Administration Ramiz Mehdiyev were well aware of this. Moreover, the building from where trolls operated belonged to Hasanov himself. 

“Ali Hasanov told me that the new rented space, will have internet bloggers who will work from there. And indeed there were a few, who sat there, working unofficially,” Safarli reportedly said in his statement according to Azadliq Radio reporting. 

Predating 2014 revelations, are a series of examples that were documented in this report showing how state-sponsored surveillance was used as early as 2008, albeit at the time, using less sophisticated technology such as black boxes and wiretaps.   

In the years that followed, the state-sponsored surveillance got worse as has been documented either here or by other platforms. The culmination was the use of Pegasus and targeted harassment of civil society activists online through the dissemination of their personal data obtained through hacking of their devices as well as social media accounts. 

As AIW described in this report:

Members of opposition political parties, independent journalists, political and human rights activists have long faced systematic pressure and persecution orchestrated by the government of Azerbaijan. The unprecedented crackdown against civil society that began in 2013, marked a new chapter, in the history of Azerbaijan’s civil society. One, marred by arrests and prosecution of high-profile activists, rights defenders, and journalists.

This systematic pressure and harassment were not only offline. It was only a matter of time, that the internet too would become a place to target activists, journalists, and human rights defenders, holding them accountable for their online criticisms on bogus accusations that often ended with lengthy jail sentences, forced apologies on public televisions (see The State of Internet Freedom in Azerbaijan report), detentions and further forms of persecution.

In a country where almost all avenues for freedom of expression and activism were eliminated, the internet, specifically online media platforms, and social media networks became new targets. To monitor discussions online, prevent citizens from accessing independent news online, or social media platforms, and to further curb freedoms online, the government of Azerbaijan embarked on a shopping spree, becoming a client of companies selling sophisticated surveillance equipment and technology.

By 2021, the government of Azerbaijan has successfully deployed a Remote Control System (RCS), Deep Packet Inspection (DPI), phishing, and spear-phishing attacks often with homegrown malware. The most recent addition to a wide variety of authoritarian technology deployed in Azerbaijan is Pegasus spyware.

The Law on Operation-Search Activity overseas phone tapping and information extraction from communication channels. Further, the third section of article 10 of the Law on Operation-Search Activity does not require a judicial act or supervision of higher authority while wiretapping and extracting information from technical communication channels unless there is a need to install technical devices such as voice, video, or photo recorders at the place of residence of the individuals.  

In other words, anyone in Azerbaijan can be subject to such a form of oversight.

In Azerbaijan, “anyone” is often, a representative of Azerbaijan’s civil society. This includes political activists, rights defenders, journalists, members of opposition political parties and movements, and feminists, to name a few. As AIW documented in its February 2023 report: 

2022 has been no different than recent years in terms of online attacks and internet censorship in Azerbaijan. Human rights defenders, activists, politicians, and media professionals in Azerbaijan are increasingly becoming victims of cybercrimes, including electronic surveillance, privacy infringement, and cyberstalking, due to their independent and legitimate professional activities. The online targeting of individuals critical of the government has become increasingly frequent and constant. And yet neither of these cases has been effectively investigated, and the perpetrators have not been identified.

Despite the active use of the criminal and administrative offenses legislation, including other technical resources to limit freedom of expression on the internet [including the blocking of key opposition and independent news websites, summoning and punishing individuals for critical opinions distributed online], the state systematically fails to provide effective investigation on the complaints of the individuals subject to unlawful covert surveillance (Pegasus), cyber-attacks, online blackmailing and hacking attempts against activists and media professionals. In most cases, reveal that online harassment against government critics is organized by the government or government-linked institutions.

In April 2022 report, Meta reported that it removed a hybrid network operated by the Ministry of Internal Affairs of Azerbaijan that combined cyber espionage with Coordinated Inauthentic Behavior (CIB) to target civil society in Azerbaijan by compromising accounts and websites to post on their behalf.

There has been a shift however in the use of technology. Based on the monitoring of cases documented by AIW, one scenario indicates that as a result of several forensic exposes tracking the source of phishing attacks and the use of other pervasive surveillance tools to the state, the latter now relies on targeting critics through online harassment and online targeting campaigns in order to damage and/or discredit their reputation. That and the use of restrictive new laws makes silencing dissent less reliant on technology. That being said, there are still cases of phishing attacks as was the case with activist Abulfaz Gurbanli, who was phished through an email and WhatsApp messages in February 2022. A file disguised as grant-related information from a known donor organization containing a virus was sent to Gurbanli via his email. On WhatsApp, the activist received a message from someone impersonating herself as a BBC Azerbaijan Service journalist. The targeting resulted in the installation of spyware on his device and the hacking of his social media accounts. At the time, AIW requested assistance from Qurium media to analyze the link shared in the email and despite the journalist’s assurances, the link did contain a virus. “The mail pointed to a RAR compressed file in Google Drive that once downloaded required a password to be decrypted. The password to decrypt the file was included in the phishing e-mail: bbc. Compressed files that are password protected are common in malware phishing attacks as the files can not be scanned by antivirus,” concluded Qurium in its preliminary report. The further forensic report identified malware written in AutoIT. Once the link (in our case the link to a drive where the alleged journalist left questions for the political activist) was opened, the hacker through the deployed malware installed a persistent backdoor in the system. “The software connects to the domain name smartappsfoursix{.}xyz to download the rest of his software requirements. It downloads gpoupdater.exe and libcurl.dll which look responsible for uploading files to the command and control server. During the execution of the malware several (10) screenshots of the Desktop were uploaded to the server,” read the Qurium analysis.

Targeted harassment: the case of Bakhtiyar Hajiyev

The most recent case of state-sponsored digital targeting is of political activist Bakhtiyar Hajiyev. Hajiyev was arrested in December 2022, shortly after his return to Azerbaijan from a trip abroad. Charged with hooliganism and contempt of court, the activist was then sentenced to 50 days in pretrial detention. That time however was extended twice, most recently until April 2023. Prior to his arrest, Hajiyev often criticized the Ministry of Internal Affairs over its targeted harassment. He was then abducted by unknown men and during his time in captivity was forced to delete his social media posts critical of the ministry. The investigations into Hajiyev’s kidnapping have not been conducted and up to this day, it remains unclear who were Hajiyev’s kidnappers. Throughout the past few years, Hajiyev was also the target of an online blackmail campaign. Three years ago, Hajiyev said there were multiple attempts to break into his social media and email accounts. 

At the end of December 2022, while Hajiyev was already behind bars, some anonymous social media accounts shared private correspondence between Hajiyev and Vusala Mahirgizi, an editor. The leaked conversations alleged Hajiyev was a marionette of one of the clans [in reference to various clans in key government positions in Azerbaijan]. Hajiyev published a statement in which the activist said, the leaked correspondence was a violation of his privacy, given it was obtained through hacking of his personal accounts and that the allegations of him being a marionette, were false.

It is worth noting that this correspondence was leaked during calls for the activist’s release. The leak was largely viewed as an attempt to turn the activist into a scapegoat and weaken the advocacy campaign calling for his release.

Since February 22, 2023, however, Hajiyev has been the target of another blackmail campaign. At least six different Telegram channels have been disseminating conversations between Hajiyev and various women:

Identified Telegram channels:

  • https://t.me/bextiyarhaciyev18

  • https://t.me/baxtiyarifsa

  • https://t.me/+SzloVHfBVkg1YjEy

  • https://t.me/BextiyarinIfsasi

  • https://t.me/BextiyarinIfsasi

  • https://t.me/+DiENXqq3ed4zMzcy

Similar information was leaked by fake Facebook accounts. The leaked correspondence also contained sexually explicit photos of women appearing with Hajiyev. The online targeting of women with their faces publicly disclosed in these groups has led to at least two women being forced to leave their homes and go into hiding from their families, fearing reprisals for ‘immorality’ from their families.

Although there is proof that some of the shared correspondence was photoshopped the targeting has tarnished Hajiyev’s public image and placed the lives of women in the photos in danger. 

The anonymous admins of these chats have also published the names of other activists, threatening to leak their conversations with Hajiyev as well. Some of these activists are advocates calling for Hajiyev’s release. 

The Ministry of Internal Affairs refuted the claims that it may have been behind the leaked information. However, according to Hajiyev’s lawyers, Hajiyev arrived at the Baku General Police Department in his car and left his phone in the car. The car stayed there for three days and it is likely his phone was compromised during this period.

In October of last year, this story explained how Telegram is being used in Azerbaijan. “In Azerbaijan, the app has become a nexus for hate speech, propaganda, and the repression of dissent. In March 2021, multiple Telegram groups were identified in Azerbaijan sharing sex tapes and nude photographs of women. Among the victims were journalists, civic activists, and female family members of exiled political activists as well as ordinary women. The groups and pictures were reported to Telegram, but it took weeks before they were taken down. The damage to the women targeted was done. The channels shared sensitive videos of journalist Fatima Movlamli, the sister of exiled dissident blogger Mahammad Mirzali, civic activist Narmin Shahmarzade and Gunel Hasanli, daughter of opposition party leader Jamil Hasanli.”

Activists in Azerbaijan also pointed out that it is not Hajiyev’s reputation that is placed on the line with this blackmail campaign, but the women too, whose photographs are shared in the absence of their consent. Last year BBC published this investigation about the use of the platform in targeting women specifically “to harass, shame and blackmail them on a massive scale.” Gulnara Mehdiyeva, a feminist activist who has been targeted herself in the past, said in a Facebook post on February 28, “Terrible things are happening in the country. The government, which is responsible for protecting the safety of citizens, deliberately and knowingly wants to make those women victims of suicide or murder.” Two years ago, Mehdiyeva was targeted in a video shared via Facebook, containing a series of leaked private audio messages, that were extracted from Mehdiyeva’s social media accounts and emails. In a February 28 Facebook post, Mehdiyeva also wrote that not only faces of these women were not blurred but the perpetrators of the blackmail campaign also shared the names of the women and at least in one correspondence leaked, the home address of one woman. One of the women whose identity has been exposed in this campaign, was Tunay Aliyeva, an actress and model who said this blackmail campaign was a “cybercrime and invasion of people’s privacy.” In a letter addressed to the First Lady and the First Vice President Mehriban Aliyev, the actress asked that the First Lady personally stepped in, as a woman and a mother herself, in order to put an end to this “abomination.”

No-war activists and feminist activists

AIW has documented how activists who openly criticized the second Karabakh war were targeted by state-sponsored harassment before:

From public Facebook posts and pages targeting the activists, with threats of violence and physical harm, calls for public shaming and punishment, to questioning at Security Services, this has no doubt been one of the harshest, collective, online public harassment campaigns observed until now in Azerbaijan.

In a recent piece published by Lossi 36, Thijs Korsten and Viktoria Kobzeva also wrote:

Following the two-day war and increased public disapproval of Azerbaijan’s actions towards Armenia, government-linked media accounts launched a social media campaign. The photos and names of individuals who condemned the government’s aggression were circulated with the hashtag “Recognise the Traitor” on Facebook and Twitter. The people who were singled out are not marginal anti-war activists but rather prominent opposition figures, who the government sees as a greater threat.

The use of Telegram for the purpose of targeting and harassment has been in use not only in the case of Hajiyev. Previously AIW documented how the platform was used to target feminist activists too:

In recent days, at least three telegram channels were reported for sharing profane content targeting women in Azerbaijan. One channel called “Wretched men club” shared sensitive videos of journalist Fatima Movlamli, and exiled dissident blogger Mahammad Mirzali’s sister. Another group called “Expose bad-mannered girls” has targeted other women activists. A third one, targeted specifically one woman whose Facebook account was hacked shortly after the International Women’s Day march in Baku. 

In the past, other women journalists and activists were targeted in an online harassment campaign. 

Activist Gulnara Mehdiyeva was targeted with a video shared on Facebook, containing a series of leaked private audio messages, that were stolen when Mehdiyeva’s social media accounts and emails were hacked last year

Activist Narmin Shahmarzade’s Facebook profile was hacked, her name changed alluding to her interference with people’s private lives. The hackers flooded her Facebook feed with private messages, some of which were fake, and shared nude photographs of her, including at least one edited photo and audio. Several hours later, a Telegram channel was set up, sharing Shahmarzade’s intimate photos. In an interview with VoA Azerbaijan service, Shahmarzade said, “When my account was hacked, video footage and other posts with criticism of the ruling government were deleted. Then, my personal messages on Facebook messenger were compromised. Some of them were shared after being edited and taken out of context. My personal phone number was exposed and as a result, I received numerous calls and messages of threatening nature.” Shahmarzade said, she has informed the Ministry of the Interior and the State Security Services and describes what happened to her, a crime and that she will be going to court. Shahmarzade also pointed out to AIW that the hacker who compromised her Facebook profile is likely the same person or member of the same group that targeted activist Gulnara Mehdiyeva last year because at least one of the audio that was shared via Shahmarzade’s hacked Facebook account targeting her, does not even belong to the activist and that she never had access to. Contrary, it was among material hijacked from Gulnara Mehdiyeva. 

Among the women targeted, is also dissident blogger Mahammad Mirzali’s sister. Mirzali told AIW that the intimate video of his sister was leaked to harm him. “On February 15 my family members and I received several messages from a US number threatening me to stop my work. Otherwise, they told me they would release the videos of my sister. They told me they were not joking. They leaked the video on March 5. Later they shared the video on telegram channels. The same video was also sent to our relatives,” explained Mirzali. Mirzali suspects the authorities are behind this nasty campaign against his family. On March 14, Mirzali was reportedly stabbed by a group of unknown men. Mirzali is currently at the hospital. 

In September 2020, activist Rustam Ismayilbeyli was intimidated by someone who presented himself as an employee of state security that unless Ismayilbeyli did not stop his activism, intimate pictures of his girlfriend would be leaked online. 

In 2019, journalist Sevinc Osmangizi was the target of a smear campaign that accused her of being a double agent and working as a spy selling government secrets. 

The same year, journalist Fatima Movlamli was targeted with a fake Facebook page created under her name, sharing intimate photos and videos of her in her bed.

In all of the incidents, the targets voiced their suspicion of the government involvement behind these attacks. No responsibility was taken.

Last year, feminist activist Sanay Yaghmur was targeted in a social media blackmail campaign. The perpetrators shared personal information about the activist which they obtained by hacking her email account. 

The practices of digital authoritarianism widely used in Azerbaijan also extend beyond its borders. Last year, Ahmad Mammadli, the leader of a political movement D-18, reported that local authorities intercepted a letter of acceptance to a Master’s program from a university in Turkey. The authorities accused Mammadli of forging the letter. 

This is not an exhaustive investigation and documentation by all means. But AIW will continue to document and monitor the situation and work with partners to keep exposing the use of information controls in Azerbaijan. 

The State of Internet Freedom in Azerbaijan – 2022 legal overview

Posted on by aiw_admin

In this final installment of legal analysis, we offer an overview of some of the key developments covered over the last year with relevant updates within what is seemingly becoming a restrictive internet freedom environment.

Summary

From gradually declining space for online media, the visible pattern of offline persecution for online speech, to the lack of protection mechanisms against personal data infringements, and the ineffectiveness of legal remedies against targeted cyber-attacks and harassment,  the research and documentation carried out by Azerbaijan Internet Watch throughout 2022, has shown that over the past year, there has been a significant negative impact, on internet freedoms.

It’s been especially tough for independent media practitioners who are facing the potential prospects of fines, complete closures, and further measures of control and intimidation. The signs of the deteriorating situation were already sown in January 2021 when the government of Azerbaijan announced the establishment of a new media body – the Media Development Agency [MEDIA] and the drafting of a new Media Law. This law which was passed in December 2021, effectively authorized the MEDIA to impose a number of restrictions on media subjects, including a requirement for mandatory registration of journalists with the authorities. As a result, the Law on Media further consolidated the state control over independent and online media.

Over the course of the past year, the general prosecutor’s office continued to persecute online speech by excessively relying on the Law on Information, Informatization, and Protection of Information combined with existing national legislation empowering the Prosecutor’s Office to take measures where it deems necessary. As a result, as documented in this but also prior reports, there have been numerous cases of social media users and media professionals facing fines, and other arbitrary punishments for exercising their right to freedom of speech, all on vaguely defined legal grounds.   

AIW also identified that the government of Azerbaijan continuously failed to protect personal data effectively, either as a result of outdated laws, lack of technical capacity, or political will to address the issue. This is evident in numerous examples of hacked databases over the decade, where obtained personal data was shared or transferred to third parties, without consent, leaving countless users vulnerable. To make matters worse, the unlimited access by law enforcement and special service agencies to users’ personal data, leaves users at risk not to mention, the absence of privacy protection. The research carried out by AIW also showed there are no proper safeguard mechanisms against the abuse of personal data especially when this information is sold for commercial purposes, with subscribers left deprived of their right to know where their data is sent or sold.

Meanwhile, law enforcement authorities failed to offer an effective response to addressing complaints requesting a criminal investigation into the personal data infringements despite there being ample evidence proving that the personal data in question was indeed obtained through stolen or hacked accounts and later unlawfully distributed online.  

The Pegasus litigations, including the targeted cyber-attacks on social media accounts of media professionals and activists, have also proved ineffective as a result of significant flaws and delays in the investigation process. The domestic litigations regarding the use of surveillance software (Pegasus) led to legal applications to the European Court of Human Rights (ECHR), exposing ill-intended practices of state secret surveillance agencies and inadequate national legislation, which has failed to ensure the protection of the rights of all users of telecommunication services as guaranteed by the Convention and the national laws.

Above mentioned domestic litigations also exposed the lack of adequate protective measures for privacy rights, especially in cases of covert surveillance and state-sponsored cyberattacks. Judicial remedies in place have been insufficient, and the existing civil and administrative avenues, require a heavy burden of proof on claimants.

As such, the European Court of Human Rights (ECtHR) remains the most effective international avenue for legal remedies against violations of internet freedoms in Azerbaijan, despite the systematic delays in executing ECtHR judgments. The legal overview carried out throughout the past year indicates that bringing more applications before international tribunals, including the ECtHR and the Human Rights Committee, is essential for protecting privacy rights and countering violations.

Meanwhile, the government of Azerbaijan must adopt effective legal remedies and procedural safeguards against unlawful access to personal data and covert surveillance.

Restricting the Media: Implications for Online Media. Post-March 2022 developments  

Online media in Azerbaijan faces significant challenges with respect to freedom of expression and internet freedoms. There are a growing number of restrictive laws regulating the internet and online content. In addition, the government of Azerbaijan systematically blocks websites, throttles internet connectivity, and carries out cyberattacks and surveillance on human rights and political activists, independent media outlets, and their staff.

On March 24, 2022, Azerbaijan Internet Watch, in its comprehensive legal opinion “New Media Law: implications for online media/journalism in Azerbaijan”, highlighted the adverse implications of the new Media law specifically for on online media and journalistic activities online in Azerbaijan.

On February 8, 2022, the president of Azerbaijan, Ilham Aliyev approved the new Media Law. The law was adopted by Parliament on December 30, 2021. It was heavily criticized by local and international rights organizations who made repeated calls on the government to refrain from adopting the new Law given its restrictive nature. Critics of the draft law worried the new legal document would seriously threaten media freedom, including online media, as it contained provisions granting discretionary powers to the state authorities, including excessive media regulation, especially of online media platforms, as well as further restrictions on the work of practicing journalists, media companies, and relevant entities. Critics were also vocal about the absence of a broad and meaningful public consultation of the law prior to its adoption. The government of Azerbaijan strongly rejected any criticism.

And yet, AIW’s legal analysis, illustrated how the new law empowered media regulatory authorities to issue sanctions, further consolidating government control over the online media environment and journalistic activity, and imposing numerous requirements and regulations on audiovisual media, print media, online media subjects, news agencies, and journalist activities in Azerbaijan. The main concerns included the poorly worded definitions, excessive requirements, and restrictions for online media content, including registration requirements within the newly set up Media Registry for online media subjects, their staff, and freelance journalists working for online media.

The Media environment was already marred with violations and censorship in Azerbaijan prior to the adoption of the law. Numerous news websites were blocked while media practitioners affiliated with independent or opposition media platforms faced persecution and widespread intimidation. The most recent World Press Freedom Index by Reporters Without Borders ranked Azerbaijan 167th out of 180 countries in 2022.

Unlike previous media regulations implemented before 2009 which were mostly indirect restrictions and failed to meet satisfactory international human rights standards, laws that were adopted, amended, or implemented in the following years focused on more formal-legal measures. The new Media Law was the culmination of these measures.

Pre-2009 restrictions mainly consisted of de facto limitations (such as the imprisonment of journalists on bogus charges that were often unrelated to the media legislation) and financial “support” (one-time financial assistance packages, individual scholarships, various orders, medals, free housing after 2011).

Ahead of its adoption in the parliament, the new Media Law was drafted behind closed doors, without public discussions. Even after the draft law was revealed to the public, recommendations and proposals offered by media experts were not taken into account. Several international human rights organizations criticized the new Media Law and urged the Government not to enact the Law.

Among some of the problematic areas of the law are:

*Article 14:

This specific article and its paragraphs require that information published and (or) disseminated in the media (including online media) must meet at least 14 requirements. The law also requires that content published by media outlets should meet the requirements of the Law on Protection of Children from Harmful Information and the Law on Information, Informatization, and Protection of Information which provides an exhaustive list of requirements criticized for vagueness.

*Article 60:

Article 60 paragraph 5, requires online media to publish at least 20 articles per day to qualify as an online media platform.

This is the first time a law defines what constitutes online media. But the rationale behind these measures is unclear. The article does not mention for instance, how newsrooms with smaller teams are meant to produce twenty articles per day. Independent journalists who have voiced concern over this specific article say, this creates an environment of news pollution with platforms focused on producing poorer stories aimed at simply meeting the imposed quota.

It also requires that online media outlets disclose their organizational information on their respective websites;

It also requires online media to register with the tax authorities, identify and appoint a person responsible for editorial;

*Article 62:

Article 62.1 reads that permission from state bodies is not required for setting up online media. But Article 62.2 requires that an online media entity must apply to the relevant executive authority (Media Registry) 7 days prior to the publication or dissemination of the relevant media material.  In other words, while there is no need to apply for creating an online media platform, there is a requirement to apply for a permit once the online resource becomes operational and starts publishing.

Article 62.4 requires an additional opinion issued by the State Committee for Work with Religious Organizations before an online media focusing on religion and religious content is set up.

*Article 74 and Media Registry

The Media Registry system became operational in October 2022. The “rules for maintaining a media registry” — are a set of regulations determining the requirements and procedures journalists must meet in order to be eligible for inclusion as well as exclusion.

The Media Registry itself is an electronic information resource managed by the Media Development Agency, which is managed by the Supervisory Board consisting of a Chairman and 6 (six) members appointed by the President of the Republic of Azerbaijan.

Article 74.2 reads that in order for journalists to be included in the registry they must prove a degree in higher education as well as a number of other merit-based criteria.

Article 74.2.5 requires that journalists obtain and provide an employment contract with a media entity which must be registered with the Media Registry.

*Article 78

According to Article 78.3 of the Media Law (transitive provisions) both print and online media shall apply to the Media Agency within six months after the media registry is established. If an application for a media platform’s registration is denied, then the applicant is not considered a legal entity. Since journalists cannot be “legal entities,” it is unclear what happens to journalists whose registration is denied. 

There is no option to opt out from the registry as it is mandatory as per Article 78.3 of the Media Law.

Already, 200 media outlets and 180 journalists applied to the media registry according to the statement by the Media Agency. The Agency claims that approximately 160 media outlets were registered already. Independent media watchdogs, say around 40 media outlets were denied registration.

On January 12, 2023, the Executive Director of the Media Development Agency, Ahmed Ismayilov said, “media entities have six months to register, those who fail to do so, will be taken to court by the agency. It will be up to the court to decide whether to continue their activities or not.”

Following this statement, a group of independent and opposition journalists and media platforms have come together under a campaign “We do not want a licensed media.” They have been organizing round table discussions both online and offline calling on the government to cancel the registry and reform the bill on Media. In January, the group also issued a statement in which signatories claimed, “the new law will have very serious negative effects on the freedom of the media and journalists, and on their freedom of movement and activity.”  The signatories of the statement also said, the law was unconstitutional and was against the European Convention on Human Rights. As such, they intend to apply to the Constitutional Court and continue onwards with the European Court of Human Rights.

The campaign led to Ismayilov’s backing from previously made statements about court proceedings. Instead, Ismayilov reportedly said, the registration was on a voluntary basis. However, it remains to be seen whether this claim holds true.

Even some pro-governmental journalists criticized the media registry based on rigid regulation and arbitrary application.

Several media organizations challenged the application to the media registry in domestic courts. Among them is 24saat.org LLC (an online media outlet), which has submitted a claim against Media Agency. The news site, was one of the first news platforms denied registration on the grounds its content was not sustainable (referring to the requirement of publishing a minimum of 20 news items on daily basis). The site raised the issues of the illegality of that decision, and its incompatibility with the Constitution and international agreements, asking instead that the agency registers the site and recognizes the violation of the right to freedom of expression. On  January 9, 2023, the Baku Administrative Court held a preparatory hearing on the claim of 24saat.org LLC against the Media Agency. The court case continues.

The increased role of law enforcement & abuse of power in prosecuting online speech: post-May 2022 developments

There are two legislative acts that regulate internet freedom: 

In addition, the Code of Administrative Offences (Articles 388 and 388-1) determines administrative offenses for violations of the above-mentioned laws (the punishment includes fines and administrative detention).

Some Articles of the Criminal Code may be applied to the violations of the above-mentioned laws (such as Article 283 – incitement to hatred and enmity). As well as, the Law on Prosecutur’s Office which allows the respective prosecutor’s offices to issue warning to persons who might breach the law, inter alia, with their statements (Article 22).

The parliament amended the Law on Information, Informatization, and Protection of Information in December 2021 broadening the responsibility of the website owners – previously owner was obligated to remove content, but as per recent amendments he/she must also block access to relevant content (article). 

In general, both laws mentioned above can be described as online content regulation. Article 13.2 of the Law on Information and Article 14 of the Media Law regulate prohibited content and website owners as well as online media outlets must comply with these regulations. Otherwise, they would be subjected to blocking, suspension, administrative punishment, or warnings. Both legislative pieces prescribe a list of prohibited information. These lists are not exhaustive and very extensive. Moreover, the language of these lists is vague and open to arbitrary interference. 

In recent months, the Office of General Prosecutor (OGP) embarked on a spree, of resorting to official warnings and legislation on administrative offenses against online media. The Law on Prosecutor’s Office authorizes the OGP and subordinate prosecutor’s offices to issue official warnings. Also, the Code of Administrative Offenses (Article 54.2) gives unlimited power to the Prosecutor’s office to initiate administrative offense cases for any other case envisaged in the Code. Thus, the prosecutor’s office has the authority to take measures of responsibility and deterrence against the dissemination of prohibited information on the Internet under the existing legislation on administrative offenses and the law of the prosecutor’s office.

AIW’s legal analysis titled “Who regulates content online in Azerbaijan. Legal analysis,” published in May 2022, shared the increased pattern of prosecuting authorities’ inclination to intervene and persecute online media speech.

Since then, OGP continued to issue warnings and leveling administrative offenses in the following cases:

*On July 27, 2022, social media users Fikret Faramez oglu, the head of the “jamaz.info” website, Agil Alishov, the head of the “miq.az” website and Facebook users – Elchin Ismayil, Ali Jabbarli, and Nurana Fataliyeva were warned by the OGP as per Article 22 of the Law “On the Prosecutor’s Office”, not to allow for such negative circumstances in the future (on the grounds of dissemination of false information to undermine the business reputation of the Azerbaijan Army, create artificial agitation among citizens, as well as overshadow the work done in the direction of strengthening the state’s defense capabilities);

*The same day, Tofiq Shahmuradov (military journalist) was accused under Article 388-1.1.1 of the Code of Administrative Offenses by the OGP, and the Nizami District Court found him guilty and sentenced the journalist to one month of administrative detention (on the grounds of disseminating false information to undermine the business reputation of the Azerbaijan Army, create artificial agitation among citizens, as well as overshadow the work done in the direction of strengthening the state’s defense capabilities);

*On July 30, 2022, the Prosecutor General’s Office of Azerbaijan warned social network users Sakhavat Mammadov, Rovshan Mammadov, Zulfugar Alasgarov, Elgun Rahimov, Fuzuli Kahramani, Zeynal Bakhshiyev, and Ruslan Izzatli within the scope of the Law on Prosecution’s Office (on the grounds – the requirements to present facts and events impartially and objectively, and not to allow one-sidedness, were not observed during the publication of information in the media);

*On August 3, 2022, the OGP warned Facebook users – Tayyar Huseynli, Mubariz Sadigli, Nijat Dadashov, and Irshad Muradov over violating relevant online content regulation (incitement to hatred, privacy violation, and defamation);

*On August 4, 2022, the OGP warned Rustam Ismayilbayli (activist) over a social media post, based on Article 22 of the Law on Prosecutor’s Office;

*On September 16, 2022, Taleh Khasmmadov (human rights defender) was warned by the OGP based on Article 22 of the Law on Prosecutor’s Office (dissemination of unspecified information about the Azerbaijani army). The rights defender was warned not to violate laws.

None of these warnings and/or administrative offense cases meet the requirements of the freedom of expression and access to a fair trial envisaged within the international human rights standards or the constitutional obligations of the Republic of Azerbaijan.

Continued targeted cyber attacks against critics: post-November 2022 developments

 In November 2022, AIW published a lengthy legal opinion, “In Azerbaijan, hasty legislative measures in response to cyber threats, leave the protection of personal data on the back burner,” providing a comprehensive analysis of the domestic legislation and the government’s use of those laws and its adverse effects for the personal data protection in Azerbaijan.

Among identified gaps, the report noted that in Azerbaijan, the national legislation on personal data protection does not effectively protect individuals against the arbitrary use of their personal data by both public and private entities.

The analysis also indicates that the national laws restrict and control personal data with intrusive measures, such as equipping telecom networks with special devices, and real-time access to vast amounts of personal data, in the absence of a criminal investigation or judicial order. As such, the absence of clear and enforceable regulations to protect personal data against arbitrariness and flawed systems due to negligence puts personal data at a higher risk of infringements.

Azerbaijan although joined Convention 108, also known as the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data, in 2009, has not ratified Additional Protocol to Convention 108 which requires each party to establish an independent body to ensure compliance with data protection principles and lays down rules on trans-border data flows.

The rights related to personal data are guaranteed by Article 32 of the Constitution of Azerbaijan, which provides the right to privacy of personal and family life, including information transmitted by various means of communication, including correspondence, telephone, mail, and telegraph. The Constitution prohibits acquiring, storing, using, and spreading information about a person’s private life without his/her consent.

There is also the Law on Personal Data, adopted in May 2010 which regulates personal data through different normation legal acts, and the Decision of the Cabinet of Ministers of Azerbaijan about “the requirements for the protection of personal data” adopted in September 2010. However, previously published analyses on the matter, point out a number of shortcomings.

The weakness of Azerbaijani safeguard mechanisms was acknowledged by Global Cybersecurity Index, which placed Azerbaijan in 40th  place among 194 countries ranked by the index. The European Union’s EU4Digital Initiative also criticized the weakness of Azerbaijani mechanisms. According to the findings, Azerbaijani legislation was described as outdated and unable to protect personal data effectively while the government of Azerbaijan demonstrated no political will to overcome this problem.

Even the intra-country public cybersecurity assessment report found flaws in protection mechanisms (a lack of cybersecurity benchmarks for digital web providers).

The government-issued national strategy for overcoming the problem has not indicated positive results yet. Cyber-attacks increased following the second Karabakh war and peaked again during the September border clashes in 2022. Large-scale cybersecurity attacks were committed against several state institutions and banks in April 2022 and August 2022 the authorities refrained from explaining the extent of the damage and did not publicize the results of counteracting measures.

Gaps in legal remedies addressing government-sponsored cyber attacks

 In February 2023, AIW, published the report “Legal overview legal remedies (or lack thereof) in cases of online targeting,” showing how Azerbaijan does not effectively protect digital rights. The report focused on two types of violations – cyber-attacks, and covert surveillance, which occur frequently but is not prevented due to inadequate legal remedies.

For instance, there is no automatic notification system for covert surveillance, and there is no independent internal review body. Additionally, there are no rules against prosecutorial discretion, no mechanism to address conflicts of interest between law enforcement and state security bodies, and challenges concerning judicial avenues.

Within existing legislation, the country’s criminal law is one that addresses cyberattacks and breaches of privacy. According to the Criminal Code (Articles 155, 156, and 271-273), cyberattacks and violations of privacy and correspondence rights are prohibited and shall be punished. According to these legal norms in case such an act is committed by law enforcement officials, they are categorized as aggravated circumstances. In these cases, the investigative authority is the prosecutor’s office.

There are civil legal remedies under tort law. However, tort law remedies are effective in practice if the relevant breaches are found in the criminal case. Domestic law in a substantive manner also contains constraints against covert surveillance.

According to domestic procedural law (Code of Criminal Procedure), initial inquiries must be conducted based on reports from victims or others. If the initial inquiry finds, reasonable suspicion on allegations it must remit its preliminary investigation. If the prosecutor’s office dismisses the allegations and refuses to initiate a criminal case, interested parties have the right to apply to district courts. District courts have the authority to remit the case back. Moreover, the relevant official bodies shall conduct disciplinary proceedings about the allegations about their officials on cyberattacks and illegal covert surveillance.

In addition, concerning cyberattacks, there is another review body within the Ministry of Digital Development and Transport – the Cyber Security Service. While the cyber security service does not possess sanctions against authorities, it does have the authority to review the cyberattack claims and issue general warnings concerning cyberattacks. Furthermore, this body may inform other investigative authorities if the problem concerns these authorities. However, it doest not have the legal power to conduct an investigation itself nor can it be considered independent.

In its February report, AIW shared recent cases demonstrating the lack of interest by the law enforcement authorities to offer protection in cases of digital rights violations despite having an ex officio power to conduct criminal investigations. Since then attacks have continued.

The most recent state-sponsored attack was against imprisoned political activist Bakhtiyar Hajiyev. Prior to his arrest, Hajiyev criticized the Government, especially the activities of the Ministry of Internal Affairs. Last year, he was abducted by unknown persons and was forced to delete posts about the Minister of Internal Affairs. Up until today, it remains unclear who abducted Hajiyev. The activist was also subjected to a nasty blackmail campaign.

In December 2022, following his return to Azerbaijan from a trip abroad, Hajiyev was summoned by the Baku General Police Department. He was charged with hooliganism and contempt of court. Based on these charges Khatai District Court applied for a remand in custody, the decision was extended until April 28, 2023. Hajiyev went on a hunger strike twice during his detention. After more than 50 days, he stopped at the end of February 2023.

At the end of December 2022, some anonymous social media accounts shared private correspondence between Hajiyev and the media editor (Vusala Mahirgizi). The leaked conversations alleged Hajiyev was a marionette of one of the clans. Hajiyev published a statement in which the activist said, the correspondence was leaked as a result of hacking of his private communication and that the allegations of Hajiyev being marionette were false.

It is worth noting that this correspondence was leaked during calls for the activist’s release. The leak was largely viewed as an attempt to weaken the advocacy campaign for the release of Hajiyev.

Since February 22, 2023, however, Hajiyev has been the target of another blackmail campaign. A number of anonymous users on Telegram under different channels [‘Exposure of Bakhtiyar Hajiyev’] have been disseminating some of Hajiyev’s private information as well as other women the activist has corresponded with were leaked. Currently, one of the Telegram accounts has 4681 subscribers. Similar information was leaked by fake Facebook accounts. In addition to leaked correspondence, sexually explicit photos of several women who appear with Hajiyev were shared by these accounts. As a result, at least two women were forced to leave their homes and hide from their families, fearing reprisals for ‘immorality’ from their families.

It has been identified, that some parts of the correspondence were probably photoshopped according to media professionals. However, there are others that may be authentic.

These anonymous users also published the names of activists threatening to leak their conversations with Hajiyev as well. Some of these activists are advocates calling for Hajiyev’s release. Some activists whose private communications were leaked said, they would submit a complaint about it.

In the meantime, the Ministry of Internal Affairs said these leaks had nothing to do with them and that during Hajiyev’s arrest, they did not seize any of his devices. However, according to Hajiyev’s lawyers, Hajiyev arrived at the Baku General Police Department in his car and left his phone in the car. The car stayed there for three days and it is likely his phone was compromised during this period.

Meanwhile, the Telegram channels are still active. Hajiyev submitted a complaint to the Prosecutor’s Office about the first incident of cyberattacks. According to his lawyers, they will add a second incident also.

What is next?

The overall analysis and reports indicate that domestic legal remedies in the substantive and procedural law do not protect privacy rights up to satisfactory levels in Azerbaijan. While substantive law at the formal level safeguards digital rights, in practice, these safeguards have no real effects. Judicial remedies are insufficient because criminal procedural avenues in some circumstances are insufficient, and in other circumstances, the district courts cannot force for initiation of the criminal case against officials as the latter still depends on investigative bodies like the prosecutor’s office who decide whether or not to open a criminal case.

Moreover, civil and administrative judicial avenues are also not operational because the heavy burden of proof lies on claimants. In addition, internal disciplinary proceedings are not effective due to a lack of independent oversight bodies. Also, Cyber Security Service lacks real mandatory power in cyberattack cases in addition to independence issues. Therefore, in the cases of covert surveillance and cyberattacks by state authorities, domestic remedies are not effective. It should be added that other aspects of domestic remedies concerning internet freedoms also have challenges. For example, blocking access and official warnings by the prosecutor’s office are especially problematic. 

It is well established by the ECtHR in several cases against Azerbaijan that the domestic courts consistently fail to conduct effective judicial oversight in politically motivated cases and instead merely uphold the position of the executive authorities (see, among others, Aliyev v Azerbaijan, appl. No. 68762/14, 71200/14, 20/09/2018, para. 224).  Consequently, it may be concluded that procedural law and its safeguards against internet freedom violations have serious flaws. Moreover, practical case studies further furnish that the relevant investigative authorities and domestic courts are not interested in pursuing criminal investigation cyberattacks, covert surveillance, and upholding internet freedoms in the cases of access blocking and official warnings. 

The European Court of Human Rights (ECtHR) might be considered one of the most effective international avenues in terms of providing legal remedies for violations of internet freedoms. The effectiveness of the ECtHR lies in its ability to issue binding judgments against member states (namely, Azerbaijan) which can result in the provision of legal remedies for the victims of rights violations. However, there are systematic delays in the execution of the ECtHR judgments by Azerbaijan*, the Committee of Ministers of the Council of Europe continuously supervises the execution of judgments of the ECtHR by the member states and urges states to obey the judgments.

 *The Committee of Ministers of the Council of Europe (to which Azerbaijan is a party) mandates that member states comply with the judgments and certain decisions of the European Court of Human Rights. And yet, the court’s decision on Khadija Ismayilova group v. Azerbaijan (Application No. 65286/13) calling on Azerbaijan to duly investigate committed acts, where they [the authorities] failed to do so, and any possible connection and links between crimes committed against journalists and their professional activities, was not complied with.

Given the existing environment, the likelihood of further cyber threats and attacks continuing is high.

The Telegram channels targeting Hajiyev remain. Unidentified persons with ties to the law enforcement authorities have access to Hajiyev’s personal data, and their goal to continue abusing this access is likely. Moreover, the state authorities have broad opportunities to compromise other activists’ accounts and to disseminate their private communications. Therefore, cyber threats currently create a difficult challenge for civil society activists. It should be added that the Government does not commit to changing personal data protection laws and taking practical steps to prevent state-oriented or third-party cyber attacks.

International human rights mechanisms, especially international tribunals are the main source of protection against violations of privacy rights and cyberattacks. Especially bringing more applications before the ECtHR and the Human Rights Committee is very important. Currently, there is no case law of the relevant international human rights mechanisms concerning cyberattacks and privacy violations against Azerbaijan. Despite Azerbaijan not adhering to the judgments of international tribunals on violations of rights, such kind of implementation procedure might help improve the situation.

Due to the current problematic situation within the legal profession (lack of lawyers, lack of interest, and fear among lawyers to take up human rights cases), many cases cannot be brought before international tribunals. Most human rights lawyers are already overwhelmed with the volume of cases they represent. Therefore, international assistance in bringing these applications before international courts is a useful tool for counteracting violations. International human rights organizations must assist local human rights lawyers in bringing cases of personal data infringements to international courts (ECtHR, UN).

In the meantime, the government of Azerbaijan must be urged to adopt effective legal remedies and procedural safeguards against arbitrary and unlawful control of personal data with excessive and broad discretion. Minimum safeguards for the exercise of discretion by public authorities must include detailed rules on (i) the nature of the offenses (grounds) which may give rise to an interception order; (ii) duration, scope, and practical review of interception orders; (iii) the precautions to be taken when communicating the data to other parties.

An independent regulatory authority should be established to supervise and review complaints about personal data breaches. The laws must also be formulated with sufficient clarity and precision to give citizens an adequate understanding of the conditions and circumstances in which the authorities are empowered to resort to this secret and potentially dangerous interference with the right to respect for private life and correspondence.

International advocacy campaigning is a useful instrument for getting attention to the problem. New campaigns may bring the attention of international public bodies to the issue.

Finally, capacity-building activities on internet security issues should be continued and potentially targeted groups should be equipped with more information and tools in this area.

another telegram channel another public targeting campaign [updated March 9]

Posted on by aiw_admin

[Update] On March 9, Hajiyev told his lawyer, that the messages leaked were fabricated, while some were more than ten years old. The imprisoned activist also said, he suspects his device was infected with Pegasus and this is how the authorities were able to extract the information they have been disseminating online via Telegram channels. Rufat Safarov, a rights defender who heads the campaign calling for Hajiyev’s release said the blackmail campaign targeting Hajiyev aimed to discredit the activist, according to reporting by Turan News Agency.

Az-Net Watch documented numerous examples when civic activists were targeted via Telegram channels in the past. Often these channels are public and share private information and/or intimate content of the person targeted. Not once, attempts to investigate how the leaked data made it into these channels were successful. While targeted activists suspect the information was leaked by officials these suspicions were often either dismissed or unaddressed. So it was not at all surprising that yet another blackmail campaign has been making rounds on Telegram.

The channel originally called “Baktiyar’s exposure” was first discovered on February 24. Since then, the channel has been renamed to “Bakhtiyar Hajiyev Expose.” The first channel shared Hajiyev’s intimate photographs. The new one has videos of his correspondence with women. By the time this story was revisited AIW counted at least six different Telegram channels targeting Hajiyev.

His friends and colleagues suspect that these were extracted from his mobile device. Hajiyev currently is in administrative detention. He was arrested on December 9 and originally sentenced to 50 days in administrative detention. Since then, his detention period has been extended, most recently on February 23, 2023, by another two months. Meanwhile, the Interior Ministry denied allegations that they were somehow involved in the information being leaked.

According to reporting by Turan News Agency, the Ministry of Interior attempted to frame Hajiyev, alleging, it was the activist who leaked this information online. However that is impossible, says Rufat Safarov, the head of the Defense Line initiative that was set up shortly after Hajiyev’s arrest. Speaking to Turan News Agency, Safarov said, “Bakhtiyar has been behind bars since December. How could he possibly distribute this information online? His personal information was stolen and leaked purposefully to discredit him.”

In October of last year, the founder of Az-Net Watch, co-authored this story for IWPR explaining how Telegram is being used in Azerbaijan. “In Azerbaijan, the app has become a nexus for hate speech, propaganda, and the repression of dissent. In March 2021, multiple Telegram groups were identified in Azerbaijan sharing sex tapes and nude photographs of women. Among the victims were journalists, civic activists, and female family members of exiled political activists as well as ordinary women. The groups and pictures were reported to Telegram, but it took weeks before they were taken down. The damage to the women targeted was done. The channels shared sensitive videos of journalist Fatima Movlamli, the sister of exiled dissident blogger Mahammad Mirzali, civic activist Narmin Shahmarzade and Gunel Hasanli, daughter of opposition party leader Jamil Hasanli.”

Telegram’s “content moderation” problems

In 2021, Telegram’s founder Pavel Durov in a post on his channel justified why the platform won’t censor misinformation: “In my 20 years of managing discussion platforms, I noticed that conspiracy theories only strengthen each time their content is removed by moderators.” Meanwhile, the platform’s Vice President Ilya Perekopsky boasted about the platform’s neutrality when it came to content moderation, and specifically misinformation: “we just think people should have their opinion, right? If they disagree they can disagree. They can use telegram to express their opinions. From our side, we always stay neutral.”

In the case of imprisoned Hajiyev, this lax approach to content moderation or lack thereof has already caused significant damage to his reputation but it has also revealed the poor editing and fabrication skills of the people behind this blackmail campaign. Azerbaijani journalist Ulviyya Ali, shared the screenshots from the videos of chat conversations Hajiyev allegedly had with women, which were shared in some of the Telegram channels targeting Hajiyev.

Targeting women 

Activists in Azerbaijan also pointed out that it is not Hajiyev’s reputation that is placed on the line with this blackmail campaign, but the women too, whose photographs are shared in the absence of their consent. Last year BBC published this investigation about the use of the platform in targeting women specifically “to harass, shame and blackmail them on a massive scale.” Gulnara Mehdiyeva, a feminist activist who has been ttargeted herself in the past, said in a Facebook post on February 28, “Terrible things are happening in the country. The government, which is responsible for protecting the safety of citizens, deliberately and knowingly wants to make those women victims of suicide or murder.” Two years ago, Mehdiyeva was targeted in a video shared via Facebook, containing a series of leaked private audio messages, that were extracted from Mehdiyeva’s social media accounts and emails. In a February 28 Facebook post, Mehdiyeva also wrote that not only faces of these women were not blurred but the perpetrators of the blackmail campaign also shared the names of the women and at least in one correspondence leaked, the home address of one woman. One of the women whose identity has been exposed in this campaign, was Tunay Aliyeva, an actress and model who said this blackmail campaign was a “cybercrime and invasion of people’s privacy.” In a letter addressed to the First Lady and the First Vice President Mehriban Aliyev, the actress asked that the First Lady personally stepped in, as a woman and a mother herself, in order to put an end to this “abomination.”

At the time of writing this update, at least six groups were still active on Telegram. A source told AIW that one of the women had to escape her family after the latter learned of what has happened. The woman’s brother is allegedly after her to clean the family’s reputation.  

 

OONI measurements show ongoing internet censorship in Azerbaijan

Posted on by aiw_admin

Azerbaijan is known to block access to independent news media websites – we previously reported on this in July 2021. At the time, we analyzed OONI measurements collected from Azerbaijan between January 2020 to May 2021 and found that ISPs in Azerbaijan were blocking access to several independent news media and circumvention tool sites. We also found that amid the 2020 Nagorno-Karabakh war, ISPs in Azerbaijan temporarily blocked access to social media services, and attempted to block access to Tor and Psiphon.

But how has Azerbaijan’s internet censorship landscape changed (if at all) over the last year?

We attempt to address this question as part of this report. Specifically, we analyzed OONI data collected from Azerbaijan between January 2022 to February 2023 with the goal of evaluating which tested services presented signs of blocking, and whether new blocks had emerged over the past year (in comparison to our previous report). 

Key Findings

As part of our analysis of OONI measurements collected from Azerbaijan between January 2022 to February 2023, we found:

  • Blocking of news media websites. Azerbaijan continues to block access to several independent news media websites. OONI data also suggests that some ISPs in Azerbaijan may have started blocking access to the Guardian on 25th December 2022.
  • Azerbaijan and Russia block each other’s news media. In early June 2022, Azerbaijan started blocking access to Russia’s state-run RIA Novosti media website. Since (at least) 7th June 2022, Russian ISPs have been blocking access to Azerbaijani news media websites (`haqqin.az`, `minval.az`, `oxu.az`, `ru.oxu.az`, `ru.baku.ws`). These blocks remain ongoing.
  • Temporary blocking of TikTok amid border clashes with Armenia. During the September 2022 border clashes, both Azerbaijan and Armenia blocked access to TikTok. While the TikTok block was lifted in Armenia by 21st September 2022 (only lasting about a week), the TikTok block remained in place in Azerbaijan until November 2022 (lasting about 2 months). 
  • Blocking of circumvention tool sites. Azerbaijan continues to block access to numerous circumvention tool websites, potentially limiting the ability to circumvent internet censorship in Azerbaijan. However, most OONI measurements suggest that tested circumvention tools (Tor and Psiphon) appear to be reachable.
  • Variance of censorship across networks. While most ISPs in Azerbaijan appear to adopt similar censorship techniques (as we continued to observe connection timeouts in most anomalous measurements across ASNs), different ISPs block access to different websites over time.

Methods

Since 2012, OONI has developed free and open source software, called OONI Probe, designed to measure various forms of internet censorship. OONI Probe is run by volunteers in around 160 countries every month, and their test results are automatically published by OONI as open data in real-time. More than a billion network measurements have been collected and published from 25 thousand networks in 241 countries and territories over the last decade.

To examine internet censorship in Azerbaijan, we analyzed OONI measurements collected from Azerbaijan between January 2022 to February 2023. The goal of our analysis was to identify which websites and apps presented signs of blocking (“anomalies”) in Azerbaijan during the analysis period, particularly in comparison to blocks previously identified as part of our past research.   

Specifically, we analyzed measurements collected from OONI’s Web Connectivity test, which is designed to measure the blocking of websites (these websites are publicly hosted on the Citizen Lab test list Github repository). This test measures the accessibility of websites by attempting to perform a DNS lookup, TCP/IP connection, and HTTP GET request from two vantage points: (1) the local vantage point of the user and (2) a control network (non-censored network). The results from both networks are automatically compared and if they match, the tested URL is annotated as “accessible” (if the testing succeeds from the control vantage point). If the results differ, the tested URL is annotated as “anomalous”, which may provide a signal of potential blocking.

Depending on why the anomaly emerges, the anomalous measurement is automatically annotated as a DNS, TCP/IP, HTTP diff, or HTTP failure anomaly. For example, if the DNS lookup resolves to an IP address which differs from that resolved from the control vantage point, the measurement is annotated as a “DNS anomaly”, which may be a sign of DNS tampering.

However, false positives can occur, which is why we look at anomalous measurements in aggregate in order to determine if a tested URL consistently presents a large volume of anomalous measurements (in comparison to successful measurements) on a tested network. If a tested URL presents a large volume of anomalies, it may provide a stronger signal of potential blocking. If the types of anomalies are consistent (for example, always presenting DNS anomalies on a tested network), they offer an even stronger signal of potential censorship (since they suggest the use of a specific censorship technique, such as DNS hijacking). But beyond aggregating anomalous measurements, we also analyze the raw data pertaining to anomalous measurements in order to identify the specific errors that occurred as part of the testing, offering insight into how a tested URL is potentially blocked.

Based on our current heuristics, we automatically confirm the blocking of websites when a block page is served and we have added the fingerprint of that blockpage to our database. We also automatically confirm the blocking of websites based on DNS answers containing IP addresses that are known to be associated with implementing internet censorship. For other forms of censorship, we analyze OONI data in order to aggregate anomalous measurements and identify why and how those anomalies occur, offering insight into additional cases of potential blocking.

Acknowledgement of limitations

The findings of this study present several limitations, including:

  • Date range of analysis. The findings are limited to OONI measurements collected from Azerbaijan between January 2022 to February 2023. As a result, findings from measurements collected in different date ranges are excluded from this study.
  • Type of measurements. As part of this study, we primarily focus on OONI Web Connectivity measurements which pertain to the testing of websites for censorship. This focus was selected due to known website censorship in the country, while aggregate views of OONI measurements from other OONI Probe experiments did not present an important volume of anomalies that would have warranted more dedicated analysis.
  • Tested websites. OONI Probe website testing in Azerbaijan is primarily limited to URLs included in 2 Citizen Lab test lists: the global list (including internationally-relevant URLs) and the Azerbaijan list (only including URLs relevant to Azerbaijan). As these lists are tested by OONI Probe users and there are bandwidth constraints, they are generally limited to around 1,000 URLs. As a result, the lists may exclude other websites which are blocked in Azerbaijan, and the findings are limited to the testing of the URLs included in these lists. Given that the lists are community-curated, we acknowledge the bias in terms of which URLs are added to the lists. 
  • Testing coverage of websites. Not all URLs included in test lists are measured equally across Azerbaijan over time. Whether OONI data is available for a particular website depends on whether, on which networks, and when an OONI Probe user in Azerbaijan tested it. As a result, tested websites received different testing coverage throughout the analysis period, which impacts the findings.  
  • Tested ASNs. The availability of OONI measurements depends on which networks OONI Probe users were connected to when performing tests. As a result, the measurement coverage varies across ASNs throughout the analysis period, impacting the findings. 
  • Measurement volume. OONI measurement coverage from Azerbaijan has been rather limited over the years (in comparison to other countries), limiting our findings and confidence in confirming censorship events. The availability of OONI data depends entirely on volunteers running OONI Probe locally in Azerbaijan, which can be challenging in light of the political environment, potential risks involved with running OONI Probe, and the relatively limited digital rights community engagement opportunities in Azerbaijan. That said, we observe an important spike in the overall measurement volume from 14th September 2022 onwards (which has subsequently remained relatively stable), increasing our ability to detect censorship events thereafter. This is visible through the following chart. 

Chart: OONI Probe Web Connectivity testing in Azerbaijan between 1st January 2022 to 23rd February 2023 (source: OONI data). 

Background

In its latest Freedom on the Net report by Freedom House, Azerbaijan was ranked “not free” among 70 countries assessed for the report. Internet freedoms have been on an overall decline in the country for a number of years, however, the situation escalated during the 2020 war between Armenia and Azerbaijan. Since then, while blocking of social media platforms, and internet throttling have reduced, the state continues to implement various forms of digital surveillance combined with offline measures targeting civil society representatives on a regular basis. 

News websites critical of the authorities remain blocked, while the Law on Media enacted in February 2022 is yet another measure imposed by the state to restrict not only media freedom, and freedom of speech but also access to independent and opposition news. 

Journalists across the country remain concerned about the new law. Most recently they have joined in calls to abolish a new media registry introduced in the Media Law. 

Meanwhile, civic activists continue to face online targeting. Az-Net Watch in its December 2022 report, shared some of the findings of such attacks, identifying persistent trends of phishing attacks, questioning by the law-enforcement bodies over criticism voiced online, interference with personal data and devices, hacking attempts and installed spyware programs.

Findings

As part of our analysis of OONI measurements collected from Azerbaijan (between January 2022 to February 2023), we found a number of independent news media websites and circumvention tool websites blocked throughout the analysis period. Many of these blocks have been in place since at least 2020. Amid border clashes in September 2022, access to TikTok was blocked in both Azerbaijan and Armenia. We share further details in the sections below.

Blocking of news media websites

Several news media websites (which have been blocked over the last few years) continue to be blocked in Azerbaijan, according to recent OONI data analysis. 

The domains that presented the largest volume of anomalies (and overall testing coverage), thereby presenting the strongest signals of blocking in our analysis period, include:

  1. `azerbaycansaati.tv`
  2. `www.24saat.org`
  3. `www.abzas.net` 
  4. `www.azadliq.info` 
  5. `www.azadliq.org`
  6. `www.meydan.tv`
  7. `www.rferl.org`
  8. `www.gununsesi.org`
  9. `ria.ru`
  10. `www.theguardian.com`

While most of the above domains have been blocked in Azerbaijan over the last few years, the testing of `www.theguardian.com` only started to present anomalies (on several networks) in late December 2022 onwards (we discuss this case in more detail in the next section of this report). Meanwhile, Azerbaijan reportedly started blocking access to RIA Novosti (Russian state-owned news media) in early June 2022 over the publication of slanderous materials against Azerbaijan. At the time, RIA Novosti’s website (`ria.ru`) was only included in other countries’ test lists; we therefore added it to the Global test list to ensure that it gets tested by OONI Probe users in Azerbaijan and around the world. This is why OONI measurement coverage of `ria.ru` in Azerbaijan only begins in June 2022.  

Independent Azerbaijani media websites (such as `azadliq.info` and `meydan.tv`) have reportedly been blocked since early 2017 for “posing a threat” to Azerbaijan’s national security. The state prosecutor reportedly accused these websites of sharing content that promotes violence, hatred, extremism, violates privacy and constitutes slander. However, the blocking of these media outlets may have been politically motivated. Azadliq, for example, reported on the business dealings of Vice President Mehriban Aliyeva’s private foundation, while the website of Gunun Sesi (which has reportedly been blocked since August 2018) is operated by Parviz Hashimli, a former political prisoner. The blocking of the RFE/RFL website (`www.rferl.org`) also reportedly began in 2017 following an Azerbaijani court order.

The following chart aggregates OONI measurement coverage (from 26 ASNs) for the news media domains that presented the strongest signals of blocking in Azerbaijan between January 2022 to February 2023.

Chart: Blocked news media websites in Azerbaijan between January 2022 to February 2023 (source: OONI data).

Most OONI measurements from the testing of these media websites (excluding `www.theguardian.com`, which is discussed in the next section) presented anomalies throughout the testing period, providing a signal of blocking. In contrast, most of the other URLs tested from the Citizen Lab test lists during this period were found accessible (on the same networks in Azerbaijan).

What is evident from the above chart is that the vast majority of anomalous measurements presented connection timeouts (for sites hosted on both HTTP and HTTPS). A consistent failure type can offer a strong signal of blocking, since it suggests the use of specific censorship techniques. In this case, the connection timeouts may indicate the use of Deep Packet Inspection (DPI) technology for the implementation of blocks, given that the timeout only happens after the TLS ClientHello message. The fact that we observe the prevalence of connection timeouts across anomalous measurements aggregated across tested ASNs further suggests that most ISPs in Azerbaijan adopt similar censorship techniques.

This is further evident when viewing a per-ASN breakdown of the specific failures in the measurement of each of the blocked news media sites. The following chart, for example, presents the specific failures that occurred when `www.24saat.org` was tested on multiple ASNs in Azerbaijan during our analysis period. 

Chart: Measurement results (`OK` and specific failures) from the testing of `www.24saat.org` on multiple ASNs in Azerbaijan (source: OONI data). 

From the above chart we can see that most failures (across most tested ASNs) involve timeout errors (annotated in red). But we also observe some successful measurements (annotated as `OK` in green) on some of those networks too. To understand why those measurements were successful, we provide a further breakdown by testing targets. The following chart only presents measurement results (including specific failures observed in anomalous measurements) for the testing of the HTTPS version of the site (`https://www.24saat.org/`) across networks.  

Chart: Measurement results (`OK` and specific failures) from the testing of `https://www.24saat.org/` on multiple ASNs in Azerbaijan (source: OONI data). 

As we can see, the testing of the HTTPS version of the site was entirely successful on some networks, and presented consistent signs of blocking (consistently presenting connection timeouts) on others. In contrast, the testing of the HTTP version of the site (shared in the next chart below) shows that it presented signs of blocking on all of these tested networks.

Chart: Measurement results (`OK` and specific failures) from the testing of `http://www.24saat.org/` on multiple ASNs in Azerbaijan (source: OONI data). 

The fact that we observe more prevalent blocking of the HTTP version of the site (even though it supports HTTPS) suggests that the block is not implemented properly on certain networks.

Similarly, we observe the prevalence of connection timeouts in the testing of many other news media websites across ASNs. The following chart provides a per-ASN breakdown of the measurement results from the testing of `azerbaycansaati.tv`, showing that none of the measurements were successful, and that most presented connection timeouts.

Chart: Measurement results (including specific failures for anomalous measurements) from the testing of `azerbaycansaati.tv` on multiple ASNs in Azerbaijan (source: OONI data). 

The fact that the testing of `azerbaycansaati.tv` was not successful on any of the networks which received the largest volume of testing coverage, and that it consistently presented connection timeouts on most networks, provides a strong signal of blocking. 

Similarly, we observe that the testing of `www.azadliq.org`, `www.meydan.tv`, and `www.rferl.org` mostly presented connection timeouts on tested networks, as illustrated through the following charts.   


Chart: Measurement results (including specific failures for anomalous measurements) from the testing of `www.azadliq.org` on multiple ASNs in Azerbaijan (source: OONI data). 

Chart: Measurement results (including specific failures for anomalous measurements) from the testing of `www.meydan.tv` on multiple ASNs in Azerbaijan (source: OONI data). 


Chart: Measurement results (including specific failures for anomalous measurements) from the testing of `www.rferl.org` on multiple ASNs in Azerbaijan (source: OONI data).

OONI data also suggests that the site (www.occrp.org) of the Organized Crime and Corruption Reporting Project (OCCRP) is blocked in Azerbaijan as well. The blocking of the OCCRP site reportedly began in September 2017, following the publication of a major investigation (“Azerbaijani Laundromat”) into corruption, bribery, and money laundering in which powerful figures were allegedly involved. The following chart provides a per-ASN breakdown of the measurement results from the testing of `www.occrp.org`, showing that (similarly to the aforementioned blocked media sites) it presented connection timeouts on most networks.

Chart: Measurement results (including specific failures for anomalous measurements) from the testing of `www.occrp.org` on multiple ASNs in Azerbaijan (source: OONI data).

Overall, the prevalence of connection timeouts (observed for different websites measured on many different networks in Azerbaijan) provides a strong signal of blocking. These blocks appear to have been implemented several years ago, and remain ongoing. 

Blocking of the Guardian?

On 25th December 2022, the testing of `www.theguardian.com` started to present anomalies in Azerbaijan. The following chart aggregates OONI measurement coverage from the testing of `www.theguardian.com` on 10 ASNs in Azerbaijan between 1st October 2022 to 24th February 2023.

Chart: OONI Probe testing of the Guardian (`www.theguardian.com`) on 10 ASNs in Azerbaijan between 1st October 2022 to 24th February 2023 (source: OONI data). 

However, these anomalies were not observed on all tested networks in Azerbaijan. To better understand the anomalies, we provide a breakdown of the specific failures observed in anomalous measurements on networks that received the largest testing coverage (through the following chart).

Chart: Measurement results (including specific failures for anomalous measurements) from ASNs in Azerbaijan where the testing of `www.theguardian.com` presented anomalies between November 2022 to February 2023 (source: OONI data).

As is evident from the above chart, all anomalous measurements presented connection timeout errors (for both the HTTP and HTTPS versions of the site). The prevalence of connection timeouts, coupled with the fact that it is the same failure that we also observe in the blocking of other news media websites (discussed previously), provides a signal of blocking. 

While the data suggests that access to `www.theguardian.com` may be blocked on a few networks in Azerbaijan (particularly on AS29049 where we observe the largest volume of anomalies, which is consistent from 25th December 2022 onwards), it’s worth noting that it’s accessible on other networks (such as AS28787, where almost all measurements are successful). As we didn’t come across any news articles reporting the recent blocking of the Guardian in Azerbaijan (which could have helped corroborate the anomalous data), and the overall measurement volume is quite low, our confidence in confirming this potential block is rather limited.  

Azerbaijani news media websites blocked in Russia

Following the blocking of Russia’s state-run RIA Novosti media website in Azerbaijan in early June 2022, we were informed that certain Azerbaijani news media websites (`haqqin.az`, `minval.az`, `oxu.az`, `ru.oxu.az`, `ru.baku.ws`) were reportedly blocked in Russia. On 7th June 2022, we added these URLs to the Russian test list so that these websites could get tested by OONI Probe users in Russia. 

OONI data confirms that these Azerbaijani websites have been blocked in Russia since at least 7th June 2022, and that these blocks remain ongoing (as illustrated below).

Chart: OONI data on the blocking of Azerbaijani news media websites in Russia between 7th June 2022 to 24th February 2023 (source: OONI data).

The above chart aggregates OONI measurement coverage from numerous networks in Russia, showing that at least 5 Azerbaijani news media domains were blocked in Russia between June 2022 to February 2023. Throughout this period, we observe that almost all measurements are anomalous, suggesting that access to these Azerbaijani media sites is blocked on most tested networks in Russia. Russian ISPs adopt a variety of censorship techniques and, on some networks, we are able to automatically confirm the blocking of these Azerbaijani news websites based on fingerprints (as IPs known to be associated with censorship are returned as part of DNS resolution).

Temporary blocking of TikTok in Azerbaijan and Armenia amid border clashes

On 12th September 2022, fighting erupted between Azerbaijani and Armenian troops along their border. The next day (13th September 2022), both Azerbaijan and Armenia started blocking access to TikTok amid the border clashes. 

On 14th September 2022, Azerbaijan’s state security services announced the temporary suspension of TikTok. According to the statement, the content circulating on the social media platform was revealing military secrets and forming wrong opinions in society. As a result, the State Security Service decided to temporarily block access to the platform. Similarly, OONI data shows that the testing of TikTok also started to present signs of blocking in Armenia from 13th September 2022 onwards.

At the time, we published a report documenting the block in both countries based on OONI data. Specifically, we found that Azerbaijan blocked access to the main TikTok website (`www.tiktok.com`) and several endpoints essential to its functionality on at least 3 networks (AS29049, AS41997, AS31721). On all networks where we identified blocking, it seemed to be implemented by means of TLS level interference by dropping packets after noticing a disallowed server_name. We also observed some level of inconsistency, as ISPs in Azerbaijan blocked TikTok based on different lists of TikTok endpoint domains.

In Armenia, TikTok was blocked on at least two networks (AS44395, AS43733). Not all tested networks in Armenia implemented the TikTok block and censorship techniques varied from network to network. TikTok interference was observed at the DNS level by returning an NXDOMAIN error, an IP address associated with www.google.com, or a set of unrelated IP addresses which offer an invalid TLS certificate (it’s an expired certificate for `it.domain.name`). Several endpoints used by the TikTok app and website were also blocked on at least one network in Armenia.

By comparing aggregate OONI measurements from the testing of TikTok’s website (`www.tiktok.com`) in Azerbaijan and Armenia between 1st September 2022 to 24th February 2023, we can see that both countries started blocking access to TikTok amid the September 2022 border clashes, but that the block remained in place in Azerbaijan for much longer than in Armenia. 

Chart: OONI Probe testing of TikTok (`www.tiktok.com`) in Armenia and Azerbaijan between 1st September 2022 to 24th February 2023 (source: OONI data).

Specifically, we observe (through the above chart) that the TikTok block was lifted in Armenia by 21st September 2022 (only lasting about a week), while the TikTok block remained in place in Azerbaijan until November 2022 (lasting about 2 months).

Similarly to the testing of `www.tiktok.com`, OONI data suggests that Azerbaijan blocked numerous TikTok endpoints as well during the same period (between mid-September 2022 to mid-November 2022), as illustrated through the following two charts.  

Chart: OONI Probe testing of TikTok endpoints in Azerbaijan between 1st September 2022 to 30th November 2022 (source: OONI data).Chart: OONI Probe testing of TikTok endpoints in Azerbaijan between 1st September 2022 to 30th November 2022 (source: OONI data).

The fact that TikTok’s website (`www.tiktok.com`) and numerous TikTok endpoints presented anomalies on multiple tested networks in Azerbaijan during the same period provides a strong signal of blocking. 

Between September to November 2022, the anomalous measurements from the testing of TikTok in Azerbaijan show that many of them time out when attempting to establish a TLS handshake to the target endpoint. While many such measurements are annotated (on OONI Explorer) as presenting DNS inconsistency, we were able to exclude that by validating that the returned IPs are able to complete a TLS handshake with a valid certificate for the target domain name. Moreover, when issuing an HTTP request with the appropriate headers, the response payload is consistent with the response from an endpoint served to a user in Europe. By inspecting the response header and server certificate, it seems to be an Akamai cache.  

Blocking of circumvention tool websites

Circumventing internet censorship in Azerbaijan can potentially be challenging, as numerous circumvention tool websites have been blocked in Azerbaijan over the past years. Our latest analysis shows that these blocks remain ongoing.

The following chart aggregates OONI measurement coverage for popular circumvention tool websites that presented a large volume of anomalies throughout the testing period in Azerbaijan.

Chart: Blocked circumvention tool websites in Azerbaijan between January 2022 to February 2023 (source: OONI data). 

Multiple circumvention tool websites (including `www.torproject.org`, `psiphon.ca`, and `www.tunnelbear.com`) continue to show signs of blocking on some networks in Azerbaijan, as illustrated through the above chart. Specifically, OONI data shows that when these sites were tested, we frequently observed the timing out of the session after the ClientHello during the TLS handshake. It’s worth noting though that these sites are not blocked on all networks in Azerbaijan, as some measurements were successful. 

While many popular circumvention tool sites appear to be blocked in Azerbaijan, it’s worth highlighting that certain circumvention tools may work in the country. OONI Probe also includes tests designed to measure the reachability of the Psiphon, Tor, and Tor Snowflake circumvention tools. 

Between January 2022 to February 2023, OONI Probe testing of Psiphon shows that it was reachable on tested networks in Azerbaijan, as illustrated below.

Chart: OONI Probe testing of Psiphon on 29 ASNs in Azerbaijan between 1st January 2022 to 25th February 2023 (source: OONI data).

Most measurements (collected from 29 ASNs during the testing period) show that it was possible to bootstrap Psiphon and use it to fetch a webpage, suggesting that the circumvention tool worked on tested networks in Azerbaijan.

While the testing of Tor presented anomalies throughout the testing period, most measurements from September 2022 onwards (when we also observe a spike in the overall measurement volume) suggest that Tor was reachable on most tested networks in Azerbaijan. 

Chart: OONI Probe testing of Tor on 28 ASNs in Azerbaijan between 1st January 2022 to 25th February 2023 (source: OONI data).

In Tor anomalous measurements, we see that attempted connections to Tor directory authorities failed on some networks. However, we also see that most connections to both Tor directory authorities and Tor bridges were successful (on many networks), indicating that it may have been possible to use Tor in Azerbaijan. 

Quite similarly, OONI data shows that it was possible to bootstrap Tor Snowflake on most networks in Azerbaijan throughout the testing period.

Chart: OONI Probe testing of Tor Snowflake on 20 ASNs in Azerbaijan between 1st January 2022 to 25th February 2023 (source: OONI data).

This suggests that while the Psiphon and Tor Project websites appear to be blocked on some networks in Azerbaijan (as discussed previously), their tools appear to work in the country (at least on tested networks). 

Conclusion

Azerbaijan continues to limit press freedom by blocking access to several independent news media websites – the blocking of which appears to be politically motivated. OONI data also suggests that some ISPs in Azerbaijan may have started blocking access to the Guardian on 25th December 2022, but the relatively limited measurement coverage and the seeming absence of news articles reporting the block limit our confidence in confirming this. 

In early June 2022, both Azerbaijan and Russia started blocking access to each other’s news media websites. In early June 2022, Azerbaijan started blocking access to Russia’s state-run RIA Novosti media website over the publication of slanderous materials against Azerbaijan. Since (at least) 7th June 2022, Russian ISPs have been blocking access to Azerbaijani news media websites (`haqqin.az`, `minval.az`, `oxu.az`, `ru.oxu.az`, `ru.baku.ws`). 

Amid the September 2022 border clashes, both Azerbaijan and Armenia started blocking access to TikTok. However, while the TikTok block was lifted in Armenia by 21st September 2022 (only lasting about a week), the TikTok block remained in place in Azerbaijan until November 2022 (lasting about 2 months). But this was not the first time that Azerbaijan blocked access to a social media platform during the conflict. Azerbaijan previously blocked access to social media platforms during the 2020 Nagorno-Karabakh war.

Both social media blocks during times of conflict and long-term news media blocks (as those seen in Azerbaijan) generally indicate government attempts to control political narratives. While numerous circumvention tool websites appear to be blocked in Azerbaijan (potentially limiting the ability to circumvent blocks), it’s worth noting that several circumvention tools (such as Tor and Psiphon) may work in the country. 

This study was carried out through the use of open methodologies, free and open source software, and open data, enabling independent third-party verification of our research findings. We encourage researchers to expand upon this study by running OONI Probe and analyzing OONI measurements from Azerbaijan.   

Acknowledgments

We thank OONI Probe users in Azerbaijan for contributing measurements, and supporting this study.

political activist arrested over social media post

Posted on by aiw_admin

Member of the opposition Popular Front party, Zaur Usubov, was arrested on February 21 and sentenced to 25 days in administrative detention according to reporting by Turan News Agency. The activist was officially charged with an all too common article – resisting police. 

Popular Front said, Usubov, was arrested over critical of the authorities’ social media posts, and that the charges leveled against the member are bogus. 

According to Turan News Agency, Usubov is the sixth party member arrested this year [2023] so far. Five of them, including Usubov, were handed administrative detention while another member is facing criminal charges while the investigation is ongoing. 

Police in Azerbaijan is accustomed to resorting to physical measures against civic activists who are critical of the authorities online. As documented by Az-Net Watch, there have been scores of similar examples in the past.