prosecutor’s general office warns online news platform

On September 22, Aziz Orujov, the director and founder of Kanal 13, an online television platform, was questioned by the Prosecutor’s General office, according to reporting by Meydan TV.  

In an interview with Meydan TV, Orucov said, the Prosecutor’s Office claimed, Kanal 13 published video items damaging the reputation of the Azerbaijani Army, and casting a shadow on the strengthening work of the state’s defense capabilities.

Orujov said the allegations were not true. 

The Prosecutor’s Office issued a warning to the channel’s director, based on the Information, Informatisation, and Protection of Information and On National Security laws. The office also said the channel removed the videos in question.  

online news platform hacked, content and followers removed

On September 16, Toplum TV, an online news platform had its Facebook page hacked. The hacker accessed the account by hacking one employee’s personal Facebook profile. As a result, the news platform lost 26k of its followers and two weeks’ worth of shared content. 

In an interview with Meydan TV, the platform’s director, journalist Khadija Ismayil said this was not the first time Toplum TV was targeted with a digital attack.

AIW documented the previous attack in November 2021. At the time, the hacking occurred through an SMS interception. In another attack documented in September 2021, Toplum TV reported it lost 16k followers on its Facebook page. 

Ismayil in a Facebook post said, there were suspicions that a similar attempt was made this time around. The admin team is investigating the origins of the hack. 

Access to the page has been restored at the time of writing this post.

in Azerbaijan State Security Service blocks TikTok during the most recent clashes [Updated November 7]

[Update] According to Turan News Agency reporting, the temporary ban on TikTok placed in September was removed. The decision was announced by the service for electronic safety at the Ministry of Digitial Development and Transport. 

Users of the social media platform TikTok in Azerbaijan started reporting difficulties accessing the application as early as September 13. On September 14, the State Security Service announced its decision to block access to the platform entirely on the grounds the platform was casting a shadow over the military activities, revealing military secrets, and forming wrong public opinion. 

According to testimonies of users in Azerbaijan, soldiers were sharing videos from the line of contact along the Azerbaijan-Armenia border. Some of these videos were graphic. Graphic videos also circulated on the Telegram app. OC Media reported about the first video while users said there was a second video resurfacing online.  

Other users said they experienced issues accessing WhatsApp, Telegram, and slow internet connectivity speeds. 

Azerbaijan Internet Watch together with partner organization OONI analyzed data provided by local testers on the ground and confirmed the blocking on the platform in Azerbaijan. The analysis revealed that TikTok was also blocked in Armenia. 

The blocking came at a time of renewed clashes between Armenia and Azerbaijan.

According to the collected and analyzed OONI data,

the testing of www.tiktok.com and Tiktok endpoints presented a relatively large volume of anomalies between the 13th to 15th of September 2022, following the eruption of border clashes on the 12th of September 2022. It’s worth noting though that while www.tiktok.com measurements (showing signs of blocking) were collected from Azerbaijan from 13th September onwards, TikTok endpoint measurements are only available from 14th September 2022 onwards (when they were added to the test list for Azerbaijan). 

In summary, based on the analysis of 681 OONI metrics collected from 5 different networks in Azerbaijan, we conclude that:

  • The main TikTok website (www.tiktok.com) and several endpoints essential to its functionality were blocked on at least 3 different networks (AS29049AS41997AS31721);

  • On all networks where we identified blocking, it seems to be implemented by means of TLS level interference by dropping packets after noticing a disallowed server_name;

  • ISPs in Azerbaijan block TikTok based on different lists of TikTok endpoint domains, and there is some level of inconsistency.

Separately journalists from independent news platforms reported attempts to hack into their social media accounts during the most recent clashes due to their critical coverage. Verbal attacks were also documented as was the case two years ago. Both journalists and activists said their social media accounts were getting temporarily blocked by the platforms as a result of mass (fake) reporting. 

During the second Karabakh war, users in Azerbaijan faced internet restrictions as well. As a result, VPN usage soared during that period. In a statement issued by Access Now platform, Natalia Krapiva, Tech Legal Counsel at Access Now said, “Governments’ deep-seated drive to control the narrative — including in Central Asia and Eastern Europe — must stop.” “Whether authorities like it or not, people have the right to access the internet and to use social media, so focus on facilitating, not blocking.”

OONI measurement data confirms Azerbaijan blocked access to TikTok during September border clashes

Earlier this week, on 12th September 2022, fighting erupted between Azerbaijani and Armenian troops along their border. Over the next few days, community members in Azerbaijan reported that the TikTok app was blocked locally.

We analyzed OONI network measurement data to investigate the block. We found that TikTok has been blocked in both Azerbaijan and Armenia over the last few days.

In this report, we share our technical findings. In both Armenia and Azerbaijan, we found TLS and DNS level interference of TikTok domains and endpoints during the border clashes.

Background

On 12th September 2022, fighting erupted along the Azerbaijan-Armenia border between Azerbaijani and Armenian troops. The next day, Russia brokered a ceasefire, but it was immediately breached. Another ceasefire was announced in the evening of 14th September 2022 by the secretary of Armenia’s Security Council. Within 2 days of clashes, more than 100 Armenian and Azerbaijani soldiers were killed.

This is the latest fighting amid on-going clashes since the 44-day war Armenia and Azerbaijan fought in 2020.

In 1994, the Armenian military secured victory over Nagorno-Karabakh and the seven adjacent regions in the aftermath of the first Karabakh war. Since then, Nagorno-Karabakh has been under the control of its ethnic Armenian population as a self-declared state. The two sides often blamed each other for violating the 1994 ceasefire agreement over the years with continued fighting. These clashes culminated in September 2020 during the second Karabakh war, with Azerbaijan regaining control over the previously occupied seven regions, as well as one-third of Karabakh itself. A ceasefire agreement signed on 10th November 2020 ended the hostilities temporarily. Despite both sides pledging to make progress towards a final peace deal and a series of high level meetings taking place since the second war, no significant progress on achieving a final peace treaty has been made.  

During the 2020 Nagorno-Karabakh war, access to several social media platforms was blocked in Azerbaijan. At the time (between September 2020 to November 2020), OONI data collected from Azerbaijan showed that several social media websites (such as facebook.com and twitter.com) presented signs of blocking, while the testing of WhatsApp and Telegram presented signs of TLS level interference.

During the latest clashes over the last days, OONI data shows that these social media platforms appear to be accessible in Azerbaijan, but TikTok started to present signs of blocking. On 14th September 2022, Azerbaijan’s state security services announced the temporary suspension of social media platform TikTok. According to the statement, the content circulating on the social media platform was revealing military secrets and forming wrong opinions in society. As a result, the State Security Service decided to temporarily block access to the platform. Similarly, OONI data shows that the testing of TikTok also started to present signs of blocking in Armenia from 13th September 2022 onwards.

Methods

Since 2012, OONI has developed free and open source software (called OONI Probe) which is designed to measure various forms of internet censorship, including the blocking of websites and apps. Every month, OONI Probe is regularly run by volunteers in around 170 countries, and network measurements collected by OONI Probe users are automatically published as open data in real-time.

This study involves the analysis of OONI measurements pertaining to the testing of TikTok, collected from local networks in Azerbaijan and Armenia over the last days. In particular, we analyzed OONI Web Connectivity measurements pertaining to the testing of the TikTok homepage (https://www.tiktok.com), as well as several other web resources that are needed for the TikTok web app and mobile app to function (hereafter referred to as “TikTok endpoints”). We thank a community member who kindly shared with us a list of TikTok endpoints, which were subsequently added (to the lists of URLs measured by OONI Probe users in Azerbaijan and Armenia) for testing. OONI’s URL prioritization system ensures that once URLs are merged into the Citizen Lab test lists, they are immediately prioritized for OONI Probe testing. As a result, measurements from the testing of TikTok endpoints were collected almost immediately from both Armenia and Azerbaijan (supporting this study).

OONI’s Web Connectivity experiment is designed to measure the accessibility of URLs by performing the following steps:

  • Resolver identification
  • DNS lookup
  • TCP connect to the resolved IP address
  • TLS handshake to the resolved IP addresses
  • HTTP(s) GET request

The above steps are automatically performed from both the local network of the user, and from a control vantage point. If the results from both networks are the same, the tested URL is annotated as accessible. If the results differ, the tested URL is annotated as anomalous, and the type of anomaly is further characterized depending on the reason that caused the failure (for example, if the TCP connection fails, the measurement is annotated as a TCP/IP anomaly).

Each Web Connectivity measurement provides further network information (such as information pertaining to TLS handshakes) that helps with evaluating whether an anomalous measurement presents signs of blocking (or is a false positive). Based on our heuristics, we are able to automatically confirm the blocking of websites if a block page is served, or if DNS resolution returns an IP known to be associated with censorship (and such fingerprints have been added to our database).

In the cases of Azerbaijan and Armenia, we have never come across block pages, limiting our ability to automatically confirm cases of blocking with confidence. Instead, ISPs in both Azerbaijan and Armenia appear to adopt different censorship techniques (as discussed, for example, in our previous research examining blocks in Azerbaijan), requiring more manual analysis of measurements for the confirmation of blocks. This study focused in the case of Azerbaijan, we analyzed network measurement data provided under the network_events keys of Web Connectivity measurements, which provided insight on TLS level interference of TikTok endpoints. In the case of Armenia, we analyzed both TLS handshakes and DNS query results. Another limitation to our study is the limited OONI measurement coverage from Azerbaijan (in comparison to Armenia and other countries). Generally, the larger the relevant measurement volume, the greater our ability in identifying and confirming blocks.

Findings

OONI data shows that both Azerbaijan and Armenia started blocking access to TikTok right after clashes erupted along their border.

Blocking of TikTok in Azerbaijan

We analyzed OONI measurements collected from Azerbaijan from 13th-15th September 2022 and noticed that many of them appear to time out when attempting to establish a TLS handshake to the target endpoint.

While many such measurements are annotated (on OONI Explorer) as presenting DNS inconsistency, we were able to exclude that by validating that the returned IPs are able to complete a TLS handshake with a valid certificate for the target domain name. Moreover, when issuing an HTTP request with the appropriate headers, the response payload is consistent with the response from an endpoint served to a user in Europe. By inspecting the response header  and server certificate, it seems to be an Akamai cache.

To evaluate the extent to which the blocking is happening and establish if it’s in fact caused by an intentional block, we analyzed the values of the network_events keys of Web Connectivity measurements. These keys contain very rich information on every read and write operation performed during a TLS handshake.

In the following charts, we consider a single “datapoint” as a single network event transcript (i.e. a TLS handshake operation towards a certain IP, port, server_name tuple). When grouping the measurements by server_name, we can see that most domains fail quite consistently, yet some of them don’t fail as often as others.

Chart: OONI data on the testing of tiktok.com and TikTok endpoints in Azerbaijan between 13th-15th September 2022.

As is evident from the above chart, the testing of www.tiktok.com and Tiktok endpoints presented a relatively large volume of anomalies between 13th to 15th September 2022, following the eruption of border clashes on 12th September 2022. It’s worth noting though that while www.tiktok.com measurements (showing signs of blocking) were collected from Azerbaijan from 13th September onwards, TikTok endpoint measurements are only available from 14th September 2022 onwards (when they were added to the test list for Azerbaijan).

As a result, based on available OONI data, we can only confirm that the blocking of TikTok in Azerbaijan started the latest at the following times, on the following networks:

The OONI Probe testing of www.tiktok.com on 5 networks in Azerbaijan between 13th to 15th September 2022 can be further examined through the following chart, which shows that its testing consistently presented generic_timeout_errors on at least 3 networks by 15th September 2022.

Chart: OONI Probe testing of www.tiktok.com on 5 networks in Azerbaijan between 13th-15th September 2022.

In the above cases, we can see that attempts to connect to www.tiktok.com failed due to a connection timeout. Upon inspecting relevant network measurement data, we see that this always happened after the first write operation (the one responsible for writing the ClientHello which contains the server_name field (SNI)), which is consistent with the hypothesis that the block is some form of TLS based interference, possibly by looking at the SNI field of the ClientHello message.

The blocking looks quite consistent on a per domain basis, which is compatible with the hypothesis that it’s some sort of SNI-based TLS level block.

To additionally support this claim, we notice that several different domain names resolve to the same IP address. When looking at the TLS reachability of the same IPs on a particular network, but with a different server_name value, we can see (by reading the chart horizontally) that they are consistently reachable when a specific server_name is provided, as illustrated below.

Chart: OONI data on TLS handshake results by target IP on network AS531712 in Azerbaijan on 15th September 2022.

On the other hand, if you read the chart vertically you can see that the same IP is both reachable and unreachable depending on the domain_name value.

This strongly suggests that the block is intentional and a consequence of filtering of those particular domain names.

When looking at the subset of domain names that are not consistently blocked, we can see that they are consistently blocked within the same network, which leads us to believe that there are different filtering policies deployed across networks.

Chart: OONI data providing a per-ASN comparison on the testing of www.tiktok.com and TikTok endpoint domains in Azerbaijan between 13th-15th September 2022.

In summary, based on the analysis of 681 OONI metrics collected from 5 different networks in Azerbaijan, we conclude that:

  • The main TikTok website (www.tiktok.com) and several endpoints essential to its functionality were blocked on at least 3 different networks (AS29049AS41997AS31721);
  • On all networks where we identified blocking, it seems to be implemented by means of TLS level interference by dropping packets after noticing a disallowed server_name;
  • ISPs in Azerbaijan block TikTok based on different lists of TikTok endpoint domains, and there is some level of inconsistency.

Blocking of TikTok in Armenia

OONI data shows the blocking of TikTok in Armenia on 13th September 2022. Out of the 5 networks from which TikTok measurements were collected, we are able to establish that the blocking began on 2 of them on 13th September 2022. Specifically:

The following chart shares OONI data on the testing of www.tiktok.com and tiktok.com from 5 networks in Armenia between 13th-15th September 2022.

Chart: OONI data on the testing of tiktok.com and www.tiktok.com on 5 networks in Armenia between 13th-15th September 2022.

As is evident from the above charts, these ISPs in Armenia seem to employ a mix of different techniques to implement the blocking of TikTok. In the case of Ucom (AS44395), they appear to mostly return an NXDOMAIN error when the TikTok domain is queried.

In the case of MTS Armenia (AS43733), it’s interesting to note that upon querying the tiktok.com domain, the IP address 172.217.17.228 is returned, which is associated with www.google.com. It’s also worth noting that the TLS handshake timed out, which is not consistent with the behavior of the real server, which may indicate that they implement an additional TLS layer block on top of the DNS level interference.

It’s also interesting to note that the nameserver for MTS Armenia allows us to do a zone transfer for tiktok.com and through that we are able to see the tainted google IP A record:

$ dig @ns.mts.am tiktok.com axfr
; <<>> DiG 9.16.22-Debian <<>> @ns.mts.am tiktok.com axfr
; (1 server found)
;; global options: +cmd
tiktok.com.                1800        IN        SOA        ns2.mts.am. ns.mts.am. 2020101600 3600 600 1296000 3600
tiktok.com.                1800        IN        NS        ns2.mts.am.
tiktok.com.                1800        IN        NS        ns.mts.am.
tiktok.com.                1800        IN        A        172.217.17.228
tiktok.com.                1800        IN        SOA        ns2.mts.am. ns.mts.am. 2020101600 3600 600 1296000 3600
;; Query time: 95 msec
;; SERVER: 217.76.1.85#53(217.76.1.85)
;; WHEN: Thu Sep 15 23:54:58 CEST 2022
;; XFR size: 5 records (messages 1, bytes 196)

No other tested TikTok endpoints allow zone transfers from the MTS nameserver, nor any other domain which we tested. This might be due to the fact that to implement the block the zone for tiktok.com was set up quickly and they forgot to disable zone transfers on it.

By focusing our attention on the Ucom network (AS44395), we can see that not all TikTok endpoints appear to be blocked.

Chart: OONI data on the testing of TikTok endpoints on Ucom (AS44395) in Azerbaijan between 13th-16th September 2022.

Interestingly, starting from today (16th September 2022), the DNS response appears to be inconsistent and returns an IP address that has an expired letsencrypt certificate. When accessed, it will direct to:

http://it-nxd-domain.com/?terms=Google%20Server%20Cloud,Free%20Host%20Server,%20Create%20an%20Ecommerce%20Website%20for%20Free,Email%20Server%20Hosting%20Services&subid1=parrz.com.

$ openssl s_client -connect 95.216.36.80:443
CONNECTED(00000003)
Can't use SSL_get_servername
depth=1 C = US, O = Let's Encrypt, CN = R3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = it.domain.name
verify error:num=10:certificate has expired
notAfter=Jun 12 15:18:58 2021 GMT
verify return:1
depth=0 CN = it.domain.name
notAfter=Jun 12 15:18:58 2021 GMT
verify return:1
---
Certificate chain
 0 s:CN = it.domain.name
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar 14 15:18:58 2021 GMT; NotAfter: Jun 12 15:18:58 2021 GMT
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Oct  7 19:21:40 2020 GMT; NotAfter: Sep 29 19:21:40 2021 GMT
---

In all other cases of blocking, we notice that the HTTPS request times out, which leads us to believe that they might be using some form of TLS level interference.

To summarize:

  • Armenia has been blocking TikTok since at least 13th September 2022 on at least two networks (AS44395, AS43733);
  • On most networks, TikTok interference was observed at the DNS level by returning an NXDOMAIN error, an IP address associated with www.google.com, or a set of unrelated IP addresses which contain an expired certificate for the server_name it.domain.name;
  • Not all tested networks in Armenia implemented the TikTok block and censorship techniques varied from network to network;
  • Several endpoints used by the TikTok app and website are also blocked on at least one network in Armenia.

Conclusion

Social media censorship often appears to be weaponized during conflicts and other moments of political turmoil around the world. By controlling the flow of information on social media platforms, governments may attempt to control the narrative surrounding political events. Over the last 6 years, OONI data has shown that access to major social media platforms is commonly blocked during elections and protests around the world. Earlier this year, Russia ramped up its censorship following the war in Ukraine.

Azerbaijan previously blocked access to social media platforms during the 2020 Nagorno-Karabakh war. In similar vein, both Azerbaijan and Armenia blocked access to TikTok during the border clashes over the last days. OONI data shows that Azerbaijan blocked TikTok by means of TLS level interference, while Armenia implemented both DNS level blocks and TLS level interference.

You can continue to monitor the reachability of TikTok (and other platforms) in Armenia and Azerbaijan through OONI data.

authorities arrest journalist, editor of an online news platform [Updated February 26, 2024]

[Update] On February 26, Zeynalli was sentenced to nine years behind bars, while Shukurov received a four-year sentence.  

[Update] On January 5, the Baku Court of Appeals ruled in favor of the December 29 court decision [see previous updates below]. According to the appellate court’s ruling, releasing Zeynalli under house arrest would interrupt the course of the investigation, reported Meydan TV on January 6, 2023.

[Update] On December 29, 2022, a local court in Baku ruled to extend the detention period of journalist Zeynalli for another three months, reported Meydan TV. Zeynalli’s lawyer said they will be appealing the decision. 

[Update] According to reporting by Meydan TV, The General Prosecutor’s Office claims that journalist Avaz Zeynalli conspired with others in extortion. The journalist is accused of collaborating with the head of Seda TV, Elnur Shukurov, in getting permission for land privatization in Baku and Sumgayit. Shukurov was arrested on September 15 on charges of unlawful influence on the decision of an official. The Prosecutor’s Office alleges that Shukurov and Zeynalli exerted influence over executive authority office employees to grant permission for land privatization.

According to Turan News Agency, Seda TV is a relatively small YouTube channel with just over 50k subscribers and is managed solely by Elnur Shukurov.

***

[Update] On September 16, during the court hearing, it was decided that the investigation could continue while Sadigov transferred under house arrest. 

***

Avaz Zeynalli is a journalist and editor of Khural newspaper. He was arrested on September 10 after a pro-government news platform falsely accused Zeynalli of extortion. The same platform also mentioned that human rights lawyer Elchin Sadigov acted as an intermediary in the alleged scheme. As a result, Sadigov was also arrested along with Zeynalli. Police also searched and confiscated the documents and devices of both Zeynalli and Sadigov. 

According to reports, Zeynalli was charged with “large-scale bribe-taking” and Sadigov with “complicity in bribe-taking.” Both are facing between 8 and up to 12 years in prison if found guilty. 

Both Sadigov and Zeynalli were sentenced to four months in pre-trial detention. 

Zeynalli served three years behind bars on bogus bribery, extortion, and tax evasion charges (between 2013 and 2016). Sadigov is known for representing cases of political prisoners in Azerbaijan. 

a poet gets questioned over a poem dedicated to the first lady

After posting a poem dedicated to the first lady of Azerbaijan on the occasion of her birthday, the poet, Ibrahim Khudai was called into questioning. Shortly before his visit he removed the poem from the social media platform Facebook according to reports. 

According to Khudai statements to the media, he was called in not for the poem but over a dispute he has had with his landlord. “I met with the colonel Nazar Asgarov. No one forced me to delete the poem. But the police officer did tell me, it wold be better if there were no such poems written. Even though I did not delete it because of that, I was still influenced by what he said. I am feeling fine. Bless, Nazar Asgarov. There was no violence used against me,” Khuadi told Toplum TV in an interview.

The poet’s statements to media changed ever so slightly. In another interview he said he removed the poem before he went to the police station where he was invited to talk about the landlord. “I had a problem [that needed solving], so I decided it was not appropriate to have the poem,” Khudai told Meydan TV. 

Litigating Pegasus in Azerbaijan: Addressing harms of the government-sponsored surveillance on civic groups in the absence of legal guarantees

In the following featured legal analysis, AIW looks at the litigation work carried out thus far in Azerbaijan on devices infected by Pegasus. Specifically, this legal analysis looks at how Pegasus spyware was deployed to monitor journalists, lawyers, and activists in Azerbaijan and the legal steps taken within the existing national legislative framework to mitigate the unlawfulness of the use of Pegasus against these groups and individuals.  

Background

Over the last few years, global-scale investigations carried out by international human rights organizations, investigative journalists, and/or whistleblowers have shown that the scale of the unlawful surveillance of individuals’ private lives through murky technology software has been pervasive, and widespread. Those findings also revealed the vulnerability of individuals’ fundamental rights and freedoms to private technology companies and the states deploying that technology for their personal interests.

This has certainly been the case in Azerbaijan, where platforms like Azerbaijan Internet Watch (AIW) and others, have documented government-sponsored surveillance and cyber espionage activities. Especially vulnerable are the social and political activists. Several human rights monitoring organizations note the increase in cyber attacks on these groups in recent years.

***

Since 2011, Freedom House analyzes the state of Internet freedom in Azerbaijan in its annual Freedom on the Net report. Until now, each report indicated continuing deterioration of internet freedoms in the country.

Increased interventions on the internet freedoms often constitute a violation of fundamental rights and freedoms stipulated in national and international human rights documents, as such making states obligated to provide effective legal protection and recovery mechanisms against such violations.

However, as documentation and reports from recent years indicate, Azerbaijan thus far, failed to provide effective legal guarantees in cases of privacy violations through cyber-attacks, illegal collection of personal data, wiretapping, and account compromise. Despite routine calls made to the Azerbaijani authorities to investigate and bring perpetrators of cyber-attacks to account, no steps have been taken.

As a result, Azerbaijan continues to systematically fail in providing effective legal remedies and sound investigations against state-sponsored digital attacks and surveillance. Moreover, despite evidence-based reports of targeted and coordinated cyber attacks against activists, the government thus far has not investigated and/or provided effective legal guarantees.

***

In July 2021, an international collaborative reporting initiative #PegasusProject documented how NSO Group, an Israeli surveillance company, sold Pegasus, a hacking software, to authoritarian regimes to target human rights activists, journalists, politicians, and lawyers among others worldwide. The investigation and the list were coordinated and obtained by the Paris-based journalism nonprofit Forbidden Stories and advised by Amnesty International Security Lab.

The investigation determined that Azerbaijan was among the top 10 countries deploying Pegasus spyware.

Organized Crime and Corruption Reporting Project (OCCRP), which was one of the partners in the global investigation, discovered that out of the 50,000 phone numbers that were leaked, 1000 were from Azerbaijan. OCCRP was able to identify 245 numbers and as a result, concluded that a fifth of these numbers belonged to journalists, lawyers, human rights and political activists, politicians, and their family members. OCCRP published a list of identified civil society activists whose devices were confirmed to have traces of Pegasus spyware.

***

Following the Pegasus Project leak, on July 22, 2021, on the National Press Day in Azerbaijan, journalists and human rights defenders gathered in a virtual round table discussion titled “New digital threats to critical voices” initiated by the Institute for Reporters’ Freedom and Safety. The group discussed the importance of protection mechanisms against such mass surveillance and stressed the need to join efforts and seek legal remedy through domestic and international courts. As such, an operative group of lawyers was assembled to develop applications and appeals to domestic authorities and the European Court of Human Rights (ECHR).

Since that meeting and at the time of writing this report a total of four groups were formed, led by different lawyers, representing in total of 62 applicants. It is worth noting that some victims hesitated to join these collective complaint groups due to safety concerns.

Complaints and lawsuits were lodged as early as August 2021. Lawyers and advocates representing all four groups, prepared complaints to the Prosecutor General’s Office of the Republic of Azerbaijan, claiming that their clients’ mobile devices were illegally infected by Pegasus spyware leading to violations of privacy, freedom of expression guaranteed under the national laws and European Convention on Human Rights, the right to effective remedies and the right not to be subjected to restrictions of Convention rights with improper motives or ulterior purposes (Article 18).

Applicants in the group of cases led by advocates and practicing lawyers requested the Prosecutor General’s Office to open a criminal investigation based on the evidence revealed as a result of the global investigation. Specifically, the lawyers noted that several articles of Azerbaijan’s Criminal Code – Article 156, “Violation of privacy”, 271, illegal access to a computer system, 272, illegal interception of computer data, and 302, “Violation of the legislation on operation-search activities”, were violated as a result of the committed criminal act.

According to Article 156 of the Criminal Code (“Violation of privacy”), actions that violate privacy are prohibited and are the basis for criminal liability. According to Article 156.1 of the Criminal Code, the distribution, sale, or giving to someone else, the illegal collection of information that is a secret of personal and family life, documents reflecting such information, video and photo recording materials, sound recordings, causes criminal liability. Article 156.1 of the Criminal Code aims to protect the information that constitutes the secret of personal life and is derived from the goal of protecting people’s constitutional right to privacy. The object of this crime is people’s personal life information.

According to Articles 271 (illegal access to a computer system) and 272 (illegal seizure of computer data) of the Criminal Code acts of deliberately entering a computer system or any part of it without the right to access it, by violating the security measures, or capturing computer data stored on a device, or with other personal intent are criminalized.

Article 302 of the Criminal Code (“Violation of the legislation on operation-search activities”) criminalizes unlawful measures by the persons authorized to carry out operational-search activities in the absence of the grounds established by legislation.

In all of the legal complaints submitted based on the list of violations mentioned in the paragraph above, the team of lawyers asserted that the findings of the Pegasus investigation, put their clients at risk of both secret surveillance and of having their communications data unlawfully intercepted by the authorities or third parties who own the software. None of the identified civil society representatives targeted by the spyware were under lawful investigation. As such lawyers demanded that the Prosecutor General’s Office of Azerbaijan launch a criminal investigation, including the possible role of the Azerbaijani law enforcement in the mass surveillance activities. The legal representatives of all clients said, the state is obligated to provide effective legal guarantees against the abuse of spyware tools against citizens as the latter may constitute unlawful interferences to the right to private life, freedom of expression, and in the case of failure to fully and duly investigate, violation of the right to an effective remedy.

Due to the lack of legal remedies in cases of severe privacy violations, within the Azerbaijani legislation, advocates and lawyers relied on Article 8 (right to respect for private and family life), Article 13 (right to an effective remedy), and Article 18 (Limitation on use of restrictions on rights) of the European Convention on Human Rights.

Between July 2021- July 2022, one of the advocates representing one of the four groups of applicants,  separately applied to the State Security Service [SSS], the Ministry of Internal Affairs [MIA], the Ministry of Digital Development and Transport [MDDT], as well as the Ombudsman office requesting an investigation, along with the Prosecutor General’s Office. None of the advocate’s appeals were successful. None of the institutions investigated the complaints or provided reasonable answers.

Overall, the lack of effective response on behalf of the law enforcement authorities, against complaints requesting to open a criminal investigation, indicates there were and still are significant flaws and delays in the investigation process, despite the evidence collected through forensic methodology by the international organizations. Nearly a year later, the law enforcement authorities are yet to take formal investigative actions, despite the complaints containing forensic evidence obtained from the examined mobile devices.

Court litigations

In all of the legal cases, the lawyers provided circumstantial evidence (contextual information) for how Pegasus infected the mobile devices of applicants. Specifically, the lawyers shared detailed information about the purpose of the Pegasus spyware and the potential state agencies that might use it. Relying on the existing national legislation the lawyers also established the legal grounds for using surveillance programs to intercept private communication or other private data from technological devices, including mobile phones.

Advocates representing the four groups submitted complaints to the local courts against the general prosecutor’s office for failing to explain why it sent lawyers’ Pegasus-related complaints to the State Security Services in the absence of justifications or notice. It was the responsibility of the General Prosecutor’s Office to investigate lawyers’ complaints, but instead, it sent them directly to State Security Services. This was unlawful and baseless. Yet, despite the unlawfulness of the act, the local courts did not satisfy these complaints and returned them without consideration (issued decisions in a similar text that they were considered inadmissible).

This explicitly demonstrates that the law enforcement authorities and domestic courts of Azerbaijan refused to effectively investigate the complaints and failed to provide any legitimate grounds for refusing the investigation in the first place.

One of the four groups involved in litigation procedure, includes activists, human rights defenders, journalists, and other public figures, who were previously subjected to different legal harassment by the government. Advocates and lawyers representing this group are demanding that the Prosecutor General’s Office investigate the possible role of the law enforcement authorities on the grounds that the use of spyware tools breached the defendants’ rights guaranteed under both the Constitution of Azerbaijan and the international treaties Azerbaijan is a party to. 

The complaint consists of the summary of the complaint itself, information about the applicant, and information on the use of Pegasus to track the defendants, including applicants’ claims and petitions based on the substantial and procedural grounds of the complaint.

In their fifteen-page complaint, the applicants referred to the findings of Pegasus investigations, alleging that their phones were tapped and infected with Pegasus. The complaint also stated that listening and monitoring of the complainant through the use of Pegasus violated Articles 32, “Right to inviolability of private life” and 47, “Freedom of thought and speech” of the Constitution of Azerbaijan, and Articles 8, 10 and 18 of the European Convention on Human Rights (ECHR) as the breach was politically motivated. Lawyers also claimed that the surveillance was in violation of Articles 18 and 19 of the UN International Covenant on Civil and Political Rights, as well as the jurisdiction of the Human Rights Committee on the implementation of that Covenant.

In addition, 11 petitions were attached by the lawyers, to the submitted complaints, requesting certain actions from the Prosecutor General’s Office that was necessary for an impartial and comprehensive investigation. These petitions included:

  • Obtaining testimonies of applicants;
  • Submitting official requests to Amnesty International Forensics team and the OCCRP for forensic investigation of identified devices;
  • requesting the Ministry of Internal Affairs and the State Security Service to obtain a list of persons who carried out the interception of the devices;
  • obtaining information on the purchasing of the spyware from the “NSO Group” company;
  • requesting information from the Ministry of Internal Affairs, the State Security Service, and the State Special Protection Service of the Republic of Azerbaijan about any relevant instructions on preventing human rights violations during the use of the Pegasus or similar programs;
  • obtaining information on whether the officials at the Ministry of Internal Affairs and the State Security Services, authorized to carry out an operation-search measure, were involved in training on legislation and human rights standards.

It was also noted that the applicants, were law-abiding citizens, engaged in public and political activities, and were not engaged in criminal activities. As such the targeting of these individuals with Pegasus, was politically motivated and criminal given the absence of any mandatory, investigative, or judicial acts, within the scope of the Code of Criminal Procedure (CPrC) Article 177.3.5, and as a result, the use of Pegasus on their devices was in violation of targeted users’ rights and freedoms.

According to Article 443.1 of the CPrC, investigative actions over mobile phones and other communication devices are usually carried out on the basis of a judicial act. In the cases where these investigative actions are carried out without a court decision, on the basis of the investigator’s reasoned decision, after the completion of the corresponding investigative action, the investigator must inform the court conducting the judicial control and the prosecutor conducting the procedural management of the preliminary investigation within 24 hours and verify the legality of the investigative action carried out within 48 hours.

According to Article 215.1 of the CPrC, it is mandatory to conduct a preliminary investigation in all criminal cases, except for the investigation conducted in the form of simplified pre-trial proceedings for crimes that do not cause a great public danger.

Moreover, when responding to the lawyers’ complaints, the Prosecutor General’s Office, determined that the applicants’ complaints had to be sent to the Investigative Directorate of the SSS. Which is contrary to Article 215 of the CPrC and was contested by the lawyers who submitted a complaint to a local district court. The lawyers argued that it was illegal and unreasonable for the General Prosecutor’s Office to forward the complaint to the SSS for further investigation without any justification. At the same time, the transfer of the pre-trial investigation to the SSS, which is (potentially) a party of interest in the case, violates the procedural rights of the applicant on the personal life and freedom of expression, as well as the right to the effective remedy provided by Article 13 of the ECHR (taken together with Articles 8 and 10), because SSS will not be able to carry out the work related to the alleged illegal actions of its employees in accordance with the principle of objective impartiality. In addition, there are no normative legal grounds that could demonstrate the objective independence of the Investigative General Department of the SSS from other structural divisions of the Security Service.

Explainer: Lawyers reasoned that Pegasus was provided to the police and security agencies. From this point of view, based on the circumstances of the case, there are sufficient grounds to assume that the listening and online monitoring of the complainant was carried out by an employee (colleagues) of the police and (or) security agencies. In such a case, the prosecutor’s office cannot hand over the case of the preliminary investigation to the investigative body of the institution that carried out such hearing and monitoring. Otherwise, such an investigation would be subject to a conflict of interest in the case. In this regard, the elimination of conflict of interest in the investigation of a criminal case is one of the requirements of the criminal procedural legislation. Summarizing the above, it becomes clear: a) referral of the complaint to the State Criminal Court is a violation of the investigative responsibility defined in Article 215.2 of the Criminal Procedure Code; b) referral of the complaint to the DTC contradicts the principle of conflict of interests contained in Article 1.1 of the CPrC; c) referral of the complaint to the DTC is a violation of the human rights of potential victims (interested persons) defined by Article 1.4 of the CPrC, in this case, the right to request an effective procedural investigation; d) the referral of the complaint to the State Prosecutor’s Office is a contradictory decision and gives the impression that legal proceedings have been initiated to listen and monitor the complainant, as well as this referral was carried out by the wrong structural unit of the General Prosecutor’s Office.

Responses of law enforcement authorities

The General Prosecutor’s Office’s response to complaints was to forward the complaints to the State Security Service (SSS) for further investigation, without informing the applicants and without providing any explanation for the reasons for doing so.

The SSS, in all four groups of cases, refused to give an official written answer to the applicants about the investigation of their complaints (although they are required to do so by law). Officials from SSS informed lawyers verbally, that SSS did not monitor the applicants through Pegasus and therefore no written responses would be given.

As a result, advocates representing all four groups filed lawsuits against the General Prosecutor’s Office and the SSS for inaction and refusal to launch a criminal investigation.

It was not until August 2022, that the SSS started to summon a number of civil society members and journalists (applicants) to obtain their testimonies in regard to allegations of the tracking of their phones by the Pegasus software. Reflecting on the delayed response, one of the targeted civil society activists, and the chairperson of Election Monitoring and Democracy Studies Center, Anar Mammadli, said this was simply a sign of lack of action. 

In their responses to some of these complaints, the General Prosecutor’s Office and the Ministry of Internal Affairs said it was not possible to conduct an investigation on the complaint. Moreover, in relation to some of the applicants, in their response, the General Prosecutor’s Office, said, “the information on the features of capturing and tracking personal secret information was not determined by means of the Pegasus spy program,” but stopped short of explaining how then the information was obtained if it was not through Pegasus.

Since the engagement of advocates in pursuing these cases in domestic courts, the proceedings in all four groups are pending at different instances. Only 15 applicants were sent to the Strasbourg Court thus far. Advocates are currently seeking to exhaust domestic remedies to apply to the ECHR in the remaining cases.

Conclusion and next steps in taking the Pegasus cases to the European Court of Human Rights

In addition to the Constitution and other national laws of the Republic of Azerbaijan, the right to privacy is recognized as an international human right in numerous international treaties to which Azerbaijan is a party. As a signatory of the European Convention on Human Rights and the International Covenant on Civil and Political Rights, Azerbaijan has binding obligations to protect rights to private life, including private communication and other private data, from infringements, including unlawful search-operation and surveillance activities of law enforcement authorities and any interference by third parties.

On September 20, 2009, Azerbaijan ratified the Council of Europe Convention of 1981 (Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108) for the protection of personal data which also falls within the scope of private life as protected by Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) making its application in Azerbaijan compulsory.

The ECHR reiterates that any interference can only be justified under Article 8, paragraph 2, if it is in accordance with the law, pursues one or more of the legitimate aims to which paragraph 2 of Article 8 refers, and is necessary in a democratic society in order to achieve any such aim (see Kennedy v. the UK, paragraph 130). 

In the context of handling complaints related to Pegasus cases by Azerbaijan’s law enforcement agencies and courts, the lawyers demonstrated, that the applicants were subjected to interferences to their right to private life contrary to the adopted national and international human rights documents. The lawyers’ subsequent complaints were related to the law enforcement and judicial authorities’ refusal to investigate complaints about those interferences, including secret surveillance without providing any explanations and sound reasons.

In all four groups of Pegasus litigations, the secret surveillance of mobile devices had no basis in domestic law as none of the applicants were declared as suspects or accused persons in any criminal investigations.

The Strasbourg Court has delivered many rulings on the protection of privacy and personal data against government-sponsored surveillance or state responsibility to protect individuals from violence by third parties (Guide on Article 8 of the European Convention on Human Rights. Right to respect for private and family life, home, and correspondence. Updated on 31 August 2021. Para 107.) In order for surveillance to be in line with the Convention, certain legal safeguards should be provided both in legislation and practice, according to the case law of the ECHR.

Explainer: the law must be precise and clear as to the offences, activities and people subjected to surveillance, and must set out strict limits on its duration, as well as rules on the disclosure and destruction of surveillance data. Rigorous procedures should be in place to order the examination, use and storage of the data obtained, and those subjected to surveillance should be given a chance to exercise their right to an effective remedy. The bodies supervising the use of surveillance should be independent, and appointed by and accountable to parliament, rather than the executive.

At the moment, advocates and lawyers, are in the process of developing their clients’ applications to the ECHR alleging that the laws governing the matters of secret surveillance, as applied in practice, and also the refusal of the law enforcement authorities and courts to investigate allegations of surveillance, do not provide sufficient safeguards against arbitrary or abusive secret surveillance and/or accessing of private communications data. Lawyers also complained they had no effective remedy – domestically – in respect of those breaches which can be achieved through national legislation that strictly abides by the case law of the ECHR. The lawyers alleged that no effective remedy was available under Azerbaijani law and that SSS’s investigation could not be rendered effective since it is not an impartial and objective institution to review allegations of possible abuses and arbitrariness of its own officials. As regards the surveillance, a State could arguably be liable in respect of whatever system of surveillance without offering adequate and effective guarantees against abuse according to the well-established case law of ECHR.

According to Azerbaijan’s criminal law system, there are two judicial procedures that may be used by an individual wishing to complain about the acts of the investigative authorities:

  • complaint to supervisory-review and
  • judiciary (first and appeal court instances) under the CPrC.

However, as seen throughout the domestic litigation process in the course of the last year, the domestic courts stated clearly that the General Prosecutor’s Office forwarding the complaints to the SSS were not subject to judicial review, and the SSS’s lack of action was also not viewed as a sufficient ground to allow judiciary review. This makes it unacceptable that an individual cannot lodge such a complaint without having at least the concrete decision of the investigative authorities, which in fact, constitutes de-facto rejection to investigate the complaint containing allegation about a criminal act committed against him/her. In the absence of domestic remedies against potential surveillance measures under Azerbaijani law, an individual would hardly ever be able to have his/her right to effective remedies, respected and ensured. 

Explainer: In this connection, the case law of the ECHR notes that ‘In the sphere of secret surveillance, where abuses are potentially easy and could have harmful consequences for a democratic society as a whole, it is in principle desirable to entrust supervisory control to a judge, judicial oversight offering the best guarantees of independence, impartiality and a proper procedure (Roman Zakharov v. Russia [GC], § 233; İrfan Güzel v. Turkey, § 96).’ The absence at the national level of a judicial review of the law enforcement authorities reactions (inaction or refusal to investigate without a decision) to the complaints of individuals containing alleged unlawful surveillance and other infringements of the right to privacy excludes the state’s obligation to strike a fair balance between the competing public and private interests.

Therefore, Article 8 of the ECHR likely be found as violated without the opportunity for judicial review of the inaction of law enforcement authorities constituting de-facto rejection to investigate the complaint containing allegations of violation of the privacy of individuals as they had not benefitted from the minimum degree of protection against abuses and arbitrariness. According to the case law of the ECHR, the absence of a judicial review of the overall covert surveillance system which was entrusted solely to the state body which was directly involved in requests for the use of special surveillance means amounted to a violation of Article 13 in the light of Article 8 owing to the lack of an effective remedy (see: Association for European Integration and Human Rights and Ekimdzhiev v. Bulgaria, 2007, §§ 98-103).

As such these litigations expose that surveillance software not only harms individuals unlawfully targeted but also raises the question of insufficient legal guarantees in place to protect generally all individuals against possible unlawful surveillance and other kinds of privacy violations.

Finally, these litigations highlight the insufficient legal guarantees both in national legislation and practice, by creating significant legal precedent at ECHR, and by publicly uncovering and highlighting the inadequate national legislation which potentially can lead to gross human rights violations. Therefore, there is a greater need to challenge both national laws and the practice of state authorities’ system of secret surveillance, as the current system constitutes potential risks for interference with the rights of all users of telecommunication services guaranteed by the Convention and national laws.

Activist beaten, Facebook posts removed

Political activist Bakhtiyar Hajiyev was unlawfully detained yet again according to reports by Azerbaijani media. During the interrogation, which lasted six hours, Hajiyev’s Facebook posts in which he criticized the Ministry of the Internal Affairs were removed. 

In his own statement, Hajiyev said, he was threatened that less he removed the posts, and stops writing about the Ministry of Internal Affairs, he will face further measures. But activists said, his recent posts specifically targeted the ministry for not letting Hajiyev visit Shusha – a city in Karabakh that was captured following the 44-day war between Armenia and Azerbaijan. 

Hajiyev said he had no intentions to complain given there is nowhere to complain and that instead, he has submitted an official request to give up his Azerbaijani citizenship. “I am concerned about my life and no longer want to be a citizen of Azerbaijan. Let the head of state decide, whether the law enforcement can treat people this way,” the political activist told Turan News Agency in an interview.

The unlawful detention and interrogation are the latest, in attacks against the political activist. In April of this year, Hajiyev was kidnapped, taken to an undisclosed location, and was forced to remove several Facebook posts under duress that criticized the Ministry of the Interior, including the minister himself, for failing to investigate his case and being the perpetrators of threats and attacks against him. 

political activist arrested over a question asked during live online discussion

Magsud Aliyev, a political activist, was arrested on August 16 and sentenced to 30 days in administrative detention on charges of disobeying police according to local media reports. Speaking to Turan News Agency, Aliyev’s father, Faig Aliyev, said the family was not aware of their son’s arrest until they heard it from his friends, days later. 

Aliyev, reportedly asked a question during a live debate on August 12 with the leader of an opposition political party Popular Front, Ali Karimli about Ilham Aliyev and his general intentions. “If you have noticed, Aliyev most recently has been using terms like ‘foreign powers’ similar to the narrative often used by President Erdogan. He has also changed his style, wearing more tight clothes like President Zelensky. What do you think Aliyev is trying to do?” asked Aliyev during the Q&A session. 

A human rights organization, “Line of Defense” condemned the arrest of the activist. The managing director of the organization, Rufat Safarov said there is no doubt Aliyev was arrested because of the question he asked during the debate. “We suspect he was humiliated, beaten, and subjected to ill-treatment during detention. We will have more details soon once the lawyer, visits Aliyev,” Safarov told Meydan TV. 

Aliyev is known to share critical of the government posts on social media platforms according to Meydan TV reporting. 

Meanwhile, the Ministry of Internal Affairs dismissed the claims that the activist was arrested for the question. 

police demands arrest of a political activist [Updated September 5]

[Update] On September 5, a local court sentenced Rahimova to 460hours of community service. Rahimova’s lawyer said they will be appealing the decision. 

Gulnara Rahimova is a member of the opposition Popular Front party. On August 11, Rahimova shared a Facebook post in which she described how she was unlawfully detained while on her way to a protest on July 19. Together with Rahimova was another activist, Aziz Mamiyev who was beaten by the police during detention. The two were among several other activists detained by the police that day. “Today I have obtained the picture of one of the law enforcement officers involved in the beating [of Mamiyev]. I am sharing it so that everybody sees him,” wrote Rahimova. The officer in question has filed a complaint against Rahimova, on charges of slander and insult based on that Facebook post. 

Rahimova said in her defense that the post she shared on Facebook was not insulting or slanderous and that the charges and the accusation brought by the police officer are to silence her activism. According to Turan News Agency, Rahimova is an outspoken critic of the state and has faced persecution before.

A non-governmental organization “Line of Defense” said in an interview with Turan News Agency there was nothing slanderous in the Facebook post the political activist shared. “And she holds no responsibility over comments, that were made in response to her Facebook post,” told Turan News Agency, member of the organization, Zafara Akhmedova.

On August 24, during the preliminary hearing, a local court accepted the police officer’s complaint as a private criminal charge against Gulnara Rahimova. Moreover, her charges were aggravated. Thus, article 147 (slander) was reclassified to 147.2 (slander of a serious crime), which could land Rahimova up to a 3-year prison sentence.