Azerbaijan ranked “not free” in this year’s Freedom House, Freedom on the Net report. Among key factors are the overall infrastructural challenges, a monopoly over ISPs, and distributed Internet traffic, state control over the information and communication technology, blocked access to most websites that host unfavorable news coverage, and new forms of restrictions introduced during COVID-19.
According to the report, there is an overall decline in internet freedoms across the world:
Global internet freedom has declined for the 10th consecutive year: 26 countries’ scores worsened during this year’s coverage period, while 22 countries registered net gains. The largest declines occurred in Myanmar and Kyrgyzstan, followed by India, Ecuador, and Nigeria. A record number of countries featured deliberate disruptions to internet service.
On the bright side, countries like Sudan and Ukraine experienced the largest improvements, followed by Zimbabwe find the report. And while Iceland was the top performer China was found to have the worst conditions for internet freedom.
The report highlighted some new trends that have emerged globally:
[…] this year Freedom on the Net observed intentional disruptions to connectivity in a record 22 out of 65 countries. Many of these disruptions, including Iran’s November 2019 countrywide blackout and shutdowns in Moscow in August and September 2019, were directly precipitated by protests. Such practices are an ultimate expression of contempt for freedoms of association and assembly, as well as for the right to access information.
In August, when people in Belarus took the streets across the country in protest of election results where incumbent President Lukashenka secured yet another victory in a contested presidential election, authorities deliberately cut the internet. Quickly, experts concluded DPI technology may be in use. By the end of August, it was reported that this DPI technology was produced by the Canadian company Sandvine and supplied to Belarus as part of a $2.5million contract with the Russian technology supplies Jet Infosystems.
DPI (Deep Packet Inspection) is known as digital eavesdropping that allows information extraction. More broadly as explained here, DPI “is a method of monitoring and filtering internet traffic through inspecting the contents of each packet that is transmitted through an inspection point, allowing for filtering out malware and unwanted traffic, but also real-time monitoring of communications, as well as the implementation of targeted blockings and shutdowns.”
Canadian company Sandvine is owned by American private equity firm Francisco Partners.
Sandvine technology has been detected in many countries across the world, including in Ethiopia, Iran, as well as Turkey, and Syria as previously reported. One other country where Sandvine technology was reportedly deployed is Azerbaijan.
In Azerbaijan, the DPI deployments have been used since March 2017. This was reported in January 2019, when VirtualRoad, the secure hosting project of the Qurium – Media Foundation published a report documenting fresh attacks against Azerbaijan’s oldest opposition newspaper Azadliq’s website (azadliq.info). The report concluded: “After ten months trying to keep azadliq.info online inside Azerbaijan using our Bifrost service and bypassing multi-million dollar DPI deployments, this is one more sign of to what extent a government is committed to information control”.
Another report released in April 2018 showed evidence of the government of Azerbaijan using Deep Packet Inspection (DPI) since March 2017. The report also found out that this specialized security equipment was purchased at a price tag of 3 million USD from an Israeli security company Allot Communications.
Now, according to this story reported by Bloomberg, Sandvine worked with Delta Telecom – Azerbaijan’s main internet provider and owned by the government to install a system to block live stream videos from YouTube, Facebook, and Instagram. “The social media blackout came last week after deadly clashes with Armenia. As a result, people in Azerbaijan couldn’t reach websites including Facebook, WhatsApp, YouTube, Instagram, TikTok, LinkedIn, Twitter, Zoom, and Skype, according to internet monitoring organization Netblocks,” wrote Bloomberg.
Azerbaijan Internet Watch has been monitoring the situation on the ground since September 27, the day when clashes began. Together with OONI, Azerbaijan Internet Watch reported that access to several social media applications and websites was blocked.
Access to the Internet remains throttled in Azerbaijan as of writing this post. Many of the social media applications remain accessible only through a VPN provider. As a result, authorities have resorted to other means in order to prevent users from using VPN services. From banks to ISPs encouraging users not to use VPN services, this account on Facebook made a list of VPNs alleging they were of Armenian origin in order to discourage users.
[UPDATE] November 12, access to the Internet was finally restored across the country in Azerbaijan.
As of November 7, access to the Internet remained limited with users of state operators Baktelecom and Aztelekom remaining largely disconnected or with slower than usual internet speed. The rest of the providers worked in a limited capacity while access to social media platforms remained blocked.
October 13, on the 16th day of escalated tensions between Armenia and Azerbaijan, Internet access remains throttled in Azerbaijan. The Ministry of Transportation, Communication and High Technologies claims throttling is in line with government orders given the active state of military operations. But not to everyone. Independent media and journalists complain they have had issues posting news since the start of the recent conflict on September 27 on their websites and social media accounts. In addition to slowing down the Internet, on October 8, a story reported by Bloomberg identified the use of Deep Packet Inspection (DPI) technology in Azerbaijan to effectively block access to many of the social media platforms in the country as well. However, this is not the case for government news outlets and government institutions. The latter’s access to uninterrupted and undisrupted Internet highlights the inequality of access to information both by those who produce independent news as well as the audience of these platforms. Experts say that blocking specific content may align with the existing legal framework, however, throttling access to the Internet altogether is a violation of user rights.
October 1, Government in Azerbaijan continues to pose limitations to Internet access as tensions continue on the front line. Joining them are internet providers and telecom companies. According to Azerbaijan Press Agency (APA), Azerfon mobile company (with alleged ties to the ruling family) told its users, that its website and the mobile application won’t be accessible for users, using VPN. At the time of writing this update, the website was inaccessible from abroad, without a VPN.
September 30, according to the most recent reports Internet access remains throttled in Azerbaijan. Users report:
Bakinternet (ISP)- not working
Access to social media platforms not possible without a VPN;
Whatsapp app and its web extension are not working (without a VPN);
WiFi connections are down for some;
Internet speed is slow;
Gmail is accessible without a VPN;
Some banks [ex. Rabitabank] has informed its customers their mobile app won’t be accessible if users have VPN active;
Bakcell [mobile operator] and Kapitalbank mobile apps are not accessible when VPN is used;
On its website, Bakinternet (an ISP for Bak Telecom) shared a similar statement seen earlier on the website of the Ministry of Transportation, Communication and High Technologies: “In order to prevent provocations from Armenia, access to the Internet has been limited.”
🔥Azərbaycanda iş yerlərində insanlardan VPN app-lərini silməyi tələb edirlər.
📌VPN istifadəsinin təhlükəli olduğu deyilir və bir çox insan da həmin tətbiqləri silir.
📌Həmçinin AzərTac-da VPN-nin təhlükəli olduğu barədə yazı, televiziyalarda da verilişlər yayımlanıb. pic.twitter.com/aeXYo9MsJE
Employees are asked to delete VPN apps at the workplaces; They are told using VPN is dangerous; AzerTac (state news agency) published articles and aired TV shows discussing the dangers of VPN;
According to the VPN service Surfshark website, the sale of VPN in Azerbaijan witnessed a sharp increase as the country moved to block social media platforms starting September 27. “An increased number of Azerbaijanis are turning to Surfshark VPN, leading to an ongoing spike in sales. As a VPN service, Surfshark allows users to overcome government blockades. It doesn’t matter if the new restrictions are imposed via a relatively simple DNS-level block or a sophisticated deep packet inspection, a VPN can open access to blocked media.”
September 29, as clashes on the front line continued on the third day, Internet access in Azerbaijan remained spotty. Users continued reporting difficulties accessing social media platforms. Access to government websites remained spotty. The Ministry of Transportation, Communication and High Technologies did not share any further updates on how much longer the situation will last.
September 28, according to the most recent reports from Azerbaijan, users continued to face difficulties accessing social media platforms unless using VPN services.
Government websites that were mostly inaccessible yesterday were restored.
The Ministry of Transportation, Communication and High Technologies (MCHT) has not made any further statements about the duration of currently imposed throttling.
Instead, MCHT did issue a warning to users of VPN services in the country with the caveat they were unsafe, collecting private user information, and also capable of infecting devices with malware. The Ministry failed to mention the amount of surveillance technology used by other government institutions against citizens in Azerbaijan.
Based on OONI Measurement results it was possible to confirm that the following applications were blocked in Azerbaijan:
According to measurements, the Facebook messenger app was reachable.
Similarly, according to measurements access to the Telegram app was available on some networks.
As tensions between Armenia and Azerbaijan escalated on the front line on September 27, Internet users in Azerbaijan began reporting issues accessing the Internet, social media platforms (Facebook, Instagram, YouTube, and others), and communication apps (WhatsApp, Telegram).
Yalnız sosial şəbəkələrə girişi məhdudlaşdırırlar, deyəsən. İnternetdə problem yoxdur çünki. Başqa saytlara girmək olur.
According to a global #KeepItOn campaign, “Public safety, national security, or stopping fake news are commonly used to justify shutdowns.” Looking at data collected as a result of the campaign there is a significant annual growth in the number of shutdowns reported across the world. Last year alone, 1706 days of internet access were disrupted by 213 internet shutdowns across 33 countries according to #KeepItOn campaign.
Internet disruptions of various forms and scale in Azerbaijan are not new. Since April, a leader of an opposition party has had his internet cut off. Sometimes they are reportedly caused as a result of technical incidents. In other cases, access to internet is intentionally slowed down especially around political events.
While some users online commented on internet disruptions as necessary measure to prevent spread of unconfirmed information, others argued the decision to simply throttle the connection was an easy solution especially when there is no way, the authorities can control social media platforms.
Azerbaijan Internet Watch continues to monitor developments on the ground.
Parliament in Azerbaijan is set to discuss a draft law on hate speech. While independent critics say there is no need for a separate law, given the existing legal framework that does offer context on hate speech, there is suspicion it is another law with an intention to harm independent voices.
On September 17, Zahid Oruc, member of the parliament and the head of the Human Rights Committee at the National Parliament, suggested parliament adopts a new law on hate speech. Oruc said the main goal of the law would be to prevent hate speech in information space. While promising, the draft law will be released for public discussion before it goes to the parliament during the fall session, the MP also added the draft law, may consider including social media platforms as part of the information space.
Azerbaijan Internet Watch talked to Elesger Memmedli, a media law expert in Azerbaijan about the draft law. Memmedli thinks there is no need for a separate law on hate speech because Azerbaijan already has plenty of laws that can be amended to regulate hate speech. “What is worrying is the intention. At the moment, the draft law is aimed at political speeches and other instances. But the likelihood of this law to be used as a limiting norm is high.”
The tradition of using existing legal framework or laws against opposition or independent voices goes back to the case of the then opposition journalist Eynulla Fatullayev, explained to Azerbaijan Internet Watch, lawyer Khaled Aghaly. At the time of the sentence [in 20o7] Fatullayev was accused of terrorism, defamation, and incitement to racial hatred. Like Memmedli, Agahly agrees there is no need for a new law when Azerbaijan has Article 283 of the Criminal Code – on Excitation of national, racial, social, or religious hate and hostility.
During the height of the pandemic in Azerbaijan, the parliament introduced a series of amendments to existing laws that were then used to prosecute activists explains Elesger Memmedli. “Shortly after [the amendments] scores of activists were rounded up, including members of [opposition] Popular Front. Some were taken straight from their homes and sentenced to lengthy administrative detention,” recalls Memmedli [some of these arrests were captured here].
In 2017, when changes were made to the law on religious terrorism, two prominent members of the Popular Front were arrested relying on the existing legislation, even though it was clear, it was a setup, as neither of the activists had any religious affiliation or background explains Memmedli.
In July, a court convicted Faig Amirli, an APFP member and financial director of the now-closed pro-opposition Azadlig newspaper, on bogus charges of inciting religious hatred and tax-evasion. He received a suspended sentence.
In January 2017, a Baku court convicted senior APFP member Fuad Gahramanli to 10 years’ imprisonment for inciting religious and ethnic hatred; he posted criticisms of the government on Facebook.
So while hate speech may be a legitimate concern the existing examples tell a different story says Memmedli.
Meanwhile, Zahid Oruc, vowed the drat law, would not limit the freedom of speech.
On September 10, the Facebook page that belongs to an online news website bastainfo.com was hacked. Bastainfo.com is affiliated with the opposition party Musavat and is known for often running into problems with the authorities. Its editor was handed a five year suspended sentence in February 2019. The website bastainfo.com remains blocked for access in Azerbaijan.
In January 2020, Azerbaijan Internet Watch reported how several Musavat party social media accounts were targeted. According to preliminary reports five Facebook pages, one Facebook group, and one website were targeted.
Bastainfo.com page was targeted then as well. The page lost followers. During last week’s attack, bastainfo.com page lost some 5k followers, and content that was shared since 2017.
Hacking and compromising Facebook, Instagram, and YouTubeaccounts (because these are popular platforms used by journalists and activists) is common in Azerbaijan and isn’t new. The online harassment of prominent accounts began several years ago at first, mostly on the level of government-sponsored trolls. Over the years, as the ruling government developed an interest in spyware technology, the types of attacks became more sophisticated while state-sponsored trolling and reliance on automated bots even though still used, became secondary. In each of these cases, finding the perpetrators have not been possible. And in cases when it was clear the attacker was an automated bot/state-sponsored troll the platform took no action. We finally know why. A former Facebook employee, Sophie Zhang, wrote a memo after getting fired from her job at the company revealing how the company dealt with fake accounts and bots. Among the countries, she has worked on and analyzed was Azerbaijan. “Ms. Zhang discovered that the ruling political party in Azerbaijan was also using false accounts to harass opposition figures. She flagged the activity over a year ago, she said, but Facebook’s investigation remains open and officials have not yet taken action over the accounts.”
On September 8, seven Azerbaijani dissidents who now live in various cities across Europe were targeted by the government of Azerbaijan. In addition to being formally charged with a crime in their absence and arrest warrants issued, the authorities have vowed to ask Interpol for their extradition.
The story goes back to last year when an Azerbaijani blogger, Elvin Isayev was extradited to Azerbaijan from Ukraine. Isayev lived in Russia since 1998 and was known for his critical views of the government. He acquired Russian citizenship in 2001. 19 years later, a court in St. Petersburg ruled to strip him of Russian citizenship and expel him. The following month Isayev moved to Ukraine, after an interim measure of the European Court of Human Rights called “Rule 39” suspended his deportation. Three months later he went missing only to appear in Azerbaijan where the Azerbaijan State Migration Service claimed Isayev was deported, a statement that was later refuted by Ukraine’s State Migration Service which said it never ordered Isayev’s deportation.
Few days after his “arrival” in Azerbaijan, Isayev was charged with calling for mass riots and public incitement against the ruling government. Now, the Prosecutor General office is seeking the deportation of seven men accusing them of the same crimes.
Ordukhan Babirov, Gurban Mammadov, Orkhan Agayev, Rafel Piriyev, Ali Hasanaliyev, Tural Sadigli, and Suleyman Suleymanli have been now charged in their absence. Many of these men are known for their online media activism, managing popular opposition YouTube channels, and for organizing street protests across European capitals in support of political prisoners in Azerbaijan, highlighting human rights violations and other advocacy engagements. One of the targeted men, popular activist, Ordukhan Babirov (known as Ordukhan Temirkhan Babirov) wrote in a Facebook post “[…] how many more times are they are going to give my name to Interpol”.
In an interview with OC-Media Tural Sadigli, activist and editor of Azad Soz [Free Speech] online news platform, said he faced a criminal case in 2019. “I was slighly surprised. They can’t reach us, they cannot stop our activities, so they use such forms of pressure,” Sadigli told OC Media.
This is not the first time, the government in Azerbaijan is resorting to Interpol. But according to Interpol, “[it] cannot compel the law enforcement authorities in any country to arrest someone who is the subject of a Red Notice. Each member country decides what legal value it gives to a Red Notice and the authority of their law enforcement officers to make arrests.
The persecution against activists at home and abroad is on-going. For years, the ruling Baku tried silencing dissident voices both inside the country through threats, intimidation, and arrests and abroad through public shaming campaigns, and targeting of remaining family members.
A week ago, a court in Baku sentenced veteran dissident Tofig Yagublu to four years and three months in jail on bogus charges. A campaign calling for his freedom #FreeTofigYagublu and #TofiqYaqubluyaAzadliq was launched and many of the targeted activists mentioned in this story have been rallying behind the campaign. Similarly, a youth activist who is among the organizers of the September 9 rally in support of Yagublu, was also targeted online and blackmailed.
Rustam Ismayilbeyli is an 18-year-old activist from Azerbaijan who was arrested earlier this summer for staging a protest outside the Ministry of Education. Together with a group of students, he was demanding that the Ministry cancels tuition fees and exams for the academic semester as a result of Covid19. After three of the organizers including Ismayilbeyli were admitted to the ministry police dispersed the crowd and arrested Ismayilbeyli as soon as he exited the government building.
Ismayilbely was sentenced to 15 days in administrative detention on charges of allegedly disobeying police and violating the quarantine requirements.
During his detention, his social media accounts and email were hacked. Although he was able to restore access, he was among targets on June 15 when someone with access to his National ID requested a password reset from the social media platform Facebook. It took Ismayilbeyli two months to recover his account.
On September 7, a fake profile that belonged to the state security informed Ismayilbeyli that unless he steps down from being an organizer of an upcoming rally and starts collaborating with them, personal information including intimate photos of Ismayilbeyli and his girlfriend will be sent to his friends and acquaintances.
The first account that threatened Ismayilbeyli had since been removed, the second account that did post personal information has removed the post. Instead, Ismayilbeyli told AzNetWatch, the same information is sent around via Whatsapp messenger, with the US number. His email and cloud were compromised during his arrest and Ismayilbeyli suspects, this is when these images were acquired.
Using burner numbers on WhatsApp targeting activists is not new in Azerbaijan. There are plenty of resources online that actually share tips on how to create a secondary line on WhatsApp. What is problematic however is up until now, it was not possible to identify the perpetrators.
On September 9, Ismayilbeyli also reported an attempted break-in into his Telegram account. In a tweet Ismayilbeyli said he keeps receiving verification codes via SMS on his mobile but because he had 2FA in place the account was not compromised.
Telegram hesablarımıza müdaxilə var. Əsas Telegram accountuma girməyə çalışdılar, indi də digər işlətmədiyim nömrəmlə yeni Telegram accountu açıblar, niyə bilmirəm.
Translation: There is an attempt to break in my telegram account. They tried taking over my main Telegram account. Now, using a number that I normally don’t use, they have opened a new account. Not sure why.
Bu dəqiqə mənə gələn smsləri oxuyub verification code’la telegram’a girməyə çalışırlar, amma two step’i keçə bilmirlər.
Writer Keramet Boyukchol was briefly taken to the police for questioning after an alleged complaint to the police made by his neighbors. Police claimed neighbors complained he was making too much noise.
Boyukchol is known for his criticism of the authorities on social media and in the numerous interviews, he has done with the media.
The day he was taken in for questioning, Boyukchol was live on Facebook, raising yet again, the issue of economic difficulties faced by the general public in the country. He was still streaming live when the doorbell rang and he got up to open the door. Seeing the police the writer asked what was the purpose of their visit, to which one of the officers responded, saying his neighbors complained he was making too much noise.
At some point, one of the officers entered the flat, without Boyukcol’s permission and in the absence of an arrest warrant and stopped Boyukchol from filming the scene.
According to Boyukchol’s father, in an interview with Azadliq Radio, his son was taken to the police and released the next day without any charges.
Boyukchol was also targeted online. In June, his Facebook account was compromised. All of his posts (over the last ten years) were deleted.
On July 20, activist Nijat Ibrahim, posted on his Facebook, that he was going to protest outside the Presidential Apparatus in the capital Baku. The main message of his one-man protest was calling on the President of Azerbaijan, Ilham Aliyev to resign. The activist also said he demands that the government demolish all of the monuments of Haydar Aliyev.
However, shortly after leaving his home, Ibrahim was detained by the police and charged with Article 139.1.1 of the Criminal Code (Violation of anti-epidemic, sanitary-hygienic, or quarantine regimes) specifically with spreading the virus. On July 21, Ibrahim’s wife, received a phone call informing her, her husband tested positive despite him never taking the testOn July 22, Nasimi district court found Ibrahim guilty and sentenced the activist to three months in pre-trial detention.
On July 28, Ibrahim’s lawyer filed a motion requesting the Center for Dangerous Infections at the Ministry of Health to provide information about the date Ibrahim was tested, and the results were made available to him. The court dismissed the motion.
According to the legislation, Ibrahim is facing 2500-5000AZN [1500-3000USD] fine, jail up to three years, or up to three years of restricted freedoms.
Scores of political activists have been accused of a similar crime over recent weeks.
In July, authorities in Azerbaijan released it’s very own COVID tracing tracker application. Launched by Tebib (Azerbaijan Administration of Regional Medical Division) the app was quick to draw attention, especially over its privacy issues.
e-Tebibis just one of the deluge of apps that have been unveiled in recent months by various governments, promising to detect COVID-19 exposure and not only. According to this detailed MIT review, some of these apps are “lightweight and temporary, while others are pervasive and invasive” like the Chinese version which attains access to user’s identity, location, online payment history “so that police can watch for those who break quarantine rules”.
In Azerbaijan, the police were already on the watch, with a mandatory SMS mechanism that required citizens to receive permission slips via SMS before going outside. So why ask citizens to install an app, that technically does nothing new or does it?
Features and concerns
According to the app’s description, “E-Tebib is designed to inform users in real-time about the number of patients (both sick and recovered) in Azerbaijan.” Currently, the official data is available here and the numbers are updated once a day – based on the numbers reported by the Operational Headquarters set up under the Cabinet of Ministers of the Republic of Azerbaijan (the unit was established on February 27). It is unlikely the app will be providing real-time indicators when the main body in charge only shares the information once a day.
In addition, article 4.4 in the user agreement of the app, explicitly states that any information, obtained through the app, may not be precise, correct, or trusted.
And yet, the app also claims to reduce the number of infected patients by informing users of potential COVID infected patients around them via Bluetooth technology.
Although the app claims it does not collect any personal data aside from user’s phone number the article 5.3 of the license agreement states, the center [the Ministry of Communication, Transportation and High Technologies who owns the app’s license] collects users’ names, last names, phone numbers, social media accounts, emails, national ID numbers, and location. Article 5.4 mentions the center sharing of this information with third parties. These third parties may analyze collected information including users’ browsing history [The center does claim that it does not allow third-parties, to use the obtained information for other purposes]. Article 5.5.1 states the center may share users’ information with government bodies and/or representatives’ legal requests; court orders; or under any other legal condition. Article 5.6 states that users’ information may be shared with third parties in other countries for security purposes. Article 5.10 states that all user-related data is kept for a month. But it fails to explain whether the same expiry date applies to “third parties” that may have accessed users’ information.
According to the app’s version history at App Store, the application was released a month ago. The latest “update” was done 2 days ago [July 7].
The app’s further transparency criticism comes from the fact that it is not an open-source code and its license belongs to the Ministry of Communication, Transportation, and High Technologies.
The biggest concern – the location of the data storage; the duration of the data storage; and who has access to this data.
In Azerbaijan however, other concerns have also been voiced – that the application is only available for native speakers and that ex-pats living in the country are unable to use the application. It is also not catered to people with disabilities.
FaktYoxla, a fact-checking platform in Azerbaijan concluded after a detailed legal analysis over the license agreement that e-Tebib is not designed in accordance with national legislation on data privacy.
On July 10, following widespread privacy concerns and questions over the app’s transparency, changes were made to its terms of the agreement. Originally users’ information was transferred to third parties, which were not explicitly defined in the agreement. At the time, independent experts and lawyers said this was against Article 32 of Azerbaijan’s state constitution and in violation of Article 8 of the European Convention on Human Rights. Azerbaijan’s constitution, namely, Article 8, stipulates that no one has a right to collect personal information without individual’s permission. The convention, on the other hand, refers to respect to privacy.
The new license agreement now says that only under necessary circumstances, and within the normative legal framework personal information may be transferred to third parties. The revised agreement, still, fails to explicitly mention the precise list of institutions considered under third parties.
Although this last point was later addressed by Fuad Niftaliyev – the head of the app development project. Niftaliyev explained that the third parties referred to in the agreement are: Ministry of Health, Tebib, and the Operational Headquarters [set up under the Cabinet of Ministers of the Republic of Azerbaijan]. According to Niftaliyev, the collected information is stored on the servers operated by the Ministry of Communication and Information. The last point is itself problematic, as the transparency of government institutions in Azerbaijan is problematic especially as surveillance technology is widely used by the ministries alike.
For potential users of the app, this remains problematic, especially when there is no option “B” if one disagrees with terms of service.