January – March 2024

What are the global trends in Internet freedom? What are the latest developments in the United Nations Cybercrime Treaty? How are Internet shutdowns in Africa and Asia impacting the regions? What are the consequences of cyberattacks? And what implications does AI have? These topics and many more are covered in our latest GIF Internet Freedom Trends report, which covers the period from January to March 2024.

Global Trends

In March 2024, the Council of Europe Committee of Ministers finalized the draft of the Framework Convention on AI, Human Rights, Democracy, and the Rule of Law. The draft Convention sets guidelines for human rights assessments, transparency, remedy mechanisms, and includes a public consultation process with civil society and experts. However, its application is limited to public sector AI (Artificial Intelligence) systems, leaving individual states to decide its extension to non-state actors.

The UN AI Advisory issued its interim report and the European Union (EU) AI Act continues to be deliberated. AI regulation also continues to be a top priority for tech companies. BSR, a sustainable business network and consultancy, launched its public Human Rights Assessment of the AI Value Chain.

The latest United Nations Cybercrime Treaty negotiations faced strong condemnation from civil society for potentially harming freedom of expression and privacy. Critics argued that the treaty’s vague criminal clauses and weak human rights protections in cross-border data sharing raised concerns among United Nations (UN) bodies and some member states, pausing the expected February vote. Set to replace the Budapest Convention norms, this treaty could reshape global cybercrime laws and legitimize practices controversially opposed by human rights groups.

The Corporate Sustainability Due Diligence Directive (CS3D) faced several delays before its adoption by the Council of the EU on March 15, 2024. These prompted support from international bodies, including the UN Rights Chief and the UN Global Compact, culminating in a joint statement by various UN agencies on February 20. The CS3D aims to mitigate negative environmental and human rights impacts by mandating human rights due diligence and providing access to remedy for harm. It awaits final approval from the European Parliament on April 24, 2024, with obligations for the largest companies starting in 2027.

The Digital Services Act’s (DSA) key provisions took effect on February 17, with the European Commission (EC) as the primary enforcer, supported by local Digital Services Coordinators (DSCs). Member States were to appoint DSCs by this deadline, either by creating new bodies or utilizing existing authorities, but some states have not yet completed their designations. DSCs function as hubs for escalating content moderation issues, accrediting CSOs (civil society organizations), trade unions, and networks as trusted flaggers for priority reporting of harmful content. Compliance executives manage these programs. The DSA opens data access for researchers, though approvals are pending. It shifts content moderation and data access decisions from companies to the governments.

Meta and TikTok challenged the EC levy given they would have to pay disproportionate costs compared to other industry players to a fund to regulate illegal and harmful content. Separately, the EC is testing its new powers under the DSA by opening proceedings against TikTok. If TikTok is found guilty of failing to protect children and guarantee researchers access to data, the company could pay a fine of up to 6% of its annual revenue.

Various platforms continue to gear up election integrity. The International Foundation for Electoral Systems (IFES) released Voluntary Election Integrity Guidelines for Technology Companies that outline a series of principles for tech companies to collaborate with elections authorities to protect election integrity. This represents a good first step at furthering commitments towards election protection.

Recently released, the Zero Draft of the GDC outlines a strategic framework for achieving a secure and inclusive digital future. Some of the proposals include the creation of a UN Digital Human Rights Advisory Service and an International Scientific Panel on AI. The document also suggests reinforcing UN agencies’ roles in implementing the GDC, focusing on human rights protections and Internet governance enhancements.       

The “Global Cost of Internet Shutdowns” report of 2023 reveals that deliberate Internet shutdowns imposed by governments worldwide cost the global economy approximately $9.13 billion. In total, 196 major shutdowns affected 747 million people across 25 countries, with Russia experiencing the highest economic impact at $4.02 billion. The shutdowns, which included full Internet blackouts, social media blocks, and severe ISP throttling, spanned 79,238 hours. These disruptions often coincided with political disputes, impacting human rights such as freedom of assembly and press freedom. Notably, the most blocked platform was X (formerly Twitter), significantly more than Instagram and TikTok.

West and Central Africa (WCA)

In March, significant Internet shutdowns struck much of WCA, including Côte d’Ivoire, Liberia, Benin, Ghana, and Burkina Faso, due to failures in several subsea cables. While the precise cause of the failures is still unclear, traffic has been redirected to alternative routes like Google’s Equiano cable to mitigate impacts. The disruption has affected essential services in at least a dozen countries, with rerouting efforts further reducing Internet capacity.

At the end of February, Chad experienced significant Internet and telecommunications disruptions following a deadly attack on its security agency. This occurred amid heightened political tensions as the country prepares for presidential elections. Connectivity plummeted to 20% due to outages affecting providers like SudaChad and Societe-Digital.

In the beginning of February, Sudan’s telecommunications services were completely shut down when the Rapid Support Forces forced major Internet service providers — Zain, MTN Sudan, and Sudatel — to sever networks across the country, affecting over 40 million Sudanese. This shutdown was reportedly in retaliation against previous communications blackouts imposed by the Sudanese Armed Forces (SAF) in Darfur, exacerbating the ongoing humanitarian crisis by severely restricting emergency services and financial transactions. The blackout began on February 2, hindering access to crucial services and information. Despite this, some Sudanese have resorted to using Starlink satellite Internet services, smuggled through neighboring countries, to circumvent the blackout. By early March, connectivity gradually resumed as Internet service providers such as Zain Sudan and Sudatel established new data centers in Port Sudan to restore services.

In Senegal, widespread mobile Internet disruptions and the revocation of Walf TV’s broadcasting license marked the government’s response to public protests following the postponement of the general elections originally scheduled for February 25, 2024. President Macky Sall postponed the elections to December 15, 2024, which led to demonstrations met with police repression, Internet and media shutdowns, specifically targeting Walf TV for its critical stance against the government.

Angola’s proposed National Security Bill, which was under review at the end of March, threatens to undermine democracy and press freedom by allowing unrestricted government surveillance and potential harassment of journalists without judicial oversight. If passed, the bill would enable security agencies to disrupt telecommunications and surveil individuals under vaguely defined “exceptional circumstances.”

Cameroon’s President Paul Biya is seeking €50 million from Banco Santander to expand the country’s facial recognition and video surveillance network as part of the “Cameroon Smart Cities” project. Managed by the National Police, this initiative aims to install 5,000 CCTV cameras across all administrative regions to enhance law enforcement capabilities. However, civil society has raised concerns about data privacy and human rights. The expansion will include new command centers and improved police communications, with Huawei and CAMTEL as technical partners.

In January, the armed forces in the Democratic Republic of Congo (DRC) arrested five journalists and radio technicians working at Radio Communautaire de Mangina in North Kivu province and confiscated their equipment. The journalists were charged with inciting the public to disobey military authorities following the broadcast of a program that exposed and debated political and security-related issues. They were released a day after their arrest. On February 3, 2024, four activists and three other individuals were arrested in Kinshasa. Two activists, a driver, a photographer, and a student were released the next day. The remaining activists were released on February 5, 2024, after public outcry.

Chioma Okoli, a Nigerian entrepreneur, faces imprisonment and a civil lawsuit for allegedly damaging the reputation of Erisco Foods Limited with her Facebook post criticizing their tomato puree as overly sweet. Arrested and charged under Nigeria’s Cyber Crime Prohibition Act, Okoli could face up to 10 years in prison if convicted on all charges. Her case presents the ongoing tensions between corporate interests and individual expression in Nigeria. The legal actions, viewed by many as excessive and an attempt to stifle criticism, have sparked widespread protests and discussions about free speech. This has also led to a countersuit by Okoli against Erisco and the police.

Ghana is at a political impasse over the “Human Sexual Rights and Family Values Act,” a strict anti-Lesbian, Gay, Bisexual, Transgender, Intersex, Queer/Questioning, Asexual (LGBTIQA+) bill passed by parliament but not yet signed by President Nana Akufo-Addo, who awaits a constitutional review. The law, which harshly penalizes same-sex relations and criminalizes LGBTIQA+ advocacy, has sparked threats of presidential impeachment and concerns over severe economic repercussions from international donors. Advocacy groups warn that the act could dangerously restrict LGBTIQA+ access to essential safety resources.

East and Southern Africa (ESA)

The region remains vulnerable to cyberattacks, particularly targeting media, human rights defenders (HRDs), financial institutions, and businesses. As biometric and digital identities (BDIs) become more common to enhance user experiences and service delivery, hackers are increasingly exploiting AI to defraud clients. In Tanzania, losses from mobile and Internet banking cyberattacks amounted to 89 billion Tanzanian Shillings (≈ $ 34,000,000 USD), with an additional 741 million Shillings (≈ $ 280,000 USD) lost to ATM card skimming. The central bank of Uganda has warned citizens about AI-generated fraud, noting its limited capacity to protect individuals beyond providing information. Many citizens and businesses are ill-prepared to manage cyber fraud, especially those involving social engineering. Furthermore, existing l egal frameworks for personal data protection are inadequate and fail to provide robust safeguards against data theft and sharing.

During the reporting period, the African Commission on Human and Peoples’ Rights (ACHPR), at its 78th private ordinary session, adopted the Resolution on Internet Shutdowns and Elections in Africa. The resolution calls on African countries to take necessary measures, including legislative actions, to ensure uninterrupted and unrestricted access to the Internet before, during, and after elections. This resolution is a timely intervention, as 21 African countries, including Mozambique and Tanzania, will hold elections in 2024.

High Internet costs continue to restrict the region’s access to affordable, quality Internet, limiting freedom of expression and increasing business costs, particularly for small and medium enterprises that depend on social media to reach customers. For instance, in Zimbabwe, Econet Wireless Zimbabwe, the main mobile operator, doubled data prices since October 2023, with 1 GB now costing on average the equivalent of $3.54 USD.

On February 13, Malawi police seized cell phones and laptops from 14 journalists at the Malawi Broadcasting Corporation over a fake Facebook page, sparking concerns about privacy and misuse of power. Conducted across Blantyre, Lilongwe, and Mzuzu, this action by the Digital Forensics and Cybercrime Investigations department is part of an investigation under Malawi’s Electronic Transactions and Cybersecurity Act. Civil society and rights groups are alarmed, especially after reports of unauthorized social media access attempts during police custody of the devices and the use of Cellebrite’s Universal Forensic Extraction Device, which heightens fears of privacy invasion.

Cartoonist and lecturer Dr. Jim Spire Sentongo fears for his life after revealing corruption in the Ugandan Parliament through an online exhibition on the X platform, “#UgandaParliamentExhibition.” This event exposed irregular recruitments and lavish expenditures of the Parliament. Dr. Sentongo reported surveillance threats against him, while activist Josh Jeje, a co-organizer, went into hiding following arrest warnings. Moreover, Herbert Anderson Burora, Resident City Commissioner for Rubaga, was suspended after criticizing parliamentary financial abuses at the exhibition.

On January 6, Somalia security forces raided Maan Media TV, assaulting journalists Mohamed Abdi Sheikh, Mohamed Abdi Abdullahi, and reporter Ilyas Abdinasir during a debate on a memorandum of understanding between Ethiopia and Somalia. While Abdullahi and Abdinasir were later released, Sheikh remains in custody.

On February 9, Burundi’s government enacted a media bill that replaced prison sentences for journalistic ethics violations with fines of $350 to $523. The reform triggered mixed reactions. While some praised it, others doubted its effectiveness, explaining that journalists like Floriane Irangabiye were still detained post-enactment. Critics suggested that releasing all jailed journalists before passing the bill would have shown genuine commitment.

Digital rights activists in Zimbabwe are concerned that the CCTV cameras to be installed in Bulawayo will enable illegal surveillance and infringe on human rights. The Bulawayo CCTV project, to be executed by Trendy Three Investments under the government’s Smart Cities, Safe Citizens initiative, has raised alarms due to the government’s history of abusing activists, critics, journalists, and HRDs.

The region saw some notable improvements in Internet rights. In March 2024, Tanzania established a National Advisory Council and initiated a Child Online Protection campaign to enhance awareness and educate children, parents, and teachers about online criminality and their roles. Zambia enacted a new Access to Information law, fostering hopes for transparent governance. Uganda committed to reducing Internet costs from $35 to $5, an 86% decrease, within a year.

Latin America and The Caribbean (LAC)

In February 2024, it was revealed that since 2016, the Mexican Secretariat of National Defense has operated the Cyber Operations Center (COC) to monitor social media criticisms of the military and government. Utilizing HIWIRE software developed by Israeli firm WebintPro, the COC employs fake profiles and bot farms to subtly influence public opinion. Staffed by 178 military personnel, the COC conducts both defensive actions and proactive cyberintelligence operations. These activities currently lack a legal framework, which has led to initiatives pushing for a Federal Cybersecurity Law to legitimize extensive cyber activities, including pervasive social media surveillance and offensive cyber operations. Mexico has initiated discussions on the Federal Cybersecurity Law, which was created with minimal input from non-governmental actors. Civil society has raised concerns, stating that this law seeks to militarize the digital space and facilitate spying on various social groups.

Authorities in Brazil have declared that they will adopt facial recognition measures in two sectors. The first was announced by the Secretary of Social Defense, who stated that they would integrate facial recognition software into their social security system as part of this year’s carnival framework. The second was announced by the Minister of Justice, who intends to implement video surveillance systems after two prisoners escaped from a prison. The minister declared that at least five federal prisons would begin using this facial recognition system.

Cuba intensified crackdowns on digital communications, with over 210 documented instances of Internet restrictions aimed at silencing dissent recorded in 2023. The government frequently disrupted Internet access and monitored journalist communications, leveraging its control over the national telecom’s monopoly, ETECSA. This has forced journalists to adopt encrypted services and extreme security measures to protect their devices from state seizure and surveillance.

In 2024, Venezuela’s government actions have intensified against civil society with the drafting of a new NGO law that aims to severely limit NGOs by prohibiting ‘political activities,’ though without clear definitions. This law exposes organizations to potential sanctions or closure if perceived as political by the authorities. The arrest of Rocío San Miguel, a prominent HRD, alongside her relatives for allegedly taking part in a plot against President Nicolas Maduro in February is said to be a part of the broader strategy to suppress dissent. This also includes the suspension of the operations of the local UN Human Rights office and expulsion of its staff, further isolating Venezuelan civil society and hindering their work, especially as electoral activities increase.

The Government of Argentina has announced governmental intervention in some media outlets. Civil society has described these actions as a direct interference in freedom of expression and press freedom.

According to a report by the Association of Journalists, in El Salvador, 16% of digital violence against journalists on the social network X (formerly Twitter) is directed at women, and 84% at men. This violence has a sexual characterization in 17% of cases against women, compared to 7% against men.

According to ClaroVTR, a telecommunications company operating in Chile, children, youth, and older persons are particularly vulnerable to scams and sexting, which pose the greatest threats to their digital safety. The company notes that these frauds often involve sexual threats and extortion targeted at these demographic groups.

In late March 2024, hearings for the appeal filed by the government of Ecuador in its case against Swedish programmer Ola Bini started. The government is seeking the man’s conviction for “unauthorized access to a computer system,” with a potential sentencing set for April 2024.

In January 2024, a surge of violence orchestrated by organized crime began in Ecuador, instilling widespread fear among the population. Within this context, disinformation has played a crucial role on social media, stoking panic through the dissemination of fake news that manipulates the perceived level of violence.

At the beginning of February, Colombia introduced its National Digital Strategy for 2023-2026, which outlines a comprehensive plan to promote digital transformation across the country.

Europe and Eurasia (EE)

During the coverage period, DSLU reported over 35 incidents targeting journalists, activists, and defenders in Ukraine, involving phishing and attempts to reset passwords. Notably, a new trend of wiretapping raised concerns about illegal surveillance. On January 5, an attack on Forbes Ukraine resulted in employees receiving hundreds of unauthorized messages and loan requests, alongside attempts to hack their bank accounts. On January 16, a video showcasing wiretapped conversations of the Bihus.info journalism team was released. Investigations revealed that more than 30 individuals from the Department for the Protection of the National State of the Security Service of Ukraine were involved. Shortly after, another journalist found a wiretapping device in her car and reported hacking attempts on her Telegram channel. In January, one of Ukraine’s most popular banks experienced its largest attack so far, receiving 580 million service requests over three days. During these distributed denial-of-service (DDoS) attacks, hackers disrupt the regular operations of online services by overwhelming them with junk Internet traffic.

In Belarus, Telegram accounts were created using local phone numbers belonging to exiled activists. Attackers promptly activated two-factor authentication (2FA), preventing the rightful owners from accessing these newly created accounts. Additionally, January proceedings targeted 20 civil society figures labeled “Tsikhanouskaya analysts” in official reports. Charged individuals included analysts Ryhor Astapena and Lesa Rudnik, and political scientists Pavel Usov and Andrei Kazakevich, facing accusations of conspiring to seize state power and engaging in activities harmful to national security.

In Azerbaijan, police raided Toplum TV on March 6, detaining six journalists and initiating pre-trial custody. Post-detention, Toplum TV’s social media was hacked, and over 3,000 YouTube videos were deleted. This action extends the pattern of repression against media and bloggers, with the extended detention of activist Farid Suleymanov and the arrest of blogger Arzu Sayadoglu.

In Armenia, Karine Simonian, a correspondent for Radio Free Europe/Radio Liberty, experienced a break-in at her apartment where her work camera was stolen—an act she believes was intended to intimidate her due to her work in investigative journalism.

In Ukraine’s temporarily occupied Crimea, the Russian Federal Security Service detained Rustem Osmanov and Aziz Azizov, two journalists working for Crimean Solidarity, a group that reports on politically motivated prosecutions in Crimea. They were charged with organizing and participating in the activities of a terrorist organization. If convicted, they could face up to 20 years in prison under the Russian Criminal Code.

In Belarus, officials are collaborating with Russia to unify their lists of “extremists” and “extremist resources,” potentially increasing repression of dissent and expanding restrictions on civil society.

In Armenia, efforts to refine cybersecurity and public information laws focus on balancing personal data protection with freedom of expression. CSOs warn that ambiguities in these laws could infringe on information freedom and overlap with personal data protections.

In Ukraine, a draft law submitted to the parliament in March aims to regulate online platforms by imposing obligations similar to the EU standards, including ownership disclosure and the appointment of legal representatives. It also includes fines for non-compliance with content removal orders but lacks blocking powers. The draft is currently under review by the Parliamentary Committee on Humanitarian and Information Policy.

In Georgia, at the beginning of April, the ruling party reintroduced the draft law on so-called “foreign agents,” inspired by similar Russian legislation. This could significantly impact civil society in the country in the coming weeks and months.

In Armenia, authorities are increasingly imposing restrictions and exerting excessive regulation on media freedom and information access, while advancing state surveillance and infringing on private data. Concerningly, they also show a lack of genuine engagement with civil society and disregard for criticism.

The Balkans

Public institutions in the region, including North Macedonia’s State Electric Transmission Operator (MEPSO), were targeted by significant cyberattacks in late January and March. MEPSO’s March ransomware attack blocked access to its financial management server but did not compromise the critical electricity infrastructure, which remained secure and functional. The attack disrupted access to data analysis servers for 20 days.

There has been a marked increase in phishing and similar financial fraud attempts. Several countries, including Bosnia and Herzegovina (BiH), Croatia, Romania, and Serbia, have reported major incidents involving phishing SMS and emails from major banks and telecoms.

In Albania, social media platforms have become tools for endangering citizens’ lives, with cases of stalking, extortion, and threats targeting leading LGBTIQA+ activist Xheni Karaj, who has reported these incidents to the police. In North Macedonia, misinformation about passport issuance escalated, causing chaos and public outrage. The Metamorphosis Foundation, which operates the Truthmeter fact-checking service, faced a severe disinformation campaign. This campaign endangered employees and challenged press freedom by falsely accusing the organization of illegal activities and misrepresenting fact-checking as censorship. Social media posts incited violence against staff, prompting condemnation from national and international CSOs. The case has been reported to North Macedonia’s Ministry for Internal Affairs and Public Prosecution.

Montenegro experienced a surge in hate speech, particularly targeting ethnic minorities, while in Serbia, AI-generated pornographic content created a frenzy in schools.

In Romania, two MPs from the Liberal and Social-Democratic Parties proposed restricting TikTok after polls showed young voters favoring opposition, including the extreme-right. They claim TikTok spreads pro-Russian propaganda, affecting voter preferences. Despite these concerns, the digitalization minister stated on March 27 that the government would not ban TikTok but expects the platform to filter AI-generated political content.

Civil society has noticed big steps in tackling cases of online child sexual abuse, with recent arrests in BiH, Serbia, and Romania during March. Similarly, in Croatia, police are alerting the public not to share violent images against women to help protect victims.

South and Southeast Asia (SSEA)

In Pakistan, there have been numerous instances of Internet shutdown, particularly during election period, affecting both communication and economic activities. These frequent shutdowns, which rank among the highest in the world, raise questions about the country’s adherence to democratic principles and the rule of law. The practice of imposing Internet shutdowns to suppress dissent has led to significant public unrest and criticism of the legitimacy of election processes, pointing to challenges in Pakistan’s digital and democratic evolution.

In Bangladesh, the BGD E-Gov CIRT, a cybersecurity organization within the government’s Information and Communication Technology department, released a report on ransomware threats in the country. The report noted a significant increase in attacks during 2023, with malware incidents rising by 71.39% compared to 2022. This included a ransomware attack on the Biman Bangladesh Airlines’ email server in March, which disrupted internal communications. The January elections were marked by censorship, deepfakes, and social media polarization, largely targeting opposition leaders. These AI-powered tactics made accessible by affordable tools, heightened concerns about the spread of misinformation. Additionally, hackers from Ukraine and Germany targeted the Bangladesh Election Commission’s app, leading to operational issues.

In the Maldives, government websites, including the President’s office, suffered a cyberattack speculated to be linked to derogatory remarks about India’s Prime Minister. The National Centre for Information Technology restored functionality amid diplomatic tensions over the incident.

In the Philippines, hackers from China attempted to breach government websites and email systems in February. The unsuccessful attempts targeted entities related to maritime security and the President’s personal website. The Information and Communication department confirmed the attacks, traced them to the Chinese state-owned company Unicom, and requested assistance from the Chinese government to prevent further incidents amid escalating tensions over territorial disputes in the South China Sea. Similarly, in February, the Philippine Coast Guard’s (PCG) Facebook page was compromised using malware. This incident marked the third cyberattack on the PCG this year, following earlier breaches of its X (formerly Twitter) account and website.

In Indonesia, the recent national elections witnessed the misuse of AI, including chatbots and deepfakes, for political purposes. Analysts have warned that this could exacerbate the disinformation problems already prevalent in the country, particularly following the divisive 2019 elections. Moreover, online misinformation is intensifying anti-Rohingya sentiment, which surged in late 2023. Social media platforms, notably TikTok, have been significant contributors, with sensational headlines portraying Rohingya refugees as criminals.

In January 2024, several human rights organizations condemned Sri Lanka’s Online Safety Act, warning that it threatens freedom of expression and privacy online. They urged its repeal, due to the potential for authorities to misuse the law to suppress dissent, especially during economic hardships and upcoming elections.

Nepal’s civic space was rated as ‘obstructed’ by the CIVICUS Monitor due to concerns over civic freedoms, including a ban on TikTok, a social media directive, and the targeting of journalists and protesters. In January 2024, the government proposed a new law to regulate social media platforms, drawing criticism 35 allied organizations for its potential infringement on freedom of expression, privacy rights, and fundamental rights. Issues raised include unnecessary restrictions, ambiguity in criminal provisions, and concerns about censorship.

CNN Philippines ceased operations on January 31 due to significant financial losses, marking a setback for the media industry in the country. The National Union of Journalists of the Philippines expressed concern over the reduction of reliable information sources amid rampant disinformation and misinformation.

On a positive note, Indonesia ensured that the transgender community had access to IDs for the February 14 elections, offering hope amid ongoing challenges in a conservative society.

Central Asia (CA)

On March 14, in Kyrgyzstan, the Parliament passed a bill on NGOs. According to the bill, local NGOs that receive foreign funding and engage in political activities will be designated as foreign representatives. On April 2 (after the reporting period), the President signed and approved the bill, which is set to take effect within 10 days. On March 13, the President recalled for revision the bill on mass media following a closed meeting with over 40 representatives from various local media outlets.

In Kazakhstan, in February, unidentified individuals leaked data from the Chinese company iSoon, which is said to collaborate with China’s Ministry of Public Security and is connected to the cyber intelligence group APT41. A Kazakhstan-based cybersecurity firm analyzed the data and discovered that hackers had accessed infrastructure of Kazakhstani telecom operators, including event logs, call durations, device IMEIs (International Mobile Equipment Identity), and billing information. The leak also exposed subscribers’ personal data, logins, passwords, and detailed logs of calls and activities. Evidence suggests that the hackers specifically targeted employees of Kazakhstan’s National Security Committee and Defense Ministry.

Another data leak in Kazakhstan has compromised the personal information of over two million citizens, all clients of Zaimer.kz, a microfinance organization within the Robo.finance infrastructure. The State Technical Service (STS) of Kazakhstan is currently investigating this breach. Affected individuals are being notified through the EgovMobile application. Due to this significant breach, Zaimer.kz has been fined 1.8 million tenge (≈ $ 4,040 USD). With complaints from citizens about personal data breaches now exceeding 5,200, the Ministry of Digital Development, Innovations, and Aerospace is recommending that these individuals pursue legal action to seek compensation for moral damages.

Additionally, a criminal investigation has been launched on the dissemination of personal data and information constituting medical confidentiality of students of the Al-Farabi Kazakh National University (KazNU). The database of female students including their full names, individual identification numbers, cell numbers and medical data revealing the status of virginity were disseminated via WhatsApp group.

In January, the Justice for Journalists’ Risk Map in Kazakhstan documented six incidents, including DDoS attacks and the compromising of email and social media accounts, as well as messengers. These incidents were reported by online media outlets ProTenge and KazTag, along with journalists from the YouTube channel Obozhayu. In Uzbekistan, the Justice for Journalists’ Risk Map recorded seven attacks on journalists and bloggers through judicial or economic means.  

In Kyrgyzstan, in February, representatives of Govori TV, PolitKlinika, and vesti.kg reported several unsuccessful attempts to breach their Telegram accounts. Earlier on January 15, National Security agents raided the office of the local online news agency www.24.kg as part of a criminal investigation into “war propaganda.” The director and two chief editors were interrogated. Bound by a non-disclosure agreement, they did not comment on the case. Subsequently, the owner and director, along with one of the chief editors who was interrogated, left the media outlet. A new owner and director for 24.kg were announced on March 19. On April 2 (after the reporting period), authorities suspended the criminal case and returned all confiscated property and documents. On January 16, 11 journalists were detained and later arrested. These journalists were all current or former members of the YouTube-based projects Temirov Live and Ayt Ayt Dese. They were accused of inciting protests and mass disorders. In March 2024, three of the arrested journalists were released from pre-trial detention and placed under house arrest.

In Tajikistan, criminal and administrative cases have been initiated against several journalists and bloggers. The accusations range from public calls for extremist activities to violations of national and cultural values.

On a positive note, by a presidential decree dated March 27, Tajikistan has established a new Agency on Innovations and Digital Technologies. This agency aims to strengthen the institutional foundations of the digital economy, develop information and communication infrastructure nationwide, digitalize various economic sectors, and advance the implementation of e-government.

The Middle East and North Africa (MENA)

Submarine cable damage in the Red Sea has disrupted up to 25% of Internet traffic between Asia, Europe, and the Middle East. The incident has affected major telecom networks, with repairs hindered by lengthy permit processes. Potential threats from Houthi rebels are exposing the vulnerability of these essential underwater cables. Companies like Seacom and Vodafone are actively rerouting traffic to reduce disruptions.

Iran has further tightened its Internet restrictions by officially banning virtual private networks (VPNs), a move endorsed by Supreme Leader Ayatollah Ali Khamenei. This ban is part of a larger effort to control digital access, addressing tools that circumvent censorship on social media and other online platforms. The exact details of enforcement and exceptions are yet to be clarified. This action aligns with Iran’s broader crackdown on Internet Freedom (IF), which includes widespread blocking and filtering of websites, contributing to a significant decline in digital communication within the country. This crackdown has been particularly evident in the government’s response to anti-government protests, marked by Internet shutdowns and increased surveillance.

In March, the Parliament of Tunisia passed two controversial bills to implement mandatory BDIs and passports, disregarding years of civil society advocacy for stringent privacy safeguards since 2016. The laws mandate chip enabled BDIs for citizens aged 15 and above without clear protections for personal data, raising serious privacy and human rights concerns.

In January, Gaza experienced a weeklong telecommunications blackout, the longest continuous outage since the conflict with Israel began. This disruption has severely hampered humanitarian efforts and made it difficult to document on-ground conditions. The blackouts, intensified by heavy bombardments and fuel shortages, have been compounded by direct attacks on civilian telecom infrastructure and restrictions on electricity access.

Israeli intelligence used an AI system named “Lavender” to identify 37,000 targets in Gaza linked to Hamas during a bombing campaign, revealing new depths in the application of technology in warfare. This system streamlined target selection but raised significant ethical questions, as it allowed for civilian casualties in strikes on low-ranking militants.

Israeli Prime Minister Benjamin Netanyahu plans to shut down Al Jazeera’s local operations using a new law passed by the Parliament, which allows the closure of foreign news networks deemed a security threat. Al Jazeera has denied Netanyahu’s claims of incitement and involvement in security risks, vowing to continue its journalistic work. This law reflects ongoing tensions and is part of a series of Israeli actions targeting Al Jazeera, including direct attacks on its journalists and offices during conflicts.

In Egypt, Lina Attalah, editor-in-chief of the independent news outlet Mada Masr, is facing charges for “publishing false news” and “operating a website without a license.” These charges followed a report on Egypt potentially accepting Palestinian refugees, which resulted in a six-month ban on Mada Masr for allegedly undermining national security. Attalah was questioned and released on bail, reflecting Egypt’s ongoing crackdown on independent media and press freedom. Despite efforts, Mada Masr has been unable to obtain a website license since 2018.

Iran’s environment for journalists is rapidly worsening under President Ebrahim Raisi’s administration, with 95 journalists arrested since the Woman, Life, Freedom protests. The regime uses harsh measures to suppress dissent, severely restricting media freedom. Despite these risks, some journalists persist in exposing government malpractices and social injustices.