October – December 2023
What are the global trends in Internet freedom, what is the status of the Digital Services Act (DSA) enforcement, and what are the reactions of CSOs to UNESCO’s final version of the Guidelines for the Governance of Digital Platform? You can read about these and many other Internet trends from GIF’s Quarterly Report, covering the period from October through December 2023.
Expanding beyond a global perspective, the report contains overviews of digital security and digital rights trends from eight regions. It addresses incidents ranging from press suppression and restrictions on freedom of expression in West & Central Africa (WCA) to cyberattacks, digital rights concerns, and the impact of offline developments across East & Southern Africa (ESA). The report covers updates on digital threats and targeted attacks in Latin America & the Caribbean (LAC), highlighting issues such as vulnerabilities, phishing, technology misuse for surveillance, and gender-based violence.
In Europe & Eurasia, the focus shifts to recent updates on digital attacks, digital rights, and freedom of expression. The report also explores cybersecurity incidents in the Balkans, including phishing, hacking, and cyberattacks targeting critical sectors such as finance, energy, and media.
The report also covers the South & Southeast Asia (SEA) and Central Asia (CA), where it discusses state-sponsored cyberattacks, new national regulations affecting social media and telecommunications, and their implications for freedom of expression and privacy. Additionally, the report details cybersecurity incidents, regulatory changes, and initiatives within these regions.
Concluding with the Middle East and North Africa (MENA), the report presents findings on hacking attacks, cybersecurity incidents, the extortion of journalists and activists, legal actions against individuals for social media content, and Internet shutdowns.
Global Trends
The World Radiocommunication Conference (WRC) held by the International Telecommunication Union (ITU) concluded in mid-December 2023, after nearly a month of intense negotiations. While the WRC can be seen as a purely technical standards development forum, the decisions made on spectrum bands and orbit dominance define who can control technology markets and sectors, often at the expense of human rights considerations. One of the key decisions made at the WRC was on spectrum allocation that covers critical needs such as consumer use, national security, intelligence, and defense capabilities. For example, 6GHz frequency can provide good coverage in rural and remote areas and can be used as 5G mobile network technology in urban areas. At the WRC, this band was subject to contentious last-minute agreements. While there has been a historic consensus that 6GHz should be unlicensed for usage by different technologies and industries, some countries, including Brazil, shifted their positions during the conference and opened the possibility that the frequency can be used by the International Mobile Telecommunication (IMT) industry. Discussions about the allocation of 6GHz will continue during the next WRC in 2027, and it seems likely that the mobile industry will be granted part of the 6GHz band for its use, increasing market concentration and reducing the diversity of technology options for users to choose from when connecting to the Internet. ARTICLE 19 (A19) has been actively engaged in ITU Radiocommunication Sector (ITU-R) discussions and will continue to participate in ITU-R meetings in the coming period to push back against market dominance that can lead to users being prevented from alternative options and network providers and limit their access to online information.
December was also marked by the European Commission moving forward with a draft foreign agent law despite widespread criticism. Although the directive does not directly restrict Internet freedoms (IF), it could negatively impact organizations in the European Union (EU), including digital rights organizations. The draft law could be seen as the EU’s de facto endorsement of similar laws in effect in repressive regimes around the world.
The enforcement of the Digital Services Act (DSA) for very large online platforms (VLOPs) and very large online search engines (VLOSEs) – those with over 45 million EU users – has already begun, and the European Commission announced its first formal enforcement proceedings against X (formally Twitter). By February 17, 2024, Member States will assign Digital Service Coordinators to supervise compliance, marking the beginning of enforcement for all platforms, search engines, and intermediaries covered by the DSA. Additionally, the Commission launched a public consultation to collect input on a draft regulation on the templates that intermediary services and platforms will have to use for their transparency reporting under the DSA, which the Global Network Initiative (GNI) plans to participate in.
United Nations Educational, Scientific and Cultural Organization(UNESCO) released the final version of the Guidelines for the Governance of Digital Platforms. GNI has commented on the different drafts throughout the process. The final version continues to use “digital platforms” broadly without defining them. As GNI noted in its second submission, the Guidelines fail to address the “relevant differences that distinct services have regarding visibility, influence over, and directionality of content”. As noted in GNI’s last submission, the final draft continues to explicitly “focus on companies,” without recognizing that some digital platforms are provided by not-for-profit entities, while others may be partially or fully state-owned or controlled. GNI will continue to monitor UNESCO’s work in this area going forward.
The EU also passed the Artificial Intelligence Act (AI Act) in early December. The AI Act takes a “risk-based” approach to the governance of AI systems. This is one of the highest-profile AI regulations, so its effect will be closely watched. Before coming into effect, the Act needs to undergo final procedural steps for approval. Additionally, the United Nations (UN) Human Rights Office of the High Commissioner B-Tech project released a Foundational Paper on Advancing Responsible Development and Deployment of Generative AI with respective supplements outlining the taxonomy of human rights risks connected to generative AI and an overview of company practices. These documents pave a human-rights-centric approach to the development of regulation around generative AI.
AI dominated digital rights discussions in 2023, but often these processes have not included meaningful participation from civil society. For example, in October, the Group of Seven (G7) issued Guiding Principles for Organizations Developing Advanced AI Systems as part of the Hiroshima Process on Generative AI, but the period for input from external stakeholders was only a few days. At the same time, UNESCO is implementing its Recommendation on Ethical AI by conducting assessments in 50 pilot countries. However, according to some civil society organizations (CSOs), these assessments have not engaged local or regional digital rights organizations until the end of the process when the assessment reports were almost complete. Moreover, UNESCO has not been transparent about the process itself, raising concerns that it is establishing the foundations for AI governance behind closed doors with only government stakeholders.
Meta started implementing default end-to-end encryption for one-to-one messages and voice calls on Messenger and Facebook. This update, aimed at enhancing user privacy, will protect the contents of messages from potential surveillance. However, concerns remain regarding the handling of backups and metadata. The encryption is based on a modified version of the Signal protocol, with options for encrypted backups. Despite these improvements, Meta still has access to significant unencrypted metadata. The rollout is a major step towards stronger user privacy on Meta platforms.
West and Central Africa (WCA)
During this quarter, in Angola, the editor of the YouTube news channel, Portal A Denúncia, Carlos Alberto, was detained by Criminal Investigation Service officers at the end of September 2023 for a story he published online on the alleged appropriation of land by the former Deputy Attorney General. YouTube has since pulled the video down for violating the video platform’s harassment and bullying policies. In early October, Alberto was sentenced to serve a three-year prison sentence for criminal defamation, injurious denunciation, and violating press freedom. The arrest seeks to muzzle the press and limit and censor online freedom of expression, in direct contradiction with Article 35 (1) of the Constitution of Angola, which highlights that “freedom of the press shall be guaranteed and may not be subject to any censorship, especially political, ideological, or artistic.”
In the Democratic Republic of Congo (DRC), ahead of the December 20, 2023 elections, a spate of harassment, attacks, threats, and unlawful detentions occurred, affecting journalists covering the harmonized elections. Journalists who reported being harassed included those who shared news on social media platforms. Journalists John Kanyunyu Kyota told journalist organizations that he had received at least four death threats from anonymous callers who purported to be from the DRC Central Intelligence Agency. Kyota runs a WhatsApp group that discusses political views. Such threats seek to censor journalists, cause fear, limit freedom of expression, and interfere with the free flow of news and information. These events relate to the further crackdown on human rights in the country, where a week after the elections, at least 11 civilians in Kinshasa were injured after the riot police in the DRC forcibly dispersed banned protests initiated by five opposition parties who are calling for a rerun. DRC’s President Felix Tshisekedi won the reelection with more than 70% of the vote. However, claims of election fraud marred the process, with opposition presidential candidates rejecting the election results and calling the election a ‘sham.’ However, the Constitutional Court in DRC has, in January, rejected legal challenges against the results.
East and Southern Africa (ESA)
In 2023, the region registered increased cyberattacks that targeted critical infrastructure such as banks, government, and private entities. In July 2023, Kenya experienced a massive cyberattack that affected services on a key government online platform – the e-citizen portal. In March 2023, government websites in Mozambique suffered massive cyberattacks. In South Africa, it was reported that at least 80% of businesses experienced some form of ransomware attack in 2023. Attacks to financial institutions saw one of the biggest increases in cyber-attacks, Interpol says over $40 million has been lost to cyber criminals. The telecommunications company Lycamobile was also targeted with a ransomware attack that disrupted their operations, however the company was able to thwart the attack as they had good backups. In Mozambique, during the October 2023 elections, the country experienced an Internet shutdown and potential throttling.
Regarding digital rights developments, the region continues to reel from the implementation of existing retrogressive laws and policies. For example, in Tanzania, the government communications regulator, Tanzania Communications Regulatory Authority (TCRA), imposed a ban on the use of VPNs, with the offense attracting a penalty of $2,000 or a minimum of 12 months in prison. In issuing the ban, TCRA cited Regulation 16(2) of the Electronic and Postal Communications (Online Content) Regulations 2020, which prevents Tanzanians from accessing content illegally. Facebook is still banned in Uganda based on the January 2021 Uganda Communications Commission directive.
In Zambia, in December, President Hakainde Hichilema signed into law the Access to Information Act. This is a major milestone in promoting the right to information in the country. The new law empowers the Human Rights Commission to sanction individuals and bodies that do not provide information as requested and protects whistle-blowers. The enactment of the act is a culmination of years of advocacy by organizations and is an important milestone in the protection and promotion of human rights.
In Uganda, the government approved and rolled out the digital number plates system, despite privacy concerns and warnings from Human Rights Watch. The new system will be installed and configured by a Russian company. The digital number plates system will integrate with the existing Closed-Circuit Television (CCTV) system and greatly expand the real-time surveillance capabilities of the Ugandan government. The questionable human rights record of the Ugandan government means that the potential for abuse is high.
In terms of offline developments, in Zimbabwe, in December 2023 the opposition leader Jacob Ngarivhume was acquitted after spending eight months in prison for organizing anti-government protests and inciting public violence by using his Twitter handle to convene the July 31, 2020 nationwide anti-corruption protests, which were violently dispersed by security forces. The incarceration of journalists and critical voices in the region on trumped up charges is not unique to Zimbabwe, but it has become a tactic deployed by increasingly autocratic regimes to stifle critical voices.
Also, during this period, Mozambiquan journalist and editor-in-chief of the online newspaper, Ponto Por Ponto, was killed. The journalist was widely known for his criticism of poor governance and corruption and was a commentator on Televisao Sucesso, where he openly addressed governance issues including fraud allegations in the October municipal elections. Local organizations have called upon authorities to conduct a thorough investigations into the journalist’s murder.
In Uganda, security forces continue perpetrating violations against journalists. On October 5, 14 journalists were arrested, and their work equipment confiscated as they covered the return of opposition leader Robert Kyagulanyi at Entebbe International Airport. Some of the arrested journalists complained about being beaten during the arrest. All 14 were released on the same day without charges. Further still, there has been a noticeable rise in cases of hate speech and homophobia against the LGBTIQ+ community since the enactment of the anti-homosexuality law. There is also a noticeable increase in hate speech cases in Kenya following the government’s granting Kenyan LGBTIQ+ campaigners the right to register a Non-Governmental Organization (NGO) that will advocate for sexual minority rights.
Looking forward to 2024, at least 17 countries on the continent will be holding national presidential and or national assembly elections, including Botswana, Burkina Faso, Chad, Comoros, Ethiopia, Ghana, Madagascar, Malawi, Mali, Mauritius, Mozambique, Namibia, Senegal, South Africa, South Sudan, and Tunisia. Several of these countries have a history of ordering Internet disruptions and committing violations against online and opposition activists during elections.
Latin America and The Caribbean (LAC)
In terms of targeted attacks and other digital threats, in Ecuador, a vulnerability identified in the software Zimbra may have affected public institutions. The government commonly uses this software to manage email and collaborative work and researchers found that some servers had not been updated. The country has also seen a wave of phishing attacks with at least four different types of malware. In Mexico, the use of deepfakes to generate intimate images of women and girls was documented, leading to concerns about the increase of tech-facilitated gender-based violence across the region. In Bahia, Brazil, the existing facial recognition system was reported to be responsible for the arrest of 1,011 people and for reportedly sentencing several innocent people to jail since its implementation in 2018. In Cuba, the Independent Assembly of Cuban Filmmakers (ACC) accused the country’s authorities of having cut off the Internet connection during its last meeting, in which several members were connected virtually. In Nicaragua, the Mayor’s Office of the capital will install 600 video surveillance cameras that will be added to the 300 that are already operating since 2015, as part of the smart traffic lights project. In Argentina, the new federal government has announced measures to increase surveillance during protests assisted by technologies including facial recognition cameras and drones. Argentinean human rights organizations reported concerns to international bodies regarding how the initiative will affect freedom of expression, association, and assembly.
In terms of digital rights developments, in Panama, the electoral body is accused of restricting freedom of expression. The decision of the Electoral Tribunal (TE) of Panama to order two digital media and an independent journalist to withdraw publications about ex-president Ricardo Martinelli (2009-2014), who is running for office again and is implicated in corruption cases. In Chile, a multistakeholder commission advising the government has delivered a report with 72 recommendations to combat disinformation. They include considerations on media literacy, research, cybersecurity, elections, health, gender, and strengthening media outlets. In Uruguay, Spotify has threatened to leave the country after a copyright law reform changed the rules for compensating artists. Also in the country, the Ministry of the Interior will acquire a microphone system that will make it possible to detect and geolocate gunshots that will alert the police, which could imply further surveillance of the population.
In Colombia, the Constitutional Court has recognized the right to digital disconnection of workers outside working hours as “a human right that arises from new technologies”. In Brazil, the Congress requested a public hearing with social networks and digital platforms to discuss the possibility of using AI to “reduce the avalanche of acts of violence faced by Brazil and also the high suicide rates.” In Chile, the Electoral Authority (Servel) sanctioned Google for not providing the required information on those who contracted electoral advertising on the platform during the 2022 plebiscite.
In other developments involving the state of freedom of expression, in Venezuela, according to an article published by the NGO Espacio Público, in the last 20 years more than 400 media outlets, including print, radio, television channels, and digital platforms were closed in the country. In Ecuador, the number of journalists exiled due to threats in 2023 has risen to five, according to a statement issued by the Council for the Development and Promotion of Information and Communication of Ecuador (Cordicom).
Europe and Eurasia (EE)
In terms of digital attacks, one of the largest telecommunication providers, Kyvstar in Ukraine was hit by a cyber-attack that destroyed about 40% of its infrastructure in December 2023. Customers were left without phone or Internet access, at least 75 of Kyiv’s air raid sirens stopped working, and the banking system was also affected – the payment terminals and ATMs of PrivatBank worked with disruptions. The attack was supposedly conducted by the Russian military intelligence cyberwarfare unit, Sandworm.
In Armenia, on October 30, 2023, a significant number of iPhone users received notifications from Apple indicating their devices had been targeted by spyware. Media Diversity Institute in Armenia reported new Pegasus surveillance infections in Armenia, among politicians, CSOs, and journalists. Experts believe that the attack can be attributed to the Azerbaijani government. In Azerbaijan, according to the Head of the State Service for Special Communication and Information Security, at least 70 information resources suffered DDoS attacks from Armenian cyber groups – 15 resources belonged to the state structures. In Belarus, the top state-owned news agency, Belarusian Telegraph Agency, was shut down by the hacktivist group Belarusian Cyber-Partisans. The group stated that it had hacked the internal network and wiped the backup and main website servers – including all accounting, workstations, and archives. In Moldova, on November 10, 2023, the Telegram accounts of Moldova’s President Maia Sandu and other officials were hacked, with Moldovan special services suspecting Russian involvement, aiming to destabilize the country.
In this quarter, in terms of digital rights developments, authoritarian governments were the main source of attacks against journalists and activists exercising their right to freedom of expression online. In Azerbaijan, the government launched a new wave of repression aimed at its critics, civic activists, and journalists. Since November 2023, the authorities have arrested and charged at least six journalists and the numbers are growing. Among the detained journalists is the director of Abzas Media – one of a handful of independent outlets that remain in the country, following a series of criminal investigations and press freedom groups since 2014. In Belarus, the authorities continue to misuse counter-terrorism and anti-extremism legislation to further purge civic space, suppress freedom of expression, and eradicate political opposition. On November 3, 2023, the editor-in-chief of the Regionalnaya Gazeta, was sentenced to four years in prison on charges of “discrediting the Republic of Belarus.” According to investigators, the journalist, together with other employees of the media outlet, from 2020 to 2023, deliberately spread false information in print and digital publications that discredited Belarus and its state authorities. Earlier, online resources of the outlet were blocked and recognized as “extremist materials.” Nasta Lojka,a prominent human rights defender (HRD), who in 2022 was sentenced to seven years of imprisonment, was also included in the “list of terrorists”.
In December 2023, the European Council decided to open accession negotiations with Ukraine and with the Republic of Moldova. The respective negotiating frameworks will be adopted once the relevant steps set out in the respective Commission recommendations of November 8, 2023, are taken. The European Council also decided to grant the status of candidate country to Georgia. This decision means that eventually all three countries are expected to bring national legislation in line with the EU law, including regulations on personal data protection, digital services, open data, etc. It is important to ensure that CSOs with expertise in the field of Internet freedom are included in the process of development of relevant national legislation.
In light of the EU enlargement policy, special attention should be paid to the AI Act that is being discussed within the EU institutions and which might have an impact on the application of AI tech and digital rights in Ukraine, Moldova, and Georgia in the future. Also, in December 2023, the European Parliament and the European Council reached a political agreement on the European Media Freedom Act. Once officially adopted and published, the Regulation will be binding in its entirety and directly applicable in all Member States after 15 months. Ukraine, Moldova, and Georgia will need to consider the implementation of the key principles provided therein into national legislation to fulfill requirements for EU accession, in particular, to ensure transparency of online media and strengthen the protection of media independence and journalistic sources from state or private surveillance.
In November 2023, Belarus and international NGOs shared an open letter to IGF’s international stakeholders, underscoring how “open and transparent, inclusive, bottom-up, multi-stakeholder and non-commercial” dialogues that should be a trademark of any IGF initiative are impossible during the current authoritative regime in the country, amidst the announcement of local IGF forum to be held in Belarus. Civil society is concerned that international stakeholders’ involvement in such state-sponsored forums might indirectly legitimize harmful narratives and further limitations of IF.
The Balkans
During the reporting period, the Balkan region experienced a notable surge in cyber disruptions that targeted various institutions and media entities. Namely, on November 13, 2023, Raiffeisen Bank in Bosnia and Herzegovina (BiH) alerted clients of phishing emails masquerading as legitimate communication from the bank. On December 19, 2023, Serbia’s EPS, an electric power utility company, fell victim to a crypto-type hacking attack that disabled EPS’s bill payment portal. While the company assured that production and electricity trade activities remained unaffected, there was ambiguity surrounding the safety of personal and business data during the attack. Additionally, EPS intentionally deactivated parts of its system for security reasons. As reported by Secure Balkan, EPS was targeted by a ransomware attack, during which hacker group Qilin blocked servers, and stole a huge part of the company’s private data, including contracts with partners and financial documents. However, authorities declined to comment on the reported ransomware attack. Later in the same month, the Balkan Investigative Reporting Network (BIRN), encountered a DDoS attack on the Balkan Insight website. This attack followed the publication of articles about false copyright complaints concerning a convicted Turkish fraudster and lasted for three days.
On October 30, 2023, Apple notified two prominent civil society members in Belgrade of possible state-sponsored technical attacks on their devices. This led to an investigation by the SHARE Foundation and Internews, joined by the digital forensics expertise of Access Now and Amnesty International. The investigation revealed an attempted attack on August 16, 2023, targeting a vulnerability in the iPhone’s HomeKit, linked to the Pegasus spyware.
On the regulatory side, the government in Albania announced plans to employ ChatGPT to expedite the alignment of national legislation with the EU regulations. This initiative aims to translate thousands of pages of EU legal measures into Albanian, with the intent to integrate these provisions into local legislation. However, the initiative has sparked skepticism and raised concerns among legal experts and analysts. Critics have questioned the feasibility of solely relying on AI for such a complex task.
South and Southeast Asia (SSEA)
During the reporting period, Southeast Asia experienced significant cyber threats, with sophisticated attacks on critical infrastructure, healthcare, financial, and government sectors. These advanced persistent threats (APTs), likely state-sponsored and linked to Chinese interests, targeted multiple countries including Thailand, Indonesia, the Philippines, Vietnam, and Malaysia. Voice of America highlighted a broad cyber espionage campaign against government and private sector organizations, aligning with the political and economic objectives of the Chinese government. Additionally, The Hacker News reported covert espionage attacks by Chinese hackers on 24 government institutions in Cambodia, affecting defense, election oversight, and telecommunications. These incidents underscore the growing cybersecurity challenges in the region, influenced by geopolitical motivations. Additionally, the National Telecommunication Monitoring Center (NTMC) in Bangladesh experienced a severe data breach, exposing the center’s vast database to the open web and compromising extensive personal data. The Philippine Center for Investigative Journalism (PCIJ) website faced a cyberattack, leading to its temporary shutdown. The International Federation of Journalists (IFJ) noted the incident as part of a rising trend of cyberattacks against media outlets in Southeast Asia, threatening freedom of expression and access to information.
On the regulatory side, in Nepal, the Cabinet passed the “Directives on the Operation of Social Networking 2023”, requiring social media platforms to register with the government and establish offices in the country. This directive includes a 19-point not-to-do list for users, aiming to address issues like hate speech and misinformation. However, free speech advocates have raised concerns that the directive oversteps the Electronic Transactions Act and could potentially infringe on freedom of expression. The government has already relied on the directive to ban TikTok.
In Sri Lanka, the controversial Online Safety Bill was tabled in Parliament. This legislation, criticized for potentially impacting freedom of expression and information online, would allow a new commission to define, regulate, and prosecute the production or publication of “false statements.” The bill has faced opposition from various media stakeholders, urging the Parliament to withdraw it and conduct a thorough review.
India passed the Telecommunications Act, which significantly impacts freedom of expression and privacy by weakening encryption, authorizing warrantless interception of communications and network disruptions, as well as requiring service providers to biometrically verify users. Civil society has expressed concerns that the act will have a chilling effect on freedom of expression and could be replicated throughout South Asia. GNI signed on to a statement put forth by Access Now on December 21, 2023, and is working through the Freedom Online Coalition (FOC) Advisory Network to raise concerns about the law with FOC member states.
States United Democracy Center highlighted the influence of social media policies on elections in countries like Nepal, Bangladesh, and Indonesia. The document emphasizes the role of platforms like Meta (Facebook, Instagram, WhatsApp), YouTube, TikTok, and others in moderating content related to elections. Key policies include the prohibition of misinformation about election dates, locations, methods of voting, and candidate eligibility. The report also discusses the exemption of politicians from certain fact-checking processes and the requirements for political ads. These policies play a crucial role in shaping the digital landscape during elections, impacting how information is disseminated and consumed by the public.
According to a Reuters review of a confidential draft of the guide to AI ethics and governance developed by the Association of Southeast Asian Nations (ASEAN), Southeast Asia is taking a hands-off approach to AI regulations, contrasting the EU’s more stringent stance. This regional strategy focuses on non-binding principles rather than strict rules, aiming to guide domestic regulations without imposing heavy restrictions. This approach reflects a balancing act between fostering innovation in AI technologies and addressing ethical and societal concerns. The guide’s text is expected to be finalized at the end of January 2024.
Central Asia (CA)
During the last quarter, dozens of hacking attacks on Telegram accounts were reported in Tajikistan. To register a new account a user should receive a One Time Password (OTP) sent by SMS for authentication of a new device. Those users who were hacked did not receive the OTP confirming registration but instead saw a new device connected to the account and lost the ability to manage their accounts. The interception of SMS with OTP occurred by bypassing the mobile providers’ servers. There was no official explanation or investigation of these incidents, either from the state or from the mobile operators. Telegram’s technical support has ignored the complaints. CIPI and Access Now facilitated the public awareness-raising campaign by local media platforms providing step-by-step guidance on how to improve the security protection of personal accounts on Telegram and other popular messengers.
The attacks on civil society and media activists, both offline and online, have intensified in Kyrgyzstan. In one such case, Civil Initiatives on Internet Policy (CIIP) requested Access Now’s digital security helpline team to assist in addressing offensive bullying on social networks, which was discrediting the work of the organization and its staff. Namely, an unknown group of people using fake accounts widely disseminated the same text in local groups, mostly on Facebook. The Access Now specialists were unable to help in this situation as it was impossible to removed flagged posts from groups tens of thousands of members. Moreover, another group of media activists connected with Temirov Live media, famous for anti-corruption investigations, fell victim to a social media discreditation campaign. Right after the reporting period, searches took place in the offices of a few media agencies, resulting in the seizure of equipment and the detention of journalists. The Committee to Protect Journalists (CPJ) made a statement calling Kyrgyz authorities to stop criminal prosecution of media outlets and journalists’ arrests. The Spokesperson of the UN Human Rights Office in Geneva has also made a statement about the deteriorating situation on freedom of expression and called on authorities to ensure that media legislation in the country is in line with international human rights standards. The Access Now helpline, at the request of lawyers and trusted representatives, has been blocking access to email and social media accounts of detained journalists who want to be protected from investigation authorities gaining access to confidential information from their seized devices.
On the regulatory side, the parliament in Kyrgyzstanadopted the law on access to information aimed at protecting everyone’s right to freedom of information, including access to public information. Additionally, the draft law on cybersecurity became accessible for public review. In turn, the draft law on foreign agents that includes amendments to the Law on Non-Commercial Organizations and Criminal Code was approved by the Parliament in the first hearing at the end of October. In case the draft law is adopted, non-profit organizations receiving funding from abroad and conducting political activities will be recognized as ‘foreign representatives’ and required to provide additional reports and undergo extra inspections. Any violations will be punishable by either high fines or imprisonment from five to ten years. In September 2023, 120 NGOs called on parliamentarians to reject this draft law, which was followed by a similar call from the three UN special rapporteurs and the official representative of the UN Human Rights Office towards the Kyrgyz authorities in October 2023. The CPJ also argued that the legislation could “force many nonprofits to close” in Kyrgyzstan, as it has in Russia.
In Tajikistan, a new Unified Information Center for the Prevention of Extremism, Terrorism, and Cybercrimes has been created under the Prosecutor General’s Office to improve the coordination and effectiveness of combatting crimes on the Internet. The Parliament recently approved a bilateral Agreement on Cooperation with Russia aimed at joint efforts to combat the misuse of information and communication technologies to ensure international information security. In particular, the agreement covers terrorist and extremist propaganda, hacking of information infrastructure, violation of public order, and incitement to hostility.
In Kazakhstan, MediaNet International Centre for Journalism Public Foundation coordinated a joint response by civil society to the oppressive policy of publishing a list with personal information of organizations and individuals receiving foreign funding. GNI led the preparation of a blog post in cooperation with key CSOs. Civil society has called upon Kazakhstani policymakers to abolish the public foreign funding register as it violates the right to privacy and non-discrimination, which is encouraging the misuse of personal data for intimidation and suppression. The blog post is available in English, Kazakh and Russian. On October 18, 2023, Kazakhstan hosted the first national IGF.
The Middle East and North Africa (MENA)
During the reporting period, in Iraq, Tech4Peace (T4P) encountered numerous instances of hacking attacks that impacted journalists, activists, and citizens. These incidents typically involved extortion through hacking social media accounts or phishing to access personal and financial details. On December 5, 2023, an arrest warrant was issued for a woman named Hassan Al-Bash for charges of publishing degrading content online that was deemed immoral and in violation of traditions in the country. This is the most recent case of an individual arrested and charged based on the recent campaign conducted by the Iraqi Ministry of Interior and Supreme Judicial Council that aims to persecute anyone for posting degrading content on social media.
In Gaza, on November 10, the Israeli government shut down the Internet in the Gaza Strip for the 2.3 million residents in the country due to the ongoing war. The shutdowns impacted Internet service and telecommunication access, resulting in a significant decrease in Internet traffic and accessibility. The local government and Internet service providers acted quickly to restore connectivity in Gaza. However, since then, Internet disruptions have occurred regularly and are an ongoing issue for the local population.
On November 29, 2023, hackers by the name of Cyber Toufan targeted the Israeli government’s State Archive which is used to house sensitive data related to the government’s military. The group claimed to have hacked the archive and uncovered the identity of Israeli soldiers, including their names, ranks, service numbers, and place of residence which the group subsequently posted on its Telegram account. Additionally, hackers by the name of Malek Team hacked Israel’s Ono Academic College and stole data from the school’s internal system of more than 250,000 people.