Monthly Archives: August 2014

In smuggled message, Karimova pleas for medical care

Gulnara Karimova, the flamboyant elder daughter of Uzbekistani President Islam Karimov, says she and her daughter are imprisoned in their house and have been denied needed medical attention, the BBC reports.

Gulnara Karimova

Karimova made the allegations in audio recordings apparently smuggled out of Uzbekistan on a USB stick. She had last been heard from in March, when a letter experts said was likely written by her made its way to a BBC correspondent as an attachment to an anonymous email. She said at the time she that was being beaten, threatened, and constantly watched. She also managed to put out a message to Uzbekistan’s press that she needed medical care.

This time, Karimova says her teenage daughter needs treatment for a heart condition.

Karimova used to have her fingers in many pies in Uzbekistan, an authoritarian country notorious for human rights abuses. She has been a pop star, a fashion designer, a businesswoman, and a philanthropist.

But she has a reputation as a shakedown artist, demanding her cut from companies that want to do business in Uzbekistan. She was described in a 2005 U.S. diplomatic cable as something of a robber baron. Karimova is a suspect in a massive corruption probe in Sweden, where prosecutors say she indirectly received a bribe from TeliaSonera, a Swedish-Finnish company, for a license to operate in Uzbekistan. She is also under investigation for alleged money laundering in Switzerland.

Karimova has been out of the public eye since last fall after apparently falling out of Islam Karimov’s favor. Her businesses, including radio and television stations, have been shut down and close associates jailed.

During her troubles, she has decried her country’s lawlessness and blamed her plight on its security chief. But Andrew Stroehlein, a spokesman for Human Rights Watch, told the BBC that Karimova has likely known for years about “serious and systematic rights abuses in Uzbekistan, and she has had many opportunities to hand that information over to journalists and human rights groups. She hasn’t.”

In March, Daniil Kislov, editor in chief of the independent news agency, told the BBC that Karimova’s father had likely run out of patience with her – particularly with her attempts to monopolize foreign investment.

First TeliaSonera transparency report released

Swedish-Finnish telco TeliaSonera issued its first transparency report on Friday, Aug. 22. The company disclosed surveillance requests from its two home jurisdictions, along with promises of more comprehensive reports to be released every six months.

This report marks an overdue, though welcome, step toward consistent disclosures of major risks to TeliaSonera users. Statistics in this report only cover surveillance requests in Sweden and Finland, though the company will expand reporting to 5 more countries — Denmark, Estonia, Nepal, Norway and Spain — in its January 2015 report.

The former state-owned telco also operates in emerging markets in Eurasia, including Uzbekistan, and Azerbaijan, and has minority ownership of Turkcell in Turkey, and Megafon in Russia. These governments routinely violate human rights using direct and indirect access to telecom networks, and any companies operating there must clearly state their human rights principles and disclose steps and obstacles to implementing them, including through transparency reporting. As one example, see the statement by on privacy and free expression by TeliaSonera’s CEO here, along with their recent sustainability report.

Transparency reporting on surveillance requests

Reporting of third-party requests impacting user data and connectivity is fast becoming a basic requirement of conducting business around the world. Since January 2014, transparency reports from Australia’s Telstra, Vodafone, Deutsche Telekom, along with CREDO Mobile, AT&T and Verizon in the U.S., have revealed how telco data fuels government surveillance. While many non-U.S. firms are only releasing data in their annual reports, TeliaSonera has adopted the standard twice-yearly reporting calendar, which is necessary to track this fast-moving space.

TeliaSonera reports getting 4,091 requests last year in Finland for “historical data,” a category including location data and cell phone tower dumps, which show all users whose phones pinged a certain tower over a certain period of time — an enormous amount of info that reveals the location thousands of users not related to the subscriber under investigation. Less than half that number of requests, or 1,996, came from Sweden in 2013. Given that TeliaSonera has greater market share in Sweden, which has a larger population than Finland, you’d expect the company to receive more requests from Sweden. The opposite is true, however. Finland also issues roughly one-and-a-half to two times more real-time surveillance and wiretap requests than Sweden to TeliaSonera, suggesting that Finland’s intelligence and security forces are more willing and able to access — or perhaps dependent on — user data than Sweden’s government.

Freedom of expression and remedy

TeliaSonera takes an innovative step to show the risks to freedom of expression as well privacy, by categorizing government requests and demands for network shutdowns, blocking of services (like SMS) and content (like Facebook), and other disruptions as “major events.” From January to June 2014, TeliaSonera “logged some ten major requests or demands from governments across our operations that have a potentially serious impacts on freedom of expression in telecommunications.”

Unfortunately, while the company gives the context of its response to the requests, it offers very little information about the disruptions themselves (though some events are mentioned directly on their website. TeliaSonera says governments often prohibit disclosure of this type of information, so TeliaSonera will release “aggregated information” on major events with its upcoming January and July transparency reports.

Access encourages more quantitative reporting by companies on their free expression impacts. We suggest telcos disclose several indicators:

  • Government requests for disruptions, broken down by type, and by the country and agency requesting it;
  • Whether the company complied;
  • Duration of service outages;
  • Number of subscribers affected;
  • Reasons given for the government’s initial request, and for the lifting of the suspension; and
  • The substance of user complaints related to the disruptions.

Additionally, companies should disclose any commercial deals that result in the promotion or degradation of certain applications and services. As noted in Access’ Telco Remedy Plan, preserving and disclosing evidence of government-ordered disruptions is an important step toward providing affected users with access to remedy and redress.

Next steps

Over the past two years, TeliaSonera has had a high-profile struggle over corruption and its intimate involvement in the human rights abuses of state security forces in several countries. Access weighed in when TeliaSonera’s CEO stepped down in early 2013 over due diligence failures, we called for transparency reporting more than a year ago, and we even hosted a session on surveillance disclosures at RightsCon, where TeliaSonera participated.

While this is a welcome step forward, more granularity will be needed about “major events” impacting free expression, in line with the above indicators. At minimum TeliaSonera should break down the disruptions by type of blocking. The company also must proceed as quickly as possible to report surveillance requests from all countries in which it operates. If any governments bar reporting, the telco should follow Vodafone’s lead by naming any laws or other obstacles to disclosure, as well as its plan to work with all stakeholders — including Access — to tear down those barriers. In addition, publishing rates of data retention will help inform users about laws and practices affecting their privacy across different countries.

This report marks the first step toward consistent disclosures of the facts that users need to gauge their security and privacy on TeliaSonera networks.

Updates: This post has been updated to reflect that TeliaSonera does not operate in Turkey and Russia, but has minority ownership in telcos there; to link to the CEO’s statement on human rights; and to note the company’s sustainability report and its comments on major events affecting freedom of expression.

UN investigates business and human rights in Azerbaijan

This week, Azerbaijan is hosting experts from the UN’s Working Group on the issue of human rights and transnational corporations and other business enterprises “to examine the impact of business activities on human rights in the country.”

No stranger to UN inquiries, this CIS-region dictatorship has been the subject of a wide range of human rights reviews in recent years. Just this week, three UN experts condemned the “wave of politically-motivated repression” against human rights activists in the country.

This is the first business and human rights inquiry there, however, though Access has called out the country in the past for its surveillance state. The oil-rich former Soviet republic’s information and communications technology (ICT) sector remains susceptible to government pressure, resulting in restrictions on the human rights of journalists, activists, and ordinary users. These abuses lead to harsh knock-on effects, including arbitrary arrest and torture.

Access recently shared our concerns in a letter to the UN Working Group, and recommended it focus its inquiry on Azerbaijan’s obligations to protect the human rights to free expression and privacy online.

Azerbaijani history of pervasive surveillance

The sordid history of invasive surveillance and oppression by Azerbaijani state security is well documented. In 2012, Swedish news media reported that Swedish telco TeliaSonera sold high-tech surveillance capabilities to several former Soviet republics, including Azerbaijan, where TeliaSonera owns part of the largest mobile provider Azercell. Not only did these technologies allow police direct access to TeliaSonera’s communications networks, but Azerbaijani security officers actually sat in the telco’s offices. Reports noted that the “direct access to subscribers’ telephone calls, data, and text messages” provided to Azerbaijani security services resulted in the arrests of members of political opposition groups.

For its part, TeliaSonera has since undergone a comprehensive human rights assessment, and swapped most of its top management for new faces. The same cannot be said of government authorities: Azerbaijan has had the same prime minister and president since 2003, and a 2008 constitutional amendment abolished term limits. What’s more, the current President Illham Aliyev inherited power from his father Heydar, who was president from 1993-2003 and led Soviet Azerbaijan from 1969-1982, effectively dominating the political life of Azerbaijan for decades.

Access Recommendations for Working Group

Despite the Azerbaijani government’s invitation to the UN experts, the Working Group should not be misled: authorities have systematically demanded businesses contribute to government programs that undermine human rights.

For these reasons, Access provided the following recommendations to the Working Group:

1) Investigate laws and practices relating to surveillance, including telecom licensing requirements and any unlawful pressure that government authorities put on companies to gain access to user data and networks.

2) Consult civil society, journalists, bloggers, and other users whose communications puts them at risk for surveillance and harassment both on and offline. This may help to identify patterns, such as whether data from telecom companies like SMS records or geolocation information has been used during interrogations.

3) Assess the state of user data security, including whether users have access to the technical means to access information confidentially and communicate securely. Query whether encryption tools are banned, as the Azerbaijan Airlines “custom regulations” website prohibits the import of “technical means designed to obtain information secretly.”

4) Probe the safeguards for access to information and free expression online. The government has been suspected of shutting down or slowing internet connections in some regions where social activism and opposition voices have been most active.

5) Survey telecom industry staff and leadership for evidence of government solicitation of bribes or other corruption. Staff should not be subject to harassment or illicit pressure to take any action that violates human rights law and norms, domestic laws, or company policy.

For its part, the Azerbaijani government should cease its repression of human rights defenders and enact rules that would enable users to communicate more securely while also building trust in the telecoms and ISPs that deliver connectivity in the region.

Access and our partners in the region support the Working Group’s inquiry, ask they consider our recommendations, and look forward to reading the report on this important country visit.

Teo raises ethical requirements for partners

Lithuanian fixed operator Teo plans to invite suppliers to sign a renewed Supplier Code of Conduct. The company will set higher requirements of ethical behaviour, fight against corruption and for human rights, health and safety, and the environment. The company aims to work only with responsible suppliers. According to Teo CEO Kestutis Sliuzas, the operator plans to encourage its suppliers to deploy principles of sustainable business. Teo would also like suppliers to encourage such behaviour among their partners, pushing responsibility throughout the entire supply chain. The suppliers also need to ensure that there are no harmful and prohibited materials in products. Responsible suppliers are required not only to meet general environment requirements, but also to undertake additional measures such as seeking for energy efficiency and reduce environmental impact.