25 November 2014

How Central Asian Governments Monitor Their Citizens

November 22, 2014

A Privacy International report shows just how comprehensive the surveillance is. 

It’s no surprise that civil rights in Central Asia stand as something of a farce. The region, nearly a quarter of a century after gaining independence, retains much of its Soviet legacy of stanched media rights and desiccated political opposition. Despite fits and starts of democratization in Kyrgyzstan – which has seen a discernible turntoward a Russian-style clampdown in recent months – the region has remained tethered to its strongman politicking and truncated civil space.

But while much of the efforts within the region to limit opposition press or quash political dissent have been relatively public, the ability of Central Asian regimes to monitor potential discord has been under-covered, especially in relation to analyses of Russia and China. A recent report from Privacy International, however, has tried to shine some light on the methods Central Asian governments are using to track their populaces – and to examine how closely they mirror Russian and Chinese examples, as well as which Western companies have supplied the necessary technology along the way.

The 96-page “Private Interests: Monitoring Central Asia” is heavy on technical detail and schematics, including mapping of surveillance nodes and jargon-laced descriptions of the specific monitoring mechanisms. However, there are a few broad takeaways worth noting, both regionally and within specific nations. First, it appears that Central Asian governments – Kazakhstan and Uzbekistan, especially – have opted to tilt their surveillance methods toward the Russian example, utilizing a model known as System of Operative Investigative Measures (SORM), which gained much notoriety during the Sochi Olympics. “Modern electronic surveillance techniques in the Central Asian republics have been primarily influenced by those of Russia,” according to the report’s authors. SORM, as the report continues, “requires Internet Service Providers (ISPs) … to keep a detailed record of their subscribers’ internet activity and, if necessary, to install the hardware necessary for doing so. Under SORM in Kazakhstan, for example, this information includes details regarding users’ identities, data regarding specific visits, and details concerning the traffic being transmitted.” One program within the SORM rubric can “store more than 10 terabytes of data, roughly equivalent to the US Library of Congress.”

Email, phone conversation, even Skype conversations – all have been tapped, stored, and utilized in intelligence agencies’ efforts to monitor and crush dissent, be it through human rights or media mechanisms. Even Uzbekistan’s first family doesn’t seem immune. As the report adds, “According to correspondence seen by Privacy International, [the Uzbek president’s daughter] Gulnara Karimova claims to have become a target for electronic surveillance.”

Unfortunately, and unlike American and European legislation, there appears little legal framework for monitoring and restraining the security organs – successors to the Soviet-era KGB – that have led surveillance efforts in Kazakhstan and Uzbekistan. As the report notes, and in contradistinction to public treaties the countries have signed, “In Uzbekistan and Kazakhstan … the principal intelligence agencies – widely implicated in human rights abuses – [have] direct, unchecked access to the population’s phone and internet activity through the establishment of monitoring centres.” In Kazakhstan, the security agency’s procurement of such surveillance technology directly contravenes existing legal frameworks, which tasks others – the Ministry of Internal Affairs, the Financial Police – with the ability to “interfere with private communications.”

The report implicates a pair of Western organization surveillance organizations in aiding the regional surveillance: the U.S.-based Verint Systems, and the Israel-based NICE Systems. In Kazakhstan, both organizations have been contracted directly by the country’s intelligence agency. Verint has been aiding in monitoring centers “since the early 2000s,” and in a recent upgrade in 2012 to allow further IP access via “Deep Packet Inspection” techniques. The company also signed contracts directly with the country’s intelligence agency, meaning it is “subject to less rigorous oversight and regulation” in Kazakhstan than other contractors are. The same holds true for the work of both Verint and NICE in Uzbekistan – which also roped in an American company, Netronome, in order to “gain access to SSL-encrypted communications, such as those now offered by default” by Gmail and Facebook, among others.

The surveillance methods used thus far in Central Asia have proven so widespread – in both perception and reality – that numerous “surveillance targets” in Turkmenistan were unwilling to speak to Privacy International about their experiences, even with the promise of anonymity. As such, according to human rights advocate Natalia Anurova, “very little communication is occurring by electronic means within Turkmenistan[.]” And after the report, there seems little reason that trend will change.

http://thediplomat.com/2014/11/how-central-asian-governments-monitor-their-citizens/

No comments: