[liberationtech] Azerbaijan wants to register mobile phones

Katrin Verclas katrin at mobileactive.org
Mon Jan 9 09:00:30 PST 2012 

A few thoughts from here, HQ of SaferMobile:  

1. SIM Card Reg

Eric says:

> the question of whether a SIM was purchased anonymously may be relatively
> irrelevant. Many countries already require all SIMs to be identified with an
> individual (say, Burma, Belarus, most EU countries (certainly France), or (I
> think) the US). (China has, since October 2010, required SIM sales to be
> identified with a person, but the rulebs observed in the breach.)


We did, for the first time ever that we are aware of, a comprehensive assessment of SIM card registration requirements for the 47 least free countries and 63 partially countries as defined by Freedom House's Freedom of the World Index.  45 out of the 47 countries require a combination of ID, photo, and fingerprint to activate a SIM card. Of course, it is possible to get a 'gray' card in those countries which may work for a while without being ID'ed with your identity. Of course, Eric's precautions are all still valid - more on that below. 

As far as the regulatory context of AZ is concerned, here is what we got (all of this is going live, by the way, in the next week or so)

4	Azerbaijan	Ministry of Communications and Information Technologies of the Republic of Azerbaijan	http://www.mincom.gov.az/en/main.html	http://www.mincom.gov.az/en/telecom.html	

The Law of the Republic of Azerbaijan on Telecommunications was enacted in 2005. It sets out general legal framework for telecommunication networks and services, and includes provisions on numbering, licensing, tariffs, interconnection, rights and duties of operators and subscribers, international cooperation and dispute resolution.

What provisions, if any, are contained in the telecommunications regulations regarding the government's ability to conduct surveillance or monitoring of mobile technology?
There are no explicit provisions authorizing surveillance. However, article 39 of the Law of the Republic of Azerbaijan on Telecommunications states that operators "must promote in proper legal manner implementation of search actions, supply telecommunication [networks] with extra technical devices according to terms set by corresponding executive power body for this goal, solve organizational issues and keep methods used in implementation of these actions as secret."  Article 38 states that the law guarantees confidentiality of communication except as provided by law.	

What provisions are contained in the law regarding the government's ability to request disclosure of subscriber information?
To the extent allowed by the vagueness of article 39.	

Are there any emergency or national security laws that allow the government to gain control of mobile network (e.g. suspend network, conduct interception, etc)?
Article 16 entitles the government during times of martial law and state of emergency "to preference in use of necessary telecommunication nets, units and means and can stop, limit their use or apply special rules for use of communication."  New rules require all operational mobile devices (cell phones) in the territory of Azerbaijan to be registered at Mobile Devices Registration System (MDRS). MDRS is not ready yet and is to be set up by the Ministry of Communication and IT. All cell phone carriers will have to connect their networks to MDRS. Information required for the system will include cell phone's IMEI code, a number associated with that phone and serial number of the SIM card. A cell phone will work only with a number associated with it and registered at MDRS. Otherwise, cell phone operators will have to block it.In practice, it means the government will be able to switch off every phone in the country.	

Are there any restrictions on encryption, including on VoIP? Is encryption allowed or forbidden? 
The telecom law does not specify any restrictions on encryption.  VoIP service is considered a form of communication and requires a license (source: http://news.day.az/hitech/69561.html).

Is there intermediary liability for content distributed over the network?
Internet is considered "mass media" under Azerbaijan law and is governed by the 1999 legislation "On mass media." Under that law a publisher may face liability for publishing information which incites "violent overthrow of an existing constitutional state formation, attempt on integrity of the state, propagation of war, violence and cruelty, national, racial, social hate or intolerance, printing under cover of a title of an authoritative source of hearings, lie also of prejudiced publications humiliating honor and a dignity of the citizens, pornographic materials, slander or undertaking of other unlawful operating." (Full text of the law is available at: http://www.mincom.gov.az/en/main.html, under legal documents/laws).	

Is the operator's ability to provide services in the region conditioned on disclosure of subscriber information in any way?
Article 39 of the telecom law requires cooperation of the telecommunications sector with law enforcement.	 

Has there been a revocation or threat to revoke a license, if so, why? 
No instances found.	

Are there any provisions in the licensing agreement explicitly authorizing interception or surveillance?
To the extent allowed by article 39



2. Mobile security 

While I could not agree more with Eric on all he is saying below, but that said, fact is activists, rights defenders and journalists DO use phones, even though they pose considerable risks. From our POV, it's a matter or risk awareness and mitigation, based on specific threat models rather than categorically saying: Don't use phones.  

Ain't going to happen so we rather work with reality here. 

By the way, the US does not require any ID for prepaid SIMs for now. These are the burner SIMs/phones we all hold dear.... and pay for in cash. With all of Eric's caveats on location, IMEI, SIM etc tracking and logging.  

All the best,

Katrin 

On Jan 9, 2012, at 10:16 AM, Katy Pearce ucsb wrote:

> Thanks Eric.
> 
> Will pass this to Ali.
> 
> Actually we find that there is cybersurveillance (documented in the
> paper that was linked to above) in Azerbaijan.
> 
> I would expect the AZ government to use this new law to engage in more
> cybersurveillance...
> 
> On Sun, Jan 8, 2012 at 5:53 AM, Eric S Johnson <crates at oneotaslopes.org> wrote:
>> Within the context of our technology mentoring in the ISC, we advise folks
>> in briskyb countries that mobile phones are, everywhere and always, a very
>> high security risk. To the extent that contemporary software used by law
>> enforcement agencies with access to MNOsb log files can relatively easily
>> 
>> B7        know all (turned-on) mobile devices (phones, SIMs)b locations at
>> all times, now and in the past,
>> 
>> B7        store, read, and analyse all SMSs ever sent, and
>> 
>> B7        enumerate identities and networks of people by looking at whobs
>> talking to whom,
>> 
>> the question of whether a SIM was purchased anonymously may be relatively
>> irrelevant. Many countries already require all SIMs to be identified with an
>> individual (say, Burma, Belarus, most EU countries (certainly France), or (I
>> think) the US). (China has, since October 2010, required SIM sales to be
>> identified with a person, but the rulebs observed in the breach.)
>> 
>> 
>> 
>> And, to the extent that all MNOsb operation depends on frequency licensing
>> from the governments in whose jurisdiction they operate, all MNOs are, by
>> definition, totally under those governmentsb control, and will in any case
>> eavesdrop on, and/or terminate, any and all clientsb use of their networks,
>> upon govbt demand.
>> 
>> 
>> 
>> We think the key is to encourage folks to use internet instead of
>> calls/SMSs, and to help make sure folksb internet use is, to the maximum
>> extent possible, encrypted. Certainly, thatbs my modus operandii when in
>> Azerbaijan, Burma, China, or Uzbekistan (all of which Ibve visited in the
>> last six months).
>> 
>> 
>> 
>> Katy, do you (or Ali) think the new AZ regulation will really materially
>> change the degree of risk associated with activistsb use of mobile
>> communications technologies? The key issue is probably more one of whether
>> the govbt of AZ is using the kinds of the software mentioned above, rather
>> than whether SIMs can be procured anonymously.
>> 
>> 
>> 
>> For the record, AFAIK, AZ doesnbt censor internet access at all, nor are
>> there well-documented cases of cybersurveillance (although activists should
>> always assume attempts are being made). However, starting in the second half
>> of 2011, major independent Azerbaijani news-providing sites have found
>> themselves under occasional DDOS attacks.
>> 
>> 
>> 
>> Best,
>> 
>> Eric
>> 
>> 
>> 
>> From: liberationtech-bounces at lists.stanford.edu
>> [mailto:liberationtech-bounces at lists.stanford.edu] On Behalf Of Katy Pearce
>> ucsb
>> Sent: Saturday, 07 January 2012 02:29
>> To: liberationtech at lists.stanford.edu
>> Subject: [liberationtech] Azerbaijan wants to register mobile phones
>> 
>> 
>> 
>> http://blog.novruzov.az/2012/01/azerbaijan-to-register-all-mobile.html
>> 
>> Blogger (and friend) Ali Zovruzov has translated a new law in Azerbaijan
>> where all mobile phones will be registered to the government and the
>> government will have the potential to shut off mobile communication.
>> 
>> The measure bypassed the parliament and was approved directly by the Council
>> of Ministers (which is sort of like the president's cabinet).
>> 
>> On his blog some commenters don't think that this is a big deal, but...
>> 
>> For some Azerbaijan context - it has been becoming more authoritarian and
>> using technology to aid that:
>> http://caucasusedition.net/analysis/%E2%80%9Cthis-is-what-can-happen-to-you%E2%80%9D-networked-authoritarianism-and-the-demonization-of-social-media-in-the-republic-of-azerbaijan/
>> 
>> 
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>> 
>> Should you need to change your subscription options, please go to:
>> 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
>> If you would like to receive a daily digest, click "yes" (once you click
>> above) next to "would you like to receive list mail batched in a daily
>> digest?"
>> 
>> You will need the user name and password you receive from the list moderator
>> in monthly reminders.
>> 
>> Should you need immediate assistance, please contact the list moderator.
>> 
>> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech


Katrin Verclas
MobileActive.org
katrin at mobileactive.org

skype/twitter: katrinskaya
(347) 281-7191

Check out the new Mobile Media Toolkit at 
http://mobilemediatoolkit.org. To "Making Media Mobile!"

A global network of people using mobile technology for social impact
http://mobileactive.org

_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list