Privacy International uncovers widespread surveillance throughout Central Asia, exposes role of Israeli companies

Press release

Governments across Central Asia have deployed advanced surveillance systems, including monitoring centres capable of spying on an entire country's communications, according to a new investigative report published today by Privacy International.

The comprehensive report, “Private Interests: Monitoring Central Asia”, contains personal accounts taken by Privacy International detailing how Central Asian governments use electronic surveillance technology to spy on activists and journalists in the country, and exiles abroad. The testimonials attest to the widespread nature of electronic surveillance in countries such as Kazakhstan and Uzbekistan, and describe how governments use surveillance to clamp down on dissent and to reinforce their political control.

Surveillance systems in the region are enabled by foreign companies that provide the products and services that allow Central Asian governments to spy on their citizens. The largest players in the region are two multinational technology companies with offices in Israel: Verint Israel and NICE Systems. Privacy International uncovered that these companies have supplied monitoring centres to Kazakhstan’s KNB and Uzbekistan’s SNB, two security agencies widely implicated in human rights abuses. The monitoring centres allow agencies unchecked access to citizens' telephone calls and internet activity on a mass, indiscriminate scale.

The investigation also found that Verint attempted to facilitate Uzbek authorities’ interception of encrypted SSL traffic using fake certificates, based on technology provided by US-based company Netronome, which is owned by Blue Coat. Should Verint have been successful, it would have enabled Uzbek authorities unprecedented access to private communications, and undermined the web's most secure form of communication.

Privacy International discovered how agencies in Kazakhstan use distributed monitoring nodes known as Punkt Upravlenias (PUs) to conduct surveillance. Placed strategically throughout the country, including oil-producing region Aktobe and populous Almaty, PUs collect and decode audio information and IP data on an automated basis, before presenting the information to the agencies through a handler interface. The installation of these nodes was tendered to local companies but was likely marketed and supplied by foreign surveillance companies.

Through the course of the investigation, Privacy International uncovered nearly 100 sensitive documents, including government contracts and technical details of the surveillance equipment, which describe in detail the relationship between governments and industry acting as re-sellers and distributors facilitating widespread surveillance across the region.

It also highlights the role of some of the world’s largest multinational communications services providers who grant direct access to government agencies with little to no knowledge about how their networks are being used. Similarly, it points out how large telecommunications equipment manufacturers have been adapting their hardware in order to facilitate government surveillance.

Central Asia serves as a unique backdrop to the examination of the surveillance technology industry: it consists of some of the most authoritarian systems of governance in the world with repressive state authorities increasingly keen to clamp down on internet and telecommunications freedoms. Indeed, the report finds serious deficiencies with the legal framework governing surveillance in the region. Despite massive human rights issues within all of the countries, there are currently few trade restrictions stopping companies from empowering these state authorities with surveillance technology.

The report offers a series of recommendations for companies selling the equipment, communication service providers, hardware manufacturers, multilateral institutions, foreign governments, and export control bodies in order to protect the rights of those in the region and abroad.

Edin Omanovic, co-author of the report and Research Officer with Privacy International, said:

The brutal secret police of authoritarian states have been empowered with sweeping surveillance capabilities, aimed at putting the private lives of every individual within their reach. This is exactly the kind of nightmare scenario that becomes inevitable when you have an unaccountable industry operating under the radar.

But questions also need to be asked of the entire telecommunications industry, which has been willfully blind to the facts. All of the actors identified in the report need to take the bold steps necessary to ensure that the global communications infrastructure isn’t being hijacked for repression as it currently is in Central Asia.”

Mari Bastashevski, co-author of the report, said:

It’s striking how many of the industry participants and government officials are already aware of how this surveillance technology is being used, or misused, by the State. Yet at the same time, those we spoke to did not feel they were directly contributing to the abuse of rights by being part of the chain, but instead were just someone who’s just doing their job.

The kind of detachment where intimate details of personal correspondences becomes impersonal data, petabytes stored is very problematic. If we’re to see things improve, we need to remember that these are actual people, not “targets”, and consider the matters from a perspective of a collective responsibility, not merely a problem with abstract technology in a far away region."