EU Ukraine

Cyberattacks on Ukraine’s infrastructure and civil society violate human rights

Update: February 24, 2022 — We stand with the people of Ukraine as they endure Russia’s large-scale military invasion targeting population centers across the country, alongside ongoing cyberattacks impacting critical services and infrastructure. Digital rights violations enable and escalate offline violence, and the calculated attacks targeting digital systems essential to people’s safety and wellbeing are unacceptable.

The international community must urgently take up the recommendations below in support of Ukraine’s civil society and those most at risk. All public and private entities operating in Ukraine that provide digital services and handle sensitive user data should urgently review their services for potential security and human rights issues, clearly communicate to their users any anticipated impacts to services, and consider the wellbeing of their staff and stakeholders amidst this crisis and in light of Russia’s apparent intentions to replace the Ukrainian government. We welcome initial efforts by tech companies, including Meta and Cloudflare, to implement extra security measures and set up Special Operation Centers that include language experts to help protect Ukrainian users. We encourage tech companies to take swift action enabling users to easily lock down or delete their accounts and data, and enhancing the security and resilience of networks, apps, and services, while keeping watch for campaigns of disinformation and abuse. We are also urging providers to ensure civil society voices in Ukraine, Russia, and beyond remain online, protecting them against censorship attempts.


Alongside Russia’s eight years of armed aggression against Ukraine and its ongoing threats of large-scale invasion, cyberattacks on Ukraine’s critical infrastructure and civilian services are putting people’s human rights at risk. We call on the international community to provide the necessary support to Ukraine and its human rights defenders to ensure people are protected from cyber threats.

Cyberattacks targeting Ukraine’s critical infrastructure are undermining people’s human rights. The most recent attacks on January 13-14 and February 15, 2022 targeted essential public service infrastructure, including both major national banks and the e-governance platform Diia, which provides people with access to more than 50 public services ranging from supporting parents of newborns to opening a business to providing proof of COVID-19 vaccination. Cyberwarfare is an assault on human rights, and has devastating effects on people’s privacy, freedom of expression, safety and security, and access to information. Cyberattacks can wipe essential systems such as electrical grids, hospitals, and governmental services offline, exacerbating tensions, worsening crises, and endangering lives.

Cyber operations targeting journalists, civil society organizations, and human rights defenders are particularly alarming and should be prohibited in all circumstances. Individuals who work in defense of civil liberties, rights, and democracy are themselves a form of critical infrastructure, often providing direct services and advocating for the needs of the most vulnerable.

CALL TO ACTION

The international community must come together to provide additional support to Ukraine and its human rights defenders in increasing their resilience to ongoing cyber threats, as well as investigating prior attacks and holding perpetrators to account.

1. PROVIDE DIRECT SUPPORT TO JOURNALISTS, CIVIL SOCIETY, AND HUMAN RIGHTS DEFENDERS

There is a pressing need to provide Ukrainian civil society with technical means to protect both themselves and the sensitive data on their servers and devices, as well as to prevent future attacks. We urge tech companies, nonprofits, and funders to expand their support programs and provide Ukrainian activists with free and secure VPNs, antivirus programs, encryption, DDoS protection, and other essential digital tools, equipment, and services.

Civil society organizations, human rights defenders, and journalists in need of digital security assistance can connect with Access Now’s  24/7 Digital Security Helpline at [email protected].
2. ESTABLISH AND UPHOLD CLEAR, PEOPLE-FIRST CYBERSECURITY STANDARDS 

UN bodies and other international organizations advancing cybersecurity and cybercrime law and norms should center human rights in their work, take a human-centric approach, and condemn those who permit or perpetrate cyberattacks.

States participating in the upcoming 49th Session of the UN Human Rights Council should condemn cyberwarfare as a threat to human rights in Ukraine, call for an investigation of their human rights impacts, and take steps to hold perpetrators accountable. Further, they should ensure that resolutions on human rights defenders, disinformation, and related topics all strengthen protections for digital rights and raise the human rights impacts of surveillance, censorship, and disruptions to connectivity.

3. GUARD AGAINST ATTEMPTS TO ESCALATE AND EXPLOIT CURRENT TENSIONS 

Social media platforms and other technology firms must make the investments necessary to prevent the spread of disinformation campaigns designed to escalate tensions in the conflict between Russia and Ukraine.

LIkewise, both policymakers and internet service providers should refrain from using misinformation as a justification for restricting access to the internet or communications platforms. Limiting free expression and access to information is particularly dangerous for vulnerable individuals in moments of unrest and uncertainty, and only puts them further at risk.

Governments and technology firms must also vigilantly guard against rogue actors seeking to exploit current tensions to camouflage their disruptive, criminal activities. It is essential to fully  investigate any cyber attacks that undermine human rights, even when some attacks may not be directly attributed to specific government actors, as leaving them unaddressed cultivates an overall environment of impunity.


SIGNATORIES

Access Now
Centre for Democracy and Rule of Law
Digital Security Lab Ukraine
European Digital Rights (EDRi)
ARTICLE 19
ApTI, Romania
Centrum Cyfrowe
Electronic Frontier Finland
epicenter.works – for digital rights
Homo Digitalis
Internet Society Bulgaria
IT-Political Association of Denmark
Panoptykon Foundation