Blog Archives

Archives for December 2015

December 16, 2015 - Comments Off on UN Expert Urges Pakistan to Ensure Protection of Freedom of Expression in draft Cybercrime Bill

UN Expert Urges Pakistan to Ensure Protection of Freedom of Expression in draft Cybercrime Bill

The United Nations’ Special Rapporteur on freedom of opinion and expression, Mr. David Kaye, recently shared with the Government of Pakistan his concerns with the draft Cybercrime Bill currently pending before the National Assembly.

Digital Rights Foundation shared its analysis of the Cybercrime bill with Mr. David Kaye for the statement, which can be found here.

December 10, 2015 - Comments Off on DRF Concludes Successful Second National Conference on The Right To Privacy in The Digital Age

DRF Concludes Successful Second National Conference on The Right To Privacy in The Digital Age

ISLAMABAD, NOVEMBER 27, 2015: Digital Rights Foundation organized its second National conference in collaboration with Privacy International on The Right to Privacy in the Digital Age in Islamabad on November 26th, 2015, with the objective of starting a debate around the lack of laws pertaining to cyberspace, with regard to privacy in particular. The conference featured experts from international rights organisations who delivered sessions and answered questions on the various aspects of privacy rights, as well the use and impact of surveillance technologies.

The conference brought together stakeholders including lawyers, parliamentarians, journalists, civil society, to discuss the different aspects of privacy rights in the context of Pakistan in the 21st Century.

L-R: Matthew Rice (Privacy, Waqqas Mir, Ms. Sherry Rehman, Aftab Alam

L-R: Matthew Rice (Privacy International), Waqqas Mir, Ms. Sherry Rehman, Aftab Alam

 

Ms. Nighat Dad, rights activist and founder of DRF, welcomed the participants and explained the need for this conference which would work as a means of building the capacity of Pakistani journalists, activists and civil society organizations. The event was aimed towards understanding in depth the concepts around privacy and how mass surveillance violates privacy rights and international treaties. The goal was not only to create a greater awareness of privacy and surveillance issues, but to also provide the knowledge necessary to advocate for stronger data and privacy protection laws.

L-R: Naveed ul Haq, Waqqas Mir, Hassan Bilal Zaidi, Bushra Gohar, Iqbal Khattak

L-R: Naveed ul Haq, Waqqas Mir, Hassan Bilal Zaidi, Ms. Bushra Gohar, Iqbal Khattak

“To get death threats just for voicing my views, is not acceptable,” pointed out the former member of National Assembly Bushra Gohar, who was among the panellists who debated on the importance of striking the right balance between security and freedom. “Online safety is as important as physical safety now,” said Hassan Bilal Zaidi, staff writer for Dawn newspaper. “The security measures in Peshawar continue to haunt us,” said Mr. Iqbal Khattak, Pakistan country representative and monitor for Reporters Without Borders for Freedom. Mr. Khattak pointed towards the need for the government to control the security threats instead of controlling opinions of the individuals.

“We need effective laws that filter out hate,” said the parliamentarian Ms. Sherry Rehman, who serves as a member of the Senate. She also explained that at the same time, as an emerging democracy, we have certain laws that are an example for other countries. Lawyer Mr. Waqqas Mir, who moderated the sessions, was blunt in his view of those civil societies that have accepted the decision of the government to create laws that will block material as seen fit by it. There is a need to resist such curtailing on freedom of expression. “We have the right to privacy,” as per Article 14 of the Constitution of Pakistan, he explained.

Conference participants took part in rigorous interactive session with panellists and came away with a greater understanding of what is at stake in the struggle to balance security concerns with civil liberties.

December 2, 2015 - Comments Off on Blackberry’s Pakistani “Security” Exit

Blackberry’s Pakistani “Security” Exit

Pakistan's insistence on complete and total access to the personal data of its citizens will see Blackberry ceasing operations by the end of 2015. In July of this year the Pakistan Telecommunication Authority (PTA) demanded that the Canadian smartphone and enterprise service company, which has operated in Pakistan since June 2005, be given complete and unfettered access to its encrypted Blackberry Enterprise Services. Demanded ostensibly on security grounds, this access would permit the PTA and other authorities to eavesdrop on confidential and encrypted communications between customers of the BES. If Blackberry did not meet this demand, the PTA insisted, then it would be shut down by November 30, 2015.

November 30 has come and gone, with Blackberry refusing to hand over access to the Pakistani government, which will now result in their departure from Pakistan. Although the deadline has now been extended to December 30, the company has said that it will leave Pakistan entirely, rather than compromise its customers' data. The rise of Android, iOS, FirefoxOS and other smartphone operating system platforms has resulted in a dramatic loss of market-share for Blackberry, formerly Research in Motion (RIM). Blackberry's ES, as well as its popular Blackberry Messenger (BBM) service, still remains in demand by military, government and business personnel, due to a marketed reputation for strong security.

Marty Beard, the CEO of Blackberry, wrote a blog post on the Pakistan situation, explaining that the demand by the PTA was not, in their eyes,

“a question of public safety; we are more than happy to assist law enforcement agencies in investigations of criminal activity. Rather, Pakistan was essentially demanding unfettered access to all of our BES customers’ information. The privacy of our customers is paramount to BlackBerry, and we will not compromise that principle.”

Laudable as that may sound, Blackberry has been able to offer concessions under pressure in the past. 2013 saw it permitting the government of India to monitor its servers – after much push and pull on the matter – and it cooperated with British police to investigate the number of BBM users that were alleged to have taken part in, and coordinated, the London Riots in 2011, thanks to the messaging app. In order to operated in Russia and China in 2007 and 2008 respectively, furthermore, RIM handed over security permissions to the state telecoms of each country. It has also offered concessions in regards to bans and the threats of bans by Saudi Arabia, the UAE and other restrictive Gulf nations As an article by Techcrunch that looked at Blackberry's Pakistani departure has suggested however, these examples took place pre-Snowden, and perhaps the whistle-blowing revelations lead to a shift in encryption practices.

The Pakistani Context

Blackberry's approach to encryption and the data of its users may be inconsistent, but of far greater concern is that of the behaviour of the Pakistani state. Long before the terrorist attack on the Army Public School in Peshawar in December 2014, Pakistan's security and intelligence agencies have been in pursuit of greater legislative and technological means of enhancing their surveillance. The leaks earlier this summer of data belonging to the Italian spyware manufacturer Hacking Team revealed that private sector representatives (working on behalf of Pakistani government intelligence agencies) were attempting to purchase software suites that were designed for stealth infiltration of smartphones, computers, etc.

Post-Peshawar 2014, saw the implementation of the National Action Plan, an umbrella plan that essentially allows for civil liberties to be secondary to national security. In the context of the NAP, the Prevention of Electronic Crimes Bill 2015, which the Electronic Frontier Foundation has said “gives new meaning to the world draconian”, is being vigorously promoted by the government as a panacea to tackle cybercrime, terrorism, and online harassment. In truth, however, the PECB does little in the way of tackling these concerns, and instead promotes total surveillance, the potential criminalisation of the rights to privacy and freedom of expression, under overly broad political language that could easily be subject to abuse.

The problematic approach of Blackberry aside, what we have seen here is an attempt to demand complete access to user data by the government, even before the PECB has even been made law. It sets a troubling precedent that could discourage tech industry growth and investment in Pakistan, in addition to violating international treaties regarding human rights.

Written by Adnan Chaudhri

December 1, 2015 - Comments Off on Joint statement on The Prevention of Electronic Crimes Bill 2015

Joint statement on The Prevention of Electronic Crimes Bill 2015

Joint Statement from ARTICLE 19, Association for Progressive Communications, Digital Rights Foundation, Human Rights Watch, Privacy International, and others on the Prevention of Electronic Crimes Bill 2015 Pakistan:

ARTICLE 19, Association for Progressive Communications, Digital Rights Foundation, Human Rights Watch, Privacy International, and other organisations remain seriously concerned by the proposed Prevention of Electronic Crimes Bill in Pakistan. Regrettably, despite negotiations and revisions in the last six months through a hard won multi-stakeholder consultation process, the Bill still contains provisions that pose a grave risk to freedom of expression, the right to privacy, and of access to information in Pakistan. We urge members of the National Assembly of Pakistan to take a stand against the Bill by voting against it in its current form. The Bill in its current form should be scrapped and the process of drafting a new bill, ensuring full compliance with international human rights standards, should begin with the inclusion of civil society, industry and public consultation at the earliest possible stage.

The process by which the Prevention of Electronic Crime Bill has reached the National Assembly is deeply concerning. Forcing the bill through committee, without consensus having been reached, and with on-going vocal criticisms by members of the committee show that this bill is not ready to be considered to be passed into law. Furthermore, we remain very concerned that the Bill contains several provisions which pose a threat to the respect and protection of the rights of privacy and freedom of expression. The amendments that have been made in the September 2015 version of the bill are cosmetic at best and none of the concerns raised by committee members, civil society, industry, or technologists have been adequately addressed.

Section 34 of the Bill is still overly broad and fails to include adequate safeguards for the protection of the rights to privacy and freedom of expression, in breach of Pakistan's obligations under international human rights law. Even after calls from stakeholders to remove the section entirely, this power remains in the Bill before the National Assembly. It empowers the Pakistan Telecommunication Authority to order service providers to remove or block access to any speech, sound, data, writing, image, or video, without any approval from a court. By omitting judicial oversight, the Bill, if passed, would write a blank cheque for abuse and overreach of blocking powers. Although the Bill provides for the possibility of a complaints procedure, it does not require such a procedure to be put in place, nor is there any requirement that this procedure involve a right of appeal to an independent tribunal. Even a right of appeal will be inadequate given the sheer breadth of the blocking powers contained in section 34. Such a broad power should not return in any capacity in a future draft of the Bill.

The amended Bill continues to raise significant concerns about unchecked intelligence sharing with foreign governments, along with related human rights abuses. If adopted, the Bill will still allow the Federal Government to unilaterally share intelligence gathered from investigations with foreign intelligence agencies like the US National Security Agency, without any independent oversight. Given the role of intelligence in US drone strikes in Pakistan, without significantly stronger safeguards, this puts the security and privacy of ordinary Pakistanis at risk. Cooperation between intelligence agencies needs to be governed by specific laws, which should be clear and accessible, and overseen by an independent oversight body capable of conducting due diligence to ensure intelligence is not shared when it puts human rights at risk, or results in violations. As the former UN High Commissioner for Human Rights stated last year in her report on the right to privacy in the digital age, intelligence sharing arrangements that lack clear limitations risk violating human rights law. The Bill’s provisions do not come close to achieving this.

The amended version of the Bill continues to mandate that service providers retain data about Pakistanis’ telephone and email communications for a minimum of one year. This requirement drastically expands the surveillance powers of the Pakistan government. The European Union Court of Justice and UN human rights experts found laws mandating the blanket collection and retention of data to be an unlawful and disproportionate interference with the right to privacy, and as a result many other countries are rolling back their data retention legislation. Pakistan’s reluctance to drop this proposal to expand data retention is a regressive move that undermines the privacy rights of all Pakistani people

The new Bill continues to use overly broad terms that lack sufficiently clear definitions. The law empowers the government to “seize” programs or data, defining seizing as to “make and retain a copy of the data”, but does not specify the procedures through the seized data is retained, stored, deleted or further copied. By leaving the creation of a procedure for the seizure of data to the discretion of the Federal Government, the law is critically lacking in setting out clear and accessible rules in line with international human rights law. This, along with many sections of the Bill, endangers the ability for journalists in Pakistan to work freely without the risk of having their work seized, undermining press freedom and freedom of expression.

The former UN High Commissioner for Human Rights has stressed “a clear and pressing need for vigilance in ensuring compliance of any surveillance policy or practice with international human rights law”. The Prevention of Electronic Crimes Bill in Pakistan does not provide that opportunity for vigilance from independent stakeholders. As a result its provisions are dangerously threatening to the rights of freedom of expression and privacy of everyone across Pakistan.

The Bill currently before the National Assembly has failed to address the serious concerns expressed by civil society. As such, the Bill, if adopted as currently drafted, could result in serious violations of human rights, such as the right to privacy and freedom of expression. The debate on the floor of the National Assembly should be an opportunity to point out the flaws of this bill and to reiterate the bill is not fit for purpose. The slate needs to be wiped clean and a new bill worked on bringing it into line with fundamental rights found in Pakistan's constitution and international human rights treaties. As it stands, these rights are being casually brushed aside.

Signatories:

ARTICLE 19
Association For Progressive Communications
Blue Veins
Bolo Bhi
Bytes for All
Digital Rights Foundation
Freedom Network
Human Rights Watch
Human Rights Commission of Pakistan
Individual Land
Media Matters
Privacy International
Reporters Without Borders

Joint statement On the Prevention of Electronic Crimes Bill, Dec 2015