Archives for August 2016

August 26, 2016 - Comments Off on Use An iPhone? Update it Now!

Use An iPhone? Update it Now!

If you own an iPhone, please a take a minute to read the following warning:

On Thursday, August 25th 2016, Apple released an urgent security update iOS, the operating system upon which your iPhones, iPads and Apple Watches run. This security update has been designed to fix three huge security gaps which exist on certain Apple devices. The gaps in iOS security can allow hackers to access almost every form of data on your device, without your knowledge, including: text messages, calender entries, emails, your location, your photos and much more. Most disturbingly, the software can remotely activate your device’s camera and microphone, without your knowledge. What Citizen Labs and others are calling “one of the most sophisticated pieces of cyberespionage software we’ve ever seen” has already been used in an attempt to infiltrate the iPhone of an UAE-based human rights activist, and may not have been discovered otherwise.

For your own safety, please update your devices, and ask others to do so as well. If you are uncertain as to how to do so, please do the following:

1. Go to “Settings.”

2. Choose “General.”

3. Click on “Software Update.”

4. Agree to update to iOS 9.3.5.

5. Done.

To read about this software, and what it means, please click below:

https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/

https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group

From a security perspective, Apple devices are regarded as being more secure than a majority of Android ones, especially with security measures implemented by Apple in favour of users. It is important, however, that people are not complacent - update security measures on your devices; update the latest patches; download apps only from official vendors i.e. the Apple App Store and Google's Play Store; do not automatically click on links or open attachments in messages from people you do not know, or whose email addresses you do not recognise.

August 11, 2016 - Comments Off on The PECB Passes. R.I.P. Online Freedom?

The PECB Passes. R.I.P. Online Freedom?

FOR IMMEDIATE RELEASE:

The Prevention of Electronic Crimes Bill (PECB) has now become a reality. The National Assembly has approved a flawed and highly problematic drafted bill, and making it law.

This incarnation of the PECB had taken onboard a number of amended provisions that took onboard civil society input, but some of the most frightening and draconian provisions have still not been removed.

Digital Rights Foundation's Executive Director, Nighat Dad, said that "The cyber crime bill is a disaster that is being allowed to envelop the country. Our lawmakers have gone ahead with deeply problematic provisions despite being told time and again what the consequences may be."

This is a bill that has been roundly condemned by respected international and Pakistani human rights organisations and rights experts, including the United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, David Kaye. In December 2015, David Kaye wrote that if adopted,

"The Bill would also set penalties that would be disproportionate to the infractions and could serve, in practice, to stifle the right to freedom of expression.”

The law contains provisions that violate freedom of expression, and most people still have no idea as to what the law holds for them, how it will impact their lives. The terms and definitions that populate the bill, such as that for “cyberstalking”, have been defined so loosely, that they can be interpreted extremely broadly, ensnaring anyone. The government and the designers of the bill have not taken steps to make people aware of the bill and its consequences, thereby ensuring that Pakistani citizens are now vulnerable and at risk from a heavily flawed and punitive bill.

The bill has been framed countless times as ostensibly protecting the people of Pakistan from cyberterrorism, hate speech, and other electronic crimes. In reality, however, the manner in which the bill defines each is exasperating in its vagueness, and lack of nuance or understanding of freedom of expression rights of Pakistanis.

One provision, Section 34, gives the Pakistan Telecommunications Authority (PTA) generous powers to remove or block access to information, as it sees fit,

“if it considers it necessary in the interest of the glory of Islam or the integrity, security or defence of Pakistan or any part thereof, friendly relations with foreign states, public order, decency or morality”

The PTA has thus so far not demonstrated that it is capable of making such a decision, one that has serious ramifications for the democratic right to the freedom of expression in Pakistan, in a manner that takes into account what the consequences can and will be. In the past blanket bans that have been instituted under the garb of “morality”’ have ended up creating more problems than fixing them. For instance, doctors lost access to valuable and vital online content that related to anything having to do with the female anatomy.

This legislation has been framed as protecting the people. The reality is that it can be used to heavily censor the internet that Pakistanis are familiar with, to ensure that democratic discourse in Pakistan loses another safe space. The state will not need to step in and intimidate people to refrain from the “wrong sort” of speech online: the draconian penalties described in the bill will do the government’s work. It ensures that what safe spaces the minorities of Pakistan had found online will cease to exist, or come under heavy fire. People that were afraid of taking to the streets would use the internet and social media to make sure that their voices were heard. When this safe space is taken away by a state that purports to be protecting them, where else can they and others go?

There has been a degree of apathy and exhaustion. The belief that the law will not be implemented anyway, so why all the fuss? The fuss is that it retains the very great potential of being abused by many people, given its overly broad language and heavy penalties. It can be used to curb freedom of expression that would call truth to power, rather than help the people as the bill’s supporters claim. It is that potential for encroaching abuse and overreach of powers that Digital Rights Foundation and others have been fighting against.

The Government of Pakistan has said that this legislation is meant to protect Pakistanis. The reality is that it criminalises the fundamental rights that are enshrined in the Constitution of Pakistan, taking the nation further down the path to total surveillance, and the lost of freedom.

The Prevention of Electronic Crimes Bill 2016, passed on August 11, 2016.

August 03, 2016 - Comments Off on CM Sindh Chooses Whatsapp: Is This A Good Idea?

CM Sindh Chooses Whatsapp: Is This A Good Idea?

A few days ago, the newly appointed Chief Minister of Sindh, Murad Ali Shah, created a Whatsapp group, with the express purpose of keeping an eye on the daily activities of members of the Sindh Assembly’s cabinet (who have been added to the group) and to stay up to date on their tasks.

At first glance, this is a fairly innocuous and useful decision by the Chief Minister - it appears to save time and money on the part of taxpayers; it is a more efficient and effective means of getting Sindh’s lawmakers to coordinate matters; default end-to-end encryption ensures that their conversations are protected. Pakistan’s government is not known for its adoption of new technology, contrary to oft-repeated announcements to the contrary. In light of that, would this not be a good move?

There are problems however, once we look more closely at the situation.

One issue, for instance, pertains to the backing up of Whatsapp conversations and media. While conversations themselves are encrypted, and assuming that members of the group are indeed aware that their conversations will be backed up, the backup formats used - depending on the device used - lead to their data being exposed. iCloud (for Whatsapp on iPhone) and Google Drive (for Android users) can allow Whatsapp conversations to be accessed in plain text format, as outlined here. Usage of Web Whatsapp - a feature that lets you read and type Whatsapp messages through a desktop or laptop browser - furthermore, ensures that messages shared can be read if the computer itself is available to anyone with access.

Access to information is a key factor here, especially in regards to who should or should have it. People that have shared documents et al in the group and have downloaded them to their devices will still keep them on said devices if they leave the group or indeed the government, whether by choice or by dismissal.

Public access to information is also impacted by total reliance on closed communication solutions like Whatsapp. The minutes of physical meetings held by government departments, can be accessed by the public if post on their respective websites under the proactive disclosure - virtual group meetings cannot be, unless a member of a Whatsapp group decides to provide the information themselves.

The Chief Minister is not the only lawmaker to utilise Whatsapp or other forms of messaging apps; it is more than likely that Whatsapp, Blackberry Messenger, Skype etc are being used, whether for official communications or for personal matters. What must be taken into account, by lawmakers is that if they support legislation like the Prevention of Electronic Crimes Bill - which has the potential to severely impact the privacy and freedom of expression rights of millions of inhabitants of Pakistan - they too run the risk of their privacy being under attack. Decades of harsh military rule have over the years resulted in the imprisonment of activists and politicians in the past, who are now respected members of the government, in part because of their freedom of expression and their right to privacy being violated.

Low-cost smartphones, fairly affordable data and internet packages, and open-source mobile operating systems in the form of Android have ensured that more people in Pakistan and across the globe have access to the internet and digital services than even a decade ago. As of May 2016, there are more than 133 million mobile subscribers in Pakistan. In this context, it is important for lawmakers to embrace newer technologies, in order to not just communicate more effectively with the public, but to also ensure that there is greater transparency of governmental procedure, and greater appreciation for the rights to freedom of expression and privacy.

This post was written by Hamza Irshad & Adnan Ahmad