All Posts in Focus Areas

March 06, 2017 - Comments Off on Fake News, Obscenity, and Cyber Harassment: February ’17

Fake News, Obscenity, and Cyber Harassment: February ’17

February 2017 wasn't an easy ride for digital rights here in Pakistan. As we still await one of the five missing bloggers to return home, the law enforcement has been busy taking away citizens' rights to speak online under the draconian laws, poor journalism ethics ruled the TV screens and caused chaos in the country, and Digital Rights Foundation's Cyber Harassment Helpline completed its 3 months of operation. Here's a round up of the incidents that had out attention!

Samar Abbas: Still Missing

While it came to light at the end of January that 4 of the missing activists had returned home, Samar Abbas still missing remains missing. Samar’s disappearance has been linked to the series of enforced disappearances of activists and bloggers at the start of January--Samar was reported missing 11th January, 2017. Given the lack of information by the state authorities and the returned activists themselves, there is no clarity on why the activists were picked up or the reason Samar in particular remains missing.

Samar’s wife, Najamus Sahar, has spoken about the emotional toll the disappearance has taken on her family.

IMG-20170112-WA0030 (1)

In a petition directed at the missing bloggers, Justice Shaukat Aziz Siddiqui, through a single bench at the Islamabad High Court, ordered the Pakistan Telecommunications Authority to block pages or websites containing blasphemous material on social media. It is unclear how this order will be interpreted by the PTA. Furthermore, if the PTA chooses to follow the order what criteria is being used to determine content as blasphemous? While the PTA is at it, it would be great it they can also remove material containing hate speech against minorities and marginalised communities.

The Trend of Fake News and its Aftermath

The term “fake news” has been weaponised by the current US president to target any news outlet that dares to fact-check him, however it has also become a referential point of analysis for pervasive news items and rumours that are demonstratively wrong, yet are still shared on social media and even picked up by the mainstream media. In times of mass confusion and lack of trust in official statements, fake news can become an agent of panic and paranoia. In the aftermath of the Lahore Defence bomb blast/cylinder explosion (there is still no clarity on which of these is fake news), panic gripped the streets of Lahore as social media, mainstream news channels and WhatsApp groups were inundated by the news of a bomb blast in Gulberg. 31 news channels were initially served a notice by PEMRA in the wake of this incident, out of which 29 news channels are fined and asked to air an apology on March 6th, 2017 between 6:00 PM and 7:00 PM in the same magnitude as the fake news was aired.

PEMRA Apology notice

For more clarity on fake news and how to counter it, read Hija Kamran’s post “F is for Fake News!” for DRF here.

Arrest of Nasir Khan Jan and "Obscenity" as a tool for Censorship

Social media celebrity Nasir Khan Jan is known for his videos and covers. However on 8th February, 2017 was arrested and detained by the Police on grounds of “obscenity”. While he was granted bail by a lower court in Lower Dir on 11th February, 2017, his case has been referred to the Cyber Crime Wing of the Federal Investigation Agency (FIA).

nasir

The police has informed the media that he was arrested under Section 107 of the Pakistan Penal Code, which deals with “instigation” of others. It is unclear what exactly the police are accusing Nasir Khan Jan of doing. This is a clear violation of his right to freedom of expression in online spaces and a case in which the vague terminology of obscenity is being used to intimidate online personalities.

Read DRF’s statement condemning the arrest here.

Cyber Harassment Helpline completes in third month!

DRF’s Cyber Harassment Helpline has marks 3 months of successful operations. Launched on 1st December, 2017, the Helpline has handled over 358 complaints in the short span of its operations. The Helpline Team hopes to expand and improve its services and outreach. Several innovative approaches towards outreach have already been taken.

The detailed report on the Cyber Harassment Helpline's first 3 months will be launched in coming days.

Facebook-cover

February 02, 2017 - Comments Off on Surveillance of Female Journalists in Pakistan

Surveillance of Female Journalists in Pakistan

cover

This is a pilot study that explores the gendered surveillance that female journalists experience.

The study details the experiences of seven female journalists and the surveillance that they face in the course of their work and beyond. The research focuses on the gendered forms and the different sources of surveillance, including the state, audience members and political groups. The female journalists interviewed for the study stated that not only were they surveilled by state authorities, but are also subjected to constant social surveillance in the form of abuse on social media - largely directed at their gender and appearance, rather than their work. In addition to mapping the forms of surveillance faced by female journalists, the report also explores the impact that this constant monitoring has, in terms of the psychological toll, self-censorship and retreat from digital spaces.

Surveillance of Female Journalists in Pakistan

January 12, 2016 - Comments Off on YouTube Returns to Pakistan, But on Whose Terms?

YouTube Returns to Pakistan, But on Whose Terms?

YouTube's localised logo for Pakistan

YouTube's localised logo.


Internet users in Pakistan may have noticed that YouTube no longer appears to be persona non grata. The extremely popular video-sharing website, banned in 2012 by the Pakistan Telecommunication Authority (PTA) for refusing to remove the controversial “Innocence of Muslims” video, appears to not only be unblocked, but is also a localised Pakistan-specific version. Google announced the unveiling of official region-specific versions of YouTube this month, not just for Pakistan, but for Nepal and Sri Lanka as well. According to Google's official blog for the Asia-Pacific region, “Pakistanis love YouTube's diverse music offerings.”

Before we celebrate and rush to watch adorable cat videos without having to jump through digital hoops, it is important that Google – which purchased YouTube in 2005 – and the PTA come clean as to the terms of the agreement that have led to YouTube's apparent unblocking.

Google has in recent years declared that it is pushing to become more transparent. Indeed, it has reported on the number of take-down requests, and user information requests, that it has received from Pakistan, and other governments. YouTube, furthermore, had been blocked – and remained blocked - by the PTA because of a refusal by Google to block material which the latter had construed to be blasphemous. Have the Californian technology giant and the regulatory body come to a tacit agreement? As with the PTA's showdown with Blackberry that saw the latter stay in Pakistan, have compromises been made, and by whom?

YouTube – and by extension Google – has laid out terms and policies on its website, and released “Community Guidelines” that it asks its users to follow, and they should not “try to look for loopholes or attempt to weasel your way out of the guidelines – just understand them and try to respect the spirit in which they were created.” The Community Guidelines state what they do not approve of, and what is permissible. However, these are general, and are being applied across the board, across the various localised versions of YouTube. The terms and policies that YouTube PK shares with its users link back to the standard international and US texts, and make no clear mention of the Pakistani context.

"Don't Cross The Line": YouTube

"Don't Cross The Line": YouTube

With the return of YouTube to Pakistani cyberspace, we urge Google to come forward with the terms and conditions under which YouTube has been “unblocked” in Pakistan, and what it means for the freedom of expression of Pakistani users.

Google is a member of the Global Network Initiative, "a multi-stakeholder group" that seeks to create "a collaborative approach to protect and advance freedom of expression and privacy in the ICT sector". Ranking Digital Rights gave Google an overall score of 65%, its highest (with caveats) for tech companies in 2015, reflecting its public commitment, to transparency, freedom of expression, privacy and human rights.

YouTube has come back to Pakistan, but Google's public commitment to transparency means that it must be clear as to its terms and policies, and how they impact the freedom of expression of Pakistani internet users.

https://rankingdigitalrights.org/index2015/companies/google/

http://googleasiapacific.blogspot.com/2016/01/youtube-youtube-now-launched-in-nepal.html

https://www.google.com/transparencyreport/removals/government/PK/

https://www.google.com/transparencyreport/userdatarequests/PK/

https://www.youtube.com/yt/policyandsafety/en-GB/communityguidelines.html

https://globalnetworkinitiative.org/

December 16, 2015 - Comments Off on UN Expert Urges Pakistan to Ensure Protection of Freedom of Expression in draft Cybercrime Bill

UN Expert Urges Pakistan to Ensure Protection of Freedom of Expression in draft Cybercrime Bill

The United Nations’ Special Rapporteur on freedom of opinion and expression, Mr. David Kaye, recently shared with the Government of Pakistan his concerns with the draft Cybercrime Bill currently pending before the National Assembly.

Digital Rights Foundation shared its analysis of the Cybercrime bill with Mr. David Kaye for the statement, which can be found here.

December 01, 2015 - Comments Off on Joint statement on The Prevention of Electronic Crimes Bill 2015

Joint statement on The Prevention of Electronic Crimes Bill 2015

Joint Statement from ARTICLE 19, Association for Progressive Communications, Digital Rights Foundation, Human Rights Watch, Privacy International, and others on the Prevention of Electronic Crimes Bill 2015 Pakistan:

ARTICLE 19, Association for Progressive Communications, Digital Rights Foundation, Human Rights Watch, Privacy International, and other organisations remain seriously concerned by the proposed Prevention of Electronic Crimes Bill in Pakistan. Regrettably, despite negotiations and revisions in the last six months through a hard won multi-stakeholder consultation process, the Bill still contains provisions that pose a grave risk to freedom of expression, the right to privacy, and of access to information in Pakistan. We urge members of the National Assembly of Pakistan to take a stand against the Bill by voting against it in its current form. The Bill in its current form should be scrapped and the process of drafting a new bill, ensuring full compliance with international human rights standards, should begin with the inclusion of civil society, industry and public consultation at the earliest possible stage.

The process by which the Prevention of Electronic Crime Bill has reached the National Assembly is deeply concerning. Forcing the bill through committee, without consensus having been reached, and with on-going vocal criticisms by members of the committee show that this bill is not ready to be considered to be passed into law. Furthermore, we remain very concerned that the Bill contains several provisions which pose a threat to the respect and protection of the rights of privacy and freedom of expression. The amendments that have been made in the September 2015 version of the bill are cosmetic at best and none of the concerns raised by committee members, civil society, industry, or technologists have been adequately addressed.

Section 34 of the Bill is still overly broad and fails to include adequate safeguards for the protection of the rights to privacy and freedom of expression, in breach of Pakistan's obligations under international human rights law. Even after calls from stakeholders to remove the section entirely, this power remains in the Bill before the National Assembly. It empowers the Pakistan Telecommunication Authority to order service providers to remove or block access to any speech, sound, data, writing, image, or video, without any approval from a court. By omitting judicial oversight, the Bill, if passed, would write a blank cheque for abuse and overreach of blocking powers. Although the Bill provides for the possibility of a complaints procedure, it does not require such a procedure to be put in place, nor is there any requirement that this procedure involve a right of appeal to an independent tribunal. Even a right of appeal will be inadequate given the sheer breadth of the blocking powers contained in section 34. Such a broad power should not return in any capacity in a future draft of the Bill.

The amended Bill continues to raise significant concerns about unchecked intelligence sharing with foreign governments, along with related human rights abuses. If adopted, the Bill will still allow the Federal Government to unilaterally share intelligence gathered from investigations with foreign intelligence agencies like the US National Security Agency, without any independent oversight. Given the role of intelligence in US drone strikes in Pakistan, without significantly stronger safeguards, this puts the security and privacy of ordinary Pakistanis at risk. Cooperation between intelligence agencies needs to be governed by specific laws, which should be clear and accessible, and overseen by an independent oversight body capable of conducting due diligence to ensure intelligence is not shared when it puts human rights at risk, or results in violations. As the former UN High Commissioner for Human Rights stated last year in her report on the right to privacy in the digital age, intelligence sharing arrangements that lack clear limitations risk violating human rights law. The Bill’s provisions do not come close to achieving this.

The amended version of the Bill continues to mandate that service providers retain data about Pakistanis’ telephone and email communications for a minimum of one year. This requirement drastically expands the surveillance powers of the Pakistan government. The European Union Court of Justice and UN human rights experts found laws mandating the blanket collection and retention of data to be an unlawful and disproportionate interference with the right to privacy, and as a result many other countries are rolling back their data retention legislation. Pakistan’s reluctance to drop this proposal to expand data retention is a regressive move that undermines the privacy rights of all Pakistani people

The new Bill continues to use overly broad terms that lack sufficiently clear definitions. The law empowers the government to “seize” programs or data, defining seizing as to “make and retain a copy of the data”, but does not specify the procedures through the seized data is retained, stored, deleted or further copied. By leaving the creation of a procedure for the seizure of data to the discretion of the Federal Government, the law is critically lacking in setting out clear and accessible rules in line with international human rights law. This, along with many sections of the Bill, endangers the ability for journalists in Pakistan to work freely without the risk of having their work seized, undermining press freedom and freedom of expression.

The former UN High Commissioner for Human Rights has stressed “a clear and pressing need for vigilance in ensuring compliance of any surveillance policy or practice with international human rights law”. The Prevention of Electronic Crimes Bill in Pakistan does not provide that opportunity for vigilance from independent stakeholders. As a result its provisions are dangerously threatening to the rights of freedom of expression and privacy of everyone across Pakistan.

The Bill currently before the National Assembly has failed to address the serious concerns expressed by civil society. As such, the Bill, if adopted as currently drafted, could result in serious violations of human rights, such as the right to privacy and freedom of expression. The debate on the floor of the National Assembly should be an opportunity to point out the flaws of this bill and to reiterate the bill is not fit for purpose. The slate needs to be wiped clean and a new bill worked on bringing it into line with fundamental rights found in Pakistan's constitution and international human rights treaties. As it stands, these rights are being casually brushed aside.

Signatories:

ARTICLE 19
Association For Progressive Communications
Blue Veins
Bolo Bhi
Bytes for All
Digital Rights Foundation
Freedom Network
Human Rights Watch
Human Rights Commission of Pakistan
Individual Land
Media Matters
Privacy International
Reporters Without Borders

Joint statement On the Prevention of Electronic Crimes Bill, Dec 2015

November 15, 2015 - Comments Off on Facebook’s 2015 Global Government Requests Report Highlights Growing No. of Demands by Pak Govt

Facebook’s 2015 Global Government Requests Report Highlights Growing No. of Demands by Pak Govt

No. of User/Account requests made by the Pakistani Govt between January - June2015

The no. of user/account requests made by the Pakistani government between January - June 2015. For earlier Pakistan government requests, please click on the image.

In the wake of Snowden, it has become important for large tech corporations to be transparent about their interactions with governments ie requests to either access or remove data from particular social media or websites. Facebook and Google have in recent years released transparency reports that announce the number of data removal/access requests by governments.

On Wednesday 11th 2015 Facebook released their newest Global Government Requests Report, “as part of a broader effort to reform government surveillance in countries around the world by providing more transparency" on a country by country basis. The report can be found here.

Relating to Pakistan in particular, it was revealed that for the period January 2015 – June 2015 there were 192 government requests, with 275 users/accounts requested, with 58.33% of these requests resulting with some “data...produced.” This is an increase from the July 2014 – December 2014 reporting period, where 100 requests were made, 152 users/accounts data requested, and 42% of requests resulting in some data. Going by the increase in current and past government request data, it is more than likely that the number of requests by governments will increase over time.

Facebook and other tech corporations may be taking steps to prove their commitment to respect and protect their users, but it is not enough to take them at their word. While one can approve of this action being taken by Facebook and other corporations, we must be cautious and restrained in our praise. Facebook and other large tech corporations are usually reliant on these same governments to allow them to operate in non-US territories. The 2013 Snowden leaks also revealed that Facebook was an active participant in the NSA's PRISM surveillance programme, wherein information was shared by tech companies with US intelligence agencies, ostensibly to detect foreign threats to the United States of America. And in 2010, let us not forget, Facebook founder Mark Zuckerberg said that privacy was no longer a “social norm”.

The 2015 Corporate Accountability Index released by Ranking Digital Rights – designed to evaluate “world’s most powerful Internet and telecommunications companies on their public commitments and disclosed policies affecting users’ freedom of expression and privacy “ - ranks the commitment of Facebook and others in regards to the quality of those steps being taken. In regards to Facebook, it found that its transparency efforts were not factoring in Instagram and Whatsapp data – two platforms that it purchased in 2012 and 2014, respectively, with a combined global user-base of 13 million users. Ranking Digital Rights gave Facebook an overall score of 41%, which breaks down into 62% for commitment, 35% for freedom of expression, and 36% for privacy. Its score places Facebook 6th out of the 16 corporations evaluated. The 2015 Corporate Accountability Index can be found here.

As Ranking Digital Rights and other watchdog organisations observe, tech corporations “exert growing influence over the political and civil lives of people all over the world”, and a result these “companies share a responsibility to respect human rights.” Facebook and its fellow tech companies must do more to shoulder that responsibility, and must do more to prove that the safety, welfare and rights of their users matter to them, or else they could face a growing backlash from the users, their customer base.

October 29, 2015 - Comments Off on DRF & The Last Word Are Battling The Cybercrime Bill! (Event)

DRF & The Last Word Are Battling The Cybercrime Bill! (Event)

Battling The Cyber Crime Bill 2015

Battling The Cyber Crime Bill 2015

People of Lahore! The Digital Rights Foundation is partnering with The Last Word to shed light on the highly controversial upcoming cybercrime bill, and how its passage will result in a disturbing and universal clampdown on freedom of speech.

At present the Prevention of Electronic Crimes Act 2015, as passed by the IT Standing Committee of the National Assembly, is due to be presented in an upcoming National Assembly session. In its current form the bill exposes all of us to prosecution solely for the expression of our political affiliations, our outrage against injustice, and in some cases, just for holding an opinion contrary to the ruling class.

This is an assault on our civil liberties and we don't want this to be the last time we're able to use social media to agitate and fight against an injustice.

Come join us and our speakers: Asma Jehangir, Saroop Ijaz from Human Rights Watch Nighat Dad from Digital Rights Foundation , Asad Jamal from Human Rights Commission of Pakistan & Angbeen Mirza. Join us in battling this vexing bill at 6.30 pm on Friday, October 30th at The Last Word.

September 21, 2015 - Comments Off on Standing Comm. Passes Draft of PECB, Unseen by Comm. Members

Standing Comm. Passes Draft of PECB, Unseen by Comm. Members

On September 17th 2015, the National Assembly's Standing Committee on Information Technology passed the final draft form of the Prevention of Electronic Crimes Bill, which will now be sent to the National Assembly for final approval.

Disturbingly, members of the committee were not shown the draft form of the bill before its passage. PPP MNAs Shazia Marri and Nauman Islam Sheikh, and PML-N MNA Awais Ahmad Khan Leghari, rightly objected, stressing that the draft bill could not be approved until they and the other members of the committee had read the finalised draft.

Capt Mohammad Safdar (Ret'd), Standing Committee chairman, overruled these objections, saying that as he had seen the draft, that would be sufficient grounds to pass the draft.

Final Draft of the Prevention of Electronic Crimes Bill, September 17th 2015.

See our previous and ongoing coverage of the cybercrimes bill, here: http://digitalrightsfoundation.pk/work/cyber-crime-bill/

August 18, 2015 - Comments Off on Digital Rights Foundation stance on privacy and data retention provisions in the 2015 Prevention of Electronic Crimes Bill

Digital Rights Foundation stance on privacy and data retention provisions in the 2015 Prevention of Electronic Crimes Bill

Digital Rights Foundation recognises that the government must protect its citizens, as is its duty, especially in turbulent times. Digital Rights Foundation also recognises, however, that the government must do so in a manner that also protects the right to privacy and the right to freedom of expression.

Legislation that effectively tackles cybercrime and terrorism is vital. What the Prevention of Electronic Crimes Bill does, however, is move beyond what is necessary, and instead violates the civil rights of citizens, in the name of security. The government has been very reluctant in allowing for public oversight in regards to the PEC Bill, and has made amendments without sufficient involvement with, or indeed alerting civil society stakeholders to, the amendment and process.

The Bill as it stands contains a number of provisions that run of the risk of being open to very broad interpretations that could lead to sweeping penalty measures that would in effect criminalise innocent online and offline behaviours. Civil society stakeholders have submitted a legal draft to the IT Standing Committee of the National Assembly, that seeks to address and amend said provisions in a manner that balances the need for security with the need to respect the civil liberties of Pakistani citizens.

What remains, however, is that while civil society stakeholders have provided invaluable legal input, there still remain areas of great concern for Digital Rights Foundation and our colleagues in civil society.

Of concern to Digital Rights Foundation in particular are continued mandatory retention of data, as well as the decision to continue with allowing the government to forward information to international partners, if so requested. There is a lack of a clear oversight regarding this international cooperation, and this is a matter that must be addressed, as it violated the right to privacy of Pakistani citizens.

It is our concern that the Bill as it stands does not protect citizens effectively, and does not protect their right to freedom of expression and their right to privacy. Thus, Digital Rights Foundation cannot support the Government of Pakistan's cybercrime legislation.

Privacy International & Digital Rights Foundation joint legal analysis of the PEC Bill

Article 19 & Digital Rights Foundation's Legal Analysis of the PEC Bill

July 24, 2015 - Comments Off on Unlawful Interception: Pakistan’s intelligence agencies, Hacking Team, & the abuse of communication surveillance powers

Unlawful Interception: Pakistan’s intelligence agencies, Hacking Team, & the abuse of communication surveillance powers

Earlier this week, Privacy International released their in-depth report on the state of surveillance in Pakistan, Tipping the scales: Security & surveillance in Pakistan. Available to the public, the report examines the exponential rate at which communication surveillance measures have been undertaken by the government of Pakistan defended as being necessary to combat internal and external threats to the nation. However, while it is the role of the state to protect its citizens from internal and external threats to their life and liberty, this echoes an all too common rationale used by foreign governments and intelligence agencies worldwide to justify ever increasing surveillance of their own citizens, and to limit or remove the legal rights of those same citizens to push back against the invasion of their privacy.

The “Global War on Terror” has seen law enforcement agencies worldwide request and in most instance receive millions in “anti-terrorism” funding, as well as broader powers with oft-generous leeways, to tackle terrorism as they see fit. Armed forces, intelligence agencies and law enforcement departments worldwide will direct such largesse towards the acquisition of and greater access to technologies that allow them to spy on their own citizens. Since September 11 2001, this had led to the rights of citizens abroad violated by their own governments, who will carry out surveillance without proper public oversight – if at all. Activists, journalists, politicians and other ordinary citizens with no link to terrorist groups whatsoever have found themselves under observation, and often without any legal recourse.

As a partner in this “War on Terror”, Pakistan is no different, with its military forces receiving generous levels of funding from the government as well as from its international allies, to tackle its own conflicts against armed militants. It has also given broad powers and authority to state agencies, to tackle what they argue is language and behaviour that is detrimental to the reputation and safety of Pakistan. Coupled with bans on encryption and forms of proxy software, what this has led to, according to Privacy International's report, has been an abuse of:

"...their (Pakistan's intelligence agencies) communication surveillance powers, including spying on opposition politicians and Supreme Court judges. Widespread internet monitoring and censorship has also been used to target journalists, lawyers and activists."

Privacy International's report also reveals that Pakistan's Inter-Service Intelligence Agency (ISI) wanted to expand their surveillance capabilities via the commission in 2013 of a:

"mass surveillance system to tap international under- sea cables at three cable landing sites in southern Pakistan. The “Targeted IP Monitoring System and COE [Common Operations Environments]” would allow Pakistan to collect and analyse a significant portion of communications travelling within and through the country at a centralized command centre. With a projected intake of an estimated 660 gigabytes per second, the system would amount to a significant expansion of Pakistan’s communications intelligence gathering capacities."

To create such a system to strengthen one's surveillance efforts, it has become de rigueur to reach out to the private sector for hardware and software surveillance solutions. A multi-billion dollar industry, commercial surveillance firms have found no shortage of potential clients in the wake of post-September 11th attacks attributed to terrorist organisations or lone wolves. The Privacy International report highlights how Pakistan's intelligence agencies and security forces, represented by partners in the Pakistani private sector, sought to purchase products and services to allow them to expand their surveillance abilities, to infiltrate the digital devices and computers of citizens, from international spyware firms.

Earlier this month one of these companies, the controversial Italian spyware manufacturer Hacking Team, was hacked. The firm's official twitter account was taken over on July 5, and links to over 400 GB worth of internal Hacking Team data were provided, which in turn were shared by WikiLeaks and others. This hack allows us to explore how Pakistani intelligence agencies purchase the technology and services they require for greater surveillance creep.

A controversial player in the commercial digital surveillance industry, Hacking Team has frequently asserted that it goes to great lengths to ensure that its software is not utilised to undermine human rights. The internal communications and invoices unearthed, however, strongly contradict the firm's claims. Communications with representatives indicate little concern made regarding misuse of HT's software packages to undermine human rights activities – they are, instead, reassured and informed that there will be no trouble in operating in particular regions. Hacking Team's core business centred around their Remote Control System (RCS) software suite, which allows customers to infiltrate the computer and mobile devices of targeted individuals and install backdoors, in turn allowing for undetectable monitoring at will. Hacking Team's RCS, also known as Galileo, allows customers to (according to their promotional material):

Keep an eye on all your targets and manage them remotely, all from a single screen. Be alerted in incoming relevant data and have meaningful events automatically highlighted.

Remote Control System: the hacking suite for governmental interception.

Right at your fingertips.”

If the modus operandi of Hacking Team and Galileo sounds familiar, it should: Finfisher, a surveillance software package released by Gamma International Ltd in 2007, was brought to the world's attention in August of last year, due to a 40 GB leak that exposed the company's internal communications and financial history, as well as the governments that purchased – or were interested in purchasing – Finfisher for domestic surveillance purposes. Finfisher, like Hacking Team's RCS/Galileo software suite, allowed customers to infiltrate the computer systems of targeted individuals, and install software undetected. Digital Rights Foundation has covered Finfisher and how it operates here.

Finfisher's "Remote Monitoring and Deployment Solutions" and Hacking Team's RCS have something else in common: both were of interest to Pakistani companies, working on behalf of domestic military intelligence and intelligence agency clients. An examination of Hacking Team's leaked internal data uncovered email communications between Hacking Team and Pakistani IT company representatives between 2011 and 2015. Also uncovered were internal communications, mostly in Italian, between members of Hacking Team regarding their thoughts on potential Pakistani partners, as well as sharing and discussing news articles pertaining to the security situation in Pakistan and South Asia. Unlike Finfisher, the data leaked does not appear to indicate that a successful purchase of RCS/Galileo was made by Pakistani buyers.

"You can compare them to MI5": Pakistan's Interest in Hacking Team's Tech

The extensive data leak reveals the manner in which Hacking Team communicates with representatives of potential clients in Pakistan. Sensitivity is requested by representatives in regards to the identities of their clients; preferential treatment; verification of identities by clients, visa invitation letters; VIP guest ticket requests; interest in specific software and service demonstrations, and internal discussions regarding client representatives are covered in the emails. Below are samples of the email communications between Hacking Team and potential customers:

January 18th 2011 marks the earliest recorded communication (as collected by Wikileaks and other sources) between Hacking Team and Pakistani client representatives. Marco Bettini, HT's International Sales Manager, is in communication with Zeeshan Zakaria, Chief Executive of Defence Solutions & Systems Ltd (DSS), a Lahore, Pakistan-based company. The email, part of a long response thread entitled “R: R: R: R: Demokit” in response to Mr. Zakaria's previous email that states that there will be “4 guests who will see the demo. We will require you to do the demo.” In the email Mr. Zakaria also says that he will “appreciate if you dont (sic) offer your prices or product to anyone else in Pakistan for the time being.” Mr. Bettini asks for the name of the guest “in order to require the badges for ISS admittance” and if he, Mr. Zakaria, will be attending as well. Hacking Team does not”give any exclusivity based on country”, says Bettini, but they can “block” other companies asking for “any activity or quotation for the same customer” if Mr. Zakaria can provide the name of the agencies he is working with.

(As ISS comes up quite often in Hacking Team emails, it should be explained at this point that ISS in the context of the emails is an abbreviation of “Intelligence Support Systems for Lawful Interception, Electronic Surveillance and Cyber Intelligence Gathering”. The website for the ISS describes it as thus:

ISS World Middle East is the world's largest gathering of Middle East Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering.”

In 2011, the ISS conference was held in Dubai from February 21-23, 2011. Among the conference's sponsors as of 2015? Hacking Team, Finfisher, and Gamma Group. Though a separate entity since October 1st 2013, Finfisher was established in 2007 as part of the Gamma Group.

The following day, an email from Ali Ahmed of Miran International – according to its website, a Karachi-based “company specialising in security, defence and telecommunications” - is forwarded by David Vincenzetti, Hacking Team's CEO, to rsales@hackingteam.it, concerning an inquiry “from one the premier Intelligence Agencies in Pakistan” in regards to “infecting of GSM handsets.” (sic). Unaware of the earlier communication to HT by DSS, Miran International is interested in partnering with the Italian firm in Pakistan for the project if the latter has not already found a partner in the country.

"K Block" refers to the HQ of the Intelligence Bureau, at the Secretariat in Islamabad, Pakistan. Image Via Wikileaks.

"K Block" refers to the HQ of the Intelligence Bureau, at the Secretariat in Islamabad, Pakistan. Image Via Wikileaks.

The following day Hacking Team contacts Mr. Zakaria of DSS, asking him to provide the names of his guests. He is also informed by HT that they “are already involved in other opportunities in Pakistan.” “To protect your job,” the email from Mr. Bettini continues, “please inform me as soon as you can the agencies and contacts you are working with.” (sic). Following this email, Mr. Ahmed of MI is sent anemail by Mostapha Maana, Hacking Team's account manager for the Middle East region, similar to the one sent by Mr. Vincenzetti, asking for the agency letter, to check if they are already “in contact” with the client in question. It bounces back, and is sent again on the 21st by Mr. Maana. Mr. Maana gets in touch with Mr. Zakaria of DSS , and knows that “ we have been trying to work together since 2008”. As before, Mr. Zakaria is asked for the names of his clients “in order to protect your job”. Mr. Zakaria responds that “at this stage I think we should not discuss the names of the customers as it is a little sensitive.” Mr. Maana then responds, saying that he needs to know the names of the clients “otherwise I cannot refuse to meet the other Pakistan company at the ISS. By the way, I already know the name of this company's customer.”

It is at this point that Mr. Zakaria identifies the customer/client as being the National Police Bureau, with names of the officers attending the conference being named in the email. He requests that VIP invitations be arranged for the officers as “they are very interested your product.”

Hacking Team outlines to how RCS/Galileo works to the representative for a potential client.

Hacking Team outlines to how RCS/Galileo works to the representative for a potential client. Image via Wikileaks.

We come back to Miran International, who, whilst requesting a Non Disclosure Agreement (NDA) have listed their clients: Pakistan's Intelligence Bureau (IB) and Inter-Services Intelligence (ISI). “You can compare them to MI5 and MI6” Mr. Ali Ahmed offers helpfully. According to the Miran representative, “they're the only 2 agencies in Pakistan allowed to use voice interception and location products like A5-1 gsm interception systems.” (sic) *. “ISI and IB are the top agencies in Pakistan with no budget issues” he continues, “allowed to purchase without the tendering process.”

(*An example of what they could be referring to, for a point of reference, could be this: http://www.cellularintercept.com/ecom-prodshow/gsm_intercept.html)

Miran International and Hacking Team continue to discuss potential cooperation until early 2015, when internal emails between members of Hacking Team appear to look upon Miran International, and its sister company Vision Metric with some concern, and there is no update after February 26th of this year, when David Vincenzetti appears to remark that it is “una perdita di tempo” - a waste of time.

Hacking Team's CEO appears to have become fed up with this potential deal, calling it "a waste of time."

Hacking Team's CEO appears to have become fed up with this potential deal, calling it "a waste of time." Image via Wikileaks.

The communications between Hacking Team and Miran International may have been fruitless from the former's perspective, but a perusal of the communications between the two unearths other details. We learn, for instance, Gamma Group's representative in Pakistan was “very active in Islamabad with ISI” (sic) (though unsuccessful), and that Gamma Group's Sales Director, Edgar Bucheli, was in touch with senior ISI officials.

Here the representative passes on the information that the Intelligence Bureau (IB) is interested. Image via Wikileaks

Here the representative passes on the information that the Intelligence Bureau (IB) is interested. Image via Wikileaks.

As for DSS, communications between them and Hacking Team continue until early 2014, and then stop, apparently due to a lack of success on the part of this company as well.

This does not stop Hacking Team from being approached by Pakistani companies, such as United International Technologies (UIT), which “has been in the Pakistan market for 35 years and is the Pakistan company representative for global defense and aerospace companies such as BAE Systems, Rockwell Collins, QinetiQ, Chemring Group and Poongsan among others.” UIT contacts Hacking Team via email on February 27th 2015, and until the 5th of March discuss NDAs and the “end users” or clients of UIT, “Pakistan Army Military Intelligence and/or ISI.” UIT informs them that they will be at the 2015 ISS conference in Dubai, from the 16th to the 18th of March. As of the 5th of March, UIT is “at a very preliminary stage.” Nothing else follows.

Hacking Team and its international partners discussing a new ISI head, as any work with the "current one is a waste of time.

Hacking Team and its international partners discussing a new ISI head, as any work with the "current one is a waste of time.

What is noticeable about communications between Hacking Team and the representatives of potential client is the plainly laid out request for software that provides the customer with the ability to infiltrate and monitor communication traffic. What is conspicuous by their absence are any concerns raised about human rights or other ethical considerations.

Here the representative clearly states what the client wants.

Here the representative clearly states what the client wants. Image via Wikileaks

The private companies mentioned in this post are just a few of the many that vie for contracts from the armed forces, the police forces and intelligence agencies of Pakistan, to offer the latest in software packages that ostensibly help protect the citizens of Pakistan. The reality is that the tools that are purchased on behalf of the forces and agencies mentioned are being chosen specifically because they are advertised as being able to bypass security measures that allow users privacy and a sense of safety, with next to nothing in terms of official restraint or public oversight.

To purchase and utilise such measures without clear lawful authority violates the rights of Pakistani citizens, as laid out in the International Covenant on Civil and Political Rights, to which Pakistan became a signatory in 2010. The representative from Miran International wrote in his email that ISI and IB have “no budget issues”. On the contrary, the money which pays for the supposed free rein of these agencies comes from the taxes paid by Pakistani citizens. With no public oversight, the taxes collected from citizens are being used to finance the purchase – or research the purchase of – equipment that violates their rights.

Privacy International's report, Tipping the scales: Security & surveillance in Pakistan, can be downloaded here: