Blog Archives

All Posts in Human Rights & Technology

April 5, 2017 - Comments Off on DRF Submits Reponses for the UN Secretary-General Report on the Safety of Journalists

DRF Submits Reponses for the UN Secretary-General Report on the Safety of Journalists

Digital Rights Foundation made its submission to the UN Secretary General report on the safety of journalists on the issue of impunity. In the responses, DRF pointed out that female journalists are susceptible to discrimination and gender-based obstacles both from within their professional spaces and outside it. Female journalists in Pakistan face a double-bind because of their gender: at one level they face the same level of threats and surveillance that journalists face in Pakistan (the fourth most dangerous country for journalist according to the International Federation of Journalists (IFJ)), and the secondly the gender-specific obstacles stemming from being a female journalist in Pakistan. Their reporting on so-called sensitive topics such as civil-military relationships, blasphemy laws, and stories contradicting the state narrative make them more susceptible to state and social surveillance.

Within Pakistan, the Protection against Harassment of Women at the Workplace Act, 2010 protects female journalists from discrimination and harassment within the workplace. The impact of this law is not as clear-cut. Journalists who have the lodged sexual harassment complaints within media houses have faced a backlash at times.

In terms of international humanitarian law violations, journalists are quite susceptible to conflict driven violence and attacks from terrorists, sectarian groups and armed operations. Many journalists have lost their lives while covering events that have been attacked. Compensation in these cases takes place as per labour and social security laws. There have been several proposal for the protection and welfare of journalists but nothing concrete has been passed.

Through our research “Surveillance of Female Journalists in Pakistan”, we have learnt that media houses are far from perfect when it comes to addressing rampant sexism within the organization. The respondents in our research told us that these organizations are not equipped to support women when they file cases of sexual harassment. Furthermore, female journalists posit that line managers and editors tend not to take online abuse and digital surveillance as seriously, especially when it hasn’t translated into physical threats. This puts female journalists at a huge disadvantage because they are more likely to receive physiological threats and surveillance.

Digital Rights Foundation conducts workshops and training sessions for female journalists. Often times digital security and self care is a neglected aspect of security for journalists and a facet that is often ignored in mainstream discussions. For this reason DRF sees itself as addressing a real gap in terms of safety of journalists. These sessions are being held in conjunction with press clubs to deliver basic anti-harassment and digital security training to reporters, editors and web-based journalists. A digital security handbook (living document) for journalists has also been developed as part of our training program with basic security guidelines and tips for female journalists.

April 5, 2017 - Comments Off on DRF’s Submission to UN Human Rights Commission For The Report To Bridge Gender Digital Divide

DRF’s Submission to UN Human Rights Commission For The Report To Bridge Gender Digital Divide

Digital Rights Foundation submitted responses to the UN Office of the High Commissioner for Human Rights (OHCHR) to prepare a report on ways to bridge gender digital divide from a human rights perspective. In its submission, DRF identified the dire need to address the digital divide promoted by gender, and that women are particularly disadvantaged in terms of their position in society, workplace and even in relation to their own families with the same wage bracket. For these reasons barrier to digital technologies and digital life are more enhanced for women.

Political reasons also act as barriers to access to digital technologies. For instance, the internet has been shut down in FATA for security reasons, as well as to silence political dissent. While this might seem like gender-neutral factor, our research has found that women are more impacted by such politically motivated shutdowns given that they cannot travel to internet cafes that have sprung up in the region.

Digital Rights Foundation has also been critical of applications geared towards women. Several smart-phone applications are emerging that are aimed specifically at women, both by the state and the private sector, and there is a need to critically analyse the claims that these apps make regarding increased security for women. Furthermore, as space opens up in Pakistan for web-based delivery of services, DRF is engaging in research that aims to highlight the privacy violations as well the impact on the women who use these services. This is precisely why DRF is working towards privacy and data protection legislation that will ensure more rights for users and protect vulnerable groups, such as women, from surveillance and discrimination.

The recommendations that DRF proposed to bridge digital gender divide emphasized on the importance to make the industry stakeholders aware of their responsibility to ensure better privacy policies when it comes to the personal data of users. Data breaches and violations of privacy can have serious consequences for women. In Pakistan, with the absence of data protection laws and obligations, it is even more important to engage with the industry and communicate their responsibility in protecting users’ data and right to privacy.

The tech community should take measures to ensure the promotion of more women to leadership positions and to have more representation from women and marginalized communities. This representation is important because the presence of women will mean more gender-sensitive policies and a better understanding of the issues that women face. it is important to ensure that the companies working towards gender issues and on gender empowerment engage with these themes meaningfully rather than superficial efforts or as marketing ploys. Many tech companies own social media platforms which are the primary site of online harassment, bullying, blackmail and violence. These companies need to have contextually-sensitive policies for protecting the privacy, dignity and personal integrity of women in online spaces. Tech companies also need to ensure that efforts to ensure accessibility should be done in the principle of net neutrality and the principle of free access should be upheld in efforts to improve coverage and accessibility.

April 4, 2017 - Comments Off on Digital Rights Foundation Submits Universal Periodic Review 2017 Report for Pakistan

Digital Rights Foundation Submits Universal Periodic Review 2017 Report for Pakistan

Digital Rights Foundation made a submission for the Universal Periodic Review (UPR) for Pakistan 2017 on the topic of “Gender Rights in Pakistan: Online violence, Free Speech and Access to Information”. The aim of this submission was to advocate for the digital-specific rights for the citizens of Pakistan. The report incorporated the issues of gendered digital violence, digital rights, freedom of expression (FOE), privacy, violence against women and surveillance.

The report highlighted the issues of digital rights and violence with regards to women and sexual minorities, including the right to speech in online spaces, right to privacy, freedom from digital surveillance, electronic violence against women (eVAW), and access to digital technologies and spaces. The submission refers to the UN Human Rights Council’s resolution that “the same rights that people have offline must also be protected online, in particular Freedom of Expression, which is applicable regardless of frontiers and through any media of one’s choice”.

The report addresses the need to apply a gendered perspective to digital rights, and recommendations need to be injected into the UPR process that specifically address eVAW and the digital gender divide. It outlines the major incidents and advancements around access to digital technology, including the lowest internet usage density in Pakistan, the suspension of telecom and internet services, and the gender gap in usage and ownership of mobile phones in Pakistan. It also highlights that women, especially women journalists, women human rights defenders and activists, experience internet different from men. They are denied access to spaces due to gender disparity, stereotypical and cultural expectations on how women should behave online, cyber harassment, sexualised threats and violence stemming from online activities-impeding women’s right to free speech online, political participation, information and association.

The submission report states that since the last UPR submission process, Pakistan’s situation of free speech has declined both online and offline due to a concerted effort on part of the GOP to regulate online spaces. With the passage of Prevention of Electronic Crimes Act 2016 (PECA), the government has been granted sweeping powers on the online content. Whereas, the Pakistan Electronic Media Regulatory Authority (PEMRA) Ordinance 2002 allows PEMRA to regulate speech and programming on electronic media. It also mentions the patterns of censorship by the Government of Pakistan on multiple occasions without prior notices and further explanations.

Lastly, the report puts forward the recommendations to ensure the gender based digital rights in Pakistan. These recommendations include campaigns specifically for women to increase digital literacy in rural areas, ensuring affordable and unhindered access to the internet and electronic devices, providing cheaper and subsidized internet access to women along with special discounts to promote the ownership of internet connections among women, amending or repealing legislation that violates Pakistan’s international obligations regarding freedom of expression, setting up dedicated departments for online violence against women in FIA's Cyber Crime Wing (Nr3C) and other law enforcing agencies (LEAs) with increased female staff and properly gender-sensitized officers, legislating data protection law in line with international human rights principles, and awareness campaigns around online harassment, digital security, and the mechanisms in place to address it.

April 21, 2015 - Comments Off on New Cybercrime Bill Threatens the Rights to Privacy and Free Expression in Pakistan

New Cybercrime Bill Threatens the Rights to Privacy and Free Expression in Pakistan

ARTICLE 19 and Digital Rights Foundation Pakistan have serious concerns about measures contained in Pakistan’s proposed Prevention of Electronic Crimes Bill (‘PEC Bill’). The Bill contains a number of provisions that, if implemented, would violate the rights to freedom of expression and privacy. We urge members of the Senate of Pakistan to reject the Bill and call on the Pakistani parliament to ensure that any new cybercrime legislation is fully compliant with international human rights standards.

In our joint legal analysis, ARTICLE 19 and Digital Rights Foundation Pakistan address the following concerns:

  1. Power to manage intelligence and issue directions for removal or blocking of access of any intelligence through any information system

  2. Overbroad offences against misuse of computers and lack of public interest defence

  3. Glorification of an offence and hate speech

  4. Overly broad cyber-terrorism offence

  5. Offences against dignity of natural persons

  6. Offences against modesty or a natural person and minor

  7. Cyberstalking

  8. Spoofing

  9. Criminalising the production, distribution and use of encryption tools

Read more information, including our recommendations, in the PDF below:

Pakistan Cyber Crime Joint Analysis

 

September 10, 2014 - Comments Off on Turkey with its 29 Tweeters Still Behind the Bars Makes IGF ’14 Quite an Ironic Event

Turkey with its 29 Tweeters Still Behind the Bars Makes IGF ’14 Quite an Ironic Event

As we close off the Internet Governance Forum 2014 here at Istanbul and as I leave for Lahore, I can’t help but feel that this year's IGF kept on with its tradition of being a "talk-house" since past few years, creating no tangible actions. Sponsored by the United Nations, IGF hosted some 3,000 government, corporate, and civil society leaders and representatives making it a perfect venue for talking about difficult challenges, moving forward and making decisions. The event is organized every year to help shape the future of the Internet, however, it feels as if this reunion every year is drifting away from the actual problems concerning the people of the Internet especially in the authoritarian countries.

IGF certainly retains its singular prestigious place for highlighting challenges in an open-ended consultative process, enabling civil society and individuals voice their perspectives and concerns during the conference. However, it was felt throughout the civil society community that government officials weren’t keen on engaging in the dialogue discussing serious concerns about unfortunate events that have happened in their respective countries.

Being hosted in Turkey, it was an important place to discuss internet governance where government officials could have set a precedent for digital governance elsewhere. Turkey’s prosecution of 29 Twitter users has been a global example for the repressive regimes. Government prosecuted these tweeters who are being tried in Izmir facing up to three years in jail for posting critical tweets during last year’s protests. This case was charged by the Turkish officials as the one to “incite the public to break the law”. It is this stark hypocritical stance of the government to host one of the most important internet governance events in the country all the while censoring and harming freedom of speech online domestically.

To talk about repressive regimes’ ruthless behavior towards human rights activists and the hush by the government officials at the IGF, a group of civil society members and individuals hosted another conference during the IGF week. Titled as Internet Ungovernance Forum, the conference was organized to demand a free, secure, and open internet with fundamental freedoms, openness and net neutrality. Proving to be a vivid example of the increasing lack of empathy on the IGF forum, this group of Turkish activists weren't allowed to attend the conference. Ungovernance Forum's stakeholders believed that due to the representation of various governments that “don’t deserve” representation at a forum like IGF, ungovernance forum is designed to talk about the most important issues, create a space to raise voices of civil society members and common people, and then solve these problems while working towards a path for action.

Participants at this year's IGF also felt an evident gender gap especially during the opening ceremony. Freedom House presented this statement about the lack of gender equality at IGF 2014:

The 2014 IGF included numerous workshops on topics of human rights, including freedom of expression, gender, privacy, and access. Yet the value of this enterprise is undermined when governments can use the IGF to promote themselves, but civil society groups are forbidden by the ad hominem principle from criticizing them. Likewise, gender equality cannot genuinely be discussed when the vast majority of individuals at high-level meetings, delivering speeches, and participating on workshop panels are men. Access also cannot be addressed when remote participation fails to adequately provide two-way discussion from those who cannot attend in person. The IGF should include these voices not only to promote multistakeholderism and inclusion, but also to improve the quality of discussion and the prospects for solutions.

Active participation of civil society members and individuals in the Ungovernance Forum shows sheer disappointment that was felt in the fraternity having attended the IGF in Turkey which failed to acknowledge its own domestic internet governance challenges. While we may dream of creating better future for Internet and its citizens, it is of the utmost importance to talk about the most pressing issues when it comes to online freedom of dissidents and common people. Failure of the host country by ignoring hard questions put up by the journalists only undermines the importance of freedom of speech online. Unless repressive regimes aren’t ready to talk about their internal issues and lack of empathy towards their own citizens, it is only but ironic to see such states having an incredible part in the future of the Internet. God forbid how oppressive and censored that future is to be.

 

August 22, 2014 - Comments Off on Pakistan is a FinFisher customer, leak confirms

Pakistan is a FinFisher customer, leak confirms

In the first week of this month, someone hacked into the servers of FinFisher, the notorious surveillance software maker, which was reported to have two command and control servers inside Pakistan last year. The hackers got hold of whatever they could find on the server and leaked it as a torrent. The 40Gb torrent contains the entire FinFisher support portal including the correspondence between customers and the company staff. It also contains all the software that the company sells as well as the accompanying documentation and release material.

finfisher-pakistan-home

What is FinFisher?

FinFisher is a company that sells a host of surveillance and monitoring software to government departments. The primary software, FinSpy, is used to remotely access and control the computers or mobile phones belonging to the people being spied on. The company offers several methods to install FinSpy, which range from a simple USB that can infect a computer to directly attaching the trojan with legitimate files when they are being downloaded through installing a kit at the ISP. The whole FinFisher toolset is designed to give the people buying these software access to emails, web browsing history, and any other activity performed by the “targets.”

Is Pakistan a FinFisher customer?

Apparently, yes. A University of Toronto based research group called Citizen Lab released a report last year identifying two FinFisher command and control servers on the PTCL network. But this recent leak gives us a more complete and conclusive picture. The leaked support portal tells us that someone from Pakistan in fact licensed three software from FinFisher for a period of three years. The systems Citizen Lab identified were probably the computers hosting the FinSpy server program and were merely using a PTCL DSL connection. PTCL, the company, we think was not involved. If not PTCL, then who? It could be anyone but since FinFisher only sells these software to government agencies, it was most likely one of the many intelligence agencies operating within the Pakistani government.

In one of the “critical” support ticket that we have extracted from the FinFisher support portal, someone identifies their name (retracted in this article) and location (Pakistan) and complains that their problems are not being addressed through Skype (which we presume was the primary way FinFisher provided help to the customers). FinFisher database identifies the said customer with the username 0DF6972B and ID 32.

finfisher-pakistan-location

What was purchased?

After that clue, we looked further into the purchase history of Customer 32 and their correspondence with FinFisher staff and found out that they have licensed not one but three software from the spy software maker. The primary software, FinSpy, is used to target people who “change location, use encrypted and anonymous communication channels and reside in foreign countries.” After FinSpy is installed on a computer or a mobile phone, it can be—according to the product brochure—“remotely controlled and accessed as soon as it is connected to the internet/network.”

In addition to FinSpy, Customer 32 also purchased another software called FinIntrusionKit to hack into hotel, airport, and other wifi networks to catch “close-by WLAN devices and records traffic and passwords”, extract “user names and passwords (even for TLS/SSL encrypted sessions),” and “captures SSL encrypted data like webmail, video portals, online banking and more.” The third software is a tool to infect USB devices so that whoever plugs them becomes a target of surveillance.

finfisher-pakistan-licenses

How does Pakistan FinFish?

From the support tickets filed by Customer 32, we also get to know that whoever in Pakistan purchased FinFisher used it, for instance, to infect harmless MS office documents, particularly PowerPoint files and sent them to people they wanted to spy on. The simple act of opening the infected files led their computer being put into constant surveillance including emails, chats, and other activity.

finfisher-pakistan-powerpoint

Customer 32 also used FinFisher to covertly steal files from the “target” computers. All the files of those who were targeted were readily available but Customer 32 wanted more, as outlined in another support ticket: “the agent be able to select files to download even when the target is offline and whenever the target comes online, those selected files may be downloaded without the interaction required from user.”

finfisher-pakistan-more

While we know that FinFisher is deployed in Pakistan, some questions remain to be answered. As citizens of a democratic state, it is our right to know who is using these surveillance software in Pakistan, how much budget is being spent on these licenses, and what laws and regulations are being followed for deploying these software.

Update [Sep 15, 2014]: How much did it cost?

WikiLeaks today released a list of countries who bought software from FinFisher and the associated cost that was paid. The cost was calculated using a price list they found inside an excel file. Pakistan, as per the revealed price list, paid €432120 (or 57 million Pakistani rupees) for the three software that were purchased.

---
From our earlier coverage:
» Global Coalition Of NGOs Call To Investigate & Disable FinFisher's Espionage Equipment in Pakistan
» FinFisher Commercializing Digital Spying – How You can be a Victim?

July 18, 2014 - Comments Off on UN Report Calls Mass Surveillance a Violation of Human Right to Privacy

UN Report Calls Mass Surveillance a Violation of Human Right to Privacy

In an important step towards establishing international consensus on the right to privacy in the technological age that we live in, United Nations High Commissioner for Human Rights on Wednesday issued a report calling bulk collection of private data and mass surveillance against the international law.

The report was prepared in response to the UN General Assembly resolution adopted during its 68th session in December 2013. The resolution, introduced by Brazil and Germany, specifically noted that the practices of bulk collection of private data and mass digital surveillance may be in violation of the Article 12 of Universal Declaration of Human Right and the Article 17 of the International Covenant on Civil and Political Rights:

"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

The resolution had called upon all the UN member states "to respect and protect the right to privacy, including in the context of digital communication" and had requested the United Nations High Commissioner for Human Rights to submit a report to be considered by the General Assembly during the next session.

The very existence of a mass surveillance program constitute an interference with privacy, the High Commissioner notes, and asks the governments to make sure such actions are neither arbitrary nor unlawful.

The report employes clear language in condemning collection of private digital data and observes that the "collection and retention of communications data amounts to an interference with privacy" regardless of the excuse that the data might be used later.

It dismisses the idea that the collection of metadata about a communication, in contrast to the communication itself, is not a violation of privacy. The metadata, it says, "may give an insight into an individual’s behaviour, social relationships, private preferences and identity that go beyond even that conveyed by accessing the content of a private communication."

It also cautions that the companies who supply mass surveillance technology to states which are known to use the information in violation to human rights risk "being complicit in or otherwise involved with human rights abuses,"

Considering that Pakistan has been known to have deployed Netsweeper and Narus products, which have reportedly been used by other repressive regimes for censorship and surveillance, on its network, Digital Rights Foundation (DRF) welcomes the report and hopes that the government of Pakistan, as a member UN state, would pay attention to the observations made in the report.

July 13, 2014 - Comments Off on Why exactly is ‘Protection of Pakistan Act’ problematic?

Why exactly is ‘Protection of Pakistan Act’ problematic?

Signed today into law by President Mamnoon Hussain, Protection of Pakistan Act is an extremely repressive law giving unquestionable powers to armed and police forces. Human Rights Watch (HRW) and the civil society of Pakistan has aggressively opposed the bill for curbing fundamental constitutional and human rights.

Several provisions of PPA, 2014 are problematic along with a number of vaguely defined terms that can be misused by Law Enforcement Agencies (LEAs). As the powerful elite of the country has most of the police loyalties with the legal system already in a shambles, PPA gives “green light for abusing suspects”, as put by HRW.

The new law doubles the maximum sentence for terrorism offences to 20 years and permits security forces to shoot suspects on sight. The scheduled offences are not only non-bailable but keep the burden of proof on the detainee who will be considered guilty unless proven otherwise.

The provisions of Protection of Pakistan Act 2014 also give safe-outs to police officers of BPS-15 grade or higher on the basis of good faith which can create huge troubles in the country where police is hardly trusted by the citizens.

Here are the details on why exactly the civil society opposes Protection of Pakistan Act and what are the problematic provisions. Please share the details widely among your circle to better inform your friends and families about this law which will remain in effect for two years and can have huge repercussions for a common citizen, bloggers, and especially dissidents.

protection of pakistan act 2014

ppa 2014

protection of pakistan act 2014

January 2, 2014 - Comments Off on "Unseen War" – Screening of a Short Film on Drones by Tactical Tech

"Unseen War" – Screening of a Short Film on Drones by Tactical Tech

“Unseen War” Tactical Tech’s film Screening on 11th January, 2014

Venue: Crystal Ball B, Marriott hotel, Islamabad

Date: 15:00 - 17:00 11th January, 2014

Digital Rights Foundation is pleased to invite you to a special screening of “Unseen War” on 11th January, 3:00 pm to 5:00 pm at the Crystal Ball B, Marriott Hotel at Cyber Secure Pakistan 2014.

“Unseen War” is one of the films from the series of Tactical Tech’s project of short films “Exposing the Invisible”. This short film changes the angle slightly and explores the physical, moral and political invisibility of US drone strikes in Pakistan.

Team of Exposing the Invisible speaks to journalists, activists and experts inside and outside of Pakistan about the consequences of the strikes in the tribal FATA region, why they are possible, and how we can make the issue more visible using data and visualization tactics.

The screening of the film will be followed by a panel discussion on the cases shown in the film; how activism is transforming in Pakistan, and how it effects us.

 

Moderator: Usama Khilji

Panelists:

  • Marek Tuszynski - Tactical Technology Collective (Skype)
  • Abdullah Saad – Technology expert
  • Ammar Jafferi – Chairman PISA
  • Taha Siddqui – Freelance journalist
  • Shahzad Akbar – Reprieve UK

 

DRF and PISA look forward to your participation in making this screening a success!

For more, join our Facebook event page or visit the website.

September 22, 2013 - Comments Off on Call for Participation: Digital Security Workshop in Lahore

Call for Participation: Digital Security Workshop in Lahore

 

Digital Rights Foundation is pleased to announce a day long digital security training being organized in partnership with Shirkat Gah and Bolobhi. Journalists, bloggers, writers, human rights defenders and students in Lahore are invited to apply for this workshop. The training sessions will be conducted on Thursday, September 26, 2013.

This workshop aims at equipping the participants with the skills and techniques necessary for staying safe online. One of the purposes of this training is to enable the participants carry out similar workshops within their organizations and share the experience gained through their networks.

If you meet the eligibility criteria and would like to participate in this training, please submit a statement of interest along with a brief bio outlining your work to nighat@digitalrightsfoundation.pk. In the statement of purpose, demonstrate your interest by clarifying how the experience gained through this training program will help you in pursuing your goals personally and professionally. You may also indicate how this program relates to your future aspirations regarding digital security.

Further information regarding the event will be shared with the selected participants. The applicants must send their applications by September 24th, 2013. Late submissions will not be considered.