Blog Archives

Archives for July 2017

July 28, 2017 - Comments Off on Why Pakistan Badly Needs A Data Protection Law

Why Pakistan Badly Needs A Data Protection Law

Picture someone walking into your house, recording everything you have and do, with every action, gesture, conversation you’ve made or taken part in being filed away. This person then makes a list of everything you own, what you use them for, how often, and where you keep them. When you sit down to watch television or read a book, this person records it, noting what you like to watch or read. Send a text message to a friend, chat with someone over Whatsapp, place an order over the telephone? Recorded. Imagine this person taking snapshots of baby photos, and jotting down the brand of ice-cream you like. Now imagine that the stranger holds onto that information, to use against you in the future, or to sell it on to advertising companies to make a profit, without your knowledge or consent.

Scary to imagine, isn’t it? We don’t have to imagine it, however, as this already happens. It happens every day of week of the year – it’s probably happening right now, in the time it takes to get to the end of the sentence.

Whether one is an ordinary citizen or high-flying person of influence, anyone that accesses the internet in Pakistan has had their privacy breached. From the minute that your device connects to a Wifi network, whether you are at home, at work, or at a restaurant, any information you share is no longer yours, nor does it remain private. The government, multinational corporations – they have recorded all the data that is sent and received by you and millions of other internet users across the nation and across the globe.

This is all possible thanks to the digital footprint left by anyone that uses an internet connection. Just as movements in the real world can be easily traced, your internet activity creates a history, a register of all the websites you visit, the information you input, and the links you may click on. This information, which may also be shared via internet-connected mobile apps or services, can include sensitive data such as your medical history, political and religious views, sexual orientation, interests and hobbies. All of this, however, is readily available to and easily accessible by the same corporations whose websites and applications we use frequently.

If you use Google to search for a pair of shoes, for example, the advertisements or website that may pop up could be related to a particular shoe brand or retailer. Google sells over 20 petabytes (1 petabyte = 1,000,000,000,000,000 bytes) of personal user data to advertising companies each day, making up the majority of its overall revenue stream.

Some might argue that no harm is being done here, and that it doesn’t matter if other people have access to the your online information – perhaps having advertisements directed at you makes personal shopping et al more convenient. It may be that the information is the sort that you intended to be publicly available, such as a blog post. What these do not take into account, is what could happen to information that may have been shared privately or in confidence. Access to this information could provide harmful to you as an individual and would be a clear violation of your right to privacy Imagine your visa being rejected because of something you said to a friend online, or losing out on a job on the basis of your social media history or a Facebook ‘Like’ being used against you in a court of law as ‘evidence’ that you committed blasphemy.

These are tangible harms that can arise because your private information no longer remained private. Even though there is a real and factual difference between what constitutes public data on the internet and what constitutes private data, however, there are no rights to privacy for Pakistani citizens and no safeguards to stop this data from falling into the wrong hands. That is where data protection laws come in.

Just as there are laws in every country that protect the privacy and dignity of an individual in their own home, there should be rules in place that clearly define and demarcate what digital online data is to remain private and confidential, and what constitutes public domain. Interestingly, Article 14 of Pakistan’s constitution - which guarantees a person’s right to dignity and privacy in his/her own home - is almost identical to the article that has been used by the Council of Europe to grant digital data rights . There is international precedent to support the idea that the “dignity of man and the privacy of home” extends to the digital realm and yet there has been no attempt on behalf of the legislature to recognize the protections that we as citizens are entitled to.

A data protection law regulates, defines, limits and controls the type of data that can be stored, analyzed and processed by both public and private entities and the purposes and durations for which this information may be used. It acts as a safeguard against the misuse and mishandling of private data and provides citizens with a mode of accountability. It is a check on the processors of personal data and empowers the individual. This is both legitimate and important in a world where most of our communication is non-physical and almost all of our important information is on or between servers that exist virtually.

In other words it defines what constitutes private and confidential information online and what forms part of the public sphere. If a person browses the internet using their personal computer or mobile phone, they should feel secure that the information they share will not be recorded or used without their consent. This can only be achieved, however, once a proper legal framework is set in place to allow for their data rights to be exercised.

Author: Mehboob Khan

July 18, 2017 - Comments Off on The Conviction of Taimore Raza and The Jurisprudential Insight It May Provide

The Conviction of Taimore Raza and The Jurisprudential Insight It May Provide

The increasing popularity of social media and the unprecedented dependency on information technology is posing novel difficulties for Pakistan’s notoriously lethargic legal system. Furthermore, the interaction of special Anti-Terrorism legislation with modern instrumentalities of crime is testing the capacity of our judicial system to grapple with new age legal issues. The recent case of Taimore Raza, wherein an Anti-Terrorism Court sentenced him to death for committing Blasphemy under Section 295-C of the Pakistan Penal Code, is a good example of such an interaction.

According to the facts narrated by the judge, Raza was booked for showing hateful material on his phone to the public at a bus station in Bahawlpur. After having been informed, the police arrested him at the bus station. The police made an inventory of the items that he had on him, which included his phone, a wallet (with Irani Riyal, the significance of which shall become apparent hereunder), and bus tickets.

It is said that the material on his phone, which included pictures, was blasphemous. This material was also sent to the Islamia University, Bahawalpur, which opined that the material was blasphemous as to the Holy Prophet as well. There after, Raza was booked under Sections 9 and 11 of the Anti-Terrorism Act, and Sections 295-A and 295-C of the Pakistan Penal Code.

Right to Privacy

Some countries have had to delineate the extent of privacy rights that citizens have over their data. For example, the US Supreme Court has ruled that citizens have a right to privacy as to the data on their phones, and that it may not be looked into without a warrant. The external condition and characteristics of the device that contains the data does is not protected in the same manner, and may be examined pursuant to a valid arrest. This question is likely to come up before the Superior Judiciary in Pakistan soon.

This right to privacy is significant in Raza’s case because the Section 295-C charge was added to his case after the police scoured through his phone after his arrest, and without a warrant. The judgment also states that his Facebook account was logged into his phone, which is why the police was able to examine his Facebook activity. Again, this was done without a validly issued warrant.

It is to be seen whether the Superior Judiciary will extend the constitutionally guaranteed right to privacy to data.

Trial for Blasphemy under Section 295-C in the Anti-Terrorism Court

The Anti-Terrorism Act creates certain new offences, and also allows the special courts established under it to try certain already existing offences which are scheduled to it. Furthermore, the Act allows the special courts to try any other offences that an accused may be charged with while it is seized with a trial pertaining to a scheduled offence. This is significant because the procedure to be followed in trials before the Anti-Terrorism courts is heavily skewed in favor of the prosecution. The Act allows for ex-parte prosecution, which is abnormal compared to the rights typically afforded to criminal defendants. The Code of Criminal Procedure mandates that evidence against the accused must be recorded in his presence. However, the Anti-Terrorism Act removes this requirement, to the detriment of the accused. It is also worth noting that various jurisdictions hold this right of the accused to be confronted with evidence against him/her to be a sacrosanct constitutional right that may not ordinarily be done away with.

Under the ATA, Section 295-A (deliberate and malicious acts intended to outrage religious feelings of any class by insulting its religion or religious beliefs) is a scheduled offence and can, thus, be tried at an Anti-Terrorism Court. The maximum punishment under the provision is ten (10) years imprisonment and a fine. However, as mentioned above, the ATA also allows prosecution of other offences arising out of the same occurrence. In this situation, the other offence was Section 295-C (use of derogatory remark etc., in respect of the Holy Prophet), which carries a maximum sentence of death and a fine. The obvious problem presented here is that in the prosecution of an accused for a lesser crime without the mandatory provision of regular statutory rights, he/she may also be tried for an offence with a much higher sentence. The balance of the rights of the accused and the need for successful convictions must be thoroughly examined to arrive at a prudent compromise.

The Judgment

The opinion itself is predicated on some very worrying reasoning and judgment writing. Firstly, the judge has sentenced the Mr. Raza to death for having committed blasphemy against the Holy Prophet. However, he refused to share precisely what the content of the culpable expression was. Section 367 of the Cr.PC is a mandatory provision that requires the judge to explain the reasons for the judgment being rendered. This requires the judge to explain how every element of the crime has been met. A judge may not, as has happened in this case, merely state that he/she is satisfied in their mind that the offence has been committed without demonstrating how they have arrived at that conclusion. While it is understandable that judges may not want to reproduce blasphemous content, not doing so clouds the judicial process. This is a unique issue that lawmakers must deliberate upon to formulate policy.

The second issue pertains to some unwarranted extrapolations that the judge has made. According the judge, the recovery of a few Irani Riyals is evidence of links with sectarian outfits. This conclusion, by itself, is thoroughly unwarranted. A man of Shia faith possessing Irani Riyal may have several explanations other than the one the judge arrived at.

Ending Remarks

There is uncertainty. Pakistan has often lagged behind developed nations in matters of technology. It appears that it is also behind in matters of jurisprudence pertaining to technology related issues of law. The Constitution and laws of the country may be adequate to deal with new age issues, however, we will only be able to say that for sure after the Superior Judiciary grapples with several such issues and pronounces authoritative opinions on the matter. Till then, its best to err on the side of caution.

As far as the government is concerned, it is persevering with the policy of restraining controversial speech on social media. The Interior Minister warned of a possible complete social media ban if the population fails to self-regulate its speech and bring it within the prescribed limits. Continuing down this road, the Minister recently met with Facebook’s Vice President for Global Public Policy, Mr. Joel Kaplan in Islamabad and apprised him of his concerns and desires. It remains to be seen if Facebook will mold its policy to the satisfaction of Mr. Nisar. If it does, the government would move closer to successfully censoring the Internet as desired. As is popularly known, the Pakistan Telecom Authority has blocked scores of websites containing content that it deems blasphemous.

July 10, 2017 - Comments Off on The Internet as a Forbidden Library: Pakistan’s Clampdown Against Data Freedom

The Internet as a Forbidden Library: Pakistan’s Clampdown Against Data Freedom

The Prevention of Electronic Crimes Act 2016 (“PECA”) was ostensibly legislated in order to combat the “growing threat of cybercrime.” The legislation provides various legal mechanisms and investigative powers by which government authorities can search and seize digital forensic evidence and information systems in order to penalize offenders. The object and reason of the bill is to “effectively prevent cybercrimes” and defend the national security of Pakistan, while also enabling secure systems for investment in IT and e-commerce.

The legislation notes that the exercise of these powers needs to be “proportionate with the civil liberty protections afforded to citizens under the Constitution.”  It claims that “The Bill also includes specific safeguards to balance against these intrusive and extensive procedural powers in order to protect the privacy of citizens and avoid abuse of the exercise of these powers.”

There is an inherent tension within any policy formulation which seeks to govern a medium of information storage, access and delivery against fundamental rights for privacy, expression and speech.

The legislation in question, both substantively and procedurally, fails to provide any safeguard for the newly enumerated powers of government.

With regards to internet access and data systems, states can be likened to librarians which engage in the conscious curation of knowledge and expressive materials. As ruled in United States v. American Library Association, “public libraries pursue the worthy missions of facilitating learning and cultural enrichment.” Towards that end, libraries subscribe to the model of providing “[b]ooks and other... resources... for the interest, information, and enlightenment of all people of the community the library [*] serves...To fulfill their traditional missions, public libraries must have broad discretion to decide what material to provide to their patrons. Although they seek to provide a wide array of information, their goal has never been to provide "universal coverage." (United States v. American Library Assn., Inc., 2003).

Although the case dealt particularly with the filtering of internet content within state-funded public libraries, such a role is analogous to that of the paternalistic state model which is frequently advocated by Pakistan’s lawmakers and state agencies. The reasoning goes that the internet is a harmful, obscene and blasphemous space that must be cleansed before consumption for the Islamic sensibilities of the Pakistani people (Sindhu, 2017).

Notwithstanding the manipulative and political invocation of religion for the promotion of state ideologies, the internet does require regulation and surveillance for efficient government and policing against cybercrimes such as fraud, illegal trade, extortion etc. Therefore, the state has a vested and legitimate interest in seeking to control the internet. However, the debate is to what extent and to which ends?

The most important aspect of any statutory legislation is its language and terminology, which expands or restricts the scope of its controlling provisions. The PECA 2016 is worded ambiguously enough so that it is entirely up to the discretion of an authorized offer to investigate, seize, prosecute and penalize an enumerated offender.

For instance, Sections 2-8, technically speaking, make the simple act of connecting to the internet a potentially criminal activity, with the controlling element of culpability being “dishonest intention,” a discretion left entirely to the judge. “Dishonest intention” is defined as “intention to cause injury, wrongful gain or wrongful loss or harm to any person or to create hatred or incitement to violence.” Given the religious fervour and overzealousness of state functionaries to impose injury at the slightest provocation, even the simple act of browsing a potentially controversial page on Facebook or Twitter could constitute criminal activity under the law. A simple application of “Section 4 - Unauthorized copying or transmission of data,” for instance, would make sharing a controversial meme or even downloading the page for viewing (a technical necessity for accessing any content on the internet) as a potential offence. This would result in wrongful convictions and miscarriages of justice.

In effect, then, any internet activity must have the proper authorization and appropriateness. Such provisions run counter to the democratizing function of the web, meant to facilitate discourse and debate, by making it a library where content can only be consumed if the patron has the requisite permission from the proper authority, and if the content itself is deemed appropriate for viewing ab initio.

This is precisely the danger posed by the PECA, as it provides the government with both a warrant and an authority to freely designate and criminalize any political and ideological dissidents and minorities which do not align with the ideological frontiers of the state. While these constitutional guarantees have never been absolute nor unrestricted, the PECA only encourages the muzzling of these freedoms which were rarely respected by the state.

With the PECA, however, the state has an additional weapon in its arsenal to prosecute unwanted elements within society on the pretext of legitimate government regulation. While certain sections of the Act are beyond reproach and necessary for a peaceful and healthy society (such as the prevention of cyber fraud and dissemination of child pornography), the highlighted sections and their languages need to be reviewed by the apex court for being void for vagueness. Or else, if applied as it is, the PECA could become the very means by which democracy is stifled, rather than facilitated. Instead of providing a repository of knowledge, Pakistan could transform the internet into a propaganda tool where only state-ratified ideas are fit for consumption, and the rest discarded, along with their authors.


Author: Ashtar Haideri
Ashtar is an intern at DRF. He is a senior law student at the Lahore University of Management Sciences, and is interested in law, philosophy, and technology.

July 4, 2017 - Comments Off on Pakistan Struggles as Civil Liberties Stifle: June 2017

Pakistan Struggles as Civil Liberties Stifle: June 2017

PRIVACY UNDER ATTACK: WikiLeaks Reminds Us of the NSA/GCHQ Theft of Official Pakistani Citizen Data

Page Cover

On June 6th, The Intercept and other news outlets reported on a leaked National Security Agency report that analysed Russian military intelligence’s attempts to hack electoral systems days before the United States Presidential Election in 2016. According to WikiLeaks and Assange, both the GCHQ and the NSA acquired access to the database of Pakistan’s National Database and Registration Authority (NADRA) to get hold of the identification records of Pakistani citizens, in order to be able to track anyone that they may suspect to be involved with terrorism. Read More...

Shmyla Khan Talks About Cyber Harassment on FM91

Shmyla Khan FM91

Shmyla Khan, represented the hardworking team of the Cyber Harassment Helpline on FM 91’s “Pakoray and Patakay” with Ahmer Naqvi on June 16, 2017. The discussion created awareness about online harassment and tips about digital security--followed by a quiz for the audience. Thank you to the team for supporting DRF!

Data Protection & Privacy in the Digital Age – Part 1: “You Are Being Watched”

Data Protection Blog cover-02

We live in what cyber space specialists call the “Golden Age of Surveillance.” As our lives become increasingly digitalized, our privacy is proportionally threatened by the onslaught of data-hungry marketers and companies interested in snooping on our behavioural preferences. Not all of us realize that with or without our consent, our lives are being tracked and gathered in a massive database of personal information by companies and government agencies. But what can we do about it? Read More...

Statement of Support #RecoverAishaAndAlyaan

Lahore-High-Court

Digital Rights Foundation and Girls at Dhabas condemn the attack on Asma Jahangir’s associates from AGHS Legal Aid Cell - comprising a female lawyer and two male lawyers - inside a courtroom at the Lahore High Court yesterday morning, i.e. June 20, 2017, by a large group of about 60 to 70 lawyers. Asma and her team have been representing a poor woman who filed a petition to find her missing daughter, 26-year-old Aisha, and grandson, Alyaan. Read More...

Social Media Crackdown in Pakistan

Crackdown of social media activists continues as a Pakistani journalist, Zafar Achakzai, was arrested on June 25, 2017 in Quetta. Zafar has been accused of writing against “national security institutions” on social media and charged under the Prevention of Electronic Crimes Act. Read More...

Taimoor Raza Sentenced To Death For Blasphemy on Facebook

Courtesy of Guardian. Photograph: Faisal Mahmood/REUTERS

Courtesy of Guardian.
Photograph: Faisal Mahmood/REUTERS

An anti-terrorism court in Pakistan has sentenced a man to death for allegedly committing blasphemy on Facebook, the latest step in an intensified crackdown on dissent on social media, reports Guardian. Read More...

IFEX At 25: Strategy Conference & General Meeting, Montreal, Canada

IFEX at 25

June saw IFEX, the international freedom of expression network, mark its 25th anniversary in Montreal, the city in which it was founded, with the 2017 IFEX Strategy Conference and General Meeting. The theme of this year’s conference were the 3 ‘Rs’ - Rights, Resistance, and Resilience - to quote Cathal Sheerin of IFEX, “In other words, what our members fight for, the way they fight and how they endure the often relentless attacks on their work and organisations promoting our rights.”

Given the worsening state of rights across the globe in 2017, with growing repression and travel bans preventing some delegates from being able to attend, the 3 Rs carry more weight than ever, and were a recurring theme during the workshops held during the three day conference.

Digital Rights Foundation was able to to share our experiences in the struggle for digital rights, transparency, privacy and freedom of expression in Pakistan, our cyber-harassment helpline, and to present our thoughts on the Open Government Partnership that Pakistan has recently joined.

We not only established possible collaborations with potential partners, but Digital Rights Foundation is also pleased to report that we were voted to become full members of the IFEX network - a new role that will help us in our fight for digital, privacy and freedom of expression rights in Pakistan.

Access Now: How the Digital Rights Foundation is empowering women to defend their rights

Access Now

In a world where people struggle for basic human rights and are put behind bars when they fight for those rights, they confront countless challenges every day. And if they happen to be from an oppressed or minority group, those struggles grow exponentially. Individuals and organizations are working beyond borders, day in and out, to make this fight easier for those who don’t have the information or capacity to fight for themselves. DRF focuses on the right to data privacy, and the issues pertaining to gender in technology — particularly the internet. Read More...

The Rights of Pakistani Citizens in the Digital Realm

Thought Police

Free speech on social media is being actively stifled by the government. Many people have received telephone calls by the Federal Investigations Agency (FIA), requiring them to present themselves at the FIA offices. People have received notices too. There have been detentions and seizures of people’s personal electronic devices.  Most alarmingly, criminal proceedings have been instituted against an individual for expressing opinions critical of the country’s armed forces. In such circumstances, it is essential that citizens know exactly what the limits of their freedom of expression are. Read More...

Intercepting phone calls is legal, Senate body told - July 2017

ISLAMABAD: The Ministry of Information Technology and Telecom Division on Monday informed the Senate Committee on Delegated Legislation that intercepting telephone calls is lawful and should not be taken as a serious matter because it is practiced worldwide. Read More...