Blog Archives

Latest Posts

Monthly

Categories

All Posts in

June 23, 2015 - Comments Off on Press Release: British intelligence agency hacked into Pakistan Internet Exchange

Press Release: British intelligence agency hacked into Pakistan Internet Exchange

Digital Rights Foundation is seriously concerned by revelations of the infiltration of Pakistan's Internet Exchange by Britain's GCHQ intelligence agency. We urge the government of Pakistan to take action to protect the right to privacy of Pakistani citizens, and to condemn the actions of GCHQ.

From documentation published by The Intercept, it was revealed that Britain's intelligence agency GCHQ as a result of its Computer Network Exploitation (hacking) operations had gained presence on the Pakistan Internet Exchange prior to 2008. This gave GCHQ according to the document published “access to almost any user of the internet inside Pakistan” and the ability “to re-route selected traffic across international links towards GCHQ's passive collection systems.”

This hacking operation, at a scale never previously seen before from the British intelligence agency, seriously undermines the right to privacy of all users of the internet in Pakistan. By targeting a key point in Pakistan's communications infrastructure, GCHQ have put at risk the security and integrity of a significant portion of Pakistan's communications infrastructure.

The Pakistan Internet Exchange is a core part of the communications infrastructure in Pakistan. It is a common point of transfer for a significant portion of Pakistanis' communications. This makes the intrusion all the more concerning. Any vulnerability that allows British intelligence to access the exchange is also available to any other malicious actor.

The operation from GCHQ targeted Cisco routers. Cisco routers have previously been caught up in intelligence agencies cross-border spy games. It was revealed that America's National Security Agency had been intercepting Cisco routers and installing firmware onto them before they were delivered to customers. Steps should be taken immediately by Cisco to fix any vulnerabilities discovered in their routers to protect their customers right to privacy.

This is not the first time that Pakistan has been involved in the mass surveillance programmes from intelligence agencies of a “friendly” nation. Earlier this year it was reported that the NSA had determined that Al-Jazeera's Islamabad bureau chief was a person of interest, via metadata collected from 55 million Pakistani mobile phone records, and entered in SKYNET, a computer programme designed to analyse metadata.

It is unclear whether the Pakistan government knew of these operations. The Pakistan government has an obligation to protect Pakistanis right to privacy and this level of intrusion onto critical national infrastructure undermines that obligation. It is of paramount importance that the government does all it can to account for this intrusion and to take meaningful steps to ensure the right to privacy in Pakistan and prevent it from being brazenly interfered with by foreign intelligence agencies.

-------------

Nighat Dad, Executive Director of Digital Rights Foundation:

"The GCHQ operation highlights the growing mission creep on the part of intelligence agencies and other state actors, who frequently request more sweeping surveillance powers and authority, and who bristle at any attempts to enforce effective oversight upon them. This hacking not only does not protect ordinary people, but leaves them more vulnerable to malicious actors that can exploit the same vulnerabilities that GCHQ has infiltrated. ”

When ostensibly democratic nations carry out such draconian and unethical actions against the citizens of nations they are 'allies' of, it sets a troubling precedent. The government of Pakistan could point to the actions of the US or the UK as justification for passing greater surveillance measures against its own people."

------------

Further sources:

Original story here:

https://firstlook.org/theintercept/2015/06/22/gchq-reverse-engineering-warrants/

Document can be found here:

https://firstlook.org/theintercept/document/2015/06/22/gchq-warrant-renewal/

National Security Agency interdiction of Cisco routers:

http://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/

Al-Jazeera's Bureau Chief designated as “member of Al Qaeda” and the SKYNET programme

https://firstlook.org/theintercept/2015/05/08/u-s-government-designated-prominent-al-jazeera-journalist-al-qaeda-member-put-watch-list/

http://digitalrightsfoundation.pk/2015/05/spectrum-eyes-the-nsa-pakistani-metadata/

June 5, 2015 - Comments Off on Time Magazine Honours Nighat Dad as a Next Generation Leader

Time Magazine Honours Nighat Dad as a Next Generation Leader

Digital Rights Foundation founder Nighat Dad with Nobel Prize winner and activist Malala Yousafzai.

Digital Rights Foundation founder Nighat Dad with Nobel Prize winner and activist Malala Yousafzai.

Nighat Dad, Digital Rights Foundation's founder, was recently honoured by Time Magazine, by being named one of its Next Generation Leaders of 2015. She joins five other young innovators who are leading by example and inspiring others to have the courage to follow their convictions. Read Time's profile on Nighat and the important of Digital Rights Foundation's work here.

 

May 20, 2015 - Comments Off on Citizens and Industry Refute IT Minister’s Statements & Demand Proper Public Hearing

Citizens and Industry Refute IT Minister’s Statements & Demand Proper Public Hearing

PEC Bill/2015:

 INDUSTRY AND CIVIL SOCIETY ACTIVISTS STRONGLY REFUTE

IT STATE MINISTER’S DELIBERATE DISTORTIONS AND ALLEGATIONS

AND DEMAND PUBLIC HEARING

20 May 2015

 

We, the Joint Action Committee on the Pakistan Electronic Crimes Bill 2015 (PECB) & Alliance For Access, reject and take strong exception to statements made by Minister of State for IT & Telecommunications, Ms. Anusha Rahman, during the NA Standing Committee on IT’s meeting on 20th May 2015.

During the meeting Ms. Rahman remarked that ‘elements are making a hue and cry so that no laws against cyber crimes could be enacted in the country’. This is entirely false and a gross misrepresentation of what members of civil society and industry have been saying throughout the process.

We have categorically stated that a cyber crime law is required to deal with crimes. However, in its current form, the Bill is not acceptable to the public, the IT industry and the media. It will be highly detrimental to the fundamental Constitutional rights of all citizens to the freedom of speech and expression; the right to information; it will negatively impact legitimate business, research, education, information, and will have an adverse impact on Pakistan’s economy. Additionally, this draft will affect journalism at large in the country and, ultimately, lead to an absence of investigative journalism by diminishing access to information, which would otherwise strengthen the government’s fight against corruption and nepotism.

Moreover, we have repeatedly insisted that public input must be taken on the draft Bill, and that it should be reviewed and revised through an open, transparent and consultative process. This is in keeping with democratic norms of legislation and political participation.

Ms. Rahman also said today that had there been a cyber crime law, the Axact case would not have happened. We ask her: although there are multiple laws in the country, does that mean crimes are not committed? Laws are enacted to ensure action can be taken against a crime after it is committed. In Axact’s case, the FIA has already acted through search, seizure and detention. The investigation is underway, therefore, clearly a lack of law has not been a hindrance. The Axact issue should not be used as a convenient excuse to push through the‪ ‎cyber crime Bill in its current draconian form, without consultation or seeking public input and making the necessary changes.

A public hearing on the PEC Bill is scheduled for Friday, May 22, 2015. However the ‘invitation’ has only been extended to seven people to appear before a committee of 20 members. This is contrary to the spirit of a “public hearing.”

The Joint Action Committee members  are definitely among the stakeholders, but we are not the only ones. Instead of hand-picking selected invitees, we call upon the NA Standing Committee on IT to conduct the public hearing in a proper manner, by opening it to all concerned members of the public and invite the entire print and electronic media too, in the spirit of transparency and openness.  No other course of action is acceptable.

Signed:

Bolo Bhi

Bytes For All

Digital Rights Foundation

Human Rights Commission of Pakistan

Internet Service Providers Association of Pakistan

Media Matters for Democracy

Pakistan Software Houses Association

Reporters Without Borders

May 20, 2015 - Comments Off on Join The Global Feminist Hackathon, In Memory of Sabeen Mahmud

Join The Global Feminist Hackathon, In Memory of Sabeen Mahmud

10407642_900996653301137_7774784743798442630_n

Digital Rights Foundation and Hamara Internet are joining hands with WECREATE Center Pakistan, to participate in the first Global Feminist Hackathon being held on May 23rd 2015, in loving memory of Sabeen Mahmud. We dedicate this inaugural Global Feminist Hackathon to Sabeen and to all those who fight against injustice and discrimination around the world. As Sabeen once said, “I love and cherish that technology has the potential to change lives. We need to devote ourselves to making enabling tools and technologies accessible to more and more people.”

The session will address the current digital legal landscape in Pakistan, concerns with the proposed cyber crimes bill, and the sharing of digital tools and skills to make online spaces safe for women in Pakistan. If you are in Islamabad and want to join us, please contact us at info@digitalrightsfoundation.pk. We also encourage you to join and conduct your own activities dealing with gender and technology, privacy and surveillance, digital security, the hacking of gender roles in technology, or anything else related to technology and human rights.

Sabeen was a symbol of the kind of Pakistan that we want to leave for our children, an icon of free thought and progressive ideas. Let us take her vision forward.

Please share this information widely among your networks and register your activity at the following link by May 23rd: https://f3mhack.org/index.php/en/

April 21, 2015 - Comments Off on New Cybercrime Bill Threatens the Rights to Privacy and Free Expression in Pakistan

New Cybercrime Bill Threatens the Rights to Privacy and Free Expression in Pakistan

ARTICLE 19 and Digital Rights Foundation Pakistan have serious concerns about measures contained in Pakistan’s proposed Prevention of Electronic Crimes Bill (‘PEC Bill’). The Bill contains a number of provisions that, if implemented, would violate the rights to freedom of expression and privacy. We urge members of the Senate of Pakistan to reject the Bill and call on the Pakistani parliament to ensure that any new cybercrime legislation is fully compliant with international human rights standards.

In our joint legal analysis, ARTICLE 19 and Digital Rights Foundation Pakistan address the following concerns:

  1. Power to manage intelligence and issue directions for removal or blocking of access of any intelligence through any information system

  2. Overbroad offences against misuse of computers and lack of public interest defence

  3. Glorification of an offence and hate speech

  4. Overly broad cyber-terrorism offence

  5. Offences against dignity of natural persons

  6. Offences against modesty or a natural person and minor

  7. Cyberstalking

  8. Spoofing

  9. Criminalising the production, distribution and use of encryption tools

Read more information, including our recommendations, in the PDF below:

Pakistan Cyber Crime Joint Analysis

 

April 20, 2015 - Comments Off on Without Oversight: A Joint Statement on the 2015 PEC Bill by Digital Rights Foundation, Privacy International, Human Rights Watch and Article 19

Without Oversight: A Joint Statement on the 2015 PEC Bill by Digital Rights Foundation, Privacy International, Human Rights Watch and Article 19

Joint Statement from Article 19, Human Rights Watch, Privacy International, Digital Rights Foundation, and others on the Prevention of Electronic Crimes Bill 2015 Pakistan.

ARTICLE 19, Human Rights Watch, Privacy International, Digital Rights Foundation, and others are seriously concerned by the proposed Prevention of Electronic Crimes Bill in Pakistan. The Bill introduces a series of new provisions that pose a grave risk to freedom of expression and privacy in Pakistan. We urge members of the Senate of Pakistan to take a stand against the Bill and call on the Pakistani legislature to ensure that any new cybercrime legislation is fully compliant with international human rights standards.

Read more

April 17, 2015 - Comments Off on Saving us from democracy: Cyber Crimes Bill, amended in secret, approved by NA Standing Committee

Saving us from democracy: Cyber Crimes Bill, amended in secret, approved by NA Standing Committee

On April 16 2015, the National Assembly IT Standing Committee passed Version 4 of the draft of the Pakistan Electronic Cybercrimes Bill. The current revision of the bill, now known as the Prevention of Electronic Crimes Bill, is linked below. Post-2014, the consultation process was undertaken behind closed doors without the necessary public oversight and consultation from civil society stakeholders. Along with other rights groups, we are disturbed at the manner in which the bill has been revised, in effect criminalising freedom of expression, the right to privacy, and curtailing civil liberties.

Article 34, for example, permits “authorised” officers of the state to block or remove any information if the state:

“considers it necessary in the interest of the glory of Islam, or the integrity, security or defence of Pakistan or any part thereof, friendly relations with foreign states, public order, decency or morality.”

Given that the government has not permitted civil stakeholders from providing input, how these terms have been defined in the context of the bill is problematic, and possibly subject to broad interpretations that may not permit in-depth critical analysis of the failures of this bill.

Prevention of Electronic Crimes Bill 2015

February 4, 2015 - Comments Off on Call for comments: Prevention of Electronic Crimes Act 2015

Call for comments: Prevention of Electronic Crimes Act 2015

After the expiry of Pakistan Electronic Crimes Ordinance in November 2009, there was certainly a need to have a comprehensive law to deal with crimes committed over the Internet. It was, however, not high in the government's priority list. But after a slumber of 5 years, the Ministry of Information Technology and Telecommunication finally got to work and prepared a draft bill (Prevention of Electronic Crimes Act 2014) in February last year.

Last month, it was reported that after one year of preparing the draft "in consultation with other stakeholders" the Ministry was planning to send it to the Prime Minister to table it in the National Assembly.

Except that consultations—before and after the bill was drafted—were largely ignored.

Rights groups, including our own, had raised several reservations on last year's draft, which the current version of the bill didn't take into consideration. Keeping this in view, the Chairman of the National Assembly Standing Committee on IT has now formed a 4-member sub-committee of MNAs to review, amend and finalize the bill within 14 days so that it can be tabled in the Assembly.

We have been working with international organizations, including Article 19 and Privacy International, to dissect the Prevention of Electronic Crimes Act 2014 over the past one year and propose these changes in the draft to bring it up to par with International human rights laws.

We reiterate that the lack of procedural safeguards against surveillance activities carried out by intelligence agencies poses a serious threat to human rights, especially the right to privacy; we also emphasise the importance of establishing a competent independent oversight mechanism that has the ability to access all potentially relevant information about state actions. Further, we highlight the lack of clear definitions in the draft law, rendering it open to abuse in its application, and are concerned by the overly broad offence of cyber-terrorism it would

In addition, we have the following four separate comments on the draft law and its implications for the

1. Information-sharing with foreign governments and entities should be regulated by specific laws and subject to independent oversight

2. A clear and accessible legal regime should govern any data copied and retained by state authorities

3. Requiring mandatory data retention by service providers threatens the right to privacy

4. Service providers should not be required to keep the fact of real-time collection and recording of data secret indefinitely

The current revision of the draft bill is embedded below. Please feel free to send us your comments, we'll try to submit those, along with our own, to the sub-committee reviewing the draft.

The Draft Bill

Our Detailed Comments

December 10, 2014 - Comments Off on Computers, Privacy & Data Protection 2015

Computers, Privacy & Data Protection 2015

Screen Shot 2014-12-11 at 6.55.57 pm
Date: 21-23 January 2015
Place: Brussels, Belgium

Computers, Privacy & Data Protection (CPDP) is a non-profit platform originally founded in 2007 by research groups from the Vrije Universiteit Brussel, the Université de Namur and Tilburg University. The platform was joined in the following years by the Institut National de Recherche en Informatique et en Automatique and the Fraunhofer Institut für System und Innovationsforschung and has now grown into a platform carried by 20 academic centers of excellence from the EU, the US and beyond.

As a world-leading multidisciplinary conference CPDP offers the cutting edge in legal, regulatory, academic and technological development in privacy and data protection. Within an atmosphere of independence and mutual respect, CPDP gathers academics, lawyers, practitioners, policy-makers, computer scientists and civil society from all over the world to exchange ideas and discuss the latest emerging issues and trends. This unique multidisciplinary formula has served to make CPDP one of the leading data protection and privacy conferences in Europe and around the world. The panels of CPDP2015 will focus on key issues that cover all current debates: the data protection reform in the EU: European and Global developments, mobility (mobile technologies, wearable technologies, border surveillance), EU-US developments concerning the regulation of government surveillance, e-health, love and lust in the digital age, internet governance and privacy, and much, much more.

For more information and registration: cpdpconferences.org. Follow CPDP on Facebook (CPDPconferencesBrussels) and Twitter (@ cpdpconferences). Contact: info@cpdpconferences.org

September 15, 2014 - Comments Off on Week of Action: A World Without Mass Surveillance

Week of Action: A World Without Mass Surveillance

Cross-posted from Jasoosi Band Karo

Many of us, no matter where in the world we live, are a target of mass surveillance, one way or the other. Either by our own government or by the governments of other countries where our Internet communications reside or pass through, or by both. Is it really necessary to surveil everyone? How does the human right to privacy hold up? Shouldn’t this be public knowledge if blanket mass scale surveillance is being carried out on our communication?

Questions like these made Electronic Frontier Foundation (EFF) to lead a global effort to apply existing human rights laws in the context of this age of surveillance that we live in. The collective effort, comprising of “over a year of consultation among civil society, privacy and technology experts,” resulted in the publication of International Principles on the Application of Human Rights to Communications Surveillance. Called the 13 Principles for short, the document which lists a set of rules for the world governments to adhere to if they must engage in mass surveillance, was formally launched in September last year.

Today marks the beginning of a week dedicated to the anniversary of the publication of the principles. Digital Rights Foundation is also one of the signatories of the 13 Principles. As a signatory, we want to take this opportunity to share the principles with the broader public in Pakistan. Every day from today, Sep 15, till Friday, Sep 19, we will be speaking about the principles in the Pakistani context. The aim is nothing but to secure the privacy that you, us, and everyone deserves. You should follow the conversation on our Twitter and Facebook feeds, if you don’t already.