September 07, 2017 - Comments Off on Is the collection of student data by LEAs permitted by law?

Is the collection of student data by LEAs permitted by law?

In the wake of an attack on the leader of the Opposition in the Sindh Assembly, allegedly carried out by a Karachi University student, concerns of student militancy over the years continue to grow. In this context, the aim of the collection of private student data by law enforcement agencies (LEAs) is to ostensibly track and curb potential involvement in terrorism.

The Prevention of Electronic Crimes Act (PECA), passed in 2016, does provide a mechanism whereby an authorized officer may by notice, require universities to provide or preserve the specified data for up to 90 days and only bring to the notice of the court within twenty four hours after the acquisition of the data. The court may issue a warrant for disclosure, furthermore, if the court is satisfied that there are reasonable grounds for the purpose of preventing crime.

It is unclear, therefore, as to which provisions law enforcement agencies (LEAs) will be relying on in order to legitimise such large-scale data collection. Simultaneously, there are no direct data protection laws in Pakistan that would challenge this invasion of privacy. Further to this, the security agencies that the LEAs will be working alongside have yet to finalise or even develop an effective mechanism in regards to data collection and with respect to privacy.

The PECA provisions listed above, furthermore, are only strictly applicable in relation to ‘ongoing’ criminal proceedings or investigation and cannot be used as a tool to profile or surveil all university students under the guise of national security. As a nation with security state characteristics, Pakistan has troubling precedent in regards to overriding fundamental human rights in the name of security, and which we could see happening here.

There are similarities that could also be drawn between student data collection and the compulsory SIM registration policy by NADRA, which were promoted and created as a means of cracking down on potential terrorists. It is likely that a similar policy would be adopted by the security agencies, using much the same justification.

Putting private data of university students under intense scrutiny could exacerbate an already stressful atmosphere - students are required to provide “character” certificates when being admitted, and there is an increase in CCTV monitoring at entrances and exits of several campuses across Pakistan. Such mass surveillance of students must be condemned, as this would harbour distrust and anxiety in students. Rather than make them feel safer, mass surveillance would actually increase feelings of insecurity, as they would feel unable to express their views freely.

Data collection and other aforementioned anti-terrorism actions by the state have thus far generally failed to garner support, even within parts of the government. Senator Raza Rabbani echoed concerns similar to ours in a letter (which can be found at the end of this post) addressed to the Vice Chancellor of Karachi University:

the police and the intelligence agencies are the hard face of the state, an interaction with them will further consolidate the anxiety and fear in the minds of the students.

Senator Rabbani stressed that while immediate steps must be taken to address the issue of extremism - proposing a total review of the university curriculum, as well as the implementation of the Senate of Pakistan’s Resolution on restoring student unions - “diverse literary and academic activity” could play in building an effective counter-paradigm. From this it can be inferred that the Senate of Pakistan recognises free speech as a fundamental right that can be a far greater bulwark against terrorism than mass surveillance. This recognition could aid in the development of a major shift in Pakistan’s human rights history.

What is needed is a robust data protection legal regime that prohibits the retention of data by third parties to be later provided to the government. It should explicitly state the exceptions and should specify which information should and should not be disclosed to the government, if the need arises. It should impose a duty on organizations including universities to take specific measures to protect the student’s personal data and penalize them for non-compliance. Further, for less serious cases, there should be a non-mandatory mechanism whereby the university should decide if it would be necessary and proportionate to disclose information to LEAs.



September 06, 2017 - Comments Off on August 2017 at DRF: Nighat Dad Represents the People of Pakistan at TED Global

August 2017 at DRF: Nighat Dad Represents the People of Pakistan at TED Global

Nighat Dad Speaks at the TED Global Stage

This slideshow requires JavaScript.

The entire team of Digital Rights Foundation is ecstatic to share that our very own Nighat Dad was in Arusha, Tanzania to speak at TED Global 2017 on August 28.

Nighat spoke about her own struggle to safely access the technology and how that struggle led her to make things easy for other women in the country. She talked about her dream of a reclaimed online world for women where they're not harassed for expressing their opinions and for making their voices heard; the dream that made way for her to establish Pakistan's first Cyber Harassment Helpline.

Nighat represented the people of Pakistan on a stage as prestigious as TED and received an overwhelming standing ovation from the audience.

For Nighat and for the entire DRF, the inspiration comes from these very people who we represent - the people of Pakistan. The support that our people have given us throughout our journey of making the internet safe and accessible for everyone is what keeps us going, and we'll do whatever it takes to achieve the dream that benefits us all because the road is long and the fight isn't over yet.

As Nighat said on the TED stage:

"These women, who pretend to be okay when nothing’s alright, are the women I look up to. They are the strong ones who give me strength and power to speak up for them and soldier on. And my struggles and efforts for the open and safe internet are dedicated to them and their unfettered courage and resilience."

Here's to the strong people of Pakistan.

Cyber Harassment Helpline Expands its Operations


The Cyber Harassment Helpline is ecstatic to announce that it has expanded its operations to seven days a week. Previously our capacity allowed to us cater to calls five days a week--from Monday to Friday, but building on the success of its first nine months of operations we are able to provide more urgent and timely services. Read details here.

The Prevention of Electronic Crimes Act (PECA) 2016 Completes its First Year

PECA Anniversary Cover

August 2017 marked one year since the Prevention of Electronic Crimes Act 2016 (PECA) was passed by the National Assembly. Did the Act fulfill its stated aims? Are online spaces any safer or has it resulted in online self-censorship? DRF published a review of the Act’s progress through a short analysis and illustrative timeline which can be accessed here.

MOU signed with Lo Bono Law

Lo bono Law

Our Cyber Harassment Helpline signed a Memorandum of Understanding (MOU) with the Karachi-based Lo Bono Law which a law firm established to provide cost effective quality legal services to those who cannot afford high costs of litigation. It provides quality legal services to indigent clients.

DRF can now refer callers to Lo Bono as part of its referral system, continuing its aim to provide more comprehensive legal services to victims of online harassment.

Find out more about Lo Bono here.

Punjab IT Board Focus Group Discussion on Cybersecurity

On August 24th, DRF took part in a Punjab IT Board (PITB) Focus Group Discussion on Cybersecurity. Organised by Techhub Connect, the discussion focused on the dire state of Pakistan’s cybersecurity infrastructure, and the need of the government and tech industry to address threats to national tech infrastructure. The discussion also looked at the lack of sufficient awareness by the public regarding cybersecurity practices and awareness regarding privacy etc.

The discussion, which included IT researchers and senior telecoms executives, also focused on and introduced the creation of a Punjab Cyber Emergency Response Team (P-CERT), and invited feedback concerning the P-CERT team.

DRF raised concerns that the FGD was not focusing on legislative reforms, and pushed for changes that reflected and respected the rights of citizens. DRF also brought up that the overly broad Prevention of Electronic Crimes Act could risk discouraging people with the tech skills necessary for cybersecurity initiatives, eg White Hat hackers, because of harsh penalties.  Cybersecurity, DRF remarked, needs to ensure that there is a balance between rights and security that does not limit the former, otherwise what is the latter protecting?

Hamara Internet Workshop ‘Our Right to Safe Online Spaces’ with Civil Society

This slideshow requires JavaScript.


Digital Rights Foundation and FNF organized the Hamara Internet workshop titled ‘ Our Right to Safe Online Spaces’ with civil society members in the month of August. The workshop focused on how civil society members can  come together as agents of change and create online spaces that are safe for not just women but also other marginalized communities. The workshop also raised awareness around online safety amongst civil society members and educated them about the additional resources available to them in case of cyber harassment. Civil society members also discussed the implications of mental health and coping mechanisms in place for human right defenders.

Workshop on Digital Empowerment for Women in Media

Worshop with Journalists-01

The team of DRF kicked off a 2 day basic online safety training course titled “Digital Empowerment of Women in Media” in mid August, in Lahore. Women in media from all over Punjab and KP were selected to participate in this session, which featured hands-on training with security tools especially designed to help journalists and citizen bloggers protect themselves in the digital age and ensure they can continue their mission of free and impartial reporting without facing aggravated personal risk for it. Based on our research published in December 2016, female journalists in Pakistan don’t feel safe expressing their opinions online, hence are scared of the consequences while simply performing their job. That's why the workshop also included a special portion on self care and mental health awareness throughout.

August 16, 2017 - Comments Off on The Cyber Harassment Helpline Expands its Operations

The Cyber Harassment Helpline Expands its Operations

The Digital Rights Foundation is expanding the services of the Cyber Harassment Helpline. As of August 19, 2017, the helpline will be operational throughout the week, including on Saturday and Sunday. The helpline support team will be taking the calls from 9 AM to 5 PM. The expansion wouldn’t have been possible without the support of our friends at Digital Defenders Program. The helpline has also signed an MoU with Ahung, and also with  Lo Bono Law, which is specifically geared towards providing low cost, high quality legal services to clients unable to bear the high cost of legal representation in courts of Sindh.

The Cyber Harassment Helpline is the region’s first dedicated helpline for cases of online harassment and violence. It was established in December 2016 to help the victims and survivors of online harassment with their ordeal. The services of the helpline are confidential,gender-sensitive and completely free-of-cost. The Support Team comprises of the trained lawyers, digital security experts, and qualified psychologists who assist the callers according to their needs.

The helpline, as it is no secret, was started with limited resources and on a very urgent basis to extend support to the people who didn’t know who to turn to when they fall victim to any kind of abuse online. In all honesty, the team didn’t expect a lot of calls when the service was launched. But to our surprise, just in the first week of its launch, the team answered 10 genuine calls daily  on average. We were humbled by the response, but also deeply worried with the stories and experiences our callers shared with us. By the time the helpline completed its 6 months of operations, we had received over 700 calls, out of which 63% were from women while 37% callers were men.

The six month report of the Cyber Harassment Helpline also outlines the psychological impact that online violence leaves on the survivors of harassment. According to the report, 19% of the callers experienced insecurity, 17% went through depression, 16% suffered chronic stress, and 15% experienced disturbed sleep.

It was then when we realised that online harassment needs to be taken seriously on governmental  level as well, in the corridors of the parliament and public offices. The DRF is constantly pushing for policy reforms within cyber crime wings of Federal Investigation Agency, pushing the concerned official to address the complaints referred to the FIA  and take immediate action against the perpetrators of online harassment.

Moreover, a strong support system is extremely crucial when someone experiences harassment, be it online or offline. It’s important that the people around the victim refrain from victim blaming, and the least they should do is to believe them when they express their ordeal. If you or someone you know is going through an unpleasant situation online, please call us immediately on the toll-free number 0800-39393 everyday from 9 AM to 5 PM, 7 days a week, or email us at For more information on the helpline and its policies, click here.

August 09, 2017 - Comments Off on Of Data Protection, Women’s Rights, Harassment, and Helpline: An Overview of July 2017

Of Data Protection, Women’s Rights, Harassment, and Helpline: An Overview of July 2017

DRF Launches 6-month Report on the Cyber Harassment Helpline

Helpline report

It is with great passion and hard work that the Cyber Harassment Helpline initiated by DRF reached the 6th month of its operation, and with it, came the release of its bi-annual report. The Cyber Harassment Helpline is the first of its kind in the region, and is run by a dedicated team to provide specialized digital, psychological, and legal help for cases of online harassment and violence. In the space of these 6 months, the Helpline has received 703 calls from all over the country. This time around, the report also included the psychological state of the callers, in an attempt to bring attention to the psychological trauma that online violence leaves on the victims and survivors of abuse. The report can be accessed here [PDF].

DRF Discusses Online Harassment and Surveillance from a Feminist Perspective at APrIGF 2017

This slideshow requires JavaScript.

The APrIGF was held on 26-29 July 2017 at the Chulalongkorn University, Bangkok, Thailand. DRF organized two panels around the subjects of online harassment (“Understanding Solutions Towards Online Harassment” and a stream of the session can be accessed here) in collaboration from and gendered surveillance (“Surveillance from a Feminist Perspective” and a stream of the session can be accessed here). Shmyla Khan, a fellow at APrIGF, was also part of a panel “Hack to fight online violence”.

Open Government Partnership: Consultative Meeting on “Use of Technology for Openness and Accountability"


The Planning and IT Department of Pakistan called a consultation meeting on Pakistan’s National Action Plan for Open Government Partnership (OGP) on July 10, 2017. The meeting titled “Consultative meeting on ‘Use of Technology for Openness & Accountability’” focused on one of the OGP themes “Use of Digital”. The representatives of DRF discussed the commitments proposed by DRF, including open information and data protection. Adnan Chaudhri of DRF stated, “The main problem is a lack of direct data protection legislation on the books in Pakistan. As a result telecoms and other industries that utilise citizen data have not put more legal attention or focus on their own inconsistent consumer privacy policies. This is all the more glaring given that those telecoms that operated outside Pakistan will provide more comprehensive and detailed privacy policies depending on the territories they operate in, because of the laws.” DRF also emphasized that Citizen involvement requires that there be stronger data protection laws that spell out for citizens- in English, Urdu and other regional languages - what happens to their data etc.

Making All Voices Count: Learning Event in Islamabad

MAVC event

Accountability Lab hosted a learning event with Making All Voices Count: A Grand Challenge for Development grantees in Islamabad on July 10 and 11, 2017. Seerat Khan and Shmyla Khan from the DRF team represented the organization and shared their experiences of working on the Hamara Internet project. They also got a chance to present their findings at a public learning event attended by representatives from organizations such as DFID - UK Department for International Development, The Asia Foundation, the Hashoo Foundation and several others.

Aware Girls: Pak-Afghan Women Peace Exchange Program

Aware Girls

DRF presented its work in the field of gender and digital rights in Pakistan and its implications in the region al the Conference on July 18, 2017. The event was attended by prominent women’s rights activists and parliamentarians.

Cyberbullying workshop @ British Council Library

This slideshow requires JavaScript.

DRF conducted a session in Lahore on cyberbullying and child online safety titled “Anti-cyberbullying and digital awareness workshop” on July 16, 2017 at the British Council Library. The event was attended by children between the ages of 12 to 15 along with their parents.

2nd Dialogue Forum on Implementing Right to Information Acts- Promoting Data-Driven Journalism

DRF attended a meeting titled “2nd Dialogue Forum on Implementing Right to Information Acts- Promoting Data-Driven Journalism” called by GIZ (Deutsche Gesellschaft für Internationale Zusammenarbeit) to acquire feedback from the participants for further challenges, needs and recommendations regarding Right to Information Act. The meeting was held in Lahore on July 20th, 2017.

The Internet as a Forbidden Library: Pakistan’s Clampdown Against Data Freedom

Internet as a forbidden library

"The most important aspect of any statutory legislation is its language and terminology, which expands or restricts the scope of its controlling provisions. The Cyber Crime Act 2016 is worded ambiguously enough so that it is entirely up to the discretion of an authorized offer to investigate, seize, prosecute and penalize an enumerated offender." Read the blog by Digital Rights Foundation here.

The Conviction of Taimore Raza and The Jurisprudential Insight It May Provide


"Pakistan has often lagged behind developed nations in matters of technology. It appears that it is also behind in matters of jurisprudence pertaining to technology related issues of law. The Constitution and laws of the country may be adequate to deal with new age issues, however, we will only be able to say that for sure after the Superior Judiciary grapples with several such issues and pronounces authoritative opinions on the matter. Till then, its best to err on the side of caution." Read the blog by Digital Rights Foundation here.

Why Pakistan Badly Needs A Data Protection Law


"A data protection law regulates, defines, limits and controls the type of data that can be stored, analyzed and processed by both public and private entities and the purposes and durations for which this information may be used. It acts as a safeguard against the misuse and mishandling of private data and provides citizens with a mode of accountability." Read the blog by Digital Rights Foundation here.

Female Lawmaker in Pakistan Accuses Imran Khan of ‘Inappropriate’ Texts. Abuse Follows.


When a Pakistani lawmaker [Ayesha Gulalai] said this past week that she had received “inappropriate text messages” from a male colleague, she was met with a wave of vitriol on social media.

Nighat Dad, the executive director of the Digital Rights Foundation, a Pakistani internet advocacy group, said, “There is a culture of violence against women that already exists in the home, the workplace, in public places, and now it is increasingly manifesting itself in online spaces as well.”

Read the full article on The New York Times.

Ayesha Gulalai is paying the price for decrying harassment publicly


On August 1, Ayesha Gulalai - an MNA and now former member of Pakistan Tehreek-e-Insaf (PTI) - came forward with allegations of harassment against Imran Khan - Chairman PTI - and claimed that she had been receiving lewd messages and overtures from him since October 2013. Gulalai’s allegations were largely rejected by the public, leading to a backlash.

The inevitability of the backlash stems from the fact that in the majority of cases involving harassment, women are, more often than not, castigated whenever they speak up and hold a public figure accountable for his actions.

Read here how women who choose to break their silence against the harassment they face, are treated in Pakistan. A blog by Hija Kamran and Zoya Rehman of Digital Rights Foundation in Dawn.

'It's all sextortion and revenge porn': the woman fighting cyber abuse in Pakistan - The Guardian

Nighat Dad

After the killing of Qandeel Baloch last summer, Nighat Dad reached breaking point. Visiting colleges and universities across Pakistan, Dad had been building quite a reputation for herself and her work. She was spreading the word about the Digital Rights Foundation she established in 2012 to help Pakistani women deal with the new phenomenon of online harassment. Read the article by The Guardian.

August 08, 2017 - Comments Off on How to Keep Yourself from Becoming a Cyberstalking Statistic

How to Keep Yourself from Becoming a Cyberstalking Statistic

The free flow of information created by the internet can be both a blessing and curse. Though we can enjoy unprecedented levels of access to information for purposes such as research, education, activism, corporate oversight and government accountability, there is a real trade-off for this increased knowledge about the world around us. Specifically, our individual privacy and the amount of personal information that is now freely available online for anyone who cares to do a simple search has changed dramatically thanks to the digital revolution.

For many of us, the loss of privacy is merely an annoyance, but for others, it can pose a true threat to safety. The anonymity of cyberspace can give stalkers practically limitless information about their victims. Also, the internet provides another communication channel for these cyberstalkers to harass and intimidate their targets.

Though no one can predict or prevent the behavior that instigates a stalker’s obsession, there are ways you can protect yourself and your online identity to make it harder for anyone to gather personal information about you. Here are some ways you can protect your identity online and keep yourself from becoming a cyberstalking statistic:

Know Your Rights

The Prevention of Electronic Crimes Act (PECA), passed by the National Assembly and approved by the Senate in 2016, is a controversial bill that outlines many cybercrimes. It specifically includes cyberstalking and prohibits individuals from attempting to coerce or threaten others through online communications. The penalties are severe if the charges are proven to be correct and can include five years in prison and a fine of up to 10 million rupees.

Offenses can be reported to the authorities who can then trace the sender’s internet address for use in prosecution. Though stalking victims have the law on their side, many are too afraid or embarrassed to seek help from authorities, which makes cyberstalking a seriously under-reported crime around the globe. It’s important to know you have the upper-hand in these situations.

Speak Up

Like many other crimes that target women, cyber harassment tends to be severely under-reported. Some victims don’t think the authorities will take their concerns seriously while others are embarrassed and feel responsible for the behavior of the stalker. Many abusers count on this hesitancy and capitalize on it to further the harassment.

In 2016, DRF launched a Cyber Harassment Helpline to support victims of online abuse. The helpline is staffed by experts including an attorney, cybersecurity experts, and a psychologist, all of whom can help victims understand their rights and empower them to make informed choices about how they can move forward.

If you or someone you know is the victim of a cyberstalker, DRF’s confidential helpline is a great resource. Call the toll-free number: 0800-39393 Monday through Friday from 9:00 a.m. to 5:00 p.m to speak to a staff member about your situation.

Protect Yourself

When it comes to cyberstalking, it can be very difficult to monitor all of the information available online about yourself. However, there are some preventative measures you can take to make it more difficult for someone to follow you online.

Proxy Software Service

Using a proxy software service turns your internet activity anonymous, making it much more difficult for anyone to track your browsing history or access your personal data online. Using a service such as this is especially important if you ever access the internet using a public or unsecured WiFi connection. Accessing the internet via any unsecured connection makes your information much more vulnerable to tracking and theft by a third party who is interested in following you.

Privacy Settings

If you use social media, it’s important to be aware of exactly how much information you’re sharing and with whom you’re sharing it. Check the privacy settings on your accounts regularly and be sure you know everyone who is getting updates about your page. You should also check your mobile phone privacy settings to ensure you aren’t sharing your geographic location through any apps or other services without realizing it. More closely restricting privacy settings is an easy way to ensure a cyberstalker is locked out of many avenues of information.

Google Alert

Set a Google Alert with your name to let you know if anyone else is posting information about you online. If someone is posting private information about you publicly, this service will alert you quickly so that you can get it removed as soon as possible. Staying aware of what information about yourself is public is key to reducing cyberstalking threats.

If you or someone you know is being stalked or threatened on- or offline, it’s important to remember that it’s not your fault. Stalking is the result of obsessive behavior, and you are in no way responsible for the actions of anyone stalking you.

This is a guest post by Sandra - a freelance writer. Her areas of expertise include cybersecurity, technology and women’s rights. She is a frequent contributor to The Right Side of Truth.

July 28, 2017 - Comments Off on Why Pakistan Badly Needs A Data Protection Law

Why Pakistan Badly Needs A Data Protection Law

Picture someone walking into your house, recording everything you have and do, with every action, gesture, conversation you’ve made or taken part in being filed away. This person then makes a list of everything you own, what you use them for, how often, and where you keep them. When you sit down to watch television or read a book, this person records it, noting what you like to watch or read. Send a text message to a friend, chat with someone over Whatsapp, place an order over the telephone? Recorded. Imagine this person taking snapshots of baby photos, and jotting down the brand of ice-cream you like. Now imagine that the stranger holds onto that information, to use against you in the future, or to sell it on to advertising companies to make a profit, without your knowledge or consent.

Scary to imagine, isn’t it? We don’t have to imagine it, however, as this already happens. It happens every day of week of the year – it’s probably happening right now, in the time it takes to get to the end of the sentence.

Whether one is an ordinary citizen or high-flying person of influence, anyone that accesses the internet in Pakistan has had their privacy breached. From the minute that your device connects to a Wifi network, whether you are at home, at work, or at a restaurant, any information you share is no longer yours, nor does it remain private. The government, multinational corporations – they have recorded all the data that is sent and received by you and millions of other internet users across the nation and across the globe.

This is all possible thanks to the digital footprint left by anyone that uses an internet connection. Just as movements in the real world can be easily traced, your internet activity creates a history, a register of all the websites you visit, the information you input, and the links you may click on. This information, which may also be shared via internet-connected mobile apps or services, can include sensitive data such as your medical history, political and religious views, sexual orientation, interests and hobbies. All of this, however, is readily available to and easily accessible by the same corporations whose websites and applications we use frequently.

If you use Google to search for a pair of shoes, for example, the advertisements or website that may pop up could be related to a particular shoe brand or retailer. Google sells over 20 petabytes (1 petabyte = 1,000,000,000,000,000 bytes) of personal user data to advertising companies each day, making up the majority of its overall revenue stream.

Some might argue that no harm is being done here, and that it doesn’t matter if other people have access to the your online information – perhaps having advertisements directed at you makes personal shopping et al more convenient. It may be that the information is the sort that you intended to be publicly available, such as a blog post. What these do not take into account, is what could happen to information that may have been shared privately or in confidence. Access to this information could provide harmful to you as an individual and would be a clear violation of your right to privacy Imagine your visa being rejected because of something you said to a friend online, or losing out on a job on the basis of your social media history or a Facebook ‘Like’ being used against you in a court of law as ‘evidence’ that you committed blasphemy.

These are tangible harms that can arise because your private information no longer remained private. Even though there is a real and factual difference between what constitutes public data on the internet and what constitutes private data, however, there are no rights to privacy for Pakistani citizens and no safeguards to stop this data from falling into the wrong hands. That is where data protection laws come in.

Just as there are laws in every country that protect the privacy and dignity of an individual in their own home, there should be rules in place that clearly define and demarcate what digital online data is to remain private and confidential, and what constitutes public domain. Interestingly, Article 14 of Pakistan’s constitution - which guarantees a person’s right to dignity and privacy in his/her own home - is almost identical to the article that has been used by the Council of Europe to grant digital data rights . There is international precedent to support the idea that the “dignity of man and the privacy of home” extends to the digital realm and yet there has been no attempt on behalf of the legislature to recognize the protections that we as citizens are entitled to.

A data protection law regulates, defines, limits and controls the type of data that can be stored, analyzed and processed by both public and private entities and the purposes and durations for which this information may be used. It acts as a safeguard against the misuse and mishandling of private data and provides citizens with a mode of accountability. It is a check on the processors of personal data and empowers the individual. This is both legitimate and important in a world where most of our communication is non-physical and almost all of our important information is on or between servers that exist virtually.

In other words it defines what constitutes private and confidential information online and what forms part of the public sphere. If a person browses the internet using their personal computer or mobile phone, they should feel secure that the information they share will not be recorded or used without their consent. This can only be achieved, however, once a proper legal framework is set in place to allow for their data rights to be exercised.

Author: Mehboob Khan

July 18, 2017 - Comments Off on The Conviction of Taimore Raza and The Jurisprudential Insight It May Provide

The Conviction of Taimore Raza and The Jurisprudential Insight It May Provide

The increasing popularity of social media and the unprecedented dependency on information technology is posing novel difficulties for Pakistan’s notoriously lethargic legal system. Furthermore, the interaction of special Anti-Terrorism legislation with modern instrumentalities of crime is testing the capacity of our judicial system to grapple with new age legal issues. The recent case of Taimore Raza, wherein an Anti-Terrorism Court sentenced him to death for committing Blasphemy under Section 295-C of the Pakistan Penal Code, is a good example of such an interaction.

According to the facts narrated by the judge, Raza was booked for showing hateful material on his phone to the public at a bus station in Bahawlpur. After having been informed, the police arrested him at the bus station. The police made an inventory of the items that he had on him, which included his phone, a wallet (with Irani Riyal, the significance of which shall become apparent hereunder), and bus tickets.

It is said that the material on his phone, which included pictures, was blasphemous. This material was also sent to the Islamia University, Bahawalpur, which opined that the material was blasphemous as to the Holy Prophet as well. There after, Raza was booked under Sections 9 and 11 of the Anti-Terrorism Act, and Sections 295-A and 295-C of the Pakistan Penal Code.

Right to Privacy

Some countries have had to delineate the extent of privacy rights that citizens have over their data. For example, the US Supreme Court has ruled that citizens have a right to privacy as to the data on their phones, and that it may not be looked into without a warrant. The external condition and characteristics of the device that contains the data does is not protected in the same manner, and may be examined pursuant to a valid arrest. This question is likely to come up before the Superior Judiciary in Pakistan soon.

This right to privacy is significant in Raza’s case because the Section 295-C charge was added to his case after the police scoured through his phone after his arrest, and without a warrant. The judgment also states that his Facebook account was logged into his phone, which is why the police was able to examine his Facebook activity. Again, this was done without a validly issued warrant.

It is to be seen whether the Superior Judiciary will extend the constitutionally guaranteed right to privacy to data.

Trial for Blasphemy under Section 295-C in the Anti-Terrorism Court

The Anti-Terrorism Act creates certain new offences, and also allows the special courts established under it to try certain already existing offences which are scheduled to it. Furthermore, the Act allows the special courts to try any other offences that an accused may be charged with while it is seized with a trial pertaining to a scheduled offence. This is significant because the procedure to be followed in trials before the Anti-Terrorism courts is heavily skewed in favor of the prosecution. The Act allows for ex-parte prosecution, which is abnormal compared to the rights typically afforded to criminal defendants. The Code of Criminal Procedure mandates that evidence against the accused must be recorded in his presence. However, the Anti-Terrorism Act removes this requirement, to the detriment of the accused. It is also worth noting that various jurisdictions hold this right of the accused to be confronted with evidence against him/her to be a sacrosanct constitutional right that may not ordinarily be done away with.

Under the ATA, Section 295-A (deliberate and malicious acts intended to outrage religious feelings of any class by insulting its religion or religious beliefs) is a scheduled offence and can, thus, be tried at an Anti-Terrorism Court. The maximum punishment under the provision is ten (10) years imprisonment and a fine. However, as mentioned above, the ATA also allows prosecution of other offences arising out of the same occurrence. In this situation, the other offence was Section 295-C (use of derogatory remark etc., in respect of the Holy Prophet), which carries a maximum sentence of death and a fine. The obvious problem presented here is that in the prosecution of an accused for a lesser crime without the mandatory provision of regular statutory rights, he/she may also be tried for an offence with a much higher sentence. The balance of the rights of the accused and the need for successful convictions must be thoroughly examined to arrive at a prudent compromise.

The Judgment

The opinion itself is predicated on some very worrying reasoning and judgment writing. Firstly, the judge has sentenced the Mr. Raza to death for having committed blasphemy against the Holy Prophet. However, he refused to share precisely what the content of the culpable expression was. Section 367 of the Cr.PC is a mandatory provision that requires the judge to explain the reasons for the judgment being rendered. This requires the judge to explain how every element of the crime has been met. A judge may not, as has happened in this case, merely state that he/she is satisfied in their mind that the offence has been committed without demonstrating how they have arrived at that conclusion. While it is understandable that judges may not want to reproduce blasphemous content, not doing so clouds the judicial process. This is a unique issue that lawmakers must deliberate upon to formulate policy.

The second issue pertains to some unwarranted extrapolations that the judge has made. According the judge, the recovery of a few Irani Riyals is evidence of links with sectarian outfits. This conclusion, by itself, is thoroughly unwarranted. A man of Shia faith possessing Irani Riyal may have several explanations other than the one the judge arrived at.

Ending Remarks

There is uncertainty. Pakistan has often lagged behind developed nations in matters of technology. It appears that it is also behind in matters of jurisprudence pertaining to technology related issues of law. The Constitution and laws of the country may be adequate to deal with new age issues, however, we will only be able to say that for sure after the Superior Judiciary grapples with several such issues and pronounces authoritative opinions on the matter. Till then, its best to err on the side of caution.

As far as the government is concerned, it is persevering with the policy of restraining controversial speech on social media. The Interior Minister warned of a possible complete social media ban if the population fails to self-regulate its speech and bring it within the prescribed limits. Continuing down this road, the Minister recently met with Facebook’s Vice President for Global Public Policy, Mr. Joel Kaplan in Islamabad and apprised him of his concerns and desires. It remains to be seen if Facebook will mold its policy to the satisfaction of Mr. Nisar. If it does, the government would move closer to successfully censoring the Internet as desired. As is popularly known, the Pakistan Telecom Authority has blocked scores of websites containing content that it deems blasphemous.

July 10, 2017 - Comments Off on The Internet as a Forbidden Library: Pakistan’s Clampdown Against Data Freedom

The Internet as a Forbidden Library: Pakistan’s Clampdown Against Data Freedom

The Prevention of Electronic Crimes Act 2016 (“PECA”) was ostensibly legislated in order to combat the “growing threat of cybercrime.” The legislation provides various legal mechanisms and investigative powers by which government authorities can search and seize digital forensic evidence and information systems in order to penalize offenders. The object and reason of the bill is to “effectively prevent cybercrimes” and defend the national security of Pakistan, while also enabling secure systems for investment in IT and e-commerce.

The legislation notes that the exercise of these powers needs to be “proportionate with the civil liberty protections afforded to citizens under the Constitution.”  It claims that “The Bill also includes specific safeguards to balance against these intrusive and extensive procedural powers in order to protect the privacy of citizens and avoid abuse of the exercise of these powers.”

There is an inherent tension within any policy formulation which seeks to govern a medium of information storage, access and delivery against fundamental rights for privacy, expression and speech.

The legislation in question, both substantively and procedurally, fails to provide any safeguard for the newly enumerated powers of government.

With regards to internet access and data systems, states can be likened to librarians which engage in the conscious curation of knowledge and expressive materials. As ruled in United States v. American Library Association, “public libraries pursue the worthy missions of facilitating learning and cultural enrichment.” Towards that end, libraries subscribe to the model of providing “[b]ooks and other... resources... for the interest, information, and enlightenment of all people of the community the library [*] serves...To fulfill their traditional missions, public libraries must have broad discretion to decide what material to provide to their patrons. Although they seek to provide a wide array of information, their goal has never been to provide "universal coverage." (United States v. American Library Assn., Inc., 2003).

Although the case dealt particularly with the filtering of internet content within state-funded public libraries, such a role is analogous to that of the paternalistic state model which is frequently advocated by Pakistan’s lawmakers and state agencies. The reasoning goes that the internet is a harmful, obscene and blasphemous space that must be cleansed before consumption for the Islamic sensibilities of the Pakistani people (Sindhu, 2017).

Notwithstanding the manipulative and political invocation of religion for the promotion of state ideologies, the internet does require regulation and surveillance for efficient government and policing against cybercrimes such as fraud, illegal trade, extortion etc. Therefore, the state has a vested and legitimate interest in seeking to control the internet. However, the debate is to what extent and to which ends?

The most important aspect of any statutory legislation is its language and terminology, which expands or restricts the scope of its controlling provisions. The PECA 2016 is worded ambiguously enough so that it is entirely up to the discretion of an authorized offer to investigate, seize, prosecute and penalize an enumerated offender.

For instance, Sections 2-8, technically speaking, make the simple act of connecting to the internet a potentially criminal activity, with the controlling element of culpability being “dishonest intention,” a discretion left entirely to the judge. “Dishonest intention” is defined as “intention to cause injury, wrongful gain or wrongful loss or harm to any person or to create hatred or incitement to violence.” Given the religious fervour and overzealousness of state functionaries to impose injury at the slightest provocation, even the simple act of browsing a potentially controversial page on Facebook or Twitter could constitute criminal activity under the law. A simple application of “Section 4 - Unauthorized copying or transmission of data,” for instance, would make sharing a controversial meme or even downloading the page for viewing (a technical necessity for accessing any content on the internet) as a potential offence. This would result in wrongful convictions and miscarriages of justice.

In effect, then, any internet activity must have the proper authorization and appropriateness. Such provisions run counter to the democratizing function of the web, meant to facilitate discourse and debate, by making it a library where content can only be consumed if the patron has the requisite permission from the proper authority, and if the content itself is deemed appropriate for viewing ab initio.

This is precisely the danger posed by the PECA, as it provides the government with both a warrant and an authority to freely designate and criminalize any political and ideological dissidents and minorities which do not align with the ideological frontiers of the state. While these constitutional guarantees have never been absolute nor unrestricted, the PECA only encourages the muzzling of these freedoms which were rarely respected by the state.

With the PECA, however, the state has an additional weapon in its arsenal to prosecute unwanted elements within society on the pretext of legitimate government regulation. While certain sections of the Act are beyond reproach and necessary for a peaceful and healthy society (such as the prevention of cyber fraud and dissemination of child pornography), the highlighted sections and their languages need to be reviewed by the apex court for being void for vagueness. Or else, if applied as it is, the PECA could become the very means by which democracy is stifled, rather than facilitated. Instead of providing a repository of knowledge, Pakistan could transform the internet into a propaganda tool where only state-ratified ideas are fit for consumption, and the rest discarded, along with their authors.

Author: Ashtar Haideri
Ashtar is an intern at DRF. He is a senior law student at the Lahore University of Management Sciences, and is interested in law, philosophy, and technology.

July 04, 2017 - Comments Off on Pakistan Struggles as Civil Liberties Stifle: June 2017

Pakistan Struggles as Civil Liberties Stifle: June 2017

PRIVACY UNDER ATTACK: WikiLeaks Reminds Us of the NSA/GCHQ Theft of Official Pakistani Citizen Data

Page Cover

On June 6th, The Intercept and other news outlets reported on a leaked National Security Agency report that analysed Russian military intelligence’s attempts to hack electoral systems days before the United States Presidential Election in 2016. According to WikiLeaks and Assange, both the GCHQ and the NSA acquired access to the database of Pakistan’s National Database and Registration Authority (NADRA) to get hold of the identification records of Pakistani citizens, in order to be able to track anyone that they may suspect to be involved with terrorism. Read More...

Shmyla Khan Talks About Cyber Harassment on FM91

Shmyla Khan FM91

Shmyla Khan, represented the hardworking team of the Cyber Harassment Helpline on FM 91’s “Pakoray and Patakay” with Ahmer Naqvi on June 16, 2017. The discussion created awareness about online harassment and tips about digital security--followed by a quiz for the audience. Thank you to the team for supporting DRF!

Data Protection & Privacy in the Digital Age – Part 1: “You Are Being Watched”

Data Protection Blog cover-02

We live in what cyber space specialists call the “Golden Age of Surveillance.” As our lives become increasingly digitalized, our privacy is proportionally threatened by the onslaught of data-hungry marketers and companies interested in snooping on our behavioural preferences. Not all of us realize that with or without our consent, our lives are being tracked and gathered in a massive database of personal information by companies and government agencies. But what can we do about it? Read More...

Statement of Support #RecoverAishaAndAlyaan


Digital Rights Foundation and Girls at Dhabas condemn the attack on Asma Jahangir’s associates from AGHS Legal Aid Cell - comprising a female lawyer and two male lawyers - inside a courtroom at the Lahore High Court yesterday morning, i.e. June 20, 2017, by a large group of about 60 to 70 lawyers. Asma and her team have been representing a poor woman who filed a petition to find her missing daughter, 26-year-old Aisha, and grandson, Alyaan. Read More...

Social Media Crackdown in Pakistan

Crackdown of social media activists continues as a Pakistani journalist, Zafar Achakzai, was arrested on June 25, 2017 in Quetta. Zafar has been accused of writing against “national security institutions” on social media and charged under the Prevention of Electronic Crimes Act. Read More...

Taimoor Raza Sentenced To Death For Blasphemy on Facebook

Courtesy of Guardian. Photograph: Faisal Mahmood/REUTERS

Courtesy of Guardian.
Photograph: Faisal Mahmood/REUTERS

An anti-terrorism court in Pakistan has sentenced a man to death for allegedly committing blasphemy on Facebook, the latest step in an intensified crackdown on dissent on social media, reports Guardian. Read More...

IFEX At 25: Strategy Conference & General Meeting, Montreal, Canada

IFEX at 25

June saw IFEX, the international freedom of expression network, mark its 25th anniversary in Montreal, the city in which it was founded, with the 2017 IFEX Strategy Conference and General Meeting. The theme of this year’s conference were the 3 ‘Rs’ - Rights, Resistance, and Resilience - to quote Cathal Sheerin of IFEX, “In other words, what our members fight for, the way they fight and how they endure the often relentless attacks on their work and organisations promoting our rights.”

Given the worsening state of rights across the globe in 2017, with growing repression and travel bans preventing some delegates from being able to attend, the 3 Rs carry more weight than ever, and were a recurring theme during the workshops held during the three day conference.

Digital Rights Foundation was able to to share our experiences in the struggle for digital rights, transparency, privacy and freedom of expression in Pakistan, our cyber-harassment helpline, and to present our thoughts on the Open Government Partnership that Pakistan has recently joined.

We not only established possible collaborations with potential partners, but Digital Rights Foundation is also pleased to report that we were voted to become full members of the IFEX network - a new role that will help us in our fight for digital, privacy and freedom of expression rights in Pakistan.

Access Now: How the Digital Rights Foundation is empowering women to defend their rights

Access Now

In a world where people struggle for basic human rights and are put behind bars when they fight for those rights, they confront countless challenges every day. And if they happen to be from an oppressed or minority group, those struggles grow exponentially. Individuals and organizations are working beyond borders, day in and out, to make this fight easier for those who don’t have the information or capacity to fight for themselves. DRF focuses on the right to data privacy, and the issues pertaining to gender in technology — particularly the internet. Read More...

The Rights of Pakistani Citizens in the Digital Realm

Thought Police

Free speech on social media is being actively stifled by the government. Many people have received telephone calls by the Federal Investigations Agency (FIA), requiring them to present themselves at the FIA offices. People have received notices too. There have been detentions and seizures of people’s personal electronic devices.  Most alarmingly, criminal proceedings have been instituted against an individual for expressing opinions critical of the country’s armed forces. In such circumstances, it is essential that citizens know exactly what the limits of their freedom of expression are. Read More...

Intercepting phone calls is legal, Senate body told - July 2017

ISLAMABAD: The Ministry of Information Technology and Telecom Division on Monday informed the Senate Committee on Delegated Legislation that intercepting telephone calls is lawful and should not be taken as a serious matter because it is practiced worldwide. Read More...