On May 28th, Telenor Pakistan (a wholly-owned subsidiary of the Norwegian telecommunications Telenor Group) formally announced that it had partnered with Facebook on the latter's Internet.org initiative. According to Facebook and its partners, the objective of Internet.org is to provide selected internet services for free. At first blush, this comes across as a boon for citizens in the developing world, where data services can be expensive for many. Being able to access the internet without running up large bills, and without draining one's monthly data package allowance sounds ideal. By signing up to Internet.org, Telenor's mobile subscriber base in Pakistan – which at last counts comes close 35.2 million – will have access to a list of websites and internet services, which Techjuice has listed here. With Telenor as a start, more people in Pakistan will have greater access than ever before, and for next to nothing.

Beyond the altruistic sentiment, however, all is not well. Rather than giving people greater choice, in reality what Internet.org and its backers are offering is limited and leaves everyone worse off, down the road, creating and encouraging two-tier internet access that, in the long run, makes losers out of us all. Pakistani Tech activists and entrepreneurs have expressed their dismay Facebook and Telenor's launching of the initiative. Arzak Khan of Internet Policy Observatory Pakistan, for instance, expressed deep concern “that an established operator like Telenor is joining Facebook's Internet.org initiative and launching what is a limited and insecure internet. The impact of such a move will stifle investment in infrastructure development and threaten freedom of expression, equality of opportunity, security, privacy and innovation."

“We don't support Internet.org”, say activists such as Sana Saleem of Bolo Bhi. “I believe that they are changing the way that people will access internet in the future for the next billion they are making internet insecure and  limiting their access by suggesting that only these few websites and apps are approved by Facebook, it is against the principle of Net Neutrality and it limits people’s access."

The belief that internet service providers should not discriminate between different forms of content, thus guaranteeing a level playing field for all websites, is one of the key guiding principles behind the preservation of a free and open internet. This belief, known as Net Neutrality, is what ensures that your access to Dawn.com is the same as your access to Express Tribune, or Project Gutenberg. By not favouring or blocking a particular website or service, people are able to access the internet with the freedom of choice, regardless of financial or social background. By offering a select number of websites and services for free solely to people that have subscribed to one of its partners, Facebook is acting in direct violation of the concept of Net Neutrality, by favouring some websites/services and denying access to others. Should Telenor Pakistan subscribers choose to visit websites or services that are not on the proscribed list, they will have to do so outside of Internet.org. What Internet.org offers is the opposite of Net Neutrality, and is known as Zero Rating, defined by Access Now as “the practice by service providers of offering their customers a specific set of services or applications that are free to use without a data plan, or that do not count against existing data caps.” The nature of zero rating has meant that it has been banned or restricted in countries such as Canada and the Netherlands. Nonetheless, this discriminatory practice has been received with open arms in Pakistan. To quote Ghaus Iftikhar Nakodari, Founder of Jumpshare:

“The walled garden approach of making a select few websites available for free will hurt businesses who work so hard to compete in their market. If this trend takes off, I am afraid internet providers will start charging for access to batches of websites in future.”

A internet gateway such as Internet.org makes censorship by governments easier, with what Access Now call a “single centralised checkpoint” for information. Facebook itself has been targeted by and taken down by several governments for “allowing” politically sensitive content. Pakistanis that would use Internet.org to access websites and services that are sensitive in nature could find themselves blocked individually or en masse.

Facebook itself has a notoriously bad reputation in regards to the privacy of its users. Privacy settings have been changed in the past without informing users in advance, with private messages becoming public. Terms and conditions have also been modified in the past without warning. The nature of Facebook's business model, furthermore, is reliant on user data, which is in turn provided to third parties. It is quite likely that Internet.org will collect user data via services and IOS/Android apps. The lack of proper transparency in regards to how that data will be used by Internet.org and partnering companies should disturb many, due to the potential for surveillance without consent.

Surely Facebook is aware of the privacy concerns of many, and will strengthen security for the benefit of its users? Well, as Access Now and the Electronic Freedom Foundation have pointed, not really. Each points out that the current version of Internet.org does not permit HTTPS (HTTP Secure), SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption protocols. If one is sending sensitive personal data – emails, credit card purchases etc – over the internet, these encryption protocols ensure the security and integrity of your web traffic, without the risk of being eavesdropped upon by government agencies or malicious hackers looking to steal your details. By not allowing these protocols, Internet.org users are at danger each time they access websites and services via Facebook's offering.

Internet.org is not without its supporters. There are those defend Facebook and its partners, saying that this opens up the internet to those that could not afford to access it in the past. As internet services become more crucial to our lives, access is indeed essential. Defenders of Internet.org also argue that once people have tried out Internet.org, they will be able to move onto the “proper” internet, having had a taste. The problem here is that should more telecoms providers move towards Internet.org and similar initiatives, it becomes more lucrative for telecoms and internet service providers offer zero rate internet. Should a Telenor subscriber choose to access a website or service not offered by Internet.org, they may be subject to the usual higher data package costs, thus discouraging them, depending on whether or not they can afford to be charged. And according to Asad Baig of Media Matters for Pakistan:

“in such a scenario, when certain service providers in partnership with initiatives like Internet.org, provide access to certain websites 'free of charge', its very difficult to make consumers understand the implications regarding access. Such services are generally perceived as 'consumer friendly' and that's exactly what makes net-neutrality advocacy in Pakistan so difficult."

Rather than offering greater choices to people, Facebook and Internet.org not only put privacy, security and the freedom of expression of internet users at risk, and seeks to make access decisions for the users instead, penalising them should they choose otherwise. Saad Hamid of Invest2innovate provides an analogy:

“Imagine going to any public park in Pakistan for 5 rupees and one day the fee is waived and you can go to certain parks for free. Seems awesome right? It does feel good today being a customer but what happens one day when the fee is introduced again - would you pay for it? This is exactly the concern with Internet.org - it's helpful to the user in the short term and it's highly damaging to businesses and startups who want to develop a tendency among users to pay for services.”

Digital Rights Foundation and Hamara Internet are joining hands with WECREATE Center Pakistan, to participate in the first Global Feminist Hackathon being held on May 23rd 2015, in loving memory of Sabeen Mahmud. We dedicate this inaugural Global Feminist Hackathon to Sabeen and to all those who fight against injustice and discrimination around the world. As Sabeen once said, “I love and cherish that technology has the potential to change lives. We need to devote ourselves to making enabling tools and technologies accessible to more and more people.”

The session will address the current digital legal landscape in Pakistan, concerns with the proposed cyber crimes bill, and the sharing of digital tools and skills to make online spaces safe for women in Pakistan. If you are in Islamabad and want to join us, please contact us at info@digitalrightsfoundation.pk. We also encourage you to join and conduct your own activities dealing with gender and technology, privacy and surveillance, digital security, the hacking of gender roles in technology, or anything else related to technology and human rights.

Sabeen was a symbol of the kind of Pakistan that we want to leave for our children, an icon of free thought and progressive ideas. Let us take her vision forward.

Please share this information widely among your networks and register your activity at the following link by May 23rd: https://f3mhack.org/index.php/en/

Last Friday, Digital Rights Foundation had learnt via The Intercept that Ahmad Muaffaq Zaidan, Al Jazeera's Islamabad Bureau chief made the list. The US government terrorist watch list, to be precise.

According to National Security Agency (NSA) documents leaked by whistleblower Edward Snowden, in 2012 the NSA indicated that it considered that Mr. Zaidan was a member of Al Qaeda and the Muslim Brotherhood. Mr. Zaidan has strongly denied that he has ever been a member of either organisation, and is backed by his employers and respected international journalists, such as CNN's security analyst Peter Bergen.

So how did a respected veteran journalist find himself placed on a terrorist watch list?

Metadata refers to location and data about communications, such as the callers, sender and recipient, location of communication devices and their unique identifiers, time and length of calls, and other data. Metadata is useful data: it can be analysed by intelligence officers and software in order to detect specific patterns and to establish detailed profiles on particular individuals and/or groups. In the wake of September 11th 2001, the United States government has actively pursued what it constitutes as threats to global security, on the basis of human intelligence and metadata.

Journalists are always told, whether in school or on the job, to go where the story is. To follow the trail. The nature of investigate journalism will often entail communications and physical interactions with people from criminal or terrorist organisations or backgrounds. Zaidan has travelled to and interviewed key figures in geopolitical hotspots, including Afghanistan and Pakistan, two countries that gained prominence post-9/11. Based upon the metadata that has been generated by his movements and communications, Mr. Zaidan found himself on a terrorist watch list and a US government database (TIDE - Terrorist Identities Datamart Environment, shared by US intelligence agencies). According to SKYNET, a problematically-named computer programme designed to analyse metadata, his movements were similar to that of couriers for high ranking Al Qaeda officials.

In Ahmad Zaidan's own words, “to assert that myself, or any journalist, has any affiliation with any group on account of their contact book, phone call logs, or sources is an absurd distortion of the truth and a complete violation of the profession of journalism.”

Though the NSA and the US government did not tell The Intercept as to how Mr. Zaidan came to be added to the TIDE government database, what is known from leaked documents highlights the grave dangers that the collection and interpretation of metadata hold in store for all of us.

One of the questions that SKYNET used as a basis, for instance, was “who has traveled from Peshawar to Faisalabad or Lahore (and back) in the past month? Who does the traveler call when he arrives?”. Behaviour patterns seen as 'suspect' were also looked at by SKYNET, including “incoming calls only,” “visits to airports,” and “overnight trips.”

What the NSA documents also reveal is that the information was collected from “major Pakistani telecoms providers” according to the Intercept report. According to the documents, 55 million Pakistani mobile phone records were fed into the SKYNET system, via its Pakistan dragnet, DEMONSPIT - “as an example” - one of which was “PROB” (sic) Zaidan, due to his frequent Peshawar-Lahore excursions. Others were also highlighted by the system, using similar criteria.

What arises: the collection of metadata has been actively pursued by government intelligence agencies as a way to capture potential terrorists. The belief is that by examining their movements before hand, persons of interest can be arrested or subdued before an attack takes place. The belief is also that metadata will tell us where the enemy can be found, and taken out. This collation of data has been the basis of drone attacks in Afghanistan, Pakistan, and Yemen, and is cited as being how Osama bin Laden's hideout in Abbotabad, Pakistan, had been located.

As with Mr. Zaidan, however, metadata does not automatically infer intent, and can ensnare innocent people, often with tragic consequences. Drone attacks in Pakistan, as of 24th November 2014, have resulted in the deaths of an estimated 1,147 people, according to a report released last year by the human rights organisation Reprieve (http://www.reprieve.org/uploads/2/6/3/3/26338131/2014_11_24_pub_you_never_die_twice_-_multiple_kills_in_the_us_drone_program.pdf)

As the former head of the NSA, General Michael Hayden once remarked, “we kill people based on metadata.” (http://justsecurity.org/10311/michael-hayden-kill-people-based-metadata/)

What does the Intercept report mean for Pakistani citizens? Simply this: a clear violation of the right of the individual to privacy has taken place. The documents in the report do not clarify the technical or legal means by which 55 million mobile phone records were obtained, and it is unlikely that those mobile phone records were the only examples forms surveillance sans oversight undertaken against Pakistani citizens. It is evident that in the name of global security, the rights of Pakistani citizens have been ignored. The context-free manner in which metadata is analysed ensures that the mobile phone calls, smartphone usage et al of Pakistanis will be kept on NSA servers and examined for “potential” persons of interest.

The current draft of the 2015 Prevention of Electronic Crimes Bill, as amended by the Standing IT Committee of the Pakistani National Assembly, would allow for Pakistani intelligence agencies to forward mobile phone and data records of Pakistani citizens, without consent necessary. A legal analysis undertaken by Privacy International and Digital Rights Foundation found that the the draft law does not call for regulation of “sharing of data among government entities” (https://www.privacyinternational.org/sites/default/files/Prevention-of-Electronic-Crimes-Bill-2015%20Legal%20Analysis_0.pdf). If the United States government highlights the digital activity of any Pakistani citizens on the basis of data already gathered, it will most likely follow that Pakistani intelligence agencies will be approached by their NSA counterparts to bring in the individuals, regardless of concrete evidence of wrongdoing.

The capture and storage of the telecommunications of Pakistani citizens – without consent – violates the right to privacy, and aims to criminalise behaviour out of context. To quote Geoffrey King, Internet Advocacy Coordinator for the Committee to Project Journalists, “Given a big enough pool of data, anyone can end up fitting a 'suspicious' pattern.”

Written by Adnan Chaudhri