All Posts in Blog

May 30, 2020 - Comments Off on COVID-19 GOV PK: The Tech to Battle Coronavirus

COVID-19 GOV PK: The Tech to Battle Coronavirus

As COVID-19 has spread across Pakistan, questions have been raised about how the Government will tackle the spread of the virus. Across the globe we have seen different approaches to this, varying from comparatively relaxed to extremely stringent.

A popular global approach to health surveillance has been contact tracing[1], followed by surveillance and testing. Contact tracing is an old public health technique which tracks an infected person by tracing the places they visited and the people they met. In order to stem the spread of the virus, all those who came into contact with the infected person are then tracked down, informed of their contact and told to self isolate, or are immediately tested for the virus. This process goes on with each new case and is supposed to help ‘map’ the virus as it spreads. In some countries, mobile applications have been launched to track the virus and help people see ‘where’ the virus is.

These apps act as a way for governments to warn the public about cases nearby, and also allow people to report themselves as patients, so as to keep the cycle of contact tracing going. While such extensive mapping may be helpful for tracking the disease on the macro level, these apps present on the flip-side, major privacy concerns.

Take for example this detailed account of South Korea’s Patient #10422:

Before being diagnosed, patient #10422 visited the Hanaro supermarket in Yangjae township on March 23 from 11:32 p.m. to 12:30 a.m. The patient was accompanied by their spouse, both wearing masks and using their own car for transportation. On March 27, the pair visited the Yangjae flower market from 4:52 p.m. to 5:18 p.m., again wearing masks. They then had dinner at the Brooklyn The Burger Joint at Shinsegae Centum Mall from 6:42 p.m. to 7:10 p.m. This detailed record can be found, publicly available, on many government websites, and is a testament to the extensive contact tracing carried out by Korean authorities.[2]

The minutiae of this account goes to show the extent to which data is being collected and observed.

In many instances, the state response has been immediate and comprehensive which hints at the presence of such tech and mechanisms being in place before the pandemic swept the globe, as is apparent from Pakistani PM Imran Khan’s statement: "It (system for tracking and tracing) was originally used against terrorism, but now it is has come in useful against

[1]https://www.brookings.edu/techstream/how-surveillance-technology-powered-south-koreas-covid-19-response/

[2]https://www.brookings.edu/techstream/how-surveillance-technology-powered-south-koreas-covid-19-response/

coronavirus."[1]  This necessitates the inclusion of a detailed data protection and destruction policy to accompany the launch of such apps which mandate the destruction of the data once the health-related utility is over.

At home, our concerns begin from the knowledge that the government of Pakistan is implementing a policy of mapping that involves tracking citizens and their movements. Internationally, there has been debate about the efficacy of contact tracing, however, at the same time, some countries have seen success with this policy. In the context of Pakistan, unfortunately, these measures are accompanied by a lack of trust between the State and citizens. Multiple instances[2] of citizens' data being leaked from one of the biggest national biometric databases in the world, i.e. the Nadra database, has created a faith deficit. Instances of CNIC and family registration certificates (FRC) information being sold online for as low as $1-2 a piece due to a data leak at a provincial level and possibly national level cement this belief.

The “COVID-19 Gov PK” app, released by the National Information Technology Board (NITB) and the Ministry of National Health Services, has been available for use since early April and has been downloaded with an unsurprising frequency given the alarm among the masses, with a rough estimate of more than 500,000 installations at the time of writing.

The very limited privacy policy (found below) states that it is ‘adhering to social, moral, ethical values, and privacy’ while providing no details of the same and referring to no framework under whose jurisdiction these values are defined and the same goes for the element of privacy.

Given that the app seeks permission for geolocation data of the device it is being used on, and personal medical and geographical data of the user, the policy included within the app is not sufficient or clear on exactly how this data is being processed and who has access to it.

[1]https://www.aljazeera.com/news/2020/04/pakistan-intelligence-services-track-coronavirus-cases-200424073528205.html

[2]https://digitalrightsfoundation.pk/drf-condemns-yet-another-breach-of-nadra-database-and-demands-strong-data-protection-legislation/

A rapid evidence review published by the Ada Lovelace Institute in the UK sets out, amongst other measures, the proposal for the formation ‘of a new Group of Advisors on Technology in Emergencies (GATE) to oversee the development and testing of any proposed digital tracing application.[1]

We at DRF submit the same and ask that a GATE advisory be created to oversee the development, rollout and implementation of fair and citizen rights-protective technologies to combat the pandemic in Pakistan and that a proviso be extended from the outset as to the limitations, especially in terms of time-frame, be allotted and notified with every new tech measure the governments, both Federal and provincial, take to combat the pandemic.

As more and more of offline life has moved online, the increased activity has subsequently led to more complaints of online harassment and crimes. In light of this, there is no reference to heightened concerns regarding the ‘security’ of the app and the personal data being saved. In a White Paper, titled ‘Decentralized Privacy-Preserving Proximity Tracking’ (D3PT), experts in the field highlighted that centralised databases made about patients are at a higher risk of being attacked and leaked than decentralised ones. The white paper makes the case for a decentralized database since it offers a more stringent security policy and quicker response to any attempted data breaches. A centralized system requires a phone to upload all its contact information onto a central database, similar to what the UK is doing currently. In contrast, decentralized systems cross reference a device’s contact information without uploading it to a central database. This is similar to how the European Union has implemented contact tracing. If intelligent decisions are not made about how this data is saved, attackers can access personal information, malicious actors can target patients and in some cases lead to discriminatory practices being adopted. Already we have seen this happening in Balochistan where COVID-19 positive patients’ medical data was leaked[2] to reveal their identities which is not only a massive privacy breach on its own but is only made more complicated by the social stigma attached to corona patients.

The White Paper talks about how the transmission of data works in such apps. Most COVID 19 tracking apps have a feature called the ‘Radius Map’ that tells the user if their immediate surroundings have had a reported case of the novel coronavirus. It does this by using bluetooth signals that bounce off of other users of similar apps. Because of this, specific locations of patients can be pinpointed to the average user. The White Paper highlights this as a privacy concern. Additionally, they also highlight the fact that these signals can be manipulated by hackers to create false alerts of nearby COVID 19 patients, spreading panic in an already volatile situation.

More worryingly, the government app does not rely solely on Bluetooth technology but also makes use of location data which makes it more invasive by a significant degree. These concerns are not helped by the fact that the app does not even meet the standards set by tech giants like Apple and Google, who have collaborated together to develop the APIs for coronavirus app development and have released a detailed set of documentation on exposure notification, its framework and cryptography to promote ‘privacy-promoting contact tracing’.

We submit that the Government of Pakistan share detailed SOPs regarding the COVID 19 app launched by them. These should detail their privacy policy in full, addressing data retention and destruction through a clear and unambiguous sunset clause. Also, we maintain that the Government should share with the public as to who exactly has access to this database and strict guidelines regarding data sharing. While we appreciate that this is an unprecedented situation, the Government still must act in a manner that best protects its citizens' data and their right to privacy, a right enshrined in the country’s Constitution of Pakistan. This, to us, includes the maintenance of the right to opt-in in terms of app usage for everyone, even government employees or essential and frontline workers.

The requirement of immunity certificates must also not be made a condition on which citizens’ mobility and access to benefits rests. These immunity certificates are a focus of debate at the moment with several European nations considering issuing ‘passports’ which allow the holder (a recovered COVID-19 patient) access to a social life but also to civil liberties like the freedom of association and movement. These measures have the potential for unprecedented surveillance and control over public life and cannot be made a prerequisite for exercising fundamental and inalienable constitutional rights.

While we understand the imperatives of the public health emergency, it is important that the State establish some boundaries and limitations to their policy, to ensure their citizens have tangible reasons to place their trust and data with them. The current privacy policy contained within the app itself is inadequate to address these queries and cannot be supplemented given the absence of any data protection legislation in Pakistan. We demand also that the apps that are developed to aid the healthcare emergency be open source[3]. This would not only promote transparency but give a tangible boost to the faith placed in the government’s initiatives for its citizens.

The principle of proportionality is required here, in terms of the strength and effect of the measures being employed. Technology is an asset in these times, however we demand that the increasing centrality of technology be done in a safe, transparent and just manner.

[1]https://www.adalovelaceinstitute.org/exit-through-the-app-store-how-the-uk-government-should-use-technology-to-transition-from-the-covid-19-global-public-health-crisis/

[2]https://balochistanvoices.com/2020/03/private-data-of-coronavirus-patients-leaked-in-balochistan/

[3] Open Source refers to software whose source code is readily available online can also be audited by digital security experts for security standards etc.

May 20, 2020 - Comments Off on Evidence of Twitter, Periscope and Zoom restrictions in Pakistan

Evidence of Twitter, Periscope and Zoom restrictions in Pakistan

Network data from the NetBlocks internet observatory confirm that Twitter, Periscope and Zoom were restricted on multiple internet providers in Pakistan on the evening of Sunday 17 May 2020, commencing approximately 18:30 UTC and lasting over an hour. This report produced in partnership with the Digital Rights Foundation presents findings on the schedule events.

It is shown that the Zoom restrictions appear technically unrelated to international issues that affected call quality earlier in the day. Further, it is shown that Twitter, Twitter’s image and video servers, Twitter’s streaming platform Periscope and the Zoom videoconferencing website share the same timeline of disruption, consistent with previous documented social media platform disruptions in Pakistan.

Sunday’s incident matches the characteristics of previous documented restrictions applied on grounds of national security or to prevent unrest such as the Pakistan’s November 2017 social media blackout.

What happened on Sunday?

Late on Sunday 17 May 2020, users across Pakistan started reporting inability accessing the Twitter social media platform and Zoom videoconferencing service.

Users were able to regain access using VPN tools which circumvent national censorship or filtering mechanisms. During this period the #TwitterDown hashtag trended in Pakistan.

A real-time incident alert was issued by NetBlocks presenting initial findings which are developed and examined further in the present report:

The bulk of reports from Pakistan describe a loss of access to affected services. Other reports from Pakistan describe the “throttling” or slowing of Twitter. NetBlocks data indicate that backend image and video servers were specifically unavailable during the disruption period, corroborating these reports.

How does this relate to international outages?

Zoom experienced technical issues earlier on Sunday affecting certain types of meetings on the service for a limited subset of users. The company issued an update at 15:43 UTC confirming that the problem was resolved, hours prior to the onset of social media disruptions in Pakistan.

No widespread user reports of outages are evident in other countries at the time of Pakistan’s social media blackout. NetBlocks performance metrics from around the world show that Sunday’s disruption was localized to Pakistan:

International reachability metrics show impact by country over two days, with nation-scale disruption evident solely in Pakistan during the reported period

A closer examination of the specific time interval for Sunday’s disruption in Pakistan also shows no restrictions or disruptions in effect outside of Pakistan:


Additionally, timings show that the services were disrupted in the same time window in Pakistan, and restored at the same moment:

Findings are drawn from a core sample of 300 network performance measurements observed from 30 network/location pairings across Pakistan supplemented by a wider dataset of international metrics for comparative use.

Why were Twitter, Periscope and Zoom disrupted in Pakistan?

No explanation or legal order has been presented by authorities or network operators at the time of writing.

Pakistan has previously implemented similar restrictions during mass-protests and limits internet access each year during Ashura. However, no protests were held on Sunday and public manifestations are unlikely as Pakistan remains under partial lockdown in response to the COVID-19 pandemic.

Researchers note that the timing of restrictions as well as the set of platforms affected coincide with a “virtual conference” critical of Pakistani policy held via Zoom, shared on Twitter and reportedly streamed via Periscope on Sunday evening.

News report suggest the virtual event generated controversy in Pakistan, stoking tensions between Indian and Pakistani political activists. Nevertheless, a nation-scale social media blackout in response to a virtual event would be a notable development for Pakistan.

NetBlocks encourages network operators and governments to report disruptions and their legal basis, where available, in a transparent manner in keeping with international standards.

This investigation is conducted by NetBlocks and the Digital Rights Foundation.

Methodology

Internet performance and service reachability are determined via NetBlocks web probe privacy-preserving analytics. Each measurement consists of latency round trip time, outage type and autonomous system number aggregated in real-time to assess service availability and latency in a given country. Network providers and locations enumerated as vantage point pairs. The root cause of a service outage may be additionally corroborated by means of traffic analysis and manual testing as detailed in the report.

originally published on @NETBLOCKS

May 5, 2020 - Comments Off on Digital Rights Foundation’s Legal Analysis of the 2020 Personal Data Protection Bill

Digital Rights Foundation’s Legal Analysis of the 2020 Personal Data Protection Bill

History of Data Protection Legislation in Pakistan

According to the UN, 107 countries across the world have enacted data protection and privacy legislation. In order to ensure the fundamental rights of its citizens and compliance with international human rights standards, Pakistan has also taken steps to enact a personal data protection law in Pakistan. Article 14 of the Constitution of Pakistan guarantees the Right to Privacy, however serious efforts to introduce a law were first taken in 2018 (though a draft Bill was put forward in 2005 but was deemed too weak) when the Ministry of Information Technology and Telecommunication (MOITT) introduced a draft Personal Data Protection Bill in July 2018 and invited comments from the public. The Bill was lauded as a good first step, however suffered from serious issues in terms of scope as it restricted the definition of personal data to “commercial transactions”, limiting its applicability to government-held data, and the proposed Data Protection Commission was not sufficiently independent in its functions and composition. 

A second iteration of the Bill was shared by the Ministry in October 2018, with slight improvements in terms of definitions but many of the same concerns remained especially when compared to international best practices such as the General Data Protection Regulation (GDPR). There was little headway by the MOIT since despite appeals from civil society and being taken up by bodies such as the Senate Standing Committee on Human Rights. The third draft of the Personal Data Protection Bill (referred henceforth as the “Bill”), was put forward by Ministry in April 2020.

Executive Summary

We appreciate the efforts by the MOITT in making data protection and privacy of citizens a priority. Furthermore, we welcome the consultative process adopted by the Ministry. However we hope that during a time when the entire world, including Pakistan, is under lockdown and reeling from the economic, social and public health implications of the COVID-19 pandemic, that such important legislation will not be passed hastily and without the opportunity for an inclusive and open consultative process.

The new 2020 Personal Data Protection Bill, while a better version in comparison to the drafts issued in 2018, still does not fully capture the data protection needs of people in Pakistan. The most prominent issue we see with the draft is the exemption-making and wide-ranging powers given to the Federal Government, in particular under Sections 31 and 38 which risk undermining the protections afforded under the Act. Government bodies collect and process vast amounts of personal data and the obligations in the Act must extend to them and the Government should not be able to introduce further exemptions without proper scrutiny and safeguards. Additionally, the independence of the Personal Data Protection Authority of Pakistan needs to be ensured, by limiting the powers of the Federal Government to appoint members and approve rules made by the Authority (Section 48).

The need for and reliance on technology has and will drastically increase during the COVID-19 pandemic and in a post-Coronavirus world where we will see a predominantly offline world transform into an online world. Access to online platforms of communication, healthcare, education and business is no longer a luxury. In the midst of all this, the need for protection of our personal data is essential more than ever.

Our primary recommendations to the Ministry are:
  1. Definitions of terms such as “Public Interest” and “Critical Personal Data” should be explicitly defined under the Act;
  2. The definition of “Sensitive Personal Data” should be expanded to include categories such as “membership of a trade union” and “philosophical and/or religion beliefs”;
  3. Implementation of the Act should be on a progressive basis to ensure a balance between rights protection and a grace period for data controllers to ensure compliance;
  4. Clearer language regarding scope and jurisdiction of the Act;
  5. Mandatory requirements for obtaining consent should be expanded to include information on intention to transfer of personal data to a third country and the level of protection provided, the existence profiling for targeted purpose, and the existence of automated decision-making;
  6. The Act should develop a higher consent standard for personal data of children and young adults below the age of majority;
  7. Clearer and minimum requirements for security measures for data controllers should be laid down in the Act;
  8. Data localisation measures introduced for cross-border personal data flows should be seriously revised in light of international best practices;
  9. Procedure for withdrawal of consent should be simplified to ensure that it is as easy for the data subject to withdraw consent as it is to give it;
  10. Rights of data subjects such as the right to data portability, right to information related to profiling and automated decision-making, and right to compensation should be explicitly included in the Act;
  11. Powers of the Federal Government to make exemptions under Section 31 be removed;
  12. Safeguards should be included to ensure independence of the Data Protection Authority;
  13. Powers of the Federal Government to issue policy directives under Section 38 should be removed.Find DRF’s detailed, section-by-section analysis of the Personal Data Protection Bill 2020 here.

 

April 24, 2020 - Comments Off on How private is the COVID 19 App

How private is the COVID 19 App

Around the world, governments have taken to technology to stop the spread of COVID 19. The experiences and the success of this strategy differed in each area, however, it seems the world is in agreement- we need to employ technology to help with handling the novel coronavirus. Singapore, Taiwan, South Korea and China all used technology in their fight against the disease. They all used mobile apps in some form or the other, to track the movement of the disease and to find out who might have come into contact with a victim. These countries credit technology for helping them understand how the virus moved and where to implement harsh lockdowns and quarantines. As the virus has spread across the globe, more countries are seeing these applications as their way out and are beginning to adopt these technologies also.

The Ministry of Information Technology and Telecommunication (MOITT) along with the National IT Board (NITB) recently launched an app called ‘COVID-19 Gov PK’. This application gives people up to date information about the spread of the novel Corona virus in Pakistan. However, the app has a feature that allows people to trace the disease, and allows the Government to track the trajectory by tracking the movement of its citizens. The app itself is based on a global trend towards using mobile applications for the mapping of the novel coronavirus.

(Image Source: Corona100M / CNN)

While countries the world over are engaging in health surveillance, we believe this is a problematic approach to the current situation given that such features are intruding on the privacy of citizens, as well as providing unfettered access to users' data. Contact tracing has been faced with backlash across the globe for its invasive approach to countering the spread of COVID 19.

While the situation concerning the virus is an emergency, it is still important for the Pakistani government to establish boundaries and limitations for its activities and be transparent, especially if they involve tracking the movements of its citizens and saving their health information on a mobile application. We would welcome the release of SOPs regarding how the data available on the app is being kept and processed.

Data related to an individual’s health is extremely private information, and it is information that affects not only them, but those whom they live with. This is extremely important to remember especially in such times, with a pandemic on our hands. Having sensitive information about where cases have been confirmed on a mobile application is dangerous as it puts families of victims at risk, as well as exposes their location and data regarding their health. The stigmatising of those with this particular disease has only made matters in this regard, worse.

Additionally, as the virus spreads, the Government needs documentation of confirmed cases, however, this information should only be collected as long as COVID 19 continues to be a threat to Pakistan. Some key elements here that would be comforting would be transparency in how patients’ data is being collected, as well as how it is being stored and lastly, what the data destruction policy, if any, is in this regard, as the Privacy Policy contained with the app is not very illuminating.

As people have moved towards remotely working and communicating, there has been a lot of activity online which has subsequently made cyber criminals and hackers more active. In light of this, the app does not address heightened concerns regarding the ‘security’ of the app and the personal data they are saving. In a White Paper, titled ‘Decentralized Privacy-Preserving Proximity Tracking’ (D3PT) (https://github.com/DP-3T/documents/blob/master/DP3T%20White%20Paper.pdf) , experts in the field highlighted that databases made about patients are at a high risk of being attacked and leaked. If intelligent decisions are not made about how this data is saved, attackers can access all the information, thereby affecting the patients themselves, as well as the doctors and scientists working against the spread of the virus.

In the same white paper, the experts explained how their databases should be constructed and maintained, as well as how the transmission of new data works. They gave two case scenarios to the construction of databases. One being a centralized database, and the other being a decentralized one. They made the case for a decentralized database since it offers a more stringent security policy and quicker response to any attempted data breaches.

Lastly, they talked about how the transmission of data works in such apps. COVID 19 tracking apps have a feature called the ‘Radius Map’. It tells the user if their immediate surroundings have had a reported case of the novel coronavirus. It does this by using bluetooth signals that bounce off of other users of similar apps. Because of this, specific locations of patients can be pinpointed to the average user. The White Paper does highlight this as a privacy concern. Additionally, they also highlight the fact that these signals can be manipulated by hackers to create false alerts of nearby COVID 19 patients, spreading panic in an already panicked situation.

We submit that the Government of Pakistan share their detailed SOPs regarding the COVID 19 app launched by them. These should detail their privacy policy in full, detailing data retention and destruction. Also, we maintain that the Government should share with the public as to who exactly has access to this database. While we appreciate that this is an unprecedented situation, the Government still must act in a manner that best protects its citizens' data and their right to privacy, a right enshrined in the very Constitution of Pakistan.

March 13, 2020 - Comments Off on Protecting Your Digital Rights During The COVID-19 Outbreak

Protecting Your Digital Rights During The COVID-19 Outbreak

The COVID-19 has brought the world to a halt. The virus’ spread across the world has been rapid and has caused panic in almost all countries of the world, including Pakistan. While the gravity of the situation is definitely being felt in the medical field, we feel that the situation has implications on human rights, and these are implications we are simply not addressing.

With COVID-19, we’ve seen part of the fight against the disease being fought online. People across the globe are using the internet and social media to get information, to keep up to date and to track the spread of the virus. This dissemination and collection of data is unprecedented given how the digital world has grown since the last global pandemic.

Right To Privacy

Information and data regarding your Health is sensitive information. Health data is extremely personal and should only be in the hands of the individual. In situations as dire as these, it still needs to be ensured that this data is handled correctly and sensitively. In Pakistan, we are yet to enact a data protection bill, which is why it is important that ethics play a part in all fields. Details like who has tested positive, where they live and who their family are should not be leaked to the public. In times of such urgency, it is important for people to remember their rights to privacy and their right to not consent to their information being shared. 

A Rise In Racism, Xenophobia

When Pakistan confirmed its first two cases of the Coronavirus, it became public knowledge that one of the patients had recently traveled to Iran, and returned with the virus. This incited a lot of harassment against the family of the patient, moreover, a lot of people took to social media to target members of Shia sect. 

In addition to this, it has been internationally reported that there’s been a spike in racism against people who are Chinese or who hail from the Far East. Due to the CPEC project, Pakistan has been a huge influx of Chinese expats, and this trend is concerning as it could negatively affect these people’s quality of life.

Social media companies, along with the government and conventional media should work to tackle these issues and raise awareness about the disease, rather than let hatred for others take over the collective discourse.

Misinformation

Social media has been chaotic since the outbreak of the COVID-19. In the panic, people have been sharing unverified information continuously on social platforms, thereby only feeding the panic further. While the situation around the disease is of a high priority, this rampant spreading of misinformation has led to more fear and panic.It is this frantic level of misinformation that has made the WHO up their social media presence. 

In these circumstances it should be the top priority to social media companies to flag unverified information. Also they should work with the WHO and national level health agencies to spread verified information and up to date stats and data. In such circumstances, it is very easy to be swept up in panic, this panic is exaggerated on social media platforms and it is the responsibility of these companies to help control this panic.

Conventional Media 

Traditional media is equally responsible for the spread of misinformation. Media ethics and values need to play a crucial part in the reporting of this pandemic. Furthermore, stories revolving patients, their families and their treatment need to be dealt with with a lot of sensitivities, just as any other story is dealt with. 

Media regulatory bodies need to be super vigilant about the spread of misinformation as large portions of society still rely on conventional media for their information. Such a relaxed approach towards this issue can lead to hysteria and panic. The media should be used to raise awareness and give people the necessary information with which to tackle this disease.

Censorship

There have been reported incidents in both Iran and China of governments that have actively tried to suppress information about the virus getting out to the public. This is a dangerous development given that it is an attack on freedom of speech and is also an attempt to keep the public aloof of the severity of the issue at hand. Censorship is truly not the way for governments to deal with this situation. It must be tackled by collaboration, transparency and open communication. People should be able to trust their government, not doubt the information provided by them. 

The situation in Pakistan with regards to the Coronavirus is still developing. We, at Digital Rights Foundation, are keeping an eye out for the developments regarding the disease and also assessing how the digital rights sphere is being affected. We will keep posting updates as we get them.

Till then we advise all of you to take the necessary precautions against the virus.

October 25, 2019 - Comments Off on What is Ransomware And How can you protect Yourself

What is Ransomware And How can you protect Yourself

The DRF’s helpline has noticed a marked increase in complaints regarding ransomware attacks in Pakistan. This increase means that such attacks are becoming more commonplace, and it would be good practice to protect our devices and software against such malicious software.

Ransomware is a term most people talking about these days. It is a malicious software that enters your hard drive and encrypts all your files, rendering them inaccessible, until you get the decryption key. It increases its area to the level where cybercriminals targeted big giants but also hunted civilians and average users as well. On different social sites, a lot of people talked about the message that appeared on their devices while opening up their document, which asked them to pay a ransom in bitcoin or through another medium to get their files back in a readable format.

There are different Ransomware that belonged to separate families, which has further different variants. You need to check which family ransomware belonged to and what is the variant if you faced a ransomware attack. You can check it by looking into the extension of the encrypted file like in “picture.png” where “png” is the file extension.

Some examples of the Ransomware Attacks:

You all are well-aware of the ‘Wannacry Ransomware’ Attack of 2017. This attack was massive and infected entire devices and databases. It affected many businesses, hospitals, and other big networks across the globe. The malware didn’t leave behind banks, and mobile operators either. It affected companies in over 100 countries.

Petya ransomware was also in the news after wanna cry Ransomware, which is specifically targeted a windows-based operating system and encrypt the whole hard drive, and to make the files accessible, you need to pay some money in bitcoin.

Following these two major attacks, the FBI sent out a public-service warning about such malware. According to them, these software are getting more advanced and can penetrate larger and ‘more secure’ systems.

Pakistan has also been affected by ransomware as well. Different variants of ransomware software were found to be affecting Pakistani businesses and individuals. Over the past few months, the DRF helpline has seen a large number of calls come in regarding ransomware and a lot of them had to do with a ransomware strand called ‘Stop’.

How it Works:

Ransomware is a type of malware that anonymously injects into the digital devices that encrypts all the content stored on your hard drive, and you cannot read your files anymore. To get your files in a readable format, a decryption key is required, which will then unlock all the files. However to get that decryption key, you must pay a ransom.

This creates a bit of a dilemma. Are you going to pay money to get your files back, or are you encouraging cyber criminals so they can spread this malware to target more people?

Paying ransom itself is a bad practice because there is no guarantee that you will get your files back, and in any case. Let’s suppose if you pay money to the attacker that they asked for, there are still chances that the attacker will not have a private key, or the key they gave to you is corrupted. So paying money to the attacker is not good practice as there is no guarantee that he will unlock your content. Let’s say you successfully managed to get your data back, on the other hand, the attackers start hunting more people.

This is only the first step you have to take if you faced a ransomware attack.

The second step is that you need to disconnect the internet from your devices so it cannot do further damage to your device and don’t spread the malware within the network. After this, you have to run an anti-malware tool in your device, and if it finds anything, remove it and restart your computer. If you don’t do this step and unlock your file, the malware is still in your system, which will reactivate itself. Additionally, whenever you see a ransom note appear on your device, it would be good practice to take a screenshot and send it to experts who can help you decrypt your files.

Sometimes while running an anti-malware software, corrupted files can be deleted in order to protect your device. This leads to a permanent loss of data. To avoid this from happening, the user can create a backup of the files on an empty external hard disk in order to prevent loss of data before running the anti-malware software. Once a decryption toolkit is made for the particular ransomware that affected your device, these files can be decrypted and restored.

There are many ways an attacker can infiltrate the network or can compromise your device. Cybercriminals can exploit your device, and usually, they take advantage of outdated versions of operating systems or software installed on your device.

Avoiding Ransomware Attacks:

  • If you received any suspicious attachment within the email, do not open it until you verify the source of this email
  • Make sure you are using an updated version of the operating system or software installed your device
  • Do not install unverified software into your device
  • If you received any suspicious short link via WhatsApp or Facebook or any other platform, copy the link and open the website link and paste the link there. It will show the actual website link behind the short link. This is just good practice to identify if someone wants to trick you.
  • Do not let someone attached USB into the USB port of your device.
  • And the most important thing is to make a local backup of your data

Microsoft’s built-in ransomware protection:

Microsoft recently introduced the feature known as ransomware protection, which users can use to protect the folder they want. You can enable this feature by going into the ransomware protection section.

You can find the whole sequence below:

Setting---> windows security--->virus threat protection--->in ransomware protection section click on---> Manage ransomware protection

Below is the screenshot

You can turn the above option “controlled folder access” on and pop up will appear, which asks your permission, and then you can see the list of protected folder and can add any folder you want.

In the above picture, you can see the protected folder. This means that no third party unverified software can make changes in the folders mentioned above, thus lowering the risk of data being compromised. If any unverified application tries to make changes in the folder that is already listed in the above directory, an error will appear at the user’s end.

(Note: In order to use Window’s anti-ransomware features, you must have the most up to date versions of Windows 10.)

nomoreransom.org is the project where different IT security companies and law enforcement agencies are trying to help the people who got ransomware attacks on their devices and don’t know how to proceed further. They update their website regularly with new information on ‘trending’ ransomware attacks and software. With this, they release a decryption toolkit that can be used by victims in case of an attack. File uploading option is also available for the victim to check if there is decryption toolkit available for that specific variant. A feature on this website allows for users to upload the affected files. This feature, called the ‘Crypto Sheriff’ determines whether there is a solution. If there is, the ‘Crypto Sheriff’ will provide the victim with the solutions needed. You can access ‘Crypto Sheriff’ here

Aside from Window’s internal ransomware protection, there are multiple anti-malware tools one can use to protect their devices. One such tool is ‘MalwareBytes’. This software is able to conduct comprehensive scans and can identify threat. Additionally the software will quarantine and delete the affected files.

The DRF Helpline was established to help victims of online harassment. This includes people who have fallen victim to sensitive data leaks, and in recent times, ransomware attacks too.

The helpline can be reached at its toll free number, 0800-39393

October 17, 2019 - Comments Off on Tech & Mental Health: Are we better off?

Tech & Mental Health: Are we better off?

The digital revolution is evolving at an unstoppable pace. Alongside the unprecedented explosion of digital technology and systems, mental health is under greater pressure than ever before because there are more platforms than before, especially compared to when our parents were young there were only a few platforms such as msn, Myspace and Orkut etc. Now there is Facebook, Instagram,Twitter,TikTok,Snapchat,WhatsApp,LinkedIn, and many more. With its emphasis on big data, computing power, mobile technology, and network information, digital technology is set to transform health care also.

Social media might be a great workplace for some people but it also might cause depression and sometimes social anxiety for some other people as it shows them a  world of ease in which doing bare minimum gives what the person desires. Through social media networks the world looks so easy because they are not showing what goes on behind the scenes. We’ve seen that major chunk of the population affected by negativities online are children. Children tend to have a naive/immature thinking process or because they lack experience in general and have taken up examples from the wrong places. For the children, the people in the video are just running around and spending money but what they don't see is the planning and effort put into these things. This idealistic phenomenon creates a mindset that there is an easy way around and they don't have to care or take responsibility for their future is what stops the growth let it be in knowledge or overly.

One of the many examples from the influencer/YouTuber community which displays these attributes not entirely but to some extent, is that of a YouTuber named David Dobrik. This particular YouTuber makes daily life videos known as vlogs in which we can see him partying,spending enormous amounts of money and being friends with popular celebrities such as Charlie Puth , Kylie Jenner and Howie Mandel etc. 

The point of my emphasis is not to shame his efforts but that he himself does not put importance on what length of effort he has gone through to achieve this lifestyle he has today and since he doesn't have higher education like so many other influencers, youtubers and popular celebrities, it also creates a somewhat of a false idea of a loophole that children nowadays don't have to get educated fully and can achieve instant wealth and success with minimal effort.   

Nowadays platforms such as Instagram and YouTube have grown rapidly and there are these influencers and different types of youtubers like the one mentioned above which create this culture of superficial things but what they don’t realize is that they’re creating a culture of negativity. One of the many things which causes such pessimism is Fear of Missing Out (FOMO) which is a phenomenon that was born at the same time as Facebook and it has one of the most common negative effects of social media. This phenomenon basically is a form of anxiety that you get when you’re scared of missing out on a positive experience or emotions that someone else is getting.

It happens to everyone. You’ve been invited to go out for dinner with friends. But instead, you decide to stay back at home and get some work done. Of course you can’t help but wonder: what exactly are you missing out on? How much fun are they having without you there? Will there be inside jokes that you’re now not privy to?

This fear is fueled by your social media engagement. The more you use social networks, the more likely you are to see that someone is having more fun than you are right now. 

Instagram celebrities, if you look at the most-followed accounts on Instagram, you’ll find beautiful people wearing expensive clothes and their perfect lifestyle. All this has made Instagram toxic because it has made people conscious about each and everything about themselves. Today, body image has become an issue for both sexes. Of course, seeing perfection on a daily basis makes you conscious, you start comparing how different you look from those pictures and not everyone comes to the right conclusion in these situations.

Another phenomenon on the rise: Social media stars create negativity in the form of “cancel culture” which usually involves bullying others over a mistake or a contradiction in their view point, or due to some past actions. Although may be one of the two parties originally in an argument is doing something right but people especially children might be favoring bashing or shaming the other person  in order to be part of the popular group and not realizing the meaning behind such ordeals. This misinterpretation of such acts creates a norm which erodes a child's confidence and they start applying such behavior towards others in their life as well. 

Sometimes children justify it by saying that others do it too and become part of this illogical banter which gives a sort of an insight into a child’s mind. It tells us that he/she knows what they are doing is somewhat in the grey area. However there are some groups or social media leaders of the masses who humiliate and bully a person for his/her standpoint which differs from theirs on particular matters so then that person, mostly someone young, shuts downs his personal thought process and tries to align with the masses. 

One of the examples found online is that of Tati Westbrook (@glamlifeguru) and James Charles. A quick summary of their spat is that it came to light that James uses Tati’s rival company Sugar Hair Bears vitamins and she felt betrayed as she has a vitamin company herself and she saw James as her protege. What happened as a result of this online war is that all his negative doings came out and people started all of a sudden started hating him and he lost millions of subscribers within hours. What really aided this whole war further was the support Tati got from big-shot youtubers and her friends such as Shane dawson and Jeffree Star. All of this created this cynical atmosphere and people who didn't even know either of them started taking interest in them and it created an army and hashtags calling James Charles a liar , a bad friend and much more.

 This sort of negative behavior generates another problem which is grouping, and as the name suggests is basically people who find similar interests and viewpoints to create online groups whom sole purpose is to work on belittling those people online who differ from their stance on particular issues. 

One of many organizations working for the protection of children's rights, to help meet their basic needs and to expand their opportunities is UNICEF, with the support of experts, is leading an effort to develop a data collection tool to capture information on adolescents’ mental health at a population level in low and middle income countries. Validation and adaptation of the tool in different contexts will involve a mix of qualitative and quantitative approaches, including clinical validation of depression, anxiety and sociality.”

(Unicef website)

What this research by UNICEF would do is that it would aid the upcoming and existing generation to take up and create positivity let it be in the virtual or real world. Although there are organizations, such as UNICEF and  UNESCO, working for the betterment of children but we also need to take up some amount of responsibility. Parents are the key members in this development and what most parents need to realize is that things have changed drastically and technology has evolved to create more problems than before.

This know-it-all nature among the elderly has created distance among the parents and kids. This makes children think “what do my parents know about my experience? They did not go through something like this.” Parents should leave behind attitudes such as that they know best or that their experience as a child can explain the present. Parents need to meet their children halfway as well, get at level of their children and make an effort to learn what is going on. They need to be the ones with the change in such situation sometimes because if parents shut down or leave the problem for next day that makes a child conscious about his/her online and real life issues and its importance to their parents. What parents should do is take out time in such situations and implement some measures and rules in their respective household. Measures like restricting their time on the internet, to try to find out what they are doing in general by engaging in meaningful conversation and talking about whether they need help regarding things. Although these measures might seem small but they make a huge difference in the longer term. The impact they hold is that the child knows that if he/she needs help regarding anything he/she could seek it and they would not be put down and also  in this way the parents can get to know what is happening in the child’s online world and their viewpoints and their intake from a negative or positive issue. In such a situation the discussion could give strength to a child because if his/her standpoint is fair no matter what the other one says they would know that they are doing the right thing due to a parent/elderly’s support.

This article on mental health and technology is written by our lovely intern Priya Zaidi who is doing her A-levels currently.

October 9, 2019 - Comments Off on Your Data, Your Rules

Your Data, Your Rules

The Court of Justice of the European Union (CJEU), in its landmark judgement has held that the controversial “right to be forgotten” requests from within the European Union can lead to removal of information only within the EU and does not apply globally.

Initially, in 2016, Google had filed an appeal against the decision of CNIL, French privacy watchdog, which required Google to remove information under the right to be forgotten from search engines globally. The ruling now means that tech companies will have to use geo-blocking to comply with removal requests under the right to be forgotten.

Digital Rights Foundation and 12 other NGOs also joined the petition to argue that a singular law or state should not be able to determine what kind of information is included or excluded in another part of the world as this will become a major threat to freedom of expression, activists or organisations working against human rights violations in their respective countries or even advocating for progressive changes in the society.

The court also recognised concerns about how the right to free speech or expression and the right to be forgotten is not being used in balanced or fair approach in multiple states which has the potential for serious implications on the society.

The court said,

“…it should be emphasised that numerous third States do not recognise the right to de-referencing or have a different approach to that right. Moreover, the right to the protection of personal data is not an absolute right, but must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality… Furthermore, the balance between the right to privacy and the protection of personal data, on the one hand, and the freedom of information of internet users, on the other, is likely to vary significantly around the world.”

The Digital Rights Foundation along with 12 other organizations appeared as petitioners represented by barristers Caoilfhionn Gallagher QC, Jude Bunting and Jennifer Robinson of Doughty Street Chambers, along with avocat Thomas Haas.

On this petition, all the petitioners strive to protect basic human rights including the right to freedom of speech.

October 9, 2019 - Comments Off on Internet Wins

Internet Wins

There have been multiple incidents reported regarding Pakistan Telecommunication Authority (PTA) blocking websites without following legal procedures. When websites and platforms have been blocked, there is no opportunity to challenge these decisions by PTA.

On 12th of September 2019, the Islamabad high court issued a detailed order regarding these blockages as a response to a petition filed by Awami Workers Party, a left-wing political party registered with the Election Commission of Pakistan (ECP). PTA had blocked AWP’s website in the middle of their election campaign without any prior notice, warning or legal grounds. The AWP sees this action as another attack on progressive voices in the country which are only trying to exercise their constitutional and democratic rights by becoming a part of the electoral process. 

During the hearing, IHC shared that it was not just AWP but over 800,000 other websites have been blocked by PTA. AWP Islamabad’s information secretary, Shahzeb stated that they were surprised to see how the document which was supposed to explain why PTA took this action was missing from the document PTA submitted in the court. He also said that PTA admitted to not following rules established before taking any such action according to Pakistan Electronic Crimes Act 2016. 

It also interesting to see how section 37 PECA 2016 allows blocking of content which is against “glory of lslam or the integrity, security or defence of Pakistan or any part thereof, public order, decency or morality” but does not define what any of these phrases, such as “glory of Islam”, mean. Using such vague and broad criteria for online censorship violates the basic principles of free speech enshrined in article 19-A of the constitution which ensures the right to freedom of expression and information.

In the landmark judgement which is seen as the victory for internet in Pakistan, IHC also stated PTA’s practice of blocking websites as violation of principles of natural justice. Taking a closer look at the whole process also puts light on how the state, while trying to hide how it has been violating the social contract it has with the citizens has been trying to silence the people and organisations being critical on issues while voicing their concerns through digital platforms. 

The court has also ordered PTA to work with the government to form better and more transparent mechanisms and rules within three months. 

“After going through the whole experience of this case and being politically affected by the actions by PTA in the name of alleged hate speech, AWP has realised how digital rights and spaces hold and immense importance hence, they will soon be planning an awareness campaign for citizens on how reclaiming digital spaces is equally important as organizing the masses around human rights and other socio-political questions” said Shahzeb, information secretary AWP Islamabad. 

August 28, 2019 - Comments Off on Women In Journalism

Women In Journalism

So it is a well-known fact that journalism isn’t the safest option one can choose. A journalist exposes his/her views to the public, thus exposing a part of themselves. Be it a small scale freelance journalist or a major famous journalist, these polarizing opinions produce differing opinions and fuel arguments. Of-course there are people who argue rationally, respecting other opinions but the problem occurs when respect is thrown out of the window. When journalists’ online presence threatens their very existence. The word ‘existence’ here can unfortunately be used both generally and specifically.

Specifically, when most of these journalists holding unorthodox views present their views over a medium, they almost always have to face serious threats to themselves and their loved ones. The threats range from cyber-bullying, cyberstalking, cyber-harassment and public shaming to murder threats and enforced disappearances. From 2012 to 2016, UNESCO reported the killing of 530 journalists, two per week. Unsurprisingly, 56% of these deaths happened in developing countries or countries experiencing military conflicts. Unfortunate examples like that of Jamal Khashoggi show us that the growth of internet has done no favor to the status quo. The Fifth Domain has just provided another medium for these threats to circulate through, effectively worsening the situation. 

Having taken a look at all of these issues, it will still not be unreasonable to suggest that being a woman in journalism is a completely different ball game. Obviously all the issues presented above still affect women that are present in the journalism industry. In that essence, I guess calling the situation of women a completely “different” ball game might not entirely be true. A better explanation could be that women face all the issues men have to go through and more. 

While men are criticized, threatened or attacked due to their beliefs, most of the time women don’t even get the luxury of having their opinions conveyed. Even at a platform where their voices are broadcasted, they are shunned for things completely unrelated to their journalistic abilities. Comments about their appearance, their clothes, the way they speak and the amount of make-up they wear (or don’t wear). Similarly, the threats made to women are much more severe and appalling, ranging from sexual harassment to rape threats. Women are called “whores” and threatened to be paraded naked in the streets as a “walk of shame” over the internet. In certain instances, the faces of these journalists are copied on to explicit and sometimes even pornographic images and shared around the internet as memes. The issue, however, will only get worse with the improvement in technology. The above mentioned problem has been made worse with the use of deep-fake technology, creating fake compromising videos which are becoming more and more believable every passing day. 

This campaign of character assassination is possible because of the idea that women are “easy targets”. From the very beginning, the society believes that women have to be non-confrontational, that they have to be passive, that they have to stay neutral to harassment. This difference between problems faced by men and the problems faced by women exist, and it is accompanied with tragic outcomes that usually involve violence against women and deterioration of physical and mental health of women.

The day criticism on both sides of the gender scale is homogenous, would be a day of incredible celebrations and joy.

Generally, however, these issues affect journalism on a whole. Women for these reasons have stopped covering or presenting their opinions on the internet. It has narrowed the scope of intellectual discussion. In many senses, journalism is what’s supposed to take a society forward. To provide a society new topics to debate over. To bring up ideas that haven’t been talked about before and spark up discussion, inviting opinions and getting through to the public. Journalism is not only supposed to spark a debate amongst the educated, but also educate the uneducated. All of this stops when we as a society stop inviting opinions. It stops when women are harassed on and off the internet for presenting their opinions, even worse, for just being a woman.   

Soon

Mohammad Owais Sabri is an Alevels student at LACAS