All Posts in Blog

October 10, 2020 - Comments Off on Understanding What Anxiety Looks Like

Understanding What Anxiety Looks Like

Written by Saba Sabir

On this mental health day we would like to break the stigma associated with mental wellness. Stress is a real problem that negatively impacts health and safety.

We often do not realize that we’re stressed until it begins to consume us and we aren’t always good at identifying signs of stress and burnout in ourselves. In fact, sometimes it is easier for another person to point them out. It is important then to be aware of the signs and symptoms of stress and any changes we might experience in our minds, bodies, and routines. Mentioned below are some signs and symptoms which are indicative of high levels of stress and anxiety. We can then work towards managing stress after understanding how it manifests in our bodies.

September 25, 2020 - Comments Off on What Is Emotional Regulation And Why Is It So Important?

What Is Emotional Regulation And Why Is It So Important?

By Kashfa Zafar

Have you ever felt hangry? If you’re human, chances are that you’ve been so hungry at some point that you were extremely irritated by everything and everyone around, but you were probably too agitated to realize that your bad mood was the result of a fairly common human experience – hunger. Emotionally heightened experiences can be really overwhelming resulting in cognitive overload; Your mind might respond by ‘shutting down,’ suspending your abilities of rational judgment. That is why for someone observing your behavior, you might seem like a less-than-stable individual. Of course, you know that you’re not some irrational person but in the case of experiencing ‘hanger,’ even you might be surprised by the things you say or do without realizing the reasons behind your seemingly ecstatic behavior. If only you knew that you were simply hungry, and the solution to your troubles was just a refrigerator door away. Wouldn’t that make your life easier?

Well, the good news is that there’s definitely a way. It’s called emotional regulation. Emotional regulation is the ability to exercise control over your emotional state so you’re in a better position to respond appropriately to the demands of a given situation. Emotional regulation skills obviously extend far beyond the scope of simply experiencing hanger. These skills are positively correlated to your social and emotional intelligence and can provide effective management skills for those experiencing depression and anxiety. 

The key in developing emotional regulation skills is to cultivate and practice mindful awareness. When you find yourself in an emotionally provocative situation, remove yourself physically from that negative space and redirect your attention towards what you’re feeling physically. Notice how your body feels. Does your chest feel tighter? Is your heart racing? Are you experiencing a headache? Whatever the case maybe, you can applaud yourself for practicing what is known as cognitive reappraisal. Instead of focusing too much on your negative thoughts and feelings, you have now managed to divert your mind towards how these negative effects present themselves physically in your body. When you do this, you are regaining control over your judgment and actions and not letting your emotions drive your thoughts and behavior. Cognitive reappraisal is a simple yet highly effective tool used in many different types of psychotherapies. It the ability to reframe your cognitions or alter your way of thinking. So, in the case above, you have reframed your experience of the situation because instead of focusing on your negative feelings and thoughts that might have negatively affected your perception of the given circumstances, you’ve concentrated your attention to somewhat neutral bodily sensations. 

Now that you’ve rerouted your thoughts from the situation onto yourself, the next step is to explore your feelings. Simply acknowledging that you’re feeling ‘bad’ or ‘mad’ is only a start. Dig a little deeper and notice what kind of negative emotions you’re feeling. If possible, write them down. Ask yourself what emotion might be masking itself in the form of anger. Sadness? Guilt? Shame? Hopelessness? For this, you have to be honest with yourself. Execute the same mindfulness that you practiced when noticing how your body felt. Without judging what comes up for you, identify both the surface-level as well as hidden emotions. By practicing this exercise over time, you’ll not only be able to develop and refine your emotional awareness, but you’ll also be able to tell what kind of emotional experience you’re having by simply noticing how your body feels. Each emotion has a physiological reaction in the body, and because you would have monitored the physical manifestation of the identified emotion, you’ll know how to regulate your behavior without being emotionally flooded. 

Once you’ve become regular in the practice of emotional regulation, you’ll feel you have greater self-control even in the face of the most pressing and pressurizing situations. Instead of letting your emotions control you, you’ll be able to take charge of your life, be it personal, social or professional.

September 2, 2020 - Comments Off on Cyber Bullying And Its Effects On Teenagers/Adolescents

Cyber Bullying And Its Effects On Teenagers/Adolescents

By Sara Israa 

Cyberbullying or cyber harassment are no new terms. They are now commonly experienced by people who are active on social media and who use online spaces. Cyberbullying could be defined in many ways but basically it is when someone intentionally sends hurtful messages and pictures, spreads false information, threatens or blackmails you, hacks your social media, or impersonates you. It is something which is persistent, which is probably meant to intimidate the victim. The perpetrator might be known or unknown.

With the influx of technology, social media, and unlimited access to internet services, cyber bullying is on the rise. It won’t be wrong to say that online spaces are now becoming unsafe day by day, since we are not aware of the predators behind the screens. The peak of cyber bullying is now actually taking a toll on mental health. Teenagers are the most common victim of this since they belong to a vulnerable part of society and they also excessively use online spaces. It is disturbing because of its public and uncontrollable nature.

The teenagers who are cyber bullied experience a range of emotions such as increased anxiety, low and sad mood, school absenteeism, decreased self-esteem, difficulty focusing, and in extreme situations even suicide. Cyber bullying and adolescent mental health hold a strong relation together. There has been vast research that validates that harassment on the internet introduces feelings of guilt, worry, and depression. This at times aggravated since many teenagers have a hard time communicating. This results in self-blame which might be a reason for them choosing suicide. 

Cyber victimization at times also leads to teenagers isolating themselves and spending their time worrying over the consequences of being shamed online. Similarly, children who experience cyber harassment may experience anger outbursts and may have relationship problems later in life. Cyber victims are more likely to experience somatic problems, including difficulty sleeping, headaches, and stomachaches, as compared to their unaffected peers. Many children in order to overcome or get away with post shame of cyber harassment may also indulge in substance abuse. 

 Unfortunately, most teenagers are unaware of digital safety hence they fall prey to cyber bullies. Also, a vast majority of research shows that in the past decade cyber harassment has become so prevalent that it is not considered a public health concern. 

With cyber harassment showing a strong correlation with adverse effects of mental health it is high time now that we make the youth more aware of cyber safety. We at the individual and collective levels should try to make online safety more accessible. There is a dire need for mental health counselors to address the concerns of cyber victims and provide them with platforms where they can vent out and word out their perspectives and thoughts without being judged. 

There are some ways which adults or parents can use to save their children from being cyber bullied. Firstly, be empathetic and listen to your child so that he/she can confide in you without fear. As a parent or adult, you can make sure that your child’s profile is private and not public, limit the number of friends your child adds on social media and allow only those to be added which he/she knows in real life, ensure about passwords safekeeping and ensure that your child knows how to report, block or delete someone who is harassing them. Get them engaged in offline activities. Remember, the less time they spend on their devices, the less likely it is that they will be cyberbullied.

References

Nixon, C. L. (2014). Current perspectives: the impact of cyberbullying on adolescent  health. Adolescent health, medicine and therapeutics5, 143.

Vaillancourt, T., Faris, R., & Mishna, F. (2017). Cyberbullying in children and  youth: Implications for health and clinical practice. The Canadian journal of  psychiatry62(6), 368-373.

https://parents.au.reachout.com/common-concerns/everyday-issues/cyberbullying- and-teenagers

Munawar, R., Inam-Ul-Haq, M. A., Ali, S., & Maqsood, H. (2014). Incidence, nature  and impacts of cyber bullying on the social life of university students. World  Applied Sciences Journal30(7), 827-830.

June 19, 2020 - Comments Off on Virtual ‘Private’ Networks no Longer Private as PTA Requires Registration

Virtual ‘Private’ Networks no Longer Private as PTA Requires Registration

Areeba Jibril is a DRF intern focusing on issues related to privacy, free speech, and elections. She tweets at @AreebaJibril

Finding a Virtual Private Network (VPN) provider in Pakistan is easy. A quick google search will pull up multiple free services. Casual internet users may register for these services to circumvent paywalls and access online content that has been blocked in Pakistan. They can do this without even really knowing what they’re signing up for. More sophisticated users may use VPNs to ensure that their IP addresses, and therefore their geographical location and identity, remain hidden from the websites they visit.

What casual users likely don’t know is that the Pakistan Telecommunication Authority (PTA) has announced a registration requirement for all Virtual Private Networks (VPNs) by 30th June 2020. This is twenty-two days after they first posted a public service announcement on their website. The PTA regulations do not ban the use of VPNs entirely, but they do require users to register their VPN use with their Internet Service Providers (ISPs). To do this they must share their CNIC number, the purpose for which they would like to use a VPN, and which IP address they will be using their VPN with. The privacy intrusion is not limited to this information. –The notification is vague, therefore it is difficult to say with authority the extent of the privacy intrusions that may come about. There is online speculation about the extent of information that the government can feely request from non-VPN users and whether the same practices will apply to VPN-users as well.

The Pakistani government claims they’ve added this requirement to support the Information and Communications Technology (ICT) industry and promote the “safety of telecom users.” But requiring registration of VPNs defeats the purpose for which VPNs were created. VPNs cannot be private if they must be registered with ISPs, who are then required to share the information with the government. The information flow doesn’t stop there – the government has contracted with Sandvine Corporation, a US-based company, to monitor ‘grey’ internet traffic.

The 10th June announcement isn’t forthcoming regarding the significance of this announcement, by claiming that this is “not new”. It’s true that users have been reporting that their VPNs had suddenly stopped working since 2011. However, this new announcement includes the threat of legal consequences, without much clarity on what these consequences will be. The drastic consequences to privacy do not need to be new to be concerning. The PTA claims to be using its authority under clause 4(6) of Monitoring and Reconciliation of Telephony Traffic Regulations (MRITT), 2010. 

VPNs can be helpful for the average internet user when they want to access content such as television shows that aren’t otherwise available in Pakistan. But they serve a much more important purpose in promoting freedoms of opinion and expression by protecting the privacy of users. By using a VPN, users can ensure that the websites they visit and the content they post cannot be traced back to them. For many, anonymity is an important part of what makes the internet a safe place.

David Kaye, the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, noted, “Encryption and anonymity provide individuals and groups with a zone of privacy online to hold opinions and exercise freedom of expression without arbitrary and unlawful interference or attacks… A VPN connection, or use of Tor or a proxy server, combined with encryption, may be the only way in which an individual is able to access or share information in [environments with prevalent censorship].”

As the list of registered VPN users will be shared with ISPs, the risk of private information being accessed by those with malicious intent will increase dramatically. Without the ability to hide their physical location, users will be in greater danger if they use the internet to communicate discontent with the government and seek help anonymously. 

Some users may decide they cannot risk this intrusion to their privacy and refuse to register their VPNs. It is unclear how these users will be treated. The government can request that non-registered users have their VPNs blocked. However, they have also said that users who fail to register their VPNs can face legal consequences if they cause “loss to the national exchequer.” They maintain that they are adding this requirement to terminate “illegal traffic.” These vague terms should be a great cause of concern. What is illegal traffic? What will be considered a “loss to the national exchequer”? When will users be held legally accountable for failing to register their VPNs? The lack of guidance increases the risk that these laws will be used to target political dissidents and unpopular speech.

The notification concerning VPNs, coupled with the news from a few months back regarding ‘Deep Packet Inspection’ (DPI) poses a serious threat to online privacy and security for the common Pakistani citizens. DPI allows unprecedented access to a private individual’s activity online. The added issue with the DPI technology is the fact that the government has been incredibly silent on how they plan on using the technology and what the purpose of it is. This silence and general vagueness is somewhat similar to what we’re witnessing nowadays when it comes to this notification regarding VPNs in the country.   

Pakistan is not alone in regulating the use of VPNs. Belarus, China, Iran, Turkey, Iraq, Syria, Oman, Russia, Uganda, the UAE, and Venezuela have either introduced some measures to restrict the use of VPNs or banned the use outright. Iran allows the use of VPNs, but only if providers are Iranian while Russia bans VPN usage for sites that have previously been blocked by Russia’s governing body for telecommunications and mass media communications. Consequences for using VPNs are also wide-ranging. In China, the government has gone so far as to arrest a VPN provider. In Oman, private users face a 500 rial fine ($1300USD). 

Given the human and digital rights track record of these countries, this is not a list of countries that Pakistan should want to be on.  

Sources:
https://www.pta.gov.pk/en/media-center/single-media/public-notice---get-your-vpn-registered-080620

http://tickets.nexlinx.net.pk/index.php?/News/NewsItem/View/45

https://www.dawn.com/news/1512784

https://www.pta.gov.pk/en/media-center/single-media/public-notice---get-your-vpn-registered-080620

The coming Pakistan VPN ban: PTA sets deadline for VPN users to register by June 30th
https://www.pta.gov.pk/media/monitoring_telephony_traffic_reg_070510.pdf. https://www.amnesty.org/en/latest/news/2017/08/vpns-are-a-vital-defence-against-censorship-but-theyre-under-attack/
Where are VPNs legal and where are they banned?
https://www.bbc.com/news/technology-41160383

June 11, 2020 - Comments Off on Quetta Internet Shutdown

Quetta Internet Shutdown

This article has been authored by Zainab Durrani who is a Project Manager at DRF

The recent incident of internet shutdown in Balochistan’s provincial capital, Quetta, has been noted by the Digital Rights Foundation with a grave degree of concern.

Two days without the Internet

For over 48 hours, between 30 May and 2 June, 2020 Quetta remained without access to mobile internet services. This occurrence, especially in the middle of the global COVID-19 pandemic that is at its peak in Pakistan at the moment, is an egregious infringement on the residents’ right and access to information, effectively cutting them off from the rest of the world and depriving them of potentially essential and lifesaving information.

Internet shutdowns are a deliberate effort to cut-off particular communities from access to the internet, which includes information, social media platforms and services accessible online. Internet shutdowns come in a myriad of forms: the relevant authority can choose to throttle access to a specific section of the population by cutting off bandwidth; instituting broadband/mobile internet shutdowns, “Internet blackouts”; blanket internet shutdowns, mobile phone call and text message network shutdowns; service-specific (platform) shutdown e.g cutting off access to platforms like Twitter or Facebook.

This particular shutdown purportedly came after escalating tensions between members of the Hazara and Pashtun communities in Quetta. The deaths of three young men from the Pashtun community led to unrest in the city and the eventual blockage of internet services was to purportedly quell this unrest. However, as per sources, the reasons for the shutdown were unknown to the provincial government at the time, who were unsure as to why the Pakistan Telecommunication Authority (PTA) had disbanded services in the city. Additionally, no official public notice was given by the PTA to communicate the shutdown, and its expected duration.

Concerns for residents

Internet shutdowns are an ineffective way of dealing with unrest in a particular locality, in that they are a disproportionate measure and human rights groups over the world have pointed out that they have the potential to engender more panic in the absence of access to information.

The shutdown impacted the work of many throughout the city. As a journalist, Mr. Hafizullah Sherani from Voice of America expressed difficulty in filing reports, having to go through the extraordinary lengths which involved attempting to get connectivity on the roadside, in front of a friend’s office, at 2 AM ironically in order to file his story on the shutdown itself. Saadullah Akhter from Balochistan Express echoed this experience noting that ‘it was an abrupt suspension when the city was in grip of tension following Hazara Town lynching hence we faced immense difficulty in getting accurate information over the incident and sharing it with other colleagues and newsrooms.’

This shutdown impacted the lives of dwellers from all walks of life, who, in the process of getting through an unprecedented pandemic, are relying heavily on connectivity not only to remain in touch with friends and family, but to coordinate efforts to arrange resources such as plasma of recovered patients to help those suffering from COVID-19.

Not only was it a problem as a field reporter, notes journalist Rani Wahidi, but as a citizen who could not communicate with their family through secure channels like Whatsapp, to keep in touch throughout the day or share her location with them for safety purposes. The shutdown increased the difficulty of those stepping outside their homes to work during a global pandemic.

Are shutdowns effective?

Shutdowns are a common tactic used by the state to ensure elusive aims such as “security” and “safety”. This is particularly so in Balochistan which faces frequent internet shutdowns and connectivity issues. For instance, in 2018 parts of Balochistan witnessed three shutdowns over the course of a week, one of which occurred during the Pashtun Long March.

As per Access Now there were at least 213 recorded instances of internet shutdowns the world over during the year 2019 alone in 33 countries. Not only are these shutdowns generating a social cost that impedes human rights, there is an economic cost--and a hefty one at that. 

Researchers Samuel Woodhams and Simon Migliano report that:

"In economic terms, disruptions not only affect the formal economy but also the informal, especially in less well-developed nations. There can also be lasting damage with the loss of investor confidence and faltering development, all of which makes our estimates conservative.”.

"On the human rights side, these shutdowns clearly impact citizens' freedom of expression and the right to information and may even result in an increase in violence."

Internet shutdowns often have a severe impact on freedom of assembly and association as well as mobility. Sadia Baloch, activist and member of the Baloch Students Organization (BSO) said that the shutdown impacted the protest they were organizing for 4 year old Bramsh Baloch who lost her mother to violence and received injuries herself in Turbat, Balochistan.

‘... it specifically affected our protest which was on the next day,our mobilization was affected as very few people got the news and the rest of Balochistan has no internet facility which is a problem itself.’

While time-bound and location-specific internet shutdowns are very common, however there have been long-term shutdowns in the country as well. The former Federally Administered Tribal Areas (FATA) territories of Pakistan have also been facing an internet shutdown for 4 years now. 1460 days, give or take. ‘In early June 2016, at Torkham, the border forces of Pakistan and Afghanistan clashed over the construction of a gate by the Pakistani authorities on the border. This clash led to the suspension of 3G/4G services in bordering towns and tribal areas.’

The suspension of services is legally condoned under s.54 of the PTA Act which covers national security. S.54 (3) in particular reads: Upon proclamation of emergency by the President, the Federal Government may suspend or modify all or any order or licences made or issued under this Act or cause suspension of operation, functions or services of any licensee for such time as it may deem necessary. 

This is despite Islamabad High Court (IHC) ruling that mobile network shutdowns, including mobile based internet suspension were illegal. The judgment, from February of 2018,  indicated that access to telecommunication services is a fundamental right of the citizens of Pakistan, and any attempt to suspend said services is a violation of their constitutional rights. The case is currently pending on appeal.

Digital rights activist Usama Khilji of Bolo Bhi expressed his concerns by noting: 

‘The long standing internet shutdown in ex-FATA is a gross violation of the fundamental rights to information and freedom of expression and increasingly the right to education as guaranteed by the Constitution. Millions of Pakistani citizens cannot be left out of internet access as it impacts their ability to communicate, access information, and access education especially since the pandemic started. The Universal Service Fund set up by the government & contributed to by telecom companies must immediately be utilised to enable internet access in ex-FATA.’

Over the last few years, the situation has taken a turn for the worse in terms of a greater cost paid by those cut off from the internet. Currently, as students hailing from outside metropolitans have had to return home due to the implications of the coronavirus spread and there are more people working from home, blanket and arbitrary shutdowns will have a disproportionate effect, depriving them of access to information, work and an education. 

Being a member of the #KeepitOn campaign, which consists of 158 organizations from 65 countries that are devoted to fighting internet shutdowns, DRF is committed to reporting on and continuing its advocacy for constant and safe access to the internet for all. 

Sources:
https://slate.com/technology/2020/04/pandemic-internet-shutdown-danger.html

https://voicepk.net/quetta-tensions-lead-to-internet-shutdown/

https://www.poynter.org/fact-checking/2019/sri-lanka-blocked-social-media-to-stop-misinformation-about-the-easter-terror-attacks-but-it-didnt-work/

https://www.accessnow.org/pakistan-shuts-down-the-internet-three-times-in-one-week/

https://www.accessnow.org/cms/assets/uploads/2020/02/KeepItOn-2019-report-1.pdf

https://edition.cnn.com/2020/01/09/tech/internet-shutdowns-cost-intl-hnk/index.html

https://thediplomat.com/2020/06/balochistan-erupts-in-protests-over-a-murdered-mother-and-her-injured-4-year-old/

https://thediplomat.com/2019/03/balochistans-great-internet-shutdown/

https://digitalrightsfoundation.pk/islamabad-high-court-ruled-mobile-network-shutdowns-illegal/

 

June 3, 2020 - Comments Off on COVID 19 and Cyber Harassment: DRF Releases Lockdown Numbers

COVID 19 and Cyber Harassment: DRF Releases Lockdown Numbers

DRF established the Cyber Harassment Helpline in December 2016. The services we’ve offered since then include, legal support to online harassment victims as well as digital security assistance and also psychological counseling of victims. 

As Pakistan entered its lockdown in response to the COVID-19 outbreak, we feared there would be an increase in cyber-harassment cases as well as cyber attacks in general. To explore this possibility we analyzed the data from our Cyber Harassment Helpline from the months of March and April 2020 and compared it to the data from January and February 2020, to compare how cases have grown in the lockdown. Given that the pandemic became a public health emergency in Pakistan in March 2020, we feel that the comparison can reflect the changing patterns of online harassment and violation in relation to the social ramifications of COVID-19 This analysis is being released in the form of a policy brief and includes a list of recommendations for concerned stakeholders. 

As compared to January and February, March and April saw an increase of 189% in complaints registered with our Cyber Harassment Helpline. 74% of the cases in March and April were reported by women, 19% by men, and 5% by gender non-binary persons. When the lockdown was enforced in March, for the safety of our employees, we had to close our office as well as shut down our Helpline’s toll-free number. This massive bump in recorded complaints came through email and our social media. 

We have found that “the forms of gendered violence that are largely directed at women in the digital sphere usually include sexual harassment, surveillance, unauthorized use and dissemination of personal data, and manipulation of personal information including images and videos. This form of violence acts as a significant barrier to women’s expression of themselves as well as meaningful engagement with the internet. A majority of the cases that the Digital Rights Foundation’s cyber harassment helpline received digitally during lockdown (April and May) pertained to blackmailing through non-consensual sharing of information, intimate pictures and videos.” 

Alongside this data, we are also releasing a list of 14 recommendations for relevant stakeholders. These cover issues of the FIA’s accessibility especially during the pandemic, and also how technology needs to be used hand in hand while dealing with harassment cases, like allowing for video testimonies etc. 

During the pandemic, the cyber harassment helpline has been working hard to provide uninterrupted services to complainants of online harassment, while ensuring the safety and well-being of our staff. Early in the lockdown period, we switched exclusively to online platforms, however, we have restored the toll-free number through cooperation from the Pakistan Telecommunications Authority and PTCL.

Our full policy brief is attached to this email. For more information on this policy brief and on the work of our Cyber Harassment team, you can get in touch with them using this email: 

[email protected] 

May 30, 2020 - Comments Off on Digital Rights Foundation is Gravely Concerned with the Violations of Privacy & Condemns Moral Policing in Uzma Khan case

Digital Rights Foundation is Gravely Concerned with the Violations of Privacy & Condemns Moral Policing in Uzma Khan case

image soon

It is no secret that the internet is not a safe place for women, much like most spaces in society. Tools and technologies are repeatedly weaponised to harass, shame and silence women, recreating oppressions and patriarchal power structures that have enacted violence on women’s body and freedoms for centuries.

Earlier this week, Uzma Khan’s video of her terrified and being bullied in her own home was leaked without her consent and in clear violation of her privacy, it set off character assassinations and slut-shaming that is common in cases where women assert their bodily autonomy outside the bounds of marriage. Women’s sexuality is heavily controlled through penal laws and moral policing that seeks to negate their consent and autonomy. Women stepping outside traditional gender roles or the respectability of the family unit are shamed for their choices, and the video was an example of technology-enabled moral policing. Subsequently, as videos of the attack emerged on social media, promoting outrage from some on the blatant use of power to punish a woman for moral transgressions, but also voyeuristic viewings from those baying for entertainment. The manner in which women’s presence and bodies are objectified and consumed online often obscures the larger structural issues and power dynamics at play in cases, an exercise that even well-wishers often wilfully participate in.

Privacy has traditionally been used as a concept to confine to their homes and insulate violence within the family from accountability—the concept of “chaar devari”, the privacy of the women of the family, has been weaponised to keep women within the domestic sphere and invisibilise violence within the home. Feminist interventions on the right to privacy however centre it as a means of safety and preserving individual human dignity, as a shield to protect the vulnerable against powerful institutions and individuals. Uzma’s right to privacy within her home, over her videos and personal information is crucial, particularly in a case where the power dynamics are stacked up against her. The fact that after the filing of the FIR, Uzma’s personal details, such as her home address, were put on the internet and widely disseminated reminds us of the dangers of doxxing that played a part in the horrific murder of Qaneel Balochi. The disregard for Uzma’s privacy—opening up her persona life for public consumption—is extremely troubling and dangerous.

We call on the law enforcement bodies to demonstrate their independence and fairness by following through on the registered FIR and taking steps to ensure that the inquiry and subsequent case is fair and transparent. Furthermore, we believe that protection should be provided to Uzma and her family with due regard to their privacy. At the same time, we also recognise the limitations of the law and the justice system in providing restorative justice for the loss suffered. Additionally, the law is often instrumentalized to serve the interests of capitalist-patriarchal order, reproducing the status quo through coerced compromises and police malpractice.

May 30, 2020 - Comments Off on COVID-19 GOV PK: The Tech to Battle Coronavirus

COVID-19 GOV PK: The Tech to Battle Coronavirus

As COVID-19 has spread across Pakistan, questions have been raised about how the Government will tackle the spread of the virus. Across the globe we have seen different approaches to this, varying from comparatively relaxed to extremely stringent.

A popular global approach to health surveillance has been contact tracing[1], followed by surveillance and testing. Contact tracing is an old public health technique which tracks an infected person by tracing the places they visited and the people they met. In order to stem the spread of the virus, all those who came into contact with the infected person are then tracked down, informed of their contact and told to self isolate, or are immediately tested for the virus. This process goes on with each new case and is supposed to help ‘map’ the virus as it spreads. In some countries, mobile applications have been launched to track the virus and help people see ‘where’ the virus is.

These apps act as a way for governments to warn the public about cases nearby, and also allow people to report themselves as patients, so as to keep the cycle of contact tracing going. While such extensive mapping may be helpful for tracking the disease on the macro level, these apps present on the flip-side, major privacy concerns.

Take for example this detailed account of South Korea’s Patient #10422:

Before being diagnosed, patient #10422 visited the Hanaro supermarket in Yangjae township on March 23 from 11:32 p.m. to 12:30 a.m. The patient was accompanied by their spouse, both wearing masks and using their own car for transportation. On March 27, the pair visited the Yangjae flower market from 4:52 p.m. to 5:18 p.m., again wearing masks. They then had dinner at the Brooklyn The Burger Joint at Shinsegae Centum Mall from 6:42 p.m. to 7:10 p.m. This detailed record can be found, publicly available, on many government websites, and is a testament to the extensive contact tracing carried out by Korean authorities.[2]

The minutiae of this account goes to show the extent to which data is being collected and observed.

In many instances, the state response has been immediate and comprehensive which hints at the presence of such tech and mechanisms being in place before the pandemic swept the globe, as is apparent from Pakistani PM Imran Khan’s statement: "It (system for tracking and tracing) was originally used against terrorism, but now it is has come in useful against

[1]https://www.brookings.edu/techstream/how-surveillance-technology-powered-south-koreas-covid-19-response/

[2]https://www.brookings.edu/techstream/how-surveillance-technology-powered-south-koreas-covid-19-response/

coronavirus."[1]  This necessitates the inclusion of a detailed data protection and destruction policy to accompany the launch of such apps which mandate the destruction of the data once the health-related utility is over.

At home, our concerns begin from the knowledge that the government of Pakistan is implementing a policy of mapping that involves tracking citizens and their movements. Internationally, there has been debate about the efficacy of contact tracing, however, at the same time, some countries have seen success with this policy. In the context of Pakistan, unfortunately, these measures are accompanied by a lack of trust between the State and citizens. Multiple instances[2] of citizens' data being leaked from one of the biggest national biometric databases in the world, i.e. the Nadra database, has created a faith deficit. Instances of CNIC and family registration certificates (FRC) information being sold online for as low as $1-2 a piece due to a data leak at a provincial level and possibly national level cement this belief.

The “COVID-19 Gov PK” app, released by the National Information Technology Board (NITB) and the Ministry of National Health Services, has been available for use since early April and has been downloaded with an unsurprising frequency given the alarm among the masses, with a rough estimate of more than 500,000 installations at the time of writing.

The very limited privacy policy (found below) states that it is ‘adhering to social, moral, ethical values, and privacy’ while providing no details of the same and referring to no framework under whose jurisdiction these values are defined and the same goes for the element of privacy.

Given that the app seeks permission for geolocation data of the device it is being used on, and personal medical and geographical data of the user, the policy included within the app is not sufficient or clear on exactly how this data is being processed and who has access to it.

[1]https://www.aljazeera.com/news/2020/04/pakistan-intelligence-services-track-coronavirus-cases-200424073528205.html

[2]https://digitalrightsfoundation.pk/drf-condemns-yet-another-breach-of-nadra-database-and-demands-strong-data-protection-legislation/

A rapid evidence review published by the Ada Lovelace Institute in the UK sets out, amongst other measures, the proposal for the formation ‘of a new Group of Advisors on Technology in Emergencies (GATE) to oversee the development and testing of any proposed digital tracing application.[1]

We at DRF submit the same and ask that a GATE advisory be created to oversee the development, rollout and implementation of fair and citizen rights-protective technologies to combat the pandemic in Pakistan and that a proviso be extended from the outset as to the limitations, especially in terms of time-frame, be allotted and notified with every new tech measure the governments, both Federal and provincial, take to combat the pandemic.

As more and more of offline life has moved online, the increased activity has subsequently led to more complaints of online harassment and crimes. In light of this, there is no reference to heightened concerns regarding the ‘security’ of the app and the personal data being saved. In a White Paper, titled ‘Decentralized Privacy-Preserving Proximity Tracking’ (D3PT), experts in the field highlighted that centralised databases made about patients are at a higher risk of being attacked and leaked than decentralised ones. The white paper makes the case for a decentralized database since it offers a more stringent security policy and quicker response to any attempted data breaches. A centralized system requires a phone to upload all its contact information onto a central database, similar to what the UK is doing currently. In contrast, decentralized systems cross reference a device’s contact information without uploading it to a central database. This is similar to how the European Union has implemented contact tracing. If intelligent decisions are not made about how this data is saved, attackers can access personal information, malicious actors can target patients and in some cases lead to discriminatory practices being adopted. Already we have seen this happening in Balochistan where COVID-19 positive patients’ medical data was leaked[2] to reveal their identities which is not only a massive privacy breach on its own but is only made more complicated by the social stigma attached to corona patients.

The White Paper talks about how the transmission of data works in such apps. Most COVID 19 tracking apps have a feature called the ‘Radius Map’ that tells the user if their immediate surroundings have had a reported case of the novel coronavirus. It does this by using bluetooth signals that bounce off of other users of similar apps. Because of this, specific locations of patients can be pinpointed to the average user. The White Paper highlights this as a privacy concern. Additionally, they also highlight the fact that these signals can be manipulated by hackers to create false alerts of nearby COVID 19 patients, spreading panic in an already volatile situation.

More worryingly, the government app does not rely solely on Bluetooth technology but also makes use of location data which makes it more invasive by a significant degree. These concerns are not helped by the fact that the app does not even meet the standards set by tech giants like Apple and Google, who have collaborated together to develop the APIs for coronavirus app development and have released a detailed set of documentation on exposure notification, its framework and cryptography to promote ‘privacy-promoting contact tracing’.

We submit that the Government of Pakistan share detailed SOPs regarding the COVID 19 app launched by them. These should detail their privacy policy in full, addressing data retention and destruction through a clear and unambiguous sunset clause. Also, we maintain that the Government should share with the public as to who exactly has access to this database and strict guidelines regarding data sharing. While we appreciate that this is an unprecedented situation, the Government still must act in a manner that best protects its citizens' data and their right to privacy, a right enshrined in the country’s Constitution of Pakistan. This, to us, includes the maintenance of the right to opt-in in terms of app usage for everyone, even government employees or essential and frontline workers.

The requirement of immunity certificates must also not be made a condition on which citizens’ mobility and access to benefits rests. These immunity certificates are a focus of debate at the moment with several European nations considering issuing ‘passports’ which allow the holder (a recovered COVID-19 patient) access to a social life but also to civil liberties like the freedom of association and movement. These measures have the potential for unprecedented surveillance and control over public life and cannot be made a prerequisite for exercising fundamental and inalienable constitutional rights.

While we understand the imperatives of the public health emergency, it is important that the State establish some boundaries and limitations to their policy, to ensure their citizens have tangible reasons to place their trust and data with them. The current privacy policy contained within the app itself is inadequate to address these queries and cannot be supplemented given the absence of any data protection legislation in Pakistan. We demand also that the apps that are developed to aid the healthcare emergency be open source[3]. This would not only promote transparency but give a tangible boost to the faith placed in the government’s initiatives for its citizens.

The principle of proportionality is required here, in terms of the strength and effect of the measures being employed. Technology is an asset in these times, however we demand that the increasing centrality of technology be done in a safe, transparent and just manner.

[1]https://www.adalovelaceinstitute.org/exit-through-the-app-store-how-the-uk-government-should-use-technology-to-transition-from-the-covid-19-global-public-health-crisis/

[2]https://balochistanvoices.com/2020/03/private-data-of-coronavirus-patients-leaked-in-balochistan/

[3] Open Source refers to software whose source code is readily available online can also be audited by digital security experts for security standards etc.

May 20, 2020 - Comments Off on Evidence of Twitter, Periscope and Zoom restrictions in Pakistan

Evidence of Twitter, Periscope and Zoom restrictions in Pakistan

Network data from the NetBlocks internet observatory confirm that Twitter, Periscope and Zoom were restricted on multiple internet providers in Pakistan on the evening of Sunday 17 May 2020, commencing approximately 18:30 UTC and lasting over an hour. This report produced in partnership with the Digital Rights Foundation presents findings on the schedule events.

It is shown that the Zoom restrictions appear technically unrelated to international issues that affected call quality earlier in the day. Further, it is shown that Twitter, Twitter’s image and video servers, Twitter’s streaming platform Periscope and the Zoom videoconferencing website share the same timeline of disruption, consistent with previous documented social media platform disruptions in Pakistan.

Sunday’s incident matches the characteristics of previous documented restrictions applied on grounds of national security or to prevent unrest such as the Pakistan’s November 2017 social media blackout.

What happened on Sunday?

Late on Sunday 17 May 2020, users across Pakistan started reporting inability accessing the Twitter social media platform and Zoom videoconferencing service.

Users were able to regain access using VPN tools which circumvent national censorship or filtering mechanisms. During this period the #TwitterDown hashtag trended in Pakistan.

A real-time incident alert was issued by NetBlocks presenting initial findings which are developed and examined further in the present report:

The bulk of reports from Pakistan describe a loss of access to affected services. Other reports from Pakistan describe the “throttling” or slowing of Twitter. NetBlocks data indicate that backend image and video servers were specifically unavailable during the disruption period, corroborating these reports.

How does this relate to international outages?

Zoom experienced technical issues earlier on Sunday affecting certain types of meetings on the service for a limited subset of users. The company issued an update at 15:43 UTC confirming that the problem was resolved, hours prior to the onset of social media disruptions in Pakistan.

No widespread user reports of outages are evident in other countries at the time of Pakistan’s social media blackout. NetBlocks performance metrics from around the world show that Sunday’s disruption was localized to Pakistan:

International reachability metrics show impact by country over two days, with nation-scale disruption evident solely in Pakistan during the reported period

A closer examination of the specific time interval for Sunday’s disruption in Pakistan also shows no restrictions or disruptions in effect outside of Pakistan:


Additionally, timings show that the services were disrupted in the same time window in Pakistan, and restored at the same moment:

Findings are drawn from a core sample of 300 network performance measurements observed from 30 network/location pairings across Pakistan supplemented by a wider dataset of international metrics for comparative use.

Why were Twitter, Periscope and Zoom disrupted in Pakistan?

No explanation or legal order has been presented by authorities or network operators at the time of writing.

Pakistan has previously implemented similar restrictions during mass-protests and limits internet access each year during Ashura. However, no protests were held on Sunday and public manifestations are unlikely as Pakistan remains under partial lockdown in response to the COVID-19 pandemic.

Researchers note that the timing of restrictions as well as the set of platforms affected coincide with a “virtual conference” critical of Pakistani policy held via Zoom, shared on Twitter and reportedly streamed via Periscope on Sunday evening.

News report suggest the virtual event generated controversy in Pakistan, stoking tensions between Indian and Pakistani political activists. Nevertheless, a nation-scale social media blackout in response to a virtual event would be a notable development for Pakistan.

NetBlocks encourages network operators and governments to report disruptions and their legal basis, where available, in a transparent manner in keeping with international standards.

This investigation is conducted by NetBlocks and the Digital Rights Foundation.

Methodology

Internet performance and service reachability are determined via NetBlocks web probe privacy-preserving analytics. Each measurement consists of latency round trip time, outage type and autonomous system number aggregated in real-time to assess service availability and latency in a given country. Network providers and locations enumerated as vantage point pairs. The root cause of a service outage may be additionally corroborated by means of traffic analysis and manual testing as detailed in the report.

originally published on @NETBLOCKS

May 5, 2020 - Comments Off on Digital Rights Foundation’s Legal Analysis of the 2020 Personal Data Protection Bill

Digital Rights Foundation’s Legal Analysis of the 2020 Personal Data Protection Bill

History of Data Protection Legislation in Pakistan

According to the UN, 107 countries across the world have enacted data protection and privacy legislation. In order to ensure the fundamental rights of its citizens and compliance with international human rights standards, Pakistan has also taken steps to enact a personal data protection law in Pakistan. Article 14 of the Constitution of Pakistan guarantees the Right to Privacy, however serious efforts to introduce a law were first taken in 2018 (though a draft Bill was put forward in 2005 but was deemed too weak) when the Ministry of Information Technology and Telecommunication (MOITT) introduced a draft Personal Data Protection Bill in July 2018 and invited comments from the public. The Bill was lauded as a good first step, however suffered from serious issues in terms of scope as it restricted the definition of personal data to “commercial transactions”, limiting its applicability to government-held data, and the proposed Data Protection Commission was not sufficiently independent in its functions and composition. 

A second iteration of the Bill was shared by the Ministry in October 2018, with slight improvements in terms of definitions but many of the same concerns remained especially when compared to international best practices such as the General Data Protection Regulation (GDPR). There was little headway by the MOIT since despite appeals from civil society and being taken up by bodies such as the Senate Standing Committee on Human Rights. The third draft of the Personal Data Protection Bill (referred henceforth as the “Bill”), was put forward by Ministry in April 2020.

Executive Summary

We appreciate the efforts by the MOITT in making data protection and privacy of citizens a priority. Furthermore, we welcome the consultative process adopted by the Ministry. However we hope that during a time when the entire world, including Pakistan, is under lockdown and reeling from the economic, social and public health implications of the COVID-19 pandemic, that such important legislation will not be passed hastily and without the opportunity for an inclusive and open consultative process.

The new 2020 Personal Data Protection Bill, while a better version in comparison to the drafts issued in 2018, still does not fully capture the data protection needs of people in Pakistan. The most prominent issue we see with the draft is the exemption-making and wide-ranging powers given to the Federal Government, in particular under Sections 31 and 38 which risk undermining the protections afforded under the Act. Government bodies collect and process vast amounts of personal data and the obligations in the Act must extend to them and the Government should not be able to introduce further exemptions without proper scrutiny and safeguards. Additionally, the independence of the Personal Data Protection Authority of Pakistan needs to be ensured, by limiting the powers of the Federal Government to appoint members and approve rules made by the Authority (Section 48).

The need for and reliance on technology has and will drastically increase during the COVID-19 pandemic and in a post-Coronavirus world where we will see a predominantly offline world transform into an online world. Access to online platforms of communication, healthcare, education and business is no longer a luxury. In the midst of all this, the need for protection of our personal data is essential more than ever.

Our primary recommendations to the Ministry are:
  1. Definitions of terms such as “Public Interest” and “Critical Personal Data” should be explicitly defined under the Act;
  2. The definition of “Sensitive Personal Data” should be expanded to include categories such as “membership of a trade union” and “philosophical and/or religion beliefs”;
  3. Implementation of the Act should be on a progressive basis to ensure a balance between rights protection and a grace period for data controllers to ensure compliance;
  4. Clearer language regarding scope and jurisdiction of the Act;
  5. Mandatory requirements for obtaining consent should be expanded to include information on intention to transfer of personal data to a third country and the level of protection provided, the existence profiling for targeted purpose, and the existence of automated decision-making;
  6. The Act should develop a higher consent standard for personal data of children and young adults below the age of majority;
  7. Clearer and minimum requirements for security measures for data controllers should be laid down in the Act;
  8. Data localisation measures introduced for cross-border personal data flows should be seriously revised in light of international best practices;
  9. Procedure for withdrawal of consent should be simplified to ensure that it is as easy for the data subject to withdraw consent as it is to give it;
  10. Rights of data subjects such as the right to data portability, right to information related to profiling and automated decision-making, and right to compensation should be explicitly included in the Act;
  11. Powers of the Federal Government to make exemptions under Section 31 be removed;
  12. Safeguards should be included to ensure independence of the Data Protection Authority;
  13. Powers of the Federal Government to issue policy directives under Section 38 should be removed.Find DRF’s detailed, section-by-section analysis of the Personal Data Protection Bill 2020 here.