In response to the Office of the High Commissioner of the UN’s Human Rights (OHCHR)’s call for inputs to its report on the right to privacy in the digital age, the Digital Rights Foundation penned down its recommendations and observations.

The prime concerns highlighted by DRF were the state of affairs in Pakistan with regards to the country’s treatment of its citizens’ data privacy and the kind of digital protection it affords us in what is an increasingly technology-reliant age.

A major share of the blame for Pakistan being ‘not free’ for a consecutive 6 years in a row as per the Freedom on the Net Reports, an indicator of a country’s internet culture, goes towards the kind of legislation that has been enacted in recent years. Case in point here would be the somewhat draconian Prevention of Electronic Crimes Act (PECA) 2016, a double-edged sword that was introduced in 2016 and works to curtail certain freedoms, most importantly the freedom of expression and right to privacy, by making them punishable by law. Ss. 33 and 34, for example, afford the government in tandem with the law enforcement agencies to acquire and retain data and communication vis-à-vis a court-issued warrant for a time period that though quantified can be elongated upon the arising of special circumstances.

The key focus of this report remained on highlighting the issues with our policy-making instruments and the goals that they appear to wish to achieve which appears far-removed from instilling a sense of security in the general populace.

In terms of Pakistan’s legal framework housing encryption and data protection legislation, a sad confirmation that our report provides is that we have no active legal protection from being barred from using encryption software or VPNs to browse the Web. In fact, a legal notice issued by the Pakistan Telecommunication Authority to all internet service providers (ISPs) circa 2011 ordered any usage of or access to VPNs requested by the companies’ customers, to be reported to the Authority. This not only fosters a culture of deep mistrust in the internet-accessing population of the country but also contributes to international indicators such as Freedom House’s annual reports rating Pakistan as one of the worst domains for its internet users.

DRF has lobbied with much persistence in the last year to bring this issue to the forefront and for it to form the headline of national debate so that this engagement may lead to policy and lawmakers to legislate on the matter. The Open Government Partnership (OGP) that DRF is a part of has also helped to relay our concerns to the relevant authorities as well as the policy brief that we have issued to concerned government departments regarding possible data protection law that can be enacted by the Parliament.

Another pertinent concern is the state-backed monitoring that has been known to target journalists, human rights defenders and women at large under, ostensibly, the ambit of the National Action Plan that was launched established by the Government of Pakistan in January 2015 to crack down on terrorism. The potential for misuse and abuse of authority is manifold and is a cause of great concern amongst the civil society.

This monitoring can be aided greatly in this day and age by social media platforms who have almost unhindered access to a lot of data that is voluntarily provided and also to the kind of data we do not know we are giving away, every day with every post like or share or every app that we download on our information systems.

An extension of this concept is the kind of targeted monitoring that is centered on minorities and certain genders. Also the lack of privacy and protection that can result in data breaches is a serious issue particularly in our corner of the world owing to the overwhelmingly patriarchal norms that are almost set in stone here and are the reason for the great disparity between the sexes in terms of education, opportunities and basic lifestyle. This is the same mindset that would react to a young woman’s data breach with threats to life rather than just being a mere inconvenience and is a very important reason why the necessary laws need to be put in place.

The report itself covers a wider range of inputs that we have directed to the Office of the High Commissioner of the UN’s Human Rights division and is available here.

In an important decision, a Judicial Magistrate, Muhammad Amtiaz Bajwa of the District Courts, Lahore has convicted an offender under the Prevention of Electronic Crimes Act, 2016 (PECA) [see judgement here]. Digital Rights Foundation has been advocating on the need for sound jurisprudence on issues of online harassment and cyber crimes in general.

This has come about as a result of a criminal case filed, under sections 20, 21 and 24 of PECA as well as section 420 of the Pakistan Penal Code (PPC), with the Cyber Crime Circle FIA by the complainant whose wife became the victim of cyber harassment at the hands of the convict. As per the judgement obtained by DRF from the relevant court, which is available for public perusal underneath, the charges against the accused include disseminating compromising pictures and videos of the victim through Whatsapp messages and fake email addresses for the purpose of blackmailing her.

Following forensic analysis on three separate email addresses and three mobile numbers, Muhammad Usman who is an Assistant Director Investigation of the Cyber Crime Circle, deposed that he was associated with this case as the Technical Expert and had found data in the phone corresponding to that shared via the email addresses and submitted a 38-page report following. This and other testimonies by Prosecution Witnesses (PW) went on to strengthen the case against the accused leading to a judgement under the following sections:-

S.20 Offences against dignity of a natural person.--- (1) Whoever intentionally and publicly exhibits or displays or transmits any information through any information system which he knows to be false, and intimidates or harms the reputation or privacy of a natural person shall be punished with imprisonment for term which may extend to three years or with fine, which may be extended to one million rupees or with both.Cyber Crime FIR

S.21 Offences against modesty of a natural person or minor.--- (1) Whoever intentionally and publicly exhibits or displays or transmits any information which,
(a) Superimposes a photograph of the face of a natural person over any sexually explicit image or video.

s.24 Cyber stalking
(1) A person commits the offence of cyber stalking who, with the intent to coerce or intimidate or harass any person, uses information system, information system network, the lnternet, website, electronic mail or any other similar means of communication to
(a) follow a person or contacts or attempts to contact such person to foster personal interaction repeatedly despite a clear indication of disinterest by such person;

SENTENCE:

The learned Magistrate awarded:

- 2 years imprisonment and a fine of  Rs. 200,000 under s.20 of PECA
- 2 years imprisonment and a fine of Rs. 300,000 under s.21 of PECA
- 2 years imprisonment and a fine of Rs. 200,000 under s.24 of PECA

Additionally, and an amount of Rs. 10,00,000/-  was awarded in as compensation for damaging the social/private life of the victim as envisaged under s.45 (Order for payment of compensation) of PECA.

In describing the nature of the crime in this case, the learned judge posited that the defendant in the case betrayed the trust of the victim in this case and a “flagrant intrusion into privacy” was undertaken by him. What dissuades this from being a judgement that is seminal in nature, is that it primarily focuses on the veracity and verification of the evidence produced by the prosecution, rather than the nature of the crime. The judgment, though an encouraging development, does not lay down any substantial tests or legal principles regarding online harassment, unlike judgements in other jurisdictions. For instance the judgment in United States v Drew explored the specific facts and situation at length and laid down substantive ground for any future cases of a similar nature to be decided under.

Interestingly, when deciding on the quantum of punishment, the judge does take into account the fact that “cyber crimes are new to society” and while ignorance of the law is not a defence, there is an onus on the “Government to educate the people in respect to the new cyber crimes”, this is a welcome suggestion however veers more towards policy-making than fleshing our case law.

Another noteworthy aspect about this judgment is the fact that section 45 was used to award compensation to the victim for damage to “social/private life of the victim”. This is a healthy development as the judge recognised the toll that online harassment can take on mental, physical and social well being of victims, and employed the law to acknowledge that impact.

Digital Rights Foundation will continue to monitor these judgments and developments in legal jurisprudence around online harassment. Our hope is that a gender-sensitive approach will be taken to espouse legal principles that look towards the future in developing robust case law around cyber crime laws.

Authored by Zainab Durrani and Shmyla Khan

Man convicted in the first judgement under the Prevention of Electronic Crimes Act (PECA)

In an important decision, a Judicial Magistrate, Muhammad Amtiaz Bajwa of the District Courts, Lahore has convicted an offender under the Prevention of Electronic Crimes Act, 2016 (PECA). Digital Rights Foundation has been advocating on the need for sound jurisprudence on issues of online harassment and cyber crimes in general. See the summary of the judgement by Zainab Durrani and Shmyla Khan here.

Aurat March backlash and the Continuum of misogyny from the street to Facebook Pages

We, at the Cyber Harassment Helpline, have seen a lot of cases of misogyny and gendered harassment of women in online spaces. However, after the deluge of complaints immediately in wake and directly related to the Aurat March, we saw a different kind of harassment take hold of online spaces. Several pages have been identified to us by complainants that have engaged in a concerted campaign to target those who attended the Aurat March, especially the women photographed with signs and posters. Women have been receiving death and rape threats, with their faces broadcast on social media. Read the blog by Hyra Basit here.

Cambridge Analytica and How to Secure Your Data

This weekend news broke that a data breach of 50 million Facebook profiles was used by the data analytics firm, Cambridge Analytica, to assist the Donald Trump campaign. The news is worrisome for several reasons, and it speaks to a problem that digital rights and privacy advocates have been advocating against for years--the need for stronger user data protections and accountability for social media companies. Read the blog by Shmyla Khan and Hamza Irshad here.

Nighat Dad speaks at TEDxLuziraPrison in Kampala, Uganda

Nighat Dad spoke at the TEDx organised in Luzira Prison in Kampala, Uganda. The event was attended by around 3000 inmates. Nighat spoke to the audience about how in the world with technological advancement, digital rights are as important for the people as their offline rights are and these rights should be seen collectively and equally. Nighat’s intervention was based on her own experiences as a woman from a conservative family who was barred from accessing the world in its entirety due to various influences rooted in patriarchal notions of the society. She emphasised that public spaces, both online and offline, are as much of women as anyone else’s, and acquiring these right shouldn’t be a struggle but should be granted by default.

Digital Rights Foundation receives I Am The Change (IATC) 2017 Award

Digital Rights Foundation receives the I Am The Change (IATC) 2017 Award by the Engro Foundation in the category of Social Development. IATC looks to empower organizations to make a large and sustainable impact in the social sector of Pakistan by aiding institutions that have joined forces in a relentless pursuit of shaping a better tomorrow, as they strive for change through long-term investments in the two areas of Social Development (in the case of Not-for-profit Organizations) and Social Enterprise.

At the awards ceremony that took place in Islamabad, Nighat Dad addressed the audience thanking Engro Foundation to acknowledge the efforts of civil society in protecting people's right to access the digital spaces. She added, "This award is not just for DRF but for all those people who believed in us and supported us all these years, for those women who took the abuse, fought against it, and came out stronger than ever. This award is for all those resilient people who are fighting their own battles and are defying the odds, and are telling the world that they can’t be confined anymore and that they are their own person and the world belongs to them as much as it belongs to anyone else."

Online Safety for Women and Children - A Session in collaboration with PK-NIC

Digital Rights Foundation and PKNIC collaborated for an awareness event that explored different issues of online safety, women’s rights online and digital rights. The event opened with a digital security training by the DRF team, followed by a presentation on sexual harassment in the workplace. The event concluded with a virtual lecture by Zahid Jamil on the cyber crime law. The event was attended by 35 participants.

PCSW: Power of Social Media, Digital Rights & Cyber Harassment

DRF conducted a session on Power of Social Media, Digital Rights and Cyber Harassment at the Punjab Commission on the Status of Women on the 7th of March. The session was part of 3 day Women Leadership Training with women degree colleges in all the districts of Punjab. The session had 136 women who shared their queries and concerns regarding cyber harassment and also discussed the avenues that the internet has to offer them.

Our Right to Safe Spaces Online - Iqra University, Karachi

DRF organised a session on data protection and privacy with the students of Iqra University, Karachi on March 29, 2018. The session focused on raising awareness around the laws and rights pertaining to data protection in specific and digital rights in general, while concluding the session with laws and tools to counter online harassment and how students can contribute in establishing “Hamara Internet” - an internet that is safe for everyone to access.

Digital Rights Foundation was at the Internet Freedom Festival 2018

Digital Rights Foundation attended the 5th Annual Internet Freedom Festival held on March 5 through March 9, 2018 in Valencia, Spain. The festival addresses the issues pertaining to digital rights from around the world and seeks to formulate solutions as a community towards safe and inclusive online spaces. Here's the details of the panels that DRF hosted and was part of - a blog by Hyra Basit.

Review: NACTA introduces app “Chaukas” to counter hate speech

In a bid to fight hate speech and encourage civil society to step up and curb its spread, the National Counter Terrorism Authority (NACTA) has created an app by the name of Chaukas. Zainab Durrani reviews the app for Digital Rights Foundation here.

DRF hosts a booth at Face Music Mela, Islamabad

The Cyber Harassment Helpline set up a booth on the campaign no means no at the Face Music Mela on the 24th and 25th of March in Islamabad. 500 people showed up at the booth to discuss their concerns on harassment and abuse in detail with our team.

The Judiciary and People's Political Rights - A Seminar organised by Human Rights Commission of Pakistan (HRCP)

The Seminar “THE JUDICIARY AND PEOPLE’S POLITICAL RIGHTS” which was held on Saturday the 10th of March at HRCP’s Dorab Patel Auditorium housed a crowd of approximately 60+ people and was moderated by lawyer and activist Asad Jamal and Salima Hashmi of the HRCP and called to speak members of the civil society and various authorities on the legal landscape and constitutional history of the country. Amongst them were Maryam Khan, an academic, eminent lawyer, Salman Akram Raja, (Ret) Justice Tariq Mehmood and the Dean of LUMS Law School, Dr.Martin Lau.

It commenced with a few opening remarks in remembrance of Asma Jahangir and her illustrious legacy by her daughter by Sulema Jahangir and moved on to discuss the legality and problematic nature of the Supreme Court’s 21st February, 2018 decision (the SC moved to disqualify former premier Nawaz Sharif from heading his political party, PML-N by striking out s.203 of the Election Act which allowed disqualified parliamentarians to be party leaders) and the tendency to make decisions as best suited the Court in terms of making a point, instead of what suited the interests of legal precedent and state, a contention argued by both Mr. Raja and Ms. Khan.

In a bid to fight hate speech and encourage civil society to step up and curb its spread, the National Counter Terrorism Authority (NACTA) has created an app by the name of Chaukas.

Hate speech, as per Express Tribune, is defined as any spoken or physical action that negatively targets a person or group of people based on their ethnicity, gender or religion, and has been legislated upon under the Anti Terrorism Act 1997 (ATA) and the Prevention of Electronic Crimes Act 2016 (PECA), where the ATA defines ‘terrorism’ as use or threat of an action that, inter alia,  

‘incites hatred and contempt on religious, sectarian or ethnic basis to strip up violence or cause internal disturbance;’

as well as making the printing, publishing and disseminating of any material to incite hatred.

PECA, through s.11 criminalizes hate speech by stating the following:

‘Whoever prepares or disseminates information, through any information system or device that advances or is likely to advance interfaith, sectarian or racial hatred shall be punished with imprisonment for a term which may extend to seven years or with fine or with both.’

The app, launched by the Interior Minister Ahsan Iqbal in early March 2018, is the latest initiative taken under NACTA’s Tat’heer Drive, which is its cyber counter terrorism initiative and is available at the Google and Apple App Stores, free of cost. In order to fully assess the efficacy of the app, it was downloaded and taken for a test drive.

Once installed, the user is asked to register themselves by using either their email address or phone number. This is potentially troublesome with regards to the concept of anonymity and may serve as a deterrent for those members of society who do not wish to expose themselves. However a counter-argument could be that the potential for misuse is greatly heightened when the requirement to declare oneself before registering a possibly mischievous complaint is not present.

Once registered, you will come across the home page which lists the four options you have with which to report any untoward discourse, namely audio recording, photographic evidence submitted via camera, URL and text.

Whilst the app does provide a substantial range of avenues to record the user's complaint, what is woefully missing are any guidelines or definition as to what constitutes a hate crime, or any examples to demonstrate it, in order to ensure that only relevant data is sent NACTA’s way instead of hordes of ineligible complaints being churned out and gumming up the works. This would impact not only the efficiency on the government's end but also allow for minimisation of loss of time between the report of a bona fide case of hate speech and action taken on it by the authorities, which as per the app include the police, FIA and other law-enforcement and regulatory authorities in Pakistan, as the prologue states.

The DRF’s recommendations to NACTA would be to strengthen the mechanism to ensure anonymity as well as the mechanism to protect user data, once it has been submitted to the app. There is also a noticeable lack of any privacy policy being implemented in terms of the data that is being collected, which should most definitely be made a part of the application after consultation with tech and privacy experts from both the government and civil society organisations.

Another critical and hitherto lacking feature would be to present the user with a definition of what hate speech is, exactly, to ensure that anyone who wishes to lodge a complaint is cognizant of the nature and severity of an allegation under this ambit. Also to be considered is the addition of possible sections of the law that could protect the victims of hate speech and provide them with security under the law, as well as those sections which penalize false allegations should be prominently displayed and easily accessible on the app itself. Lastly, we feel the app should have a PSA promoting peace and tolerance, to ensure that people don’t take the law in their hands.

In summation, the verdict would be that the app, while a commendable effort on the Authority’s part, is not without its pitfalls and it is our recommendation that the feedback that NACTA is receiving through us and other channels should be utilized to fine-tune it to turn this in to a platform that could potentially play a pivotal role in eradicating the growing intolerance and hate speech from the country.

Author: Zainab Durrani

This weekend news broke that a data breach of 50 million Facebook profiles was used by the data analytics firm, Cambridge Analytica, to assist the Donald Trump campaign. The news is worrisome for several reasons, and it speaks to a problem that digital rights and privacy advocates have been advocating against for years--the need for stronger user data protections and accountability for social media companies.

Facebook users’ personal information, such as likes and status updates, were used to build profiles of users in order to predict their electoral behaviour. The data breach happened through a personality test app called “thisisyourdigitallife”. Like most apps we connect to our social media, it was far from innocuous as the intrusive application, once given permission, harvested personal data of users. Furthermore, the application also collected information of the test-takers’ Facebook friends. The ostensible justification for collecting the data was to improve the user experience and was allowed by Facebook’s “platform policy”.

We all volunteer a lot of information on social media, however there is a serious lack of transparency on how this information is being collected, stored and used. One of biggest sources of data breaches are the applications we give permissions and access to--they are a source of constant collection and surveillance.

The following is step-by-step guide on how to secure your social media accounts and prevent third-party applications for harvesting your data:

1. Login to Facebook with your username and password
   

   ---

   
   

2. Click the drop down icon next to the Help icon
   

   ---

   
   

3. On left side Click Apps. You will be presented with apps that are currently using your Facebook credentials to sign in
   

   ---

   

4. Clicking on any app you will be presented with the settings of that app. In this example, we will use Careem and see what sort of settings are available
   

   ---

   

The options presented by Careem are as follows. Some details of these options are:

• App Visibility. This setting simply allows the audience for the app. In the screenshot it’s selected to “Only Me” meaning only the owner of the profile can see that the app is being used. If changed to “Friends” then only friends will be able to see that the owner of this profile uses this app

• Public Profile. This app is currently accessing my Name, Profile Picture, Age, and Gender which is required by the app for registration purposes. You can see this information in Careem app as well. Your basic info is being picked directly from your profile when you sign up for the app using your Facebook credentials.

• Email Address: Email address accessed by the app for signing in purposes.

• Notifications are enabled if I use Careem directly from Facebook app.
  

  5. To revoke access simply click the “x” sign and click on remove button

  ---

  
  

Authored by Shmyla Khan and Hamza Irshad

Islamabad High Court Ruled Mobile Network Shutdowns Illegal

On February 26, 2018, Islamabad High Court (IHC) in a landmark judgement ruled mobile network shutdowns, including mobile based internet suspension, illegal. The judgment indicates that access to telecommunication services is a fundamental right of the citizens of Pakistan, and any attempt to suspend said services is a violation of their constitutional rights.

Read the update by Hija Kamran for Digital Rights Foundation in this blog post.

Civil Society condemns inhumane treatment of Sajid and Patras Masih by law enforcement officers

Civil society organisations and concerned citizens have issued a strong condemnation of the torture, inhumane treatment and sexual abuse of Patras Masih and Sajid Masih by the Cyber Crime Wing, FIA in Lahore. The statement in its entirety can be found here. In a statement signed by more than 180 collectives, civil society organisations and concerned citizens, serious concerns were raised regarding the treatment of marginalised groups by law enforcement agencies, specifically religious minorities. Press release can be found here.

Feminist Icon Asma Jahangir's death is an irreparable loss - DRF pays tribute

We are shocked and saddened by the death of Pakistan’s foremost human rights activist and feminist lawyer Asma Jahangir. Her death is not just a loss for the entire country, but a personal blow for younger activists who have always looked to her as their role model and leader in trying times. Read the tribute by DRF here.

Expert workshop on the right to privacy in the digital age - organised by OHCHR

Digital Rights Foundation was invited to be part of the expert workshop on the right to privacy in the digital age, organised by the United Nations Human Rights Office of the High Commissioner (OHCHR) on February 19-20, 2018 in Geneva, Switzerland. The workshop gathered government representatives, lawmakers, civil society organisations and individuals, and businesses to identify and clarify principles, standards and best practices regarding the promotion and protection of the right to privacy in the digital age, including the responsibility of business enterprises in this regard. The objective of the workshop was the exchange of international, regional and national experiences and practices concerning the protection and promotion of the right to privacy in the digital age. The concept note for the workshop can be found here [PDF].

Nighat Dad represented DRF on the panel titled "Processing of personal data by individuals, governments, business enterprises and private organisations", and discussed the absence of a privacy law or a data protection legislation in Pakistan. In her opinion, telecommunication operators starting to work in Pakistan benefit from the fact that there are no local laws to protect users, and in practice these companies do not observe the same procedures as they do elsewhere, where legislation is in force. Nighat also discussed the system of mass surveillance in cities – sometimes in the ‘safe city’ projects that are being rolled out. There is no transparency about the collection, processing and distribution of data in ‘safe cities’, and in the absence of any data protection legislation, the data of 200 million Pakistanis is constantly at risk. Watch the recorded discussion here (01:46:10 mark).

Safer Internet Day

Digital Rights Foundation conducted a session on cyberbullying with students of grade 6, 7, 8 and 9 on account of Safer Internet Day at the Iqra Education Centre, Lahore. The session raised awareness amongst the students regarding the safer usage of the internet and also emphasized on the importance of reporting bullying in schools and online.

Youth Summit hosted by Punjab Commission on Status of Women

Nighat Dad participated in a plenary discussion organised by the Punjab Commission on the Status of Women (PCSW) as part of the Youth Summit at University of Lahore on February 12. The panel was titled  Means to Enhance Women's Political, Social and Economic Participation'. The discussion shed light on women’s participation and Nighat highlighted the digital aspect of that participation.

Lecture on Cyber Crime and Digital Evidence at Lahore Bar Council

This lecture was part of a series at the Lahore Bar Council. On February 15, Nighat Dad briefed practicing lawyers in the nascent issues relating to digital rights, cyber crime and the law of evidence in digital contexts. The session was interactive and raised several pertinent questions regarding the law and digital spaces.

Women in Law Seminar

In partnership with LEARN Pakistan, DRF helped organize a seminar for female lawyers focusing on issues of technology, harassment and participation in digital spaces. The speakers at the event shared their experience as well as offering solutions to misogyny faced by those in the field.

District Peace Seminar organised by Rotary Club, Lahore

Nighat Dad spoke at the District Peace Seminar organised by Rotary Club Lahore to promote peace in the region. Nighat spoke about the prevailing trend of online media as the primary means of communication among youth and how this platform can be used to promote peace within communities and societies. She also emphasised on the importance of making online spaces safe for everyone by taking individual and collective efforts while ensuring their own online presence is secured through various online safety measures in place.

Empowering Women for Growth & Prosperity: From Evidence to Policy

Nighat Dad spoke at the conference titled “Empowering Women for Growth and Prosperity: From Evidence to Policy” organised by Lead Pakistan on February 8, 2018 in Islamabad. The aim of the conference was to discuss the many issues faced by women that actively hinder their growth in the society. Nighat’s intervention was based on highlighting the role of digital media in transforming people’s lives and how this can be effectively used in favour of women’s success in today’s world. Nighat focused on creating safe spaces for women, both online and offline, and emphasised that their participation in the economic growth is as important as anyone else’s.