Blog Archives

Latest Posts

Monthly

Categories

All Posts in Focus Areas

Featured Image

September 10, 2014 - Comments Off on Turkey with its 29 Tweeters Still Behind the Bars Makes IGF ’14 Quite an Ironic Event

Turkey with its 29 Tweeters Still Behind the Bars Makes IGF ’14 Quite an Ironic Event

As we close off the Internet Governance Forum 2014 here at Istanbul and as I leave for Lahore, I can’t help but feel that this year's IGF kept on with its tradition of being a "talk-house" since past few years, creating no tangible actions. Sponsored by the United Nations, IGF hosted some 3,000 government, corporate, and civil society leaders and representatives making it a perfect venue for talking about difficult challenges, moving forward and making decisions. The event is organized every year to help shape the future of the Internet, however, it feels as if this reunion every year is drifting away from the actual problems concerning the people of the Internet especially in the authoritarian countries.

IGF certainly retains its singular prestigious place for highlighting challenges in an open-ended consultative process, enabling civil society and individuals voice their perspectives and concerns during the conference. However, it was felt throughout the civil society community that government officials weren’t keen on engaging in the dialogue discussing serious concerns about unfortunate events that have happened in their respective countries.

Being hosted in Turkey, it was an important place to discuss internet governance where government officials could have set a precedent for digital governance elsewhere. Turkey’s prosecution of 29 Twitter users has been a global example for the repressive regimes. Government prosecuted these tweeters who are being tried in Izmir facing up to three years in jail for posting critical tweets during last year’s protests. This case was charged by the Turkish officials as the one to “incite the public to break the law”. It is this stark hypocritical stance of the government to host one of the most important internet governance events in the country all the while censoring and harming freedom of speech online domestically.

To talk about repressive regimes’ ruthless behavior towards human rights activists and the hush by the government officials at the IGF, a group of civil society members and individuals hosted another conference during the IGF week. Titled as Internet Ungovernance Forum, the conference was organized to demand a free, secure, and open internet with fundamental freedoms, openness and net neutrality. Proving to be a vivid example of the increasing lack of empathy on the IGF forum, this group of Turkish activists weren't allowed to attend the conference. Ungovernance Forum's stakeholders believed that due to the representation of various governments that “don’t deserve” representation at a forum like IGF, ungovernance forum is designed to talk about the most important issues, create a space to raise voices of civil society members and common people, and then solve these problems while working towards a path for action.

Participants at this year's IGF also felt an evident gender gap especially during the opening ceremony. Freedom House presented this statement about the lack of gender equality at IGF 2014:

The 2014 IGF included numerous workshops on topics of human rights, including freedom of expression, gender, privacy, and access. Yet the value of this enterprise is undermined when governments can use the IGF to promote themselves, but civil society groups are forbidden by the ad hominem principle from criticizing them. Likewise, gender equality cannot genuinely be discussed when the vast majority of individuals at high-level meetings, delivering speeches, and participating on workshop panels are men. Access also cannot be addressed when remote participation fails to adequately provide two-way discussion from those who cannot attend in person. The IGF should include these voices not only to promote multistakeholderism and inclusion, but also to improve the quality of discussion and the prospects for solutions.

Active participation of civil society members and individuals in the Ungovernance Forum shows sheer disappointment that was felt in the fraternity having attended the IGF in Turkey which failed to acknowledge its own domestic internet governance challenges. While we may dream of creating better future for Internet and its citizens, it is of the utmost importance to talk about the most pressing issues when it comes to online freedom of dissidents and common people. Failure of the host country by ignoring hard questions put up by the journalists only undermines the importance of freedom of speech online. Unless repressive regimes aren’t ready to talk about their internal issues and lack of empathy towards their own citizens, it is only but ironic to see such states having an incredible part in the future of the Internet. God forbid how oppressive and censored that future is to be.

 

Featured Image

August 22, 2014 - Comments Off on Pakistan is a FinFisher customer, leak confirms

Pakistan is a FinFisher customer, leak confirms

In the first week of this month, someone hacked into the servers of FinFisher, the notorious surveillance software maker, which was reported to have two command and control servers inside Pakistan last year. The hackers got hold of whatever they could find on the server and leaked it as a torrent. The 40Gb torrent contains the entire FinFisher support portal including the correspondence between customers and the company staff. It also contains all the software that the company sells as well as the accompanying documentation and release material.

finfisher-pakistan-home

What is FinFisher?

FinFisher is a company that sells a host of surveillance and monitoring software to government departments. The primary software, FinSpy, is used to remotely access and control the computers or mobile phones belonging to the people being spied on. The company offers several methods to install FinSpy, which range from a simple USB that can infect a computer to directly attaching the trojan with legitimate files when they are being downloaded through installing a kit at the ISP. The whole FinFisher toolset is designed to give the people buying these software access to emails, web browsing history, and any other activity performed by the “targets.”

Is Pakistan a FinFisher customer?

Apparently, yes. A University of Toronto based research group called Citizen Lab released a report last year identifying two FinFisher command and control servers on the PTCL network. But this recent leak gives us a more complete and conclusive picture. The leaked support portal tells us that someone from Pakistan in fact licensed three software from FinFisher for a period of three years. The systems Citizen Lab identified were probably the computers hosting the FinSpy server program and were merely using a PTCL DSL connection. PTCL, the company, we think was not involved. If not PTCL, then who? It could be anyone but since FinFisher only sells these software to government agencies, it was most likely one of the many intelligence agencies operating within the Pakistani government.

In one of the “critical” support ticket that we have extracted from the FinFisher support portal, someone identifies their name (retracted in this article) and location (Pakistan) and complains that their problems are not being addressed through Skype (which we presume was the primary way FinFisher provided help to the customers). FinFisher database identifies the said customer with the username 0DF6972B and ID 32.

finfisher-pakistan-location

What was purchased?

After that clue, we looked further into the purchase history of Customer 32 and their correspondence with FinFisher staff and found out that they have licensed not one but three software from the spy software maker. The primary software, FinSpy, is used to target people who “change location, use encrypted and anonymous communication channels and reside in foreign countries.” After FinSpy is installed on a computer or a mobile phone, it can be—according to the product brochure—“remotely controlled and accessed as soon as it is connected to the internet/network.”

In addition to FinSpy, Customer 32 also purchased another software called FinIntrusionKit to hack into hotel, airport, and other wifi networks to catch “close-by WLAN devices and records traffic and passwords”, extract “user names and passwords (even for TLS/SSL encrypted sessions),” and “captures SSL encrypted data like webmail, video portals, online banking and more.” The third software is a tool to infect USB devices so that whoever plugs them becomes a target of surveillance.

finfisher-pakistan-licenses

How does Pakistan FinFish?

From the support tickets filed by Customer 32, we also get to know that whoever in Pakistan purchased FinFisher used it, for instance, to infect harmless MS office documents, particularly PowerPoint files and sent them to people they wanted to spy on. The simple act of opening the infected files led their computer being put into constant surveillance including emails, chats, and other activity.

finfisher-pakistan-powerpoint

Customer 32 also used FinFisher to covertly steal files from the “target” computers. All the files of those who were targeted were readily available but Customer 32 wanted more, as outlined in another support ticket: “the agent be able to select files to download even when the target is offline and whenever the target comes online, those selected files may be downloaded without the interaction required from user.”

finfisher-pakistan-more

While we know that FinFisher is deployed in Pakistan, some questions remain to be answered. As citizens of a democratic state, it is our right to know who is using these surveillance software in Pakistan, how much budget is being spent on these licenses, and what laws and regulations are being followed for deploying these software.

Update [Sep 15, 2014]: How much did it cost?

WikiLeaks today released a list of countries who bought software from FinFisher and the associated cost that was paid. The cost was calculated using a price list they found inside an excel file. Pakistan, as per the revealed price list, paid €432120 (or 57 million Pakistani rupees) for the three software that were purchased.

---
From our earlier coverage:
» Global Coalition Of NGOs Call To Investigate & Disable FinFisher's Espionage Equipment in Pakistan
» FinFisher Commercializing Digital Spying – How You can be a Victim?

Featured Image

July 18, 2014 - Comments Off on UN Report Calls Mass Surveillance a Violation of Human Right to Privacy

UN Report Calls Mass Surveillance a Violation of Human Right to Privacy

In an important step towards establishing international consensus on the right to privacy in the technological age that we live in, United Nations High Commissioner for Human Rights on Wednesday issued a report calling bulk collection of private data and mass surveillance against the international law.

The report was prepared in response to the UN General Assembly resolution adopted during its 68th session in December 2013. The resolution, introduced by Brazil and Germany, specifically noted that the practices of bulk collection of private data and mass digital surveillance may be in violation of the Article 12 of Universal Declaration of Human Right and the Article 17 of the International Covenant on Civil and Political Rights:

"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

The resolution had called upon all the UN member states "to respect and protect the right to privacy, including in the context of digital communication" and had requested the United Nations High Commissioner for Human Rights to submit a report to be considered by the General Assembly during the next session.

The very existence of a mass surveillance program constitute an interference with privacy, the High Commissioner notes, and asks the governments to make sure such actions are neither arbitrary nor unlawful.

The report employes clear language in condemning collection of private digital data and observes that the "collection and retention of communications data amounts to an interference with privacy" regardless of the excuse that the data might be used later.

It dismisses the idea that the collection of metadata about a communication, in contrast to the communication itself, is not a violation of privacy. The metadata, it says, "may give an insight into an individual’s behaviour, social relationships, private preferences and identity that go beyond even that conveyed by accessing the content of a private communication."

It also cautions that the companies who supply mass surveillance technology to states which are known to use the information in violation to human rights risk "being complicit in or otherwise involved with human rights abuses,"

Considering that Pakistan has been known to have deployed Netsweeper and Narus products, which have reportedly been used by other repressive regimes for censorship and surveillance, on its network, Digital Rights Foundation (DRF) welcomes the report and hopes that the government of Pakistan, as a member UN state, would pay attention to the observations made in the report.

Featured Image

July 13, 2014 - Comments Off on Why exactly is ‘Protection of Pakistan Act’ problematic?

Why exactly is ‘Protection of Pakistan Act’ problematic?

Signed today into law by President Mamnoon Hussain, Protection of Pakistan Act is an extremely repressive law giving unquestionable powers to armed and police forces. Human Rights Watch (HRW) and the civil society of Pakistan has aggressively opposed the bill for curbing fundamental constitutional and human rights.

Several provisions of PPA, 2014 are problematic along with a number of vaguely defined terms that can be misused by Law Enforcement Agencies (LEAs). As the powerful elite of the country has most of the police loyalties with the legal system already in a shambles, PPA gives “green light for abusing suspects”, as put by HRW.

The new law doubles the maximum sentence for terrorism offences to 20 years and permits security forces to shoot suspects on sight. The scheduled offences are not only non-bailable but keep the burden of proof on the detainee who will be considered guilty unless proven otherwise.

The provisions of Protection of Pakistan Act 2014 also give safe-outs to police officers of BPS-15 grade or higher on the basis of good faith which can create huge troubles in the country where police is hardly trusted by the citizens.

Here are the details on why exactly the civil society opposes Protection of Pakistan Act and what are the problematic provisions. Please share the details widely among your circle to better inform your friends and families about this law which will remain in effect for two years and can have huge repercussions for a common citizen, bloggers, and especially dissidents.

protection of pakistan act 2014

ppa 2014

protection of pakistan act 2014

Featured Image

July 8, 2014 - Comments Off on Pakistan responds to the NSA Surveillance of PPP

Pakistan responds to the NSA Surveillance of PPP

United States' National Security Agency (NSA) was granted permission to spy on six political parties, over a dozen global organizations, and all but four world governments, according to a secret Foreign Intelligence Surveillance Court (FISC) certification leaked by the NSA whistleblower Edward Snowden. The organizations NSA was authorized to spy on include United Nations and World Bank as well as Pakistan People's Party (PPP) and Bharatiya Janta Party (BJP).

The top-secret FISC certification, posted by Washington Post on their website on June 30th, 2014, and other related documents that the Post has not yet shared, allow the NSA to intercept not just the communication directly originating to or from the targets mentioned above, but also any communication about them. This, we imagine, can be a very broad spectrum.

In response to DRF Director Nighat Dad's tweet asking if any member of the Pakistan People's Party was willing to speak on the unlawful NSA activity, Sharmila Faruqi, former advisor to the Chief Minister of Sindh, said that the revelation was akin to "intruding our privacy and sovereign rights [and thus] highly condemnable." She added that this "should be agitated at the highest forum."

Speaking on the same matter, former PPP Interior Minister Rehman Malik revealed that during the PPP tenure in 2012, cabinet meetings were being spied on. "The secret recording signals were traced during a random security sweeping before the cabinet meeting and after that the recording signals were broke down before the cabinet meeting," he said. He feared that the cabinet meetings of the present government might also be under surveillance. He was, however, unaware of who might be behind the recording signals. He suggested the Prime Minister Nawaz Sharif take up the matter with the US President Barak Obama through a formal letter.

PPP later issued a statement highly critical of the practice calling it "grave, unwarranted and totally unacceptable interference in the internal affairs of a sovereign country." The statement, issued by the PPP spokesman Senator Farhatullah Babar, demanded an apology from the US for "spying on the political institutions of a sovereign country." It also asked the government to take up this matter at the diplomatic level and demand that such violation of international law doesn't happen again.

Pakistan’s Foreign Office (FO), later on Thursday, formally lodged a protest with the US over the surveillance of PPP, calling the practice a violation of the international law and demanding an end it. "Appropriate measures are being taken to protect our cyber communication from any attack or spying," FO spokesperson Tasneem Aslam said in her statement.

PPP has also lodged a formal protest with the United States through a letter to the Ambessador of United States in Pakistan, Mr. Richard G. Olson. The letter expresses grave disappointment over the matter. "The Party believes that it owes no explanation to any foreign agency," the letter said, "It therefore strongly resents and deplores the overbearing attitude of the NSA in assuming a right to interfere in other countries and their political parties. This attitude of a department of the US government towards a popular Pakistani political party will only increase distrust and suspicion already noticeably present in the people of Pakistan towards the government of the United States."

This post is first part of a series on the unlawful surveillance of Pakistan People's Party (PPP) by the NSA.

July 1, 2014 - Comments Off on Senate Passes the Repressive Anti-Terror Protection of Pakistan Bill against Civil Society Will

Senate Passes the Repressive Anti-Terror Protection of Pakistan Bill against Civil Society Will

In the wake of the ongoing military operation in North Wazristan, Senate has passed the controversial Protection of Pakistan Bill 2014 unanimously with both the government and opposition consensus. This is a reminder for the citizens of the country as it has often been a case that controversial and repressive bills are easily passed when security situation is going out of control. The recent battle on terrorism gives an ample reason to the government to quell any dissenting opinions about the Protection of Pakistan bill and tag such opinions as anti-Pakistan.

Presented by the Minister Zahid Hamid, Protection of Pakistan bill 2014 was earlier passed by the National Assembly in April this year. Considered as one of the most regressive and draconian laws of the country, the bill created quite a commotion in the digital media fora of the country as the law clearly inhibits fundamental rights of freedom of speech and internet privacy of users.

Essentially, Protection of Pakistan Bill 2014 gives an enormous level of power to law enforcement agencies in order to tackle terrorism with judicial oversight to increase conviction. This bill enables the agencies to withhold the information of a detainee except from a High Court or Supreme Court along with reserving the right to appeal a judgement in high courts. This has been termed by the human rights activists as a bill which could potentially be used to palliate the Baluchistan Missing Persons case.

Digital Rights Foundation considers the passage of this bill as a clear deviation from the basic rights of speech and criticism that could be made on governmental policies, et ecetra. Protection of Pakistan bill 2014 could be used to suppress peaceful political opposition and the accused will be assumed to be engaged in waging a war or insurrection against Pakistan, unless established otherwise. Internet based offences that comes under the scheduled offenses of this bill are quite vague and can hurt the Internet security and privacy of a common citizen.

While the civil society understands the need of a rigid policy against terrorism in the country, the people of Pakistan have been suffering from similarly stern bills over the last decade and more. If anything this bill should have created more privacy and security protections for the citizens, let alone impeding provisions to hinder their rights to basic freedom of speech.

Also please read our open letter  to Senate of Pakistan regarding Pakistan Protection Ordinance 2014

Contact: [email protected]

- End -

Digital Rights Foundation is a research based advocacy organisation based in Pakistan focusing on ICTs to support human rights, democratic processes and better digital governance. DRF opposes any and all sorts of online censorship and violations of human rights both on ground and online.  We firmly believe that freedom of speech and open access to online content is critically important for the development of socio-economy of the country. www.digitalrightsfoundation.pk

Featured Image

June 30, 2014 - Comments Off on Release of "The State of Proactive Disclosure of Information in Khyber Pakhtunkhwa and Punjab Public Bodies" Research Report

Release of "The State of Proactive Disclosure of Information in Khyber Pakhtunkhwa and Punjab Public Bodies" Research Report

Punjab and Khyber Pakhtunkhwa public bodies do not comply with provincial Right to Information Laws

Lahore, June 30, 2014:

The research report ‘The State of Proactive Disclosure of Information in Khyber Pakhtunkhwa and Punjab Public Bodies’ shows that public bodies in both provinces are not complying with the respective right to information laws of their provinces. Khyber Pakhtunkhwa and Punjab public bodies are required to proactively disclose categories of information mentioned in Sections 5 and 4 of Khyber Pakhtunkhwa Right to Information Act 2013 and Punjab Transparency and Right to Information Act 2013.

The broader aim of this research report, conducted by Digital Rights Foundation, a member organization of Coalition on Right to Information’, (CRTI) is to measure how public bodies have been using the web and making it easier for citizens in the processes of getting information and filing requests.

The report indicates that while the public bodies have adopted to the latest web standards and have created / maintained a web presence, there is a significant lack of tangible reforms adopted to implement key sections of the respective laws of the provinces. Specifically, the public bodies do not share information pertaining to public employees' remuneration, benefits, and any other privileges in line with the provisions of their provincial right to information laws.

Digital Rights Foundation urges Khyber Pakhtunkhwa Information Commission and Punjab Information Commission to ensure public bodies comply with the right to information laws and make available information specified for proactive disclosure under relevant provisions of provincial right to information laws.

Link to the report: Proactive Disclosure report

Contact: [email protected]

- End -

 

"Coalition of Right to Information seeks to promote an open information and communications policies at the federal, provincial and district levels across Pakistan. With various initiatives, the coalition of civil society organizations aims to promote citizen awareness and improve dialogue between the citizens and state."

Digital Rights Foundation is a research based advocacy organisation based in Pakistan focusing on ICTs to support human rights, democratic processes and better digital governance. DRF opposes any and all sorts of online censorship and violations of human rights both on ground and online.  We firmly believe that freedom of speech and open access to online content is critically important for the development of socio-economy of the country. www.digitalrightsfoundation.pk

Join the talk on Twitter @digitalrightspk  and like us on Facebook!

April 15, 2014 - Comments Off on An open letter to Senate of Pakistan regarding Pakistan Protection Ordinance 2014 "Pakistan’s new law: no free speech… and you’re a terrorist unless you can prove otherwise"

An open letter to Senate of Pakistan regarding Pakistan Protection Ordinance 2014 "Pakistan’s new law: no free speech… and you’re a terrorist unless you can prove otherwise"

Irfan-Cybercrime1-660x330 Respected Senators,

The recent uproar over the Pakistan Protection Ordinance 2014 has created quite a stir in the country’s digital media platforms, and rightly so. The Government of Pakistan has recently passed, what appears to be, the most draconian and regressive anti-terror law in the National Assembly. The Pakistan Protection Ordinance 2014 has already been signed by the President and will soon be presented - and most likely approved - by the Senate on April 20, 2014.

The proposed law clearly inhibits fundamental rights to freedom of speech, privacy and peaceful assembly on the Internet. In its current form, the law could be used to suppress peaceful political opposition and criticism of government policy online, on social media for instance. In its schedule of offences, the law also lists “crimes against computers including cyber crimes, internet offenses and other offenses related to information technology etc". Also, instances where a person who commits any crime mentioned in the scheduled offenses becomes a cognizable and non bailable offense.

Any person accused within the sphere of scheduled offences will be liable to face a charge on grounds of reasonable evidence against him/her, and will be assumed to be engaged in waging a war or insurrection against Pakistan, unless he/she establishes his/her non-involvement in the offence, which reverses the burden of proof and undermines the right to due process and fair trial. The scheduled offence shall be punishable with imprisonment, which may extend to 10 years, with fine and confiscation of property.

The provision regarding internet crimes is so vague that it can be abused against  journalists, politicians, minorities, students, activists, political dissidents and groups who are using the internet for activities which would not in any way be counted and ascertained as terrorism. From a due process perspective, there doesn’t seem to be a very strong case for introducing cyber crimes in the PPO 2014, when a separate Electronic Cyber Crime bill is already being drafted. So, what is the true intent of introducing an additional or supplementary provisions with regard to “Internet Crimes”?

The state of open access to internet in our country is dismal. In the 2013 Freedom on the Net report, Pakistan’s Internet freedom status in 2012-13 was ‘Not Free.’ The introduction to the report states: Successive military and civilian governments have adopted various measures to control the internet in Pakistan, which they frame as necessary for combating terrorism. In Freedom of Press, Pakistan ranks 159 among 179 countries. In the planned Ordinance, provision related to warrant less raids is in violation of Article 14 of our Constitution.

With the Electronic Cyber Crime bill, Pakistan has the momentous opportunity to set the benchmark in South Asia and the Global South in right to free speech online. This right necessitates freedom from persecution for all citizens who use digital communications platforms to express opinions, dissent, or critique against the state. As Benjamin Franklin said, “Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech.” 

In an era where individuals, non-governmental organizations and international institutions rely on the multiplier effect of social media and digital news outlets to highlight issues of injustice and human rights violations, it doesn’t augur well for the country’s freedom of speech and human rights index to even consider this Ordinance.

Digital Rights foundation demands and calls on the senators to protect the rights to freedom of speech and privacy in accordance with Pakistan's obligations under international conventions, remove the clause of cyber crimes from Pakistan Protection Ordinance 2014 and revise the law with the consultation of relevant stake holders.

Contact: [email protected]

- End -

Digital Rights Foundation is a research based advocacy organisation based in Pakistan focusing on ICTs to support human rights, democratic processes and better digital governance. DRF opposes any and all sorts of online censorship and violations of human rights both on ground and online.  We firmly believe that freedom of speech and open access to online content is critically important for the development of socio-economy of the country. www.digitalrightsfoundation.pk

March 25, 2014 - Comments Off on Pakistan: The Draft Computer Crimes Law Endangers Freedom of Expression

Pakistan: The Draft Computer Crimes Law Endangers Freedom of Expression

For IMMEDIATE RELEASE:

Lahore, March 25, 2014: ARTICLE 19 and Digital Rights Foundation Pakistan are concerned about the draft Prevention of Electronic Crimes Act of Pakistan 2014 (Draft Law), currently being prepared for presentation in the Pakistan Parliament. Although the Draft Law contains a number of welcome procedural safeguards, several provisions violate international standards on freedom of expression. We call on the Pakistan Government to amend the Draft Law in accordance with our recommendations below before it is submitted for the consideration of the Parliament.

The Draft Law, which has been drafted by the Ministry of Information Technology and Telecommunications, establishes specific computer crimes and procedural rules of investigation, prosecution and trial of the offences. The Draft Law incriminates the illegal access to and interference with program or data or information systems, cyber terrorism, electronic forgery and fraud, the making of devices for use in offences and unauthorized interception.

ARTICLE 19 and Digital Rights Foundation welcome the efforts of the Pakistani Government to provide adequate procedural safeguards in the context of cybercrime investigations. However, we recall that the regulation of computer crimes engages the protection of human rights that must be considered in the respective legislation, in particular:

• Article 19 of the International Covenant on Civil and Political Rights (ICCPR), to which Pakistan acceded in 2010, defines the right to freedom of expressions and sets out the requirements for limitations on the right. States can limit freedom of expression only in the interest of protection of reputation, national security, public order, health and morals. The limitations must be clearly defined in law and be necessary and proportionate to secure one of those aims. States must refrain from exercising this discretion in a discriminatory manner. Article 17 of the ICCPR guarantees the freedom of individuals from arbitrary or unlawful interference with his privacy and correspondence.

• General Comment No.34, which provides authoritative guidance on the interpretation of Article 19 of the ICCPR, states that extreme care must be taken in crafting and applying laws that purport to restrict expression to protect national security. Whether characterised as cyber-crime laws, treason laws, official secrets laws or sedition laws they must conform to the strict requirements of Article 19(3).

• In General Comment 16 of on the Right to Privacy, the UN Human Rights Committee states that interference by states can only take place on the basis of law which itself specify in detail the precise circumstances in which interference may be permitted.

• The 2011 Joint Declaration on the Right to Freedom of Expression and the Internet adopted by the four international special rapporteurs on freedom of expression representing the Americas, Europe, Africa and the United Nations (UN) emphasizes that standards of liability in cases relating to the internet must take into account the overall public interest in protecting both the expression and the forum in which it is made, (i.e. the need to preserver the “public square” aspect of the Internet).

• From a comparative perspective, the Council of Europe Cybercrime Convention (2001) provides basic procedural safeguards and guidance on how to draft cybercrime legislation in accordance with human rights standards.

In the light of these standards, ARTICLE 19 and Digital Rights Foundation remain concerned that the Draft Law violates international standards for several reasons:

• Lack of clear definitions: a number of definitions in the Draft Law are unclear, notably the definition of ‘content data’, which partially reproduces the definition of ‘computer data’ as stipulated in the Council of Europe Convention on Cybercrime (2001). This is confusing as computer data and content data are separate concepts. In other instances, the draft law fails to define important terms such as ‘information systems’ or ‘programme or data’. The lack of clear definitions in the draft law makes it more open to abuse and likely to catch innocuous behaviour, such as accessing a website in breach of its terms of service. By the same token, it endangers the right to freedom of expression. We recommend that ‘content data’ is replaced by ‘computer data’ in the Draft Law and refer to the Cybercrime Convention for a definition of ‘computer systems’.

• Lack of public interest defence for hacking-type of offences: The Draft Law criminalises unauthorised access to information systems, programmes or data. While the Draft Law is presumably aimed at criminalising ‘hacking’, it fails to provide a public interest defence when this type of conduct takes place for legitimate purposes, such investigative journalism or research.

• Overly broad cyber-terrorism offence: Section 7 (a) and (b) fails to make an explicit reference to "violence" as part of the offence of cyber-terrorism. Cyber-terrorism should be more clearly linked to the risk of harm or injury in the real world, and in particular harm against the welfare of individuals. It should not be equated with even moderate disruption of public services or damage to property. It is not clear that sections 7 (1) (b) (i) and (ii) would meet that threshold if read independently from Section 7 (1) (b) (vi).

• Criminalisation of “defamation against women”: Although the attempts to offer special protection to women (e.g. through prohibitions on threatening sexual acts) are laudable, we find the provisions of Section 13 of the Draft Law problematic. Section 13 criminalises “defamation against women” and other vaguely phrased offences, such as “distorting the face of a woman”. We recall that, in its General Comment 34, the UN Human Rights Committee stated that states parties should consider the decriminalization of defamation and, in any case, the application of the criminal law should only be countenanced in the most serious of cases. Also, the provisions of Section 13 fail to meet the three part test, as they are not formulated with sufficient precision to enable individuals to regulate their conduct in accordance with the law. We therefore recommend that Section 13 be revised.

• Lack of procedural safeguards against surveillance activities carried out by intelligence agencies: although efforts have been made to provide effective procedural safeguards against unchecked surveillance by law enforcement agencies (e.g. section 30), the same is not true of intelligence services, which remain subject to the provisions of the Pakistan Telecommunications (Re-Organisation) Act 1996. This is a serious concern as this means that the Pakistani intelligence services effectively have carte blanche to carry out mass surveillance without meaningful oversight (see ARTICLE 19’s analysis of the Pakistan Telecommunications (re-Organisation) Act). In our view, if the Draft Law were to be adopted in its current form, it would be in breach of the right to freedom of expression and privacy under international law.

We call on Pakistani legislators to protect the rights to freedom of expression and privacy in accordance with Pakistan’s obligations under international and review the Draft Law in line with the above recommendations.

Contact: [email protected]

- End -

Digital Rights Foundation is a research based advocacy organisation based in Pakistan focusing on ICTs to support human rights, democratic processes and better digital governance. DRF opposes any and all sorts of online censorship and violations of human rights both on ground and online.  We firmly believe that freedom of speech and open access to online content is critically important for the development of socio-economy of the country. www.digitalrightsfoundation.pk

 

Join the talk on Twitter @digitalrightspk or like us on Facebook!

Featured Image

January 2, 2014 - Comments Off on Training Workshop: Security for Women in Digital Age

Training Workshop: Security for Women in Digital Age

Security for Women in Digital Age

Venue: Crystal Ball, Marriott hotel, Islamabad

Date: 13:30 - 17:00, January 9, 2014

Trainer: Nighat Dad (Executive Director, Digital Rights Foundation Pakistan)

In this digital age, it has become even easier than before to be stalked, intruded and harassed. During these times of fast digital innovation, it is important for women to assess their risks online, analyse them and browse securely.

"Security for Women in the Digital Age" workshop will focus on why it is important for women to be cautious about their privacy online. The session will look on the cases in Pakistan where women and girls have been harassed and threatened online. It will then move on to a small digital security training empowering the attendees with basic tools to stay secure in the digital spaces.

For more details, please join our Facebook event page or visit the website.

- With support from Tactical Technology Collective