Blog Archives

All Posts in Privacy

May 9, 2013 - Comments Off on FinFisher Commercializing Digital Spying – How You can be a Victim?

FinFisher Commercializing Digital Spying – How You can be a Victim?

- Shaikh Rafia

FinFisher is surveillance software by Gamma International UK Ltd marketing the surveillance solutions to government security officials through exploiting security lapses in anti-virus programs. It is basically a spyware suite designed to allow someone to spy on a computer or mobile device. Described by the company as "Governmental IT Intrusion and Remote Monitoring Solutions”, FinFisher has its command and control servers installed in around 36 countries globally, according to a report and analysis by Citizen Lab. Pakistan is one of those countries, and Pakistan Telecommunication Company Ltd (PTCL) owns the network where FinFisher server is found.

The FinSpy malware – tool of FinFisher intrusion kit – was often injected in the potential victims’ machines by sending them malicious email. In the analysis, Citizen Lab found that email addresses which were used to send these emails were on the names of some popular journalist names (in the case of Bahraini activists) and the email shared attachments which looked pertaining to the Bahraini turmoil. On opening the attachments, jpeg files were saved on the victim’s computers which were actually executable files. This sort of access gives the attacker clandestine remote access to the victimized machine with data harvesting and exfiltration capabilities. Commonly, someone tricks you into clicking a file - a picture, word document, etc – which actually hides the FinSpy file and silently affects your machine without you or the Anti-Virus program installed in your machine detecting it.

Citizen Lab found that the data like Skype audio calls, chats, key logger and passwords was accessible to the attacker. FinFisher can even secretly use the microphone or webcam in your computer or Read more

March 16, 2013 - Comments Off on Fair Trial Bill: de-alienation of civil society

Fair Trial Bill: de-alienation of civil society

President Asif Ali Zardari signed the in to law the “Fair Trial Act 2012”, empowering the state to intercept private communications in order to track suspected terrorists in the country. This legislation was approved by National Assembly and went through the senate for approval in December 2012.

The civil society and human rights defenders of Pakistan have been continuously questioning this Act which legalizes the security agencies to collect evidence “by means of modern techniques and devices” like wire-tapping, intercepting emails and SMS text messages that will be accepted in a court in cases registered under five security-related laws. A major concern about this Fair Trial Act is a few of its ambiguous clauses which could be misused against the people of dissent or political and military opponents.

This bill has clauses like: It shall also apply to all transactions or communications originated or concluded within Pakistan or originated or concluded outside Pakistan by any person. [2.(1).(c)] & Any person liable for investigation under the provisions of this Act for a scheduled offence committed partly or fully outside Pakistan shall be dealt with according to the provisions of this Act in the same manner as if such an offence had been committed within Pakistan. [2.(2)] which makes everyone in the world coming inside the domain of suspicious terrorists, which is disturbing to say the least.

The controversies include the way it easily went through the system and kept getting approved which happens rarely in Pakistan. Every time before elections government tries to get as many bills as possible approved which has been a routine in past in the country. But when the bills like Fair Trial Act 2012 get hasty approvals, acts like Domestic Violence Law stay in pending for years. For the record, Domestic Violence Bill was proposed in 2009 but subsequently failed to pass in provincial assemblies except the Sindh Assembly which passed it on 8th March, 2012.

Whether any sections of civil society were included in the drafting and passage of Fair Trial Bill, has yet to be disclosed by the government. Under Article 19A, we demand the government to show the transparency process involved in the consultation process of Fair Trial Act which could be used by the intelligence agencies and powerful sections of the country to violate larger civil rights.

Digital Rights Foundation strongly condemns this gesture of de-alienating civil society groups by the leading political party of country which was democratically elected four years back. While the bill may help security agencies to catch terrorists, the clauses need to be more specific without hurting the privacy rights of citizens of Pakistan.

November 7, 2012 - Comments Off on DRF Signs Civil Society Unity Statement on WCIT

DRF Signs Civil Society Unity Statement on WCIT

The world's leaders are going to meet and update a key treaty of a UN agency called International Telecommunication Union (ITU). Some proposals from different governments intend to extend the ITU authority on Internet governance in a way that could threaten freedom and online openness, along with a threat to privacy and human rights online.
Digital Rights Foundation, being the part of international coalition for Internet freedom, signs the Civil Society Unity statement to oppose such proposals on WCIT:
Internet governance decisions should be made in a transparent manner with genuine multistakeholder participation from civil society, governments, and the private sector. We call on the ITU and its member states to embrace transparency and reject any proposals that might expand ITU authority to areas of Internet governance that threaten the exercise of human rights online.

November 1, 2012 - Comments Off on Pakistan Needs Comms Security Not Restrictions

Pakistan Needs Comms Security Not Restrictions

The Internet is becoming essential to modern life in Pakistan. These days, the loss of network access, whether for telephones or internet connectivity, soon starts to affect people's ability to do business or interact socially - and in the longer term is directly affects citizens' self-expression and self-determination. This is why we all saw such serious attempts by the governments of Tunisia, Egypt and Libya to cut off their people's access to the Internet.

In recent years the Government of Pakistan has repeatedly placed restrictions on the use of the Internet. Technically mediated services have been often subjected to restrictions ranging from government regulation, intervention, censorship and outright blocking.

In 2006, the Pakistani government imposed a blanket ban on the Blogspot platform (comprising around 10 million individual websites), after several hosted blogs posted images of the controversial Mohammad cartoons originally published in the Dutch newspaper Jyllands-Posten. The same year, the entire Wikipedia domain was blocked because one article (of approximately 3.5 million) contained information about the cartoons. This was only the first step of many. The Pakistan Telecommunication Authority has consistently banned Baloch news websites, and since July this year the Rolling Stone website has been blocked after it published a short blog post entitled ‘Pakistan’s Insane Military Spending’.

It is unfortunate that we have seen arbitrary decisions based on political and religious grounds that do not justify disruption of free flow of data affecting millions of lives from a diverse range of perspectives. We have seen a correspondingly severe approach when it comes to internet surveillance. Recently, the government declared its intention to ban the use of data encryption.  This has now left millions of citizens vulnerable to widespread cybercrime (against which encryption and VPNs provide effective shielding) in order to allow the government unfettered access to user data, ostensibly for ‘security reasons’.

This means that while the government sifts through user data looking for potential terrorism links, millions of citizens remain vulnerable to widespread cybercrime, against which encryption and VPNs provide effective shielding.

There are other worrying communications surveillance initiatives and plans.  The Pakistan Telecommunication Authority has been a loyal customer of Narus, a company specializing in “dynamic network traffic intelligence and analytics software”, since 2007. Amongst other services, Narus helps its clients gain network control and data-interception abilities; its technology was apparently used during the ‘Arab Spring’ by the erstwhile governments of Egypt and Libya, who attempted to defeat the pro-democratic revolutionary movements by suppressing internet communications.

Going forward, the Government of Pakistan has to ensure that it is not going to spy and silence its citizens like the recently ousted governments of Mubarak and Gaddafi. It is the duty of the Government to ensure that there are effective laws that protect the rights to privacy, security, freedom of expression and unrestricted access to online content.

If national law does indeed dictate that Internet access be regulated, then it must be undertaken judiciously and with restraint. Sadly, this has not been the case so far.

 

Written for Privacy International.

October 31, 2012 - Comments Off on Building the Great Firewall? Just Follow the Masters!

Building the Great Firewall? Just Follow the Masters!

 

Governments worldwide are trying to introduce legislations for cyber censorship, curbing the privacy of internet users. And it’s no different here in Pakistan. In fact the government of Pakistan is way ahead of many others when it comes to escalating internet censorship in the name of “national security”.

A division of the Ministry of Information, the National ICT R&D Fund, has published a Request for Proposals for a National URL Filtering and Blocking System. This proposal seeks to build a central database that would monitor URLs and handle a “block list” of over 50 million “undesirable” URLs.

At present if the government wants to ban any site it sends notice to that site’s Internet Service Provider (ISP) but with this system, when realized, the government will be able to shut down any site it wants without recourse to any intermediary and for whatever reason it sees fit.

With its Request for Proposals, the current democratic government of Pakistan is actually following the footsteps of those totalitarian regimes that block the highways of global connectivity for their citizens for their own spurious reasons. The Great Firewall of China operated by Ministry of Public Security China is one prime example. And Pakistan as the “higher than mountains, deeper than oceans” friend of China is only too proud to mimic China whenever possible for the benefit of the government or army.

The Request for Proposals claims that “Internet access in Pakistan is mostly unrestricted and unfiltered” and goes on to demonstrate the need of central blocking mechanism:

“The Internet Service Providers (ISPs) and backbone providers have currently deployed manual URL filtering and blocking mechanism in order to block the specific URLs containing undesirable content as notified by PTA from time to time.

Many countries have deployed web filtering and blocking systems at Internet backbones within their countries. However, Pakistani ISPs and backbone providers have expressed their inability to block millions of undesirable web sites using current manual blocking systems. A national URL filtering and blocking system is therefore required to be deployed at national IP backbone of the country.”

This is not the first time that some sort of internet ban is being proposed in Pakistan; we have a long history of cyber censorship. The Pakistan Telecom Authority (PTA) blocked thousands of websites in 2007 in response to the Supreme Court’s order for “banning blasphemous” sites. In 2008, PTA blocked Youtube after the site hosted “Fitna”, the film by Geert Wilder.

Then, in May 2010 courts in Pakistan gave the government orders to ban the social networking site Facebook after some user started the controversial contest “Let’s Draw Muhammad”. Netizens of Pakistan had to use proxies to reach to their favorite social media site.

Recently, in November last year, PTA sent a notice to all cell phone companies to block some 1,600 terms and phrases deemed to be obscene from text messages or they would face stringent legal action. The directive wasn’t only hegemonic and unconstitutional but also supported the culture of moral policing in the country.

As can be seen, most such moves draw on the same tired old indefensible excuses of religious moral policing, the danger of terrorism and national security to justify themselves. The mass of the people become a puppet when the name of religion is invoked. Countrywide protests about the drawing competition moved the courts to take the decision to ban Facebook in May 2010 and now the blanket ban of URLs has the front banner claiming to ban pornographic sites “for the sake of our next generation”.

This seems to be the general reason but once it’s started who knows which sites we will be “allowed” to browse and which sites will be banned. As in China it could well be any site that carries the slightest criticism of the government or army. The envisaged plan with the capacity to block 50 million URLs with a delay no longer than one millisecond is not only deeply worrying but also indicative of the scalability of the government’s plans.

Information and communication technology is the driving force of today’s world. Rather than impinging on citizens’ privacy, the government of Pakistan should focus on training people in digital security to enable them to protect themselves and their children. Religious and cultural intolerance can only be increased by cutting people’s access to communication with the rest of the world. Enriching inter-cultural, inter-ethnic programmes and investing taxpayer’s money in basic education and health will give us much better long-term results. Banning what it deems to be “pornographic” sites only shows that the government considers the people to be infantile, vulnerable and stupid.

 

Originally written for Future Challenges.