Blog Archives

All Posts in Press Kits

October 3, 2018 - Comments Off on Press Release: DRF at RSF’s launch on groundbreaking global Information and Democracy Commission, 70 years after the UN General Assembly adopted the Universal Declaration of Human Rights

Press Release: DRF at RSF’s launch on groundbreaking global Information and Democracy Commission, 70 years after the UN General Assembly adopted the Universal Declaration of Human Rights


Digital Rights Foundation

11 September 2018

Paris: Seventy years after the UN General Assembly adopted the Universal Declaration of Human Rights in Paris, the Paris-based international NGO, Reporters Without Borders (RSF), announces the formation of a panel of 25 prominent figures with the aim of drafting an International Declaration on Information and Democracy.

Co-chaired by Nobel peace laureate, Shirin Ebadi, and RSF secretary-general Christophe Deloire, the “Information and Democracy Commission” includes Nobel economics laureates Joseph Stiglitz and Amartya Sen, Peruvian novelist and Nobel literature laureate Mario Vargas Llosa and Nigerian human rights lawyer Hauwa Ibrahim, a recipient of the European Parliament’s Sakharov Prize.

A panel has been formed with 25 members from 18 countries, which includes Nighat Dad, the founder of Pakistan’s Digital Rights Foundation. Ms. Dad is honoured to be part of this prestigious Committee and will be focusing on digital rights and human rights in online spaces. She will be highlighting the spike in fake news and the pivotal role played by social media companies and governments when dealing with fake news. Ms. Dad notes that, “I hope to represent a South Asian perspective that is both part of a global, multi-stakeholder initiative and speak to the particularities of experience and identities of all. Through this platform I hope to focus on the digital rights discourse across the globe and right the to free speech and expression for all. ”

This initiative’s ultimate goal is an international commitment by governments, private-sector companies and civil society representatives. The panel is envisioned to facilitate a groundbreaking political process which is to be launched at the initiative of the leaders of several democratic countries on the basis of the Declaration, and that this will lead to an “International Pledge on Information and Democracy.”

Letters have already been sent to leaders in all continents of the world, and RSF hopes that they will commit as early as mid-November, when dozens of heads of state and government meet in Paris for the commemoration of the 100th anniversary of the end of the First World War (11 November), for the Paris Peace Forum (11-13 November) and the Internet Governance Forum (12-14 November).

The Commission is meeting for the first time on the 11th and 12th September 2018 in Paris and has set itself the goal of completing its work within two months. RSF, which is acting as its general secretariat, initiated a discussion several months ago that is intended to contribute to the Commission’s own debates. International consultations with a wide range of stakeholders have also been launched.

Digital Rights Foundation is a registered research-based advocacy non-governmental organization in Pakistan. Founded by Nighat Dad in 2012, DRF focuses on ICTs to support human rights, inclusiveness, democratic processes, and digital governance. DRF works on issues of online free speech, privacy, data protection and online violence against women.


Contact Person

Seerat Khan

Advocacy and Outreach Manager

[email protected]

August 16, 2018 - Comments Off on Press Release For Hamara Internet App

Press Release For Hamara Internet App


Digital Rights Foundation will be releasing it’s one-of-a-kind app, “Hamara Internet”, on the occasion of our nation’s Independence Day, this  August 14th. The app will be available for downloading on the Google App store at 12 am.

The objece of the app is to provide access to information to all Pakistanis regarding the reporting mechanisms in place in case of cyber harassment. The app provides tips and tidbits for online safety to its users and also provides a directory for relevant personnel and contact information of LEAs and organisations such as the FIA, PTA, PCSW and any other relevant resources available for the public. The purpose that the Digital Rights Foundation envisions for the app is to create awareness regarding cyber harassment and through the app educate individuals regarding the law and the precautionary measures they can opt for in case they encounter cyber harassment.

Nighat Dad, the Executive Director of Digital Rights Foundation notes that “this application is a step towards employing technology to address the issue of online harassment by making resources accessible through an easy-to-use app and to make it available in both Urdu and English.” She went on to add, “the tech sector in Pakistan has failed to tackle issues on the internet in an effective and inclusive manner--we hope this app will be the stepping stone for more initiatives.”

Digital Rights Foundation is a registered research-based advocacy non-governmental organization in Pakistan. Founded by Nighat Dad in 2012, DRF focuses on ICTs to support human rights, inclusiveness, democratic processes, and digital governance. DRF works on issues of online free speech, privacy, data protection and online violence against women.

Contact Person:

Seerat Khan


July 24, 2018 - Comments Off on Press Release: Campaigning on Social Media beyond ECP’s Deadline

Press Release: Campaigning on Social Media beyond ECP’s Deadline

For Immediate Release

June 24, 2018

Digital Rights Foundation has observed that while political parties discontinued their public meetings and campaigns on electronic and print media at the stroke of midnight on June 24th 2018, social media campaigns of several major political parties still remain active. This raises interesting and troubling questions regarding the ability of the Election Commission of Pakistan (ECP) to monitor and regulate social media.

The team at Digital Rights Foundation has observed that that Facebook and Twitter accounts of various parties, including the big three PTI, PML(N) and PPP, have been posting material that qualifies as campaigning on their official social media pages. Additionally, we have also noted that PTI’s Snapchat account (pti.imrankhan) was also active after the deadline of midnight between July 23rd and 24th, 2018. SMS directed at voters of NA131 by PTI were also delivered after the deadline. It has also been observed that one political party was streaming live through its YouTube account at noon on July 24th. Thus we see both internet and telecommunications fuelled campaigns in full swing despite the haul in activities in non-virtual spaces.

The law around elections was consolidated in the form of the Election Act 2017 and is supplemented by the Code of Conduct and notifications issued by the ECP. Section 182 of the Election Act clearly states:

“Prohibition of public meetings during certain period.— No person shall convene, hold or attend any public meeting, or promote or join in any procession, within the area of a constituency or, in the case of the Senate election, a Province, during a period of forty-eight hours ending at midnight following the conclusion of the poll for any election in that constituency or Province.”

Furthermore, the ECP’s Code of Conduct posits:

“There shall be a complete ban on convening, holding or attending any public meeting, or promoting or joining in any procession, within the area of a constituency during a period of forty-eight hours ending at midnight following the conclusion of the poll and as such the election campaign in all respect shall come to an end before the said hours Violation will be treated as an illegal practice."

For the purposes of this observation, DRF has only considered official and verified accounts of mainstream political parties. Posts made after the midnight deadline have been consolidated to reveal that while a majority of the violations have been on part of PTI, all political parties across the spectrum have continued electioneering during the course of June 24th, including but not confined to PML(N), AWP, PPP, Pak Sarzameen Party, JUI and APML. Furthermore, DRF has distinguished between posts that are not propagating for their particular party and social media activity that is geared towards campaigning for votes.

Apart from Facebook and Twitter posts, it was interesting to note that Facebook advertisements in the form of sponsored posts were still active for official pages of PTI, Shehbaz Sharif and AWP. As per our observation, PTI’s ads were still active on Twitter as well throughout July 24th. This means that paid advertisements were reaching social media pages beyond the mandated period by the ECP. It is also unclear whether social media advertisements and monetized posts are accounted for by the ECP within the budgetary caps in place for election campaigns (Rs. 4 million for an NA seat campaign and Rs. 2 million for a PP seat).

We have also noticed a discrepancy between the date/time of posting and the time-stamp on some of these posts, suggesting that these were perhaps scheduled ahead of time by a social media team unaware of the ECP regulations and their implications online.

This clearly indicates that the ECP has neglected to include social media within the ambit of election campaigns, and does not have an effective monitoring cell dedicated to keeping taps on social media websites. With the proliferation of communication technologies and their potential to influence voters, it is a glaring oversight on part of the ECP to exclude social media from its definition of what constitutes an “election campaign”. As online spaces are becoming increasingly important in election campaigns, from the weaponization of voter information to misinformation campaigns through social media the world over. these practices, if left unmonitored, can significantly impact the course of any election.

We would urge the ECP to devise a comprehensive Code of Conduct for the Internet in which issues of caps on social media ad spending, jurisdictional and halqa-level regulation of digital spaces, transparency of online activities, party-mandated online harassment, accessibility and conduct of political social media wings are addressed keeping in mind the manner in which modern electioneering campaigns are governed. The ECP is confronted with complex questions of a legal and technological nature--modern political social media campaigns are fragmented, expansive and complex--but it needs to take them seriously rather than avoiding the question altogether. We are optimistic, given the ECP’s embrace of technology in other aspects of the electoral process, that it will learn from its shortcomings in these elections.

For information and comments:
Shmyla Khan - [email protected]

July 17, 2018 - Comments Off on Statement: DRF and Bolo Bhi call for digital accessibility during General Elections 2018

Statement: DRF and Bolo Bhi call for digital accessibility during General Elections 2018

July 17, 2018 -- Digital Rights Foundation and Bolo Bhi fear the blocking of internet and mobile networks in the run up to and during the General Elections 2018 in Pakistan, and call on the caretaker government of Pakistan to ensure mobile and digital accessibility, protection of freedom of speech, and the right to association as citizens exercise their democratic and civic duties on July 25, 2018.

We, as the citizens of Pakistan, are not new to the idea of total and partial network shutdowns that affect the way people communicate in current technologically advanced times, and unreasonable attempts like internet shutdowns to conceal security lapses go against the constitution of Pakistan.

Internet shutdowns have not proven to contribute substantial benefits towards national security and/or against terrorism. In fact, they promote chaos among people at the receiving end of this violation of their fundamental right to free speech as guaranteed under Article 19, and the right to information under Article 19-A, and have been declared illegal by the Islamabad High Court earlier this year.

Internet has become a primary source of information for the people of Pakistan, and often times we see mainstream media adopting news from online platforms. The ambulatory nature of the mobile-based internet allows for everyone to contribute news for the people, and makes way for misinformation to be rejected through evidence-based reporting. This misinformation has long been furthering chaos and unrest among unaware citizens, one example of which was seen during the social media blackout amid nationwide violent protests from extremist organisations on November 22, 2017 that held Islamabad hostage for days.

A graph of the recent mobile networks shutdown in Lahore on July 13, 2018, developed by NetBlocks by measuring the intent of disruption in the city, depicts internet and telecommunications suspension at a time of crisis when access to information was most vital. Working together, the signatories will continue to observe internet connectivity across Pakistan throughout the election period.

Lahore witnessed internet shutdown amid huge rally as former PM Nawaz Sharif returns and arrested | Courtesy of NetBlocks

Pakistan is a new democracy that is constantly struggling to hold the title despite the influence of other forces and actors. The second transition of democratically elected government despite threats of collapsing democracy is testament to the country’s disposition to the idea of a government for the people, by the people, and of the people. Whereas draconian laws like the Prevention of Electronic Crimes Act (PECA) 2016 have already limited people’s right to free expression in online spaces and other distressing attacks on advocates of the said right, it is important that the internet and online spaces remain open and accessible without disproportionate barriers in the name of security.

Law enforcement agencies have never provided sufficient evidence that can establish a link between shutting down communications and increased safety at a gathering or event. Rather, network shutdowns cause further panic as people are unable to communicate and update others in case of a mishap.

We demand that protecting the fundamental rights to speech, assembly, and association as promised under the Constitution of Pakistan be held above anything, and suggest that the caretaker government take reasonable on-ground security measures to ensure safety of citizens accordingly instead of cutting off citizens from each other.

For information and comments, contact:
Usama Khilji, Director, Bolo Bhi: [email protected]
Nighat Dad, Executive Director, DRF: [email protected]
Alp Toker, Director, NetBlocks: [email protected]

Digital Rights Foundation (DRF) is a non-profit research-based advocacy organisation focusing on ICTs to support human rights, democratic process, and digital governance. Visit for details.

Bolo Bhi is a not-for-profit geared towards advocacy, policy and research in the areas of gender rights, government transparency, internet access, digital security and privacy. Visit for details.

The NetBlocks Group is a civil society group working at the intersection of digital rights, cyber-security and internet governance. Independent and non-partisan, NetBlocks strives for an open and inclusive digital future for all. Visit for details.

July 15, 2018 - Comments Off on Statement: DRF condemns the online attacks against Asma Shirazi

Statement: DRF condemns the online attacks against Asma Shirazi

July 15, 2018 -- Digital Rights Foundation and Network of Women Journalists for Digital Rights condemn the social media attacks against Asma Shirazi, a seasoned journalist with years of service to the electronic media, and extends its unfettered support to her.

Ms. Shirazi is made victim of online harassment based on a video where she is heard informing former Prime Minister Mian Nawaz Sharif of reasons why his previously recorded interview will not be aired, during a telephonic conversation while he is in-flight from Abu Dhabi to Lahore.

Asma Shirazi, a celebrated journalist who doesn’t need any introduction, has contributed far more than expected of any journalist, was performing her journalistic duty being paid for by her media house - Aaj News. She soon found herself receiving unrestricted, unreasonable and uncalled-for hatred directed at her.

This is not the first time a woman journalist has been attacked for doing her job. Previously, Irum Abbasi, Saba Aitzaz and Marvi Sirmed have been attacked viciously, and in all of these instances, the nature of the attacks are personal which often go from body-shaming, character assassination to rape and death threats really quick.

Women have always been a victim of torture and abuse in every setting; and with little to no freedom to express their opinions at their disposal, their right to occupy online spaces has also been affected in attempts to silence them through endless online violence.

We believe that it’s also important to highlight the increase in the gendered nature of online abuse against women journalists as we approach the General Elections 2018 in less than two weeks. These attacks not only affect the unbiased journalism but also promote self-censorship among women journalists who are forced to remain silent in order to avoid cyber harassment. DRF strongly condemns such abuse and harassment aimed at Asma Shirazi in this instance in particular, and other women journalists at large, and reiterates that under the Prevention of Electronic Crimes Act (PECA), online violence is a punishable offence and concerned authorities should treat it as such under the rule of law

DRF strongly opines that journalism is a profession and it’s rather essential that the journalists should be guaranteed a safe environment to work in, and their freedom of expression and freedom of press should be protected at all cost - the fundamental right that is protected under the Constitution of Pakistan.

This statement is drafted by DRF’s Network of Women Journalists for Digital Rights.

July 13, 2018 - Comments Off on DRF and NetBlocks strongly condemn the blocking of Slate Magazine in Pakistan

DRF and NetBlocks strongly condemn the blocking of Slate Magazine in Pakistan

13 July, 2018 -- The Digital Rights Foundation and NetBlocks strongly condemn the blocking of Slate Magazine ( in Pakistan.

“This unprecedented attempt at censorship is not just an attack on free press, but also against the fundamental right to free speech and access to information granted under article 19 and 19-A of the constitution of Pakistan to its citizens,” Hija Kamran, Communications Manager, Digital Rights Foundation, said.

“We demand transparency from the government authorities in their actions and urge them to unblock in Pakistan immediately while notifying its citizens why the online magazine was blocked in the first place”, she adds.

On 12 July, 2018 inaccessibility to the website was first detected by the NetBlocks internet observatory. An Initial investigation conducted by NetBlocks and Digital Rights Foundation determined that the ban was in effect throughout the country. Subsequent data collected through a controlled study, incorporating 480 sets of measurements over 12 hours via vantage points and providers across the country, indicates a targeted and purposeful disruption consistent with internet filtering techniques.

A chart of measurements from the study shows unavailability of the Slate website on Pakistan’s main providers. During the same period, the site remained accessible internationally.

The organisations informed Slate of the blocking, who then said they were unaware of the incident. In response Slate has cooperated with Digital Rights Foundation by sharing visitor statistics that depict an evident drop in traffic from Pakistan during July 2018.

As we share this statement, we are waiting on receiving an official comment from Slate on the incident.

As Pakistan prepares to hold its general elections in less than two weeks, this action by the authorities is alarming and points to the larger crackdown on dissent and free expression in the country.

There has been no official notification from the Pakistani authorities on the blocking of even though multiple attempts of accessing the website reflect that it was blocked on the orders of Pakistan Telecommunications Authority (PTA).

“The blocking of an international independent media outlet is a blatant violation to both internet and press freedom”, Hannah Machlin, Global Advocacy Manager, NetBlocks said.

“The fact that this incident occurred in a democratic country in the run up to their general elections, underlines the importance of digital observation. We will continue to closely monitor Pakistan and the rest of the world in order to uncover and verify censorship attempts,” Machlin, added.

The Internet has become a primary source of communication for people across borders. From delivering news to seeking information on new developments, online media has transformed into an essential part of how people exercise their right to information. At times when mainstream media adopts its news from online platforms, it’s important that these media are kept free and open for all to access, without disruption and discrimination. Attempting to censor and restrict critical and independent voices harms Pakistan’s global outlook. We believe that press freedom has increasingly become dependent on digital freedom, and emphasize that it is crucial to keep both mainstream media and online media open for all.

Pakistan has a rich history of censorship since the advent of modern technology. From columns pulled out from newspapers to news channels forced off-air, a comparatively recent three-year ban on YouTube in the country that was lifted in 2016, and multiple websites being blocked in the name of national security or obscenity to social media blackouts and partial and complete network shutdowns - the country is not alien to the concept of technological disruptions. The crackdown on dissent by various forceful attempts is testament to the violation of constitution and universal treaties that Pakistan has signed to protect freedom of speech and press in the country.

Digital Rights Foundation is a registered research based advocacy NGO focusing on ICT to support human rights, democratic processes, and digital governance.

The NetBlocks Group is a civil society group working at the intersection of digital rights, cyber-security and internet governance. Independent and non-partisan, NetBlocks strives for an open and inclusive digital future for all.

June 1, 2018 - Comments Off on Open Letter to Twitter: Please Do Better about Misinformation during General Elections 2018

Open Letter to Twitter: Please Do Better about Misinformation during General Elections 2018

Dear Twitter,

We heard that you want to do better in making Twitter an inclusive platform. We heard that you have updated your strategy to fight trolls to make it a safe space for everyone. And we also heard that you are committed to fight fake news, especially after what Facebook has gone through in the past couple of months. We, for one, were glad that you are at least trying. But are you?

Facebook is taking the heat for allowing user data to be misused during the democratic processes worldwide, but do you think you have done better? We are talking particularly in the context of fake news through fake accounts that Twitter very conveniently allows to exist on its platform. The biased community standards suspend the accounts of women speaking up against trolls in the language they understand, but trolls operating under the shadow of fake accounts keep making use of the platform without facing the consequences of the said standards.

Pakistan is going to have its General Elections in almost 2 months from now, and what we are seeing today is an orchestrated political campaign through fake accounts on Twitter; case in point the convicted rapist of a former Pakistani film actress being appointed in one of the political parties running for the office and later being expelled after an outrage on social media and subsequently on mainstream media. What went wrong here is that during this appointment and expulsion of the rapist, a fake account was setup in the name of the artist who was forced to leave the country after her brutal rape, commending the actions of the political party to expel the rapist. Here’s the screenshot of the tweet, and the link to it in case you actually decide to take action against fake news:

You may want to consider the number of reactions on this tweet in a couple of hours, and the impact this misinformation has been making among Pakistanis. The tweet was subsequently picked up by local mainstream media and stories were published and aired within hours.

While this may not seem a big issue by the face of it, but this incident is particularly giving leverage to the political party in consideration, and your platform is the core tool for it. It’s taking away people’s agency to make decisions on their own - overshadowed by misinformation.

Let us reiterate - a political party appointed a convicted rapist and is being celebrated for it because the army of fake accounts on Twitter is pitching for a narrative that will promote this party as being better than others. Would you not agree that it’s against the very principles of democracy that we all advocate for?

Shabnam, the legendary artist who was forced to leave the country after her rape by this influential politician, has been snatched of her agency to voice her concerns during this fiasco. This particular fake account (@JharnaBasak) brought her experience down to a political agenda that only suits the people who benefit from it in current political environment closer to the elections. And not only the political goons are celebrating this incident but also human rights defenders; “Good effort by PTI [Pakistan Tehreek-e-Insaf]”, said one women’s rights activist. Twitter has become a tool that has taken away people’s ability to think rationally. While the convicted rapist shouldn’t have been appointed in the first place, your platform has paved way for people to shrug off the problems that this part of the world has been struggling with for generations - violence against women - and honour the forced measures of rectification under the pretence of awareness.

In such instances, efforts to curb misinformation, abuse and trolling by platforms like Twitter become particularly relevant for them being the primary source of news for people. At this point, we are reminded of a remarkable research by Science Magazine featured in The Atlantic in March 2018 that says, “By every common metric, falsehood consistently dominates the truth on Twitter [...].” It’s evident that the problem has been around since the advent of Twitter, but we ask you, what have you done to improve this, if anything at all?

We want you to actually take action and set the case straight that false information is not welcomed on your platform that is trusted and used by millions across the world.

We recommend,

  1. Setting up a clear editorial policy to counter misinformation, by consulting with all stakeholders
  2. Taking strict actions against fake accounts and false news when it is flagged, and take measures where identical IPs are used to create multiple, possibly fake, accounts
  3. Being transparent about who sponsors the content on Twitter and who benefits from it
  4. Promoting credible voices, especially of women and representatives of marginalised groups, among communities

Pakistan is a fairly new democracy that struggles to keep the reigns of its democratically elected government in place, and has successfully completed the tenure of the second government of the said kind. It wasn't easy, and let us tell you - it was ugly, to say the least. But we did it, and we hope that the next government will do better, because democracy is what we strive for, and democracy is what we want in all the processes that we opt for. And because Twitter holds a strong presence in the country, it remains one of the platforms that influence people's decisions.

We hope that you will do better and give people a chance to make their democratic decisions independent of any influence through misinformation propagated through your platform.

Concerned members of a democratic country that is Pakistan.

About Digital Rights Foundation: Digital Rights Foundation is a researched based advocacy NGO registered in Pakistan, focusing on ICTs to support human rights, democratic processes and digital governance. For more information, visit or write to us at [email protected]

Written by Hija Kamran

May 28, 2018 - Comments Off on DRF condemns yet another breach of NADRA database and demands strong data protection legislation

DRF condemns yet another breach of NADRA database and demands strong data protection legislation

The National Database and Registration Authority (NADRA) of Pakistan held the record for being the largest database of citizens’ biometric information the world over, until recently overtaken by India with its Aadhaar card programme. Such stature meant that it enjoys control over a mass amount of information, the kind whose confidentiality is crucial to every person it belongs to, and was duty-bound to protect from prying eyes and predators. Instead, as demonstrated in an infographic available on the Digital Rights Foundation’s (DRF) website, there have been a staggering number of instances of mismanagement of personal data that can be traced back to the Authority, the most recent of which is a reported breach into Punjab Information Technology Board (PITB) that has resulted in the loss of a critical amount of confidential data, access to which was granted by NADRA and which is being sold over the internet for as low as Rs.100 (equivalent to almost $1). This hit, which is as recent as May 2018 is yet another forced intrusion into our private lives at the hands of hackers, however the reason our personal data has been so easily plucked is the abysmal state of affairs is our data protection policies, or lack thereof.

At the time of publication, Pakistan does not have any data privacy legislation enacted. This is a precarious condition given the monumental amount of data that flows through the internet -- through the applications we install and use, and allow our internet service providers (ISPs) and applications themselves to use -- and is stored on the servers. As per a report published by DRF titled ‘Privacy and Data Protection Policies of Telecom Companies in Pakistan’, the measures in place by telecommunication companies to protect our data leaves a lot to be desired and little to no redress is available if any untoward situation arises.

The incident that we are reporting is unfortunately not the first of its kind and is indicative of the fact that cyber security is not a priority of our government institutions, as can be elicited from the following instances;

  • In 2002, NADRA chairman Saleem Ahmed Moeen admitted that about 300,000 NICs that were issued by NADRA carried errors. 
  • In 2011, NADRA employees were accused of preparing fake identification cards for employees of Bahria Town housing authority.

Instances of data sharing, apart from the accounts of unprofessional behaviour by NADRA officials, are also being quoted, for example, the sharing of data with a private company awarded the contract for issuance of National Smart Card Foreigner Identity Pakistan (NICOP) and Pakistan Origin Card (POC) in the UK and Europe. What is worrisome here is just the basic notion of our data being shared with private companies and multiple government departments, as the greater the spread and avenues of access to NADRA’s database, the higher the chances of a leak or misuse of the information.  Also in the news in 2014 was the Coordination Director of Chairman NADRA for leaking out all the messages of the government and strategy of NADRA to PTI and the media. Just these cases in themselves are illustrative enough to show the negligence present across the board at an institution as crucial as NADRA. A top-to-bottom revision of how the Authority operates, its standard operating procedures (SOPs), security and confidentiality-ensuring methods needs to be undertaken.

Further proof of the gravity of the situation is embodied in the recent spate of data breaches that have occurred at NADRA and PITB in the past year. This most recent development occurred in May of 2018, when NADRA handed over access to citizens’ data to the PITB for digitization and has resulted in the aforementioned data being pawned online and on social media platforms for chump change.

As per details available via ProPakistani : ‘… the data breach occurred when NADRA gave access of its servers to Punjab Information Technology Board (PITB), which wanted to digitize citizens’ data by linking CNICs with every other department, including but not limited to education, health, police and land registry.’

Just nine months ago another catastrophe was reported by ProPakistani when PITB’s technical settings allowed for anyone with basic computer navigation skills to access the Computerised National Identity Card (CNIC) numbers, photographic copies of the front and backs of CNI cards and scanned copies of educational degrees amongst other data, on an unregistered scale. It was written off as a technical glitch that was later fixed, however this intrusion into the privacy of civilians brings attention to the vulnerability of national database carriers in protecting sensitive and private information.

According to a source that has worked extensively with NADRA, the official position is that no NADRA database was breached, but that it was in fact the access provided to PITB and its team that resulted in any data leak that may have occurred. They added that NADRA extends its database to banks and telecommunication companies on a need basis, the inference being that no leaks or breaches have occurred on those occasions. The source also expressed concern over the lack of data protection laws in place and when asked if there was any redress available for those civilians whose data had been made public, responded in the negative but pitched that the process of ‘de-identification’ should be introduced wherein on the basis of a breach an individual can request NADRA to de-identify them and allot them a new national identification number and card. It was also highlighted that during the previous general elections, NADRA provided the Election Commission of Pakistan (ECP) with printed voter lists, which complete with CNIC number, name, address and photos was a breach of security of the voters, in itself.

Our data is being accessed by authorised personnel of several government departments, however we have seen that this authority that they have been entrusted with is being misused to sell user data to citizens through WhatsApp and Facebook groups and Twitter accounts. Accountability is a key aim that should be implemented by the government as such worrisome breaches cannot go unnoticed and require a prompt response. Another key aim would be to question is, why access to such sensitive information is provided so nonchalantly where seemingly everyone attached to a certain institution or department can gain access. Special focus should also be fixated on the Punjab Safe Cities Authority (PSCA) and its projects which employ surveillance as one of its methods to be able to improve the law and order situation in Punjab’s biggest cities through the use of technology. The potential for misuse or problematic leaks here is substantial and is only exacerbated by the lack of data protection legislation in the country.  Likewise, access to the data collected by PCSA and security of the servers employed by them is crucial given that it is potentially putting people at risk while they are constantly surveilled. The importance of transparency in these processes cannot be stressed enough given the delicate nature of the whole setup. The public, the people whose very data is at stake here, have a right to know not only how their data is collected, stored and used but also when it is compromised. It is essential that this information be relayed through official channels so that its veracity is not doubted, as much of the information and messages being forwarded on social media platforms cannot be trusted. Ownership must be taken by the state institutions and resultantly, accountability must be demonstrated for the people to see.

The need of the hour, as expressed by DRF time and time again, is to enact a comprehensive and effective data protection law that will serve the purpose of protecting the society’s best interests and one that not only chalks out how to best safeguard our data but also polices the institutions that have access to it.

Author: Zainab Durrani

May 4, 2018 - Comments Off on Statement: DRF expresses concerns over the ban on the messaging app Telegram in Pakistan

Statement: DRF expresses concerns over the ban on the messaging app Telegram in Pakistan


We at the Digital Rights Foundation (DRF) are extremely concerned regarding the ban on the social media messaging application, Telegram, by the Pakistan Telecommunication Authority (PTA). We are issuing a statement to express our concerns about this ban which curtails the right to communicate in a secure and safe manner.

As per Pakistan Telecommunication Company Limited’s (PTCL) official twitter account, it was confirmed on the 9th of November last year that Telegram had been banned as per PTA’s instructions. This notification was restricted to PTCL’s own network. However multiple attempts by other users as well as our team have led to the confirmation of the fact that the ban is effective across networks.

The need to implement policy that would bar access to a messaging platform similar to WhatsApp is befuddling and seemingly arbitrary.

We believe that such a decision hinders citizen's freedom of expression, which is a base and fundamental right as per Article 19 of our Constitution. It is a fundamental right recognized in countries the world over and was also recognized by ours through ratification of international treaties.

The cloud-based instant messaging service is a close second to WhatsApp in terms of popularity, however it has endearing features of its own, including its secret chat option and ability to send up to 1.5 GB worth of files, that prompts its usage. The security features of the app are its biggest selling point and in today’s world of information leaks and data hacks, it provides something we all desire, no matter what our station in life: some semblance of privacy. Such an avenue for communication without intrusion should definitely remain available to all those who choose to use it.  In any case, whether there is an alternate available or not, this blocking off of access is unconscionable, especially in light of the fact that no official notification was made public and neither was any reason provided.

Curtailing access to information is a violation of the civilians’ rights and basic expectations of a democracy. DRF demands the government authorities to provide justification on why was the app blocked and work towards ensuring transparency in such process.

April 24, 2018 - Comments Off on Statement: DRF expresses concerns over the security breach of Careem’s servers

Statement: DRF expresses concerns over the security breach of Careem’s servers

Digital Rights Foundation expresses serious concerns over the breach of servers of one of the most used ride-hailing services in Pakistan, Careem. It was announced in the company’s official statement on April 23 that its servers were breached on January 14, 2018 and since then it has been investigating the matter. According to the statement, the private and sensitive information of its millions of customers and drivers were stolen, which included their names, contact numbers, email addresses, passwords and trip data. According to the company, however, credit card and financial details were not affected.

This breach is particularly worrisome because Careem, as a ride-sharing application, amassed a huge amount critical and personally identifiable information of its users. Information compromised in the breach, i.e. names, phone numbers and trip data, can help identify individuals but also their whereabouts given trip patterns. This data, once revealed, has the potential to put lives in danger.

While we commend their effort of being transparent, the incident points at the larger issue of weak data protection protocols and putting people’s sensitive information and, in grim situations, their lives at risk. Moreover, in the light of many physical attacks on the drivers of the ride-sharing apps in the past couple of months in Pakistan, this incident further endangers life and property of the people using these services for an honest living or for safe commuting.

This particular breach of Careem’s security protocols raises a lot of queries and concerns that their statement failed to answer. First and foremost, why did it take four months to report the incident to the public. Although the blog states that they took their time to investigate into the details of the breach due to the complex nature of the incident, but the fact remains - millions of Careem’s customers and drivers were using their compromised accounts while there data was compromised. Customers were kept in the dark and had no mechanism of holding the company accountable.

Secondly, the statement fails to mention the number of customers that were affected by this breach. Careem is used by over 14 million users around the world, and the silence of this important aspect could signify that all of the users were influenced.

Furthermore, it is the right of the customers to have full transparency of the incident and the statement leaves several questions unanswered. Important questions like who was behind the hack, what happened to the stolen data, where is it stored, what measures has Careem taken to ensure the security of the stolen data, whether Careem takes responsibility of any unforeseen incident that the misuse of this data may ensue, and what actions has it taken to warrant strong security of customer information in the future.

Careem’s silence for four months and inadequate justification of the data breach is indicative of the fact that tech companies operate without being held accountable under any laws in the countries where they operate. Furthermore, in the absence of a data protection legislation that DRF has been advocating for since last year, incidents like this put Pakistani customers at risk and at the mercy of hackers who can use this stolen information against them without any legal repercussions.

It would be remiss not to point out that the business model for several tech companies has been to amass personal data and monetize it for profit-making. Companies, such as Careem, need to be more transparent regarding what data is collected, its storage and its ultimate use; and at the same time reorient its approach towards data. A larger critique of these practices and their human rights implications is in order.