December 9, 2013 - Comments Off on DRF Research Report: Net Privacy in South Asia
In May 2013, 29 year old Edward Snowden, former CIA employee and technical contractor to the NSA, disclosed thousands of top-secret documents to the Guardian and Washington Post newspapers. These documents carried sensitive information about United States’ Internet surveillance programs such as PRISM, XKeyscore, Tempora, along with details of the interception of U.S. and European telephone metadata. In the U.S. political history, it is perhaps the most significant political leak since Daniel Ellsberg’s “Pentagon Papers” in 1971.
Pakistan – digital dictatorship in the guise of a democracy:
Not surprisingly during the same month, here in Pakistan, the government was found to be using FinFisher – one of the most sophisticated surveillance software suite available in the commercial market. The data shown in Citizen Lab’s analysis “For the eyes only” reported that Pakistan Telecommunication Company Ltd (PTCL) owns the network where FinFisher server was found in the country. Gamma International UK’s FinFisher suite is an IT intrusion and remote monitoring system whose principal market is state-operated surveillance.
Pakistan’s government has long been a user of the NarusInsight interception suite too, developed by Boeing subsidiary Narus. NarusInsight provides the tools to gain control of networked devices, intercept communications data, and track Internet and mobile users.
There is a world-wide market for products like FinFisher and NarusInsight; some of which are highly invasive and potentially dangerous technologies. The developers find a fertile market among repressive regimes, as well as governments whose surveillance activities are, in theory, subject to democratic insight.
In Pakistan, the Pakistan Telecommunications Authority (PTA) and Federal Investigation Agency (FIA) are the bodies responsible for Internet filtering and surveillance, working under the Ministry of Information. Pakistan is home to some 130 Internet Service Providers (ISPs), and 20.4 million active users in what could be a vibrant and constructive online community. Over the past decade, however, the Pakistani government has become increasingly active in adopting digital censorship and surveillance strategies.
For example, access to sites such as YouTube is frequently blocked, and users are given no indication for how long. In a similar recent case, on November 19 social media was barraged with an outcry from Pakistani netizens wondering why they cannot access Internet Movies Database (IMDb) website anymore. IMDb is only an informative entertainment and celebrity database with seemingly containing no content that could have potential to harm national security or religious morality. On 23rd November, only after two days, ISPs around the country received a directive to reverse the action. However, the reason behind the blockage still remains unclear.
Previously in 2011, PTA issued a list of words to be banned from SMS messages; however, no explanation was provided to the public of the legal basis for classifying terms such as “athlete’s foot” as offensive. Furthermore, PTA also didn’t share the specifics about its processes or criteria for managing the list of “offensive” terms over time. More recently, ISPs in Pakistan seem to be blocking sites that contain the name “Muhammad”. These measures are chaotic and random at best. Externally, they make Pakistani authorities look ridiculous; internally, they create a climate of uncertainty in which Pakistan’s citizens never know what may, tomorrow, be ruled “unacceptable” by the state.
These strategies have been justified on the basis that they safeguard national security and religious values; apparently, this is not always the case though. In the Pakistani province of Baluchistan, activists and dissidents disappear in broad daylight, often to be found killed after a few days on some roadside – if they are found at all. Surveillance technologies in the country have been used to track dissident politicians, journalists, human rights defenders and civil society activists. In the past couple of years, these surveillance tactics have grown more stifling and now extend to social media too, affecting a wider population of innocent citizens, and preventing freedom of expression and access to information.
India – fastest growing economy with stifling Internet policies:
Similar to Pakistani government, Indian state too seems to be very interested in employing surveillance and censorship mechanisms, in one of the world’s fastest-growing economies. The Indian Computer Emergency Response Team (CERN-IN) is very consistent in its measures taken for filtering and surveillance. In 2000, the Parliament of India proposed an Information Technology Act (IT Act) providing a legal framework to regulate Internet use. This act criminalized the electronic publication of obscene information and granted the authorities powers to monitor, search and arrest violating users without the need for a warrant.
In a striking example of how these powers can be used, under section 295A of Indian Penal Code, 21 year old Shaheen Dhada was arrested on November 2012 for posting a status update concerning Bal Thackeray – a religious right-wing leader. Dhada’s Facebook friend was also arrested for simply likingthe status update.
Along with 295A, both arrestees were also charged under Section 66(a) of the Information Technology Act, 2000. The latter defines “hacking” as any attempt to damage, devalue or injuriously affect information stored in a computer resource. (is this relevant bit?) Another act, section 26 of India Post Office Act 1898, empowers state to intercept postal articles for public good. This article may come in to play on the occurrence of any public emergency.
While activists and media raged around the world over United States’ notorious surveillance program PRISM, not enough is being said about its domestic equivalents employed both in India and Pakistan. India’s Center for Development of Telematics (C-DOT) is reportedly using its own Prism-like surveillance program to intercept and monitor internal communications in the name of national security. This program, referred to as the Central Monitoring System, is a proactive surveillance technology that monitors almost all forms of communication including but not limited to text messages, landline phone calls, mobile phones, and social media engagement.
Internet surveillance capable of risking national security at large:
The potential for mass state surveillance programs to violate citizens’ privacy is clearer now than it has ever been. What some may not appreciate is the extent to which they can also introduce new risks to national security. For instance, weakening the security of networks and systems also introduces vulnerabilities which extend to financial markets and trading, making them easier targets for criminal and foreign-nation attackers.
While Pakistan boasts some 20million users, India is estimating to reach 330m Internet users in the next three years. In such a large and fast-growing community, it is highly doubtful that either government has the resources or skills to ensure its surveillance infrastructure is both secure and invulnerable. Especially after the aftermath of Snowden leaks which involved National Security Agency, considered one of the most secure in the world, asking governments to secure their networks would be too much to ask for.
Advancing technologies of surveillance raise serious questions about citizens’ rights; however, potentially oppressive use of technology is not the only issue. Especially in Pakistan, individuals have to put up with policies and enforcement actions that often seem arbitrary and sometimes
unfounded on proper law or due process.
The Snowden disclosures also highlight the glaring problem of accountability – if too many powers are given to a certain few individuals or departments, particularly in sensitive areas such as intelligence and national security, how can governments make sure they are not being misused?
While Snowden’s leaks may help citizens around the globe become more serious about their privacy rights, and serve to warn governments about the risks of running mass surveillance programs, it should also be considered here that no technology can be built without any loopholes.
South Asian governments are as affected by issues of national security and terrorism as any, and more so than the most. There is huge diversity across the region, in terms of national and cultural attitudes to privacy, freedom of expression, democracy, secular government and economic growth. Many states in the region, however fast their economic growth is, are still comparatively immature in terms of citizens’ understanding of online privacy, and the governance of communications infrastructure and online services.
There is a real risk that governments will apply the technology of surveillance excessively for purposes of political control, forfeiting the social benefits that come from an open, safe Internet. Unless South Asian governments strike the right balance between social benefits, human rights and political control, our rapidly-growing Internet could be a disaster in the making.
- Originally published on South Asia Jurist [p8-11].