May 14, 2015 - Comments Off on Spectrum Eyes: The NSA & Pakistani Metadata

Spectrum Eyes: The NSA & Pakistani Metadata

antenna-mast-605307_640

Last Friday, Digital Rights Foundation had learnt via The Intercept that Ahmad Muaffaq Zaidan, Al Jazeera's Islamabad Bureau chief made the list. The US government terrorist watch list, to be precise.

According to National Security Agency (NSA) documents leaked by whistleblower Edward Snowden, in 2012 the NSA indicated that it considered that Mr. Zaidan was a member of Al Qaeda and the Muslim Brotherhood. Mr. Zaidan has strongly denied that he has ever been a member of either organisation, and is backed by his employers and respected international journalists, such as CNN's security analyst Peter Bergen.

So how did a respected veteran journalist find himself placed on a terrorist watch list?

Metadata refers to location and data about communications, such as the callers, sender and recipient, location of communication devices and their unique identifiers, time and length of calls, and other data. Metadata is useful data: it can be analysed by intelligence officers and software in order to detect specific patterns and to establish detailed profiles on particular individuals and/or groups. In the wake of September 11th 2001, the United States government has actively pursued what it constitutes as threats to global security, on the basis of human intelligence and metadata.

Journalists are always told, whether in school or on the job, to go where the story is. To follow the trail. The nature of investigate journalism will often entail communications and physical interactions with people from criminal or terrorist organisations or backgrounds. Zaidan has travelled to and interviewed key figures in geopolitical hotspots, including Afghanistan and Pakistan, two countries that gained prominence post-9/11. Based upon the metadata that has been generated by his movements and communications, Mr. Zaidan found himself on a terrorist watch list and a US government database (TIDE - Terrorist Identities Datamart Environment, shared by US intelligence agencies). According to SKYNET, a problematically-named computer programme designed to analyse metadata, his movements were similar to that of couriers for high ranking Al Qaeda officials.

In Ahmad Zaidan's own words, “to assert that myself, or any journalist, has any affiliation with any group on account of their contact book, phone call logs, or sources is an absurd distortion of the truth and a complete violation of the profession of journalism.”

Though the NSA and the US government did not tell The Intercept as to how Mr. Zaidan came to be added to the TIDE government database, what is known from leaked documents highlights the grave dangers that the collection and interpretation of metadata hold in store for all of us.

One of the questions that SKYNET used as a basis, for instance, was “who has traveled from Peshawar to Faisalabad or Lahore (and back) in the past month? Who does the traveler call when he arrives?”. Behaviour patterns seen as 'suspect' were also looked at by SKYNET, including “incoming calls only,” “visits to airports,” and “overnight trips.”

What the NSA documents also reveal is that the information was collected from “major Pakistani telecoms providers” according to the Intercept report. According to the documents, 55 million Pakistani mobile phone records were fed into the SKYNET system, via its Pakistan dragnet, DEMONSPIT - “as an example” - one of which was “PROB” (sic) Zaidan, due to his frequent Peshawar-Lahore excursions. Others were also highlighted by the system, using similar criteria.

What arises: the collection of metadata has been actively pursued by government intelligence agencies as a way to capture potential terrorists. The belief is that by examining their movements before hand, persons of interest can be arrested or subdued before an attack takes place. The belief is also that metadata will tell us where the enemy can be found, and taken out. This collation of data has been the basis of drone attacks in Afghanistan, Pakistan, and Yemen, and is cited as being how Osama bin Laden's hideout in Abbotabad, Pakistan, had been located.

As with Mr. Zaidan, however, metadata does not automatically infer intent, and can ensnare innocent people, often with tragic consequences. Drone attacks in Pakistan, as of 24th November 2014, have resulted in the deaths of an estimated 1,147 people, according to a report released last year by the human rights organisation Reprieve (http://www.reprieve.org/uploads/2/6/3/3/26338131/2014_11_24_pub_you_never_die_twice_-_multiple_kills_in_the_us_drone_program.pdf)

As the former head of the NSA, General Michael Hayden once remarked, “we kill people based on metadata.” (http://justsecurity.org/10311/michael-hayden-kill-people-based-metadata/)

What does the Intercept report mean for Pakistani citizens? Simply this: a clear violation of the right of the individual to privacy has taken place. The documents in the report do not clarify the technical or legal means by which 55 million mobile phone records were obtained, and it is unlikely that those mobile phone records were the only examples forms surveillance sans oversight undertaken against Pakistani citizens. It is evident that in the name of global security, the rights of Pakistani citizens have been ignored. The context-free manner in which metadata is analysed ensures that the mobile phone calls, smartphone usage et al of Pakistanis will be kept on NSA servers and examined for “potential” persons of interest.

The current draft of the 2015 Prevention of Electronic Crimes Bill, as amended by the Standing IT Committee of the Pakistani National Assembly, would allow for Pakistani intelligence agencies to forward mobile phone and data records of Pakistani citizens, without consent necessary. A legal analysis undertaken by Privacy International and Digital Rights Foundation found that the the draft law does not call for regulation of “sharing of data among government entities” (https://www.privacyinternational.org/sites/default/files/Prevention-of-Electronic-Crimes-Bill-2015%20Legal%20Analysis_0.pdf). If the United States government highlights the digital activity of any Pakistani citizens on the basis of data already gathered, it will most likely follow that Pakistani intelligence agencies will be approached by their NSA counterparts to bring in the individuals, regardless of concrete evidence of wrongdoing.

The capture and storage of the telecommunications of Pakistani citizens – without consent – violates the right to privacy, and aims to criminalise behaviour out of context. To quote Geoffrey King, Internet Advocacy Coordinator for the Committee to Project Journalists, “Given a big enough pool of data, anyone can end up fitting a 'suspicious' pattern.”

Published by: Digital Rights Foundation in Blog, Focus Areas

Comments are closed.