Blog Archives

Latest Posts

Monthly

Categories

All Posts in privacy

May 9, 2026 - Comments Off on Instagram removes end-to-end encryption

Instagram removes end-to-end encryption

Meta has ended support for end-to-end encrypted (E2EE) direct messages on Instagram, saying very few users actually used the feature. The update took effect on 8 May 2026. The change means that Meta now has potential access to users' Instagram DMs for moderation, safety checks or legal requests. The company updated support pages earlier this year without making any prior public announcements. Privacy advocates have criticized Meta’s decision arguing that the encryption settings were never easy to find or made widely available. 

 

September 10, 2025 - Comments Off on PTA Denies Breaches in Licensed Sector

PTA Denies Breaches in Licensed Sector

The Pakistan Telecommunication Authority (PTA) has denied that the recent SIM data leak originated from its licensed telecom sector. The authority stated that it does not hold or manage subscribers' data, which remains with telecom operators. The PTA's initial review suggests that the leaked datasets were likely compiled from multiple external sources, as they include family details, vehicle registrations, and travel records. The statement comes after the interior ministry formed an inquiry committee to investigate the data leak. The PTA referenced a recent cybersecurity audit, which found no breaches within its licensed sector, and highlighted the ongoing challenge of combating cybercrime.

September 8, 2025 - Comments Off on Sensitive Data of Thousands of Pakistanis Put on Sale Online

Sensitive Data of Thousands of Pakistanis Put on Sale Online

Sensitive data belonging to thousands of Pakistanis, including federal ministers and senior officials, has reportedly been put up for sale online. The leaked information includes personal details like addresses, call logs, CNIC copies, and travel history, and is being offered on various platforms for a low price. In response, the Interior Minister has ordered the National Cyber Crimes Investigation Agency (NCCIA) to form a special investigation team to probe the data breach.

September 8, 2025 - Comments Off on Interior Minister Forms Body to Probe SIMs Data Leak

Interior Minister Forms Body to Probe SIMs Data Leak

Interior Minister Mohsin Naqvi has taken notice of a massive data leak involving thousands of Pakistanis' mobile phone SIM data and has formed a special team to investigate. The leaked data, which includes information on federal ministers and senior officials, was reportedly available for sale online. The National Cyber Crimes Investigation Agency (NCCIA) has been tasked with forming a special investigation team to look into the matter and submit a report within 14 days.

January 23, 2025 - Comments Off on Journalists, Opposition walk out of NA as controversial PECA amendments passed

Journalists, Opposition walk out of NA as controversial PECA amendments passed

Pakistan’s National Assembly has passed controversial amendments to the Prevention of Electronic Crimes Act (PECA), to which journalists and members of the opposition PTI party, who both walked out of the National Assembly, walked out in protest. These amendments to the PECA have been condemned since they were first leaked, not just as the overly broad language could be interpreted to further attack freedom of expression, but because drafts of the bill had not been shared or discussed with stakeholders, which has been heavily criticised by activists and journalists. The bill will now be sent to the Pakistani Senate for a final approval.

The government has for several months claimed that the new provisions are necessary to tackle “fake news” or disinformation, with people accused of such to be “punished with imprisonment which may extend upto three years or with fine which may extend to Rs2m or with both.”

In addition to proposing the creation of a Social Media Protection and Regulatory Authority (SMPRA), the amendments have expanded the definition of “social media platforms” to include the “tools” or software used to access said platforms. This expansion of the definition of “social media platforms”, even before the bill’s passing, was widely regarded as a vehicle to provide legal cover to future attempts to ban “unregistered” local VPNs – a legal opinion by the Ministry of Law had thwarted previous VPN ban attempts.

Nighat Dad, Digital Rights Foundation’s Executive Director, said that the passing of the amendments came as a “shock”, and that civil society organisations and other stakeholders had not been shown any drafts, with the result that the final version “suddenly came out of nowhere”. In addition to remarking that the bill should not have been passed owing to the “broad and ambiguous” powers it gave to authorities – already a serious  and ongoing concern about the PECA – Ms. Dad also pointed out its definitions concerning “false and fake information” were suspect – notable given that global authorities have not been able to provide consistent and universally applicable definitions themselves.

January 21, 2025 - Comments Off on Interior Ministry to oversee PECA

Interior Ministry to oversee PECA

The Government of Pakistan has amended the Rules of Business 1973 to shift responsibilities regarding the Prevention of Electronic Crimes Act (PECA) from the Ministry of Information Technology & Information (MOITT) to the Ministry of the Interior, during a federal cabinet meeting chaired by Pakistan’s Prime Minister, Shehbaz Sharif. In the context of governance in Pakistan, “Rules of Business” refers to the rules by which all “business” or “all work done by the Federal Government” is to be undertaken, as per relevant ministries. The government has not as yet updated the “Rules of Business 1973” on its websites as yet, so the version embedded above is the most up to date as of January 22, 2025.

 

News reports have not thus far discussed what this shift in ministerial oversight for PECA might mean in regards to the rights of freedom of expression and to privacy, especially in the light of proposed amendments to the PECA that seek to provide legal grounds for banning VPNs and other means of accessing social media.

January 17, 2025 - Comments Off on Pak-ID services shifted to mobile apps, for ease, security: NADRA

Pak-ID services shifted to mobile apps, for ease, security: NADRA

Pakistan’s National Database and Registration Authority (NADRA) will no longer update PAK-ID services on its website, and is instead directing Pakistani citizens to use its mobile apps for digital identity-related services. Visitors to the website will receive a pop-up informing people of the closure of the website, and telling people to download the relevant apps for their mobile phones. The status of applications made through the website prior to the change on January 17, however, can still be checked via a link provided on the website.

 

Federal Interior Minister Mohsin Naqvi said that the shift to mobile apps came about in part due to reports of users of NADRA’s website experiencing difficulties, especially overseas, in addition to tackling the criminal exploitation of citizen data through counterfeit websites. Naqvi also announced that NADRA would be launching regional centres on March 31th onwards, in Azad Jammu, Kashmir, Gwadar, and Gilgit-Baltistan.

December 24, 2024 - Comments Off on Govt Introduces new localised VPN Scheme

Govt Introduces new localised VPN Scheme

Unsuccessful in its previous attempts to register and penalise unregistered VPNs, owing to a lack of legal support, the Pakistan Telecommunication Authority (PTA) has introduced a new licensing category, in the hope that it will boot registrations of VPNs. According to Dawn, a press release by the PTA states that “VPN service providers are required to obtain Class Licence for Data (Data Services) to provide VPN and related services,” so that local  internet service providers will, in theory, be able to provide VPN and other forms of proxy services to their users.

The “localised” registrations of VPNs was floated by P@SHA, arguing that this would help Pakistan’s freelancers, impacted ongoing internet disruptions. Companies that plan to provide localised VPN services would pay PTA a licence fee – PKR 300,000 to offer nationwide services, PKR 100,000 to do within one province – with the licence lasting 15 years, subject to renewal. As rights activists and tech experts point out, however, the localisation strategy is a “futile exercise”, as it gives more surveillance powers to authorities and negates the whole purpose of VPNs – which could discourage users and international entities, both of whom would just switch to other options.

December 20, 2024 - Comments Off on NADRA to roll out national facial biometrics in 2025”

NADRA to roll out national facial biometrics in 2025”

Pakistan’s National Database and Registration Authority (NADRA) will be rolling out facial biometric verification via NADRA registration centres and the Pak-IK mobile app, starting from January 15, 2025. The initiative arose out of a consultative conference held by NADRA and other regulatory bodies, to discuss biometric and identity verification advances, and how Pakistan’s government can update its own systems. According to NADRA’s chairman, who spoke at the conference, incorporating newer technologies such as facial biometrics would aid the elderly and other groups that may have difficulty with the current system, whether due to faded fingerprinted or other issues.

Conference participants also discussed the potential of iris recognition as a prospective identity verification tool in the future, as well as the National Registration and Biometric Policy Framework.

December 5, 2024 - Comments Off on Pakistani Police “Randomly” inspecting Mobile Phones: PTI Leader

Pakistani Police “Randomly” inspecting Mobile Phones: PTI Leader

Islamabad police are carrying out random inspections of people’s mobiles phones, in an attempt to locate PTI supporters, claimed Shoaib Shaheen, part of PTI’s leadership. Speaking in the wake of the November 24-27 PTI protest march which has resulted in a crackdown by the government, Shaheen accused the police of carrying out profiling of people from Khyber Pakhtunkhwa, based “on their CNICs and ethnicity”, with arrests being made if material on their phones was found to be related to former PTI leader Imran Khan in any way. According to Shaheen, arrests were also made of anyone subsequently visiting people held in custody. Rights activists, including the DRF’s Executive Director, Nighat Dad, condemned these searches, noting that they breached Article 14 of the Constitution of Pakistan, concerning individual rights and dignity.

 

Though the police denied carrying out profiling, claiming that any security checkpoints were established per routine, journalists from Pakistan’s Dawn News reported witnessing at least one case of mobile phones being inspected.