The much dreaded Prevention of Electronic Crimes bill sailed through the National Assembly which adopted it in frenzy. What irony that the Bill to tame the Pakistani Intelligence Agencies, which will be using this Bill to spy on their own citizens, has been hanging in limbo since 2012.
‘Blanket Surveillance’ systems in place in Pakistan can be broadly categorized into two types: One supplied by Western Nations to aid in the ‘war on terror’ (read NSA and GCHQ) and others which have been purchased with taxpayer money. What territorial jurisdiction do National Security Agency of USA (NSA) and General Communications Headquarter (GHCQ) have in the absence of treaties with Pakistan, without Parliaments purview? We do not know. There can be no denying the fact that Pakistan is among the most spied upon nations in the world.
Blanket Surveillance means that your Internet Activity, Mobiles and Telephones are being recorded without lawful jurisdiction and without considering whether you are an ‘object-of-interest’ i.e. if are you involved in anti-state or nefarious activities. This new Prevention of Electronic Crimes Bill now gives a legal cover to Law Enforcements’ spying acts on the Citizenry.
The ordinary gullible Pakistani has no clue that Pakistani Intelligence does not need any passwords to access their Gmail, Yahoo, Hotmail, Outlook or Facebook accounts . What makes matters worrisome is that the agencies running these systems are not answerable to the Parliament. Neither are there audit-logs or authorizations in place to record every request that has been issued by the Agencies Chain-of-Command. In 2015, PPP’s Salim Mandviwalla confronted Intelligence Bureau Chief Aftab Sultan on illegal taping of his mobile on which the IB Chief did what all Pakistani Agencies do: go into plausible deniability mode. The chief denied any such wrongdoings. However, when asked to submit his reply in writing, the chief refrained from doing so, most probably because Mr Mandviwallas’ assertions were correct.
Back in the late 1990s, when I used to work for an Internet Service Provider in Lahore, I had to frequent visits to the Main Distribution Frame (MDF) of Egerton Road Exchange in where all copper cables of the PTCL network in the area terminated. In those days, Intelligence Bureau needed to physically hardwire the MDF in order to record telephonic conversations. One day as I walked into the MDF to do some troubleshooting, the MDF staff was frantically busy removing the IB taps in place which were being used to record communications of the Judges of Lahore High Court as somehow the Judges had come to know about it and had ordered a physical inspection of the MDF. Of course, the IB would conveniently deny any knowledge of this activity, the plausible deniability being inherent in the fabric of the Intelligence Community.
Over the last two years, the tax payers’ money has been invested to extend the reach of the Surveillance. These new systems can infect Mobiles and Personal Computers and are used by the Establishment to spy on Activists, NGOs, Political Opponents, Businesses and the like.
These new systems have been shunned by the West because of threat to Privacy which in turn can threaten an individuals’ life if in a country ruled by a repressive regime. Never-the-less, the Establishment continues to spend the tax payer money into extending the reach of its surveillance to Spy on the citizenry under the garb of security.
Emails, our most frequent communication tool for business, are also not safe or private. Imagine if you were running a business and your emails were tapped by your competitor who, out of luck, had a friend working for a Law Enforcement Agency (LEA). Your quotations could end up with your competitor. Pretty Good Privacy (PGP), a program to protect your emails still works so you should consider using it. You should also look into hosting your email on a Blackberry Enterprise Server (BES) outside of Pakistan and access that email over a Virtual Private Network (VPN). This is perhaps the most dangerous of the aspects of this bill. It gives unprecedented powers to the LEA and with friends in right places you can have access to the privileged corporate information and that in turn can destroy your business. No wonder why companies need to invest a lot in a secure email infrastructure these days.
When Business communication is intercepted, your own Business infrastructure is at risk. Your business competitor with the right connections could bring you down real fast just because he knew someone who had access to the Surveillance Systems. This threat is very real and not to be taken lightly as I personally know instances where this has happened. Better be safe than sorry. Encrypt your email today.
The Pakistan Telecommunication Authority (PTA) watches over the interest of the Law Enforcement Agencies only paying little attention to things like Freedom of Speech and Privacy, banning any equipment that could be used for encrypting private communication. Try running non-standard encryption to see how soon you become an ‘object-of-interest’.
The new cyber bill poses many challenges. One of these challenges is the fact that there is no tamper proof auditable-log of the Law Enforcement using the Surveillance tools. If a Judge orders an inquiry, there would be no evidence of wrongdoing from the Law Enforcement end because there would be nothing to investigate. There have been cases where LEA Officials have been known to tap into Private Skype calls of Pakistani Citizens without their knowledge.
The Lahore High Court and later the Supreme Court of Pakistan have held in different cases that “The right [to privacy] was not absolute and could be curtailed to counterterrorism.” But no one told the Judiciary that the judiciary’s own communication – whether Official or Private was and continues to be under Surveillance. Would the Judges sacrifice their own privacy in order to curtail terrorism? I have my doubts.
Another challenge is that the Law Enforcement is not technically equipped to investigate cases involving events which relate to Cyberspace. Imagine if I was logged on to the Internet at 1am and I posted objectionable material on Facebook by connecting to my neighbors Wifi (which was not using any password). The LEA could get my neighbor arrested. In a similar case in the US, the Judge ruled that a “user was not his IP Address”. (An IP Address is a 4-byte or a 16-byte number that uniquely identifies users on the Internet)
Similarly, in cases where intricate use of the Protocols used on the Internet is involved, it is extremely difficult, if not impossible, to prove that a user was indeed responsible an activity being attributed to her. Without using a Subject Matter Expert with forensic experience, it is simply not possible and the wrong person could be penalized.
I could very well christen this Bill as a Cyberspace Sharia Bill, tabled by the Zia-era remnants.
Paul Zimmerman, the author of “Pretty Good Privacy”, once wrote that “If Privacy is out lawed, only outlaws will have Privacy”. Where my own Government will curtail my rights to freedom and privacy, being a rebel to protect my privacy would be totally called for.