Masud Reza's Blog on the Internet

Rationale. Reason. Logic. And Beyond...

The Emperors New Clothes: Pakistan’s Electronic Crimes Bill…

Posted on May 29, 2016
Big Brother is watching you!

Big Brother is watching you!

The much dreaded Prevention of Electronic Crimes bill sailed through the National Assembly which adopted it in frenzy. What irony that the Bill to tame the Pakistani Intelligence Agencies, which will be using this Bill to spy on their own citizens, has been hanging in limbo since 2012.
‘Blanket Surveillance’ systems in place in Pakistan can be broadly categorized into two types: One supplied by Western Nations to aid in the ‘war on terror’ (read NSA and GCHQ) and others which have been purchased with taxpayer money. What territorial jurisdiction do National Security Agency of USA (NSA) and General Communications Headquarter (GHCQ) have in the absence of treaties with Pakistan, without Parliaments purview? We do not know. There can be no denying the fact that Pakistan is among the most spied upon nations in the world.

Blanket Surveillance means that your Internet Activity, Mobiles and Telephones are being recorded without lawful jurisdiction and without considering whether you are an ‘object-of-interest’ i.e. if are you involved in anti-state or nefarious activities. This new Prevention of Electronic Crimes Bill now gives a legal cover to Law Enforcements’ spying acts on the Citizenry.
The ordinary gullible Pakistani has no clue that Pakistani Intelligence does not need any passwords to access their Gmail, Yahoo, Hotmail, Outlook or Facebook accounts . What makes matters worrisome is that the agencies running these systems are not answerable to the Parliament. Neither are there audit-logs or authorizations in place to record every request that has been issued by the Agencies Chain-of-Command. In 2015, PPP’s Salim Mandviwalla confronted Intelligence Bureau Chief Aftab Sultan on illegal taping of his mobile on which the IB Chief did what all Pakistani Agencies do: go into plausible deniability mode. The chief denied any such wrongdoings. However, when asked to submit his reply in writing, the chief refrained from doing so, most probably because Mr Mandviwallas’ assertions were correct.
Back in the late 1990s, when I used to work for an Internet Service Provider in Lahore, I had to frequent visits to the Main Distribution Frame (MDF) of Egerton Road Exchange in where all copper cables of the PTCL network in the area terminated. In those days, Intelligence Bureau needed to physically hardwire the MDF in order to record telephonic conversations. One day as I walked into the MDF to do some troubleshooting, the MDF staff was frantically busy removing the IB taps in place which were being used to record communications of the Judges of Lahore High Court as somehow the Judges had come to know about it and had ordered a physical inspection of the MDF. Of course, the IB would conveniently deny any knowledge of this activity, the plausible deniability being inherent in the fabric of the Intelligence Community.
Over the last two years, the tax payers’ money has been invested to extend the reach of the Surveillance. These new systems can infect Mobiles and Personal Computers and are used by the Establishment to spy on Activists, NGOs, Political Opponents, Businesses and the like.
These new systems have been shunned by the West because of threat to Privacy which in turn can threaten an individuals’ life if in a country ruled by a repressive regime. Never-the-less, the Establishment continues to spend the tax payer money into extending the reach of its surveillance to Spy on the citizenry under the garb of security.
Emails, our most frequent communication tool for business, are also not safe or private. Imagine if you were running a business and your emails were tapped by your competitor who, out of luck, had a friend working for a Law Enforcement Agency (LEA). Your quotations could end up with your competitor. Pretty Good Privacy (PGP), a program to protect your emails still works so you should consider using it. You should also look into hosting your email on a Blackberry Enterprise Server (BES) outside of Pakistan and access that email over a Virtual Private Network (VPN). This is perhaps the most dangerous of the aspects of this bill. It gives unprecedented powers to the LEA and with friends in right places you can have access to the privileged corporate information and that in turn can destroy your business. No wonder why companies need to invest a lot in a secure email infrastructure these days.
When Business communication is intercepted, your own Business infrastructure is at risk. Your business competitor with the right connections could bring you down real fast just because he knew someone who had access to the Surveillance Systems. This threat is very real and not to be taken lightly as I personally know instances where this has happened. Better be safe than sorry. Encrypt your email today.

The Pakistan Telecommunication Authority (PTA) watches over the interest of the Law Enforcement Agencies only paying little attention to things like Freedom of Speech and Privacy, banning any equipment that could be used for encrypting private communication. Try running non-standard encryption to see how soon you become an ‘object-of-interest’.
The new cyber bill poses many challenges. One of these challenges is the fact that there is no tamper proof auditable-log of the Law Enforcement using the Surveillance tools. If a Judge orders an inquiry, there would be no evidence of wrongdoing from the Law Enforcement end because there would be nothing to investigate. There have been cases where LEA Officials have been known to tap into Private Skype calls of Pakistani Citizens without their knowledge.
The Lahore High Court and later the Supreme Court of Pakistan have held in different cases that “The right [to privacy] was not absolute and could be curtailed to counterterrorism.” But no one told the Judiciary that the judiciary’s own communication – whether Official or Private was and continues to be under Surveillance. Would the Judges sacrifice their own privacy in order to curtail terrorism? I have my doubts.
Another challenge is that the Law Enforcement is not technically equipped to investigate cases involving events which relate to Cyberspace. Imagine if I was logged on to the Internet at 1am and I posted objectionable material on Facebook by connecting to my neighbors Wifi (which was not using any password). The LEA could get my neighbor arrested. In a similar case in the US, the Judge ruled that a “user was not his IP Address”. (An IP Address is a 4-byte or a 16-byte number that uniquely identifies users on the Internet)
Similarly, in cases where intricate use of the Protocols used on the Internet is involved, it is extremely difficult, if not impossible, to prove that a user was indeed responsible an activity being attributed to her. Without using a Subject Matter Expert with forensic experience, it is simply not possible and the wrong person could be penalized.
I could very well christen this Bill as a Cyberspace Sharia Bill, tabled by the Zia-era remnants.
Paul Zimmerman, the author of “Pretty Good Privacy”, once wrote that “If Privacy is out lawed, only outlaws will have Privacy”. Where my own Government will curtail my rights to freedom and privacy, being a rebel to protect my privacy would be totally called for.

We Will Not Forget


In Memoriam

Black Day, December 16, 2014

Sajjad the Shoe-Shiner


Visiting downtown the other day and waiting for my car , I was strolling on the road. A shoe shiner, barely Eleven, sprung out almost from nowhere in sight.

“Sir, can I polish your shoes? I will shine them so well!”. I smiled. It’s that I do not visit such places every day, where such shoe shining human hands are available for a little fee. ” How much will you charge?, I asked, gleefully watching him. Only 20 Rupees (20 cents). “Deal”, as I forwarded my right foot to take off my shoe. Over the next five minutes, I watched his magic as his little hands skillfully cleaned and polished the right shoe, followed by the left.
“I don’t have any change with me. So take this hundred instead and what is your name”? . “I am Sajjad”, he answered confidently. “Here, Sajjad, take this 100 Rupee note. And keep the change”.
I glanced at my watch. The driver was running late, probably stuck in the rush hour.
After about five minutes, little Sajjad returned and handed me Eighty Rupees (80 cents) in change. “What’s this, Sajjad”?, I asked, bemused. “It’s the balance amount, Sir”, came his meek reply. “But I want you to keep them all”, I vehemently insisted. “I know”, he said smiling, “but that was not the deal”.
It took me almost two minutes to convince him that the extra 80 Rupees were a prize for his job well done.
“What will you do when you grow up Sajjad”, I was amused and intrigued by the little fellow.  “I plan to study and make a shop”
His bigger plans were already ingrained in his mind. His mother had already died a few years a go and his dad was paralyzed. Sajjad was one of the breadwinners.
Every day he had to make sure that Dad’s evening meal was taken care of, out of his paltry 150 Rupees (1.5 USD) that he made every day.
In a social fabric knitted with lies and deceit, Sajjad was pure Gold.
“Farewell, little friend”, I said to Sajjad as I shook his hands.
I left Sajjad but his bright eyes did not leave me. Even now, the shine of his little eyes brighten the dark chambers of my soul.

National Tragedy Strikes…


100+ Children killed in school attack in Peshawar


Older Posts