In 1994, when the internet age arrived in China, President Jiang Zemin believed that the world was moving towards a new age where technology and information would be of utmost importance and would provide the impetus for progress. That acted as an incentive to begin incorporating technology to uplift China’s booming economy. But as Deng Xiaoping, one of China’s Eight Elders once famously said, “If you open the window for fresh air, you have to expect some flies to blow in.” In order to keep these “flies” out of China, its leaders began to develop the Golden Shield Project in 1998, which  was unveiled in 2000 and implemented in 2006.

This project of massive surveillance and censorship started out as an attempt to maintain records of citizens and control content. It however, quickly spiraled into a mass surveillance and control mechanism for citizens of China, thus earning the nickname; “The Great Firewall of China.”

Today, the state of Chinese netizens is deplorable. Companies practice self-censorship out of fear of being shut down by authorities if they fail to comply with the strict laws on censorship. Citizens cannot access many websites such as YouTube, Facebook, Wikipedia, DropBox, and Twitter, and even the TOR browser has been blocked. Website activity and telephone conversations are monitored to ensure that censored words such as “protest” are not being used (even Shakespeare is not exempted).

Websites such as Google are censored to the point that if Chinese citizens search for Tiananmen Square, they won’t see any images or links related to the massacre of 1989 but only tourist images of the Square itself. Books, articles, and films related to the massacre have been completely censored as well. Several activists and journalists have been arrested for even referring to the anniversary of the Tiananmen massacre over email. In 2012, the Chinese authorities also started to block Virtual Private Networks (VPNs) that allowed citizens to access blocked websites.

In June 2013, The Guardian began publishing a series of articles that revealed how the National Surveillance Agency (NSA) was spying on Americans and foreign citizens using programs such as PRISM, which collected information including search history, web-chat, and emails, as well as collecting phone data.  According to a detailed report in The Guardian, “The NSA had secretly attached intercepts to the undersea fibre optic cables that ringed the world. This allowed them to read much of the globe’s communications. All of Silicon Valley was involved Google, Microsoft, Facebook, even Steve Jobs’s Apple. It had even put secret back doors into online encryption software – used to make secure bank payments – weakening the system for everybody. The spy agencies had hijacked the internet.”

The surveillance was not  limited to possible criminals or people with links to terrorist organizations- as whistleblower Edward Snowden explained in his first public  interview for The Guardian, “Even if you’re not doing anything wrong, you’re being watched and recorded…it’s getting to the point where you don’t even have to have done anything wrong, you only have to eventually fall under suspicion from somebody, even by a wrong call, and then they can use this system to go back in time and scrutinize every decision you’ve ever made…attack you on that basis…and paint anyone in the context of a wrongdoer.”

Globally, China is seen as a repressive state with limited, if any freedom. America, while criticized for many reasons, is largely perceived as a liberated country, and it’s people’s freedoms are idealized a great deal. American society is also shifting towards a more egalitarian model, with various individuals and organizations battling for gender and racial equality.  But a mostly liberated public and fundamental human rights are clearly not mutually inclusive for the American Government, given  the state is carrying out extensive surveillance, not just on its own citizens, but foreign countries as well.

In Pakistan, censorship began as early as 2006, when the Pakistan Telecommunications Authority (PTA)  began aggressively blocking websites that were deemed to have objectionable, immoral or blasphemous material.  In 2012, reports emerged claiming that the PTA was pursuing a URL-filtering system whereby, instead of blocking websites on an IP level they could simply target specific URLs (including ones within websites).

While, the YouTube ban is still in place since 2012, in late 2013, the Sindh government attempted to ban Viber, Whatsapp, Skype, and other chat applications for a period of three months claiming national security concerns. While the Sindh government did not go ahead with the plan amid backlash from users, it is an alarming notion that they would  consider limiting the ways in which people communicate.

Pakistan, like China, longed to ban the use of VPNs. Earlier this year, PTA began a crackdown on VPNs in the garb of “curbing grey traffic”. This began with banning SpotFlux, and gradually moved on to other VPNs such as HotSpot Shield and CyberGhost, which meant that netizens could no longer access YouTube, unless they used proxies.  (Read our post on VPN blocking in Pakistan)

While Pakistan may lack the technological sophistication that United States has at its disposal, it is clear that for a long time, Pakistan has been greatly inspired by China’s censorship policies. The ban on YouTube, and previous short-lived bans on social networking websites Facebook and Twitter, as well as the surveillance technology FinFisher and URL-filtering and blocking software Netsweeper, are reminiscent of the many ways in which China carries out its censorship and surveillance. In fact, in late April 2014, PTCL partnered with Dailymotion to bring the website to Pakistan. This is no different from what China has done, blocking websites such as YouTube to replace them with its own YouKu, Sina Weibo as a hybrid of Facebook and Twitter, and even localized search engines.

The political condition in China, when it began to implement its repressive policies, and of Pakistan in the past decade is largely different. China’s oppressive regime has been silencing its people with brutality and censorship long before the internet was created.

Individuals and organizations are comparatively freer to criticize government censorship in Pakistan, and yet they are still living with partial censorship. The government still shows a lack of interest in removing the YouTube ban despite vocal opposition from civil society. PTA has gone on record to state that it does not conduct surveillance, despite the presence of Finfisher servers in Pakistan. It is also quite clear that the government, especially the Ministry is not consulting with civil society activists and organizations and thus, operating under willful ignorance.

The comparison between the digital landscapes in Pakistan and the repressive conditions in China are valid, and much-needed. The image is bleak, but needed to reflect where we are headed in terms of digital privacy and access to information.  Pakistan could replicate the Chinese model of censorship in efforts to govern the internet, and that is something that cannot be allowed to happen.

 

Mr. Mohsin Shah Nawaz Ranjhahas, the Parliamentary Secretary of Information & Broadcasting, recently made an all too popular  statement regarding social media, and problems that are common for users worldwide. Commenting on the misuse of social media by “online miscreants”, Mr. Ranjhahas said that the government would formulate a policy to deal with ‘false information’ spread online through ‘fake identifications.’ The name ascribed to those who pose such  a problem is an internet troll. It is important to understand that there is a difference between harmless, good-humored trolling and vicious, abusive trolling. Friends and acquaintances may tease each other or joke in good humor, but on the darker end of the spectrum, there are individuals whose sole intention is to create an environment of hostility and discrimination. This kind of troll is someone who will use a fake identity online to harass people, spread rumors as facts, or relentlessly criticize someone in order to provoke an emotional response. Trolls will often operate with multiple identities, so if you block one social media profile, another will take its place. It may sound like there is no way to thwart a troll, but in actuality, there are several.

Trolls always want an audience to witness their abuse and bullying, because they crave attention in one form or the other. That is why they will often congregate on social media websites, where many people can see them engaging people in their banalities. They either attempt to publicly humiliate others, or they believe a large audience should hear their opinions, which is why, especially on political issues, an online troll will say the same thing to different people, mostly opinion leaders such as talk show hosts and news anchors, seeking approval from authority figures.

In cases where trolls attack political or public figures, the intention is almost always to cast negative light upon the individual; the troll may dislike the person’s political affiliations, public opinions, or in some cases, even aspects of their personal life. However, as wrong and mentally distressing as the deeds of online trolls are, that cannot serve as an excuse to limit, censor, or ban social media in any way. There are many ways to deal with this particular nuisance, and we, the good folks at Bolo Bhi have enlisted a number of efficient ways that work much better than policing the internet.

Understand the difference between trolling and expressing opinions: This is especially important when you occupy a position that frequently places you in the public eye, such as working for a media group, the state, or a public sector organization. Even if the expression of the idea conveyed an aggressive tone, it is still covered under free speech, and unless there is an explicit threat to your personal safety, or of your friends and family, there is no cause for any action at all. You can either a) choose to ignore the criticism, or b) address it by engaging in civil, polite discussion, or c) if you do not wish to engage in a lengthy debate, only tell the person that you understand what they’re saying and that you can just agree to disagree.

Block & Report as spam: All social media platforms provide the option for users to block unsolicited commentators and report them as spam. This is not a permanent fix, you block one account and others may pop up. Despite the fact that this will act as a temporary deterrence, it is an important one, as we will go on to explain in step 4.

Do not feed the trolls: A common phrase on how to deal with online bullying is “do not feed the trolls.” When someone is harassing and/or threatening you, there is certainly a serious issue, but when an online troll is only trying to provoke a response out of you, it may  be better to simply ignore the troll. Online bullies and trolls feed on other people’s rage, discomfort, and unhappiness; by making jokes and comments to upset people. Reacting with discomfort and annoyance to trolling is giving trolls what they want. We are not asking you to make light of threats or to not deal with harassment, deal with it, but do not exhaust yourself by engaging with an aggressive troll.

Report abuse: Remember in step two when we asked you to report individual’s statements as spam? Well, this is precisely why. All social media platforms flaunt an abuse policy and a method to report abusers. We have made a list of email addresses to reach out to in case you are facing abuse on social media. When writing the email, remember to provide all necessary details, screenshots of the accounts’ tweets, the screenshots reporting spam and lastly, a list of all accounts that are involved in harassing/trolling should be included.

Investigate the troll’s identity: Sometimes, it is easy to understand a troll’s ideology by reading the content they share on social media, or the tweets or comments they may be making in public, or they might even write on a blog. By investigating public content that is not a violation of the troll’s privacy, you can understand their ideology, which may be against your own opinions, political affiliations, or beliefs. Armed with this knowledge, you can then inform the social media public about how you’re being harassed by someone because of your opinions and views, thereby exposing the troll to criticism, rather than becoming the target of criticism yourself by reacting poorly to trolling attempts.

Block IPs yourself when possible, or through external sources: If you’re being trolled on a website or blog such as WordPress, there are numerous options that allow you to block the IP Address of a troll, so they cannot make various fake identities and harass you. In cases where IPs are not identified such as social media, the websites in question cannot release information such as IP addresses to a civilian, and can only do so when an official request is made by authority figures. In such a case, you can take a screen capture of the content that is harassing or threatening you, and get in touch with CPLC  who can help you take steps to ensure your personal and online safety.

Protect your privacy online: The content we share through social media connects us to friends and family, but it can also be used against us. It is essential to familiarize yourself with whatever social media platform you are using, and know your privacy settings from status updates to your photos. Make sure that your close friends and family protect their privacy too, as trolls will often target what they perceive to be your weakness, such as your nearest and dearest. Bolo Bhi has a list of resources for maintaining your digital security, and ensuring that personal, sensitive information cannot fall in the hands of anyone who means you harm.

 

—————————————————————————————————–

 

How to report abuse on Facebook

Facebook Safety Center

Report a Violation of Facebook Terms

How to report harassment or abuse if you’re not on Facebook

Privacy rights: Photo removal request

Report a privacy rights infringement

Report a convicted sex offender

Report blackmail

Report suicidal content

Report abuse at: abuse@facebook.com

Twitter:

How to report an abusive user

Report account for impersonation

Report account for spam

Report a problem to the support team

G+:

Report a profile

Report spam or inappropriate content

Report abuse in public video hangouts

Report abuse on events

Contact a Gmail user abusing Google’s Terms of Service (TOS)

Compromised Gmail account

Learn about suspicious activity on your Google account

Gmail security checklist

How to delete your Google Plus profile

Yahoo:

Reporting spam, phishing, or scams to Yahoo

Report an inappropriate comment or abuse on Yahoo

What to do if your account is sending spam

What to do if you’re being harassed on Yahoo

Form for contacting Yahoo

 

There is a strong reason to believe now that the traffic for our gateways is being managed by Netsweeper.

The research revolves around one of the key gateways that handles network traffic for Karachi, namely the following server:

khi77.pie.net.pk (202.125.134.154)

From within Pakistan, any attempt to access this server results in an access block.

However, when accessing this very same server from _outside_ of Pakistan such as the US, results in the following screen being rendered in browser (with a self signed certificate). Click on image below:

Netsweeper Image 150x150 Netsweeper in Use in Pakistan

If noted in the annotation, there is a clear graphic at the bottom indicating “Powered by Netsweeper”

If nothing else, this is clear evidence of Netsweeper’s software being installed on critical national network infrastructure. We anticipate that system administrators at PIE (Pakistan Internet Exchange) will be quick to block access to HTTPS on the gateway in question from the outside as well once access to it is publicized.

Imran Moinuddin is the Founder & CEO of NexDegree

Read More on Netsweeper:

June 20: Netsweeper in Pakistan?

Citizen Lab’s report on Netsweeper’s Presence in Pakistan

July 23: Letter to Canadian High Commission Seeking Disclosure on Netsweeper

September 9: Canadian Government Responds to Netsweeper’s Presence in Pakistan 

Over the last few years, Internet censorship and surveillance have been on the rise in Pakistan. International reports have pointed to the alleged presence of FinFisher (espionage and surveillance equipment) and Netsweeper (filtering and blocking equipment) in the country.  In recent months, Internet users have faced service disruptions – slow Internet speed as well the inability to access several websites.

Very recently, as  a result of an investigation into customer complaints,popular VPN service Spotflux officially announced that their data centers had been blocked by the government of Pakistan. Since 2012, when access to YouTube was blocked in Pakistan, Spotflux became one of the popular methods of circumventing the blockade.

The decision to block VPNs was first made in 2010 under the Monitoring & Reconciliation of International Telephone Traffic Regulations 2010 (MRITT).  An official notification of blocking VPN in Pakistan was issued  in July 2011.  The notification, issued by the Pakistan Telecommunication Authority (PTA),  cites “prohibition to use all mechanisms which conceal communication to the extent that prohibits monitoring”.

The regulation mandates the monitoring and blocking of any traffic (encrypted or not), including voice and data, originating or terminating in Pakistan. This includes all encrypted VoIP services. If followed strictly, the MRITT could legitimize blocking of Skype and other VoIP services like Viber [Read about Sindh Interior Ministry’s attempt to block Skype, Viber & Whatsapp]. Since the regulation requires Internet monitoring on a massive scale, it allows the blocking of VPN services as they are considered an interference with the ability to monitor Internet  traffic.

The implementation of this clause raises several concerns. It has the potential to hamper online businesses in Pakistan and violate the privacy rights of Pakistani citizens. Sub clause (6d) of clause 4 of Part II “Establishment, administration and features of the Monitoring System” mentions that licensee that deploy the monitoring system are responsible for providing data to the Authority when it is required.” This data includes a complete list of Pakistani customers and their details is included.

In 2011, the official announcement to ban VPN services was met with severe criticism from the business community, specially the banking sector.  Despite warnings by the PTA, a blanket ban on VPNs was never implemented. Instead, the regulation was only applied to commercial connections, where users were told to  register their IPs with PTA so that it could be added to the whitelist. If they were using VoIP or VPNs, it had to be with the explicit permission of the Authority.

A press release published in 2007 on PTA’s website, provides details of the agreement signed between Inbox Technologies,  developed  by NARUS, to acquire a system that enabled the authorities to monitor and block “grey traffic” at the IP level. Last year, PTA acquired new  filters to monitor grey traffic in an effort to boost the “anti-terror” fight. This was the result of the International Clearing House (ICH) Policy Directive issued by Ministry of in August, 2012.  The system, which is officially called Grey Traffic Mitigation System (GTMS) became operational in October 2013, as reported to the National Assembly.

It now appears that the ISI (Inter-Services Intelligence), and not ISPs or PTA, are managing these filters to monitor and block grey traffic. But what legal mandate does the ISI have to operate the filters?

IP-level blocking and the manner in which it is being implemented is posing several problems for Internet service providers, businesses and Internet users alike. The recent surge in blocking of websites and service disruption  has been reported by Internet users. PTA Chairman’s statement to the press suggests that the regulator is currently working on fixing the issues and reportedly working on getting the filtering equipment back under PTA’s control. However, housing the system under one authority vs another is not going to be enough. Acknowledging the importance of encryption, user privacy,  and the integrity and security of the banking sector and business and financial transactions, is essential.

Update: The Pakistan Telecommunications Authority (PTA) published an ad in the newspaper announcing the process of registrations of VPNs. The ad states that all VPN users are required to register before the 25th of May or face blocking.

photo 3 300x211 Now Blocking in Pakistan: IPs and Grey Traffic

Read ISPAK’s (Internet Service Providers Association of Pakistan) letter to the Ministry of Information Technology & Telecom regarding IP blocking below:

 

URGENT

No. 5(8)/2013-ISPAK

02 December 2013

Ms. Anusha Rahman Ahmad Khan

Minister of State for Information Technology

Ministry of IT

Government of Pakistan

Islamabad

Subject:          IP Blocking Issues for Broadband Operators, Call Centers and Internet Users

Dear Madam,

        Under the recently established system by the Government of Pakistan to curb grey traffic, IP addresses blocking on Internet backbone has been started. While the intentions for having such a system may be good, the Government has unfortunately done another experiment this time at the risk and cost of Internet users and broadband operators of the country by giving this systems in the hands of Inter Services Intelligence (ISI), an organization that has a different mandate altogether and has no mechanism in place to address various issues faced by the industry.

2.      Broadband operators and call centers are prime victim of this mechanism. Legitimate and even whitelisted IP addresses of operators are getting blocked without any reason. In last week, IP addresses of DNS, Authentication Servers and Core Routers of Qubee, a leading a WiMax operator, got blocked twice on the same day, resulting in jamming of country wide network and leaving thousands of customers screaming. IP addresses of the other operators including WiTribe, Linkdotnet, etc., are also getting blocked. Many customers use VPNs (virtual private networks) on Internet to connect to their proprietary and secure networks for various business applications. These VPNs, which are now integral part of any Internet connection, are also getting blocked left, right and center with no solution in place to allow legitimate users and filter grey traffic.

3.      Leading call centers and software houses of the country, including TRG, Ovex, Shellby and so many others are running from pillar to post to get their IPs whitelisted. PTA officials seem helpless because the system is not in their control and their requests for IP whitelisting are apparently not handled by the ISI in a timely manner. ISI is also reportedly dependent upon the vendor who have supplied this system. So the red-tape circle of whitelisting on IPs is extended from the customer to the operator, from the operator to PTA, from PTA to ISI and ISI to the vendor, and same return path. It is taking weeks to resolve the issues that should have been addressed in minutes.

4.      The whole Internet traffic of the country has been left at the mercy of a system that is being operated in an amateur manner and at snail pace in totally disregard to the agony faced by the operators, call centers and Internet users. Call centers are loosing huge foreign exchange revenue and Pakistan is getting bad publicity in international business community.

5.      The media has previously reported that US$27 million were unofficially diverted from controversial ICH Agreement to enable the purchase of IP Blocking system in total disregard to Public Procurement Rules and bypassing competitive bidding. The Internet industry has thus been kept hostage to a system whose origin is illegal and design and operations totally non-professional. The grey traffic is now reportedly being shifted to Ku band satellite dishes and legitimate Internet routes are being blocked.

6.      We request you to kindly look into the matter personally and get a proper standard operating mechanism in place where IPs are whitelisted and such lists are implemented within 48 hours with no whitelisted IPs subject to blocking. There should be no limit on the number of IPs got whitelisted by a licensed operator Complaints of operators should be addressed on 24 x 7 basis with resolution time and escalation levels defined. In case of blocking of whitelisted IPs of the operators, financial compensation should be given to the operators by the Ministry of IT as operators are now being asked by their customers for compensation.

With kind regards.

Yours sincerely,

Wahaj us Siraj

Convener

c.c.   Mr. Akhlaq Ahmad Tarar, Secretary, Ministry of IT, Government of Pakistan, Islamabad.

        Chairman PTA, Pakistan Telecommunication Authority, Islamabad

        Member Telecom, Ministry of IT, Government of Pakistan, Islamabad

        Member IT, Ministry of IT, Government of Pakistan, Islamabad

See timeline of encryption blockade in Pakistan:


With  legal research assistance from Nighat Dad, Digital Rights Foundation 

Taking cue from the brilliant team at Electronic Frontier Foundation, the Bolo Bhi team has come up with a scorecard for State Minister for Information Technology & Telecom, Ms Anusha Rahman Khan. The scorecard is based on the performance of key duties by the Minister in her first six months in office.  The collective score is based on input by industry and civil society members.

 

Criteria For Each Duty:

0-3: Showed effort

4-7: Followed through

8-10: Led to outcome

 

 

AnushascoreCardfinal 395x1024  State Minister Anusha Rahmans First Six Months in Office: A Performa

 

 

1. Fulfilled promises made as a member NA standing committee on IT

In the previous government, Ms Anusha Rahman Khan, was one of the most vocal members of the National Assembly’s Standing Committee on Information Technology. During her tenure as a parliamentarian, Ms Rahman spoke for the need to increase access to information, unblock YouTube and issue 3G licenses.

She was also involved in a series of discussions on proposed amendments to the Pakistan Electronic Crime Ordinance (PECO). Despite displaying an understanding of information technology issues, then, Ms Rahman’s time in office has hardly been reflective of the same zeal to resolve issues effectively.

2. Accessibility as a public official

Speak to people within the industry, and they will tell you the Minister just doesn’t respond to letters or emails. We’ve found that to be true as well. According to them, the few meetings that were held initially led to no results as their input was never considered seriously. It has become very apparent since, that input of stakeholders is of little or no importance. Instead, handpicked experts and their input carries more weight. Surprisingly, this has not only been noted by people within industry or civil society, but also fellow politicians and parliamentarians, who also say they’ve been given the cold shoulder.

3. Restoration of YouTube

Beginning with the announcement that we can block Google on her first day of office (allegedly misreported), to introducing filters to block content and eventually trying to go the localization route, the Minister has made various speeches in the Senate on this subject and issued press statements. However, to date no concrete measures have been taken to resolve the issue. All proposed solutions have been out of line with the direction the court has taken on the issue. In fact, despite being summoned multiple times, the Minister did not appear in court. Initially, even Google officials were given the cold shoulder, by the Minister and Ministry, with refusals to talk or meet. As for independent input, it has been completely shunned. Repeated attempts to apprise the Minister of the intricacies of the issue have been met with a stony silence.

4. Adoption of 3G Technology

Recent reports suggest that the government will hold the 3G auction in March 2014. The auction and issuance of 3G licenses is a matter that has been pending since 2008. Other than discussions and field visits since the beginning of the term at the Ministry, not much has been done. It was only after the Supreme Court, hearing a writ petition for early auctioning of 3G licenses, issued directions to the government to be quick about the appointment of PTA officials, that this matter moved along. Whether the Information Memorandum will be completed in time, and the auction held in March, now remains to be seen.

5. Increase Internet Penetration in underserved areas

In a surprise move, rather than utilizing National R&D (Research and Development) Funds and USF (Universal Services Fund) money to increase telecommunications and Internet penetration in the country, these funds – amounting in billions of rupees – were consolidated and moved out of accounts maintained separately for them. While these funds had been lying unused for quite a while, industry personnel argue the right thing to do was to utilize and spend them in underserved areas to improve infrastructure, etc. as opposed to housing them under the Ministry of Finance and putting them towards the paying off of circular debt. It must be noted that no efforts to better the existing infrastructure, either through policy or otherwise have been made.

6. Disclosure on filtering & surveillance equipment

Ever since the announcement that PTCL was ‘loaning’ the Ministry filters to block content, followed by a statement maintaining filters were not the solution, there has been no disclosure by the Ministry as to what has happened to these filters that were acquired. Not only that, but through what process they were acquired, at what cost, and what has been done with them; all these questions remain unanswered. There remains also no acknowledgment or clarification to date of the alleged presence of FinFisher control and command servers and Netsweeper in Pakistan.

7. Headway on Stakeholder Draft of E-crime Legislation

For quite some time now, there has been a fair amount of back and forth between the Ministry and stakeholders on the amendments to what was previously PECO (Pakistan Electronic Crimes Ordinance). Through multi-stakeholder input, various meetings with the previous Standing Committee on IT and even more meetings with the current Minister and Ministry officials, the PECB (Pakistan Electronic Crimes Bill) 2014 still has a long way to go it seems. After near unanimous approval of the draft by stakeholders, the Ministry allegedly decided to dish out some $20,000, it is said, to appoint an international expert to point out why the proposed legislation would not work.

Will this piece of legislation see the light of day, or will a government draft make it into law, remains to be seen. The Prime Minister’s office commissioned its own version of a cybercrime law – which has been criticized heavily for lack of safeguards and knowledge of technology. Why the wastage of funds and efforts when there already exists a piece of legislation that has been debated to no end?

What kind of coordination is there between the Ministry of IT and the PM’s office?

8. Headway on Privacy Legislation

According to the Constitution of 1973, the right to privacy is an inviolable right. Despite that, Pakistan still lacks laws that protect citizens’ right to privacy. An effective legislation that will help minimize monitoring by the government, regulate surveillance by corporates and ensure that personal information of citizens’ is properly protected remains missing. Despite Snowden revelations, the authorities have not shown any commitment to protect personal data of citizens. In the past year, legislations such as the ‘Investigation for Fair Trial Act’ have been given a clean chit by the National Assembly and the Senate, further increasing the risk of legitimizing blanket surveillance by law-enforcement agencies, without accountability.

Comments: As someone everyone had high hopes from, the Minister has only disappointed. A month or two ago, many were still willing to give the Minister a chance. Yet, with every statement and action, the Minister only sunk their hopes of betterment. Bring up the Minister in conversation now, and there is a decided tone one hears, of utter frustration and anger. As a public official, she is expected to be more approachable.

It is pertinent to mention that be it over the blocking of YouTube, issuance of 3G licenses, spectrum allocation and use or relocating of USF/R&D funds, the government has been dragged into court for either non-responsiveness or contestable policies. A clear indication that nothing is right with policy-making or the approach towards it in this sector.

Going forward, what is expected of the Minister is to take seriously those outside the immediate bureaucratic and political circles. There is a lot of valuable input that has and can be provided further on issues of vital importance to industry and citizens. They deserve a hearing, and that input  needs to be factored into policy.

 

Introduction:

An article published in yesterday’s Dawn provided great detail of a cybercrime legislation drafted by Akram Sheikh Associates, commissioned by the government. Following are some initial and immediate concerns that the proposed legislation raises.

Conclusion:

The proposed legislation does not reflect a clear understanding of digital space or medium, and lacks adequate safeguards that should be in place to curb violations and excesses which have been committed in the past, under the Prevention of Electronic Crimes Ordinance, which is what led to its redrafting.

Other than the vague definitions, what this proposed legislation misses is description and detail of processes by which a crime is to be determined. In the electronic and digital medium, the process that leads to an action is of utmost importance. Determination of the crime is directly linked to that. Failure to establish a chain of deliberate and intentional events that lead to an action undermine the strength of the case.  And so, with the processes and methods of determination undefined, the legislation remains open-ended and liable to misuse. This could potentially cause innocents to be charged and tried – a concern that has been highlighted in the past.

This brings us to the proportionality of punishments as well as the method of investigation and trial. Firstly, it is questionable whether some offences listed in this legislation should be considered offences in the first place.  Many of them, elsewhere, are considered as Tort. Secondly, the authorities constituted and the functions and powers ascribed appear to be too wide-ranging.

The manner of their constitution, appointment, functioning and decision-making is centralised, with the controls in the hands of the federal government. The little representation of private entities for which provision is created is also left to the discretion of government authorities, allowing them  to handpick candidates.  The authorities are created with the goal of empowering them to be the law unto themselves, instead of creating a system of checks and balances. Instead of devolving authority so as to require warrants, and establish a clear method of investigation and trial that should include a documented procedure that is to be followed, no boundaries have been ascribed to the authorities.

There is no consideration of the event that if the said authorities were to overstep their mandate – which in fact is not clearly defined – how is that event to be dealt with. While there are punishments for citizens, nothing is prescribed for authorities and officials when they commit a mistake or deliberately misuse authority.

Most disturbing are some of the functions which are unheard of, and can only undermine the security and integrity of information systems in the country. To this extent, certification accreditation and cryptography are of great concern.

It is quite startling to see that various portions of this proposed legislation have been replicated in their entirety from the Information Technology Act of 2000 of India. For example: Section 44 is a copy of Section 43 of the IT Act 2000 of India, Section 45 is a copy of Section 66 of the IT Act, and Section 54 and 55 are mere offshoots of Section 67 of the IT Act of 2000. It would be unwise to consider the Information Technology Act of 2000 as a stepping stone, as the Act was heavily criticized for infringing upon the personal liberties of Indian citizens. Moreover, it did not take into consideration evolving technologies and new forms of communication which is why in 2008, the Information Technology Act of 2000 was heavily amended by the Indian Parliament and the Amended IT Act of 2008 was introduced.

Similarly, the Prevention of Electronic Crimes Ordinance, when first proposed received heavy criticism from civil advocacy and industry groups due to the degree to which it ignored civil liberties, business continuity and a sheer disregard of international practices. The legislation aimed to instill upon the citizens a harsh brand of justice, which was evidence of not a democratic and aware society but more of a police state. This ultimately led to its redrafting.

Any proposed legislation should ensure it is not violative of due process and fundamental rights considerations. These should be at the very center of lawmaking. The uncanny resemblance of the proposed legislation under discussion in this paper, the discarded Indian IT Act and PECO indicates that little or no attention was paid to the concerns raised previously.
The approach to lawmaking in the digital space, as we have seen repeatedly, is undertaken with little or no knowledge of the nature of digital mediums and devices. It is futile to draw from existing frameworks and replicate those for electronic/digital media. Unless very specific, practical, implementable aspects of the functioning of these mediums take into consideration, laws will continue to remain irrelevant, unsound and repressive. Sound technical knowledge along with clear standards of rights and privacy are the very first requirement for law-making in this space. This expertise, as we have seen in the past, remains missing within the policy-making circles. The multi-stakeholder input is the only way forward. And we expect that when the time to table legislation arrives, the multistakeholder approach is the one adopted over political expediency.

 

Find our analysis here and below. Find the proposed legislation under discussion here.

As published by Dawn Magazine Special Report on 20th Oct’2013 

They say they’re lifting the ban on YouTube. The government has apparently come up with a brilliant plan so that just that silly video, The Innocence of Muslims, is blocked, and we can enjoy the rest of the gazillions of videos in peace. What is this plan? In order to even to begin to tell you about it, I’ll first have to explain how YouTube works.

YouTube, like other more secure websites these days, uses HTTPS instead of HTTP. When you look at the address bar in your browser when you’re at such a website, you’ll probably see a lock symbol and https://yoursiteaddress, rather than the usual http://blahblahblah. What does this mean? When you go to an HTTPS website, there is a certain exchange of certificates between your browser and the server where the site is hosted. Your browser acts a bit like an immigration officer, “May I see your passport, please?” The server says, “Here you go, sir!” And if everything looks ok, your browser allows you to view the site’s contents. These HTTPS certificates are only granted to an extremely limited number of servers across the world, and much like the holographic image on a valid visa on your passport, it would be next to impossible to fake, and all information in such exchanges with HTTPS servers is encrypted.

Now blocking access to an entire website using its root addresses (https://youtube.com, etc.) is one thing, and can be done by our Internet Service Providers (ISPs). But blocking access to a particular video on that site would mean screwing with this hardcore HTTPS protocol. Actually, the method that the ISPs have been using to block our access to YouTube, porn and a lot of sites which nobody has any idea why they have been banned in the first place, already puts our internet privacy at risk. This method allows them to keep track of what and when an internet user accesses on the internet, unless it’s done through HTTPS. And now that we’re moving against an actual HTTPS site, this will only make matters worse!

What options did we have in dealing with this issue?

  1. Unblocking YouTube outright.
  2. Working with Google, YouTube’s parent company, to block access to the video in Pakistan (like Indonesia, India, Jordan, Malaysia, Russia, Saudi Arabia, Singapore and Turkey already have).
  3. Installation of filtering and surveillance software on users’ computers.
  4. A Machine/Man-In-The-Middle (MITM) attack.

The case for unblocking

Because of the high number of complaints against this video, YouTube shows its users a notification before allowing them to watch the video. This is explained in the following excerpt from the letter they sent to Mr Yasser Hamdani, the lawyer representing Bytes for All in the Lahore High Court case to unban the site:

“In some cases, content may not breach the global guidelines but may still be flagged as particularly sensitive for some viewers. This is the case, for example, with the Innocence of Muslims video. In this case, we add a warning interstitial page that users see before they accept to continue through to the video itself.

The warning states: “The following content has been identified by the YouTube community as being potentially offensive or inappropriate. Viewer discretion is advised”. It was on the basis of this interstitial page that the government of Bangladesh, for example, lifted its earlier ban on YouTube.”

Working with Google

Google has ruled out cooperating in this regard until the company is offered Intermediary Liability Protection (ILP) through a legislative amendment which shields it from any legal repercussions resulting from any user of the website uploading content that’s considered unlawful in Pakistan. Following is the text regarding this issue from the same letter to Mr Hamdani:

“In some countries, YouTube has additional functionality and customisation that allows for the highlighting to users of local content within a country. You can see a list of these countries in the ‘country’ menu at the bottom of a YouTube page. The decision as to whether to offer this service is a business, legal and commercial decision, and takes into consideration, for example, whether there is adequate legal certainty and protections for the provision of such online services in the country.

We have been discussing this in the context of the need for intermediary liability protection for online platforms and a clear notice-and-take-down mechanism in Pakistan to bring these provisions into line with international best practice (such as the OECD guidelines). For example, any notice-and-take-down requirements should be based on legal process, address individual video URLs as opposed to requiring broad general monitoring and pre-emptive removals, and allow for counter-notice from content owners. Whilst, without prejudice to any jurisdictional argument, we are grateful for any offer to provide additional legal certainty and protections, we believe that only a legislative change such as a clarification within appropriate legislation would ensure the necessary consistency across multiple judicial bodies and address the international best practice requirements above. The provision of such legal certainty would also, we respectfully suggest, open up the broader exciting opportunities of the digital economy to Pakistan.”

In layman’s terms, Google would only consider taking the video down for Pakistan if such protection was offered to them at a legislative level. The Lahore High Court in May agreed to do this, but nothing seems to have been done about that as of yet.

The software route

There are certain HTTPS-based software which can take care of this issue. These can be installed voluntarily by all internet users in the country, or the government could launch a sort of spyware campaign, forcedly installing it on everyone’s computers. According to reports, our government is already involved in such activity, but hopefully only against certain individuals and not the public at large.

MITM

In the meanwhile, the method that our government seems to favour is this one: the Man-In-The-Middle attack effectively puts a proxy server between all of Pakistan’s computers and YouTube. So instead of many of us going to proxy server sites to watch YouTube videos, the government is going to do us a solid and set up a lovely proxy server for us. This server will filter the videos that are deemed not fit to watch in Pakistan. And to use the immigration analogy from the beginning of this article, our government is possibly getting into the business of printing fake visas. They’re going to have to use a Certificate that our browsers will trust as legitimate. Most probably the browsers won’t, and will ask us, “Are you sure about this?” And we, in our desperation, will be willing to click “Yes!” to just about anything at that point.

First of all, the whole point of HTTPS is that it is secure. When you compromise its security, you’re compromising the privacy and security of all Pakistani internet users’ internet transactions and data. Banking pins, email and social media passwords, and secure messaging, could all be monitored, logged and analysed, turning Pakistan into a surveillance state. And what if this national proxy server is hacked? We can say with certainty, that if this method is used, our entire online lives would be at risk.

The best option would be to work with Google on this. We need to speed up the legislative process regarding the ILP issue. Even though this would mean that the government would be controlling YouTube’s activity according to our local laws, which would still be unacceptable to many of us. But still, at least we’ll have YouTube without as much risk!

As published by Dawn Magazine Special Report on 20th Oct’2013 

They say they’re lifting the ban on YouTube. The government has apparently come up with a brilliant plan so that just that silly video, The Innocence of Muslims, is blocked, and we can enjoy the rest of the gazillions of videos in peace. What is this plan? In order to even to begin to tell you about it, I’ll first have to explain how YouTube works.

YouTube, like other more secure websites these days, uses HTTPS instead of HTTP. When you look at the address bar in your browser when you’re at such a website, you’ll probably see a lock symbol and https://yoursiteaddress, rather than the usual http://blahblahblah. What does this mean? When you go to an HTTPS website, there is a certain exchange of certificates between your browser and the server where the site is hosted. Your browser acts a bit like an immigration officer, “May I see your passport, please?” The server says, “Here you go, sir!” And if everything looks ok, your browser allows you to view the site’s contents. These HTTPS certificates are only granted to an extremely limited number of servers across the world, and much like the holographic image on a valid visa on your passport, it would be next to impossible to fake, and all information in such exchanges with HTTPS servers is encrypted.

Now blocking access to an entire website using its root addresses (https://youtube.com, etc.) is one thing, and can be done by our Internet Service Providers (ISPs). But blocking access to a particular video on that site would mean screwing with this hardcore HTTPS protocol. Actually, the method that the ISPs have been using to block our access to YouTube, porn and a lot of sites which nobody has any idea why they have been banned in the first place, already puts our internet privacy at risk. This method allows them to keep track of what and when an internet user accesses on the internet, unless it’s done through HTTPS. And now that we’re moving against an actual HTTPS site, this will only make matters worse!

What options did we have in dealing with this issue?

  1. Unblocking YouTube outright.
  2. Working with Google, YouTube’s parent company, to block access to the video in Pakistan (like Indonesia, India, Jordan, Malaysia, Russia, Saudi Arabia, Singapore and Turkey already have).
  3. Installation of filtering and surveillance software on users’ computers.
  4. A Machine/Man-In-The-Middle (MITM) attack.

The case for unblocking

Because of the high number of complaints against this video, YouTube shows its users a notification before allowing them to watch the video. This is explained in the following excerpt from the letter they sent to Mr Yasser Hamdani, the lawyer representing Bytes for All in the Lahore High Court case to unban the site:

“In some cases, content may not breach the global guidelines but may still be flagged as particularly sensitive for some viewers. This is the case, for example, with the Innocence of Muslims video. In this case, we add a warning interstitial page that users see before they accept to continue through to the video itself.

The warning states: “The following content has been identified by the YouTube community as being potentially offensive or inappropriate. Viewer discretion is advised”. It was on the basis of this interstitial page that the government of Bangladesh, for example, lifted its earlier ban on YouTube.”

Working with Google

Google has ruled out cooperating in this regard until the company is offered Intermediary Liability Protection (ILP) through a legislative amendment which shields it from any legal repercussions resulting from any user of the website uploading content that’s considered unlawful in Pakistan. Following is the text regarding this issue from the same letter to Mr Hamdani:

“In some countries, YouTube has additional functionality and customisation that allows for the highlighting to users of local content within a country. You can see a list of these countries in the ‘country’ menu at the bottom of a YouTube page. The decision as to whether to offer this service is a business, legal and commercial decision, and takes into consideration, for example, whether there is adequate legal certainty and protections for the provision of such online services in the country.

We have been discussing this in the context of the need for intermediary liability protection for online platforms and a clear notice-and-take-down mechanism in Pakistan to bring these provisions into line with international best practice (such as the OECD guidelines). For example, any notice-and-take-down requirements should be based on legal process, address individual video URLs as opposed to requiring broad general monitoring and pre-emptive removals, and allow for counter-notice from content owners. Whilst, without prejudice to any jurisdictional argument, we are grateful for any offer to provide additional legal certainty and protections, we believe that only a legislative change such as a clarification within appropriate legislation would ensure the necessary consistency across multiple judicial bodies and address the international best practice requirements above. The provision of such legal certainty would also, we respectfully suggest, open up the broader exciting opportunities of the digital economy to Pakistan.”

In layman’s terms, Google would only consider taking the video down for Pakistan if such protection was offered to them at a legislative level. The Lahore High Court in May agreed to do this, but nothing seems to have been done about that as of yet.

The software route

There are certain HTTPS-based software which can take care of this issue. These can be installed voluntarily by all internet users in the country, or the government could launch a sort of spyware campaign, forcedly installing it on everyone’s computers. According to reports, our government is already involved in such activity, but hopefully only against certain individuals and not the public at large.

MITM

In the meanwhile, the method that our government seems to favour is this one: the Man-In-The-Middle attack effectively puts a proxy server between all of Pakistan’s computers and YouTube. So instead of many of us going to proxy server sites to watch YouTube videos, the government is going to do us a solid and set up a lovely proxy server for us. This server will filter the videos that are deemed not fit to watch in Pakistan. And to use the immigration analogy from the beginning of this article, our government is possibly getting into the business of printing fake visas. They’re going to have to use a Certificate that our browsers will trust as legitimate. Most probably the browsers won’t, and will ask us, “Are you sure about this?” And we, in our desperation, will be willing to click “Yes!” to just about anything at that point.

First of all, the whole point of HTTPS is that it is secure. When you compromise its security, you’re compromising the privacy and security of all Pakistani internet users’ internet transactions and data. Banking pins, email and social media passwords, and secure messaging, could all be monitored, logged and analysed, turning Pakistan into a surveillance state. And what if this national proxy server is hacked? We can say with certainty, that if this method is used, our entire online lives would be at risk.

The best option would be to work with Google on this. We need to speed up the legislative process regarding the ILP issue. Even though this would mean that the government would be controlling YouTube’s activity according to our local laws, which would still be unacceptable to many of us. But still, at least we’ll have YouTube without as much risk!

As published by Dawn Magazine Special Report on 20th Oct’2013 

“There was life before YouTube you know” … say those trying to smooth my ruffled feathers when I express frustration at not being able to access it. Quite true … but the same is true of life before cars or television or the light bulb or toilet that can be flushed or even sliced bread! Why doesn’t everyone go back to it because all of these things offend someone or the other’s sensibilities at some stage?

No one does … because we are not meant to; we are meant to go forward, embrace change and reap its benefits. As with most things, nothing is good or bad in itself. The usage makes it so. It’s difficult to understand for people who are the progeny of those who labelled first the loudspeaker, then the radio, and then the TV/VCR, etc. as ‘Satanic devices’ but is simple for anyone with common sense.

YouTube is a platform; much like a blackboard, or a loudspeaker. It provides an opportunity for people to post video content on it. Yes, it has the good, the bad and the ugly sides, depending on who is watching what, but what it does NOT have is the ability to force you to see what you think is inappropriate.

What it does is that it allows students sitting in an impoverished part of the world to gain access to resources and guidance material developed by the best educational institutions in the world.

It allows musical prodigies like Usman Riaz from Pakistan to unlock their talent and reach the world stage. It allows people like Salman Khan of Bangladesh to set up his amazing www.khanacademy.org which has delivered over 300 million lectures across the world.

Then we have our very own www.sabaq.pk which has the complete curriculum of maths right up to Matric available on YouTube videos for students the world over.

It has delights such as www.toffeetv.com, which entertains and educates little children, and on the other end of the spectrum it had offered a free platform to our Virtual University to post all its educational content on it.

Then we had the innovative platform for webtv that was offered by www.247online.tv to engage the youth that does not watch television.

What about the harm this ban has done to initiatives like www.daestv whose entire business model was based on the availability of this free platform?

And what about the wealth of content that our specialist universities like the NED used to access from MIT or Air University? And medical students watching complicated surgeries and learning from them?

As was explained by Farieha Aziz of Bolobhi, the amicus curie for the Lahore High Court hearing the petition against YouTube ban, filed by BytesforAll, Pakistan [a human rights organisation with a focus on Information and Communication Technologies], there were 13,049,489 views on YouTube for videos from just six educational institutions in Pakistan that used the website to place their video lectures. The institutions included the Virtual University of Pakistan, The Institute of Chartered Accountants Pakistan, Lahore University of Management Sciences, Quaid-i-Azam University Islamabad, National University of Sciences and Technology.

For those who adopt a dismissive attitude about the art, music and other entertainment resources, even though they are just as important as components of a holistic education, how can they not value the resources that are there in the form of advocacy videos on health, fitness, environment, religion, cooking, DIY tips, advocacy videos put up there by various organisations. What about political and social activism? None of these would have been possible without this free medium.

Data submitted to the Lahore High Court also lists down some very clear contrasts. Total number of views for Islamic and educational content on YouTube were 1,199,368,564, while the total worldwide views of the objectionable film, The Innocence of Muslims, on YouTube were 1,965,186, which is just 0.164 per cent of the former.

Of course, the figures for the offending film owe a lot to the violent protests in Muslim countries which spiked the interest in this very amateurish video which had remained obscure until all hell broke loose here. It probably would have remained so had it been ignored, but what is past is past.

What is the way forward? Is there a way forward in a country where policies are made hostage to violent street protest and where rational discourse is decapitated?

For those who do not seem to understand the way the new medium of the internet works, it is impossible to block something. There are ways to get around these bans. People have found them in countries like China and Iran too.

Such bans encourage people to use proxies. This exposes their computers to the risk of viruses. Offices and institutions certainly will not allow that even if it means not being able to benefit from online resources.

But this does not mean that people are going to stay away. As posted by http://www.infopakistan.pk, the search trends about Pakistanis on YouTube have not changed from what they were in 2012. This means that just about the same number of people are accessing the medium as before the ban.

There are good and bad people, good and bad books, good and bad movies, restaurants and theatre. Similarly there is good and bad content on the internet. However, you can keep yourself out of harm’s way by not accessing it. No one is going to force it on you.

So go ahead, use a Virtual Private Network (VPN) if you can afford to. Otherwise, just Google Youtube unblockers and choose from any number of ways to access YouTube, after making sure your computer is secured against viruses, etc. Watch all that is best on YouTube as it is NOT bad for you!

Published in The News on Sunday on October 13th – Special Report

Ask the people on the streets about the proposed VoIP ban, and the response is rather mixed
By Ammar Shahbazi

The Sindh government’s proposal to ban instant messaging and voice over internet protocol (VoIP) applications, such as Skype, WhatsApp, Tango and Viber for three months has drawn anger and ridicule from the public.940937 01 02 Typed out and that’s all

Internet users are enraged at their utter helplessness, as the government, flaunting its power, comes up with blanket measures — citing the ever-deteriorating law and order situation in the province.

They say government machinery, which is made up of grey-haired politicians and bureaucrats, is yet to comprehend the dynamics of internet.

“They are at a complete loss,” says Kashfia Altaf, a university student, “You cannot treat internet users like this. It’s a different world. The government is totally clueless when it comes to handling internet.”

At a press conference last week, Sindh Government’s information minister, Sharjeel Memon, called the proposed ban an inevitable step to curb criminals from making extortion calls through these Apps — a norm in the provincial capital Karachi during EidulAzha. He was of the view that the decision would complement the ongoing targeted operation in the city.

However, regular internet users see such an idea as a severe infringement of their right to benefit from the World Wide Web.

In the past several years, the use of VoIP apps like WhatsApp and Skype increased manifold. People have set up home-based business through Skype, where WhatsApp and Viber also became a crucial part of their lives.  

“Banning these Apps will affect people in different ways,” explains Khurram Ishtiaq, a software developer who works for a foreign company from his home in Karachi. “The world in general takes this Apps for granted now. There are e-businesses established on the basis of these tools. It’s like banning electricity for three months, because there is an increase in incidents of electrocutions.”

However, the proposal has its supporters, including the patron-in-chief of Pakistan People’s Party (PPP), Bilawal Bhutto, who famously tweeted: “Dear Burgers, Sorry abt Skype/Viber/Whatsapp. Excuse us while we catch some terrorists and save some lives. SMS for 3 months. Sincerely BBZ.”

There are also some who like to believe that the use of VoIP Apps in Pakistan is exaggerated. And the wave of criticism on twitter against the decision was overly dramatic.

“Ask the people on the street, they won’t even know what Tango is or how WhatsApp works, even I don’t know,” says Shahid Idrees, another university student. “These Apps became trendy just a few years back, and the idea some of these arm-chair twitter-based activists are trying to give is that we cannot live without them. This is ridiculous. Why does everything becomes a life and death issue?”

Idrees, however, does not support Sindh government’s security strategy. He says the provincial government has a history of taking such extreme measures that only lead to problems for people.

The people of Sindh had in the last PPP-led government braved the most number of mobile service cancellations — spending whole days without connections. Then the YouTube ban followed.

The people in general have resorted to a muted response. The rage is usually typed out, and that’s all. Be it a cell phone network or a website, apart from twitter and other social media outlets, the government’s clampdowns never really propel a massive outrage — not even a memorable public demonstration against such trampling of individual rights. “This goes on to show how much YouTube, Skype or Tango is relevant to the majority of Pakistanis,” adds Idrees.

The ban is still a proposal. The federal interior minister, Chaudhry Nisar, has voiced his disagreement over the idea, saying that he is personally against such an extreme measure. It may be mentioned that banning of websites or applications falls beyond the purview of the provincial government. It’s the federal interior minister who will give the final nod. The net-savvy Skype, WhatsApp users are using their Apps while the federal government makes up its mind.