Benjamin Franklin, who is regarded as one of the Founding Fathers of the nation that proudly sings the Star-Spangled Banner, once said, “Those who surrender freedom for security will not have, nor do they deserve, either one.”   Moving the clock ahead by about three hundred years, we have the current President of the United States, Barack Obama, who said, “in the years to come, we will have to keep working hard to strike the appropriate balance between our need for security and preserving those freedoms that make us who we are.”

The convolution of the “American dream” and what it implies, has wrought havoc in the socio-political landscape, which has continually evolved. May be, a few within the American political fold would refute Mr. Franklin’s statement by stressing on the volatile political and security landscape. Perhaps, Mr. Franklin did not take into consideration that magical boxes of light with a keyboard in front of them would constitute the gravest threat that the land of the free and the home of the brave would face. However, it is immaterial to discuss the volatility of changing political perspectives, what must be constant and an overriding force to dictate how a government operates is the element of law. The legal implications of a state defying its own or internationally ratified doctrines of legal principle.

In June of 2013, a person of whom the world had never heard of, an employee of the National Security Agency, by the name of Edward Snowden shook the world and the US Government by revealing that the foremost security agency in the developed world, was keeping tabs on, for the lack of a better word, everyone.

Pakistan, according to reports, was the second most surveilled country by the NSA, this came as a rude shock given the amount of existing “data-sharing” between the American Government and its ally. However, Pakistan itself prides on being the last in implementing the latest technology and ensuring the essential freedoms guaranteed by the Constitution of 1973. But the core crux remains how the theory of American exceptionalism in regard to international laws has allowed the State to willfully disregard the validity of international law and is unperturbed about the violations its own government agencies are now committing.

After September 11, 2001, the US Congress felt that the US was grossly ill-equipped to tackle terrorist threats on domestic soil. The restrictions placed on agencies to conduct domestic “spying” which included, but was not restricted to wiretapping and other surveillance methodology were subsequently removed, though the agencies had to obtain court orders to conduct such surveillance, giving the judicial arm of the State supreme authority to condone such acts. The Patriot Act, a piece of legislation that worried Congressmen due to the blatant manner in which it stripped civil liberties, remained intact and was renewed. However, this post does not refer to national legislation, but the manner in which the US is violating international law.

The United States of America ratified the International Covenant on Civil and Political Rights in 1992, giving the Human Rights Committee the authority to review human rights violations which are either taking place with the legal jurisdiction of the US or violations which US agencies are committing. In the light of evolving technology, the UN High Commissioner Navi Pillay at the opening session of the Human Rights Committee meeting stated, “Powerful new technologies offer the promise of improved enjoyment of human rights, but they are vulnerable to mass electronic surveillance and interception. This threatens the right to privacy and freedom of expression and association” reaffirming the notion that the American breach of citizen and noncitizen privacy is a major breach of international law.

Turning the interrogation lamp onto the Foreign Intelligence Surveillance Act of 1978, Section 702 of which gives US Security agencies broad, sweeping powers to conduct surveillance is in gross violation of the ICCPR which provides the following four principles to gauge whether such power is within the realm of human rights:

  • Limited by statute and clearly defined in nature and scope
  • Narrowly tailored to address legitimate governmental objectives, such as threats to national security
  • Subject to independent oversight systems to prevent abuse
  • Applied equally irrespective of nationality

Section 702 of the Foreign Intelligence Surveillance Act, under which the PRISM program falls, fails each of the above requirements. The Report and Recommendations the President’s Review Group on Intelligence and Communications Technologies states, “The United States must protect, at once, two different forms of security: national security and personal privacy”. Moreover, the report also states, “The United States should be a leader in championing the protection by all nations of fundamental human rights, including the right of privacy, which is central to human dignity”.

Such statements made by the President’s advisory group stand in stark contrast with the practice of the US Government. Such disregard for international doctrines are at polar opposites with US rhetoric and global policies. The Snowden revelations have already created ripples through the cyber sphere, stifling choices made by citizens on the services they connect to, what they make publicly available and the activities they engage in online, restricting their freedom of choice, which is also a violation of international law. What the US must realize is that internet security is a two way street: By giving legislative effect to collect, indiscriminately, personal information of non citizens,  can give other Governments the incentive to do the same with American citizens. In order to protect the rights, interests and information of its own citizens, the US administration must ensure the same of citizens which do not salute the star spangled banner. The there is also a significant debate about the NSA spying on it’s own citizens as well, an issue that has grabbed the attention of all of US media.

The United States of America is widely considered the sole global power: It must be the harbinger of peace, stability and the protection of fundamental freedoms, the very idea upon which the US Declaration of Independence was penned. The US must be the very example of adhering to global policies and laws, and not be the one violating them if it doesn’t want to be seen as hypocritical.

All of us, at some stage or the other, have typed our names into various search engines. Some have been met by a wall of fame meticulously archiving all their wonderful achievements. Others, including myself, have been met by a chronicled horror show of teenage angst and a laundry list of things we wish we hadn’t said or done. For the latter we all desperately wish we could erase all evidence of our naïve past from the vast cosmoses of the Internet.

The debate on the privacy of one’s information online has stretched on for a very long time now, yet it is no closer to a conclusive, accepted standard than it was when it first started. However, a recent EU ruling suggests it has settled on a standard – acceptable or not is up for debate.

EU Ruling

The debate over the right to be forgotten, at least in the European Union culminated on the May 13, 2014, when the European Court of Justice, in a lengthy decision in the case of Google Inc v Mr Costeja González, ruled that any individual could demand that a search engine remove all unwanted information about the individual from its index – regardless of whether it were accurate, lawful, or publicly available elsewhere.

In the case itself, a legally published article from a newspaper in 1998 detailing Mr González’s non-payment of his mortgage had been archived online and searching for his name on Google brought up the article as one of the results. Mr González sought to have Google remove the archive as he believed it acted to his detriment and infringed upon his privacy.

Given the reaction and criticism the ruling has elicited, the case is not as straightforward as the ruling may suggest. One of the questions being asked is why must onus to remove data be on a search engine when it is not responsible for the publication of that data (and that it is the user who chooses to publish). With regards to this, judges opined that the indexing of pages on the Web fit the definition of “processing” data as per the Data Protection Directive 95/46/EC, which Google was under a legal duty to abide by. The Court felt that by aggregating a vast amount of data on an individual, a search engine creates a larger illustration of the individual that would otherwise “not have been interconnected or could have been only with great difficulty.”

The ruling however creates an exception to the rule. The court held that the right to be forgotten could not be applied if there was an “interest in the public having that information… [and] the role played by the data subject in public life.” This is vastly open to interpretation. What satisfies the threshold of an individual playing a substantial role in public life? Is the threshold satisfied if he/she is a politician? If he/she has five-figure Facebook friends /Twitter followers? What about a circumstance in which an individual is not a “public personality” at that point in time and successfully manages to have data on him/her removed from search engines, only to later become the Prime Minister of the country? Will the onus be on a company/search engine to restore all data on the individual that they previously expunged?

To further illustrate the complexities of such a threshold, how it is to be determined and by whom, here is a list of individuals who have requested Google to have data on them removed from its indexes. A list ranging from politicians, celebrities, doctors, to convicted sex-offenders.

Prior to the ruling by the European Court of Justice, Google policy dictated it would remove any information from its index if it made individuals susceptible to certain harms. The ruling however goes a lot further and allows individuals to erase their digital footprint even in cases where it may be highlighting previous misdemeanours. It is therefore no surprise that both Google and Wikimedia – the parent company of Wikipedia – have deemed the EU ruling to be “astonishing.”

It is interesting to review the impact of this ruling in the context of a on recent case in local German courts. Wolfgang Werlé and Manfred Lauber’s claim to fame was their murder of a German actor in 1990. They sued Wikimedia to “forget them” and remove all mention of their past act. Under German law, a criminal’s name can be suppressed in news accounts once he/she has served his/her sentence. The German courts, in line with precedent, did order Wikimedia to suppress all content related to the two, however, as Wikimedia had no local operations in Germany, it was not jurisdictionally obligated to abide by a decision of a German court.

If jurisdiction were not a barrier, the outcome in the above-mentioned case would boil down to a question of whether the public has an interest in knowing the past actions of Werlé and Lauber. That is a criteria easy to stretch to fit any narrative, for example, one could put forth the argument that the convicted individuals had a better chance of rehabilitation if their history was expunged. If such an argument succeeded, it would be akin to individuals erasing an integral part of their past, and denying their future associates access to information that perhaps should be known to them before embarking on a mutual endeavor.

Requiring intermediaries to alter – and as viewed by some, censor – data on the Internet could, in the long run, stifle intermediaries, restricting them from providing services that afford free and easy access to information. Also, if legally obtained and published information about individuals starts being removed, neutrality of data and the Internet would be further diminished.

Quoting Orwell, “He who controls the past, controls the future,” said a statement on the case issued by the Electronic Frontier Foundation, an online civil liberties group. In this case, the lines are blurred and who has the authority to do what is unclear.

Divergent views on the ‘right to be forgotten’

The right to be forgotten is a dangerous path to tread upon, argues Jeffrey Rosen, professor of law at George Washington University. If unfettered permission is granted to expunge people’s past, ideals of free speech and a neutral Internet can quickly be forgotten, and corporations and powerful individuals will have greater authority to control the flow of information online.

Proponents of the ‘right to be forgotten’ argue that every individual deserves the right to privacy. The vast picture of our stories that is painted across the internet can be collected by people and used in order to commit a vast range of misdeeds, ranging from identity theft to stalking individuals. On the other hand, opponents of the ‘right to be forgotten’ claim all information available on the Internet is published legally – and often voluntarily self-published by an individual online. Their view on the ‘right to be forgotten’ is that is just another way enabling governments, companies and individuals to exert control over what may and what may not be published online. On the flip side, if one is not allowed to remove their digital footprint under certain circumstances, there can be a very real threat to the security of their person. Striking a balance between the two extremes is imperative.

The cultural juxtaposition between the respective approaches of the EU and US towards this issue, poses an interesting reading. While the EU has acted to limit the scope of information that is publicly accessible citing privacy laws, the US and its First Amendment stand in direct opposition. Accurate or not, what the two divergent positions have been defined as are privacy vs censorship.

What the debate really boils down to is a question of individual liberties: does the liberty to either express oneself or access legitimate information outweigh the need to protect one’s privacy? Is it even valid to deem acts legitimately published in the public domain as private? Is this polarity reasonable to begin with? The answers to these questions require also are not straightforward and call for complex reasoning and, at a glance, consideration that this is anything but a simplistic matter and requires further deliberation is found missing in the European Court’s decision.

The majority view on the decision is that it is sweeping in nature and seemingly fails to address the balance between public and private data. According to the Stanford Law Review, it is imperative to draw up a comprehensive policy that provides a clearer framework of data that ought to be protected, and data that need not be. However, such policies must ensure that the right to free expression and access to information are construed widely and only subverted where there is legitimate harm being caused to an individual not to hide a ‘wrongdoing’ on their part.

Edit: Since this article was published Google has launched a portal wherein European citizens can request that links containing information about them are removed from search result pages.This is the first step to comply with a court ruling affirming the “right to be forgotten”.

References

The Stanford Law Review

The European Journal of Law and Technology

The New York Times

The Guardian

 

Chilling Effects Clearinghouse, a  collaborative venture by law school clinics and the Electronic Frontier Foundation that collects and analyzes legal complaints about online activity, posted online five requests made to Twitter by the Pakistan Telecommunications Authority (PTA). 

The requests were made between May 5-14, 2014 and cite the Pakistan Penal Code as legal justification for content removal. These requests were entertained as per Twitter’s ‘Country Withheld Content’ tool , which entertains requests from government and law enforcement agencies to have potentially illegal content and accounts removed or restricted in the country making the request.

The question that then must be asked is of the legitimacy of the requests forwarded by Pakistan Telecommunication Authority (PTA). The PTA, in accordance with Section 5 of the Pakistan Telecommunication Authority Re-Organization Act 1996 (amended 2005) is a body established to regulate licenses and workings of telecommunication services and systems. The Act does not in any form give PTA the authority to arbitrarily restrict content on the Internet. Section 8 of the Act allows the Federal Government to authorize the PTA to take or implement certain policy decisions; however, content removal, whether by itself or through another, is beyond the ambit of powers of the PTA or of any government authority for that matter.

PTA has gone on record to say previously – in court and the media – that it is the IMCEW’s (Inter-Ministerial Committee for the Evaluation of Websites) directives it follows vis a vis restriction of access or content online. As a regulator, it says it does what is directed to do.

If there was federal authorisation for these requests, then in the interest of transparency, the relevant bodies should make public the legal process followed to route these requests. Who initiated the complaint, where was the complaint made, who forwarded it and what law specifically was cited for removal.

It is pertinent to highlight that Pakistan does not have cyber laws or any clearly defined policy that applies to the Internet. No specific protections exist in law that support user privacy and citizens’ right to information.  In the past, content has been blocked in an ad hoc manner. A lot of political dissent has been blocked under the garb of blocking anti-religious or anti-national content, disregarding citizens’ right to information and the need for transparency and accountability.

Twitter’s ‘Country Withheld Tool,’ while seeking to facilitate the manner in which governments make requests, is worrisome for citizens in countries where no transparent and legal processes exist for access and content on the Internet. Over the last few years, various authorities have arbitrarily blocked and censored the Internet, not over ‘illegal’ content, but to suppress political dissent. The process by which requests from governments are entertained by Twitter must also be made public knowledge. What is considered a valid complaint, through what process and policy?

Speedy compliance without this information being placed on public record sets a dangerous precedent and hampers efforts of those seeking to limit censorship on the Internet in Pakistan.  Government authorities have routinely cited Facebook’s speedy compliance with take down requests as a justification to continue the ban on YouTube, and it appears as though Twitter is joining that league requiring little in way of due process to comply with requests.

Watch Barrister Babar Sattar’s Legal Analysis regarding Internet Policy, Law & Fundamental Rights

 

 

Mr. Mohsin Shah Nawaz Ranjhahas, the Parliamentary Secretary of Information & Broadcasting, recently made an all too popular  statement regarding social media, and problems that are common for users worldwide. Commenting on the misuse of social media by “online miscreants”, Mr. Ranjhahas said that the government would formulate a policy to deal with ‘false information’ spread online through ‘fake identifications.’ The name ascribed to those who pose such  a problem is an internet troll. It is important to understand that there is a difference between harmless, good-humored trolling and vicious, abusive trolling. Friends and acquaintances may tease each other or joke in good humor, but on the darker end of the spectrum, there are individuals whose sole intention is to create an environment of hostility and discrimination. This kind of troll is someone who will use a fake identity online to harass people, spread rumors as facts, or relentlessly criticize someone in order to provoke an emotional response. Trolls will often operate with multiple identities, so if you block one social media profile, another will take its place. It may sound like there is no way to thwart a troll, but in actuality, there are several.

Trolls always want an audience to witness their abuse and bullying, because they crave attention in one form or the other. That is why they will often congregate on social media websites, where many people can see them engaging people in their banalities. They either attempt to publicly humiliate others, or they believe a large audience should hear their opinions, which is why, especially on political issues, an online troll will say the same thing to different people, mostly opinion leaders such as talk show hosts and news anchors, seeking approval from authority figures.

In cases where trolls attack political or public figures, the intention is almost always to cast negative light upon the individual; the troll may dislike the person’s political affiliations, public opinions, or in some cases, even aspects of their personal life. However, as wrong and mentally distressing as the deeds of online trolls are, that cannot serve as an excuse to limit, censor, or ban social media in any way. There are many ways to deal with this particular nuisance, and we, the good folks at Bolo Bhi have enlisted a number of efficient ways that work much better than policing the internet.

Understand the difference between trolling and expressing opinions: This is especially important when you occupy a position that frequently places you in the public eye, such as working for a media group, the state, or a public sector organization. Even if the expression of the idea conveyed an aggressive tone, it is still covered under free speech, and unless there is an explicit threat to your personal safety, or of your friends and family, there is no cause for any action at all. You can either a) choose to ignore the criticism, or b) address it by engaging in civil, polite discussion, or c) if you do not wish to engage in a lengthy debate, only tell the person that you understand what they’re saying and that you can just agree to disagree.

Block & Report as spam: All social media platforms provide the option for users to block unsolicited commentators and report them as spam. This is not a permanent fix, you block one account and others may pop up. Despite the fact that this will act as a temporary deterrence, it is an important one, as we will go on to explain in step 4.

Do not feed the trolls: A common phrase on how to deal with online bullying is “do not feed the trolls.” When someone is harassing and/or threatening you, there is certainly a serious issue, but when an online troll is only trying to provoke a response out of you, it may  be better to simply ignore the troll. Online bullies and trolls feed on other people’s rage, discomfort, and unhappiness; by making jokes and comments to upset people. Reacting with discomfort and annoyance to trolling is giving trolls what they want. We are not asking you to make light of threats or to not deal with harassment, deal with it, but do not exhaust yourself by engaging with an aggressive troll.

Report abuse: Remember in step two when we asked you to report individual’s statements as spam? Well, this is precisely why. All social media platforms flaunt an abuse policy and a method to report abusers. We have made a list of email addresses to reach out to in case you are facing abuse on social media. When writing the email, remember to provide all necessary details, screenshots of the accounts’ tweets, the screenshots reporting spam and lastly, a list of all accounts that are involved in harassing/trolling should be included.

Investigate the troll’s identity: Sometimes, it is easy to understand a troll’s ideology by reading the content they share on social media, or the tweets or comments they may be making in public, or they might even write on a blog. By investigating public content that is not a violation of the troll’s privacy, you can understand their ideology, which may be against your own opinions, political affiliations, or beliefs. Armed with this knowledge, you can then inform the social media public about how you’re being harassed by someone because of your opinions and views, thereby exposing the troll to criticism, rather than becoming the target of criticism yourself by reacting poorly to trolling attempts.

Block IPs yourself when possible, or through external sources: If you’re being trolled on a website or blog such as WordPress, there are numerous options that allow you to block the IP Address of a troll, so they cannot make various fake identities and harass you. In cases where IPs are not identified such as social media, the websites in question cannot release information such as IP addresses to a civilian, and can only do so when an official request is made by authority figures. In such a case, you can take a screen capture of the content that is harassing or threatening you, and get in touch with CPLC  who can help you take steps to ensure your personal and online safety.

Protect your privacy online: The content we share through social media connects us to friends and family, but it can also be used against us. It is essential to familiarize yourself with whatever social media platform you are using, and know your privacy settings from status updates to your photos. Make sure that your close friends and family protect their privacy too, as trolls will often target what they perceive to be your weakness, such as your nearest and dearest. Bolo Bhi has a list of resources for maintaining your digital security, and ensuring that personal, sensitive information cannot fall in the hands of anyone who means you harm.

 

—————————————————————————————————–

 

How to report abuse on Facebook

Facebook Safety Center

Report a Violation of Facebook Terms

How to report harassment or abuse if you’re not on Facebook

Privacy rights: Photo removal request

Report a privacy rights infringement

Report a convicted sex offender

Report blackmail

Report suicidal content

Report abuse at: abuse@facebook.com

Twitter:

How to report an abusive user

Report account for impersonation

Report account for spam

Report a problem to the support team

G+:

Report a profile

Report spam or inappropriate content

Report abuse in public video hangouts

Report abuse on events

Contact a Gmail user abusing Google’s Terms of Service (TOS)

Compromised Gmail account

Learn about suspicious activity on your Google account

Gmail security checklist

How to delete your Google Plus profile

Yahoo:

Reporting spam, phishing, or scams to Yahoo

Report an inappropriate comment or abuse on Yahoo

What to do if your account is sending spam

What to do if you’re being harassed on Yahoo

Form for contacting Yahoo

 

Facebook just published its second transparency report, revealing requests it receives from governments around the world for user data and content removal. The report introduces Facebook’s policy of dealing with government requests as “We respond to valid requests relating to criminal cases. Each and every request we receive is checked for legal sufficiency and we reject or require greater specificity on requests that are overly broad or vague”.

Between July and December 2013, the Government of Pakistan made a total of 126 requests for user data relating to 163 users or accounts, and Facebook fulfilled 47% of these requests. Moreover, access to content on 162  pages and profiles was restricted.Facebook describes Pakistan’s content restrictions as “content primarily reported by the Pakistan Telecommunication Authority and the Ministry of Information Technology and Telecommunications under local laws prohibiting blasphemy and criticism of the state.” Since Facebook states that they check every report for “legal sufficiency”, it is alarming that “criticism of the state” is being listed as prohibited content in Pakistan.

facebook transparency report  1024x559 Facebook Transparency Report: Since When Is Criticism of the State Illegal in Pakistan?

In the past, Facebook pages of groups talking about secularism have reportedly been taken down by Facebook, including the widely read Urdu page “RoshniPK”. Given the history of content removal on Facebook, the recent report raises the following questions:

  • What criticism does the Government of Pakistan consider illegal and prohibited?
  • What laws are being cited by the authorities in Pakistan to make content takedown requests?
  • Regarding account information request, what law is being cited to demand such information?

Pakistan does not have laws that protect privacy of an individual on the internet. Even though the Constitution states privacy as an inviolable right, this is routinely overlooked under the pretext of “national security”.  There is currently no judicial oversight for wiretaps, surveillance and monitoring of content. Moreover, a significant number of Facebook pages inciting violence and hate speech targeted towards non-muslims, certain sects of Islam, atheists, and the military remain accessible. Therefore, it is even more important to ask that precisely what type of content are the authorities targeting? More importantly, the lack of transparency and accountability of the Ministry of Information Technology and Telecommunications must be scrutinized.

 

Over the last few years, Internet censorship and surveillance have been on the rise in Pakistan. International reports have pointed to the alleged presence of FinFisher (espionage and surveillance equipment) and Netsweeper (filtering and blocking equipment) in the country.  In recent months, Internet users have faced service disruptions – slow Internet speed as well the inability to access several websites.

Very recently, as  a result of an investigation into customer complaints,popular VPN service Spotflux officially announced that their data centers had been blocked by the government of Pakistan. Since 2012, when access to YouTube was blocked in Pakistan, Spotflux became one of the popular methods of circumventing the blockade.

The decision to block VPNs was first made in 2010 under the Monitoring & Reconciliation of International Telephone Traffic Regulations 2010 (MRITT).  An official notification of blocking VPN in Pakistan was issued  in July 2011.  The notification, issued by the Pakistan Telecommunication Authority (PTA),  cites “prohibition to use all mechanisms which conceal communication to the extent that prohibits monitoring”.

The regulation mandates the monitoring and blocking of any traffic (encrypted or not), including voice and data, originating or terminating in Pakistan. This includes all encrypted VoIP services. If followed strictly, the MRITT could legitimize blocking of Skype and other VoIP services like Viber [Read about Sindh Interior Ministry’s attempt to block Skype, Viber & Whatsapp]. Since the regulation requires Internet monitoring on a massive scale, it allows the blocking of VPN services as they are considered an interference with the ability to monitor Internet  traffic.

The implementation of this clause raises several concerns. It has the potential to hamper online businesses in Pakistan and violate the privacy rights of Pakistani citizens. Sub clause (6d) of clause 4 of Part II “Establishment, administration and features of the Monitoring System” mentions that licensee that deploy the monitoring system are responsible for providing data to the Authority when it is required.” This data includes a complete list of Pakistani customers and their details is included.

In 2011, the official announcement to ban VPN services was met with severe criticism from the business community, specially the banking sector.  Despite warnings by the PTA, a blanket ban on VPNs was never implemented. Instead, the regulation was only applied to commercial connections, where users were told to  register their IPs with PTA so that it could be added to the whitelist. If they were using VoIP or VPNs, it had to be with the explicit permission of the Authority.

A press release published in 2007 on PTA’s website, provides details of the agreement signed between Inbox Technologies,  developed  by NARUS, to acquire a system that enabled the authorities to monitor and block “grey traffic” at the IP level. Last year, PTA acquired new  filters to monitor grey traffic in an effort to boost the “anti-terror” fight. This was the result of the International Clearing House (ICH) Policy Directive issued by Ministry of in August, 2012.  The system, which is officially called Grey Traffic Mitigation System (GTMS) became operational in October 2013, as reported to the National Assembly.

It now appears that the ISI (Inter-Services Intelligence), and not ISPs or PTA, are managing these filters to monitor and block grey traffic. But what legal mandate does the ISI have to operate the filters?

IP-level blocking and the manner in which it is being implemented is posing several problems for Internet service providers, businesses and Internet users alike. The recent surge in blocking of websites and service disruption  has been reported by Internet users. PTA Chairman’s statement to the press suggests that the regulator is currently working on fixing the issues and reportedly working on getting the filtering equipment back under PTA’s control. However, housing the system under one authority vs another is not going to be enough. Acknowledging the importance of encryption, user privacy,  and the integrity and security of the banking sector and business and financial transactions, is essential.

Update: The Pakistan Telecommunications Authority (PTA) published an ad in the newspaper announcing the process of registrations of VPNs. The ad states that all VPN users are required to register before the 25th of May or face blocking.

photo 3 300x211 Now Blocking in Pakistan: IPs and Grey Traffic

Read ISPAK’s (Internet Service Providers Association of Pakistan) letter to the Ministry of Information Technology & Telecom regarding IP blocking below:

 

URGENT

No. 5(8)/2013-ISPAK

02 December 2013

Ms. Anusha Rahman Ahmad Khan

Minister of State for Information Technology

Ministry of IT

Government of Pakistan

Islamabad

Subject:          IP Blocking Issues for Broadband Operators, Call Centers and Internet Users

Dear Madam,

        Under the recently established system by the Government of Pakistan to curb grey traffic, IP addresses blocking on Internet backbone has been started. While the intentions for having such a system may be good, the Government has unfortunately done another experiment this time at the risk and cost of Internet users and broadband operators of the country by giving this systems in the hands of Inter Services Intelligence (ISI), an organization that has a different mandate altogether and has no mechanism in place to address various issues faced by the industry.

2.      Broadband operators and call centers are prime victim of this mechanism. Legitimate and even whitelisted IP addresses of operators are getting blocked without any reason. In last week, IP addresses of DNS, Authentication Servers and Core Routers of Qubee, a leading a WiMax operator, got blocked twice on the same day, resulting in jamming of country wide network and leaving thousands of customers screaming. IP addresses of the other operators including WiTribe, Linkdotnet, etc., are also getting blocked. Many customers use VPNs (virtual private networks) on Internet to connect to their proprietary and secure networks for various business applications. These VPNs, which are now integral part of any Internet connection, are also getting blocked left, right and center with no solution in place to allow legitimate users and filter grey traffic.

3.      Leading call centers and software houses of the country, including TRG, Ovex, Shellby and so many others are running from pillar to post to get their IPs whitelisted. PTA officials seem helpless because the system is not in their control and their requests for IP whitelisting are apparently not handled by the ISI in a timely manner. ISI is also reportedly dependent upon the vendor who have supplied this system. So the red-tape circle of whitelisting on IPs is extended from the customer to the operator, from the operator to PTA, from PTA to ISI and ISI to the vendor, and same return path. It is taking weeks to resolve the issues that should have been addressed in minutes.

4.      The whole Internet traffic of the country has been left at the mercy of a system that is being operated in an amateur manner and at snail pace in totally disregard to the agony faced by the operators, call centers and Internet users. Call centers are loosing huge foreign exchange revenue and Pakistan is getting bad publicity in international business community.

5.      The media has previously reported that US$27 million were unofficially diverted from controversial ICH Agreement to enable the purchase of IP Blocking system in total disregard to Public Procurement Rules and bypassing competitive bidding. The Internet industry has thus been kept hostage to a system whose origin is illegal and design and operations totally non-professional. The grey traffic is now reportedly being shifted to Ku band satellite dishes and legitimate Internet routes are being blocked.

6.      We request you to kindly look into the matter personally and get a proper standard operating mechanism in place where IPs are whitelisted and such lists are implemented within 48 hours with no whitelisted IPs subject to blocking. There should be no limit on the number of IPs got whitelisted by a licensed operator Complaints of operators should be addressed on 24 x 7 basis with resolution time and escalation levels defined. In case of blocking of whitelisted IPs of the operators, financial compensation should be given to the operators by the Ministry of IT as operators are now being asked by their customers for compensation.

With kind regards.

Yours sincerely,

Wahaj us Siraj

Convener

c.c.   Mr. Akhlaq Ahmad Tarar, Secretary, Ministry of IT, Government of Pakistan, Islamabad.

        Chairman PTA, Pakistan Telecommunication Authority, Islamabad

        Member Telecom, Ministry of IT, Government of Pakistan, Islamabad

        Member IT, Ministry of IT, Government of Pakistan, Islamabad

See timeline of encryption blockade in Pakistan:


With  legal research assistance from Nighat Dad, Digital Rights Foundation 

Taking cue from the brilliant team at Electronic Frontier Foundation, the Bolo Bhi team has come up with a scorecard for State Minister for Information Technology & Telecom, Ms Anusha Rahman Khan. The scorecard is based on the performance of key duties by the Minister in her first six months in office.  The collective score is based on input by industry and civil society members.

 

Criteria For Each Duty:

0-3: Showed effort

4-7: Followed through

8-10: Led to outcome

 

 

AnushascoreCardfinal 395x1024  State Minister Anusha Rahmans First Six Months in Office: A Performa

 

 

1. Fulfilled promises made as a member NA standing committee on IT

In the previous government, Ms Anusha Rahman Khan, was one of the most vocal members of the National Assembly’s Standing Committee on Information Technology. During her tenure as a parliamentarian, Ms Rahman spoke for the need to increase access to information, unblock YouTube and issue 3G licenses.

She was also involved in a series of discussions on proposed amendments to the Pakistan Electronic Crime Ordinance (PECO). Despite displaying an understanding of information technology issues, then, Ms Rahman’s time in office has hardly been reflective of the same zeal to resolve issues effectively.

2. Accessibility as a public official

Speak to people within the industry, and they will tell you the Minister just doesn’t respond to letters or emails. We’ve found that to be true as well. According to them, the few meetings that were held initially led to no results as their input was never considered seriously. It has become very apparent since, that input of stakeholders is of little or no importance. Instead, handpicked experts and their input carries more weight. Surprisingly, this has not only been noted by people within industry or civil society, but also fellow politicians and parliamentarians, who also say they’ve been given the cold shoulder.

3. Restoration of YouTube

Beginning with the announcement that we can block Google on her first day of office (allegedly misreported), to introducing filters to block content and eventually trying to go the localization route, the Minister has made various speeches in the Senate on this subject and issued press statements. However, to date no concrete measures have been taken to resolve the issue. All proposed solutions have been out of line with the direction the court has taken on the issue. In fact, despite being summoned multiple times, the Minister did not appear in court. Initially, even Google officials were given the cold shoulder, by the Minister and Ministry, with refusals to talk or meet. As for independent input, it has been completely shunned. Repeated attempts to apprise the Minister of the intricacies of the issue have been met with a stony silence.

4. Adoption of 3G Technology

Recent reports suggest that the government will hold the 3G auction in March 2014. The auction and issuance of 3G licenses is a matter that has been pending since 2008. Other than discussions and field visits since the beginning of the term at the Ministry, not much has been done. It was only after the Supreme Court, hearing a writ petition for early auctioning of 3G licenses, issued directions to the government to be quick about the appointment of PTA officials, that this matter moved along. Whether the Information Memorandum will be completed in time, and the auction held in March, now remains to be seen.

5. Increase Internet Penetration in underserved areas

In a surprise move, rather than utilizing National R&D (Research and Development) Funds and USF (Universal Services Fund) money to increase telecommunications and Internet penetration in the country, these funds – amounting in billions of rupees – were consolidated and moved out of accounts maintained separately for them. While these funds had been lying unused for quite a while, industry personnel argue the right thing to do was to utilize and spend them in underserved areas to improve infrastructure, etc. as opposed to housing them under the Ministry of Finance and putting them towards the paying off of circular debt. It must be noted that no efforts to better the existing infrastructure, either through policy or otherwise have been made.

6. Disclosure on filtering & surveillance equipment

Ever since the announcement that PTCL was ‘loaning’ the Ministry filters to block content, followed by a statement maintaining filters were not the solution, there has been no disclosure by the Ministry as to what has happened to these filters that were acquired. Not only that, but through what process they were acquired, at what cost, and what has been done with them; all these questions remain unanswered. There remains also no acknowledgment or clarification to date of the alleged presence of FinFisher control and command servers and Netsweeper in Pakistan.

7. Headway on Stakeholder Draft of E-crime Legislation

For quite some time now, there has been a fair amount of back and forth between the Ministry and stakeholders on the amendments to what was previously PECO (Pakistan Electronic Crimes Ordinance). Through multi-stakeholder input, various meetings with the previous Standing Committee on IT and even more meetings with the current Minister and Ministry officials, the PECB (Pakistan Electronic Crimes Bill) 2014 still has a long way to go it seems. After near unanimous approval of the draft by stakeholders, the Ministry allegedly decided to dish out some $20,000, it is said, to appoint an international expert to point out why the proposed legislation would not work.

Will this piece of legislation see the light of day, or will a government draft make it into law, remains to be seen. The Prime Minister’s office commissioned its own version of a cybercrime law – which has been criticized heavily for lack of safeguards and knowledge of technology. Why the wastage of funds and efforts when there already exists a piece of legislation that has been debated to no end?

What kind of coordination is there between the Ministry of IT and the PM’s office?

8. Headway on Privacy Legislation

According to the Constitution of 1973, the right to privacy is an inviolable right. Despite that, Pakistan still lacks laws that protect citizens’ right to privacy. An effective legislation that will help minimize monitoring by the government, regulate surveillance by corporates and ensure that personal information of citizens’ is properly protected remains missing. Despite Snowden revelations, the authorities have not shown any commitment to protect personal data of citizens. In the past year, legislations such as the ‘Investigation for Fair Trial Act’ have been given a clean chit by the National Assembly and the Senate, further increasing the risk of legitimizing blanket surveillance by law-enforcement agencies, without accountability.

Comments: As someone everyone had high hopes from, the Minister has only disappointed. A month or two ago, many were still willing to give the Minister a chance. Yet, with every statement and action, the Minister only sunk their hopes of betterment. Bring up the Minister in conversation now, and there is a decided tone one hears, of utter frustration and anger. As a public official, she is expected to be more approachable.

It is pertinent to mention that be it over the blocking of YouTube, issuance of 3G licenses, spectrum allocation and use or relocating of USF/R&D funds, the government has been dragged into court for either non-responsiveness or contestable policies. A clear indication that nothing is right with policy-making or the approach towards it in this sector.

Going forward, what is expected of the Minister is to take seriously those outside the immediate bureaucratic and political circles. There is a lot of valuable input that has and can be provided further on issues of vital importance to industry and citizens. They deserve a hearing, and that input  needs to be factored into policy.

 

As published by Dawn Magazine Special Report on 20th Oct’2013 

They say they’re lifting the ban on YouTube. The government has apparently come up with a brilliant plan so that just that silly video, The Innocence of Muslims, is blocked, and we can enjoy the rest of the gazillions of videos in peace. What is this plan? In order to even to begin to tell you about it, I’ll first have to explain how YouTube works.

YouTube, like other more secure websites these days, uses HTTPS instead of HTTP. When you look at the address bar in your browser when you’re at such a website, you’ll probably see a lock symbol and https://yoursiteaddress, rather than the usual http://blahblahblah. What does this mean? When you go to an HTTPS website, there is a certain exchange of certificates between your browser and the server where the site is hosted. Your browser acts a bit like an immigration officer, “May I see your passport, please?” The server says, “Here you go, sir!” And if everything looks ok, your browser allows you to view the site’s contents. These HTTPS certificates are only granted to an extremely limited number of servers across the world, and much like the holographic image on a valid visa on your passport, it would be next to impossible to fake, and all information in such exchanges with HTTPS servers is encrypted.

Now blocking access to an entire website using its root addresses (https://youtube.com, etc.) is one thing, and can be done by our Internet Service Providers (ISPs). But blocking access to a particular video on that site would mean screwing with this hardcore HTTPS protocol. Actually, the method that the ISPs have been using to block our access to YouTube, porn and a lot of sites which nobody has any idea why they have been banned in the first place, already puts our internet privacy at risk. This method allows them to keep track of what and when an internet user accesses on the internet, unless it’s done through HTTPS. And now that we’re moving against an actual HTTPS site, this will only make matters worse!

What options did we have in dealing with this issue?

  1. Unblocking YouTube outright.
  2. Working with Google, YouTube’s parent company, to block access to the video in Pakistan (like Indonesia, India, Jordan, Malaysia, Russia, Saudi Arabia, Singapore and Turkey already have).
  3. Installation of filtering and surveillance software on users’ computers.
  4. A Machine/Man-In-The-Middle (MITM) attack.

The case for unblocking

Because of the high number of complaints against this video, YouTube shows its users a notification before allowing them to watch the video. This is explained in the following excerpt from the letter they sent to Mr Yasser Hamdani, the lawyer representing Bytes for All in the Lahore High Court case to unban the site:

“In some cases, content may not breach the global guidelines but may still be flagged as particularly sensitive for some viewers. This is the case, for example, with the Innocence of Muslims video. In this case, we add a warning interstitial page that users see before they accept to continue through to the video itself.

The warning states: “The following content has been identified by the YouTube community as being potentially offensive or inappropriate. Viewer discretion is advised”. It was on the basis of this interstitial page that the government of Bangladesh, for example, lifted its earlier ban on YouTube.”

Working with Google

Google has ruled out cooperating in this regard until the company is offered Intermediary Liability Protection (ILP) through a legislative amendment which shields it from any legal repercussions resulting from any user of the website uploading content that’s considered unlawful in Pakistan. Following is the text regarding this issue from the same letter to Mr Hamdani:

“In some countries, YouTube has additional functionality and customisation that allows for the highlighting to users of local content within a country. You can see a list of these countries in the ‘country’ menu at the bottom of a YouTube page. The decision as to whether to offer this service is a business, legal and commercial decision, and takes into consideration, for example, whether there is adequate legal certainty and protections for the provision of such online services in the country.

We have been discussing this in the context of the need for intermediary liability protection for online platforms and a clear notice-and-take-down mechanism in Pakistan to bring these provisions into line with international best practice (such as the OECD guidelines). For example, any notice-and-take-down requirements should be based on legal process, address individual video URLs as opposed to requiring broad general monitoring and pre-emptive removals, and allow for counter-notice from content owners. Whilst, without prejudice to any jurisdictional argument, we are grateful for any offer to provide additional legal certainty and protections, we believe that only a legislative change such as a clarification within appropriate legislation would ensure the necessary consistency across multiple judicial bodies and address the international best practice requirements above. The provision of such legal certainty would also, we respectfully suggest, open up the broader exciting opportunities of the digital economy to Pakistan.”

In layman’s terms, Google would only consider taking the video down for Pakistan if such protection was offered to them at a legislative level. The Lahore High Court in May agreed to do this, but nothing seems to have been done about that as of yet.

The software route

There are certain HTTPS-based software which can take care of this issue. These can be installed voluntarily by all internet users in the country, or the government could launch a sort of spyware campaign, forcedly installing it on everyone’s computers. According to reports, our government is already involved in such activity, but hopefully only against certain individuals and not the public at large.

MITM

In the meanwhile, the method that our government seems to favour is this one: the Man-In-The-Middle attack effectively puts a proxy server between all of Pakistan’s computers and YouTube. So instead of many of us going to proxy server sites to watch YouTube videos, the government is going to do us a solid and set up a lovely proxy server for us. This server will filter the videos that are deemed not fit to watch in Pakistan. And to use the immigration analogy from the beginning of this article, our government is possibly getting into the business of printing fake visas. They’re going to have to use a Certificate that our browsers will trust as legitimate. Most probably the browsers won’t, and will ask us, “Are you sure about this?” And we, in our desperation, will be willing to click “Yes!” to just about anything at that point.

First of all, the whole point of HTTPS is that it is secure. When you compromise its security, you’re compromising the privacy and security of all Pakistani internet users’ internet transactions and data. Banking pins, email and social media passwords, and secure messaging, could all be monitored, logged and analysed, turning Pakistan into a surveillance state. And what if this national proxy server is hacked? We can say with certainty, that if this method is used, our entire online lives would be at risk.

The best option would be to work with Google on this. We need to speed up the legislative process regarding the ILP issue. Even though this would mean that the government would be controlling YouTube’s activity according to our local laws, which would still be unacceptable to many of us. But still, at least we’ll have YouTube without as much risk!

Republished from The News On Sunday – As Published on th 13th Oct’2013 

One view is that blocking communication channels would do
nothing more than what ban on pillion-riding has to curb crime
By Shahzada Irfan Ahmed

Pakistanis widely share a joke on what their government would have done had 9/11 terrorist attacks taken place in Pakistan — it would have imposed a ban on pillion riding. Years down the road, the state is accused of curbing civic liberties in the name of security and morality.

Such knee-jerk reactions are often taken without taking all stakeholders on board. The most recent example is that of the Sindh government deciding to block voice over internet protocol (VoIP) communication channels for three months.Skype Viber Whatsapp1 A block and ban story

Earlier measures include frequent suspension of cellular phone services, banning of Facebook and YouTube (still inaccessible) and blocking of hundreds of thousands of Universal Resource Locator (URL) addresses declared harmful for various reasons.

The history of mobile and internet networks is a decade old in Pakistan. In the 1990s, the only private sector cell phone company of that time had to foot the bill of multi-million rupee scanner. The Karachi police required this equipment to track mobile phone calls made on this company’s network, which operated on a high frequency.

The government, which would deny it, was spying on internet users. It made its ideas public in the first quarter of 2012. Through the Ministry of Information Technology (IT) and the National ICT Research and Development (R&D) Fund, it advertised a request for proposals in national dailies for the development, deployment, and operation of a national level website URL filtering and blocking system. This move was condemned by internet rights activists and others who wrote to international companies, asking them not to participate in this bidding.

This leads to the question of internet censorship capabilities of the government. Fouad Bajwa, an IT expert who has been part of several multilateral consultations on the issue, explains the situation. He says such regulations are being implemented without a proper legislation. These regulations, he says, result in censorship of online content through filtering and blocking of websites, IP addresses, and in some cases, various services, such as VoIP services.

The execution role is primarily led by the Pakistan Telecommunication Authority (PTA) at the Pakistan Internet Exchange (PIE) through which all incoming and outgoing Pakistani internet and communications traffic passes and is sufficiently monitored or recorded.

The technical design of the system is to deploy a national level system that trickles down to the internet service provider (ISP) level, turning them into points of presence (POPs) where content can be blocked. “If the parent body puts in a URL for blocking, the POPs will automatically be updated and ISPs will automatically begin to block the content,” he adds. A prominent example of this is blocking of thousands of pornographic content websites by adding their URLs to the list one by one.

According to newspaper reports, a fifteen-year-old Pakistani student compiled and sent forward a list of 780,000 pornographic websites to PTA for blocking them. Though hard to believe, he claimed he had visited each of them to verify the nature of content displayed there.

The Pakistan Telecommunication (Re-organisation) Act 1996 clearly states: “Notwithstanding anything contained in any law for the time being in force, in the interest of national security or in the apprehension of any offence, the Federal Government may authorise any person or persons to intercept calls and messages or to trace calls through any telecommunication system.”

Article 19 of the Constitution grants citizens the right to express and access information except when it compromises national security, public morality, etc. Similarly, Article 31 makes it government’s duty to promote unity and observance of the Islamic moral standards in the country. Different bans have been enforced by referring to these provisions.

Furhan Hussain, Coordinator Advocacy and Outreach at Bytes For All (B4A), an internet advocacy group, contests this logic, saying these terms can be deciphered by the government to justify whatever coercive measure it takes. “National security, public morality, and religion are dear to every citizen but why is it so that the state monopolizes and manipulates them,” he says.

His organisation has filed cases in the Lahore High Court (LHC), including those on banning of YouTube and installation of internet surveillance softwares. Hussain says they have pleaded in the court that they be provided complete list of the URLs blocked by the government. “We are sure there are a large number of harmless websites which have been blocked but nobody knows about them. Websites expressing political dissent have been blocked for obvious reasons.”

No doubt, choices for the government are tough to make but guaranteeing citizens their rights is also its prime responsibility. It will have to be very careful while declaring if a content is harmful or not in political and national security categories.

Similarly, security content may cover national security, anti-state content, separatist movements, terrorist activities and everything usually deemed against a state’s or nation’s constitution. Several websites run by Baloch nationalists and separatists have been blocked on these grounds.

Shahida Saleem, ex-chair of Federation of Pakistan Chambers of Commerce and Industry’s (FPCCI’s) Standing Committee of IT, condemns internet censorship policy of the government and terms it a conspiracy to disconnect Pakistanis from the world. “We (as business community) are already at a disadvantage due to our security situation, power crisis, etc. Now the government wants to cripple us in terms of global connectivity as well.”

She says the business community is worried as it cannot talk to their local and international clients via Skype. Most of their operations, she says, are Skype-based as it’s a great way to stay connected with team members, hold video conferences, and even demonstrate products and services to prospective customers.

Saleem complains the business community was not taken on board. “While the terrorists and extortionists may switch to alternative means of communication, we have no alternative in sight.”

“By blocking these services,” she believes, “the government will lose a source of tracking criminals through their communication and the IP addresses they use to interact with each other. Now they will use proxies, which hide the exact geographical location of users of these services.”

The solution, experts suggest, lie in cooperation of state pillars and coordination on a single policy by political actors and law enforcement agencies, regardless of their affiliations and building public consensus to curb violence.

It’s time for the government to realise blocking communication channels would do nothing more than what ban on pillion-riding has to curb terror and crime.

shahzada.irfan@gmail.com

 Letter to the German Embassy

                                                                                                                                                                       Petra Speyrer

               Consular and Legal Section

German Embassy Islamabad

Ramna 5, Diplomatic Enclave, Islamabad, PAKISTAN

P.O. Box 1027, Islamabad, PAKISTAN

Tel:  (0092-51) 227 9430 – 35

Subject: Letter to The Federal Republic of Germany’s Embassy in Pakistan: Call for Transparency, Accountability & Action Following Reports On FinFisher’s Presence in Pakistan.

Madam Petra Speyrer

As a civil society organisation that works on upholding & securing citizen’s right to open and secure access to information, we write to you to raise the issue regarding the presence of FinFisher, sold by a GERMAN/UK company, Gamma International. This was brought to public attention through a report published by Citizen Lab, a research group based at the Munk School of Global Affairs, University of Toronto.The lab is independent from government and corporate interests, and publishes research based on evidence.

FinFisher has the ability to affect all forms of software (Mac/Apple, Windows, Android), including but not limited to all smartphones. It works as an espionage surveillance equipment, obtaining passwords for your hardware and social networks, has the ability to read an individual’s chats,listen in to  Skype calls, the capability of listening to private in-room conversations as well as stealing & emailing personal files from an individual’s device. This kind of technology has the potential to be abused & is in clear violation of international human rights laws.

Human right to privacy and free access is a universal right as made evident by the United Nations Declaration of Human Rights. We quote Article 12 and Article 19 of the Universal Declaration of Human Rights:

Article 12: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks”.

Article 19: “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers”.

By reportedly exporting it’s equipment to countries with a questionable human rights record, Gamma is in violation of United Nation’s Guiding Principles on Business and Human Rights, which identifies “a global standard for preventing and addressing the risk of adverse impacts on human rights linked to business activity”.

The reported presence and use of FinFisher is not only a violation of the multiple UN Declarations, but a grave violation of Constitutional Provisions of Human Rights of both Germany & Pakistan. Germany provides data protection through “Bundesdatenschutzgesetz or BDSG,”and the European Convention of Human Rights. According to German law, “personally identifiable information without express permission from an individual” cannot be collected or obtained without permission of individual in question; when asking for permission, it must be specified why, for how and what information is being obtained and where is the information coming from. An individual has the right to revoke the permission and all businesses and organisation must have laws that protect private data transmission that falls under BDSG laws.

Germany takes privacy laws very seriously, and is far stricter in its laws than the United Kingdom. Germany has even gone so far as to claiming a fine for Facebook for storing biometric data through a facial recognition software they use. The Independent Centre for Privacy Protection (ULD) is an active organisation that ensures privacy measures are taken and privacy laws are upheld in the nation.

In Pakistan, an individual is protected from breach of privacy by Article 14 of the Constitution, establishing that privacy is an “inviolable right” of a citizen, something that cannot be breached under any circumstance. The right to information has been established under Article 19 and 19A of the constitution, bearing that an individual should have freedom of access, expression and information.

Recently, Bolo Bhi joined a Global Coalition that endorses 13 International Principles on the Application of Human Rights to Communications Surveillance. These principles create a framework to limit surveillance, provided legitimate reasons, legitimate transparent actions are taken in proportion to the situation at hand. It gives protection to the individual from being prosecuted or violated for no reason, while giving a legal pathway for governments and individuals to follow. It forms a compromise between the individual and the state. The principles uphold the fundamental right to privacy.

We have a reason to believe that FinFisher has been used to aid in human rights violations. The very first evidence, as per research, of the presence and use of FinFisher was in Bahrain, 2012, against pro-democratic activists. Cyber attacks were launched against journalists and activists in Bahrain that gravely compromised their security and privacy; many of the activists were sent pictures and news of tortured victims as a means to intimidate them.

Thus, the presence of such equipment in Pakistan where Journalists have been targeted throughout the years is quite frightful. Reporters Without Borders has classified Pakistan to be one of the most dangerous places to be a reporter, and the reported presence of such espionage surveillance equipment is an added threat to an already hostile environment.

More than just a violation of the constitution, FinFisher enables private information to be obtained and used illegally against the respective individual, being a possible threat to their life and liberty.

We request the German Government to assist us in seeking answers from FinFisher, that has reportedly sold technology to Pakistan with full awareness that it would be abused. We ask for assistance to hold FinFisher accountable for unethical business practice and for greater transparency and accountability in the trade. We seek assistance in disabling FinFisher command and control centres in Pakistan & call for strict action and tougher laws to hold British companies accountable as and when they are in violation of domestic, national and international laws.

We hope the German Government and all other governments around the world follow their commitment to free speech and freedom of expression and take action against western companies that sell surveillance and filtering equipment to repressive governments. Put an end to the trade that aids repression.

Yours Sincerely,

Sana Saleem

Director- Bolo Bhi