Privacy Archives - Bolo Bhi

Your personal information should not be up for grabs

On May 13, 2013 By Farieha Aziz In Blog, Privacy

As offline protests continue against rigging in the polls, social media in Pakistan has also been taken by a storm. So enraged are voters and supporters, that they have been making use of every opportunity that presents itself to report it. Which is great. However, impulse sometimes leads us to make errors in judgment.

The ptivotes.com fiasco is a classic example of the danger of things going viral, but mostly the unrestrained approach of clicking send without verifying and eagerly divulging personal information. Here’s what happened. SMSes and Facebook post/status shares of the following started doing the rounds:

Everyone who had a vote and was voting for PTI, go to ptivotes.com Enter your name, your designated NA, eg NA-48, and enter your CNIC number. The form will be converted into a petition and sent to ECP. Spread the word.

Upon receiving this message, red flags and alarm bells should have been the immediate response. But not for most people. So enthusiastic were they to register their protest in any form, they willingly entered the information asked of them, before first verifying whether this was an official site or not.

Later in the day, the website was taken down and the database made it into the hands of PTI officials. Supporters were instructed by Awab Alvi and Asad Umar to refrain from entering their personal information on the site. Twitter account @PTIofficial also tweeted: http://Ptivotes.com is not an official initiative of PTI, please don’t give personal data to this website until further notice.

The enthusiasm and zeal to lodge a protest is understandable, but people need to make a practice of stopping, thinking, verifying and then providing personal information. The same goes for announcing such methods of registering one’s protest. To those requesting the data, ask yourself: Are you authorized to collect this data and are you capable of keeping it secure so it is not misused? To those volunteering their information, it is always good to be suspicious of the person asking you for this information. Why do they want it and what will they do with it? And, most importantly, do they have the authority to ask for it? Because, remember, once out there, you don’t know where your information goes, who has access to it, and what they use it for.

For a moment, imagine what the flip side could be. That it was not a friend, supporter or party member receiving your information but someone who wished to identify supporters with a malicious intent.

The case in point reveals our general attitude towards sharing of information and lack of cautiousness or reluctance when sharing it with others. That is the first step to privacy violation – willingly submitting your personal information without questioning. And, ironically, you yourself are the violator.

While an honest mistake, we found this to be reminiscent of a social experiment Bolo Bhi conducted at a slot allotted to us during Xenith Digital’s Social Media Baithak held at T2F. Before we began our session, we placed questionnaires on each chair. We requested audience members to take the first 10 minutes to fill out the information and hand it back to us. On the form, we had fields such as CNIC, phone number, house address etc. As soon as the first participant was ready to hand back the filled out form, we stopped and asked: do you trust us with your information? Why are you giving it to us? Just because we asked you? Of course we did not collect the forms, we asked the audience members to make sure they kept them and took it with them when they left.

Sometimes we are too intimidated to think or question. But toughen up because it works. Many of our readers who have been to the US or Indian embassy would’ve surely have been stopped by men in civilian clothes, claiming to be from intelligence agencies, approaching every visitor and asking for personal information. How many of you ever stopped and asked the person to prove his identity before proceeding to fill him on all your personal details? Some people we know did. And so when the third time he was asked to prove his identity, the distressed officer responded: please, if any of your friends or relatives plan to come to the embassy, tell them I really am from an agency.

Your information is yours. Sometimes you are required to provide it. But verify when the request is legal and when it is not. And even then, be aware of how it is to be received, handled, secured and transferred.

The Dangers of a Content Filtration System

On February 29, 2012 By Farieha Aziz In Blog, Cyber security, Internet Freedom, Privacy

What would happen if a content filtration system such as the one The National ICT R&D Fund has advertised seeking proposals for were put in place? How would it affect the privacy of Internet users in Pakistan and what kinds of abuses would it invite? A discussion by a member on a social networking site sheds light on some of these questions and more….

(published as posted)

“So for all of those asking what is wrong with implementing such a system, let me put a few points out.”

Technical Background:

1. The Government already has a tap on the International Fibers from the two peering points (TWA and PTCL), i.e. the two submarine cable operators in Pakistan.

2. All the traffic to/from Pakistan flows through these peering points and the two taps. The two taps go to “Government” where exactly (PTA? Military? Etc.) No one knows and no one wants to talk about it.

3. What happens with these existing taps? You can very well imagine, they can do DPI (Deep Packet Inspection) of all the traffic. What they cannot open right now are encrypted packets, such as packets by Skype, HTTPS sessions and VPN or other encrypted sessions.

4. Under the guise of blocking grey VOIP (voice over IP) traffic, etc. the various agencies (MI, ISI, IB, etc.) have already managed to get the taps and be able to look at the payload traffic (essentially peer into your traffic) be able to “assemble” your packet-stream and reconstruct your Web or Email or FTP session. This is very easy to do with the right tools, provided you have the ability to tap into the link. Currently Government uses Narus to do this. Remember the official story is that it is to curb Grey VOIP traffic that is supposedly causing loss to the national exchequer in the Million (Billions, etc.).

5. The government has been trying for a long time to tap into the VPN and encrypted
circuits. This they did with a legislation / circular by PTA to register ALL VPN circuits in the country. You can look at the current URL for more information (Virtual watchdog: Internet users banned from browsing privately for ‘security reasons’).

6. Now what remains to reign in the control is – blocking of URLs (porn? anti-state propaganda material, anti-Islam material?) All of these clauses are part and parcel of the various Data Communication Licenses that have been given to the various operators. So the way PTA sees it – this is something long overdue.

7. Under the guise of the URL filtering, HTTPS sessions would also be tapped. In order to do this, all HTTPS sessions would be subjected to something called Man In The Middle Attacks (MITM). This basically says, you proxy the original HTTPS certificate/session (say as given by Gmail) and provides the user a locally owned Certificate (lets call this Pakistan URL Filtering Certificate) and with this, you have essentially been able to now looking into HTTPS (Secure) traffic:

8. This is a huge issue. With all the dissidents, anti-state activists, persons of interests, political figures, etc. The government will be able to see the HTTPS traffic and be able to identify the sources.

9. With Gmail, it currently establishes an HTTPS session and obfuscates the Source IP of the sender of the email. This is a stone in the government’s shoe, they cannot “identify” where these people are, and with this HTTPS peering ability, they will be able to do this just so easily as they can do with HTTP sessions.

How this can be abused and misused:

11. Any blanket privacy you had with respect to HTTPS is gone. So Internet banking secures communication, email, etc. all out of the door.

12. They will be able to capture all your User IDs and Password and specific answers to secret questions that you are suppose to provide in order to recover access to your email accounts.

13. Anyone who is a whistle blower can be identified. Anyone who does not agree with the government can be identified. Anyone can be pressured. Think the McCarthyism – this is where we are heading. Big Brother is always watching and collecting information (personal dossiers) on its citizens. Now they can comfortably collect the “digital” information of its citizens.

14. The state should define and elaborate what it considers as anti-sate content. Is human rights violation in Baluchistan anti-state? Is illegal abduction and torture by intelligence agencies?

15. How does one challenge a wrong decision?

16. What are the repercussions of bypassing and viewing such content? Can it land you behind bars?

17. What / Where is the accountability factor in this?

18. How do we ensure privacy rights are not invaded when your conversations are accessible?

19. What about the MISUSE of the information collected? Pressure tactics, blackmail, etc

20. How does one challenge the government’s writ in such an implementation, which is a clear and gross violation of your basic fundamental rights?

21. Who / Where are the definitions of what is anti-state, anti-religious, anti-moral etc? How do you agree on a consensus of what a decision is? How do you challenge it? How do you modify it?

Currently the constitution states that ‘distribution’ of blasphemous and obscene content is illegal. However, such content available on the Internet is not ‘distributed’. The access is voluntary not imposing.

22. What about data-retention and data mining being done on this data collected?

23. What about Court-approved taps (such powers are supposed to be limited and only with a court-approved order are you able to insert taps). Most software vendors who provide such tapping software and reconstructions software for hand-off (technical term used in industry), have appropriate sections for implementing such Court-orders into the software for proper logging.

24. This LI (Lawful Intercept) is no longer lawful nor being monitored by any member of the legislative or court bodies. In fact it is hushed.
25. Such a system will give the government extra muscle to go after “activists” – “liberals” – “troublemakers” – You and I. Anyone who is a hindrance, becomes a target.

26. The proper way is to bring this out to the National Assembly, have it challenged and formulated with limited power, oversight committees, a quasi civilian (rotating) watchdog and with very restricted perimeters.

cleardot The Dangers of a Content Filtration System

Filtering Content on the Internet

On February 28, 2012 By Farieha Aziz In Blog, Internet Freedom, Privacy

Block, ban, censor. These seem to be the only options ever considered by the Pakistan government when it comes to the Internet.

Ever since the 2010 ban on Facebook was imposed and subsequently lifted, there were whispers about the government investing in filtration software. In 2010, a blanket ban was the only option since blocking URLs was too time consuming a task for the government to perform; neither was it the most feasible option in terms of resources and manpower required.

Below is an except from Newsline’s June 2010 cover story, discussing the Facebook ban and the content filtration:

“In a report submitted to the court, the PTA said this: “The complete stoppage which required blocking of 80,000+ users pages per each group over the Facebook website … was more than impossible to attain while considering the available time and the tendency of the available content to shock and outrage the feelings of Muslims inside Pakistan. Keeping in view the situation, it was decided that a complete ban on Facebook website … would be imposed in order to avoid further visibility of such hateful content inside Pakistan.

The same argument was stated in defence of the blockade on YouTube [in 2006].

So to avoid public outrage, blanket bans are the only option at the moment. This is why the government is seriously looking into filtration software to screen Internet content on a regular basis. Obviously, there are many drawbacks to this. And end users are mainly affected in the process.

Over the last week when content was being filtered, Internet speed was considerably reduced. Quoting statistics, Jehan Ara, the president of P@SHA says, “When Internet monitoring and surveillance takes place and when content filtering is being done, service can depreciate anywhere from between 10-75% – and usually at least 35%.” If this slowdown to productivity continues, the financial losses will be devastating for Pakistan and the IT industry. Many citizens are employed in micro and macro level online businesses and have already been directly affected.

“As far as the IT industry is concerned,” says Jehan Ara, “trust deficit and unreliability is something that clients will never stand for. If they do not know when we can have access denied to various portions of the Internet, why would they have faith in our ability to deliver and meet deadlines? The IT and IT-Enabled Services industry is young and has been growing at a good rate, but it is fragile and actions such as this can bring it tumbling down faster than anything else. A strong IT infrastructure and continued and fast access is what we need without the sudden and unexpected brakes.”

In February 2012, the Pakistan The National ICT R&D Fund, which falls under the Ministry of Information Technology (MoIT), advertised seeking proposals from companies for a ‘national level URL filtering and blocking system’ (see detailed proposal here) setting the final submission date of proposals for March 2, 2012.

Why the Fund was established and what its vision and objectives are, are as follows:

The government of Pakistan has mandated that a certain percentage of gross revenue generated by all telecom service providers be allocated to development and research of information and communication technologies with the vision to transform Pakistan’s economy into a knowledge based economy by promoting efficient, sustainable and effective ICT initiatives through synergic development of industrial and academic resources. To achieve this vision National ICT R&D Fund has been created. This vision will be realized by pursuing the following goals:

•                Cultivate industry-academia partnership by funding concrete development and research initiatives.

•                Enhance the national ICT related human resource development capacity manifolds by facilitating industrial demand focused human resource capacity building and R&D capabilities in the country and promoting ICT related educational programs and activities.

•                Make Pakistan an attractive destination for service oriented and research and development related outsourced jobs.

•                Use ICT as a tool for wealth creation and upward mobility for economically challenged groups of citizens.

•                Spread the ICT activities on a true national level.

With these clearly stipulated goals, one wonders where a national firewall fits in. How does it aid in transforming “Pakistan’s economy into a knowledge based economy.” How does it promote ICT as a “tool for wealth creation and upward mobility?” How does a filtration system “cultivate industry-academia partnership by funding” or “promote ICT related education programme and activities?” And, above all, how does it possibly enable Pakistan to become an “attractive destination for service-oriented outsourced jobs.” In fact, does it not, on the contrary, hinder the realization of the above-mentioned goals?

According to an article in The Gulf Times, $10bn is required for the development of a national firewall at the scale Pakistan is seeking. That is a lot of money. Where is this money coming from and is it the Fund’s mandate to pour so much money into a project of this nature? Couldn’t it be put to better use, towards projects that actually improve infrastructure and boost growth?

Brief History of Companies Profiting from Censorship

On February 27, 2012 By Sana Saleem In Blog, Cyber security, Internet Freedom, Privacy

Background:

‘Firms Aided Libyan Spies’, Wall Street Journal: August 30, 2011, article here
‘Spy Companies & Their Authoritarian Customers, Part 1: FinFisher And Amesys’, Electronic Frontier Foundation: February 16, 2012, article here
FAST COMPANY article
‘The Surveillance Market and Its Victimes’, Bloomberg – Wired for Repression: December 20, 2011, article here
“Mass interception of entire populations is not only a reality, it is a secret new industry spanning 25 countries”; Wikileaks – The Spy Files, article here

Snapshot of some companies (and where there from) complicit in selling internet censorship technology to government:

USA:

NetApp Inc. and Hewlett-Packard Co. gear to Syria. Blue Coat Systems Inc., McAfee Inc. / Smart Filter and NetApp products to Tunisia
Narus in Egypt

Finland:

Nokia Siemens Networks to Iran, Belarus and Tunisia.

Denmark:

ETI A/S data interception gear to Tunisia.

Ireland:

AdaptiveMobile Security Ltd. message retrieval/storage to Iran.

United Kingdom

Creativity Software Ltd. location tracking gear to Iran.

France:

Qosmos SA scanning probes to Syria. Amesys technology to Libya.

Germany:

The former Siemens AG business now known as Trovicor GmbH to nations including Egypt, Syria, Tunisia, Yemen, Bahrain, Morocco and Pakistan. Utimaco Safeware AG to Tunisia, Syria

A List of different companies:

	Number	Company	Contact
1	Cisco	John Chambers, CEO Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA	Twitter: @ciscosystems
2	McAfee	Stuart McClure, Worldwide Chief Technology Office McAfee Inc., Headquarters 2821 Mission College Blvd. Santa Clara, CA 95054 USA	Twitter: @mcafee
3	Netsweeper	Perry Roach, CEO Netsweeper, Guelph, Ontario N1H 1A7 Canada	Twitter: ?
4	Websense	Gene Hodges, CEO WebSense 10240 Sorrento Valley Rd San Diego, California 92121 USA	Twitter: @websense
5	Smart Filter
6	Blue Coat Systems, Inc	Greg Clark, President and CEO Blue Coat Systems, Inc 420 N. Mary Ave Sunnyvale, CA 94085	Twitter: @bluecoatnews
	Sandvine Incorporated	Dave Caputo, President and CEO Sandvine Corporate Headquarters 408 Albert Street Waterloo, Ontario, Canada, N2L 3V3 Phone: +1 519 880 2600 Fax: +1 519 884 9892	Twitter: @sandvine
7	Huawei Technologies	Huawei Technologies Co., Ltd Ren Zhengfei Chief Executive Officer Huawei Industrial Base Bantian Longgang District Shenzhen, 518129 China	Twitter: @huaweipress
8	Verizon Communication Inc.	Lowell C Mcadam Chairman, President, CEO Verizon Communication Inc. 140 West Street New York, NY 10007 United States	@verizon
9	NetApp Inc.
10	Hewlett Packard Co
11	Nokia Siemens Networks
12	Ericsson AB
13	ETI A/S
14	AdaptiveMobile Security Ltd.
15	Creativity Software Ltd.
16	Trovicor GmbH
17	Utimaco Safeware AG
18	Area SpA
19	Narus
20	FinFisher	unit of Gamma International—based in the UK
21	Amesys, unit of Bull SA—based in France
22	SS8
23	Trustwave
24	Crypton-m
25	Thales

Protecting Your Privacy Online

On February 25, 2012 By Farieha Aziz In 16 days, Blog, Cyber security, Privacy

This article was originally published on Newsline’s blog on June 5, 2011

Every now and then there’s an uproar about Facebook’s ever-changing privacy policy and how users’ privacy settings automatically change as a result.

Facebook started off with making sure others had restricted access to you. People couldn’t search you if you didn’t want them to. They couldn’t view your profile picture. They could not “friend” you.

But all that has changed.

Now you don’t have the option of disallowing your friends’ friends to try to befriend you, or to make sure nobody can view your display picture (or copy it – yes, all pictures on Facebook can be copied by others if they have access to them). But what is really, really creepy is that Facebook allows random people to poke you!

Well now, here’s another cause for concern.

If your account happens to be temporarily locked, Facebook allows you two options to gain access to it. Here is what I discovered yesterday, after I was locked out of my own account. My first option was to answer my secret question: standard stuff.

The second option was troubling, though. Facebook offered me the option of identifying my friends. A series of three pictures was displayed with the common denominator being friends tagged in all of the pictures. Below each of the photos, in multiple-choice format, were five names. I had to click the right name for each tagged friend. Facebook informed me that it was satisfied with my answers, and I passed. Seemingly, more pictures would be displayed if one of the initial friend questions is answered incorrectly, so as to rule out ‘innocent’ mistakes or alternatively confirm that the person seeking access is not the genuine owner.

However, the images that Facebook displayed were not only pictures from my albums or pictures that I’d been tagged in but also seemingly pictures from the albums of my “friends.” This would make it especially easy for someone I know to pass the same tests.

There is much debate the world over on how companies that own social networking sites (as well as email service providers) use your personal information. As per Facebook’s privacy policy, your information is theirs to use as they see fit. And if you use third-party applications, i.e. if you’re busy farming away using Farmville, you have compromised your information because you have allowed them unfettered access to it.

The business of buying and selling people’s information is huge. And while your account is at risk to the dubious activities of hackers, stalkers and sometimes even people you know, often your personal information is also being mined by the businesses that you have trusted to safeguard it.

There are basic precautions that you can take. Here are some basic dos and don’ts as far social networking goes:

Do not make personal contact information (i.e. phone number, address, etc.) available online
Do not give your location
Do not upload things that would compromise you in any way
Do not put information you don’t want others to have access to because, remember, what goes up on the Internet stays up there, even if you delete it.

For more tips on privacy, see Bolo Bhi’s Digital Security Guides

Little consideration given to the importance of privacy of Indivuals

On February 24, 2012 By Jehan Ara In 16 days, Blog, Privacy

Collection of data by various organizations, government bodies & individuals has become such an integral part of our lives that, more often than not, we don’t even think before sharing our most personal data with complete strangers.

Several things happened to me last week that have resulted in my need to write this post.
First incident: I went to Metro in Karachi to buy my monthly groceries and as I got out of my car, a young man approached me with a clipboard and asked if I would be interested in buying some engine oil from Caltex. It was a really good deal, he informed me. As usual, I was in a mad rush so I told him that I didn’t have the time to come and have a look at the product and its advantages at that time but would probably check it out later. He responded “That’s fine Ma’am. May I have your name, your email address and your cell number.” I answered “No you may not. That is private information I do not wish to share with someone i don’t know.” He was persistent and told me that he needed the information so that he could send me details on all the wonderful deals his organization was offering. Being a privacy advocate, I tried to explain to him the dangers of parting with such information but like most surveyors, and sales people, he had only one focus – adding more names and contacts to his company’s existing marketing database. I gave up trying to convert him to my way of thinking because I had limited time. However the irritation stayed with me.

Second incident: It seems everyone was out to irritate me that day. As I parted with thousands of rupees and was wondering how the average Pakistani managed to live and provide food for his/her family, I was approached by yet another young man with a clipboard. He said to me that I was lucky to have come to the supermarket that day because all customers shopping on that day qualified for a lucky draw. All I had to do was part with my name, home address, email address and cell number. I didn’t see the point of arguing with him because he was only doing what he was hired to do. So I just said that I did not wish to part with my personal data. He persisted but I told him that I was not likely to change my mind, turned my back on him and left.

Third incident: The next day I got a call from a representative of the Pakistan Telecommunication Company Ltd (PTCL) who started the conversation by asking me how I was doing and if I had a few minutes. I asked what it was about and he started to tell me about this new broadband deal that his organization was offering. I interrupted him by asking where he had got my cell number from, that i didn’t recall sharing it with his organization or giving my permission for them to share it with their marketing reps. I also told him that I did not appreciate receiving a sales call on my mobile phone, that I only used it for business and personal purposes.

Instead of being apologetic, the young man proceeded to tell me that he was calling from PTCL and that he had access to all my information. He then rattled off my home address which, as you can imagine, resulted in me losing my cool totally. I told him that I took great exception to the fact that anyone had access to my personal data. To this he replied that I was obviously not aware that such practices were normal in Western and civilized societies and that it was due to the existence of such databases that people were able to avail of all sorts of schemes and benefits. I tried to explain to him that it was wrong for organizations to have access to anyone’s personal data & for them to use it indiscriminately. However, he didn’t see it that way and thought I was being very unreasonable at not accepting an internationally accepted best practice.

Fourth incident: A young female friend I am very fond of was looking very disturbed last week. When I asked her what was wrong, she explained to me that she had a medical problem for which she had consulted a specialist. Present in the consultation room, in addition to the specialist, were several other young medics. They stood around poking at various parts of her and discussing her “problems” as if she was a species that they had procured for experimentation and study. The reason for this was that this was one of the major teaching hospitals in the city. I remembered that when my dad had been hospitalized a few weeks earlier, he had also been put through similar group examinations. He had looked uncomfortable throughout the process – the indignity of the entire experience had left him feeling depressed and humiliated. My young friend expressed the same sentiments and asked why her medical problems couldn’t be a private matter between her and her doctor.

All these incidents indicate that professionals and organization give little consideration and thought to the privacy of those who are paying them for a service or a consultation. They believe it is their right to do whatever they wish with data they have collected, share it with whoever they like and use it in any which way. They think it is unreasonable of us to expect them to respect our privacy. We are made to feel uncooperative and unreasonable if we object and insist on our privacy being a key element of our relationship with them. Why is this? And should we not stand up and resist this increasing trend? I think we should. It makes me angry that organizations continue to violate my privacy and that I continue to allow them to. I think if we continue to let this to happen, we leave ourselves open to continued abuse of our basic right to protect our private information.

Privacy is like a mango

On February 24, 2012 By Jehan Ara In 16 days, Blog, Privacy

“Privacy is like a mango”, said Simon Davies, Director of Privacy International, at an Open Forum on Privacy at FAST-NU in Lahore. Gus Hosein and Dave Banisar, his PI colleagues, cringed when he said that and some of us are still trying to understand what he meant.

Anyhow, he got our attention. Maybe that was all he wanted to achieve. I must admit I had not given much thought to this issue prior to the visit by these experts – at least I had not really looked at it as an issue.

So when Simon asked how many of us had filled in the attendance sheet at the door, providing our names, designations, name of organizations, email addresses and cell numbers, all of us raised our hands. His next question was “How many of you bothered to ask us what we were going to do with this information?” Of course none of us had. And this is where the problem starts.

Whether we fill out an application form for a passport, an ID card, a visa, a credit card or whether we fill in a registration form for a workshop or for a free download from a website, we never ask WHAT any of those people are going to do with the information they are collecting. We don’t even know how many people will have access to the information, or if they are in fact going to sell it to a marketing organization. Have you ever wondered about the number of marketing calls you get on your mobile? Or the mass mailings you receive on your email account? Where do you think those people get hold of your contact information? All this personal information is open to misuse and in many countries there are no laws to protect us against this misuse.

When you look at social networking sites like Facebook or mySpace or even photo/video sharing sites like Flickr or youTube, you begin to see that we are all sharing a lot of information that can be misused. I believe Flickr actually says that any photo you upload no longer belongs to you and can be used for any purpose. Scary to say the least.

And what about information collected by the National Health Service in the UK or NADRA in Pakistan? How many people have access to it? What do they do with it? What if it is lost? Yes NHS lost millions of records recently. That must have included health information about adults and kids that is now somewhere out there.

With smart cards becoming the norm in countries around the world, is it not our responsibility to advocate for privacy legislation and to start building in the right Privacy safeguards into technology products/websites/registration procedures etc so that we know that any information that is collected is used to a limited extent, for the purpose for which it was meant, and that it will be retained for a limited amount of time after which it will be destroyed. Shouldn’t we during this period have access to the data so that we can ensure its continued accuracy?

In subsequent posts I will talk about actual cases of misuse of data – deliberate and through pure negligence – which have resulted in causing grievous harm to the rights of individuals.

A friend of mine has put up as associated post on Privacy that I thought I would share here. We should start to think about all this and help our government to formulate policy that will protect them and will provide us with the safeguards we deserve as citizens of this country.

Should they have a right to ask for this?

On February 24, 2012 By Jehan Ara In 16 days, Blog, Privacy

I was watching an ad for the Dawn Lifestyle Expo – it sounded like an interesting and varied exhibition that I might have thought of attending but I have decided against it. Why? Because apparently although there is no entry fee, what they do ask is for you to hand over a copy of your ID card, Driving license or Passport.

I really do not understand that at all. To ask for proof of your identity is one thing, but why should I be expected to hand over to the exhibition organisers a copy of my National ID card which contains my name, my residence address, my father’s name, my date and place of birth and my photograph.

This is a privacy issue. Why do they need this information? What will they do with it? How many people in the organization will have access to it? What security measures will be taken to ensure that this they do not pass on a copy of it to someone else? What will be done to prevent someone from misusing this information?

Entry to an exhibition is normally through an invitation, an entry ticket or paid registration or its free. No-one has ever asked for a copy of an ID card to be handed over. So why should Dawn? I object. And so should we all.

We have no privacy legislation in this country and so anyone who asks us for any kind of information – whether it be a government organization/department or a commercial one, we hand it over without a thought to what they will use this information for, how many people will have access to it and what they will do with it once they are done. The number of feedback forms we fill up on websites without checking out the Privacy Policy and without questioning the right of anyone to have access to our personal data, is totally unnerving.

Shouldn’t we be thinking about this, debating it, making sure that policies are enacted that protect our individual privacy?

Under Surveillance – a comic which highlights privacy issues

On February 23, 2012 By Jehan Ara In Blog, Privacy

Thanks to Gus Hosein of Privacy International for sharing this comic/graphic novel with us. It is a great resource for explaining to young people how important privacy is and how data one shares online or via mobile can be open to misuse.

It was produced with the financial support of the Fundament Rights & Citizenship Programme of the European Commission and is available as a free download.

Many of us (and I don’t mean just the kids who are Digital Natives) but also those of us in the older age bracket who are Digital Immigrants, are very naive about the sharing of personal data. This graphic novel brings out some of the dangers of not protecting yourself and your data in the digital arena.

Different procedures for different people

On February 23, 2012 By Jehan Ara In Blog, Privacy

I lost my National ID card a week ago and I have been worrying about it because there are many occasions when it is needed for one reason or another. Today I decided that I would stop looking for the misplaced card and apply for a new one.

So this morning off I went to my friendly neighbourhood NADRA office. The first thing I noticed was that Friday is Ladies Day at NADRA so only ladies can apply for ID cards on this day of the week. Different procedures for different people I wondered if that meant that ladies were discouraged from applying for new ID cards on any other day of the week. Nonetheless I was there for a purpose so I went and queued up.

The girl at the counter asked me if i wanted the card issued urgently or did it not matter when I got it. I asked how long it would take in the normal course. She responded, “Maybe a month or maybe two.” So of course I said I needed it urgently which still meant waiting 10 – 12 days. She then asked if I would like to be on the Fast Track. I said sure and was immediately whisked away to a room where the process began immediately. Of course this meant I had to fork out Rs. 1,000. Not knowing how much it cost otherwise, I thought to myself: I have to get to the office. It is probably worth my time to just get this done quickly.

It was only much later that I found out how much time I had really saved.

Apparently, the normal process if you lose your card is:
1. File an FIR (First Investigation Report)
2. Wait 8-10 days in case it turns up
3. Pay Rs. 150
4. Get your form attested by the District Nazim ( if you can find him)
5. Then come back to complete the process
6. If you are married you need to have an attested copy of your Nikahnama (marriage certificate)

Now listen to what the process is if you are on the Fast Track:
1. Pay Rs. 1000 and get a token
2. No FIR
3. No waiting period
4. No attestation by District Nazim
5. Just proceed with the process

See what a difference there is in the process so you actually save a lot of time.

As if this was not irritating enough, the process itself has changed since I first had my ID card made. This time they made me take off my spectacles, and instead of needing one thumb print, they had to scan both thumbs and all 8 fingers. I told the guy “So you are assuming that we are all criminals and are taking no chances?” He smiled and said “Ma’am I am just doing my job” (couldn’t fault him for that).

Then I went to the next computer where I was asked for a copy of the ID card I had lost. The lady also asked if I was married or single. I said I was single. She asked if my parents were alive. I told her Ammi was deceased by that my father was in the land of the living. She asked for Ammi’s name and asked for a copy of my father’s ID. Now why should she need that? Fortunately, I had a copy because I needed it to apply for a Police Clearance Certificate for a visa (but that’s another story).

Anyway, after this the document was printed. I had to go to another lady to sign it and was then told to come back in 10 – 12 days. And that was that!

What occured to me as I got into the car was that it was a warped process at best and the fact that the rules were different if you had money, was really pathetic. Why should you need the Nazim to attest the information you have provided? But if for some Godforsaken needed, there was some rationale to it, then paying Rs. 850 more should not mean that you didn’t have to. If an FIR was required, then the fast track could mean that a policeman was available on site for you to lodge it there. It should not mean that you didn’t have to lodge an FIR. Different procedures for different people I guess. No wonder people feel that some are more equal in this country than others.

Another thing to note is that each time there is a change in your status – i.e. should you marry or get a divorce, should one of your parents be deceased, should you start your own business instead of being an employee, and in several other cases, you will need to go to a NADRA office to have the alternation made to your ID. Big brother must know what you are up to at all times. Talk about privacy! Sheesh!

From: http://jehanara.wordpress.com