Note: This is a Bolo Bhi & Digital Rights Foundation’s open call for support for national and international human rights organizations against espionage and surveillance in Pakistan.

This statement is pursuant to the Citizen Lab report, “For Their Eyes Only: The Commercialization of Digital Spying,” the report describes the results of 1 year of research into the global market for commercial intrusion and monitoring software. The report included a global mapping of the command and control servers used for FinFisher, a remote intrusion and monitoring product line sold to governments. Pakistan was identified among the countries where FinFisher Command and Control servers have been found.

We are a consortium of NGOs and individuals— ARTICLE 19,  Association For Progressive Communications, Access Now, Bolo Bhi, Centre For Democracy & Technology, The Centre for Internet and Society, Centre For Peace & Development Initiatives, Christopher Parsons,Chunri Chuopaal, Digital Rights Foundation, Electronic Frontier Foundation, Free PressGlobal Voices Advocacy, Index On Censorship, Intermedia Pakistan, Individual Land PakistanJacob Appelbaum (The Tor Project), Leila Nachawati,  Privacy International, Reporters Without Borders, Renata Avila (Human Rights & IP lawyer),  Simon Davies (Privacy Surgeon), Institute for Research Advocacy and Development Pakistan, The Internet Democracy Project India, and Nawaat — committed to respecting user privacy and promoting freedom of expression and access to information.

We express our dismay and condemnation over the presence of a FinFisher Command and Control server on a network operated by the Pakistan Telecommunication Company Limited (PTLD’s). FinFisher, developed by a UK-based company Gamma International, has been used to target activists in Bahrain. Privacy International is currently engaged in a lawsuit over the export of FinFisher, and has also filed a complaint with the OECD.

In February 2012, alongside an international coalition of civil society groups, we actively campaigned to stop the impending nation-wide firewall and to inform the government and international surveillance companies of the repercussions of the firewall would have on academia, businesses, trade, and civil society. As a result, five major international companies known to sell surveillance, filtering, and blocking systems publicly committed not to apply for the government’s call for proposals last year.

In March 2013 the Ministry of Information Technology made a commitment to shelve their plans for acquiring the technology for URL filtering and blocking.  With the Citizen Lab report we have now learnt that servers at PTLD, one of the largest ISPs in the country, are hosting a command and control server for FinSpy. Based on the report, there are two possibilities: (1) elements of the Government of Pakistan are deploying FinFisher trojans or (2) a foreign government is using a server inside Pakistan for a digital espionage campaign.  Either one of these possibilities is highly troubling, and the findings warrant immediate investigation.  Moreover, given that a Pakistan Telecommunications Authority’s representative has admitted in court that PTCL has acquired a traffic filtering system, we feel that this acquisition and surveillance capability represents a further threat to the free flow of information, user rights, freedom of expression and privacy in Pakistan.

As members of Pakistan’s civil society and organizations committed to ensuring the government upholds democratic principles in Pakistan, and with concerns about restrictions on privacy as well as access to information, we strongly urge PTCL to immediately investigate the existence of FinFisher Command and Control Servers and to publicly disclose their findings.  PTCL to should follow the example of the Canadian ISP SoftCom that investigated and then disabled the FinFisher server on its networks that was similarly identified by Citizen Lab in March 2013.  By keeping their users in the dark any further PTCL would harm open and secure access in Pakistan. PTCL should under no circumstances allow FinFisher or other remote intrusion or filtering tools within their network, as their presence directly violates user’s rights and privacy, as well as threatening Pakistan’s network security.

If PTCL wants to further support business, innovation, entrepreneurship, trade, international investment, academia and human rights, it should immediately investigate and disable this  espionage equipment on its network.

Signed:

ARTICLE 19,  Association For Progressive CommunicationsAccess NowBolo BhiCentre For Democracy & TechnologyCentre For Peace & Development InitiativesChristopher Parsons,Chunri ChuopaalDigital Rights FoundationElectronic Frontier Foundation, Free PressGlobal Voices AdvocacyIndex On CensorshipIntermedia PakistanIndividual Land PakistanJacob Appelbaum (The Tor Project), Leila Nachawati,  Privacy InternationalReporters Without Borders, Renata Avila (Human Rights & IP lawyer),  Simon Davies (Privacy Surgeon), Institute for Research Advocacy and Development PakistanThe Internet Democracy Project India, and Nawaat

For signatures please contact, sana@bolobhi.org or nighat@digitalrightsfoundation.pk