August Issue 2015
The Death of Privacy
Ever since Edward Snowden went rogue on the National Security Agency (NSA), the word ‘surveillance’ has become commonplace. However, it is hardly a new phenomenon. States have been conducting surveillance on their enemies and their allies, for centuries. It’s just politics.
Little is known about the state of surveillance in Pakistan. However, certain inferences can be made from available data. For example, in 2013, I was one of the first journalists to write about the presence of Fin Fisher intrusion software at Pakistan Telecommunications Limited (PTCL) servers. Fin Fisher describes itself as “helping government law-enforcement and intelligence agencies track suspects, monitor their online and offline activities and realise other specific requirements.”
A British company by the name of Cobham calls itself “a market leader specialising in cellular telecommunications capabilities to law enforcement, military and intelligence agency customers worldwide.” Specifically, what the software does is locate a cell phone to within a metre of its actual, real time location, without the user knowing. One of the company’s brochures proudly displays the Pakistani flag. Then there is Narus Insight, a highly sophisticated tool that provides “real time traffic intelligence.” It was installed by the Pakistan Telecommunications Authority (PTA) sometime in 2009.
These are just a few examples. To say that the state has gone all out in throwing a dragnet over its citizens is a fair inference. All these insidious and invasive tools and practices were made legal in 2013 by the passing of the Investigation of Fair Trial Act (FTA) 2013, which gave Pakistan’s security forces and intelligence agencies carte blanche to conduct all forms of surveillance.
“The FTA is an unbelievably draconian law and is illegal,” says Shahzad Ahmed, Country Director, Bytes4All, one of the leading digital rights groups in the country. “Its language has deliberately been kept vague to allow it to be bent as per the wishes of the law enforcement institutions.”
Ahmed has a point. For example, a portion of the FTA reads: “In cases where any official…has reasons to believe that any person is likely to be associated with or is beginning to get associated with any act leading to a scheduled offence, or is in the process of beginning to plan such an act, or is indulging in such a conduct or activity that arouses suspicion, that he is likely to plan or attempt to commit any scheduled offence and, therefore, it may be necessary to obtain a warrant of surveillance.”
In a certain light, this could be anybody.
If seen in isolation, the FTA has some checks and balances in place to ensure that it isn’t misused. For example, there is the requirement for obtaining a warrant of surveillance at the ministerial level and subsequent permission/approval from the High Court. At the same time, further protection is granted in the form of a six-monthly review by a committee formed for this very purpose. A lawyer who is a consultant with the attorney general’s office believes, “The process of surveillance may be initiated upon mere suspicion and may well be misused by persons in authority for personal gain, vendettas etc. Intelligence agencies may look to circumvent the requirements for the warrant by applying political pressure on judges etc.”
However, according to Barrister Syed Raza Ali, partner at Ali and Ali, “The FTA is in clear violation of articles 9 and 14 of the constitution, and can easily be challenged in court using the 1996 Telecommunication Act and the dissolution of the Benazir Bhutto government in the same year as a precedent.”
In early 2014, Bytes4All filed a petition in the Islamabad High Court challenging the FTA. But in over a year and a half, it hasn’t managed to get an audience. Either state surveillance is not high up on anybody’s agenda, or the judges know better than to allow something like this to come up for a hearing.
To successfully petition against surveillance, you not only need a good case, but also a good judge. “Most of the judges in the high courts and above have a firm grasp on matters of fundamental rights so numerous provisions of the FTA can be challenged as being against the public interest,” says Barrister Ali. “It’s a problem of legal precedents; there are none. Unless somebody takes the matter to court, nothing’s going to happen.”
In the absence of any action by the citizens, rights groups like Bytes4All are the ones leading the fight. But their efforts are severely hampered by campaigns seeking to malign them: “We are accused of being anti-Pakistan, working on somebody else’s agenda, going against national interest and security, when in fact, all we are doing is standing up for our, and everyone else’s fundamental rights,” says Ahmed. “The moment people understand that our online privacy is as important as what we do in our physical lives, they’ll start taking precautions.”
However, there are numerous other laws which give legal cover to mass surveillance and, that too, without the checks and balances of the FTA.
From the Telegraph Act of 1885 onwards to the Pakistan Telecommunications Act of 1996, the Anti-Terror Act 1997 (amended 2014), the Monitoring and Reconciliation of International Telephone Traffic Regulations 2010, and the Protection of Pakistan Ordinance 2014, there are numerous laws, acts and ordinances that allow for surveillance and interception in the interest of public safety, national security and the like.
There are other equally important challenges as well, of which data mining, maintenance, retention and security are four major components. Mining is basically the process of analysing data from a variety of perspectives for the extraction of patterns and knowledge, such as data records (cluster analysis), anomaly detection and dependencies. Facebook and Google are perhaps two of the most widely known data miners in the world today, followed closely by most international business corporations. It is a well-known secret that local businesses and political parties have enlisted companies for this very purpose here as well. Which, in turn, means that they already have access to such data for processing. So not only is our data insecure, but apparently, our freedom to choose is also being manipulated.
Staying on the privacy front, this raises two questions. Firstly, is data mining even legal? If so, under what laws is it governed, and if not, then that is a conversation worth having. Secondly, if data-mining companies are being given access to private consumer information, is that also not a breach of privacy? And at the service provider end, how secure is the data being collected? As an experiment, I tried to track a friend’s mobile signal by asking around. In 15 minutes, I had the GPS coordinates. While the Electronic Transactions Ordinance 2002 Section 43 calls for the creation of regulations for the safety of such data, nothing has happened so far.
The insecurity of our private data, and our real-time location is unbelievably dangerous. Perhaps the greatest challenge in dealing with state surveillance is the fact that nobody knows they’re being watched. And the only time they find out is when the matter is in court. Those who know of what the state is up to have resorted to self-censorship — another violation of fundamental human rights.
Who is going to push back against the state’s rampant and illegal surveillance of its population? Historically, it has always been the press, with the Watergate scandal involving then US President Richard Nixon being a prime example. However, in Pakistan, the press remains silent — at worst because of its complicity or, at the least, by not understanding the seriousness of the crime at hand.
Then, there is civil society. There is an immediate need for a national level pro-privacy/anti-surveillance group. While some like-minded people have already put together such a group, and successfully lobbied against the Cyber Crimes Bill, they have yet to pay any attention to surveillance and privacy. And as far as rights and advocacy groups are concerned, they are unable to stand together for a common cause, thereby ensuring that they are unable to have a large enough voice and large enough numbers to get noticed.
But as usual the general public is indifferent. As one well-educated professional told me recently: “It’s all for national security so it’s all right, and besides, I have nothing to hide.”
All pro-surveillance arguments are built on the ‘if you have nothing to hide, you have nothing to fear’ mantra. It’s as anti-democratic as it gets.
This article was originally published in Newsline’s August 2015 issue.
The writer is a journalist based in Lahore. He is the current managing editor of MIT Technology Review Pakistan, a bi-monthly science and technology magazine.