Hacks and spies
REPORTS of hacking of phones, social media accounts and messaging apps, and scams targeting bank accounts are becoming increasingly common. As technology becomes more sophisticated, so do the attempts to scam and spy on its users, with little effort being put into making people more aware. This has also blurred the line between private hackers and state-backed surveillance efforts.
It is important to clarify the deep link between privacy and expression — the more one thinks they are under watch, the less free they will feel to express their opinion in clear speech, and that is turning out to be a tragedy for democracy as surveillance has a chilling effect on the right to express legitimate criticism of state policies.
Similarly, this also impacts confidence in digital services for governance, finance, health, retail and business — areas where technology has brought about a lot of ease. The resistance to banking and using formal financial channels is in part rooted in distrust of technology as a reliable channel for one’s savings and earnings, which has wider repercussions on policies relating to taxation and efforts to transition to a ‘formal’ economy.
Reports of hacking attempts and malware are commonplace.
In Pakistan, the privacy of citizens is subject to the wide web of surveillance infrastructure which pries into the most personal details. Whereas a lot of it is necessary for governance, questions related to protections afforded to all this data remain unanswered. Nadra remains the largest link of citizen data, with the CNIC number being the biometric link between citizens’ telephone number and device ID, internet connection, bank accounts, intercity public transport use, hotel stays, medical records, etc. And all this while we still do not have a personal data protection law or a privacy commission that governs the processing of such data, which has also been subject to several hacks in the past.
Surveillance capabilities are further strengthened by legal and policy regimes. The Investigation for Fair Trial Act 2013 makes a warrant from court mandatory for wiretapping and surveillance of suspects by security agencies, but in reality the surveillance is intrusive, often unlawful, carried out arbitrarily and with impunity. Take, for instance, the web monitoring system procured at the end of 2018 under the public garb of curbing grey traffic; in reality it uses deep packet inspection technology to surveil the internet — something submitted by the Pakistan Telecommunication Authority before the Islamabad High Court in a case related to the social media posts of an activist.
The Toronto-based Citizen Lab in its routine investigation of global surveillance trends had reported, in 2013, on the use of keyword filtering technology developed by Canadian company Netsweeper to filter political and other keywords to censor in Pakistan. The Citizen Lab also reported on the presence of Finfisher, a spyware used for tech-based surveillance, in Pakistani servers.
Reports of WhatsApp-based malware attacks enabled by the Israeli NSO group technology only sold to governments raise several concerns.
In the presence of such evidence, it is no surprise that reports of hacking attempts and malware are commonplace. A detailed investigation in 2017 showed the sophisticated targeting of Diep Saeeda, a Lahore-based peace activist, where malware — software that spies on all the data on a device — was installed on her phone and computer through a link sent from a fake profile of a girl on Facebook pretending to need her help.
Last week, the Supreme Court issued a press release asking anyone receiving messages from Justice Qazi Faez Isa’s phone to be aware that his phone has been hacked and any correspondence is not from him. The same week, activist Gulalai Ismail — whose parents are facing cases they say are malicious and fabricated since she went in exile — received an email from Yahoo informing her of a hacking attempt on her account from “government-backed actors attempting to gain access to information” in her account.
The right to privacy is protected by Article 14 of the Constitution, and further development of jurisprudence in the higher judiciary will be a welcome addition in protecting rights in relation to surveillance of communications which are increasingly digital in nature now. In a November Supreme Court judgement in the Justice Qazi Faez Isa case, Justice Mansoor Ali Shah had termed the unlawful surveillance and invasion of privacy a “naked threat to personal liberty, privacy and dignity guaranteed to the citizens under the Constitution”.
At the same time, the government needs to divert more energy to awareness campaigns aimed at citizens to make them aware of how to secure their digital presence and how to be safe from scams, especially those by hackers trying to gain personal information as well as financial gain from bank accounts.
The writer is director of Bolo Bhi, an advocacy forum for digital rights.
Twitter: @UsamaKhilji
Published in Dawn, February 7th, 2021