Tanvir Siddiqui (Not real name) calls himself a hacktavist (Hacking activist). He is the kind of geeky young man from Karachi who hacks into computer systems he claims for ethical reasons. He told me surveillance through internet had picked up in Pakistan after September 11 attacks.
To show how easy it was he on his Linux-installed laptop showed us taking over a restaurant’s wifi network and all the connected computers and smartphones in an hour’s time – he claims it is that easy. After proofing his network, soon he himself left the network.
“The US and Britain started monitoring the internet to keep an eye on the militants. They started taking the communication seriously since they found concerns in chat rooms,” he alleges. At least the US has admitted massive surveillance programmes to disrupt terror plots. Recently, the National Security Agency (NSA), Director Keith Alexander, in a Senate hearing defended the internet and telephone data snooping programmes.
Some reports allege the second most snooped country is Pakistan. A group of digital rights organizations has demanded a thorough probe into allegations of large-scale cyber espionage and surveillance in Pakistan. The call followed a report by a Toronto-based research group identifying Pakistan among countries where “command and control” surveillance servers appear to have been found.
Asked about Pakistan, Mr Siddiqui said he would be extremely surprised if internet surveillance was not taking place. “I don’t have any doubts. There is evidence available. I myself have seen it on several occasions. The government does snoop on us.”
He gives example of arrest and subsequent legal proceedings against kidnappers of an American journalist Daniel Pearl on the basis of internet surveillance. Karachi police managed to arrest three suspects after tracing the IP address of those who sent the ransom e-mail in early 2002.
Pakistan’s Information Technology Ministry had last year announced it was shelving its plans for acquiring the technology for URL filtering and blocking. The low-level URL blocking and filtering activity reported in Pakistan is normally aimed at content deemed blasphemous, secessionist, anti-state or anti-military.
Pakistani digital rights groups actively campaigned to stop the installation of a country-wide firewall and raise awareness about the repercussions of the firewall for academia, businesses, trade and civil society. As a result, five major international companies known to sell surveillance, filtering, and blocking systems publicly committed not to respond to the government’s request for proposals last year. The plan was put off then, but not sure yet whether it has been completely shelved or not.
But new fears followed the publication of a report by a Toronto-based research group. University of Toronto’s The Citizen Lab in its report “For Their Eyes Only: The Commercialization of Digital Spying” identified Pakistan among the countries where FinFisher, a commercial intrusion and monitoring software, servers had been found.
FinFisher, said to be legitimate surveillance software sold by UK-based Gamma Group, can secretly take remote control of a computer, and copy files, intercept Skype calls and log every keystroke. The Citizen Lab report reported the presence of a FinFisher server on a network operated by the state-owned Pakistan Telecommunication Company Limited (PTCL).
Call for probe
But unlike the US officials, the government in Pakistan is completely mum over the issue. No one has denied or confirmed the allegations. Even PTCL, the company accused of hosting the server, has not made any statement. The Minister for Information Technology, Anusha Rehman, has refused to talk to the BBC on these reports.
After publication of the Citizen Lab report, a consortium of NGOs and individuals led by Bolo Bhi (Speak up) advocacy group urged PTCL to immediately investigate the claim and to publicly disclose their findings.
The question is how authentic Citizen Lab’s report is. “The group always comes with evidences. The group is considered independent because it does not take funds from governments or corporate sector,” Bolo Bhi’s director Sana Saleem told the BBC.
She says based on the report, there are two possibilities: one that elements of the government of Pakistan are deploying FinFisher trojans or two a foreign government is using a server inside Pakistan for a digital espionage campaign. “Either one of these possibilities is highly troubling and the findings warrant immediate investigation, “ she said.
The group asked the state-owned PTCL to follow the example of Canadian ISP SoftCom, which investigated and disabled the FinFisher server on its networks after it had been similarly identified by Citizen Lab in March 2013.
Ordinary internet users in Pakistan are slowly waking up to the kind of surveillance. “Many people like me did not know about it. It’s you who has informed me that such surveillance could exist. I’m extremely concerned. No one has the right to do this. We have so much private information on our computers,” said Aamer Javed, a part-time employee of a firm while uploading some data from an internet café in Islamabad. “We shall be informed about it as to what it is?”
Human rights activists say FinFisher or other remote intrusion or filtering tools within a network directly violates user’s rights and privacy. Former parliamentarian Bushra Gohar once raised hue and cry over tapping of her telephone calls. “While terrorists are free to use internet and telephone to spread their message, ordinary people and politicians face the brunt. Their communications are tapped and they are blackmailed by the secret agencies. This must stop,” She demanded.
While a number of people agree that in the backdrop of terrorism, some information gathering could be justified to an extent but not as widespread and on the scale as is being reported in western media.
The only selective response so far has been from Senator Mushahid Hussain, who as chairman Senate’s standing committee on Defence has called for more vigil against cyber spying. He proposed “Given the security threat posed by snooping and spying by the US through their secret agencies like CIA and NSA, especially of Pakistan which is the second highest in their list of countries being spied online, funds should be allocated in the budget for a cyber security strategy since Pakistan is a victim of cyber warfare and cyber aggression. This should be entrusted to a cyber security task force, specially constituted for the purpose that can propose counter measures. Its secretariat should be in the ministry of IT”. But he too did not talk about internal spying.
Haroon Rashid joined the field of journalism in 1988 by joining daily The Frontier Post, Peshawar. He has worked all these years with different international newspapers and broadcasting organisations. He can be reached on his Twitter account: @TheHaroonRashid