A NEW report on Pakistan’s internet surveillance, published by investigative agency Coda, has once again sounded the alarm on the long-standing issue of the state spying on its citizens. This is a matter of concern even if the PTA has sought to dismiss fears of an invasion of privacy.
The Coda investigation revealed that the government has acquired a “web monitoring system” from Canada-based company Sandvine. The system would allow for monitoring and analysis of all internet traffic moving into and out of the country using a method called Deep Packet Inspection, which would allow for both broad and targeted surveillance of internet activity.
According to Coda, the Pakistan firm Inbox Business Technologies Ltd acted as a local partner for Sandvine in signing the agreement with multiple parties including the PTCL. The contract is reportedly worth $18.5m and dated Dec 12, 2018. While authorities have previously shared that surveillance tools are aimed to curb grey traffic (eg illegal international calls) and other unlawful activities, this reasonable argument is not grounded in reality.
To begin with, Sandvine has a documented history of selling its technology to authoritarian regimes for purposes that undermine basic civil liberties. In an investigation by Canada-based Citizen Lab, its DPI equipment was found to be used in Turkey, Egypt and Syria both to censor content and to redirect users, resulting in the installation of spyware.ARTICLE CONTINUES AFTER AD
Secondly, the state’s track record and current trajectory with regard to internet regulation and specifically, surveillance, has been abysmal. The most commonly documented targets in the digital space have been social and political activists, members of rights groups, journalists, and more broadly, citizens who challenge or critique the state’s narrative.
The fear of online surveillance and consequent harassment, detainment, job loss and other negative outcomes has peaked in the last two years; to assume the installation of a new system for online monitoring will not be used for continued or amplified targeting would be naïve.
Thirdly, the laws that govern digital surveillance are flawed. Acts like the Monitoring and Reconciliation of Telephony Traffic Regulations, 2010, and the Prevention of Electronic Crimes Act, 2016, provide an overbroad and ambiguous/ ill-defined legal framework for all forms of surveillance, leaving room for misuse and abuse. Unfortunately, there has been little to no debate as to how these laws comply (or conflict) with basic human rights.
While the Coda report findings aren’t unexpected, they should serve to remind the government and other key players that without a reassessment and overhaul of how online surveillance and control is carried out, Pakistan will permanently enter the list of bad examples of internet governance. Such a standing will have far-reaching implications on the diplomatic front and the business front among others.
Perhaps most importantly, online surveillance without proper checks and balances will leave everyone, including those in power, at great risk.
Published in Dawn, October 26th, 2019