baluch pattern
Sanaullah Baloch Mir Mohammad Ali Talpur Karlos Zurutuza Selig Harrison Malik Siraj Akbar Zaffar Baloch Sanaullah Baloch: Exploitation of Mineral Wealth... Mir Mohammad Ali Talpur: Negligent dereliction of duty... Karlos Zurutuza: Inside Iran's Most Secretive... Selig Harrison: The Chinese Cozy Up... Malik Siraj Akbar: Remembering Qambar Chakar... Zaffar Baloch: Balochistan's Burden...

Notorious spy technology found in Pakistan

Islamabad, May 01, 2013: Bytes for All Pakistan and its partner Privacy International (UK) along with international human rights movement are shocked by the evidence received today proving the presence of a FinFisher Command and Control server in Pakistani territory, hosted by Pakistan Telecommunication Company Ltd. The evidence is contained in an important research report issued by Citizen Lab earlier today.

FinFisher is a notorious surveillance technology criticised internationally for undermining citizens’ privacy rights. It is well known that it has been used by repressive regimes all over the world to crack down on human rights defenders and activists.

The Citizen Lab report, entitled ‘For their eyes only: The Commercialization of Digital Spying’ sheds light in detail on the mechanism of the malware, explaining not only how the technology is used to spy on citizens, but also how it is designed to resist analysis and evade identification. The most shocking thing about this report comes at the end, when the report presents a rather chilling discovery listing countries around the world that are using these technologies to spy on their own citizens. The list, sadly, includes Pakistan.

This is atrocious and condemned in strongest terms, as it is anti-democracy and in severe violation of citizens privacy and civil liberties.

The presence of FinFisher in Pakistan poses several important and critical questions that the government must answer:

*Who is using this command and control server and what exactly is the purpose of it in Pakistan?
*Why has the most notorious digital spying tool been deployed in the country without any public knowledge, especially when there are no individual protections or privacy laws in place?
*How FinFisher is not a national cyber security threat for Pakistan and Pakistani citizens;
*If this server is not used to spy on the citizens, is it targeting cross-border spying? and
*How much public funds have been spent to acquire this notorious anti-democracy technology?

Considering the massively deteriorating human rights situation in Pakistan, non-existent privacy laws and data protection legislation, it becomes much more important to investigate further that who is controlling this sophisticated system of malware and what exactly they want to achieve. The presence of such spying tools in Pakistan is an outrageous attack on the privacy of Pakistani citizens and their constitutional rights.

Bytes for All, Pakistan, warned about such mechanisms in place by the censorship and surveillance loving Pakistani regimes in the past as well, but now we have the evidence and we have the right to seek an explanation from the authorities to explain why such blatant attack on the privacy of the citizens is being carried out and under what law such technologies can be used against the common citizens of Pakistan.

What makes the Pakistan case more important is that in February 2013, Privacy International, along with a range of other credible organizations, filed a complaint with the OECD alleging that Gamma International - the makers of FinFisher:

*failed to respect the internationally recognised human rights of those affected by [its] activities;
*caused and contributed to adverse human rights impacts in the course of [its] business activities;
*failed to prevent and mitigate adverse human rights impacts linked to [its] activities and products, and failed to address such impacts where they have occurred;
*failed to carry out adequate due diligence (including human rights due diligence); and
*failed to implement a policy commitment to respect human rights.

Privacy International has also instituted proceedings in the UK courts regarding the investigation of Gamma International for exporting FinFisher without a licence.

We condemn this outrageous violation of privacy and basic human rights in strongest words and demand from the Government of Pakistan and relevant authorities an explanation of the presence of such command and control servers in Pakistan.

The right to privacy is essential to a vibrant and people centred democracy. The presence of dangerous surveillance technology in Pakistan obliterates any hope that the private lives of Pakistani citizens are safe from the prying eyes of the government. This further adds to the perils of digital age.


About Bytes for All, Pakistan

Bytes for All (B4A), Pakistan is a human rights organization and a network of Information and Communication Technology (ICT) professionals and practitioners. It experiments and organizes debate on the relevance of ICTs for sustainable development and strengthening social justice movements in the country. Its mission is “ICTs for development, democracy and social justice”.

For more information (and please note the change in the office address):

Bytes for All, Pakistan
House 273, Street 17, Sector F- 10/2, Islamabad, Pakistan

Cell. +92 51 2110494-95