In 2013, Pakistan’s Inter-Services Intelligence commissioned a major surveillance system that taps into three international under-sea cables affecting communications of its citizens and also the neighbouring countries whose communications pass through its borders, according to the findings of a report published by the British NGO, Privacy International.
The report accessed never-before released documents that show how the 'Targeted IP Monitoring System and the Common Operations Environment' will help the ISI collect and analyse a “significant portion of the communications travelling within and through the country at a centralised command centre”.
"If the project that the ISI proposed in 2013 was accomplished, and we suspect it has been, it would have massively increased the intelligence service’s capacity to monitor internet communications by increasing their collection volume," said Eric King, Deputy Director, Privacy International.
The investigation carried out by Privacy International also shows that the mass communication surveillance programme, targeting politicians, media personnel, judiciary and other civil society groups has been in place since 2005.
The report has also accessed phone-tapping statistics that show that in February the ISI was tapping 6,523 phones, 6,817 in March and 6,742 phones in April 2015. The fact that the SIM cards of most phones also contain biometric data in terms of fingerprints also helps the ISI carry out its surveillance without any legislative restrictions.
According to Matthew Rice, advocacy officer for Privacy International, "the scale of the system proposed by the Inter-Services Intelligence does not just affect those who live in Pakistan but also those who live in the region and anyone whose communications travel through Pakistan's networks. This will include a huge amount of innocent people swept up in a project like this for no good reason.”
Surveillance system
Documents attached to the report show that in June 2013, the ISI began a programme to directly tap into the main fibre optic cables entering Pakistan, which carry the bulk of the country’s communications. A note marked “Confidential” and sourced by the Privacy International researchers describe attempts to set up a “Targeted IP Monitoring System and COE (Common Operations environment)”. This aims to capture and store up to 600 giga bytes of Internet protocol traffic per second under the ISI’s control.
However, according to the report, the system could only have 200 analysts, severely limiting its ability to process large amounts of intercepted data. The ISI sought a system that is capable of monitoring “1,000 to 5,000 concurrent targets” for monitoring.
According to documents leaked by National Security Agency (NSA) contractor Edward Snowden, Pakistan serves as a “third party SIGINT (Signals Intelligence) partner,” for the US technical intelligence organisation. The US embassy in Pakistan along with its various consulates serve as “Special Collection Sites” for the NSA, which intercepts communications originating from Pakistan. Pakistan emerged as the nation with the highest dialled number recognition targets and the second-highest dialled number identification targets for the NSA by March 2013.
Foreign firms, domestic law
The Privacy International report also lists a number of foreign firms that have helped Pakistani security agencies, including the ISI, to install mass surveillance software and hardware. It names German companies like Atis, Trovicor, China’s Huwaei, Sweden’s Ericsson and France’s Alcatel for providing surveillance equipment and capabilities to Pakistani agencies. "Without these companies, the Pakistani government would not be able intercept its citizens communications, as they have been doing systematically for over 10 years," said King.
King said that Privacy International was trying to influence the technology-producing countries, particularly the European Union, to reform their export control policies. "In order to ensure that the EU’s trade policy and regulation are in line with its commitment to human rights and democratisation, it is essential that it takes steps to prevent its companies from actively facilitating repression and authoritarianism," he said. "We also call for greater transparency around government contracting processes."
The report also notes that the lack of encryption and controls by the Pakistani government ensures that citizens have no or limited privacy against such kind of surveillance and intrusion. "All are at risk, when, as in Pakistan, armed conflict and insecurity are increasingly used to justify mass surveillance," said King. He pointed to recent developments like the Investigation for Fair Trial Act, 2013.
"Under the act, a warrant can be requested wherever an official has ‘reasons to believe’ that a citizen is, or is ‘likely to be associated’ with, or even ‘in the process of beginning to plan’ an offence under Pakistani law," he said.
"The breadth of those qualifying criteria is remarkable, and renders the additional protection offered by the process of applying to a judge illusory. Under the Prevention of Electronic Crimes Bill, which is being considered at moment, courts would have no role in vetting or reviewing the grounds for interception," he added.
This piece has been updated to include Eric King's comments.