Search
Content type: Report
The methodology employed for this report consists primarily of in-depth interviews held with grassroots political workers and representatives of collectives. The researchers interviewed 14 individuals from various social justice causes such as womens’ rights, climate change, transgender rights, students’ rights and the right to universal internet access in Pakistan. The experiences they have shared with the interviewers along with the real-time developments in the country’s law and order…
Content type: Explainer
The Free to Protest Guide Pakistan has been created by adapting Privacy International's (PI) Free to Protest Guide UK according to the laws and policies of Pakistan, in collaboration with PI and local activists in Pakistan.The Guide has been published in English, Urdu, Punjabi and Pashto.DISCLAIMER: This guide forms part of PI's global work to highlight the range of surveillance tools that law enforcement can use in the protest context, and how data protection laws can help guarantee…
Content type: News & Analysis
Privacy International (PI) is concerned by developments in Pakistan regarding the enactment of the Draft Personal Data Protection Bill, 2023 and the opaque process which will see the bill become law.
The Bill was published on 19 May 2023 by the Ministry of Information Technology and Telecommunication ('MITT'). However no open and inclusive consultation was open for comments to be submitted to the MITT. In a concerning development it was reported that the Bill was approved by the Federal…
Content type: Examples
TrustNet Pakistan, the country’s only digital trust foundation, has begun work alongside many other global technology companies on a digital vaccination verification platform called CovidCreds. The initiative supports projects that use privacy-preserving verifiable credentials. TrustNet is working on a solution called Vaccify to provide verification that it’s safe for people to travel out of Pakistan. The system is expected to work via a mobile phone app that can digitally receive test results…
Content type: Examples
A detailed analysis of Pakistan’s app, which was developed by the Ministry of IT and Telecom and the National Information Technology Board and which offers dashboards for each province and state, self-assessment tools, and popup hygiene reminders, finds a number of security issues. Among them: the app uses hard-coded credentials, which it sends insecurely, to communicate with the government server, and it downloads the exact coordinates of infected people in order to provide a map of their…
Content type: Examples
The lack of data protection laws and the absence of a privacy commission are contributing factors to Pakistan’s failure to investigate or remedy security flaws in the country’s recently-launched COVID-19 tracking technology, which partially depends on a system originally developed to combat terrorism. While there are no reported cases of harassment or targeting based on the leak online of the personal details of thousands of COVID-19 volunteers, the lack of response fails to boost citizens’…
Content type: Examples
South Korea's second spike in coronavirus cases was curbed via a contact tracing regime that uses credit card records, mobile phone tracking, and GPS location data in order to track the previous movements of infected individuals working alongside efficient diagnostic testing. Successfully tracing an outbreak in Itaewon to a gay barhopper, however, led to reports of homophobic abuse targeted at the South Korean LGBTQIA community, and online criticism has led some who should be self-isolating to…
Content type: Examples
On the day South Korea relaxed its social distancing measures, a 29-year-old man tested positive for COVID-19. The previous weekend, he had visited five nightclubs in the gay district of Itweon in Seoul, mingling with around 7,200 other people. After nearly 80 new COVID-19 cases have been linked to that one man's outing, the mayor ordered all clubs and bars closed indefinitely, and led officials to push back reopening schools by a week. Soon aftewards, another infected man was found to have…
Content type: Examples
As the first confirmed coronavirus case in Pakistan, Yahyah Jaffery became a pariah after his identity, photograph, and home address were leaked on social media. Similar leaks about dozens of other patients and medical staff followed. The contact tracing system being used for coronavirus was originally developed by the country's Inter-Service Intelligence (ISI) to combat terrorism; it is based on a new data hub in Islamabad that will collect information from the ISI tracking system and share…
Content type: Examples
Authorities in South Korea, which had been successful in containing the coronavirus early on due to its aggressive testing programme, began trying to trace more than 5,500 people who visited a group of bars between April 2 and May 6 because a single infected customer led to a new outbreak. More than 3,000, some of them for fear of being stigmatised as gay, remained out of reach while the number of cases rose to 101. Gay people have little protection in South Korea, and the news of the…
Content type: Examples
Our partners from Digital Rights Foundation in Pakistan wrote a piece analysing cases of privacy violations, misinformation, hate speech and other cases. As they said, the situation with regards to the Coronavirus is still developing in the country and Digital Rights Foundation, are keeping an eye out for the developments regarding the disease and also assessing how the digital rights sphere is being affected.
Link: https://digitalrightsfoundation.pk/protecting-your-digital-rights-during-the-…
Content type: Examples
The Pakistani government has repurposed a system designed by the country's spy agency, inter-Services Intelligence for tracking down terrorists to trace suspected COVID-19 cases. Prime minister Imran Khan has said that efficient tracking and testing of coronavirus-infected people is the only way to reopen the country's closed businesses.
Source: https://www.indiatoday.in/world/story/pakistan-government-isi-system-track-suspected-covid-19-cases-pm-imran-khan-1670378-2020-04-24
Writer: Press…
Content type: Examples
An Excel file containing complete data pertaining to patients tested for coronavirus in the cities Quetta and Taftan in the the Balochistan region of Pakistan has been circulating in WhatsApp groups about Balochistan. The file contains information such as names, phone numbers, age address and other identifying information for the patients. The leaked data puts the patients at risk of personal harm and social stigma, even after recovery. Balochistan government officials say the data leaked…
Content type: Examples
On March 9, SK Telecom began providing South Korea's Gyeongbuk Provincial Police Agency with its Geovision population analysis service and GIRAF platform. The company claims that the combination can analyse mobile geolocation data across the country in real time, create visualisations, and show how many people are in 10x10 metre lattices, enabling police to send officers where they're needed to enforce distancing measures. The company is in talks with the Korean National Police Agency to expand…
Content type: Examples
An official directive from the Pakistani provincial government of Sindh titled "COVID-19 Mobile Registration System for Needy People" describes its use of multiple databases to identify those in need of welfare funds and disburse cash to them by combining taxpayers' data from the Federal Board of Revenue, travel histories from the Federal Investigation Agency, and financial information from the State Bank of Pakistan. Recipients need to create cellphone accounts via the service provider Jazz in…
Content type: Examples
Mobile phone users in Pakistan have discovered that the government is accessing, without consent, their mobile phone location and call records despite legal questions about whether doing so violates the country's constitution. After users reported that patients testing positive for COVID-19 returned home, the government sent SMS "Karuna Alert" messages to some of their friends, family, and neighbours; the Pakistan Telecom Authority confirmed it had sent the messages using patients' registered…
Content type: Examples
Although the alerts about contacts with people infected by the coronavirus sent out via SMS by the South Korean government do not include names, the information included about people who tested positive for coronavirus, and their past locations can be revealingly detailed in some cases. Those who have been identified by this means have suffered offline and/or online harassment; others, without being specifically identified by name, have been mocked. A survey has found that as a result people…
Content type: Examples
The success of South Korea's efforts to combat the coronavirus without a national lockdown and without suspending civil rights depended in part on preparation put in place after the 2015 MERS epidemic and in part on the country's network of private testing labs, which enabled the country to quickly set up drive-in testing, with the results rapidly texted back to mobile phones. Positive results set in motion aggressive contact-tracing incorporating CCTV footage, mobile phone tracking data, and…
Content type: Examples
After Pakistani residents queried whether messages labelled "CoronaALERT" sent out via SMS were legitimate, telecom authorities confirmed that it was authentic, being sent to selected individuals at the request of the Ministry of Health under the Digital Parkistan programme. Individuals were chosen because they might have come in contact with infected individuals during travel or in specific locations. It is not clear, however, what the criteria were for selecting individuals at risk,…
Content type: Examples
With 6,300 COVID-19 cases and more than 40 reported deaths, the South Korean government launched a smarphone app (Android first, iPhone due on March 20) to monitor citizens on lockdown as part of its "maximum" action to contain the outbreak. The app keeps patients in touch with care workers and uses GPS to keep track of their location to ensure they don't break quarantine. The government said the tracking was essential to manage the case load (at the time, 30,000 people) and prevent "…
Content type: Examples
The "safety guidance texts" sent by health authorities and district offices in South Korea are causing information overload and have included embarrassing revelations about infected people's private lives. A text may include, for example, a link to trace the movements of people who have recently been diagnosed with the virus. Clicking on the link takes the user to the website of a district office that lists the places the patient had visited before testing positive. In one case, a man in his…
Content type: Case Study
Photo by Roger H. Goun
Chloe is an investigative journalist working for an international broadcast service; we will call the TV show she works for The Inquirer. She travels around the world to work with local journalists on uncovering stories that make the headlines: from human trafficking to drug cartels and government corruption. While her documentaries are watched by many and inspire change in the countries she works in, you would not know who Chloe is if we were to tell you her real name.…
Content type: Long Read
For International Women’s Day 2019, Privacy International looks at some of the key themes around the intersection of gender rights and the right to privacy and we review the work we and our partners have done on those topics.
When dealing with cases of non-consensual sharing of intimate images, often known as ‘revenge porn,’ or doxxing, where a person’s personal details are shared publicly, the link between privacy and online-gender-based violence is very clear. Privacy…
Content type: Long Read
The Privacy International Network is celebrating Data Privacy Week, where we’ll be talking about how trends in surveillance and data exploitation are increasingly affecting our right to privacy. Join the conversation on Twitter using #dataprivacyweek.
In the era of smart cities, the gap between the internet and the so-called physical world is closing. Gone are the days, when the internet was limited to your activities behind a desktop screen, when nobody knew you were a dog.
Today, the…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgment
The State of Privacy in Pakistan is the result of an ongoing collaboration by Privacy International and the Digital Rights Foundation.
Between 2014-2016, Bytes for All contributed to previous versions of the 'Data Protection' sections of this briefing.
Key Privacy Facts
1. Constitutional privacy protections: Article 14(1) of…
Content type: Long Read
The idea of a “smart city” is primarily a marketing concept, used to sell data-intensive technologies under the pretext of improving the functioning of cities. This could include injecting ‘smart’ tech into delivering services, public safety, environmental monitoring, traffic control, among other possible applications.
One in particular aspect of smart cities has been consistently problematic: how these projects are used to boost law enforcement and policing under the guise of public safety.…
Content type: Advocacy
We welcome the effort by the Pakistani Ministry of Information Technology and Telecommunications to regulate the processing of personal data in Pakistan, and take measures to guarantee the right to privacy as guaranteed under Article 14(1) of the Constitution: “[t]he dignity of man and, subject to law, the privacy of home, shall be inviolable.”
This legislative development is crucial and timely as Pakistan continues to embrace innovative governance initiatives and deploy data-intensive systems…
Content type: News & Analysis
By Digital Rights Foundation, Pakistan
What is a safe city?
The answer to this question is not uniform; in fact it varies according to who you ask.
In a focus group conducted by Digital Rights Foundation in May of last year, consisting of women rights activists from across Pakistan, the answer meant imagining a city that was not only safe for women, in terms of their physical safety, but also welcoming for women and non-binary individuals in its architecture and facilities. Women expressed…
Content type: Press release
Below is a joint statement from Privacy International and Bytes for All.
This Friday, 27 September, marks the conclusion of the 24th session of the UN Human Rights Council, a session which has, for the first time, seen issues of internet surveillance in the spotlight. Privacy International and Bytes for All welcome the attention given at the Human Rights Council to this issue. However, we are concerned about developments which took place that threaten privacy rights and freedom of…
Content type: Long Read
To celebrate International Data Privacy Day (28 January), PI and its International Network have shared a full week of stories and research, exploring how countries are addressing data governance in light of innovations in technology and policy, and implications for the security and privacy of individuals.
According to the World Bank, identity “provides a foundation for other rights and gives a voice to the voiceless”. The UN Deputy Secretary-General has called it a tool for “advancing…