Monthly Archives: November 2013

The Internet as a Catalyst for Change in Yemen

This article was authored by Walid Al-Saqaf. It originally appeared on Global Voices Advocacy.

The economy is suffering, illiteracy levels are among the highest in the world, and most high school and university graduates are struggling to find work. Even worse, the security situation is dire: assassinations, kidnappings, and other violent acts have become routine. This is the state of Yemen today. But one segment of society that is trying to reverse the country’s fortunes is Yemen’s youth. Young Yemenis today could prove the greatest asset in getting the country back on its feet. Technology has a big role to play here.

Young people who are trying to find new ways to find work, engage, do research and get a break from daily hardships have found that the Internet has given them some relief and hope.

The recent launch of Yemen’s chapter of the Internet Society gives me reason to be hopeful. More than 200 people attended the launch event that took place in a remote part of Sana’a City. This leaves me optimistic about the strong desire of Yemenis, particularly youth, to have a stronger, more resilient, more accessible Internet.

Why now?

With so many problems facing Yemen, one of the questions posed by some audience members at the event was ‘Why now?’ hinting at the many other difficulties that Yemen faces -– severe water shortages and power outages have become a daily norm, and many don’t dare leaving home after midnight for fear of armed gangs. In the face of such direct threats to health and safety, some have asked: Why should one invest time, energy and money in the Internet?

The Internet could bring change, foster ideas and ultimately, play an integral role in lifting people from poverty. A small minority of Yemenis have pioneered this space, developing their own businesses on social media or using the Internet to find work. Success stories of Internet-based development and entrepreneurship could inspire more action. Events such as TEDxSanaaTEDxAden and Sanaa Startup Weekend have highlighted these achievements.

These examples were fascinating because the Internet was able to help change lives at a personal level despite a poor and relatively expensive connection. One can only imagine how a more open, easily accessible Internet could impact Yemeni society.

ISOC-Yemen is a step towards making Yemen a country more connected to the world.  With a population of 25 million, the majority of whom are under 40, Yemen could become one of the fastest growing countries when it comes to Internet penetration and use. It shows tremendous promise that can help shape the future of the country both at an individual and national level.

Affordability, awareness and transparency

There is much work to be done. At 15%, Yemen’s lowest Internet penetration rate is currently the lowest in the Arab World. The country also lacks 3G connectivity – although this is due in part to the government’s monopoly over telecommunications services, infrastructure has also been decimated by acts of violence – in 2012 alone, fiber cables were cut 180 times in attacks against the state and intertribal conflict.

We must start taking bold and strategic steps to seize the moment and use the Internet to its fullest potential. As ISOC-Yemen, we plan to do this with three primary initiatives.

We plan to engage with Internet service providers and public policy makers in an effort to end the government telecom monopoly once and for all. The current system, in which the country has one ISP operated by the government, has proven unsustainable. Yemen is the only country in the region that does not have 3G connectivity and lacks many services that are taken for granted in the region. It is time to open the market with clearly-defined conditions that will protect consumers and establish an environment of healthy competition. Without competition, government-run services could lag behind, failing to satisfy the needs of the public and the market.

We also will focus on awareness. Yemenis need to wake up to the global information revolution. It is unacceptable for students and teachers not to have email accounts and not understand what the Internet is and how it is used. And we must take advantage of the resources that the Internet can offer, not only for economic development, but also for education.

We also plan to promote transparency and e-government initiatives. Recent history has proven that a lack of transparency has led to corruption that has resulted in greater levels of poverty in Yemen. In many countries new and effective e-government services have brought the elimination middle-men and fixers. Having the government publish valuable and relevant information for public scrutiny will allow the public to hold officials accountable for their actions and to ensure that tax-payer money is spent appropriately.

ISOC-Yemen will undertake many other initiatives—these are merely a starting point. As a civil society organization, ISOC-Yemen can help shape the future of the Internet not only in Yemen, but also in the region. As ISOC is soon establishing a Middle East bureau, Yemen could be a prominent beneficiary and partner of the bureau, due to its pressing need for support, its great market potential, and its strategic location for cable connectivity to Africa and the Arabian Peninsula.

The bright side

Despite the troubles Yemen faces, I can see a bright side that should not be overlooked. It could be summarized in the youth of Yemen, this untapped resource that can fundamentally change the country’s status from being the least developed in the Middle East, to the most competent, skilled and fastest-growing country in the region. It can do so because it possesses something that other oil-rich neighboring countries do not: a robust youth population that is determined to rise up and defeat the odds with a spirit of hard work and dedication.

I felt from my last visit to Yemen eagerness in the eyes of many young Yemenis who wish to surprise the world, turn the fortunes of the past around, and prove that we could once again become a good world citizen. The Internet could help make that a reality.

ISOC is a non-profit non-governmental organization based in the US with the aim of supporting an open and robust Internet. It serves as the umbrella of Internet Architecture Board, the Internet Engineering Task Force, the Internet Engineering Steering Group, and the Internet Research Task Force. Learn more here.

Online Discussions on Promoting Internet Freedoms in Africa

The Collaboration on International ICT Policy in East and Southern Africa (CIPESA) and Paradigm Initiative Nigeria (PIN) to co-host discussion on online safety matters in Africa, during November and December 2013.

Background

Africa’s internet usage continues to grow steadily, with an estimated 16% of the population on the continent using the internet. The increased availability of affordable marine fiber optic bandwidth, a rise in private sector investments, the popularity of social media and innovative applications, and increased use of the mobile phone to access the internet, are all enabling more people in Africa to get online. In turn, there are numerous purposes to which users in Africa are putting the internet‐from mobile banking, to connecting with fellow citizens and with leaders, tracking corruption and poor service delivery, innovating for social good, and just about everything else.

The increasing usage of the internet, however, has in some countries attracted the attention of authorities, who are eager to provide caveats on the openness of the internet and the range of freedoms which citizens and citizens’ organisations enjoy online. The popularity of social media, the Wikileaks diplomatic cables saga and the Arab Spring uprisings have led many governments including those in Africa to recognise the power of online media. In a number of African countries, there are increasing legal and extra-legal curbs on internet rights, in what portends tougher times ahead for cyber security.

PIN and CIPESA to Lead on Internet Freedom Discussions

The Collaboration on International ICT Policy in East and Southern Africa (CIPESA) and the Paradigm Initiative Nigeria (PIN) will co-host an online internet freedom forum during November and December 2013. The purpose of this forum will be to discuss key online safety matters in Africa. The forum aims to attract discussions from key ICT experts both within Africa and outside Africa.

The outcomes of the discussions will feed into a report that will be presented at the first African Internet Freedom Forum to be held in 2014. Furthermore, it will inform the work of CIPESA, PIN and their partners that are working in the area of online freedoms.

Format of the discussions

Discussions will be hosted on selected online platforms in Uganda, Kenya, Nigeria and a mailing list comprising Africa Internet Governance experts. Identified platforms are:APC Africa IG Mailing List; KICTANet (Kenya) mailing list; Information Network (Uganda) mailing list; Naija IT Professionals mailing list; West African IGF mailing list; and FOI Coalition (Nigeria) mailing list.

The lists will be moderated by a representative from both CIPESA and PIN. Each week, a new topic with guiding questions will be introduced on the listserves and a summary provided at the end of each week. A draft report will be made available at the end of the fourth week.  This too shall be posted back on the mailing lists to capture feedback from participants as well as seek clarification on any issues that might not have been captured well. A final report shall then be made that will feed into the face to face meeting as well as be shared on the targeted platforms and onpartners’ websites. 

Discussion Outline

Week 1: November 11-15             Status of Internet Freedom in African Countries: Focus shall be on seeking participants’ views on issues of Freedom of Expression both online and offline; Internet Intermediary Liability; censorship and surveillance incidents; regulations, laws and policies governing freedom of expression online and perspectives on the African Convention on CyberSecurity.

Questions to explore:

  1. What are the major issues surrounding online freedom of expression in Africa?
  2. What convergences and tensions exist between freedom of expression and privacy?
  3. What are the implications of approaching the balance between freedom of expression and privacy from a freedom of expression–centric point of view?
  4. What actions can governments, civil society, media and the private sector take to balance privacy with freedom of expression online?
  5. What is the best way to empower users to stay safe online while protecting their freedom of expression?

Week 2: November 18-22 Global Surveillance Revelations and Impact on Africa: Focus will be given to global surveillance incidents like the NSA/Edward Snowden drawing lessons for Africa stakeholders i.e. governments, activists, CSOs and private sector; how to balance privacy while maintainingsecurity for citizens.

Questions to explore

  1. What can African governments learn from the NSA surveillance and Snowden revelations?
  2. What are the current technology trends and which cybersecuritythreats raise the greatest concern?
  3. How are evolving Internet services and technologies, such as mobile and cloud computing services, affecting these security threats?
  4. Is there any country data, across the continent, on how surveillance has really helped to curb – or prevent – acts of terrorism?
  5. Are African countries spying on each other? Are there countries that have shown a tendency to breach the rights of other sovereign nations on the continent?

Week 3: November 25-29             Best Practices on Internet Policy in Africa: Discussants will be called to share best practices on internet policies in Africa.

Questions to explore:

  1. What policies are working in your country and what needs to be streamlined or strengthened?
  2. Are there African countries that offer a model, or close enough to Best Practice scenarios that can be highlighted for other countries to learn from, or emulate
  3. What are the signs to look out for in our various countries’ ICT policies, to be sure that the country plans to improve Internet Freedom?
  4. What worked well for countries that have shown steady progress in the annual Freedom House ratings?
  5. What can other countries learn from those that have, or are developing, crowdsourced (and citizen-led) Internet Freedom Charters?

Week 4: December 2-6        Recommendations for Africa:Participants shall be called upon to suggest ways to improve internet security, data and privacy protection in Africa.

Questions to explore

  1. What elements need to be put in place to ensure all Internet users (including citizens, companies, government, etc) continue to have confidence in the Internet?
  2. How can African civil society organisations engage ICT policy processes to ensure that rights are not traded for security?
  3. Considering the ongoing discussions around the African Convention on Cybersecurity, what recommendations should be made to improve the text?
  4. How do activists and rights’ advocates protect themselves in scenarios where government clampdown could affect their work?
  5. Should African academia incorporate this new reality into classroom discussions? If they should, is there a model to learn from?

Join the conversation

For more information about the online discussions forum, please write to CIPESA viaprogrammes@cipesa.org or Paradigm Initiative for Nigeria via info@pinigeria.org

Download the full information here.

Tibet Action Institute and “Safe Travels Online: Tech Meet” in Toronto

On November 20, 2013, Cyber Steward Network partner Tibet Action Institute (TAI) participated in a panel discussion and tech session titled “Safe Travels Online: Tech Meet” hosted by Students for a Free Tibet Canada in Toronto. The discussion revolved around online targeted threats against activists, members of the Tibetan diaspora community, and their supporters. In attendance were Citizen Lab’s Research Manager Masashi Crete-Nishihata, Nathan Freitas, the Director of Technology of TAI & The Guardian Project, Lhadon Tethong, Director of the TAI, and Lobsang Sithar, the Field Coordinator of the TAI.

 

The TAI held a similar “Safe Travels Online” event in Dharamsala in June 2013, where representatives from the TAI and the Citizen Lab spoke of the dangers of online threats against the Tibetan community and the importance of digital security. The TAI website also hosts an ongoing “Safe Travels Online” video series starring Tibetan comedian Sonam Wangdue promoting security best practices for users of digital technology.

The TAI has long supported digital privacy. The Institute is a partner in the Guardian Project, a program designed to create apps, open-source software, and smartphone solutions designed to prevent online intrusion and guard the privacy of activists, journalists, humanitarians, and ordinary citizens.

Regional Consultation on Freedom of Expression for Civil Liberties in Asia

On November 21-23, 2013, Cyber Steward Network partner Bytes for All (B4A) will be participating in the “Asia Regional Consultation on ‘Freedom of Expression for Civil Liberties’” held in Bangkok, Thailand. Working in collaboration with other civil society organizations such as ICT Watch, Global Partners Digital, Association for Progressive Communications and the Thai Netizen Network, the event will focus on three issues relevant to free expression cyberspace in Asia: access to the Internet, online surveillance, and political-electoral communication.

The event will feature Frank La Rue, Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression. One of the objectives of the consultation will be to assess ways in which participants can best push forward the recommendations of the La Rue’s report on digital surveillance. The report urges states to strengthen existing laws on privacy and regulate the commercialization of surveillance software. The event will also highlight progress made on recommendations stemming from the La Rue’s previous report on access to information, which urges states to eliminate barriers to Internet access, discourage blocking and other means of filtering content, and encourage digital literacy. As an output, the event will produce and collect recommendations from participants on the concept of political-electoral communication for presentation to the UN General Assembly in 2014.

Bytes for All Condemns Instant Messaging Ban

Cyber Steward partner organization Bytes for All (B4A), based in Pakistan, joined with ARTICLE 19 to condemn a proposal developed by the government of Sindh Province for a three-month ban on instant messaging apps Skype, Viber, and WhatsApp. The provincial government maintained that this proposed ban is part of an effort to block access to networks used by criminals and terrorists for their activities. Legal experts in Pakistan argue that the ban is legally justifiable as the 1996 Telecommunications (Reorganisation) Act allows communication services to be suspended for security concerns. However, B4A and ARTICLE 19 have criticized the proposal as incompatible with international human rights standards.

The International Covenant on Civil and Political Rights (ICCPR), of which Pakistan is a signatory, accepts restrictions on free expression and access to information only if these restrictions are legally based, implemented for a legitimate aim, and are completely proportionate to those aims. B4A and ARTICLE 19 argue that the blanket ban on these services is extreme and disproportionate, and is therefore in violation of a central tenet of the Covenant. Furhan Hussain, coordinator for advocacy and outreach for B4A, also described the proposed ban as a “blow to the human rights and civic liberties of people.”

Other civil society organizations, politicians, and journalists also voiced their objections to the proposal. Pakistani advocacy group Bolo Bhi criticized the move, saying that the ban will negatively impact the local economy and families who rely on instant messaging platforms to communicate with members living abroad. The Sindh government has also been accused of being unclear as to how the ban will practically inhibit criminal and terrorist communication in the province. Other commentators have noted that many websites and pages associated with militant groups remain active, which raises questions as to the government’s intentions for and efficacy of the ban.

While Sindh’s Information Minister Sharjeel Memon has expressed his regrets for the “inconvenience” caused by the proposed ban, the province’s government has pledged to contact the Pakistan Telecommunication Authority (PTA) in order to move ahead with the blocking of the three messaging services. Pakistan’s Federal Interior Minister Chaudhry Nisar Ali Khan has stated that he is not in favour of any ban on messaging applications due to the country’s ineffective experience in jamming mobile communications to combat violent activity. The Interior Ministry will, however, consider the Sindh government’s proposal to see “how much significance the demand carries.” It is unclear when this ban is supposed to come into effect.

Update on Bytes for All Censorship and Surveillance Cases

In January 2013, Cyber Steward partner Bytes for All (B4A) submitted a petition to the Lahore High Court to challenge Internet censorship in the country. This case, in collaboration with the Media Legal Defense Initiative, a non-governmental organisation which helps journalists and independent media outlets around the world defend their rights, highlighted the ongoing censorship of YouTube in Pakistan. The popular video-sharing site has been blocked since 2012 since YouTube refused to remove the controversial anti-Islamic “Innocence of Muslims” video.

After months of deliberations, the Lahore High Court has decided to move the case to a larger bench presided by three or five judges, a move B4A sees as indicating how serious the stakes of the petition are, as cases presided by a full bench of judges “carry greater weight in terms of judgment.” B4A pledges to pursue the case as a constitutional issue and hopes for the speedy end to the blocking of YouTube in Pakistan. Minister for Information and Broadcasting Senator Pervaiz Rashid stated recently that the government is not interested in prolonging the YouTube ban and that Pakistanis “will hear good news soon.” Rashid then clarified that the ban will be overturned only after the installation of filters to block blasphemous and other objectionable content online. Last year, the Pakistani Ministry of Information Technology called for bids on a national URL filtering system. Research by the Citizen Lab found that filtering products produced by Netsweeper, a Canadian company, have been installed on the networks of the Pakistan Telecommunication Company Limited (PTCL), the country’s largest telecommunications corporation.

B4A is also initiating a contempt charge against the government for not appearing at court in regards to the ongoing FinFisher petition. The court ordered the Pakistan Telecommunication Authority (PTA), the country’s telecommunications regulatory agency, to investigate FinFisher’s presence in Pakistan. The petition also asks for accountability from other corporate and government entities, including the Federation of Pakistan, through the Ministry of Interior, the Ministry of Information Technology, and the Pakistan Telecommunications Company Limited (PTCL).FinFisher, a product advertised as “governmental IT intrusion” software, is marketed and sold to law enforcement and intelligence agencies by the UK-based Gamma Group.  Research conducted by the Citizen Lab on the presence of FinFisher found the software present in 36 countries across the globe, including Pakistan.

 

Cyber Steward Network and Local Activists Investigate Surveillance in Mexico

by Renata Avila

While the Mexican government has long been suspected of purchasing surveillance equipment, the frequency of these purchases and the level of public funds allocated to them are rapidly increasing. Last February,  New York Times published an investigative report on a USD 355 million outlay by the Mexican Ministry of Defense for sophisticated surveillance equipment. Six months earlier, Carmen Artistegui, a renowned investigative journalist in Mexico, published a report documenting five contracts from the Secretariat of National Defense for the purchase of surveillance technologies. All five contracts were confidential and granted to a single company headquartered in the state of Jalisco called Security Tracking Devices, Inc.

On March 13, 2013, Citizen Lab published “You Only Click Twice: FinFisher’s Global Proliferation,” in which researchers conducted a global Internet scan for the command and control servers of FinFisher surveillance software. The Citizen Lab found FinFisher servers hosted on two Mexican Internet service providers: Iusacell, a small service provider; and UniNet, one of the largest ISPs in Mexico.

As part of my work investigating surveillance in the Northern Triangle, I recognized that the findings revealed potential legal violations. I quickly translated the findings and disseminated them to human rights groups and technology collectives in Mexico.

The findings were widely shared via social networks and later translated by the online activist group YoSoyRed. Shortly thereafter, Mexican magazine Proceso published an investigative report on the harassment of human rights defenders online. The report  asked Iusacell  and UniNet to explain the presence of FinFisher on their servers. Neither of the ISPs responded to any of the magazine’s questions.

I connected with human rights activists in Mexico City  to raise awareness about civil society efforts in other countries that have resulted in legal action against the use of surveillance technology by repressive regimes, including cases against Amesys in France and Finfisher in Pakistan. A coalition of human rights lawyers and international experts, including Citizen Lab, ISOC Mexico, Privacy International, and other organizations, discussed the possibility of taking legal action to reveal the identity of those parties responsible for the purchase and deployment of FinFisher software in Mexico. At the time, however, we did not have enough information to present a strong case.

On May 1, 2013 Citizen Lab published “For Their Eyes Only: The Commercialization of Digital Spying,” which once again implicated Mexican ISPs in deploying FinFisher surveillance software. Two Mexico City-based human rights non-governmental organizations, Propuesta Cívica and ContingenteMx, requested a verification procedure regarding FinFisher’s presence in Mexico with the Instituto Federal de Acceso a la Información y Protección de Datos Inicio (Federal Institute for Access to Information and Data Protection or IFAI), Mexico’s privacy authority. Their filing cited Citizen Lab’s FinFisher research.

IFAI is legally mandated to protect citizen data and investigate possible personal data violations by private sector entities, as provided by the Federal Law on Personal Data Protection Held by Private Parties. It is also mandated to impose sanctions if a law has been breached. IFAI has the ability to launch a procedure either on its own initiative or at the request of affected parties. If, after preliminary findings, the IFAI determines that there is sufficient evidence to proclaim that a data breach has taken place, a formal investigation and possible sanctions will follow.

IFAI subsequently opened an official preliminary inquiry asking ISPs whether they were hosting FinFisher servers and what measures they were taking to protect the data of their clients. At the same time, Federal Deputy Juan Pablo Adame proposed a resolution before the Mexican Senate and Congress encouraging IFAI to investigate the use of FinFisher with reference to Citizen Lab’s findings and the requests submitted by civil society to investigate the deployment of FinFisher (registered as IFAI/SPDP/DGV/544/2013 and IFAI/SPDP/DGV/545/2013). The Permanent Assembly approved Adame’s motion, thereby imposing an obligation on the data protection authority to answer all questions submitted by the government.

After the Congress and Senate passed a joint resolution, IFAI announced that it required further information from ISPs and government agencies with powers to acquire surveillance technologies before deciding whether it would open a verification process for Iusacell and UniNet. UniNet denied responsibility for any programs that clients run on their servers, while Iusacell made no comment.

Purchase of FinFisher is confirmed by authorities 

On July 6, 2013, following the Congressional resolution and an IFAI public statement announcing the inquiry, YoSoyRed published a leaked contract and other documents implicating the Mexican Federal Government in the purchase of FinFisher software. The Procuraduría General de la Nación (Office of the Prosecutor or PGR) purchased the surveillance tool from Obses, a security contractor, for up to USD 15.5 million. José Ramirez Becerril, a representative from Obses, unveiled details about the equipment provided to PGN and claimed that other Mexican governmental institutions purchased the software as well. Mexican authorities confirmed that the equipment was purchased directly rather than through the governmental bid system that usually characterizes defence contracts so as not to  “alert organized crime.”

The media heavily scrutinized the leaked FinFisher contracts. The press, however, was more concerned about the amount of public funds allocated to purchasing these technologies than about the technologies themselves. In circumventing the public bid procedure, FinFisher and another surveillance tool called Hunter Punta Tracking/Locsys were sold at an inflated price to Mexican authorities during the Felipe Calderon administration. In response, authorities indicated they would prosecute culpable individuals who conduct illegal surveillance activities. To date, no criminal complaint has been filed, despite strict provisions that prohibit the interception of communications unless authorized by a federal judge and a warrant. The full content of the contracts has not yet been made public.

As the scandal unfolded, Congress offered help to activists on the ground demand greater transparency and accountability. On July 11, 2013, the Mexican Senate and Congress passed a joint resolution in which they demanded a full investigation and disclosure of any contracts between the Secretary of Interior, the PGR, and any other relevant institution. They were asked to send a full report about the purchase of surveillance and hacking systems capable of monitoring mobile phones, electronic communications, chats, and geolocation data from Obses, Gamma Group, Intellego, and EMC Computer Systems, and its affiliates. Congress also called for laws to regulate and restrict purchases of surveillance equipment, extensively quoting the Citizen Lab report in their request. The commercial entities named have not yet responded. IFAI also informed Congress that they would continue the investigation.

Iusacell and UniNet continued to deny hosting FinFisher servers. Iusacell indicated that the servers were located in Malaysia. Further evidence indicates otherwise: Wikileaks’ and La Jornada’s Spyfiles 3 publication revealed that FinFisher developers visited and were active in Mexico.

All Mexicans enjoy a constitutional right to privacy according to the recently amended Article 16 of the Mexican Constitution and the Federal Law on the Protection of Personal Data held by Private Parties, a general privacy framework. IFAI’s mandate ensures full monitoring powers and verification of compliance with these laws. If IFAI fails to open a full investigation, criminal and constitutional complaints can follow and any failure to investigate will be challenged under the basis of flagrancy. Technical assistance is often necessary to test devices and find examples  of infected individuals to support any legal course of action.

IFAI’s investigation is currently ongoing. The Citizen Lab and Cyber Stewards Network will continue supporting the case and helping both the Mexican authorities and the citizens to understand how surveillance systems operates so that they can evaluate whether those employing them are breaking the law.