Cyber Stewards Network partner Tibet Action Institute (TAI) has launched a new program aimed at getting ordinary users of mobile and online technology in Tibet to adopt safe habits to prevent malware and viral attacks. The Cyber Superhero website contains information that is particularly relevant for Tibetans living in exile, whose online and mobile communications with friends and family in Tibet are often the subject of security intrusions and malware attacks by Chinese government officials. A video summarizing the Cyber Super Hero campaign’s initiatives can be viewed here.
The website launched by TAI features simple tips such as updating computer software, using strong, unique passwords, and HTTPS and 2-step verification for online services. It warns against using chat software WeChat, known to store communications records that are then accessed by the Chinese government. Other mobile security tips include using prepaid SIM cards in order to avoid identification of the user, as well as removing the battery of the phone when not in use.
China has allegedly hacked several activist websites, as well as that of the Dalai Lama and others expressing nationalist opinions, all in an effort to obtain the information of readers accessing the sites. The information that is obtained is often used to make arrests for sharing communications considered subversive to the Chinese government. The Citizen Lab’s Information Warfare Monitor project’s report, titled “Shadows in the Cloud: Investigating Cyber Espionage 2.0,” documented a complex ecosystem of cyber espionage that systematically targeted and compromised computer systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries.
In addition, the Citizen Lab published reports titled “Permission to Spy: An Analysis of Android Malware Targeting Tibetans” and “Surtr: Malware Family Targeting the Tibetan Community,” which is part of a series documenting the use of information operations against Tibetans and others who advocate for Tibetan rights and freedoms. An analysis of mobile messaging applications privacy standards was also conducted by the Citizen Lab in a report titled “Asia Chats: Analyzing Information Controls and Privacy in Asian Messaging Applications.”
A public interest litigation case launched by Cyber Stewards Network partner Bytes For All (B4A) at the Lahore High Court has been met with obstacles during court proceedings.
B4A began the proceedings using research conducted by the Citizen Lab, documented in the report titled “For Their Eyes Only: The Commercialization of Digital Spying.” The research revealed the presence of FinFisher on the Pakistan Telecommunication Company Limited (PTCL) Network, the largest telecommunications provider in Pakistan. The court action by B4A alleged that the presence of FinFisher servers in Pakistan may violate constitutional rights against breaches of privacy, given the software’s ability to use trojans to access the information of users.
Despite a court order to look into the matter and produce a report in one month, the Pakistan Telecommunications Authority (PTA) has repeatedly failed to do so. Six court hearings have been missed or cancelled by order. Questions remain as to who is using the FinFisher server in Pakistan, how it came to be implemented without public inquiry, and how much government funding has been employed for its purchase.
On August 31, Cyber Stewards Network partner Hisham Almiraat launched the Moroccan Digital Rights Association, or also known as Association des droits numériques (ADN) in French. Almiraat is also the director of Global Voices Advocacy, an international organization advocating for freedom of expression online.
For the next three years, the organization plans to focus their attention on privacy and surveillance issues. The next big item on the agenda is creating a national workshop to bring together all the stakeholders and set priorities for the short term.
The Moroccan Digital Rights Association is in partners with Privacy International (UK), Nawaat (Tunisia), Unwanted Witness (Uganda) and HRD Coalition (Kenya), and was started with the support from Swedish International Development Agency (SIDA) (Sweden).
The organization can be followed on Twitter here and Facebook here.
Cyber Stewards Network partner Bytes for All (B4A) is working together with Privacy International (PI) to sue the government of the United Kingdom over their Tempora surveillance program. Tempora is the code name for a project initiated by Britain’s signal intelligence agency, the Government Communications Headquarters (GCHQ). It allows for access by the GCHQ to cable networks passing through the UK, including phone and Internet traffic. The massive amount of data collected through this program is also made available to GCHQ’s American counterpart, the National Security Agency.
B4A and PI have argued that the Tempora program violates the European Convention on Human Rights’ privacy safeguards. They also argue that the program directly violates the limits of lawful surveillance outlined in the Regulation of Investigatory Powers Act, which regulates the power of British authorities in conducting surveillance. Another major criticism is that it “discriminate[s] against non-UK nationals,” meaning that they “currently receive even fewer legal protections than the communications of those who reside in the UK,” even though the cables monitored by the GCHQ carry a significant amount of international web traffic. B4A highlighted their own organization as an example of how the program disproportionately targets foreign nationals. As some of B4A’s Internet traffic goes through the UK, especially traffic routed through Virtual Private Networks based in Great Britain, their communication is liable for interception and monitoring. Given the sensitive nature of their human rights work in Pakistan involving confidential correspondences with lawyers, NGOs, public officials, partner organizations, and other stakeholders, B4A sees the potential for scrutiny by foreign intelligence agencies as particularly alarming.
The case has been lodged with the UK’s Investigatory Powers Tribunal based on an earlier suit lodged by PI over the Tempora program. The suit is asking that the program be made illegal and that the GCHQ destroys all unlawfully obtained material. B4A has lodged similar complaints in Pakistan regarding secret surveillance programs. In May 2013, the organization lodged a petition with the Lahore High Court asking the Pakistan Telecommunication Authority, the country’s telecommunications regulatory agency, to investigate the presence in Pakistan of FinFisher, a commercial surveillance software. In October 2013, B4A initiated a contempt of court charge against the government for not appearing in court to address the petition.
Governments’ use of biometric systems have raised privacy concerns and the need for greater transparency and accountability. This is because these systems collect and store individuals’ physical traits such as fingerprints, facial recognition, iris scans, and other personal characteristics. Several countries have already implemented biometric data collection in their national identification cards and passports. Finger-based voting machines have been used in elections in Brazil since 2008 and were introduced in municipal elections in Colombia in 2009. In 2005, Brazil also introduced machine-readable biometric passports. Ingenico, a global electronic transaction company, will be deploying devices where clients can withdrew funds through fingerprint identification in Colombia and the Dominican Republic. Biometric identification has been criticized as being error-prone and unreliable, as well as being fundamentally detrimental to privacy, free expression, and the right to anonymity, especially with regards to vulnerable individuals such as dissidents, whistleblowers, and journalists.
In 2011, Argentina’s President Cristina Fernández de Kirchner issued a decree for the creation of a centralized biometric identification system, called the Federal System of Biometric Identification (SIBIOS). Part of an upgrade to Argentina’s National Registry of Persons (RENAPER), the system will be used by several government agencies, including the Federal Police, the Argentine National Gendarmerie, the National Coast Guard, and the Airport Security Police, and connect them into one database. A promotional video of the system claims that it is capable of identifying physical characteristics such as fingerprints and faces, as a means of identification, and therefore, they claim, increasing the capability of these organizations to combat crime.
Members of the Cyber Stewards Network are active in efforts to raise awareness on the use of surveillance technologies such as SIBIOS. Ramiro Ãlvarez Ugarte of Asociación por los Derechos Civiles in Argentina, a Cyber Steward Network member, has warned that SIBIOS lacks accountability and independent oversight, and has been investigating the extent and scope of the system’s capabilities. In November 2013, a statement signed by several civil society organizations and individuals (including other Cyber Stewards Network members Renata Avila and Paradigm Initiative Nigeria) was delivered to the co-chairs of the Open Government Partnership (OGP). The OGP aims to promote transparency and adopt new technologies to strengthen governance.The statement calls for greater transparency among all governments, especially the OGP participating countries, regarding the use of surveillance technology and the export and import of such technology. It also advocates legal reform to existing laws to better protect privacy and human rights. The statement is one of many civil society efforts to raise awareness of the dangers of pervasive government surveillance and we will continue to provide updates as they become available.