Cyber Security Talk by Mr Ammar Jaffri and Barrister Zahid Jamil

With its present policies, Pakistan is on its way to becoming a “cyber leper”. The speakers also agreed that cyber security is a matter of national security.

Despite being plagued by dictatorship and corruption, Pakistan does possess the ability to make advances, even leaps, in transparent and effective lawmaking. But as the recent conundrum disclosed by the contentious Prevention of Electronic Crimes Act 2015 (“the Act”) so ably demonstrates, even under the guise of democracy, Pakistan seems to be sleepwalking into rather dangerous territory. Described as quite draconian, controversial and retrograde when juxtaposed with the panoply of rights guaranteed by fundamental rights under Articles 9 to 28 of the Constitution of Pakistan 1973, the Act has been almost universally denounced. In a joint talk yesterday by Ammar Jaffri (formerly of the FIA) and Barrister Zahid Jamil, we learned that our country is doing poorly in writing robust legislation that targets root problems but does not compromise on individual rights. The basic flaw in the present approach to cyber crime in Pakistan appears to be that the wrong ministry is dealing with this important area of the law.

Rather than the ministry of interior, the task of prevention of electronic crime is erroneously allocated to the Ministry of Information Technology and Telecommunication. For example, in the UK, the country from which we inherited such a rich legal and institutional framework, the Draft Investigatory Powers Bill is moved on the Home Secretary Theresa May’s initiative. The Act introduces a series of new provisions that pose a grave risk to freedom of expression and privacy in Pakistan. It has been condemned in international circles for expanding surveillance capacity of Pakistani authorities, especially the intelligence agencies and clearly undermines the protection of the right to privacy, freedom of expression and other human rights. The legislation is clearly not fit for purpose.

In a session chaired by Dr Masuma Hasan, the above deteriorating state of liberty provoked an outspoken and passionate critique from Zahid Jamil who excoriated myopic lawmakers for self-destroying Pakistan by taking it from the premier cyber nation to a “leper”, the lowest of the low with the “worst” cyber credentials on the entire planet. To him, our country’s stratospheric ratings on cyber law have now plummeted to zero. Moreover, Ammar Jaffri, who created the national response centre for cyber crime, or NR3C, lamented that owing to cataclysmic decision-making by the state, the question is being begged in international circles whether Pakistan can be singled out as “another species” in the internet age.

Cyber security is a top priority for international leaders. International attacks range in variety from include those perpetrated by Chinese attackers on global pharmaceutical companies to those perpetrated by teenagers on private internet service providers in the UK such TalkTalk.

Press coverage of our event in the News International and Dawn is available below.

With its present policies, Pakistan on way to become a ‘cyber leper’, written by Tehmina Qureshi, published in the News International 31 December 2015.

With the world economy being driven by information and online business transactions, the ignorant and tactless approach of the Pakistani government towards cyber security is paving a road towards international isolation and financial crises. If the Pakistani government continues its block-and-ban policies in an age where the internet not just supplements but actually drives economies of the world, it would deprive its people of a basic amenity which has filled in the gaps left by the lax physical infrastructure itself.

These were the views expressed by two eminent cyber security experts during a discussion at the Pakistan Institute of International Affairs on Wednesday.

According to Ammar Jaffri and Barrister Zahid Jamil, the most pertinent dilemma for Pakistan, at present, is whether the government improves its own understanding of cyber security and the related infrastructure or keeps slapping useless bans that end up creating, rather than solving problems.

Jaffri is a pioneer of the cyber security centre of the Federal Investigation Agency, where he served as an additional director-general, besides being the ex-chairman of the cyber security task force. Emphasising the level of human dependency upon the internet in today’s world, he said that with Bitcoin (online currency), e-health and e-learning changing the way basic services were being delivered, and companies such as Amazon working on systems to deliver packages via unmanned drones, the government really needed to shift its focus away from mere physical development.

The internet, he continued, had changed lifestyles and unless the government took measures to improve its capacity to deal with and regulate cyber services, not only will Pakistan remain behind rest of the world, but will also be heading backwards in terms of educational and economic development. Jaffri said:

Anyone who wants to keep abreast with the world needs to be connected … It is information which drives economies today and, to take advantage of that, Pakistan needs to focus on increasing connectivity, rather than living in a cocoon of fear and isolation.

Taking the discussion forward, Barrister Zahid Jamil, who is an international expert on cyber security and legislation, said Pakistan needed to step out of its territorial security posture. According to him:

The old parameters of border security don’t work in the new world. In an age where information sharing is a must for national security measures, an approach of territorial security is not only redundant but also foolish.

Jamil said the new world, a world dependent and driven by the internet way beyond Facebook and Twitter, should be borderless, non-territorial and non-sovereign. For Jamil:

The challenge is not how to keep people out. That’s just naïve. The challenge is how to let everyone in while keeping and ensuring security.

According to the legal expert, with its block-and-ban policy towards cyber security, the Pakistani government had ended up creating its own cyber crisis where the maximum advantage was being leveraged by those who misused the internet, rather than the everyday user. He said the misguided policies had not only put Pakistan behind other developing economies in Asia, even Afghanistan, but had also damaged its credibility to a great extent.

While referring to the upcoming cyber crime legislation, Jamil, who has help devise and advised on cyber security legislation for more than 25 countries, termed it the “worst in the world”.

Citing an example other than that of gross human rights violations, he said the deeply flawed law criminalised all kinds of encryption, crucial for internet banking and online transactions.

He expressed concern that the impending legislation might see more international services retract their services from Pakistan, following suit of Blackberry which earlier this month wrapped up its business from the country.

“Pakistan was the first country to enact a law pertaining to electronic transactions in 2002,” he said. “But now the world is overtaking us, while we go backwards into an era which no longer exists.”

‘Cyber security is a matter of national security’, written by Saher Baloch, published in Dawn 31 December 2015.

In order to come out of the state of flux with regard to cyber security initiatives in Pakistan, the state needs to look for an ‘imperative policy’ and try not to shoot the messenger by listening to the counter discussion taking place at present, said Barrister Zahid Jamil while speaking at the Pakistan Institute of International Affairs on Wednesday.

An expert in the field of cyber security, Barrister Jamil simplified most of his talk for the audience so that they could better understand the terminologies.

He began by speaking about the history of the Internet, which the United States Defence Advanced Research Project Agency (DARPA) helped create in 1973, and was initiated to interlink networks of various kinds. He said:

The basic concept of the Internet is that it can’t be entirely blocked or shut off, which many countries mistakenly try to do and fail.

Explaining challenges in respect of ensuring cyber security, Mr Jamil said that security could not be ensured by blocking websites and isolating a country globally.

“Take the example of YouTube. Pakistan blocked it in 2012 and yet I can assure you that many people sitting in this room can access it. There are too many proxies, and the state needs to understand that it can’t block all proxies,” he said.

He added that fighting cyber security did not mean to block or shut down the threat, rather it meant to fight that menace while making sure that the connectivity remained active. For him:

For instance, if the water we are drinking is poisoned, we cannot shut down the accessibility of water for eternity. The state needs to ensure that we drink the water without the water poisoning the people.

He added that the future of global connectivity was based on a trust mechanism and blocking meant that we wanted to keep the people ‘cyber illiterate’ by creating a ‘self-inflicted digital divide’. If there was any institution that had an iota of understanding of cyber security, it was the military, he added.

He believed that the subject of cyber security, which is currently being dealt by ministry of information and technology, should be controlled by the ministry of defence or the interior ministry because “it is a national security issue”.

He added that Pakistan had not signed the cybercrime convention, also known as the Budapest Convention, which is a way to address internet crimes by seeking help from other nations. From there the discussion went towards the Computer Emergency Response Team (CERT) in Pakistan. See, for example, the UK CERT and the US CERT.

Speaking about it, former additional director general with the Federal Investigation Agency and head of the National Response Centre for Cyber Crime Ammar Jaffri said:

Efforts to properly build CERT were blocked through a proper planning. However, we need public/private partnership to make it work.

He said that biggest challenge the state was facing at the moment was to listen to the counter-argument and took the opportunity to remind us that:

The regressive policies of 1950s and 60s won’t work when it comes to cyber security. We need experts who know about the cyber space to write more about it so that more people are aware of it and know about their rights.

Comment

After the Paris terrorist attacks killing 130 in November 2015, the British public was chilled by revelations that the Belgian-Moroccan jihadi Abdelhamid Abaoud – the 28-year old mastermind of last month’s terrorist attacks in Paris – used to come and go from the UK as he pleased despite the fact that the UK terror threat was set as “severe” (falling just a notch short of the “critical” level). Abaoud apparently had photographs of Birmingham on his mobile phone and all this shows that huge flaws exist in the security apparatus of even in the most developed of nations. To be sure, ISIS terrorists are using the internet and modern telephony to perpetrate mass murder.

In Pakistan, a good first step has been taken by requiring persons purchasing mobile phone SIM cards to submit biometric data along with their CNIC details to activate mobile numbers almost instantaneously in real time. However, to properly legislate and for the right balance between human rights and the spectre of terrorism to be struck, reforms will need to made so that the interior ministry can play its part in creating appropriate safeguards in order to deter cyber crime and enhance cyber security.

In February 2015, the FIA’s cyber crime wing of Karachi arrested a high profile cyber criminal wanted by the FBI and counted amongst the top 10 most wanted cyber criminals by the US. Noor Aziz Uddin headed a worldwide internet fraud organisation which defrauded victims of amounts in excess of $50 million in November 2008 and April 2012. Ammar Jaffri said at the end of his talk that law enforcement officials are sometimes “helpless” in acting against criminally minded individuals. It is high time the government started to attach sufficient weight to his views and those of Zahid Jamil to create the type of robust legislative framework required to take Pakistan forward.

Please note that the views articulated in blog posts are merely the views of the blog editor and are not in any way, shape or form representative of the views of the PIIA and/or its members.

Leave a comment

Filed under Constitution 1973, Criminal law, Cyber Security, Discussion, Human Rights, Internet, Legislation, Pakistan Horizon, PIIA, Politics

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s