Digital Switchover in Pakistan

My latest report is the first in a series that will examine the challenges of digital switch-over in Pakistan by providing an in depth assessment of the prevailing market trends on the adoption of digital TV, its policy making and regulation in the country.

The analog to digital transition ranks as one of the most complex technological transitions of the present era. Successful transition will depend on widespread consumer awareness of how digital television differs from conventional television and why it is worth investing in a new technology from a household’s perspective. Preliminary research on the subject of adoption and diffusion; policy making and regulation of digital TV carried out by Internet Policy Observatory Pakistan indicates a severe lack of user awareness about digital TV, its attributes and adoption.

The transition from analog to digital is not a simple trajectory in which households merely turn off a set of established technologies one day and turn on another system the next. The effects of switchover to digital go well beyond the technical aspects by bringing with it complex economic disincentives and cultural resistance.

This report is an attempt to begin thinking about the challenges developing countries like Pakistan face and recommends clear strategies to be adopted for a successful digital switchover and its regulation.

Download Report 

Securing Sensitive Files and Documents from Leakages

It comes as no surprise to me that organization’s most sensitive and critical documents are still stored in unstructured files and documents that are commonly subject to data loss and leakages. The focus of IT security professional in most modern day organizations has been towards securing networks and databases while neglecting the most important aspects of information that resides in files and documents. Given the proliferation of smart phones and devices that are connected to the internet securing the information stored on such files are becoming of pivotal importance and any lapse can be detrimental for organizations information security policy. 

Lately, many organizations knowingly or unknowingly have allowed their employees to be more productive by embracing apps, software’s and storage devices without giving a thought to the security of critical documents. Some common scenarios that I have come across recently are:

• Sending of official documents/files without encrypting or password protecting them using personal email accounts such as Gmail, Hotmail and Yahoo. 
• Transfer of confidential data using USB, memory cards and external hard disks and in plain text format. 
• Uploading of sensitive data on public storage services as Dropbox, one drive and Google for accessing on other internet connected devices. 
• Sharing of folders on public networks with access permission set to “everyone”.
• Sending of confidential files and letters using communications apps such as Whatsapp, Viber, Tango and Skype. 
• System administrators failing to understand the number of file sharing software’s being used on the system in workspace environment. 
• Installing unverified software’s as protector against malware, spyware, Trojans and viruses. 

In any organization controlling everyday sensitive files and documents is becoming more complex and difficult than securing databases. The primary reasons are firstly employers fail to deliver a safe working environment where productivity is not compromised and secondly employee’s fatalistic attitude towards data security. Given the recent rise in hacks and leakages of sensitive data like Panama papers and previous to that Snowden leakages that is still making news despite passing of almost three years since its revelations reminds the need of the hour for organizations to invest in information security control mechanisms. Organizations that want to stay in business and flourish in the information economy need to make critical considerations on:

• Controlling and limiting access to all important documents on any connected device and ensure files are encrypted.
• Adopting measures that prevents documents to be forwarded or shared maliciously.
• Removing access to documents once it’s no longer required. 
• Control and handling of files and folders by limiting access on the foundation of need to know basis. 
• Encrypting everything on any storage devices.

Parlimentarians fail to understand the Cyber Crime Phenomena

The securitization of cyberspace is a transformation of the domain into a matter of national security and perhaps one of the most important forces shaping today’s global communications. Using war on terrorism and national action plan as a pretext the ruling party in Pakistan has passed the Prevention of Electronic Crimes Bill 2015 in the National Assembly during presence of handful of parliamentarians. The bill if also passed in Senate will be detrimental for the growth and development of the internet in the country. Given the important role internet is set to play for economic development in Pakistan it is horrific to see the mannerism in which the despotic bill was passed. The Nazis destroyed the independence of the press by passing series of draconian laws and it seems Parliamentarians are exactly imitating the same with the freedom of the internet by passing of this bill.

As cyberspace infiltrates all aspects of our society, economics and politics it was hoped that the government will be more responsible with the drafting of the bill as it not only affects millions of internet users in the country but also put in risks the digital rights of next generation tech users with inadequate protections for privacy and basic human rights. The bill has been engineered with the pretext of protecting national security but it seems to be conscripted to benefit the aristocracy much more than the general populace. 

The bill on which I have spoken and written a lot before as well is still extremely vague in its definitions despite claims of the Minister and fails to understand the cybercrime phenomena that requires a multistakeholder approach to tackle complex technical and legal issues transcending our national territorial jurisdictions. Furthermore, most sections of the bill aims to criminalize innovation and development a critical part responsible for the success of the very internet we know today. Pakistan requires talent that can engineer a next Google, Facebook or create applications for encryption and security to protect our national assets and become less dependent on foreign technologies but this bill aims to criminalize all these efforts.

The globalization of internet is shifting economic developments in two important directions. First, given the aging population and near-saturated market penetration in the advanced economies, most of the expansion of the internet related market will take place in developing countries like Pakistan, India, and Bangladesh. Secondly, the spread of internet is expected to increase the share of developing countries in the internet economy presenting a historic opportunity for the young and poor in Pakistan to improve their economic condition but with the bill instead of aiming to promote the use of technologies is more inclined towards discouraging it’s use.

Overregulation of internet with the Cybercrime bill might deprive users of major benefits the information economy brings. To fully reap the benefits of a modern, rapidly changing economy, Pakistan need to better prepare their citizens for the demands of a changing information economy, and they need to adjust laws and social protection systems to ease the transition from labor market to information one.

It appears that parliamentarians have failed to understand the nature of cybercrime phenomena and seems to be determined to address it using the narrow hole of national security without considering its impact on innovation and long term economic development.

Short Measures and Broadband in Pakistan

The oldest known source for the expression "baker's dozen" dates to the 13th century in one of the earliest English statutes, instituted during the reign of Henry III (1216–1272), called the Assize of Bread and Ale. Bakers who were found to have shortchanged customers could be subject to severe punishment. To guard against the punishment of losing a hand to an axe, a baker would give 13 for the price of 12, to be certain of not being known as a cheat. Specifically, the practice of baking 13 items for an intended dozen was insurance against "short measure", on the basis that one of the 13 could be lost, eaten, burnt, or ruined in some way, leaving the baker with the original legal dozen.

A few centuries on from the initiation of the baker's dozen, and we have trading standards funded and operated by the government and off course regulators too. Their TOR extends far wider than preventing the short changing of customers, and also includes misrepresentation in advertising and supply.

But when we look at today's ridiculous practice of sellers including those magic words 'up to' in the fine print, they appear to be able to get away with just about anything.

Take broadband service. If two of us purchase a broadband service of 'up to' 8Mbps at Rs 6999 per month, and I get 3.1Mbps and you get 2.2Mbps, should we be content, and should regulatory officers let it slip through?

I rather think not!

Think of what this would mean when applied to other products:

Would you accept an unopened pack of Cornflakes sold by weight at 350g that only contains 290g? A new jar of apple jam marked up at 450g but has only 220g? A box of a dozen eggs with three missing? A liter of petrol that is only 330ml? Or a pair of trousers with legs which are supposed to be 85cm, yet turned out to be only 46cm? Actually those trousers are a pair of shorts!

It appears that, as long as 'up to' is in the small print, a dozen eggs is really 'up to a dozen eggs'. That seems reasonable, why didn't I get it first time around?

In short: The words 'up to' ought not to be a license for short changing in the supply or trading of anything or should it be Mr. Regulator?

Head in Hands anyone on the same block?

$10 switches and No Firewalls

Bangladesh Bank exposed to hackers by cheap switches, no firewall.

Bangladesh's central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world's biggest cyber hesit revealed.

The shortcomings made it easier for hackers to break into the Bangladesh Bank system earlier this year and attempt to siphon off nearly $1 billion using the bank's SWIFT credentials.

The lack of sophisticated switches, which can cost several hundred dollars or more, also means it is difficult for investigators to figure out what the hackers did and where they might have been based.

Experts in bank security described the findings as disturbing."You are talking about an organization that has access to billions of dollars and they are not taking even the most basic security precautions," said Jeff Wichman, a consultant with cyber firm Optiv. Most of the banks in developing countries fail to adequately protect their networks because they focus security budgets on physically defending their facilities.

Cyber criminals broke into Bangladesh Bank's system and in early February tried to make fraudulent transfers totaling $951 million from its account at the Federal Reserve Bank of New York. Most of the payments were blocked, but $81 million was routed to accounts in the Philippines and diverted to casinos there. Most of those funds remains missing. Forensic experts investigating the issue from SWIFT advised the bank to upgrade the switches only when they visited after the heist. There was a deficiency in the IT system said the spokesman, Subhankar Saha, confirming that the switch was old and needed to upgraded. The heist's masterminds have yet to be identified.

Bangladesh Bank has about 5,000 computers used by officials in different departments. The bank facility should have been walled off from the rest of the network. That could have been done if the bank had used the more expensive, "managed" switches, which allow engineers to create separate networks and install firewall at different levels to protect off the network from attackers. Moreover, considering the importance of the network services, the bank should have deployed staff to monitor activity round the clock, including weekends and holidays.

Many public sector organizations hosting critical national data suffers from similar issues, poorly designed infrastructure and lack of investments in upgrading IT security makes them extremely vulnerable to similar attacks on even larger scale.

Future or Funeral of Mobile Phone Industry in Pakistan

Mobile phones once were thought of as only indispensable in the rich world but the way mobile phones are transforming lives in low income countries it has become an essential and indispensable tool for socio-economic development. For many areas in Pakistan, having limited availability of communication roads, postal services, fixed line services, health services and financial services, Mobile telephony represents the first modern infrastructure of any kind. Mobile phone services have brought new possibilities and opportunities to both the urban and rural, the rich and poor, the young and old in Pakistan. With more than 119 million mobile phone subscribers and a penetration rate passing 70% it is one of world’s fastest growing markets. The penetration of mobile phones in Pakistan – especially to the poor in far flung areas – has done more to alleviate poverty than any number of aid programs combined.

The mobile telephony industry in Pakistan is booming and there is scope for far greater development. In recent times, however the action of the Pakistani government suspending mobile phone services across the country has outraged its users and seriously put in jeopardy many future investment plans. Telecom operators with billions lost in revenues on special occasions such as Eid festival or national events such as independence day celebrations are likely to pull out of investing. Senior officials of the mobile phone companies have expressed resentment over the blackout of mobile phone services and have threatened to postpone their plans of investing billions of dollars in 3G and mobile banking technology.

The habit of suspending of mobile phone services under the pretext of security risk and terrorism in Pakistan takes its origins from the volatile province of Balochistan where the government is fighting nationalist elements in an on going battle. Over the last couple of years, the government has been guilty of causing what many are calling “Blackouts” – suspending mobile phone services in most parts of Balochistan during occasions such as celebrations marking Independence Day and Defense day. Due to the small size of the Balochistan population, such draconian measures didn’t receive widespread attention or condemnation from either the media, civil society, or organizations protecting digital rights and civil liberties. Additionally, the blackouts’ financial impact on telecom operators was low enough that they were able to easily comply with government instructions for suspending service in the entire region.

Even though the past success of such a strategy is relatively questionable, the Pakistani government took the same approach on the Eid Festival in August when mobile phone users witnessed a blackout on a greater scale affecting millions of mobile phone users in Pakistan’s major cities such as Karachi, Lahore, Islamabad, Peshawar and Quetta. Shoppers were paralyzed, friends were disconnected, businesses were unable to order stocks on time – all of this resulting in losses while millions of people were unable to send Eid greetings to their loved ones.

One shopper termed the experience as traumatic: “We were at the same shopping mall but my wife and kids were somewhere else and we could not catch up with each other till morning”. Another local business man was furious as he was unable to contact with a manufacturer in time to order more supplies. “Eid is the only high peak business season in these distressing times and if we are unable to make money our families will starve”. Asad, a college student was fuming with the government’s decision to suspend mobile phone services this past August. “This (pointing to his iPhone) is the hub of my social life and the government has taken it away from me”. The use of mobile phones is so commonplace in Pakistan that it has become part of people lives to such an extent that they feel lost without it.

The mobile phone industry in Pakistan is already facing stiff challenges in the form of declining revenues, cut throat competition, customer retention, sim activation policies, rising operational costs and necessary investments required for rolling out 3G networks. To further frustrate the industry, the government has obscured its national security plan involving the temporary shutting down of entire networks on festivals.

According to industry estimates, the mobile phone sector incurred more than 3 billion rupees in losses after services were suspended on Eid-ul-Fitr in August with another 600 million rupees lost in September on Love Prophet Muhammad (PBUH) Day. Now the government has again announced to suspend mobile phone services in all major cities of Pakistan on Eid-ul-Azha which is to be celebrated across the country on the 27th of October 2012.

The Eid Festivals bring peak voice and sms traffic on all networks. A billion sms messages exchange traffic on networks and a 400 percent increase is seen in voice traffic. Telecom companies also need to invest in network infrastructure to cope with peak network traffic and minimize service outages along with investing in new packages and promotions to attract customers.

The recent actions in Pakistan suggest that the government may take mobile phones for granted and that concerns over internet censorship or issues with blackouts matter very little. We often forget how much these technologies have transformed and improved people’s lives for the better. Instead of further developing and promoting the mobile industry to be able to provide future 3G/4G services we are systematically pushing the industry towards its funeral. In times of great uncertainty and fear some people are constantly trying to curtail civil liberties in the name of fighting terrorism. We must confute them and show them that terrorism can be stopped without giving up liberty and to sum it up in the words of Benjamin Franklin: “Nations that have traded liberty for some temporary security measures deserve neither.”

Malala Yousafzai first gained attention at the age of 11 when she started writing a diary for BBC Urdu about life under the Taliban. Using the pen-name Gul Makai, Malala won international recognition for highlighting the brutality and atrocities of Taliban in Swat. After a military operation the Taliban were ousted from Swat valley in 2009, but her family regularly received death threats.

On Tuesday, the teenager was attacked by two armed men as she was returning home from school in Mingora in north-western Swat. The Pakistani media reacted speedily and angrily with the story being news headline on most Pakistani TV channels. The extensive round the clock dramatized media coverage of the tragic incident similar to Americas 9/11 was never seen before on Pakistani media. Everyday, an impressive array of stories on Malala appeared in both print and broadcast media. This massive exposure was significant in reshaping public perception about the Taliban and their brutal ways. The constant media coverage of the shooting helped in prompting outrage and protests across Pakistan. Both the political and military leadership across the country including media anchors and civil society showed their outrage at the incident. Army chief Gen Ashfaq Parvez Kayani, who visited Malala in hospital in Peshawar, said it was time to “stand up to fight the propagators of such barbaric mindset and their sympathisers”. Raja Pervaiz Ashraf the Prime Minister of Pakistan asked other political leaders to join him in showing solidarity and termed the incident as an attack on national and social values. Most interestingly within couple of hours of the attack, Washington’s spokesperson appeared in the media, condemned the attack on Malala and reaffirmed that US mission to fight against Taliban will continue in the region. US President Barack Obama termed the assault on the young rights activist as disgusting and tragic. UN Secretary General Ban Ki-moon also expressed “outrage” at the life-threatening attack on the girl and called for the perpetrators of the “heinous and cowardly” attack on Yousafzai to be swiftly brought to justice. Such has been the coverage of TV channels on the shooting of Malala Yousafzai that some media commentators had to call for restraint and question media ethics for coverage of kids at risk.

The recent events like the protests against the film on YouTube “Innocence of Muslims” followed by the success of peace march against drone strikes in Pakistan and the timing of Malala attack raises some very important questions like why Malala was not attacked earlier as the Taliban could strike at will in the area? Why she was attacked soon after the success of peace march against drone strikes? Why media is giving so much hype to the issue? Why the other girls that were injured with Malala in the cowardly attack not given due coverage by media? Where are media ethics for coverage of kids at risk?

In Pakistan, terrorism related violence have contributed to security instability in the country. Everyday many girls like Malala are being kidnapped, raped and killed by criminals. Children have been killed throughout the seven years of CIA drone strikes in Pakistan but they fail to get the media attention or coverage. Dozens are being killed and dumped everyday in Karachi and the brutal violence in Balochistan continue to worsen but all this gets very little media attention compared to media coverage given to attack on Malala.

Agenda Setting Theory can be a perfect explanation for how the media approached its coverage of the issue. The attack on Malala itself was the most inhuman act of terrorism and needs to be condemned at all levels but the hyped media coverage of the issue ultimately raises questions on the vulnerability and risks of putting children in the media spotlight. The extensive coverage of Malala helped put her at risk before the attack and with the media coverage being given to her now, she along with her friends and family have been made more vulnerable than before.

Only time will tell whether the media coverage given to her was orchestrated to shape public perceptions and opinions on the government intended operation in North Waziristan and are we again witnessing the media being used as a strategic weapon of war to shape the minds of public.