Cyber Security
cyber security

Should the government's request to Facebook worry you?

image: courtesy

Last week, I somehow found myself at a market where the Rapid Action Battalion and Bangladesh Telecom Regulatory Commission (BTRC) were busting shops for selling walkie-talkies. They confiscated several hundred such devices and tracked down the warehouses. 

“Walkie-talkie communication is difficult to intercept without someone giving a tip-off about the location,” said Lt Col Mohammad Moinuddin, who was leading the BTRC team. He is the director of spectrum management at BTRC. 

“Literally anyone who knows the frequency range that the law enforcers use can tune in and get insider knowledge of operations. Also, anyone holding a black walkie-talkie can pretend to be a cop,” he added. 

I was thoroughly flummoxed. Yes, there is a law which mandates that these devices can only be purchased after procuring a license from the government, but unregistered walkie-talkies are very rarely the targets of concerted crackdowns by the law enforcers. This is not something that pops up in the media.

Yet the raid makes sense within context of the general atmosphere of the week – or even the month. The law enforcements seem to have commendably diverted all their attention to counter, terrorism and received much praise for it from many fronts. From the major raid in Sitakunda where an American Special Weapons and Tactics (SWAT) team showed up, to the recurrent arrests and weapon drives scattered all over the news, everything points to their commitment. They've intensified surveillance and are acting on it.  

This was also the week when Facebook representatives showed up at the police chiefs' meeting to negotiate surveillance. The police asked Facebook to help them by sharing user information. They asked the social media giant to make Bangladeshi users require submission of their national identification numbers to use the social networking site. Inspector general of police AKM Shahidul Hoque informed reporters after the conference, “We said there must be restrictions for opening a Facebook account.” 

Dhaka Tribune quoted the assistant inspector general (confidential) Mohammad Moniruzzaman as having said this during the conference, “We want assistance from Facebook on information sharing as no other authority can help with the issue, except the service providers themselves.” 

Information sharing. About users of the social networking site. Information that Facebook collects on a daily basis, like locations and chat logs. That is precisely where the challenges begin. 

The social network turned down the offer to sign a memorandum of understanding, leaving the enforcers miffed. Nobody knows the reason why Facebook said no, but perhaps Bangladesh's legal framework did not make it easy for them to say yes. 

“Bangladesh has no laws on how to use such surveillance data,” said Jyotirmoy Barua, a supreme court lawyer with a track record of fighting for digital rights. To rephrase, we don't have laws that state whose data can be infiltrated into. We do not have anything that makes sure the general public do not fall in the line of fire when the police are scouting for terrorists.  

“If there is an improper use of data, there is no way for a person can seek remedy, ” said Barua. 

Yet Bangladesh has been toying with digital surveillance for years. When Wikileaks released email records of an infamous surveillance solutions company called Hacking Team, there were hundreds of documents related to Bangladesh. The correspondences spanned from 2010 to 2014. Local corporations representing Bangladesh Police and RAB, communicated with the Hacking Team about buying surveillance solutions. On behalf of the state, the companies invited Hacking Team to participate in tenders, discussed technical specifications and planned international meetings.

Quoting directly from several of the emails, the companies representing the police and RAB sought solutions for “GSM cell tracking”, “mobile tracking” and “monitoring international internet gateway (IIG)” among others. GSM tracking is a method of getting location information, and IIG is defined on the BTRC website as “the switching systems through which international data traffic is sent and received”. 

Reciprocating to the state's needs, Hacking Team pitched their product, Remote Control System, to the buyers. Quoting from the emails once again, the solution promised to be able to “access Skype (VOIP), keystrokes, files, screenshots, camera snapshots, microphone eavesdropped data”. 

What is not evident from the emails, however, is whether any definitive purchase has been made. Nevertheless if there was intent of purchase, we need a law that not only allows surveillance when needed, but also holds it accountable by defining boundaries.

Back in 2014, I was sitting in the Mirpur station of the late officer-in-charge Salahuddin Ahmed, when a scrawny, beat-up youth was roughly shoved inside.

“See what kind of stuff he posts on his Facebook profile,” said Ahmed, “see what he wrote about the women protesters of the Shahbagh movement.” I did. I looked through everything he posted – he was just another regular male-chauvinistic, ultra-conservative Muslim broseph. 

I asked Ahmed whether he was brought in just based of his social profile or where there was any other evidence against him. Just Facebook, he said.

Ahmed may not have been telling me the entire story – maybe they had other knowledge that went against him. Maybe the detainee was actually a terrorist. In fact, that would actually be good news. 

What would be bad news though, is if Ahmed was telling me the truth. That the cops are arbitrarily detaining people based on their social network profiles.

There is no way of telling whether that was just a one-time incident. What can be said, however, is that there is no law to state that this cannot happen again. 

Comments

cyber security

Should the government's request to Facebook worry you?

image: courtesy

Last week, I somehow found myself at a market where the Rapid Action Battalion and Bangladesh Telecom Regulatory Commission (BTRC) were busting shops for selling walkie-talkies. They confiscated several hundred such devices and tracked down the warehouses. 

“Walkie-talkie communication is difficult to intercept without someone giving a tip-off about the location,” said Lt Col Mohammad Moinuddin, who was leading the BTRC team. He is the director of spectrum management at BTRC. 

“Literally anyone who knows the frequency range that the law enforcers use can tune in and get insider knowledge of operations. Also, anyone holding a black walkie-talkie can pretend to be a cop,” he added. 

I was thoroughly flummoxed. Yes, there is a law which mandates that these devices can only be purchased after procuring a license from the government, but unregistered walkie-talkies are very rarely the targets of concerted crackdowns by the law enforcers. This is not something that pops up in the media.

Yet the raid makes sense within context of the general atmosphere of the week – or even the month. The law enforcements seem to have commendably diverted all their attention to counter, terrorism and received much praise for it from many fronts. From the major raid in Sitakunda where an American Special Weapons and Tactics (SWAT) team showed up, to the recurrent arrests and weapon drives scattered all over the news, everything points to their commitment. They've intensified surveillance and are acting on it.  

This was also the week when Facebook representatives showed up at the police chiefs' meeting to negotiate surveillance. The police asked Facebook to help them by sharing user information. They asked the social media giant to make Bangladeshi users require submission of their national identification numbers to use the social networking site. Inspector general of police AKM Shahidul Hoque informed reporters after the conference, “We said there must be restrictions for opening a Facebook account.” 

Dhaka Tribune quoted the assistant inspector general (confidential) Mohammad Moniruzzaman as having said this during the conference, “We want assistance from Facebook on information sharing as no other authority can help with the issue, except the service providers themselves.” 

Information sharing. About users of the social networking site. Information that Facebook collects on a daily basis, like locations and chat logs. That is precisely where the challenges begin. 

The social network turned down the offer to sign a memorandum of understanding, leaving the enforcers miffed. Nobody knows the reason why Facebook said no, but perhaps Bangladesh's legal framework did not make it easy for them to say yes. 

“Bangladesh has no laws on how to use such surveillance data,” said Jyotirmoy Barua, a supreme court lawyer with a track record of fighting for digital rights. To rephrase, we don't have laws that state whose data can be infiltrated into. We do not have anything that makes sure the general public do not fall in the line of fire when the police are scouting for terrorists.  

“If there is an improper use of data, there is no way for a person can seek remedy, ” said Barua. 

Yet Bangladesh has been toying with digital surveillance for years. When Wikileaks released email records of an infamous surveillance solutions company called Hacking Team, there were hundreds of documents related to Bangladesh. The correspondences spanned from 2010 to 2014. Local corporations representing Bangladesh Police and RAB, communicated with the Hacking Team about buying surveillance solutions. On behalf of the state, the companies invited Hacking Team to participate in tenders, discussed technical specifications and planned international meetings.

Quoting directly from several of the emails, the companies representing the police and RAB sought solutions for “GSM cell tracking”, “mobile tracking” and “monitoring international internet gateway (IIG)” among others. GSM tracking is a method of getting location information, and IIG is defined on the BTRC website as “the switching systems through which international data traffic is sent and received”. 

Reciprocating to the state's needs, Hacking Team pitched their product, Remote Control System, to the buyers. Quoting from the emails once again, the solution promised to be able to “access Skype (VOIP), keystrokes, files, screenshots, camera snapshots, microphone eavesdropped data”. 

What is not evident from the emails, however, is whether any definitive purchase has been made. Nevertheless if there was intent of purchase, we need a law that not only allows surveillance when needed, but also holds it accountable by defining boundaries.

Back in 2014, I was sitting in the Mirpur station of the late officer-in-charge Salahuddin Ahmed, when a scrawny, beat-up youth was roughly shoved inside.

“See what kind of stuff he posts on his Facebook profile,” said Ahmed, “see what he wrote about the women protesters of the Shahbagh movement.” I did. I looked through everything he posted – he was just another regular male-chauvinistic, ultra-conservative Muslim broseph. 

I asked Ahmed whether he was brought in just based of his social profile or where there was any other evidence against him. Just Facebook, he said.

Ahmed may not have been telling me the entire story – maybe they had other knowledge that went against him. Maybe the detainee was actually a terrorist. In fact, that would actually be good news. 

What would be bad news though, is if Ahmed was telling me the truth. That the cops are arbitrarily detaining people based on their social network profiles.

There is no way of telling whether that was just a one-time incident. What can be said, however, is that there is no law to state that this cannot happen again. 

Comments