The Pakistan Telecommunication Authority (PTA) has been running a mass surveillance system through telecom companies across the country, it has emerged in an order by the Islamabad High Court (IHC), according to a report by Dawn.com.
The surveillance mechanism, called the Lawful Intercept Management System (LIMS), can monitor any user’s calls, text messages, and fetch their cellular information. The telecom companies are operating the system on the orders of the PTA with no regulation or legal measures in place.
The revelations have surfaced in an IHC order in connection with a case related to individuals whose private phone calls were tapped and released on social media platforms. In the weeks leading up to the February 8 general elections, a series of recorded phone calls, including those of former prime minister and Pakistan Tehreek-e-Insaf (PTI) founder Imran Khan and his wife, were leaked online. Subsequently, the matter was taken to court.
The IHC judgement, issued by Justice Babar Sattar, reveals that the PTA ordered telecom companies to “finance, import, and install” LIMS at a “surveillance centre”, from where the cellular information collected would be used by certain agencies. It remains unclear which agencies are using the data, however.
According to the details, the agencies in question can make a tracking request on any SIM or IMEI number of a user. The request proceeds through the LIMS automatically and is communicated to the network of licenced telecom operators.
“And without any human intervention, details of the SMS, call data reports and metadata are reported through a server into a monitoring centre established at the surveillance centre,” says the court order. The content shared with the surveillance centre include audio, visuals, browsing records, the order adds.
The revelations have set off a wave of concern within the digital rights circles in the country, with several rights advocates expressing alarm and questioning the legitimacy of the mass surveillance.
Sadaf Khan, a tech accountability expert and co-founder at Media Matters for Democracy (MMfD), has told Dawn.com that there is ““really nothing in place that would deem the existence of this system illegal — we do not have a data protection law”.
Citing the examples of data leaks at NADRA, Federal Board of Revenue (FBR), and Islamabad’s Safe City system, Khan says the existing security gaps “allow for the misuse of such systems”.
