THIS is a country witnessing a fast-growing digital footprint, along with the accelerating penetration of mobile phone technology. In the two decades or so that these technologies have taken root in Pakistan (along with the rest of the world), citizens have had to learn to contend with what feels like a new form of harassment: of being bombarded with SMS messages and emails from retailers and purveyors selling anything from tutoring services to clothing or water coolers.
Many of these are large-scale international brands, but even small-scale enterprises such as local restaurants and fast food outlets seem to have managed to triangulate upon potential customers to the extent of obtaining personal data details such as phone numbers, email addresses, etc. More dangerously, as detailed in a report in this paper earlier this month, this information can often be buttressed by CNIC numbers, addresses, names and even family tree structures.
The world of advertising is certainly murky in modern times; even a casual knowledge of the online universe dictates the awareness that our digital footprints are being tracked and noted. People’s choices of websites to view, likes and dislikes on social media such as Facebook and Twitter, shopping preferences from online sources, all together have the potential of providing a minefield of data about users that can quite easily be, and is, exploited.
The advertising world has turned murky in modern times.
Targeted advertising has become the new buzzword in the sector. If a user often accesses a website relating to parenting or schooling, for example, it is fairly simple to conclude that they will have children, and are therefore deemed more likely by the algorithms or hum-int to be subjected to ads pertaining to tutoring services.
That be as it may, a more sinister practice is under way: personal details of persons being up for sale from many databases; as outlined in the report mentioned, the leaks usually come from individuals with access that are either working with or have worked for forums/ platforms that are required to collect this data, such as telcos or others.
Family structures, for example, are available with the National Database and Registration Authority, as are a slew of other details — I was surprised some time ago when, in the exercise of renewing my ID card, the information entry offices was able to provide the name of a long-deceased grandmother, someone I’d never met. Quoted in the newspaper report is the general secretary of the Pakistan Software Houses Association, who argued that several of the leaks came from former and current employees of organisations such as Nadra.
What I know for certain — as I know someone working with a federally funded organisation whose job entails drumming up advertising — is that CDs carrying such data, with hundreds of thousands of details, can be bought for a few hundred rupees from mundane places such as Karachi’s Rainbow Centre or Hafeez Centre in Lahore. They are easy to acquire, whether by organisations or individuals or outlets, with the information being structured so as to facilitate mass SMS messages or emails.
Given these realities, it behoves Pakistan to formulate legislation on the subject, but only after detailed advice from experts and stakeholders such as digital rights associations and professionals in the digital/ online world. The few laws we have that attempt to cover such fields have tended to betray a lack of familiarity with the digital world, its ins and outs and pitfalls — not surprisingly, given that those present in the National Assembly are mandated to be more familiar with politics.
Some time ago, for example, a list of words/ catchphrases that were to be banned for unsolicited decimation via SMS was issued, with the intent to curb harassment and obscenity. However admirable the intent, it produced an outcry from certain medical associations barred from referring in their communications to certain medical matters, vital though they are. Such ham-handed measures at cleaning up the brave new world are far from being productive or sufficient. A better thought-out, consultative process is required.
At the same time, it is also to some extent up to the millions of users of digital technology to protect themselves as best as they can. Facing a hacking problem, one user approached a digital-world person to be given the sage counsel: the safest way to keep track of your various passwords is the old-school way, in a handwritten diary in your home; try not to use bank-account apps, despite the obvious conveniences, and when your computer/ phone need fixing, try and have it done in your presence; the apps through which you can pay utility bills, for example, are amazing tools and mostly secure, but your address can be traced through them.
Does that mean we should turn into Luddites, then? No, but sally forth with caution.