Pakistan has been building out its surveillance capabilities, according to a new report from the UK-based watchdog group Privacy International. The plan includes outlines for collecting broadband internet traffic, phone records, and cellular data transmissions en masse. They’re along the lines of programs already run by the NSA and GCHQ, but they could end up even more invasive when combined with Pakistan’s existing registration systems. The country requires universal SIM card registration by fingerprint, and maintains a national biometric ID program.
Much of the detail in the report is drawn from a series of contractor requests Pakistan made in 2013. “What the ISI wanted to build,” the report says, “was a complete surveillance system that would capture mobile communications data, including Wi-Fi, all broadband internet traffic, and any data transmitted over 3G.” It’s still unclear how much of that capability Pakistan was able to achieve, but it’s clear the country’s intelligence agency had ambitions to equal Western surveillance agencies.
More controversially, they often ended up working with Western companies to fulfill those ambitions. To enable “lawful intercept” capability in the phone system, the country turned to familiar telecommunications companies like Ericsson, Alcatel, and Huawei. Records also indicate Pakistan monitored its citizens’ web traffic with software from a US company called Narus, and also had working relationships with intrusion software vendors like FinFisher and Hacking Team. While much of that software is already export-controlled, the country seems to have had no problem meeting customs requirements for much of the US and Europe. Germany alone authorized nearly 4 million euro in export licenses to Pakistan specifically for the purpose of “monitoring technology and spyware software.”