Sheera Frenkel

Pakistan has been trying to build a sophisticated, National Security Agency-style mass surveillance system that would let it tap the phone calls and emails of hundreds of millions of people worldwide - and has been contracting with Western and other international companies to achieve its goal, a new report claims.

The report, by the UK-based advocacy group Privacy International, does not say if Pakistan has built the system. But it raises concerns about what Pakistan - a country that has been accused of providing refuge to the Taliban and that has a history of cracking down on human rights activists - would do with the ability to carry out mass surveillance.

Pakistan was one of the so-called 3rd party partners approved to take part in gathering intelligence from electronic signals with the NSA. For years, the US-run surveillance program in Pakistan intercepted communications in the country and provided intelligence to US military operations across the region. But the Privacy International report says Pakistan has begun developing its own capability and would not be relying on the US to gain access to hundreds of millions of people’s email, phone calls, and other communications.

Pakistan has already built itself a sizable surveillance toolkit, purchasing surveillance technology from companies ranging from the US-based Blue Coat to the Chinese Huawei, according to the report. Those companies are known for their so-called deep-packet inspection software, allowing a user to search internet communications for a specific term. Another company named in the report, the UK-based Finfisher, develops and sells monitoring systems that can be used to spy on people using desktops and smartphones. It was ordered to report its activities in Pakistan by the Lahore High Court, due to a petition filed by the Pakistani civil society group Bytes for All. At the time of this report, however, no activities report has been filed to the court.

Finfisher and Huawei did not respond to requests for comment from BuzzFeed News. BlueCoat sent BuzzFeed News a statement saying that its end-user agreement “prohibits use of our products in public Internet networks in a manner that violates individuals’ rights to privacy and freedom of expression.”

The recent breach of the email server of the Milan-based Hacking Team surveillance company, also revealed that the group was in talks with Pakistan to sell their monitoring system.

To enhance their bids, several Pakistani contacts name dropped current or former Pakistani intelligence officials they claimed close relationships with in an effort to persuade Hacking Team that a project in Pakistan could be expansive. “Our project lead on this is Brig Javed Malik who was Deputy Director (Analysis) ISI-Technical Wing,” wrote one. In another, “Brig Waqar is the Telecommunications head for ISI and the person responsible for all evaluation of products . We have extremely close relationship with him and can get you a letter in a few days.” Hacking Team did not respond to requests for comment.

Privacy International

These companies are named in the report as providing software to the Pakistani government dating back to early 2004. Nine years later, in 2013, Pakistan sought to drastically increase its mass-surveillance abilities, the report said. Documents provided to Privacy International reveal communications between Pakistan and an unnamed company to commission a surveillance system that would tap into three international undersea fibber optic cables, effectively allowing them the sort of mass surveillance that had previously only been done in the country by the NSA. The report stopped short of saying whether Pakistan had moved forward in the last two years on creating the new surveillance system.

The system named in documents as the “Targeted IP monitoring System” would help Pakistan create centralized command centres in Karachi that would allow them to collect “a significant portion of communications travelling within and through the country” according to one of the company documents posted by Privacy International.

“While it is not clear whether the project was approved and built it is a marker for the imbalance currently in Pakistan between the power of the intelligence community and the power for the public to hold them to account,” Matthew Rice, advocacy officer for Privacy International told BuzzFeed News. “It would appear that the Pakistan’s plans for the kinds of technology they want to buy and the kind of project they want to put together illustrates an intelligence agency stretching the limits of what is democratic and what is legitimate when it comes to surveillance.”

Researchers behind the report told BuzzFeed News that they could not say whether or not the project proposed by the ISI was accomplished.

“They are kind a copying the precedent shown by the United States and trying to create their own NSA, or something that could rival the NSA” said one of the Privacy International researchers, who asked not to be named to protect the sources she communicated with. “There is no indication that anything Pakistan was part of the NSA program. This is them trying to create their own mass surveillance network.”

In interviews with BuzzFeed News, employees at companies currently operating in Pakistan and Western officials based there said that the Munich-based Trovicor Company, previously known as NSN, was a frontrunner for the contract.

NSN was one of the first companies to provide Pakistani authorities with lawful interception capacities in the late 1990s, according to Privacy International. NSN, which was originally a joint venture of Siemens AG and Nokia, was renamed Trovicor following damaging revelations in 2009 that NSN had sold monitoring equipment to Iran.

“Trovicor continues NSN’s legacy,” reads the Privacy International report. “It has expanded the capabilities of various monitoring centres across the world, including those connected to key service providers such as Telenor, Mobilink and Warid.” Trade records for Pakistan published online show Trovicor shipping more than 2,500 tons of computer equipment to one of Pakistan’s largest cellphone carriers, Warid in September 2014.

According to its own brochure, Trovicor’s system is a “state-of-the-art solution to monitor, analyze and store all data acquired during investigation activities, such as the interception of communication data in fixed and mobile networks, to Next Generation Networks and the internet. The systems capture interactions, transactions and surveillance from multiple sources, including telephone, radio communication, email, web, chat, social media, and more in order to provide a framework for merging data into a single operational view thus providing meaningful information to decision makers about threats and targets.”

Trovicor did not respond to repeated requests from BuzzFeed News for comment on their products, or on their business contracts in Pakistan. Two competitors, one from Narus and another from Alcatel, both of whom do business in Pakistan, told BuzzFeed News on condition of anonymity that they had heard that Trovicor had recently increased its business in Pakistan but did not know details of the deal.

The Pakistani Embassy did not respond to requests for comment.

Advocacy groups, including Privacy International, have called for the Pakistani legislature to investigate where they stands on efforts to expand the country’s mass surveillance system, and whether they have moved forward on installing international undersea fibber optic cables terminating in Pakistan.–BuzzFeed News