How the Digital Rights Foundation Fights for Privacy and Better Internet Governance

Learning about how other communities around the world think about and advocate for privacy is always illuminating. One of the longtime contributors to this movement is Nighat Dad, a Pakistani lawyer, human rights activist and founder of the Digital Rights Foundation (DRF).

For decades, Nighat and DRF have been fighting against online gender-based violence with a commitment to make the internet safe, healthy and inclusive for everyone, with an emphasis on privacy rights. She is a persistent campaigner for an open internet in Pakistan and around the world. Nighat currently serves on the United Nation’s High Level Advisory Board on AI, where she works on setting a robust foundation for addressing AI harms, opportunities and AI governance. She’s also my fellow Board member at Tor, developers of one of the world’s strongest tools for privacy and freedom online.

In this chat with Nighat, we touch on the importance of privacy and security on the web, the significant impact of the often unchecked control exerted by big tech companies, and the role open protocols play in countering the prevalent centralized models of data collection and ownership.

What is the mission and primary goals of the Digital Rights Foundation?

The Digital Rights Foundation (DRF) is on a mission to ensure that everyone, regardless of their background or identity, can navigate digital spaces safely and with their rights intact. We focus on Pakistan and South Asia, working tirelessly to fortify protections for human rights defenders, sexual minorities, religious minorities, and marginalized groups, always with a keen eye on gender equality.

Our approach is multifaceted, blending research, evidence-based policy advocacy, and digital security awareness initiatives. One of our primary goals is to tackle Tech-Facilitated Gender-Based Violence head-on. We do this by empowering young women, girls, and other communities with the knowledge they need to assert their rights online.

As concerns about privacy continue to mount in digital spheres, my brilliant young team remains dedicated to shining a light on these issues. Through research, monitoring, and reporting on digital rights in general and surveillance tactics of different actors particularly, we advocate for and defend the right to privacy. We believe that everyone deserves the freedom to navigate the digital world without fear of intrusion.

Collaboration is at the heart of our approach. We actively engage with stakeholders locally and globally to push for robust legal protections for privacy in Pakistan and South Asia. Moreover, we speak out against restrictive censorship policies, striving to provide practical solutions to the communities affected by these challenges. Check out our election portal we just launched to cover Pakistan’s general elections happening on February 8th.

Ultimately, every effort we undertake is aimed at cultivating digital spaces that are not only safer but also more inclusive and rights-based for all.

How crucial is encryption for maintaining online privacy and security in Pakistan? Are there any legal obstacles to the widespread adoption of encryption technologies?

Encryption goes hand in hand in maintaining privacy and security, but implementation in Pakistan has always been confronted with several challenges and legal constraints. The Prevention of Electronic Crimes Act of 2016 empowers the Pakistan Telecommunications Authority (PTA) with extensive authority to regulate online content, including the capability to block or remove information from the internet and to monitor web traffic. Here’s a video we made about it at the time:

This regulatory framework has resulted in limitations on the use of specific encryption tools, such as VPNs. All of this brings to light the difficult task of balancing the government's policies to monitor digital communications with the crucial need to protect people's privacy rights.

Where this encrypted data is stored is also of great importance. The ideal situation is that this data is unreachable even if it’s on centralized infrastructures once protected by end-to-end encryption. This way the data remains private even if it’s within jurisdictions where privacy laws are less stringent or where governments have more direct control over servers. Our data, and that includes our metadata outside of just the content of encrypted communications, should not be vulnerable to access and misuse.

These conditions lead to legal obstacles in how encrypted technologies are created or adopted within Pakistan. The regulatory framework always has a big role in hindering the effective use of encryption, as the policies enabling government oversight can conflict with the principles of strong encryption and privacy protection. Beyond data access, there is always the threat of blanket bans and other restrictions, an example of this is when messaging services WhatsApp and Telegram were part of the block by PTA in 2021. We hope to have a future on the web where such control and censorship, especially of private communications, is not even possible.

What is your perspective on the influence of large tech companies on digital rights and privacy in Pakistan? How can open and decentralized protocols challenge or mitigate this influence?

DRF has been vocal about the challenges posed by the influence of large tech companies on digital rights and privacy in Pakistan and elsewhere around the world. This is why we launched the Open Data Initiative. There are vast amounts of user data collected and controlled by big tech and this badly impacts user privacy and enables both corporate and government surveillance.

Data harvesting and storage makes it easy for big tech companies to comply with government demands for access to this data, on top of also using it to feed problematic algorithms, AI training, monetization or sharing with third parties. All of this is connected to our identities and once it is collected and shared, we cannot get that privacy back. Open and decentralized protocols that are privacy oriented and which have high security standards can challenge this reality and see us move away from centralized data collection and ownership models to reduce surveillance, censorship and control, and puts this power back in the hands of everyday web users. It’s not without its challenges, as removing harmful content or healthy moderation in decentralized frameworks as well as transparent and inclusive governance is also a problem we need to address.

Among our initiatives is our commitment to holding platforms accountable for maintaining information integrity during the electoral process. It is evident that the current models and power dynamics are deeply flawed and susceptible to exploitation, underscoring the urgent need for transformative action in safeguarding digital rights and privacy.

What are your thoughts on interoperability, especially in the context of messaging?

Having people own their data and being able to easily and privately transfer it across different platforms is key to dismantling the dominance and control of big tech companies. Users deserve both privacy and control over their own data, and to reduce their dependence on the few companies that monopolize markets through major closed-source platforms and the risks of surveillance. The freedom to select communication apps without compromising data security, or risking the loss of contacts and messages with each switch, is essential. Any protocol powering the new era of messaging apps has to be open source and end-to-end encrypted, capturing little to no metadata, with full transparency on where our data and media is stored, for people to be able to build trust.

What are some of the most important ways to ensure the next wave of applications and protocols actively support a more secure, open and equitable web?

One of the most important things is ensuring that more diverse voices are being represented in the room and more global use cases are taken into consideration during the development or contribution towards any app or protocol. Otherwise we are just recreating the same problems in different clothing. Here is an interview where I address this specific point:

Your Role in Digital Rights

We all have a responsibility to stay informed about global policies that affect us and the way we experience the web. We extend our support and gratitude to organizations like the DRF, whose tireless work is crucial in contributing towards a genuinely private, free and open internet. You can follow the Digital Rights Foundation and support their work here.