Pakistani Telcos Step into Forbidden Territory of Scanning Calls and SMS

Pakistani Mobile phone companies have started to scan (read: intercept) calls and SMS data of mobile phone users, we have learned.

According to an investigation that ProPakistani conducted, Pakistani cellular mobile operators now scan — at least the metadata — of calls and SMS that their customers send or receive on Pakistani networks.

Note: Metadata is the header information of call and SMS communication and usually has information about sender and receiver of calls and SMS, and not the content of calls or SMS. 

It is clear that SMS and call data is exposed to mobile phone companies since they transport such data, however, it was assumed that operators never peeked into this data to ensure consumer privacy.

New revelations, however, suggest that mobile phone companies have started to intercept SMS and call data of their customers for commercial purposes.

Dangerously, these interception were made without the consent of customers and their call and SMS data was read by cellular companies to offer them personalized services.

For example, EasyPaisa sent personalized broadcast to its customers with special offers relating to banks where they maintained their accounts.

Customers who had bank accounts in UBL were sent special discounts related to UBL only. Similarly, special offers for Standard Chartered Bank account holders were sent to SC account holders only.

While Telenor didn’t elaborate how it knew about the banks where customers maintained their accounts, industry experts said that this could be due to frequent customer interaction with specific numbers, such as a bank helpline or through bank’s SMS short code that might had helped Telenor to identify the banks where their customers had accounts.

When we asked Telenor how it gathered such critical data about the customers’ bank accounts, it said

Telenor strives to provide personalized experience which involves customer data and preference analysis in an automated and anonymized way to ensure customer privacy.

PTA is clueless about how to deal with the situation. When we asked about any regulations in place when a customer data is intercepted for commercial purposes, it said that this is a grey area and is yet to be regulated.

Industry experts aren’t convinced by the approach. They say that Telenor should have done at least two things:

  • Should have informed customers of any such data interception
  • Should have compensated customers (through free services) if their data is used for commercial purposes

Industry experts said that data privacy is an alien concept these days, however, customers should know about how companies treat their data. Google for example, clearly mentions that customers’ data is used for commercial as well as system enhancement purposes.

Similarly, Telenor should have communicated customers about the same, said the experts.

Moreover, according to Industry high-ups, when companies use customers’ data for commercial purposes then they must not charge for the service or at least offer discounted prices.

Gmail for example, is free of charge when customers’ data is used.

They said that such personalized offers, when combined with other businesses (banks for example) will supplement partner businesses as well, and hence there are chances that Telenor is charging the partner (bank) for such a combo offer. This is where customers — whose data is used — should be compensated.

Tech reporter with over 10 years of experience, founder of ProPakistani.PK

  • @aamir good that you are highlighting it, thats more like what we expect from ProPK. I was also wondering how come easypaisa sends me message with the banks name I use, now I know they are using our data. It means that the marketing SMS we receive would also might have something to do with our cellular network?

  • Hello guys, i am interested to get CONTENT of calls and SMS. I am willing to pay any amount for certain numbers. Can anyone help me ?

  • so whats wrong in it?? This is called data analytics and help us in getting more relevant information. BTW if its only Easypaisa than why all telcos or you are afraid that you will be in bad shape like last time it happened to you in case of that railway thing??? so playing safe??? if you are telling a truth than you must have guts…

  • bhai kya mujhe kisi number ki calls or SMS ka content mil sakta he specially Mobilink user? i am willing to pay any valid amount for it.

  • Bhai Islamabad main kahan se mile ga yeh tu idea nahi, but online aap se le sakte ho in 53k but I would suggest agar Dubai main koi jannay wala ho aur recently aanay wala ho tu us se mangwa lo, wahan se around 47-48 tak ka parega.

  • It is clear that SMS and call data is exposed to mobile phone companies since they transport such data, however, it was assumed that operators never peeked into this data to ensure consumer privacy.

    You assumed that? All that means is you are naive.

    Get real. There is no privacy or data protection law in Pakistan.

  • It appears that the Cellcos have joined the wild west of Pakistan’s governance and enjoying the fruits with no fear of a blowback! Maybe someone will sue them and then this may unravel. ProPakistani is an excellent source for news of this sector.

    • Sue them on basis of what? There is no law that stops them from using this information.

      If you want to sue someone, start with ISI who run the “blocking” servers on Internet and can trace every packet to someone’s CNIC.

  • The headline is misleading. It is very easy for telcos to find out your bank just by looking at the A and B number. They don’t have to read your SMS or record your calls to do this.

  • Using Customers data for commercial purposes by Telcos is one thing which might be new in Pakistan. However, Metadata was always there, just few clicks away for any teleco in Pakistan. Telecos dig and share metadata upon request by the relevant authorities on daily basis. Also, use it in multiple ways to send personalized offered as well.

  • Yesterday, I asked someone to send me money through online bank transfer and within minutes I got a text from easypaisa mentioning their offers.

  • Meta data Analysis and filtering keystrokes they use… Not a single call/sms has privacy use encrypted tools for texting text secure i e signal /telegram and red phone for calling.All the data is sold via commercial teams to 3rd party small software house which works on your data with anonymous names.Avoid clicking on Adds As they contain RCS.if u receive any text which has link just forward it to the citizens lab.There is no lawful intercept in pak unfortunately.Data in packets are bit secured yet but with some time it will be also intercepted…Good Luck Guys. Your Data is stored till 3 months in readon devices ;)

  • You guys are ridiculous. You are telling me that none of your shops, banks, hospitals, govt departments, don’t take data that they have gathered about your dealings with them and turn it into sales opportunities or profiling.

    Metadata or any kind of transactional for telcos is their property – how do you think they bill you, support you in customer care, develop new products

    The only reason why everyone gets anxious with these stories is because you hate the idea that people might know you watch too much porn.

  • close