In the context of the Ayesha Gulalai and Imran Khan controversy, the most important proofs are the messages. Senior journalist Hamid Mir also confirms that Ms Gulalai indeed has some messages in her possession that, she claims, were sent by PTI Chairman Imran Khan. If the case is seriously pursued, the messages that Ms Gulalai claims to be in possession of must be analyzed by data forensics experts. How forensics experts will investigate these claims will depend on what kind of messages Ms Gulalai has.
How does SMS Work?
There are various ways to send messages with modern smartphones. The first is plain old SMS through your telecom operator’s network. In simple terms, these messages are sent from your phone to cell towers, cell towers direct these messages to telco servers, from where they are sent to the recipient’s closest cell tower and finally to the recipient’s phone. The telco servers save and retain two types of records pertaining to these messages: the actual content, and the metadata (information about the content of the messages, such as the sender, receiver, time, details of the sending and receiving towers). After some time, due to the sheer amount of data accumulated, the telco deletes much of the content from their servers. Usually these messages are deleted after 6 months to 1 year, but the metadata can be retained for longer.
Messengers are better for privacy
The other method to send messages on modern smartphones is via messengers that work over public Internet, through apps such as Whatsapp, Telegram, Signal, Facebook and BBM. The data in these apps is encrypted so it is harder to intercept, which is why these messengers are the communication mediums of choice for journalists, politicians and anyone else who prefers privacy. According to people close to him, for a long time Imran Khan used a Blackberry device and its Blackberry Messenger (BBM) as a primary messaging app. Initially, BBM was available on Blackberry devices only but became available on non-Blackberry devices on 21 October 2013.
While the records of these messages are also retained on the servers, these companies almost never provide this data to anyone unless in extreme cases.
It is not yet known which app Imran Khan used to allegedly send messages to Ms Gulalai.
Fake SMS messages and how to detect them
The difference between the two kinds of messages is that SMS is easier to spy on and easier to fake with various software, but their credibility and authenticity can be verified. When a real SMS goes through a network it retains some of the meta data and a digital signature of the network, with forensics software this metadata can be seen and it can be verified if the SMS was made using a fake messaging app.
According to Ikram Haq, a forensics scientist at a Federal government agency, it is easy to detect fake messages. “The metadata of the messages on the receiving phone can be checked via forensic software, which can then be double checked with the corresponding logs on the telco servers. If the logs are present the message is not fake.”
“Telecom operators usually keep logs for more than six months, even after the content is deleted,” he said. “Messages from Whatsapp etc are nearly impossible to fake. These companies are extremely serious about the security of their apps and any security vulnerabilities are quickly patched on discovery. Any fake messages in these apps can also be checked by forensic software.”
“In any case, a simple forensic analysis will prove if the messages are real or fake. Forensic analysis will be conducted on the receiving phone, the phone which contains the messages. The alleged sender of the messages has no reason to legally or technically surrender his phone for examination.” he said.
In addition to determining the existence and veracity of the messages, the content of the messages must also be seriously considered to determine whether or not they can be construed as sexual harassment. The appropriate forum for that is Federal Ombudsman Secretariat For Protection Against Harassment of Women At the Workplace.Share: