«

»

Pakistan prepares to introduce the world’s most unsafe cybercrime law

pcf censoredBy Simon Davies

The Pakistan government is on the point of introducing one of the most draconian Cybercrime laws in online history. If passed in its current form, the legislation is likely to create a substantial chill over both free expression and e-commerce in the region’s already fragile online environment.

Of even greater concern is a risk that the bill could become a template in the Islamic world that further retards online growth for nearly a quarter of the world’s population

Of even greater concern is a risk that the bill could become a template in the Islamic world that further retards online growth for nearly a quarter of the world’s population.

The Electronic Documents and Prevention of Cybercrimes Act, 2014 is in parts so extreme that relatively minor offences such as cyber squatting and junk-mailing would become non-bailable criminal violations, punishable by up to three years’ imprisonment.

Over the past few years authorities in the world’s sixth-most populous nation have sought to control online interactions through judicial processes, but this latest initiative will establish a new government-controlled central authority that would enjoy wide-ranging power to intervene in all electronic communications. This includes interference in the use of electronic signatures and encryption as well as creating a data retention regime. The authority would also have power to further criminalise the undefined offence of “crimes against Pakistan”.

A report by the Pakistan rights organisation Bolo Bhi presents an unsettling picture of a government that appears unable to grasp the nature of the online world. In a detailed legal analysis the organisation warns that few areas of the bill have been sufficiently defined, permitting widespread abuse of power by the new Cyber Authority.

The new arrangements would supplement the existing powers of the Pakistan Telecommunications Authority, which have already resulted in an outright ban on YouTube and the taking-down of a minimum of 20-40 thousand sites.

The lack of definition in the proposed law will almost certainly present vast practical problems for Internet users. For example clause 50 states “Any person who by means of an electronic device performs any function, or causes the performance of any function, knowing or having reason to believe that such function will result in violating any other person’s privacy, in any manner whatsoever, shall be punishable with imprisonment of a term not exceeding three years or fine not exceeding five hundred thousand rupees, or both.”

The lack of definition in the proposed law will almost certainly present vast practical problems for Internet users.

Similar problems emerge with activities such as spoofing and hacking, which appear to be dealt with as strict liability offences that do not take intent or effect into account.

This is not the sort of protection that any privacy advocate would wish for. In an age of mutual disclosure of personal information on platforms such as Facebook the provisions are unstable and dangerous. Considerations of consent or context appear to be entirely nullified by the phrase “in any manner whatsoever”. The result could well be arbitrary and discriminatory prosecution where the government may act even in the absence of a complainant.

In a comprehensive report on Internet freedoms released in November 2013, advocacy group Bytes for All warned: “Greater freedom and internet access for citizens has been met with increased state control, and systematic surveillance and censorship of the web. The state’s need to police cyberspace has led to numerous violations of fundamental rights, including freedom of speech, access to information and right to privacy”.

This summary is reinforced by reports from overseas watchdogs such as Freedom House and OpenNet Initiative.

Like many countries, Pakistan struggles to reconcile issues of freedom expression, security and its own economy and constitution. However the path forward cannot be found by amalgamating discredited elements of overseas Cybercrime laws.

Rights advocates and technologists across the world should strive to educate Pakistan’s authorities to ensure that this legislation is re-drafted in consultation with all stakeholders.