Cyberattack
By Nadir Hassan | Society | Published 9 years ago
On May 22, the Standing Committee had invited civil society members for a meeting to discuss the controversial cyber-crime bill (Prevention of Electronic Crimes Bill 2015 — PECB). Even before the meeting could start, it descended into farce. Many of those who had shown up for the meeting found their names were not on the list and they were barred entry. After much haggling and the personal intervention of MNA Shazia Marri, they were finally allowed in, although not before a couple of people had turned away.
This lack of transparency and an unwillingness to listen to dissenting voices has characterised every action taken by the government on an issue that threatens all our freedoms. Farieha Aziz, director of Bolo Bhi, describes how difficult it has been to get the government to listen. “Initially we were derided as a mafia trying to thwart well-intentioned efforts of the government. But the meeting/public hearing in May, when many of us spoke before the National Assembly’s Standing Committee on IT, and raised reservations, became the turning point. From passing the proposed bill in a speedy manner, the Chairman constituted a subcommittee to address reservations and incorporate feedback. However, the revision process has yet to take place. How much they incorporate will tell us how accepting they are of our proposed changes.”
That the country needs a cybercrime bill is not in question. The last law regulating the internet was the ‘Prevention of Cyber Crime Ordinance,’ promulgated by Pervez Musharraf in 2007. When Musharraf was replaced by a democratic government, his ordinance was allowed to lapse in 2009 after it was unable to secure parliamentary approval. Since then, the PML-N has tried to rush through its own bill. The secrecy and speed surrounding it is unsurprising, given how vast a danger it poses to free speech online.
Speaking at a conference on the bill, the president of the Pakistan Software Houses Association, Jehan Ara, said that the government had drafted the bill without consulting the relevant parties and that this was possibly done under the pretext of the National Action Plan against militancy. Among its harmful effects, according to her, is the fact that it will discourage foreign companies from coming and investing in the country since they would not want their data under constant government scrutiny.
The largest problem with the proposed cyber-crime bill is the vagueness of its language — leaving too much power with the government to interpret it to suit its own needs. The bill makes it a crime, for instance, “to glorify an offence or the person accused or convicted of a crime,” or “to support terrorism or activities of a proscribed organisation.” The former clause, if taken to its logical extreme, would criminalise anyone who supported any politician who had ever been convicted of corruption — which would include a great many politicians. By outlawing speech, especially when the speech is against the interests of the government of the day, the cyber-crime bill is a unique threat to the freewheeling nature of the internet.
The question of “national security” is one that has been challenged by privacy groups. Bytes4All, for one, says that any definition of security must include the notion of personal security, and thus “any legislation pertaining to national security must also safeguard human rights.” The group’s other recommendations include setting up a Privacy Commission and extending the National Commission for Human Rights Act.
The latter clause may seem more justifiable since support for the terrorist groups that have waged war on this country and killed untold tens of thousands should be tolerated by very few. The problem once again is in the implementation. Even the lack of a cybercrime bill has not stopped governments using the enforcement power of the Pakistan Telecommunication Authority (PTA), to ban the websites of Baloch separatist groups and even online news organisations like Baloch Haal, which have a nationalistic bent. Until the law is clearer on the definition of terrorist groups and until governments show a willingness to take on the supporters of banned militant outfits, both on and offline, such a clause will likely be used only to repress those engaged in legitimate dissent.
This is borne out by Aziz, who says, “How many proscribed organisations accounts or websites have been suspended or taken down, if disallowing militant groups to spread their message is really the intent? Yet YouTube, Instagram, WordPress, satirical music videos, political and secular websites get blocked.”
The sweeping nature of the proposed bill can be seen in the way it makes all unauthorised transmission of information that is not already in the public domain a criminal activity. This portion of the bill, once again, can be justified by a need to stop hackers from stealing national security secrets, personal information of internet users and business secrets for malicious purposes. But as currently written, the law provides no protection for whistle-blowers. This means those who transmit secret information for the purpose of exposing government wrongdoing will be equally seen as criminals in the eyes of the law.
Only those who are free speech absolutists, to the point where they would defend conduct clearly meant to target others, would deny there is a harassment problem on the internet. Women, especially, are routinely stalked with hateful messages threatening violence and the militant presence on the internet is especially strong, with the rise of the Islamic State leading to an ever-more sophisticated online propaganda strategy. Once again, though, the cyber-crime bill goes too far.
The proposed bill will make it illegal to take and upload photographs of anyone if it could harm them or to send them messages that might be described as obscene. This has the potential of being taken too far and criminalising photography taken in public settings and also could be a chilling curb on free speech. Every individual has different standards of morality and the danger here is that the government has decided, with minimal input from industry groups and civil rights organisations, to impose a one-size-fits-all-morality on the entire internet-using population of the country.
The Orwellian nature of the proposed cyber-crime bill is shown by how it defines common terms to expand their reach and outlaw perfectly legitimate activities. For example, one sub clause of the bill says, “Whoever intentionally submits harmful, fraudulent, misleading, illegal or unsolicited intelligence to any person without the express permission of the recipient, or causes any information system to show any such intelligence, commits the offence of spamming.”
Spamming, as it has been traditionally understood, includes only the unsolicited marketing emails that inundate our inboxes. Other countries have outlawed it only in the sense that email users are allowed to put themselves on a list where they explicitly say they do not want to receive such spam. This is an extension of the Do Not Call list that some countries maintain, where telephone users can opt out of receiving marketing phone calls, even political ads and even those relating to polling on political issues.
The Prevention of Electronic Crimes Bill, however, makes no such distinctions and, in its sweeping nature, could hamper the spread of important messages on issues such as public health. Would we really want to make it illegal, as an example, to raise public awareness by sending mass messages on social media and through email on the importance of being vaccinated against polio?
The most dangerous clause of the bill may be its requirement that internet service providers will have to retain all user data for a period of one year. This means the government, through a simple order from the PTA, will be able to access every website we have visited. The bill also codifies the PTA’s ability to block any website it wants. The telecommunication authority already possesses this right, but any cyber-crime bill worth its name — which sought to expand rather than diminish online freedom — would have taken that power away and created a transparent system where the decision to block websites is taken by an independent judiciary, giving individual citizens the right to appeal.
Such an expansive bill has vast political implications too. The bill seems bent on restricting the space for political speech as much as possible. By making ‘spoofing’ a criminal offence punishable with jail time, there is a worry that government may go after legitimate satire. The proliferation of memes mocking politicians and other public figures, which can range from thought-provoking to vulgar, would be under threat, as would satirical websites along the lines of ‘The Onion.’ Government assurances that “spoofing” would not be affected, are not sufficient. Governments have a tendency to accrue to themselves the maximum amount of power and subsequent governments could redefine these clauses to best suit their needs.
The government response to criticism of the bill has been underwhelming at best. Rather than take public concerns on board, it has dismissed them outright. The Ministry of Information Technology said, “The entire notion that the bill was prepared behind closed doors needs to be corrected; the bill was in fact, put together after exhaustive rounds of consultations with public and private sector stake-holders amounting to tens of meetings and opportunity for written comment on the draft published on the website, after the bill was initiated in 2009.” This ignores the fact that the standing committee adopted the bill with no input from the public and indeed did not even make it public. It was only after a recent leak that its clauses became known.
The problem of government regulation of the internet does not stop with the cyber-crime bill. Under the shadow of secrecy, it has been adopting a vast surveillance system. A report by the London-based Privacy International revealed that the government has been purchasing intrusive spying software from international companies to keep tabs on all of us at any time.
Indeed, the entire government defence of the Prevention of Electronic Crimes Bill and its other surveillance activities has been to tell us that the laws do not say what we think they do. The fault, though, lies not in the reader, but in the government that it has been so deliberately vague.
This article was originally published in Newsline’s August 2015 issue.
Nadir Hassan is a Pakistan-based journalist and assistant editor at Newsline.