The ‘unique’ aspects of the Cyber Crime Bill 2015
Since the approval of the Prevention of Electronic Crimes (PEC) Bill 2015 by the National Assembly’s Standing Committee on Information Technology and Telecommunication, there has been a lot of hue and cry. Human rights groups and activists have termed the PEC Bill a ‘draconian’ law. The groups advocating freedom of expression and internet freedom consider it as an attack on free expression and open internet in the country. Privacy rights groups have expressed their fear that the Bill will result in more infringement of privacy of individuals. Constitutional experts believe that various provisions of the Bill are ultra vires to the Constitution.
However, there has been little discussion on a few other potentially harmful, ‘unique’ aspects of the Bill. From a careful reading of the Bill, it appears that the government is trying to kill too many birds with one stone. One of these ‘birds’ is the “citizens’ right to information and proactive disclosure of information”. The Constitution guarantees the citizens’ right to information under Article 19A. Transparency, openness and proactive disclosure of information are, nevertheless, fundamental vires of Article 19A. However, instead of replacing the Freedom of Information Ordinance 2002 with an effective right to information law at the federal level, the government is trying to further discourage transparency and disclosure of information. In fact, the measures proposed in the Bill to restrict disclosure of information make this law no less than a modern version of the Official Secret Act 1923. Needless to mention that from drafting of the Bill to its approval from the Committee, secrecy has so far prevailed.
The Bill defines the term “intelligence” as “any speech, sound, data, signal, writing, image, or video”. “Data”, according to the Bill, is content date and traffic date. “Content data” means “any representation of fact, information or concept for processing in an information system …” The Bill also defines “information” as text, message, data, voice, sound, database, video, signal, software, computer programs, codes including object code and source code”. However, the most important definitions, that of “personal/private data” and “official data” are missing in the Bill. These definitions are essential as Section 4 of the Bill criminalises “unauthorised” access to or copying of all kinds of data without making any distinction between ‘public data’ and ‘private’ or ‘official’ data. Moreover, the Bill forbids all sort of “access to information system” whether or not it is through the infringing of any security measures.
It is also pertinent to mention that there is a large variety of intelligence or data —relating to the public at large and which is otherwise available through informal sources and that needs to be made public in the public interest — that will no longer be available after passage of this Bill. For example, intelligence or data with the government, such as statistics on the situation of markets, estimation of calculations for petroleum prices, speeches of officials/public representatives in meetings, minutes of meetings, videos/images of officials and public representatives in a compromising state, e-copies of the drafts of proposals directly relating to the public, etc. can easily be included in definitions of data and intelligence. In the absence of a comprehensive legal framework on the right to information at the federal level, accessing such information through informal means will be impossible because this will be a crime under Sections three and four. Therefore, instead of promoting proactive disclosure, this Bill discourages whistleblowers from disclosing information in the public interest and hence it is against the spirit of Article 19A of the Constitution. Moreover, Section 45(2) states that this law “shall have effect notwithstanding anything to the contrary contained in any other law on the subject for the time being in force”. Therefore, it is feared that the right to information laws will be the first casualty of this overriding effect.
The Bill also discourages innovation and creativity. As mentioned earlier, it criminalises all sorts of “access to information system” whether or not it is through the infringing of any security measures. The Bill does not draw any distinction between ethical hacking and malicious hacking. Moreover, Section 13 “prohibits production, making generating … any information system, data, or device … believing that it is primarily to be used to commit or to be assisted in the commission of an offence”. The provision is a strange show of the understanding that lawmakers have of technology. It is pertinent to mention that neutrality is a fundamental aspect of technology. It is the person behind the technology who misuses it. Technology itself is not to blame here. The provision of Section 13 seems to be against the concept of neutrality of technology and discourages innovation and creativity in the field of information technology.
Another important issue is with the Bill’s Section 34. This section copies a few parts of Article 19 of the Constitution. The government argues that objecting to this section actually amounts to objecting to the constitutional provision. This is, however, a matter of a larger debate whether everyone agrees on the language of Article 19 or not. Nevertheless, it is extremely important to understand that there are “reasonable restrictions …” in Article 19, which has a specific background and context. These ‘reasonable restrictions’ in the constitutional provision define an overall framework of freedom of expression and freedom of press in the country. Their application is much wider and holistic and cannot be restricted to limited subjects and issues. Furthermore, it is the domain of the higher judiciary to decide whether a certain restriction, as mentioned in Article 19, is reasonable in a particular case. Therefore, reasonability of restriction shall have to be determined by the higher courts on a case-to-case basis.
Nevertheless, using certain parts of any constitutional provision in any other statutory law without its specific context is against the spirit of the Constitution. It also confuses the difference between a statute law and constitutional law. It is noteworthy here that had there been no difference between the constitutional law and statutory law, there should not have been any difference in their amendment process and impact. Constitutional application is universal and interpretation of fundamental rights, including those in Article 19, is the exclusive domain of the higher judiciary. Protection of citizens’ rights is the basic premise in the interpretation of constitutional fundamental rights. Therefore, it is unfair to leave this to a statutory body like the PTA or its authorised officer to decide issues regarding the fundamental right of citizens and when it comes to decisions on blocking or removing any information from any website. This is against the basic spirit of the constitutional guarantee.
While there is a need for a comprehensive legislation to curb online harassment, hate speech and infringement of privacy, it is necessary that such legislation does not infringe on other fundamental constitutional rights. A broad-based meaningful consultation is needed. Transparency is also extremely important in the law-making process because citizens have the right to know.