Law has a paradoxical character. In the absence of law, civil and political liberties can’t be enjoyed. At the same time, every law places a restriction on liberties. It may be another paradox, but freedom has to be curtailed to make sure it can be experienced by society at large.
The only question is: in whose interest are curbs on freedom being imposed? It is in this context that the recently enacted Prevention of Electronic Crimes Act (ECA), 2016 may be seen.
While evaluating the ECA two questions need to be answered: Was the new law really needed? And are adequate safeguards embodied in the law to ensure it doesn’t become an instrument of suppressing freedom of expression?
Cybercrime is a relatively new genre of crime fathered by the strides made in electronic, particularly online, means of communication. While the internet has opened up new avenues of expression, it has also given rise to numerous problems since technology is open to misuse.
Cybercrime can take various forms including hacking, bullying, cyber-harassment, money laundering, piracy, forgery, financial fraud, incitement, and terrorism. In a word, cyberspace can be a platform for committing both traditional and non-traditional crimes.
In Pakistan, as in other countries, the use of the internet and of digital devices for informative, transactional and entertainment purposes is on the rise. According to the National Response Centre for Cyber Crime (NRC3) of the Federal Investigation Agency (FIA), the number of internet users in the country comprises between 10 and 16 percent of the population.
With the growing number of internet users, the need to regulate the use of cyberspace becomes imperative. No significant social activity should be left unregulated. Countries across the world have enacted laws to regulate the use of cyberspace. The US has its Electronic Transactions Act, while India applies an Information Technology Act.
Pakistan, however, did not have a comprehensive law to check cybercrime in the country. The Electronic Transactions Ordinance, 2002 (ETO) focused on e-commerce only. In 2007, the Prevention of Electronic Crimes Ordinance was promulgated but it lapsed, as it was not enacted into a statute. Thus a law was needed to effectively deal with the misuse of cyberspace.
As the preamble of the law clearly states, the purpose of the ECA is to prevent unauthorised activities with respect to information systems. An information system (IS) is defined as an electronic system for generating, processing or disseminating information. Obviously the IS covers both mainstream electronic media and social media whether accessed through a computer, a cellular phone, or any other digital device.
The activities outlawed by the ECA fall into five categories: one category relates to unauthorised access to or use of an IS. This includes what is commonly called hacking and use of malicious software to harm an IS. The penalty prescribed by the said law for such activities is imprisonment up to six months and a fine, which may go up to one hundred thousand rupees.
The second category relates to use of cyberspace to cause unrest, commotion, or public disorder. The activities covered include hate speech (inter-faith, sectarian or racial); glorification of terrorism; and recruitment, funding or planning for terrorism. The maximum punishment for such offences is a 14-year sentence or a Rs50 million fine.
The third category comprises various fraudulent practices. Punishment includes both fine and imprisonment. The fourth category includes what may be called moral offences, such as harming the reputation or privacy of a person, intimidation, offences against modesty of a person, child pornography, and cyber stalking.
The fifth category consists of transmitting misleading or harmful information (spamming) and disseminating information from a counterfeit source (spoofing). All offences under the cybercrime law, save those relating to terrorism, and financial fraud, have been made compoundable and non-cognizable.
To investigate offences under the act, the federal government is authorised to establish a new agency or designate an existing agency. FIA is already entrusted with probing cyber crimes. An authorised officer of the agency is empowered to have access to specific data stored in any IS for the purpose of a criminal investigation. The officer shall within 24 hours report acquisition of the data to the court, which may pass orders for retention of the data or otherwise.
The Pakistan Telecommunications Authority (PTA), the country’s internet watchdog, has been empowered to remove or block any on-line content on religious, ethical or security grounds. Any decision of the PTA can be challenged in the high court.
The act has extra-territorial application if a forbidden act constitutes an offence and affects a person, property, information system or data located in Pakistan. This is a logical provision because cybercrime is international in scope. The provisions of the ECA override any conflicting provision contained in any other law.
On the whole, the ECA represents a reasonable attempt to regulate cyberspace in the country with adequate safeguards in the interest of internet users. Here are some examples: one, most of the offences have been made non-cognizable and compoundable. In case of a non-cognizable offence, a person can’t be arrested without a warrant; nor can investigations initiate without court orders. In case of compoundable offences, the complainant can drop charges against the accused following a compromise.
Two, the investigating agency is required to report acquisition of data to the court for subsequent order. Three, the PTA’s decision to suppress any web content is challengeable before the superior judiciary.
That said, some of the provisions may unreasonably interfere with citizens’ freedom of expression. For instance, sending messages without the receiver’s consent has been made an offence. Instead of the blanket prohibition, the restriction should have been applied to only obnoxious messages.
By the same token taking a picture of any person and publicly sharing it without his/her consent has been outlawed. Again, such blanket prohibition had better been avoided. The act also prohibits sharing information which may harm the reputation of a person. The prohibition should apply only if the information is incorrect or the sharing is mala fide. However, even in that case care should be taken not to write off the dignity of the person.