Pakistan’s proposed ‘cyber hudood’ | Pakistan Press Foundation (PPF)

Pakistan Press Foundation

Pakistan’s proposed ‘cyber hudood’

Pakistan Press Foundation

Karachi: Imagine going to jail for sending emails and posting pictures of friends and family without obtaining their ‘permission’.

Retweeting a meme you thought was funny. Making a critical comment on the cyber space about a deal made by a country having ‘friendly’ relations with Pakistan.

Imagine having all your online activity stored at every place offering internet services. The pages you visited, the terms you searched for, the chats you had, and the pictures you shared.

The time when all 30 million internet users in Pakistan would be punishable with jail time might not be very far away, if the proposed Prevention of Electronic Crime Bill 2015 is approved by the National Assembly.

Maybe, all this would have been easier to digest only if clauses of the proposed bill actually worked to stop terrorism, as claimed by the government. However, cyber legislation experts and stakeholders while talking to The News lamented that the law was so technically poor that instead of curbing their activities, it would make Pakistan a safe haven for terrorists.

Ironically, while a lot of everyday online activity is an ‘offence’ under the PEC 2015, shutting down websites and gaining unauthorised access to applications and bringing down websites is not.

Its badly drafted clauses pertaining to spamming and spoofing also cast doubt over the legality of the operations of IT businesses and international service providers such as Google, Yahoo and Microsoft.

In fact, revealed experts, not only are the clauses loosely worded, they are also borrowed from rejected bills of other countries, such as India and Grenada.

Terrorising repercussions

It is extremely important to distinguish between cyber crime and other offences, said Afaq Ahmed, a member of the advisory board of Pakistan Software Houses Association for IT and ITES (P@sha).

“The term cyber crime is used specifically for a crime taking place in the online world. It does not at all mean a crime which takes place with the help of technology, as the PEC 2015 implies. By that definition, kidnapping will also be a crime punishable under the PEC,” he explained.

A Pakistani expert on cyber legislation, Barrister Zahid Jamil, said, if passed, the bill would regress Pakistan’s cyber-readiness by at least 15 years and will prevent it from becoming a signatory of the Budapest Convention, the first treaty on cyber crime, isolating it from the rest of the world.

“The PEC 2015 falls way under international baseline standards. Unless they are met, Pakistan will not be able to become a member of the Budapest Convention and seek help from other countries in related fields,” said Jamil.

“This will isolate Pakistan from the rest of the cyber world. With Afghanistan on its way to becoming a signatory to the Budapest Convention, how can the government expect to fight cyber terrorism if it can’t seek the help of countries facing similar problems?”

Jamil is the chairman of Developing Countries Centre on Cyber Crime and is also a legislative drafting expert for the EU and Commonwealth. He opined that provisions of the proposed bill were so vague and technically flawed that it might make Pakistan a safe haven for cyber terrorists and criminals, instead of enabling the government to cap their activities.

“Would you believe that the form of hacking which brought the Supreme Court website down in 2011 would be legal under this act?” said Barrister Jamil, “On top of that, the government will not be able to track them or seek the help of IT giants because the law isn’t clear.”

The PEC describes a service provider as any place which offers internet services – be it a hotel, hotspot, cybercafé or a friend’s house – and requires them to retain data for up to a year which can be subpoenaed anytime by the designated authorities, explained Jamil.

“With its poor wording legalising access to data and ‘intelligence’ — which includes everything from emails to memes — imagine the repercussions if the data then falls into the wrong hands,” he said.

“Another example is the definition of spamming under which sending unsolicited emails would become illegal. If Gmail or Hotmail can’t send emails, how do you expect them to run their businesses? They might as well just wrap up and leave because their operations would not be legal.”

This concern was also echoed by the founder of P@sha, Jehan Ara. She said unless there were clear laws, international software businesses would not come and invest in Pakistan.

Afaque Ahmed said another crucial technical flaw, despite serious infringement upon users’ privacy, was that it extended the Pakistan Penal Code of 1860, Criminal Procedure Code of 1869 and Qanoon-e-Shahadat Order 1984, to the cyber world.

“The PPC already has provisions dealing with crimes abetted by technology. But to distinguish between a teenager bringing down a website for fun and a cyber terrorist is another matter altogether. The legal precedents of the PPC are clearly defined by a number of court judgements, while that of cyber crime are not. Cyber legislation needs to be like a strait jacket, however, this law is anything but,” he said.

Blanket surveillance

If the new law is approved, the country’s Twitterati and other armchair activists can be jailed for up to three years for hurting the interests of Islam, passing critical comment on countries having friendly foreign relations with Pakistan, besides public figures and representatives, either by words or through drawing memes.

The law penalises the communication of obscene, vulgar, contemptuous or indecent intelligence without actually clearly defining or distinguishing between the nature or intention of these practices.

The prescribed ‘authority’ — in this case the Pakistan Telecommunication Authority, according to sources — can “block access to any website if necessary in the interest of the glory of Islam, security or defence of Pakistan or any part thereof, friendly relations with foreign states, public order, decency or morality”.

This, according to Sana Saleem of Bolo Bhi was the biggest concern. Talking at an awareness meeting called by Bolo Bhi and P@sha a day after the bill was approved by the standing committee, she said this clause justified blanket bans and censorship by the government of all online content, while citing the examples of music websites and pages about killings of Ahmedis in Pakistan which have been blocked by the PTA.

Last year, Bolo Bhi filed a petition in the Islamabad High Court, challenging the legality of the

Inter-Ministerial Committee for the Evaluation of Websites (IMCEW) set up by the MOIT, following which the court had restrained the committee from issuing orders to the PTA for blocking websites or pages without its approval.

However, if this law is passed, said Sana Saleem, it would give the PTA, a statuary body, the legal grounds to block access to any online content.

Then there is the definition of intelligence to worry about, said Saleem. The law defines intelligence to include any speech, sound, data, signal, video or picture. “This means all our internet activity, including chats and retweets, is liable to government approval. What’s more, it will be stored in servers of ‘internet service providers’ for up to a year. The service providers will be punished with the same crime if they can’t give government access to this data or ‘intelligence’.”

Dubious circumstances

On the other hand, the ministry of information and technology clarified that while drafting the bill, it was made sure that it fell in line with existing laws, the constitution of Pakistan and the National Action Plan.

“If that were the case, then all that was needed was a line which stated that the existing laws now also extended to the online world, and the ministry wouldn’t have had to go through the trouble of drafting and reviewing clauses spanning over 40 pages,” remarked a disgruntled expert who had, with Barrister Jamil, presented a ready-made draft to the government in 2014.

The bill was approved two days ago by the National Assembly’s standing committee, led by Capt Safdar, with only four to five of its 14 members present. One of the members, an MNA of the Muttahida Qaumi Movement, Ali Raza Abidi had opposed the bill and called it to be reviewed by real experts, it was approved to be presented in the National Assembly.

“The technical prowess of the members of the standing committee is limited to sending SMSes and emails, that too with help,” said Abidi, “They are not qualified enough to gauge the implications of a bill whose loopholes will have precarious repercussions on me and my children.”

In 2014, Jamil had led a group of stakeholders and experts who had, after three-year long deliberations, put together a draft that met international standards and was acceptable to both private businesses and civil society factions.

But the present content of the draft was finalised “after removing repetitions and redundancies”, according to MOIT spokesperson Saghir Ahmed Wattoo.

For the past five years, since the Prevention of Electronic Crimes Ordinance (PECO) lapsed in 2009, Pakistan has been without any law for the prevention of cyber crime.

Under the PECO, the Federal Investigation Agency’s National Response Centre for Cyber Crime had the authority to carry out and investigate any potential cyber attacks.

In a recent conversation with The News, Shahid Hayat, the FIA Sindh DG, had conceded that though the agency had the infrastructure required for prosecuting cases pertaining to cyber and electronic crime, it couldn’t because there was no law.

However, Afaque Ahmed called for the proposed bill to be dumped in its entirety. “Even though the PPC has its problems, its precedents are well-established. The technicalities of cyber legislation are entirely different,” he said.

Meanwhile, Abid said the assemblies need two-thirds majority to be able to amend a law. But with legislation so open to speculation and exploitation, it would not only give authorities Putinistic control over online content, but would also endanger everyday users who have nothing to do with terrorism.

The News