In 2009 the government proposed a faulty bill on cybercrime legislation namely, The Prevention of Electronic Crime Ordinance (PECO). My colleague in the National Assembly, Anusha Rehman, and I opposed its passing in the Information Technology Standing Committee in 2009, and proposed certain critical amendments to make the bill, human rights and international convention compliant.
Unfortunately, those recommendations were not taken up and an attempt to pass it on the floor of the house was made soon afterwards. When we successfully blocked those efforts, the prime minister decided to form a select committee of the National Assembly to deal with the issue. We were encouraged to think that the voice of reason had worked and government had decided to review the faulty legislation, which would have made Pakistan an international pariah and a police state. However, we were purposefully not included in that select committee, which to date has produced no legislation and is responsible for Pakistan not having cyber crime legislation.
Recently, I attended a conference on cyber crime in Colombo, organised by the Council of Europe. It became clear that we had taken the correct stand and had PECO been passed in its current format, many incidents of human rights abuse and failed prosecutions would have ensued.
Here are a few examples of possible abuse scenarios (all names are hypothetical) presented to us by experts under the current legislation: 1. Ahmed is a professor in a university. His computer gets infected with a virus overnight which results in spam being generated from his computer. Under the present law, an investigation officer can arrest him with a warrant, seize his computer and the university’s main server. If the spam is received in the computers of a bank, or post office, or any government’s office, Ahmed can be arrested without warrant for a non-bailable offence. 2. Mr Ali is a politician. His opponent lodges a false FIR that he received an email from Mr Ali asking the opponent to join in a public rally that will cause damage to public property. Mr Ali can be charged with cyber terrorism and can be arrested without a warrant for a non-bailable offence. His computer along with all the information and data can be seized by the FIA without a warrant. Later, at the police station, his computer can be ‘infected’ by a dishonest investigation officer to make it appear as if Mr Ali is involved in cyber crimes. There is no protection in the law currently against such fabricated electronic evidence. And the offence is non-bailable.
The government should immediately reconstitute that select committee so that the legislation can be made internationally compliant with regard to standards on data protection and privacy. It should conduct executive capacity-building in terms of law-enforcement training and it should set up a parliamentary regional advisory group and an international cyber crime task force.
Published in The Express Tribune, April 13th, 2011.