A new cybercrimes law

The Cyber Crimes Act 2014 is insecure, fragile and extreme it is when it comes to the suggested punishments.


Nighat Dad February 02, 2014
The writer is the founder and director of the Digital Rights Foundation and tweets @nighatdad

After a long struggle by the civil society and digital rights activists, the Pakistani government is pushing forward a cybercrime act. The government is in the process of not only passing the Electronic Documents and Prevention of Cybercrimes Act, 2014 but would also be setting up a cyber authority, according to recent updates from parliament.

While this act should have come as a welcome step for Pakistan’s booming online community, it has done the reverse. Available publicly, the Cyber Crimes Act, 2014 is open for anyone’s perusal and shows just how insecure, fragile and extreme it is when it comes to the suggested punishments.

This long-awaited cybercrimes act was supposed to help those who are being threatened, harassed and robbed online while not affecting the ease, availability and openness of online spaces. It lists strict punishments for even minor offences. Bolo Bhi and the Digital Rights Foundation, which are civil society organisations working on digital security, free access and internet openness in Pakistan, carefully dissected the proposed Cybercrimes Laws, 2014 in an attempt to point out concerns and policies for better clauses and acts.

The entirety of the draft shared with media outlets and civil society organisations contains vague definitions of crimes and misses to detail the processes by which any crime would be determined. In the cyber space, it is important to identify the processes and not just the crime itself. What if the alleged offender’s account was hacked and utilised for committing crimes by someone else? Recognising and identifying the chain of events that lead to a crime is crucial for any cyber law in order to secure innocents from being charged.

The Cyber Law, 2014 contains a clause giving permission to authorities to “add or omit any electronic signature and the procedure for affixing such signature” thereby violating citizens’ right to privacy.

Another startling and rather disturbing clause gives the authorities warrantless permission to intercept electronic transmission. This would let the officials “collect or record by electronic means traffic data in real-time associated with specified electronic documents transmitted by means of electronic devices” much like what the notorious National Security Agency (NSA) has been doing in the past. While activists and the online community is fighting against the NSA’s policies after Edward Snowden leaked documents containing sensitive information, Pakistanis are being dragged towards this draconian cyber era by legitimising such surveillance by making it into a law.

Apart from the vaguely defined laws and severe punishments, the process of establishing a cyber authority also remains undefined. The draft mentions that the authority will comprise seven members with five from the private sector. However, neither the selection nor election process is defined, nor does it indicate whether the private sector members will come from businesses or civil society, or both.

It is also quite alarming to see that various portions of this legislation have been copied from the Information Technology Act, 2000 of India. It should be noted here that Information Technology Act of India has itself been criticised for infringing upon the citizens’ liberties and has been long policed against by activists globally. The Act was thereby amended and introduced as the Amended IT Act of 2008.

“Of even greater concern is a risk that the bill could become a template in the Islamic world that further retards online growth for nearly a quarter of the world’s population,” writes expert privacy advocate Simon Davies in his well-known blog, the ‘Privacy Surgeon’.

The law in itself and the proposed set-up of a government-controlled, centralised cyber authority will give extreme powers to some officials. While this law will definitely affect the online community in Pakistan and attack its openness, it will also set an unsettling precedent for other Muslim countries, as mentioned by Davies, who would just copy portions of the laws and perhaps, make the punishments even worse.

Published in The Express Tribune, February 3rd,   2014.

Like Opinion & Editorial on Facebook, follow @ETOpEd on Twitter to receive all updates on all our daily pieces.

COMMENTS (5)

observer | 10 years ago | Reply

Better to have no law, than to have bad laws, to be misused by people of ulterior motive. Who would want to go on the net, knowing well that he or she is being monitored??. Those who wish to disrupt can do so, from outside Pakistan, many countries employ thousands, just to do exactly this work. Does Pakistan have the resources or the will or the capacity to counter, any group of hacking specialist outside the country. What will happen is that the small fish will get caught as an example, and the big fish outside the country will do what they wish to. As it is all internet activity in Pakistan is already monitored. There are no secrets as such. Consider that all countries are doing so 24/7, on each other without a doubt. What exactly will be the purpose of this law, what will it safeguard, and how sure can anyone be that it is doing good than doing more harm. Who will debate and with whom???.

Abbas | 10 years ago | Reply Like any other law cyber crime can not be left open for interpretations, especially when the judicial and prosecution bodies do not currently have the skill set to exercise their judgement. Having said that, boundaries within the internet space are not yet well defined globally. Debates are still held of what should be considered an intrusive activity, such as simply scanning someone's computer can be equated to knocking on the door, but it may eventually lead to a complete compromise of the system.
VIEW MORE COMMENTS
Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ