A new cybercrimes law
The Cyber Crimes Act 2014 is insecure, fragile and extreme it is when it comes to the suggested punishments.
After a long struggle by the civil society and digital rights activists, the Pakistani government is pushing forward a cybercrime act. The government is in the process of not only passing the Electronic Documents and Prevention of Cybercrimes Act, 2014 but would also be setting up a cyber authority, according to recent updates from parliament.
While this act should have come as a welcome step for Pakistan’s booming online community, it has done the reverse. Available publicly, the Cyber Crimes Act, 2014 is open for anyone’s perusal and shows just how insecure, fragile and extreme it is when it comes to the suggested punishments.
This long-awaited cybercrimes act was supposed to help those who are being threatened, harassed and robbed online while not affecting the ease, availability and openness of online spaces. It lists strict punishments for even minor offences. Bolo Bhi and the Digital Rights Foundation, which are civil society organisations working on digital security, free access and internet openness in Pakistan, carefully dissected the proposed Cybercrimes Laws, 2014 in an attempt to point out concerns and policies for better clauses and acts.
The entirety of the draft shared with media outlets and civil society organisations contains vague definitions of crimes and misses to detail the processes by which any crime would be determined. In the cyber space, it is important to identify the processes and not just the crime itself. What if the alleged offender’s account was hacked and utilised for committing crimes by someone else? Recognising and identifying the chain of events that lead to a crime is crucial for any cyber law in order to secure innocents from being charged.
The Cyber Law, 2014 contains a clause giving permission to authorities to “add or omit any electronic signature and the procedure for affixing such signature” thereby violating citizens’ right to privacy.
Another startling and rather disturbing clause gives the authorities warrantless permission to intercept electronic transmission. This would let the officials “collect or record by electronic means traffic data in real-time associated with specified electronic documents transmitted by means of electronic devices” much like what the notorious National Security Agency (NSA) has been doing in the past. While activists and the online community is fighting against the NSA’s policies after Edward Snowden leaked documents containing sensitive information, Pakistanis are being dragged towards this draconian cyber era by legitimising such surveillance by making it into a law.
Apart from the vaguely defined laws and severe punishments, the process of establishing a cyber authority also remains undefined. The draft mentions that the authority will comprise seven members with five from the private sector. However, neither the selection nor election process is defined, nor does it indicate whether the private sector members will come from businesses or civil society, or both.
It is also quite alarming to see that various portions of this legislation have been copied from the Information Technology Act, 2000 of India. It should be noted here that Information Technology Act of India has itself been criticised for infringing upon the citizens’ liberties and has been long policed against by activists globally. The Act was thereby amended and introduced as the Amended IT Act of 2008.
“Of even greater concern is a risk that the bill could become a template in the Islamic world that further retards online growth for nearly a quarter of the world’s population,” writes expert privacy advocate Simon Davies in his well-known blog, the ‘Privacy Surgeon’.
The law in itself and the proposed set-up of a government-controlled, centralised cyber authority will give extreme powers to some officials. While this law will definitely affect the online community in Pakistan and attack its openness, it will also set an unsettling precedent for other Muslim countries, as mentioned by Davies, who would just copy portions of the laws and perhaps, make the punishments even worse.
Published in The Express Tribune, February 3rd, 2014.
While this act should have come as a welcome step for Pakistan’s booming online community, it has done the reverse. Available publicly, the Cyber Crimes Act, 2014 is open for anyone’s perusal and shows just how insecure, fragile and extreme it is when it comes to the suggested punishments.
This long-awaited cybercrimes act was supposed to help those who are being threatened, harassed and robbed online while not affecting the ease, availability and openness of online spaces. It lists strict punishments for even minor offences. Bolo Bhi and the Digital Rights Foundation, which are civil society organisations working on digital security, free access and internet openness in Pakistan, carefully dissected the proposed Cybercrimes Laws, 2014 in an attempt to point out concerns and policies for better clauses and acts.
The entirety of the draft shared with media outlets and civil society organisations contains vague definitions of crimes and misses to detail the processes by which any crime would be determined. In the cyber space, it is important to identify the processes and not just the crime itself. What if the alleged offender’s account was hacked and utilised for committing crimes by someone else? Recognising and identifying the chain of events that lead to a crime is crucial for any cyber law in order to secure innocents from being charged.
The Cyber Law, 2014 contains a clause giving permission to authorities to “add or omit any electronic signature and the procedure for affixing such signature” thereby violating citizens’ right to privacy.
Another startling and rather disturbing clause gives the authorities warrantless permission to intercept electronic transmission. This would let the officials “collect or record by electronic means traffic data in real-time associated with specified electronic documents transmitted by means of electronic devices” much like what the notorious National Security Agency (NSA) has been doing in the past. While activists and the online community is fighting against the NSA’s policies after Edward Snowden leaked documents containing sensitive information, Pakistanis are being dragged towards this draconian cyber era by legitimising such surveillance by making it into a law.
Apart from the vaguely defined laws and severe punishments, the process of establishing a cyber authority also remains undefined. The draft mentions that the authority will comprise seven members with five from the private sector. However, neither the selection nor election process is defined, nor does it indicate whether the private sector members will come from businesses or civil society, or both.
It is also quite alarming to see that various portions of this legislation have been copied from the Information Technology Act, 2000 of India. It should be noted here that Information Technology Act of India has itself been criticised for infringing upon the citizens’ liberties and has been long policed against by activists globally. The Act was thereby amended and introduced as the Amended IT Act of 2008.
“Of even greater concern is a risk that the bill could become a template in the Islamic world that further retards online growth for nearly a quarter of the world’s population,” writes expert privacy advocate Simon Davies in his well-known blog, the ‘Privacy Surgeon’.
The law in itself and the proposed set-up of a government-controlled, centralised cyber authority will give extreme powers to some officials. While this law will definitely affect the online community in Pakistan and attack its openness, it will also set an unsettling precedent for other Muslim countries, as mentioned by Davies, who would just copy portions of the laws and perhaps, make the punishments even worse.
Published in The Express Tribune, February 3rd, 2014.