LAHORE: Digital advocacy group, Digital Rights Foundation has expressed concerns over a draft bill on electronic crimes, claiming that in its current form it infringes on freedom of expression.
A joint statement from advocacy groups Digital Rights Foundation and Article 19, said that the draft Prevention of Electronic Crimes Act of Pakistan 2014 (PECA) establishes specific computer crimes and procedural rules of investigation, prosecution and trial of offences.
In its current format, the rights groups claim that several provisions of the draft violate international standards on freedom of expression, even though it includes several welcome safeguards.
They argued that the regulation of computer crimes engages the protection of human rights that must be considered in a respective legislation.
The groups called on legislators to ‘protect the rights to freedom of express and privacy in accordance with Pakistan’s obligations under international standards’.
They further suggested recommendations for the draft law of Electronic Crimes Act 2014:
• Lack of clear definitions: a number of definitions in the Draft Law are unclear, notably the definition of ‘content data’, which partially reproduces the definition of ‘computer data’ as stipulated in the Council of Europe Convention on Cybercrime (2001). This is confusing as computer data and content data are separate concepts. In other instances, the draft law fails to define important terms such as ‘information systems’ or ‘programme or data’. The lack of clear definitions in the draft law makes it more open to abuse and likely to catch innocuous behaviour, such as accessing a website in breach of its terms of service. By the same token, it endangers the right to freedom of expression.
We recommend that ‘content data’ is replaced by ‘computer data’ in the Draft Law and refer to the Cybercrime Convention for a definition of ‘computer systems’.
• Lack of public interest defence for hacking-type of offences: The draft law criminalises unauthorised access to information systems, programmes or data. While the draft law is presumably aimed at criminalising ‘hacking’, it fails to provide a public interest defence when this type of conduct takes place for legitimate purposes, such investigative journalism or research.
• Overly broad cyber-terrorism offence: Section 7 (a) and (b) fails to make an explicit reference to “violence” as part of the offence of cyber-terrorism. Cyber-terrorism should be more clearly linked to the risk of harm or injury in the real world, and in particular harm against the welfare of individuals. It should not be equated with even moderate disruption of public services or damage to property. It is not clear that sections 7 (1) (b) (i) and (ii) would meet that threshold if read independently from Section 7 (1) (b) (vi).
• Criminalisation of “defamation against women”: Although the attempts to offer special protection to women (e.g. through prohibitions on threatening sexual acts) are laudable, we find the provisions of Section 13 of the Draft Law problematic. Section 13 criminalises “defamation against women” and other vaguely phrased offences, such as “distorting the face of a woman”. We recall that, in its General Comment 34, the UN Human Rights Committee stated that states parties should consider the decriminalisation of defamation and, in any case, the application of the criminal law should only be countenanced in the most serious of cases. Also, the provisions of Section 13 fail to meet the three part test, as they are not formulated with sufficient precision to enable individuals to regulate their conduct in accordance with the law. We therefore recommend that Section 13 be revised.
• Lack of procedural safeguards against surveillance activities carried out by intelligence agencies: although efforts have been made to provide effective procedural safeguards against unchecked surveillance by law enforcement agencies (e.g. section 30), the same is not true of intelligence services, which remain subject to the provisions of the Pakistan Telecommunications (Re-Organisation) Act 1996. This is a serious concern as this means that the Pakistani intelligence services effectively have carte blanche to carry out mass surveillance without meaningful oversight.
In our view, if the draft law were to be adopted in its current form, it would be in breach of the right to freedom of expression and privacy under international law.
• Overly broad cyber-terrorism offence: Section 7 (a) and (b) fails to make an explicit reference to “violence” as part of the offence of cyber-terrorism. Cyber-terrorism should be more clearly linked to the risk of harm or injury in the real world, and in particular harm against the welfare of individuals.