KARACHI: The Ministry of Information Technology and Telecommunications has loaded the 2015 Prevention of Electronic Crimes Bill with poorly worded clauses that would allow the government to censor the internet on political or religious grounds, a move that puts the law out of compliance with global conventions on cybercrime, thus hampering the government’s ability to seek international assistance on cybercrime and counter-terrorism.
The amended, and perhaps the final, version of the Bill not only restricts social media and Internet freedom but also runs counter to the government’s National Action Plan, The Express Tribune learned through interviews of stakeholders and an expert analysis of the current draft.
Central to the experts’ criticism of the law is the fact that it includes several poorly worded, broadly defined and sometimes completely undefined categories of actions that would be considered crimes if the bill were to become law. One paragraph in particular states that it empowers the government to “block access to any website if necessary in the interest of the glory of Islam, security or defence of Pakistan or any part thereof, friendly relations with foreign states, public order, decency or morality.”
“This new draft tends to help rather than deter cyber criminals and terrorists apart from being both technically and legally unsound,” said Barrister Zahid Jamil, who was involved in the drafting of the original 2014 bill. He also questioned the government’s need for amending the original draft, which was approved by all stakeholders in 2014 and incorporated international best practices.
Officials from the private sector, a major stakeholder, also expressed their reservations about the new draft fearing it could be misused against ordinary citizens. While making changes to the draft, the ministry did not invite anyone from IT sector’s representative bodies: Pakistan Software Houses Association ([email protected]) and Internet Service Providers Association of Pakistan (ISPAK).
Bolo Bhi, an organisation advocating internet freedom, too seems upset about the MoIT’s draft.
Even Jamil – the architect of the original 2014 draft of the PEC Bill and an international expert who has been advising several countries on cybercrime legislation for the European Union and the Cybercrime Treaty – was not consulted. Jamil’s credentials include but are not limited to being the legislative drafting expert for the EU’s Cybercrime Treaty, Legal Advisor to the Commonwealth Cybercrime Initiative and being the Chairman of the Developing Countries Centre on Cyber Crime.
“Kept away from expert advice, the MoIT’s draft regresses Pakistan’s IT and Cyber readiness by 15 years and fails a 10-year process to get Islamabad accepted into the global Convention on Cybercrime,” said Jamil. Simply put, the country will not be able to avail any international cooperation in cybercrime and terrorism if this draft were to become law.
The draft has been amended by people who are not legal or internet experts and leaves many loopholes, Jamil says. The offences and definitions in the “amended” version are both legally and technically flawed, he said referring to basic terms, such as access to information system, identity information, unauthorized access, unauthorized interception, electronic forgery, electronic fraud, identity crime, cyberstalking and spamming.
Investigating further, this newspaper learned the original draft (PEC Bill 2014) was made with technical assistance from Council of Europe’s Budapest Convention on Cybercrime, which is a global treaty on Cybercrime and has Europe, the United States, Japan, Australia and many others as members.
Moreover, the stakeholders had reached a mutual consensus over PEC Bill 2014 after a year-long deliberation process – including an almost unbreakable deadlock between the private sector and the intelligence community, the Federal Investigation Agency in particular.
The stakeholders’ draft – as it later came to be called – was also vetted by Ministry of Law and endorsed by Member Legal of Pakistan Telecommunication Authority. All it needed was approval from the Cabinet before being presented to Parliament, said an official. The IT ministry, however, did not seek that approval before presenting the Bill in Parliament. Instead of defending what was a well-polished draft, they made amendments, which could open the Pandora’s Box again, the source said.
“In view of the NAP, the Prime Minister allowed introduction of PEC Bill before the Parliament without prior approval of his Cabinet in terms of Rule 16(1) (a) of the Rules of Business, 1973,” the IT ministry’s Director PR Sagheer Anwar said defending the ministry’s decision.
The ministry’s spokesperson added that they have all necessary technical and legal resource at their disposal for assistance to present the bill before any forum. Regarding the amendments, he said, “The bill is being reviewed by the National Assembly’s committee in terms of its prerogative as laid down by the legislature.”
Amendments to 2015 PEC Bill and their interpretation
In their analysis, Barrister Zahid Jamil, one of the drafters of the original 2014 bill, and Bolo Bhi, an internet freedom advocacy group, have interpreted some articles in plain language to help people understand their possible impact on the country’s nascent tech industry.
Article 31 of the current Bill appears to be an attempt by the government to justify their blocking and censoring powers, according to Bolo Bhi. It empowers “Pakistan Telecommunication Authority or authorised officials to have service providers block access to any website if necessary in the interest of the glory of Islam, security or defence of Pakistan or any part thereof, friendly relations with foreign states, public order, decency or morality, or in relation to contempt of court, commission of or incitement to an offence.” Experts state that this would also apply extraterritorially.
In other words, this will allow the government to block any website, even if it was not based in Pakistan – something they did in case of YouTube. It, however, fails to define terms, such as glory of Islam, decency and morality.
Similarly, Article 22 of the Bill says, ‘the provisions of the Pakistan Penal Code (PPC) 1860 (XLV of 1860), to the extent not inconsistent with anything provided in this Act, shall apply to the offences provided in this Act.’ Though appallingly drafted, this would imply that the Bill makes all penal code offences a cybercrime including the blasphemy law, Jamil says.
Sources also disclosed that in the latest version of the Bill any electronic communication that is likely to harm the reputation of any “natural person” regardless of the usual defenses and safeguards in defamation or existing law will be deem to be an offence with a sentence of multiple years. Cartoons and caricatures have also been banned since this would "distort the face" of a person, sources say.
Moreover several articles in the draft use illegal, technically-flawed and vague definitions for certain offenses thus favoring criminals but posing threat to ordinary citizens.
Sub section (bb) of article 2 uses a very broad and incorrect definition of ‘unauthorised’. A significant number of clauses in the proposed draft are applicable based on unauthorised access therefore the flawed definition can be used to blackmail legitimate Internet users. This also means sending emails, Twitter or Facebook messages to the addressee without his permission will be an offense. It also exposes legal interception to criminalisation.
Ethical hackers (white hats) or security researchers have also been put to a major risk in sections 11 while section 12, which talks about identity crime makes it an offense to obtain, sell, possesses or transmits another person’s identity information, without lawful justification – definition of a lawful justification remains unclear though.