Let us begin by enunciating what cybercrime is, so that we can understand how it should be prevented. This is how Norton defines it in simple language: “Cybercrime is a bigger risk now than ever before due to the sheer numbers of the people involved in it. In simple words, it is a crime committed by or with the help of a computer or the use of cyberspace/technology.” According to Norton, it can occur in a variety of different forms such as money laundering, identity theft and hacking, to name a few.
Therefore, if the government had taken up the issue of cybercrime prevention, the Bill moved in parliament should have begun by defining cybercrime and then perhaps it should have gone on to propose special units which should be formed to combat this menace. But whether or not, the Bill includes the methodology of combating cybercrime, the subject it cannot do without focusing on is the punishment of cybercrime.
The Cyber Crime Bill is all-encompassing. The issue is not just whether it has covered all issues or not. The issue is that it has not covered what it should have, while covering more than it should on issues that it should not have covered. There is little doubt that internet service providers and internet cafes have been used by criminals to commit cybercrimes. An efficient system to monitor their services and activities would make eminent sense. But while the Bill provides for a monitoring system, it also seeks far more than this. What is even more disturbing is that it has been worded sufficiently loosely, for NGOs and human rights organisations to also come under its thumb. In simple language, it empowers the government to silence all critics.
The Bill is closer to being a ‘censorship bill’ rather than a cybercrime prevention bill. Some have compared it to the Prevention of Electronic Crimes Ordinance passed by General (retd) Pervez Musharraf. I would not be surprised if Musharraf’s infamous effort helped draft this one as well. Section 32 of the Bill empowers “authorised officers” to gain access to data and obtain copies of it, which is perfectly fine. But, even though the Bill has made demands for data for criminal proceedings subject to the orders of a court, the authorised officer has, under Section 32, the authority to seize data on his/her own. Now why should that be allowed without a court order? But this is not all. Section 34 of the Bill empowers the Pakistan Telecommunication Authority (PTA) to “manage intelligence and issue directions for removal or blocking the access of any intelligence through any information system”.
Under the Bill, the PTA, or any officer it authorises, might invoke this clause “in the interest of the glory of Islam or the integrity, security, or defense of Pakistan, or any part thereof, friendly relations with foreign states, public order, decency or morality, or in relation to contempt of court, or commission of or incitement to an offence under this Act”. Has the government managed to omit any possible excuse to invoke this clause? Do we lack custodians of morality, decency, or our courts that we now need to empower the PTA as well?
The Opposition is understandably crying foul. It has condemned the treasury of malice aforethought. I am hesitant to judge anyone’s intent. However, even if this Bill has been drafted by someone so crassly stupid as to be angelically and blissfully ignorant of its implications, there is absolutely no doubt that it empowers the government to misuse its authority to whatever extent it wishes. I am fully conscious that we are a frontline state in the war against terrorism and that cybercrime is one of the basic activities for sophisticated terrorists, and that our terrorists might not be as sophisticated yet, but they are getting there. And I am conscious that many countries, led by the sterling example of the US, have found their own methods of censorship. And yet, this Bill gags me. Draft one that finds a balance and gags me not.
Published in The Express Tribune, May 4th, 2015.