PAKISTAN: Prevention of Electronic Crime Bill – Strangling freedom of expression some more (1)

The Asian Human Rights Commission (AHRC) has initiated a series of articles on the proposed Prevention of Electronic Crime Act, 2015; this is the first article in the series. The Bill has draconian provisions that seek to muzzle the freedom of expression and speech over the Internet to discourage dissent and stifle intellectual discourse. The Bill has been presented in Parliament for consideration after being passed by the Standing Committee on Information Technology and Telecommunication.

Freedom of speech and expression form the bedrock upon which the pillars of democracy stand; the freedom allows the public to air grievance and voice dissent that can be made to reverberate in corridors of power. The new freedom of expression unleashed by the Internet goes far beyond politics. People relate to each other in new ways, and can exchange their views through a medium that permits anonymity.

Now the paradigm of freedom is about to change in Pakistan thanks to the enactment of the proposed Prevention of Electronic Crime Act, 2015. Rights groups have declaimed that the Prevention of Electronic Crime (PEC) Bill has draconian provisions that will blatantly infringe fundamental rights. The Pakistan State, which is notorious for enactment of arbitrary laws, such as the Hudood and Blasphemy laws, and the likes of the Protection of Pakistan Act, has added another Orwellian law to the list of unjust legislations. The State will use it to actively muzzle freedom of expression in the only medium where this freedom is available to the public at large. Political satire, intellectual discourse, and criticism of state actions are all at risk of being criminalized. The move may seriously jeopardize the right of freedom of speech as enshrined in Article 19 of the Constitution of Pakistan, which is non-derogable, i.e. it cannot be suspended under any circumstances.

The law in its present form is a tool for oppression. It gives impunity and legal cover to the law enforcement agencies to infringe upon the right to free speech and expression in the pretext of national security, glory of Islam, friendly relations with the other countries…

Orwellian Provisions 

A cursory look at the provisions can tell the uninitiated that the provisions are arbitrary and unjust. Subsection 3 of Section 1 of Prevention of Electronic Crime Act 2015 states,

(3) It shall also apply to every citizen wherever he may be, and to every other person for the time being in Pakistan.

The provision states that every citizen of Pakistan, even if he or she is residing or working abroad, will be covered under the ambit of the law. The law has thus extended its tentacles to a Pakistani residing in a foreign country, who may write or share remarks that the government may feel are against the “glory of Islam or the integrity, security or defense of Pakistan or any part thereof, friendly relations with foreign states, public order, decency or morality, or in relation to contempt of court, commission of or incitement to an offence.” Such provisions reduce the freedom of expression to a misnomer, a façade.

According to Bolo Bhi, an advocacy group that deals with the issue of internet access, digital security, and privacy, which has played a pivotal role in the drafting of the Cyber Crime Act, the government has made “Major modifications and omissions in Chapter 1, 4 and 5 subverting due process, taking out safeguards that were built in” many of the provisions. The safeguards such as those against uncalled snooping on the privacy of users were dismantled in the subsequent draft. Instead of following the provisions of Council of Europe’s Budapest Convention on Cybercrime, which set a detailed plan for legislation against cyber crime and setting up guidelines so that privacy of individuals are not jeopardized while apprehending criminals, the law has regressed to a draconian law, where the law enforcement agents have been given impunity to invade anyone’s online privacy and the right to remain anonymous.

The law enforcement agencies have been granted arbitrary powers; if they deem any offence to fall under the ambit of cyber terrorism, according to the Section 8 of the PEC Bill, they may treat the said offence as cognizable and arrest without court permission or warrant. Section 8 of the Bill reads as follows:

  1. Cyber terrorism. –Whoever commits or threatens to commit any of the offences under sections 5 and 7 where- (a) the use or threat is designed to coerce, intimidate, overawe or create a sense of fear, panic or insecurity in the Government or the public or a section of the public or community or sect or create a sense of fear or insecurity in society; or (b) the use or threat is made for the purpose or motive of advancing a religious, ethnic or sectarian cause; shall be punished with imprisonment of either description for a term which may extend to fourteen years or with fine which may extend to fifty million rupees or with both. 

The ambiguity in the wording is apparent and deliberate. For example, what amounts to threat in the Section is not defined. What all can the law enforcement agency perceive as a threat? The law should clearly require establishment of intent when criminal actions are committed. On the other hand, the punishment for someone who merely has the intention to commit an act of cyber terrorism, as defined in Section 8, is harsh. For instance, law enforcement agencies can arbitrarily suppress a citizens wish to advance their religious, ethnic, or sectarian beliefs guaranteed under Article 20 of the Constitution.

Furthermore, Section 3 and 4 of the Bill state:

  1. Unauthorized access to information system or data – (1) Whoever with malicious intent gains unauthorized access to any information system or data shall be punished with imprisonment for a term which may extend to six months or with fine which may extend to one hundred thousand rupees or with both.
  1. Unauthorized copying or transmission of data – Whoever with malicious intent and without authorization copies or otherwise transmits or causes to be transmitted, any data whether by gaining access to such data or otherwise, shall be punished with imprisonment for a term which may extend to six months, or with fine which may extend to one hundred thousand rupees or with both.

The intent of the Legislature is unclear on what amounts to malicious intent. What parameters will be used to gauge criminal intent? The term appears to have been deliberately left open-ended to widen the scope of criminal charges against an unsuspecting user. Also the question on authorized access is left unanswered – whether the authorization can be express or implied. Section 4 criminalizes copying or transmitting of data, creating further confusion if transmitting or sharing any data over social sites such as Facebook and Twitter will become a criminal offence.

In Sections 9 and 10, the assessment of losses caused by forgery and fraud is not defined; no parameters are laid down to help assess loss or damage caused. The Sections read as follows: 

  1. Electronic forgery – (1) Whoever, for wrongful gain, interferes with any information system, device or data, with intent to cause damage or injury to the public or to any person, or to make any illegal claim or title or to cause any person to part with property or to enter into any express or implied contract, or with intent to commit fraud by any input, alteration, deletion, or suppression of data, resulting in unauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless of the fact that the data is directly readable and intelligible or not shall be punished with imprisonment of either description for a term which may extend to two years, or with fine which may extend to two hundred and fifty thousand rupees or with both. 
  1. Electronic fraud – Whoever for wrongful gain interferes with or uses any information system, device or data or induces any person to enter into a relationship or with intent to deceive any person, which act or omission is likely to cause damage or harm to that person or any other person shall be punished with imprisonment for a term which may extend to two years or with fine which may extend to ten million rupees

The term forgery is not defined; an illustration of the same would have helped the courts better construe what amounts to forgery (the Contract Act, for instance, illustrates with the help of examples, minimizing confusion). With technology advancing at breakneck speed, it is increasingly important that the definition of an electronic crime is clearly defined. Again, in Section 10 no description of fraud is provided.

Data protection and privacy matters are dealt with callously in Section 12:

  1. Identity crime – (1) Whoever obtains, sells, possesses or transmits another person’s identity information, without lawful justification shall be punished with imprisonment for a term which may extend to three months or with fine which may extend to fifty thousand rupees, or with both. (2) Any person whose identity information is obtained, sold, possessed or retains may apply to the Court competent to try offence under sub-section (1) for passing of such order as the Court may deem fit in the circumstances for securing, destruction or preventing transmission of any such data.

Companies often buy the customer data from other sources, to increase visibility and target audience. Will all such companies become outlaws? Almost all telecommunication companies, ISP, broadband service providers, and so on, store personal details of their customers. Where will one draw a line on what is lawful and authorized?

The law enforcement agencies have been given unbridled power through this provision to blackmail and pressurize Internet service providers who routinely share or sell the information of their customers with third parties. If the past and present is any indicator, the law enforcement agents will use this to gain unauthorized access upon an individual’s personal data or online activity to seek vengeance. 

(To be continued) 

About the Author: Javeria Younes is an advocate and legal researcher. Her research work titled “Custodial Torture its ramification and failure of institutions” has been published under the auspice of AHRC. She has also written a handbook on torture for the victims of torture to help them seek medical, psychiatric, and legal aid. She can be reached at javeria.younes@live.com

Document Type : Article
Document ID : AHRC-ART-015-2015
Countries : Pakistan,
Issues : Freedom of expression,