Passage of proposed bill deferred

TAHIR AMIN

ISLAMABAD: The concerned government authorities on Friday had to face embarrassment when the National Assembly Stan-ding Committee on Information Technology appreciated the apprehensions expressed by lawmakers and members of the civil society over the proposed controversial “Prevention of Electronic Crimes Bill, 2015” (PECB) and deferred its passage for the time being.

The committee which met with Captain Muhammad Safdar (retd) in the chair decided to re-examine the proposals furnished by the various stakeholders of IT sector invited to attend public hearing on the proposed Bill. After hearing the civil society’s reservations on the cyber crime bill, Safdar disclosed that the bill would not be placed for final approval, which came as a shock to party leaders. Despite resistance from government advisers, Safdar decided to defer the final approval of the bill in its current form. “I cannot approve the bill in its current form as I have not heard suggestions for improvement,” he added. The meeting observed a repeatedly heated debate among the State Minister for IT Anusha Rehman, Shazia Mari, FIA officials and civil society members on the proposed law.

The stakeholders were asked to give their written suggestions on the respective clauses of the Bill for the legal wing of the ministry of IT. The committee will look into it and will consider the genuine proposals to be incorporated in the proposed legislation in its next meeting of the committee.

The stakeholders raised serious reservations on the various clauses of the PECB and proposed certain amendments therein. They further said that government only intends to control social media. Representatives from Mobilink stated that the proposed law does not deal with financial transaction crimes which are also electronic crimes. He further raised objections over the unbridled powers given to Pakistan Telecommunication Authority (PTA) under the proposed law.

Under the proposed law sweeping powers would be given to agencies which could prosecute any person merely on a meager accusation and it may be very dangerous in future, said Wahaj-us-Siraj, Convener ISP Association of Pakistan.

Siraj said the present form of the bill shows it has many gaps including needless duplication of laws with other already existing legislations while it also has inconsistencies in technical areas. Siraj said the sole responsibility of forensic analysis lies with FIA. There needs to be a neutral and independent forensic agency (like PTA or University) which provides computer and network forensics analyses in the court. Previously, FIA had wrongly prosecuted innocent IT professionals on the basis of wrong addresses etc. and safeguards are necessary to protect innocent people.

The stakeholders further proposed that procedural safeguards need to be inserted that uphold and protect citizens’ right to privacy, speech and access. Industry must be allowed to operate in a non-stifling environment as per their legitimate right to do business. All powers of authorities set up or empowered under the bill must be subjected to due process and not be overburdened to curb and keep in check any excesses that may be committed as a result.

The joint committee recommended omitting Section 9: Glorification of an offence and hate speech – This section criminalizes even the ‘preparation’ of intelligence even if it is not disseminated. Then, subsection (a) reads ‘glorify an offence or person accused or convicted.’ This reverses the innocent until proven guilty; a crime has not been established. As per the section, to advocate for a person wrongly accused or convicted of a crime would not just be illegal but punishable by five years in prison or Rs 10 million fine or both. Moreover, critiques of judgments – which are commonplace - could also be criminalized, as would be any voices highlighting miscarriage of justice as they could be misconstrued as ‘glorifying’ an accused or convicted person.

Offences against the dignity of a natural person – This is already covered under Defamation Ordinance, 2002 and Defamation (Amendment) Act, 2004 and penalized under Section 500 and 501 of PPC. Section 19 criminalizes the misuse of photographs and information in sexually explicit conduct. Given that, and the fact that a defamation law already exists, there is no need for this section since it deals with reputation damage. Moreover an exemption has been created only for the broadcast media and not others. Previously, sections 18 & 19 were compounded together and a proviso existed that protected speech made in good faith or as an act of political expression, etc. Most problematic is that the redress mechanism stipulated flows through not court, but the PTA, allowing for misuse not only by complainants but also the Authority, since it has been left up to its discretion what must be removed or blocked based on a complaint.

Spamming – the transmission of ‘unsolicited intelligence’ without the ‘express permission of the recipient’ has been criminalized as per the language of this clause. It is unclear as to how one must acquire express permission. Definition of spamming is also not provided; neither is any threshold specified.

Power to manage intelligence and issue directions for removal of blockade of access of any intelligence through any information system – this clause gives the government/PTA unfettered powers to block access or remove speech not only on the internet but transmitted through any device, through its own determination. Not only does this infringe fundamental rights of citizens and curb media freedom, it also has huge implications where privacy is concerned. This clause would allow the authority – and in turn the government – to acquire powers to order media houses’ web platforms to remove any material they deem inappropriate.

The joint Committee further proposed that the definition of critical infrastructure must include private businesses as well, not just government infrastructure. The definition of service provider needs to be amended. As per the existing definition in clause (iv) service providers are traditionally ISPs and telecom operators. It has been expanded to now include any place that offers access to the internet, to the public, i.e., restaurants, malls, hotels, airports, stations and the additional burden of retaining traffic data has been placed on them – and they can be punished for not doing so. This is unrealistic and increases the cost of business.

Cyber Terrorism – the clause reads ‘whoever threatens to commit any offence.’ This section carries an imprisonment term of fourteen years. While the commission of an offence must be punishable, anything can be construed as a threat. This section also requires a proviso for ethical hacking/white-hat hackers, hobbyists who conduct activities to identify security breaches in systems. It must also protect teenagers from getting implicated as cyber terrorists and jailed for fourteen years, for something they may have done out of boredom – which needs to be reprimanded and dealt with differently.

Natural Dignity of a Person: Offenses against the modesty of a natural person and a minor. Cyber Stalking: allow complaints to be made directly to the PTA. Open-ended language can easily be misused by the complainants or the Authority. The interpretation of the clauses is not subjected to a judicial process; no already developed jurisprudence would be relied on. An official of the authority would have absolute discretion.

Nighat Dad, Executive Director of Digital Rights Foundation, raised some pertinent issues with regard to privacy and mass surveillance in the public hearing. She said that privacy has not been mentioned in any particular detail, though it is an important subject that needs safeguards, protection in the Cyber Crime Bill. The NSA has taken 55 million cell phone records from Pakistani cell phones. What has not been discussed or brought up is the technical or legal means by which this was achieved.

In proposed section 37 if international cooperation is to be an important aspect of the PECB, what does that mean for privacy? Information-sharing with foreign governments and entities should be regulated by specific laws and subject to independent oversight. She also mentions section 29 which requires mandatory retention of traffic data by service providers threatens the right to privacy.

Service providers should not be required to keep investigation or the fact of real-time collection and recording of data secret indefinitely (Draft section 35). In order to protect data of users’ steps should be taken to enact a data protection law and establish Privacy Commission. There is a worrying lack of discussion on the safeguards given to the privacy of citizens, and the lack of consent of such, especially if data will be shared with international security agencies. Privacy needs to be discussed further and at length, and given safeguards.

The State Minister for Information Technology and Telecommunication Anusha Rehman said that the committee deliberated many times on the issue and discussed this legislation with members of the civil society as well, a claim that was refuted by the service providers and the members of the public.

Pakistan People’s Party’s Shazia Mari said that including the ulema in the bill would not be appropriate since no concern was previously expressed by the ulema.