Prevention of Electronic Crimes Bill: Security without Oversight in Pakistan
This guest post was written by Nighat Dad and Adnan Chaudhry of Digital Rights Foundation.
It is the role of the state to protect its citizens from threats to their life and liberty. But in protecting its citizens, the state’s own aims cannot be counterproductive and erode the security found in rights like privacy and freedom of expression that are vital to a democratic system.
However, it has too often been the case that governments will pursue and enact legislation that provides more sweeping powers to national security departments and agencies that harm our human rights. And they do this with little or no public oversight, and a lack of consultation of and input from civil society stakeholders. This was the case with the Government of Pakistan’s Prevention of Electronic Crime Bill (PEC Bill).
The May 2015 version of the PEC Bill was developed without input or consultation from civil society stakeholders. Instead, the Bill was drafted behind closed doors, with none of the required public oversight or input permitted. By not allowing public involvement, amendments were made to the Bill that failed to include adequate safeguards for the protection of rights to privacy and freedom of expression.This breaches Pakistan’s obligations under international human rights law. .
Rather than staying on the sidelines of the debate and allowing the Government of Pakistan to push through the controversial legislation, a concerted effort led by Pakistani and international civil society saw the PEC Bill first delayed, and then halted in its tracks and sent back to committee for consultation with a working group made up of civil society and industry. Privacy International, Digital Rights Foundation, Bolo Bhi and other organisations have been leading the effort, and continue to monitor the evolution of the discussion surrounding the PEC Bill and privacy in Pakistan.
On 17 September 2015, under heavy criticism from Pakistani media and rights organisations internationally and in Pakistan, the National Assembly Standing Committee on Information Technology and Telecommunication approved the final draft of the PEC Bill, forwarding it to the National Assembly for final approval. Even the committee joined the wave of criticism about the draft Bill. According to reports from media outlet Dawn, one member of the drafting committee, Shazia Marri, had said: “This cyber crime law will affect millions and there are loopholes in it which law enforcement agencies can abuse. We do not approve provisions of the bill that are against people’s rights”.
Disturbingly, it has emerged that aside from the Chair of the committee, no one else in the committee received a copy of the draft of the PEC Bill, despite requests from members for copies. Although recommendations for amendments were put forward, they were ignored, it seems with the intent of speeding up the process of getting the draft bill to the National Assembly. Members of both the standing committee and rights organisations have condemned the lack of transparency and unwillingness to take on board vital input from civil society stakeholders.
Once more, civil society has taken a stand against the Bill and its passage to the floor of the National Assembly. Recently, Digital Rights Foundation working with Privacy International and other organisations such as ARTICLE 19, Human Rights Watch, and Association for Progressive Communications, have called for the current version of the Prevention of Electronic Crime Bill to be scrapped and the process for drafting the Bill restarted.
Digital rights organisations support effective and progressive legislation that tackles cybercrime. This is in stark contrast to comments made by Pakistani Minister of State for IT & Telecommunications, Anusha Rehman, who asserted on May 20th that “elements are making a hue and cry so that no laws against cyber crimes could be enacted in the country.” The 2015 PEC bill does not effectively or adequately tackle cybercrime. What it does do is dangerously undermine the right to privacy of all Pakistani citizens at a time when new information about Pakistan’s security services policies and practices have brought an added focus to the effect of surveillance on Pakistan society.
Personal security and privacy, two concepts that Pakistan has officially endorsed by signing various international declarations, are tenuous in practice in Pakistan. Privacy International’s report ‘Securing Safe Places Online’ points out encryption is banned by the Pakistan Telecommunication Authority (PTA) as of 2010, due to being “non-standard means of communication” and “hidden”.
In Privacy International’s report ‘Tipping The Scales: Security & Surveillance in Pakistan’, published in July 2015, it is discussed that digital service providers are required to ensure that their network systems are “lawful interception-compliant.” As the Hacking Team and NSA leaks indicate, however, Pakistan’s intelligence and security agencies seem to have no trouble using ‘extra-legal’ means of carrying out surveillance on Pakistani citizens, even if that includes infecting devices. As the report stated, “the Pakistani government is..a confirmed user of intrusion technologies which enable the remote hacking of targeted devices.”
Due to the manner in which the PEC Bill has been amended, abuse or broad interpretations of the Bill is more than possible. The basis upon which intelligence would be “necessary in the interest of …integrity, security or defence of Pakistan” is murky, especially with relation to “public order, decency or morality.” Material that satirises the state, or calls for non-violent protests, for instance, may be construed as being against “public order” or “decency.” The definition of what qualifies appears to rely less on reasoned legal and social input, and more on Potter Stewart’s famous quote, “I know it when I see it.”
Blasphemy and offensive material also make their presence in the PEC Bill. Section 34 of the draft PEC Bill, for example, gives power to “any officer authorised” to:
“…remove any intelligence or block access to such intelligence, if it considers it necessary in the interest of the glory of Islam or the integrity, security or defence of Pakistan or any part thereof, friendly relations with foreign states, public order, decency or morality, or in relation to contempt of court, commission of or incitement to an offence.”
Should an ”authorised”officer deem it necessary, furthermore, he or she can order the seizure of data, in particular internet traffic pertaining to particular users, provided that officer believed that it is “reasonably required for the purposes of a criminal investigation” and can convince a court accordingly. The data in question can be retained for a minimum of a year, and those whose data has been confiscated have no legal recourse to challenge any actions taken by the officer. This can be subject to abuse, and violates the privacy of users, whose data will no longer belong to them, but will in effect be property of the state with no method provided to retrieve, delete or assert their right to privacy.
In defence of this Bill, Anusha Rehman, Minister of State for IT & Telecommunications, defended its current form, asserting in interviews that “safeguards have been ensured against any misuse.” Observations made of the bill by Privacy International, Article 19, Human Rights Watch, Digital Rights Foundation, Bolo Bhi and other organisations, and subsequent calls to action against the Bill, have highlighted that safeguards against misuse have not been ensured, and neither have any safeguards for citizens’ freedom of expression and the right to privacy.
With the PEC Bill bringing Pakistan closer to a state of surveillance, it has become more crucial than ever that that the Government listens to the public, lest it lose the support of civil society and industry in Pakistan and around the world on this vital and pressing issue. It has also become increasingly urgent that activists, journalists, lawmakers and ordinary citizens keep the pressure on the state to safeguard not just their lives, but also their liberty.
In the face of condemnation from Pakistani and international rights organisations, the Government has done little to convince its critics that the PEC Bill has taken on board the many criticisms that have been directed at it. The PEC Bill purports to tackle harassment, but imposes penalties — including prison sentences — that are totally disproportionate to the offences that it claims to address.
Digital Rights Foundation is calling for the scrapping of the bill in this form. It does not address any of the original concerns, and remains a threat to the right to privacy of citizens. The Government should focus instead on implementing data protection legislation and legal provisions that pro-actively protect users from unlawful and disproportionate surveillance.
To go ahead with the PEC Bill, without implementing provisions that comprehensively protect the rights to privacy and freedom of expression, is to violate the constitution of Pakistan, and the international treaties that Pakistan is a signatory to. This Bill is plainly not fit for purpose. It should be redrafted to protect the rights to privacy and freedom of expression in Pakistan, not casually toss them aside. The security and liberty of the Pakistani people emanates from these rights.