Cyber truth

An article published in the New York Times recently created quite a stir in Pakistan. The interior minister ordered immediate action, based on the article – and the concerned authorities acted upon these instructions.
Following this, the Ministry of IT stated that if a legal instrument, the Prevention of Electronic Crimes Bill, existed this incident could have been avoided. This, in fact, is quite far from the truth. There are many legal instruments that are available in Pakistan that would have enabled an investigation into this matter – years ago.
A quick examination of the process of registration for businesses within the Securities and Exchange Commission of Pakistan (SECP), the Federal Investigation Agency Act 1974, and the Pakistan Penal Code will show there was room and means to conduct an investigation, regardless of the nature of the company. Officials did not, and do not, need a cyber law to investigate corporate matters, especially if said corporations are being accused of illegal activities.
The SECP, established under the SECP Act 1997, has been operational since 1999. This body is responsible for the regulation of the corporate sector and capital market, with its mandate also covering regulation of insurance companies, non-banking finance companies and private pensions. A company in Pakistan cannot be set up without first being approved by and registered with the SECP.
In order to be successfully registered, the company must seek availability of the proposed name, and have that approved from the registrar. Once that step has been taken and a certificate approving the name has been received, four sets of documents are required to be submitted to the concerned registrar: declaration of compliance, identification of office’s location, particulars of directors, secretary, chief accountant, auditors and other, and copies of the memorandum and articles of association with each member’s signature and copy of national identity card or passport, in case of foreigner, of each subscriber and witness to the memorandum and article of association.
A ‘declaration of compliance’ is a form stating that the company has followed and met all prerequisites needed to be set up. A ‘memorandum of association’, amongst other things, contains the basic objective behind the establishment of the company and what kind of business it will be undertaking. It acts as the constitution of the company, and will give details regarding the structure and nature of the business. The ‘articles of association’ contain details of responsibility of members of the company, recruitment process, day-to-day operations and the likes. These documents are read, analysed, questioned and only when the SECP is satisfied will this company be approved for registration and operation.
Considering that such a process is in place, it would be fair to assume that the SECP understood the operations of the accused company, and in fact, approved said operations. If the company was found to be operating in violation of the agreed terms, then the SECP could take action against the company based on that. How is it, then, that a cyber law bill would be needed to charge the accused company?
The Federal Investigative Agency, instituted by an act of parliament, has the power to conduct investigations and inquiries into such matters. The argument made is that these alleged crimes were committed via the internet and thus could not be addressed without a cyber bill; under the FIA, the National Response Centre for Cyber Crime (NR3C) was created to deal with all crimes taking place in cyber space. In fact, the FIA is currently the body that has been making inquiries into the matter; they do not and did not need a cybercrime law to take action.
The Pakistan Penal Code criminalises fraud and deception. The alleged crimes can be charged under Sections 415 (cheating), 416 (cheating by personation), 463 (forgery), 464 (making a false document) of the PPC. It would be irrelevant that the nature of the crime was a technological one; the PPC has the capacity to apply to all cases that fall within its provisions.
The primary intention of cybercrime bills is geared towards combating child pornography, cyber bullying, and other such criminal activities related specifically to cyberspace. Alleged fraud, deception and such criminal behaviour was not meant to be targeted by the bill. They are tackled by the PPC and other such instruments.
With such means available to the officials to charge the accused company, one must question the validity and the intention behind the official statement that has a cyber crime bill been in place such crime would have been avoided. How would the cybercrime bill have aided this particular situation? Does it mean to make current laws redundant and pass as a law overriding all others?
This is not to say that a cybercrime law is not needed; in fact we must pass a law that protects online freedoms and security. However, protection from bad businesses practices, cheating, fraud etc are not limited to a cyber law. It seems the ministry is trying to dispel the civil society’s objections to the bill by trying to portray that it is pertinent and necessary and that there is no time to debate on it.
The cybercrime bill should not be passed hastily; it affects our freedoms, our businesses and industry. It must be scrutinised and analysed so as to not infringe upon the basic freedoms and rights of the people.
The writer is a graduate from Rider University, New Jersey in Political Science, Economics and Global Studies. She has been working with Bolo Bhi since 2013 and is currently pursuing a law degree.
Email: madiha@bolobhi.org
Twitter: @madiha_latif