Cyber insecurity

Instead of curbing terrorism, flawed cybercrime bill to undermine national security

Cyber insecurity

The Prevention of Electronic Crimes Bill (PECB) 2015, being championed by the Federal Ministry of Information and Technology (MOIT) to help ‘curb cyber terrorism’, actually provides a get-out-of-jail-free card to those engaging in glorification of terrorism.

It does so by using defective language and diluting the existing provisions under the Pakistan Penal Code and Anti-Terrorism Act and reducing their sentences by absurdly altering the existing glorification offences from non-bailable to bailable.

According to legal and cyber legislation experts, in practical terms this translates into the cases pertaining to glorification of terrorism to be tried before a magistrate, instead of the anti-terrorism courts.

Moreover, in its present state, if enacted, the PECB will isolate Pakistan from rest of the world by curtailing state-to-state cooperation on counter-terrorism measures.

"Not only does the legislation fall way short of the baseline standards of Budapest Convention on Cybercrime, its provisions are in complete divergence to its provisions and requirements," said Barrister Zahid Jamil, Chairman of Developing Countries Centre on Cybercrime and a legislative drafting expert for the EU and Commonwealth.

"The bill would prevent Pakistan from becoming a signatory to the convention, closing doors for cooperation on matters pertaining to electronic evidence in criminal matters, including terrorism. Its present provisions are against the interests of private businesses. Combine that with divergence from even the baseline standards of the Budapest Convention, it is tantamount to living in an unprotected cave. The hands of other countries and international IT companies will be tied because Pakistani laws are not in compliance or contradict their own laws or interests. Obtaining evidence will be nearly impossible."

Also read: The dreaded Section 31 etc.

His views were echoed by Afaque Ahmed, a member of the advisory board of Pakistan Software Houses Association for IT and ITES (P@sha)

"The government claims that adjustments were made into bringing the bill in line with the Budapest Convention, the global gold standard of cyber legislation. But in reality, the bill approved by the standing committee is far from it," he said. "The Budapest Convention authorities will do a free compliance check. The government only has to ask for it which it hasn’t done."

With both state-to-state and private sector cooperation out of question with the proposed bill because that would mean violating foreign law and principles of international law on mutual assistance, it is highly unlikely that large giants such as Google or Facebook would share information with the Pakistani government.

"Imagine the roadblock in war on terror if the country under its prevailing laws cannot request data from its neighbour. Not even Afghanistan, because its laws are in compliance with the Budapest Convention," said Jamil.

The PECB was re-drafted by the MOIT to "bring it in line with the National Action Plan" by making most of the offences non-cognisable, bailable and non-compoundable.

Section 8 of the PECB states that all offences, except section 10 and 19 (cyber terrorism and unwanted sexual advances/child pornography), and in special cases section 15, are non-cognisable, bailable and non-compoundable.

Experts said by doing this a number of offences which were also part of the Pakistan Penal Code and Anti-Terrorism Act and had serious punishments, have been watered down in the PECB..

 "Not only does the legislation fall way short of the baseline standards of Budapest Convention on Cybercrime, its provisions are in complete divergence to its provisions and requirements," said Barrister Zahid Jamil 

The biggest example is section 9 -- which pertains to the glorification of terrorism and inciting hatred -- which is already dealt with in the Anti-Terrorism Act rather sternly with eight years of rigorous punishment and fine, or both. It is tried by the Anti-Terrorism Court and is non-bailable. The PCEB makes it bailable and tried by a magistrate.

A senior lawyer, on the condition of anonymity, explained that while the ATA clearly defines what is classified as hate speech and incitement of sectarian hatred, the PECB uses the term "glorification" which is said to include any depiction or form of praise in a desirable manner.

"Desirable to whom? The people, the government or the non-state actors?" he asked. "Add the factor that it is a non-cognisable offense, many people who might indulge in glorification of religious extremism might be provided a get-out-jail-free card because of the flawed language used in the bill. All they will have to do is approach a magistrate and obtain bail."

By also failing to clearly distinguish and define critical infrastructure due to the flawed language used in the bill, the PEC also puts Pakistan’s non-existent cyber security at risk.

"By extending the Pakistan Penal Code and Anti-Terrorism Act to the cyber world and contradicting existing clauses present there, the PEC fails to distinguish between a crime committed in the cyber world and a crime committed with the help of technology in real time," explained Ahmed. "The language of the bill is very confusing and contradictory. On top of that it makes a specific reference to the Pakistan Penal Code of 1860, Code of Criminal Procedure 1898 and Qanoon-e-Shahadat Order 1984 as guidelines to explain offences lacking clear definition in the PECB. If you will apply them in the cyber world as well then there was no need to draft such a long piece of legislation. The ministry could have just issued a statement to extend all these laws to the online world."

Referring to Section 43 of the PEC, which states that the federal government will issue guidelines to service providers and owners of information systems "in interest of preventing any offence under this act", Jamil said this section inadvertently made the state of Pakistan responsible for any private or anti-social action of a non-state actor or citizen.

The federal ministry of information and technology in its response to an earlier article published in The News, had clarified that the current version of the bill maintained the spirit of the draft on the advice and suggestions of legislators in the National Assembly Standing Committee.

"The current version of the bill has maintained the spirit of the draft on the advice and suggestions of the legislators in the National Assembly Standing Committee with a few adjustments meant to align the bill with the National Action Plan (NAP), which is a unanimous action agenda chalked out by political leadership for countering various internal threats to the wellbeing, security and integrity of Pakistan and its people," The MOIT had claimed in its response.

However, an MNA of Muttahida Qaumi Movement, Ali Raza Abidi, who was part of the standing committee disclosed that the day the bill was approved by the NASC, only four members had been present, including him.

This was confirmed by another member of the NASC, who preferred to stay anonymous. He said he hadn’t been informed the day the standing committee, led by Capt Safdar, had approved the bill. "It has so many problems! This is no way to make a national legislation that has far-reaching and damaging impacts," he said.

Cyber insecurity