As states have been revealed to be snooping on citizens and other governments, and we are confronted by data breaches and security issues like the latest Heartbleed crisis, more people are becoming aware of their internet rights. Voters and civil society around the world are pushing their governments to provide secure and private online spaces for internet users. It is quite refreshing to see Pakistan’s government working for internet laws. However, though some provisions of the proposed Computer Crimes Law (CCL) are copied from other countries’ legislation, several parts of the draft version violate international human rights, including the freedom of expression.
In an attempt to offer support to the government of Pakistan, Article 19 and Digital Rights Foundation Pakistan dissected the draft legislation to point out the provisions that need to be amended, and to help the government conform to international human rights norms. It is mandatory at this point to pressure the government to put in place better internet legislation in order to avoid future misuse of the legal framework, as has happened with other laws.
A leading example of how such poorly devised laws help authorities abuse power is the Monitoring and Reconciliation of International Telephone Traffic Regulations (MRITT), also known as the Grey Traffic legislation. Passed in 2010 to help the government ban anonymous communication and VPN usage, MRITT mandates the monitoring and blocking of any encrypted and unencrypted traffic that originates or terminates in Pakistan, including phone calls and data.
MRITT legitimised blocking and internet monitoring on a massive scale — allowing a ban on VPN and VoIP services like Skype, Viber, WhatsApp and SpotFlux among others. The implementation of this legislation raises several concerns especially among the business community of Pakistan. The first official notification citing the MRITT to block VPN was issued in July 2011, targeting “all mechanisms which conceal communication to the extent that prohibits monitoring”.
The global reliance on the internet for communications and the, at times, complete blackouts of certain services by the government of Pakistan pose serious economic challenges. Not only business, but educational activities are hampered by the implications of MRITT. It also affects the privacy rights of Pakistani citizens. License deploying monitoring systems are expected to provide data — including a complete list of Pakistani consumers and their details — to the authorities when required under sub clause 6(d) of Part II of the regulation.
The Pakistan Protection Amendment Bill 2014 is another scary example of a woolly worded law. It was recently passed by Pakistan’s national assembly and is awaiting approval by the senate. Human Rights Watch stated that: “The vague definition of terrorist acts, which could be used to prosecute a very wide range of conduct — far beyond the limits of what can reasonably be considered terrorist activity. Besides ‘killing, kidnapping, extortion,’ the law classifies highly ambiguous acts including ‘Internet offences’ and ‘disrupting mass transport systems,’ as prosecutable crimes without providing specific definitions for such offences.”
The latest version of the Computer Crimes Law has been drafted by the Ministry of Information Technology and Telecommunications (MoITT). The proposed law establishes various computer crimes and sets out rules for investigation, prosecution and trial of these offences. Acts such as illegal access to and interference with programs, data or information systems; cyber terrorism; electronic forgery and fraud; making of devices for use in these types of offences; and unauthorised interception of communication are included. Like MRITT, it is feared that the Computer Crimes Law in its current draft form, if passed, would include several violations to the International Covenant on Civil and Political Rights (ICCPR), to which Pakistan acceded in 2010.
The concerns over the Computer Crimes legislation mentioned by Article 19 and Digital Rights Foundation, include lack of proper definitions of terms like content, data, information system or program. Their recommendations also highlight concerns about broader cyber-terrorism offences under Section 7 (a) and (b), and more importantly, the lack of procedural safeguards against unchecked surveillance activities carried out by the country’s intelligence agencies.
At this stage of the process, it is important for regional and international civil society and internet privacy rights groups to put pressure on the government of Pakistan to make the right amendments to the law before passing it. This law is extremely important for providing safety and security to Pakistani internet users and cannot be abolished or delayed. It is only right, then, that it introduces correct and clearly defined provisions to make it effective, and not vulnerable to abuse by authorities.