• United States



Pakistan cybercrime bill: Misuse the internet, go to prison for 3 years

Jul 27, 20164 mins
Data and Information SecurityInternet SecuritySecurity

A horribly vague and controversial cybercrime bill is one step closer to becoming law in Pakistan: Misuse the internet or create a website for 'negative purposes,’ and go to prison.

“Misusing the internet”—precisely what might that mean? Unfortunately, people in Pakistan may be about to find out, as the vague “misusing the internet” would be punishable by up to three years in prison and a fine of one million Pakistani rupees (currently equal to about $9,550). That’s according to an overview of the cybercrime bill written by the newspaper Dawn.

That was just one example of what is in the controversial Prevention of Electronic Crimes Bill (PECB) [pdf] that was approved by the Senate Standing Committee on Information Technology and Telecommunications. The country’s National Assembly previously approved the bill, and it will move on to the Pakistan senate for approval before it is signed into law by President Mamnoon Hussian.

The EFF previously called PECB “one of the world’s worst cybercrime proposals.” If it passed, the EFF warned it would criminalize “free expression and innocent technology uses, while handing a largely unsupervised set of censorship and surveillance power to the Pakistani authorities.”

The bill, which is supposed to curb cybercrime, does cover hacking, spam, child pornography and hate speech, but it would also allow the Pakistan Telecommunication Authority “to block any website on the complaint of any citizen.” Sending an obscene message, using a person’s picture without consent or forcing a person into “immoral activity” could land a person in prison for a year.

Selling and using illegal SIM cards, also worded as “issuing a SIM card in an unauthorized manner,” would be punishable by three years in prison and a fine.

Here’s another completely vague statement: “creating a website for negative purposes.” Whose definition of negative? Is that like criticizing the government or speaking out about surveillance? At any rate, it could land a person in prison for up to three years.

Privacy International had warned (pdf) the bill could “further undermine the protection of the right to privacy, freedom of expression and other human rights.”

It might depend upon your mood at any given moment whether or not something irritates you, but the bill says people will be fined for “sending messages irritating to others or for marketing purposes. If the crime is repeated,” the punishment would be three months of jail time and a fine of up to one million rupees. Would that apply to annoying online ads?

While most of us would be happy to see a crackdown on actual cybercrime, this bill is all over the place. Numerous human rights groups, as well as technologists, have warned just how badly the bill is written and of its repercussions. This is what happens when people who know nothing about technology decide on laws about technology.

There are supposed to be “transparency” checks to stop the misuse of the law by intelligence and law enforcement agencies, as well as by service providers. If any of those agencies or providers misuse data, then that is purportedly punishable by up to three years in prison. Also, sharing data with foreign agencies or departments is supposed to first be approved by the court, the data kept “confidential” and used “only for the purpose for which it is obtained.”

Tech pros and civil liberty groups aren’t buying it, warning “PECB grants unchecked powers of censorship to Pakistan Telecommunications Authority.” It would allow “real-time surveillance” and “opens the possibility of abuse of power by investigative officers and agency.” The bill is too vague, not defining cyber-terrorism while providing life sentences “for offense primarily related to illegal access and misuse of critical data.” Additionally, one provision about censorship without any oversight has been “universally denounced by all civil society groups.”

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.