March 25, 2014 - Comments Off on Pakistan: The Draft Computer Crimes Law Endangers Freedom of Expression
For IMMEDIATE RELEASE:
Lahore, March 25, 2014: ARTICLE 19 and Digital Rights Foundation Pakistan are concerned about the draft Prevention of Electronic Crimes Act of Pakistan 2014 (Draft Law), currently being prepared for presentation in the Pakistan Parliament. Although the Draft Law contains a number of welcome procedural safeguards, several provisions violate international standards on freedom of expression. We call on the Pakistan Government to amend the Draft Law in accordance with our recommendations below before it is submitted for the consideration of the Parliament.
The Draft Law, which has been drafted by the Ministry of Information Technology and Telecommunications, establishes specific computer crimes and procedural rules of investigation, prosecution and trial of the offences. The Draft Law incriminates the illegal access to and interference with program or data or information systems, cyber terrorism, electronic forgery and fraud, the making of devices for use in offences and unauthorized interception.
ARTICLE 19 and Digital Rights Foundation welcome the efforts of the Pakistani Government to provide adequate procedural safeguards in the context of cybercrime investigations. However, we recall that the regulation of computer crimes engages the protection of human rights that must be considered in the respective legislation, in particular:
• Article 19 of the International Covenant on Civil and Political Rights (ICCPR), to which Pakistan acceded in 2010, defines the right to freedom of expressions and sets out the requirements for limitations on the right. States can limit freedom of expression only in the interest of protection of reputation, national security, public order, health and morals. The limitations must be clearly defined in law and be necessary and proportionate to secure one of those aims. States must refrain from exercising this discretion in a discriminatory manner. Article 17 of the ICCPR guarantees the freedom of individuals from arbitrary or unlawful interference with his privacy and correspondence.
• General Comment No.34, which provides authoritative guidance on the interpretation of Article 19 of the ICCPR, states that extreme care must be taken in crafting and applying laws that purport to restrict expression to protect national security. Whether characterised as cyber-crime laws, treason laws, official secrets laws or sedition laws they must conform to the strict requirements of Article 19(3).
• In General Comment 16 of on the Right to Privacy, the UN Human Rights Committee states that interference by states can only take place on the basis of law which itself specify in detail the precise circumstances in which interference may be permitted.
• The 2011 Joint Declaration on the Right to Freedom of Expression and the Internet adopted by the four international special rapporteurs on freedom of expression representing the Americas, Europe, Africa and the United Nations (UN) emphasizes that standards of liability in cases relating to the internet must take into account the overall public interest in protecting both the expression and the forum in which it is made, (i.e. the need to preserver the “public square” aspect of the Internet).
• From a comparative perspective, the Council of Europe Cybercrime Convention (2001) provides basic procedural safeguards and guidance on how to draft cybercrime legislation in accordance with human rights standards.
In the light of these standards, ARTICLE 19 and Digital Rights Foundation remain concerned that the Draft Law violates international standards for several reasons:
• Lack of clear definitions: a number of definitions in the Draft Law are unclear, notably the definition of ‘content data’, which partially reproduces the definition of ‘computer data’ as stipulated in the Council of Europe Convention on Cybercrime (2001). This is confusing as computer data and content data are separate concepts. In other instances, the draft law fails to define important terms such as ‘information systems’ or ‘programme or data’. The lack of clear definitions in the draft law makes it more open to abuse and likely to catch innocuous behaviour, such as accessing a website in breach of its terms of service. By the same token, it endangers the right to freedom of expression. We recommend that ‘content data’ is replaced by ‘computer data’ in the Draft Law and refer to the Cybercrime Convention for a definition of ‘computer systems’.
• Lack of public interest defence for hacking-type of offences: The Draft Law criminalises unauthorised access to information systems, programmes or data. While the Draft Law is presumably aimed at criminalising ‘hacking’, it fails to provide a public interest defence when this type of conduct takes place for legitimate purposes, such investigative journalism or research.
• Overly broad cyber-terrorism offence: Section 7 (a) and (b) fails to make an explicit reference to "violence" as part of the offence of cyber-terrorism. Cyber-terrorism should be more clearly linked to the risk of harm or injury in the real world, and in particular harm against the welfare of individuals. It should not be equated with even moderate disruption of public services or damage to property. It is not clear that sections 7 (1) (b) (i) and (ii) would meet that threshold if read independently from Section 7 (1) (b) (vi).
• Criminalisation of “defamation against women”: Although the attempts to offer special protection to women (e.g. through prohibitions on threatening sexual acts) are laudable, we find the provisions of Section 13 of the Draft Law problematic. Section 13 criminalises “defamation against women” and other vaguely phrased offences, such as “distorting the face of a woman”. We recall that, in its General Comment 34, the UN Human Rights Committee stated that states parties should consider the decriminalization of defamation and, in any case, the application of the criminal law should only be countenanced in the most serious of cases. Also, the provisions of Section 13 fail to meet the three part test, as they are not formulated with sufficient precision to enable individuals to regulate their conduct in accordance with the law. We therefore recommend that Section 13 be revised.
• Lack of procedural safeguards against surveillance activities carried out by intelligence agencies: although efforts have been made to provide effective procedural safeguards against unchecked surveillance by law enforcement agencies (e.g. section 30), the same is not true of intelligence services, which remain subject to the provisions of the Pakistan Telecommunications (Re-Organisation) Act 1996. This is a serious concern as this means that the Pakistani intelligence services effectively have carte blanche to carry out mass surveillance without meaningful oversight (see ARTICLE 19’s analysis of the Pakistan Telecommunications (re-Organisation) Act). In our view, if the Draft Law were to be adopted in its current form, it would be in breach of the right to freedom of expression and privacy under international law.
We call on Pakistani legislators to protect the rights to freedom of expression and privacy in accordance with Pakistan’s obligations under international and review the Draft Law in line with the above recommendations.
- End -
Digital Rights Foundation is a research based advocacy organisation based in Pakistan focusing on ICTs to support human rights, democratic processes and better digital governance. DRF opposes any and all sorts of online censorship and violations of human rights both on ground and online. We firmly believe that freedom of speech and open access to online content is critically important for the development of socio-economy of the country. www.digitalrightsfoundation.pk