Web of control
19 October 2016
How Pakistan’s Prevention of Electronic Crimes Act impinges on freedom of expression.
People seem to love actor Hamza Abbasi, of sappy sitcom fame. The young actor is perhaps the only star of his generation to have amassed the number of awards and accolades he has in the last few years. He gave up a career in the police services to pursue acting. Having starred in Army-sponsored films, he pledges support to the men in uniform every chance he gets. He is a true ‘patriot’ in the eyes of a burgeoning middle-class that follows his political and social commentary religiously on Facebook and Twitter; Hamza Abbasi’s tweets get quoted, his Facebook status makes news.
But on 31 August 2016, he received a notice from the Punjab government about a status update he had posted to be seen, liked or shared by his more than the 3,679,000 fans who follow his page on Facebook. The ominous letter, signed off by Additional Secretary Prosecution Mahmood Hassan, accused Abbasi of fear-mongering and creating a situation that could trigger panic among people. The notice demanded a retraction and an apology from the actor and warned that his ‘crime’ could be tried under the cyber-terrorism section of the new Prevention of Electronic Crimes Act (PECA).
In his Facebook status Abbasi had inadvertently inflated the number of children kidnapped or reported missing over the past few months while the authorities claimed that most of them had been found and returned to their families. In a follow-up status Abbasi revealed his sources – most of them news articles – which, he claimed, had led him to quote the particular figure. His social media position on the issue was one of thousands of social media posts, blogs, news stories, features and tweets obsessed about the reported increase in child abductions in Punjab. The Sunday Magazine of Dawn, the English daily, had run an article on how to keep children safe amid abduction rumours, not to mention several parents who had expressed concerns over the safety of school-going children.
FACT AND FICTION
Articles on Freedom of Expression
This article is from our final issue ‘Fact and Fiction’. The quarterly issue has articles on freedom of expression and collection of fiction from the Southasia. Other articles on freedom of expression include:
Of Eco and Echoes – Salil Tripathi
The business of news – Sukumar Muralidharan
Freeing the fourth state – Tisaranee Gunasekara
Whose media is it anyway? – Neha Dixit
The state of surveillance – Sana Saleem
Chronicle of a death not foretold – Aunohita Mojumdar
The state of panic the government had accused Abbasi of creating, had actually existed long before his post. Several lawmakers of the ruling party had also expressed their concern over the safety of children and had quoted the same number as Abbasi on various social media platforms. During an interview with a TV channel, Law Minister Rana Sanaullah told Abbasi that the government had taken action against him because his posts on social media were being liked and shared by a large number of people and that he had a ‘responsibility’ to be accurate. Sanaullah even tried his hand at mollifying the disgruntled Abbasi by telling him “it was a friendly warning”. However, many look at it as an aggressive move on the government’s part to warn off other public figures from criticising the state.
On 11 August 2016, a six-year impasse during which Pakistan had no effective cybercrime legislation came to an end. The long-drawn legislative battle where multiple governments had attempted to introduce cybercrime laws had become polarised around the question of internet freedom on one hand and growing national security concerns under the ambit of the War on Terror, on the other. The delays were also caused by the dictates of coalition politics and the opposition’s refusal to become party to a controversial bill that was seen to be undermining fundamental rights.
But when Minister of State for Information Technology Anusha Rahman stood at the podium of the National Assembly in Islamabad to announce the new law on cyber crime in Pakistan on that day, nobody could miss the irony. She had been one of the key actors who, alongside parliamentarian Marvi Memon, had opposed the country’s last existing law in relation to cybercrime, the Prevention of Electronic Crime Ordinance (PECO) in 2007, which had been passed by Pervez Musharraf. She had canvassed on the concerns that it was a dictator’s law which violated basic human-rights obligations. After the ordinance expired in 2009, Prime Minister Yousaf Raza Gillani tried to make it a law but faced resistance from opposition members. Rahman, a major face of the protests, had also enlisted the help of digital-rights activists to put pressure on the government.
However, this time around, Rahman’s speech targeted the same activists and their organisations, saying that they had a foreign agenda and the state would prioritise its national security interests. Prime Minister Nawaz Sharif also weighed in to say that the law would go a long way in enforcing the National Action Plan (NAP).
It was following the terrorist attack on a school in Peshawar on 16 December 2014 that the Nawaz Sharif government introduced the 20-point NAP through the 21st Amendment to the Constitution on 7 January 2015. This was meant to be the government’s solution to end terrorism and extremism and it gave a new impetus to censorship and surveillance. The 1990s had seen wire-tapping wars between the alternating civilian governments and the armed forces. Further, early legislations surrounding the telecom, internet and media industries ceded considerable powers to the intelligence agencies. After the Pakistan Muslim League-Nawaz (PML-N) government’s ascent to power in 2013, the country saw a ban on Geo News network for speaking against the Armed Forces and it became difficult for local newspapers to report on the War on Terror or against the performance of the state. The battle by hardened progressives such as Senator Faratullah Babar to challenge the state’s increasing control seemed to have been lost under the fervour of the drive to root out terrorism.
The Prevention of Electronic Crimes Bill (PECB) was tabled in the National Assembly a week after NAP was implemented in order to curb hate speech online in accordance with two points under the action plan, a former Pakistan Telecommunication Authority (PTA) officer said. “First, communication systems of terrorist organisations will be destroyed. And second, social media and the internet will not be allowed to be used by terrorists to spread propaganda and hate speech, though the exact process for that is yet to be finalised.”
The Electronic Transactions Ordinance (ETO) that came about in 2002 included a necessary section for a purview of cybercrime legislation but was criticised heavily for providing the FIA with sweeping powers – the FIA’s cybercrime division already had a track record of misuse of powers coupled with lack of investigative capacity. It also introduced vague definitions of crimes that could easily apply to everyday actions. “Basically, the same criticism extended to the PECA,” explained the former PTA official.
The baseline document for the internet regulation in Pakistan begins with the Telecom Act 1996, which authorised the PTA to function as a legal regulator. The Act gave the Pakistan Telecommunications Company a monopoly to provide internet and telecommunication services in the country for seven years and mandated that the PTA would start deregulating data services and the internet after that. Section 54 of the Telecom Act had also given the federal government powers to authorise intelligence agencies to wiretap calls and intercept messages, “in the interest of national security or in apprehension of an offence”. The PECA complements this by criminalising the selling of SIM cards or memory chips without obtaining and verifying the subscriber antecedents. Punishment for such a crime is imprisonment for up to three years and/or a fine.
When PECO was introduced in parliament (after its expiry in 2009) to be made into a law during Prime Minister Yousaf Raza Gillani’s tenure it faced great resistance. The government had to withdraw the draft due to pressure – a large part of which had come from opposition members in the National Assembly, the loudest of whom was Anusha Rahman, then a member of National Assembly from the PML-N.
Rahman had, back then, taken on board several parliamentarians, digital-rights groups and industry associations in the Information Technology Standing Committee to block the bill. In several interviews to TV channels, Rahman had criticised the draft law for leaving the field open for human-rights abuse and for not being compliant with international conventions, such as the International Covenant on Civil and Political Rights, which Pakistan had ratified. But after becoming the minister of information technology in the government led by the PML-N her position on the matter flipped completely.
The about-turn in 2016 came as a surprise to digital-rights groups but not to those in the government. “The government had to somehow adjust the PECA into the logic of the NAP,” explains an IT expert who had helped draft the PECB, but came under fire for criticising it later.
There would be a ‘temporary’ hold on citizens’ fundamental rights, but the end would justify the means. This was reflected in statistics on the implementation of NAP released by the government around the same time the PECA was passed by the parliament: about 150,000 suspects and over 6000 hard-core terrorists have been arrested since NAP was implemented. “So the law was bulldozed through without much serious thought or consideration as to how it would affect the average internet user,” he explains. The law regulates the cyberspace only from a security angle; the question of citizens’ fundamental rights does not feature in this paradigm. In an implementation report, the Ministry of Interior Affairs even called it the “cornerstone of NAP”.
Some analysts argue that the government had steamrollered the PECA to replace the Protection of Pakistan Ordinance (PPO). The ordinance, put in place to deal with the ‘extraordinary’ security situation in the country, was likened to India’s Terrorist and Disruptive areas Act (TADA), 1987, and The Prevention of Terrorism Act (POTA), 2002. Suspects charged under the PPO would be guilty until proven innocent (the burden of proof of innocence would lie with the accused).
The PPO had accorded law enforcement agencies extraordinary powers, including powers to shoot ‘terrorists’ at sight, and included clauses pertaining to cybercrime. It expired on 15 July 2016, leaving the government to mull over the possibility of extending it for another two years.
Following the passage of PECA, the government announced towards the end of August 2016 that it would not extend the PPO any longer. The PECA has empowered the government to block whatever it feels is offensive with no provision to protect the privacy of Pakistani citizens. Since service providers are mandated to retain “specified” traffic data for a year, the idea is that people will self-censor. The case of Hamza Abbasi could be taken as an example of how the government can react to criticism.
Nighat Dad of the Digital Rights Foundation has locked horns with the government over the law since the day its draft was leaked to the public. She has been a leading voice for internet freedom at a time where the national discourse has veered scarily towards greater securitisation and more curbs on individual freedoms. Her analysis of how the law came about and its implications for internet users in the country begins with the troubling information that a lot of definitions and the language in the draft law were borrowed directly from the Anti-Terrorism Act. The obfuscation of definitions of certain offences and adding overlapping punishments for offences mentioned in the other laws leaves a window open for misuse of the law. For instance, the definition of defamation in PECA differs slightly from that in Pakistan Penal Code. The punishments proscribed are also different. So now there will be two laws covering the same offence with different punishments. Just like with the PPO, the burden of proof, under PECA, is on the suspect rather than the accuser. It does not exempt or cater to accidental breaches.
Lack of political coherence on how the state should approach the cyberspace has usually paved the way for draconian measures with governments clamping down on political activists and detractors using the internet to take on the state. This new dimension of an alternative reality is scary for the state, explains Nabiha Meher Shaikh, a researcher who has worked on digital rights and online harassment in Pakistan. The challenge for the state is how it is going to script this alternative reality.
Section 10 of the PECA deals directly with cyber-terrorism. Yet the definition and ‘crimes’ it has introduced could easily apply to anyone critical of the state, more so, internet-activists or ‘hacktivists’ and cyber vigilantes. In his paper, ‘The Fight For Cyber Thoreau’, professor Matthew Crosston discusses the concept of civil disobedience as was coined by Henry Thoreau in 1849 and how the idea, reality and impact of civil disobedience would unfold in the age of the internet.
Crosston equates website defacements with sit-ins in the physical realm, barricades as website redirects, political graffiti as Denial of Service or Distributed Denial of Service attacks, strikes as information theft, underground presses as site parodies, political theatre as virtual sit-ins and sabotage as virtual sabotage.
The PECA makes no distinction between cyber vigilantism and cyber attacks. Under the new law, all forms of protest in the cyberspace have been declared illegal. Punishment ranges from three years imprisonment for spoofing to seven years imprisonment for hacking, interference with data and information system and electronic forgery. The Constitution, somewhat, upholds the right to participate in orderly political demonstrations under sections dealing with freedom of speech and assembly. Yet there is little understanding of how this may apply in the cyber realm.
One can argue that hacktivists are crucial for keeping power in check in the modern world. Cyber vigilantes or activists, such as Anonymous, do not face the same problems and hurdles as activists in real life. They do not need a large following to sabotage government property. By the same token, activists have used social media to circumvent state repression, share knowledge and news about state crimes and build communities for collective action in a space where activism is not considered an act of overt rebellion.
The new law restricts expression that offends “the glory of Islam or the integrity, security or defence of Pakistan or any part thereof, friendly relations with foreign States, decency or morality, or contempt of court”. According to a post by the Association of Progressive Communications, restriction on the freedoms of assembly and association in the interest of national interest and security has now been extended to the internet.
On a day in December 2006, Faisal Chohan bade his pregnant wife goodbye and set off for office. The internet job portal his firm ran had recently launched an integrated voice resume system based on voice over IP (VoIP). Chohan was among the first internet-entrepreneurs in the world to have acquired the technology. As Chohan entered the corridor of the towering building that housed his office, he found the main door shut. Perplexed, he peeked through the glass windows and saw his staff huddled in a corner. A team of burly men, who looked like they meant business, were moving around asking questions.
The charge against Chohan was that his company had been using VoIP for making and terminating calls illegally. He was subsequently whisked off to Rawalpindi’s Adiala Prison and then the pillaging began. Officials of the Pakistan Telecommunication Authority and the Federal Investigation Agency seized the servers, the drives, all cellphones and equipment at Chouhan’s office as evidence to prepare a case against him. His interrogation lasted several days during which the young CEO scrambled for ways to convince the FIA that there was nothing shady about his business. But his office had been shut down. His wife went into a trauma that resulted in a miscarriage.
Chohan’s friends in the industry rushed to his aid. They contacted members of the Pakistan Software Houses Association ([email protected]) and the Internet Service Providers Association of Pakistan (ISPAK) who would then raise the issue within relevant activist circles and advocacy groups. As pressure from the industry mounted and investigations took their due course, a glaring oversight was discovered. The FIA had arrested Chohan and prosecuted the case on the basis of illegal VoIP activity traced to an IP address his company had never been assigned to or used. The crime had taken place elsewhere.
Weeks after languishing in prison, when Chohan appealed for a release based on the fact that he had been arrested on the basis of a blunder committed by the investigation agency, the court used procedural reasons to explain why he would have to stay in jail for another 10-15 days. In a statement issued back then, Jehan Ara of [email protected] had said: “If Faisal was the son of someone in power, and was not even innocent, wouldn’t he have been out of jail a long time ago? In fact he probably wouldn’t have been in jail at all. There is anger, hurt, disbelief and frustration throughout the industry. One of our own has been, and is being treated, with total disregard for his rights.”
Chohan’s case re-emerged after August 11, as a classic example of what it could be like for citizens left at the mercy of high-handed intelligence agencies relying on repressive laws. Digital rights activists and bloggers unearthed the case an example of what internet users in the country would be up against.
“For those asking what the big deal is with the #cybercrime bill is, plz read what happened to Faisal Chohan under #PECO” ( Prevention of Electronic Crimes Ordinance), tweeted Farieha Aziz, director of Bolo Bhi (a not-for-profit organisation working on internet access, digital security and privacy).
Under a law where formatting a hard disk (which falls under the Section pertaining to destruction of data) could land you in jail for up to seven years, many fear that the consequences could have far more serious implications than what Chohan faced in 2006.
~ Sarah Eleazar is a Lahore-based journalist.