Pakistan Aims To Take Home 'Worst Cybercrime Legislation In The World' Trophy With Prevention Of Electronic Crimes Bill

from the pak-it-up/pak-it-in dept

Pakistan is pushing forward its version of CISPA/CISA, the PECB (Prevention of Electronic Crime Bill). Much like here in the US, legislators have put this together without the input of legal or technical experts and, to make matters worse, this one is being pushed under a regime already notorious for censorious actions and intrusive surveillance.

Everyone (except the bill's supporters) finds the proposed (and rewritten… for the worse) bill to be terrible.

A coalition of Pakistan’s leading online rights groups and businesses warned the current version, written with no input from legal experts or technologists, would “adversely impact the IT industry…. and [the] constitutional rights and safeguards guaranteed to citizens”. Human Rights Watch went further, saying it constitutes “clear and present danger to human rights”. But it took one of Pakistan’s leading legal experts on computer crime jurisprudence, Zahid Jamil, to call the bill “by far the worst piece of cybercrime legislation in the world.”
Much like other "cybersecurity" bills, it's ostensibly aimed at criminal activity but is being used to give the government (even more) censorship and surveillance powers. It also will create a whole new set of criminals by turning security research and hardware/software modding into punishable offenses. In other words, it's the CFAA, but much, much worse.
One section forbids "changing, tampering with or altering a device identifier," which makes altering a router's MAC address a criminal act. Another broadly-worded section seemingly makes scanning for open WiFi signals illegal. (“unauthorised interception” of “electromagnetic emissions from an information system that are carrying data")

But the worst aspects are those that enable the government to further censor and surveil its citizens.

Section 9 states that anyone who “prepares or disseminates information, through any information system or device” with the intent to “glorify an offence or the person accused or convicted of a crime and support terrorism or activities of proscribed organizations” and “advance religious, ethnic or sectarian hatred” shall be punished with imprisonment up to five years, a fine up to ten million rupees (around 95,000 USD) – or both.


Section 29 requires internet service providers (ISPs) to retain all “traffic data” for a minimum period of one year, or any period of time that the Pakistan Telecommunication Authority requests, and “provide that data to the investigation agency or the authorised officer whenever so required.” This means that all personal information and communications of individuals residing within the borders of Pakistan will be retained for at least one year, and may be shared with any investigation authority— including... foreign governments.
There's a supposed warrant requirement in the bill, but it's only mentioned once and never brought up again. And the small hurdle the government is required to leap wouldn't tax an infant.
[T]he threshold for obtaining a warrant is dangerously low – an officer need only show that the data is “reasonably required for the purpose of a criminal investigation”. There is no defined legal standard to ascertain what is reasonable and what is unreasonable.
Also left unexplained during the warrant requirement's brief appearance in the draft bill? Any explanation of what a data "seizure" entails, how long it lasts or if there are any restrictions placed on searches of seized data/devices.

When instructed to, ISPs must provide the government with "real-time" access to subscribers' data. It's "limited" to a period of seven days but this order can be renewed an indefinite number of times. The proposed bill also grants the government completely secrecy for these collections, allowing it to perform real-time surveillance of any Pakistan resident without ever having to inform them of this fact.

Finally, the bill grants the Pakistani government's Telecommunications Authority the power to remove or block anything on the web, all without having to ask permission. No court orders are required and the agency can censor pretty much anything it wants to.
Content may be censored if “necessary in the interest of the glory of Islam or the integrity, security or defence of Pakistan or any part thereof, friendly relations with foreign states, public order, decency or morality, or in relation to contempt of court or commission of or incitement to an offence” in the bill itself.
And this doesn't limit the Telecommunications Authority to blocking websites. It can also censor content flowing to phones, video game consoles or anything else that might connect to the internet, thanks to the bill's expansive wording, which sweeps up everything from websites to texts to video to "databases."

The EFF has provided a form for Pakistan citizens to use to protest this horrendous legislation. It's worth a shot, but considering the government's historical enthusiasm for expanded censorship and surveillance powers, it doesn't seem as though it will be very receptive to the complaints of its citizens.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    Anonymous Coward, 2 Dec 2015 @ 12:53pm

    Wait till you see what Kazakhstan is doing!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Dec 2015 @ 2:08pm

    "whoever we say is a criminal, is treated as a criminal, evidence be damned"

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 2 Dec 2015 @ 5:00pm

    " make matters worse, this one is being pushed under a regime already notorious for censorious actions and intrusive surveillance."

    So the US is pushing for this in Pakistan?...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Dec 2015 @ 5:52pm

    Techdirt office pool

    I bet there's a Techdirt office pool going on over how long it takes TD to get blocked. Any chance your visitors could get in on the action too? Maybe win a shirt or something?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Dec 2015 @ 6:59pm

    Only one year's data retention, Pfff, Australia demands two years data retention as from now, it for National Security ya know!

    More like Rupert Murdoch stopping those damn pirates getting his company's stuff for free, that's only the right of people like himself.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Dec 2015 @ 11:44pm

    so spoofing the dictator`s MAC address is trrrism?

    reply to this | link to this | view in chronology ]

  • icon
    scatman09 (profile), 3 Dec 2015 @ 5:20am

    Slavery requires obedience. Until the people under these tyrannical governments raise up and throw off the shackles of Islam, which perpetuates this rigid class system of oppression, nothing will change...the new king will be the same as the last king.

    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.