(New York) – Pakistani lawmakers should reject a new cybercrime prevention bill which contains provisions which threaten rights of privacy and freedom of expression.

In a joint statement published on April 20 and distributed to Pakistani members of parliament, Human Rights Watch joined nongovernmental organizations Article 19, Bolo Bhi, Bytes for All, Digital Rights Foundation, Pakistan for All, and Privacy International in expressing deep concern about elements of the new Prevention of Electronic Crimes Act 2015 (PECA) bill which violate Pakistan's commitments to universal human rights standards.

“The Prevention of Electronic Crimes Act bill neither protects the public from legitimate online security concerns nor respects fundamental human rights,” said Phelim Kine, Asia division deputy director at Human Rights Watch. “In its present form, Pakistan's cybercrime prevention bill will instead institutionalize unacceptable violations of basic rights with a thin veneer of legality.”

The bill's abusive elements include provisions that allow the government to censor online content and to criminalize Internet user activity under extremely broad criteria which could be susceptible to abusive interpretation. The bill also permits government authorities access to the data of Internet users without any form of judicial review process to justify that access.

The National Assembly Standing Committee on Information Technology and Telecommunication approved the bill on April 16 and it now awaits consideration by the National Assembly and the Senate. Minister of State for Information Technology Advocate Anusha Rehman Khan has defended the bill as a means to prevent cybercrime, defend national security, and boost and protect information technology, e-commerce, and e-payments systems.

However, provisions of the bill which pose a threat to human rights and the security of internet users include the following:

  • Article 9 criminalizes anyone who “prepares or disseminates” any type of electronic communication with the intent to praise a person simply “accused of a crime,” or to “advance religious, ethnic or sectarian hatred,” as well as the more conventional intent to praise terrorism or proscribed organizations. The ambiguity of these categories of “glorification” invites abusive interpretation; for example, someone could be prosecuted for merely blogging about persons arrested, in violation of freedom of expression and the presumption of innocence.
     
  • Article 10 defines “Cyber-terrorism” as including “glorification” of crime (article 9 above) or unauthorized access to, copying, or transmission of “critical” information with intent to create a sense of fear or insecurity in the government or the public or to advance religious, ethnic, or sectarian hatred. These vague definitions create a serious potential threat to whistleblowers who may seek to publicly reveal intelligence that shows abuses by government officials or agencies.
     
  • Article 28 gives an “authorized officer” the unilateral and unchecked power to order the provision of data or the preservation of data whenever the officer believes it is “reasonably required for the purposes of a criminal investigation” and there is risk the data may be later inaccessible. While the authorized officer is required to notify a court of such requests, the provision does not require the court to examine the legitimacy of the request or impose any particular safeguards for rights. When combined with expansive data retention requirements under article 29, this article raises serious concerns about unrestrained government access to private communications and chilling of the freedom of expression and association.
     
  • Article 34 enables broad government powers of censorship, including authorizing blocking or removing online content if it considers it “necessary in the interest of the glory of Islam or the integrity, security or defence of Pakistan or any part thereof, friendly relations with foreign states, public order, decency or morality, or in relation to contempt of court or commission of or incitement to an offence under this Act.” The bill does not require an approval from a court, and undermines any ability to safeguard against misuse of the provision. This article's sweeping scope violates freedom of expression and could be used to purge virtually anything the government doesn't like.

“Pakistan's Prevention of Electronic Crimes bill constitutes a clear and present danger to human rights on the pretext of addressing legitimate fears about cybercrime,” Kine said. “If Pakistan's government is serious about protecting its citizens from online threats to their rights and security, it should start by overhauling the Prevention of Electronic Crimes Act bill to remove its potentially abusive provisions.”