The Prevention of Electronic Crimes Bill 2016 was passed by a majority vote in the National Assembly bringing an entire range of new offences within the ambit of the country's legal system ranging from illegal access of data, interference with data and information systems, specialised cyber-related electronic forgery, electronic fraud, cyber terrorism, unauthorized interception of civilians, use of malicious code virus and identity theft. There is no doubt that the need for such a bill was considerable given that Pakistan had no legislation that dealt with serious cyber offences as a crime punishable under the law.
The government unfortunately went a step further and, according to members of the opposition as well as those citizens who frequent and contribute to social network sites, passed a draconian cyber law. The bill provides no protection to whistleblowers who, one would have hoped, were excluded from its ambit given massive corruption in this country acknowledged by the investigating branch of government notably National Accountability Bureau, members of the executive, as well as the judiciary. Of serious concern therefore would be the reference made in several clauses to punishments to those who access information without authorisation. Or in other words, the bill seeks to limit this role to our state institutions for example the Federal Board of Revenue, under the administrative control of the Finance Ministry and/or the National Accountability Bureau that has been frequently charged with a bias in favour of the ruling party. One can only hope that this is not applicable to those who seek to unearth mega financial scams, be they members of the third estate, hackers or members of the opposition. To put it in a nutshell, any Pakistani individual who for example had accessed the Panama Papers revealing the assets held by scions of influential families would be punishable under this law. It would therefore have been more appropriate had the bill noted like the German penal code that punishable would be data accessed without authorisation "which are specially protected against unauthorized access".
In addition, several of the bill's clauses relate to punishment for 'dishonest intentions' which raises serious concerns with reference to who gets to define 'dishonest intentions' - the Pakistan Telecommunication Authority (PTA) or law enforcement agencies that come under the administration's control. Thus the possibility of the bill's abuse by say an overzealous Minister of Information Technology or any other state-controlled investigative agency in an attempt to nip all criticism of government functionaries or the leaders of the political party in power through the social media websites remains. There is of course no clause that refers to dishonest intentions in the German penal code.
And finally, one would urge the government to look at the results of the Federal Bureau of Investigation's (FBI) dealings with cybercrime and its focus on developing a successful relationship with the private sector and international partners. Cybercrime is not limited to one locality/region/country and hence there is a need for interaction with the private sector as well as with other international partners. Unfortunately, our cyber bill focuses on punishing Pakistanis alone.