(Sept. 21, 2016) On August 11, 2016, Pakistan’s lower house, the National Assembly, passed a controversial cybercrime law called the Prevention of Electronic Crimes Act, 2016. The Senate had unanimously passed the law, with a number of amendments, in July. (Raza Khan, Cyber Crime Bill Passed by NA: 13 Reasons Pakistanis Should Be Worried, DAWN (Aug .11, 2016).) The President of Pakistan gave his assent to the legislation on August 18, 2016. (Archive: Prevention of Electronic Crimes Bill 2015-16, BOLO BHI (last visited Sept. 19, 2016).)
According to the Act, the purpose of the legislation is “to prevent unauthorized acts with respect to information systems and provide for related offences as well as mechanisms for their investigation, prosecution, trial and international cooperation … .” (Prevention of Electronic Crimes Act, 2016 (Aug. 11, 2016), Foreword, National Assembly website.)
Crimes Against Information and Data Systems, and Cyber-Terrorism
The Act introduces a range of offenses involving the unauthorized access, transmission, copying, or interference in an information system or data. (Id. §§ 3-5.) Harsher penalties are set for these crimes if they involve information systems or data connected to critical infrastructure. (Id. §§ 6-8.)
The Act also introduces the offense of cyber-terrorism. A cyber-terrorist crime is deemed to have been committed if a crime connected to critical infrastructure is carried out with the intent to commit terrorism. The punishment for such an offense upon conviction is up to a 14-year term of imprisonment or a fine of Rs5 million (about US$47,450), or both. (Id. §10.) The glorification of terrorism-related offenses, hate speech, and the recruitment for or funding and planning of terrorism “through any information system or device” are also punishable crimes under the Act. (Id. §§9, 10A, & 10B.)
The Act also introduces crimes of spamming and of distributing and transmitting malicious code. (Id. §§ 20 & 22.)
Crimes Against Persons via the Internet, Including Criminal Defamation
Section18 (1) of the law essentially criminalizes defamation “through any information system.” The Act prescribes that
Whoever intentionally and publicly exhibits or displays or transmits any information through any information system, which he knows to be false, and intimidates or harms the reputation or privacy of a natural person, shall be punished with imprisonment for a term which may extend to three years or with fine which may extend to one million rupees or with both. (Id. § 18 (1).)
Certain provisions, such as one on “spoofing,” have been particularly controversial, because they might be used to target satirical online content. The spoofing provision stipulates, “[w]hoever with dishonest intention establishes a website or sends any information with a counterfeit source intended to be believed by the recipient or visitor of the website to be an authentic source commits [the offense of] spoofing.” (Id. § 23.) This crime is to be punished upon conviction with up to three years of imprisonment or a fine of Rs500,000 (about US$4,745), or both. (Id.)
Section 19 of the Act, which deals with offenses against the modesty of a natural person or a minor, prohibits, among other acts, superimposing “a photograph of the face of a natural person over any sexually explicit image or video.” (Id. § 19(1)(a).)
Other newly introduced crimes against the person are cyber stalking and producing, distributing, possessing, or procuring online child pornography. (Id. § 19(A).)
Investigative Powers
The powers to investigate crimes set forth in the Act include those of preservation, search and seizure, and retention of data, and also the real time collection and recording of information through a court order or warrant. Section 26 grants the Federal Government the power to establish or designate a law enforcement agency “as the investigation agency for the purposes of investigation of offences under this Act.” (Id.) On September 9, 2016, the Federal Cabinet designated the Federal Investigation Agency (FIA) as the Investigation Agency under the Act. (Press Release, PR No. 66, Meeting of the Federal Cabinet Islamabad: September 9, 2016 (Sept. 9, 2016), Press Information Department website.)
Section 34 of the Act grants the Pakistan Telecommunication Authority the power to
remove or block or issue directions for removal or blocking of access to an [sic] information through any information system if it considers it necessary in the interest of the glory of Islam or the integrity, security or defence of Pakistan or any part thereof, public order, decency or morality, or in relation to contempt of court or commission of or incitement to an offence under this Act. (Prevention of Electronic Crimes Act, 2016, § 34(1).)
Reaction to the Act
Human rights and free speech activists are worried that many of the provisions of the Act are framed in vague terms that “could lead to curtailment of free speech and unfair prosecutions.” (Mehreen Zahra-Malik, Pakistan Passes Controversial Cyber-Crime Law, REUTERS (Aug 12, 2016).) Nighat Daad, the founder of the Digital Rights Foundation, was quoted as stating that “[t]he overly broad language used in the bill ensures that innocent and ignorant Pakistani citizens, unaware of the ramifications of what the bill entails, can be ensnared and find themselves subject to very harsh penalties.” (Id.)
Members of opposition political parties have also expressed concern about the potential for misuse of the Act by government authorities and the possibility that it may stifle political debate online.(Vasudevan Sridharan, Pakistan Passes ‘Draconian’ Cybercrime Law Threatening Civil Liberties, INTERNATIONAL BUSINESS TIMES (Aug .11, 2016).) The Minister of State for Information Technology & Telecom, Anusha Rehman, told Parliament, however, that “[c]riticism regarding the bill is baseless as proposed amendments have been included. Non-governmental organisations and civil society representatives are opposing the bill due to a certain agenda.” (Id.)