Pakistan is pushing forward its version of CISPA/CISA, the PECB (Prevention of Electronic Crime Bill). Much like in the US, legislators have put this together without the input of legal or technical experts and, to make matters worse, this one is being pushed under a regime already known for intrusive surveillance.
Everyone (except the bills supporters) finds the proposed bill to be terrible.
A coalition of Pakistans leading online rights groups and businesses have warned the current version, written with no input from legal experts or technologists, would “adversely impact the IT industry…. and the constitutional rights and safeguards guaranteed to citizens”. The Human Rights Watch went further saying it constitutes “clear and present danger to human rights”. But it took one of Pakistans leading legal experts on computer crime jurisprudence, Zahid Jamil, to call the bill “by far the worst piece of cybercrime legislation in the world.”
Much like other “cyber security” bills, its ostensibly aimed at criminal activity but is being used to give the government (even more) censorship and surveillance powers. It also will create a whole new set of criminals by turning security research and hardware/software modding into punishable offenses. In other words, its the CFAA, but much, much worse.
One section forbids “changing, tampering with or altering a device identifier,” which makes altering a routers MAC address a criminal act. Another broadly-worded section seemingly makes scanning for open WiFi signals illegal. But the worst aspects are those that enable the government to further censor and surveil its citizens.
Section 9 of the Bill states that anyone who “prepares or disseminates information, through any information system or device” with the intent to “glorify an offence or the person accused or convicted of a crime and support terrorism or activities of proscribed organizations” and “advance religious, ethnic or sectarian hatred” shall be punished with imprisonment up to five years, a fine up to ten million rupees – or both.
Section 29 of the Bill requires internet service providers (ISPs) to retain all “traffic data” for a minimum period of one year, or any period of time that the Pakistan Telecommunication Authority requests, and “provide that data to the investigation agency or the authorised officer whenever so required.” This means that all personal information and communications of individuals residing within the borders of Pakistan will be retained for at least one year, and may be shared with any investigation authority – including… foreign governments.
Theres a supposed warrant requirement in the bill, but its only mentioned once and never brought up again. And the small hurdle the government is required to leap wouldnt tax an infant.
The threshold for obtaining a warrant is dangerously low – an officer needs only to show that the data is “reasonably required for the purpose of a criminal investigation”. There is no defined legal standard to ascertain what is reasonable and what is unreasonable.
Also left unexplained during the warrant requirements brief appearance in the draft bill? Any explanation of what a data “seizure” entails, how long it lasts or if there are any restrictions placed on searches of seized data/devices.
When instructed to, ISPs must provide the government with “real-time” access to subscribers data. Its “limited” to a period of seven days but this order can be renewed an indefinite number of times. The proposed bill also grants the government completely secrecy for these collections, allowing it to perform real-time surveillance of any Pakistan resident without ever having to inform them of this fact.
Finally, the bill grants the Pakistani governments Telecommunications Authority the power to remove or block anything on the web, all without having to ask permission. No court orders are required and the agency can censor pretty much anything it wants to.
Content may be censored if “necessary in the interest of the glory of Islam or the integrity, security or defence of Pakistan or any part thereof, friendly relations with foreign states, public order, decency or morality, or in relation to contempt of court or commission of or incitement to an offence” in the bill itself.
And this doesnt limit the Telecommunications Authority (PTA) to blocking websites. It can also censor content flowing to phones, video game consoles or anything else that might connect to the internet, thanks to the bills expansive wording, which sweeps up everything from websites to texts to video to “databases.”
The EFF has provided a form for Pakistani citizens to use to protest this horrendous legislation. Its worth a shot, but considering the governments historical enthusiasm for expanded censorship and surveillance powers, it doesnt seem as though it will be very receptive to the complaints of its citizens.