When a crime occurs in the real world, the victim follows a straightforward routine: register a complaint, which then needs to be followed up with investigations, and if you are lucky, the suspect will be tried in court under relevant laws. But what is a sufferer supposed to do when a crime occurs in the cyberworld? Felonies that are committed in cyberspace are as harmful – if not more – than non-virtual crimes; however, there is no legislation for cybercrimes in Pakistan. In rare cases, a privileged few have been assisted when certain laws, meant for the offline world were interpreted to suit the needs of the victim. Here, the Herald takes a look at how Pakistan’s cyberworld functions without laws and regulations.
Free for all
In 2007 General (retd) Pervez Musharraf introduced the Prevention of Electronic Crime Ordinance (Peco). Government officials said that the ordinance was necessitated in order to prevent terrorist or banned groups from using the Internet for propaganda against the military and to protect female members of the Parliament who were being harassed by abusive phone calls and text messages.
On the other hand, the rumour mill said that the military dictator issued the ordinance to curb slander against the leadership of the country. The ordinance was re-promulgated thrice and in 2009 the government tried to pass it as an act. Anusha Rehman from Pakistan Muslim League-Nawaz and Marvi Memon who was then a part of Pakistan Muslim League-Quaid-e-Azam, opposed the bill as members of the National Assembly (NA). They believed the bill was not protecting the human rights of Pakistanis and it would make the country a pariah in the cyberworld. They proposed that critical amendments be made to the bill since there were numerous loopholes in the ordinance that affected each and every individual linked with the usage of technology which needed to be looked into. Moreover, the ordinance was being turned into an act without prior consultation with the stakeholders and this was unacceptable to both the MNAs. Hence, the Prime Minister sent the bill to a select committee which was supposed to bring it up to par with international cyberlaws. However, since then the bill has not seen the light of day.
Others outside the world of political figures are also troubled with the existing state of lawlessness. Shahzad Ahmad, the country coordinator for Bytes For All is despondent about the fact that there is no legislation regarding crimes on the internet. But he is also delighted that Peco was never passed as a bill; “Peco had several flaws; many of the definitions in it were incorrect, and the provisions were draconian,” he says. For instance, the ordinance which was sent to the NA for ratification stated that sending indecent, provocative and ill-motivated messages through emails and text messages was an offence and would result in 14 years imprisonment along with the confiscation of property. Many felt that this was too harsh a punishment for such a minor crime. Moreover, there was no provision in Peco to tackle child pornography or intellectual property theft.
Jehanara, the president of Pakistan Software Houses Association seconds Ahmad’s claims. She says that “we would rather have no legislation than bad legislation.” According to Jehanara, the ordinance was created independently by officials from the Ministry of Information Technology (IT) who were not trained in IT legislation. She suggests that the civil society, businesses and IT experts need to be consulted by the IT ministry before they create cybercrime law. Jehanara also explains that although she is not a believer of censorship or regulation, the internet is too vast a space for one to roam about without protection.
The Federal Investigation Agency’s (FIA) National Response Centre for Cyber Crime (NR3C) disagrees with Ahmad and Jehanara. “Peco had very solid legislation; it was extremely comprehensive as it covered almost everything from financial crimes to laws against harassment of women. It was missing a few aspects of crime and that is why they removed it,” says Faisal Iqbal, the deputy director of NR3C. Iqbal adds that now there are thousands of cases that are reported to the NR3C but all they can do with these cases is file them and put them away because without Peco these crimes no longer fall under their jurisdiction. “Even after Peco lapsed, we continued to investigate cases that fell under it, but by the beginning of 2010 the Supreme Court ordered that we could no longer entertain cases that were not in our jurisdiction, so we began filing and shelving all such cases.”
Mix and match
This does not mean that the NR3C exists in a complete vacuum. They have brought together certain laws to form a type of selective legislation through which only ‘certain’ victimised parties can find justice. What this means is that when the victim of cybercrime is an influential person, the NR3C can and will interpret laws in such a way that his or her complaint can be investigated. Last year, when a man from Punjab hacked into the President’s website and defaced it, the NR3C under Sections 36 and 37 of the Electronic Transaction Ordinance (ETO) traced the man and arrested him. Since offences under the ETO are non-bailable, the man is still in custody and the court has reached no verdict.
Last month, the NR3C received a complaint from the Lahore section of a telecommunications company in connection with a fraud committed through its electronic voucher centre system. The company said that millions of rupees were embezzled through unauthorised transactions using the ‘Easy Load’ facility, which allows telecom service subscribers to recharge their accounts through franchises. The NR3C caught the multiple parties involved in this fraud and under the ETO the criminals were sent to court. Another similar case which the NR3C handled successfully was regarding Pakistan State Oil’s (PSO) Fleet cards. The cybercrime wing caught three men who had allegedly hacked the PSO system and had been stealing thousands of rupees through their Fleet cards.
Another area in which the NR3C has managed to make much headway is regarding illegal gateway exchanges. The company involved had been selling long-distance phone call minutes to foreign clients using a mechanism that bypassed the centralised gateway through which all internet traffic should pass; hence the company avoided paying the mandatory per minute fee to the Pakistan Telecommunication Authority and made a dishonest profit. “These illegal exchanges were costing the government of Pakistan 437 million rupees per month this year and we hunted down dozens of people responsible for them and booked them,” says Iqbal. These criminals were presented in court under a 19th century law, the Telegraph Act 1885, identical to the one in India which was conveniently interpreted to fulfil their needs.
Similarly, Section 509 of the Pakistan Penal Code is the third law used by the NR3C when and where they believe it is necessary; however the success rate remains vague, at best. This section is about the state guarding the modesty of women, and on special occasions the NR3C has interpreted this law and ‘assisted’ women who were being harassed via the internet. With all the important details being nebulous, the only statement Iqbal makes is: “Sometimes a female will lodge a complaint that someone has created a fake Facebook profile under her name, and we write a letter to court and ‘begin the procedure’ to remove the fake profile. But how many can we attempt to remove? We have very limited manpower.”
It’s a man’s world
It seems that women are one of the easiest targets for cyberbullies and cybercriminals. Recently, two female students from a liberal arts college decided to participate in an international sketching competition. The sketches had to be nude self portraits. The students asked a friend to photograph and then email the pictures to them. It seems that the friend didn’t have the stomach to keep such a juicy secret because the very same week the girls’ email accounts were hacked and blackmailing threats started pouring in. Since the NR3C has no legislation for cybercrimes such as hacking, the girls had no choice but to lie low and hope for the best.
Earlier this year two relatively well-known female celebrities in Pakistan reported to Bytes For All that fake Facebook profiles of them had been created. The mastermind criminal who created these fake profiles was using them to recruit young girls with modelling aspirations to dubious events and phoney jobs. The profiles were not only wrecking the reputations of the celebrities but as a result many vulnerable young girls were now at the mercy of the criminal. “The most frequent complaints I get from women are that either their email account has been hacked or that someone has created a fake profile of them on Facebook,” says Nighat Dad, a lawyer who is the lead researcher at Bytes For All. Dad says that there is no legal remedy for these girls; hence the only thing that lawyers like her can do is request the NR3C to look into the case. “Laws under the ETO deal with the privacy of corporations, but when the President’s website got defaced, the FIA interpreted the law to serve an individual,” says Dad. Similarly, these laws can be interpreted to help these women too, to retrieve their private data and save them from defamation.
Another issue that women face due to the lack of cybercrime legislation is of cyberbullying and online stalking. Nabiha Meher, a blogger who also teaches at various universities in Lahore explains that in Pakistan, family honour is intricately tied around women; if the woman is sexually attacked the entire family’s honour is attacked. “The easiest way to harass women in this culture is to threaten to rape them and I have got numerous well-detailed rape threats in response to my blogs,” Meher says. Meher is not alone: other female bloggers such as Sana Saleem and Mehreen Kasana have similar concerns and no faith in the abilities of NR3C.
Need of the hour
If there is one thing that the NR3C and the activists agree upon it is that there is an urgent need for legislation. “The ETO is very vague and incomprehensive, we can interpret the laws to suit us but its regulations have not been created for the cyber world. I have written many times to the Ministry of IT about this because too many people are suffering,” says Iqbal. Ahmad and Dad agree that there is a pressing need for a pro-people legislation which respects human rights and allows the public to use the internet as an enabling tool. One fear that the activists face day after day is that Peco will one day resurface and engulf everyone simply because there is a dearth of legislation. An IT ministry official says that Peco is currently with the NA and that it was not in the hands of the ministry to help or to hinder the bill from being passed.