The proposed E-Crimes Bill is scary

The Ministry of IT & Telecom have drafted an e-Crimes Bill which has been passed by the Cabinet and has now gone to the Law Ministry.

Despite much agitation from industry and stakeholders with regard to the E-Crimes Bill in the consultations, the Ministry has failed to address the concerns that were raised.

Some salient features:
1. It does not follow the technical and legal definitions of cyber crimes as understood and implemented internationally. The offences and their definitions are completely contrary to the technical and practical reality of the crime, making the law impractical, unworkable and at times absurd in its definitions (you should see the definitions of spoofing, spamming, cyber-stalking and cyber terrorism).
2. The Convention on Cyber Crimes (Budapest Convention) and International Best Practice require safeguards for civil liberties to be mandatory which are missing in the draft law. In particular protection of human rights and civil liberties, the principle of proportionality, independent supervision, grounds for justifying application, limitation on the scope and necessary safeguards as are available in both the UK and US are completely absent.
3. The Draft law gives the Federal Government the power to enter any business, search any premises, seize any computer or IT system at any time without a judicial warrant or judicial oversight and there exist no rules as to what, when, where and to what extent such seizures can take place. Just the thought of an entire server of a business being seized and taken into custody for months on end without any controls, copies or remedies as in the infamous case of Faisal Chohan would constitute a nightmare for IT & IT Enabled businesses. Such draconian and sweeping powers are not even available in the UK or the US which provide independent judicial oversight and safeguards.

A couple of examples that show the kind of things that are included in this law that can affect anyone (not just businesses):

• Defiling etc, of copy of Holy Quran.—Whoever, using any electronic system or electronic device willfully defiles, damages or desecrates a copy of the Holy Quran or of an extract there from or uses it in any derogatory manner or for any unlawful purpose shall be punished with imprisonment of life. Explanation: the offence under this section shall be non cognizable and non bailable. – so if you reformat your hard disk or you download an upgraded version which has better search features, and delete the version you had, does that mean you have damaged or desecrated the Quran and do you get imprisoned for life.

• Pornography –
  (1) Whoever intentionally
  (a) produces pornographic material for the purpose of its distribution;
  (b) offers or makes it available;
  (c) distributes or transmit it;
  (d) procures it for himself or for another person; or
  (e) *retains it
  through or in an electronic system, is said to commit the offence of pornography. The punishment is 5 years imprisonment and upto Rs. 500,000 in fines.

*so if i receive a pornographic image as spam, and although i delete the mail, the image is retained in my attachment folder without my knowledge, have i supposedly retained it?

There is an exception though –
(2) If the pornographic material contains a minor or a person appearing to be minor engaged in sexually explicit conduct, or images representing a minor engaged in sexually explicit conduct, the offender shall be guilty of child pornography. Provided always that this Section does not extend to any material produced, offered, distributed, procured or kept for bona fide religious, research or medical purposes (what pornographic material containing a minor could possibly be for bona fide religious purposes?)

P@SHA is taking this up officially with the Federal Minister and the PSEB because there are many parts of the law that are harmful to business interests. However, if that doesn’t work, the rest of us will need to raise this on whichever platform necessary – before this draconian Bill becomes law.