DAWN.COM

Today's Paper | November 08, 2024

Published 31 Jul, 2016 03:34am

Lost in translation

The writer is an advocate.

WE continuously struggle to understand the realm of cyberspace and, considering its evolving nature, it seems impossible to achieve perfectly drafted legislation on the subject. The government’s determination to pass the Prevention of Electronics Crime Bill, 2016 (PECB) is commendable, but haste will cost us as a nation later on. There have been several reports identifying violations of fundamental rights of individuals in this legislation, but none have addressed aspects of national security and national defence.

In the garb of national security, the PECB appears to impose strict restrictions on the constitutional rights of citizens. Underst­andably, there are no absolute fundamental rights, and exceptions of reasonable restrictions by the state always exist, but how far the state can exercise this discretion is debatable.

The new draft includes some significant changes and, in my opinion, has made matters worse than before. The definition of ‘critical infrastructure’ is a major area of concern that many stakeholders have overlooked. The UN General Assembly (UNGA) has defined ‘critical infrastructure’ as “those used for, inter alia, the generation, transmission and distribution of energy, air and maritime transport, banking and financial services, e-commerce, water supply, food distribution and public health — and the critical information infrastructures that increasingly interconnect and affect their operations”.

However, UNGA recognises that every state needs to define its own critical infrastructures. The definition in the previous draft may have been in keeping with UNGA guidelines or the practices of other states, but the latest draft tabled in the Senate has gone even further — introducing a new cyber threat into the bill.


The amended PECP is even messier.


The PECB already addresses cyber security, cyber crime and cyber terrorism in one piece of legislation. However, the definition of ‘critical infrastructure’ has now been completely changed and has become vague. It includes phrases such as “whose integrity, if compromised, could result in significant loss of life or casualties”. Further, a new subsection mentions the “significant impact it has on the national security, national defence or functioning of the state”.

This is where the problem begins. We have included another form of cyber threat, one that falls within the realm of armed conflict. In such instances, where the threshold of the cyber attack rises to the level of causing physical damage or loss of human lives, it is then considered an ‘armed attack’ against the state. This is cyber warfare.

It seems that the bill has been drafted without a basic understanding of the forms of cyber threats that exist or consideration of the extent to which domestic legislation on cyber crime should curtail these threats. Moreover, it is surprising that it has included ‘national security and national defence’ in the revised definition considering that, throughout the Senate committee and sub-committee meetings, no representative from the Ministry of Defence has been seen.

Pakistan already has offensive and defensive cyber capabilities; however, their extent is undocumented. Still, the defence ministry of is an essential stakeholder to consult before expanding the definition of ‘critical infrastructure’ to the extent of including loss of life and cyber warfare. Also it is widely recognised that the internet has become an effective tool for terrorists’ propaganda, communications, information gathering, recruiting, organising, fundraising and coordinating attacks. These aspects were previously not covered in the cyber terrorism clause. However, the IT ministry agreed to include this clause after UNSC Resolution 2129/2013 was referenced in one sub-committee meeting. Despite having a template provided, the clause was still poorly drafted.

Cyber terrorism essentially refers to the threat or conduct of unlawful cyber attacks against a computer network system(s) to intimidate or coerce a state in pursuance of a terrorist organisation’s political or social objective. However, the definition of cyber terrorism in PECB is problematic in itself for being vague and overlapping with Section 9 (glorification of an offence), and also for being repetitive with Section 10 A (hate speech).

It is imperative for the legislative drafters to understand the complexities that surround cyberspace. Unfortunately, continuous criticisms and loopholes in PECB reflect the limited knowledge and specialised expertise we possess. Most countries have not even defined critical infrastructures in their domestic legislation but have developed it as a part of their national defence policies. Due to the multifaceted nature of threats that exist in cyberspace, it is vital to create an inter-ministerial department to discuss this evolving threat and its repercussions.

Pakistan has always adopted a reactive approach rather than a proactive one in formulating new policies or enacting legislation. The PECB draft lacks foresight and understanding of the complications linked to cyber threats. It is integrating different forms of cyber threats, causing further confusion and demonstrating our incompetence as a state in being unable to differentiate between cyber crime, cyber terrorism and cyber warfare.

The writer is an advocate.

Published in Dawn, July 31st, 2016

Read Comments

What is Project 2025 that is being linked with Donald Trump? Next Story