Legislative stampede: What is the digital endgame?
It’s been a stamping spree in the federal cabinet and Parliament. Bill after bill is being approved, presented and passed. In this deluge, for the most part, the discussion around the bills in the media and on social media has largely been speculative, with no way to ascertain whether copies of the bills in circulation are the approved versions.
This is because these bills were never made public for input and there has been no debate in the assembly. Some bills have now (as of yesterday) been uploaded to the National Assembly’s website, but not all.
Passing laws at breakneck speed and withholding their content naturally sounds alarm bells. Which is why there should be no pretence at all that any of this is about public good. It’s about control, nothing else.
Protecting or accessing data?
The Personal Data Protection Bill 2023 (PDPB), which received the federal cabinet’s principal approval on July 26, 2023, supposedly seeks to protect users. The content of the bill has, however, drawn concern locally and globally, from a technology, economic and rights standpoint by digital rights groups and citizens in Pakistan, particularly the Venture Capital Association of Pakistan, the Asia Internet Coalition and the Global Network Initiative.
The PDPB limits cross border data flow by requiring certain types of data to only remain in Pakistan. It sets up a commission, whose members are appointed by the federal government, and has been given the powers of a civil court — it can levy fines in the millions (of dollars) at its discretion, call for information and ‘facilitate the transfer of sensitive personal data’ to the government, which is defined in an overarching manner to include federal, provincial local and any entity “controlled by the government.”
How does a state whose operators and apparatus thrive on all kinds of leaks — video, audio, photo, you name it — pretend to want to protect data? How is the law protective when sensitive data can be provided to and accessed by the government? How is a commission autonomous when it is under the administrative control of the federal government?
Housing all data locally is not just a privacy risk given the operating environment, it is also untenable, given how the digital ecosystem is set up. And this is not just about the lack of local infrastructure or a cost issue — though it is that too.
Not only is there no alternative at this scale, but choice matters in a democratic dispensation and competitive markets from an economic standpoint. You cannot force those already set up and reliant on others’ services to migrate to platforms and servers of choice (which the government conveniently exercises more control over), removing us from a global arena and pulling everything back to ground zero.
Access to data and control over it is the driver of this bill, not citizens’ protection and autonomy over their data.
e-Safety or e-Censorship?
The e-Safety Bill 2023 was also given principle approval along with the PDPB. No one had heard or seen its draft prior to hearing of its approval. All that was available by way of information were press releases about how an authority was being created to prevent social harm.
Then on August 3, 2023, at 7pm, the Ministry of IT & Telecom posted a draft inviting input. The deadline given is 3:30pm on Monday, August 7, conveniently before the dissolution of the assemblies on August 9.
The only input this deserves is for this proposal to be shelved indefinitely.
Ironically, the e-Safety bill claims to “foster and promote safe online Social Network Platforms” and “promote online safety and prevent online harm.”
Never heard that before.
Oh wait, remember The Prevention of Electronic Crimes Act, 2016 (Peca)? The fruits of ‘we must protect women from harassment and minors from harm’ are visible to all by now, as ruses to carry out the actual objective of such laws — to target and repress further.
What the e-Safety bill does is revive aspirations for a super regulator, which was attempted previously for OTT platforms but defeated at the Senate standing committee level. It creates another authority, which is essentially the Pakistan Electronic Media Regulatory Authority (Pemra) and the Pakistan Telecommunication Authority (PTA) merged into one, but for all things digital.
This bill actually repeals Section 37 — which gives the government/PTA unfettered powers to block access or remove speech not only on the internet but transmitted through any device — from Peca. While the deletion of Section 37 from Peca has been a longstanding demand of digital rights groups, Section 37 powers are not only being amassed by the authority under this bill, but also being expanded further.
Since it has been argued on several occasions that social media platforms and users are not PTA’s licensees and that their content cannot be regulated in such a manner, this bill seeks to turn them into this authority’s licensees, thereby defeating claims of lack of jurisdiction and legality and making punitive action possible.
Advertising and e-commerce providers have also been housed under the ambit of this authority. Since stifling the mainstream media through cutting ad revenue turned out to be a successful way to thwart it, the same model is now being applied to the digital sphere.
Under prohibited content, a long list of subjective categories appear, just like the vague code of conduct enforced by Pemra. Here is where it gets particularly confusing.
Is there going to be one legal standard for electronic and another for digital? When broadcast content is uploaded online, will complaints be taken up by Pemra for broadcast and by the e-Safety authority for its digital copy? Similarly, the e-commerce sector too has regulators. Are there going to be multiple regulators for each sector?
The digital space also carries the risk of fines, revocation of licenses and of course, criminal action. For violating its provisions, the e-Safety bill prescribes imprisonment of up to three years and fines, limits for which will be included in the rules to follow. Complaints can be made not just by users but also government departments. These complaints would be registered with the e-Safety authority whose members will be appointed by the federal government.
Not only does this bill deal with content, provisions on data have also been snuck in. In similar fashion to the social media rules which contained registration requirements, initial versions contain punitive measures like fines, and data provisions in regulations on content.
Meanwhile, the bill also states that “the authority or any person on its behalf” is authorised to gain “access to any communication device” if they believe a violation of the law has occurred.
Moreover, the authority can also call for financial statements and other information, failure to furnish which can lead to the imposition of fines. For “law-enforcement purposes,” all those registered with the authority will be required to “disclose information … about the data of the subscriber within its possession.”
These circumvent some of the safeguards that were pushed through in Peca in the shape of warrants for the disclosure of data, and of course, this bill is given an overriding effect.
In addition to the authority, which has overarching powers to regulate, monitor, block access to material, issue or revoke licenses, unilaterally investigate violations of the Act and take action, the bill also sets up an e-Safety complaints commission.
Complaints will be made to the commission, which will also take up matters referred to it by the authority. The commission too can penalise violations under the bill and enjoys the powers of a civil court. Any appeal against the commission’s order can then be filed before an e-Safety tribunal. The members of this tribunal, again, will be appointed by the federal government. The appeal against a decision of the tribunal can be submitted before the high court.
This essentially means burying everyone under bureaucratic procedures so the right to appeal or hearing before a constitutional court is frustrated until it has been taken up by the commission and tribunal. Decisions which have real-time consequences will take months and years to resolve — if at all — while those aggrieved will be made to “exhaust all available remedies” before approaching a high court for adjudication on a matter that concerns fundamental rights.
Expanding curbs
The amendments to the Pakistan Electronic Media Regulatory Authority (Pemra) insert the definition of “disinformation” which includes information obtained “without making an effort to get other person’s point of view or not giving proper coverage or and space.”
Who decides what is “proper coverage” and if a response is solicited but not given, which often happens, or access is blocked when there is critical coverage, what then?
Both the e-Safety bill and Pemra amendments contain sections barring the jurisdiction of courts and other forums/authorities, to “question the legality of anything done or any action taken” by the authorities. One can hence only assume that the aim of the bills is to give the authorities a carte blanche to the overreach and excesses routinely committed as regulators.
The latest version of the Army Act amendment, now available on the National Assembly’s website, omits its earlier reference to Peca and defamation. Though it has been argued that this will not be applied to civilians, the latter have been tried under the Act — before May 9, 2023, too. Under Peca too, scores of cases have been constructed against citizens for “anti-institution” propaganda, particularly under Section 20, even though the language of the law does not cover institutions as an entity that can claim injury.
What has really jolted everyone from their slumber though is the amendment to the Official Secrets Act (OSA), which has again drawn sharp condemnation and was even opposed in the Senate.
While versions of the amendments have been in circulation for the past several days, it was only late on Friday that an official copy was made available on the National Assembly’s website.
Condemning the amendments, the Pakistan Bar Council, in its statement, said the bill grants “blanket powers to raid and detain any citizen, or enter/search any person in any place, without obtaining a search warrant from any court of law, even under the suspicion of them breaching the law.” A statement by the Supreme Court Bar Association of Pakistan said: “Granting broad powers to intelligence agencies will undermine fundamental rights of individuals including right to privacy, dignity and fair trial.”
What is most concerning about this law is that the definition of “enemy” is incredibly broad. Dissidents are often labelled foreign agents and anti-state actors. The offences in relation to “public order, defence, safety or interests of the State” are also very broad categories.
The interest of the state and interest of the people are often divergent, both from a security perspective and economic. Those alerting against the regrouping and reorganisation of the Tehreek-i-Taliban have in the past been labelled as anti-state. Those critical of CPEC or economic programmes such as the IMF can also be viewed as acting against the interests of the state. Will all such commentary and people involved become enemies of the state?
The OSA amendments also prescribe a penalty of three years in jail and a fine of up to Rs10 million, for disclosing the identity of members of intelligence agencies, informants or sources.
So if someone is harassed or illegally picked up or detained by an official, and this is caught on CCTV or a video recorded on someone’s phone to highlight the illegal act committed against them, the person recording, releasing and campaigning for release and accountability will instead be held liable under this law for disclosing identity?
The endgame
That all of this is undemocratic and dangerous has been pointed out in various statements issued in the last few days by the Awami Workers Party, Women Action’s Forum Karachi and Lahore chapters and the Human Rights Commission of Pakistan. All of them condemn the hasty passage of some of these bills and criticise them for being dangerous for civil liberties and detrimental to democracy.
Information and data are everything today.
The only way we are able to know and comment on these bills is because of the dissemination of information through digital means. Tomorrow, sharing of bills on the pretext that the disclosure is “unauthorised” or the version in circulation is incorrect and hence “disinformation” is being spread, is likely, without any acknowledgment that the lack of transparency directly infringes upon the citizens’ right to know what is being legislated.
What is effectively being curtailed are our rights to information, expression, privacy and fair trial through these legislations by increasing the “legal” stranglehold of the state to provide a fig leaf for its illegal actions.
What these laws seek to do is legalise the state’s extra-legal activities. What this does is rob people of some semblance of defence before courts.
It’s going to be harder to argue the vires when violations are sanctioned in the letter of the law. It will be more difficult to convince courts to strike down these laws because these are being passed by Parliament — no matter what the numbers at the time of passage because quorum is not being pointed out in each instance — because a parliamentary stamp is different than a presidential one. No matter how undemocratic the process or how unconstitutional the provisions are, it will be an uphill battle to prove, before which the damage will be widespread.
A law does not have to be all bad for it to be a problem. There are over a dozen criminal offences in Peca. Of these, a handful of them are routinely applied to target dissidents. The stated intent is mostly never what the endgame is actually about, and Peca is a good example of this.
There should be no doubt that all of this is to hold the state’s noose over every individual and every sector. At this point, no legislation is better than hastily passed, malicious laws.
Header image: Shutterstock.com