Legislation for Internet security can quickly turn into a weapon against the free press. Cybercrime laws are intended to extend existing penal codes to the online world, but they can easily be broadened to criminalize standard journalistic practices. By Danny O’Brien
Chiranuch Premchaiporn, editor of Prachatai, is the model of a modern independent news website manager. From her office in downtown Bangkok, she guides a team of online journalists conducting investigative reports on the lesser-reported sides of Thai society: labor disputes, fraud in distant rural areas, and corruption. In these politically sensitive times, she has a challenging job. The website has to cautiously navigate the proprieties of reporting without favor on Thailand’s dominant political factions, the Red and Yellow shirts.
But instead of concentrating on editing her news site, she spends weeks at a time in Bangkok’s criminal courts, facing a government prosecution that has involved multiple arrests and a three-year-long trial. Chiranuch was first arrested in March 2009, when the Prachatai offices were raided by police and her laptop was seized. When I spoke with her in October 2011 (CPJ provided expert testimony on Internet law to the court), she had just heard that the decision in her case would be delayed another five months due to Bangkok’s flooding. Even though a guilty judgment could lead to a sentence of up to 50 years in jail, she is impatient for the case to be concluded. “It is a distraction,” she said. “I’ve tried not to involve the Prachatai team, but I’m always preparing for the trial and can’t make long-term plans.”
Chiranuch is being prosecuted under Thailand’s strict lѐse majesté laws against public criticism of the monarchy–but the charge lies not in the disloyalty of her own words, or those of her team at Prachatai. Instead, the language of a handful of visitors to her website who wrote comments on the site’s discussion board led to her arrest on criminal charges.
The law she is accused of breaking is the Computer Crime Act, which was introduced ostensibly to combat cybercriminals. The act was the first piece of legislation introduced by military coup leaders when they restored the legislature in 2007. It has already proven to be a dangerously wide-ranging addition to the original lѐse majesté laws, as well as a powerful tool to censor websites. “The military government considered the Internet so dangerous, one of its first orders was for censorship,” said author C.J. Hinke, who heads the local pressure group Freedom Against Censorship Thailand. “Their original draft of the Computer Crime Act included the death penalty for computer crimes.”
Laws like the Computer Crime Act, originally presented as targeting hackers and those who commit fraud, are being applied to reporters and news websites around the world. And in many cases, from Angola to Saudi Arabia, governments are using claims of online disorder as a cover to introduce far more repressive laws that unashamedly target journalists and the right to free expression.
When Tunisian blogger Slim Amamou was detained in the dying days of Zine El Abidine Ben Ali’s dictatorship, his interrogators said he would not be charged for his reporting online, but for hacking. “The case against me was of cybercriminality,” he told CPJ. “I was accused of harming technical infrastructure.” In fact, in some of his last posts before his detention, the independent blogger was reporting original research on the Tunisian authorities’ own Internet fraud: creating fake Facebook and Google home pages to steal passwords from Internet users sharing video of the Tunisian protests. If not for the collapse of the Ben Ali government a few days later, Amamou could have spent up to 10 years in jail. But he was never charged. Just five days after his release from detention, and four days after the fall of Ben Ali, he was appointed secretary of state for sport and youth in the new government.
Allegations that reporters from the now-defunct News of the World in the United Kingdom illegally accessed private voicemails demonstrate that journalists must be bound by legitimate anti-hacking laws. But some country’s cybercrime laws are constructed so broadly that normal journalistic activity online can be deemed illegal.
On April 1, 2011, Angola’s National Assembly voted on a “Law to Combat Crime in the Area of Information and Communication Technologies and of Information Company Services.” As well as including standard cybercrime provisions to combat unlawful access to computers and the distribution of child pornography, the bill included a blanket prohibition on the online posting or sharing of photos, recordings, or videos without the consent of those appearing within them. Another section would criminalize anyone who forwards a message with intent to “disturb the peace and tranquility or the personal, family, or sexual life of another person”; another would allow police to search homes without warrants when seizing data such as computer hard drives, cell phones, and digital video equipment. Violations of these sections could lead to prison sentences of 12 to 14 years–more than six times the term applied to online pornography distribution.
“The initial draft of the bill, submitted to the president by the Ministry of Telecommunications and Information Technology, contained none of this,” said Rafael Marques de Morais, an Angolan journalist who reports on corruption in the country. “It was the presidency of José Eduardo dos Santos who added these provisions before presenting the law to the assembly.” Marques points out that the additions coincided with the success of uprisings in Tunisia and Egypt, and were intended to criminalize the online reporting of news and images that mobilized popular movements in the Arab world. Human Rights Watch explicitly views the bill as intended to extend dos Santos’ strategy of restricting traditional media. The Angolan government and its allies had previously harassed or aggressively purchased independent voices such as the two leading weekly newspapers, Semanário Angolense and A Capital. The shrinking of Angola’s independent print voices forced many writers and readers to switch to distributing and reading news online, Marques says. After protests by local media and human rights groups, the proposed law’s passage stalled in the legislature, but Marques expects it to reappear by spring 2012.
Cybercrime laws are intended to extend existing penal codes to the online world, but they can easily be broadened to criminalize the standard practices of online journalists: running commentary boards or writing about third parties online without permission. The apparently benign–or at least, neutral–extension of existing media regulations to the Internet poses the same risks. On January 1, 2011, Saudi Arabia’s Ministry of Culture and Information announced its “E-Publishing” regulations, which widened the country’s news media registration laws to the Internet.
Saudi authorities have significant powers over traditional media outlets, including the right to appoint and fire senior editors at will. After the emergence over the past few years of a vibrant, but unregulated, online news sector, including popular local publications such as Burnews and Hasanews, authorities set about introducing the same controls on the Internet. The larger news sites initially welcomed the regulations, said Saudi blogger Ahmed al-Omran, explaining that they believed “official registration would provide them with legitimacy, which would help with access and reassure advertisers.” However, the regulations also required government registration and official approval of editors for any organization or individual conducting “electronic journalism” as well as websites “displaying audio and visual material.”
The authorities have stated that bloggers are exempt from compulsory registration, while leaving the distinction between bloggers and electronic journalists undefined. For instance, two video-bloggers, Feras Bughnah and Hosam al-Deraiwish, were detained for two weeks in October for their piece documenting poverty in Riyadh, which they posted to YouTube. The charges they faced were unclear, but one source to whom al-Omran spoke suggested that the detention was due to the video being aired by an opposition TV channel hosted outside of Saudi Arabia. With one broadcast, Bughnah and al-Deraiwish were transformed from bloggers recording the world around them to “electronic journalists.”
Elsewhere, arbitrary registration requirements have been used as a pretext to block news sites. In November, Sri Lanka’s government announced that any news site publishing “any content relating to Sri Lanka” was required to register. A day after the announcement, Sri Lankan Internet service providers began blocking some of the country’s most prominent news sites, including the Sri Lanka Mirror and Sri Lanka Guardian.
Imprecision in new Internet laws frequently ensnares news sites. In India, “Intermediary Guidelines” introduced in May require any system hosting material deemed blasphemous, inciting hatred, being ethnically objectionable, infringing patents, or threatening unity to remove the content within 36 hours or face prosecution. The conditions are undefined and “so vague that it is open to arbitrary interpretation,” Sunil Abraham of the Bangalore-based Center for Internet and Society told The Washington Post. The process for deeming content objectionable is simply a complainant’s sending a registered letter or digitally signed email to the hosting service. As a consequence, any online article in India may be removed from view by a single complaint.
The Intermediary Guidelines did not pass through the Indian parliamentary process; they were presented by the New Delhi government as technical amendments to the country’s Information Technology Act. They took effect shortly after introduction, despite complaints from press and Internet freedom groups, as well as from Internet companies such as Google India.
Because the Internet is still governed in most countries by information technology ministries and regulatory organizations rather than through directly elected institutions, provisions can frequently be introduced by regulators or companies with no consideration of press freedom issues. In September, VeriSign, the corporate administrator of the .com domain, requested permission from the global Internet regulatory body ICANN to enforce the “denial, cancellation, or transfer of any [domain name] registration” in response to “any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process.” As with the Indian provision, this permission would grant governments and agencies the ability to remove entire .com websites without due process. A single request to remove a domain would expunge a news site overnight. VeriSign withdrew the request following complaints, but the proposal demonstrates how much power some companies can have to censor across the entire global Internet at the request of states or regulators. The company gave no reason for the withdrawal.
The rise of cybercrime has also led to an opportunity for introducing seemingly benign transnational agreements that could be used to silence dissident voices. In September, a proposal for an “international code of conduct for information security” was presented at the United Nations. Its supporters were China, Russia, Tajikistan, and Uzbekistan, and the code of conduct included language “to cooperate … in curbing the dissemination of information that incites terrorism, secessionism, or extremism, or that undermines other countries’ political, economic, and social stability, as well as their spiritual and cultural environment.” All four countries have an unenviable record in restricting journalists’ freedom of expression under similar tenets. Terrorism, separatism, and extremism are classed as the “Three Evils” by China and its neighbors, and are used to target minority journalists such as Gheyret Niyaz, manager of the Uighurbiz website, who is serving 15 years in prison for “endangering state security.”
Internet laws and regulations need not penalize press freedom. Accidentally broad laws can be re-drafted, and rules can be written to protect freedom of expression.
In 2009, Brazil began work on its Marco Civil da Internet, an attempt to introduce “rights and duties” for the use of the Internet in Brazil. Over the next two years, the bill was debated, not just in the country’s legislature, but online, with the government of Brazil creating dedicated sites to allow individuals to comment and suggest amendments. In the original draft of the bill, as in Indian proposals, complainants could have critical articles online removed by simply requesting the action; journalists would have to apply to a court to restore their work. After criticism by CPJ and many others during the consultation, the proposal was reversed: critics will now need to obtain a court order to remove content.
The Marco Civil was being debated by the Brazilian legislature in late year. While its passage was not guaranteed, it shows what can be done if nations want to ensure that new laws do not interfere with one of the most powerful and liberating capabilities of the Internet: to act as a tool of free expression and press freedom. Those rights of free expression have to be built into the laws from the start; Internet journalists, experts, and users need to be consulted; and the rules should carefully and slowly evolve.
Sadly, politicians around the world are often more tempted to make sweeping proposals to combat whatever Internet-related problem has hit the headlines that day. The week after riots broke out in several areas of London, British Prime Minister David Cameron announced he would investigate ways to control or block communications online, and TV channels were forced to hand over raw footage of the riots to authorities.
While Cameron backed down from his threats to proceed with new legislation, the language of censorship and seizure was quickly picked up by others. “We may wonder why Western leaders, on the one hand, tend to indiscriminately accuse other nations of monitoring, but on the other take for granted their steps to monitor and control the Internet,” China’s state-run press agency, Xinhua, said. “For the benefit of the general public, proper Web monitoring is legitimate and necessary.”
The year online has been, in some ways, a disturbing one for authoritarian and democratic governments alike. Political leaders and corporations blamed our increasingly connected world for uprisings, riots, and widespread hacking attacks. But without due care–and pressure from those most concerned with free expression–laws concerned with Internet security can quickly turn into weapons against journalists and the freedom of the new, digital media.
Danny O’Brien, CPJ’s San Francisco-based Internet advocacy coordinator, has worked globally as a journalist and activist covering technology and digital rights. In October 2011, he provided expert testimony in the trial of Thai online editor Chiranuch Premchaiporn.