The Edge of Risk Menu Search
Stay informed on top risk issues—BRINK delivers expert insights on global risk right to your inbox, daily.
Please enter a valid email address.
Success! Thank you for signing up.
Technology Cybersecurity

Sweeping National Cybersecurity Laws Run Risk of Overbroad Regulation

Fourteen years ago, the world was introduced to a new kind of border-blurring regulation on an equally new idea: cybercrime. The 2001 Budapest Convention on Cybercrime, where Canada, Japan, and the European Council (representing 47 European countries) signed the first international treaty on cybercrime, ignited a new era of online regulations that is far from closure.

Now, with online national security breaches making regular headlines, governments are rolling out larger and more sweeping legislation met with both applause and skepticism from global experts.

In April, Egypt introduced a draft law addressing  “crimes committed both against fellow citizens and against the state” in hopes of quashing the online dissemination of recruitment and propaganda from terrorism groups. This came on the heels of a similar bill being introduced in Pakistan, which would give the government “power to issue directions for removal or blocking of access of any intelligence through any information system…if it considers it necessary in the interest of the glory of Islam or the integrity, security or defense of Pakistan.” Both were met with grievances from human rights advocates who see them as a direct violation to freedom.

“In this vein, the [Pakistan] law could be used to block news, cultural, or political sites that are not favored by the authorities, since they are the ones left to decide what constitutes a threat to national security,” said Ragab Saad, researcher at the Cairo Institute for Human Rights Studies in an opinion piece for the Atlantic Council. “Combatting terrorism should not be a pretext for undermining online freedom of expression and communication.”

Ellery Biddle, director of Global Voices Advocacy, a program that protects online freedom of expression, compared these “sweeping” laws to a more traditional form of censorship.

“Many of these governments are restricting Internet access because they see ISIS and other groups using it to recruit members,” Biddle said. “But that’s like restricting all phone services because we knew that terrorists were using the phone,” she said. “It’s the needle in a haystack.”

Some say the security benefits these cybercrime laws will bring far outweigh the risks to information freedom.

But some say the security benefits these laws will bring far outweigh the risks to information freedom.

“There is a universal consensus that while the benefits and blessings of the explosion of information technology cannot be denied to the citizens, it is [an] equally essential and inescapable responsibility of the government to ensure protection of the rights of the citizens,” said Malik Muhammad Ashraf in a column for Pakistan Times.

Tanzania also passed a large cybercrime bill in April that addresses the publication of “misleading, deceptive or false” information online. The country, which lost approximately TZS$892.18 billion (USD$440 million) through cybercrimes in 2012, is quick to defend the bill.

“We must all understand that the security of the nation is first and foremost … we must ensure the nation is protected from this new threat caused by technology,” said Salva Rweyemamu, Director of Presidential Communications in Tanzania, in an April press conference.

Biddle, with Global Voices Advocacy, says that while it’s difficult to make any umbrella statements about each country’s cybercrime legislations, they all need significant changes to maintain citizen’s legal rights. And may effectively silent those who debate future government rulings.

“For some countries, ‘cybercrime’ is just a modern way of saying ‘the Internet’,” Biddle said. “It’s not just about security, it’s about a country that wants to stop people who may threaten their power. Expose things about them that might not sound so good.”

But is there a happy medium? Yes, says Biddle, but it will take time—and government cooperation—to see daylight.

“These laws are far too general, they don’t focus in enough on the real threats. These governments should be focusing in on the real, specific threats,” she said. “Until then, everyone’s impacted.”

This story was updated to correctly reflect the amount of Tanzanian cybercrime losses as stated in Tanzanian Shillings and the current U.S. dollar equivalent.