Iran has announced it has completed the first phase of its long running plan to operate a "national internet".
An inauguration ceremony was held on Sunday by the country's communications and censorship minister, Mahmoud Vaezi.
Iran already blocks access to overseas-based social media services - including Twitter, Instagram and Facebook - many users still access them via proxy sites and virtual private networks (VPNs). So the government is trying to totally cut off access
paths to the outside world.
The government says the goal is to create an isolated domestic intranet that can be used to promote Islamic content and raise digital awareness among the public. It intends to replace the current system, in which
officials seek to limit which parts of the existing internet people have access to via filters - an effort Vaezi described as being "inefficient".
According to a report by Mehr, a Tehran-based news agency :
the first phase of the rollout involves providing access to e-government services and domestic web pages
a second phase, due in February 2017, will add domestic video content
a third phase, due in March 2017, will introduce further
services and provide support for companies involved in international trade
The British human rights campaign group Article 19 has criticised the plan:
Given Iran's record in violating its human rights commitments based on civil and political (including religious and ethnic) grounds, the
development of projects such as the national internet are especially concerning.
The National Internet Project could pave the way for further isolation, surveillance and information retention. [It] risks severely isolating the
Iranian people from the rest of the online world, limiting access to information and constraining attempts at collective action and public protest."
Despite near universal condemnation from Pakistan's tech experts; despite the efforts of a determined coalition of activists, and despite numerous attempts by alarmed politicians to patch its many flaws, Pakistan's Prevention of Electronic Crimes Bill
(PECB) last week passed into law. Its passage ends an eighteen month long battle between Pakistan's government, who saw the bill as a flagship element of their anti-terrorism agenda, and the technologists and civil liberties groups who slammed the bill
as an incoherent mix of anti-speech, anti-privacy and anti-Internet provisions.
But the PECB isn't just a tragedy for free expression and privacy within Pakistan. Its broad reach has wider consequences for Pakistan nationals
abroad, and international criminal law as it applies to the Net.
The new law creates broad crimes related to cyber-terrorism and its glorification online. It gives the authorities the opportunity to threaten, target
and censor unpopular online speech in ways that go far beyond international standards or Pakistan's own free speech protections for offline media. Personal digital data will be collected and made available to the authorities without a warrant: the
products of these data retention programs can then be handed to foreign powers without oversight.
PECB is generous to foreign intelligence agencies. It is far less tolerant of other foreigners, or of Pakistani nationals living
abroad. Technologists and online speakers outside Pakistan should pay attention to the first clause of the new law :
This Act may be called the Prevention of Electronic Crimes Act, 2016.
It extends to the whole of Pakistan.
It shall apply to every citizen of Pakistan wherever he may be
and also to every other person for the time being in Pakistan.
It shall also apply to any act committed outside Pakistan by any person if the act constitutes an offence under this Act and affects a person, property,
information system or data location in Pakistan.
Poorly-written cyber-crime laws criminalize these everyday and innocent actions by technology users, and the PECB is no exception. It criminalizes the violation of terms of service in some cases, and ramps up the penalties for many
actions that would be seen as harmless or positive acts in the non-digital world, including unauthorized copying and access. Security researchers and consumers frequently conduct unauthorized acts of access and copying for legitimate and lawful
reasons. They do it to exercise of their right of fair use, to exposing wrongdoing in government, or to protect the safety and privacy of the public. Violating website terms of service may be a violation of your agreement with that site, but no nation
should turn those violations into felonies.
The PECB asserts an international jurisdiction for these new crimes. It says that if you are a Pakistan national abroad (over 8.5 million people, or 4% of Pakistan's total population)
you too can be prosecuted for violating its vague statutes. And if a Pakistan court determines that you have violated one of the prohibitions listed in the PECB in such a way that it affects any Pakistani national, you can find yourself prosecuted in the
Pakistan courts, no matter where you live.
Pakistan isn't alone in making such broad claims of jurisdiction. Some countries claim the power to prosecute a narrow set of serious crimes committed against their citizens abroad under
international law's passive personality principle (the U.S. does so in some of its anti-terrorism laws). Other countries claim jurisdiction over the actions of its own nationals abroad under the active personality principle (for instance,
in cases of treason.)
But Pakistan's cyber-crime law asserts both principles simultaneously, and explicitly applies them to all cyber-crime, both major and minor, defined in PECB. That includes creating a sense of insecurity in
the [Pakistani] government (Ch.2, 10), offering services to change a computer's MAC address (Ch.2, 16), or building tools that let you listen to licensed radio spectrum (Ch.2, 13 and 17).
The universal application of such
arbitrary laws could have practical consequences for the thousands of overseas Pakistanis working in the IT and infosecurity industries, as well for those in the Pakistan diaspora who wish to publicly critique Pakistani policies. It also continues the
global jurisdictional trainwreck that surrounds digital issues, where every country demands that its laws apply and must be enforced across a borderless Internet.
Applying what has been described as the worst piece of
cyber-crime legislation in the world to the world is a bold ambition, and the current Pakistani government's reach may well have exceeded its grasp, both under international law and its own constitutional limits. The broad coalition who fought PECB
in the legislature will now seek to challenge it in the courts.
But until they win, Pakistan has overlaid yet another layer of vague and incompatible crimes over the Internet, and its own far-flung citizenry.
Several thousand New Zealand families have signed up to use an internet blocking service that is designed to prevent access to a wide range of websites with adult content.
Vocus, which owns the Slingshot, Orcon and Flip internet brands, began offering
its network level family filter a few weeks ago. Stuff Fibre has announced it will also offer a blocking service, called Safe Zone, which its managing director Sam Morse said would be more flexible.
Vocus consumer manager Taryn Hamilton
said parents often eschewed parental control software that they could install on individual computers and other devices, as it was complex, possible to circumvent and often did not cater well for smartphones. Hamilton said that the Vocus Family Filter
instead blocks content at the network level so that the same level of censorship applies to all devices in a household. He added that parents could easily switch the filter on and off, if they chose, using their account password.
Vocus plans to
provide the filter free for a year, after which it will charge $5 a month. Hamilton said Vocus' filter was being provided by United States company Fortinet and was designed to screen out:
websites about hacking, the dark web and other illegal activities
sites that promote self harm or suicide and known infected or hacked
Stuff Fibre managing director Sam Morse said its Safe Zone service would be more flexible. Rather than only having a single on/off switch , Safe Zone would come with a range of pre-configured profiles . Not long after launch, it would
let customers configure settings differently for devices on a network so you will be able to decide what set-up you want for Johnny's iPhone ..