Cybercrime – Radio Free

CPJ, partners: Tunisian authorities must release of Sonia Dahmani, end misuse of cybercrime Decree-Law 54

CPJ Staff — Thu, 10 Jul 2025 15:41:16 +0000

New York, July 10, 2025—The Committee to Protect Journalists joined 17 other press freedom and human rights organizations on July 10 in a statement condemning Tunisia’s ongoing crackdown on freedom of expression and calling for the immediate release of imprisoned commentator Sonia Dahmani, who is serving multiple prison sentences under a repressive cybercrime Decree-Law 54 for her media commentary.

The statement warns that Decree-Law 54 has become the government’s primary tool for targeting dissent, with Dahmani facing five separate cases for political commentary, three of which have already resulted in convictions. A fourth case, in which charges have been escalated to criminal offenses carrying a possible 10-year sentence, is scheduled for a key hearing on July 11. The statement also expressed deep concern about the harsh prison conditions faced by Dahmani.

Her sister, Ramla Dahmani, was also sentenced in absentia to two years in prison for advocating for the journalist’s release on social media.

Organizations can still sign the statement here until Thursday, July 17.

Read the full statement here.

This content originally appeared on Committee to Protect Journalists and was authored by CPJ Staff.

YouTube channel blocked, journalist assaulted, commentators charged after Kashmir attack in India

CPJ Staff — Tue, 06 May 2025 17:09:45 +0000

New Delhi, May 6, 2025—The Committee to Protect Journalists is deeply alarmed by a series of incidents in India involving the silencing, assault, and legal harassment of journalists and political commentators following the April 22 deadly attack in Indian-administered Jammu and Kashmir that left 26 tourists dead.

“CPJ urges Indian authorities to ensure that responses to national security concerns remain firmly grounded in democratic principles and constitutional protections for press freedom,” said Kunāl Majumder, CPJ’s India Representative. “We call on the government to uphold transparency in content regulation, adhere to due process, and avoid using national security as a blanket justification to suppress independent journalism.”

On April 29, the Indian government ordered the blocking of the YouTube channel 4PM News Network, which has about 7.3 million subscribers, citing national security and public order. On May 1, 4PM Editor-in-Chief Sanjay Sharma filed a petition with the Supreme Court challenging the government’s order. The Supreme Court has asked the government to respond to Sharma’s petition.

Separately, on April 24, Rakesh Sharma, a senior journalist with the Dainik Jagran newspaper, was physically assaulted by supporters of the ruling Bharatiya Janata Party while covering a protest in Kathua, Jammu and Kashmir, following the terrorist attack. Local police have filed a first information report (FIR), a document that opens an investigation, but there are no reports of arrests.

Meanwhile, police in Uttar Pradesh launched criminal investigations last week into political commentators and satirists Neha Singh Rathore and Madri Kakoti, who publishes under the name Dr. Medusa, for allegedly inciting unrest and threatening national unity through their online posts about the tourist attack, with potential prison sentences of three years to life if convicted.

In addition, Supreme Court lawyer Amita Sachdeva filed a complaint with the Cyber Crime South Division in New Delhi on April 29, accusing satirist Shamita Yadav, also known as “The Ranting Gola,” of anti-India propaganda after her video critiquing the government’s response to the attack was reposted by a Pakistani user.

On April 28, the Ministry of External Affairs sent a letter to Jackie Martin, the head of BBC India, expressing strong disapproval of the BBC’s use of the term “militant attack” to describe the event.

The Indian government has also blocked 16 Pakistani news, sports, and commentary YouTube channels following the attack, citing national security concerns.

These developments coincide with a Ministry of Information and Broadcasting advisory, reviewed by CPJ, that prohibits live coverage of anti-terrorist operations, citing security risks.

CPJ emailed India’s Ministry of Information and Broadcasting and the police departments overseeing the investigations for comment but did not receive any replies.

This content originally appeared on Committee to Protect Journalists and was authored by CPJ Staff.

Jailed Tunisian commentator Sonia Dahmani faces 10-year -sentence after charges elevated to felony

CPJ Staff — Fri, 11 Apr 2025 20:46:44 +0000

New York, April 11, 2025—The Committee to Protect Journalists calls for the immediate release of political commentator Sonia Dahmani after the Tunis Court of Appeals reclassified charges against her as a felony, a move that could lead to a 10-year prison sentence over Dahmani’s critique of prison conditions.

“The reclassification of imprisoned commentator Sonia Dahmani’s charges as a felony is yet another alarming escalation in the Tunisian government’s use of cybercrime Decree Law 54 to intimidate and punish critical voices,” said CPJ Program Director Carlos Martínez de la Serna. “Tunisian authorities must immediately release Dahmani, drop all charges against her, and put an end to the ongoing judicial harassment against journalists and commentators in the country.”

Dahmani, a lawyer and political commentator on IFM radio and Carthage Plus TV, was arrested in May 2024 and is currently serving a 32-month prison sentence on charges in connection with televised remarks about the state of Tunisia’s prisons. The case was filed by the General Directorate of Prisons under Article 24 of the cybercrime Decree-Law 54 on spreading false news charges.

On Thursday, April 10, the Tunis Court of Appeals upheld felony charges against Dahmani and referred her case to the criminal court, ignoring a February 3 Court of Cassation ruling that found the cybercrime law should only apply to crimes committed via digital systems and not to opinions expressed through traditional media.

Dahmani faces five charges for her media commentary; four are classified as misdemeanors.

According to CPJ’s December 1, 2024, prison census, at least five journalists were behind bars in Tunisia, the highest number recorded since 1992. The crackdown has intensified since President Kais Saied’s 2021 power grab—when he dissolved parliament, took control of the judiciary, and gave himself powers to rule by decree.

CPJ’s email requesting comment on Dahmani’s prosecution from the Tunisian presidency did not receive any response.

This content originally appeared on Committee to Protect Journalists and was authored by CPJ Staff.

Pakistani journalist Waheed Murad seized from home in the night

CPJ Staff — Thu, 27 Mar 2025 16:26:18 +0000

New York, March 27, 2025—Pakistani authorities must immediately and unconditionally release journalist Waheed Murad, who was taken away by masked men who broke into his home in the capital Islamabad before dawn on Wednesday, and stop using such brutal tactics to intimidate the press, the Committee to Protect Journalists said.

Murad, who works as a reporter for Urdu News and runs the independent news site Pakistani24, later appeared before the Judicial Magistrate Islamabad (West) court, where he was placed in the custody of the Federal Investigation Agency (FIA) for two days under Pakistan’s cybercrime laws for allegedly posting “intimidating content” online, according to a copy of the court order, reviewed by CPJ.

“The shocking overnight raid on the home of seasoned journalist Waheed Murad is part of a disturbing trend of enforced disappearances and detentions of journalists by Pakistan’s security agencies,” said Beh Lih Yi, CPJ’s Asia program coordinator. “Authorities must allow Murad to resume reporting without fear of detention, threats, or intimidation.”

Murad’s mother-in-law, Abida Nawaz, said that the unidentified men who abducted the journalist did not say where they were taking him. Before Murad appeared in court, she had filed a petition with the Islamabad High Court seeking his recovery. The petition states that the journalist had raised his voice about the disappearance of exiled journalist Ahmed Noorani’s two brothers in Islamabad.

Noorani’s brothers have been missing since March 18, when individuals identifying themselves as police forcibly entered their family home. In addition, journalist Asif Karim Khehtran disappeared from his home district of Barkhan on March 13, and Farhan Mallick, founder of the independent online media platform Raftar, continues to be held in FIA detention after being detained on March 20 in Karachi.

CPJ’s text messages requesting comment from Information Minister Attaullah Tarar received no response.

This content originally appeared on Committee to Protect Journalists and was authored by CPJ Staff.

Jordanian publisher arrested under cybercrime law after ex-PM complains

CPJ Staff — Thu, 20 Mar 2025 16:18:57 +0000

Beirut, March 20, 2025—The Committee to Protect Journalists is deeply concerned by the March 17 arrest of Jordanian publisher Omar Al Zayood, following a complaint by former Prime Minister Bisher al-Khasawneh that Zayood’s Al Hashmiyah News site published an inaccurate report about him, and calls on authorities to stop using the cybercrime law to silence the press.

“We urge Jordanian authorities to immediately and unconditionally release journalist Omar Al Zayood, which would send a clear signal that authorities respect the freedom of the press and stop criminalizing journalists,” said CPJ Program Director Carlos Martinez de la Serna, in New York. “We reiterate our call for the repeal of the 2023 cybercrimes law, which has further stifled the independence of the media in Jordan.”

The public prosecutor in the capital Amman ordered Zayood’s arrest after questioning him on the charge of “inaccuracy and insulting the dignity of individuals.” Penalties under the law include prison sentences of three months to three years, and fines of 5,000 to 20,000 Jordanian dinars (US$7,000 to 28,000).

CPJ was unable to confirm which Al Hashmiyah News report the lawsuit referred to or for how long Zayood was ordered detained.

Al-Khasawneh served as prime minister from 2000 until September 2024, when he resigned following parliamentary elections. King Abdullah II appointed Jjafar Hassan to replace him.

CPJ has criticized the Cybercrime Law, which criminalizes vaguely defined online activities, including social media posts deemed to be “fake” or that undermine national unity. Since its introduction, numerous journalists have been arrested and prosecuted for their critical online commentary on sensitive topics.

At least two journalists were imprisoned in Jordan at the time of CPJ’s latest annual prison census on December 1, 2024. Both have since been freed.

CPJ’s email to Al Hashmiyah News requesting comment did not receive a reply. CPJ was unable to find contacts for Amman’s public prosecutor or Al-Khasawneh.

This content originally appeared on Committee to Protect Journalists and was authored by CPJ Staff.

UN Cybercrime Treaty Supported by Autocrats Raises Human Rights Concerns

Kate Horgan — Tue, 11 Mar 2025 16:46:46 +0000

On December 24, 2024, the United Nations adopted the United Nations Convention against Cybercrime, which aims to “prevent and combat” cybercrime and “strengthen international cooperation in sharing electronic evidence for serious crimes.” Several human rights and independent news organizations noted that the international treaty raised serious human rights concerns. On…

The post UN Cybercrime Treaty Supported by Autocrats Raises Human Rights Concerns appeared first on Project Censored.

This content originally appeared on Project Censored and was authored by Kate Horgan.

Bangladesh journalists face threats from attacks, investigations, and looming cyber laws

Arlene Getz/CPJ Editorial Director — Mon, 17 Feb 2025 11:56:08 +0000

New York, February 14, 2025— Six months after a mass uprising ousted the increasingly autocratic administration of former Prime Minister Sheikh Hasina, Bangladeshi journalists continue to be threatened and attacked for their work, along with facing new fears that planned legislation could undermine press freedom

Bangladesh’s interim government — established amid high hopes of political and economic reform— has drawn criticism from journalists and media advocates for its January introduction of drafts of two cyber ordinances: the Cyber Protection Ordinance 2025 (CPO) and Personal Data Protection Ordinance 2025.

While the government reportedly dropped controversial sections related to defamation and warrantless searches in its update to the CPO, rights groups remain concerned that some of the remaining provisions could be used to target journalists. According to the Global Network Initiative, of which CPJ is a member, the draft gives the government “disproportionate authority” to access user data and impose restrictions on online content. Journalists are also concerned that the proposed data law will give the government “unchecked powers” to access personal data, with minimal opportunity for judicial redress.

“Democracy cannot flourish without robust journalism,” said CPJ Asia Program Coordinator Beh Lih Yi. “Bangladesh’s interim government must deliver on its promise to protect journalists and their right to report freely. Authorities should amend proposed laws that could undermine press freedom and hold the perpetrators behind the attacks on the press to account.”

CPJ’s calls and text messages to Nahid Islam, the information, communication, and technology adviser to the interim government, requesting comment on the ordinances did not receive a reply.

Meanwhile, CPJ has documented a recent spate of beatings, criminal investigations, and harassment of journalists for their work.

Attacks

A group of 10 to 12 men attacked Shohag Khan Sujon, a correspondent for daily Samakal newspaper, after he and three other journalists investigated allegations of medical negligence at a hospital in central Shariatpur district on February 3.

Sujon told CPJ that a clinic owner held the journalist’s legs as the assailants hit his left ear with a hammer and stabbed his back with a knife. The three other correspondents — Nayon Das of Bangla TV, Bidhan Mojumder Oni of News 24 Television, and Saiful Islam Akash of Desh TV — were attacked with hammers when they tried to intervene; the attack ended locals chased the perpetrators away.

Sujon told CPJ he filed a police complaint for attempted murder. Helal Uddin, officer-in-charge of the Palang Model Police Station, told CPJ by text message that the investigation was ongoing.

In a separate incident on the same day, around 10 masked men used bamboo sticks to beat four newspaper correspondents — Md Rafiqul Islam of Khoborer Kagoj, Abdul Malak Nirob of Amar Barta, Md Alauddin of Daily Amar Somoy, and Md Foysal Mahmud of Daily Alokito Sakal — while they traveled to a village in southern Laximpur district to report on a land dispute, Islam told CPJ.

The attackers stole the journalists’ cameras, mobile phones, and wallets and fired guns towards the group, causing shrapnel injuries to Mahmud’s left ear and leg, Islam said.

Authorities arrested four suspects, two of whom were released on bail on February 10, Islam told CPJ. Laximpur police superintendent Md Akter Hossain told CPJ by phone that authorities were working to apprehend additional suspects.

Threats

Shafiur Rahman, a British freelance documentary filmmaker of Bangladeshi origin, told CPJ he received an influx of threatening emails and social media comments after publishing a January 30 article about a meeting between the leadership of Bangladesh’s National Security Intelligence and the armed group Rohingya Solidarity Organisation.

Multiple emails warned Rahman to “stop or suffer the consequences” and “back off before it’s too late.” Social media posts included a photo of the journalist with a red target across his forehead and warnings that Rahman would face criminal charges across Bangladesh, leaving Rahman concerned for his safety if he returned to report from Bangladesh’s refugee camps for Rohingya forced to flee Myanmar.

“The nature of these threats suggests an orchestrated campaign to silence me, and I fear potential real-world repercussions if I continue my work on the ground,” Rahman said.

CPJ’s text to Shah Jahan, joint director of the National Security Intelligence, requesting comment about the threats did not receive a reply.

Criminal cases

Four journalists who reported or published material on allegedly illicit business practices and labor violations are facing possible criminal defamation charges after Noor Nahar, director of Tafrid Cotton Mills Limited and wife of the managing director of its sister company, Dhaka Cotton Mills Limited, filed a November 13, 2024, complaint in court against them. If tried and convicted, they could face up to two years in prison.

The four are:
* H. M. Mehidi Hasan, editor and publisher of investigative newspaper The Weekly Agrajatra.

* Kamrul Islam, assignment editor for The Weekly Agrajatra.

* Mohammad Shah Alam Khan, editor of online outlet bdnews999.

* Al Ehsan, senior reporter for The Daily Post newspaper.

CPJ’s text to Nahar asking for comment did not receive a reply.

Md Hafizur Rahman, officer-in-charge of the Uttara West Police Station, which was ordered to investigate the complaint, told CPJ by phone that he would send the latest case updates but did not respond to subsequent messages.

This content originally appeared on Committee to Protect Journalists and was authored by Arlene Getz/CPJ Editorial Director.

CPJ urges Zambian government to withdraw cyber bills from parliament

CPJ Staff — Thu, 13 Feb 2025 22:47:44 +0000

The Committee to Protect Journalists sent a letter calling on the Zambian government to withdraw the Cyber Security Bill 2024 and Cyber Crimes Bill 2024 from the country’s National Assembly for a comprehensive review to ensure they align with constitutional protections of freedom of the press as well as regional and international standards on freedom of expression.

CPJ raised concerns that the two bills would pose a significant threat to journalism in Zambia if enacted into law in current form, including numerous provisions that could undermine freedom of expression. In particular, the cybercrimes bill contains provisions that would amount to criminalization of defamation and could potentially undermine investigative journalism by prohibiting “unauthorized disclosure” of “critical information” in broad terms, without public interest safeguards. The bills would also give the state broad digital surveillance, search and seizure powers.

The bills, which would replace the Cyber Security and Cyber Crimes Act of 2021, were tabled at the National Assembly in November 2024 but decision-making was deferred, following concerns that the draft laws lacked adequate human rights safeguards. In December, Zambia’s President Hakainde Hichilema, who has previously promised to positively reform Zambia’s existing cyber crime legislation, said he was open to further dialogue with civil society on the two bills.

Read CPJ’s letter here.

This content originally appeared on Committee to Protect Journalists and was authored by CPJ Staff.

Civicus Monitor criticises PNG use of cybercrime law to curb free speech

Pacific Media Watch — Thu, 13 Feb 2025 01:31:01 +0000

Pacific Media Watch

Papua New Guinea’s civic space has been rated as “obstructed” by the Civicus Monitor and the country has been criticised for pushing forward with a controversial media law in spite of strong opposition.

Among concerns previously documented by the civil rights watchdog are harassment and threats against human rights defenders, particularly those working on land and environmental rights, use of the cybercrime law to criminalise online expression, intimidation and restrictions against journalists, and excessive force during protests.

In recent months, the authorities have used the cybercrime law to target a human rights defender for raising questions online on forest enforcement, while a journalist and gender-based violence survivor is also facing charges under the law, said the Civicus Monitor in its latest report.

READ MORE: Other PNG media freedom reports

The court halted a logging company’s lawsuit against a civil society group while the government is pushing forward with the controversial National Media Development law.

Human rights defender charged under cybercrime law
On 9 December 2024, human rights defender and ACT NOW! campaign manager Eddie Tanago was arrested and charged by police under section 21(2) of the Cybercrime Act 2016 for allegedly publishing defamatory remarks on social media about the managing director of the PNG Forest Authority.

Tanago was taken to the Boroko Police Station Holding cell and released on bail the same afternoon. If convicted he could face a maximum sentence of 15 years’ imprisonment.

ACT NOW is a prominent human rights organisation seeking to halt illegal logging and related human rights violations in Papua New Guinea (PNG).

According to reports, ACT NOW had reshared a Facebook post from a radio station advertising an interview with PNG Forest Authority (PNGFA) staff members, which included a photo of the managing director.

The repost included a comment raising questions about PNGFA forest enforcement.

Following Tanago’s arrest, ACT NOW said: “it believes that the arrest and charging of Tanago is a massive overreach and is a blatant and unwarranted attempt to intimidate and silence public debate on a critical issue of national and international importance.”

It added that “there was nothing defamatory in the social media post it shared and there is nothing remotely criminal in republishing a poster which includes the image of a public figure which can be found all over the internet.”

On 24 January 2025, when Tanago appeared at the Waigani Committal Court, he was instead charged under section 15, subparagraph (b) of the Cybercrime Act for “identity theft”. The next hearing has been scheduled for February 25.

The 2016 Cybercrime Act has been used to silence criticism and creates a chilling effect, said Civicus Monitor.

The law has been criticised by the opposition, journalists and activists for its impact on freedom of expression and political discourse.

JOURNO ARRAIGNED ON CYBER HARASSMENT
Journalist Hennah Joku appeared before Magistrate Paul Nii at the Waigani Committal Court on charges of cyber defamation following a Facebook post made on 4th September 2024.
Read more:https://t.co/LEIDEcTZv6 #EMTVNews #EMTVOnline pic.twitter.com/zHqm353Cst

— EMTV (@EMTVOnline) December 5, 2024

Journalist and gender activist charged with defamation
Journalist and gender activist Hennah Joku was detained and charged under the Cybercrime Act on 23 November 2024, following defamation complaints filed by her former partner Robert Agen.

Joku was charged with two counts of breaching the Cybercrimes Act 2016 and detained in Boroko Prison. She was freed on the same day after bail was posted.

Joku, a survivor of a 2018 assault by Agen, had documented and shared her six-year journey through the PNG justice system, which had resulted in his conviction and jailing in 2023.

On 2 September 2024, the PNG Supreme Court overturned two of three criminal convictions, and Agen was released from prison.

On 4 and 15 September 2024, Joku shared her reactions with more than 9000 followers on her Meta social media account. Those two posts, one of which featured the injuries suffered from her 2018 assault, now form the basis for the current defamation charges against her.

Section 21(2) of the Cybercrimes Act 2016, which has an electronic defamation clause, carries a maximum penalty of up to 25 years’ imprisonment or a fine of up to one million kina (NZ$442,000).

The Pacific Freedom Forum (PFF) expressed “grave concerns” over the charges, saying: “We encourage the government and judiciary to review the use of defamation legislation to silence and gag the universal right to freedom of speech.

“Citizens must be informed. They must be protected.”

Court stays logging company lawsuit against civil society group
In January 2025, an injunction issued against community advocacy group ACT NOW! to prevent publication of reports on illegal logging has been stayed by the National Court.

In July 2024, two Malaysian owned logging companies obtained an order from the District Court in Vanimo preventing ACT NOW! from issuing publications about their activities and from contacting their clients and service providers.

That order has now been effectively lifted after the National Court agreed to stay the whole District court proceedings while it considers an application from ACT NOW! to have the case permanently stayed and transferred to the National Court.

ACT NOW! said the action by Global Elite Limited and Wewak Agriculture Development Limited, which are part of the Giant Kingdom group, is an example of Strategic Litigation Against Public Participation (SLAPP).

“SLAPPs are illegitimate and abusive lawsuits designed to intimidate, harass and silence legitimate criticism and close down public scrutiny of the logging industry,” said Civicus Monitor.

SLAPP lawsuits have been outlawed in many countries and lawyers involved in supporting them can be sanctioned, but those protections do not yet exist in PNG.

The District Court action is not the first time the Malaysian-owned Giant Kingdom group has tried to use the legal system in an attempt to silence ACT NOW!

In March 2024, the court rejected a similar SLAPP style application by the Global Elite for an injunction against ACT NOW! As a result, the company discontinued its legal action and the court ordered it to pay ACT NOW!’s legal costs.

Government pushes forward with controversial media legislation
The government is reportedly ready to pass legislation to regulate its media, which journalism advocates have said could have serious implications for democracy and freedom of speech in the country.

National Broadcasting Corporation (NBC) of PNG reported in January 2025 that the policy has received the “green light” from cabinet to be presented in Parliament.

The state broadcaster reported that Communications Minister Timothy Masiu said: “This policy will address the ongoing concerns about sensationalism, ethical standards, and the portrayal of violence in the media.”

In July 2024, it was reported that the proposed media policy was now in its fifth draft but it is unclear if this version has been updated.

As previously documented, journalists have raised concerns that the media development policy could lead to more government control over the country’s relatively free media.

The bill includes sections that give the government the “power to investigate complaints against media outlets, issue guidelines for ethical reporting, and enforce sanctions or penalties for violations of professional standards”.

There are also concerns that the law will punish journalists who create content that is against the country’s development objectives.

Organisations such as Transparency International PNG, Media Council of PNG, Pacific Freedom Forum, and Pacific Media Watch/Asia Pacific Media Network among others, have asked for the policy to be dropped.

The press freedom ranking for PNG dropped from 59th place to 91st in the most recent index published by Reporters without Borders (RSF) in May 2024.

Civicus Monitor.

This content originally appeared on Asia Pacific Report and was authored by Pacific Media Watch.

CPJ urges Tunisia president to release journalist Mohamed Boughalleb

CPJ Staff — Wed, 12 Feb 2025 21:53:19 +0000

The Committee to Protect Journalists sent a letter to Tunisian President Kais Saied on February 12 asking him to secure the release of journalist Mohamed Boughalleb, whose health is gravely worsening, and to repeal the cybercrime law Decree 54.

Boughalleb, a reporter with local independent channel Carthage Plus and local independent radio station Cap FM, was sentenced to six months in prison in April 2024 on defamation charges. But he has been imprisoned for nearly a year, as his sentence was increased to eight months on appeal and he has been charged on a second defamation count under Decree 54.

Tunisian authorities have used the cybercrime law to continue to arrest, prosecute, and silence members of the press, the letter states.

Read the letter here.

This content originally appeared on Committee to Protect Journalists and was authored by CPJ Staff.

Free speech fears mount as Pakistan’s Senate approves bill criminalizing ‘false news’

CPJ Staff — Tue, 28 Jan 2025 19:52:56 +0000

New York, January 28, 2025—Pakistan’s Senate on Tuesday passed controversial amendments to the country’s cybercrime laws, which would criminalize the “intentional” spread of “false news” with prison terms of up to three years, a fine of up to 2 million rupees (USD$7,100), or both.

The amendments to the Prevention of Electronic Crimes Act (PECA) were previously approved by the National Assembly and now await the president’s signature to become law.

“The Pakistan Senate’s passage of amendments to the country’s cybercrime laws is deeply concerning. While on its face, the law seeks to tamp down the spread of false news, if signed into law, it will disproportionately curtail freedom of speech in Pakistan,” said Beh Lih Yi, CPJ’s Asia program coordinator. “President Asif Ali Zardari must veto the bill, which threatens the fundamental rights of Pakistani citizens and journalists while granting the government and security agencies sweeping powers to impose complete control over internet freedom in the country.”

The proposed amendments to PECA include the establishment of four new government bodies to help regulate online content and broadening the definitions of online harms. CPJ’s texts to Pakistan’s Federal Information Minister Attaullah Tarar did not receive a response.

The Pakistan Federal Union of Journalists announced nationwide protests against the amendments, calling them unconstitutional and an infringement on citizens’ rights.

This content originally appeared on Committee to Protect Journalists and was authored by CPJ Staff.

Tunisia uses new cybercrime law to jail record number of journalists

CPJ Middle East and North Africa Program — Thu, 16 Jan 2025 14:30:00 +0000

Tunisia has reached a troubling milestone, with at least five journalists behind bars in CPJ’s December 1, 2024, prison census, the highest number since the organization began keeping track in 1992. Once hailed as a beacon of freedom in the Arab world after the 2011 revolution that sparked the Arab Spring, Tunisia is now erasing the gains it made as it stifles dissent and hampers the work of the press.

The government’s main tool against the media is Decree 54, a cybercrime law introduced by President Kais Saied in 2022 following his 2021 power grab in which he dissolved parliament, took control of the judiciary, and gave himself powers to rule by decree. The law makes it illegal to “to produce, spread, disseminate, send or write false news with the aim of infringing the rights of others, harming public safety or national defense or sowing terror among the population.” Today, four out of the five journalists imprisoned in Tunisia were convicted of violating the decree over their social media posts or commentary.

“Decree 54 has now turned every journalist into a suspect. It treats every journalist as if they are conditionally released from jail pending investigation, because they can be summoned for questioning at any time over anything they post online,” Ziad Debbar, president of local trade union the National Syndicate of Tunisian Journalists (SNJT), told CPJ.

Local journalists believe that authorities are using Decree 54 to quash investigative and critical journalism, and that many in the media are reverting to self-censorship.

“Decree 54 has been excessively applied to journalists, bloggers, and political commentators in the media,” Lofti Hajji, a founding member of SNJT, told CPJ. “This has led to a huge decline in political television and radio programs that once in abundance offered in-depth analysis of current political issues.” He said that journalists are loath to cover or speak out about the law, for fear that they will be charged under it.

Tunisia’s President Kais Saied, who conducted a sweeping power grab in 2021, attends his swearing-in ceremony before the National Assembly in Tunis after his 2024 reelection. (Photo: AFP/Fethi Belaid)

Tunisian authorities stepped up prosecutions of journalists under the law ahead of last year’s October 6 elections, which Saied won by a landslide after jailing his opponents. On May 11, Tunisian authorities made three high profile media arrests. Sonia Dahmani, a lawyer and political commentator, was arrested when masked police officers raided the Tunisian bar association, where she had sought refuge after she sarcastically called Tunisia an “extraordinary country” attracting migrants on a television program. Dahmani was sentenced to one year in prison on false news charges under Decree 54. The sentence was later reduced to eight months on appeal, but she was subsequently sentenced to an additional two years in a separate conviction under the decree.

Dahmani’s colleagues, IFM radio journalists Mourad Zghidi and Borhen Bsaies, were arrested the same day last May. Bsaies was imprisoned under Decree 54 in connection with his television and radio commentary critical of the president and Zghidi over his social media posts in solidarity with journalist Mohamed Boughaleb. Both were sentenced to one year in prison after they were convicted of defamation and false news. Authorities have continued to pile on charges, investigating Zghidi and Bsaies for money laundering.

Prior to Saied’s 2021 power grab, journalists in Tunisia were protected by the press law, Decree 115, which abolished prison sentences for defamation and insult and enshrined protection of journalistic sources, and the 2014 constitution, which ensured freedom of expression. Local journalists say that journalists are vulnerable in new ways since the press law is no longer enforced and the freedom of expression clause of the constitution is not respected. Tunisia’s media regulator, the Independent High Authority for Audiovisual Communication, was hailed for its promotion of media independence, but Saied’s government forced the authority’s president, Nouri Lajmi, into retirement and suspended its activities in 2023.

Without a media regulator, the Tunisian election monitor, the Independent High Authority for Elections has stepped into its place, hampering the work of the press seeking to cover politics. In August, the monitor revoked the press accreditation of journalist Khaoula Boukrim, editor-in-chief of independent news website Tumedia, over her online coverage of the elections. As of early 2025, Boukrim’s press accreditation was still revoked. The monitor also filed dozens of legal complaints against media organizations and bloggers, and prevented some journalists from covering a press conference in September announcing the final presidential candidates in the 2024 race.

“The [election monitor] functioning as a media regulator during the elections was just utter nonsense,” said Debbar. He said the monitor “referred many journalists [to authorities] to be prosecuted under Decree 54 to punish them for their coverage of the elections.”

In 2025, Tunisian journalists are having a hard time envisioning a future of press freedom under Saied’s new term. Zghidi’s sister, Mariam Zghidi, told CPJ that when she visited her brother in prison that he defended his work – even though it had come at an extraordinary price.

“During my first visit to Mourad in prison, he said to me; ‘I am not a political activist, I am a journalist. And my job entails that I will show public support regarding some topics, but it also entails that I will be critical regarding others, which is my right as a journalist’,” said Mariam. “This is why he is in prison, because he was doing his job.”

This content originally appeared on Committee to Protect Journalists and was authored by CPJ Middle East and North Africa Program.

4 Nigerian journalists face fresh charges over report tying bank CEO to fraud claims

CPJ Staff — Fri, 18 Oct 2024 15:11:17 +0000

Abuja, October 16, 2024–The Committee to Protect Journalists strongly condemns the continued detention of journalists Olurotimi Olawale, Precious Eze Chukwunonso, Roland Olonishuwa, and Seun Odunlami, whose criminal charges were amended by prosecutors on October 14.

“Nigerian authorities should release journalists Olurotimi Olawale, Precious Eze Chukwunonso, Roland Olonishuwa, and Seun Odunlami, and end the deepening criminalization of the press,” said Angela Quintal, head of CPJ’s Africa Program, from New York. “Nigerian authorities’ additional charges against these four journalists emphasizes their commitment to sending a chilling message to journalists across the country.”

Olawale, an editor of the privately owned National Monitor newspaper; Chukwunonso, publisher of the privately owned News Platform website; Olonishuwa, a reporter with the privately owned Herald newspaper; and Odunlami, publisher of privately owned Newsjaunts website; were newly charged with making “false and misleading allegations” on social media with intent to “extort” and “threaten” the management of Guaranty Trust Bank, as well as causing “harm” to the bank’s reputation, according the October 14 charge sheet. The alleged crimes fall under sections 24(2)(c) and 27(1)(a) and (b) of Nigeria’s Cybercrimes Act and sections 408, 422, and 507 of Nigeria’s criminal code.

If found guilty under the criminal code, the journalists could face up to 14 years in prison for violating section 408, seven years for violating section 422, and three months for section 507. Under the Cybercrimes Act, the journalists could face five years in prison with a fine of 15 million naira (US$9,175) for violating section 24 and seven years in prison for violating section 27.

The journalists have been jailed since late September over reporting that implicated Segun Agbaje, chief executive officer of GTBank, in alleged fraud worth 1 trillion naira (US$600 million). The journalists were charged on September 26 with violating the Cybercrimes Act, which was reformed in February but still left journalists vulnerable to prosecution, as CPJ warned.

GTBank’s chief communications officer Oyinade Adegite responded to CPJ’s phone calls for comment with text messages saying she couldn’t talk at that time and did not respond to a follow-up message asking when she would be available to discuss the journalists’ detention. When contacted before the charges were amended, Adegite told CPJ that the journalists’ reporting was “defamatory” and that the bank had sought to have the journalists charged with cybercrime for it.

This content originally appeared on Committee to Protect Journalists and was authored by CPJ Staff.

Nigeria police charge 4 journalists with cybercrimes for corruption reporting

CPJ Staff — Thu, 03 Oct 2024 16:01:03 +0000

Abuja, October 3, 2024—Despite recent reforms to Nigeria’s Cybercrimes Act, journalists continue to be targeted for publishing news in the public interest, with four reporters being charged under the law last month.

Cybercrime laws and other regulations governing online content have been widely used to jail journalists around the world. In Nigeria, at least 29 journalists have faced prosecution under the cybercrimes law since it was enacted in 2015.

CPJ had warned that February’s amendments to the law, which followed years of advocacy by human rights groups and CPJ, still left journalists at risk of prosecution due to an overly broad definition of what is a criminal offense. Since the law was reformed, it has been used to summon, intimidate, and detain journalists for their work.

On September 20, police in western Lagos State separately arrested Olurotimi Olawale, editor of the privately owned National Monitor newspaper, and Precious Eze Chukwunonso, publisher of the privately owned News Platform website, Nigerian Guild of Investigative Journalists’president, Abdulrahman Aliagan, told CPJ.

On September 25, police arrested Rowland Olonishuwa, a reporter with the privately owned Herald newspaper, in western Kwara state and Seun Odunlami, publisher of privately owned Newsjaunts website, in nearby Ogun state, Aliagan and Kwara-based journalist Dare Akogun told CPJ.

“Nigerian authorities should immediately release journalists, Olurotimi Olawale, Precious Eze Chukwunonso, Rowland Olonishuwa, and Seun Odunlami, and swiftly drop the cybercrime charges against them,” said Angela Quintal, head of CPJ’s Africa Program, from New York. “Since Nigeria’s Cybercrimes Act became law, it has been used to arrest and prosecute journalists, and these arrests emphasize that the recent reforms to the law have not reversed that trend.”

On September 27, the four journalists were charged in a Lagos federal court with violating sections 24(1)(b) and 27 of the Cybercrimes Act for reporting that implicated Segun Agbaje, chief executive officer of Guaranty Trust Bank, in alleged fraud worth 1 trillion naira (US$600 million) according to Aliagan, Akogun, and a copy of the charge sheet reviewed by CPJ.

Section 24 of Cybercrimes Act relates to pornographic or knowingly false messages “for the purpose of causing a breakdown of law and order, posing a threat to life, or causing such messages to be sent,” according to a copy of the law’s amendments signed by President Bola Tinubu in February. Violation of this section is punishable with up to three years in prison and a fine of 7 million naira (US$4,200).

Section 27 relates to attempts to violate the law and conspiracy, as well as aiding and abetting. Conniving to commit “fraud using computer system(s) or network” carries a variable punishment based on the violation and/or up to seven years in prison and a requirement to refund or forfeit stolen funds, according to the same copy of the amendments.

The journalists pleaded not guilty and were remanded at a Lagos correctional center, pending a bail hearing on October 4, Aliagan and Akogun told CPJ.

Although the police compelled the journalists to take down their articles, Nigeria’s federal House of Representatives subsequently announced an investigation into the bank over fraud allegations.

GTBank’s chief communications officer Oyinade Adegite confirmed to CPJ by phone that the bank had sought to have the journalists charged with cybercrime over their reporting, which she said was “defamatory.”

CPJ’s call and text messages to request comment from Lagos State police spokesperson Hauwa Idris-Adamu on September 27 went unanswered.

Editor’s note: This text has been updated in the ninth paragraph to add detail to the penalty for violating Section 27.

This content originally appeared on Committee to Protect Journalists and was authored by CPJ Staff.

Nigeria police charge 4 journalists with cybercrimes for corruption reporting

CPJ Staff — Thu, 03 Oct 2024 16:01:03 +0000

The journalists pleaded not guilty and were remanded at a Lagos correctional center, pending a bail hearing on October 4, Aliagan and Akogun told CPJ.

Although the police compelled the journalists to take down their articles, Nigeria’s federal House of Representatives subsequently announced an investigation into the bank over fraud allegations.

CPJ’s call and text messages to request comment from Lagos State police spokesperson Hauwa Idris-Adamu on September 27 went unanswered.

Editor’s note: This text has been updated in the ninth paragraph to add detail to the penalty for violating Section 27.

This content originally appeared on Committee to Protect Journalists and was authored by CPJ Staff.

Landmark PNG Supreme Court ruling toughens cybercrime law

Pacific Media Watch — Mon, 05 Aug 2024 13:23:23 +0000

People accused under Papua New Guinea’s Cybercrime Code Act may not always find free speech protection offered by the Constitution.

In a landmark decision, the Supreme Court has ruled that this law does not contravene the provisions of Section 46 which provides for freedom of expression.

The decision is a serious warning to offending users of social media and the internet that they might find themselves with fines of up to K1 million (NZ$430,000), or jail terms of between 15 and 25 years.

READ MORE: Other PNG freedom of speech reports

A Supreme Court panel comprising Chief Justice Sir Gibbs Salika and Justices Les Gavara-Nanu, David Cannings, Kingsley Allen David and Derek Hartshorn made this determination in Waigani on Friday.

The constitutional reference was made by National Court judge Teresa Berrigan during the trial of Kila Aoneka Wari, who was charged with criminal defamation under section 21 (2) of the Cybercrime Code Act 2016.

Judge Berrigan then referred for Supreme Court interpretation on whether Section 21 contravened the Freedom of Expression provision of the National Constitution.

Reading the judgment on behalf of his fellow judges, Sir Gibbs said: “We (Supreme Court) consider there is a clear and present danger to public safety, public order and public welfare if publication of defamatory material by use of electronic systems or devices were allowed to be made without restriction, including by criminal sanction.”

Sir Gibbs said the court had determined that the regulation and restriction of the exercises of the right to freedom of expression imposed by section 21 (2) of the Cybercrime Code is “reasonably justifiable in a democratic society having a proper respect for the rights and dignity of mankind.”

‘Necessary’ for public safety
Sir Gibbs said the court was satisfied that the first, second and third interveners had discharged the burden in showing that section 21 (2) of the Cybercrime Code complied with the three requirements of section 38 (1) of the Constitution in that:

FIRST, it has been made and certified in accordance with section 38 (2) of the Constitution.
SECONDLY, it restricts the exercise of the right to freedom and expression and publication that is “necessary” for the purpose of giving effect to the public interest in public safety, public order and public welfare; and
THIRDLY, it is a law that is reasonably justifiable in a democratic society having a proper respect to the rights and dignity of mankind.

“We conclude that no, section 21 (2) of the Cybercrime Code Act is not invalid. Although it (Cybercrime Code Act) restricts the exercise of the right to freedom of expression and publication in section 46 of the Constitution it is a law that complies with Section 38 of the Constitution and the restriction it imposes is permissible under section 46 (1) (C) of the Constitution.

The questions that Justice Berrigan referred to the Supreme Court were:

DOES section 21(2) of the cybercrime Code Act regulate or restrict the right of freedom of expression and publication under section 46 of the Constitution?
IF yes to question 1, does section 21 (2) of the Cybercrime Code Act comply with section 38 of the Constitution?
IS section 21(20 of the Cybercrime Code Act) invalid for being inconsistent with section 46 of the Constitution?

The court answered yes to questions and one and two and answered no to question three.

The court also ordered that each intervener will bear their own costs.

Wari is the fourth intervener in the proceedings.

Others are Attorney-General Pila Niningi (first intervener), acting public prosecutor Raphael Luman (second intervener), Public Solicitor Leslie Mamu (third intervener).

Section 21(2) of the Cybercrime Code Act is the law on defamatory publication.

It makes any defamatory publication using any electronic device as an offence with a penalty of K25,000 to K1 million fine, or imprisonment not exceeding 15 to 25 years.

Boura Goru Kila is a reporter for PNG’s The National. Republished with permission.

This content originally appeared on Asia Pacific Report and was authored by Pacific Media Watch.

Nigerian court acquits publisher Agba Jalingo of cybercrime charges

Committee to Protect Journalists — Tue, 09 Jul 2024 20:00:18 +0000

Abuja, July 9, 2024—The Committee to Protect Journalists welcomes Monday’s court decision in Nigeria acquitting Agba Jalingo, publisher of the privately owned CrossRiverWatch, of cybercrime charges.

“While we welcome the acquittal of publisher Agba Jalingo of cybercrime charges, Nigerian authorities urgently need to stop the criminalization of journalists for their work,” said Angela Quintal, head of CPJ’s Africa program, from New York. “Authorities must focus on passing legislation that protects journalists and guards against efforts to prosecute the press for reporting on matters of public interest.”

In August 2022, authorities arrested Jalingo and in December 2022 charged him under the Cybercrimes Act over a June 2022 CrossRiverWatch article alleging that Elizabeth Alami Frank Ayade, sister-in-law to Cross River State Governor Ben Ayade, paid someone to take a law school exam for her. If convicted, he could have been imprisoned for three years. In March 2023, he was jailed for a week over the case.

On July 8, the court acquitted Jalingo on the grounds that the prosecution had failed to prove its case, the journalist’s lawyer First Baba Isa and CrossRiverWatch acting managing editor Ugbal Jonathan told CPJ.

Jalingo’s previous arrest in August 2019 and detention for nearly six months over his reporting on corruption allegations involving Ayade became a high-profile case. In 2021, the ECOWAS Court of Justice, a West African regional court, ordered the Nigerian government to compensate Jalingo for his prolonged detention and mistreatment in custody. Ugbal told CPJ that Jalingo had yet to receive that compensation. In 2022, a Nigerian federal court acquitted Jalingo on all charges related to the 2019 case.

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

Journalist Ahmed al-Zoubi jailed in Jordan 11 months after conviction under Cybercrime Law

Committee to Protect Journalists — Mon, 08 Jul 2024 17:40:07 +0000

Istanbul, July 8, 2024—Jordanian authorities must immediately drop all charges against journalist Ahmed Hassan al-Zoubi, release him from jail, and stop using the Cybercrime Law against journalists, the Committee to Protect Journalists said Monday.

On July 2, Jordanian authorities arrested al-Zoubi, a satirical journalist and publisher of the Sawalif news website, 11 months after he was fined 50 dinars (US$70) and sentenced to one year in prison for a Facebook post criticizing the government’s position on a controversial December 2022 transportation workers’ strike, according to multiple media reports and al-Zoubi’s lawyer, who spoke to CPJ.

Al-Zoubi is now in Marka prison in the capital, Amman, his lawyer, Khaled Jit, told CPJ via messaging app.

“Jordanian authorities are stepping up censorship and arrests of journalists instead of allowing them to express themselves freely,” said CPJ Program Director Carlos Martinez de la Serna in New York. “Jordanian authorities must immediately release journalist Ahmed al-Zoubi, drop all charges against him, and stop using cybercrime laws to punish journalists.”

Al-Zoubi was convicted under Jordan’s Cybercrime Law of “the crime of performing an act that led to provoking conflict between the elements of the nation.”

CPJ, along with other rights organizations, has criticized the 2023 law.

Al-Zoubi’s lawyer told CPJ that there were procedural errors during the trial and asked the court to consider an alternative punishment to prison.

Khaled Qudah, a member of the Jordanian Journalists’ Syndicate, told CPJ that the organization respects the judiciary and its decisions, but that legal decisions and procedures regarding freedom of speech needed revision.

Al-Zoubi’s arrest comes weeks after the Soloh Court in Amman sentenced journalist Heba Abu Taha to one year in prison after convicting her of violating the Cybercrime Law for “inciting discord and strife among members of society” and “targeting community peace and inciting violence.”

The arrest also follows a decision in May to shutter the Al-Yarmouk TV channel in Jordan, where al-Zoubi worked years earlier.

CPJ’s email to Jordan’s Ministry of Justice for comment did not immediately receive a response.

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

Niger reinstates prison sentences for journalists for defamation, insult

Committee to Protect Journalists — Thu, 20 Jun 2024 17:59:35 +0000

Dakar, June 20, 2024—Nigerien authorities must decriminalize defamation and ensure that the country’s cybercrime law does not unduly restrict the work of the media, the Committee to Protect Journalists said on Thursday.

On June 7, Niger’s head of state Abdourahamane Tchiani, who overthrew the democratically elected president in July 2023, reintroduced prison sentences of one to three years and a fine of up to 5 million CFA francs (US$8,177) for defamation and insult via electronic means of communication, according to news reports.

A jail term of two to five years and a fine of up to 5 million CFA francs (US$8,177) were also set for the dissemination of “data likely to disturb public order or undermine human dignity,” even if such information is true, according to CPJ’s review of a copy of the law.

“The changes to Niger’s cybercrime law are a blow to the media community and a very disappointing step backwards for freedom of expression,” said CPJ Africa Program Coordinator, Muthoki Mumo, in Nairobi. “It is not too late to change course by reforming the law to ensure that it cannot be used to stifle journalism.”

Previously, the crimes of defamation and insult were punishable with fines of up to 10 million CFA francs (US$16,312), while dissemination of data likely to disturb public order carried a penalty of six months to three years’ imprisonment.

The government abolished criminal penalties for defamation and insult in 2022 to bring the 2019 cybercrime law into line with the 2010 press freedom law.

On June 12, Niger’s Minister of Justice and Human Rights Alio Daouda said in a statement that the 2022 amendments were made “despite the opposition of the large majority of Nigeriens.” He said that decriminalization of the offenses had led to a “proliferation of defamatory and insulting remarks on social networks and the dissemination of data likely to disturb public order or undermine human dignity” despite authorities’ calls for restraint.

“Firm instructions have been given to the public prosecutors to prosecute without weakness or complacency” anyone who commits these offenses, he said.

CPJ and other press freedom groups have raised concerns about journalists’ safety in the country since the 2023 military coup.

This April, Idrissa Soumana Maïga, editor of the privately owned L’Enquêteur newspaper, was arrested and remains behind bars on charges of undermining national defense. If convicted, he could face between five and 10 years in prison.

Several Nigerien journalists were imprisoned or fined over their reporting prior to decriminalization in 2022.

CPJ’s calls to the Ministry of Justice and Human Rights to request comment went unanswered.

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

Pakistan court remands journalist Asad Ali Toor in cybercrime case

Committee to Protect Journalists — Fri, 15 Mar 2024 09:17:09 +0000

New York, March 15, 2024—Pakistan authorities must immediately and unconditionally release independent journalist Asad Ali Toor, return his devices, and cease harassing him in retaliation for his journalistic work, the Committee to Protect Journalists said Friday.

On March 8, a court in Pakistan’s capital, Islamabad, ordered Toor be sent to jail on a 14-day judicial remand pending investigation, following 11 days of detention in the custody of Pakistan’s Federal Investigation Agency (FIA), according to news reports.

Three days earlier, FIA officials raided Toor’s Islamabad home, seizing his mobile phone and a portable internet device, the journalist’s lawyer, Imaan Mazari-Hazir, told CPJ.

Toor was arrested on February 26, after appearing for questioning earlier that day in relation to an alleged anti-judiciary campaign at the FIA’s cybercrime wing. Three days earlier, Toor was questioned for about eight hours without having access to his legal team.

However, the FIA first information report (FIR) opening an investigation into Toor accuses the journalist of “anti-state” rather than anti-judiciary commentary, saying he created a “malicious/obnoxious and explicit campaign” against “civil servants/ government officials and state institutions” through his political affairs YouTube channel Asad Toor Uncensored and account on X, formerly known as Twitter, in violation of the Prevention of Electronic Crimes Act, 2016 (PECA).

On Thursday, a special FIA court adjourned Toor’s bail hearing until Monday, March 18, after the agency’s special prosecutor and the investigating officer did not attend the hearing.

“The ongoing detention and investigation of journalist Asad Ali Toor, as well as authorities’ seizure of his devices and pressure to disclose his sources, constitute an egregious violation of press freedom in Pakistan,” said CPJ Asia Program Coordinator Beh Lih Yi. “Authorities must cease using the Prevention of Electronic Crimes Act and other draconian laws to persecute journalists and silence critical reporting and commentary.”

Toor is accused of violating three sections of the PECA pertaining to glorification of an offense, cyberterrorism, and cyberstalking, according to the FIR. CPJ has repeatedly documented the use of the law to detain and harass journalists for their work.

A Supreme Court order on Monday stated that the FIR against Toor was “lacking in material particulars,” meaning it failed to establish how the journalist committed the alleged offenses, Mazari-Hazir said.

Toor went on a hunger strike from February 28 to March 3 to protest his detention, Mazari-Hazir told CPJ.

On Wednesday, Mazari-Hazir and another lawyer representing Toor received a court order granting permission to meet their client in eastern Punjab province’s Adiala jail. However, jail authorities denied them access later that day following a controversial two-week ban on all public visits due to alleged “security” threats in the complex, where former Prime Minister Imran Khan is also held.

Toor informed his lawyers that while in FIA custody, he was held with around 20 to 30 people in a small cell where it was difficult to sit, Mazari-Hazir said, adding that authorities interrogated the journalist multiple times overnight, depriving him of sleep, and pressured him to disclose his sources, which he refused to do. In a remand application filed in court on March 3, the FIA stated that Toor was “non-cooperative to disclose his sources of information.”

Pakistan’s Protection of Journalists and Media Professionals Act, 2021 protects journalists’ right to privacy and the non-disclosure of their sources.

Prior to his arrest, Toor had reported critically on the chief justice of Pakistan and the country’s military establishment.

CPJ called and texted Pakistan information minister Attaullah Tarrar for comment on the case but did not receive a response.

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

Nepali journalists Aishwarya Kunwar, Puskar Bhatt arrested under cybercrime law

Committee to Protect Journalists — Tue, 20 Feb 2024 15:29:36 +0000

On February 10, police in Kanchanpur district of western Sudurpaschim province arrested Aishwarya Kunwar, a reporter for the privately owned news website Nigarani Khabar, and Puskar Bhatt, a correspondent for the privately owned broadcaster Mountain Television, following their reporting and social media commentary on allegations of police misconduct, according to the local advocacy organizations Media Action Nepal and Freedom Forum.

Police opened an investigation into the journalists, who have since been released, under Section 47 of the Electronic Transactions Act, 2008, those sources said. The law criminalizes the electronic publication of content deemed illegal under existing laws or “contrary to public morality or decent behavior” with a penalty of up to five years in prison and a fine of 100,000 rupees (US $754). CPJ has repeatedly documented the use of the Electronic Transactions Act to detain and investigate journalists for their work.

Kamal Thapa, superintendent of the Kanchanpur police, told CPJ that the case registered against the journalists was in relation to their social media posts, not their news coverage. On February 5, the Kanchanpur police said in a statement that those who “write such misleading news/status” would be punished under the law.

Binod Bhatta, the journalists’ lawyer, told CPJ that his clients’ social media posts and news coverage should be considered as interrelated because they reported on the same topic in the public interest.

On February 5, Bhatt published an interview on his Facebook page with a police officer who said that he resigned from his job after he was beaten by a female inspector, whom he named. Bhatt also commented on the allegations on his Facebook page.

On February 5, Kunwar’s news website Nigarani Khabar reported the same allegations against the female officer, while a second article made four allegations of misconduct by the same policewoman, including her involvement in detaining Kunwar in 2023 while the journalist was reporting on a clash between police and locals. Kunwar also commented on the allegations on her Facebook page.

Bhatt and Kunwar were released at around 10 p.m. on February 14 and 1 a.m. on February 15 respectively, on personal guarantee, which requires them to remain present in the area while the investigation is carried out, according to Media Action Nepal, Bhatta, and a person familiar with the case who spoke to CPJ on condition of anonymity, citing fear of reprisal.

While in police custody, the officer asked the journalists to apologize by touching her feet, a sign of respect in South Asian culture, but Kunwar refused, which delayed her release, those sources said.

As of February 20, the journalists’ phones, which were seized during their arrest, remained in police custody, according to Bhatta and the person familiar with the case.

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

As negotiations continue, the proposed UN Cybercrime Convention must not become a tool to undermine press freedom

Committee to Protect Journalists — Tue, 13 Feb 2024 14:22:07 +0000

The two-week session of negotiations on the draft UN Cybercrime Convention concluded on Friday, February 9, with member states unable to reach a consensus on critical aspects. Member states agreed to extend the negotiation process, with an additional session likely to be held in July 2024.

Although the stated purpose of the treaty is to improve international cooperation to prevent and combat cybercrime, civil society organizations have repeatedly raised concerns that the treaty risks becoming a tool to undermine freedom of expression, privacy, and other human rights standards.

On January 29, 2024, prior to the opening of the latest negotiation session, the Committee to Protect Journalists joined over 100 civil society organizations in issuing a joint statement on the proposed treaty. “The final outcome of the treaty negotiation process should only be deemed acceptable if it effectively incorporates strong and meaningful safeguards to protect human rights, ensures legal clarity for fairness and due process, and fosters international cooperation under the rule of law,” the letter said.

A revised text was produced during the negotiation, but it failed to sufficiently address these concerns. This prompted CPJ to join civil society, industry, and technical experts in submitting an open letter on February 8, 2024, to highlight the ongoing critical flaws.

The letter noted that journalists and other vulnerable groups “would face the risk of being subjected to investigations leveraging the procedural measures of this proposed treaty without notice, potentially resulting in extradition and prosecution for exercising fundamental human rights while using digital technology.”

CPJ will continue to advocate to ensure the treaty, if approved, does not leave journalists vulnerable to prosecution, surveillance, or other abuses.

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

4 Nigerian journalists charged with cybercrime, defamation over fraud investigation

CPJ Staff — Fri, 09 Feb 2024 19:53:57 +0000

Abuja, February 9, 2024—Authorities in Nigeria should immediately drop all charges against journalists Adisa-Jaji Azeez, Salihu Ayatullahi, Salihu Shola Taofeek, and Abdulrahman Taye Damilola, and allow them to work without fear of arrest, the Committee to Protect Journalists said on Friday.

On Tuesday, police officers arrested Azeez, managing director, and Ayatullahi, editor-in-chief, of the privately owned The Informant247 news website, over reports published on November 10 and February 1 about corruption at Kwara State Polytechnic, Ayatullahi and Taofeek, the outlet’s publisher, told CPJ by phone.

Azeez and Ayatullahi were arrested after responding to a request from the police headquarters in Ilorin, capital of western Nigeria’s Kwara State, to come in for questioning, following a complaint from the rector of the polytechnic Abdul Jimoh Mohammed about the outlet’s allegation that he was involved in fraud, those sources said.

The journalists’ lawyer, A. J. Edun, told CPJ that he filed a fundamental rights lawsuit later that same day to guard against their prolonged detention. It remains before the court, he said.

On Wednesday, a court released the journalists on bail, despite a police request to keep them in detention for another 21 days, and they are due back in court on February 13, Ayatullahi and Edun said.

On February 7, police charged Azeez, Ayatullahi, Taofeek, and reporter Damilola with conspiracy under section 27(1)(b), and cyberstalking under section 24(1)(b), of Nigeria’s Cybercrimes Act, and defamation under section 393 of the penal code, according to a copy of the charge sheet, reviewed by CPJ, which described Taofeek, and Damilola as “at large.”

Taofeek told CPJ that he and Damilola had gone into hiding for fear of arrest.

If found guilty, the journalists face jail terms of up to seven years for conspiracy, three years with a fine of 7 million naira (US$4,966) for cyberstalking, and two years with an unspecified fine for defamation.

“Nigerian authorities should immediately drop all charges against journalists Adisa-Jaji Azeez, Salihu Ayatullahi, Salihu Shola Taofeek, and Abdulrahman Taye Damilola, and cease criminalizing the press,” said Angela Quintal, head of CPJ’s Africa program from New York. “The reckless detention of Nigerian journalists is totally unacceptable and emphasizes the need for reforms of the country’s laws to uphold, not violate press freedom.”

On February 3, a statement by Kwara State Polytechnic rejected The Informant247’s reporting as “false” and called on it “to desist from dragging the name of the institution into the mud, if not, the institution will not hesitate to take action.”

Ayatullahi told CPJ that he and Azeez spent the night of February 6 in a small, dark cell with over 20 inmates, who had to sleep on top of each other and use a bucket as a urinal.

Mohammed confirmed to CPJ by phone that he had filed a complaint with the police but he declined to provide further comment and referred CPJ’s questions to the police.

CPJ’s calls and texts requesting comment from Kwara State police spokesperson Ejire-Adeyemi Adetoun did not receive any replies.

This content originally appeared on Committee to Protect Journalists and was authored by CPJ Staff.

Masiu vows 10-day shutdown of PNG’s social media after capital riots

Pacific Media Watch — Tue, 16 Jan 2024 10:08:39 +0000

PNG Post-Courier

Papua New Guinea’s Communications Minister Timothy Masiu has announced stringent measures to control social media in the country for the next 10 days of the State of Emergency.

The government’s threat drew a sharp rebuke from former prime minister Peter O’Neill who called the move a “sinister fear campaign against the people” and “a threat on the media freedom” of ordinary citizens.

Masiu, a former journalist before becoming a politician, warned that the government would not hesitate to shut down social media applications and sites if there was continuous abuse and misuse of social media in spreading fake news, misinformation and disinformation in the country.

He issued the warning citing significant evidence of serious abuse of social media spreading false information that led to destruction of properties in the capital Port Moresby and parts of the country in last week’s Black Wednesday resulting in deaths.

Masiu said people who engaged in such bogus activity would lose their social media accounts and they could be arrested and charged for fomenting acts of violence.

He said: “I have statutory power under the National Information and Communication Technology Act 2009 to restrict access to social media sites and applications if this continues.

“The Ministry of ICT has observed a sharp spike in the use of social media from Wednesday, January 10, 2024, and many are misinformation and disinformation and we now give 10 days effective from today for people to adhere or face a complete shutdown of social media sites and applications for the duration of the State of Emergency. ”

‘Monitoring of false information’
He said discussions on social media that incited violence, destruction, spreading of false information or confidential government information, opinions that were wrong, or sending false information would be monitored and legal action taken immediately.

Masiu said national security, public emergency and public safety was critical to a secure nation and a “happy and safe country”.

“I have instructed the agencies under my ministry to strengthen monitoring and report any abuses of social media to the police cybercrime unit to begin investigations, arrest and prosecute and also take down fake accounts and sites.”

Last Friday, when introducing the two-week State of Emergency following Black Wednesday, Prime Minister James Marape announced draconian emergency measures including searches of private homes, property, vehicle and phones by government agents.

Masiu said PNG was a civilised country and citizens must abide by rules and laws. Every citizen had a duty and obligation to ensure “we progress to be a better country”.

However, an irate O’Neill said: “It is not surprising that we see intimidating armoured personnel carriers on the streets today in Port Moresby and now threats that our freedom of speech will be removed with the potential cancellation of social media.

“The government is doing its very best to shut down our constitutional rights in a fear campaign.”

Government ‘fears people’s voices’
O’Neill continued to counter the government plan by suggesting the government now feared the people’s voices.

“It seems that the government is in fear of the voice of its own people when it should instead be listening to the struggle of the people who discuss online the bad governance practices of this government; high unemployment; budget in a mess and crippling cost of living,” he said.

“That is what people are talking about on the street, in their homes and on social media. Will they next enter our homes and monitor conversation’s between family members?

“Government should listen up and stop this nonsense of trying to control our vibrant democracy.

Get back to basics and build our country; live within our means and develop jobs and provide quality healthcare and education. Get back to old fashioned policing not intimidation.”

Opposition Leader Joseph Lelang and his deputy Douglas Tomuriesa did not respond to PNG Post-Courier questions last night.

Republished with permission.

This content originally appeared on Asia Pacific Report and was authored by Pacific Media Watch.

Nigerian journalist Saint Mienpamo Onitsha charged with cybercrime

Committee to Protect Journalists — Mon, 23 Oct 2023 16:49:15 +0000

Abuja, October 23, 2023—Authorities in Nigeria should immediately and unconditionally release journalist Saint Mienpamo Onitsha, swiftly drop all charges against him, and stop criminalizing the press, the Committee to Protect Journalists said on Monday.

On October 10, police officers arrested Onitsha, founder of the privately owned online broadcaster NAIJA Live TV, in the home of his friend Charles Kuboro James in the southern city of Yenagoa, Onitisha’s lawyer Anande Terungwa, and James, told CPJ.

James told CPJ that the officers arrived at his house and forced him at gunpoint to phone and summon Onitisha. The officers then forced both men into police vehicles at gunpoint and began driving towards the police station, he said. James said the officers accused him of involvement in a criminal conspiracy with Onitsha and dropped him on the roadside midway to the station.

Terungwa said the officers held Onitisha overnight at the Criminal Investigation Department office in Yenagoa, capital of Bayelsa State, and then flew him to the capital, Abuja, where he remained in detention in the police headquarters.

On October 17, police charged Onitsha with cyberstalking under the Cybercrimes Act—for which the penalty is a 25 million naira (US$32,694) fine and/or up to 10 years in jail—as well as defamation and the publication of defamatory matter under the Criminal Code Act—for which he could be imprisoned for two years, according to Terungwa and a copy of the charge sheet reviewed by CPJ.

“Nigerian authorities should swiftly and unconditionally drop all charges against journalist Saint Mienpamo Onitsha and reform the country’s laws to ensure journalism is not criminalized,” said Angela Quintal, CPJ Africa Program Coordinator, in New York. “The arrest of a journalist at gunpoint sends a chilling message to the press across Nigeria that they will be treated as criminals if their work displeases authorities.”

CP has repeatedly documented the use of Nigeria’s Cybercrimes Act to prosecute journalists for their work.

The charge sheet cited a September 8 NAIJA Live TV report alleging that there was tension in the southern Niger Delta because a man had been killed by security guards outside the offices of the Presidential Amnesty Program (PAP), which was set up in 2009 to end a militant insurgency in the oil-rich region.

It said the man, Pere Ebidouwei, had gone to Abuja to submit his documents to the PAP after the government delisted some amnesty program beneficiaries, who receive a monthly stipend in exchange for laying down their arms.

Later that day, Onitsha shared a link to the article on Facebook, as well as a video showing someone pouring water over a man lying on a street, who Onitsha identified as Ebidouwei.

He also posted a letter, dated September 8, which appeared to be from solicitors working for the PAP, who said Onitsha’s article was defamatory and demanded that NAIJA Live TV publish a disclaimer and apology or face court action.

On September 9, Onitsha published another article, in which he quoted a PAP statement saying that they “decided to discipline” Ebidouwei for trying to force his way into their offices and that when he “pretended to have passed out,” they arranged for him to go to hospital where he was confirmed to be okay.

As of October 23, Onitsha had not been given a date to appear in court, Terungwa told CPJ.

Nigerian police spokesperson Olumuyiwa Adejobi told CPJ that the officers were carrying out their duties by implementing the law and were not to blame for the charges against Onitsha. Adejobi said he was unaware of allegations that the officers aimed their guns at the two men but he would investigate.

In 2020, Nigerian authorities also charged Onitsha with cybercrimes for his reporting on COVID-19. Onitsha said the case was later withdrawn at the request of the complainant.

CPJ’s phone calls and text messages to PAP and email to the solicitor apparently acting for PAP did not receive any response.

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

Nigerien journalist Samira Sabou charged with treason, cybercrime

Committee to Protect Journalists — Thu, 12 Oct 2023 20:52:44 +0000

Dakar, Senegal, October 12, 2023—The Committee to Protect Journalists has called on Nigerien authorities to drop all charges against journalist Samira Sabou and allow her to work freely.

“Authorities in Niger must swiftly drop all legal proceedings against journalist Samira Sabou, return her phone, and ensure that journalists in the country can work without fear of arrest or prosecution for their work,” said Angela Quintal, CPJ’s Africa program coordinator, from New York. “Sabou faced prosecution under Niger’s previous government, and it is alarming to see the new military authorities continuing efforts to harass and imprison her. It sends a chilling signal to all journalists in Niger.”

On Wednesday, October 11, a magistrate court in the capital, Niamey, provisionally released Sabou, who regularly posts news and commentary on her Facebook page, after 11 days in detention, according to her lawyer, Ould Salem Saïd, and a family member who spoke to CPJ on the condition of anonymity, citing safety concerns. Authorities kept Sabou’s phone and ordered the journalist to provide one week’s notice of any intention to travel to the judge.

Sabou is charged with disseminating data likely to disturb public order, which is punishable by up to three years imprisonment and a maximum fine of 5 million West African francs (US$8,080), and is also accused of maintaining “intelligence with a foreign power,” a treasonous charge that carries the death penalty, according to Article 31 of the cybercrime law and Article 63 of the penal code.

The charges are in connection to Sabou talking to foreign diplomats, using an aircraft flight tracking app called Flightradar24, and a September 29 Facebook post reporting on a document detailing assignments of Niger’s military personnel, according to the family member.

On September 30, four men in plainclothes arrested Sabou at her mother’s home. The Niamey judicial police denied arresting Sabou but called her lawyer on October 7 to inform him that she was being held in custody at their service, Saïd told CPJ.

In July, Niger’s military took control of the government in a coup that overthrew its democratically elected president. Since then, CPJ and other press freedom groups have raised concerns about journalists’ safety in the country.

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

Southeast Asian Casinos Emerge as Major Enablers of Global Cybercrime

by Cezary Podkul — Thu, 05 Oct 2023 09:00:00 +0000

by Cezary Podkul

ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as they’re published.

Mr. Big had a problem. He needed to move what he called “fraud funds” back to China, but a crackdown was making that difficult. So in August, Mr. Big, who, needless to say, did not list his real name, posted an ad on a Telegram channel. He sought a “group of smuggling teams” to, as he put it, “complete the final conversion” of the stolen money by smuggling gold and precious stones from Myanmar into southern China, in exchange for a 10% cut.

It’s unclear whether Mr. Big ultimately succeeded; his ad has since been deleted, and ProPublica was unable to reach him. But the online forum where he posted his ad says a lot about why Americans and people around the world have found themselves targeted by an unprecedented wave of fraud originating out of Southeast Asia, whose vast scale is now becoming apparent. In a single recent criminal investigation, Singapore police seized more than $2 billion in money laundered from a syndicate with alleged ties to organized crime, including “scams and online gambling.”

The Telegram channel that featured Mr. Big’s plea for assistance was a Chinese-language forum offering access to “white capital” — money that has been laundered — “guaranteed” by a casino operator in Myanmar, Fully Light Group, that purports to ensure that deals struck on the forum go through. Fully Light also operates its own Telegram channels that advertise similar services. One such channel, with 117,000 participants, featured offers to swap cryptocurrency for “pure white” Chinese renminbi or “white capital” Singaporean dollars. (Telegram took down that channel after ProPublica inquired about it. Fully Light did not respond to requests for comment.)

The presence of a casino in facilitating such deals is no coincidence. A growing number of gambling operations across Southeast Asia have become key pillars in a vast underground banking system serving organized criminal groups, according to new research by the United Nations Office on Drugs and Crime. The research has not been published, but the agency shared its findings with ProPublica.

There are now over 340 physical casinos across Southeast Asia (as well as countless online ones), and many of them show accelerating levels of infiltration by organized crime, according to the UNODC. The casinos function as “a shadow banking system that allows people to move money quickly, seamlessly, jurisdiction-to-jurisdiction, with almost no restriction,” Jeremy Douglas, UNODC’s top official in Southeast Asia, told ProPublica in September. That has made money laundering “easier than ever before,” he said, and it’s been “fundamental to the expansion of the transnational criminal economy” in the region — especially cybercrime.

As ProPublica reported in detail last year, Southeast Asia has become a major hub for cryptocurrency investment scams that often start as innocent-sounding “wrong number”-type text messages. The messages frequently originate from seedy casino towns in Cambodia, Laos and Myanmar, where criminal syndicates lure workers with the promise of lucrative jobs, only to force them to work as online scammers. UNODC’s map of known or suspected scam compounds shows a clear overlap with gambling hubs in Laos, Myanmar and Cambodia, where allegations of forced online scam labor have become so widespread that they recently prompted Interpol to issue a global warning about the problem, which the international police agency said was occurring on “an industrial scale.”

Gambling has long attracted organized crime, but never more than in Myanmar, Cambodia, Laos and the Philippines, where loose regulations and endemic corruption allow casinos to operate with little oversight or responsibility to report suspicious transactions. Before the COVID-19 pandemic began, officials in those countries wooed Chinese casino operators in an effort to attract foreign direct investment. Criminal bosses, facing a crackdown in China and sanctions imposed by the U.S., began investing in casinos and cutting deals to run their own special economic zones in Myanmar and elsewhere where they could operate unfettered.

When the pandemic struck in 2020, travel restrictions emptied newly built casinos, hotels and offices of workers and visitors across the region. Criminal syndicates repurposed the facilities to house online fraud operations and turned to human smugglers to staff them up. (For example, when Philippine authorities raided several online gambling operators between May and August, they discovered more than 4,400 laborers, most of them human trafficking victims forced to perpetrate online fraud.)

Online casinos can be easily used for money laundering: They often accept cryptocurrency deposits that can be converted to virtual chips and placed in bets or cashed out in currency, making them seem like proceeds of legitimate gambling. That method of money laundering is becoming increasingly common in Southeast Asia.

Physical casinos have their own attractions for money laundering. They have become a draw for a parallel industry of junket operators, who organize gambling trips for high-rollers. Those junkets also attract organized criminal groups that need to move money across borders and do so using junkets’ gambling accounts, according to recent prosecutions by Chinese authorities. Last year, 36 individuals connected to Suncity Group, once one of the biggest junket operators in the world, were convicted in China of facilitating about $160 million in illegal cross-border payments and transactions. The company’s ex-CEO, Alvin Chau, is in jail for running a criminal syndicate and other charges.

In northeast Myanmar, Fully Light Group has emerged as a “multi-billion-dollar business conglomerate and a key player” in casinos and illegal online gambling, according to research by Jason Tower, Myanmar country director for the United States Institute of Peace. “These are not normal casinos in any way,” Tower said, because they’re located in what he calls “criminal enclaves” that are more under the control of organized crime than any government authority. For instance, Tower found hundreds of criminal convictions by Chinese courts related to illegal casinos, fraud, kidnapping, drugs and weapons charges in the Kokang Special Administrative Zone, near Myanmar’s border with China, where Fully Light is based. In its review, UNODC found Kokang casinos — both those owned by Fully Light and by others — also played a major role in money laundering. They operate Telegram channels that openly advertise money laundering services, including some that link back to official Fully Light channels and offer the company’s guarantee to cross-border exchanges of cryptocurrencies. Some Fully Light-affiliated Telegram channels include solicitations to participate in what are known as money mule “motorcades” that move funds through multiple cryptocurrency wallets or bank accounts.

Billions of dollars more are likely flowing into the region, thanks to online scams that show no signs of abating. Nick Smart of the cryptocurrency analytics firm Crystal Blockchain has been tracing the flows of crypto funds deposited into online platforms that are set up to look like investing sites in order to fleece victims. Following the money trail from just one such website, which he suspects to be linked to criminal organizations in Myanmar, led him to a wallet that also pooled funds from 14 other known crypto scams. The wallet received about $44 million in various cryptocurrencies between December and July, when it ceased activity. With thousands of such websites popping up every day, victims’ losses are easily “in the billions,” said Smart, the director of blockchain intelligence at Crystal.

The global cybercrime spree has prompted countries across the region to take a bolder tack. In June, Thailand cut off electricity to two cyberfraud hot spots across its border with Myanmar (with disappointing results). More recently, Thai officials shut down six illegal cellular towers suspected of providing internet service to scam compounds in Myanmar. Chinese authorities have also arrested thousands of their own citizens in dramatic operations that included a humiliating perp walk of hundreds of suspected cybercriminals across a border crossing from Myanmar to China’s southern Yunnan Province on Sept. 6.

On Sept. 26, UNODC unveiled an agreement with China and the 10-member Association of Southeast Asian Nations to jointly combat organized crime and human trafficking linked with casinos and scams. An action plan accompanying the agreement calls on the countries to “make anti-money laundering and wider anti-corruption efforts a higher priority.”

But the challenge is steep. Even as multiple countries crack down, Laos, one of the poorest nations in the region, is getting ready to allow online gambling operators to set up shop within its borders and target foreigners.

And governments need to broaden their focus. Anti-money-laundering regulations often zero in on bank cash transfers of $10,000 or more. The UNODC’s Douglas said governments will need to turn their attention to casinos and other nontraditional financial players. “Everyone’s been focusing on transactions of $10,000 going through banks and flagging suspicious transactions,” Douglas said, “and these guys are moving millions around the corner through the casino, laughing at the system.”

This content originally appeared on Articles and Investigations - ProPublica and was authored by by Cezary Podkul.

Two Nigerian journalists charged with cybercrime over corruption reports

Arlene Getz/CPJ Editorial Director — Tue, 03 Oct 2023 18:54:36 +0000

Abuja, October 3, 2023—Authorities in Nigeria should swiftly drop all charges against journalists Aiyelabegan Babatunde AbdulRazaq and Oluwatoyin Luqman Bolakale and allow them to work freely, the Committee to Protect Journalists said on Tuesday.

On September 11, police officers detained AbdulRazaq and Bolakale, publishers of the independent news websites Just Event Online and The Satcom Media respectively, over their critical reporting about a local politician, according to the two journalists and their lawyer Taofiq Olateju, all of whom spoke with CPJ.

According to the charge sheet, reviewed by CPJ, the September 9 articles contained allegations of abuse of office by Jumoke Monsura Gafar, the former principal private secretary to north-central Kwara State governor AbdulRahman AbdulRazaq, who is not related to the journalist.

On September 13, the two journalists were charged with cyberstalking—punishable by up to three years in jail and a 7 million naira (US$9,024) fine—and conspiracy—which carries a penalty of up to seven years in jail—under the Cybercrimes Act, according to the two journalists, their lawyer, and the charge sheet.

On September 20, the court granted the journalists bail and set a hearing date for October 4, the journalists and their lawyer said.

AbdulRazaq and Bolakale told CPJ that officers at the police headquarters in the state capital, Ilorin, called them in for questioning about their sources on September 11 and they explained that their reports were based on a press release from a political lobby group, which they had cited. The journalists said the police asked them for a contact for the signatory of the press release, which they were unable to provide.

“Authorities in Nigeria should swiftly drop all charges against journalists Aiyelabegan Babatunde AbdulRazaq and Oluwatoyin Luqman Bolakale and allow them to work without intimidation,” said Angela Quintal, CPJ Africa Program Coordinator, in Durban, South Africa. “Yet again we see Nigeria’s cybercrime law being abused to prosecute the press and the police intimidating journalists to reveal their sources. When will lawmakers act to ensure journalism is not criminalized?”

The Satcom Media published an article on September 18 retracting its original report and adding that “we never aimed at tarnishing the image of Ms Jumoke Gafar.” Just Event Online published the same message on its Facebook page. Just Event Online was offline at the time of publication, which AbdulRazaq said was due to a network issue unrelated to the case.

At the time of publication, The Satcom Media’s original report was still online.

The chairperson of the Association of Kwara Online Media Practitioners, Shola Salihu Taofeek, said the police also asked a third journalist, Oyewale Oyelola, managing editor of the Factual Times news website, to come to the station but he went into hiding for fear of being detained. The outlet also published an article on September 9 about Gafar, based on the same press release.

Kwara State police spokesperson Okasanmi Ajayi told CPJ that he was aware of the case but could not comment because it was before the court. CPJ’s calls and text messages to Gafar requesting comment did not receive a reply.

This content originally appeared on Committee to Protect Journalists and was authored by Arlene Getz/CPJ Editorial Director.

Niger journalist Samira Sabou arrested by unidentified men

Committee to Protect Journalists — Mon, 02 Oct 2023 20:50:16 +0000

Dakar, October 2, 2023—The Committee to Protect Journalists called for the immediate release of Nigerien online journalist Samira Sabou after her arrest by unidentified men on September 30.

“The Nigerien authorities must urgently identify the men who arrested journalist Samira Sabou on September 30 and ensure her immediate release and safety,” said Angela Quintal, CPJ’s Africa program coordinator, from Durban, South Africa. “This arrest deepens CPJ’s concerns about the working environment of Nigerien journalists and their ability to inform the Nigerien public without fear of reprisal.”

On Saturday, four men in plainclothes arrested Sabou, who regularly posts news and commentary on her Facebook page, at her home in Niamey, the capital, according to news reports and Abdoul Kader Nouhou, Sabou’s husband, who spoke to CPJ over the phone. Nouhou, who was present during the arrest, said one of the men showed him a card, but refused to show his name.

The men took Sabou to an unmarked vehicle and placed a hood over her head, then returned to the house and took her phone before driving away, Nouhou told CPJ. He said he did not know where Sabou was taken, and the Niamey judicial police had denied arresting her.

On July 26, soldiers overthrew Mohamed Bazoum, Niger’s democratically elected president, and installed a military government called the National Council for the Safeguard of the Homeland (CNSP). On August 25, CPJ joined at least 79 organizations and journalists in calling on Niger’s military authorities to protect the rights and safety of journalists. The joint letter noted an intimidating call Sabou received on August 4 from a member of Niger’s military over her coverage of Bazoum.

In January 2022, the Niamey High Court sentenced Sabou to a one-month suspended prison sentence and a fine for “defamation by an electronic means of communication” related to coverage of drug trafficking issues in Niger. She was also jailed in 2020 on cybercrime charges over a post on her Facebook page about an audit of Niger’s military.

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

PNG’s Chief Censor warns over ‘fake nudes’ harassment of young girls

APR editor — Mon, 25 Sep 2023 21:47:58 +0000

By Marjorie Finkeo in Port Moresby

The rise in social media platforms uploading naked pictures of women and girls has come to the attention of the Censorship Board in Papua New Guinea with Chief Censor Jim Abani warning about the dangers.

In what many have termed as cyber bullying, a picture of women or girls uploaded on social media is then downloaded by other people who use Generative Artificial Intelligence (GAI) in creating new content like images and videos of the women or girls involved in sexual activities, including being naked and also involved in pornography.

Chief Censor Abani said his office had received many complaints regarding GAI in creating new content like images and videos of recent reported cases, including uploading of nude images of females on social media.

He said it was disrespectful and a “disgrace to our mothers and sisters”.

More than 20 girls in Spain reported receiving AI-generated naked images of themselves in a controversy that has been widely reported globally.

When they returned to school after the summer holidays, more than 20 girls from Almendralejo, a town in southern Spain, received naked photos of themselves on their mobile phones.

Chief Censor Abani said the increase of using new and advanced technology features was alarming for a young and developing country such as PNG.

“We are talking about embracing communication and connective and empowering economy but also the high risks and dangers of wellbeing is my concern, Chief Censor Abani said.

“I call on those sick minded or evil minded people to stop and do something useful and contribute meaningful to nation building.

New Facebook trend
“This is a new trend with Facebook users in the country on social media platforms increasing with unimaginable ways of discriminating and harassment using fake names to post images — particularly of young females — that are not suitable for public consumption or viewing,” he said.

He said he was calling on all relevant agencies to come together, including the Censorship Office, to start implementing some policies and regulations to address these
issues.

Chief Censor Abani said people were unaware of dangers — “particularly our female users of social media platforms”.

These acts were without the individuals’ consent and knowledge using Generative AI applications.

“Technology is good but we must use wisely and being responsible in using such information that is provided,” he said.

He said the Censorship Office would work closely with Department ICT, DATACO and NICTA, police cybercrime unit to use the Cybercrime Code Act to punish perpetrators while waiting for the Censorship Act to finalise a review and amendments.

Marjorie Finkeo is a PNG Post-Courier reporter. Republished with permission.

This content originally appeared on Asia Pacific Report and was authored by APR editor.

New Jordanian cybercrime law criminalizes ‘fake news’ online

Committee to Protect Journalists — Tue, 15 Aug 2023 14:39:55 +0000

Beirut, August 15, 2023—In response to Jordanian authorities passing a new cybercrime law that threatens press freedom online, the Committee to Protect Journalists issued the following statement of condemnation:

“The new cybercrime law approved by Jordanian King Abdullah II bin Al-Hussein is alarming, and could see journalists facing harsh prison terms and huge fines over their work,” said CPJ’s Middle East and North Africa program coordinator, Sherif Mansour, in Washington, D.C. “Authorities never should have approved this law, and should now work to repeal it and ensure it will not be used to silence journalists.”

The 2023 Cybercrime Law criminalizes online posts deemed to be “fake news” or which undermine national unity; promote, instigate, aide, or incite “immorality,” or demonstrate “contempt for religion.” Penalties include prison sentences of three months to three years, and fines ranging from 5,000 to 20,000 Jordanian dinars (US$7,000 to 28,000).

Jordan’s parliament passed the law on July 27, and King Abdullah approved it on August 12. The law was published in the official state newspaper on August 13, and is scheduled to come into force on September 12.

The new law amends a 2015 cybercrime law, which was also used to target journalists. Political commentator Adnan al-Rousan was imprisoned in August 2022 for violating the 2015 law by writing articles “insulting to Jordan” and “offensive to the national approach and fabric, and insulting the cohesion of Jordanian society and state institutions.”

Earlier this month, satirical journalist Ahmed al-Zoubi was sentenced to one year in prison for a social media post about a strike over diesel prices, according to media reports.

CPJ emailed the Royal Hashemite Court for comment but did not receive a response.

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

Jailed Nicaraguan journalist Victor Ticay accused of treason and cybercrime

Erik Crouch — Mon, 22 May 2023 20:47:41 +0000

Guatemala City, May 22, 2023—Nicaraguan authorities should drop their criminal investigation into journalist Victor Ticay and release him immediately, the Committee to Protect Journalists said Monday.

On May 19, prosecutors accused Ticay, a correspondent for the Nicaraguan TV station Canal 10, of treason and cybercrime, according to multiple news reports. He has been held at a police station in Managua, the capital, since he was arrested while covering an Easter celebration on April 6.

“Nicaraguan authorities never should have detained journalist Victor Ticay in the first place. By accusing him of crimes that carry harsh prison sentences, authorities are showing how little regard they have for press freedom,” said CPJ Program Director Carlos Martinez de la Serna, in New York. “The case against Ticay should be dropped immediately and Nicaraguan law enforcement must stop targeting journalists for their work.”

Those news reports said that one suspect arrested at the same time and facing the same accusations as Ticay was expected in court on June 7. CPJ could not immediately determine if Ticay is also due in court on that date.

If charged and convicted of treason, Ticay could face up to six years in prison. Convictions for cybercrime carry up to 10 years.

CPJ repeatedly called the Nicaraguan national prosecutor’s office for comment, but no one answered.

This content originally appeared on Committee to Protect Journalists and was authored by Erik Crouch.

Nigerian journalist Agba Jalingo detained on cybercrime charges

Committee to Protect Journalists — Mon, 27 Mar 2023 21:41:58 +0000

Abuja, March 27, 2023 – A federal court in Abuja, Nigeria’s capital, on Monday ordered the detention of CrossRiverWatch publisher Agba Jalingo for allegedly publishing false news that caused “annoyance, ill will and insult,” in violation of Nigeria’s Cybercrimes Act, according to a report by the outlet and CrossRiverWatch editor Jonathan Ugbal, who spoke to CPJ by phone. The charge relates to a June 2022 CrossRiverWatch article alleging that Elizabeth Alami Frank Ayade, sister-in-law to Cross River State Governor Ben Ayade, paid someone to take a law school exam for her.

“Authorities in Nigeria should swiftly ensure the release of CrossRiverWatch publisher Agba Jalingo, drop the charges against him, and allow him to work freely,” said Angela Quintal, CPJ’s Africa program coordinator, in New York. “Frivolous detention and criminalization of journalism in Nigeria have become far too commonplace, and legislators must reform the country’s laws to prevent this.”

Jalingo’s next court date is scheduled for March 30, when his bail application will be heard.

In August 2022, authorities arrested Jalingo following a complaint from Elizabeth Ayade and charged him under the Cybercrimes Act in December 2022. In 2019 and 2020, Jalingo was arrested and detained for nearly six months over his reporting about Governor Ben Ayade.

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

Malawi police detain, charge journalist Dorica Mtenje over story she did not write

Jennifer Dunham — Wed, 22 Feb 2023 16:59:29 +0000

Lusaka, Zambia, February 22, 2023—Malawian authorities should immediately drop defamation and cyber-related charges against Maravi Post journalist Dorica Mtenje and allow her to report free from legal harassment, the Committee to Protect Journalists said Wednesday.

On February 8, police in the capital Lilongwe summoned Mtenje via phone to appear the following day for questioning over a Maravi Post story she did not write or publish, according to news reports, a statement by the Malawi chapter of the regional press freedom body Media Institute of Southern Africa (MISA), a bail form that CPJ reviewed, and a CPJ interview with the journalist. When Mtenje arrived at the station the next day, police detained her for 12 hours and charged her with defamation and offensive communication following a complaint by National Intelligence Service Director General Dokani Ngwira.

“The detention, confiscation of her phone, and charging of Malawian journalist Dorica Mtenje following a complaint from the country’s intelligence chief about an article that was not bylined and that she did not write is a fishing expedition to intimidate the press,” said Angela Quintal, CPJ’s Africa program coordinator, in New York. “We urge Malawian authorities to immediately drop the charges against Mtenje and ensure that criminal defamation is repealed, in the same way that sedition and insulting the president are no longer crimes in Malawi.”

On February 18, President Lazarus Chakwera assented to the Penal Code (Amendment) Bill of 2022, which repeals the crimes of sedition and insulting the president.

On February 9, Mtenje appeared at police headquarters in Lilongwe at around 8 a.m. and was formally charged and detained at about 5 p.m., according to a news report and the journalist. Mtenje said her mobile phone was confiscated but returned upon her release three hours later.

Her supervisor, Lloyd M’bwana, was also summoned for questioning over the same story but he did not appear, according to MISA, Mtenje, and M’bwana, who spoke to CPJ. M’bwana told CPJ he did not go because he did not receive an official summons, only a call from police.

Mtenje is charged with offensive communication, under to Section 87 of the Electronic Transactions and Cyber Security Act, and defamation, under Section 200 of the country’s penal code.

If found guilty of offensive communication, Mtenje faces up to a year in prison or a fine of 1 million Malawian kwacha (US$975), while the defamation charge carries an undefined fine, a two-year imprisonment, or both.

Mtenje told CPJ that she appeared before police on her own and was not accompanied by a lawyer.

“I asked the officer why they summoned me after showing me the story I didn’t even write, but I was told they suspect that me and my boss could have written it,” Mtenje told CPJ. “They took away my phone…at some point, one officer went away with it. It has no password.”

Information Minister Moses Kunkuyu told CPJ he had secured Mtenje’s release and that her case was “closed.” However, the officer who handled the matter claimed to be unaware of the closure after her release, according to Mtenje.

When reached by CPJ via messaging app, Ngwira said he had not made any complaints against a journalist, but he alleged thata tabloid had been writing “lies against my person and the National Intelligence Service without even a single attempt to seek our side of whatever they write.”

Ngwira said a police investigation was what led to the summoning and arrest of Mtenje. “I believe they are still investigating, and even for her to be released quickly was because MISA Malawi through their [chairperson] reached out,” he told CPJ.

Malawi Police Service spokesperson Peter Kalaya did not immediately respond to CPJ’s request for comment sent via messaging app. He is quoted by the MISA statement as saying police were only acting on a complaint by the National Intelligence Service Director.

This content originally appeared on Committee to Protect Journalists and was authored by Jennifer Dunham.

Nigerian journalist Agba Jalingo charged with cybercrime over report on governor’s relative

Committee to Protect Journalists — Thu, 26 Jan 2023 19:46:05 +0000

Abuja, January 26, 2023 – Authorities in Nigeria should swiftly drop the cybercrime charges against journalist Agba Jalingo, cease harassing him for his work, and reform the country’s laws to ensure journalism is not criminalized, the Committee to Protect Journalists said Thursday.

On December 8, 2022, authorities in the southern Nigerian state of Cross River filed cybercrime charges against Jalingo, publisher of the privately owned news website CrossRiverWatch, according to a report by the privately owned news website Sahara Reporters and a charge sheet reviewed by CPJ. Jalingo told CPJ via messaging app that he is expected in court on February 14, 2023.

Authorities charged the reporter under two counts of Section 24 (1)b of Nigeria’s Cybercrimes Act over his outlet’s June 2022 report on Elizabeth Alami Frank Ayade, the sister-in-law of Governor Ben Ayade. If convicted, Jalingo could be imprisoned for three years and fined 7 million naira (US$15,200).

“Nigerian authorities should drop their prosecution and legal harassment of Agba Jalingo and allow him to work without fear of arrest,” said Angela Quintal, CPJ’s Africa program coordinator, in New York. “Lawmakers in Nigeria should recognize that their country’s Cybercrime Act has been repeatedly used to prosecute the press and reform it to ensure journalism is not criminalized.”

CPJ has repeatedly documented the use of Nigeria’s Cybercrimes Act to detain and charge journalists for their work.

The June 30, 2022, CrossRiverWatch article alleged that Elizabeth Ayade paid someone else to take an examination for her while in law school. The charge sheet accuses Jalingo of publishing falsehoods and says the publication intended to cause Ayade “annoyance, ill will and insult.”

Jalingo was previously arrested on August 19, 2022, over the same article, after Elizabeth Ayade filed a defamation and cyberattack complaint to police and requested the outlet retract the report and pay 500 million naira (US$1,086,300) in damages or face litigation. As of January 26, the report remains online.

Fidelis Ogbobe, the prosecutor in the case, told CPJ by phone that he did not regard Jalingo as a journalist and said the charges followed Jalingo’s refusal to retract the publication, which Ogbobe described as a “falsehood.” When CPJ inquired why Jalingo was not considered a journalist and asked additional questions, the line disconnected, and Ogbobe did not respond to subsequent calls.

In 2019 and 2020, authorities detained Jalingo for nearly six months and charged him with cybercrime and other offenses. The charges were later dropped, and the regional Economic Community of West Africa court ordered Nigerian authorities to pay Jalingo compensation for his detention in July 2021. As of January 26, Jalingo said he has yet to receive any payment.

[Editors’ Note: The fifth paragraph was updated to illustrate how broadly the cybercrimes act has been used against journalists.]

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

How the FBI Stumbled in the War on Cybercrime

by Renee Dudley and Daniel Golden — Tue, 18 Oct 2022 09:00:00 +0000

by Renee Dudley and Daniel Golden

ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as they’re published.

Investigating cybercrime was supposed to be the FBI’s third-highest priority, behind terrorism and counterintelligence. Yet, in 2015, FBI Director James Comey realized that his Cyber Division faced a brain drain that was hamstringing its investigations.

Retention in the division had been a chronic problem, but in the spring of that year, it became acute. About a dozen young and midcareer cyber agents had given notice or were considering leaving, attracted by more lucrative jobs outside government. As the resignations piled up, Comey received an unsolicited email from Andre McGregor, one of the cyber agents who had quit. In his email, the young agent suggested ways to improve the Cyber Division. Comey routinely broadcast his open-door policy, but senior staff members were nevertheless aghast when they heard an agent with just six years’ experience in the bureau had actually taken him up on it. To their consternation, Comey took McGregor’s email and the other cyber agents’ departures seriously. “I want to meet these guys,” he said. He invited the agents to Washington from field offices nationwide for a private lunch. As news of the meeting circulated throughout headquarters, across divisions and into the field, senior staff openly scorned the cyber agents, dubbing them “the 12 Angry Men,” “the Dirty Dozen” or just “these assholes.” To the old-schoolers — including some who had risked their lives in service to the bureau — the cyber agents were spoiled prima donnas, not real FBI.

The cyber agents were as stunned as anyone to have an audience with Comey. Despite their extensive training in interrogation at the FBI Academy in Quantico, Virginia, many were anxious about what the director might ask them. “As an agent, you never meet the director,” said Milan Patel, an agent who attended the lunch. “You know the director, because he’s famous. But the director doesn’t know you.”

You also rarely, if ever, go to the J. Edgar Hoover Building’s seventh floor, where the executive offices are. But that day, the cyber agents — all men, mostly in their mid-30s, in suits, ties and fresh haircuts — strode single file down the seventh-floor hall to Comey’s private conference room. Stiffly, nervously, they stood waiting. Then Comey came in, shirt sleeves rolled up and bag lunch in hand.

“Have a seat, guys,” he told them. “Take off your coats. Get comfortable. Tell me who you are, where you live and why you’re leaving. I want to understand if you are happy and leaving, or disappointed and leaving.”

Around the room, everyone took a turn answering. Each agent professed to be happy, describing his admiration for the bureau’s mission.

“Well, that’s a good start,” Comey said.

Then sincerity prevailed. For the next hour, as they ate their lunches, the agents unloaded.

They told Comey that their skills were either disregarded or misunderstood by other agents and supervisors across the bureau. The FBI had cliques reminiscent of high school, and the cyber agents were derisively called the Geek Squad.

“What do you need a gun for?” SWAT team jocks would say. Or, from a senior leader, alluding to the physical fitness tests all agents were required to pass, “Do you have to do pushups with a keyboard in your backpack?” The jabs — which eroded an already tenuous sense of belonging — testified to the widespread belief that cyber agents played a less important role than others in the bureau.

At the meeting, the men also registered their opposition to some of the FBI’s ingrained cultural expectations, including the mantra that agents should be capable of doing “any job, anywhere.” Comey had embraced that credo, making it known during his tenure that he wanted everyone in the FBI to have computer skills. But the cyber agents believed this outlook was misguided. Although traditional skills, from source cultivation to undercover stings, were applicable to cybercrime cases, it was not feasible to turn someone with no interest or aptitude in computer science into a first-rate cyber investigator. The placement of nontechnical agents on cyber squads — a practice that dated to the 1990s — also led to a problem that the agents referred to as “reeducation fatigue.” They were constantly forced to put their investigations on hold to train newcomers, both supervisors and other cyber agents, who arrived with little or no technical expertise.

Other issues were personal. To be promoted, the FBI typically required agents to relocate. This transient lifestyle caused family heartache for agents across the bureau. One cyber agent lamented the lack of career opportunities for his spouse, a businesswoman, in far-flung offices like Wichita. The agents told Comey they didn’t have to deal with “the shuffle” around the country for professional advancement because their skills were immediately transferable to the private sector and in high demand. They had offers for high-profile jobs paying multiples of their FBI salaries. Unlike private employers worried about staying competitive, the FBI wasn’t about to disrupt its rigid pay scale to keep its top cyber agents. Feeling they had nothing to lose, the agents recommended changes. They told Comey that the FBI could improve retention by centralizing cyber agents in Washington instead of assigning them to the 56 field offices around the country. That made sense because, unlike investigating physical crimes like bank robbery, they didn’t necessarily need to be near the scene to collect evidence. Plus, suspects were often abroad.

Most important, they wanted the bureau’s respect.

Comey listened, asked questions and took notes. Then he led them to his private office. They glanced around, most of them knowing they were unlikely to be granted such access to power again. Comey’s desk featured framed photos of his wife and children, and the carpet was emblazoned with the FBI’s seal. The agents had such respect for the bureau that they huddled close so that no one had to step on any part of the seal.

Perhaps the most striking feature of the office was the whiteboard that sprawled across one of the walls. On it was an organizational chart of the bureau’s leadership with magnets featuring the names and headshots of FBI executives and special agents in charge of field offices. Many were terrorism experts who had risen through the hierarchy in the aftermath of the Sept. 11, 2001, attacks.

Comey was sympathetic to his visitors and recognized the importance of cyber expertise to the FBI’s future. At the same time, he wasn’t going to overhaul the bureau and alienate the powerful old guard to please a group of short-timers.

“Look, I know we’ve got a problem with leadership here,” Comey told the cyber agents as they studied the whiteboard, according to agents who were there. “I want to fix it, but I don’t have enough time to fix it. I’m only here for a limited amount of time; it’s going to take another generation to fix some of these cultural issues.” But the agents knew the FBI couldn’t afford to wait another generation to confront escalating cyberthreats like ransomware. Ransomware is the unholy marriage of hacking and cryptography. Typically, the attackers capitalize on a cybersecurity flaw or get an unsuspecting person to open an attachment or click a link. Once inside a computer system, ransomware encrypts the files, rendering them inaccessible without the right decryption key — the string of characters that can unlock the information — for which a ransom is demanded.

Although attacks were becoming more sophisticated, bureau officials told counterparts in the Department of Homeland Security and elsewhere in the federal government that ransomware wasn’t a priority because both the damages and the chances of catching suspects were too small. Instead of aggressively mobilizing against the threat, the FBI took the lead in compiling a “best practices” document that warned the public about ransomware, urged prevention and discouraged payments to hackers. Through an intermediary, Comey, fired from his FBI position by then-President Donald Trump in 2017, declined to comment on the meeting. The FBI acknowledged but did not respond to written questions.

To FBI leadership, ransomware was an “ankle-biter crime,” said an agent who attended the meeting with Comey.

“They viewed it as a Geek Squad thing, and therefore they viewed it as not important,” he said.

Many of the issues the FBI cyber agents raised during their meeting with Comey were nothing new. In fact, the bureau’s inertia in tackling cybercrime dated all the way back to a case involving the first documented state-sponsored computer intrusion.

In 1986, Cliff Stoll was working as a systems administrator at the Lawrence Berkeley National Laboratory when his boss asked him to resolve a 75-cent shortfall in the accounting system the lab used for charging for computing power. Stoll traced the error to an unauthorized user and ultimately unraveled a sprawling intrusion into computer systems of the U.S. government and military. Eventually, the trail led to German hackers paid by the Soviet Union’s intelligence service, the KGB. Stoll immortalized his crusade in the 1989 book “The Cuckoo’s Egg.” In the course of his investigation, he tried seven times to get the attention of the FBI but was rebuffed each time.

“Look, kid, did you lose more than a half million dollars?” the FBI asked him.

“Uh, no,” Stoll replied.

“Any classified information?”

“Uh, no.”

“Then go away, kid.”

Stoll later spoke with an Air Force investigator who summed up the FBI’s position: “Computer crimes aren’t easy — not like kidnapping or bank robbery, where there’s witnesses and obvious losses. Don’t blame them for shying away from a tough case with no clear solution.”

It wasn’t until almost a decade later that the federal government took its first significant step to organize against cyberthreats. After the 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City, the Clinton administration called together a dozen officials from across the government to assess the vulnerability of the nation’s critical infrastructure. Since essential services such as health care and banking were moving online, the committee quickly turned its attention from physical threats, like Timothy McVeigh’s infamous Ryder truck, to computer-based ones.

The group helped establish what became known as the National Infrastructure Protection Center in 1998. With representatives from the FBI, the Secret Service, intelligence agencies and other federal departments, the NIPC was tasked with preventing and investigating computer intrusions. The FBI was selected to oversee the NIPC because it had the broadest legal authority to investigate crime.

Turf battles broke out immediately. The National Security Agency and the Pentagon were indignant about reporting to the FBI about sophisticated computer crimes that they believed the bureau was incapable of handling, said Michael Vatis, then a deputy U.S. attorney general who led the effort to launch the center.

“They said: ‘Oh, no, no, no. It can’t be the FBI,’” Vatis recalled. “‘All they know how to do is surround a crime scene with yellow tape and take down bad guys. And they’re notorious for not sharing information.’”

Meanwhile, infighting over resources roiled the FBI. “You had a lot of old-line people arguing about whether cybercrime was real and serious,” Vatis said. “People who came up through organized crime, or Russian counterintelligence. They were like: ‘This is just a nuisance from teenagers. It’s not real.’”

At the time, only a couple of dozen FBI agents had any experience or interest in investigating computer crime. There weren’t nearly enough tech-literate agents to fill the scores of new job openings in the NIPC. Needing warm bodies, the FBI summoned volunteers from within its ranks, regardless of background. Among them was the New Orleans-based agent Stacy Arruda. During her first squad meeting in 1999, as her supervisor talked about “Unix this, and Linux that,” she realized she was in over her head.

“Arruda, do you have any idea what I’m talking about?” the supervisor asked her.

“Nope.”

“Why are you nodding and smiling?”

“I don’t want to look stupid.”

It was an easy admission because most of the new NIPC agents were similarly uninformed about the world they would be investigating.

When the bureau ran out of volunteers to join the NIPC, agents were “volun-told” to join, Arruda said. That’s what happened to Scott Augenbaum. He said he was assigned to the NIPC because he was the only agent in his Syracuse, New York, office “who had any bit of a technology background,” meaning he “could take a laptop connected to a telephone jack and get online.” He was disappointed by the assignment because it was “not the cool and fun and sexy job to have within the FBI.” His friends in the bureau teased him. “They told me, ‘This cyber thing is going to hurt your career.’”

Following the Sept. 11, 2001, terrorist attacks, FBI Director Robert Mueller created the bureau’s Cyber Division to fight computer-based crime. The division took over the NIPC’s investigative work, while prevention efforts moved to the Department of Homeland Security, which was established in November 2002. The DHS, however, put the computer crime prevention mission on hold for years as it focused instead on deterring physical attacks.

To ramp up the new division, the FBI put a cyber squad in each field office and launched a training program to help existing agents switch tracks. It also benefited from the “patriot effect,” as talented computer experts who felt a call to service applied. Among them were Milan Patel and Anthony Ferrante, two of the agents who would attend the meeting with Comey.

Fresh out of college, Ferrante was working as a consultant at Ernst & Young on 9/11. From his office in a Midtown skyscraper, he watched the towers fall. In the days that followed, he resolved to use his computer skills to fight terrorism. While pursuing a master’s degree in computer science at Fordham University, he met with an FBI recruiter who was trying to hire digital experts for the new Cyber Division. The recruiter asked Ferrante what languages he knew.

“HTML, JavaScript, C++, Business Basic,” he answered.

“What are those?” the perplexed recruiter responded. “I mean, Russian, Spanish, French.”

It wouldn’t be the last time Ferrante felt misunderstood by the bureau. When he arrived at Quantico in 2004, he found himself in a firearms class of about 40 new agents-in-training. There, the instructor asked: “Who here has never shot a gun?”

With his gaze cast downward as he concentrated on taking notes, Ferrante raised his hand. The room became silent. He looked around and saw he was the only one. Everyone stared.

“What’s your background?” the instructor asked.

“I’m a computer hacker,” Ferrante said.

On a campus that recruits jokingly referred to as “college with guns,” his answer was not well received. The instructor shook his head, rolled his eyes and moved on.

Patel arrived at the FBI Academy in 2003 with a college degree in computer science from the New Jersey Institute of Technology. From Quantico, he was assigned to a cyber squad in New York, where his new boss didn’t quite know what to do with him. The supervisor handed him a beeper, a Rand McNally map and the keys to a 1993 Ford Aerostar van that “looked like it was bombed out in Baghdad,” Patel said. Another agent set him up with a computer running a long-outdated version of Windows.

“Oh my God, this is like the Stone Age,” he thought. As time went on, Patel discovered how cumbersome it was to brief supervisors about cyber cases. Since many of them knew little about computers, he had to write reports that he considered “borderline childish.”

“You had to try to relate computers to cars,” he said. “You’re speaking a foreign language to them, yet they’re in charge, making decisions over the health of what you do.”

Patel realized that most of his Cyber Division colleagues, like Arruda and Augenbaum, didn’t have a technical background. The bureau tried to turn traditional law enforcement officers into tech specialists while passing over computer scientists who could not meet its qualifications to become agents. “Is the person who can do 15 pull-ups and run 2 miles around the track in under 16 minutes the same guy that you want decrypting ransomware?” Patel said. “Typically people who write code and enjoy the passion of figuring out malware, they’re not in a gym cranking out squats.”

Some agents ended up in the Cyber Division because it had openings when they graduated from Quantico, or because it was a stop on the way to a promotion. In a popular move, many senior agents and supervisors pursued a final assignment in the division before becoming eligible for retirement at age 50, knowing it made them more attractive to private-sector employers for their post-FBI careers.

“On a bureau cyber squad, you typically have one or two people, if you’re lucky, who can decrypt and do network traffic analysis and programming and the really hard work,” Patel said. “And you’ve got two or three people who know how to investigate cybercrime and have a computer science degree. And the rest — half of the team — are in the cyber program, but they don’t really know anything about cyber.” Some of those agents made successful cases anyway, but they were the exception.

Despite the internal headwinds, Patel worked on some of the bureau’s marquee cybercrime cases. He led the investigation into Silk Road, the black-market bazaar where illegal goods and services were anonymously bought and sold. As part of a sprawling investigation into the dark web marketplace, law enforcement located six of Silk Road’s servers scattered across the globe and compromised the site before shutting it down in October 2013. Ross Ulbricht, of San Francisco, was later found guilty on narcotics and hacking charges for his role in creating and operating the site. He is serving two life sentences plus 40 years in prison. Patel was nominated for the FBI Director’s Award for Investigative Excellence; he became a Cyber Division unit chief, advising on technology strategy. Then, shortly after the Dirty Dozen meeting with Comey, he left the FBI for a higher-paying job in the private sector.

Ferrante was selected for the FBI’s Cyber Action Team, which deployed in response to the most critical cyber incidents globally. As a supervisory special agent, he became chief of staff of the FBI’s Cyber Division. After the meeting with Comey, Ferrante remained in the FBI for another two years. He left in 2017 to become global head of cybersecurity for FTI Consulting, where he worked with companies victimized by ransomware.

He kept tabs on the bureau’s public actions in fighting the crime. Despite occasional successes, he said in 2021 that he was disappointed by the small number of ransomware-related indictments in the years that followed Comey’s 2015 gathering.

“They would work cases, but those cases would just spin, spin, spin,” Ferrante said. “No, they’re not taking it seriously, so of course it’s out of control now because it’s gone unchecked for so many years. … Nobody understood it — nobody within the FBI, and nobody within the Department of Justice. Because they didn’t understand it, they didn’t put proper resources behind it. And because they didn’t put proper resources behind it, the cases that were worked never got any legs or never got the attention they deserved.”

By 2012, FBI leadership recognized that most crimes involved some technical element: the use of email or cellphones, for example. So that year, it began to prioritize hiring non-agent computer scientists to help on cases. These civilian cyber experts, who worked in field offices around the country, did not carry weapons and were not required to pass regular physical fitness tests. But respect for the non-gun-carrying technical experts was lacking. This widespread condescension was reflected in a nickname that Stacy Arruda, the early NIPC agent who went on to a career as a supervisor in the Cyber Division, had for them: dolphins.

“Someone who is highly intelligent and can’t communicate with humans,” said Arruda, who retired from the FBI in 2018. “When we would travel, we would bring our dolphins with us. And when the other party started squeaking, we would have our dolphins squeak right back at them.”

If agents like Patel and Ferrante had a hard time winning the institutional respect of the FBI, it seemed almost impossible for the dolphins to do so. They worked on technical aspects of all types of cases, not just cyber ones. Yet, despite the critical role they played in investigating cyber cases — sometimes as the sole person in a field office who understood the technical underpinnings of a case — these civilian computer scientists were often regarded as agents’ support staff and treated as second-class citizens.

Randy Pargman took a circuitous route to becoming the Seattle field office’s dolphin. As a kid in California, Pargman regularly hung out with his grandma, who was interested in technology. She bought magazines that contained basic code and helped Pargman copy it onto their Atari video game console. It was his introduction to computer programming. Later, as a teenager, Pargman was drawn to a booth of ham radio enthusiasts at a county fair and soon began saving up to buy his own $300 radio. It was the early 1990s, before most home users were online, so Pargman was thrilled when he used the radio to access pages from a library in Japan and send primitive emails.

After high school, Pargman put his radio skills to work when he became a Washington State Patrol dispatcher. Although it wasn’t a part of the job description, he created one computer program to improve the dispatch system’s efficiency and another to automate the state’s process for investigating fraud in vehicle registrations. The experience led him to study computer science at Mississippi State. In the summer of 2000, while still in college, Pargman completed an FBI internship, an experience that left him with a deep appreciation for the bureau’s mission. So, following brief stints working for the Department of Defense and as a private sector software engineer once he graduated, he applied to become an agent. He was hired in 2004, around the same time as Patel and Ferrante.

Like those two agents, Pargman was shocked by the digital Stone Age he found himself in upon arriving. At the FBI Academy, a computer instructor gave lessons on typing interviews and reports on WordPerfect, the word processing platform whose popularity had peaked in the late 1980s. To Pargman, even more outrageous than the FBI’s use of WordPerfect was the notion that agents would need instruction on such a basic program. The first week of class, the instructor delivered another surprise.

“OK, who are the IT nerds in here?” he asked.

After Pargman and a classmate raised their hands, the instructor addressed them directly.

“You’re not going to be working on cybercrimes. You’re going to be working on whatever the bureau needs you to do.”

The other tech-savvy recruit later confided to Pargman that he was dropping out of the FBI Academy to return to private industry. “This is not what I thought it was going to be,” he said.

Pargman was similarly torn. He believed in the FBI’s mission but wanted to work solely on cybercrime. Like Ferrante, he didn’t have experience with guns, and he was unsure about how he would handle that aspect of the job. He faced a reckoning when an FBI speaker led a sobering session about the toughest aspects of working for the bureau, from deadly force scenarios to the higher-than-average rates of suicide and divorce among agents.

After consulting with FBI counselors and a bureau chaplain, Pargman decided he didn’t want to become an agent. Instead, he stayed in the FBI as a civilian, working as a software developer at the FBI Academy. Eight years later, when the FBI launched the computer science track, Pargman eagerly applied. He became the Seattle field office’s dedicated computer scientist in October 2012.

“This is why I had gotten into the FBI to begin with,” Pargman said. “I can concentrate just on cybercrime investigations and not have to deal with the whole badge and gun.”

Once Pargman got to Seattle, he began to dream big. His vision: The FBI could model its Cyber Division after one of the world’s most successful computer crime-fighting law enforcement organizations, the Dutch High Tech Crime Unit. He knew how traditional and hidebound the bureau was, how different from the HTCU and its innovative culture. But, ever idealistic, he hoped that the HTCU’s remarkable track record would persuade the FBI to adopt elements of the Dutch approach.

Pargman had long been familiar with the HTCU’s reputation for arresting hackers and disrupting their infrastructure. When he met a Dutch officer through an FBI program for midcareer professionals, he asked her the secret to the HTCU’s success. Her response was straightforward: the HTCU was effective because it paired each traditional police officer with a computer scientist, partnerships that had been a founding priority of the unit. While the HTCU computer scientists weren’t required to pass police exams, meet physical fitness requirements, or handle weapons, they nonetheless were entitled to the same rank and promotions as their traditional counterparts. They also were not obligated to pivot to noncomputer work during their police careers.

The density of computer science experts in the HTCU astounded Pargman, who thought it was brilliant. He suggested the Dutch approach to managers in the FBI’s Operational Technology Division, which oversaw the new computer science track. They laughed.

“We can’t get funding for that many computer scientists,” one contact told him. “That would be crazy.”

Pargman acknowledged that, since the FBI’s Cyber Division was much larger than the Dutch Police’s HTCU, establishing a one-to-one partnership was a stretch. Yet the FBI’s setup all but ensured that its drastically outnumbered computer scientists would not find a collective voice, as the tech experts had done in the HTCU. As Pargman dug into cyber investigations in Seattle, he learned that the bureau’s staffing imbalance was straining its cyber experts, both civilian computer scientists and technically advanced agents like Patel and Ferrante.

Many of the cyber agents Pargman worked with in Seattle had prior careers as accountants, attorneys or police officers. To get acquainted with the digital world, they took crash courses offered by the SANS Institute, the bureau’s contractor for cybersecurity training; popular offerings included Introduction to Cyber Security and Security Essentials Bootcamp. From an institutional perspective, learning on the job to investigate computer crime was no different from learning on the job to investigate white-collar or gang crime. But FBI leadership didn’t take into account something that early leaders in the Dutch HTCU knew from the unit’s start: It’s not easy to teach advanced computer skills to someone who has no technical background.

Cyber agents routinely came to Pargman with basic tasks such as analyzing email headers, the technical details stored within messages that can contain helpful clues.

“This is easy, you need to learn how to do this,” Pargman told one agent. He produced the IP address from the headers.

“What does that mean?” the agent responded. “What is this IP address?”

Pargman had to make the time to help because, if he didn’t, the agent might do something embarrassing, like attempt to subpoena publicly available information “because they just didn’t know any better.”

In the FBI, investigations into specific ransomware strains were organized by field office. For example, Springfield, Illinois, investigated complaints involving a strain called Rapid, while Anchorage, Alaska, investigated those related to Russia-based Ryuk, one of the first ransomware gangs to routinely demand six-figure payments and to carefully select and research its targets. From time to time, Pargman learned of victim complaints to the Seattle office about emerging ransomware strains. Since cases weren’t assigned directly to computer scientists, he pushed the agents to take them on. “Oh boy, here’s one that nobody is working,” he told one colleague.

“Let’s jump on this.”

“That sounds amazing,” the agent responded. “But I’ll be so busy with that case that I won’t get to do anything else.”

In the early days of ransomware, when hackers demanded no more than a few hundred dollars, the FBI was uninterested because the damages were small — not unlike Cliff Stoll’s dilemma at Berkeley. Later, once losses grew to hundreds of thousands or even millions of dollars, agents had other reasons to want to avoid investigating ransomware. In the FBI, prestige springs from being a successful “trial agent,” working on cases that result in indictments and convictions that make the news. But ransomware cases, even with the enthusiastic support of a computer scientist like Pargman, were long and complex, with a low likelihood of arrest.

The fact that most ransomware hackers were outside the United States made the investigative process challenging from the start. To collect evidence from abroad, agents needed to coordinate with federal prosecutors, FBI legal attachés and international law enforcement agencies through the Mutual Legal Assistance Treaty process. Seemingly straightforward tasks, such as obtaining an image of a suspicious server, could take months. And if the server was in a hostile country such as Iran or North Korea, the agents were out of luck. Aware of this international labyrinth, even some federal prosecutors discouraged agents from pursuing complex cyber investigations.

During Pargman’s time as Seattle’s computer scientist, the field office took on a number of technically sophisticated cases. He was especially proud of one that led to the Justice Department’s indictment, unsealed in 2018, of hackers accused in the notorious Fin7 attacks. They breached more than 100 U.S. companies and led to the theft of more than 15 million customer credit card records. But during his seven years in Seattle, the office never got a handle on ransomware.

“If you spend all of your time chasing ransomware, and for years you never make a single arrest of anybody, you’re seen as a failure,” Pargman said. “Even if you’re doing a ton of good in the world, like sharing information and helping protect people, you’re still a failure as an investigator because you haven’t arrested anybody.” Despite its own inaction, the FBI feuded with the other federal agency responsible for investigating ransomware: the Secret Service. Although the Secret Service has been guarding presidents since 1894, its lesser-known mission of combating financial crimes dates back even longer — to the day in April 1865 that Abraham Lincoln was assassinated. Before heading to Ford’s Theatre, Lincoln signed legislation creating the agency and giving it the mandate to fight counterfeit currency. As financial crime evolved and moved online, the Secret Service and the FBI squabbled over cases. Although it, too, had a federal mandate to fight computer crime, the Secret Service was sometimes bigfooted by the FBI, said Mark Grantz, who was a supervisory special agent for the Secret Service in Washington.

“They’d say: ‘Yeah, we’ve got a case on that already. We were looking at him five years ago. Give us everything you’ve got and we’ll go from there.’ That was their M.O.,” Grantz said. It left him wondering: “You haven’t touched that case in five years, why are you asking me for my case file?”

Grantz led an investigation into a ransomware attack in January 2017, eight days before Donald Trump’s inauguration. The strike disabled computers linked to 126 street cameras in a video surveillance system monitoring public spaces across Washington, D.C., including along the presidential parade route. Instead of paying the five-figure ransom, the district scrambled to wipe and restart the cameras, which were back online three days before the swearing-in. Assisted by other law enforcement organizations, the Secret Service traced the hack to two Romanians, who were arrested in Europe, extradited to the United States and found guilty on wire fraud charges — an uncommon U.S. law enforcement success against ransomware operators.

Other Secret Service investigations sometimes stalled because agents had to rotate away for protective detail. “That’s where it gets frustrating,” Grantz said. “You’d train someone. They’d do digital forensics for five years. They’d get really good at it. And then you’d send them off to do presidential detail.”

Randy Pargman also grew frustrated by the FBI’s reluctance to engage meaningfully with private-sector cybersecurity researchers like the Ransomware Hunting Team. An elite, invitation-only group of tech wizards in seven countries, the team has uncovered keys to hundreds of ransomware strains, saving millions of individuals, businesses, schools and other victims from paying billions of dollars in ransom. When the FBI did connect with experts in the private sector, sensitive information typically flowed only in one direction — to the bureau.

Following large cyberattacks against U.S. targets, the FBI routinely affirmed its commitment to public-private partnerships to help prevent and gather intelligence on such strikes. But some agents believed the rhetoric was hollow, comparing it to public officials’ offering “thoughts and prayers” after mass shootings. The reality was that many people in the FBI had a deep distrust of private-sector researchers.

“There’s this feeling among most agents that if they share even a little bit of information with somebody in the private sector, that information will get out, broadcast over the internet — and the bad guys will definitely read it, and it will destroy the whole case,” Pargman said.

Even though he couldn’t work on ransomware cases, Pargman found ways to feel fulfilled in his job, including by helping organizations defend themselves against impending cyber intrusions. He examined malware command-and-control servers obtained through the MLAT process, then alerted potential victims to imminent attacks. “That was a really good feeling because we stopped a ton of those intrusions,” he said. FBI leadership rewarded his efforts: Pargman earned both the FBI Director’s Award for Excellence in Technical Advancement and the FBI Medal of Excellence.

But he grew tired of his subordinate role as an “agent helper,” and he thought about how things would be different if the FBI were more like the Dutch HTCU. In the bureau, he couldn’t be promoted since Cyber Division leadership roles were open only to agents. And while agents could retire at 50 with full pensions, he had to wait until age 62, and would receive less money. In 2019, Pargman resigned from the FBI, telling his supervisor he wanted to be in a role where he could enact changes rather than just suggest them.

“I love working for the FBI,” he told his supervisor. “It’s very meaningful and fulfilling. But there is no leadership spot for me to go to, only because I’m not an agent. So you cannot be upset that I’m going to get a job where I can be a leader, and make changes, and create a team to do big things.”

When it came to ransomware, the FBI didn’t have a lengthy roster of achievements to boast about. It would not be until after the May 2021 attack on the Colonial Pipeline, which shuttered gas stations across the Southeast, that the FBI would prioritize the ransomware threat and embrace assistance from private researchers like the Ransomware Hunting Team. But even with its new emphasis on ransomware, the FBI didn’t undertake fundamental reforms to expand its roster of cyber experts. It still wanted its cyber agents to be athletic college graduates with relevant job experience, who also had to be willing to shoot a gun, relocate their families and pivot away from investigating cybercrime as needed.

The bureau’s reluctance to adapt disappointed some former agents. “I think the next generation of cyber people in the bureau should be the type of people who want to be cyber first, and not agents at all,” said Patel, one of the agents who attended the 2015 meeting with Comey. “The bureau needs expertly trained technical programmers, cybersecurity engineers, that know how to write code, compile, dissect and investigate — and it has nothing to do with carrying a gun.”

Excerpted from “The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World from Cybercrime” by Renee Dudley and Daniel Golden. Published by Farrar, Straus and Giroux. Copyright © 2022 by Renee Dudley and Daniel Golden. All rights reserved.

This content originally appeared on Articles and Investigations - ProPublica and was authored by by Renee Dudley and Daniel Golden.

Zimbabwean authorities charge journalist Hope Chizuzu under cybercrime law

Committee to Protect Journalists — Thu, 06 Oct 2022 21:16:07 +0000

Lusaka, October 6, 2022—Zimbabwean authorities should immediately drop charges against sports freelancer journalist Hope Chizuzu, return his electronic devices, and allow him to carry out his work freely, the Committee to Protect Journalists said Thursday.

Around midmorning on September 29, police detectives went to Chizuzu’s office in the central business district of the capital Harare, where they informed him that he was under arrest, but did not disclose why, the journalist told CPJ via messaging app.

A few minutes later, Chizuzu was taken to Harare Central Police Station, where police informed him that Moses Chunga and Eric Aisam, Dynamos Football Club board members, opened a case against him for allegedly transmitting false messages, the journalist said.

Chizuzu, who mostly publishes stories on Facebook, was charged with transmitting false data messages intending to cause harm, in violation of Section 164C of the Data Protection Act, which amends the Criminal Law (Codification and Reform) Act, and his mobile phone and an iPad were confiscated, according to the journalist, a news report and the Zimbabwe chapter of the regional press freedom group Media Institute of Southern Africa.

Authorities released Chizuzu after documenting a warning statement and told him that he would soon be required to appear in court, the journalist said. His devices remain in police custody for “further investigations,” Chizuzu said.

“Zimbabwean police must immediately drop the charges against journalist Hope Chizuzu, immediately return the journalist’s electronic devices, and stop the abuse of the country’s cyber security laws to silence journalists,” said Angela Quintal, CPJ’s Africa program coordinator, in New York. “Chizuzu has become the latest victim of the country’s draconian cyber laws which are inimical to press freedom as Zimbabweans head to the polls next year.”

Chizuzu is the third journalist to be arrested in Zimbabwe over alleged violations of a cybercrime law since the Data Protection Act was enacted in 2021. (On August 2, 2022, police in Zimbabwe arrested Alpha Media Holdings journalists Widsom Mdzungairi and Desmond Chingarande on charges of transmitting “false data intending to cause harm.”) If convicted of transmitting false data messages, Chizuzu could face a fine of 70,000 Zimbabwean dollars (US$193) and up to five years in prison.

“The new cyber laws are being abused by those who are against the corruption fight … Even the (complainants’) statement to police failed to provide the claimed falsehoods,” Chizuzu said, questioning the police’s authority to arrest him and take possession of his devices.

CPJ was unable to reach Chunga and Aisam by phone and they did not respond to a request for comment sent via messaging app. Dynamos club spokesperson Eric Mvududu also did not respond to a request for comment sent via messaging app.

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

Bangladeshi journalist Imran Hossain Titu investigated under Digital Security Act

Jennifer Dunham — Tue, 23 Aug 2022 19:12:05 +0000

On April 5, 2022, the Barisal Cyber Tribunal, which adjudicates alleged cybercrime offenses in Bangladesh’s southern Barisal division, accepted a complaint against Imran Hossain Titu, the Barguna district correspondent for privately owned broadcaster Ekattor TV, for allegedly violating the Digital Security Act, according to a statement by the Bangladesh Federal Union of Journalists, a local trade group, which CPJ reviewed; a copy of the complaint, which CPJ also reviewed; and the journalist, who spoke with CPJ in a phone interview.

The complaint stems from a video investigation by Titu, which was broadcast by Ekattor TV on March 1, 2022, alleging that a local shrine’s management committee, led by Shahidul Islam Mollik, general secretary of the Mirzaganj Union Parishad, an administrative government unit, had engaged in corruption.

Mollik’s nephew, Badal Hossain, filed the complaint, which accused the journalist of violating three sections of the Digital Security Act, pertaining to defamation, unauthorized collection of identity information, and publication of false, threatening, or offensive information, according to those sources. Each of those offenses can carry a prison sentence of between three and five years, and a fine between 300,000 taka (US$3,160) and 1,000,000 taka (US $10,530).

Titu told CPJ that after conducting research for the investigation in Mirzaganj, Hossain had called him on February 19 and urged him not to publish the report.

On February 20, Hossain came to the Ekattor TV office in the town of Patuakhali and offered the journalist a bribe in exchange for agreeing not to publish the report, according to Titu and CCTV footage of the incident, which was shown in Titu’s video investigation.

When reached via messaging app, Hossain denied the allegations that he pressured Titu not to publish the report.

Titu told CPJ that after accepting the complaint, the Barisal Cyber Tribunal subsequently ordered the Mirzaganj police station to investigate the complaint. Anowar Hossain Talukdar, the station’s officer in charge, is the vice president of the shrine’s management, according to Titu and a document issued by the Waqf Administration, a regulatory agency under the Ministry of Religious Affairs, which CPJ reviewed.

Mollik and Talukdar did not respond to CPJ’s requests for comment sent via messaging app.

Titu said that he expects to be summoned for further hearings after the police submits its investigative report to the tribunal. Under Section 40 of the Digital Security Act, investigations are to be completed within 60 days, with the possibility of extension upon court approval. Titu told CPJ that police did not complete the investigation within the 60-day period, adding that he was not informed that they were granted an extension.

Titu said he has repeatedly received direct, in-person threats from politicians and their associates for his extensive reporting on their alleged corruption. He fears these political leaders have banded together in recent months, he told CPJ, and are planning further retaliation against him, including possibly arrest.

CPJ has repeatedly documented the use of the Digital Security Act to harass journalists in retaliation for their work, and has called for the law’s repeal.

This content originally appeared on Committee to Protect Journalists and was authored by Jennifer Dunham.

Three PNG government agencies have power to censor Facebook

APR editor — Thu, 03 Feb 2022 11:27:35 +0000

By Phoebe Gwangilo in Port Moresby

Censoring of Facebook in Papua New Guinea can be addressed by three mandated government agencies, says Chief Censor Jim Abani.

He was responding to the Post-Courier on how his office was dealing with indecent content posted on Facebook in view of a controversy over a video of an alleged child molester.

“FB censoring is to be addressed by three agencies with relevant responsibilities that are mandated to carry out policies and regulations,” Abani said.

READ MORE: Other Facebook reports

He added: “In the event that pictures and sexual references and connotations are published then the censor will say its objectionable publication.”

Abani said the Cyber Crime Code Act defined penalties for cyber harassment and cyber bullying.

“NICTA (National Information and Communications Technology Authority) may look into electronic devices used to commit crime or offence while Censorship Office will vet or screen the content of materials and determine whether it’s explicit, or not explicit and allowed for public consumption.”

He said police under the Summary Offences Act are equally responsible to censor illicit material posted online.

“Indecent publication published is in the amended Summary Offences Act.”

No comment on specific case
Abani could not comment on the specific video of the alleged 16-year-old child molester, saying that his officers were still working on gathering information.

However, he added that the approved 2021-2025 National Censorship Policy called for partnership and a collaborative approach from each responsible agency.

Abani said a new trend in the digital space had meant the Censorship Office to build its capacity to monitor and control apart from developing the recently launched policy it had been currently doing by reviewing the Censorship Act 1989.

The office was also working on signing an agreement with an internet gateway service provider.

Phoebe Gwangilo is a PNG Post-Courier reporter. Republished with permission.

This content originally appeared on Asia Pacific Report and was authored by APR editor.

Why the UN’s push for a cybercrime treaty could imperil journalists simply for using the internet

Madeline Earp/CPJ Consultant Technology Editor — Tue, 18 Jan 2022 17:19:08 +0000

Cybercrime is on the global agenda as a United Nations committee appointed to develop a treaty on the topic meets for the first time this week. The process is slated to take at least two years, but experts warn that such a treaty – initially proposed by Russia – could hand new tools to authorities looking to punish those who report the news.

The issue stems from competing definitions of cybercrime, one narrowed on malicious hacking of networks and data, the other encompassing any crime facilitated by a computer. It matters because many authorities around the world already invoke cybercrime or cybersecurity laws to punish journalists – not for secretly hacking into networks or systems, but for openly using their own to publicize wrongdoing.

“When there’s ambiguity, some governments will take advantage of that and try to use it to clamp down on speech,” Deborah Brown, senior researcher for digital rights at Human Rights Watch, told CPJ. Brown has written about a global surge in national cybercrime laws undermining human rights. “It’s important to look not just at what’s being proposed at the global level, but at how national governments are interpreting their own laws,” she told CPJ.

Cybercrime laws criminalize topics like false news in Nicaragua, Nigeria, and Sudan, among other countries. Journalists have been arrested on cybercrime charges in Iran for reporting on the economy; in Pakistan for investigative and political commentary; and in Benin, for alleged defamation.

In 2011, CPJ warned about Russia’s push, along with China and a handful of other U.N. member states, to propose an “information security” code to combat online information that could incite terrorism or undermine national stability, charges both countries have levied against journalists.

“This has been part of Russia’s agenda for a while, and China has also been pushing for a treaty that would achieve similar goals – simply to extend more state control over the internet,” said Sheetal Kumar, head of global engagement and advocacy at Global Partners Digital, a London-based organization advocating digital rights.

CPJ emailed the Russian and Chinese permanent missions to the U.N. in New York to request comment but received no response.

Cybercrime measures can affect the press even if they don’t explicitly criminalize speech. According to Kumar, some seek to undermine encryption, a privacy feature that helps journalists protect files and communicate privately with sources and colleagues. CPJ has reported on journalists facing trumped-up hacking charges in retaliation for reporting, like Egypt’s Nora Younis. Journalists in the U.S. have told CPJ that the federal Computer Fraud and Abuse Act criminalizes data-gathering and verification activities that ought to be considered a routine part of reporting the news. In one recent local U.S. case, Missouri governor Mike Parsons said on December 29 that he expected prosecutors to charge St. Louis Post-Dispatch reporter Josh Renaud under a state anti-hacking statute for publicizing a local government website vulnerability that had exposed teachers’ Social Security numbers.

But journalists could be even more vulnerable if a global convention entrenches a broader definition of computer-enabled cybercrime, according to Brown at Human Rights Watch. “The [U.N.] treaty has the potential to criminalize certain behavior and content online,” she said.

“Jordan, Indonesia, Russia, China, and others want to see a much broader scope [for the treaty] with so-called morality crimes, disinformation – more content-based crimes,” Kumar said, citing national statements submitted ahead of the convention. CPJ has documented journalists imprisoned under both Jordan’s Cybercrime Law and Indonesia’s Electronic Information and Transactions Law in the past.

Many U.N. member states are calling for increased international cooperation in cybercrime investigations, which could see more information about alleged criminals shared across borders, according to Kumar.

“What’s good is that a number of states have said they want a rights-respecting approach,” she said. “But the devil is in the detail. You’re asking for increased [law enforcement] powers, you’re also saying human rights need to be protected. That’s where the issues will lie.”

Three journalists accused under cybercrime laws:

Rappler editor Maria Ressa faces charges in the Philippines. (Reuters/Eloisa Lopez)

Filipino journalist Maria Ressa, who was awarded the Nobel Peace Prize in October, is battling a spate of spurious libel charges under the Philippines’ 2012 Cybercrime Prevention Act in connection with reporting by her news website, Rappler, and could face a six-year prison sentence if one conviction from 2020 is not overturned on appeal.
Bangladeshi reporter Ruhul Amin Gazi has been jailed for over a year without trial because a 2019 report about an executed opposition leader published by his employer, the Bangla-language Daily Sangram newspaper, was available on the internet, triggering a criminal complaint under the Digital Security Act, Rezaur Rahman Lenin, an independent academic and activist based in Dhaka who has followed the case, told CPJ. Local courts deny bail to those charged under the law so often that the prosecution itself is a punishment, Lenin said.
Nigeria’s Cybercrimes Act criminalizes using computers to transmit information that could cause annoyance or that the sender knows to be false; Luka Binniyat, a Nigerian journalist who contributes to the U.S.-based outlet The Epoch Times, was arrested under the Cybercrimes Act in November 2021 and continues to be held in advance of a February 3 court hearing.

This content originally appeared on Committee to Protect Journalists and was authored by Madeline Earp/CPJ Consultant Technology Editor.

Niger journalists Moussa Aksar and Samira Sabou convicted, fined under cybercrime act

Committee to Protect Journalists — Thu, 13 Jan 2022 16:30:07 +0000

New York, January 13, 2022 — Nigerien authorities should not contest the appeals of journalists Moussa Aksar and Samira Sabou, and should reform the country’s cybercrime law to ensure it is not used to prosecute the press, the Committee to Protect Journalists said today.

On January 3, the High Court in Niamey, Niger’s capital, convicted Aksar and Sabou of violating the country’s 2019 cybercrime law, according to Ahamed Mamane, the journalists’ lawyer, who spoke to CPJ in a phone interview.

The court convicted Sabou, editor of the privately owned Niger Search news website and manager of the privately owned Mides-Niger news website, of “defamation by electronic communication,” according to Mamane and court documents reviewed by CPJ.

Aksar, publication director of the privately owned L’Evénement newspaper and chair of the Norbert Zongo Cell for Investigative Journalism in West Africa (CENOZO), a Burkina Faso-based news outlet and investigative journalism organization, was convicted of the same defamation charge and of “dissemination of data likely to disturb public order or undermine human dignity,” according to those sources.

Aksar was given a suspended prison sentence of two months and fined 100,000 West African francs (US$172); Sabou was given a suspended prison sentence of one month and fined 50,000 francs (US$86), according to Mamane and those documents.

The journalists appealed the convictions on January 4; Mamane told CPJ that a hearing date for the appeal had not been set.

“Authorities in Niger should not oppose journalists’ Moussa Aksar and Samira Sabou’s appeals of their convictions, and should instead focus on reforming their cybercrime law to ensure journalists are not subject to legal harassment,” said Angela Quintal, CPJ’s Africa program coordinator. “Across Africa and the world, laws focused on cybercrime have been leveraged to prosecute journalists for sharing or reporting news online. It’s an alarming trend that must be reversed.”

The charges stem from the journalists’ connections to a May 2021 report about drug trafficking in Niger, originally published by the Global Initiative Against Transnational Crime, a Switzerland-based organization that tracks organized crime.

L’Evénement republished that report on its website, and Mides-Niger published a summary of the report, which Sabou also posted on her Facebook page, according to Mamane and Sabou, who also spoke to CPJ by phone. Sabou’s professional Facebook page, where she frequently posts reporting and commentary, has about 110,000 followers.

In a response to that reporting, Niger’s Central Office for the Repression of Illicit Trafficking (OCRTIS) defended its work and said the report contained “unfounded accusations.”

Authorities arrested and questioned Sabou over that report in May, and summoned Aksar about it in July, according to a joint statement by the U.N. Special Rapporteurs for human rights defenders and freedom of opinion and expression.

In June, the Central Office for the Repression of Illicit Trafficking filed a defamation complaint against the Global Initiative; it withdrew that complaint in December, but Niger’s state prosecutor continued the prosecution of the journalists for sharing the reporting, according to multiple reports by the initiative and the withdrawal request letter, which CPJ reviewed.

Reached by phone yesterday, Niger state prosecutor Chaibou Moussa Saidou Maïga requested questions on the case sent via messaging app; CPJ sent those questions but received no response.

When CPJ called Omar Guero Dan Mallal, a lawyer for the Central Office for the Repression of Illicit Trafficking, he asked CPJ to call back in an hour; when CPJ did so, no one answered. CPJ’s calls to the organization’s director, Boubacar Issaka Oumarou, also went unanswered.

Separately, in May 2021, Aksar was convicted of defamation under the cybercrime law and ordered to pay 200,000 West African francs (US$367) in a fine and 1,000,000 francs (US$1,835) in damages over a September 2020 L’Evénement report alleging embezzlement at the country’s Ministry of Defense, according to Mamane, as well as news reports and a tweet by the Norbert Zongo Cell for Investigative Journalism in West Africa. Mamane told CPJ that Aksar has appealed that conviction and the next court date is scheduled for March 14.

Previously, in June 2020, Sabou was jailed on cybercrime charges following a defamation complaint about a post on her Facebook page about an audit of Niger’s military, as CPJ reported at the time. Mamane told CPJ that the case had been sent for review by the Court of Cassation, and a next hearing date had not been set.

This content originally appeared on Committee to Protect Journalists and was authored by Committee to Protect Journalists.

Calling out China for cyberattacks is risky — but a lawless digital world is even riskier

APR editor — Tue, 20 Jul 2021 23:08:03 +0000

ANALYSIS: By Alexander Gillespie, University of Waikato

The multi-country condemnation of cyber-attacks by Chinese state-sponsored agencies is a sign of increasing frustration at recent behaviour. But it also masks the real problem — international law isn’t strong or coherent enough to deal with this growing threat.

The coordinated announcement by several countries, including the US, UK, Australia and New Zealand, echoes the most recent threat assessment from the US intelligence community: cyber threats from nation states and their surrogates will remain acute for the foreseeable future.

Joining the chorus against China may be diplomatically risky for New Zealand and others, and China has already described the claims as “groundless and irresponsible”. But there is no doubt the problem is real.

The latest report from New Zealand’s Government Communications Security Bureau (GCSB) recorded 353 cyber security incidents in the 12 months to the middle of 2020, compared with 339 incidents in the previous year.

Given the focus is on potentially high-impact events targeting organisations of national significance, this is likely only a small proportion of the total. But the GCSB estimated state-sponsored attacks accounted for up to 30 percent of incidents recorded in 2019-20.

Since that report, more serious incidents have occurred, including attacks on the stock-exchange and Waikato hospital. The attacks are becoming more sophisticated and inflicting greater damage.

Globally, there are warnings that a major cyberattack could be as deadly as a weapon of mass destruction. The need to de-escalate is urgent.

Global solutions missing
New Zealand would be relatively well-prepared to cope with domestic incidents using criminal, privacy and even harmful digital communications laws. But most cybercrime originates overseas, and global solutions don’t really exist.

The government says it has uncovered evidence of Chinese state-sponsored cyber attacks in New Zealand.https://t.co/wB5Q8M4lwO

— RNZ (@radionz) July 19, 2021

In theory, the attacks can be divided into two types — those by criminals and those by foreign governments. In reality, the line between the two is blurred.

Dealing with foreign criminals is slightly easier than combating attacks by other governments, and Prime Minister Jacinda Ardern has recognised the need for a global effort to fight this kind of cybercrime.

To that end, the government recently announced New Zealand was joining the Council of Europe’s Convention on Cybercrime, a global regime signed by 66 countries based on shared basic legal standards, mutual assistance and extradition rules.

Unfortunately, some of the countries most often suspected of allowing international cybercrime to be committed from within their borders have not signed, meaning they are not bound by its obligations.

That includes Russia, China and North Korea. Along with several other countries not known for their tolerance of an open, free and secure internet, they are trying to create an alternative international cybercrime regime, now entering a drafting process through the United Nations.

‘Groundless, irresponsible’: China fires back at NZ after cyber attack accusation https://t.co/oGSOMtFdXT

— Newshub Politics (@NewshubPolitics) July 19, 2021

Cyberattacks as acts of war
Dealing with attacks by other governments (as opposed to criminals) is even harder.

Only broad principles exist, including that countries refrain from the threat or use of force against the territorial integrity or political independence of any state, and that they should behave in a friendly way towards one another. If one is attacked, it has an inherent right of self-defence.

Malicious state-sponsored cyber activity involving espionage, ransoms or breaches of privacy might qualify as unfriendly and in bad faith, but they are not acts of war.

However, cyberattacks directed by other governments could amount to acts of war if they cause death, serious injury or significant damage to the targeted state. Cyberattacks that meddle in foreign elections may, depending on their impact, dangerously undermine peace.

And yet, despite these extreme risks, there is no international convention governing state-based cyberattacks in the ways the Geneva Conventions cover the rules of warfare or arms control conventions limit weapons of mass destruction.

Drawing a red line on cybercrime … US President Joe Biden meets Russian President Vladimir Putin in Geneva in June. Image: The Conversation/GettyImages

Risks of retaliation
The latest condemnation of Chinese-linked cyberattacks notwithstanding, the problem is not going away.

At their recent meeting in Geneva, US President Joe Biden told his Russian counterpart, Vladimir Putin, the US would retaliate against any attacks on its critical infrastructure. A new US agency aimed at countering ransomware attacks would respond in “unseen and seen ways”, according to the administration.

Such responses would be legal under international law if there were no alternative means of resolution or reparation, and could be argued to be necessary and proportionate.

Also, the response can be unilateral or collective, meaning the US might call on its friends and allies to help. New Zealand has said it is open to the proposition that victim states can, in limited circumstances, request assistance from other states to apply proportionate countermeasures against someone acting in breach of international law.

A drift towards lawlessness
But only a month after Biden drew his red line with Putin, another massive ransomware attack crippled hundreds of service providers across 17 countries, including New Zealand schools and kindergartens.

The Russian-affiliated ransomware group REvil that was probably behind the attacks mysteriously disappeared from the internet a few weeks later.

Things are moving fast and none of it is very reassuring. In an interconnected world facing a growing threat from cyberattacks, we appear to be drifting away from order, stability and safety and towards the darkness of increasing lawlessness.

The coordinated condemnation of China by New Zealand and others has considerably upped the ante. All parties should now be seeking a rules-based international solution or the risk will only grow.

Dr Alexander Gillespie is professor of law, University of Waikato. This article is republished from The Conversation under a Creative Commons licence. Read the original article.

This content originally appeared on Asia Pacific Report and was authored by APR editor.

NZ cyber agency chief worried China hacks exploiting security weakness

APR editor — Tue, 20 Jul 2021 11:13:17 +0000

RNZ News

New Zealand’s cyber security agency believes China has been behind numerous hack attacks spanning years.

The government joined Western allies and Japan in calling out Beijing for so-called state-sponsored hacks, including a major incursion in February when Microsoft email servers were targeted.

The US has charged four Chinese nationals — three security officials and one contract hacker — with targeting dozens of companies and government agencies in the United States and overseas under the cover of a tech company.

“What we do is when we see malicious cyber activity on New Zealand networks, that may be through our own capabilities that we have to help protect New Zealand networks or it may be something that’s reported to us, we look at the malware that’s used,” Government Communications Security Bureau Director-General Andrew Hampton told RNZ Checkpoint.

“We look at how the actor behaves. We look at who they might be targeting and what they do if they get onto a network.

“That allows us to build a bit of a picture of who the actor is. We then compare that with information that we receive, often from our intelligence partners who are also observing such activity.

“That allows us to make an assessment, and it’s always a probability assessment about who the actor is.

The APT 40 group
“In this case, because of the amount of information we’ve been able to access both from our own capabilities and from our partners, we’ve got a reasonably high level of confidence that the actor who we’ve seen undertaking this campaign over a number of years, and in particular, who was responsible for the Microsoft Exchange compromise, was the APT 40 group — Advanced Persistent Threat Group 40 — which has been identified as associated with the Chinese Ministry of State Security.

The RNZ National live stream. Video: Checkpoint

“The actors here are state sponsored actors rather than what we would normally define as a criminal group. What we’re seeing here is a state sponsored actor likely to be motivated by a desire to steal information.”

Hampton said there was a blurring of lines between what a state agency does, and what a criminal group does.

“Some of the technical capabilities that previously only state organisations had, have now got into the hands of criminal groups.

“Also what we’ve seen in a range of countries is individuals who may work part-time in a government intelligence agency, and then may work part-time in a criminal enterprise. Or they may have previously worked in a state intelligence agency and are now out by themselves but still have links links back to the state.

“We don’t know the full detail of the nature of the relationship, but what we do know is the Ministry of State Security in China, for example, is a very large organisation with many thousands of of employees.

“So they are big organisations with people on their payroll but they also would have connections with other individuals and organisations.

Information shared with criminals
“Something else worth noting with regard to this most recent compromise involving the Microsoft Exchange, what we saw there is once the Ministry of State Security actors had identified the vulnerability and exploited it, they then shared that information with a range of other actors, including criminal groups, so they too could exploit it.

“This is obviously a real concern to see this type of behaviour occurring,” Hampton said.

All evidence showed the cyber attacks were all originating from mainland China, Hampton told Checkpoint.

He said such attacks would be aimed at stealing data or possibly positioning themselves on a system to be able to access information in the future.

“A common tactic we see, unfortunately, is there may be a vulnerability in a system,” Hampton said.

“It could be a generic vulnerability across all users of that particular system, and a malicious actor may become aware of that vulnerability, so they would use that to get onto the network.

“That doesn’t mean they will then start exfiltrating data from day one or something like that. They may just want to to sit there in the event that at some point in the future they may want to start doing that.

Malicious actors
“This exploitation of known vulnerabilities is a real concern. This is why all organisations need to keep their security patches up to date, because what can happen is you can have malicious actors use technology to scan whole countries to see who hasn’t updated their patches.

“They then use that vulnerability to get on the network and they may not do anything with it for some time. Or they might produce a list of all the organisations, say, in New Zealand who haven’t updated their patches.

“Then they make a decision – okay these are the four to five we want to further exploit.”

This article is republished under a community partnership agreement with RNZ.

This content originally appeared on Asia Pacific Report and was authored by APR editor.

UK online safety bill raises censorship concerns and questions on future of encryption

Madeline Earp/CPJ Consultant Technology Editor — Tue, 25 May 2021 15:21:59 +0000

The U.K. government emphasized press freedom this month when it published the draft online safety bill for social media companies, pledging that the bill would protect both “citizen journalism” and “recognized news publishers” from censorship. Vocal segments of the media not only welcomed the legislation, but actively campaigned for it. When Oliver Dowden, secretary of state for the government’s Digital, Culture, Media and Sport department, previewed the bill in the Telegraph newspaper, he credited the publication’s Duty of Care campaign for leading the charge on online safety.

Others in the media, along with free speech groups, have taken the opposite approach, saying the worst content, like child sexual abuse material, is already prohibited under other U.K. laws. By incentivizing platforms to manage other kinds of information, they say, the new bill consolidates a troubling global trend of states requiring platforms motivated by commercial interests – not the public’s – to decide what users share. London-based digital rights advocates at Global Partners Digital called it “the most comprehensive and demanding piece of online content regulation in the world.”

The draft is yet to undergo pre-legislative parliamentary scrutiny and its impact may not be evident for some time. Still, some experts told CPJ the bill’s exemptions for journalism would not be enough to mitigate the overall impact on digital speech. Worse, privacy groups say it could undermine end-to-end encryption, a safety feature for online communications that CPJ and others recommend for journalists and their sources.

“Once a presumption takes root that online speech is dangerous, that will inevitably spread beyond individual users’ posts to online communication generally, including the press,” Graham Smith, an internet law expert who has critiqued the concept of an online duty of care, told CPJ by email this month.

The bill seeks to protect people who use social media by introducing a “duty of care” for large platforms, meaning they should control harmful content or face penalties exacted by the government-appointed regulator, Ofcom. In addition to removing illegal content, the bill tasks the biggest platforms with vaguer responsibilities, requiring them to demonstrate that they are capable of protecting posts “of democratic importance” while managing others that are lawful but harmful, as the Guardian has noted. The draft defines “harmful” as something that risks having “a significant adverse physical or psychological impact” on someone with “ordinary sensibilities,” according to CPJ’s review. The bill’s scope appears to include direct messages via social media, and even video calling platforms like Zoom, according to news reports.

In 2018, the U.N. special rapporteur on freedom of expression said that tying heavy penalties to content regulation would chill freedom of expression, and the bill’s detractors object to the state requiring websites to manage information under threat of heavy penalties. Reuters reports that large platforms could face fines of up to £18 million (US$25 million) or be blocked in the U.K. if they fail to comply, while senior managers could face criminal action. CPJ has found that a similar framework in Turkey — modeled on a German law — is used to prevent news from circulating online, while stringent social media regulations passed secretly in Pakistan last year appear to have lifted the term “online harm” directly from the U.K. government’s 2019 white paper on the topic.

“A free press is at the heart of British democracy,” a DCMS spokesperson said in a statement provided to CPJ by email. “We have included strong and targeted protections in the Online Safety Bill to protect journalism and enhance free speech online.”

The spokesperson also indicated that the bill would prevent platforms from moderating journalistic or legal content arbitrarily by requiring them to enforce consistent public policies.

“We will not allow tech firms to censor content on a whim, the Bill’s focus is making sure they are accountable for removing illegal content, protecting children and keeping their promises to users,” the statement said. “Adults will not be prevented from accessing or posting legal content, and social media companies will have specific duties to safeguard people’s access to news publishers’ articles when shared on their sites.”

The bill exempts news publishers’ own websites, including comments, the industry-focused Press Gazette reported. Section 14 of the draft obliges platforms to protect journalism by offering an expedited appeal for takedowns if the person involved considers that the material was journalistic. Ofcom will issue codes of practice, which DCMS said by email would require the companies to publish assessments covering how they upheld free expression – a move towards transparency that observers like Global Partners Digital welcomed.

Yet questions remain about how these protections will work in practice, according to CPJ interviews.

“They’ve provided a definition of news-related material, but all that the act requires is that the platform consider the freedom of journalistic content when they make their [own] decision,” Lexie Kirkconnell-Kawana, head of regulation at IMPRESS, the U.K.’s independent self-regulatory body for smaller print titles, told CPJ in a video call. How platforms will interpret that isn’t clear yet, she said. “It might be years before we see what’s going on behind the curtain.”

“No one should be making a pre-judgement about whether journalistic content should be read by the public,” Peter Wright, the editor emeritus of DMG Media, which publishes The Daily Mail and other prominent UK newspapers, told CPJ. “It certainly shouldn’t be commercial organizations overseen by a state regulator.”

News publishers would have to be registered in the U.K. and operating under a code of standards to qualify for the protections, according to Richard Wingfield, head of legal at Global Partners Digital, who spoke with CPJ by phone.

“If I write my own code, will I be exempt?” Kirkconnell-Kawana wondered. “We don’t want to see bad faith actors meeting low thresholds under the guise of being a news provider.”

Wingfield, on the other hand, queried the extent of protections for citizen journalists. One of the bill’s requirements for protected content is that it be “generated for the purposes of journalism,” he said, but how that should be understood isn’t clear.

In response to CPJ’s emailed questions about Ofcom’s role in implementing the legislation and its independence from the government, Ofcom referred CPJ to an online statement citing its “extensive experience of tackling harmful content and supporting freedom of expression, through our role regulating TV and radio programs.”

“We won’t censor the web or social media,” or “be responsible for regulating or moderating individual pieces of online content,” the statement said.

Aside from the content moderation questions, the fact that the bill encompasses private messages means it could undermine digital privacy and anonymity, according to Heather Burns, policy manager at the U.K. campaigning organization Open Rights Group. The bill does not ban end-to-end encryption – which keeps anyone but the sender and recipient from reading a private message – or anonymous internet use, which Dowden has acknowledged in parliament “is very important for some people.” Yet it’s not clear how companies that can’t read direct messages will comply with requirements to control their contents.

“The government has adopted the tack that end-to-end encryption is an enabler of child abuse,” Burns said in a phone call shortly before the draft bill was published. Home Secretary Priti Patel was widely reported in April saying Facebook’s plans to extend end-to-end encryption from WhatsApp to all of its messaging products was jeopardizing efforts to combat child abuse. In a March report on child safety, the Centre for Social Justice, a think tank headed by former Home Secretary Savid Javid, advised Ofcom to retroactively sanction companies who introduced “high risk design features” such as end-to-end encryption before the online safety bill became law.

“Right now, we don’t know how to build scanning systems that work with [end-to-end encrypted] messengers, let alone build them in ways that aren’t subject to abuse,” Matthew Green, who teaches cryptography as an associate professor at Johns Hopkins University, told CPJ by email.

“The Home Secretary has been clear that industry must step-up to meet the evolving threat,”

a Home Office spokesperson said in a statement emailed to CPJ. “End-to-end encryption poses an unacceptable risk to user safety and society. It would prevent any access to messaging content and severely erode tech companies’ ability to tackle the most serious illegal content on their own platforms, including child abuse and terrorism.”

DCMS confirmed to CPJ by email that companies using end-to-end encryption were not exempt from the duty of care, and would have to demonstrate to Ofcom how they are managing risk to their users or face action.

“If journalists cannot send secure messages because the U.K. government assumes they’re trading child abuse images, that will put people’s lives at risk,” Burns, of Open Rights Group, told CPJ.

This content originally appeared on Committee to Protect Journalists and was authored by Madeline Earp/CPJ Consultant Technology Editor.

Reserve Bank investigates cyber attack – latest in NZ digital breaches

APR editor — Sun, 10 Jan 2021 23:28:21 +0000

The NZ Reserve Bank says it is investigating the breach, which may have exposed “commercially and personally sensitive information”. Image: Alexander Robertson/RNZ

By RNZ News

A cyber security expert says attacks like the latest on the Reserve Bank could be due to the type of data systems they are using.

The Reserve Bank revealed yesterday a third party file sharing service it uses, which contains some sensitive information, had been hacked.

It is the latest after a string of cyber attacks in the past year targeting several major organisations in New Zealand, including the NZ Stock Exchange – which had its servers knocked out of public view for nearly a week in August.

Titanium Defence cyber security expert Tony Grasso, who was the cyber lead at the Department of Internal Affairs, told Morning Report file sharing systems could weaken security.

Grasso said there were still lots of questions about the breach to be answered.

“The question that will be on my mind, and I’m sure this will be what they’re looking at is, who got in, how did they get in, and more importantly, what information has been taken from this file share, but more interestingly than that, have they got from the file share onto the bank systems internally?”

However, he said it would be hard to say who could be behind the breach at this stage.

Foreign intelligence agency?
“You have to always keep in mind it may be a foreign intelligence national agency whenever something as big as the Reserve Bank … any government department within reason, you always have to have that at the back of your mind,” he said.

“It would be interesting to find out how they were caught. Our detection systems here are good, if it’s one of those systems that have come from another government agency, a more sensitive government agency, that may indicate it was a foreign actor, or these days criminal gangs are getting together and they’ve become an industry on their own and are really good at getting into organisations.

“Imagine the ransom you could put on the Reserve Bank if you encrypted all their data, for example.”

Grasso hoped for a more detailed report from the Reserve Bank on who it could be.

“The Americans are very good at saying ‘it was definitely a foreign government’ and they normally name them as well. It would be good to know if it was that, if it was a criminal organisation or if was it a just a lone wolf – we have loads of these in our industry.”

The Reserve Bank said sensitive information “may” have been breached.

The type of information exposed would depend on who the third party was, Grass said.

Third party may be IT provider
“A third party could be just an IT provider and they’re just sharing architecture documents, that would be bad of course. But it could be information around covid for example.

“If they were working with external agencies about the recovery of the company from covid … it could be papers around how we’re planning for our recovery, I mean who knows.

“I would hope that sensitive stuff like that isn’t held in a third party file server, I’m fairly sure it wouldn’t be.”

He said even if its own systems were very secure, having a third party who was insecure connecting to the systems could bring a threat.

Yesterday, Reserve Bank Governor Adrian Orr said they were investigating the breach with experts and authorities.

“The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information.

“It will take time to understand the full implications of this breach, and we are working with system users whose information may have been accessed. Our core functions remain sound and operational.”

The Reserve Bank declined a request for an interview with Morning Report.

This article is republished under a community partnership agreement with RNZ.

Manila court upholds Ressa cyber libel conviction, cites new 15-year period

Pacific Media Watch — Mon, 27 Jul 2020 03:56:00 +0000

Rappler chief executive Maria Ressa … next option would be to file an appeal with the Court of Appeals. Image: Rappler

By Lian Buan in Manila

Manila Judge Rainelda Estacio-Montesa has denied the motion for partial reconsideration filed by Rappler journalists, and upheld the cyber libel conviction of Rappler CEO and executive editor Maria Ressa and former researcher-writer Reynaldo Santos Jr.

“In view of the foregoing, the Motion for Partial Reconsideration filed by Accused Reynaldo Santos Jr and Maria Angelita Ressa is denied for lack of merit,” Montesa said in an order signed on Friday.

The next option for Ressa and Santos would be to file an appeal with the Court of Appeals.

In denying the motion of Ressa and Santos, Montesa for the first time cited a Supreme Court First Division ruling from 2018, which says that cyber libel prescribes not 12 years, but 15 years – an even longer period.

The prescription period is one of the most legally contested issues in the Ressa cyber libel case. Former Supreme Court senior associate justice Antonio Carpio maintains that the prescription period is one year.

The disputed Rappler article was published May 2012, which means complainant Wilfredo Keng had the right to sue only until May 2013 if the one year prescription was followed. Keng filed the complaint only in October 2017.

Montesa found an “unpublished resolution of Tolentino v People,” which is a First Division ruling from the Supreme Court dated August 6, 2018.

Judge’s justification
Montesa quoted the resolution to justify her ruling that cyber libel does not prescribe in one year.

Although Montesa previously upheld the Department of Justice (DOJ) theory that cyber libel prescribes in 12 years, she is now citing the Tolentino resolution which says: “Following Article 90 of the Revised Penal Code, the crime of libel in relation to RA 10175 now prescribes in 15 years.”

“Thus, the Court cannot apply the 1-year prescriptive period provided for under the Revised Penal Code as claimed by the defense,” Montesa said.

Montesa’s earlier ruling on prescription period, and Tolentino vs People, have A different legal basis.

Under the Revised Penal Code (RPC), libel prescribes one year. The Cybercrime Law did not explicitly provide a prescription period for cyber libel.

This lack of a textual basis gave DOJ, and later on Montesa, an opening to cite the pre-war Act 3326 which lays down prescriptive periods for special laws.

The Cybercrime Law imposed penalties one degree higher for offenses under it. So from an original penalty of up to 6 years, cyber libel was now imposed a penalty of up to 12 years. Under the archaic Act 3326, that kind of crime prescribes in 12 years, in the DOJ’s and Montesa’s view.

Prescription of crimes
The Tolentino ruling, however, was based on Article 90 of the RPC which lays out prescription of crimes.

The First Division ruling said: “The new penalty (of cyber libel), therefore, becomes afflictive, following Section 25 6of the RPC… following Article 90 7of the RPC, the crime of libel in relation to RA 10175 now prescribes in fifteen (15) years.”

The 2nd paragraph of Article 90 says: “Crimes punishable by other afflictive penalties shall prescribe in fifteen years.”
Article 90

In his earlier column in the Philippine Daily Inquirer, retired justice Carpio pointed out that Article 90 “is classified into two,” and that the 2nd classification still makes cyber libel’s prescription one year.

“Those based on the length or nature of the penalty, and those based on the crime itself regardless of the length or nature of the penalty. Under the first classification are, among others, crimes punishable by correctional penalty which prescribe in 10 years. Under the second classification are, among others, ‘libel and similar offenses’ which prescribe in one year,” Carpio wrote.

Indeed, the 4th and 5th paragraphs of Article 90 said: “The crime of libel or other similar offenses shall prescribe in one year. The crime of oral defamation and slander by deed shall prescribe in six months.”

Cyber libel ‘not new crime’
In declaring the Cybercrime Law constitutional in 2014, the Supreme Court ruled in Disini vs Secretary of Justice that “cyber libel is actually not a new crime” from the RPC libel.

Thus, Carpio noted, “In such a case, the prescriptive period for cyber libel is governed by the RPC which prescribes its own prescriptive periods. Under Article 90 of the RPC, the crime of libel and other similar offenses shall prescribe in one year.”

“The Tolentino citation was unnecessary because, under Disini, there is a specific prescriptive period and that is Art. 90. We will address that on appeal,” said Ressa and Santos’ lawyer, former Supreme Court spokesperson Ted Te.

Ressa faces 5 other criminal cases related to tax, and 3 criminal complaints, including another cyber libel complaint filed by Keng.

RSF brands Maria Ressa’s conviction as ‘masquerade’ amid global criticism

Pacific Media Watch — Tue, 16 Jun 2020 13:45:15 +0000

Pacific Media Watch

Reporters Without Borders (RSF) has condemned the up to six years in jail sentence that Philippine journalist Maria Ressa faces on a criminal libel charge in a “shocking judicial masquerade” in Manila yesterday.

It called on the country’s justice system to recover a “semblance of credibility” by overturning her conviction on appeal, RSF said in a statement as global media freedom and human rights watchdogs protested over the verdict.

A Manila regional court convicted Maria Ressa, co-founder and director of the independent news website Rappler, over an article published in 2012 that was the subject of a complaint by a businessman.

But the case was brought under a cyber crime law that took effect after the article’s publication. Rappler‘s former researcher-writer Reynaldo Santos Jr received the same sentence.

Both were allowed to post bail, pending an appeal.

– Partner –

As no criminal legislation can be retroactive, the National Bureau of Investigation dismissed the case in February 2018. But President Rodrigo Duterte’s Department of Justice decided otherwise.

‘Continuous publication’
It revived the case in February 2019 on the grounds that a supposed principle of “continuous publication” could be applied to websites.

“By passing this extremely harsh sentence at the end of utterly Kafkaesque proceedings, the Philippine justice system has demonstrated a complete lack of independence from the executive,” said Daniel Bastard, the head of RSF’s Asia-Pacific desk.

“This sentence bears the malevolent mark of President Duterte and his desire, by targeting Rappler and the figure of Maria Ressa, to eliminate all criticism whatever the cost.

“We urge Manila’s judges to restore a semblance of credibility to the Philippine judicial system by overturning this conviction on appeal.”

🇵🇭 @rapplerdotcom‘s @mariaressa could get six years in jail! By passing this harsh sentence after utterly Kafkaesque proceedings, the #Philippines‘ justice system has demonstrated a complete lack of independence from from pdt #Duterte‘s administration. https://t.co/RSK6RARyfM

— RSF (@RSF_inter) June 15, 2020

Systematic harassment
This conviction of Ressa and Rappler is the latest chapter in the systematic judicial harassment to which they have been subjected by various government agencies for more than two years.

Either directly or through Ressa, the website is facing 10 other similar complaints, each as baseless as the other, with the aim of intimidating its journalists.

“What with denying its reporters access to the presidential palace, threatening to withdraw its licence and accusing it of tax evasion, the authorities have stopped at nothing to harass Rappler, even arbitrarily detaining Ressa overnight in February 2019,” said Bastard.

ABS-CBN, the biggest Philippine broadcast network and one of the few other media outlets to dare criticise the government, had its franchise withdrawn last month.

Its radio stations and TV channels all stopped broadcasting on May 5 at the behest of the Justice Department and National Telecommunications Commission.

The country’s authoritarian president had warned the network’s executives last December: “If you expect that [the franchise] will be renewed, I’m sorry. I will see to it that you’re out.”

After falling seven places since 2017, the Philippines is ranked 136th out of 180 countries and territories in RSF’s 2020 World Press Freedom Index.

‘Damaging precedent’
In Brisbane, Professor Peter Greste, director and spokesperson of the Alliance for Journalists’ Freedom and UNESCO chair of journalism and communication at the University of Queensland, said the verdict set “an extraordinarily damaging precedent” for Asia-Pacific and global press freedom.

“To suggest there was no political pressure in this case would be incredibly naïve. The Philippine government has made it abundantly clear that they don’t think Maria should be free. The judge will have been acutely aware of this pressure.

“As a former political prisoner myself, I am deeply concerned about Maria and her former colleague, researcher-writer Reynaldo Santos Jr. who was also convicted in this case. More broadly though, I am concerned about what this means for the people of the Philippines.

“They might not all read Maria’s website, Rappler.com, but they all benefit from a free press that is able to question and challenge those in power. This judgment strikes a blow for every independent journalist in the country, chilling the kind of enquiry that makes democracy work.

“But this is not just about the Philippines. The human rights group, Freedom House, has charted a decline in democracy across the Asian region, and this conviction accelerates that trend.

“The AJF urges democratic governments – including Australia’s – to respond swiftly and decisively. This is a test case for the world’s resolve in standing up to authoritarianism by supporting press freedom.”

Maria Ressa found guilty in blow to Philippines’ press freedom #cyberlibel #mediafreedom @pacmedcentre @cnnphilippines @rapplerdotcom @mongster @dannyarao https://t.co/P6h8lNvEYr pic.twitter.com/FL75VyrdOy

— David Robie (@DavidRobie) June 15, 2020

‘Another nail in coffin’
In Auckland, Professor David Robie, director of the Pacific Media Centre, said the conviction of Rappler’s Maria Ressa and Raynaldo Santos Jr “drives another nail into the coffin of a free press and democracy” in the Philippines.

“It is also a chilling cautionary tale for the Asia-Pacific region and especially for those Pacific countries, such as Papua New Guinea and Fiji, that have imposed draconian cyber crime and social media laws that are really designed to stifle free expression and a free media.

“Fiji is currently deploying its social media law in a blatant attempt to muzzle its democratic opposition and intimidate the media. The behaviour of the state and security forces frequently display the typical characteristics of a virtual dictatorship.”

The Pacific Media Centre’s Pacific Media Watch freedom project collaborates with the Paris-based Reporters Without Borders.