The Unwilling Gatekeepers Of The Internet – Internet Service Providers And The Prevention Of Electronic Crimes Act 2016

The Unwilling Gatekeepers Of The Internet – Internet Service Providers And The Prevention Of Electronic Crimes Act 2016

What is Intermediary Liability?

From service providers that transmit technical access to the internet, to interactive online services that provide the essentials like email and search, we are inextricably connected to internet intermediaries we generally refer to as Internet Service Providers (ISPs). We would not be able to experience the internet the way we do without these intermediaries. As intermediaries between the web and the internet user, they host and run key platforms that are transforming everything from our communication, to commerce, and social and political participation in the online and real world. However, the relationship goes both ways. While they provide access, intermediaries can also be held responsible for how we use the internet.

“Intermediary liability” arises where a government holds intermediaries responsible for content or actions deemed “unlawful” or “infringing” by a given law. From hate speech on Twitter to copyright-infringing material on Google, there is no dearth of illegal content that only intermediaries have the power to remove. However, intermediaries cannot be burdened with a lawsuit every time someone is offended by a comment on someone’s blog, or is forced to remove search results from the billions made available every day, which also will inevitably include links to copyright infringing material.

In order to balance the rights and responsibilities of intermediaries, they are provided with certain immunities in the law in various jurisdictions around the world. However, the trend amongst legislators and policymakers across governments around the world has instead been to burden these intermediaries with not only punishing their users for “unlawful” content but also actively policing and monitoring them.

If intermediaries are forced to control and carry out surveillance, they would invest fewer resources and effort in creating new services and platforms where people interact and engage. As e-commerce and social media engagement grow in Pakistan, so do information sharing and user-generated content. Without protection from liability and a constant threat of liability and government orders looming over them, individuals and companies would be hesitant to develop new products and services that offer platforms for user-generated content.

Online content is diverse and intermediaries cannot be expected to expend all their resources in monitoring users, and then also being held criminally or financially liable for every individual’s expression. Since the internet is a vast and complex network with millions of users, internet intermediaries cannot be expected to keep track of every activity. It is burdensome and stifles the open expression and development of online activity.

Intermediary Liability in Pakistan

The law should ideally aim to balance the rights and responsibilities of individuals and intermediaries. However, the law pertaining to the internet, as stipulated in Pakistan’s Prevention of Electronic Crimes Act 2016, lacks clarity about liabilities and limitations of ISPs. This is obvious from the definitions and the provisions for immunity for intermediaries.

ISPs are understood to include entities that offer technical access, as well as providers of online services, and the law should ideally delineate these differences and also distinguish between the two based on their functions. However, the PECA does not provide a clear definition of what an ISP is, and neither does it distinguish between technical access and interactive online service. The result is confusion about what an ISP is, to whom obligations in the PECA apply, and whether ordinary functions of an intermediary can be used to subject it to legal action. By contrast, the US Digital Millennium Copyright Act (DMCA) section 512(k)(1) stipulates clear definitions for the two, which makes it easier to determine to whom the law applies,[1] which should be a minimal requirement of any applicable law.

Due in part to the unclear definition of an ISP, the PECA also ignores the technical realities of how ISPs work. For example, the definition of “service provider” in the PECA includes a person that “processes” electronic communication. Copyright infringement often occurs when a person makes illegal copies of a copyrighted work.  When an ISP is transmitting electronic communication, it inevitably makes temporary copies on its system in order to allow for the transmission of that information. Therefore, an ISP generally cannot be held liable for copyright infringement for a process that is automatic (system caching)[2]. The definition in the PECA does not account for automatic, regular functions, and includes “processes” within the definition of an ISP. This means that the PECA could effectively impose liability for the functions mentioned in the definition, as would be applicable in a case of copyright infringement, thereby implicating the ordinary technical functions of an ISP.

Comparatively, the US Communication and Decency Act (CDA) Section 230[3] stipulates a clear limitation of liability. It is clear about which entities it applies to i.e. “interactive computer services” (interactive computer services are understood to include all online services which allow third party users to generate content, e.g. a journalist posts an investigative report on YouTube: the journalist is the third party and YouTube is the interactive computer service), and it limits the liability of these services by not considering them as “publishers” of content provided by other “information content providers” i.e. third parties and users of their services.

As a consequence, CDA 230 has allowed individual expression and collaboration to flourish on the internet, as it prevents service providers being held liable for online content and speech contributed by third party users. This allows online platforms to build and provide a space for open communication and transactions. It also makes sure that a minority of users who may be misusing the platforms don’t take away the ability to use them from the majority.

In addition to definitional clarity about the applicability of a law, provisions for immunity for intermediaries allows networks and services to flourish without the burden of being responsible for third-party content. However, the equivalent of an immunity clause granted in PECA conveys no such intent. Immunity is conditional upon lack of “knowledge” and “willful intent”, standards which could have a wide range of meanings inconsistent with the reality of how service providers and the internet function.

In addition to this standard being vague, with the potential to encroach on ordinary online activity, it diverts the resources of online businesses and services from hosting platforms, providing means to buy and sell, and creating and uploading beneficial content, and instead monitoring what others do, recording it without informing anyone, and be open to legal risks of innumerous lawsuits and legal notices every time infringing or illegal content – or in the case of PECA[4] anything the authorities consider “unlawful” regardless of a legal determination – shows up on their website.

There is no doubt that the law needs to have important exceptions for civil and criminal acts, however the PECA overreaches into the normal functions of the internet and intermediaries, which can result in an overbroad suppression of online behavior. High legal risks and burdensome obligations mean intermediaries can offer fewer low cost online services. Pakistani innovators and content creators will also be discouraged from creating technology which would allow a free flow of information, exchange of ideas, and promote access to knowledge. Both Pakistani and foreign online services will be hesitant to promote services in Pakistan if the law is unclear and unconducive to the vibrant market that the internet is becoming in the rest of the world. Clarifying legal liabilities and immunities would be the first step to promote the economic and creative activity so crucial for the growth of technology in this age.



[1] Digital Millenium Copyright Act Section 512 (k) Definitions.—
(1)Service provider.—
(A) As used in subsection (a), the term “service provider” means an entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user’s choosing, without modification to the content of the material as sent or received.
(B) As used in this section, other than subsection (a), the term “service provider” means a provider of online services or network access, or the operator of facilities therefor, and includes an entity described in subparagraph (A).
Available at

[2] See; see also DMCA Section 202 limits liability for automatic processes,


[4] Pakistan Electronic Crimes Act 2016, Section 34


The views expressed in this article are those of the author and do not necessarily represent the views of or any other organization with which she might be associated.

Mehtab Khan

Author: Mehtab Khan

The writer is an IP and technology lawyer and a research fellow at Courting The Law. She holds a B.A-LL.B degree from LUMS and LL.M from UC Berkeley School of Law.