The Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. It originally appears each week on Global Voices Advocacy. Ellery Roberts Biddle, Weiping Li, Hae-in Lim, and Sarah Myers West contributed to this report.

A wave of new cybercrime legislation is passing over the globe this April. Newly minted laws in Egypt, Pakistan, and Tanzania aim to curb a wide variety of online crimes—but they introduce just as many, if not more, risks for the fundamental rights of Internet users.

In Pakistan the Prevention of Electronic Crimes bill soon to be tabled at the National Assembly would dramatically broaden the definition of cybercrime. It would criminalize political criticism and expression online and allow authorities to block any information system (websites included) if deemed necessary to “the interest of glory of the religion, security or defence of Pakistan, friendly relations with foreign states, public order and decency or morality.” The law also sets new data retention requirements for online service providers and provides new capabilities for government agencies to obtain and share user data with other governments, including the United States.

In a biting analysis of the bill’s flaws, Pakistan’s Express Tribune argued that it “threatens almost every internet actor rather than protecting them from cybercrimes.” Nongovernmental organizations—including Human Rights Watch, Article 19, Digital Rights Foundation Pakistan, and Bolo Bhi—issued a statement expressing deep concern about the proposed legislation, and they are circulating an online petition asking legislators to seek public input before voting.

Egypt’s government approved a cybercrime draft law that would codify many of the surveillance and Internet-related “security” practices that have become routine within the current government. According to news site Alaraby, the law would make blasphemy and electronic crimes committed for the purpose of disturbing public order, endangering the safety and security of society, or damaging national unity and social peace punishable with lifetime prison sentences. The bill is currently awaiting executive approval.

Meanwhile, in Southern Africa, Tanzania’s Parliament passed a similarly broad cybercrime law on April 1 that outlaws the publication of “misleading, deceptive or false information,” grants police broad search and seizure powers, and criminalizes the sending of information “without prior solicitation” by electronic means. Activists say the bill was rushed through Parliament and gives too much power to authorities without any meaningful oversight.

Blind faith: China outlaws politically controversial avatars
Screen names and profile pictures are the latest targets of Chinese Internet restrictions. New restrictions criminalize the use of avatars or online identities that “violate existing laws, post a national security threat or destroy ethnic unity.” A few days before the regulations went into effect, more than 60,000 user accounts were purged from social media platforms, followed by over 7,000 more in the days following implementation of the rules. Strange as it may sound, the rule speaks to the strong tradition among Chinese netizens of using their online identities and profile images to express political opinions. Last fall, for example, many netizens changed their profile images to an umbrella icon, in an expression of solidarity with pro-democracy demonstrations in Hong Kong. For now, it looks like those umbrellas will have to go into hiding.

Indian companies snub Facebook on net neutrality grounds
Indian technology and Internet companies are pulling out of Facebook’s Internet.org initiative. They argue that it threatens the principle of net neutrality, as it only offers users access to certain websites, rather than the Internet at large. Internet.org self-identifies as a project that seeks to narrow the global digital divide by giving “the unconnected majority of the world the power to connect.” When the organization says “connect,” it doesn’t exactly mean “connect to the Internet.” In exchange for absorbing the costs associated with supporting Internet traffic, Facebook partners with telecommunications companies to provide smartphone users with access to a small set of job, health care, news, and education sites, along with Facebook. The company faced similar criticisms from civil society groups throughout Latin America following founder Mark Zuckerberg’s appearance at the Summit of the Americas.

Mass surveillance is elephant in the Hague
Last week in the Hague, government, private sector, and civil society representatives gathered for the Global Conference on Cyberspace. Despite many conversations about privacy rights, both on stage and in the halls, final outcome documents from the event carried only scant references to the human rights implications of mass surveillance. This came as no surprise to digital rights advocates at the event, several of whom erected a life-size blow-up elephant nearby, a literal representation of the “elephant in the room.”

We see London, we see France. But can we see Google’s algorithm?
Google continues to grapple with formal accusations by the European Union that the search engine has abused its dominance in Web searches, specifically by boosting its own products in its Google Shopping service. The upper house of France’s parliament has taken Europe’s challenge to Google a step further by supporting a draft economy bill that would require Google to reveal the inner workings of its ranking algorithms, a shift that could bring more transparency to the process.

Open-code site Github received somewhere between 0 and 249 national security requests last year
In its first transparency report, Github indicated that it received 10 subpoenas for user information affecting 40 accounts. It also received between 0 and 249 national security letter requests impacting 0–249 accounts. These ridiculously vague figures reflect Github’s compliance with the U.S. government-imposed gag order on national security letters and indicate that it received at least one request for user information based on a national security letter or order from the U.S. Foreign Intelligence Surveillance Court.

New Research

• “APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation: How a Cyber Threat Group Exploited Governments and Commercial Entities Across Southeast Asia and India for over a Decade”—FireEye
• “Baidu, Vietnam, and the Bordered World of Chinese Internet Companies”—Internet Policy Observatory