On the morning of the 31stof May 2012, Nepali Supreme Court judge Rana Bahadur Bam left the Bagalamukhi temple in the centre of Nepal’s capital, Kathmandu. At 11.08am, gunmen on a motorbike blocked his path and opened fire. Judge Bam was shot multiple times. He was immediately rushed to a hospital nearby where he was pronounced dead.
Law enforcement, as part of their investigation into the high-profile murder, collected over 500,000 call detail records (CDR) and 300,000 SMSs from telecommunications operators. These records were generated in the area surrounding the Supreme Court of Nepal and were expected to help identify and trace the steps of the gunmen. However, they were also used to achieve other ends. The Kantipur Daily newspaper reported that the records had been obtained without following any proper legal procedure. It also reported that the contents of these mobile records were being used by certain members of law enforcement for blackmail and extortion.
Babu Ram Aryal, a prominent cybercrime and communications lawyer, read the story in the news. His office was a 15-minute walk from the supreme court, which meant his communications were likely to have been obtained by law enforcement as well. Aryal set a series of wheels in motion.
There was no current legal procedure for obtaining CDR and SMS data for law enforcement, and this seemed a beautiful policy window to call for one. But Aryal didn’t simply call for one. Instead, he filed a public interest litigation suit (PIL) against the government of Nepal. His call was to destroy all communications that were collected by law enforcement agencies without following proper judicial process. As part of the PIL suit, Aryal advanced recommendations for the implementation of a secure legal procedure for law enforcement to obtain personal communications in the future.
Four years later in 2016, Nepal’s Supreme Court passed a landmark judgement in Nepal’s history of cyber security. The judgement recognised that the collection of call detail records and SMSs by law enforcement in the wake of Judge Bam’s death violated the fundamental right to privacy of Nepal’s citizens. The government was compelled to amend the relevant legal provisions in keeping with most of the recommendations advanced in Aryal’s PIL suit. This meant that before Nepali law enforcement takes steps to obtain records of personal communications, they must first seek judicial permission from a district court.
It was a case of ‘Babu Ram Aryal et al. V. The Government of Nepal et al.’ and Babu Ram Aryal et al. had won. To say it was a great achievement for Aryal is an understatement.
“The contention was considered the legal principle in the judgement. That is my happiness,” Aryal says.
The win placed him in a prime place to influence further cyber policy in Nepal.
Aryal finds himself at the heart of a wide network of individuals, organisations and coalitions in the media, in law, and in government. As a lawyer, Aryal engaged in bar politics and conducted voluntary capacity building programmes in cybercrime and through this maintained his connections in the legal field. During his early years as a journalist, he developed personal relationships not only in the media but at ministries and government offices. Because of these relationships with the government, he has been asked throughout his career to provide research briefs to government officials. He also encourages the organising boards of conferences to invite members of parliament to discussions on cybercrime and data protection.
From the time the PIL suit was filed in 2012 to the verdict in 2016, Aryal kept his networks constantly updated and engaged in the process through publication in the media. In building and maintaining these relationships both with the media, law and government, Aryal has established himself as a credible and respected voice in cybercrime and data protection. This is again demonstrated in the proceedings of the proposed Information Technology bill in Nepal.
The Information Technology bill, if implemented, will see changes to everything from social media use to surveillance and e-commerce. However, the proposed bill is controversial as its broad nature and vague language leaves room for authorities to curb freedom of speech online.
Aryal distributed research briefs and analysis about the proposed draft bill to members of Parliament who were part of his informal networks of friends and colleagues. The brief also provided possible amendments to the proposed bill. The parliamentarians then used this analysis to understand the controversial aspects of the bill and submitted their own amendments to the bill based on their understanding of Aryal’s proposed amendments to the bill. He credits this method of communicating research to policy makers to CPRsouth, which he describes as a turning point in the way he learnt to communicate with the government.
He says, “Whatever policy research you may have, if you cannot communicate your research effectively, it may be useless.”
For CPRsouth scholars, policy reform is the ultimate objective. A crucial component of doing this is building networks from which one can draw from. Aryal’s story is a testament to building these networks and in using them to establish himself as a credible voice in his field. In doing so he has created nation-wide change in Nepal’s ICT policies.