The modern world is undergoing a continuous transformation in this digital age, which has profoundly influenced and changed socio-cultural, economic, political, and security dynamics as we know them. The emergent virtual world, with its widespread interconnected global digital technology and rapid communication systems, has resulted in the evolution of what we know as cyberspace. However, with the advent of cyberspace, a host of problems have also arisen, which ultimately affect the rights and responsibilities of users. Pakistan, like many other nations, is also struggling to cope with regulating cyberspace and preventing cybercrimes as many become victims of such malicious activities.

With the increasing use of cyberspace in both the private and public spheres, social and work-related interactions, cyberspace violations have become a growing menace in most societies. Cybercrimes are committed against individuals or groups of individuals with a criminal intent to harm the reputation of the victim or cause him/her physical or mental harm. Cybercrime offences commonly involve hacking, identity theft, cyberbullying, cyberstalking, spoofing, financial fraud, digital piracy, computer viruses and worms, malicious software, intellectual property rights, money laundering, denial of service attacks, electronic terrorism, vandalism, and child pornography. As cybercrimes and cyber-attacks rise, technical and legislative measures have been undertaken worldwide to ensure cybersecurity and protect the privacy of bona fide users.

Pakistan has promulgated different laws to tackle cybercrimes and cybersecurity issues. Until recently, the primary cybersecurity laws were the Electronic Transaction Ordinance, 2002 (ETO) and the Prevention of Electronic Crimes Ordinance, 2007 (PECO). ETO 2002 was the first IT relevant legislation enacted and aimed to provide protection in e-commerce dealings domestically and internationally. Prior to this law, there was no recognition of electronic documentation, electronic records, or electronic forensic evidence. Local systems failed to authenticate digital signatures while there was virtually no online transaction system available for users. All of this changed with the introduction of ETO 2002, after which electronic documentation, records, and digital signatures were all recognised.

Thereafter, the PECO 2007 came into force, criminalising cyber-offences, including cyber terrorism, data damage, electronic fraud and forgery, cyber-stalking, and spamming. Further, the law gave exclusive powers to the Federal Investigation Agency (FIA) to investigate and convict for the commission of aforesaid offences. Currently, the main law in force for addressing cybersecurity concerns and offences is the Prevention of Electronic Crimes Act, 2016 (PECA). PECA was promulgated to prevent and detect offences relating to the cyber world, providing a comprehensive framework for various types of cybercrimes in the country.

The primary intent behind the Act and previous legislations is to deter the misuse of cyberspace and criminalise and penalise cybercrimes. The penalties begin at 3 months imprisonment or a fine of Rs. 50,000 or both for offences like criminal data access, and increase according to the nature and seriousness of the offence committed. For instance, unauthorised access to critical infrastructure data is punishable with 3-year imprisonment or a fine of Rs. 1 million or both, while unauthorised copying or transmission of the same carries an imprisonment term of 5 years or fine of Rs. 5 million or both. The more serious offence of cyber terrorism carries an imprisonment term of 14 years or a fine of Rs. 50 million or both.

In pursuance of PECA, detailed rules and regulations have been devised to lay out procedures for the proper functioning of the FIA established thereunder. FIA has dedicated Cyber Crime Wings, which include an investigation and forensic section. FIA has also established cybercrime help desks, cybercrime reporting centres, and complaint management units at its cyber-headquarters and all cybercrime reporting centres for the ease and access of complainants. Such centres aim to digitalise registration and expedite the processing of cybercrime complaints.

Recently, the Federal Government issued the National Cyber Security Policy 2021, under which a national cybersecurity response framework will be created. For ensuring proper implementation of the policy, a Cyber Governance Policy Committee has been formed. The policy will introduce strict action against cyber-attacks targeting any state institution, terming it as an “act of aggression against national sovereignty”. Further, the Committee and resulting policy will focus on countering different types of incidents that involve misuse of information and other related communication technologies that could put financial matters in disarray. Under the formulated policy, the Cybercrime Wing of the FIA has been tasked to introduce a Cyber Patrolling Unit to monitor information circulating online.

Nevertheless, in spite of the enactment of legislations and initiatives having been undertaken for addressing cybersecurity concerns, Pakistan needs to take further practical steps for protecting its cyberspace and the cybersecurity of its citizens. This is particularly in light of recent events when Pakistan has faced multiple serious cyber-attacks on important institutional websites and hackers have been able to successfully penetrate the cyberspace of important installations. Now, more than ever, it is time to generate debate at the highest levels, invest in robust security measures and mechanisms, all the while ensuring the strictest regulation and effective implementation to protect sensitive data of the citizens and critical national infrastructure of the country.

• Author
• Recent Posts

Ramsha Noshab

Latest posts by Ramsha Noshab (see all)

• Trilateral Regional Partnership on the Horizon? - March 3, 2022
• What Are Pakistan’s Cybersecurity Laws? - January 24, 2022
• Should the State Bank be autonomous? - January 19, 2022