Cybersecurity through laws in Pakistan -Express Tribune

Spread the word

The industrial revolution that began in 1760 continued until 1820 and finally culminated in 1840 not only transformed the economy but the entire society. It gave birth to new disciplines, new technologies, reforms and laws. With the advancement in technology, in the field of communication, in the form of transmissions through telegraphs and phones, new challenges to protect vital information have also emerged, which has necessitated laws to protect such privy information.

Today, the world is continuously transforming because of the information and communication revolution. It has had a profound impact on the social, cultural, political, economic, security and military dimensions of human life. The current, rapid communication and information systems have brought the world together with the concept of a “Global Citizen” which entails living in the virtual world known as cyberspace.

However, cyberspace has also developed problems and offences that affect the rights of users in all spheres of life. There are continuous violations because individuals and companies interact for social and economic purposes. In this context, offences under cybercrimes are committed against individuals or groups of individuals with a criminal motive or intention to harm the reputation of the victim or cause physical or mental harm to the victim. The more usual offences include hacking, identity theft, cyberbullying, cyberstalking, spoofing, financial fraud, digital piracy, computer viruses and worms, malicious software, intellectual property rights, money laundering, denial of service attacks, electronic terrorism, vandalism, and child pornography. With this growing menace attacking the cyber world, technical and legislative measures have been undertaken to provide security to the bonafide users worldwide.

The Pakistani government gave a go-ahead to a National Cyber Security Policy 2021, under which a national cybersecurity response framework will be created. To ensure proper implementation of the policy, a Cyber Governance Policy Committee has been formed. The policy is set to introduce strict action against cyber-attacks targeting any state institution, terming it as an “act of aggression against national sovereignty”. It will also focus on countering the different types of incidents that involve misuse of the information and other related communication technologies that could put financial matters in disarray. Under the said policy, the Cybercrime Wing of the Federal Investigation Agency (FIA) has been tasked to introduce a Cyber Patrolling Unit (CPU) to keep a check on what is trending on the internet.

Until recently the security laws in Pakistan in this context have been Electronic Transaction Ordinance (ETO) 2002, Electronic/Cyber Crime Bill 2007, Electronic Transaction Ordinance (ETO) 2002.

At present, the main law for cybersecurity in the country is Prevention of Electronic Crime Act (PECA) meant to prevent and detect offences relating to the cyber world. PECA was introduced in 2016. It provides a comprehensive framework for various types of cybercrimes in Pakistan which, in sync with the Cyber Crime Bill 2007, deals with internet crimes in the country, such as illegal access to data (through hacking), Denial of Service Attacks (DOS Attack), electronic forgery and electronic fraud, and cyberterrorism.

The main intent and purpose behind the enactment of the Act are to create deterrence against the misuse of cyberspace and to criminalise and punish certain acts and offences. The penalties awarded on proof of offence are: up to three years of imprisonment, Rs1 million fine, or both for accessing critical information systems without authorisation; up to seven years of imprisonment, Rs10 million fine or both for disruption of critical information systems with dishonest or fraudulent intentions; up to seven years of imprisonment, Rs10 million fine or both for involvement in offence related to terrorism; up to six months of imprisonment, Rs50 thousand fine or both for importing, exporting or supplying an electronic device for offensive use; and up to three years of imprisonment, Rs5 million fine or both for involvement in a data breach.

In pursuance of the Act, detailed rules now provide procedures for the proper functioning of the investigative agency designated therein. FIA will have Cyber Crime Wings, which include the investigation and forensic section. To detect and prevent cybercrimes, data and networks have been designated, which will also enable the aggrieved to seek the remedy from there. They also have the option of suing for damages. The FIA claims to have established, cybercrime help desk, cybercrime reporting centres and complaint management units at cyber-headquarters and all cybercrime reporting centres with an objective to provide easy access to the complainant. These centres have been tasked to digitalise registration and expedite the processing of cybercrime complaints.

Although considerable initiative for cybersecurity through the implementation of laws has been taken, there is a lot more that needs to be done. Under the PECA 2016, the federal government has gained the authority to designate any agency to take cognizance of cybercrime, but only FIA has been empowered to do so, ignoring the police within the province. However, FIA suffers from human resource problems and is confined to specific areas in major cities. Therefore, it is out of reach for the general population. In contrast to this, police stations are available in every nook and corner and easily accessible to all and sundry.

In view of the growing number of offences in all parts of the country, attracting PECO, there is a need to designate police as an investigating agency. In addition, both the police and FIA must be trained on the essentials of cybersecurity to better inform and support officials in helping the public.