Cyber Laws in Pakistan
PART 1
Welcome to today's discussion where we delve into the critical aspects of understanding, regulating, investigating, and reporting cyber-crimes in Pakistan.
What are cybercrimes?
To comprehend the regulatory landscape addressing cybercrimes in Pakistan, let's first demystify what cybercrimes entail. These are illicit activities carried out in the digital realm, utilizing computer systems, networks, or the internet. In our increasingly digital age, these offenses encompass a broad spectrum of unlawful actions, emerging as a significant concern.
In Pakistan, we've witnessed a surge in disruptive cyber activities, including hacking, online fraud, cyberbullying, identity theft, data breaches, malware attacks, online harassment, and stalking.
Legislative Measures:
To counteract these disruptions, Pakistan has implemented legislative measures designed to combat cybercrimes. These laws cover a wide array of offenses, categorized into:
Offenses Against Individuals:
This category addresses serious acts such as identity theft, cyberbullying, online harassment, and the malicious distribution of revenge porn.
Offenses Against Property:
Encompassing hacking, data breaches, malware attacks, and online fraud, this category deals with crimes that compromise the integrity of digital assets and personal information.
Offenses Against the State:
Moving on, the legislative measures in Pakistan extend to offenses against the state, addressing more severe transgressions like cyber espionage, cyberterrorism, and assaults on critical infrastructure.
Prevention of Electronic Crimes Act, 2016 (PECA):
At the forefront of Pakistan's cybersecurity legal framework is the Prevention of Electronic Crimes Act, 2016 (PECA). This act serves as the primary law designed to thwart unauthorized activities related to information systems and data.
PECA outlines twenty-three types of offenses, including unauthorized access, copying, transmission, interference, or damage to information systems or data, especially those linked to critical infrastructure, terrorism, hate speech, electronic forgery and fraud, identity theft, spamming, spoofing, cyberstalking, child pornography, cyber terrorism, offenses against dignity, modesty, and privacy of natural persons and minors.
Penalties and Amendments:
PECA doesn't merely list offenses but also defines penalties for these transgressions, ranging from fines to imprisonment for different durations. Courts may also grant compensation to the injured party.
Significant amendments to PECA, particularly in 2019 and 2022, have responded to emerging cyber challenges, incorporating provisions about social media, online fraud, cryptocurrency, and blockchain technology.
The crimes under PECA are divided into two categories; cognizable offences and non-cognizable offences.
Cognizable Offences:
A cognizable offense is a type of crime in which the police may arrest a person without a warrant. The following are cognizable offences under PECA.
1. Cyber terrorism:
Cyber terrorism refers to committing or threatening to commit any of the offenses that is
With dishonest intentions gains unauthorized access to any critical infrastructure information system U/S 6
Unauthorized copying or transmission of critical infrastructure data U/S 7
Interference with critical infrastructure information system or data U/S 8
glorify an offense relating to terrorism, or any person convicted of a crime relating to terrorism U/S9
where the commission or threat is with the intent to,
(a) coerce, intimidate, create a sense of fear in the Government or the public or insecurity in society
(b) advance interfaith, sectarian, or ethnic hatred
Penalties:
It is a cognizable offense. Such a person shall be punished with imprisonment of either description for a term extending to fourteen years or with a fine extending to fifty million rupees or with both.
2.Offences against modesty of a natural person and minor:
The display or transmission of any information in which a photograph of a natural person is edited over any sexually explicit image, or a video of a natural person in sexually explicit conduct, or intimidates a natural person with any sexual act or image to harm a natural person or his reputation, or to take revenge, or to create hatred or to blackmail, an FIR can be lodged immediately against such person.
Remedy:
Under section 21 of PECA, any aggrieved person or his guardian (in case of a minor) may apply to the Authority for removal, destruction of, or blocking access to such information. Authority shall immediately pass such orders as deemed reasonable in the circumstances including an order for removal, destruction, preventing transmission of or blocking access to such information.
Penalties:
It shall be punished with imprisonment for a term extending to five years or with a fine extending to five million rupees or with both. If such offence is committed to a minor, the offender shall be punished with imprisonment for a term which may extend to seven years and with a fine which may extend to five million rupees.
3. Child pornography:
Child pornography is a form of child exploitation and abuse that includes any visual depiction, including photographs, videos, digital media, or other visual materials, that involves minors engaging in sexually explicit conduct. The production, distribution, possession, or consumption of child pornography is illegal U/S 22 of PECA,2016.
It also includes
establishing trust with the intent to facilitate, solicit, or commit sexual abuse or share explicit material as mentioned in U/S 22A. Such a person shall be punished with imprisonment of not less than five years.
sexual exploitation of minors including child prostitution and child sex tourism U/S 22B. Such a person shall be punished with imprisonment of not less than fourteen years.
contacting a minor with intent to kidnap, abduct, or traffic a minor to commit sexual abuse of a minor or exploitation U/S 22C. Such a person shall be punished with imprisonment of not less than fourteen years.
Penalties:
The offender shall be punished with imprisonment for a term which may extend to fourteen years and may extend up to twenty years and with a fine which shall not be less than one million rupees.
PART 2
Non-Cognizable offenses
Non-Cognizable offenses:
A non-cognizable offense is a type of crime in which the police cannot arrest without a warrant; the court's permission required to register and investigate. Non-cognizable offenses are relatively less serious.
Cyberbullying:
Cyberbullying refers to the use of digital technology to harm, harass, or intimidate someone. A notable focus of PECA is addressing cyberbullying. This occurs when an individual, with the intent to harass, threaten, or target another person, posts or sends electronic messages, including pictures or videos, through various social media platforms such as chat rooms, blogs, or instant messaging.
Remedies:
For victims of cyberbullying, section 24A of PECA provides remedies. Aggrieved individuals, including minors through their guardians, can apply to the Authority for the removal, destruction, or blocking of access to content related to cyberbullying. The Authority promptly issues appropriate orders upon receiving such applications, including the removal, destruction, prevention of transmission, or blocking access to such content and communication.
Penalties for Cyberbullying:
Those found guilty of cyberbullying may face imprisonment for a term ranging from one to five years, coupled with a fine of up to five hundred thousand rupees, but not less than one hundred thousand rupees.
Hate Speech Offense:
Hate speech involves the creation or dissemination of information through any information system or device that promotes interfaith, sectarian, or racial hatred. The information must have the potential to foster hatred based on race, color, national origin, sex, disability, religion, or sectarian grounds.
Legal Consequences:
Under section 11 of PECA, individuals found guilty of spreading hate speech may face severe penalties, including imprisonment for a term of up to seven years, a fine, or both.
Pictures Misused:
The act of superimposing a photograph of a person's face over any sexually explicit image or video or including a photograph or video of a person in sexually explicit conduct with the intent to harm, seek revenge, create hatred, or blackmail is a punishable offense.
Remedy
An aggrieved person or their guardian, if a minor, may apply to the Authority for the removal, destruction, or blocking of access to such information.
Penalties for Misuse of Pictures (Sec. 21 of the Act):
Offenders may face imprisonment for a term of up to five years, a fine of up to five million rupees, or both.
Unauthorized Data Transmission (Sec. 4 of the Act):
Anyone copying or transmitting data without authorization with dishonest intent may face imprisonment for up to six months, a fine of up to one hundred thousand rupees, or both.
Cyber Forgery:
Individuals who, with the intent for wrongful gain, interfere with or use any information system, device, or data, inducing someone into a deceptive relationship or act likely to cause harm, commit electronic fraud, and forgery.
Punishment:
Imprisonment for up to three years, or a fine of up to two hundred and fifty thousand rupees, or both under section 13 of PECA.
Cyber Fraud
Electronic fraud includes online scams, phishing, identity theft, and other forms of digital deceit. Electronic fraud can occur on a variety of platforms, including e-commerce websites, social media, and online banking services. Whoever uses any information system, device, or data or induces any person to enter into a relationship or deceives any person, which act or omission is likely to cause damage or harm to that person or any other person.
Penalties:
It shall be punished with imprisonment for a term which may extend to two years or with a fine which may extend to ten million rupees or with both under section 14 of PECA.21
Spamming:
Spamming is committed by individuals who, with intent, transmit harmful, fraudulent, misleading, illegal, or unsolicited information without the recipient's permission. This also includes causing any information system to display such information for wrongful gain.
Penalties:
Under section 25 of PECA, offenders may face imprisonment for up to three months, a fine of up to fifty thousand rupees, extending up to five million rupees, or both.
Spamming through Digital marketing:
A person including an institution or an organization engaged in direct marketing shall provide
the option to the recipient of direct marketing to unsubscribe from such marketing.
Penalties:
Whoever engages in direct marketing for the first time, shall be punished with a fine not exceeding fifty thousand rupees, and for every subsequent violation shall be punished with a fine not less than fifty thousand rupees that may extend up to one million rupees
Stalking:
Stalking refers to the act of following or harassing someone repeatedly, often in a threatening or invasive manner. It can take many forms, including physical tracking, cyberstalking, or verbally abusive behavior. According to PECA, section 24 any information system, network, the internet, website, electronic mail, or similar means of communication with the intent to coerce, intimidate, or harass any person constitutes the offense of cyberstalking.
Penalties
Penalties for this offense include imprisonment for up to three years, a fine of up to one million rupees, or both.
PART 3
Investigation Agency
Role of FIA:
In understanding the significance of PECA in regulating cyber crimes in Pakistan, it's crucial to explore the authority responsible for their investigation. According to the Prevention of Electronic Crimes Investigation Rules, 2018, the Federal Investigation Agency (FIA) is empowered to investigate cybercrimes. While other law enforcement agencies, including the police and intelligence services, contribute to the fight against cybercrime, the FIA takes the lead.
What is FIA:
The Federal Investigation Agency (FIA) is the premier investigative organization in Pakistan, established under the Federal Investigation Agency Act, 1974. It is entrusted with investigating various crimes, including human smuggling, trafficking in persons, immigration offenses, cybercrimes, official secrets law violations, corporate crimes, money laundering, counter-terrorism financing, and high treason.
Powers of FIA:
Members of the FIA wield powers equivalent to those of police officers of the Provincial Police for the arrest of persons and seizure of property. The administration is vested in the Director General, who holds the powers of an Inspector General of Police. FIA field units, akin to local police departments, are led by officers with the rank of Deputy Inspector General of Police. These units function similarly to local police stations, each headed by an officer in charge (Station House Officers).
FIA and Cybercrime:
The Schedule of the FIA Act, 1974, specifies that offenses punishable under PECA, 2016 fall under the jurisdiction of the FIA. PECA grants investigative agencies specific powers and procedures for these offenses, such as obtaining warrants, preserving and acquiring data, seizing or accessing information systems or devices, collecting or recording information in real-time, and conducting forensic analysis.
FIA's Cyber Crime Wing - NR3C:
For the investigation of offenses related to computers, the internet, and the illegal use of information technology, FIA operates a dedicated Cyber Crime Wing known as the National Response Centre for Cyber Crime (NR3C). Cybercrimes are typically reported to local law enforcement or the NR3C. When a report is received, the NR3C initiates a meticulous investigation, collecting digital evidence and tracing online tracks. FIA equips this unit with the necessary tools and technical instruments to conduct effective investigations.
International Collaboration:
The FIA actively engages in collaborative efforts with international law enforcement agencies to investigate cross-border cybercrime cases. As part of its global outreach, the FIA is a proud member of the Global Cybercrime Network, a coalition uniting law enforcement agencies from over 100 nations dedicated to combating cybercrime.
Challenges Faced by FIA:
Despite the commendable efforts of the FIA in establishing a robust system for investigating cybercrimes in Pakistan, several challenges persist:
Encrypted Data:
Accessing encrypted data and extracting valuable information can be exceptionally challenging without proper decryption methods and specialized tools, posing significant hurdles in the investigation process.
Handling Digital Evidence:
The malleability and susceptibility to the disappearance of digital evidence present another obstacle. Investigating cybercrimes requires the FIA to employ proper methods and tools for the preservation of such evidence.
Steganography Use:
Cybercriminals often employ steganography to conceal data within innocent-looking files, making detection and extraction more difficult for investigators.
Global Data Jurisdictions:
Digital data is frequently dispersed across different jurisdictions globally, leading to access issues due to varying local laws and data privacy regulations.
Data Privacy Laws:
Adhering to the requirements of data privacy laws further complicates investigations. Officers face restrictions when accessing and processing data, balancing the need for information with the necessity to protect individual privacy.
Increased Cybercrime Activities:
With a recent surge in cybercrime activities, there is a heightened demand for tools capable of efficiently processing and analyzing large datasets. The lack of such advanced tools poses a significant challenge for investigative agencies already grappling with the growing number of cases.
Addressing Challenges:
Efforts are ongoing to overcome these challenges. The FIA is actively exploring innovative solutions, collaborating with international partners, and advocating for the development and implementation of advanced tools to enhance the effectiveness of cybercrime investigations.
PART 4
Investigation Procedure
Investigating Procedure:
The PECA Rules, 2018 (the “Rules”) outline the procedure for investigating a cybercrime case.
Filing an FIR:
The initiation of an investigation involves the filing of a First Information Report (FIR) to report a cybercrime. A complainant can submit a complaint via various channels, including email, fax, telephone, using FIA’s cybercrime wing website, or by visiting the zonal office of FIA.
Investigation Process:
Upon receiving a complaint, an investigation officer is assigned to the case. The officer seeks permission from the competent court (for non-cognizable cases) or from the Additional Director of the FIA cyber wing (for cognizable cases) before proceeding with the investigation. The Federal Investigation Agency (FIA) conducts a thorough investigation, including search and seizure activities while adhering to principles of confidentiality and privacy, especially in cases involving offenses against modesty and dignity.
Arrest and Detention:
If necessary, suspects are arrested and detained during the investigation. Witnesses are interviewed to gather evidence, and statements and confessions are recorded from both suspects and witnesses by the police.
Investigation Report:
The investigation officer is required to submit the investigation report within sixty days. Upon completion, the Additional Director in a zone authorizes the submission of the final challan under section 173 of the Code of Criminal Procedure to the competent court, either magistrate or session court.
Legal Proceedings:
The magistrate reviews the case to determine if it should proceed. If approved, formal charges are filed against the suspect, leading to legal proceedings in court. The court delivers its final judgment based on the evidence presented during the trial.
Appeals and Sentencing:
The person against whom an order has been granted can file an appeal within thirty days of the final judgment. The court either convicts the accused if found guilty or acquits them if insufficient evidence supports the charges. If convicted, the court determines and pronounces the punishment or sentence, which may include fines, imprisonment, or other penalties.
Shortcomings of PECA:
Pakistan's cyber laws, primarily governed by the Prevention of Electronic Crimes Act (PECA), have made significant strides in addressing digital challenges. However, attention is needed to address certain concerns, including potential overreach and violations of civil rights.
Concerns:
Broad and vague definitions, particularly in offenses like cyberterrorism, could potentially stifle legitimate online expression and free speech.
Data protection is a crucial area requiring focus to ensure robust measures that safeguard people's privacy and prevent data breaches.
Addressing Concerns:
Addressing these concerns is vital to strengthen cyber laws, making the digital space safer while respecting human rights.
The trajectory of Pakistan's cyber laws holds promise as the government actively acknowledges existing challenges and takes strides to address them. Recognizing the evolving landscape, efforts are underway to formulate a dedicated data protection law, a critical step in fortifying the digital rights and privacy of individuals. Additionally, there is a concerted push to enhance international cooperation on cybercrime, fostering collaboration with law enforcement agencies globally. But more work remains in this domain as cybercrimes continue to emerge in increasingly advanced forms.
PART 5
Reporting Cyber Crimes
[Opening]
Hello everyone, and welcome to today's guide on how to report cybercrime in Pakistan. Cybercrime is on the rise in Pakistan, and it can affect anyone. Do you know what to do if it happens to you? In this video, we'll break down the process into simple steps, making it easy for you to navigate. So, let's get started!
[Step 1 - Identifying the Cybercrime]
First things first, identify the cybercrime. Whether it's hacking, online fraud, or cyberbullying, jot down the details - dates, times, and any relevant information. The more details, the better.
[Step 2 - Choosing the Reporting Channel]
Now, onto step two - choosing where to report. In Pakistan, you've got a couple of options.
[Option a - FIA]
For cybercrimes in general, the Federal Investigation Agency (FIA) is your go-to. They've made it super convenient for you to report. Here are a few ways to reach them.
[Option a1 - Online Form]
First up, the easiest way - head over to their website at [nr3c.gov.pk]. Look for the 'Complaints' or 'Report Cyber Crime' section. Fill out the form, provide evidence, and hit submit. It's a quick online process.
[Option a2 - Email]
Prefer good old email? No problem! You can send an email to FIA's National Response Center for Cyber Crime at [helpdesk@nr3c.gov.pk]. Drop them the details and evidence, and they'll take it from there.
[Option a3 - Text or Call]
If you're more of a text or call person, FIA has got you covered. You can reach them at [051-111-345-786]. Just shoot them a text or give them a call, share the incident details, and they'll guide you through the process.
[Option a4 - Physical Visit]
And for those who like the traditional touch, you can always visit the FIA's office in person. Walk in, talk to the folks there, provide your statement, and they'll assist you. It's all about making reporting accessible to everyone!
[Option b - PTA]
If your cybercrime involves telecom services or tech misuse, the Pakistan Telecommunication Authority (PTA) is your friend. Visit [pta.gov.pk], find 'Complaints' or 'Consumer Protection,' fill out the form, attach proof, and submit. Simple as that.
[Option c - Local Police]
Now, for urgent matters, your local police station is a direct option. You've got a few ways to reach out.
[Option c1 - In Person]
Firstly, the classic way - visit your local police station in person. Speak to an officer trained in cybercrimes, provide a detailed statement, and don't forget to get a copy of the report for your records.
[Option c2 - Call]
If visiting isn't feasible, you can also call your local police station. Check their contact details online or in the directory, share the details of the incident over the phone, and they'll guide you on the next steps.
[Option c3 - Email or Text]
Some police stations may accept reports through email or text. Look up your local police station's contact information, send them a detailed email or text explaining the situation, and include any evidence you may have.
[Option c4 - Mobile App]
In this digital age, some police might have their own apps. Check the app store or their website for information on how to report cybercrimes through their dedicated mobile application. It can be a quick and efficient way to get your report filed. For example, Punjab Police has the [Punjab Police Pakistan App] that offers online complaints, character certificates, police verification, and other services.
[Closing Reminder]
So, whether it's in person, over a call, through email or text, or even using a mobile app, reporting cybercrime to your local police is crucial. Choose the method that suits you best.
[Step 3 - Follow-Up]
Now, once you've reported, don't forget to follow up. Keep those reference numbers handy and check in on the progress. Communication is key!
[Step 4 - Secure Your Systems]
While the experts do their thing, take care of your own digital house. Change passwords, update security software, and be cautious online. Better safe than sorry!
[Closing]
So there you have it, a straightforward guide on reporting cybercrime in Pakistan. Stay safe online, be vigilant, and don't hesitate to report any suspicious activity. Thank you for watching.
