Cybercrime is criminal activity that either targets or uses a computer, a computer network or a networked device. In a broader definition, any crime done with the help of a computer and a network is known as cybercrime. Cybercrimes are increasing with every single day in every country including in Pakistan. Most cybercrimes are committed by cyber criminals or hackers who want to make money. However, occasionally cybercrime aims to damage computers or networks for reasons other than profit. There are three major categories of cybercrimes which include crimes against people, crimes against property and crimes against government. Email, WhatsApp, Instagram, Twitter and Facebook are the most frequently used means in cybercrimes.
With the advent of 5G and 6G technologies, the digitization and automation have become continuous, thus there has been a proportional increase in the number of cybercrimes. Cyber security ventures estimate that, by 2025, cybercrime will cost the world a mammoth 10.5 trillion USD per annum. Cyber Crime increases 83% in Pakistan as recently told during the meeting of the Standing Committee on Information Technology and Telecommunication.
A major portion of Pakistan’s cybercrime legislation has been influenced by foreign cybercrime legislation. It is divided into 43 categories that deal with various forms of cyber offences in Pakistan. The Electronic Transactions Ordinance (ETO) 2002 was first enacted IT-related legislation in Pakistan and still in the field. However, this law mainly addresses the issues of recognition of electronic documents, electronic communications, digital signature regime and its evidential consequences, website and digital signatures certification providers, stamp duty and attestation and notarization of certified copies.
The existing law dealing with cybercrime is the Prevention of Electronic Crimes Act, 2016 (“Act”), being applicable to every citizen of Pakistan wherever he may be and to every other person who is stationed in Pakistan for the time being. This law provides a comprehensive framework for all forms of cybercrime including internet crimes, unauthorized data access (hacking), credit card fraud, child pornography & solicitation, glorification of offence, hate speech, unauthorized issuance of SIM card, tempering of communication equipment, making, obtaining or supplying device for use in offence, violation of dignity of a natural person, malicious code, cyber bullying, cyber stalking, spamming, spoofing, online intellectual property infringements, Identity theft electronic forgery and electronic fraud and cyber terrorism.
Cyber criminals in Pakistan may face a variety of sanctions prescribed under sections 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26 of Prevention of Electronic Crimes Act, 2016. The offences and punishment is depending on the crime and can range from six months to ten years with fine up-to five million rupees or both. The regulations of these laws are applicable to everyone in Pakistan who commits cybercrime, regardless of country of citizenship. Presently, Federal Investigation Agency (FIA) serves as a cyber law enforcement agency under Prevention of Electronic Crimes Act, 2016.
Though as per section 29 of Prevention of Electronic Crimes Act, 2016, the federal government was required to establish a new law enforcement agency as the investigating agency for the purposes of investigation of offences under PECA Act 2016, but such agency has still not been established, which resultantly hampering the spirit and mandate of law. For the time being, FIA has been designated as investigating agency under PECA law, which in the present modern circumstances, lacks the capacity and resources to handle, investigate and to conclude successfully prosecution of these most advanced technological offences, resultantly, despite have stringent laws, the implementation is weak and the Cybercrimes are increasing day by day.
Further, though National Cyber Security Policy has been approved by the federal government in 2021 for data safety and privacy of local users with the mandate to have a central body to oversee implementation, remove bureaucratic hurdles and to carry out capacity building for changing landscape of cyber threats but there is no significant headway and the points pledged in policy are awaiting for implementation.
Thus there is a need to immediately establish a new agency as proposed in Prevention of Electronic Crimes Act by providing them with the best forensic laboratories and to recruit those persons in the agency who would be experts for investigating cybercrimes. There is also a dire need of discipline and resources to deal with the influx of cases and also to take significant measures to prevent cyber threats. Special emphasis should be made for establishing new digital courts and to appoint such judges who would have expertise and legal background and understanding of technology that how to deal with cybercrimes related issues and adjudication.
There is also need of public awareness about the precautionary measures that how to use social media and how could be avoided for cyber attacks. Moreover, people should also be educated through public campaigns initiated by the government that to avoid accepting any random friend request from unknown people as it might be possible, they are approaching you to steal from you and nobody should be allowed to get your personal information or any relevant data through which they can access your accounts or debit/credit cards. The federal government should initiate an information security campaign as well to educate people and to consider new legislation for prosecution of defaulters for any data loss as accountability will help improve performance of all those responsible for cyber security. Government and the relevant departments and especially those institutions who are dealing with consumers should launch regular campaign on print, electronic and social media that how the users can secure their mobile device, can secure their banking, can secure their social media and how to use a secure internet connection, al, this way there would be great help against the cyber attacks and controlling the misuse of social media.
As we are in modern age, and cannot avoid the use of information technology but simultaneously it is important like other countries that the government should take and adopt all legal and safety measures including to set up national university on cyber related issues and to take such modern technology based steps to avoid such cyber security threats/crimes. It is also important simultaneously to ensure implementation of laws through setting up a new independent, credible and transparent agency as required under PECA law to address all legal, investigation, prosecution and adjudication matters. There is no doubt that an appropriate legislative structure under a robust compliance framework as mentioned would address many issues of cybercrimes and security in Pakistan.