Cyber Laws dealing with cyber security issues in Pakistan


S J Tubrazy


The digital revolution and the pervasiveness of the Internet has not only made communication fast, it has also increased manifold the risk of cyber-attacks. It is perhaps a sign of times that cyber warfare is now recognized as an existential threat to nations. In the US policy makers talk of the possibility of a cyber-pearl harbor and an extreme response to such an attack. Like all other digitally linked countries, Pakistan is vulnerable to malicious cyber activity. According to the Snowden revelations of 2013, Pakistan is the second most spied country in the world. This may or may not be the most accurate description of how precarious Pakistan is on the digital front.

Unfortunately Pakistan has no national cyber policy. The only area that has merited attention so far has been cybercrime. The Federal Intelligence Agency (FIA) has a designated body the National Response Center for Cyber Crime (NR3C) that is responsible to investigate electronic crime. The activity of this unit is hampered because of insufficient legislation to persecute digital criminals. The only existing piece of cyber legislation, the Prevention and Control of Cyber Crimes Ordinance (PECO), lapsed in 2009. Investigation For Fair Trial Act 2013 has enacted for collection of evidence by means of modern techniques, surveillance, interception, issue of warrants and execution of warrants etc.   The Electronic Documents and Prevention of Cybercrimes Act, 2014 is pending before the parliament. Compared to this Indian IT Act was promulgated in 2000. The Indians also have a national Computer Emergency Response Team (CERT) to respond to computer related emergencies. Pakistan regretfully has done a little. The Indians have copied the American model by creating the office of the cyber security coordinator. In the US, the cyber security coordinator reports directly to the President. The Department of the Homeland Security (DHS) is responsible for cyber security in the US. Critical infrastructure is of primary interest in the US and other advanced nations. A number of cyber policies have been prepared and released for public consumption in the US. The Presidential Policy Directive 20 provides the framework for national cyber security by establishing principles and processes.

Billions of dollars are spent on cyber security in the US. The National Security Agency (NSA) and the national Cyber Command are responsible for the offensive and defensive aspects of cyber security of USA. Pakistan needs to do a lot of work to put its cyber house in order and it will have to begin by scripting policies on national cyber security policy. Following are laws available in Pakistan relating to the issue of cyber-crime and cyber security, here we illuminate them with eye bird view.

Relevant Prevailing Law

  1. Electronic Transaction Ordinance  200
  2. I) Section 36 ( violation of privacy of information system)
  3. II) Section 37 (Damage to information system etc)
  4. Prevention of Electronic Crime Ordinance 2007 (elapsed)

III)                Investigation of Fair Trial Act 2013

  1. i) (Preamble (collection of evidence by means of modern techniques,
  2. ii) Section 3 (definition (Ss.e ( designated body), f(expert) g( intercepted material))

iii)                 Section 5 (record of suspicion conduct),

  1. iv) Section 8 (application for issuance of warrant ) ,
  2. v) Section 10(consideration for issuance of warrant ) ,
  3. vi) 11(issuance of warrant for surveillance and interception) ,

vii)               15 (sanction in case of arbitrary request of warrant ) ,

viii)              16 ( authorization under warrant) ,

  1. ix) 17 (method of executing of warrant),
  2. x) 22 (registration of case).
  3. xi) ( admissibility)

xii)                29 (complaint against misuse  of warrant)

  1. The Electronic Documents and Prevention of Cybercrimes Act, 2014 (Bill pending for approval)

The bill aims to make it easier for companies to share information with the government about cyber threats, without violating consumer privacy laws. The idea is to exchange information about hackers to build better defense. It still permits companies to share sensitive and personal customer information with the government and allows the military to collect the internet records of everyday citizens.

It is said it will create broad legal exemptions that allow the government to share ‘cyber threat intelligence’ with private companies, and companies to share ‘cyber threat information’ with the government, for the purposes of enhancing cyber security. The problems arise from the definitions of these terms, especially when it comes to companies sharing data with the feds.

Scroll to Top