Understanding Pakistan’s Cybercrime Legislation: PECA 2016 and the National Cyber Security Policy 2021

CyberWalk / By

Pakistan has made significant strides in the domain of cyber legislation with the enactment of the Prevention of Electronic Crimes Act, 2016 (PECA 2016) and the National Cyber Security Policy 2021. These legislative frameworks aim to safeguard information systems, address cybercrime, and enhance information security across the nation. However, despite their ambitious goals, the effectiveness of these laws remains limited due to various implementation challenges, particularly in remote and underserved areas. This blog post scrutinize the key aspects of these legislations, their shortcomings, and practical recommendations for enhancing their effectiveness.

PECA 2016: An Overview

The Prevention of Electronic Crimes Act, 2016, was enacted to curb unauthorized activities related to information systems and to establish a legal framework for the investigation, prosecution, and trial of cybercrimes. Key provisions of PECA 2016 include:

  1. Unauthorized Access: Criminalizing unauthorized access to information systems.
  2. Data Damage: Penalizing data corruption or destruction.
  3. Electronic Fraud: Addressing various forms of electronic fraud.
  4. Cyber Terrorism: Defining and punishing cyber terrorism.
  5. Child Pornography: Implementing stringent measures against online child exploitation.

National Cyber Security Policy 2021: A Brief

The National Cyber Security Policy 2021 was introduced to address the growing cyber threats and to protect the nation’s information infrastructure. The policy focuses on:

  1. Information Security: Enhancing the security of critical information infrastructure.
  2. Incident Response: Establishing robust mechanisms for cyber incident response.
  3. Capacity Building: Developing human resources and institutional capacities for cyber defense.
  4. Public Awareness: Promoting cybersecurity awareness among citizens.

Formation of National Computer Emergency Response Team (PKCERT)

The Ministry of Information Technology and Telecommunication (MoITT) on October 12, 2023, announced the formation of Pakistan’s first National Computer Emergency Response Team (PKCERT). This development aims to keep Pakistan’s cyberspace safe from ever-emerging threats and hacking attempts targeting public sector institutions. The Federal Cabinet of Pakistan approved the Computer Emergency Response Teams (CERTs) Rule 2023 on July 17, 2023, and the Ministry of Information Technology and Telecommunication officially notified the CERT Rules on October 13, 2023.

Challenges and Shortcomings

Despite the comprehensive nature of PECA 2016 and the National Cyber Security Policy 2021, their effectiveness is hampered by several factors, especially in remote and rural areas.

  1. Lack of Physical Forums for Reporting:

    • Inadequate Reporting Infrastructure: Currently, the only forum for reporting cybercrimes is the Federal Investigation Agency (FIA) Cybercrime Wing, which has 14 regional offices and six Cybercrime Wing Zones located in major cities like Islamabad, Rawalpindi, Lahore, Karachi, Quetta, and Peshawar. This limited number of offices is insufficient to serve the needs of a country with 36 districts in Punjab alone and 166 districts nationwide.
    • Accessibility Issues: For victims in remote areas such as Chak Dina, Kharian, Mirpur Mathelo, Rajanpur, Sadiqabad, Naudero, Lashari in Ratodero Tehsil, Chak Narang, or Meerwal in Chakwal, and so on, accessing these regional offices is impractical. This vast geographical spread makes it difficult for the FIA’s limited offices to be approachable by the masses.

  2. Overwhelmed Online Complaint Portal:

    • High Volume of Complaints: While an online portal exists for reporting cybercrimes, the sheer volume of complaints from a population of over 220 million people can overwhelm the system, leading to delays in addressing and resolving cases.

  3. Awareness and Literacy:

    • Low Cyber Literacy: A significant portion of the population is unaware of the existence of these laws and how to utilize them.
    • Public Awareness Campaigns: Insufficient efforts have been made to educate the public on recognizing and reporting cybercrimes.

  4. Law Enforcement Training:

    • Specialized Training: Local law enforcement agencies often lack the specialized training required to handle cybercrime cases effectively.
    • Resource Constraints: There are limited resources allocated to equip law enforcement with the necessary tools and expertise.

  5. Coordination and Collaboration:

    • Inter-Agency Coordination: There is often a lack of effective coordination among different agencies involved in cybersecurity and cybercrime investigation.
    • International Cooperation: Although PECA 2016 includes provisions for international cooperation, practical collaboration is often limited by bureaucratic hurdles.
ALSO  READHow to Report Cybercrime Incidents to NCCIA

Recommendations for Improvement

To enhance the effectiveness of PECA 2016 and the National Cyber Security Policy 2021, particularly in remote and underserved areas, the following steps should be considered:

  1. Establish Local Cybercrime Reporting Centers:

    • Union Council Level: Set up dedicated cybercrime reporting counters at the union council level to make reporting accessible to the grassroots.
    • Tehsil and District Levels: Expand this initiative to tehsil and district levels to cover broader areas comprehensively.
    • Provincial and Capital Levels: Ensure that there are adequate reporting facilities at provincial levels and in the capital to handle the flow of complaints effectively.

  2. Enhance Public Awareness and Education:

    • Cyber Literacy Campaigns: Launch widespread campaigns to educate the public about cybercrimes, reporting mechanisms, and preventive measures.
    • Community Engagement: Utilize local community centers and schools to disseminate information on cyber safety and legal protections.

  3. Improve Law Enforcement Training:

    • Specialized Training Programs: Develop and implement specialized training programs for local law enforcement officers focusing on cybercrime investigation and digital forensics.
    • Resource Allocation: Ensure adequate resources are allocated for the procurement of necessary tools and technologies for cybercrime investigations.

  4. Strengthen Coordination and International Cooperation:

    • Inter-Agency Collaboration: Foster better coordination among various national agencies involved in cyber security and law enforcement.
    • Global Partnerships: Enhance international cooperation through bilateral and multilateral agreements to effectively tackle transnational cybercrime.

  5. Develop Comprehensive Support Systems:

    • Victim Support Services: Establish support services for victims of cybercrimes, including counseling and legal assistance.
    • Reporting Hotlines: Set up national and regional hotlines for immediate reporting and assistance in cybercrime cases.

  6. Leverage Technology and AI:

    • AI for Cybercrime Detection: Utilize artificial intelligence and machine learning to detect and prevent sophisticated cyber threats.
    • Automated Complaint Management: Implement AI-driven systems to manage and prioritize complaints, ensuring timely responses and resolutions.

  7. Role of PKCERT:

    • PKCERT’s Contribution: The National Computer Emergency Response Team (PKCERT) offers indispensable technical and operational resources required to foster a secure and robust cyber ecosystem in Pakistan.
    • Coordination with Provincial Governments: PKCERT should work in close coordination with provincial governments to extend its reach to the local level, ensuring comprehensive coverage and prompt response to cyber incidents.

Conclusion

While PECA 2016 and the National Cyber Security Policy 2021 represent significant steps towards a secure cyber environment in Pakistan, their current implementation falls short, particularly in rural and remote areas. By addressing the infrastructural gaps, enhancing public awareness, providing specialized training for law enforcement, and fostering better coordination, Pakistan can significantly improve its cybercrime prevention and response mechanisms. The establishment of PKCERT is a promising development, and its effective integration with local and provincial authorities is crucial. Ensuring that every citizen, regardless of their location, has access to effective cybercrime reporting and support services is crucial for the success of these legislative frameworks.

Leave a Comment

Your email address will not be published. Required fields are marked *