The use of a computer as a tool to carry out illegal activities, such as fraud, trafficking in child pornography or intellectual property violations, stealing identities, or violating privacy, is known as cybercrime or computer crime. With computers playing an increasing role in commerce, entertainment, and government, cybercrime has become a significant issue, particularly on the Internet.

There’s no question that Information Technology has impacted our lives to such an extent that it’ll never be possible to live a life without it. Information Technology plays a crucial role in supporting various components of our daily lives, including computers, scanning tools, social media platforms, intranets, email servers, and electronic communication systems. For example, applications such as mobile phones, laptops, and modern computers rely on digital databases. Similarly, digital databases can be accessed easily and efficiently on an Intranet or over the internet at an international level.

While the advent of Information Technology has made our lives easier, it also brought about numerous challenges in terms of regulation and is being exploited by criminal elements for criminal and other purposes. Additionally, Information Technology use requires regulatory frameworks and laws. The presence of misuse and anti-social elements is creating fear and disturbance in both personal lives and the social and commercial realms.

Cybercrime Law Practice in Pakistan

Given that Information Technology has no set limit, it is challenging to create regulatory regimes and regulations that can accurately assess the strict liability implications of criminalising the misuse of various software and information technology methods. The present time presents a common challenge for all countries and nations in creating effective legal systems and regulatory frameworks to protect Information Technology within specific contexts that are beneficial to society.

Pakistan’s first law to regulate Information Technology uses and aspects is the Electronic Transactions Ordinance, 2002 (Ordinance LI of 2002), which has not yet resolved all the problems. Following that, there have been additional regulations put in place to handle various matters related to Information Technology and its utilization for different purposes. The laws that were promulgated and put into effect were necessary, and it was subsequently suggested to compile them with case laws created during this period for the benefit of lawyers, academics, researchers, or the general public.

Moreover, it is worth mentioning that the Pakistan Telecommunication (Re- organization) Act, 1996 (XVII of 1996) is the fundamental legal framework provided by the Parliament to achieve ambitious objectives in the telecommunication and Information Technology Sector of Islamabad, providing various essential bodies, including the PATA. In order to tackle the challenges of competition and transparency, the Pakistan Telecommunication Authority has made significant efforts to regulate all aspects of the telecommunication sector in Pakistan. The Pakistan Telecommunication (Re-organisation) Act (XVII of 1996), the Telegraph Act, 1885 (Act XIII of 1886), and the Wireless Telegraphy Act. In 2007, Pakistan implemented the Prevention of Electronic Crimes Ordinance, which covers all aspects of telecommunications and information technology in its legal, national, and international contexts. This legislation may be consulted for a better understanding to gain knowledge and expertise on the fundamental regulatory framework/regulatory measures in these sectors.

National capitals are beginning to recognise the growing danger posed by crimes against computers or computer-related information. Such crimes are likely to be punishable by existing laws in most countries worldwide. Technical measures are the only means of safeguarding valuable information, as it is not legally protected and essential for businesses and governments to protect themselves from theft, deny access, or destruction.

Even with self-protection, cyberspace cannot be considered a secure area for conducting business. Adherence must be placed on the rule of law. Those with inadequate legal protections will face greater challenges in maintaining their competitiveness in the new economy. The increasing prevalence of cybercrime across national borders puts countries deemed safe havens at risk of having their electronic messages blocked by the network. To determine the effectiveness of their measures, National Governments should review their existing laws and regulations. Where gaps exist, governments should draw on other countries’ best practices and work with industry to create legally binding protections against such new crimes.

What’s Different about Cyber Crime?

Despite the possibility of being arrested or charged, cyber criminals worldwide are lurking on the Internet as a constant danger to the financial stability of corporations, their customer confidence and the security of nations. Additionally, our attention is drawn to the headlines of cyber attacks. The Computer Emergency Response Team Coordination Centre (CERT/CC) has reported a 54% surge in the number of security breaches reported during the first quarter of 2000 compared to the same period in 1999. Additionally, there are numerous reports of illegal access and damage worldwide, but many victims are afraid of vulnerabilities, Copycat Crimes, and public confidence. The four ways in which cyber crimes, which involve harmful acts against a computer or network, differ from most land-based crimes. It is easy to learn how they can be committed; they require minimal resources in comparison to the potential damage, and they are often not clearly against the law.

In most countries, cybercrimes are not explicitly prohibited by law. Even though there are laws against physical trespass or breaking in the real world, they do not extend to their “virtual” counterparts. Modern regulations may not encompass protected property, such as web pages like the E-Commerce sites that were targeted by distributed denial of service attacks. The Philippines was faced with the possibility of uncovering new crimes, as evidenced by its unsuccessful prosecution of the May 2000 attacks. Billions of dollars in damage were caused by the Love Bug virus worldwide.

The transnational nature of cyberspace makes it difficult to achieve effective law enforcement. The development and execution of crimes through cross-border cooperation is a slow and intricate process. The conventional jurisdictional realms of sovereign nations can be violated by a cyber attacker, who can launch attacks from almost any computer on the planet, or cross multiple national borders and create attacks that appear to be originating from outside countries. These techniques dramatically increase both the complexity of investigating and prosecuting cyber crimes.

A comprehensive e-commerce law was passed in the Philippines six weeks after the Love Bug attack that prohibited most computer offences. This is significant news for the country. The future of the networked world requires a more proactive approach, and Governments, Industry, or the public must collaborate to create laws that deter cyber criminals with effective deterrence.

Poor Information Security Reduces the Competitiveness of Nations

The trust of the public in the security of information processed and stored on networks in each country was evaluated by examining the information security measures of countries. Information security encompasses analysing the effectiveness of legal safeguards and advancements in software protection, the extent of electronic privacy protection efforts, and the legal framework for authorising digital signature processing. Effective protection of valuable information and networks requires the implementation of legal mechanisms to hold cyber criminals accountable, which creates a predictable environment conducive to effective deterrence.

While several countries, particularly in Europe and Asia, have taken steps to address general information security concerns, few have been able to provide evidence of proper legal protections that ensure cybercrime perpetrators are held accountable. About 50% of the nations were classified as requiring substantial enhancements to their information security measures. Also, just about half of the countries requiring notable progress reported that work was being done.

Conducting e-business in one country and across national borders is challenging due to outdated laws and regulations, as well as inadequate enforcement measures for networked information. If legal protection is not effective, the flow of e-commerce may be hindered, and digital information cannot be freely exchanged. As e-business expands globally, the need for reliable and consistent means to protect networked information will become more important.

The Cyber Crime Laws of Nations

In response to the Philippines inability to prosecute the student responsible for the virus, McConnell International surveyed its global network of Information Technology policy officials to assess the state of cybersecurity laws worldwide. They requested countries to provide legislation that would be used to prosecute criminal activities involving computers in both private and public sectors.

Over fifty national governments have released new legislation, updated statutes, draft laws, or stated that no specific action has been taken in response to a cyber attack on the public or private sector. The draft results were presented to countries for their scrutiny, and this report includes their observations.

The countries that provided legislation were evaluated to determine if their criminal statutes had been extended to include ten types of cyber crime in four categories: Data-Related Crimes, Network-relative Crime (INTERNET), Interference and Sabotage; Crime Of Access, Hacking and Viral Distribution, and Related Computer-Derivative Criminal Procedures including Assistance, Fraud, Corrupt Payment, Completion, Computer Fraud, Copies from Composers, Cyber Forgeries, etc.

In 33% of the countries surveyed, cybercrime has not been addressed in their current laws. Nine countries have laws that tackle at least five types of cybercrime, while ten have revised their laws to prosecute six or more of the eight types.

Pakistan’s successful prosecutions of computer-related fraud have led to the updating of laws in countries with fully, substantially, or partially updated laws. In many other countries, Pakistani police officers are highly confident that current laws adequately address the issue of assisting and facilitating cyber crimes, as well as computer-managed fraud and forgery.

Crimes in these countries are not treated equally. Unauthorised access is considered a crime in certain areas only if the intent is harmful, while data theft is punishable by law only when the data is related to an individual’s religion or health or defrauding. The protection of computers in public sector settings is often accompanied by favourable laws.

Discrepancies exist even within countries. In September 2000, the Australian Democratic Party criticised the South Australian government for not updating its laws to combat computer-based crime, leading to an environment of potential danger for cyber criminals. Additionally, the areas of criminal activity that have been tackled by updated laws vary little from country to country.

New criminal laws have a wide range of penalties. In comparison to other countries, Mauritius, the Philippines, and the United States have harsher penalties for cybercrime convictions.

Out of the 33 countries without updated laws, only 13 reported that they are making progress in adopting updated legislation to address cybercrime. Cybercrime is not yet fully addressed in Africa or the Middle East, but it appears that many countries are aware of its presence and need for action.

Law Is Only Part of the Answer

Creating an environment that is both trustworthy and lawful online requires the expansion of the rule of law. The extension is still being worked on, so organisations need to prioritise the protection of their systems and information against external or internal threats. Effective law enforcement may be the only way to provide deterrence.

Conclusion

1. Reliance on terrestrial laws is an untested approach

Despite the advancements in many countries, most countries still adhere to standard terrestrial legislation for handling cyber offences. Many countries are using outdated regulations that existed before the inception of online communication and have not been subjected to legal scrutiny.

2. Weak penalties limit deterrence

The weakened penalties in current criminal statutes offer limited deterrence for crimes that can result in significant economic and social consequences.

3. Self-protection remains the first line of defence

Information security requires the assistance of the private sector to devise and implement robust technical solutions and effective management practices, given their current vulnerability under the law.

4. A global patchwork of laws creates little certainty

Although 19 countries have already taken steps to address cybercrimes, there is limited consensus among nations on which specific crimes require legislation. An island in the networked world is not an island. Addressing cybercrime will be complex unless law enforcement officials can effectively define crimes across jurisdictions.

5. A model approach is needed

A lot of nations, especially those in developing countries, are eager to adopt a model. The need to promptly outlaw computer-related malicious behaviour in order to promote online commerce is widely acknowledged by these countries. The difficulty of adapting criminal statutes from land to cyberspace is a rare issue with limited legal and technical resources available. By collaborating with the private sector to create a model approach, we can eliminate the potential for unintended cybercrime refuges.

Recommendations

The weak state of global legal protections against cybercrime suggests three kinds of action.

1. Firms should secure their networked information

Property rights laws only operate if property owners take appropriate measures to safeguard their ownership. What is the purpose of this? A commentator suggests that if homeowners didn’t buy front door locks, should towns enforce more laws or deploy more police forces? Firms that rely on the network must ensure the security of their information and systems, even in areas where laws are inadequate. When law becomes enforceable in several months or even years, this duty is of greater importance than ever in most countries.

2. Government Responsibility in Cybercrime Legislation

National governments still hold significant power to regulate criminal activities in most parts of the globe. After facing unique challenges in cybercrime, one nation has fought back and ultimately enhanced its legal standing. Other nations must take heed of this warning and evaluate their existing laws to ensure they are not technologically biased and prevent the possibility of cybercrime. Immediate legislative review is required. Many nations will conclude that current laws require updating.

3. Firms, governments, and civil society should work together to improve and strengthen cybersecurity laws and regulations

Every jurisdiction requires an act to be a crime for the purpose of prosecuting someone across borders. It is important to uphold local legal traditions, but it is equally important for countries to define cyber crimes. An important undertaking is being undertaken at the Council of Europe to develop a model approach. The Council is preparing an international agreement on cybercrime. The Convention covers Illegal Access, Illicit Interception (deception), Data Interference, System Interference (“unauthorised access”, “counterfeit”) interference, Computer-related Forgery and Computer Fraud, and Assistance in these crimes. Additionally, it deals with investigations concerning jurisdictional matters and extradition issues, interception of communications, and data preservation and production. It also fosters cooperation between police forces across borders.

In the latter stages of its work, the Council started taking into account the opinions of industry and civil society that were affected. This process is making the Council’s product more practical, efficient and respectful for individual rights. Additionally, it is promoting equal rights and guarantees. At present, most experts are in favour of legislation that would enhance international cooperation in policing. According to the World Information Technology and Services Alliance, the industry contends that implementing the Draft Convention’s requirements for service providers to monitor communications and assist investigators would be excessively expensive and burdensome. A provision that is not acceptable may make it unlawful to design and operate intrusive software or hacking programmes for legitimate security testing purposes. This move could obstruct the technological advancements necessary to keep up with evolving cyber threats.

Types of Cyber Crimes

• Theft of Telecommunications Services
• Communications in Furtherance of Criminal Conspiracies
• Telecommunications Piracy
• Dissemination of Offensive Materials
• Electronic Money Laundering and Tax Evasion
• Electronic Vandalism, Terrorism and Extortion
• Sales and Investment Fraud
• Illegal Interception of Telecommunications
• Electronic Funds Transfer Fraud

Problem Areas

• Telecommunications
• Electronic Vandalism, Terrorism and Extortion
• Stealing Telecommunications Services
• Telecommunications Piracy
• Pornography and Other Offensive Material
• Telemarketing Fraud
• Electronic Fund Transfer Crime

Laws relating to Cybercrime in Pakistan: The Electronic Transactions Ordinance, 2002

Its purpose is to recognise and support electronic Documents, Records, Information, and to provide accreditation for Certification Service Providers.

A paragraph in the Order notes that the learned counsel for the Plaintiff has contended that they cannot enforce the Sales Contract without having signed it. As previously mentioned, the Defendant has proven that an electronic sales agreement was sent to the plaintiff, who then opened a Letter of Credit in compliance with its terms and conditions, including an arbitration clause. According to the Electronics Transactions Ordinance, 2002 (Ordinance LI of 2002), however, the submissions of the learned Advocate for the Plaintiff are not valid. It should be noted that the Qanun-e- Shahadat, 1984 (P.O. 10 of 1984).

According to Paragraph 11 of the Order thereof, it is no longer necessary for electronically transmitted documents, such as Commercial / Banking Contracts, to be either manually signed or attested by any witness, in light of new regulations on electronic transactions and financial services.

The Payment Systems and Electronic Fund Transfers Act, 2007

An electronic fund is any money that is transferred through an automated means such as a terminal, ATM, telephone, computer, magnetic medium, or other electronic device. The Act’s purpose is to establish statutory regulations for payment systems and electronic funds. In accordance with the Act, the State Bank of Pakistan has the authority to designate a “Payment System” as outlined in the Act, provided it is in line with public interest principles and must be done by written order. State Bank is capable of revoking the designation of the payment system.

The department also handles payment systems, RTGS, operator arrangements, transfer obligations, transfer documentation, liability claims, and penalties.

The Prevention of Electronic Crimes Act, 2016 (PECA)

The Ordinance is designed to address the issue of Electronic Crimes. To prevent the misuse or confidentiality of electronic systems, networks, and data by providing penalties and a mechanism for investigating, prosecuting, protecting, reporting, dealing with, etc.

This section deals with various types of criminal activity, such as electronic fraud, counterfeiting, and misusing electronic systems and devices. Other topics include computer hacking (such as spam or botched emails), malware infections, cyber stalking/spammers, phishing, conspiracy to commit malicious acts, aiding in the commission of crimes, prosecution for attempted offences, establishment of investigation agencies, prevention through drug testing, money laundering, fraudulent conduct, falsifying information, etc.

The Pakistan Telecommunication (Re-Organisation) Act, 1996

The Act aims to revamp the telecommunication system. By creating the Pakistan Telecommunication Authority, Frequency Allocation Board, National Telecom Corporation, and Pakistan Telecom Employees Trust, regulating the telecommunication industry, shifting T.S. to private companies, etc. were made possible for the system’s re-organisation in Pakistan.

This document specifies the authority, functions and duties of the Pakistan Telecommunication Authority.

The Court’s decision to acknowledge punishable offences under the Pakistan Telecommunication (Re-Organisation) Act, 1996, was dependent on a written complaint submitted by an officer authorised by the Authority or the Board.

The Telegraph Act, 1885

Telegraphs in Pakistan are covered by the Act. A license to operate a telegraph in any part of Pakistan is available to individuals who are authorised by the Federal Government. The telegraph officer and the government are not responsible for any loss or damage caused by failure to receive, transmit, or deliver a message, unless they are negligent in their duties.

The Wireless Telegraphy Act, 1933

The Wireless Telegraphy Act pertains to wireless telegraphy equipment. A license is required to possess wireless telegraph equipment, which is prohibited. The Federal Government can, by general rule or condition, exclude any person (or class thereof) from the operation of this Act.[A]. In addition, it specifies penalties and offences for breaking this Act.

The Anti-Money Laundering Ordinance, 2007

The Ordinance is designed to tackle the issue of money laundering.’ Those who know the property being considered proceeds or aid another person in money laundering are guilty of this crime. Money laundering results in a punishment of one year, but may be extended to ten years depending on the severity of the crime. The offender is also subject to up to five lakh rupees in fines and forfeiture of property involved in the laundering.

SARDAR KHAN & CO deal in the enforcement of various Cyber Crime Laws, including the Anti-Money Laundering Ordinance of 2007. If you have any queries, feel free to contact us.