I wrote most of this content for an assignment. I think its very informative so i thought i would make a post about it on my blog here.

Introduction

Till date government of Pakistan has implemented three legislations and introduced one policy regarding information and cyber security. Legislations define many different crimes and their punishments.

You can read in detail about these legislations and policies by clicking on them.

Electronic Transaction Ordinance (ETO), 2002

This ordinance was passed in 2002 by the president of Pakistan. This was the first cyber related legislation in the country. This ordinance enabled the legal justice system of Pakistan to recognize electronic evidence and provided recognition of electronic signatures. Furthermore, it established a certification council and defined its functions and its members. The certification council deals with website certifications. However, the most important point this bill covers is the electronic offenses.

The bill defines punishments of crimes such as:

  • False information to certification authorities
  • Issuance of false certification
  • Violation of privacy of information
  • Damage to information system

Prevention of Electronic Crimes Ordinance, 2007

This being the second IT related legislation was passed by President of Pakistan in 2007. The purpose of this ordinance is “to make provision for prevention of the electronic crimes” (Goverment of Pakistan, 2007). It covers the following offences:

  • Criminal Access
  • Criminal Data Access
  • Data Damage
  • System Damage
  • Electronic Fraud
  • Electronic Forgery
  • Misuse of Electronic systems and Devices
  • Unauthorized access to code
  • Misuse of Encryption
  • Malicious Code
  • Cyber Stalking
  • Spamming
  • Spoofing
  • Unauthorized interception
  • Cyber Terrorism

The ordinance also describes the prosecution and trail of the offences. It establishes a specialized investigation and prosecution cell within the Federal Investigation Agency (FIA). It also makes ISP’s liable to store traffic data for minimum period of ninety-days. Moreover, forms an Information communication Technologies Tribunal. Prevention of Electronic Crimes Act, 2016 Third IT-related legislation of Pakistan was passed by the parliament in 2016. It follows up on Prevention of Electronic Crimes Ordinance, 2007. This act adds provisions to gain access to data if investigation officers are able to satisfy the court. Also, allows the blocking of unlawful online content. Moreover, the act also adds some new offences and carries some old ones used in the original ordinance. Some new offences it added are as follows:

  • Hate Speech
  • Recruitment, funding and planning of terrorism
  • Unauthorized issuance of SIM cards
  • Tampering of communication equipment
  • Offences against dignity of a natural person
  • Offences against modesty of a natural person and minor
  • Child pornography

National Cyber Security Policy 2021

This policy was drafted as a part of digital Pakistan initiative. It was released in 2021 and its aim is to set a course for better security laws. The vision of the policy is for the country to attain continuously improving digital ecosystem which is secure, robust and ensures confidentiality. The policy reviews the cyber security laws and deems them to be ineffective at protecting citizens of Pakistan for online crimes. It then continues on to describe the challenges and risks faced by Pakistan.

This policy is set out to ensure national level corporation between various different government agencies. To improve security of all IT products and create awareness in the country. Furthermore, it aims to train more cyber security professionals. It sets out various principles which must be followed. It then goes on to establish a new committee known as the Cyber Governance Policy Committee and provides an institutional structure for implementation of the policy.

It also lists some actions the stakeholders to should take to ensure active defense. Mandates protection of national critical infrastructure and government information systems. Furthermore, it sets out an information security assurance framework.

Conclusion

Pakistan as a country seems to be always 10 to 15 years behind the latest trends. Unfortunatly, this is also the case in the cyber security domain. ThinkTanks of pakistan must focus on these latest trends. Then only Pakistan as a nation can move forwards.