Cyber Crime Laws in

Pakistan

GROUP MEMBERS: 2
1. Safi-ur-rehman (roll no: 20i-0659 ) 2. Manahil Faisal (roll no: 20i-0683 )
CL-117 ___CYBER CRIME LAWS IN PAKISTAN.

INTRODUCTION:
Cyber Crime:
“Any activity commissioned via computer, digital devices, and networks used in the cyber realm, and is facilitated
through the internet medium. It can include the distant theft of information belonging to an individual, government, or
corporate sector through criminal tress-passing into unauthorized remote systems around the world. It includes from
stealing millions of rupees from online bank to harassing and stalking cyber users”

Major techniques of cyber crime:-

• Botnets

• Cyber Stalking

• Malicious Software

• Child soliciting and Abuse

• Ransomware

• Theft

• Identity Theft

• Hacking

• Social Engineering

• DDoS attacks

• Spamming

• Publishing Derogatory Materials

• E-Money Laundering and Taxation

Types of cyber criminals:-

There are seven major types of cybercriminals as mentioned by Batke (2011) described below:

• Script kiddies

• Phishers

• Scammers

• Political/religious/commercial groups

• Insiders

1
CL-117 ___CYBER CRIME LAWS IN PAKISTAN.

• Hacker groups

• Advanced Persistent Threat Agents

BACKGROUND:
History of cyber crime:-
The term cybercrime was not a word at all. The term originated in the 1960, when it was used to describe operations in
the train model. The programmers wanted to discover the way to change certain functions without re-engineering the
entire device.

The programmers worked a lot with curiosity and changed computer codes that were used in early computers.
Some of their hacks become so resourceful that they became long-lasting such as original product (UNIX OPERATING
SYSTEM). To the public, a name “HACK” was proposed which was known as clever way to fix a problem with a
product, or an easy way to improve its function.

When did cybercrime begin?

Hacking was evident in 1970s when an association targeted early computerized phone system. The people were
called “phrishers” who discovered the correct codes and tones that would result in free long distance service.
They found garbage values, detect secret information, performed thousands of experiments on it in order
to learn how to damage the system and steal long-distance time.

Actually there was no real cybercrime till 1980s.The first person to be found guilty of cybercrime
was IAN MURPHY, also known as Captain Zap in the year 1981. He hacked the American telephone
company so that callers can phone for free even at the peak times.

Types of hackers:

Cybercrime first targeted to web shops, banks and even the indivisuals by copying their log-in codes,
names, passwords, credit cards numbers and bank account numbers. Gradually hackers were increased
and were classified into three types:

I. Hackers who want to steal money.

II. Hackers who want to make a public message. This happens, for example, by hacking a bank, only to prove that
there are errors and leaks in the security system of that bank.
III. Hackers who are hacking and infiltrating systems for fun.

This innovative type of crime was at first difficult issue for enforcing the law. This was because
of lack of legislation, shortage of enquiry committee and inspectors skilled in the technology (hacking).
It was obvious that computer were open for criminal activity and complex communications were easy to
access for the consumer. In short more cybercrime opportunities were available.

2
CL-117 ___CYBER CRIME LAWS IN PAKISTAN.

Regional organizations International and regional organizations have developed conventions, agreements, or guidelines
after 2000 as follows:

1. The Council of Europe Convention on Cybercrime (2001);

2. The Shanghai Cooperation Organization (SCO) -The Shanghai Convention on Combatting Terrorism, Separatism
and Extremism (2001);

The Council of Europe Convention on Cybercrime:

The Council of Europe Convention on Cybercrime was adopted on November 8, 2001, and was
opened for signatures at a Conference in Budapest, Hungary, on November 23, 2001. This Convention was a
combat against cybercrime, and entered into force on July 1, 2004. The Council of Europe Convention on
Cybercrime of 2001 is ratified by 48 States, and signed but not followed by ratification of 6 States (March 2016).
Russia has not signed or ratified the Convention.

The Shanghai Cooperation Organization

The Shanghai Cooperation Organization (SCO)4 adopted a “Convention on Combating Terrorism,

Separatism and Extremism” on June 15, 2001, and the convention entered into force on March 29, 2003. An
agreement was also made on: “Cooperation in the Field of Information Security” in 2008. A Statement from
leaders of SCO member States in 2012 included as follows:

“The SCO will stand firm to fight against terrorism, separatism and
extremism, as well as international cyber-crime”
The SCO 2013 Summit Bishkek Declaration reaffirms in fighting international terrorism, separatism, extremism
and organized cross-border crimes. SCO has 6 member States:

1. The People’s Republic of China

2. Russia
3. Kazakhstan
4. Kyrgyzstan,
5. Tajikistan
6. Uzbekistan.

The United Nations Office on Drugs and Crime (UNODC)

The United Nations Office on Drugs and Crime (UNODC) is the organizer of the United Nations Congresses on
Crime Prevention and the Treatment of Offenders. From the 11th Congress in Bangkok in 2005, it was titled
United Nations Congress on Crime Prevention and Criminal Justice. A proposal for an International Court for
Cyberspace was for the first time recommended at this Congress in 2005

3
CL-117 ___CYBER CRIME LAWS IN PAKISTAN.

Cyber laws in Pakistan:

 “The Telegraph Act, 1885”

 “The Wireless Telegraph Act, 1933”
 “The Electronic Transaction (Re-organization) Act, 1996”
 “Electronic Transaction Ordinance 2002”
 “The Payment Systems and Electronic Fund Transfers Act, 2007”
 “Prevention of Electronic Crimes Ordinance, Pakistan 2007”
 “Prevention of Electronic Crimes Ordinance, Pakistan 2008”

Application Areas of Cyber Laws:

a. E-commerce is conducting business online, including buying and selling products with credit card or
digital cash, by transfer of data between different companies using networks, such as the Internet.
b. Virtual shops and contract points on the Internet may enable storage close to the production site, and
distribution can be made directly to the consumer
c. Trade and business communications through electronic means
d. In banking ( Inter-bank payment systems, Consumer Electronic Banking, Digital Cash, Dematerialization
Confidentiality, Data Protection and Evidence and security)

4
CL-117 ___CYBER CRIME LAWS IN PAKISTAN.

e.

Law acts:
1993 act:
Power of Federal Government to make rules:-

1) The Federal government may make rules for the purpose of carrying into effect the provisions of this act.
2) In general to foregoing power, in particular and without prejudice leads to:
a) Determining that any article would not be wireless telegraphy apparatus for the purpose of this act.
b) The exemption of persons under section 4 from the provision of this act
c) The manner of and the conditions governing the issue, renewal, suspension and cancellation of licenses, the
form of licenses and the payments to be made for the issue and renewal of licenses
d) The maintenance of records containing details of the acquisition and disposal by sale
e) The conditions governing the sale of wireless telegraphy apparatus by dealers in and manufacturers of such
apparatus

5
CL-117 ___CYBER CRIME LAWS IN PAKISTAN.

3) In making a rule under this section the Federal Government may be punishable with fine which may extend to one
hundred rupees.

1996 act:
(1) The Authority should practise all powers and enable it to people to effectively perform its functions specified in
section 4.
(2) In particular, and without prejudice to the generality of the foregoing power, the Authority shall
a) grant and renew licenses for any telecommunication system on payment of such fees as it may differ from time
to time
b) monitor and enforce licenses receive applications for the use of radio frequency spectrum to grant of licenses
under clause refer such applications to the Board for assignment of spectrum within thirty days
c) modify licenses in accordance with section 21 of section 22
d) establish or modify accounting procedure for licenses in accordance with sections 25 and 26
e) regulate the transfer of licenses
f) prescribe standards for telecommunication equipment and certify each equipment with prescribed standards
g) provide guidelines for, and determine, the terms of interconnection arrangements between licensees where the
parties to those arrangements are unable to agree upon such terms
h) carry out inspections of telecommunication equipment and any premises owned or occupied by the licensees
and summon any person for investigation and an enquiry
i) appoint an Administrator in circumstances provided in section 23
j) develop national telecommunication numbering plans
k) collect information of telecommunications within and outside Pakistan and review their impact
l) enter into contract
m) acquire, lease, dispose of, exchange, vest or otherwise deal with any moveable or immovable property or any
interest
n) issue regulations for exercising its powers and performance of its functions
o) levy fee and other charges at such rates may be fixed which may differ from time to time
p) regulate the allocation of revenues from interconnecting licenses that handle international telephony service
and between any such licensee in international telephony service
q) If it considers appropriate to do so, undertake an auction on such terms and conditions or make other open
transparent competitive process to determine eligibility for licensing the Boards allocated or Assigned.

2002 act:

1.Legal recognition of electronic forms:-

No document, record, information, communication or transaction shall be denied legal recognition,
admissibility, effect, validity, proof or enforceability on the ground that it is in electronic form and has not
been attested by any witness.

6
CL-117 ___CYBER CRIME LAWS IN PAKISTAN.

2.Requirement for writing:-

The requirement under any law for any document, communication or transaction to be in written form shall be
satisfied where the document, record, information, communication or transaction is in electronic form, if the
same is accessible so as to be usable for subsequent reference.

3. Requirement for original form:-

(1) The requirement under any law for any document, communication or transaction to be presented or retained in its
original form shall be considered satisfied by presenting or retaining the same if:

(a) there exists a reliable assurance to the integrity when first generated in its final form

(b) it is required that the presentation thereof is capable of being displayed in a legible form.

(2) For the purposes of clause

(a) under sub-section (1) and the criterion for assessing the integrity of the document

(b) the standard for reliability of the assurance shall be assessed having regard to the purpose for which the
document transaction was generated and all other relevant circumstances.

4. Requirement for retention :-

The requirement under any law that certain document, record, information, communication or transaction
be retained shall be deemed satisfied by retaining it in electronic form if :

(a) the contents of the document, record, information, communication or transaction remain accessible so as to be
usable for subsequent reference

(b) the contents and form of the document, record, information, communication or transaction are as originally
generated, sent or received, or can be demonstrated to represent accurately the contents and form in which it was
originally generated, sent or received

(c) such document, record, information, communication or transaction, if any, as enables the identification of the origin
and destination of document, record, information, communication or transaction and the date and time when it was
generated, sent or received, is retained.

5. Legal recognition of electronic signatures :-

The requirement under any law for affixation of signatures shall be deemed satisfied where electronic
signatures or advanced electronic signature are applied.

6. Proof of electronic signature :-

An electronic signature may be proved in any manner, in order to verify that the electronic document is of the
person that has executed it with the intention and for the purpose of verifying its authenticity or integrity or
both.

7
CL-117 ___CYBER CRIME LAWS IN PAKISTAN.

2007 act:
(The Payment Systems and Electronic Fund Transfers Act)
Powers of the State Bank :-
(1) The State Bank in respect of this Act, or any particular provision of this Act, payment systems, the conduct of the
Service Providers, Operators of Payment Systems issue such rules, guidelines, circulars, bye-laws, standards or
directions as it may consider appropriate.

(2) The State Bank may, by written notice, require an operator of a Designated Payment System to make modifications to
–

I. the Designated Payment System or Designated Payment Instrument including governance arrangements
II. operational arrangements
III. documents and information submitted by operator of a Payment System or issuer of Payment Instruments
IV. any other documents relating to the Designated Payment System or Designated Payment Instrument.

2009 act:
1. Criminal access:‐
 Whoever intentionally gains unauthorized access to the whole or any part of an electronic system or electronic device
with or without infringing security measures, will be punished with imprisonment of either description for a term
which may extend to two years, or with fine not exceeding three hundred thousand rupees, or with both.   

2. Criminal data access:‐ 

Whoever intentionally causes any electronic system or electronic device to perform any function for the purpose of
gaining unauthorized access to any data held in any electronic system or electronic device or on obtaining such
unauthorized access shall be punished with imprisonment of either description for a term which may extend to three
years, or with fine or with both.   

3.   Data damage.‐

Whoever with intent to illegal gain or cause harm to the public, damages any data shall be punished with
imprisonment which may extend to three years, or with fine, or with both

  4.  System damage.‐

Whoever with intent to cause damage to the public or any person interferes with or interrupts or obstructs the
functioning, reliability or usefulness of an system or electronic device by inputting, transmitting, damaging, deleting,
altering, tempering, deteriorating or suppressing any data or services or halting electronic system or choking the
networks shall be punished with imprisonment of either description for a term which may extend to three years, or
with fine or, with both:   

8
CL-117 ___CYBER CRIME LAWS IN PAKISTAN.

  5.   Electronic fraud.‐

 Whoever for wrongful gain interferes with or uses any data, electronic system or electronic device or induces any
person to enter into a relationship or with intent to deceive any person, which act or omission is likely to cause
damage or harm to that person or any other person shall be punished with imprisonment of either description for a
term which may extend to seven years, or with fine, or with both.   

2016 act:
1: Unauthorized access to information system or data:-
Whoever with dishonest intention has unauthorized access to any data of a system shall be punished with
imprisonment for a term which may extend to three months or with fine which may extend to fifty thousand rupees
or both.
2. Unauthorized copying or transmission of data :-
Whoever with dishonest intention and without authorization copies to be transmitted any data shall be punished
with imprisonment for six months or with fine which may extend to one hundred thousand rupees or with both.
3. Interference with information system or data :-
A person with dishonest intention interferes with or damages any part or whole of information will be punished
with imprisonment which may extend to two years or with fine which may of five hundred thousand rupees or with
both.
4. Unauthorized access to critical infrastructure information system or data :-
If a dishonest intention man gains unauthorized access, copies or otherwise access to any critical infrastructure
information shall be punished with imprisonment to five years or with fine which may extend to one million rupees
or with both.
5. Interference with critical infrastructure information system or data :-
Whoever with dishonest intention interferes with or damages, or causes to be interfered with or damaged, any
part or whole of a critical information system, or data , shall be punished with imprisonment which may extend to
seven years or with fine which may extend to ten million rupees or with both.

9
CL-117 ___CYBER CRIME LAWS IN PAKISTAN.

Crimes and penalities:

The crimes and penalities adjusted by Government of Pakistan are as follows:

10
CL-117 ___CYBER CRIME LAWS IN PAKISTAN.

Conclusion:
Cybercrimes are silently present and pose a threat to the developed and developing countries.

Norms, rules, and standards and basic fundamental laws made in a Pakistan may avoid fragmentation and diversity at the
international regional level as well as in country and be a global framework on cybersecurity and cybercrime and a
contribution for peace, security and justice in cyberspace.

Laws made against cybercrime will be a major step toward building trust, safeguarding information infrastructure, and
promoting an open information society at the global level.

11
CL-117 ___CYBER CRIME LAWS IN PAKISTAN.

12