Surprise Shift: Analyzing the Motives Behind Replacing the FIA's Cybercrime Wing

In a captivating development that has sent ripples across the justice and cyber regulatory landscape of Pakistan, the Federal Investigation Agency’s (FIA) cybercrime wing was unexpectedly
replaced by the newly established National Cyber Crimes Investigation Agency (NCCIA) [1][2]. This surprise shift, undertaken without substantial dialogue with key stakeholders, prompts us to
delve into the motives, raising critical concerns about the potential for increased emergency measures in surveillance, privacy intrusions, and the broader implications for digital rights [1].

The establishment of the NCCIA comes in the wake of a growing graph of online offences and the ostensibly inconceivable dissatisfaction with the performance of the FIA's Cybercrime Wing [2].
As we suddenly find ourselves navigating this altered landscape, the article aims to investigate the broader context of this change, focusing on the mandate and scope of the NCCIA, the
criticisms it faces, and its possible impact on crime investigation and justice in the digital age in Pakistan [1][2].

Background on Cybercrime Management in Pakistan

Evolution and Legislative Framework

1. Initial Absence of Legislation: Before the enactment of the Prevention of Electronic Crimes Act (PECA) in 2016, Pakistan had no specific legislation addressing the complexities of
cybercrimes, leaving a significant gap in legal recourse for such offenses [6].
2. Introduction of PECA 2016: PECA was established to provide a foundational legal framework to combat various cybercrime offenses effectively. This act marked a pivotal shift in the
legal landscape, defining and penalizing cyber offenses clearly [3][6].
3. Establishment of Cybercrime Wings: Following PECA, the Cyber Crime Wing (CCW) was created to enforce the new laws, focusing on severe cyber offenses, including online violence
against children, with stringent penalties for violators [6].

Regulatory and Response Enhancements

1. National Cybersecurity Policy 2021: Aimed at strengthening data governance and protection, this policy was a significant step towards enhancing cybersecurity measures across the
nation [3].
2. National Cyber Crime Policy 2021: This comprehensive framework was designed to foster a robust cybersecurity culture through awareness and education, addressing the urgent need
for an informed public and skilled professionals [5].

Institutional Developments

1. Cyber Patrolling Units: Introduced by the FIA, these units monitor local social media platforms to preemptively identify and mitigate potential cyber threats [3].
2. National Response Center for Cyber Crimes (NR3C): Established to streamline responses to cyber incidents and improve coordination among various stakeholders [4].
3. Telecommunication Authority’s Initiatives: The Pakistan Telecommunication Authority (PTA) has not only set up a Cyber Security Framework but also established the National Telecom
Security Operations Centre (NTSOC) to safeguard critical telecom infrastructures [5].

Challenges and Progress

1. Increasing Cybercrime Rates: Despite legislative and institutional efforts, cybercrime rates have surged, highlighting ongoing challenges such as the need for enhanced technical skills
among law enforcement and comprehensive public awareness programs [7].
2. Low Conviction Rates: The effectiveness of cybercrime management is hindered by low conviction rates, attributed to the lack of technical expertise and a robust legal framework capable
of keeping pace with evolving cyber threats [7].

The Mandate and Scope of NCCIA

Overview of NCCIA's Role and Responsibilities

1. Handling of Offenses Under PECA: The NCCIA is tasked with addressing offenses stipulated by the Prevention of Electronic Crimes Act (PECA). This includes a wide array of
cybercrimes, though the act itself has faced criticism for its potential misuse in curbing dissent [1].
2. Resource Utilization from FIA: There is significant continuity in the transition from the FIA's cybercrime wing to the NCCIA, with the latter inheriting personnel, assets, and ongoing
cases. This raises questions about the new agency's unique objectives compared to its predecessor [1].

Structural and Operational Framework

Leadership and Term: The leadership of the NCCIA is headed by a Director General, appointed for a two-year term, with eligibility for extension based on performance. This position
requires a minimum of 15 years of experience in relevant fields such as cyber technology and digital forensics [11].
Continued Operations of FIA's Wing: Until the NCCIA is fully operational with its appointed heads, the FIA’s cybercrime wing remains active, ensuring no gap in handling cybercrime
[11].
 Transfer of Authority: The authority to tackle cybercrime issues is officially transferred from the FIA to the NCCIA, marking a significant shift in cybercrime governance in Pakistan [12].

International Cooperation and Case Handling

Designated Agency for Cybercrime: The NCCIA not only registers all cybercrime cases but also functions as the primary agency for international cooperation concerning cybercrime,
enhancing Pakistan's ability to collaborate globally on these issues [2].
Operational Offices: The NCCIA is equipped with its own offices, which also serve as police stations for lodging cybercrime complaints, ensuring a specialized approach to cybercrime
investigations [2].

Strategic Goals

Enhancement of Digital Rights: In light of recent political developments and upcoming general elections, the NCCIA is part of a broader strategy to safeguard digital rights and address
online harassment, as stated by Pakistan’s information minister [12].
Rejection of Suppression Allegations: Despite accusations from political entities about rights suppression by the military and government, these have been officially denied, positioning
the NCCIA as a neutral body aimed at protecting digital spaces without political bias [16].

Concerns and Criticisms Faced

Overlapping Responsibilities and Bureaucratic Inefficiencies

1. Duplication of Efforts: The creation of the NCCIA may lead to redundancy in duties that were previously managed by the FIA, potentially causing bureaucratic inefficiencies and overlap
of responsibilities [17][9].
2. Legislative Clarity Needed: There is a pressing need for clear legislative frameworks to define the distinct roles and prevent duplication of efforts as NCCIA begins its operations [17].

Privacy and Surveillance Concerns

1. Balancing Security with Privacy: While expanding cybersecurity efforts is crucial, it is equally important to ensure the protection of citizens' privacy rights. The establishment of NCCIA
raises concerns regarding the adequacy of oversight mechanisms to prevent overreach [17].
2. Potential for Increased Surveillance: The broad and somewhat unclear mandate of the NCCIA could lead to enhanced surveillance measures and data collection, infringing on personal
liberties [1].

Stakeholder Engagement and Regulatory Environment

1. Lack of Dialogue: The absence of meaningful engagement with digital rights groups, the IT sector, or the public prior to the establishment of NCCIA has led to apprehensions about the
future of internet governance [1].
2. Need for Inclusive Planning: Engaging experts in digital rights, cybersecurity, legal, and public domains is crucial to ensure that NCCIA's operations are balanced, effective, and
respectful of rights [1].

Legal and Operational Challenges

1. Controversial Legal Provisions: The provisions of the Prevention of Electronic Crimes Act (PECA) have been criticized for potentially curbing freedom of speech and suppressing dissent,
which could be exacerbated by the new agency's operations [10].
2. Inefficiencies in Cybercrime Handling: The High Court of Sindh's order highlighted significant shortcomings in the FIA’s Cybercrime Wing, including a lack of expertise and inadequate
investigation procedures, which raises concerns about the preparedness of NCCIA to take over these responsibilities effectively [20].

The Implications for Digital Rights and Privacy

Advocacy and Judicial Training

1. Role of Civil Society: Organizations like Digital Rights Foundation and Bolo Bhi are at the forefront of advocating for internet freedom and digital literacy in Pakistan, emphasizing the
importance of protecting digital rights and privacy [19].
2. Judicial Enhancements: There is a critical need for judicial independence and specialized training for judges on digital issues to ensure they are well-versed in the complexities of digital
rights [19].

Government Engagement and Public Awareness

Inclusive Policy Making: The government is urged to collaborate closely with civil society groups to draft regulations that protect digital rights, ensuring policies are comprehensive and
inclusive [19].
Educational Campaigns: Launching extensive public awareness campaigns is essential to inform citizens about their digital rights and the significance of maintaining online privacy and
security [19].

International Collaboration and Cybersecurity

Global Cooperation: Pakistan must actively participate in international forums to develop and adhere to global best practices concerning digital rights and cybersecurity [19].
Balancing Act: While expanding cybersecurity measures, it is crucial to ensure these do not infringe on privacy rights, necessitating robust oversight mechanisms [9].

Oversight and Privacy Concerns

Agency Oversight: The establishment of bodies like the NCCIA should be accompanied by stringent checks and balances to prevent overreach and protect against privacy violations [9].

International Perspective and Cooperation

International Perspective and Cooperation

Global Frameworks and Treaties

1. The Budapest Treaty: Recognized as the most effective international legal framework, the Budapest Treaty encourages global cooperation to combat cybercrimes [21].
2. UN Involvement: The United Nations, through its various bodies like the UNODC, plays a crucial role in addressing cybercrime on a global scale [21][22].

Collaborative Efforts with International Entities

UNODC and Pakistan Partnership: This collaboration has led to the creation of the Customized Practical Guide for Pakistan, which aids in managing electronic evidence in terrorism-
related cases [22].
Guide's Utility: The guide provides essential tools for law enforcement and justice officials, focusing on the preservation and disclosure of electronic evidence, along with guidelines on
Mutual Legal Assistance (MLA) [22].

Challenges in Cybercrime Management

Investigative Hurdles: Officials in Pakistan face numerous challenges such as evidence analysis, legal complexities, and maintaining the digital chain of custody [23].
International Jurisdiction Issues: The volatility of digital evidence and the necessity to navigate multiple international jurisdictions pose significant challenges [23].

Historical Context of Digital Forensics

Evolution of Digital Forensics: From Hans Gross's pioneering scientific studies in the late 19th century to the establishment of sophisticated practices like the FBI's Regional Computer
Forensic Laboratory, digital forensics has evolved significantly [23].
Legal and Technological Milestones: Key developments include the Florida Computer Crime Act recognizing computer crimes and the formulation of the Prevention of Electronic
Crimes Act in Pakistan [23].

These elements underscore the multifaceted approach required to address cybercrime effectively, emphasizing the need for international cooperation and robust legal frameworks.

Conclusion
The transition from the Federal Investigation Agency's Cybercrime Wing to the National Cyber Crimes Investigation Agency marks a pivotal moment for Pakistan's approach to cybercrime,
reflecting an evolving legal and regulatory landscape aimed at addressing the increasing complexities of cyber offenses. This shift, while sudden, underscores the growing recognition of the
urgent need to enhance the country's digital security framework, amidst concerns of surveillance and privacy rights. The establishment of the NCCIA, inheriting the resources and
responsibilities from its predecessor, signifies a strategic move towards bolstering Pakistan's capabilities in combating cyber threats, albeit with clear challenges relating to privacy,
surveillance, and stakeholder engagement.
As we move forward, the implications of this restructuring for digital rights and privacy in Pakistan remain a critical area of focus. The conversation surrounding the NCCIA’s role, its impact on
cybercrime management, and the balance between security measures and individual privacy rights invites further examination and dialogue among policymakers, digital rights advocates, and
the broader public. Ensuring that this new agency operates within a framework that respects digital freedoms while effectively countering cyber threats is paramount. The journey towards
refining Pakistan's cybercrime strategy is ongoing, with the promise of enhancing digital security and fostering a safer online environment for its citizens.

FAQs
What drives individuals to commit cybercrime?

Cybercrime can be driven by a variety of motives. Young offenders may be influenced by the desire for recognition from their peers, while organized cybercrime groups typically aim for
financial gain. Cybercriminals often look to take advantage of human or security weaknesses to steal passwords, data, or money.

What are the main types of cybercrime and their associated motives?

Cybercrime can take several forms, each with its own set of potential motives. Common types include:

Phishing, which involves using fake emails to obtain personal information from internet users.
Identity theft, which is the misuse of personal information.
Hacking, which includes unauthorized access or disruption of websites and computer networks.
Spreading hate and inciting terrorism.
Distributing child pornography.

What motivates bad actors to target the integrity of systems and resources?

Bad actors may target systems and resources for various reasons, including:

Financial gain through activities like hacking and ransomware attacks.

Espionage to gather confidential information.
Hacktivism, which is hacking for politically or socially motivated purposes.
Sabotage and disruption to damage operations or reputation.
Personal vendettas against individuals or organizations.
Ransom demands in exchange for restoring access to systems.
Political discord to influence or destabilize situations.
Competitive advantage by stealing trade secrets.

What factors contribute to the rise in cybercrime?

The increase in cybercrime can be attributed to multiple factors, such as:

The desire for monetary gain through illegal online activities like hacking, phishing, or ransomware attacks.
The rapid advancement of technology, which opens new avenues for cybercriminals to exploit system vulnerabilities.

References
[1] - https://www.dawn.com/news/amp/1831581
[2] - https://tribune.com.pk/story/2465121/fia-cybercrime-wing-rendered-defunct
[3] - https://www.trade.gov/country-commercial-guides/pakistan-cybersecurity
[4] - https://www.jstor.org/stable/48544285
[5] - https://www.ibanet.org/Developing-cybersecurity-framework-in-Pakistan
[6] - https://www.researchgate.net/publication/343447832_Cybercrime_and_Pakistan
[7] - https://www.usenix.org/system/files/soups2023-ashraf.pdf
[8] - https://www.researchgate.net/publication/374875567_CYBER_CRIME_PAKISTANI_PERSPECTIVE
[9] - https://www.fia.gov.pk/files/publications/860464251.pdf
[10] - https://www.arabnews.pk/node/2504136/pakistan
[11] - https://www.arabnews.com/node/2504136/pakistan
[12] - https://www.dawn.com/news/1801269
[13] - https://www.lamedicaid.com/provweb1/Recent_Policy/CMS_Mandate.pdf
[14] - https://www.lamedicaid.com/provweb1/Recent_Policy/Special_Notice.pdf
[15] - https://www.cms.gov/marketplace/about/oversight/other-insurance-protections/consolidated-appropriations-act-2021-caa
[16] - https://www.arabnews.com/node/2425251/pakistan
[17] - https://www.dawn.com/news/1831378
[18] - https://digitalrightsfoundation.pk/pakistan-6-point-agenda-on-digital-rights-protections-for-political-parties-electoral-manifestos/
[19] - https://www.populismstudies.org/digital-authoritarianism-and-activism-for-digital-rights-in-pakistan/
[20] - https://www.linkedin.com/pulse/examining-high-courts-verdict-inefficiency-fias-division-thanvi-qyoyf
[21] - https://www.researchgate.net/publication/365277420_NEED_OF_INTERNATIONAL_LEGISLATION_REGARDING_CYBER_CRIMES_PAKISTAN_PERSPECTIVE
[22] - https://www.unodc.org/unodc/en/frontpage/2022/January/unodc-and-pakistan-collaborate-to-handle-electronic-evidence-in-terrorism-related-cases.html
[23] - https://www.linkedin.com/pulse/challenges-cybercrime-reporting-investigation-dr-majid-latif-bhatti