During a briefing before the Senate Standing Committee on Information Technology and Telecommunciation in August, the Director of FIA’s National Response Centre for Cyber Crimes (FIA-NR3C) lamented about the absence of a Mutual Legal Assistance Treaty (MLAT) through which cyber crime investigators could access data in the US.

Social media and Over-The-Top (OTT) platforms hosted in the US such as Facebook, Twitter, WhatsApp and Instagram are very popular in Pakistan, which hosts a sizable youth population. Accessing technical details from back-channels through coordination with concerned counterparts in the US, such as the Federal Bureau of Investigation (FBI), remains a distant dream unless an authorised inter-country legal framework is put in place. Just recently, the Ministry of Information Technology & Telecommunication (MoITT) has also pressed the Ministry of Interior to finalise deliberations upon an MLAT with the US.

Though it appears that federal government authorities are finally according some seriousness toward cyber coordination on the external front, mere discussions alone will not yield anything fruitful. Systemic reforms and high-level policy planning are necessary before any resourceful headway can be made.

Legislation & Policymaking

Existing laws such as PECA-2016 are inadequate, ill-defined and insufficient to process all major types of cyber crime. Additionally, no political regime including PTI has so far promulgated any National Cyber Security Strategy to provide an overarching framework for deliberations at the national level among all concerned cyber stakeholders. Unless adequate laws exist, developed countries will hesitate in forging memorandums of understanding with Pakistan. It is the need of time to pass a Cyberspace or Cyber Security Strategy and revise PECA.

Transparency

It is a standard practice in developed countries such as the US to publish annual reports and awareness material related to their mandate, functions and performance output. The FBI’s Internet Crime Complaint Centre (FBI-IC3) regularly updates users about developing crimes, assuring the public about their own sense of responsibility, and also releases Annual Reports so that public confidence is retained. Whereas FIA-NR3C has never published a single Annual Report ever, it is regrettable that the Ministry of Interior last published its Performance Report in 2015. Furthermore, Pakistan’s government is routinely accused of censoring free speech and putting curbs on social media which cannot bode well with prospective foreign partners. The Ministry of Interior will first have to update and publish its previous and current performance reports in conjunction with all subordinate organs, including FIA-NR3C.

Diplomacy

Pakistan has an abysmal track record in discussions relating to cyberspace at the regional as well as international levels. Whether it is the SCO or UN Group of Governmental Experts, meaningful gains have not been achieved to interact with influential countries and seek support for greater leverage when it comes to acting against cyber crime perpetrators based overseas. As a consequence, most of the crime ringleaders based in the US, Europe or Asia remain untouched. MoITT pointed our rightly that Pakistan should consider signing the Budapest Convention on Cyber Crime

Overlapping Mandates

Online content blockage requests in Pakistan are processed by PTA whereas cyber crime cases are handled by FIA. This parallel and disjointed effort between two different government bodies (IT & Telecom and Interior ministries) not only creates hurdles in case prosecution but also creates problems during coordination with foreign partners; ideally, Islamabad should have a single point of contact on cyber crime matters handled by FIA-NR3C alone (unless, of course, a dedicated national cyber agency at federal level is setup as sanctioned through PECA). In neighbouring India, an Indian Cyber Crime Coordination Centre (IC4) similar to FBI’s IC3 operates under the Home Ministry and exclusively handles all cyber crime issues. It is also mandated to formulate MLATs as and when required. In Pakistan, however, turf wars between MoITT and Ministry of Interior will not even spare inter-ministerial delays. Since objectionable content also comes under the broad scope of cyber crime, this mandate should preferably be shifted to FIA-NR3C.

Resource Allocation

In his briefing to the Senate Committee, Director FIA-NR3C revealed that only 15 cyber crime investigators are available across Pakistan to handle an average of 14,000 cases per annum (42,447 cases registered since the enactment of PECA-2016). These statistics present a disturbing picture about the lack of seriousness accorded by both the previous PML-N regime and incumbent PTI regime in allocating qualified and skilled human resources for processing quantum of cases increasing every day. It is the need of time to induct a minimum of 300 qualified male and female cyber crime investigators across the country.

Training

Presently, officers in FIA-NR3C (Assistant Director, Deputy Director rank) are recruited through public advertisements on the basis of their technical expertise. They are not, however, give the necessary international exposure through training workshops and seminars which can familiarise them with evolving best practices. US Embassy Islamabad organises programmes for Pakistani Customs and FIA personnel in the US but they focus almost entirely on border control issues and nothing related to IT or cyber crime. In contrast, a Framework for the US-India Cyber Relationship has been effective since August 2016 promulgated by Dr Gulshan Rai, the pioneering National Cyber Security Coordinator of India who sits in the PM Office. This strategic level cooperative framework promotes cyber crime training workshops between both countries. This initiative could not have been spearheaded at the ministry or department level.

In an ideal scenario, NR3C should be upgraded and converted to an autonomous organ independent of the FIA but administratively subordinated to Ministry of Interior so that experienced technocrats, not career-hungry PSP officers, can provide overall institutional guidance and policy direction.

Until the existing systems are overhauled at par with acceptable standards, no developed country will give serious consideration to Pakistan’s pleas.