ISLAMABAD:
A parliamentary panel on Tuesday unanimously approved amendments to the Prevention of Electronic Crimes Act (PECA) based on proposals submitted by the Pakistan Telecommunication Authority (PTA) and the National Cyber Crime Investigation Agency (NCCIA).
The Senate Standing Committee on Interior meeting also saw alarming revelations about identity theft, data breaches and weaknesses in Pakistan’s passport and registration systems.
The committee, which met under the chairmanship of Senator Faisal Saleem, was told that a fraudster had traveled to India in 2023 misusing the identity and passport details of a Pakistani lawyer.
Raising the issue, Senator Afnanullah Khan informed the committee that the identity of a consultant associated with the Attorney General’s Office had been misused, with a forged passport allegedly allowing a fraudster to travel to India.
“Here is the affected lawyer, you can ask him,” said the senator.
The victim told the committee that an unknown individual had used her identity and passport details to travel to India, adding that the incident had caused her serious difficulties.
He said he was forced to take his parents to the National Database and Registration Authority to prove his Pakistani citizenship.
In addition, he told the committee that he has dual nationality, uses a British passport to travel and has been waiting for more than a year to meet the director general of passports.
The director general of passports told the committee that NADRA had shared multiple cases of identity fraud with his department. He said a specific dashboard has now been developed to help detect and prevent fraudulent travel.
Senator Palwasha Khan questioned how identity data was stolen from NADRA and asked how such data breaches occurred. In response, the DG Passports said that citizens often share passport and CNIC details on WhatsApp, which could be a source of data leakage.
Senator Talha Mahmood alleged that NADRA had issued identity cards to Afghan citizens and terrorists. The passport DG acknowledged that the cited case dates back to 2023, but said that both NADRA and the passport department had introduced reforms and technological improvements since then.
Senator Afnanullah Khan further alleged that data belonging to NADRA, banks and Federal Board of Revenue (FBR) was available on the dark web, stating that personal data of any citizen could be purchased for Rs 500. He emphasized that a large-scale data theft was impossible without the involvement of insiders.
It alleged that sensitive personal data of Pakistani citizens, including consolidated records of state institutions, were openly available for sale on the dark web, pointing to possible insider involvement.
Raising the issue, the PML-N senator told the committee that the stolen data appeared to be recent, highly organized and too complete to have been accessed without internal collusion.
“All the data of Pakistani citizens is on the dark web. And it is the most recent data,” the senator said, adding that the information was so refined that “it is possible that we ourselves do not have such well-processed data.”
He claimed that individual records could be obtained for as little as 500 rupees, while data covering the entire population was offered for 70,000 to 80,000 million rupees. “The data worth Rs 70,000 to 80,000 crore is [available] on the dark web,” he said.
Senator Afnanullah warned that the stolen data could be exploited for multiple criminal purposes, including the issuance of fraudulent passports and identity cards. Questioning the repeated breaches, he said: “Why is the data of Pakistanis being stolen again and again?”
‘Internal collusion’
Addressing Director General of Immigration and Passports Mustafa Jamal Qazi, the senator stated that theft on such a scale was impossible without internal assistance. “Without the [involvement of] people within the organization, data theft on such a large scale is not possible. It’s impossible. The data of 240 million people cannot be stolen just like that.”
Committee chairman and PTI senator Faisal Saleem Rahman asked if any formal investigation had been carried out.
DG Qazi responded that an investigation had been carried out and officials had been dismissed as a result.
Senator Rahman also highlighted the importance of safeguarding sensitive data held by law enforcement agencies and asked who would be responsible if such information was compromised.
The regulation of social networks is debated
Minister of State for Home Affairs Talal Chaudhry informed the committee that the government was in the process of establishing a dedicated cybersecurity authority. He suggested that NADRA formally brief Senator Afnanullah Khan on the issue.
In the meeting, the committee members also expressed their dissatisfaction over the absence of the Inspector General of Police of Sindh. The Chairperson asked why the IG was not present and why the committee had not been informed.
Committee member Saifullah Abro highlighted the need to curb the monopoly of police powers and questioned police accountability in incidents like the Gul Plaza fire.
He asked where the police were when a police station constable was shot dead in Sindh and whether the police’s role had been reduced to harassing MPs.
He urged the committee to legislate mechanisms to hold police officers accountable.
Senator Anusha Rehman expressed concern over the lack of clear procedures to remove objectionable content from social media platforms. He asked what action would be taken if the platforms did not comply with the PTA or NCCIA requests.
The NCCIA director-general told the committee that the agency had already approached social media platforms for cooperation.
Minister of State Talal Chaudhry said laws governing social media fell under the mandate of relevant ministries, adding that while terrorists once relied on firearms, they now use social media to exert influence.
He highlighted the need to legally bind social media platforms and service providers.
