Pakistan

PROVISION OF REAL-TIME LAWFUL INTERCEPTION ASSISTANCE

PAKISTAN TELECOMMUNICATION (Re-Organisation) Act 1996 (“PTRA”)

Under section 54 of PTRA, the federal government of Pakistan may authorise any person to intercept calls or messages, or to trace calls made through any telecommunications system for national security reasons or for the investigation of any crime. The Pakistan Telecommunication Authority (“PTA”) carries out the interceptions as explained in paragraph 1.2 below. Section 54 is generally regarded as providing a very wide scope for the lawful interception of communications under Pakistani law.

Under section 8 of the PTRA the Federal Government may issue legally binding policy directives to the PTA in relation in relation to certain telecommunications matters, including the requirements of national security. Section 8 also grants the Cabinet, or any committee authorised to do so by it, a broadly expressed power to issue policy directives to the PTA, so long as they are not inconsistent with the provisions of the PTRA. The section 8 powers appear to be used to issue directives relating to lawful interception to operators of telecommunications networks and providers of telecommunications services licensed to operate in Pakistan (“Network Operators”).

To give one publicly available example, the PTA made a directive on 21 July 2011 prohibiting the use of all encryption mechanisms which conceal communication to the extent that Network Operators cannot monitor it under the Monitoring and Reconciliation of Telephony Traffic Regulations 2010, the scope of which is set out below.

MONITORING AND RECONCILIATION OF TELEPHONY TRAFFIC REGULATIONS 2010 (“MRTT Regulations”)

Regulation 4 of the MRTT Regulations sets out mandatory obligations on certain categories of Network Operator to establish systems that enable, among other things, the monitoring of all telecommunication traffic (voice and data) passing through their networks. Regulation 4 makes provision for the Network Operators to comply with these obligations by entering into mutual arrangements with other Network Operators to deploy a collective monitoring system, subject to the approval of the PTA.

Regulation 4(6) sets out more specific requirements for these systems, including that they enable the monitoring, measuring, controlling and recording of traffic in real-time, that they maintain a complete record of all communication signals (including for, but not limited to, billing purposes) and that they maintain a complete list of all Pakistani customers and their details. The monitoring systems must be compatible in order that all this information can be provided to the PTA as required.

Regulation 4(7) states that no person, except the PTA, is allowed to monitor any traffic directly or indirectly on their own or another network without the written permission of the PTA.

Under Regulation 5(8), those Network Operators licensed to operate telecommunications infrastructure, to provide long distance and international telephone services, or to operate local loop (fixed and wireless) and cellular mobile services must provide authorised representatives of the PTA access to obtain information, directly through the system, that relates to any traffic routed through their network, as and when required by the PTA.

The MRTT Regulations gives the PTA legal authority to have real-time access to many Network Operators’ networks and services. They do not contain any provisions requiring the PTA to inform the Network Operators that such access has taken place.

FEDERAL INVESTIGATION AGENCY ACT 1974 (“FIAA”)

Under section 5 of FIAA, the Federal Investigation Agency (“FIA”) has the right to carry out investigations for the purposes of detecting or preventing any crimes under a variety of different laws, including but not limited to those under the Official Secrets Act 1923, the Drugs Act 1976, the Anti- Terrorism Act 1997 (to the extent that the federal government of Pakistan has granted the FIA the authority) and the PTRA. These investigations may require the interception of private communications.

INVESTIGATION FOR FAIR TRIAL ACT 2013 (“IFTA”)

Under sections 4-8 of IFTA, certain government agencies may apply to the High Court for a secret warrant permitting the interception or surveillance of any form of digital communication for the purpose of collecting evidence, including the seizure of computing equipment, where the subject of the warrant is suspected of involvement with terrorism-related offences. The agencies in question include the Inter-Services Intelligence, the Intelligence Services of the three branches of the Armed Forces of Pakistan, the Intelligence Bureau and the Police (together the “Intelligence Services”).

The scope of IFTA, therefore, is limited to the investigation of terrorism-related offences identified in various laws specified in IFTA, for example the Anti-Terrorism Act 1997 (“Scheduled Offences”). As such the powers of interception that IFTA grants are more limited than those under the PTRA. However, where an intelligence agency wishes to admit evidence to court in the course of a trial on terrorism-related activities related to the Scheduled Offences, it must have obtained a warrant from the court under IFTA.

Before obtaining the warrant, section 16 of IFTA provides that the Intelligence Service must obtain authorisation from the Minister of the Interior. The procedure for obtaining this authorisation is set out in more detail in paragraph 5.2 below. The court warrant is limited in scope to the activities authorised by the Minister of the Interior. The Minister may authorise the use of any technology for the carrying out of interceptions, and may direct Network Operators to implement any technology required to comply with the warrant.

PREVENTION OF ELECTRONIC CRIMES ACT 2016 (“PECA”)

REAL-TIME COLLECTION AND RECORDING OF INFORMATION

Under section 39 of PECA a duly authorized officer may apply to the Court of competent jurisdiction to collect real time information as well as to collect or record such information in real-time in coordination with the investigation agency. The authorized officer means an officer of the FIA who is duly authorized on behalf of FIA to perform any function of the Investigation Agency, i.e. FIA, under PECA.

The Court may pass orders authorizing the FIA to collect real time information as well as to collect or record such information in real-time in respect of information held by or passing through a service provider provided that the Court has reasonable grounds to believe that the content of any information is reasonably required for the purposes of a specific criminal investigation and the duly authorized officer can:

(a) explain why it is believed that the data sought will be available to the person in control of an information system;

(b) identify and explain with specificity the type of information likely to be found on such information system;

(c) identify and explain with specificity the identified offence made out under PECA in respect of which the warrant is sought;

(d) if authority to seek real-time collection or recording on more than one occasion is needed, explain why and how many further disclosures are needed to achieve the purpose for which the warrant is to be issued;

(e) specify what measures shall be taken to prepare and ensure that the real-time collection or recording is carried out whilst maintaining the privacy of other users, customers and third parties and without the disclosure of information of any person not part of the investigation;

(f) explain why the investigation may be frustrated or seriously prejudiced unless the real time collection or recording is permitted; and

(g) explain why, to achieve the purpose for which the warrant is being applied, real time collection or recording by the person in control of the information system is necessary.

(h) Real-time collection or recording shall not be ordered for a period beyond what is absolutely necessary and in any event for not more than seven days. Further, notwithstanding anything contained in any law to the contrary, the information collected shall be admissible as evidence in Court. Additionally, the period of real-time collection or recording may be extended beyond seven days if, on an application, the Court authorizes an extension for a further specified period. Finally the Court may also require the designated agency to keep confidential the fact of the execution of any power provided for under section 39 and any information relating to it.

DISCLOSURE OF COMMUNICATIONS DATA

MONITORING AND RECONCILIATION OF TELEPHONY TRAFFIC REGULATIONS 2010 (the “MRTT Regulations”), THE FEDERAL INVESTIGATION AGENCY ACT 1974 (“FIAA”) AND THE INVESTIGATION FOR FAIR TRIAL ACT 2013 (“IFTA”)

The provisions of the MRTT Regulations, FIAA and IFTA as set out in paragraphs 1.2 to 1.4 above also apply to the collection and disclosure of communications data.

Under the MRTT Regulations, operators of telecommunications networks and providers of telecommunications services licensed to operate in Pakistan (“Network Operators”) must configure their systems to enable the Pakistan Telecommunications Authority (“PTA”) to carry out certain activities including but not limited to monitoring, controlling, measuring and recording all traffic over the network in real-time, as set out in paragraph 1.2 above.

CODE OF CRIMINAL PROCEDURE 1898, AS AMENDED (“CCrP”)

Under section 94 of CCrP, a court or a police officer in charge of a police station may order the production of ‘any document or other thing’ if they consider that it is necessary or desirable for the purposes of the investigation of a crime (subject to limited exceptions). This means that legal persons in Pakistan can be required to produce a wide range of information, which may include data relating to private communications, to the court or to an officer in charge of a police station, under section 94. Refusal to produce the required information can be punished by a fine or a prison sentence, or both.

PREVENTION OF ELECTRONIC CRIMES ACT 2016 (“PECA”)

Under section 32 of PECA a service provider shall, within its existing or required technical capability, retain its specified traffic data for a minimum period of one year or such period as the Authority may notify from time to time and subject to the production of a warrant issued by the Court provide that data to the investigation agency or the authorized officer whenever so required.

Violation of this section by a telecommunications service provider or network operator shall be deemed to be a violation of the terms and conditions of its licence and shall be treated as a such under the PTRA.

Note that PECA also contains a number of general powers relating to the acquisition, preservation, search or seizure and inspection of data held on information systems as may be reasonably required for the purposes of a criminal investigation or criminal proceedings. These powers are also subject to the authority of the Court.

NATIONAL SECURITY/EMERGENCY POWERS

PAKISTAN TELECOMMUNICATION (RE-ORGANISATION) ACT 1996 (“PTRA”)

As stated in paragraph 1.1 above, section 54 of PTRA grants the federal government of Pakistan the power to authorise any person to intercept any form of private communications on the ground of national security, and so the procedure for interception as set out in that Act applies in cases of national security.

Section 54 (3) of PTRA also provides that, in the event that the President of Pakistan declares a national state of emergency, the federal government has the power to modify all licences granted to operators of telecommunications networks and providers of telecommunications services licensed to operate in Pakistan (“Network Operators”), and the federal government can order the immediate suspension of Network Operators’ networks or any of their individual services. The government has used section 54 to suspend and shut down services, as well as intercept communications, during periods of national emergency.

Under section 54(2) of PTRA, in a time of war or civil unrest, the federal government of Pakistan has priority use of any telecommunications networks.

Under section 8(2)(c) of the PTRA, the federal government may make specific directives to the Pakistan Telecommunication Authority (“PTA”) in relation to the requirements of national security on telecommunications networks.

INVESTIGATION FOR FAIR TRIAL ACT 2013 (“IFTA”)

Sections 4-8 of the IFTA, as described in paragraph 1.4 above, also allows interceptions of communications on grounds of national security since it gives powers for preventing terrorism activities that may fall under the Scheduled Offences.

PREVENTION OF ELECTRONIC CRIMES ACT 2016 (“PECA”)

Under section 49 of PECA the Federal Government may constitute one or more computer emergency response teams to respond to any threat against or attack on any critical infrastructure information systems or critical infrastructure data, or widespread attack on information systems in Pakistan. A computer emergency response team shall respond to a threat or attack without causing any undue hindrance or inconvenience to the use and access of the information system or data as may be prescribed.

CENSORSHIP RELATED POWERS

POWER TO SHUT DOWN NETWORKS OR SERVICE CATEGORIES 

PAKISTAN TELECOMMUNICATION (Re-Organisation) ACT 1996 (“PTRA”) and PAKISTAN TELECOMMUNICATION RULES 2000 (“PTR”)

Under section 21(4)(f) of the PTRA, all licences granted by the Pakistan Telecommunication Authority (“PTA”) to operators of telecommunications networks and providers of telecommunications services (“Network Operators”) may, among other things, contain a provision requiring a Network Operator to terminate a telecommunications service provided to a user who has misused the service and continues to misuse it having been informed of such misuse by the Network Operator.

Under section 9 of the PTR, the PTA may monitor compliance by Network Operators with the terms of their licences and their obligations under the PTRA. Once a written notice has been sent to a Network Operator by the PTA alleging any breach of the terms of its licence, the Network Operator has 30 days to demonstrate that the issue has been resolved. If the alleged contravention remains unresolved the PTA may issue an enforcement order, and if the contravention still persists 30 days after the serving of the order, then the PTA may order the termination of the Network Operator’s licence.

As set out in paragraph 3.1 above, following the declaration of a state of emergency by the President of Pakistan, the federal government can suspend any or all licences of Network Operators. Also, as set out in paragraph 3.1 above, the federal government has used s. 54(2) of PTRA to shut down or suspend telecommunications networks or certain services in a time of war or of civil unrest. At present, this latter power is exercised frequently by the federal government to shut down text messaging and other cellular network services in Pakistan.

BLOCKING OF WEB PAGES AND IP ADDRESSES

Under section 31(d) of PTRA, the dissemination of electronic or digital information which is considered false, indecent or obscene is a criminal offence. However, ‘false’, ‘indecent’ and ‘obscene’ are not specifically defined in PTRA.

INTER-MINISTERIAL COMMITTEE FOR THE EVALUATION OF WEBSITES (“IMCEW”) and PAKISTANI PENAL CODE 1860, as amended (the “Pakistani Penal Code”)

In 2006 the Prime Minister of Pakistan created the IMCEW with a mandate to restrict offensive online content. It consists of representatives from government ministries including the Ministry of the Interior, the PTA, the Cabinet and the security services. Where IMCEW decides that a website or IP address should be blocked, the Pakistani Ministry of Information Technology directs the PTA to perform the blocking.

The term ‘offensive’ is not specifically defined in Pakistani law in relation to online content. In line with the provisions of the Pakistani Penal Code relating to offensive conduct, it seems likely that online content which is deemed to be offensive will include content that offends a wide range of religious beliefs in Pakistan. This includes (but is not limited to), content that injures or defiles places of worship, content including words that deliberately attempt to wound religious feelings or derogatory remarks in respect of holy people, insults to religion that are intended to incite outrage, and misuse of descriptions or titles of religious groups.

PREVENTION OF ELECTRONIC CRIMES ACT 2016 (“PECA”)

Under section 37 of PECA the Authority shall have the power to remove or block or issue directions for removal or blocking of access to any information through any information system if it considers it necessary in the interest of the glory of Islam or the integrity, security or defence of Pakistan or any part thereof, public order, decency or morality, or in relation to contempt of court or commission of or incitement to an offence under PECA.

PROTECTION FROM SPAM, UNSOLICITED, FRAUDULENT AND OBNOXIOUS COMMUNICATIONS REGULATIONS 2009, as amended (“SUFOC Regulations”)

The SUFOC Regulations provide that Network Operators must have procedures in place, approved by the PTA, to minimise spam emails and any unsolicited, fraudulent and obnoxious communications.

Under regulation 5 of the SUFOC Regulations, all Network Operators must maintain blacklists of those who have made fraudulent communications over their network. Once a customer has been involved in sending a fraudulent communication on more than one occasion, they will be banned from subscribing for any cellular mobile services.

Network Operators must also maintain blacklists of telemarketers who have violated their licence to conduct telemarketing activities under regulation 6 of the SUFOC Regulations. Customers on this blacklist will not be permitted to obtain another licence to conduct telemarketing.

Regulation 10 and Annex C of the SUFOC Regulations also provide that Network Operators must make blacklists and greylists of customers who have made obnoxious communications. These are messages transmitted over the network with the intention to cause harassment or distress. Customers on greylists will have their services restricted, while those on a blacklist will be limited to only making emergency calls on their network.

UNAUTHORIZED ISSUANCE OF SIM CARDS ETC.

PREVENTION OF ELECTRONIC CRIMES ACT 2016 (“PECA”)

Under section 17 of PECA states that whoever sells or otherwise provides subscriber identity module (SIM) card, re-usable identification module (R-IUM) or universal integrated circuit card (UICC) or other portable module designed for authenticating users to establish connection with the network and to be used in cellular mobile, wireless phones or other digital devices such as tablets without obtaining and verification of the subscriber’s identity in the mode and manner for the time being approved by the Authority shall be punished with imprisonment for a term which may extend to three years or with fine which may extend to five hundred thousand rupees or with both.

OVERSIGHT OF THE USE OF THESE POWERS

PAKISTAN TELECOMMUNICATION (re-organisation) ACT 1996 (“PTRA”)

Lawful interceptions of private communications under PTRA are not subject to any additional oversight procedures, and nor is there any appeals process for particular individuals who believe that their information has been unfairly collected.

INVESTIGATION FOR FAIR TRIAL ACT 2013 (“IFTA”)

To obtain a warrant under IFTA, sections 6-7 provide that the Inter-Services Intelligence, the Intelligence Services of the three branches of the Armed Forces of Pakistan, the Intelligence Bureau or the Police (an “Intelligence Service”) must make a report to the Federal Minister of the Interior. The minister will then permit the Intelligence Service in question to go before a judge of the High Court of Pakistan if he deems there to be a reasonable threat that a terrorism offence may be committed, and that an interception of communications would provide evidence of this.

The hearing before a judge must take place in chambers and the authorised officer must personally present the application. Under section 10(b) of IFTA, a warrant will only be granted if the judge deems there to be a reasonable threat of a terrorist act about which an interception of communications will provide evidence.

The warrant will allow interception activities to take place for up to 60 days, which is renewable on a further application to the court. The Intelligence Service that has received a warrant then approaches the relevant Network Operator directly and they are legally obliged to implement the interception or maintain the surveillance activity (as applicable). The Network Operator has a general duty of co-operation with the relevant Intelligence Service and must ensure confidentiality in relation to the assistance that it gives in relation to the warrant. Network Operators enjoy immunity from prosecution for their activities under IFTA.

The court warrant may authorise any form of surveillance or interception to take place. Therefore, it is possible that the Intelligence Services would be able to access private communications and related data without notification to the Network Operator. Furthermore, as the court hearing takes place in secret, there is no opportunity for the subject of the interception or surveillance to appeal until the evidence is brought before a court in relation to any crime committed.

CONSTITUTION OF PAKISTAN AND THE FREEDOM OF INFORMATION ORDINANCE 2002 (“FIO”)

Article 19-A of the Constitution of Pakistan states that all citizens must have the right to access information in all matters of public importance, subject to reasonable restrictions imposed by the law.

Under the FIO, no citizen will be denied access to records held by public bodies unless disclosure of that information would, among other things, harm relations between Pakistan and other countries, cause an offence to be committed, prejudice an investigation, invade the privacy of any individual other than the requestor, or cause significant damage to the financial interests of any party.

Under section 8 of the FIO, records relating to or connected with the defences forces or defence installations, or are ancillary to defence and national security, are exempt from the records that citizens may request access to under the FIO.

PREVENTION OF ELECTRONIC CRIMES ACT 2016 (“PECA”)

The Federal Investigation Agency (FIA) has been designated as the Investigation Agency under PECA.

PUBLICATION OF LAWS AND AGGREGATE DATA RELATING TO LAWFUL INTERCEPT AND COMMUNICATIONS DATA REQUESTS

PUBLICATION OF LAWS

CONSTITUTION OF PAKISTAN AND THE FREEDOM OF INFORMATION ORDINANCE 2002 (“FIO”)

As stated in paragraph 5.3 above, all citizens have the right to information held by public authorities that is on the public record, subject to certain restrictions and exemptions. Therefore, unless the information in question falls under one of these restrictions or exemptions, there is no legal authority for the government to prevent the publication of the laws to which operators of telecommunications networks and providers of telecommunications services licensed to operate in Pakistan (“Network Operators”) are subject.

PUBLICATION OF AGGREGATE DATA

OFFICIAL SECRETS ACT 1923 (the “OSA”)

Under section 5 of the OSA, it is an offence for any person, who has in his possession or control information which has been entrusted to him in confidence by a public servant, to intentionally communicate such information to anyone who is not authorised to receive it.

Such disclosure of confidential information relating to lawful interceptions and communication data requests, including the aggregate number of them over a defined period of time (assuming that a Network Operator has such information), may constitute an offence under section 5.

INVESTIGATION FOR FAIR TRIAL ACT 2013 (“IFTA”)

As stated in paragraph 1.4 above, interceptions made under IFTA are given lawful authority by a secret court process and are implemented by Network Operators operating under a duty of confidentiality. In some circumstances data relating to IFTA interceptions may, when used as evidence at trial, subsequently be included in the official records of the trial at the court in question.

PREVENTION OF ELECTRONIC CRIMES ACT 2016 (“PECA”)

Under section 53 of PECA, the FIA shall submit a half yearly report to both houses of the Parliament for consideration by the relevent Committee in camera, in respect of its activities, without disclosing identity information, in a manner as prescribed under PECA.

Law stated as at 22 February 2017

This information was originally published in the Legal Overview to the Telenor Group report on Authority Requests for Access to Electronic Communication in May of 2015, which was updated in March of 2017. 

2018-03-19T21:18:04+00:00 March 15, 2018|Categories: legal frameworks|
Font Resize
Contrast