ISLAMABAD:
A parliamentary panel on Tuesday unanimously approved amendments to the Prevention of Electronic Crimes Act (PECA) based on proposals by the Pakistan Telecommunication Authority (PTA) and the National Cyber Crime Investigation Agency (NCCIA).
The Senate Standing Committee on Home Affairs also saw startling revelations about identity theft, data leakage and weaknesses in Pakistan’s passport and registration systems.
The committee, which met under the chairmanship of Senator Faisal Saleem, was told that a fraudster had traveled to India in 2023 by misusing the identity and passport details of a Pakistani lawyer.
Senator Afnanullah Khan raised the issue and informed the committee that a consultant attached to the Attorney General’s Office had his identity misused with a forged passport that allegedly allowed a fraudster to travel to India.
“The lawyer concerned is present here; you can ask him,” said the senator.
The victim told the committee that an unknown person had used his identity and passport details to travel to India, adding that the incident caused him serious problems.
He said he was forced to take his parents to the National Database and Registration Authority to prove his Pakistani citizenship.
He further told the committee that he has dual citizenship, uses a British passport for travel and has been waiting for over a year to meet the Director of Passports.
The director general of passports told the committee that NADRA had shared several cases of identity fraud with his department. He said a dedicated dashboard had now been developed to help detect and prevent fraudulent travel.
Senator Palwasha Khan questioned how identity data was stolen from NADRA and asked how such data breaches occurred. In response, DG passport said citizens often share passport and CNIC details on WhatsApp, which can be a source of data leakage.
Senator Talha Mahmood alleged that NADRA had issued identity cards to Afghan nationals and terrorists. DG passport acknowledged that the cited case dated back to 2023, but said both NADRA and the passport department had since introduced reforms and technological improvements.
Senator Afnanullah Khan further claimed that data of NADRA, banks and Federal Board of Revenue (FBR) was available on the dark web and claimed that personal data of any citizen could be bought for Rs500. He emphasized that such a large-scale data theft was impossible without insider involvement.
He claimed that sensitive personal data of Pakistani citizens, including consolidated records of government institutions, was openly available for sale on the dark web, pointing to possible insider involvement.
Raising the issue, the PML-N senator told the committee that the stolen data appeared to be recent, highly organized and far too extensive to have been accessed without internal collusion.
“All Pakistani citizens’ data is on the dark web. And this is the latest data,” the senator said, adding that the information was so refined that “we may not have such well-processed data ourselves”.
He claimed that individual records could be obtained for as little as Rs500, while data covering the entire population was being offered for Rs70-80 billion. “Data is worth Rs 70-80 billion [available] on the dark web,” he said.
Senator Afnanullah warned that stolen data could be exploited for several criminal purposes, including issuing fraudulent passports and identity cards. Questioning repeated breaches, he said, “Why is Pakistanis’ data being stolen again and again?”
‘Internal collaboration’
Addressing the Director General of Immigration and Passports, Mustafa Jamal Qazi, the senator argued that theft on such a scale was impossible without internal assistance. “Without [involvement of] people inside the organization, data theft on such a large scale is not possible. It is impossible. 240 million people’s data cannot just be stolen like that.”
Committee Chairman and PTI Senator Faisal Saleem Rahman asked if a formal inquiry had been conducted.
DG Qazi replied that an investigation had taken place and officials had been removed as a result.
Senator Rahman also emphasized the importance of protecting sensitive data held by law enforcement agencies and asked who would be held responsible if such information was compromised.
Social media regulation debated
Interior Minister Talal Chaudhry informed the committee that the government was in the process of establishing a dedicated cyber security authority. He suggested that Senator Afnanullah Khan be formally briefed by NADRA on the issue.
The meeting also saw committee members expressing displeasure over the absence of Inspector General of Police Sindh. The Chairperson questioned why the IG was not present and why the Committee had not been informed.
Committee member Saifullah Abro stressed the need to curb the monopoly of police powers and questioned the accountability of the police in cases like the Gul Plaza fire.
He asked where the police were when a station officer was shot dead in Sindh and whether the role of the police had been reduced to harassing parliamentarians.
He urged the committee to legislate mechanisms to hold police officers accountable.
Senator Anusha Rehman expressed concern over the lack of clear procedures for removing objectionable content from social media platforms. She asked what action would be taken if platforms did not comply with requests from the PTA or NCCIA.
The Director General NCCIA told the committee that the agency had already approached social media platforms to seek cooperation.
Foreign Minister Talal Chaudhry said laws governing social media fell under the relevant ministries’ mandate, adding that while terrorists once relied on firearms, they now used social media to exert influence.
He emphasized the need to legally bind social media platforms and service providers.
