ISLAMABAD:
A parliamentary panel on Tuesday unanimously approved amendments to the Prevention of Electronic Crimes Act (PECA) based on proposals submitted by the Pakistan Telecommunication Authority (PTA) and the National Cyber Crime Investigation Agency (NCCIA).
The Senate Standing Committee on Interior meeting also witnessed startling revelations about identity theft, data leaks and weaknesses in Pakistan’s passport and registration systems.
The committee, which met under the chairmanship of Senator Faisal Saleem, was informed that a fraudster had traveled to India in 2023 by misusing the identity and passport details of a Pakistani lawyer.
Raising the issue, Senator Afnanullah Khan informed the committee that a consultant associated with the Attorney General’s office had his identity stolen, with a fake passport that allegedly allowed a fraudster to travel to India.
“The relevant lawyer is present here, you can ask him,” the senator said.
The victim told the committee that an unknown person used her identity and passport details to travel to India, adding that the incident caused her serious hardship.
He said he was forced to take his parents to the National Database and Registration Authority to prove his Pakistani citizenship.
He further told the committee that he held dual nationality, used a British passport to travel and had been waiting for more than a year to meet the Director General of Passports.
The Director General of Passports told the committee that NADRA had shared several cases of identity fraud with his ministry. He said a dedicated dashboard had now been developed to help detect and prevent fraudulent travel.
Senator Palwasha Khan asked how identity data was stolen from NADRA and how such data breaches happen. In response, DG Passports said citizens often share their passport and CNIC details on WhatsApp, which could be a source of data leakage.
Senator Talha Mahmood alleged that NADRA had issued identity cards to Afghan nationals and terrorists. The DG Passport acknowledged that the cited case dated back to 2023, but said NADRA and the passport department had since introduced reforms and technological improvements.
Senator Afnanullah Khan further claimed that data belonging to NADRA, banks and the Federal Board of Revenue (FBR) was available on the dark web, saying that personal data of any citizen could be bought for Rs500. He emphasized that such large-scale data theft was impossible without the involvement of insiders.
He alleged that sensitive personal data of Pakistani citizens, including consolidated records of state institutions, were freely available for sale on the dark web, highlighting possible internal involvement.
Raising the issue, the PML-N senator told the committee that the stolen data appeared recent, highly organized and far too comprehensive to have been accessed without internal collusion.
“All the data of Pakistani nationals is on the dark web. And this is the most recent data,” the senator said, adding that the information was so refined that “we ourselves may not have such well-processed data.”
He claimed that individual records could be had for just Rs 500, while data covering the entire population was offered for Rs 70-80 billion. “Data worth 70-80 billion rupees is [available] on the dark web,” he said.
Senator Afnanullah warned that the stolen data could be exploited for multiple criminal purposes, including issuing fraudulent passports and identity cards. Questioning the repeated violations, he said: “Why is Pakistanis’ data being stolen again and again?
“Internal collusion”
Speaking to Director General of Immigration and Passports Mustafa Jamal Qazi, the senator said theft on such a scale was impossible without internal assistance. “Without the [involvement of] people within the organization, data theft on such a large scale is not possible. It’s impossible. The data of 240 million people cannot be stolen like that.”
Committee chairman and PTI senator Faisal Saleem Rahman asked whether a formal investigation had been carried out.
DG Qazi responded that an investigation had taken place and officials had been dismissed as a result.
Senator Rahman also highlighted the importance of protecting sensitive data held by law enforcement, asking who would be held accountable if such information was compromised.
Social media regulations debated
Minister of State for Interior Talal Chaudhry informed the committee that the government was in the process of creating a dedicated cybersecurity authority. He suggested that Senator Afnanullah Khan should be formally briefed by NADRA on the issue.
The meeting also saw the committee members expressing their displeasure over the absence of the Sindh Inspector General of Police. The Chair asked why the IG was not present and why the committee was not informed.
Committee member Saifullah Abro stressed the need to curb the monopoly of police powers, questioning police accountability in incidents such as the Gul Plaza fire.
He asked where the police were when a police officer was shot dead in Sindh and whether the role of the police had been reduced to harassing parliamentarians.
He urged the committee to legislate mechanisms to hold police officers accountable.
Senator Anusha Rehman has raised concerns over the lack of clear procedures to remove objectionable content from social media platforms. She asked what action would be taken if platforms did not comply with requests from the PTA or NCCIA.
The NCCIA director general told the committee that the agency had already contacted social media platforms to seek their cooperation.
State Minister Talal Chaudhry said laws governing social media were within the mandate of relevant ministries, adding that while terrorists once used guns, they now used social media to exert their influence.
He stressed the need to legally bind social media platforms and service providers.
