Cybercrime, Artificial Intelligence & The Future of Justice in Pakistan
Barrister Mian Zafar Iqbal Kalanauri
Advocate Supreme Court of Pakistan, Barrister Lincoln’s Inn, FCIArb
International Mediator, White-Collar Crime Investigator
Abstract
The transformation of crime in the digital age has outpaced the evolution of legal frameworks across jurisdictions. In Pakistan, the Prevention of Electronic Crimes Act, 2016 (PECA) constitutes the principal legislative instrument governing cyber offences. However, the rapid emergence of artificial intelligence, transnational cyber operations, and data-centric economies has exposed structural inadequacies within the existing legal regime. This article critically examines the conceptual evolution of cybercrime, the strengths and limitations of PECA, evidentiary challenges under the Qanun-e-Shahadat Order, 1984, and the regulatory vacuum surrounding artificial intelligence and data protection. It argues for a paradigm shift from reactive regulation to proactive, technology-integrated legal governance grounded in human rights and digital ethics.
1. Introduction: Crime in the Age of Connectivity
The digital revolution has redefined the architecture of modern society. Communication, commerce, governance, and personal identity are increasingly mediated through digital platforms. However, this transformation has also facilitated a parallel evolution of criminal activity-one that is silent, borderless, and technologically sophisticated.
Unlike traditional offences, cybercrime operates within an invisible infrastructure, often leaving victims unaware until substantial damage has occurred. This raises profound questions about the capacity of existing legal systems to respond effectively.
Cybercrime today is not merely a category of offences-it is a systemic disruption of trust, privacy, and identity in the digital ecosystem.
2. Conceptual Foundations: Expanding the Definition of Cybercrime
Cybercrime traditionally encompasses unlawful acts committed using or targeting digital systems. However, contemporary developments necessitate a broader conceptualisation.
2.1 Dual Nature of Cybercrime
Cybercrime manifests in two primary forms:
- Computer as Target: hacking, denial-of-service attacks
- Computer as Tool: fraud, harassment, identity theft
2.2 Emerging Dimensions
Modern cybercrime increasingly involves:
- Automation through artificial intelligence
- Psychological manipulation (social engineering)
- Data commodification and surveillance capitalism
This evolution reflects a shift from isolated criminal acts to complex, organised digital ecosystems of crime.¹
3. Pakistan’s Legal Framework: Structure and Limitations
3.1 The Legislative Core: PECA 2016
The Prevention of Electronic Crimes Act, 2016 criminalises a wide spectrum of cyber offences, including:
- Unauthorized access (s 3)
- Data interference (ss 4–5)
- Electronic fraud (s 13)
- Identity theft (s 16)
- Offences against dignity (s 20)
- Cyber terrorism (s 10)
The Act also empowers investigative authorities, primarily the Federal Investigation Agency, to enforce its provisions.
3.2 Strengths of the Framework
PECA provides:
- A comprehensive catalogue of offences
- Procedural mechanisms for investigation
- Recognition of electronic evidence
- Extra-territorial jurisdiction
These features place Pakistan within the broader global trend of cybercrime legislation.²
3.3 Structural Limitations
Despite its strengths, PECA suffers from critical deficiencies:
(a) Technological Obsolescence
PECA predates the widespread adoption of AI technologies such as:
- Deepfake generation
- Automated fraud systems
- Algorithmic manipulation
(b) Overbreadth and Misuse Concerns
Certain provisions—particularly those concerning online speech—are criticised for vagueness and potential misuse, raising constitutional concerns under fundamental rights jurisprudence.³
(c) Institutional Constraints
Effective enforcement requires:
- Advanced forensic capabilities
- Skilled investigators
- Judicial familiarity with digital evidence
These remain underdeveloped.
4. Investigation and Prosecution: Systemic Challenges
4.1 Underreporting and Social Barriers
Cybercrime remains significantly underreported due to:
- Lack of digital awareness
- Fear of reputational harm
- Cultural stigma, especially in gender-based offences
This results in evidentiary gaps at the earliest stages.
4.2 Digital Evidence: Admissibility and Complexity
Digital evidence plays a central role in cybercrime litigation. Its admissibility is governed by the Qanun-e-Shahadat Order, 1984.
Key requirements include:
- Authenticity
- Integrity
- Chain of custody
Courts increasingly rely on forensic experts to validate such evidence. However, inconsistencies in handling and presentation often weaken prosecutions.⁴
4.3 Cross-Border Enforcement
Cybercrime frequently involves multiple jurisdictions, complicating enforcement.
While PECA provides for extra-territorial jurisdiction, practical enforcement depends on:
- Mutual legal assistance treaties (MLATs)
- International cooperation
- Data-sharing agreements
These mechanisms are often slow and ineffective.
Cybercrime transcends borders, but legal authority remains territorially constrained.
5. Artificial Intelligence and the Crisis of Regulation
5.1 AI as a Tool of Cybercrime
Artificial intelligence has amplified cybercrime capabilities through:
- Deepfake impersonation
- Automated phishing campaigns
- Predictive behavioural manipulation
These developments challenge traditional legal doctrines of intent, authorship, and liability.
5.2 Privacy and Surveillance
The expansion of data collection raises critical concerns regarding:
- Consent
- Data ownership
- Surveillance
Pakistan currently lacks a comprehensive data protection regime, creating a regulatory vacuum.
Comparatively, jurisdictions such as the European Union have adopted frameworks like the General Data Protection Regulation (GDPR), which emphasises data subject rights and accountability.⁵
6. Social and Gendered Dimensions of Cybercrime
Cybercrime disproportionately affects women and vulnerable populations.
Key issues include:
- Online harassment and blackmail
- Non-consensual dissemination of images
- Social stigma and victim-blaming
These factors discourage reporting and undermine legal enforcement.
A justice system that silences victims cannot effectively deter offenders.
7. Philosophical Inquiry: Technology, Ethics, and Responsibility
Cybercrime is often framed as a technological problem. However, its root cause lies in human behaviour.
Technology is inherently neutral; its ethical implications depend on its use. This necessitates a shift towards:
- Digital ethics education
- Responsible innovation frameworks
- Normative legal approaches
8. The Future of Cybercrime: Emerging Threats
The next decade is likely to witness:
- AI-driven identity cloning
- Biometric data breaches
- Synthetic reality manipulation
- Large-scale data exploitation
These developments suggest that cybercrime will increasingly target:
- Identity
- Perception
- Truth
9. Reform Agenda: Towards Adaptive Legal Governance
A comprehensive response requires:
9.1 Legislative Reform
- Updating PECA to address AI and emerging technologies
- Enacting data protection legislation
9.2 Institutional Strengthening
- Capacity building for investigators
- Advanced forensic infrastructure
9.3 Judicial Training
- Specialised training in cyber law and digital evidence
9.4 Public Awareness
- Promoting digital literacy
9.5 International Cooperation
- Strengthening cross-border legal frameworks
10. Complaint Mechanisms and Preventive Framework in Cybercrime
10.1 Institutional Complaint Mechanisms in Pakistan
An effective cybercrime regime depends not only on legislation but also on accessible, efficient, and citizen-friendly complaint mechanisms.
Primary Complaint Authority
Federal Investigation Agency (Cyber Crime Wing – NR3C)
Table 1: Cybercrime Complaint Pathways in Pakistan
| Mechanism | Mode | Key Requirements | Advantages | Limitations |
| FIA Online Portal | Digital submission | CNIC, evidence (screenshots, links) | Fast, accessible nationwide | Digital literacy required |
| FIA Physical Office | In-person complaint | Written application + evidence | Direct interaction, guidance | Time-consuming |
| Helpline (FIA) | Telephonic | Basic details | Immediate reporting | Limited follow-up capability |
| Court Proceedings | Legal filing | Formal evidence, legal representation | Enforceable remedies | Expensive, lengthy |
Step-by-Step Complaint Process
Complaint Journey
Incident Occurs
↓
Evidence Collection (Screenshots, URLs, Logs)
↓
Complaint Filing (Online / FIA Office)
↓
Preliminary Inquiry by FIA
↓
Forensic Analysis & Investigation
↓
Arrest / Charge Sheet
↓
Trial in Court
↓
Judgment
Key Legal Requirements for Complaint
- Proof of identity (CNIC)
- Digital evidence (screenshots, emails, links)
- Timeline of events
- Description of harm
Critical Legal Insight
“In cybercrime, delay in reporting is equivalent to destruction of evidence.”
10.2 Challenges in Complaint Mechanisms
Despite existing structures, systemic issues persist:
Table 2: Key Barriers in Reporting Cybercrime
| Challenge | Impact |
| Lack of awareness | Victims do not report |
| Social stigma | Especially in harassment cases |
| Technical complexity | Evidence not properly preserved |
| Fear of retaliation | Victims withdraw complaints |
| Institutional delays | Weakens prosecution |
11.3 Preventive Framework: Individual Cyber Safety
Prevention remains the most effective defence against cybercrime.
Personal Cyber Safety Pyramid
Awareness
(Recognize threats)
Protection
(Passwords, 2FA, Updates)
Behaviour
(Avoid risky actions)
Data Control
(Limit sharing)
Foundation
(Digital Literacy)
Table 3: Essential Cyber Safety Measures
| Category | Precaution | Purpose |
| Authentication | Strong passwords + 2FA | Prevent unauthorized access |
| Data Protection | Avoid sharing personal info | Reduce identity theft risk |
| Device Security | Regular software updates | Fix vulnerabilities |
| Behavioural Awareness | Avoid suspicious links | Prevent phishing attacks |
| Social Media | Privacy settings control | Limit exposure |
Golden Rule
“If something is free online—you are not the user, you are the product.”
11.4 Organisational and Corporate Safety Measures
Cybercrime increasingly targets institutions and corporations.
Table 4: Organisational Cybersecurity Measures
| Measure | Description | Impact |
| Cybersecurity Policies | Internal protocols | Risk minimisation |
| Employee Training | Awareness sessions | Human error reduction |
| Data Encryption | Secure communication | Data protection |
| Incident Response Plan | Crisis management | Damage control |
| Regular Audits | System checks | Vulnerability detection |
10.5 Legal and Policy-Level Preventive Strategies
A holistic response requires systemic reform.
Table 5: National-Level Preventive Measures
| Area | Recommended Reform |
| Legislation | Update PECA for AI and emerging threats |
| Data Protection | Enact comprehensive privacy laws |
| Judiciary | Specialised cyber benches |
| Law Enforcement | Advanced digital forensics training |
| Education | Cyber awareness in curriculum |
Integrated Cybercrime Prevention Model
Multi-Layered Cybersecurity Approach
LAW (PECA, Evidence Law)
↓
ENFORCEMENT (FIA, Courts)
↓
INSTITUTIONS (Corporations, Banks)
↓
INDIVIDUALS (Users, Citizens)
↓
AWARENESS & ETHICS
10.6 Philosophical and Practical Insight
Cybercrime prevention is not merely a technical exercise—it is a cultural transformation.
“Security is not a product—it is a behaviour.”
11. Conclusion
Cybercrime represents a fundamental challenge to contemporary legal systems. While Pakistan has taken significant steps through PECA, the rapid evolution of technology demands a more dynamic and integrated approach.
The future of cyber law lies not merely in regulation but in harmonising law, technology, and human values.
As technology advances, the true measure of law is not its ability to control innovation, but its capacity to protect human dignity within it.
An effective cybercrime regime must integrate:
- Accessible complaint mechanisms
- Robust investigative frameworks
- Preventive awareness strategies
- Technological adaptability
Ultimately:
“The strongest firewall is not software—it is an informed and responsible human mind.”
REFERENCES
- Susan W Brenner, Cybercrime and the Law: Challenges, Issues, and Outcomes (Northeastern University Press 2010).
- Prevention of Electronic Crimes Act 2016 (Pakistan).
- Constitution of the Islamic Republic of Pakistan 1973, art 19.
- Stephen Mason and Daniel Seng (eds), Electronic Evidence (5th edn, Institute of Advanced Legal Studies 2021).
- Regulation (EU) 2016/679 (General Data Protection Regulation).
- Qanun-e-Shahadat Order 1984 (Pakistan).
- Brenner SW, ‘Cybercrime Metrics’ (2004) 9 Virginia Journal of Law & Technology 1.
- Council of Europe, Convention on Cybercrime (Budapest Convention) (2001).