The question is whether Pakistan ought to sign the Budapest Convention.
Cybercrime in the modern age is not only more difficult to commit, but it can also be a nightmare in terms of legal jurisdiction.
ISLAMABAD:
The fact that a high-powered committee is investigating the cyber security breach at the office of the Prime Minister and has been tasked with preparing a legal framework for the seamless security of government assets has sparked a debate regarding whether or not Pakistan should finally join the well-known Cybercrime Convention.
The Cybercrime Convention, also known as the Budapest Convention, took a global approach to the problem of cybercrime. This approach involved improving forensic capabilities, harmonising national laws pertaining to cyber security and electronic crimes, and enabling international cooperation between various law enforcement agencies.
Consider the following example in order to gain a sense of the benefits that are available as a result of this treaty: Phishing is one of the methods that an Indian hacker employs to install malicious software on computers that are connected to the network that our government uses. They do this in order to record conversations by utilising office surveillance cameras, employee cell phones connected to the private Wi-fi network, or simply installing a dedicated hardware bug that will transmit recorded conversations to its cloud servers located in either the United States or the European Union.
The Prevention of Electronic Crimes Act (PECA) 2016 of Pakistan is unable to pursue legal action against wrongdoers who do not have their base of operations in Pakistan. However, if Pakistan had joined the Budapest agreement, the FIA would have been able to ask the authorities in the United States and Europe to collect evidence from other countries and assist in identifying, tracking, and preventing cyberattacks coming from their cyberspace.
The scenario that was shown before is, on the other hand, very oversimplified; modern-day scenarios are more intricate and may entail the execution of cybercrime in a number of different ways. For instance, the adversary may utilise the processing power of the cloud servers that are physically located in India, the storage aggregation of which occurs in another country, and the cloud service provider could be based in the United States. In all of this, it’s possible that the victim, whose data is being retained by the service provider, is a resident of Iran, but the attacker is from a completely different nation.
As a result, cybercrime that takes advantage of cloud resources could result in a nightmare for the relevant authorities.
The Budapest convention, on the other hand, does not need the existence of ‘dual criminality’ in order for an activity to be designated a crime in both countries or for a nation to request the investigation of another nation’s police by that police force. This indicates that Australia has the ability to request Pakistan to investigate any and all actions, including those that are unlawful in Australia but are entirely above board in Pakistan.
In this way, the Budapest convention requires the participating nations to criminalise offences such as hacking as well as the production, sale, procurement, or distribution of hacking tools. Additionally, the convention requires the law enforcement agencies of these member states to cooperate in responding to requests for mutual assistance. The convention provides the police with new surveillance tools that allow them to seek internet service providers for ‘internet-tapping’ of its users. This is done with the intention of helping to coordinate the enforcement of cross-border cybercrimes.
The convention may also provide Pakistani legislators with a helpful yardstick to utilise when drafting new laws and regulations addressing cybercrime.
This treaty, like every other law, comes with its own set of drawbacks. The Budapest Convention has the potential to severely infringe upon the privacy rights of individuals. If the cybercrime convention were to be amended or our own law was changed along similar lines, it would be possible to circumvent the discussion regarding the legality of illegal surveillance carried out by law enforcement agencies in Pakistan. Even in political contexts, the monitoring capabilities that can be exercised as a result of this treaty are not limited by any exceptions or restrictions on civil liberties.
In a similar vein, despite the fact that the convention requests of its members that they cooperate “to the maximum degree practicable,” the role of the convention is restricted when it comes to the situation of state-sponsored cyberterrorism. It is only concerned with private parties, therefore the treaty cannot be used to inflict sanctions on states, even in cases where it has been determined that a government agency was responsible for the hack.
The United Nations has been working since 2019 to create consensus on a new global cybercrime treaty in order to address the flaws that have been outlined above. During their most recent meeting, which took place in June of this year, members of the ad hoc committee considered the many suggestions that had been made by states in order to combat the use of information and communication technologies for illegal purposes. Sadly, Pakistan has not sent any of its suggestions and is not taking part in this exercise of stakeholder engagement, whereas India, Iran, and even Egypt have been actively taking part in this multiyear negotiation effort. In point of fact, India has set up a Cyberlaw University, and this university has presented an independent application to the United Nations as a non-governmental organisation.
Concerns regarding one’s right to privacy have always been raised in relation to the Budapest convention. This is especially the case when one considers the fact that the treaty serves more as a NATO “wish list” following the 9/11 attack with little input from civil society than it does as a collective effort to combat cybercrime. But the new cybercrime treaty that is being sponsored by the UN committee is something to look forward to. This treaty will bring the international community one step closer to adopting it universally. In order for Pakistan to keep up with this trend, it should begin dialogue at the national level and engage in the committees of the United Nations.
