Cyber Security of Pakistan: Pakistan Telecommunication Authority, the Sole Authority
CYBER SECURITY OF PAKISTAN: PAKISTAN TELECOMMUNICATION AUTHORITY, THE SOLE AUTHORITY
By Jawad Hussain Aadil, Civil Judge-cum-Judicial Magistrate, Islamabad
Everything on this earth is bound by some law; the law is either Mural or manmade. Natural laws are of universal nature. However the manmade laws have territorial or well defined jurisdiction. They are made for jurisdictions which are defined by men. However when we talk about information technology, the jurisdiction is defined by the cyber environment which we experience in our daily life. World being globalized share a single cyber environment. Internet has penetrated in such a manner that life is patchy without it. In the given scenario we need to see whether our cyber environment is covered under any legal aegis? If no timely measures need to be taken to fence this environment with proper laws otherwise cyber environment will remain a silent global threat One lose end can be reason for irreparable loss. For instance the May 2000 LOVE BUG virus whose perpetrator was in Philippines. This virus caused billions of dollars damage around the world. The world realizes it, when the Philippines Government attempted to prosecute the culprit but felt helpless, mainly because there was no proper legislation to prosecute such person.
DEFINITION OF CYBER ENVIRONMENT
We need to first define the term 'Cyber Environment'. Cyber. Environment is a self generated term, basically combination of two words i.e. Cyber and environment. However in order to draw a safe analogy we first take the term "Cyberspace" which is defined by oxford dictionary as the notional environment in which communication over computer networks occurs." However the only definition of "cyber environment" which I could find was given by NATO Cooperative Cyber Defence Centre for Excellence which states. "This (Cyber Environment) includes users, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks". However to make it a definition for layman and non-technical person, we can say that Cyber Environment is,
"Our surrounding which includes virtual things besides living things and non-living things."
FEATURES OF CYBER ENVIRONMENT
Every environment has its own features. Their effectiveness is subject to their minority or majority. One thing very much interesting about cyber environment is that it is of universal nature. There is only one Cyber Environment in the world. We don't have different cyber environments for different geographical boundaries. Even the weather, language, culture, communities none have any effect in the formation of cyber environment.
PAKISTAN TELECOMMUNICATION AUTHORITY
For protection of cyber environment, the first legal effort from Pakistan was promulgation of Pakistan Telecommunication Ordinance 1994. Later on which re-promulgated as Pakistan Telecommunication Re-organization Act 1996-("PTRA 1996").The preamble of the PTRA 1996 is "re-organization of Pakistan telecommunication system". Where the whole cyber environment in Pakistan is telecommunication based. It is pertinent to mention here that when we talk about cyber environment, we purely oust the electronic media which is defined under section 2(hc) of Pakistan Electronic Media Regulatory Authority Ordinance 2002 as, ""electronic media" includes the broadcast media and distribution services". This definition was inserted by PEMRA. amendment Act 2007. One must be very clear about the working style of telecommunication services which is not a broadcasting media.
For giving teeth to the law of PTRA, Pakistan Telecommunication Authority (PTA) was established under section 3 of PTRA 1996. Pakistan Telecommunication Authority, an authority completely defined by the PTRA 1996 which performs its function as prescribed under section 4, derives its powers from section 5, exercise its responsibilities as mentioned under section 6 of the Act. However PTA is the sole authority to administer each and every aspect related to telecommunication system. It exercises vast powers varying from the issuance of licenses to entertaining complaints of telecommunication users. Further section 31(5) of the PTRA 1996 bars the courts to take cognizance of complaints against culprits involving crime related to telecommunication except on written complaint of the PTA and frequency allocation board.
JURISDICTION OF PAKISTAN TELECOMMUNICATION AUTHORITY
Pakistan Telecommunication Authority has its own and independent jurisdiction. The working domain of the, PTA is well defined in PTRA 1996 under the headings of
However one can interpret such working domain as absolute power for dealing with matters related to Telecommunication systems. The powers given to the PTA were rightly endorsed at different occassions by the superior courts. As the august Supreme Court of Pakistan held in case titled Pak Telecom Mobile Ltd v. PTA, Islamabad (PLD 2014 SC 478) authored by honorable Justice Jawwad S. Khawaja that PTA is an independent regulator. It was further held that Rationale for creating PTA as a regulator independent of the federal government by means of an Act of Parliament was to ensure that government had no power to interfere in the working of PTA in matters of grant and administration of licenses. Further the honorable Islamabad High Court endorsed the absolute power of the PTA with reference to matters related to consumers of telecommunication in case titled Warid Telecom (Pvt) Ltd. v. PTA, Islamabad (PLD 2013 Islamabad 55) authored by honorable Justice Noorul-Haq N. Qureshi. It was held by the honorable court that the respondents (PTA) being a statutory body has a legal mandate (6)(f) of the Act) to monitor and enforce the licenses granted by it vis-a-vis their provisions of telecommunication services. Therefore one should be crystal clear that the PTA is the sole authority for dealing all the matters related to Telecommunication systems. The law and the case law both uphold the sole authority of the PTA.
Lastly the most daunting fact about this sole authority is that while interpreting section 31(5) of PTRA 1996, it was clearly held by the honorable Justice Riaz Ahmed Khan in case titled Liaqat Islam v. the .State (2011 YLR 2280) that the court will take cognizance only on the complaint by the frequency allocation board or any officer authorized by the Authority (PTA). Therefore such provision further strengthen the role of the PTA as if any lay man has any problem with reference to telecommunication services, he will be bound to file complaint before the PTA. Afterwards, if PTA deemed it proper to register action against the said culprit, it will lodge a written complaint with the concerned authorities.
PAKISTAN TELECOMMUNICATION AUTHORITY, MORE THAN A REGULATOR
Honorable Justice Jawwad S. Khawaja while deciding Constitutional Petition No. 42 of the 2011 titled Muhammad Yasin v. The Federation of Pakistan, mentioned in Para 3 of the Judgment that:
"In terms of regulatory autonomy, OGRA is just one amongst a number of regulatory authorities which have been created in Pakistan during the past few decades to ensure good governance in important (mainly economic) sectors of the country. These include the National Electric Power Regulatory Authority ("NEPRA"), Pakistan Telecommunication Authority ("PTA"), Pakistan Electric Media Regulatory Authority ("PEMRA"), Securities and Exchange Commission of Pakistan ("SECP") and Competition Commission of Pakistan ("CCP"). These bodies have explicitly been made autonomous to ensure that they remain free from political or other interference and thus remain focused on the objectives of their parent statutes."
However the PTA is more than a regulator as the foremost function as defined by section 4(1)(a) of the PTRA 1996 is that the Authority shall regulate the establishment, operation and maintenance of telecommunication systems.
Whereas the term "Telecommunication system" is defined under section 2(u) which states "telecommunication system" means" any electrical, electro-magnetic, electronic, optical or optio-electronic system for the emission, conveyance, switching or reception of any intelligence within, or into, or from, Pakistan, whether or not that intelligence is subjected to re-arrangement, computation or any other process in the course of operation of the system, and includes a cable transmission system, a cable television transmission system and terminal equipment;"
From the above analogy between the sections 4(1) and 2(u), it can be safely held that PTA is responsible for emission, conveyance, switching or reception of any Intelligence within, or into, or from, Pakistan. Such conclusion can be authenticated through section 31(1)(b) which declares that any person through any telecommunication system if transmits or receives any intelligence in contravention of this Act commits an offence under the said section and will be punishable under the same Act i.e. PTRA 1996.
PAKISTAN TELECOMMUNICATION AUTHORITY, AS CUSTODIAN OF INTELLIGENCE
The PTRA 1996 has defined the widely used term intelligence under section 2(g) which states:
"intelligence" means any speech, sound data signal, writing, image or video;
After defining the term, the next challenge is that whether PTA has any role to play w.r.t the intelligence and if yes than to what extent. From the above derived analogy, we can safely conclude that PTA is directly responsible for transmission and reception of any sort of Intelligence. And it is only possible once PTA is able to monitor data and filter it according to the requirement of the law.
It is pertinent to mention here that the term Intelligence has been used 13 times in the complete body of the statute, however one cannot ignore the widely used term in any manner whatsoever. For the sake of arguments, if we ignore all the previous discussion, section 31(1)(g) states that:
Whoever, intercepts, acquaints himself with the contents of any intelligence or unauthorisedly discloses to any person the contents of such intelligence; shall be guilty of an offence under this Act.
This section clearly states that any person can be prosecuted w.r.t. the access of any intelligence. Although the above detail discussion is enough for PTA to derive authority to inspect and monitor the intelligence, however the law is very vocal as it gives explicit authority in the sense of inspection of any premises or telecommunication equipment. And whoever intentionally obstruct the officer authorized to -.2.0 the inspection will commit an offence under section 31(1)(m). whereas the term telecommunication equipment defined under section 24) which states that: "telecommunication equipment" means switches, equipment, wires, cables, apparatus, poles, structure, ducts, man-holes and other tangible property, software and data, other than terminal equipment, comprising any telecommunication system or used in connection with any telecommunication service;"
PAKISTAN TELECOMMUNICATION AUTHORITY ROLE FOR MATTERS RELATED TO NATIONAL SECURITY
On 12th February 2014, President Obama gave a statement which states, "America's economic prosperity, national security, and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet. Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property. Although the threats are serious and they constantly evolve, I believe that if we address them effectively, we can ensure that the Internet remains an engine for economic growth and a platform for the free exchange of ideas."
When we talk about data security and national interest, the foremost thing which clicks us is the disclosure by Edward Snowden the former contractor/employee of CIA regarding the illegal activities related to cyber crime by National Security Agency of United States (hereinafter referred as NSA-US). Edward Snowden during his disclosure to "Washington" and The guardian" newspapers shared some heat images which were generated by the data mining tool namely "Boundless. Informant" used by the NSA -US for performing the intelligence extraction process from all around the world. Pakistan was second country from top whose intelligence (data) was compromised and 13.5 billion pieces of intelligence were stolen, hacked, un-authorisedly accessed and violation of privacy of information was performed by the NSA-US. When we talk about NSA-US, we can easily judge what sort of, information those 13.5 billion pieces of intelligence carried. Obviously they are all related to national security of Pakistan. Therefore in the given scenario, the PTA should have been held responsible for such high level of security lapse regarding our information system which is based on telecommunication system. Although the incident gave irreparable loss and Pakistan security was compromised however still it's never too late for the PTA to deploy the necessary technologies in action to avoid any such high level of data compromise in future. However we must acknowledge the legal status of PTA w.r.t. its powers and duties. This should not be treated as a controversy. However such autonomy also needs to be catered in such a manner that results could be drawn to monitor the authority performance. Among all the other duties of the PTA, the foremost duty of the PTA can be divided into following two things:
Telecommunication Infrastructure Security
Data Security and Content monitoring
Besides the above mentioned duties, all other duties are mostly of commercial nature. PTRA has emphasized the importance of National Security under section 54 of the PTRA 1996. Every aspect has been dealt detail to cover all the legal aspects pertaining to matters of national security. We should never forget that we live in a cyber environment and we need to know the rules and we need to equip ourselves with the tools of survival for this environment. Besides that the daily threat of terrorism which is faced by Pakistan also need the Authority to help the security forces to chalk out rules for drawing a soft and peaceful image of Pakistan on the world map.
Pakistan Telecommunication Authority is sole authority as per law, however if for the sake of arguments, we omit this part then the question is who is the sole authority to decide the matters related to cyber security of Pakistan. The answer is that we don't have any official Authority or department to fight such a big threat besides PTA. I would like to refer towards recent news related to Nigeria in which Army Chief of Nigeria said that Nigerian Military is developing a Cyber Warrior to counter terrorists who have migrated to social media spaces for propaganda to undermine the service and its leadership.
Although we are not in a race with any other country but we are facing highest level of threats from around the world from state and non state actors. I would like to conclude with the finding that PTA should not be made part of criticism for exercising powers given by legislators but should be considered as a blessing in disguise to look after cyber security of national security unless we chalk out a new national plan for cyber security.