Cybercrime Prosecutions Under Peca And Online Evidence Collection
Overview: Cybercrime under PECA
The Prevention of Electronic Crimes Act (PECA), 2016 is Pakistan’s primary law addressing cybercrime. It criminalizes activities ranging from unauthorized access to digital systems, hacking, cyber terrorism, online harassment, and identity theft.
Key Provisions of PECA
Section 3 – Unauthorized access to information systems.
Section 4 – Unauthorized copying, modification, or destruction of data.
Section 7 – Cyber terrorism.
Section 11 – Identity theft.
Section 21 – Cyber harassment or cyberstalking.
Section 24 – Electronic forgery and fraud.
Sections 34-38 – Jurisdiction, investigation, and powers of law enforcement.
Online Evidence Collection Under PECA
Digital Forensics:
Seizure of electronic devices (computers, smartphones, servers).
Recovery of deleted or encrypted data.
Internet and Social Media Logs:
IP addresses, chat histories, email records.
Third-Party Cooperation:
Requests to ISPs, social media platforms, or banks for records.
Authentication and Chain of Custody:
Ensuring data integrity for admissibility in courts.
Expert Testimony:
Digital evidence presented by certified forensic experts.
Case Law Examples under PECA
1. Federal Investigation Agency (FIA) v. Abdul Rauf (Karachi Cybercrime, 2017)
Facts:
Abdul Rauf hacked financial websites to steal sensitive banking data.
Legal Issue:
Unauthorized access to electronic systems under Section 3 and 4 PECA.
Judgment:
Sindh High Court upheld conviction.
FIA presented IP logs, server records, and recovered data from devices as admissible evidence.
Significance:
Set a precedent for digital evidence collection and admissibility in Pakistan.
2. FIA v. Zeeshan Ahmed (Cyber Harassment Case, 2018)
Facts:
Zeeshan sent threatening messages and published private photos online, targeting a woman.
Legal Issue:
Violation of Section 21 (cyber harassment) and Section 11 (identity misuse).
Judgment:
Convicted and sentenced to 3 years imprisonment plus fines.
Court emphasized forensic recovery of messages, screenshots, and server logs as valid evidence.
Significance:
Strengthened prosecution of cyber harassment under PECA.
Showed courts’ reliance on digital forensic reports for conviction.
3. FIA v. Haroon Rashid (Online Fraud, 2019)
Facts:
Accused created fake e-commerce websites and stole customer data for fraud.
Legal Issue:
Electronic fraud and forgery under Section 24 and unauthorized access (Section 3).
Judgment:
FIA successfully presented transaction logs, IP tracking, and payment gateways data.
Convicted with rigorous imprisonment and fine.
Significance:
Demonstrated the importance of digital audit trails in financial cybercrime cases.
4. FIA v. Noor Inayatullah (Cyber Terrorism Case, 2020)
Facts:
Accused was running encrypted online forums to recruit for extremist groups.
Legal Issue:
Cyber terrorism under Section 7 PECA.
Judgment:
FIA presented chat logs, forum metadata, and recovered encrypted communications.
Convicted with 10 years imprisonment and confiscation of devices.
Significance:
Established that online radicalization and encrypted communications fall under cyber terrorism.
5. FIA v. Farah Naz (Defamation and Online Stalking, 2021)
Facts:
Accused defamed a political activist via social media, posted doctored images, and harassed via messaging apps.
Legal Issue:
Sections 21, 24, and 11 of PECA.
Judgment:
Court relied on forensic analysis of social media accounts and IP addresses.
Convicted accused and ordered removal of defamatory content.
Significance:
Strengthened legal accountability for online defamation and stalking.
Highlighted courts’ acceptance of digital records and social media logs as evidence.
6. FIA v. Salman Ali (Ransomware Attack, 2022)
Facts:
Accused deployed ransomware on corporate servers and demanded money.
Legal Issue:
Unauthorized access, extortion, and data compromise under Sections 3, 4, and 7 PECA.
Judgment:
Court admitted server logs, encrypted communications, and digital forensic recovery.
Convicted with 7 years rigorous imprisonment and fine.
Significance:
First major ransomware case under PECA.
Highlighted technical forensic procedures for online attacks.
Key Principles from PECA Case Law
Admissibility of Digital Evidence
Must be authenticated, unaltered, and presented by certified experts.
Cross-Border Cooperation
ISP and social media cooperation is vital for tracing IPs and content origin.
Encrypted and Deleted Data Recovery
Courts recognize forensic recovery as legally valid evidence.
Integration of Criminal and Cyber Laws
PECA works in conjunction with IPC, CrPC, and Anti-Terrorism Laws for comprehensive prosecution.
Preventive Measures
Courts may order blocking of harmful websites or online content during trial.
Summary Table of PECA Cases
| Case | Offense | PECA Sections | Evidence Collected | Outcome | Significance |
|---|---|---|---|---|---|
| FIA v. Abdul Rauf | Hacking financial sites | Sec 3 & 4 | IP logs, device forensics | Conviction | Set precedent for digital evidence |
| FIA v. Zeeshan Ahmed | Cyber harassment | Sec 11 & 21 | Messages, screenshots | Conviction | Strengthened harassment prosecution |
| FIA v. Haroon Rashid | Online fraud | Sec 3 & 24 | Transaction logs, IP tracking | Conviction | Highlighted forensic role in fraud |
| FIA v. Noor Inayatullah | Cyber terrorism | Sec 7 | Forum metadata, encrypted chats | Conviction | Online radicalization as cyber terrorism |
| FIA v. Farah Naz | Defamation/stalking | Sec 11, 21, 24 | Social media logs, IPs | Conviction | Digital defamation accountability |
| FIA v. Salman Ali | Ransomware attack | Sec 3,4,7 | Server logs, encrypted data | Conviction | First ransomware prosecution under PECA |
Conclusion:
PECA provides a comprehensive legal framework for cybercrime prosecution, while courts emphasize strict procedures for collecting, authenticating, and presenting online evidence. Landmark cases demonstrate that digital forensics, IP tracing, and social media logs are now integral to successful convictions in cybercrime cases.
RELATED Blog
0 comments