Enforcing the unenforceable: Pakistan’s cybercrime dilemma

Pakistan has a long list of laws that are either kept on ice due to various political sensitivities around their enforcement or are frequently misused due to their vague language. This is not surprising, given the disconnect between the country’s lawmaking and law enforcement capacities. However, when legal frameworks lose their credibility, society starts operating more on coercion than consensus, which ultimately erodes public trust in the rule of law.

The recent amendments to the Prevention of Electronic Crimes Act (PECA) are said to be aimed at strengthening Pakistan’s anti-cybercrime framework. The question arises: will their enforcement match this legislative intent? Expanding existing laws without equipping enforcement agencies with the necessary expertise and resources risks turning them into new instruments of control. We must be wary that there is a pattern of cybercrime laws, instead of balancing security with rights, often being used merely as tools for suppression. 

Over 160,000 cybercrime complaints were filed in Pakistan in 2024 alone. Thousands more went unreported due to gaps in public awareness, opacity regarding the complaint registration process, and holdups in enforcement. The ballooning case backlog also left thousands of victims of digital crimes without timely recourse. According to FIA sources, at least 60 percent of cases remain unresolved beyond their statutory timeframe. With the FIA overwhelmed, stronger regulation of the digital sphere seems more like a pipe dream than a practical proposal. Can the new PECA amendments bring any improvement or merely deepen the dysfunction?

Pakistan must decide whether it wants a society where law and morality coexist or one where the law dictates morality at the expense of fundamental freedoms.

Dr. Syed Kaleem Imam

Pakistan embarked on a troubling trajectory when it enacted PECA in 2016, without first ensuring that law enforcement had the expertise or resources to implement it. Eight years later, there were still only 350 investigators available to handle the over 160,000 cases filed in 2024. A lack of training and limited jurisdiction over digital offenses also hampered local police forces, creating a critical bottleneck that resulted in cases piling up. Instead of addressing these structural flaws, the 2025 amendments have further broadened PECA’s scope, introducing vague new restrictions on speech, ‘fake news’, and criticism of state institutions without any real strategy for how they will be enforced. We have seen this before.

PECA’s expansion into the regulation of content and the prosecution of online speech seems to follow restrictive laws in Egypt, Turkiye, and Bangladesh, where similar policies have resulted in arbitrary arrests and press censorship. Egypt’s Anti-Cybercrime Law (2021), for example, led to the arrests of over 500 journalists and activists for ‘false information.’ Likewise, Bangladesh’s Digital Security Act (2018) saw over 2,000 cases filed in three years against online critics, including students and minors. 

Even the United States Computer Fraud and Abuse Act (CFAA) of 1986, originally designed to curb hacking and unauthorized access and later expanded to cover espionage and fraud, seems to have been selectively enforced, according to 2020 prosecution data. It disproportionately targeted whistleblowers and activists. India’s Information Technology Act (2000) was aimed at securing e-commerce and tackling cybercrime, but difficulties in implementation and lack of law enforcement expertise allowed its frequent misuse in targeting political dissenters. Turkiye’s Internet Law (2007), initially focused on child protection, over time evolved into a mechanism of broad censorship, enabling the state to block over 450,000 websites, including critical news portals.

There is no doubt that fake news is a global concern. According to a 2018 study done by MIT, misinformation spreads six times faster than factual reporting. Regulating libel, cyber harassment, and incitement to violence is therefore critical. However, this regulation cannot come at the expense of fundamental freedoms. Pakistan must invest in training law enforcers, modernizing its forensic capabilities, and ensuring fair legal processes rather than enacting hasty amendments with vague definitions and limited enforcement potential. 

Laws should be pragmatic, inclusive, and enforceable, and enforcers should be professional, well-trained, and independent. As James Q. Wilson’s theory of policing highlights, law enforcement functions most effectively when it adapts to social realities rather than when it attempts to rigidly control them. The laws should be a guiding force, not a sword hanging over civil society. If every action is believed to require a strong legal intervention, this usually means something deeper is broken — either civic trust, the society’s ethical value system, or the sense of communal responsibility. A functioning society does not rely on punishment to deter wrongdoing but cultivates social norms that make punitive measures an exception, not the rule. Germany’s NetzDG law (2017), for instance, introduced strict measures against online hate speech, but then balanced enforcement with media literacy programs, ethics training, and independent oversight. 

As Locke and Durkheim cautioned, nations that over-legislate their people eventually erode the very trust they seek to protect. Pakistan must decide whether it wants a society where law and morality coexist or one where the law dictates morality at the expense of fundamental freedoms.

– The writer is former federal secretary/IGP- PhD in Politics and IR-teaching Law and Philosophy at Universities.

X: @Kaleemimam. Email: skimam98@hotmail.com: FB: @syedkaleemimam