From Creeper to PECA: The Evolution of Cybercrime and Legal Frameworks

As the world ages, experienced minds continue to accumulate. As each day evolves, the revolution deepens along the pathways of technology. The existence of AI is spreading like an essential utility. Technology has overtaken daily life, making people dependent on it for both small tasks like calculations and larger responsibilities such as managing a company’s budget. While it is commonly used for everyday purposes—whether trivial or critical—exposure to danger accompanies this dependence.

Bob Thomas, known as the father of cybersecurity, invented the “Creeper” in 1971, which enabled access to another computer through a single system. In today’s era, this technique is referred to as hacking. Although Thomas did not design it to corrupt data, it was misused. Subsequently, Ray Tomlinson developed the “Reaper” to eliminate the Creeper worm, marking the creation of the first known antivirus. The Vienna virus was the first to be destroyed by antivirus software (History of Cybersecurity).

The role of technology is inevitable in the everyday lives of humans. It would not be wrong to say that the smarter the technology, the greater the chance of theft—much like with a rare diamond. The 1990s became an eye-opening era for people unaware of cybercrime. Ian Murphy was the first individual convicted of cybercrime for breaching AT&T’s computers in 1981. In the infamous “Morris Worm” attack of 1988, a company’s billing system was manipulated, resulting in long-distance calls being charged during off-peak hours. Although it seemed harmless, this incident revealed the dangers of internet-based attacks.

In 1994, Vladimir Levin hacked into Citibank and transferred over $10 million. Later in 1999, the Melissa virus—spread via email—automatically sent itself to the first 50 contacts in a victim’s address book. Its significant disruption led to the creator being sentenced to 20 months in prison (History of Cyber Attacks).

As the scope of technology expands, so do the types of cybercrimes. People are increasingly seeking protection from online fraud, privacy violations, and terrorism. A strong legal framework is essential to combat cybercrime—a critical need in today’s digital world.

The first international treaty addressing computer crime was drafted in 1996 by the Council of Europe, along with representatives from the United States, Canada, and Japan. Although civil liberties groups initially protested provisions requiring Internet Service Providers (ISPs) to store and provide user data upon request, the treaty proceeded. On November 23, 2001, the Council of Europe Convention on Cybercrime was signed by 30 states and came into effect in 2004.

Following the events of 9/11, the USA PATRIOT Act became stricter. It governs internet activity, allows surveillance of communications, and regulates data access. The Act prohibits eavesdropping and, under Sections 201 and 202, added computer and terrorist crimes to the list of serious offenses that justify court-ordered surveillance. The Act also expanded the Secretary of the Treasury’s authority to combat money laundering (Britannica – USA PATRIOT Act).

Cybercrime laws are as mandatory as technology is essential in modern human life. To address this, Pakistan implemented its own laws to regulate cyberspace. The Prevention of Electronic Crimes Act, 2016 (PECA), is the principal law dealing with cybercrime in Pakistan. It criminalizes various cyber-related offenses. Of the 23 offenses under PECA, only three—cyberterrorism and crimes against dignity and modesty—are cognizable under Section 43. This means legal action on the remaining offenses requires a judicial order, which may hinder immediate redress for victims.

PECA is both substantive and procedural. The Prevention of Electronic Crimes Investigation Rules, 2018, enacted under Section 51 of PECA, authorize only the Federal Investigation Agency (FIA) to investigate cybercrimes. The FIA’s Cyber Crime Wing plays a crucial role by providing an online complaint system with responsive support (Legal Framework for Policing Cyberspace in Pakistan).

Misinformation is a major source of unrest in any state. A recent incident almost triggered conflict between Pakistan and India, instigated by misinformation from Indian news channels. These outlets falsely claimed the Indian army had taken over parts of Pakistan, using AI-generated videos and old footage from the Israel-Palestine conflict. In response, Pakistani channels aired old clips of Pakistani jets downing Indian aircraft. Whether intentional or not, this misinformation misled the public.

To address such issues, Pakistan amended PECA in recent years. Under the amendment, authorities can now block online content or platforms that spread fake news. Moreover, sharing misinformation is now a non-bailable offense punishable by up to three years in prison.

With the increasing use of technology come common but serious threats to both data and human security. This is why Pakistan’s legal system has developed strict laws and legal precedents that leave no escape for offenders. In Muhammad Haseeb v. State (2024 PCrLJ 1462 Islamabad), under Section 497, the accused was denied bail after unauthorizedly capturing objectionable photos of the complainant. The complaint fell under cyberstalking and offenses against modesty, underscoring how the law protects both major and minor interests of individuals.

Similarly, social media platforms have enabled the widespread dissemination of misleading content. In the case Ismail Ijaz v. State, charges were filed under Sections 9, 10, and 11 of PECA 2016, for hate speech and cyberterrorism.

According to the National Assembly of Pakistan, since 2020, a total of 7,020 individuals have been arrested for cybercrime, with only 222 convictions—a rate of just 3.16%. From 639,564 complaints filed with the FIA, 414,260 were verified, resulting in 73,825 inquiries and 5,713 cases taken to court (Dawn News Report).

Section 24 of PECA prescribes up to 3 years’ imprisonment for cyberstalking, while Section 14 provides for 2 years for electronic fraud. In conclusion, despite the dark side of technological advancement, cyber laws serve as a vital gateway to safeguarding society.

Maryam Ghazanfar

The author is an Advocate of the High Court and a lecturer at the University of Gujrat. She also serves as the General Secretary of the Gujrat Tax Bar and the Finance Secretary of the District Bar Association Gujrat.

This author does not have any more posts.