State of Surveillance Pakistan

Pakistan

Table of contents

Introduction

Acknowledgement

The State of Surveillance in Pakistan is the result of an ongoing collaboration by Privacy International and the Digital Rights Foundation.

Key Privacy Facts

1. Constitutional privacy protections: Article 14(1) of the Constitution of the Islamic Republic of Pakistan states that "[t]he dignity of man and, subject to law, the privacy of home, shall be inviolable."

2. Data protection laws: Pakistan does not at present have direct data protection legislation.

3. Data protection agency: Pakistan does not at present have a data protection authority.

4. Recent scandals: Interception across Pakistani networks is pervasive; some of it is also unlawful, according to investigative and media reports.

5. ID regime: Pakistan has one of the world's most extensive citizen registration regimes. This is run by the National Database & Registration Authority (NADRA).

Right to Privacy

The constitution

The Constitution of the Islamic Republic of Pakistan enshrines the right to privacy as a fundamental right. Article 14(1) of the Constitution confirms that "[t]he dignity of man and, subject to law, the privacy of home, shall be inviolable."

As a fundamental constitutional right, the right to privacy is meant to take precedence over any other inconsistent provisions of domestic law. Article 8 of the Constitution provides that "[a]ny law, or any custom or usage having the force of law, in so far as it is inconsistent with the rights conferred [under the Constitution], shall, to the extent of such inconsistency, be void." Article 8 (5), furthermore, states that "[t]he rights conferred by this Chapter shall not be suspended except as expressly provided by the Constitution."

Yet Pakistan's constitution also includes a wide-ranging exception to the primacy of fundamental rights. The provisions of Article 8 do not apply to any law relating to the 'proper discharge' of the duties of the Armed Forces or the police. The breadth of this exception is troubling, especially given the central role that the Armed Forces in particular have played in Pakistan's domestic political landscape historically.

Regional and international conventions

Pakistan is a signatory to several international and regional instruments with privacy implications, including:

  • The International Covenant on Civil and Political Rights (signed April 2008, ratified June 2010). Article 17 of the ICCPR states that "no one shall be subject to arbitrary or unlawful interference with his privacy, family or correspondence." The ICCPR also commits Pakistan to ensuring the protection of other rights that rely on the protection of privacy, such as freedom of expression and freedom of association.
  • The Cairo Declaration on Human Rights In Islam (signed August 1990). Article 18 of the CDHRI affirms that: "a) Everyone shall have the right to live in security for himself, his religion, his dependents, his honor and his property. (b) Everyone shall have the right to privacy in the conduct of his private affairs, in his home, among his family, with regard to his property and his relationships. It is not permitted to spy on him, to place him under surveillance or to besmirch his good name. The State shall protect him from arbitrary interference. (c) A private residence is inviolable in all cases. It will not be entered without permission from its inhabitants or in any unlawful manner, nor shall it be demolished or confiscated and its dwellers evicted."
  • The Convention on the Rights of the Child (ratified November 1990). Article 16 of the CRC states that "1) No child shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honour and reputation. 2) The child has the right to the protection of the law against such interference or attacks."

Communication Surveillance

Introduction

Pakistan's sizeable population generates a huge amount of communications traffic. Approximately 70.25% of Pakistanis have a mobile phone subscription as of August 2017, according to the Pakistan Telecommunications Authority. An estimated 13.8% of the population uses the internet. Fifty operational internet providers and six mobile operators serve this demand.

Social media platforms are widely used in Pakistan. The social network Facebook reportedly had approximately 30 million Pakistani users in 2017. Twitter is estimated to have 3.1 million users. Pakistan also has a rapidly growing blogging community. Blogspot.com is ranked among the top five visited sites by Pakistanis, while the top 20 sites include Facebook, YouTube, DailyMotion, Blogger.com, Wordpress.com, Pinterest and Twitter.

Surveillance laws

A number of laws regulate communications surveillance in Pakistan.

The Investigation for Fair Trial Act (2013)

This act allows for access to data, emails, telephone calls, and any form of computer or mobile phone-based communication, subject to a judicial warrant. However, a warrant can be requested wherever an official has 'reasons to believe' that a citizen is, or is 'likely to be associated' with, or even 'in the process of beginning to plan' an offence under Pakistani law.

The Prevention of Electronic Crimes Act (2016)

Introduced in the wake of the deadly December 2014 terrorist attack on a Peshawar school, the Prevention of Electronic Crimes Act (PECA) was drafted as part of the government's National Action Plan to combat terrorism. The PECA was designed to tackle cyberstalking, online harassment, forgery, blasphemy and forms of cyberterrorism. As has been analysed at length by Pakistani and foreign rights organisations including Privacy International, Digital Rights Foundation, Human Rights Watch and Amnesty International, the PECA utilises such overly broad legal language that it potentially criminalises freedom of expression, and further weakens the right to privacy of Pakistani citizens. On 11 August 2016, despite severe criticism and condemnation by Pakistani and international rights organisations and bodies, the National Assembly of Pakistan approved the PECA, making it law.

Section 34 gives the Pakistan Telecommunications Authority the power to block or remove access to information "if it considers it necessary in the interest of the glory of Islam or the integrity, security or defence of Pakistan or any part thereof, friendly relations with foreign states, public order, decency or morality."

Section 36 allows for "Real-time collection and recording" of data: "[i]f a Court is satisfied on the basis of information furnished by an authorised officer that there are reasonable grounds to believe that the content of any information is reasonably required for the purposes of a specific criminal investigation, the Court may order, with respect to information held by or passing through a service provider, to a designated agency as notified under the Investigation for Fair Trial Act, 2013 (l of 2013) or any other law for the time being in force having capability to collect real time information, to collect or record such information in real-time coordination with the investigation agency for provision in the prescribed manner."

Section 38 states: "Notwithstanding immunity granted under any other law for the time being in force, any person including a service provider while providing services under the terms of lawful contract or otherwise in accordance with the law or an authorized officer who has secured access to any material or data containing personal information about another person, discloses such material information to any other person, except when required by law, without the consent of the person concerned or in breach of lawful contract with the intent to cause or knowing that he is likely to cause harm, wrongful loss or gain to any person or compromise confidentiality of such material or data shall be punished with imprisonment for a term which may extend to three years or with fine which may extend to one million rupees or with both.

Provided that the burden of proof of any defense taken by an accused service provider or an authorized officer that he was acting in good faith, shall be on such a service provider or the authorized officer as the case may be."

Section 39(1) permits the sharing of "electronic communication or data or for the collection of evidence in electronic form" with any foreign government "24 x 7 network, any foreign agency or any international organisation or agency for the purposes of investigations or proceedings".

Section 39 (2) gives the government the permit to "forward to a foreign government….any information obtained from its own investigations if it considers that the disclosure of such information might assist the other government, agency or organisation etc."

The Monitoring and Reconciliation of Telephony Traffic Regulations (2010)

In addition to the acts listed above, section 4 of the Monitoring and Reconciliation of Telephony Traffic Regulations (2010) requires each long distance and international service provider to establish a system that allows for real-time monitoring and recording of traffic on its networks.

Data retention

Pakistani providers are required to retain communications data as a condition of their operating license. Since 2004, network providers have been required to comply with requests for interception and access to network data as a standard condition of the PTA's award of operating licenses to phone companies.

The 2002 Electronic Transaction Ordinance (ETO) in points 5 and 6 imposes data retention requirements:

"The requirement under any law that certain document, record, information, communication or transaction be retained shall be deemed satisfied by retaining it in electronic form if :

(a) the contents of the document, record, information, communication or transaction remain accessible so as to be usable for subsequent reference;

(b) the contents and form of the document, record, information, communication or transaction are as originally generated, sent or received, or can be demonstrated to represent accurately the contents and form in which it was originally generated, sent or received; and

(c) such document, record, information, communication or transaction, if any, as enables the identification of the origin and destination of document, record, information, communication or transaction and the date and time when it was generated, sent or received, is retained.

The Prevention of Electronic Crimes Act 2016 requires judicial oversight for access to retained data. Section 29 states:

"A service provider shall, within its existing or required technical capability, retain its specified traffic data for a minimum period of one year or such period as the Authority may notify from time to time and, subject to production of a warrant issued by the court, provide that data to the investigation agency or the authorized officer whenver so required."

Surveillance actors

Security and law enforcement agencies

Since its creation in 1947, Pakistan's armed forces, security and intelligence agencies have had a central role to play in Pakistani politics; these include three periods of military rule, the most recent from 1999 to 2008. Pakistan's geographic location has also meant that it was a key American geopolitical partner during the Cold War, which in turn has influenced and strengthened the intelligence agencies. This relationship continues into the present day, with the onset of the global anti-terrorism effort.

The Pakistani government is engaged in a protracted conflict against armed militant groups within and outside its borders; it is a key player in the global 'war on terror'. Communications surveillance — of phone and internet protocol (IP) traffic, domestically and internationally — and other forms such as biometric or device registration, is justified by the government as necessary to counter these internal and external threats, even as it becomes less targeted and more widespread against ordinary civilians.

Intelligence functions are dispersed across a number of government agencies that collect and/or use intercepted communications. Each branch of the armed forces has its own intelligence service conducting signals intelligence. The main agencies include:

  1. The Inter-Services Intelligence (ISI);
  2. The Intelligence Bureau (IB);
  3. Federal Investigation Agency (FIA);
  4. Crime Investigation Department (CID);
  5. National Counter Terrorism Authority (NACTA);
  6. National Crises Management Cell (NCMC); and
  7. Military Intelligence (MI).

The Ministry of Justice is responsible for the Federal Investigation Agency and others that use intercepted communications data for criminal investigation and prosecution. Under the Ministry of Science and Technology, the Joint Intelligence Technical and Joint Intelligence X units carry out a number of surveillance research and development functions. The Intelligence Bureau, under the Prime Minister, has also used intercepted communications data.

Surveillance capabilities

IMSI Catchers

Law enforcement agencies across Pakistan widely use mobile monitoring equipment for identification and/or interception. The Pakistani government has imported many tactical communications surveillance technologies from Europe. In 2010, the German government granted German companies export licenses valued at EUR 3.9 million to export "monitoring technology and spyware software" to Pakistan, according to Privacy International. Between 2012 and 2014, Swiss companies were granted licenses to export dual-use communications surveillance technology to Pakistan. The total value of the three exports based on the category provided was over CHF 1 million according to records obtained by Privacy International. Finland, too, granted licenses to companies based in Finland to export surveillance technologies to Pakistan. For instance, the export authority authorized four export licenses to ABB, an automation technology company, to provide "waveform digitisers and transient recorders" in Pakistan, which are used to analyse audio and remote sensing data.

Internet Protocol monitoring centre

In 2013, the Inter-Services Intelligence (ISI), Pakistan's best known intelligence agency, sought to commission a mass surveillance system to tap international undersea cables at three cable landing sites in southern Pakistan, according to documents obtained by Privacy International. The "Targeted IP Monitoring System and COE [Common Operations Environments]" would allow Pakistan to collect and analyse a significant portion of communications travelling within and through the country at a centralized command centre.

The total intake of data every second sought by Pakistan in the proposal document would rival some of the world's most powerful surveillance programmes, including the UK's 'Tempora' and US' 'Upstream' programmes. What the ISI wanted to build, according to the request for proposals, was a complete surveillance system that would capture mobile communications data, including Wi-Fi, all broadband internet traffic, and any data transmitted over 3G. According to the documents, the interception activities were to be "seamless" and "must not be detectable or visible to the subscriber".

Intrusion malware

In April 2013, computer forensic research by The Citizen Lab revealed the existence of a command and control server for FinFisher, an intrusion malware suite, operating within Pakistan. FinFisher is produced by Germany-based company FinFisher GmbH; prior to 2013, the FinFisher suite was sold by Anglo-German company Gamma International. The following year, documents obtained from a FinFisher server revealed support requests from an apparent Pakistani client — identification number 'ID 32' — dating back to 2011. In 2013, following this revelation, the Pakistani civil society group Bytes for All filed a petition in the Lahore High Court. The court ordered the PTA to look into the matter and produce a report within one month. The PTA has not yet filed their report, and attempts to gain further hearings on the issue have been unsuccessful.

Pakistan also sought to acquire intrusion malware from Hacking Team, an Italian company and rival of FinFisher. Pakistani companies attempted to contract business with Hacking Team for sale to Pakistani law enforcement or intelligence clients in March 2015, according to analysis of leaked data by the Digital Rights Foundation. Hacking Team's core business centred around their Remote Control System (RCS) software suite, which allows customers to infiltrate the computer and mobile devices of targeted individuals and install backdoors, in turn allowing for undetectable monitoring.

Lawful interception on communications networks

Pakistan has a thriving communications surveillance industry that has developed to meet the growing demand for increased levels of surveillance. Pakistani companies such as the Center for Advanced Research in Engineering and the National Radio Telecommunication Corporation of Pakistan have all developed network surveillance tools, partly in collaboration with the military. Other companies provide both interception technologies as well as facilities to monitor and analyse transmitted data.

An investigation Privacy International found seven international firms providing lawful interception equipment in Pakistan— Alcatel (France), Atis (Germany), Ericsson (Sweden), Huawei (China), Trovicor (Germany) (formerly Nokia Siemens Networks), SS8 (US) and Utimaco (Germany). The equipment, ranging from lawful interception gateways and switching equipment to monitoring centres, was provided to Pakistani networks including, PTCL, Mobilink, Ufone and others to facilitate law enforcement and intelligence agencies' access to communications data.

Two companies in particular — Trovicor, a German surveillance technology company and the company of which it was formerly a unit, Nokia Siemens Networks (NSN) — were particularly active in providing monitoring centre solutions to the Pakistani government. NSN has been a main player in the Pakistani surveillance market since the late 1990s and was one of the first companies to provide mobile (GSM) network lawful interception capacity in Pakistan.

Packet Inspection

The same technologies that the Pakistani government uses for censorship are also used for surveillance. Censorship of online content is widespread and justified as a means to prevent the sharing of pornographic, obscene, and blasphemous material in the Islamic republic.

The Pakistani government has purchased a number of 'packet inspection' technologies. Pakistan Telecommunications Ltd (PTCL), Pakistan's largest telecommunications company that also operates the Pakistan Internet Exchange has proxies in place to do "deep packet inspection" of internet traffic. The technology to conduct deep pack inspection were provided in part by US-based Blue Coat systems, according to industry sources speaking to Privacy International. Blue Coat's "ProxySG" product acts as a gatekeeper of access to the internet and services within it, from Secure Socket Layer (SSL) encryption, to HTTPS. Packet filtering products by Netsweeper have also been installed on PTCL's network, according to a 2013 investigation by the Citizen Lab. They have reportedly been a vital tool in the government's censorship of the internet.

Civil society organisations have taken legal action to protest surveillance in Pakistan. In 2012, Bolo Bhi and several bloggers and others also took the government to court against its practise of blocking websites and the plan to have a national filtering system in place, arguing that the IT Ministry and the PTA were illegally blocking and censoring access to some websites and forums that criticised the workings of the state. In 2011, civil society group Bytes for All announced it would challenge the validity of the SMS filter in court.

Surveillance oversight, checks and balances

There is currently no stringent public oversight of surveillance. Attempts to push forward such measures in the past have been unsuccessful. Checks and balances are currently in the form of provisions that request that the courts approve warrants, as well as public outcry from civil society stakeholders.

Surveillance case law

Privacy International is not aware of any specific surveillance case law in Pakistan. Please send any tips or information to: research@privacyinternational.org

Examples of surveillance

Popular support for surveillance of communications is high in Pakistan. Intermittent but devastating attacks within Pakistan's major cities by insurgent groups, such as the 2014 Peshawar school attack by a Taliban-affiliated group, have been cited as a reason to expand surveillance in Pakistan.

Surveillance of citizens

Interception across Pakistani networks is therefore pervasive; some of it is also unlawful. A Supreme Court hearing about a case concerning phone tapping revealed that the ISI had tapped 6,523 phones in February, 6,819 in March and 6,742 in April 2015. A case was brought in 1996 following evidence that the then-Chief Justice's phone had been tapped. No details about the procedures and process for intercepting communications have yet been publicly released.

In 2016, Senator Saleem Mandviwalla of the Pakistan People's Party, claimed that "the federal government had authorised the tapping of his phone and interception of his personal data."

Surveillance of activists and journalists is reportedly widespread. In February 2017, the Digital Rights Foundation published a report detailing the experiences of seven female journalists in Pakistan. They detailed extensive social surveillance and harassment, as well as suspected electronic surveillance.

Attacks on Pakistani territory frequently prompt calls for more invasive surveillance capacities. For example, an assassination attempt on Khawaja Izharul Hassan, the opposition leader of the Sindh Assembly, in September 2017 prompted politicians including Senator Raza Rabbani to write to university officials urging more surveillance of students.

UK and US government surveillance

Pakistan networks have also been targeted by the UK's Government Communications Headquarters (GCHQ). In 2010, a joint unit of the US' National Security Agency (NSA) and GCHQ hacked the world's largest producer of SIM cards, Gemalto. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world's mobile communications, including both voice and data.

GCHQ successfully identified the identifying information of tens of thousands of SIM cards in a number of countries. However, GCHQ's automated key harvesting system failed to produce results against Pakistani networks. This is despite there being "priority targets" for the UK in Pakistan, and despite the fact that GCHQ had a store of 'Kis' keys from two major Pakistani providers, Mobilink and Telenor. GCHQ has also hacked into the Pakistan Internet Exchange, a common point of transfer for a significant portion of Pakistanis' communications, as part of its Computer Network Exploitation operations, giving the spy agency "access to almost any user of the internet" inside Pakistan.

Pakistan cooperates heavily with international surveillance initiatives against its own citizens, particularly those led by the US National Security Agency (NSA). The Pakistani government is by far the largest known recipient of NSA funds.

The NSA appears to especially value its relationship with Pakistan. The NSA maintained a 'special collection service' at its embassy and consulates in Pakistan. In 2008, it maintained at least one server in Pakistan for its programme XKeyscore, which searches and analyzes intercepted data. Under the Boundless Informant program, the NSA collected over 97 billion pieces of intelligence globally over a 30-day period ending in March 2013. Within this, Pakistan had the highest number of intercepted DNR (dialed number recognition) and second highest number of intercepted DNI (dialed number identification).

Pakistan also featured strongly in the NSA's Fairview program. Fairview is a mass surveillance programme designed to collect phone, internet and e-mail data in bulk from the computers and mobile telephones of foreign countries' citizens. NSA slides published in Brazil's O Globo show that in one month in 2012, for instance, the NSA analyzed 11.7 billion records of DNI traffic into and out of Pakistan, as well as traffic to top Pakistani domain names.

A June 2012 NSA document shows that the NSA, through its SKYNET programme, harvests call data from Pakistani telecommunications providers (though it does not specify how) and that 55 million phone records were fed into an NSA analysis system for an analysis exercise. Known ISI agents were tracked in this experiment and an Al Jazeera journalist was misidentified as being a member of Al Qaeda.

In November 2016, a group called the Shadow Brokers released a cache of data purporting to be taken from the NSA. The cache revealed hundreds of IP addresses apparently compromised by the NSA as part of its operations. The data suggests that elements of Pakistan's internet infrastructure, including PTCL gateway exchange in Lahore, and ISPs including Paknet (which was merged into PTCL in 2007), Multinet and Micronet were compromised.

The Pakistani government's reaction to revelations that foreign governments have engaged in mass surveillance of communications has been mixed. In 2013, Pakistani senators expressed concern after initial revelations about the scale of NSA surveillance in Pakistan, and in 2014, the Pakistani Foreign Office officially protested against the NSA's surveillance of its left-leaning political party, the Pakistan People's Party (PPP). The Pakistani government have made few statements about the NSA's activities in Pakistan. In contrast, civil society in and out of Pakistan reacted vehemently to the revelations.

Data Protection

Data protection laws

Accountability mechanisms

Data breaches: case law

Examples of data breaches

Identification Schemes

ID cards and databases

Voter registration

SIM card registration

Policies and Sectoral Initiatives

Cybersecurity policy

The Prevention of Electronic Crimes Act (2016), though dealing with cybercrime in particular, has provisions that also concern "cyber terrorism". Section 10, "Cyber terrorism", states:

"Whoever commits or threatens to commit any of the offences under sections 6, 7, 8 or 9, where the commission or threat is with the intent to:

(a) coerce, intimidate, create a sense of fear, panic or insecurity in the Government or the public or a section of the public or community or sect or create a sense of fear or insecurity in society; or

(b) advance inter-faith, sectarian or ethnic hatred,

shall be punished with imprisonment of either description for a term which may extend to fourteen years or with fine which may extend to fifty million rupees or with both."

Cybercrime

The Prevention of Electronic Crimes Act (PECA) (2016) regulates cyber crime in Pakistan. The PECA establishes mechanisms by which state officers may order the retention or provision of communications data (including from operators of communications networks). While the officer is required to notify a court of these orders, the court has no role in vetting or reviewing the grounds, or of considering the necessity or proportionality of any action taken. These powers apply to communications data rather than the content of communications. Yet significant concerns remain about the bill's implications for citizens' privacy. Communications data allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, relating to personal associations, patterns of behaviour and the like, as the Court of Justice of the European Union recently noted. ​Pakistani civil society groups have also been actively engaging in consultation processes around the PECA, after a version of the draft bill was leaked in early 2015.

The Federal Investigation Agency (FIA), an autonomous federal institution charged with investigating terrorism, federal crimes as well as electronic crimes. Its National Response Centre for Cyber Crimes (NR3C) was established in 2002, but it was not until the promulgation of the Prevention of Electronic Crimes Ordinance (PECO), that the agency gained greater legislative powers to investigate, prosecute and control electronic crime, report the Pakistani civil society group Bytes for All.

The Punjab Protection of Women Against Violence Act (2016) also makes a one-line mention of cybercrime as contained within the definition of "violence" that the Act criminalises.

Encryption

Licensing of industry

The Pakistan Telecommunication Authority (PTA) is the main regulatory and license-issuing body overseeing the internet and telecom industry in Pakistan. It also promotes the spread of internet and telecommunication services and makes recommendations on matters of policy. ​The PTA has been given authority to monitor internet traffic when required by law and has also been given responsibility, according to Section 34 of the Prevention of Electronic Crimes Act (2016), to block "objectionable" content. The PTA chairman and members are appointed by the federal government and it reports to the Ministry of Information Technology and Telecommunication, according to the Pakistan Telecommunication (Re-organization) Act (1996).

The PTA has also been given the ability to issue policy directives. An example of this is the 21 July 2011 directive that called for the banning of encryption mechanisms except on a case by case basis, provided a formal request has been made to the PTA.

Freedom House's 'Freedom on the Net' index mentions that international human rights organisations, free expression groups and experts have expressed reservations about the PTA's governance structure, openness, and independence as a regulatory body. Freedom House cite "the repeated failure to make new appointments" to the PTA, following a number of reservations over the transparency of the appointment process.

In terms of blocking and filtering content, the authority relies primarily on maintaining a blacklist of URLs that are blocked at both the internet exchange point (IXP) through the Pakistan Internet Exchange (PIE) and by the internet service providers (ISPs). A 2013 report by the Citizen Lab revealed that PTA has been using Canadian company Netsweeper's technology for blocking and filtering online content.

Communications Service Providers

There are at least 50 operational internet service providers (ISPs) in Pakistan. These include Pakistan Telecommunication Company Ltd (PTCL). Bytes for All reported that the overall bandwidth in Pakistan ranges around 130,000 Mbits through four undersea cables — three controlled by Pakistan Telecommunication Company Ltd (PTCL) and one by Transworld Associates (TWA). As of June 2017, a new submarine cable, the AAE-1 (also called Asia-Africa-Europe-1) cable, has been servicing Pakistan. PTCL, an ISP which is partly owned by the government, also operates the Pakistan Internet Exchange (PIE) which facilitates most of the internet traffic exchange between ISPs inside and outside the country. PIE was created in 2000 to provide a single backbone for Pakistan by providing peering points for ISPs.

As of 2017, there are four cellular mobile service providers operating in Pakistan: Mobilink/Jazz/Pakistan Mobile Communications Limited (PMCL) (owned by VimpleCom Ltd), Warid (merged with Mobilink by VimpleCom in 2015), Ufone/Pak Telecom Mobile Limited (owned by Etisalat), and Zong Pakistan (owned by China Mobile Pakistan). Apart from Mobilink, the rest are owned by foreign service providers (Telenor, however, retains a 42.95 % share in VimpleCom Ltd).

A fifth provider, the Special Communication Organisation (SCO), is owned by the Government of Pakistan, and offers cellular services. In October 2017, the National Assembly Standing Committee on Information Technology approved a proposal to allow the SCO to operate commercially and compete with the private telecom operators nationwide. The SCO previously had primarily been responsible for providing communications services in the northern Azad Jammu & Kashmir and Gilgit Baltistan regions bordering India. Describing itself as a "public sector organization working under Ministry of IT", the SCO has an unclear relationship to the Pakistan Army, with some reports describing the SCO as a subsidiary of the Pakistan Army.

Nationwide fiber-optic framework

The Pakistani government appears to be engaged in a "radical overhaul" of Pakistan's communications network infrastructure facilitated by the Long Term Plan (LTP) for a China-Pakistan Economic Corridor (C-PEC).

According to a roadmap document covering the period 2013-2015 seen by Dawn, a critical component of the partnership between the two countries is a new, upgraded fibre optic cable network which connects Pakistan directly with China via central Asia. The revelation about the proposed network raised security concerns that internet traffic could potentially be monitored by China.

E-governance/digital agenda

Health sector and e-health

Smart policing

Transport

Smart cities

Migration

Emergencies response

Humanitarian and development programmes

Social media