KARACHI: The interior ministry has informed the Sindh High Court that no data related to Pakistani mobile users was leaked on the part of the National Database and Registration Authority (Nadra).
The SHC was hearing a petition seeking a probe into reports regarding an alleged data breach of 115 million mobile phone users from Pakistan and its sale on the darknet.
When the matter came up for hearing, an assistant attorney general submitted the comments on behalf of the interior ministry.
The report stated that an inquiry board was constituted on the purported data leakage and it concluded that the report of M/s Rewterz, a specialised cybersecurity services firm in Pakistan, itself confirmed that data shared was related to Pakistan mobile users and not of Nadra while a detailed forensic analysis through various tests also reconfirmed that there was no data leakage on part of Nadra.
Court issues notices on a plea against continuation of quota system in CSS exams
“The computerised national identity cards (CNIC) data is being presently used as a single identity by many government departments and companies and sample leaked data was obtained and found that data does not correlate with the Nadra database,” it added.
It further said that the ministry of information technology would be in a better position to submit relevant details in court as it had already been cited as one of the respondents in the petition.
In the last hearing, the bench headed by Justice Mohammad Ali Mazhar had directed the Pakistan Telecommunication Authority (PTA) to take all necessary preventive steps to save the mobile users’ data. The cybersecurity researcher of the PTA requested for time to file comments by submitting that the PTA was already conducting an investigation and the report was going to be concluded soon.
Petitioner Advocate Tariq Mansoor had informed the bench that the Citizens Protection (Against Online Harm) Act, 2020 and Data Protection Bill, 2020 were under consideration, but the proper legislation had not been done yet.
The petitioner submitted that there were reports of Rewterz about the personal data breach of 115m Pakistani mobile phone users allegedly by telecom service providers and the same was being shown on the darknet by some cybercriminals, who were demanding 300 bitcoins (BTC) for the data.
He further argued that the data, including full names, complete addresses and CNICs of cellular users, was reportedly put for online sale and it was very alarming and affecting the privacy of citizens.
The petitioner submitted that Senator Rehman Malik, chairman of the Senate Standing Committee on Interior, had also reportedly directed the Federal Investigation Agency (FIA) to probe these reports and submit a consolidated report to the committee.
However, he submitted that it was not properly notified by the federal government and, therefore, the report might not be made public, adding that it was purely a matter of public importance, infringing on fundamental rights of citizens.
He asked the court to issue directives to the ministries of information technology and telecommunication and interior to immediately notify a high-powered commission of inquiry under the Pakistan Commission of Inquiry Act, 2017 to investigate these reports and prosecute the culprits and their abettors in the data breach and leak under the Prevention of Electronic Crimes Act, 2017, the Official Secrets Act and other applicable laws.
Notices issued on plea against quota system
The same bench has issued notices to the establishment secretary, Federal Public Service Commission and law and justice secretary on a petition against alleged quota system in the Central Superior Services competitive exams.
The petitioner contended that the period prescribed in the first proviso of Article 27 (1) of the Constitution for reserving posts for persons belonging to any class or area to secure their adequate representation service in Pakistan had expired in 2013.
However, he argued that the respondents issued notifications in August after making amendments in the Civil Servants (Appointment, Promotion & Transfer) Rules 1973 in order to “safeguard against discrimination in service” and “discourage equal opportunities of employment for all”.
The petitioner submitted that such amendments were ultra vires and inconsistent with several provisions of the Constitution and pleaded to declare these notifications unconstitutional and unlawful and direct respondents to make amendments in accordance with Constitution.
Published in Dawn, December 27th, 2020