Surveillance in Pakistan

An examination of the current surveillance practices in Pakistan reveals how both governmental and private corporations contribute to the expanding surveillance infrastructure within the country. Surveillance in Pakistan has expanded significantly over the past decade, and this growth has raised alarms regarding privacy, freedom of expression, and political rights.

Legislative Framework

Central to this expanding surveillance infrastructure are the legal frameworks and legislations in Pakistan, which provide the basis for the extensive monitoring of telecommunications and online activities, raising critical concerns about privacy and individual freedoms. The foundation of telecommunications surveillance in Pakistan lies in the Pakistan Telecommunication Act of 1996 and the Prevention of Electronic Crimes Act (PECA) of 2016. These laws grant the government broad powers to intercept telecommunications, allowing for the monitoring of mobile and internet data. For instance, under PECA 2016, service providers are legally permitted to keep user traffic data for one year and are obligated to provide it to the state for inspection purposes.[1] Moreover, the role of the Pakistan Telecommunication Authority (PTA) further strengthens the enforcement of these laws, ensuring that service providers comply by collecting and retaining such data. A report published by London-based advocacy group Privacy International claims that the PTA’s licensing requires all phone service providers to make their networks ‘lawful interception-compliant’.[2] This allows them to have access to their data. As a result, telecom providers such as PTCL, Telenor, Jazz, and Ufone are legally mandated to store user data for up to a year.[3] This data is then accessible to law enforcement agencies upon request, under the guise of crime prevention and national security.

Safe City Projects

While the legal frameworks lay the groundwork for surveillance, various government-backed initiatives and projects further solidify the infrastructure for surveillance of the citizens. In major urban centers like Islamabad, Lahore, and Karachi, Pakistan has implemented Safe City Projects as part of a national initiative to enhance security through surveillance technologies[4]. These projects deploy an array of CCTV cameras, facial recognition systems, and motion detection technologies aimed at monitoring public spaces for security purposes. The extensive use of facial recognition technology in public spaces can lead to a situation where individuals are constantly monitored, raising ethical questions about consent and the potential for misuse, especially in politically sensitive contexts. For example, the use of surveillance technologies during political protests or opposition activities leading to the identification and targeting of individuals expressing dissenting views undermining freedom of expression and assembly.

International involvement in domestic surveillance

Furthemore, domestic surveillance initiatives are further amplified by the involvement of international technology firms and global partnerships, which provide Pakistan with the tools and expertise necessary to expand its surveillance capabilities. Agencies like the Inter-Services Intelligence (ISI) and other military and intelligence units have worked in collaboration with foreign companies like Huawei, Ericsson, and Thales to develop the necessary technologies for intercepting telecommunications and internet traffic[5]. Lawful Interception Gateways (LIG) provided by these private corporations enable the government to monitor communications at scale. A report by Privacy International disclosed  a 2013 confidential ISI proposal which was named as “Targeted IP Monitoring System and Common Operations Environments (COE)”[6]. This proposal outlined the idea to tap into undersea fiber-optic cables in southern Pakistan with the help of private companies allowing the interception of approximately 660 gigabytes of data per second[7]. Moreover, a case at the Supreme Court pertaining to phone tapping showed that the ISI allegedly tapped 6,523 phones in February, 6,819 in March and 6,742 in April this year with the help of these private corporations.[8] Furthermore, Pakistan also allowed German firm FinFisher that operated two command-and-control servers on the Pakistan Telecommunication Company Limited (PTCL) network leading to access of devices.[9] In addition, Pakistan enabled the U.S National Security Agency (NSA) and the U.K.’s Government Communications Headquarters (GCHQ) to collect billions of records from Pakistani networks and corporations[10]. Moreover, GCHQ also hacked into Pakistan Internet Exchange which provides access to almost any user of the internet making Pakistan one of the most heavily surveilled countries globally[11].

Surveillance on Social Media

In addition to physical surveillance systems, the government has increasingly turned its attention to monitoring online activities, with a particular focus on social media platforms and digital content primarily to suppress dissent. The Pakistan Telecommunication Authority (PTA) plays a pivotal role in censoring online content, monitoring platforms like Facebook, Twitter, and YouTube for content deemed politically sensitive or threatening to national security. Under the PECA 2016, the government can track online activities and criminalize expressions that challenge the state’s narrative[12]. Additionally, Amnesty International’s September 2025 report, highlights an alarming network of corporations from Germany, China, UAE, Canada and United States as key facilitators of this apparatus. Furthermore, it identifies two primary technologies in Pakistan that form the core of this infrastructure. These involve the Web Monitoring System (WMS 2.0) introduced by Sandvine (Canadian firm) and the Lawful Intercept Management System (LIMS)[13]. Both of them enable Pakistani authorities to intercept telecommunication data, including calls, texts, browsing history and block the content on the internet.

Implications of Surveillance on Human Rights

These expanding surveillance practices underscore the profound implications such systems have for individual freedoms, making it essential to examine why surveillance poses a significant human rights concern for Pakistani citizens. One of the most direct human rights violations caused by surveillance is the infringement on citizens’ right to privacy.

Violation of Article 14 (Right to Privacy)

Article 14 of the Pakistani Constitution guarantees the right to privacy, stating that no individual shall be subjected to arbitrary interference with their privacy, family, or home[14]. However, Pakistan’s extensive surveillance infrastructure, particularly its telecommunications monitoring systems and biometric data collection through the National Database and Registration Authority (NADRA), raises significant concerns about the protection of this fundamental right. For instance, in M.D. Tahir v Director State Bank of Pakistan[15], the Supreme Court reaffirmed this view by stating that conversations over phone are private and intimate in nature and are protected by the constitution under Article 14. Moreover, this right to privacy is also protected under Article 17 of ICCPR which makes it an international obligation as well[16].

Violation of Article 19 (Freedom of Expression)

In addition to this, these surveillance practices evidently affect the freedom of expression of the citizens under Article 19 of the Constitution of Pakistan[17]. Surveillance has a chilling effect on it, as it creates an environment where individuals are deterred from freely expressing their opinions, particularly when their communications are monitored. Pakistan’s growing use of social media censorship under the PECA 2016 reflects a significant erosion of this freedom, as citizens are criminalized for expressing dissenting political views or sharing content critical of the government[18]. This creates a paradox as the platforms like Twitter, Facebook, and Youtube have given journalists, women’s right advocates, and human rights organizations a space to raise awareness, advocate for their rights and put forward social narratives but these surveillance practices restrict this social change[19]. Moreover, in Bytes for All vs. Federation of Pakistan (2013), the case laid down the debate that unlawful intervention in internet surveillance under the guise of public order is a violation of the constitutional protection under Article 19 and 19-A (right to information).

Surveillance leading to Discrimination

In addition to these rights, surveillance leads to discriminatory practices which violate the right to equality. Certain groups in Pakistan such as political dissidents, ethnic minorities, religious groups, and activists are disproportionately affected by surveillance. Furthermore, the article of UNPO highlights the alarming aspect of this practice which is that not only ordinary citizens are being targeted but the judges, politicians, journalists and foreign business entities are also being violated and threatened by this exercise of surveillance.[20] This also affects economic rights and participation, particularly for individuals working in fields such as journalism, activism, or technology. For instance, tech companies, for instance, are often coerced into complying with government demands for access to data, threatening their economic autonomy and corporate independence.

Litigating the Corporations

Corporations involved in surveillance practices can be held accountable for human rights violations based on international legal principles, particularly the UN Guiding Principles on Business and Human Rights (UNGPs). These principles establish that businesses have a responsibility to respect human rights under the “Protect, Respect and Remedy” framework[21]. Therefore, if companies are complicit in causing or enabling such abuses can be held liable under international law.

Furthermore, the Office of the United Nations High Commissioner for Human Rights (OHCHR) further strengthens this framework in its 2012 study on corporate liability which states that companies are responsible if they “aid, assist, or otherwise facilitate” gross human-rights violations[22]. This key provision underlines the corporate duty to not only respect human rights directly but also to prevent facilitating abuses through their operations. If we apply this principle to surveillance practices, corporations that supply or maintain surveillance technologies are engaging in practices that can lead to the violation of human rights. Therefore, given this framework, it is highly plausible that these corporations could be litigated for human rights abuses related to their surveillance activities.

Case Studies

There are also various examples where some corporations were litigated for surveillance- related abuses that opened gates and increased the potential for holding such companies accountable under international law. One significant case that highlights the potential for litigating corporations involved in surveillance is Qosmos, a French company accused of selling surveillance equipment to the Syrian government, which was later used to target political dissidents and suppress opposition[23]. In 2012, human rights organizations such as the International Federation for Human Rights (FIDH) and Ligue des droits de l’Homme (LDH) filed a criminal complaint in Paris against Qosmos. The French judicial system responded by opening an investigation in 2014, treating Qosmos not just as a vendor but as a potential accomplice to crimes against humanity.

In addition, another notable case is that of Cisco Systems, a U.S.-based corporation accused of providing custom-built surveillance technology to the Chinese government[24]. In 2023, the U.S. Court of Appeals revived a lawsuit filed by a group of plaintiffs who alleged that Cisco’s technology was used to enable China’s mass surveillance apparatus violating their freedom of privacy. The Court of Appeals recognized that a U.S. corporation could be held liable for aiding and abetting human rights abuses, even if those abuses occurred abroad and were committed by foreign governments.

Furthermore, the case of NSO Group, the Israeli firm behind the infamous Pegasus spyware, represents another pivotal example of corporate responsibility for surveillance-related human rights abuses[25]. In 2019, WhatsApp (now Meta) sued NSO Group for hacking and unauthorized surveillance of 1,400 users, including journalists, human rights defenders, and political activists. In 2025, a U.S. federal court imposed a substantial damages award on NSO Group for these violations, marking a major legal blow to state-sponsored spyware companies.

These case studies collectively illustrate that the possibility of litigating corporations involved in surveillance leading to human rights violations is not only a theoretical concept but is actively being pursued. The complicity doctrine, which holds that businesses may be responsible for facilitating human rights abuses even if they are not directly involved in the violations, is a central concept making corporations liable for the human rights abuses.

If the possibility of litigation in Pakistan is explored, it becomes clear that certain cases can serve as strong support for the potential of holding corporations liable in this regard. For example, in the case Mohtarma Benazir Bhutto and Others v President of Pakistan[26], the Islamabad High Court ruled that surveillance conducted without proper legal oversight violated the constitutional rights of individuals. Similarly, , in the Bytes for All case, where the Pakistani civil rights group challenged state censorship and surveillance, the courts examined the extent to which digital rights are protected under Pakistan’s constitution. Although the case did not directly target corporate actors, it exposed the extent to which Pakistani state along with service providers are exercising these intrusive surveillance practices under the guise of national security. 

This established the principle that privacy rights are deeply connected to digital and communicative freedom in the modern world. If surveillance technologies are used by private corporations that support these actions then those companies could be held complicit in the violation of these rights. These precedents provide a domestic legal foundation and coupled with international frameworks  such as UNGPs can increase the possibility of litigating these companies and holding them accountable. 

Conclusion

Pakistan’s surveillance apparatus is no longer a peripheral security tool, it has become a deeply embedded feature of state governance, sustained by a permissive legal framework and extensive infrastructure. Together, these forces have normalized a level of monitoring that directly undermines the fundamental rights guaranteed under Articles 14 and 19 of the Constitution, disproportionately burdening journalists, activists, minorities, and political dissidents.

Pakistan’s own courts, through cases like Bytes for All and the Benazir Bhutto ruling, have already laid a domestic foundation recognizing that unchecked surveillance violates constitutional protections. What remains missing is the political will and judicial follow-through to extend these precedents specifically to the corporate actors that build and maintain this infrastructure. However, the trajectory of litigation against corporations can offer a route to accountability that doesn’t depend on reforming the Pakistani state itself, at least not in the first instance.


[1] Prevention of Electronic Crimes Act (PECA) of 2016.

[2] Privacy International. (2015). Tipping the scales: Security & surveillance in Pakistan. In Special Report. https://www.privacyinternational.org

[3] ibid

[4] https://www.dawn.com/news/1943136

[5] UNPO. (2015, July 22). Pakistan’s Invasive Mass Surveillance System: A Violation of International Standards -. UNPO. https://unpo.org/pakistan%EF%BF%BDs-invasive-mass-surveillance-system-a-violation-of-international-standards/

[6] Privacy International. (2015). Tipping the scales: Security & surveillance in Pakistan. In Special Report. https://www.privacyinternational.org

[7] ibid.

[8] Ibid 5.

[9] Digital Rights Foundation. (2020). Impact and legality of surveillance.

[10] Ibid 6

[11] Digital authoritarianism and activism for digital rights in Pakistan. (2023).

[12] Prevention of Electronic Crimes Act (PECA) of 2016.

[13] Amnesty International. (2025, September 9). Pakistan: Mass surveillance and censorship machine is fueled by Chinese, European, Emirati and North American companies. https://www.amnesty.org/en/latest/news/2025/09/pakistan-mass-surveillance-and-censorship-machine-is-fueled-by-chinese-european-emirati-and-north-american-companies/

[14] Constitution of the Islamic Republic of Pakistan 1973, art 14.

[15] 2004 C L D 1680 Lhr

[16] Ahmad, K. (2022, September 5). Electronic surveillance and interception laws in Pakistan. Research Society of International Law | RSIL. https://rsilpak.org/2022/electronic-surveillance-and-interception-laws-in-pakistan/

[17] Constitution of the Islamic Republic of Pakistan 1973, art 19.

[18] Ibid 12

[19] Digital authoritarianism and activism for digital rights in Pakistan. (2023).

[20] 15.    UNPO. (2015, July 22). Pakistan’s Invasive Mass Surveillance System: A Violation of International Standards -. UNPO. https://unpo.org/pakistan%EF%BF%BDs-invasive-mass-surveillance-system-a-violation-of-international-standards/

[21] https://www.ohchr.org/sites/default/files/Documents/Issues/Business/DomesticLawRemedies/StudyDomesticeLawRemedies.pdf

[22] Ibid

[23] Ibid

[24] Ibid

[25] Ibid

[26] PLD 1998 Supreme Court 388


Author: Muhammad Umar Motasim

Muhammad Umar Motasim is a final year law student at LUMS, with an interest in corporate law and Space law

Author: Kainat Khan Niazi

Kainat Khan Niazi is a final year student at LUMS with interest in Tax Law and international Law

Leave a Reply

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.