An Enough Code of Cyber Laws in Pakistan
S J Tubrazy
A proposed bill of cyber laws is
under reading for legislation in Pakistan. A general discourse is being discussed
as such that there are no cyber laws in Pakistan. In my assertive opinion we
still have an enough code of cyber laws. The provisions of Electronic Transaction
Ordinance 2002 and of Payment System Electronic Funds Transfer Act being
substantive laws cover the almost all financial crimes and cyber privacy crimes.
Substantive Provisions Cyber Laws
The provisions of ETO 2002 deal with
recognition and facilitation of electronic documentation and e-commerce however
ETO 2002 also apprehend the cybercrimes relating to provisions of false
information, issue of false certificate, Violation of privacy of information
and Damage to information system.
Likewise the PSEFTA 2007 provides
regulatory framework for payment systems and electronic fund transfers. It also
provides standards for protection of the consumer and to determine respective
rights and liabilities of the financial institutions and other Service
Providers, their consumers and participants.
Electronic Transaction Ordinance 2002
CHAPTER 8
OFFENCES
34. Provision of false information,
etc. by the subscriber. (1) Any subscriber who:
(a) provides information to a
certification service provider knowing such information to be false or not
believing it to be correct to the best of his knowledge and belief;
(b) fails to bring promptly to
the knowledge of the certification service provider any change in circumstances
as a consequence whereof any information contained in a certificate accepted by
the subscriber or authroised by him for publication or reliance by any person,
ceases to be accurate or becomes misleading, or
(c) knowingly causes or allows a
certificate or his electronic signatures to be used in any fraudulent or
unlawful manner, shall be guilty of an offence under this Ordinance.
(2) The offence under sub-section
(1) shall be punishable with imprisonment either description of a term not
exceeding seven years, or with fine which may extend to ten million rupees, or
with both.
35. Issue of false certificate,
etc.—(1) Every director, secretary and other responsible officer, by whatever
designation called, connected with the management of the affairs of a
certification service provider, which:
(a) issues, publishes or acknowledges a certificate
containing false or misleading information;
(b) fails to revoke or suspend a certificate after acquiring
knowledge that any information contained therein has become false or
misleading;
(c) fails to revoke or suspend a certificate in
circumstances where it ought reasonably to have been known that any information
contained in the certificate is false or misleading;
(d) issues a certificate as accredited certification service
provider while its accreditation is suspended or revoked; shall be guilty of
any offence under this Ordinance.
(2) The offence under sub-section (l) shall be punishable
with imprisonment either description of a term not exceeding seven years, or
with fine which may extend to ten million rupees, or with both.
(3) The certification service provider or its employees
specified in sub-section (1),
shall also be liable, upon conviction, to pay compensation
for any foreseeable damage suffered by any person or subscriber as a direct
consequence of any of the events specified in clauses (a) to (d) of sub-section
(1).
(4) The compensation mentioned in sub-section (3) shall be
recoverable as arrears of land revenue.
36. Violation of privacy of
information.—Any person who gains or attempts to gain access to any information
system with or without intent to acquire the information contained therein or
to gain knowledge of such information, whether or not he is aware of the nature
or contents of such information, when he is not authorised to gain access, as aforesaid,
shall be guilty of an offence under this Ordinance punishable with either description
of a term not exceeding seven years, or fine which may extend to one million rupees,
or with both.
37. Damage to information system,
etc.—(1) Any person who does or attempts to do any act with intent to alter,
modify, delete, remove, generate, transmit or store any information through or
in any information system knowingly that he is not authorised to do any of the
foregoing, shall be guilty of an offence under this Ordinance.
(2) Any person who does or
attempts to do any act with intent to impair the operation of, or prevent or
hinder access to, any information contained in any information system,
knowingly that he is not authorised to do any of the foregoing, shall be guilty
of an offence under this Ordinance.
(3) The offences under
sub-section (1) and (2) of this section will be punishable with either
description of a term not exceeding seven years or fine which may extend to one
million rupees, or with both.
38. Offences to be non-bailable,
compoundable and cognizable.—All offences under this Ordinance shall be
non-bailable, compoundable and cognizable.
39. Prosecution and trial of
offences.—No Court inferior to the Court of Sessions shall try any offence
under this Ordinance.
Payment Systems and Electronic Fund Transfers Act, 2007
56. Criminal Liability.- Whoever
knowingly and willfully gives false information or inaccurate information or
fails to provide information which he is required to disclose by this Act or
any instruction issued thereunder, or otherwise fails to comply with any
provision of this Act shall be punished with imprisonment of either description
which may extend to three years, or with fine which may extend to three million
rupees, or with both.
57. Violations Affecting
Electronic Commerce.- Whoever –
(1) knowingly, in a transaction effected by
electronic commerce, uses or attempts or conspires to use any counterfeit,
fictitious, altered, forged, lost, stolen, or fraudulently obtained Debit Instrument
to obtain money, goods, services or anything else of value aggregating five
thousand rupees or more, or
(2) knowingly receives, conceals, uses or
transports money, goods, services or anything else of value aggregating five
thousand rupees or more obtained by use of any counterfeit, fictitious,
altered, forged, lost, stolen, or fraudulently obtained Debit Instrument, or
(3) knowingly receives, conceals, uses, sells,
or transports one or more tickets for transportation, and which have been
purchased or obtained with one or more counterfeit, fictitious, altered,
forged, lost, stolen or fraudulently obtained Debit Instrument, shall be
punished with imprisonment of either description for a term which may extend to
seven years, or with fine which may extend to one million rupees, or with both.
Explanation.-For the purpose of
this section e-commerce means the activity of buying, selling or contracting
for goods, services and making payments using internet or worldwide web through
communication networks including of wireless networks, within or outside
Pakistan.
58. Cheating by Use of Electronic
Device.- Whosoever cheats by pretending to be some other person, or by
knowingly substituting one person for another, or representing that he or any
other person is a person other than he or such other person really is, or by
cheating by impersonation, fraudulently or dishonestly uses any credit or debit
card, or code or any other means of access to an Electronic Fund Transfer
device, and thereby causes any wrongful gain to himself or any wrongful loss to
any other person, shall be punished with imprisonment of either description for
a term which may extend to seven years, or with fine which shall not be less
than the wrongful loss caused to any person, or with both.
Anti-Money Laundering Act 2010
Act of money laundering through
online method amount to cybercrime. Anti-money laundering laws properly knob such
crimes. The section 2 f (v) of Anti-money Laundering Act 2010 recognizes the
electronic money and the record maintained in the electronic device.
Pakistan Protection Act 2014
Crimes via internet and
information technology against state and state owned institutions may be
cybercrimes. The section 2(i) provides a schedule in The Pakistan Protection
Act 2014 which sets the schedule cybercrimes as;
(ix) destruction of or attack on
communication and interaction lines, devices, grids, stations, or systems etc
(xiv) crimes against computers
including cybercrimes, internet offenses and other offences related to
information technology etc
Procedural Cyber Laws
To define the basic digital and
cyber law terms and provide a procedural mechanism for trial and investigation
of cybercrimes, Qanun-e-Shahdat Order 1984 has been necessarily amended. Investigation for Fair Trial Act 2013 has
been enacted for collection, seizure, discovery, forensic and investigation for
digital evidence contain in modern digital devices. The relevant provisions and
sections of enactments are given below;
Investigation of Fair Trial Act 2013
Preamble
An Act to provide for
investigation for collection of evidence by means of modern techniques and
devices to prevent and effectively deal with scheduled offences and to regulate
the powers of the law enforcement and intelligence agencies and for matters
connected therewith or ancillary thereto.
Whereas in order to prevent the
law enforcement and intelligence agencies from using their powers arbitrarily
it is necessary to regulate the said powers and provide for their permissible
and fair uses in accordance with law and under proper executive and judicial
oversight; And whereas further being mindful that the existing laws neither
comprehensively provide for nor specifically regulate advance and modern
investigative techniques such as covert surveillance and human intelligence,
property interference, wiretapping and communication interception that are used
extensively in other jurisdictions to successfully prevent the offences and as
an indispensable aid to the law enforcement and administration of justice.
And whereas in order to
neutralize and prevent the threat or any attempt to carry out scheduled
offenses it is necessary that the law enforcement and other agencies be given
certain specific authorizations to obtain evidence in time and only in
accordance with law;
And whereas it is also in order to
declare the admissibility and use of the material obtained during lawful
investigation under the present law, in judicial proceedings and all other
legal proceedings or processes to ensure fair trial;
Authorization under the
warrant.---(1) The warrant of surveillance
or interception to
be issued by
the Judge may authorize and allow the lawful doing of
any or all of the following acts; namely:--
(a) interception and recording of
telephonic communication of the suspect with any person;
(b) video recording of any person, persons,
premises, event, situation etc;
(c) interception or recording or obtaining
of any electronic transaction including but not limited to e-mails, SMS etc;
d) interception and taking over of any
equipment used in the communication in respect of which the warrant is issued,
including but not limited to telephone, cell phone, mobile sims, electronic
database, demonstrating linking of electronic communication with the database
belonging to the person in respect of whom the warrant has been issued:
Provided
that the Judge shall authorize take-over of equipment only where the material
or statement of the authorized officer discloses a substantial threat or
possibility of an attempt to commit a scheduled offence;
(e) collection
of evidence through any modern devices in addition to the ones mentioned above;
(f) use of
human intelligence;
(g) covert
surveillance and property interference; and
(h) access to
any information or data in any form related to a transaction, communication or
its content.
(2) Any other
form of surveillance or interception that the Federal Government may notify in
this behalf.
17. Method of
executing the warrant.---(1) Where the warrant is issued, the applicant in case
of the warrant of interception, shall approach the designated agency or body,
for serving the same on service provider in the manner provided for in Schedule
III and the designated agency or body shall duly serve the said warrant on the
service provider or give effect to it within seven days.
(2) The service provider shall not extend
technical facilities of interception to any person or organization other than
the Designated Agency or Body.
(3) Where nature of surveillance or
interception is such that it is not necessary to serve the warrant on anyone,
then the same shall not be served and its issuance alone shall be sufficient
basis to collect evidence.
(4) While executing the warrants each
applicant shall act within the mandate provided for it under the law.
18. Indemnity
for service provider.---Access granted by the service provider in accordance
with this law shall not be called in question under any law by any person who
may have been prejudiced by such access.
19. Immunity to
service provider.---The service provider shall have immunity in any civil or
criminal legal proceedings that any person may commence against his corporate
entity or against his office bearers or employees, for having complied with the
warrant issued under this Act.
20. Service
provider to cooperate.---In the event the service provider declines, fails or
interferes in any manner in the execution of warrant then he shall be liable to
have committed an offence under this Act for obstructing investigation and
justice and shall be punished with fine upto ten million rupees.
21. Service
provider to ensure confidentiality.---The service provider shall also be responsible
for ensuring the confidentiality of the execution or warrant from his staff
members except those necessary to execute the warrant and in case of
unauthorized disclosure or misuse of data by any of his staff member, the
officials of the service provider and the concerned staff shall be punished
with imprisonment which may extend
to one year or with
fine which may
extend to ten
million rupees.
Admissibility of warrant based information.---(1)
Notwith-standing anything contained in the Qanun-e-Shahadat, 1984 (P.O.10 of
1984) or any other law for the time being in force, the evidence including
data, information, documents or any other material collected or received under
this Act shall be admissible as evidence in the legal proceedings.
(2) Nothing contained in subsection (1),
shall debar the admissibility of evidence collected or received, prior to the
coming into force or this Act, under the
provisions of any
other law for
the time being in force.
25. Report of expert.---In
case where an analysis of the intercepted material collected pursuant to the
warrant of surveillance or interception is required, then the same shall be
carried out by a person referred to in section 3(f) being suitably qualified,
trained or experienced, who shall be deemed to be an expert as described under
section 510 of the Code of Criminal Procedure, 1898 (Act V of 1898) and his
report shall have the same effect as given to the report of the experts of
different fields mentioned in the said section.
MUTUAL LEGAL
ASSISTANCE
31. Warrants to
be served outside Pakistan.---(1) Warrants obtained under the Act shall be
executable outside Pakistan as well as in foreign jurisdictions, either
directly on the concerned service providers or through mutual legal assistance
mechanism as agreed between Pakistanand the concerned foreign State as provided
under the law, treaty or agreement.
(2) The warrant
issued under this Act shall be processed for execution outside Pakistan through
the Designated Agency or Body.
32. Warrants
received from outside Pakistan.---Warrants received from outside Pakistan may
be executed by the Designated Agency or Body in the light of mutual legal
assistance mechanism as agreed betweenPakistan and the concerned foreign State
as provided under the law, treaty or agreement.
35. Unauthorized
surveillance or interception.---Any person who carries out any surveillance or
interception except in accordance with the provision of this Act shall in
addition to any other punishment to which he may be liable under any other law
for the time being in force be punished with imprisonment for up to three years
and shall also be liable to fine.
QANUN –E-SHAHDAT ORDER 1984
AMENDMENT IN QANUN-E-SHAHADAT ORDER, 1984 (P.O. No. 10 OF 1984)
1. Amendment of Article 2, P.O. No. 10 of 1984.—In the
Qanun-e-Shahadat Order, 1984 (P.O. No.
10 of 1984), hereinafter referred to as the said Order, in clause (1), after
sub-clause (d), the following new sub-clauses (e) and (f) shall be added,
namely:
“(e) the expression, “automated”, “electronic”,
“information”, “information system”, “electronic document”, “electronic
signature”, “advanced electronic signature” and “security procedure”, shall
bear the meanings given in the Electronic Transactions Ordinance, 2002;
(f) the expression “certificate”, where the context so
admits, includes the meaning given to it in the Electronic Transactions
Ordinance, 2002.
2. Amendment of Article 30, P.O. No. 10 of 1984.—In the said
Order, in Article 30, for the full stop at the end a colon shall be substituted
and thereafter the following explanation shall be added, namely:
“Explanation.—Statements gene rated by automated information
systems may be attributed to the person exercising power or control over the said
information system.”
3. Insertion of new Article 46, P.O. No. 10 of 1984.—In the
said Order, after Article 46, the following new Article shall be inserted,
namely:
“46-A. Relevance of information generated, received or
recorded by automated information system.—Statements in the form of electronic
documents generated, received or recorded by an automated information system
while it is in working order, are relevant facts.
4. Amendment of Article 59, P.O. No. 10 of 1984.—In the said
Order, in Article 59—
(a) after the word “impressions” the comma and the words “,
or as to authenticity and integrity of electronic documents made by or through
an information system” shall be inserted ; and
(b) for the words “are relevant facts” the words and commas
“or as to the functioning, specifications, programming and operations of
information systems, are relevant facts” shall be substituted.
5. Amendment of Article 73, P.O. No. 10 of 1984.—In the said
Order, in Article
73, after the second Explanation, the following new Explanations
shall be added, namely:
“Explanation 3.—A printout or other form of output of an
automated information system shall not be denied the status of primary evidence
solely for the reason that it was generated, sent, received or stored in
electronic form if the automated information system was in working order at all
material times and, for the purposes hereof, in the absence of evidence to the
contrary, it shall be presumed that the automated information system was in
working order at all material times.
“Explanation 4.—A printout or other form of reproduction of
a Electronic Document, other than a Document mentioned in Explanation 3 above,
first generated, sent, received or stored in electronic form, shall be treated
as primary evidence where a security procedure was applied thereto at the time
it was generated, sent, received or stored.”
6. Insertion of new Article, P.O No. 10 of 1984.—In the said
Order, after Article 78, the following new Article shall be inserted, namely :—
“78-A. Proof of electronic signature and electronic
document.—If an electronic document is alleged to be signed or to have been
generated wholly or in part by any person through the use of an information
system, and where such allegation is denied, the application of a security
procedure to the signature or the electronic document must be proved.”
7. Amendment of Article 85, P.O No. 10 of 1984.—In the said
Order, in Article 85, after clause (5), the following new clause (6) shall be
added, namely:
“(6) certificates deposited in a repository pursuant to the
provisions of the Electronic Transactions Ordinance, 2002.”
Pakistan Telecommunication Authority has issued S.R.O 713
(1)/2009 against spams which is called, Protection from Spam, Unsolicited,
Fraudulent an Obnoxious Communication Regulations 2009.
PTA in its letter No. 1609/11/N&TA to all CMTOs has
restrain from sending SMS contain bar-code or Masking.
