An Enough Cyber Law Code in Pakistan
Transcript of An Enough Cyber Law Code in Pakistan
An Enough Code of Cyber Laws in Pakistan
S J Tubrazy
A proposed bill of cyber laws is under reading for legislation in Pakistan. A general discourse is being
discussed as such that there are no cyber laws in Pakistan. In my assertive opinion we still have an
enough code of cyber laws. The provisions of Electronic Transaction Ordinance 2002 and of Payment
System Electronic Funds Transfer Act being substantive laws cover the almost all financial crimes and
cyber privacy crimes.
Substantive Provisions Cyber Laws
The provisions of ETO 2002 dealwith recognition and facilitation of electronic documentation and e-
commerce however ETO 2002 also apprehend the cybercrimes relating to provisions of false
information, issue of false certificate, Violation of privacy of information and Damage to information
system.
Likewise the PSEFTA 2007 provides regulatory framework for payment systems and electronic fund
transfers. It also provides standards for protection of the consumer and to determine respective rights
and liabilities of the financial institutions and other Service Providers, their consumers and participants.
Electronic Transaction Ordinance 2002
CHAPTER 8
OFFENCES
34. Provision of false information, etc. by the subscriber. (1) Anysubscriber who:
(a) provides information to a certification service provider knowing suchinformation to be false or not
believing it to be correct to the best of hisknowledge and belief;
(b) fails to bring promptly to the knowledge of the certification service providerany change in
circumstances as a consequence whereof any informationcontained in a certificate accepted by the
subscriber or authroised by him for publication or reliance by any person, ceases to be accurate or
becomesmisleading, or
(c) knowingly causes or allows a certificate or his electronic signatures to be usedin any fraudulent or
unlawful manner,shall be guilty of an offence under this Ordinance.
(2) The offence under sub-section (1) shall be punishable with imprisonmenteither description of a term
not exceeding seven years, or with fine which may extend toten million rupees, or with both.
35. Issue of false certificate, etc.—(1) Every director, secretary and otherresponsible officer, by whatever
designation called, connected with the management ofthe affairs of a certification service provider,
which:
(a) issues, publishes or acknowledges a certificate containing false or misleadinginformation;
(b) fails to revoke or suspend a certificate after acquiring knowledge that anyinformation contained
therein has become false or misleading;
(c) fails to revoke or suspend a certificate in circumstances where it oughtreasonably to have been
known that any information contained in thecertificate is false or misleading;
(d) issues a certificate as accredited certification service provider while itsaccreditation is suspended or
revoked;shall be guilty of any offence under this Ordinance.
(2) The offence under sub-section (l) shall be punishable with imprisonment eitherdescription of a term
not exceeding seven years, or with fine which may extend to tenmillion rupees, or with both.
(3) The certification service provider or its employees specified in sub-section (1),
shall also be liable, upon conviction, to pay compensation for any foreseeable damage suffered by any
person or subscriber as a direct consequence of any of the eventsspecified in clauses (a) to (d) of sub-
section (1).
(4) The compensation mentioned in sub-section (3) shall be recoverable as arrearsof land revenue.
36. Violation of privacy of information.—Any person who gains or attempts togain access to any
information system with or without intent to acquire the informationcontained therein or to gain
knowledge of such information, whether or not he is aware ofthe nature or contents of such
information, when he is not authorised to gain access, asaforesaid, shall be guilty of an offence under
this Ordinance punishable with eitherdescription of a term not exceeding seven years, or fine which may
extend to one millionrupees, or with both.
37. Damage to information system, etc.—(1) Any person who does or attemptsto do any act with intent
to alter, modify, delete, remove, generate, transmit or store anyinformation through or in any
information system knowingly that he is not authorised todo any of the foregoing, shall be guilty of an
offence under this Ordinance.
(2) Any person who does or attempts to do any act with intent to impair theoperation of, or prevent or
hinder access to, any information contained in any informationsystem, knowingly that he is not
authorised to do any of the foregoing, shall be guilty ofan offence under this Ordinance.
(3) The offences under sub-section (1) and (2) of this section will be punishablewith either description of
a term not exceeding seven years or fine which may extend toone million rupees, or with both.
38. Offences to be non-bailable, compoundable and cognizable.—All offencesunder this Ordinance shall
be non-bailable, compoundable and cognizable.
39. Prosecution and trial of offences.—No Court inferior to the Court ofSessions shall try any offence
under this Ordinance.
Payment Systems and Electronic Fund Transfers Act, 2007
56. Criminal Liability.- Whoever knowingly and willfully gives false informationor inaccurate information
or fails to provide information which he is required todisclose by this Act or any instruction issued
thereunder, or otherwise fails tocomply with any provision of this Act shall be punished with
imprisonment ofeither description which may extend to three years, or with fine which may extendto
three million rupees, or with both.
57. Violations Affecting Electronic Commerce.- Whoever –
(1) knowingly, in a transaction effected by electronic commerce,uses or attempts or conspires to use
any counterfeit, fictitious,altered, forged, lost, stolen, or fraudulently obtained DebitInstrument to
obtain money, goods, services or anything else ofvalue aggregating five thousand rupees or more, or
(2) knowingly receives, conceals, uses or transports money, goods,services or anything else of value
aggregating five thousand rupeesor more obtained by use of any counterfeit, fictitious, altered,forged,
lost, stolen, or fraudulently obtained Debit Instrument, or
(3) knowingly receives, conceals, uses, sells, or transports one ormore tickets for transportation, and
which have been purchased orobtained with one or more counterfeit, fictitious, altered, forged, lost,
stolen or fraudulently obtained Debit Instrument,shall be punished with imprisonment of either
description for a term whichmay extend to seven years, or with fine which may extend to one
millionrupees, or with both.
Explanation.-For the purpose of this section e-commerce means the activity ofbuying, selling or
contracting for goods, services and making payments usinginternet or worldwide web through
communication networks including of wirelessnetworks, within or outside Pakistan.
58. Cheating by Use of Electronic Device.- Whosoever cheats by pretendingto be some other person, or
by knowingly substituting one person for another, orrepresenting that he or any other person is a
person other than he or such otherperson really is, or by cheating by impersonation, fraudulently or
dishonestlyuses any credit or debit card, or code or any other means of access to anElectronic Fund
Transfer device, and thereby causes any wrongful gain tohimself or any wrongful loss to any other
person, shall be punished withimprisonment of either description for a term which may extend to seven
years,or with fine which shall not be less than the wrongful loss caused to any person,or with both.
Anti-Money Laundering Act 2010
Act of money laundering through online method amount to cybercrime.Anti-money laundering laws
properlyknobsuch crimes. The section 2 f (v) of Anti-money Laundering Act 2010recognizes the
electronic money and the record maintained in the electronic device.
Pakistan Protection Act 2014
Crimes via internet and information technology against state and state owned institutions may be
cybercrimes. The section 2(i) provides a schedule in The Pakistan Protection Act 2014 which sets the
schedule cybercrimes as;
(ix) destruction of or attack on communication and interaction lines, devices, grids, stations, or systems
etc
(xiv) crimes against computers including cybercrimes, internet offenses and otheroffences related to
information technology etc
Procedural Cyber Laws
To define the basic digital and cyber law terms and provide a procedural mechanism for trial and
investigation of cybercrimes,Qanun-e-Shahdat Order 1984 has been necessarily amended. Investigation
for Fair Trial Act 2013 has been enacted for collection, seizure, discovery, forensic andinvestigation for
digital evidence contain in modern digital devices. The relevant provisions and sections of enactments
are given below;
Investigation of Fair Trial Act 2013
Preamble
An Act to provide for investigation for collection of evidence by means of modern techniques and
devices to prevent and effectively deal with scheduled offences and to regulate the powers of the law
enforcement and intelligence agencies and for matters connected therewith or ancillary thereto.
Whereas in order to prevent the law enforcement and intelligence agencies from using their powers
arbitrarily it is necessary to regulate the said powers and provide for their permissible and fair uses in
accordance with law and under proper executive and judicial oversight; And whereas further being
mindful that the existing laws neither comprehensively provide for nor specifically regulate advance and
modern investigative techniques such as covert surveillance and human intelligence, property
interference, wiretapping and communication interception that are used extensively in other
jurisdictions to successfully prevent the offences and as an indispensable aid to the law enforcement
and administration of justice.
And whereas in order to neutralize and prevent the threat or any attempt to carry out scheduled
offenses it is necessary that the law enforcement and other agencies be given certain specific
authorizations to obtain evidence in time and only in accordance with law;
And whereas it is also in order to declare the admissibility and use of the material obtained during lawful
investigation under the present law, in judicial proceedings and all other legal proceedings or processes
to ensure fair trial;
Authorization under the warrant.---(1) The warrant of surveillance or interception to be issued by
the Judge may authorize and allow the lawful doing of any or all of the following acts; namely:--
(a) interception and recording of telephonic communication of the suspect with any person;
(b) video recording of any person, persons, premises, event, situation etc;
(c) interception or recording or obtaining of any electronic transaction including but not limited to e-
mails, SMS etc;
d) interception and taking over of any equipment used in the communication in respect of which the
warrant is issued, including but not limited to telephone, cell phone, mobile sims, electronic database,
demonstrating linking of electronic communication with the database belonging to the person in respect
of whom the warrant has been issued:
Provided that the Judge shall authorize take-over of equipment only where the material or
statement of the authorized officer discloses a substantial threat or possibility of an attempt to commit
a scheduled offence;
(e) collection of evidence through any modern devices in addition to the ones mentioned above;
(f) use of human intelligence;
(g) covert surveillance and property interference; and
(h) access to any information or data in any form related to a transaction, communication or its
content.
(2) Any other form of surveillance or interception that the Federal Government may notify in this
behalf.
17. Method of executing the warrant.---(1) Where the warrant is issued, the applicant in case of the
warrant of interception, shall approach the designated agency or body, for serving the same on service
provider in the manner provided for in Schedule III and the designated agency or body shall duly serve
the said warrant on the service provider or give effect to it within seven days.
(2) The service provider shall not extend technical facilities of interception to any person or
organization other than the Designated Agency or Body.
(3) Where nature of surveillance or interception is such that it is not necessary to serve the warrant
on anyone, then the same shall not be served and its issuance alone shall be sufficient basis to collect
evidence.
(4) While executing the warrants each applicant shall act within the mandate provided for it under
the law.
18. Indemnity for service provider.---Access granted by the service provider in accordance with this
law shall not be called in question under any law by any person who may have been prejudiced by such
access.
19. Immunity to service provider.---The service provider shall have immunity in any civil or criminal
legal proceedings that any person may commence against his corporate entity or against his office
bearers or employees, for having complied with the warrant issued under this Act.
20. Service provider to cooperate.---In the event the service provider declines, fails or interferes in
any manner in the execution of warrant then he shall be liable to have committed an offence under this
Act for obstructing investigation and justice and shall be punished with fine upto ten million rupees.
21. Service provider to ensure confidentiality.---The service provider shall also be responsible for
ensuring the confidentiality of the execution or warrant from his staff members except those necessary
to execute the warrant and in case of unauthorized disclosure or misuse of data by any of his staff
member, the officials of the service provider and the concerned staff shall be punished with
imprisonment which may extend to one year or with fine which may extend to ten million rupees.
Admissibility of warrant based information.---(1) Notwith-standing anything contained in the Qanun-e-
Shahadat, 1984 (P.O.10 of 1984) or any other law for the time being in force, the evidence including
data, information, documents or any other material collected or received under this Act shall be
admissible as evidence in the legal proceedings.
(2) Nothing contained in subsection (1), shall debar the admissibility of evidence collected or
received, prior to the coming into force or this Act, under the provisions of any other law for the
time being in force.
25. Report of expert.---In case where an analysis of the intercepted material collected pursuant to
the warrant of surveillance or interception is required, then the same shall be carried out by a person
referred to in section 3(f) being suitably qualified, trained or experienced, who shall be deemed to be an
expert as described under section 510 of the Code of Criminal Procedure, 1898 (Act V of 1898) and his
report shall have the same effect as given to the report of the experts of different fields mentioned in
the said section.
MUTUAL LEGAL ASSISTANCE
31. Warrants to be served outside Pakistan.---(1) Warrants obtained under the Act shall be
executable outside Pakistan as well as in foreign jurisdictions, either directly on the concerned service
providers or through mutual legal assistance mechanism as agreed between Pakistanand the concerned
foreign State as provided under the law, treaty or agreement.
(2) The warrant issued under this Act shall be processed for execution outside Pakistan through the
Designated Agency or Body.
32. Warrants received from outside Pakistan.---Warrants received from outside Pakistan may be
executed by the Designated Agency or Body in the light of mutual legal assistance mechanism as agreed
betweenPakistan and the concerned foreign State as provided under the law, treaty or agreement.
35. Unauthorized surveillance or interception.---Any person who carries out any surveillance or
interception except in accordance with the provision of this Act shall in addition to any other
punishment to which he may be liable under any other law for the time being in force be punished with
imprisonment for up to three years and shall also be liable to fine.
QANUN –E-SHAHDAT ORDER 1984
AMENDMENT IN QANUN-E-SHAHADAT ORDER, 1984 (P.O. No. 10 OF1984)
1. Amendment of Article 2, P.O. No. 10 of 1984.—In the Qanun-e-Shahadat Order, 1984 (P.O. No. 10 of
1984), hereinafter referred to as the said Order, in clause (1), after sub-clause (d), the following new
sub-clauses (e) and (f) shall be added, namely:
“(e) the expression, “automated”, “electronic”, “information”, “information system”, “electronic
document”, “electronic signature”, “advanced electronic signature” and “security procedure”, shall bear
the meanings given in the Electronic Transactions Ordinance, 2002;
(f) the expression “certificate”, where the context so admits, includes the meaning given to it in the
Electronic Transactions Ordinance, 2002.
2. Amendment of Article 30, P.O. No. 10 of 1984.—In the said Order, in Article 30, for the full stop at the
end a colon shall be substituted and thereafter the following explanation shall be added, namely:
“Explanation.—Statements gene rated by automated information systems may be attributed to the
person exercising power or control over the said information system.”
3. Insertion of new Article 46, P.O. No. 10 of 1984.—In the said Order, after Article 46, the following new
Article shall be inserted, namely:
“46-A. Relevance of information generated, received or recorded by automated information system.—
Statements in the form of electronic documents generated, received or recorded by an automated
information system while it is in working order, are relevant facts.
4. Amendment of Article 59, P.O. No. 10 of 1984.—In the said Order, in Article 59—
(a) after the word “impressions” the comma and the words “, or as to authenticity and integrity of
electronic documents made by or through an information system” shall be inserted ; and
(b) for the words “are relevant facts” the words and commas “or as to the functioning, specifications,
programming and operations of information systems, are relevant facts” shall be substituted.
5. Amendment of Article 73, P.O. No. 10 of 1984.—In the said Order, in Article
73, after the second Explanation, the following new Explanations shall be added, namely:
“Explanation 3.—A printout or other form of output of an automated information system shall not be
denied the status of primary evidence solely for the reason that it was generated, sent, received or
stored in electronic form if the automated information system was in working order at all material times
and, for the purposes hereof, in the absence of evidence to the contrary, it shall be presumed that the
automated information system was in working order at all material times.
“Explanation 4.—A printout or other form of reproduction of a Electronic Document, other than a
Document mentioned in Explanation 3 above, first generated, sent, received or stored in electronic
form, shall be treated as primary evidence where a security procedure was applied thereto at the time it
was generated, sent, received or stored.”
6. Insertion of new Article, P.O No. 10 of 1984.—In the said Order, after Article 78, the following new
Article shall be inserted, namely :—
“78-A. Proof of electronic signature and electronic document.—If an electronic document is alleged to
be signed or to have been generated wholly or in part by any person through the use of an information
system, and where such allegation is denied, the application of a security procedure to the signature or
the electronic document must be proved.”
7. Amendment of Article 85, P.O No. 10 of 1984.—In the said Order, in Article 85, after clause (5), the
following new clause (6) shall be added, namely:
“(6) certificates deposited in a repository pursuant to the provisions of the Electronic Transactions
Ordinance, 2002.”
Regulation of PTA Regulations
Pakistan Telecommunication Authority has issued S.R.O 713 (1)/2009 against spams which is called,
Protection from Spam,Unsolicited, Fraudulent an Obnoxious Communication Regulations 2009.
PTA in its letter No. 1609/11/N&TA to all CMTOs has restrain from sending SMS contain bar-code or
Masking.