Download PECB 2012 Draft Consultative Paper October 2012

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts
no text concepts found
Transcript 
Consultative Paper
on
Draft Prevention of Electronic Crimes Bill 2012
Prepared by
Pakistan software Houses Association for IT & ITES (P@SHA)
and
Internet Service Providers Association of Pakistan (ISPAK)
in consultation with
National Response Center for Cyber Crimes, Federal Investigation Agency (FIA)
and
Ministry of Information Technology (MOIT)
for Comments and Discussion Only
Version 1.2 dated 24 October 2012
No.
Title
Amended section
To make
provision for prevention
of the electronic crimes
WHEREAS
it
is
expedient to prevent any action
directed
confidentiality,
against
integrity
An Act to make provision for
prevention of the electronic crimes
the
and
of
electronic
system, networks and data
as well as the misuse of
such system, networks and
data by providing for the
punishment of such actions
and to provide mechanism
for
investigation,
prosecution and trial of
offences and for Matters
connected therewith or
ancillary thereto;
availability
AND WHEREAS
the National Assembly is
not in session and the
President is satisfied that
the circumstances exist
which render it necessary
to take immediate action;
WHEREAS it is expedient to prevent
any action directed against the
confidentiality,
integrity
and
availability of electronic system,
networks and data as well as the
misuse of such system, networks and
data by providing for the punishment
of such actions and to provide
mechanism
for
investigation,
prosecution and trial of offences and
for Matters connected therewith or
ancillary thereto;
CHAPTER I
PRELIMINARY
Now,
THEREFORE, in exercise of
the powers conferred by clause
(1) of Article 89 of the
Constitution of the Islamic
Republic of Pakistan, and
in exercise of all powers
enabling in that behalf, the
1. Short title, extent and
commencement.- (1) This Act may be
called the Prevention of Electronic
Crimes Act, 2012.
Comments
President is pleased to
make and promulgate the
following Ordinance:
(2) It extends to the whole of Pakistan.
(3) It shall come into force at once.
1. Short title,
extent application and
commencement.-(I) This
Ordinance may be called
the
Prevention
of
Electronic
Crimes
Ordinance, 2009.
(2) It extends to
the whole of Pakistan.
Definitions
Jurisdiction
(3) It shall apply
to every person who
commits an offence under
this Ordinance irrespective
of his nationality or
citizenship whatsoever or
in any place outside or
inside Pakistan, having
detrimental effect on the
security of Pakistan or its
nationals
or
national
harmony or any property
or any electronic system or
data located in Pakistan or
any electronic system or
data capable of being
connected, sent to, used by
or with any electronic
system in Pakistan.
(4) It shall come
into force at once and shall
be deemed to have taken
effect on 3rd July, 2009.
Illegal Access
3. Criminal access.Whoever
intentionally
gains unauthorized access
to the whole or any part of
an electronic system or
Definitions.- (1) In this Act, unless
there is anything repugnant in the
subject or context,
Under
discussion
with
stakeholders
This Act applies to an act done or an
omission made:
Further
detailed work
required
(a) in the territory of Pakistan;
(b) on a ship or aircraft registered in
Pakistan;
(c) by a national of Pakistan outside
the jurisdiction of any country; or
(d) by a national of Pakistan outside
the territory of
Pakistan, if the person’s conduct
would also
constitute an offence under a law of
the country where the offence was
committed
(1) Whoever intentionally, whether
temporarily or permanently,—
Need for
definitions of
elements –
electronic device with or
without infringing security
measures,
shall
be
punished
with
imprisonment of either
description for a term
which may extend to two
years, or with fine not
exceeding three hundred
thousand rupees, or with
both.
4. Criminal data access.Whoever intentionally
causes any electronic
system or electronic
device to perform any
function for the purpose
of gaining unauthorized
access to any data held in
any electronic system or
electronic device or on
obtaining such
unauthorized access shall
be punished with
imprisonment of either
description for a term
which may extend to three
years, or with fine or with
both.
Illegal
Interference
with data
5.Data damage.-Whoever
with intent to illegal gain
or cause harm to the public
or any person, damages
any data shall be punished
with imprisonment of
either, description for a
term which may extend to
three years, or with fine, or
with both:
Explanation.-For
the purpose of this section
the
expression
"data
damage" includes but not
limited to modifying,
altering,
deleting,
deterioration,
erasing,
suppressing,
changing
location of data or making
data
temporarily
or
permanently unavailable,
halting electronic system,
choking the networks or
affecting the reliability or
usefulness of data.
(a) causes an information system to
perform any function with intent to
secure access to the whole or any part
of any information system, or to
enable any such access to be secured;
underway
(b) the access he intends to secure, or
to enable to be secured, is
unauthorized under this section; and
(c) at the time when he causes the
information system to perform the
function he knows that the access he
intends to secure, or to enable to be
secured, is unauthorized under this
section
shall be punished with imprisonment
of either description for a term which
may extend to ____ years or with fine
which may extend to _____ rupees, or
with both.
Whoever, intentionally or recklessly,
without lawful excuse or justification,
does any of the following acts:
(a) destroys or alters data;
(b) renders data meaningless, useless
or ineffective;
(c) obstructs, interrupts or interferes
with the lawful use of data;
(d) obstructs, interrupts or interferes
with any person in the lawful use of
data; or
(e) denies access to data to any person
entitled to it;
shall be punished with imprisonment
of either description for a term which
may extend to ____ years or with fine
which may extend to _____ rupees, or
with both.
Additional
elements
under
research and
discussion
Interfering
with
information
system
6.System
damage.-Whoever
with intent to cause
damage to the
public or any person
interferes with or
interrupts or
obstructs the
functioning,
reliability or
usefulness of an
electronic system or
electronic device by
inputting,
transmitting,
damaging, deleting,
altering, tempering,
deteriorating or
suppressing any
data or services or
halting electronic
system or choking
the networks shall
be punished with
imprisonment of
either description
for a term which
may extend to three
years, or with fine
or, with both:
Whoever intentionally or recklessly,
without lawful excuse or justification:
(a) hinders or interferes with the
functioning of a computer system; or
Additional
elements
under
research and
discussion
(b) hinders or interferes with a person
who is lawfully using or operating a
computer system;
shall be punished with imprisonment
of either description for a term which
may extend to ____ years or with fine
which may extend to _____ rupees, or
with both.
Explanation.-For the
purpose of this
section the
expression
"services" include
any kind of service
provided through
electronic system.
Illegal
interception of
data etc.
Whoever intentionally without lawful
excuse or justification, intercepts by
technical means:
(a) any non-public transmission to,
from or within a computer system; or
Additional
elements
under
research and
discussion
(b) electromagnetic emissions from a
computer system that are carrying
computer data;
shall be punished with imprisonment
of either description for a term which
may extend to ____ years or with fine
which may extend to _____ rupees, or
with both.
Misuse of
devices
9.Misuse
of
electronic
system
or
electronic
device.-(1)
Whoever
produces,
possesses, sells, procures,
transports,
imports,
distributes or otherwise
makes
available
an
electronic
system
or
electronic
device,
including a computer
program, designed or
adapted primarily for the
purpose of committing any
of the offences established
under this Ordinance or a
password, access code, or
similar data by which the
whole or any part of an
electronic
system
or
electronic
device
is
capable of being accessed
or
its
functionality
compromised or reverse
engineered, with the intent
that it be used for the
purpose of committing any
of the offences established
under this Ordinance, is
said to commit offence of
misuse
of
electronic
system
or
electronic
devices:
Provided that the
provisions of this section
shall not apply to the
authorized
testing
or
protection of an electronic
system for any lawful
purpose.
(2)
Whoever
commits
the
offence
described in sub-section (I)
shall be punishable with
imprisonment of either
description for a term
Whoever intentionally or recklessly,
without lawful excuse or justification,
produces, sells, procures for use,
imports, exports, distributes or
otherwise makes available:
(i) a device, including a computer
program, that is designed or adapted
for the purpose of committing an
offence against sections XX, XX, XX or
X; or
(ii) a computer password, access code
or similar data by which the whole or
any part of a computer system is
capable of being accessed;
with the intent that it be used by any
person for the purpose of committing
an offence against sections XX, XX, XX
or X.;
shall be punished with imprisonment
of either description for a term which
may extend to ____ years or with fine
which may extend to _____ rupees, or
with both.
Whoever has an item mentioned in
subparagraph (i) or (ii) in his
possession with the intent that it be
used by any person for the purpose of
committing an offence against sections
XX, XX, XX or X.
Further
breakdown of
offences to be
undertaken
which may extend to three
years, or with fine, or with
both.
Electronic
Forgery
8.Electronic
forgery.-Whoever
for
wrongful gain interferes
with
data,
electronic
system
or
electronic
device, with intent to cause
damage or injury to the
public or to any person, or
to make any illegal claim
or title or to cause any
person to part with
property or to enter into
any express or implied
contract, or with intent to
commit fraud by any input,
alteration, deletion, or
suppression
of
data,
resulting in unauthentic
data with the intent that it
be considered or acted
upon for legal purposes as
if it were authentic,
regardless of the fact that
the data is directly readable
and intelligible or not shall
be
punished
with
imprisonment of either
description for a term
which, may extend to
seven years, or with fine or
with both.
Whoever without authority, inputs,
generates, alters, modifies, deletes or
suppresses data, resulting in
inauthentic data or an inauthentic
program with the intent that it be
considered or acted upon as if it were
authentic or genuine, regardless
whether or not the data is directly
readable and intelligible, shall be
punished with imprisonment of either
description for a term which may
extend to ____ years or with fine
which may extend to _____ rupees, or
with both.
Electronic Fraud
7.
Electronic
fraud.-Whoever
for
wrongful gain interferes
with or uses any data,
electronic
system
or
electronic
device
or
induces any person to enter
into a relationship or with
intent to deceive any
person, which act or
omission is likely to cause
damage or harm to that
person or any other person
shall be punished with
imprisonment of either
description for a term
which may extend to seven
years, or with fine, or with
both.
Whoever without authority, inputs,
Needs to
generates, alters, modifies, deletes or
connect with
suppresses data with the intent to
PPC
cause any economic benefit for oneself
or for another person, shall be
punished with imprisonment of either
description for a term which may
extend to ____ years or with fine
which may extend to _____ rupees, or
with both.
Needs to
connect with
PPC
Identity theft
Discussion for
“identity information” means any
relevance
information — including biological or
under this law
physiological information of a type
that is commonly used alone or in
combination with other information to
[verify, authenticate or] identify or
purport to [verify, authenticate or]
identify an individual [or an
information system], including a
fingerprint, voice print, retina image,
iris image, DNA profile, name, address,
date of birth, [mother’s maiden name],
[challenge phrase], [security question],
written signature, [advanced
electronic signature], electronic
signature, digital signature, user name,
credit card number, debit card
number, financial institution account
number, passport number, [CNIC],
Customer number, driver’s licence
number, any password [or any other
form of verification, authentication or
identification] that may enable access
to any information system or to the
performance of any function or
interference with any computer data
or an information system].
(1) Whoever knowingly obtains or
possesses another person’s identity
information in circumstances giving
rise to a reasonable inference that the
information is intended to be used to
commit an offence that includes
dishonesty, fraud, deceit or falsehood
as an element of the offence shall be
punished with imprisonment of either
description for a term which may
extend to ____ years or with fine
which may extend to _____ rupees, or
with both.
(2) Whoever transmits, makes
available, distributes, sells or offers for
sale another person’s identity
information, or has it in their
possession for any of those purposes,
knowing that or being reckless as to
whether the information will be used
to commit an indictable offence that
includes fraud, deceit or falsehood as
an element of the offence shall be
punished with imprisonment of either
description for a term which may
extend to ____ years or with fine
which may extend to _____ rupees, or
with both.
Legal
Recognition of
offences
committed in
relation to
electronic
systems
Legal Recognition of offences
committed in relation to electronic
systems, (1) Notwithstanding anything
contained in any other law for the time
being in force, an offence under any
law shall not be denied legal
recognition and enforcement for the
sole reason of such offence being
committed in relation to, or through
the use of, an electronic system.
(2) References to "property" in any
law creating an offence in relation to
or concerning property shall include an
electronic information system and the
information and data contained in or
conveyed through such information
system
Analysis of
this section as
proposed by
Anusha
Rehman
Sections 36 and 37 of the ETO are
hereby repealed with immediate
effect.
Appropriate
section to be
drafted
To address the abuse of this legislation
for other purposes
Nothing in this law will apply to any
offence with respect to
telecommunication or matters
applicable to the Telecommunication
(Re-organization) Act, 1996 or any
subsequent amendments thereof......
Appropriate
section to be
drafted after
discussion
Search and
seizure
warrants
“seize” includes:
(a) make and retain a copy of
computer data, including by using onsite equipment; and
(b) render inaccessible, or remove,
computer data in the accessed
computer system; and
(c) take a printout of output of
computer data.
Greater
safeguards to
be discussed
If a Court is satisfied on the basis of
information on oath that there are
reasonable grounds [to suspect] [to
believe] that there may be in a place a
thing or computer data:
(a) that may be material as evidence in
proving an offence; or
(b) that has been acquired by a person
as a result of an offence; the Court
[may] [shall] issue a warrant
authorising a [law enforcement]
[police] officer, with such assistance as
may be necessary, to enter the place
to search and seize the thing or
computer data.
Assisting
Law
Enforcement
A person who is in possession or
control of a computer data storage
medium or computer system that is
the subject of a search under section
XX must permit, and assist if required,
the person making the search to:
(a) access and use a computer system
or computer data storage medium to
search any computer data available to
or in the system;
(b) obtain and copy that computer
data;
(c) use equipment to make copies; and
(d) obtain an intelligible output from a
computer system in a plain text format
that can be read by a person.
Whoever fails without lawful excuse or
Additional
elements
under
research and
discussion
justification to permit or assist a
person commits an offence
punishable, on conviction, by
imprisonment
for a period not exceeding [period], or
a fine not exceeding [amount], or
both.
Record of and
access to
seized data
(1) If a computer system or computer
data has been removed or rendered
inaccessible, following a search or a
seizure under section XX, the person
who made the search must, at the
time of the search or as soon as
practicable after the search:
(a) make a list of what has
been seized or rendered
inaccessible, with the date and
time of seizure; and
(b) give a copy of that list to:
(i) the occupier of the
premises; or
(ii) the person in
control of the
computer system.
(2) Subject to subsection (3), on
request, a police officer or another
authorized person must:
(a) permit a person who had
the custody or control of the
computer system, or someone
acting on their behalf to access
and copy computer data on
the system; or
(b) give the person a copy of
the computer data.
(3) The police officer or another
authorized person may refuse to give
access or provide copies if he or she
has reasonable grounds for believing
that giving
Additional
elements
under
research and
discussion
the access, or providing the copies:
(a) would constitute a criminal
offence; or
(b) would prejudice:
(i) the investigation in
connection with which
the search was carried
out;
(ii) another ongoing
investigation; or
(iii) any criminal
proceedings that are
pending or that may
be brought in relation
to any of those
investigations.
Production of
data
If a Court is satisfied on the basis of an
application by a police officer that
specified computer data, or a printout
or other information, is reasonably
required for the purpose of a criminal
investigation or criminal proceedings,
the
Court may order that:
(a) a person in the territory of Pakistan
in control of a computer system
produce from the system specified
computer data or a printout or other
intelligible output of that data;
(b) an Internet service provider in
Pakistan produce
information about persons who
subscribe to or otherwise use the
service; and
(c) a person in the territory of Pakistan
who has access to a specified
computer system process and compile
specified computer data from the
system and give it to a specified
person.
Disclosure of
16. If the Court is satisfied on the basis
Greater
safeguards to
be discussed
stored traffic
data
of an ex parte application by a
police officer that specified data
stored in a computer system is
reasonably
required for the purpose of a criminal
investigation or criminal proceedings,
the
magistrate may order that a person in
control of the computer system
disclose
sufficient traffic data about a specified
communication to identify:
(a) the service providers; and
(b) the path through which the
communication was transmitted.
(2) The period may be extended
beyond 7 days if, on an ex parte
application, a Court authorizes an
extension for a further specified period
of
time.
Interception of
electronic
communications
(1) If a Court is satisfied on the basis
of information on oath that there are
reasonable grounds [to suspect][to
believe] that the
content of electronic communications
is reasonably required for the
purposes of a criminal investigation,
the Court may:
(a) order an Internet service provider
whose service is available in Pakistan
through application of technical means
to collect or record or to permit or
assist competent authorities with the
collection or recording of content data
associated with specified
communications transmitted by means
of a computer system; or
(b) authorize a police officer to collect
or record that data through
application of technical means.
Interception of
traffic data
If a police officer is satisfied that traffic
data associated with a specified
communication is reasonably required
for the purposes of a criminal
investigation, the police officer may,
by written notice given to a person in
control of such data, request that
person to:
(a) collect or record traffic data
associated with a specified
communication during a specified
period; and
(b) permit and assist a specified police
officer to collect or record that data.
(2) If a Court is satisfied on the basis
of information on oath that there are
reasonable grounds [to suspect] that
traffic data is reasonably
required for the purposes of a criminal
investigation, the Court may authorize
a police officer to collect or record
traffic data associated with a specified
communication during a specified
period through application of technical
means.
Evidence
In any proceedings with respect to any
offence under any law, the fact that:
(a) it is alleged that an offence of
interfering with a computer system
has been committed; and
(b) evidence has been generated from
that computer system;
shall not of itself prevent that evidence
from being admitted.
Confidentiality
and limitation
of liability
(1)An Internet service provider who
without lawful authority discloses:
(a) the fact that an order under
sections XX, XX, XX, XX, XX and XX has
been made; or
(b) anything done under the order; or
(c) any data collected or recorded
under the order;
commits an offence punishable, on
conviction, by imprisonment for a
period not exceeding [period], or a fine
not exceeding [amount], or both.
(2) An Internet service provider shall
not be liable under any law for the
disclosure of any data or other
information that the Internet service
provider discloses under sections XX,
XX, XX, XX, XX and XX.
Related documents
Public Justice Offences - legalstudies-HSC-aiss
Public Justice Offences - legalstudies-HSC-aiss
harm and offence - Advertising Standards Authority
harm and offence - Advertising Standards Authority
SEDITION ACT. An act in addition to the act intituled, "An act for the
SEDITION ACT. An act in addition to the act intituled, "An act for the
Indian Penal Code
Indian Penal Code
Statement of Good Standing
Statement of Good Standing
In pursuit of its constitutional mandate as provided for in
In pursuit of its constitutional mandate as provided for in
The Cold War Comes Calling
The Cold War Comes Calling
Check the Source
Check the Source
Fill India Pakistan
Fill India Pakistan
Emp: safer recruitment pack: application form v3.6
Emp: safer recruitment pack: application form v3.6