Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Consultative Paper on Draft Prevention of Electronic Crimes Bill 2012 Prepared by Pakistan software Houses Association for IT & ITES (P@SHA) and Internet Service Providers Association of Pakistan (ISPAK) in consultation with National Response Center for Cyber Crimes, Federal Investigation Agency (FIA) and Ministry of Information Technology (MOIT) for Comments and Discussion Only Version 1.2 dated 24 October 2012 No. Title Amended section To make provision for prevention of the electronic crimes WHEREAS it is expedient to prevent any action directed confidentiality, against integrity An Act to make provision for prevention of the electronic crimes the and of electronic system, networks and data as well as the misuse of such system, networks and data by providing for the punishment of such actions and to provide mechanism for investigation, prosecution and trial of offences and for Matters connected therewith or ancillary thereto; availability AND WHEREAS the National Assembly is not in session and the President is satisfied that the circumstances exist which render it necessary to take immediate action; WHEREAS it is expedient to prevent any action directed against the confidentiality, integrity and availability of electronic system, networks and data as well as the misuse of such system, networks and data by providing for the punishment of such actions and to provide mechanism for investigation, prosecution and trial of offences and for Matters connected therewith or ancillary thereto; CHAPTER I PRELIMINARY Now, THEREFORE, in exercise of the powers conferred by clause (1) of Article 89 of the Constitution of the Islamic Republic of Pakistan, and in exercise of all powers enabling in that behalf, the 1. Short title, extent and commencement.- (1) This Act may be called the Prevention of Electronic Crimes Act, 2012. Comments President is pleased to make and promulgate the following Ordinance: (2) It extends to the whole of Pakistan. (3) It shall come into force at once. 1. Short title, extent application and commencement.-(I) This Ordinance may be called the Prevention of Electronic Crimes Ordinance, 2009. (2) It extends to the whole of Pakistan. Definitions Jurisdiction (3) It shall apply to every person who commits an offence under this Ordinance irrespective of his nationality or citizenship whatsoever or in any place outside or inside Pakistan, having detrimental effect on the security of Pakistan or its nationals or national harmony or any property or any electronic system or data located in Pakistan or any electronic system or data capable of being connected, sent to, used by or with any electronic system in Pakistan. (4) It shall come into force at once and shall be deemed to have taken effect on 3rd July, 2009. Illegal Access 3. Criminal access.Whoever intentionally gains unauthorized access to the whole or any part of an electronic system or Definitions.- (1) In this Act, unless there is anything repugnant in the subject or context, Under discussion with stakeholders This Act applies to an act done or an omission made: Further detailed work required (a) in the territory of Pakistan; (b) on a ship or aircraft registered in Pakistan; (c) by a national of Pakistan outside the jurisdiction of any country; or (d) by a national of Pakistan outside the territory of Pakistan, if the person’s conduct would also constitute an offence under a law of the country where the offence was committed (1) Whoever intentionally, whether temporarily or permanently,— Need for definitions of elements – electronic device with or without infringing security measures, shall be punished with imprisonment of either description for a term which may extend to two years, or with fine not exceeding three hundred thousand rupees, or with both. 4. Criminal data access.Whoever intentionally causes any electronic system or electronic device to perform any function for the purpose of gaining unauthorized access to any data held in any electronic system or electronic device or on obtaining such unauthorized access shall be punished with imprisonment of either description for a term which may extend to three years, or with fine or with both. Illegal Interference with data 5.Data damage.-Whoever with intent to illegal gain or cause harm to the public or any person, damages any data shall be punished with imprisonment of either, description for a term which may extend to three years, or with fine, or with both: Explanation.-For the purpose of this section the expression "data damage" includes but not limited to modifying, altering, deleting, deterioration, erasing, suppressing, changing location of data or making data temporarily or permanently unavailable, halting electronic system, choking the networks or affecting the reliability or usefulness of data. (a) causes an information system to perform any function with intent to secure access to the whole or any part of any information system, or to enable any such access to be secured; underway (b) the access he intends to secure, or to enable to be secured, is unauthorized under this section; and (c) at the time when he causes the information system to perform the function he knows that the access he intends to secure, or to enable to be secured, is unauthorized under this section shall be punished with imprisonment of either description for a term which may extend to ____ years or with fine which may extend to _____ rupees, or with both. Whoever, intentionally or recklessly, without lawful excuse or justification, does any of the following acts: (a) destroys or alters data; (b) renders data meaningless, useless or ineffective; (c) obstructs, interrupts or interferes with the lawful use of data; (d) obstructs, interrupts or interferes with any person in the lawful use of data; or (e) denies access to data to any person entitled to it; shall be punished with imprisonment of either description for a term which may extend to ____ years or with fine which may extend to _____ rupees, or with both. Additional elements under research and discussion Interfering with information system 6.System damage.-Whoever with intent to cause damage to the public or any person interferes with or interrupts or obstructs the functioning, reliability or usefulness of an electronic system or electronic device by inputting, transmitting, damaging, deleting, altering, tempering, deteriorating or suppressing any data or services or halting electronic system or choking the networks shall be punished with imprisonment of either description for a term which may extend to three years, or with fine or, with both: Whoever intentionally or recklessly, without lawful excuse or justification: (a) hinders or interferes with the functioning of a computer system; or Additional elements under research and discussion (b) hinders or interferes with a person who is lawfully using or operating a computer system; shall be punished with imprisonment of either description for a term which may extend to ____ years or with fine which may extend to _____ rupees, or with both. Explanation.-For the purpose of this section the expression "services" include any kind of service provided through electronic system. Illegal interception of data etc. Whoever intentionally without lawful excuse or justification, intercepts by technical means: (a) any non-public transmission to, from or within a computer system; or Additional elements under research and discussion (b) electromagnetic emissions from a computer system that are carrying computer data; shall be punished with imprisonment of either description for a term which may extend to ____ years or with fine which may extend to _____ rupees, or with both. Misuse of devices 9.Misuse of electronic system or electronic device.-(1) Whoever produces, possesses, sells, procures, transports, imports, distributes or otherwise makes available an electronic system or electronic device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established under this Ordinance or a password, access code, or similar data by which the whole or any part of an electronic system or electronic device is capable of being accessed or its functionality compromised or reverse engineered, with the intent that it be used for the purpose of committing any of the offences established under this Ordinance, is said to commit offence of misuse of electronic system or electronic devices: Provided that the provisions of this section shall not apply to the authorized testing or protection of an electronic system for any lawful purpose. (2) Whoever commits the offence described in sub-section (I) shall be punishable with imprisonment of either description for a term Whoever intentionally or recklessly, without lawful excuse or justification, produces, sells, procures for use, imports, exports, distributes or otherwise makes available: (i) a device, including a computer program, that is designed or adapted for the purpose of committing an offence against sections XX, XX, XX or X; or (ii) a computer password, access code or similar data by which the whole or any part of a computer system is capable of being accessed; with the intent that it be used by any person for the purpose of committing an offence against sections XX, XX, XX or X.; shall be punished with imprisonment of either description for a term which may extend to ____ years or with fine which may extend to _____ rupees, or with both. Whoever has an item mentioned in subparagraph (i) or (ii) in his possession with the intent that it be used by any person for the purpose of committing an offence against sections XX, XX, XX or X. Further breakdown of offences to be undertaken which may extend to three years, or with fine, or with both. Electronic Forgery 8.Electronic forgery.-Whoever for wrongful gain interferes with data, electronic system or electronic device, with intent to cause damage or injury to the public or to any person, or to make any illegal claim or title or to cause any person to part with property or to enter into any express or implied contract, or with intent to commit fraud by any input, alteration, deletion, or suppression of data, resulting in unauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless of the fact that the data is directly readable and intelligible or not shall be punished with imprisonment of either description for a term which, may extend to seven years, or with fine or with both. Whoever without authority, inputs, generates, alters, modifies, deletes or suppresses data, resulting in inauthentic data or an inauthentic program with the intent that it be considered or acted upon as if it were authentic or genuine, regardless whether or not the data is directly readable and intelligible, shall be punished with imprisonment of either description for a term which may extend to ____ years or with fine which may extend to _____ rupees, or with both. Electronic Fraud 7. Electronic fraud.-Whoever for wrongful gain interferes with or uses any data, electronic system or electronic device or induces any person to enter into a relationship or with intent to deceive any person, which act or omission is likely to cause damage or harm to that person or any other person shall be punished with imprisonment of either description for a term which may extend to seven years, or with fine, or with both. Whoever without authority, inputs, Needs to generates, alters, modifies, deletes or connect with suppresses data with the intent to PPC cause any economic benefit for oneself or for another person, shall be punished with imprisonment of either description for a term which may extend to ____ years or with fine which may extend to _____ rupees, or with both. Needs to connect with PPC Identity theft Discussion for “identity information” means any relevance information — including biological or under this law physiological information of a type that is commonly used alone or in combination with other information to [verify, authenticate or] identify or purport to [verify, authenticate or] identify an individual [or an information system], including a fingerprint, voice print, retina image, iris image, DNA profile, name, address, date of birth, [mother’s maiden name], [challenge phrase], [security question], written signature, [advanced electronic signature], electronic signature, digital signature, user name, credit card number, debit card number, financial institution account number, passport number, [CNIC], Customer number, driver’s licence number, any password [or any other form of verification, authentication or identification] that may enable access to any information system or to the performance of any function or interference with any computer data or an information system]. (1) Whoever knowingly obtains or possesses another person’s identity information in circumstances giving rise to a reasonable inference that the information is intended to be used to commit an offence that includes dishonesty, fraud, deceit or falsehood as an element of the offence shall be punished with imprisonment of either description for a term which may extend to ____ years or with fine which may extend to _____ rupees, or with both. (2) Whoever transmits, makes available, distributes, sells or offers for sale another person’s identity information, or has it in their possession for any of those purposes, knowing that or being reckless as to whether the information will be used to commit an indictable offence that includes fraud, deceit or falsehood as an element of the offence shall be punished with imprisonment of either description for a term which may extend to ____ years or with fine which may extend to _____ rupees, or with both. Legal Recognition of offences committed in relation to electronic systems Legal Recognition of offences committed in relation to electronic systems, (1) Notwithstanding anything contained in any other law for the time being in force, an offence under any law shall not be denied legal recognition and enforcement for the sole reason of such offence being committed in relation to, or through the use of, an electronic system. (2) References to "property" in any law creating an offence in relation to or concerning property shall include an electronic information system and the information and data contained in or conveyed through such information system Analysis of this section as proposed by Anusha Rehman Sections 36 and 37 of the ETO are hereby repealed with immediate effect. Appropriate section to be drafted To address the abuse of this legislation for other purposes Nothing in this law will apply to any offence with respect to telecommunication or matters applicable to the Telecommunication (Re-organization) Act, 1996 or any subsequent amendments thereof...... Appropriate section to be drafted after discussion Search and seizure warrants “seize” includes: (a) make and retain a copy of computer data, including by using onsite equipment; and (b) render inaccessible, or remove, computer data in the accessed computer system; and (c) take a printout of output of computer data. Greater safeguards to be discussed If a Court is satisfied on the basis of information on oath that there are reasonable grounds [to suspect] [to believe] that there may be in a place a thing or computer data: (a) that may be material as evidence in proving an offence; or (b) that has been acquired by a person as a result of an offence; the Court [may] [shall] issue a warrant authorising a [law enforcement] [police] officer, with such assistance as may be necessary, to enter the place to search and seize the thing or computer data. Assisting Law Enforcement A person who is in possession or control of a computer data storage medium or computer system that is the subject of a search under section XX must permit, and assist if required, the person making the search to: (a) access and use a computer system or computer data storage medium to search any computer data available to or in the system; (b) obtain and copy that computer data; (c) use equipment to make copies; and (d) obtain an intelligible output from a computer system in a plain text format that can be read by a person. Whoever fails without lawful excuse or Additional elements under research and discussion justification to permit or assist a person commits an offence punishable, on conviction, by imprisonment for a period not exceeding [period], or a fine not exceeding [amount], or both. Record of and access to seized data (1) If a computer system or computer data has been removed or rendered inaccessible, following a search or a seizure under section XX, the person who made the search must, at the time of the search or as soon as practicable after the search: (a) make a list of what has been seized or rendered inaccessible, with the date and time of seizure; and (b) give a copy of that list to: (i) the occupier of the premises; or (ii) the person in control of the computer system. (2) Subject to subsection (3), on request, a police officer or another authorized person must: (a) permit a person who had the custody or control of the computer system, or someone acting on their behalf to access and copy computer data on the system; or (b) give the person a copy of the computer data. (3) The police officer or another authorized person may refuse to give access or provide copies if he or she has reasonable grounds for believing that giving Additional elements under research and discussion the access, or providing the copies: (a) would constitute a criminal offence; or (b) would prejudice: (i) the investigation in connection with which the search was carried out; (ii) another ongoing investigation; or (iii) any criminal proceedings that are pending or that may be brought in relation to any of those investigations. Production of data If a Court is satisfied on the basis of an application by a police officer that specified computer data, or a printout or other information, is reasonably required for the purpose of a criminal investigation or criminal proceedings, the Court may order that: (a) a person in the territory of Pakistan in control of a computer system produce from the system specified computer data or a printout or other intelligible output of that data; (b) an Internet service provider in Pakistan produce information about persons who subscribe to or otherwise use the service; and (c) a person in the territory of Pakistan who has access to a specified computer system process and compile specified computer data from the system and give it to a specified person. Disclosure of 16. If the Court is satisfied on the basis Greater safeguards to be discussed stored traffic data of an ex parte application by a police officer that specified data stored in a computer system is reasonably required for the purpose of a criminal investigation or criminal proceedings, the magistrate may order that a person in control of the computer system disclose sufficient traffic data about a specified communication to identify: (a) the service providers; and (b) the path through which the communication was transmitted. (2) The period may be extended beyond 7 days if, on an ex parte application, a Court authorizes an extension for a further specified period of time. Interception of electronic communications (1) If a Court is satisfied on the basis of information on oath that there are reasonable grounds [to suspect][to believe] that the content of electronic communications is reasonably required for the purposes of a criminal investigation, the Court may: (a) order an Internet service provider whose service is available in Pakistan through application of technical means to collect or record or to permit or assist competent authorities with the collection or recording of content data associated with specified communications transmitted by means of a computer system; or (b) authorize a police officer to collect or record that data through application of technical means. Interception of traffic data If a police officer is satisfied that traffic data associated with a specified communication is reasonably required for the purposes of a criminal investigation, the police officer may, by written notice given to a person in control of such data, request that person to: (a) collect or record traffic data associated with a specified communication during a specified period; and (b) permit and assist a specified police officer to collect or record that data. (2) If a Court is satisfied on the basis of information on oath that there are reasonable grounds [to suspect] that traffic data is reasonably required for the purposes of a criminal investigation, the Court may authorize a police officer to collect or record traffic data associated with a specified communication during a specified period through application of technical means. Evidence In any proceedings with respect to any offence under any law, the fact that: (a) it is alleged that an offence of interfering with a computer system has been committed; and (b) evidence has been generated from that computer system; shall not of itself prevent that evidence from being admitted. Confidentiality and limitation of liability (1)An Internet service provider who without lawful authority discloses: (a) the fact that an order under sections XX, XX, XX, XX, XX and XX has been made; or (b) anything done under the order; or (c) any data collected or recorded under the order; commits an offence punishable, on conviction, by imprisonment for a period not exceeding [period], or a fine not exceeding [amount], or both. (2) An Internet service provider shall not be liable under any law for the disclosure of any data or other information that the Internet service provider discloses under sections XX, XX, XX, XX, XX and XX.