Cyber Laws in Pakistan

Presenting By: Taha Mehmood

Agenda

Cyber Crime

Cyber Laws

Cyber laws in Pakistan

Electronic Transaction Ordinance 2002 Overview Sections

Agenda

Electronic Crimes Bill 2007 Overview Sections

Opportunity for Business Flexible Storage IT and Telecom professional salaries Data Storage Seriousness

Criticism

Cyber Crime

Activity in which computers or networks are a tool, a target, or a place of criminal activity.

Cyber crime also stated as any use of a computer as an instrument to further illegal ends, such as Committing fraud Stealing identities Violating privacy

It is also include traditional crimes in which computers or networks are used to enable the illicit activity.

As the computer has become central to commerce, entertainment, and government.

Cyber crime has grown in importance.

Examples:

E-mail account of a Federal Minister is hacked. Credit cards frauds reach to an alarming level. Visiting CEOs of Multinational Companies gets

threatening E-mails. Financial institutions are the favourite targets of

Cyber criminals --- worstly effecting the technologicalprogress in the area of e –Commerce.

Cyber Laws

The legal issues related to use of communications technology, particularly "cyberspace", i.e. the Internet.

It is an intersection of many legal fields, like: Intellectual property, Privacy

Cyber laws is an attempt to apply laws designed for the physical world to human activity on the Internet

Cyber Laws in the World

Electronic Commerce Act (Ireland) Electronic Transactions Act (UK, USA,

Australia, New Zealand, Singapore) Electronic Transactions Ordinance (Hong

Kong) Information Technology Act (India) Information Communication Technology Act

Draft (Bangladesh)

Cyber Laws in Pakistan

There are different law are promulgated in Pakistan. These laws not only deal with crime of Internet These deal with all dimensions related to computer

& networks. Two of them are most known. They are:

Electronic Transaction Ordinance 2002 Electronic / Cyber Crime Bill 2007

Electronic Transaction Ordinance 2002 Overview

The Electronic Transactions Ordinance (ETO), 2002, was the first IT-relevant legislation created by national lawmakers.

A first step and a solid foundation for legal sanctity and protection for Pakistani e-Commerce locally and globally.

Laid the foundation for comprehensive Legal Infrastructure. It is heavily taken from foreign law related to cyber crime.

Pre-ETO 2002

No recognition of electronic documentation No recognition of electronic records No recognition of evidential basis of

documents/records Failure to authenticate or identify digital or electronic

signatures or forms of authentication No online transaction could be legally binding Electronic Data & Forensic Evidence not covered.

No Rules

Sections There are 43 sections in this ordinance It deals with following 8 main areas relating to e-

Commerce. Recognition of Electronic Documents Electronic Communications Digital Signature regime and its evidential consequences Web Site & Digital Signatures Certification Providers Stamp Duty Attestation, notarization, certified copies Jurisdiction Offences

Important Sections are: 36. Violation of privacy information

gains or attempts to gain access to any information system with or without intent to acquire the information Gain Knowledge Imprisonment 7 years Fine Rs. 1 million

37. Damage to information system, etc. alter, modify, delete, remove, generate, transmit or store

information to impair the operation of, or prevent or hinder access to,information knowingly not authorised Imprisonment 7 years Fine Rs. 1 million

38. Offences to be non-bailable, compoundable and cognizable All offences under this Ordinance shall be non-bailable,

compoundable and cognizable.

39. Prosecution and trial of offences. No Court inferior to the Court of Sessions shall try any

offence under this Ordinance.

Post ETO 2002

Electronic Documentation & Records recognized

Electronic & Digital forms of authentication & identification given legal sanctity

Messages through email, fax, mobile phones, Plastic Cards, Online recognized.

Electronic/Cyber Crime Bill 2007

Overview

“Prevention of Electronic Crimes Ordinance, 2007″ is in force now

It was promulgated by the President of Pakistan on the 31st December 2007

The bill deals with the electronic crimes included: Cyber terrorism Data damage Electronic fraud Electronic forgery Unauthorized access to code Cyber stalking Cyber Spaming

It offers penalties ranging from six months imprisonment to capital punishment for 17 types of cyber crimes

It will apply to every person who commits an offence, irrespective of his nationality or citizenship.

It gives exclusive powers to the Federal Investigation Agency (FIA) to investigate and charge cases against such crimes.

Punishments

Under this law there are defined punishment for the offence.

Every respective offence under this law has its distinctive punishment which can be imprisonment or fine.

Offence Imprisonment (years) Fine

Criminal Access 3 3 Lac

Criminal Data Access 3 3 Lac

Data Damage 3 3 Lac

System Damage 3 3 Lac

Electronic Fraud 7 7 Lac

Electronic Forgery 7 7 Lac

Misuse of Device 3 3 Lac

Unauthorized access to code 3 3 Lac

Malicious code 5 5 Lac

Defamation 5 5 Lac

Cyber stalking 3 3 Lac

Cyber Spamming 6 months 50,000

Spoofing 3 3 Lac

Pornography 10 -----

Cyber terrorism Life 10 Million

Sections

Data Damage: Whoever with intent to illegal gain or cause harm

to the public or any person, damages any data, shall come under this section.

Punishment: 3 years 3 Lac

Electronic fraud: People for illegal gain get in the way or use any

data, electronic system or device or with intent to deceive any person, which act or omissions is likely to cause damage or harm.

Punishment: 7 years 7 Lac

Electronic Forgery: Whoever for unlawful gain interferes with data, electronic

system or device, with intent to cause harm or to commit fraud by any input, alteration, or suppression of data, resulting in unauthentic data that it be considered or acted upon for legal purposes as if it were authentic, regardless of the fact that the data is directly readable and intelligible or not.

Punishment: 7years 7 Lac

Malicious code: Whoever willfully writes, offers, makes available,

distributes or transmits malicious code through an electronic system or device, with intent to cause harm to any electronic system or resulting in the theft or loss of data commits the offence of malicious code.

Punishment: 5 years 5 Lac

Cyber stalking: Whoever with intent to harass any person uses computer,

computer network, internet, or any other similar means of communication to communicate obscene, vulgar, profane, lewd, lascivious, or indecent language, picture or image.

Make any suggestion or proposal of an obscene nature Threaten any illegal or immoral act Take or distribute pictures or photographs of any person

without his consent or knowledge Commits the offence of cyber stalking.

Spamming: Whoever transmits harmful, fraudulent, misleading, illegal or unsolicited electronic messages in bulk to any

person without the express permission of the recipient, involves in falsified online user account registration or

falsified domain name registration for commercial purpose commits the offence of spamming.

Punishment: 6 month 50,000

Spoofing: Whoever establishes a website, or sends an

electronic message with a counterfeit source intended to be believed by the recipient or visitor or its electronic system to be an authentic source

with intent to gain unauthorized access or obtain valuable information

Later, Information can be used for any lawful purposes commits the offence of spoofing.

Cyber terrorism: Any person, group or organization who, with terroristic

intent utilizes, accesses or causes to be accessed a computer or

computer network or electronic system or device or by any available means,

knowingly engages in or attempts to engage in a terroristic act commits the offence of cyber terrorism.

Punishment Whoever commits the offence of cyber terrorism and

causes death of any person shall be punished with death Or imprisonment for life, and with fine Otherwise he shall be punishable with imprisonment of ten

years or with fine ten million rupees

Opportunity for Business

Flexible Storage

IT and Telecom professional salaries

Data Storage Seriousness

Criticism

There are seemingly 21 ‘cyber’ issues covered in this Bill

It may seem to cover all aspects of the new digital era.

But detailed look shows quite the contrary. Practically in all issues the government has

gone the extra mile to reinvent a new definition, significantly deviating from the internationally accepted norms.

There seems to be an elaborate play of words within the document

allow room for the regulating body (FIA) to confuse and entrap the innocent people

The FIA, has been given complete and unrestricted control to arrest and confiscate material as they feel necessary

A very dangerous supposition Safeguards and Protection

One example of the hideous nature of the bill: The Government has literally attempted to insert a new

word in the English language. The word TERRORISTIC is without doubt a figment of their

imagination vocabulary Hence they attempt to define the word, quite literally

compounding the problem at hand They have actually defined what real-life terrorism might be But fail to explain what they mean by the word Cyber in

cyber terrorism. the concern is that there happens to be no clear-cut

explanation on how a Cyber Terrorism crime is committed.

Special Agency

Federal Intelligence Agency NR3C

(National Response Center for Cyber Crimes) Sindh Police –Cyber Cop

NR3C

Require any person where:–reasonable technical and other assistance–require any person to such decrypt information

• Obstruction–1 year imprisonment–1 hundred thousand rupees

NO JUDICIAL SAFEGUARD

Top Ten Victims The 2007 Internet Crime Report cites the top ten

countries by amount of perpetrators of online crime In descending order

United States United Kingdom Nigeria Canada Romania Italy Spain South Africa Russia Ghana

Facts & Figures

Americans reported losses of US$240 million from global cyber-crime in 2007 A $40 million increase from 2006

The I3C received 206,884 complaints of online fraud in 2007 a decrease from the previous year’s 207,492

complaints and over 231,000 complaints in 2006.

Facts & Figures

The United Kingdom is listed second in a report on global cyber-crime statistics, behind the United States.

The UK Cybercrime report: There were 850,000 instances of sex crimes

where individuals were ‘cyberstalked’ or received unwanted sexual approaches and paedophiles grooming underage children for sex.

There were 207,000 financial frauds committed last year - up more than 30 percent on a similar study in 2005 and eclipsing outstripping the 199,800 offline frauds.

There were 92,000 cases of identity theft 144,500 cases of hacking into another PC.

Crimes Reported in Pakistan

A total of 57 cases have been registered under the ETO 2002 in the years 2005 & 2006.

Offences 2006 2005 Total

IPR Crimes 14 20 34

Spurious Drugs 37 30 67

Cyber Crimes 33 24 57

Counterfeit Currencies 7 2 9

Others 105 148 253

Total: 196 224 420

Thanks for Your Attention..