ISLAMABAD: The government has decided to set up a “cyber authority”, a special court to deal with cyber crime and disputes as well as an emergency unit to counter attacks that are against Pakistan’s interests.
This is part of larger plan to amend a dozen major laws through a consolidated compendium to be called the Electronic Documents and Prevention of Cybercrimes Act, 2014.
This consolidates and updates the different laws that are applicable to information technology or cyber activity in an all-encompassing piece of law to combat crime and to promote electronic and computerised businesses through legal documents, e-signatures, etc.
A source in the prime minister’s secretariat told Dawn the draft law was being considered for promulgation through an ordinance to address short-term challenges after its approval by parliament. Prime Minister Nawaz Sharif and his top legal and bureaucratic aides have been engaged in extensive consultations on the issue with a team of lawyers, led by Supreme Court advocate Akram Shaikh and regulatory expert Aslam Hayat for over three months and a final piece of law has been prepared.
It is expected to be taken up by the cabinet soon.
According to the final 30-page draft available with Dawn, the proposed law has 77 sections and two schedules of offences, punishments, facilities and technologies to be covered. These include cyber crime, terrorism and crimes against the state committed with the aid of modern technology.
Besides many changes in the existing criminal laws, the new law seeks to amend major laws such as the Pakistan Telecommunication Reorganisation Act of 1996, the Qanun-e-Shahadat law of 1984, the Negotiable Instruments Act of 1881, the Power of Attorney Act of 1881, the Trust Act of 1882 and the Criminal Procedures Code, 1898.
Under Article 10 of the Constitution, the law seeks to establish a 7-member corporate body called the Cyber Authority of Pakistan, comprising five members from the private sector and two from the public sector, with protected tenures of at least three years.
This authority will not only address all aspects related to cyber activity from its own specialist lens but also prevent and suppress cybercrimes effectively and efficiently.
Officials said that such a regulatory authority does not exist in other regional countries; some legislative models are available in east Asia and, obviously, in the West.
The authority will also be empowered to organise cyber-investigation and cyber-protection teams. This is based on the realisation that only experts in information technology and cyber activity can successfully investigate, prosecute or prevent cyber crimes. Also, there have been cases of persons using electronic devices to attack national infrastructure and otherwise causing significant problems for the interests of the state.
The government will therefore establish the Cyber Emergency Response Team led by the secretary of information technology, comprising two outstanding experts to respond to national and significant cyber-security issues as well as bridge the gap between the government and the Cyber Authority.
Because of the kind of crimes involved, the government is also to set up a Cyber Tribunal led by a chairperson and comprising judges of the high courts or equivalent-rank former judges, prominent lawyers of high courts and known professional experts on information technology, internet services, telecommunications and cryptography services. The decisions of the Tribunal can only be challenged before the high court.
Sources said that on the advice of Mr Shaikh, the law will cover basic and widely practiced cyber crimes. Complex ones have been avoided given the fact that such crimes are not common in Pakistan.
ELECTRONIC DOCUMENTS: The law provides a framework for the authentication of electronic documents by affixing electronic signatures through a unique system of private and public keys so that any changes in documents, forms and signatures are detectable by the Cyber Authority. As a result, such transactions and businesses would be legally recognised, with authenticity to be confirmed by the Cyber Authority and kept in the safe record for any future re-verification.
This would also involve receipt or payment by means of such electronic forms as the government may prescribe and allow electronic filing and the issuance of forms, applications, licences, permits or any other documents with any office, authority, body or agency owned or controlled by the government.
The authority will also take care of contract formation, the communication and acceptance of proposals or their revocation through the use of electronic documents and devices. It will be responsible for prescribing the procedure for electronic contract formation or authentication.
Notwithstanding the requirements of the Stamp Duty Act of 1899, stamp duty shall not be payable with respect to any instrument executed in the electronic form until an appropriate mode is prepared by the government. Likewise, no electronic document will require attestation or notarisation for a period of four months to enable the government to put in place a fresh mechanism for this. The law requires that an electronic document shall be deemed to have been sent by the originator if it was sent by the originator or his authorised nominee.
The authority will also be the focal body to coordinate with domestic and international law enforcement agencies against cyber crimes and facilitate intelligence-gathering and the investigation of such crimes. In doing so, it will also coordinate with the business community and civil society, while collecting and recording traffic data in real time.
It is to have the power to seek and access any governmental or non-governmental organisations, including network service providers, and grant and renew accreditation certificates, cryptography services, electronic signatures and security procedures.As part of the proposed law, there is a schedule of crimes, compensations and punishments including the forgery of documents, the downloading of copies of papers relating to others, hacking, unauthorised interception, dishonestly receiving electronic devices and documents, identity theft, impersonation, the violation of privacy, electronic fraud, cyber terrorism, cyber stalking, spamming, spoofing and domain squatting.
Offences also include transmission of offensive messages or images of sexually explicit acts, depicting children in sexually explicit acts, the transmission of material containing heinous acts, the failure to protect data, and false information by the subscriber or false certificates. All offences and crimes under the proposed act will be non-bailable, compoundable and cognisable.