cyber crime

Cyber crime

And

Prevention of Electronic Crimes Ordinance, 2008

The Electronic Transaction Ordinance, 2002

Emergence of Cyber Crime

The first recorded cyber crime took place in the year 1820! That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China. The era of modern computers, however, began with the analytical engine of Charles Babbage.

In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom.

This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime!

Cyber crime is an evil having its origin in the growing dependence on computers in modern life. In a day and age when everything from microwave ovens and refrigerators to nuclear power plants are being run on computers, cyber crime has assumed rather sinister implications

Definition

A generalized definition of cyber crime may be “unlawful acts wherein the computer is either a tool or target or both”

Thus, crimes are unlawful acts wherein the computer is either a tool or a target or both.

Nature and areas of Cyber Crimes

• Mobile/Credit Card / Balance Transfer Fraud
• Bank Fraud Credit Cards/ ATM/Loan
• Mobile/Phone/ Threatening through SMS/Calls
• Tracing of IP/Email Address
• Threatening/Abusive/ Massages & Emails
• Hacking /Illegal access of Websites
• Hacking of Account/Email Address
• Fraudulent Emails
• Fraud through mobile messages regarding Winning of Vehicle
• Misuse of Information on Internet
• Lottery Award Cases
• Electronic Money Laundering and Tax Evasion
• Electronic Vandalism, Terrorism and Extortion
• Sales and Investment Fraud
• Illegal Interception of Telecommunications
• Telecommunications Piracy
• Electronic Funds Transfer Fraud
• Theft of Telecommunications Services
• Communications in furtherance of Criminal Conspiracies
• Dissemination of Offensive Materials

Domestic Cyber Crime Laws of Pakistan

• Prevention of Electronic Crimes Ordinance, 2007
• Electronic Transactions Ordinance, 2002
• Pakistan Telecommunication (Re-organisation) Act, 1996
• Wireless Telegraphy Act, 1933
• Telegraph Act, 1885
• Federal Investigation Agency Act, 1974
• Payments & Electronic Fund Transfers Act, 2007

To restrict the crackers and criminals within the social and legal parameters every nation has its own defined ‘Cyber Crimes Law’ to control the crimes against IT infrastructure, systems and data (information) using computer and network technologies. A similar is introduced by government of Pakistan as an ordinance named ETO or ‘Electronic Transaction Ordinance’. 

وَإِذَا قِيلَ لَهُمْ لاَ تُفْسِدُواْ فِى ٱلأَرْضِ قَالُوۤاْ إِنَّمَا نَحْنُ مُصْلِحُونَ

Whenever it is said to them, "Spread not disorder on the earth", their reply is, "We only seek to put things aright".                          [QURAN 2:11]

The Electronic Transaction Ordinance is an essential prerequisite for e-commerce growth and termed as "a landmark decision for the IT development of the country"

The Ordinance aimed to achieve: -

1.      Great economic impact.

2.      E-commerce and projecting Pakistan’s products such as textile, leather goods, sports goods and surgical items to the world.

3.      Increased e-transactions.

4.      Major benefits for the small and medium business enterprises as the cost of transactions are greatly reduced electronically.

5.      Legal and safe trading to take place as the necessary laws to protect the interests of both the buyers and the sellers in the process of electronic sales and purchases are protected through the promulgation of the Electronic Transaction Ordinance 2002

Electronic Transactions Ordinance, 2002 is basically covers 2 areas:

1.      Recognition of Information in Electronic Form

2.      Electronic Contracts (by means of digital Electronic Contracts)

The offences under the ETO are:

1.      Non bail able

2.      Cognizable and

3.      Compoundable (Section38)

Prevention of Electronic Crimes Ordinance, 2008

The Prevention of Electronic Crimes Ordinance, 2008 applies to every person who commits an offence under the said Ordinance irrespective of his nationality or citizenship whatsoever or in any place outside or inside Pakistan, having detrimental effect on the security if Pakistan or its nationals or national harmony or any property or any electronic system or data located in Pakistan or any electronic system or data capable of being connected, sent to, used by or with any electronic system in Pakistan.

The ordinance i.e. Prevention of Electronic Crimes Ordinance, 2008 gives exclusive powers to the Federal Investigation Agency (FIA) to investigate and charge cases against such crimes.

The ordinance covers provision for illegal and criminal acts such as data access, data damage, system damage, electronic fraud, electronic forgery, spamming, spoofing, cyber terrorism etc

Chapter II of the Prevention of Electronic Crimes Ordinance, 2008 deals with the Offences and Punishments. Punishments range from two years to death penalty. For the general guidance offences and punishments are mentioned below:

Section 3 of the Prevention of Electronic Crimes Ordinance, 2008 deals with criminal access: The said section states Criminal Access:

Whoever intentionally gains unauthorized access to the whole or any part of an electronic system or electronic device with or without infringing security measures, shall be punished with imprisonment of either description for a term which may extend to two years or with fine not exceeding three hundred thousand rupees, or with both. Criminal Data Access is an Offence and Punishable.

Section 4 of the Prevention of Electronic Crimes Ordinance, 2008 states Criminal data access:

Whoever intentionally causes any electronic system or electronic device to perform any function for the purpose of gaining unauthorized access to any data held in any electronic system or electronic device or on obtaining such unauthorized access shall be punished with imprisonment of either description for a term which may extend to three years or with fine or with both.

Section 5 states Data Damage:

Whoever with intent to illegal gain or cause harm to the public or any person, damages any data shall be punished with imprisonment of either description for a term which may extend to three years or with fine or with both.

Section 6 states System Damage:

Whoever with intent to cause damage to the public or any person interferes with or interrupts or obstructs the functioning, reliability or usefulness of an electronic system or electronic device by imputing, transmitting, damaging, deleting, altering, tempering, deteriorating or suppressing any date or services or halting electronic system or choking the networks shall be punished with imprisonment of either description for a term which may extend to three years or with fine or with both.

Section 7 states electronic fraud:

Whoever for wrongful gain interferes with or uses any data, electronic system or electronic device or induces any person to enter into a relationship or with intent to deceive any person, which act or omissions is likely to cause damage or harm to that person or any other person shall be punished with imprisonment of either description for a term which may extend to seven years, or with fine, or with both.

Section 8 states Electronic Forgery:

Whoever for wrongful gain interferes with data, electronic system or electronic device, with intent to cause damage or injury to the public or to any person, or to make any illegal claim or title or to cause any person to part with property or to enter into any express or implied contract, or with intent to commit fraud by any input, alteration, deletion, or suppression of data, resulting in unauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless of the fact that the data is directly readable and intelligible or not shall be punished with imprisonment for a term which may extend to seven years, or with fine or with both.

Section 9 states Misuse of electronic system or electronic device

Whoever produces, possesses, sells, procures, transports, imports, distributes or otherwise makes available an electronic system or electronic device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established under this Ordinance or a password, access code, or similar data by which the whole or any part of an electronic system or electronic device is capable of being accessed or its functionality compromised or reverse engineered, with the intent it be used for the purpose of committing any of the offences established under this ordinance, is said to commit of misuse of electronic system or electronic devices. Whoever commits the offence shall be punishable with imprisonment of either description for a term which may extend to three years, or with fine, or with both.

Section 10 states unauthorized access to code:

Whoever discloses or obtains any password, access as to code, system design or any other means of gaining access to any electronic system or data with intent to obtain wrongful gain, do reverse engineering or cause wrongful loss to any other unlawful purpose shall be punished with imprisonment of either description for a term which may extend to three years or with both.

Section 11 states Misuse of encryption:

Whoever for the purpose of commission of an offence or concealment of incriminating evidence, knowledge and willfully encrypts any incriminating communication or data contained in electronic system relating to that crime or incriminating evidence, commits the offence of misuse of encryption shall be punished with imprisonment of either description for a term which may extend to five years or with fine or with both.

Section 12 states malicious code:

Whoever willfully writes, offers, makes available, distributes or transmits malicious code through an electronic system or electronic device, with intent to cause harm to any electronic system or resulting in the corporation, distribution, alteration, suppression, theft or loss of data commits the offence of malicious code. Provided that the provision of this section shall not apply to the authorized testing, research and development or protection of an electronic system for any lawful purpose. Whoever commits the offence shall be punished with imprisonment of either description for a term which may extend to five years, or with fine or with both.

Section 13 states Cyber stalking:

Whoever with intent to coerce, intimidate, or harass any person uses computer, computer network, internet, network site, electronic mail or any other similar means of communication to communicate obscene, vulgar, profane, lewd, lascivious, or indecent language, picture or image, make any suggestion or proposal of an obscene nature, threaten any illegal or immoral act, take or distribute pictures or photographs of any person without his consent or knowledge, display or distribute information in a manner that substantially increases the risk of harm or violence to any other person, commits the offence of cyber stalking.

Section 14 states Spamming:

Whoever transmits harmful, fraudulent, misleading, illegal or unsolicited electronic messages in bulk to any person without the express permission of the recipient, or causes any electronic system to show any such message or involves in falsified online user account registration or falsified domain name registration for commercial purpose commits the offence of spamming.

Section 15 states Spoofing:

Whoever establishes a website, or sends an electronic message with a counterfeit source intended to be believed by the recipient or visitor or its electronic system to be an authentic source with intent to gain unauthorized access or obtain valuable information which later can be used for any lawful purposes commits the offence of spoofing.

Section 16 states unauthorized interception:

Whoever without lawful authority intercepts by technical means, transmissions of data to, from or within an electronic system including electromagnetic system carrying such data commits the offence of unauthorized interception.

Section 17 states Cyber terrorism:

Any person, group or organization who, with terroristic intent utilizes, accesses or causes to be accessed a computer or computer network or electronic system or electronic device or by any available means, and thereby knowingly engages in or attempts to engage in a terroristic act commits the offence of cyber terrorism.

Section 21 states Offences by corporate body:

A corporate body shall be held liable for an offence under this Ordinance of the offence is committed on its instructions or for its benefit. The corporate body shall be punished with fine not less than one hundred thousand rupees or the amount involved in the offence whichever is the higher Provided that such punishment shall not absolve the criminal liability of the natural person who has committed the offence. Corporate body includes a body of persons incorporated under any law such as trust, waqf, an association, a statutory body or a company.

These offences would be tried in tribunal incorporated under this Ordinance and appeal would lie to the High Court.