Law to punish cyber- crimes on the cards

ISLAMABAD: Pakistan is inching closer to promulgating a strong cybercrime law, as a parliamentary committee has received the final draft of the law after a thorough review by legal experts, security agencies, the Pakistan Telecommunication Authority (PTA) and a sub-committee of the National Assembly.
The final amended draft, a copy of which is available with The News, maintains strong punishments, including jail terms for unauthorised access to data, cyber stalking, spoofing and spamming, despite criticism from the civil society.
The final draft still allows for seizure of data and equipment by the investigation agencies without prior court permission if the offence is of a serious nature.
It, however, clarifies that wherever possible a gazetted officer will be sent to undertake this operation.
Cyber stalking is punishable with up to two-year jail term and Rs1 million fine under the finalised draft.
It is defined as “Whoever with the intent to coerce or intimidate or harass any person uses information system, information system network, the Internet, website, electronic mail, information or any other similar means of communication to communicate obscene, vulgar, contemptuous, or indecent information; or make any suggestion or proposal of an obscene nature; or threaten to commit any illegal or immoral act; or take a picture or photograph of any person and display or distribute without his consent or knowledge in a manner that harms a person; or display or distribute information in a manner that substantially increases the risk of harm or violence to any person, commits the offence of cyber stalking.”
It says any aggrieved person may apply to the Authority for issuance of appropriate orders for removal or destruction of, or blocking access to such information.
Spamming is punishable with up to three-month jail term and Rs1 million fine under the law.
It is defined as “whoever with intent transmits harmful, fraudulent, misleading, illegal or unsolicited information to any person without the express permission of the recipient, or causes any information system to show any such information commits the offence of spamming.”
However, the law says unsolicited information does not include marketing authorized under the law; or information which has not been specifically unsubscribed by the recipient.
Under the approved draft, spoofing is punishable with up to three-year jail term and Rs50,0000 fine.
It is defined as “whoever dishonestly establishes a website or sends any information with a counterfeit source intended to be believed by the recipient or visitor of the website, to be an authentic source commits spoofing.”
However, some minor concessions have been offered to civil society and internet service providers.
The businesses which provide free internet to their customers including hotels and coffee shops have been exempted from the condition of storing data of their users.
Under the amended draft, the law will only be applicable on cyber cafes which provide premises from where or facilities through which the public in general may access the Internet “against payment of charges for the same”.
This change means the coffee shops and other businesses which provide internet access for free will be exempted from the provision of the law under which they had to maintain and store data of all users for a specific time.
The draft law also clarifies that accessing data which is available for open access by the general public will not be a crime.
“Provided that where an information system or data is available for open access by the general public, access to or transmission of such information system or data shall be deemed to be authorised for the purposes of this Act,” says the draft law.
The final draft also increases the age limit for juvenile offenders from 10 years to 13 years.
The draft law identifies 21 cyber related offences which are punishable with jail-term including unauthorised access to data, unauthorised copying or transmission of data, interference with information system or data, unauthorised access to critical infrastructure information system or data, unauthorised copying or transmission of critical infrastructure data, interference with critical infrastructure information system or data, Glorification of an offence and hate speech, Cyber terrorism, Electronic forgery, Electronic fraud, making, obtaining, or supplying device for use in offence, unauthorised use of identity information, unauthroised issuance of SIM cards, tempering etc. of communication equipment, unauthorised interception, offences against dignity of natural person, offences against modesty of a natural person and minor, malicious code, cyber stalking, spamming and spoofing.
The draft law also proposes establishment of an independent forensic laboratory to provide experts opinion to the court in cybercrime related issues.
“The federal government shall establish or designate a forensic laboratory, independent of the investigation agency to provide expert opinion before the court or for the benefit of the investigation agency in relation to electronic evidence collected for purposes of investigation and prosecution of offences under this Act,” the draft law states.
Under the draft law, the federal government will make rules for management and oversight of the forensic laboratory; qualifications and trainings of the officers, experts and staff of the forensic laboratory; powers, functions and responsibilities of the forensic laboratory, its officers, experts and staff; and standard operating procedures of the forensic laboratory to interact with the investigation and prosecution agency.