Critical analysis of proposed cyber Crime Bill 2015

Critical analysis of proposed cyber Crime Bill 2015

Introduction:

The Proposed cyber law does not qualify the national legal standards and various technical norms of information technology. Following are some preliminary and instantaneous apprehensions on the proposed legislation of Cyber Crime Act 2015.

Examination:

Chapter  I

Section 1. Short title, extent and commencement: (1) This Act may be called the Electronic Documents and Prevention of

Cybercrimes Act, 2014.

The citation of proposed law is immature or imperfect, the suitable title may “Electronic Transaction and Prevention of Cybercrimes Act, 2014.  Although I feel a sense of incomplete  in this title of proposed law as the most important topic of personal information protection is not addressed properly in the proposed law I suggest the titled as “  Personal Information Protection, Electronic Documents and Prevention of Cybercrimes Act  2015 or (Pakistan Information Technology Act 2015)

Section 2 – Definitions

  1. The proposed law is silent about the definition of ‘ Electronic’ which was clearly defined by the Prevention of Cybercrime Act 2008.
  2. The proposed law also silent about the definition and concept of ‘email’
  • The concepts of Cyberspace and internet do not defined or elaborate
  1. The definition of data is vague and incomplete plain version which is original form of data is not defined in this proposed law.
  2. Definition of ‘function’ relating to electronic communication is not defined.

Chapter II – Electronic Documents and Electronic Signatures

Electronic Signature:

(4) The Cyber Authority may add or omit any electronic signature and the procedure for affixing such signature.

The electronic signatures are unique in kind and assigned to specific person which could not be tampered with. This is an individual-to-individual procedure and the Authority’s intervention in this process would be a violation of privacy.

Section 16 Certified copies:

Certified copies: (1) Where any law requires or permits the production of certified copies of any records, such requirement or permission shall extend to printouts or other forms of display of electronic documents where, in addition to fulfillment of the requirements as may be specified in such law relating to certification, it is verified in the manner laid down by the Federal Government.

This is section vague and incomplete without providing any reference of Bankers Book Evidence Act 1891 where the concept of certified copy is clearly elaborated even Bankers Books Evidence Act (India) has been amended as following;

  1. 6[(8) “Certified copy” means when the books of a bank, –

(a) Are maintained in written form, a copy of any entry in such books together with a certificate written at the foot of such copy that it is a true copy of such entry, that such entry is contained in one of the ordinary books of the bank and was made in the usual and ordinary course of business and that such book is still in the custody of the bank, and where the copy was obtained by a mechanical or other process which in itself ensured the accuracy of the copy, a further certificate to that effect, but where the book from which such copy was prepared has been destroyed in the usual course of the bank’s business after the date on which the copy had been so prepared, a further certificate to that effect, each such certificate being dated and subscribed by the principal accountant or manager of the bank with his name and official title; and (b) Consist of printouts of data stored in a floppy, disc, tape or any other electromagnetic data storage device, a printout of such entry or a copy of such printout together with such statements certified in accordance with the provisions of section 2A.

7[(c) a printout of any entry in the books of a bank stored in a micro film, magnetic tape or in any other form of mechanical or electronic data retrieval mechanism obtained by a mechanical or other process which in itself ensures the accuracy of such printout as a copy of such entry and such printout contains the certificate in accordance with the provisions of section 2A.

2A. Conditions in the printout 

A printout of entry or a copy of printout referred to in sub-section (8) of section 2 shall be accompanied by the following, namely: –

  1. (a) A certificate to the effect that it is a printout of such entry or a copy of such printout by the principal accountant or branch manager; and (b) A certificate by a person in-charge of computer system containing a brief description of the computer system and the particulars of-

(A) The safeguards adopted by the system to ensure that data is entered or any other operation performed only by authorised persons; (B) The safeguards adopted to prevent and detect unauthorized change of data; (C) The safeguards available to retrieve data that is lost due to systemic failure or any other reasons;

(D) The manner in which data is transferred from the system to removable media like floppies, discs, tapes or other electromagnetic data storage devices; (E) The mode of verification in order to ensure that data has been Accurately transferred to such removable media; (F) The mode of identification of such data storage devices; (G) The arrangements for the storage and custody of such storage devices; (H) The safeguards to prevent and detect any tampering with the system; and (I) Any other factor, which will vouch for the integrity and accuracy of the system.

(c) A further certificate from the person in-charge of the computer system to the effect that to the best of his knowledge and belief, such computer system operated properly at the material time, he was provided with all the relevant data and the printout in question represents correctly, or is appropriately derived from, the relevant data.”

The proposed also does not lay down any format given in any schedule which may clear and elaborate the layout of certified copies.

CHAPTER III- ATTRIBUTION OF ELECTRONIC DOCUMENTS

  1. Attribution of electronic documents:

(1) Unless otherwise agreed as between an originator and the addressee, an electronic document shall be deemed to be that of the originator if it was sent;

(b) by a person who had the authority to act on behalf of the originator in respect of that electronic document; or

Technically the procedure provided in this provision cannot work without sharing the authorization code for your digital signature. In a simple word this means you are giving someone permission to access and even to forge your signature.

CHAPTER IV – CYBER AUTHORITY:

21.Establishment of Cyber Authority

(3) The Cyber Authority of Pakistan shall comprise of seven members, with five members from the private sector and two members from the public sector. One of the members shall be designated as the Chairman by the Federal Government.

The procedure by which the members shall be nominated or selected is not mentioned. The term ‘private sector’ does not indicate whether it pertains only to body corporates, whether it includes civil society members etc. There is no governing document with functions, powers and duties clearly distinct.

(4) The Chairman and members of the Cyber Authority shall be appointed by the Federal Government for a term of three years and shall be eligible for reappointment only once for an equal term after the expiry of their first term of appointment.

This section is against various norms of The Constitution of 1873 as fair policy is totally ignored;  If the committee comprises members from both the public and private sectors, why is decision-making solely the federal government’s choice? Doesn’t that pave way for political appointments vs those on merit? Also, what is the eligibility criteria?

  1. Establishment of the Cyber Authority:

(8) Once appointed, no member shall have any direct financial or other interest in any entity or business relating to any services to which the Cyber Authority is authorized to function or perform.

Supposing the members will likely be technical experts in the field, isn’t there a high chance these experts will still be closely related to the field (business, firm etc.) ? which may resulted that members shall not draw undue benefit/financial benefit from their acting role as a member.

  1. Qualifications of members:

(1) Of the seven members of the Cyber Authority:

(a) four shall be professionals or academics with at least seven years work experience in the fields of information technology, internet services, telecommunications and cryptography services; (b) two shall be advocates with at least seven years experience and adequate knowledge of laws relating to information technology, internet services, telecommunications and cryptography services; (c) one shall have an administrative background with at least seven years experience in a private or public organization.

This seems to be a criteria for qualification of members but these provision are totally silent about the process that be adopted. Fundamentally, all members remain appointees as they are selected vs being elected or making it to the committee through an open and transparent process. In its current form, seven-member committee is not accountable to any public forum.

(6) The Cyber Authority may, from time to time, delegate one or more of its functions and powers to one or more of its members.

These is no clear dissection of power, this will be done so at the whims of the Cyber Authority itself.

(7) A member of the Cyber Authority shall not be removed except on the grounds of misconduct or incapacity as adjudicated by a court of competent jurisdiction.

This provision of proposed law suggests there is no internal code of conduct defined for the authority, any issues, even misconduct will have to be challenged in court.

  1. Functions of Cyber Authority

(2) Without prejudice to the generality of the foregoing, the Cyber Authority shall:

(a) ensure that cybercrimes, as provided under this Act and otherwise, are effectively prevented, suppressed, investigated and prosecuted;

How are cybercrimes going to be prevented in the absence of any privacy laws directed for corporates i.e banks and others or enhanced security measures for private and public companies handling data? Additionally, this proposed legislation does not lay down investigation and prosecution procedures. Leaving these open-ended or at the discretion of Authority once it comes into existence is a blatant loophole, letting for undue procedures.

  1. d) organize a Cyber Prosecution Team composed of members of the Cyber Authority and other persons, as may be designated by the Cyber Authority, to exclusively prosecute persons involved in violations of this Act and other matters connected thereto;

If the Prosecution Team is being created exclusively, what happens to NR3C under the FIA Act? Does this legislation abolish their verdict ? Which ‘other persons’ are to be involved in the investigation and prosecution process, and what are their roles, responsibilities and limits? None of this is clearly elaborated.

(g) cooperate and coordinate with domestic and international persons, entities and agencies in relation to prevention, suppression, investigation or prosecution of cyber-crimes and to fulfill other purposes of this Act and the matters connected thereto;

  1. h) facilitate international cooperation on intelligence, investigations, training and capacity building in order to prevent, suppress, investigate and prosecute cybercrimes as provided under this Act and other matters connected thereto;

(i) monitor cybercrime cases as prevented and suppressed by cooperating and participating domestic and international law-enforcement agencies;

Provisions (g) and (h) both discuss the ‘prevention’ of cyber-crimes and co-operation with international agencies, without mention of whether data gathered on suspicion will be shared with international intelligence agencies.  where they are looking for authority to share data or seek international help on basis of suspicion for the purpose of ‘prevention of crime.’ However, what are the confines within which data gathering and sharing is to take place?

(k) Collect or record by electronic means traffic data in real-time associated with specified electronic documents transmitted by means of electronic devices;

Is not this highest to arbitrary data interception? Under what circumstances should this even be permissible? Should not the comparable of a warrant be required to put this in place first? The manner in which this is phrased suggests that any data transmitted electronically is fair game for surveillance. Methods of data collection and storage and undefined.

  1. Powers of the Cyber Investigation Team:

(1) Subject to the regulations prescribed by the Cyber Authority, the Investigation Team shall be entitled to:

  • access and inspect the operation of any electronic device and any data or program residing therein;

 

  • access and inspect any information, code, program, technology and other tangible and

non-tangible materials;

The ambit within which the Cyber Investigation Team is to operate should have been a part of the proposed legislation, rather than the Authority laying out the regulations. CIT here is authorized to inspect any electronic device and data in it. There is no mention on how this process works and warrant issued. The scope or context of the electronic device has not been defined leaving room for abuse. This must indicate clearly through a documented process that any electronic device that the Cyber Investigation Team draws a consensus on is relevant to the investigation at hand, and that this is subject to the approval of a higher authority.

In fact while drafting this propose law lawman has not enough knowledge about existed law dealing with interception and analysis of electronic device, the provisions of Investigation of Fair Trial Act 2013 has to include collaborating the spirit of this proposed law.  Cyber Authority should not be able to seize devices such as computers / cell-phones / tablets etc. without a court-approved warrant at least. Secondly, the Authority should not be allowed to confiscate peripheral computer equipment owned by say family members or office staff, etc. without referring relevant provision of IFTA 2013.

(c) require any person to explain or clarify any matter related to any electronic device whether in his ownership, control or otherwise;

Anyone in ownership of a USB / portable electronic storage device  seems to be fair game. How and why should investigation be allowed based entirely on possession of an electronic device.

  1. Grant of Accreditation:
  • The Cyber Authority may grant accreditation to certification service provider, its cryptography services, electronic signature and security procedures to any person who complies with the criteria and requirements specified in the regulations prescribed by the Cyber Authority.

 

  • The terms and conditions of the accreditation, including those relating to duration of the accreditation, renewal, suspension, revocation, fee for grant and renewal, shall be specified in regulations prescribed by the Cyber Authority.

The Cyber Authority should not take any steps to establish itself as the Proxy and / or Man in the Middle gatekeeper or checker for any sort of information that traverses between a user and a service outside or inside of Pakistan, this is especially true for Skype, VPN and HTTPS services. Many services like say Google, etc. automatically enable encryption by virtue of HTTPS, by utilizing such a service and such an encryption, an average person should not be subject to cryptography clauses and be subject needlessly.

  1. Establishment of Cyber Authority Fund:

(2) The Fund shall consist of:

(b) loans, aid, grants and donations from the national or international agencies;

Will taking funds from ‘international agencies’ not expose the authority to the risks of lobbying, influence and loss in objectivity?

CHAPTER VI- CYBERCRIMES AND PUNISHMENTS

  1. Punishment for committing crimes against Pakistan:

(1) Any person who by means of an electronic device performs any function, or causes the performance of any function, knowing or having reason to believe that such function will result in imminent and real danger to any interests of Pakistan including, but not limited to, national security, national economy or public order, shall be punishable with imprisonment of a term not exceeding seven years, or with fine which may extend to ten million rupees, or with both.

Calling something ‘the interest of Pakistan’ and then using it as the basis for punishment is high risk and open to abuse. This needs to be better and well defined. There is no distinction for willful intent, malicious intent or any language that would enforce that determining intent is important. Seven years is an incredibly harsh punishment for vaguely defined offence.  A person may be charged with an offence apart from Section 43 and if acquitted of that offence, can still be convicted under Section 43 as vaguely defined offences allow arbitrary authority to the executive.

  1. Punishment for damage to electronic device:

This section in its totally ranges from punishing hackers to punishing individuals that may end up deleting data on an electronic device.

  1. Punishment for hacking:

(1) Any person who by means of an electronic device performs any function, or causes the performance of any function, knowing or having reason to believe that such function will result in hacking of or otherwise gaining unauthorized access into any electronic device, shall be punishable with imprisonment of a term not exceeding three years or fine not exceeding five hundred thousand rupees, or both.

Punishment for hacking is too harsh and unreasonable. The offence refers to either performing or causing to perform a function which may result in “hacking” but does not refer to the intent of the accused, whether it was done with intention, recklessness or negligence. These three facets are extremely important in criminal law as the nature of the crime and the sentence levied must reflect the existing mental state of the accused. As the above stated offences have been classified as, “crimes” and not offences falling under Tort , for the legal conviction of accused, the mens rea of the crime must be determined with the three elements being either recklessness, intention or negligence. Without the successful determination of the presence of one of these elements within the prosecution and a conviction is allowed, that would constitute a gross miscarriage of justice.

  1. Punishment for dishonestly receiving electronic device:

(1) Any person who dishonestly receives or retains any stolen electronic device or any information or data therein knowing or having reason to believe the same to be received or retained dishonestly, shall be punishable with imprisonment of a term not exceeding three years or fine not exceeding five hundred thousand rupees, or both.

Dishonestly is vague term. How is this to be determined? Analogical deduction  must be acquire from PPC to elaborate dishonestly clearly.

  1. Punishment for personation:

(1) Any person who by means of an electronic device performs any function, or causes the performance of any function, knowing or having reason to believe that such function will result in personating any other person or otherwise pretending to be any other person, shall be punishable with imprisonment of a term not exceeding three years or fine not exceeding five hundred thousand rupees, or both.

Personation is another vague term in fact there is no such as ‘personation.’ Impersonation is generally considered Tort and does not fall within the ambit of criminal law. Therefore, it should not be included under criminal offences, nor should it be punishable with imprisonment.

 

  1. Punishment for violation of privacy:

(1) Any person who by means of an electronic device performs any function, or causes the performance of any function, knowing or having reason to believe that such function will result in violating any other person’s privacy, in any manner whatsoever, shall be punishable with imprisonment of a term not exceeding three years or fine not exceeding five hundred thousand rupees, or both.

Here concept of violation of privacy in cyberspace is not clear even narrowly defined. Violation of privacy in this proposed law is vague term. What constitutes breach of privacy?  This should be applied on entities, especially those that host data of individuals and not just individuals. However, this needs to be well defined, as in what causes privacy breach. Is posting a picture of me by someone else on Facebook /google+  without my permission considered a privacy breach that may result in three years in prison? Does this also imply that uploading images on Instagram from my father’s iPad, applying filters and significantly altering the existing images, would constitute as image tampering and a breach of privacy for which I can be charged with an offence?

  1. Punishment for cyber terrorism:

(1) Any person who by means of an electronic device performs any function, or causes the performance of any function, knowing or having reason to believe that such function will result in threatening the national security of Pakistan, striking terror in any person, destruction of property or committing any other crime termed as terrorist act, shall be punishable with imprisonment of a term not exceeding seven years or fine not exceeding one million rupees, or both.

It may be only statute in the world wherein cyber terrorism is defined and elaborated. There is huge contradiction on this term. Still the international community has not yet defined cyber terrorism. Under this proposed law what constitutes cyber terrorism is in fact cyber warfare which is in fact well defined term which has not be proposed in this law.

  1. Punishment for cyber stalking, spamming, spoofing and squatting:
  • Any person who by means of an electronic device performs any function, or causes the performance of any function, knowing or having reason to believe that such function will result in harassment, intimidation, or coercion, shall commit the crime of cyber stalking.

 

  • Any person who by means of an electronic device performs any function, or causes the performance of any function, knowing or having reason to believe that such function will result in transmission of fraudulent, misleading, or unsolicited electronic messages in bulk or otherwise to any person without his express permission, shall commit the offence of cyber spamming.

Spamming is criminalized whereas it need not be. There are spam filters etc that can adequately deal with this.

 

(3) Any person who by means of an electronic device performs any function, or causes the performance of any function, knowing or having reason to believe that such function will result in sending of electronic messages with a counterfeit source, depicting to be an authentic source, so as to gain unauthorized access or obtain valuable information in an unlawful manner, shall commit the crime of cyber spoofing.

Spoofing is also done by means of a phishing scam, where the originator is unaware, in that case how is it logical to make it a punishable offence.

(4) Any person who by means of an electronic device performs any function, or causes the performance of any function, knowing or having reason to believe that such function will result in acquisition of a domain name in bad faith to mislead, defame and deprive others from registering the same, shall commit the crime of cybersquatting.

Cybersquatting is when people buy domains or popular domains for the sole reason of reselling them. Cybersquatting again is generally a Tort and should not be criminalized. It  has to dealt with under civil laws.

(5) Any person who commits the offence of cyber stalking, spamming, spoofing or squatting as described in sub-sections (1), (2), (3) or (4) respectively shall be punishable with imprisonment of a term not exceeding three years or fine not exceeding five hundred thousand rupees, or both.

Cyber stalking, spamming, spoofing and squatting are not clearly defined.

54: Punishment for transmitting offensive messages:

(1) Any person who by means of an electronic device performs any function, or causes the performance of any function, knowing or having reason to believe that such function will result in sending, generating, publishing or transmitting any information that is offensive, obscene or false in any manner whatsoever and sent for the purpose of causing annoyance, inconvenience, intimidation, hatred, deception, insult, obstruction or injury, shall be punishable with imprisonment of a term not exceeding three years or fine not exceeding five hundred thousand rupees, or both.

Here is huge anomaly in this proposed provision as What constitutes offensive, obscene , inconvenience, intimidation, deception, insult, injury ? All concepts are vague and need to be well denied.  This is a very subjective domain which is being criminalized.

  1. Punishment for transmitting material containing heinous acts:

(1) Any person who by means of an electronic device performs any function, or causes the performance of any function, knowing or having reason to believe that such function will result in sending, generating, publishing or transmitting any material which contains any act or conduct that may be considered heinous, odious and atrocious, shall be punishable with imprisonment of a term not exceeding three years or fine not exceeding five hundred thousand rupees, or both.

Again here are huge glitches in this proposed provision as What constitute heinous, odious and atrocious. Who decides this? And how is the mode of transmission determined?

  1. Punishment for failure to protect data:

(1) Any person who is responsible for possessing, dealing or handling any sensitive personal data in an electronic device which it owns, controls or operates, and negligent in implementing and maintaining security practices and procedures, thereby causing wrongful loss or gain to any person, shall be liable to pay compensation to the person so affected.

This is Vague concept and ill-defined provision.  This clause also infringes upon the personal liberty of an individual. The state cannot impose liability on a mere personal omission. There is no mention of ‘establishing intent.’ No mention of responsibility of the owner to take necessary precautions. There is nothing about prevention in this clause. This could easily mean that anyone found to have made an innocent mistake can be charged.

  1. “Offences to be non-bailable, compoundable and cognizable: (1) All offences under this Act shall be non-bailable, compoundable and cognizable”

Non-bailable means that the court may not allow bail or bail may not be granted; it would be at discretion of court whether to consider a bail application and grant bail. This forces an accused to remain in prison during the course of the trial. Under the act, all the offences are “compoundable” which means that court resolution is not necessary and the parties involved in the dispute can settle things amongst themselves. A cognizable offence is one where the police does not require a warrant to arrest. For all the above offenses to be non-bailable seems extreme. For terrorism, child sex offenders or other critical circumstances, one can understand for it to be non-bailable, but non-bailable for spam is extreme. By not requiring an arrest warrant, there are no limits set for the investigating authorities. Neither are they required to provide concrete evidence prior to arrest. In cases of cyber crime. concrete evidence should be of utmost importance as there is a high probability that an innocent can be wrongfully charged.

CHAPTER VIII- REPEAL AND SAVINGS

  1. Application of Act No. XVII of 1996: (1) Notwithstanding anything contained in the Pakistan Telecommunication (Re- organisation) Act, 1996 (XVII of 1996), the Cyber Authority shall be exclusively responsible for the functions described this Act and rules made hereunder.

 

Provided that, the foregoing provision shall not affect the applicability or operation of the provisions of the Pakistan Telecommunication (Reorganisation) Act, 1996 (XVII of 1996) to the telecommunication systems or telecommunication services, other than cryptography services, provided by the cryptography service providers.

 

  1. Amendment of Act XVII of 1996: (1) In the Pakistan Telecommunication (Re-organisation) Act, 1996 (XVII of 1996), clause (b) of sub-section (2) of section 57 shall be omitted.

 

(2) Any provision in any license issued by the Pakistan Telecommunication Authority under the aforesaid Act prohibiting the provision or use of cryptography services shall cease to have effect subject to provisions of this Act.

This Act aims to amend the PTA Act of 1996, so that all cryptography services are amassed under its sole authority.

  1. Repeal of Act LI of 2002: (1) The Electronic Transactions Ordinance

2002 (LI of 2002) shall stand repealed by virtue of this Act, hereinafter referred to as the repealed Ordinance, except the following is saved:

(a) The Schedule made under Section 29 of the repealed Ordinance titled as Amendments in Qanun-e-Shahadat Order, 1984 (P.O. No. 10 of 1984).

ETO is essentially the only legislation applicable in the digital space. ETO pertains to business transactions in particular. Clubbing business transactions within the sphere of crimes and criminal offences is not a wise move. These should remain separate.

Proposed amendments in Pakistan Pena; Code 1860:

New section shall be inserted, namely:—

Electronic record.

” The words “electronic record” shall added with relevant explanation.

2.for the words “such public servant, charged with the preparation or translation of any document, frames or translates that document”, the words “such public servant, charged with the preparation or translation of any document or electronic record, frames, prepares or translates that document or electronic record” shall be substituted.

  1. In section 172, for the words “produce a document in a Court of Justice”, the words “produce a document or an electronic record in a Court of Justice” shall be substituted.
  2. In section 173, for the words “to produce a document in a Court of Justice”, the words “to produce a document or electronic record in a Court of Justice” shall be substituted.
  3. In section 175, for the word “document” at both the places where it occurs, the words “document or electronic record” shall be substituted.
  4. In section 192, for the words “makes any false entry in any book or record, or makes any document containing a false statement”, the words “makes any false entry in any book or record, or electronic record or makes any document or electronic record containing a false statement” shall be substituted.
  5. In section 204, for the word “document” at both the places where it occurs, the words “document or electronic record” shall be substituted.
  6. In section 463, for the words “Whoever makes any false documents or part of a document with intent to cause damage or injury”, the words “Whoever makes any false documents or false electronic record or part of a document or electronic record, with intent to cause damage or injury” shall be substituted.

9.In section 464,—

(a)  for the portion beginning with the words “A person is said to make a false document”

and ending with the words “by reason of deception practised upon him, he does not know the contents of the document or the nature of the alteration”, the following shall be substituted, namely:—

“A person is said to make a false document or false electronic record— First—Who dishonestly or fraudulently—

(a)                     makes, signs, seals or executes a document or part of a document;

(b)                     makes or transmits any electronic record or part of any electronic record;

(c)                     affixes any digital signature on any electronic record;

(d) makes any mark denoting the execution of a document or the authenticity of the digital signature,

with the intention of causing it to be believed that such document or part of document, electronic record or digital signature was made, signed, sealed, executed, transmitted or affixed by or by the authority of a person by whom or by whose authority he knows that it was not made, signed, sealed, executed or affixed; or

Secondly—Who, without lawful authority, dishonestly or fraudulently, by cancellation or otherwise, alters a document or an electronic record in any material part thereof, after it has been made, executed or affixed with digital signature either by himself or by any other person, whether such person be living or dead at the time of such alteration; or

Thirdly—Who dishonestly or fraudulently causes any person to sign, seal, execute or alter a document or an electronic record or to affix his digital signature on any electronic record knowing that such person by reason of unsoundness of mind or intoxication cannot, or that by reason of deception practised upon him, he does not know the contents of the document or electronic record or the nature of the alteration. “ ;

(b) after Explanation 2, the following Explanation shall be inserted at the end, namely:—

‘Explanation 3.—For the purposes of this section, the expression “affixing digital signature” shall be explained.

In section 466,—

(a)  for the words “Whoever forges a document”, the words “Whoever forges a document or an electronic record” shall be substituted;

(b) the following Explanation shall be inserted at the end, namely:— ‘Explanation.—For the purposes of this section, “register” includes any list, data or record of any entries maintained in the electronic.

In section 468, for the words “document forged”, the words “document or electronic record forged” shall be substituted.

In section 469, for the words “intending that the document forged”, the words “intending that the document or electronic record forged” shall be substituted.

In section 470, for the word “document” in both the places where it occurs, the words “document or electronic record” shall be substituted.

In section 471, for the word “document” wherever it occurs, the words “document or electronic record” shall be substituted.

In section 474, for the portion beginning with the words “Whoever has in his possession any document” and ending with the words “if the document is one of the description mentioned in section 466 of this Code”, the following shall be substituted, namely: —

“Whoever has in his possession any document or electronic record, knowing the same to be forged and intending that the same shall fraudulently or dishonestly be used as a genuine, shall, if the document or electronic record is one of the description mentioned in section 466 of this Code.”.

  1. In section 476, for the words “any document”, the words “any document or electronic record” shall be substituted.

for the words “book, paper, writing” at both the places where they occur, the words “book, electronic record, paper, writing” shall be substituted.

Cyber Inheritance:

Cyber inheritance is now well defined and accepted terms even in Europe and USA in some case court has admitted the right of digital inheritance in cyberspace. In this proposed cyber law not even a single provision has covered or defined digital inheritance in cyber space.

Cloud Computing:

 

Nowadays almost all cell phone and smart digital device are connected via cloud computing interconnected with cloud serves located not defined geographic location but has virtual existence where all communication exchange and stored. This statute has no describe this concepts.

Conclusion:

Current Cyber law proposed legislation does not reveal a clear understanding of d cyberspace or digital medium, and lacks adequate safeguards that should be in place to restraint violations and excesses which have been committed in the past, under the Prevention of Electronic Crimes Ordinance 2008, which is what led to its redrafting.   Other than the vague definitions, what this proposed legislation misses is description and detail of processes by which a crime is to be determined. In the electronic and digital medium, the process that leads to an action is of utmost importance. Determination of the crime is directly linked to that. Failure to establish a chain of deliberate and intentional events that lead to an action undermine the strength of the case.

There is no deliberation of the event that if the said authorities were to overstep their mandate which in fact is not clearly defined – how is that event to be dealt with. While there are punishments for citizens, nothing is prescribed for authorities and officials when they commit a mistake or deliberately misuse authority. It is pretty surprising to see that various portions of this proposed legislation have been replicated in their entirety from the Information Technology Act of 2000 of India. For example: Section 44 is a copy of Section 43 of the IT Act 2000 of India, Section 45 is a copy of Section 66 of the IT Act, and Section 54 and 55 are mere offshoots of Section 67 of the IT Act of 2000. It would be unwise to consider the Information technology Act of 2000 as a stepping stone, as the Act was heavily criticized for infringing upon personal liberties of Indian citizens. Moreover, it did not take into consideration evolving technologies and new forms of communication which is why in 2008, the Information Technology Act of 2000 was heavily amended by the Indian Parliament and the Amended IT Act of 2008 was introduced.

Likewise, the Prevention of Electronic Crimes Ordinance 2008, when first proposed received hefty criticism from civil advocacy and industry groups due to the degree to which it ignored civil liberties, business permanence and a sheer disregard of international practices. The legislation aimed to implant upon the citizens a harsh brand of justice which was evidence of not a democratic and aware society but more of a police state. This ultimately led to its redrafting. Any proposed legislation should ensure it is not violative of due process and fundamental rights considerations. These should be at the very focus of lawmaking. The mysterious resemblance of the proposed legislation under discussion in this paper, to the discarded Indian IT Act and PECO indicates that little or no attention was paid to the concerns raised earlier.

Scroll to Top