|
|
|
Faulty but nice
IN today’s world, the internet has proved itself to be a catalyst for change and progress. Information Technology (IT) has now assumed considerable importance in the global economy. The tremendous increase in the use of computers for personal, commercial and governmental purposes all over the world, however, has made it necessary for the authorities to stop the misuse of the machines.
To make the legal position of electronic documents clear to the public and to avoid complications arising out of wrong interpretations when common society laws are applied to the cyber world, several governments have drafted special legislation under the banner of “cyber laws.” Pakistan took an important step in cyber space regulation by promulgating the Electronic Transaction Ordinance and Electronic Crimes Act of 2003. The objectives of the exercise are to promote IT, better delivery of governmental services, enhancement of public confidence in electronic communication and to encourage e-commerce in the country.
The ordinance is an essential prerequisite for growth of e-commerce and is expected to have considerable economic impact in the years to come. The legislative framework of the law is conspicuous for its simplicity. Technology neutrality is one of the factors which were taken into account while formulating the law.
The declared objectives seem positive because the law avoids focusing on cyber crime as the central theme. It is interesting to note that the law is soft on the description of “cyber crimes” and presents the legislation in a positive manner even though most of the common crimes are covered.
The first aspect that attracts one in a new legislation is the way crimes are defined. Since the ordinance follows the UNCITRAL convention, it invariably includes “Extra-Territorial Jurisdiction.” An American citizen can be punished for a cyber crime under this ordinance even if he or she never actually sets foot on Pakistani soil. This makes it essential for American netizens to be conversant with Pakistani law.
Electronic signature in the ordinance has been defined flexibly enough to allow the use of internationally available digital signature certificates, provided the licensing procedure does not prohibit this. It is necessary to allow this flexibility until domestic certification service providers develop their infrastructure.
Being a rather small country, the market for such certificates in Pakistan may not be big enough to warrant the establishment of certifying authorities anytime soon and the system will fail to take off unless existing international certifying authorities are allowed to issue certificates within Pakistan in association with a local registration authority, if required.
The ordinance extends the effects of other laws in the country to the field of electronic documents. It simplifies the definition of cyber crimes and covers several aspects of hacking- and-virus-related offences under the “Privacy Protection Objective.” It covers most of the offences coming under hacking and virus, without actually defining them.
The ordinance is, however, silent on obscenity and cyber fraud. It is also silent on intellectual property rights and spamming. These are left to be covered through the extension of old laws to the area of electronic documents.
The ordinance provides immunity to the network service providers. The definition of “Network service providers” is, however, quite specific and may exclude unlicensed systems of internet-sharing facilities, if they exist. If internet is considered to be a facility useful for the common man, it would be good to provide some kind of guidance to the cyber cafes about how they can protect themselves from offences that are committed by the users.
Granting immunity to the Internet Service Providers (ISPs) would be one option. If cyber crimes are to be effectively tackled, ISPs need to cooperate with the law-enforcement agencies in the preservation and sharing of evidence. However, the law seems to have ignored placing responsibility in this regard on the ISPs.
Similarly, the ordinance has not dealt with the justice dispensation system. If relief has to be provided to commercial establishments against cyber crimes, it is essential that the justice dispensation system is a speedy and effective one.
It is, therefore, not a bad idea to provide for a “Parallel Special Court System,” similar to the ‘Adjudication system’ as done in the case of IT Law of India. This would have done away with the need for computer experts to assist judges and lawyers in dealing with cyber crimes.
Many of the crimes are committed through the use of software which can be programmed in a questionable manner. Presently the crimes are attributed to the programmer. This has some practical complications, say, in a corporate network where the operational ownership is often shared by the system administrators and is not solely with the programmer.
So, it is necessary to define the actions of an automated system as being equivalent to that of an “agent.” Just as a corporate person is recognized as a legal entity, it is possible to define an automated system as an “electronic person” and treat him as an “agent.”
In such a case, one can fix the liabilities arising out of the action of such an agent” with “principal.” Such a “principal” would be the one who assigns the specific task to the machine. This, then, is the definition that can help us meet various contingencies.
According to section 8 of the ordinance, one of the conditions for establishing the authenticity and integrity of an electronic document is that the information system used for security procedure remains in working order at all material times. This clause has some ambiguity.
The security procedure when applied in the presence of the court often confirms the originator as the alleged person. It appears difficult to prove which among the sender’s and the receiver’s system was in working condition at all material times.
The ordinance is essentially a law which provides recognition for electronic documents and for electronic signatures and sets up the necessary legal framework for the working of an electronic signature system. The apex institution for electronic signature system management is the Electronic Certification Accreditation Council who is the licensing authority for authorities empowered to issue Digital Signature Certificates to the users.
This is a corporate body comprising five members, with four being drawn from the private sector. The functions assigned to the Certification Council of Pakistan include carrying out research and studies in relation to cryptography services and to obtain public opinion in connection therewith. It can give advice to any person in relation to the matters covered under the ordinance. This is one of the important facets of the ordinance which must be appreciated.
The writer is a freelance contributor
|
|
|
|
