EnglishFrenchPortugueseRussianUrdu

Electronic Crimes Act 2003

 

A Bill to provide for punishment of the electronic crimes and for matters connected therewith or incidental thereto;

Whereas it is expedient to deter action directed against the confidentiality, integrity and availability of electronic system, networks and data as well as the misuse of such system, networks and data by providing for the punishment of such conduct and providing for sufficient powers to effectively combat such offences by facilitate their detection, investigation and prosecution and for matters ancillary thereto;

 

It is hereby enacted as follows : —

 

CHAPTER I

PRELIMINARY

 

1. Short title, extent and commencement : — (1) This Act may be called the Electronic crimes Act 2003.

(2) It shall extend to the whole of Pakistan.

(3) It shall come into force at once.

 

2. Territorial scope of offences under this Act.— Every person shall be liable to punishment under this Act for every act or omission contrary to the provisions thereof, if:

 

(a) the offence was committed in Pakistan;

 

(b) any act of preparation towards the offence or any part of the offence was committed in Pakistan, or where any result of the offence has had an effect in Pakistan;

 

(c) the offence was committed by a Pakistani national or a person resident or carrying out business in Pakistan;

 

(d) the offence was committed in relation to or connected with an electronic system or data in Pakistan or capable of being connected, sent to, used by or with any electronic system in Pakistan; or

 

(e) the offence was committed by any person, of any nationality or citizenship whatsoever or in any place outside or inside Pakistan, having an effect on. the security of Pakistan or its nationals or having universal application under international law, custom and usage.

 

3. Interpretation :(1) In this Act, unless the context otherwise requires —

 

(a) “access means gaining access to any electronic system or data held in an electronic system by causing the electronic system to perform any function to achieve that objective;

 

(b) “corporation” for the purposes of Section 25 means a body of persons incorporated under any law such as trust, waqf, association, statutory body, company including joint venture or consortium;

 

(c) “cyber stalking” means criminal intimidation, insult and annoyance through electronic system as defined in Chapter XXII of the Pakistan Penal Code (XLV of 1860);

 

(d) “damage” includes modifying, altering, deleting, erasing, suppressing, changing location or making temporarily unavailable data, halting electronic system or chocking the networks;

 

(e) “data ” means representations of information or of concepts that are being prepared or have been prepared in a form suitable for use in an electronic system including computer programme, text, images, sound, video and information within a database or electronic system;

 

(f) “decryption information” means information or technology that enables a person to readily retransform or unscramble encrypted data from its unreadable and incomprehensible format to its plain version;

 

(g) “defamation means defamation as defined in Section 499 of the Pakistan Penal code (XLV of 1860);

 

(h) “electronic includes electrical, digital, magnetic, optical, biometric, electro-chemical, wireless or electromagnetic technology;

 

(i) “electronic crime” means any offence committed through or by using any electronic system or means and includes offences established under this Act;

 

(j) “electronic system” means any electronic system, device or a group of interconnected or related devices, one or more of which, pursuant to a program, performs automatic processing of data and includes an electronic storage medium;

 

(k) “encrypted data” means data which has been transformed or scrambled from its plain version to an unreadable or incomprehensible format, regardless of the technique utilized for such transformation or scrambling and irrespective of the medium in which such data occurs or can be found for the purposes of protecting such data;

 

(l) “spoofing means establishing a website or sending an electronic message with a counterfeit source intended to be believed by the recipient or visitor or its electronic system to be an authentic source;

 

(m) “function” includes logic, control, arithmetic, deletion, storage and retrieval and communication or telecommunication to, from or within an electronic system;

 

(n) “Interpol” means International Criminal Police Organisation;

 

(o) “malicious code” means a computer program or a hidden function in a program that infects data with or without attaching its copy to a file and is capable of spreading over electronic system with or without human intervention including virus, worm or Trojan horse.

 

(p) “minor” means a person below the age of eighteen years;

 

(q) “plain version” means original data before it has been transformed or scrambled to an unreadable or incomprehensible format;

 

(r) “sensitive electronic system” is an electronic system used directly in connection with or necessary for —

(i) the security, defence or international relations of Pakistan;

 

(ii) the existence or identity of a confidential source of information relating to the enforcement of criminal law;

 

(iii) the provision of services directly related to communications infrastructure, banking and financial services, public utilities, courts, public transportation or public key infrastructure;

 

(iv) the protection of public safety including systems related to essential emergency services such as police, civil defence and medical services ; or

 

(v) the purpose declared as such by the Federal Government in the official Gazette; or

 

(vi) containing any data or database protected as such, by any other law.

 

(s) “service provider” means,—

 

(i) a person acting as a service provider in relation to the sending, receiving, storing or processing of the electronic communication or the provision of other services in relation to it through any electronic system;.

(ii) a person who owns, possesses, operates, manages or controls a public switched network or provides telecommunication services; or

(iii) any other person that processes or stores data on behalf of such electronic communication service or users of such service;

 

(t) “subscriber information” means any information contained in any form that is held by a service provider, relating to subscribers of its services other than traffic data and by which can be established : —

 

(i) the type of communication service used, the technical provisions taken thereto and the period of service;

 

(ii) the subscriber’s identity, postal or geographic address, telephone and other access number, billing and payment information, available on the basis of the service agreement or arrangement; or

 

(iii) any other information on the site of the installation of communication equipment, available on the basis of the service agreement or arrangement.

 

(u) “other crime” means a crime made punishable under any law for the time being in force;

 

(v) “traffic data” means any data relating to a communication by means of an electronic system, generated by an electronic system that formed a part in the chain of communication, indicating the communicatio n’s origin, destination, route, time, date, size, duration, or type of underlying service; and

 

(w) “unauthorized access” means access of any kind by any person to any electronic system or data held in an electronic system is unauthorised or done without autho rity or in excess of authority, if he is not himself entitled to control access of the kind in question to the electronic system, or data and he does not have consent to such access from any person, so entitled.

 

 

 

 

CHAPTER II

OFFENCES

4. Criminal access.— (1) Whoever gains unauthorized access to the whole or any part of an electronic system with or without infringing security measures, with intent to infringe privacy or commit further offence is said to commit the offence of

criminal access..

 

(2) Whoever commits the offence of criminal access shall be punished with imprisonment of either description for a term which may extend to three years, or with fine not exceeding three hundred thousand rupees or with both.

 

5. Criminal data access.— (1) Whoever causes electronic system to perform any function for the purpose of gaining unauthorized access to any data held in any electronic system is said to commit the offence of criminal data access.

 

(2) Whoever commits the offence of criminal data access shall be punished with imprisonment of either description for a term which may extend to three years, or with fine not exceeding three hundred thousand rupees or with both.

 

6. Data damage.— (1) Whoever with intent to cause damage to the public or any person, damages any data is said to commit the offence of data damage.

 

(2) Whoever commits the offence of data damage shall be punished with imprisonment of either description for a term which may extend to three years, or with fine not exceeding three hundred tho usand rupees or with both.

 

7. System damage.— (1) Whoever with intent to cause damage to the public or any person interferes with or interrupts or obstructs the functioning, reliability or usefulness of an electronic system by inputting, transmitting, damaging or deteriorating

any data is said to commit system damage.

 

(2) Whoever commits the offence of system damage shall be punished with imprisonment of either description for a term which may extend to three years, or with fine not exceeding three hund red thousand rupees or with both.

 

8. Electronic fraud.— (1) Whoever for gain interferes with data or electronic system to induce any person to enter into a relationship or with intent to deceive any person, which act or omission is likely to cause damage or harm to that person or any other person, commits electronic fraud.

 

(2) Whoever commits the offence of electronic fraud shall be punished with imprisonment of either description for a term which may extend to seven years, or with fine not exceeding seven hundred thousand rupees or with both.

 

9. Electronic forgery.— (1) Whoever for gain interferes with data or electronic system, with intent to cause injury to the public or to any person, or to support any claim or title or to cause any person to part with property or to enter into any express or implied contract, or with intent to commit fraud, commits electronic forgery, regardless of the fact that the data is directly readable and intelligible or not.

 

(2) Whoever commits the offence of electronic forgery shall be punished with imprisonment of either description for a term which may extend to seven years, or with fine not exceeding seven hundred thousand rupees or with both.

 

10. Misuse of devices.— (1) Whoever produces, possesses, sells, procures, imports, distributes or otherwise makes available a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established under this Act or a password, access code, or similar data by which the whole or any part of an electronic system is capable of being accessed, with the intent that it be used for the purpose of committing any of the offences established under this Act, is said to commit offence of misuse of devices.

 

Provided that this Section shall not extend to a case where the production, possession, sale, procurement, import, distribution or otherwise making available of a device is not primarily for the purpose of committing an offence established under this Act but is for other lawful purposes, such as, for the authorized testing or protection of an electronic system.

 

(2) Whoever commits the offence of misuse of devices shall be punished with imprisonment of either description for a term which may extend to three years, or with fine not exceeding three hundred thousand rupees or with both.

 

11. Unauthorized access to code.— (1) Whoever discloses or obtains any password, access code or any other means of gaining access to any electronic system or data with intent to obtain wrongful gain or inflict wrongful loss to any person or for any other unlawful purpose, commits offence of unauthorized access to code.

 

(2) Whoever commits the offence of unauthorized access to code shall be punished with imprisonment of either description for a term which may extend to three years, or with fine not exceeding three hundred thousand rupees or with both.

 

12. Misuse of encryption.— (1) Whoever for the purpose of commission of an offence or concealment of incriminating evidence, knowingly and willfully encrypts any incriminating communication or data contained in electronic system relating to that crime or incriminating evidence, commits the offence of misuse of encryption.

 

Print Friendly, PDF & Email