ElectronicCrimesAct2004 A Bill toprovideforpunishmentoftheelectroniccrimesandformattersconnected therewithorincidentalthereto Whereas it is expedient to deter action directed against the confidentiality, integrity and availability

of electronic system, networks and data as well as the misuse of such system, networks and data by providing for the punishment of such conduct and providing for sufficient powers to effectively combat such offences and to facilitate their detection, investigation and prosecution and for mattersancillarythereto Itisherebyenactedasfollows: CHAPTERI PRELIMINARY 1) Shorttitle,extentandcommencement 1) ThisActmaybecalledtheElectronicCrimesAct2004. 2) ItshallextendtothewholeofPakistan. 3) Itshallcomeintoforceatonce. 2) TerritorialscopeofoffencesunderthisAct Every person shall be liable to punishment under this Act for every act or omissioncontrarytotheprovisionsthereof,if:
a) theoffencewascommittedinPakistan b) anyactofpreparationtowardstheoffenceoranypartoftheoffencewas

committed in Pakistan, or where any result of the offence has had an effectinPakistan
c) theoffencewascommittedbyaPakistaninationalorapersonresident

or carrying out business in Pakistan or visiting Pakistan or staying in transitinPakistan

d) theoffencewascommittedinrelationtoorconnectedwithanelectronic

systemordatainPakistanorcapableofbeingconnected,sentto,used byorwithanyelectronicsysteminPakistanor e) the offence was committed by any person, of any nationality or citizenshipwhatsoeverorinanyplaceoutsideorinsidePakistan,having aneffectonthesecurityofPakistanoritsnationalsorhavinguniversal applicationunderinternationallaw,customandusage.

3) Definitions: 1) InthisAct,unlessthecontextotherwiserequires
a) accessmeansgainingaccesstoanyelectronicsystemordataheldin

an electronic system by causing the electronic system to perform any functiontoachievethatobjective

b) corporation for the purposes of Section 25 means a body of persons

incorporated under any law such as trust, waqf, association, statutory body,companyincludingjointventureorconsortium
c) cyber stalking means criminal intimidation, insult and annoyance

through electronic system as defined in Chapter XXII of the Pakistan PenalCode(XLVof1860)

d) damage includes modifying, altering, deleting, erasing, suppressing,

changinglocationofdataormakingdatatemporarilyunavailable,halting electronicsystemorchokingthenetworks
e) data means representations of information or of concepts that are

beingpreparedor havebeen prepared inaform suitable for usein an electronic system including computer programme, text, images, sound, videoandinformationwithinadatabaseorelectronicsystem
f) decryptioninformationmeansinformationortechnologythatenablesa

person to readily retransform or unscramble encrypted data from its unreadableandincomprehensibleformattoitsplainversion

g) defamation means defamation as defined in Section 499 of the

PakistanPenalcode(XLVof1860)
h) electronic includes electrical, digital, magnetic, optical, biometric,

electrochemical,wirelessorelectromagnetictechnology
i)

electroniccrimemeansanyoffencecommittedthroughorbyusingany electronicsystemormeansandincludesoffencesestablishedunderthis Act

j) electronic system means any electronic system, device or a group of

interconnected orrelateddevices,oneor moreofwhich,pursuantto a program, performs automatic processing of data and includes a permanent,removeableoranyotherelectronicstoragemedium
k) encrypteddatameansdatawhichhasbeentransformedorscrambled

from its plain version to an unreadable or incomprehensible format, regardlessofthetechniqueutilizedforsuchtransformationorscrambling

and irrespective of the medium in which such data occurs or can be foundforthepurposesofprotectingsuchdata l) spoofing means establishing a website or sending an electronic message with a counterfeit source intended to be believed by the recipientorvisitororitselectronicsystemtobeanauthenticsource m) function includes logic, control, arithmetic, deletion, storage and retrieval andcommunication or telecommunicationto,fromorwithin an electronicsystem n) InterpolmeansInternationalCriminalPoliceOrganization
o) malicious code means a computer program or a hidden function in a

program that infects data or compromises the electronic systems performance or uses the electronic system resources without proper authorization,withorwithoutattachingitscopytoafileandiscapableof spreading over electronic system with or without human intervention includingvirus,wormorTrojanhorse. p) plain version means original data before or after it has been transformedorscrambledtoanunreadableorincomprehensibleformat q) sensitive electronic system is an electronic system used directly in connectionwithornecessaryfor i. thesecurity,defenceorinternationalrelationsofPakistan ii. theexistenceoridentityofaconfidentialsourceofinformationrelating totheenforcementofcriminallaw iii. the provision of services directly related to communications infrastructure, banking and financial services, public utilities, courts, publictransportationorpublickeyinfrastructure iv. the protection of public safety including systems related to essential emergencyservicessuchaspolice,civildefenceandmedicalservices or v. thepurposedeclaredassuchbytheFederalGovernmentintheofficial Gazetteor vi. containinganydataordatabaseprotectedassuch,byanyotherlaw.

r) serviceprovidermeans, s) a person acting as a service provider in relation to the sending,

receiving, storing or processing of the electronic communication or the provision of other services in relation to electronic communication throughanyelectronicsystem i. a person who owns, possesses, operates, manages or controls a publicswitchednetworkorprovidestelecommunicationservicesor ii. any other person that processes or stores data on behalf of such electroniccommunicationserviceorusersofsuchservice

t) subscriber information means any information contained in any form

thatis held by a service provider,relatingto subscribersof its services otherthantrafficdataandbywhichcanbeestablished i. thetypeofcommunicationserviceused,thetechnicalprovisionstaken theretoandtheperiodofservice ii. thesubscribersidentity,postalorgeographicaddress,telephoneand otheraccessnumber,billingandpaymentinformation,availableonthe basisoftheserviceagreementorarrangementor iii. any other information on the site of the installation of communication equipment, available on the basis of the service agreement or arrangement.
u) other offence means an offence made punishable under any law for

thetimebeinginforce
v) traffic data means any data relating to acommunication by means of

an electronic system, generated by an electronic system that formed a part in the chain of communication, indicating the communications origin,destination,route,time,date,size,duration,ortypeofunderlying serviceand w) unauthorizedaccessmeans accessofanykind byanyperson toany electronicsystemordataheldinanelectronicsystem,withoutauthority orinexcessofauthority,ifheisnothimselfentitledtocontrolaccessof the kind in question to the electronic system, or data and he does not haveconsenttosuchaccessfromanyperson,soentitled. 4) Criminalaccess 1) Whoever gains unauthorized access to the whole or any part of an electronicsystemwithor withoutinfringingsecuritymeasures,withintent toinfringeprivacyorcommitfurtheroffenceissaidtocommittheoffence ofcriminalaccess. 2) Whoever commits the offence of criminal access shall be punished with imprisonment of either description for a term which may extend to two years, orwithfine notexceeding threehundred thousand rupeesorwith both. 5) Criminaldataaccess 1) Whoeverintentionallycauseselectronicsystemtoperformanyfunctionfor the purpose of gaining unauthorized access to any data held in any electronicsystemissaidtocommittheoffenceofcriminaldataaccess. 2) Whoever commits the offence of criminal data access shall be punished with imprisonment of either description for a term which may extend to threeyears,orwithfineorwithboth.

6) Datadamage 1) Whoever with intent to cause damage to the public or any person, damagesanydataissaidtocommittheoffenceofdatadamage. 2) Whoever commits the offence of data damage shall be punished with imprisonment of either description for a term which may extend to three years,orwithfineorwithboth. 7) Systemdamage 1) Whoever with intent to cause damage to the public or any person interferes with or interrupts or obstructs the functioning, reliability or usefulnessofanelectronicsystembyinputting,transmitting,damagingor deterioratinganydataissaidtocommitsystemdamage. 2) Whoever commits the offence of system damage shall be punished with imprisonment of either description for a term which may extend to three years,orwithfineorwithboth.

8) Electronicfraud 1) Whoeverforgaininterfereswithdataorelectronicsystemtoinduceany persontoenterintoarelationshiporwithintenttodeceiveanyperson, whichactoromissionislikelytocausedamageorharmtothatpersonor anyotherperson,commitselectronicfraud. 2) Whoever commits the offence of electronic fraud shall be punished with imprisonment of eitherdescriptionfora term which may extendtoseven years,orwithfineorwithboth. 9) Electronicforgery 1) Whoever for gain interferes with data or electronic system, with intent to causeinjurytothepublicortoanyperson,ortosupportanyclaimortitle ortocauseanypersontopartwithpropertyortoenterintoanyexpressor impliedcontract,orwithintenttocommitfraud,commitselectronicforgery, regardless of the fact that the data is directly readable and intelligible or not. 2) Whoevercommitstheoffenceofelectronicforgeryshallbepunishedwith imprisonment of eitherdescriptionfora term which may extendtoseven years,orwithfineorwithboth. 10) Misuseofdevices 1) Whoever produces, possesses, sells, procures, imports, distributes or otherwise makes available a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offencesestablishedunderthisActorapassword,accesscode,orsimilar

databywhichthewholeoranypartofanelectronicsystemiscapableof being accessed, with the intent that it be used for the purpose of committing any of the offences established under this Act, is said to commitoffenceofmisuseofdevices.ProvidedthatthisSectionshallnot extend to a case where the production, possession, sale, procurement, import, distribution or otherwise making available of a device is not primarily forthepurpose ofcommittinganoffenceestablishedunderthis Actbutisforotherlawfulpurposes,suchas,fortheauthorizedtestingor protectionofanelectronicsystem. 2) Whoevercommitstheoffenceofmisuseofdevicesshallbepunishedwith imprisonment of either description for a term which may extend to three years,orwithfineorwithboth. 11) Unauthorizedaccesstocode 1) Whoever discloses or obtains any password, access code or any other means of gaining access to any electronic system or data with intent to obtainwrongfulgainorinflictwrongfullosstoanypersonorforanyother unlawfulpurpose,commitsoffenceofunauthorizedaccesstocode. 2) Whoever commits the offence of unauthorized access to code shall be punished with imprisonment of either description for a term which may extendtothreeyears,orwithorwithboth. 12) Misuseofencryption 1) Whoeverforthe purposeofcommissionof an offence orconcealmentof incriminating evidence, knowingly and willfully encrypts any incriminating communication or data contained in electronic system relating to that crime or incriminating evidence, commits the offence of misuse of encryption. 2) Whoever commits theoffence of misuse ofencryption shall be punished withimprisonmentofeitherdescriptionforatermwhichmayextendtofive years,orwithfineorwithboth. 13) Maliciouscode 1) Whoeverwrites,offers,makesavailable,distributesortransmitsmalicious code through an electronic system is said to commit the offence of maliciouscode. 2) Whoever commits the offence of malicious code shall be punished with imprisonment of either description for a term which may extend to five years,orwithfineorwithboth.

14) Cyberstalking Whoever commits the offence of cyber stalking shall be punished with imprisonmentofeitherdescriptionforatermwhichmayextendtothreeyears orwithfinenotexceedingthreehundredthousandrupeesorwithboth. 15) Spamming 1) Whoever transmits, without the express permission of the recipient, unsolicited electronic messages in bulk to any person or causes any electronic system to show an unsolicited message, for commercial purposesshallbeguiltyofspamming. 2) Whoevercommitstheoffenceofspammingshallbepunishedwithfinenot exceeding fifty thousand rupees if he commits this offence ofspamming for the first time and if the same person who commits the offence of spamming again then for every subsequent commission of offence of spammingheshallbepunishedwithimprisonmentofthreemonthsorwith finenotexceedingonehundredthousandrupeesorwithboth. 16) Spoofing Whoever does spoofing or uses other device to attract or solicit people or electronicsystemsforthepurposeofgainingunauthorizedaccesstocommit furtheroffenceorobtaintheirvaluableinformationwhichlatercanbeusedfor unlawfulpurposes,shallbepunishedwithimprisonmentofeitherdescription foratermwhichmayextendtothreeyears,orwithfinenotexceedingthree hundredthousandrupeesorwithboth. 17) Unauthorizedinterception 1) Whoever without lawful authority intercepts by technical means, non public transmissions of data to, from or within an electronic system, including electromagnetic emissions from an electronic system carrying suchdata,commitsunauthorizedinterception. 2) Whoever commits the offence of unauthorized interception shall be punished with imprisonment of either description for a term which may extend to five years, or with fine not exceeding five hundred thousand rupeesorwithboth. 18) CyberTerrorism 1) Whoeverinfurtheranceofanycriminalobjectivecommitsapremeditated, attack against electronic systems or data, which results in death of any person or causes extreme financial harm, shall be guilty of cyber terrorism. 2) Whoevercommitstheoffenceofcyberterrorismandcausesdeathofany personshallbepunishedwithdeathorimprisonmentforlifeandincaseof causing extreme financial harm shall be liable for imprisonment of either

descriptionforatermwhichmayextendtotenyears,orwithfinenotless thantenmillionrupeesorwithboth.

19) Wagingcyberwar Whoever lodges offensive against any electronic system declared by Government of Pakistan as sensitive electronic system, disables communicationsystemandenergyfacilitiesorsystemsorattemptstodoso, shallbepunishedwithdeath,orimprisonmentforlifeandshallalsobeliable tofine.

20) Enhanced punishment for offences involving sensitive electronic systems 1) Whoeverobtainscriminalaccesstoanysensitiveelectronicsysteminthe courseofthecommissionofanyoftheoffencesestablishedunderthisAct shall, in addition to the punishment prescribed in those sections, be punished with imprisonment of either description for a term which may extendtotenyears,orwithfinenotexceedingonemillion rupeesorwith both. 2) For the purposes of any prosecution under this section, it shall be presumed, until contrary is proved, that the accused has the requisite knowledgethatitwasasensitiveelectronicsystem. 21) Attemptandaidingorabetting 1) Anypersonwhoabetsthecommissionofor whoaidstocommitordoes anyactpreparatorytoorinfurtheranceofthecommissionofanyoffence under this Act shall be guilty of that offence and shall be liable on convictiontothepunishmentprovidedfortheoffence. Provided that any person who attempts to commit an offence under this Act shall be punished for a term which may extended to onehalf of the longesttermofimprisonmentprovidedforthatoffence,orwithsuchfine asisprovidedfortheoffence,orwithboth

2) Foraidingorabettinganoffencetobecommittedunderthissection,it is immaterialwhethertheactinquestiontookplaceornot. 22) Otheroffences Whoever commits any offence other than those established under this Act, with the help of an electronic system shall be punished, in addition to the punishmentprovidedforthatcrime,withimprisonmentofeitherdescriptionfor atermwhichmayextendtotwoyears,orwithfinenotexceedingtwohundred thousandrupeesorwithboth

23) Corporateliability A corporation shall be held liable for a criminal offence committed on its instructionsorforitsbenefit.Thecorporationshallbepunishedwithfinenot lessthanonehundredthousandrupees.Providedthatsuchpunishmentshall notabsolvethecriminalliabilityofthenaturalperson,whohascommittedthe offence. 24) Offencestobecompoundableandcognizable Alloffencesunder this Actshallbecompoundableandnoncognizableand bail able except the offences the punishment of which are ten years imprisonmentormore. 25) Prosecutionandtrialofoffences NoCourtinferiortotheCourtofSessionsshalltakecognizanceofandtryany offenceunderthisAct.FortheprocedureofinvestigationandtrialCr.P.Cwill beapplicableonthisActMutatisMutandis 26) Orderforpaymentofcompensation 1) Thecourtwhileawardingpunishmentmaymakeanorderforthepayment ofasumto be fixedbythecourt by wayofcompensationto anyperson foranydamagecausedtohiselectronicsystemordatabytheoffence,for whichthepunishmentisawarded.Thecompensationsoawardedshallbe recoverableasarrearsoflandrevenue. 2) Providedthat thecompensationawarded by thecourtshall notprejudice anyrighttoacivilremedyfortherecoveryofdamagesbeyondtheamount ofcompensationawarded. 27) Specialinvestigatingagencyforelectroniccrimes The Federal Government immediately after the commencement of this Act shall constitute a special investigating agency or designate any existing agency or its cell to investigate the electronic crimes and prosecute the offendersunderthisAct. 28) Savingforinvestigationsbypoliceofficers Nothing in this Act shall prohibit a police officer from lawfully conducting investigations, pursuant to his powers conferred under any law for the time beinginforce,foranoffencenotmentionedinthisActbutenlistedinPakistan PenalCodeorintheScheduleofanyotherlaw,notwithstanding,thefactthat computeroranyelectronicsystemhasbeenusedasmeanortooltocommit thatoffence. Provided where any police officer so investigate a crime he shall seek assistance of the Special Agency for any technical input, collection and preservationofevidenceandtheinvestigationwilljointlybeconductedbythe

policeofficernotbelowtherankofSubInspectorandanofficeroftheSpecial Agency. Explanation:ApostsadefamatorystatementonawebsiteagainstB,having goodreasontobelievethatthematterinthestatementisdefamatoryforB.A commits a crime under section 501 of Pakistan Penal Code and a police officeiscompetenttoinvestigatethematter. 29) Powerofinvestigatingofficertoaccesselectronicsystemanddata 1) AnInvestigatingofficer,forthepurposeofinvestigatinganyoffenceunder thisActoranyotheroffencewhichhasbeendisclosedinthecourseofthe lawful exercise of the powers under this section, after obtaining search warrantandsubjecttothetermsofthewarrant,shall
a) beentitledatanytimeto

i. haveaccesstoandinspecttheoperationofanyelectronicsystem ii. use or cause to be used any such electronicsystem to search any datacontainedinravailabletosuchelectronicsystemor iii. have access to any information, code or technology which has the capability of retransforming or unscrambling encrypted data contained or available to such electronic system into readable and comprehensibleformatorplainversion
b) beentitledtorequire

i. the person bywhomoronwhosebehalf, theinvestigatingofficerhas reasonable cause to believe, any electronic system is or has been usedor ii. any person having charge of, or otherwise concerned with the operationof,suchelectronicsystem, toprovidehimwithsuchreasonabletechnicalandotherassistanceashe mayrequireforthepurposesofclause(a)or
c) beentitledtorequireanypersoninpossessionofdecryptioninformation

togranthimaccesstosuchdecryptioninformationnecessarytodecrypt datarequiredforthepurposeofinvestigatinganysuchoffence. 2) The Investigating Officer may also require a service provider to submit subscriber information relating to such services in respect of the person or persons under investigation in that service providers possession or control necessaryfortheinvestigationofthatoffence. 3) Any person who obstructs the lawful exercise of the powers under sub section (1) or fails to comply with a request made under the said sub section shall be liable to be punished with imprisonment of either

description for a term which may extend to one year, or with fine not exceedingonehundredthousandrupeesorwithboth. 30) Realtimecollectionoftrafficdata 1) TheFederalGovernmentmaycompelserviceprovider,withinitsexisting orrequiredtechnicalcapabilitytocollectorrecordthroughtheapplication of technical means or to cooperate and assist any law enforcement or intelligenceagencyinthecollectionorrecordingoftrafficdataordata,in realtime,associatedwithspecifiedcommunicationstransmittedbymeans ofaelectronicsystem. 2) TheFederalGovernmentmayalsorequiretheserviceprovidertokeep confidential the fact of the execution of any power provided for in this sectionandanyinformationrelatingtoit. 31) Transborderaccess 1) The Federal Government or its authorized agency may, without the permission of any foreign government or international agency access publicly available electronic system or data, regardless of where the electronic system or data is located geographically or access or receive, throughanelectronicsystem,datalocatedinforeigncountryorterritory,if it obtains the lawful and voluntary consent of the person who has the lawfulauthoritytodiscloseit. 2) Provided such access is not prohibited under the law of the foreign governmentortheinternationalagency. 32) Internationalcooperation 1) The Federal Government may cooperate with any foreign government, Interpoloranyotherinternationalagencywithwhomithasorestablishes reciprocalarrangementsforthepurposesofinvestigationsorproceedings concerningcriminaloffencesrelatedtoelectronicsystemanddata,orfor the collection of evidence in electronic form of a criminal offence or obtainingexpeditiouspreservationanddisclosureoftrafficdataordataby means of a electronic system or realtime collection of traffic data associatedwithspecifiedcommunicationsorinterceptionofdata. 2) The Federal Government may without prior request forward to such foreigngovernment,Interpolorotherinternationalagency,anyinformation obtained from its own investigations if it considers that the disclosure of suchinformationmightassisttheothergovernmentoragencyininitiating or carrying out investigations or proceedings concerning the criminal offences.

3) The Federal Government may require such foreign government, Interpol orotherinternationalagencytokeeptheinformationprovidedconfidential oruseitsubjecttosomeconditions. 4) TheFederalGovernmentimmediatelyafterthecommencementofthisAct shall nominate any agency or authority responsible for sending and answeringrequestsformutualassistance,theexecutionofsuchrequests ortheirtransmissiontotheauthoritiescompetentfortheirexecution. 5) TheFederal Government may refuse toaccede to any request madeby such foreign government, Interpol or international agency if the request concerns an offence which it considers a political offence or an offence connectedwithapoliticaloffence,orthatexecutionoftherequestislikely to prejudice its sovereignty, security, order public or other essential interests. 6) TheFederalGovernmentmaypostponeactiononarequestifsuchaction would prejudice criminal investigations or proceedings conducted by its authorities. 33) AmendmentofOrdinanceLIof2002 1) IntheElectronic Transactions Ordinance, 2002(LIof2002),Sections36 and37shallbeomitted. 34) Overridingeffect The provisions of this Act shall apply notwithstanding anything to the contrary containedinanyotherlawforthetimebeinginforce. 35) Powerstomakerules The Federal Government shall, by notification is the official Gazette, make special rules for investigation procedure, collection and preservation of evidence relating to an electronic crime apart from and in addition to procedurealready prescribed intheCodeofCriminalProcedure ofPakistan andwhichisapplicableonthisActMutatisMutendis. 36) Removalofdifficulties The Federal Government may, by notification in the official Gazette, make provisions for removal of difficulties in a manner not inconsistent with the provisionofthisAct.