|
|
|
|
|
|
Lesson#43
|
ELECTRONIC TRANSACTIONS ORDINANCE 2002-ETO-2
|
|
|
|
provides that Certification Council shall make regulations specifying the
criteria/procedure for the grant of accreditation certificates
to the certification service providers. The
provision is reproduced as follows:
“24. The Certification Council may grant accreditation to
certification service provider, its
cryptography services, electronic signature or advanced
electronic signature and security
procedures who comply with the criteria for accreditation
specified in the regulations.
The terms and conditions of the accreditation, including those
relating to duration of the
accreditation, renewal, suspension or revocation, shall be
specified in regulations.
The fee for grant and renewal of the accreditation shall be as
prescribed.
The form and manner of proceedings for the consideration of
application for grant, renewal,
suspension or revocation of accreditation shall be specified in
the regulations provided that, the
regulations shall provide for a transparent procedure with due
regard to the right of hearing.”
Note that a certification service provider shall have proper
right of hearing before a decision on its
application for the grant of accreditation certificate is made.
This is based on the fundamental principle of
law that no body should be condemned unheard (also called the
principle of natural justice).
Under Section 25, each
certification service provider shall prepare a Certification Practice Statement
(CPS)
as prescribed by the regulations of the Certification Council.
CPS would be a policy document of the
certification service provider, which would be filed along with
the application for grant of accreditation
certificate.
A copy of the certification practice statement shall be
maintained at the office of the Certification Council
and shall be open to public inspection. Subject to any
regulations made by the Council, a CPS would
normally include information for persons adversely affected by a
wrong/false certificate, the extent of
liability, policy about suspension or revocation of certificates
etc. For details you can see
section 25
below (no need to
memorize any such section, just try to build a general sense):
“25. Each certification service provider, desirous of being
accredited, shall prepare and have at
all times accessible a certification practice statement in such
form and with such details,
particulars and contents as may be specified in regulations made
by the Certification Council.
Without prejudice to the generality of the foregoing, the
regulations may provide for:
Prompt information to persons likely to be adversely affected by
any event relating
to the information system of the certification service provider
or inaccuracy,
invalidity or misrepresentation contained in a certificate;
Identification of subscribers;
Suspension or revocation of certificates;
Accuracy of information contained in a valid accreditation
certificate;
Foresee ability of reliance on valid accreditation certificates;
and
Deposit of certificates or notification of any suspension or
revocation of any
accreditation certificate or any other fact or circumstance
affecting the certificate, in
the repository.
172
The certificate practice statement shall be submitted to
Certification Council for approval along
with the application for accreditation.
Any subsequent change in the approved certification practice
statement shall be initiated and
processed in such manner as may be specified in regulations made
by the Certification Council,
and upon approval by the Certification Council, shall be
incorporated in the certification
practice statement.
A copy of the certification practice statement shall be
maintained at the office of the
Certification Council and shall be open to public inspection.
Subject to such limitations as may be specified in the
regulations made under sub-section (1), a
certification service provider shall, during the period of
validity of an accreditation certificate
published for reliance by any person, be deemed to warranting to
such person that:
the certification service provider has complied with the
requirements of this
Ordinance, rules and regulations made under this ordinance ; and
the information contained in the certificate is accurate.
The Certification Council may suspend or revoke the
accreditation of a certification service
provider for failure to comply with the provisions of this
section:
Provided that, an order for suspension or revocation of
accreditation shall be made in the manner specified
in regulations made under sub-section (1) after providing
reasonable right of hearing.”
All applications and matters before the Certification Council
should be decided as quickly as possible
through a speaking order (order containing reasons). The Council
may appoint such officers, employees and
advisers as it considers necessary, and can also establish
regional or local offices for due performance of its
functions.
Section 31 of the ETO specifies that it does not apply to five different types of documents, namely, a
negotiable instrument, a power of attorney, a trust, a will, a
contract of sale or conveyance of immoveable
property. Accordingly, such documents are still required to be
in paper form.
A negotiable instrument includes a promissory note, a bill of
exchange and a check. A promissory note is
an unconditional promise or undertaking to pay a specified
amount to a specified person. A bill of exchange
is an order by a person (person ‘A’) to another person (person
‘B’) to make certain payment to a third
person (person ‘C’) on behalf of ‘A’. A check is a type of bill
of exchange where the bank is asked by a
person (drawer of the check) to make specific payment to the
person in whose favor the check is written. A
power of attorney is the document through which some authority
is given by a person to another to do
certain acts or things on behalf of the person who executes the
power of attorney. A document of trust or
trust deed is prepared to create a trust. A trust can own
property in its name.
The property of the trust is used for the benefit of specified
persons named in the trust deed called
beneficiaries of the trust. The person who establishes the trust
is called author of the trust. The persons
who mange the affairs of the trust are called trustees. A will
is a document through which someone can
name the person(s) who would be entitled to own his property
after his death. A document through which
the ownership in a property is legally transferred to someone is
called a conveyance deed (such as a sale
deed).
A contract of sale of immoveable property (land etc.) and/or a
conveyance deed in this behalf are still
required to be in paper form. Note that the Federal Government,
however, has been given the power to
make whole or any part of the ETO applicable to all or any of
the above documents through a notification
in the official gazette.
173
For reference, section 31 is given as under:
“31. Subject to sub-section
Nothing in this Ordinance shall apply to:
a negotiable instrument as defined in section 13 of the
Negotiable Instruments Act,
1881 (XXVI of 1881);
a power-of-attorney under the Powers of Attorney Act, 1881 (VII
of 1882);
a trust as defined in the Trust Act 1882 (II of 1882), but
excluding constructive,
implied and resulting trusts;
a will or any form of testamentary disposition under any law for
the time being in
force; and
a contract for sale or conveyance of immovable property or any
interest in such
property.
The Federal Government after consultation with the provinces
may, by notification in
the official Gazette and subject to such conditions and
limitations as may be specified
therein, declare that the whole or part of this Ordinance shall
apply to the whole or part of
one or more instruments specified in clauses (a) to (e) of
sub-Section (1).”
Section 32 of the ETO says that courts in Pakistan shall have jurisdiction or authority to decide any
matter
that relates to persons or information systems or events in
Pakistan and covered by the terms of the
Ordinance. Assume that someone from England accesses an
information system in Pakistan and deletes or
modifies the data of a person contained therein without any
authority, then this act may be treated as an
offence under the ETO and Pakistani courts would have
jurisdiction to try such a matter. Note that ETO
would have an overriding or dominating effect as opposed to a
law which is inconsistent with its terms.
Sections 32 and 33 are reproduced as under in this behalf:
“32. The provisions of this Ordinance shall apply
notwithstanding the matters being the
subject hereof occurring outside Pakistan, in so far as they are
directly or indirectly connected
to, or have an effect on or bearing in relation to persons,
information systems or events within
the territorial jurisdiction of Pakistan.”
“33. The provisions of this Ordinance shall apply
notwithstanding anything to the contrary
contained in any other law for the time being in force.”
Sections 34 to 37 of the ETO
deal with offences. Four different types of
offences are mentioned in ETO.
Where a subscriber obtains a certificate from the certification
service provider providing false information,
deliberately, he is guilty of an offence. Any directors or other
officers of a certification service provider
commit an offence in case they issue a certificate knowing that
it is false or they do not cancel a certificate
after they have come to know that the information it contains is
wrong/false.
A person who accesses or attempts to access an information
system with or without the intention to acquire
information contained therein is also guilty of an offence under
the ETO in case he does so without any
authority.
A person would also be said to have committed an offence where
he, without any authority, deletes,
removes, or alters any information contained in any information
system, or he hinders or attempts to hinder
access to an information system without any authority to do so.
Note that each of the above offences
prescribes imprisonment or fine or both. The aforesaid
provisions are reproduced below in case you want
to look into details: (for exam you are not supposed to memorize
these sections)
174
“34. any subscriber who:
Provides information to a certification service provider knowing
such information to be
false or not believing it to be correct to the best of his
knowledge and belief;
Fails to bring promptly to the knowledge of the certification
service provider any change in
circumstances as a consequence whereof any information contained
in a certificate
accepted by the subscriber or authorized by him for publication
or reliance by any person,
ceases to be accurate or becomes misleading, or
Knowingly causes or allows a certificate or his electronic
signatures to be used in any
fraudulent or unlawful manner, shall be guilty of an offence
under this Ordinance.
The offence under sub-section (1) shall be punishable with
imprisonment either description of
a term not exceeding seven years, or with fine which may extend
to ten million rupees, or with
both.”
“35.
Every director, secretary and other responsible
officer, by whatever designation called,
connected with the management of the affairs of a certification
service provider, which:
Issues, publishes or acknowledges a certificate containing false
or
misleading information;
Fails to revoke or suspend a certificate after acquiring
knowledge that any
information contained therein has become false or misleading;
Fails to revoke or suspend a certificate in circumstances where
it ought
reasonably to have been known that any information contained in
the
certificate is false or misleading;
Issues a certificate as accredited certification service
provider while its
accreditation is suspended or revoked; shall be guilty of any
offence under
this Ordinance.
The offence under sub-section (l) shall be punishable with
imprisonment either description of a
term not exceeding seven years, or with fine which may extend to
ten million rupees, or with
both.
The certification service provider or its employees specified in
sub-section (1) shall also be
liable, upon conviction, to pay compensation for any foreseeable
damage suffered by any
person or subscriber as a direct consequence of any of the
events specified in clauses (a) to (d)
of sub-section (1).
The compensation mentioned in sub-section (3) shall be
recoverable as arrears of land
revenue.”
“36.
Any person who gains or attempts to gain access
to any information system with or
without intent to acquire the information contained therein or
to gain knowledge of such
information, whether or not he is aware of the nature or
contents of such information, when
he is not authorized to gain access, as aforesaid, shall be
guilty of an offence under this
Ordinance punishable with either description of a term not
exceeding seven years, or fine
which may extend to one million rupees, or with both.”
“37. Any person who
does or attempts to do any act with intent to alter, modify, delete,
remove, generate, transmit or store any information through or
in any information system
knowingly that he is not authorized to do any of the foregoing,
shall be guilty of an offence
under this Ordinance.
175
Any person who does or attempts to do any act with intent to
impair the operation of, or
prevent or hinder access to, any information contained in any
information system, knowingly
that he is not authorized to do any of the foregoing, shall be
guilty of an offence under this
Ordinance.
The offences under sub-section (1) and (2) of this section will
be punishable with either
description of a term not exceeding seven years or fine which
may extend to one million
rupees, or with both.”
|
|
|
|
|