ELECTRONIC TRANSACTIONS ORDINANCE, 2002 - 3

<< ELECTRONIC TRANSACTIONS ORDINANCE, 2002 - 2

GLOBAL LEGAL ISSUES OF E-COMMERCE - 1 >>

E-COMMERCE IT430

Lesson 43

ELECTRONIC TRANSACTIONS ORDINANCE, 2002 (ETO) (CONTINUED....)

Section 24 of the ETO provides that Certification Council shall make regulations specifying the

criteria/procedure for the grant of accreditation certificates to the certification service providers. The

provision is reproduced as follows:

"24. The Certification Council may grant accreditation to certification service provider, its

cryptography services, electronic signature or advanced electronic signature and security

procedures who comply with the criteria for accreditation specified in the regulations.

The terms and conditions of the accreditation, including those relating to duration of the

accreditation, renewal, suspension or revocation, shall be specified in regulations.

The fee for grant and renewal of the accreditation shall be as prescribed.

The form and manner of proceedings for the consideration of application for grant, renewal,

suspension or revocation of accreditation shall be specified in the regulations provided that, the

regulations shall provide for a transparent procedure with due regard to the right of hearing."

Note that a certification service provider shall have proper right of hearing before a decision on its

application for the grant of accreditation certificate is made. This is based on the fundamental principle of

law that no body should be condemned unheard (also called the principle of natural justice).

Under Section 25, each certification service provider shall prepare a Certification Practice Statement (CPS)

as prescribed by the regulations of the Certification Council. CPS would be a policy document of the

certification service provider, which would be filed along with the application for grant of accreditation

certificate.

A copy of the certification practice statement shall be maintained at the office of the Certification Council

and shall be open to public inspection. Subject to any regulations made by the Council, a CPS would

normally include information for persons adversely affected by a wrong/false certificate, the extent of

liability, policy about suspension or revocation of certificates etc. For details you can see section 25

below (no need to memorize any such section, just try to build a general sense):

"25. Each certification service provider, desirous of being accredited, shall prepare and have at

all times accessible a certification practice statement in such form and with such details,

particulars and contents as may be specified in regulations made by the Certification Council.

Without prejudice to the generality of the foregoing, the regulations may provide for:

Prompt information to persons likely to be adversely affected by any event relating

to the information system of the certification service provider or inaccuracy,

invalidity or misrepresentation contained in a certificate;

Identification of subscribers;

Suspension or revocation of certificates;

Accuracy of information contained in a valid accreditation certificate;

Foresee ability of reliance on valid accreditation certificates; and

Deposit of certificates or notification of any suspension or revocation of any

accreditation certificate or any other fact or circumstance affecting the certificate, in

the repository.

171

E-COMMERCE IT430

The certificate practice statement shall be submitted to Certification Council for approval along

with the application for accreditation.

Any subsequent change in the approved certification practice statement shall be initiated and

processed in such manner as may be specified in regulations made by the Certification Council,

and upon approval by the Certification Council, shall be

incorporated in the certification

practice statement.

A copy of the certification practice statement shall be maintained at the office of the

Certification Council and shall be open to public inspection.

Subject to such limitations as may be specified in the regulations made under sub-section (1), a

certification service provider shall, during the period of validity of an accreditation certificate

published for reliance by any person, be deemed to warranting to such person that:

the certification service provider has complied with the requirements of this

Ordinance, rules and regulations made under this ordinance ; and

the information contained in the certificate is accurate.

The Certification Council may suspend or revoke the accreditation of a certification service

provider for failure to comply with the provisions of this section:

Provided that, an order for suspension or revocation of accreditation shall be made in the manner specified

in regulations made under sub-section (1) after providing reasonable right of hearing."

All applications and matters before the Certification Council should be decided as quickly as possible

through a speaking order (order containing reasons). The Council may appoint such officers, employees and

advisers as it considers necessary, and can also establish regional or local offices for due performance of its

functions.

Section 31 of the ETO specifies that it does not apply to five different types of documents, namely, a

negotiable instrument, a power of attorney, a trust, a will, a contract of sale or conveyance of immoveable

property. Accordingly, such documents are still required to be in paper form.

A negotiable instrument includes a promissory note, a bill of exchange and a check. A promissory note is

an unconditional promise or undertaking to pay a specified amount to a specified person. A bill of exchange

is an order by a person (person `A') to another person (person `B') to make certain payment to a third

person (person `C') on behalf of `A'. A check is a type of bill of exchange where the bank is asked by a

person (drawer of the check) to make specific payment to the person in whose favor the check is written. A

power of attorney is the document through which some authority is given by a person to another to do

certain acts or things on behalf of the person who executes the power of attorney. A document of trust or

trust deed is prepared to create a trust. A trust can own property in its name.

The property of the trust is used for the benefit of specified persons named in the trust deed called

beneficiaries of the trust. The person who establishes the trust is called author of the trust. The persons

who mange the affairs of the trust are called trustees. A will is a document through which someone can

name the person(s) who would be entitled to own his property after his death. A document through which

the ownership in a property is legally transferred to someone is called a conveyance deed (such as a sale

deed).

A contract of sale of immoveable property (land etc.) and/or a conveyance deed in this behalf are still

required to be in paper form. Note that the Federal Government, however, has been given the power to

make whole or any part of the ETO applicable to all or any of the above documents through a notification

in the official gazette.

172

E-COMMERCE IT430

For reference, section 31 is given as under:

"31. Subject to sub-section

Nothing in this Ordinance shall apply to:

a negotiable instrument as defined in section 13 of the Negotiable Instruments Act,

1881 (XXVI of 1881);

a power-of-attorney under the Powers of Attorney Act, 1881 (VII of 1882);

a trust as defined in the Trust Act 1882 (II of 1882), but excluding constructive,

implied and resulting trusts;

a will or any form of testamentary disposition under any law for the time being in

force; and

a contract for sale or conveyance of immovable property or any interest in such

property.

The Federal Government after consultation with the provinces may, by

notification in

the official Gazette and subject to such conditions and limitations as may be specified

therein, declare that the whole or part of this Ordinance shall apply to the whole or part of

one or more instruments specified in clauses (a) to (e) of sub-Section (1)."

Section 32 of the ETO says that courts in Pakistan shall have jurisdiction or authority to decide any matter

that relates to persons or information systems or events in Pakistan and covered by the terms of the

Ordinance. Assume that someone from England accesses an information system in Pakistan and deletes or

modifies the data of a person contained therein without any authority, then this act may be treated as an

offence under the ETO and Pakistani courts would have jurisdiction to try such a matter. Note that ETO

would have an overriding or dominating effect as opposed to a law which is inconsistent with its terms.

Sections 32 and 33 are reproduced as under in this behalf:

"32. The provisions of this Ordinance shall apply notwithstanding the matters being the

subject hereof occurring outside Pakistan, in so far as they are directly or indirectly connected

to, or have an effect on or bearing in relation to persons, information systems or events within

the territorial jurisdiction of Pakistan."

"33. The provisions of this Ordinance shall apply notwithstanding anything to the contrary

contained in any other law for the time being in force."

Sections 34 to 37 of the ETO deal with offences. Four different types of offences are mentioned in ETO.

Where a subscriber obtains a certificate from the certification service provider providing false information,

deliberately, he is guilty of an offence. Any directors or other officers of a certification service provider

commit an offence in case they issue a certificate knowing that it is false or they do not cancel a certificate

after they have come to know that the information it contains is wrong/false.

A person who accesses or attempts to access an information system with or without the intention to acquire

information contained therein is also guilty of an offence under the ETO in case he does so without any

authority.

A person would also be said to have committed an offence where he, without any authority, deletes,

removes, or alters any information contained in any information system, or he hinders or attempts to hinder

access to an information system without any authority to do so. Note that each of the above offences

prescribes imprisonment or fine or both. The aforesaid provisions are reproduced below in case you want

to look into details: (for exam you are not supposed to memorize these sections)

173

E-COMMERCE IT430

"34. any subscriber who:

Provides information to a certification service provider knowing such information to be

false or not believing it to be correct to the best of his knowledge and belief;

Fails to bring promptly to the knowledge of the certification service provider any change in

circumstances as a consequence whereof any information contained in a certificate

accepted by the subscriber or authorized by him for publication or reliance by any person,

ceases to be accurate or becomes misleading, or

Knowingly causes or allows a certificate or his electronic signatures to be used in any

fraudulent or unlawful manner, shall be guilty of an offence under this Ordinance.

The offence under sub-section (1) shall be punishable with imprisonment either description of

a term not exceeding seven years, or with fine which may extend to ten million rupees, or with

both."

"35. Every director, secretary and other responsible officer, by whatever designation called,

connected with the management of the affairs of a certification service provider, which:

Issues, publishes or acknowledges a certificate containing false or

misleading information;

Fails to revoke or suspend a certificate after acquiring knowledge that any

information contained therein has become false or misleading;

Fails to revoke or suspend a certificate in circumstances where it ought

reasonably to have been known that any information contained in the

certificate is false or misleading;

Issues a certificate as accredited certification service provider while its

accreditation is suspended or revoked; shall be guilty of any offence under

this Ordinance.

The offence under sub-section (l) shall be punishable with imprisonment either description of a

term not exceeding seven years, or with fine which may extend to ten million rupees, or with

both.

The certification service provider or its employees specified in sub-section (1) shall also be

liable, upon conviction, to pay compensation for any foreseeable damage suffered by any

person or subscriber as a direct consequence of any of the events specified in clauses (a) to (d)

of sub-section (1).

The compensation mentioned in sub-section (3) shall be recoverable as arrears of land

revenue."

"36. Any person who gains or attempts to gain access to any information system with or

without intent to acquire the information contained therein or to gain knowledge of such

information, whether or not he is aware of the nature or contents of such information, when

he is not authorized to gain access, as aforesaid, shall be guilty of an offence under this

Ordinance punishable with either description of a term not exceeding seven years, or fine

which may extend to one million rupees, or with both."

"37. Any person who does or attempts to do any act with intent to alter, modify, delete,

remove, generate, transmit or store any information through or in any information system

knowingly that he is not authorized to do any of the foregoing, shall be guilty of an offence

under this Ordinance.

174

E-COMMERCE IT430

Any person who does or attempts to do any act with intent to impair the operation of, or

prevent or hinder access to, any information contained in any information system, knowingly

that he is not authorized to do any of the foregoing, shall be guilty of an offence under this

Ordinance.

The offences under sub-section (1) and (2) of this section will be punishable with either

description of a term not exceeding seven years or fine which may extend to one million

rupees, or with both."

175

Table of Contents: