Friday, 25 July 2014

LEGAL AND TECHNICAL OBSTACLES IN RECRODING EVIDENCE THROUGH VIDEO LINK UNDER ANTI TERRORISM LATEST AMENDMENT

Edward Snowden in his recent interview with Guardian in Moscow,said, "If we confess something to our priest inside a church that would be private, but is it any different if we send our pastor a private email confessing a crisis that we have in our life?"
Whenever we talk about our government, we feel depressed, not because of our pessimism but due to nefarious deeds of the people in power. They have their own standards to measure their progress irrespective of the consequences of their acts. We live in a third world country and face the world greatest threat and enemy in form of Terrorism which is present in our streets, markets, courts, hospitals, police stations, schools and every public place.
Many military operations had been carried out besides a number of legislations to support the law enforcement agencies and to give tough time to criminals but we could never come up with something consistent with our system to deal with these hardened criminals neither strive to develop a system consistent with these laws. Always looking for speedy solutions with overnight results.
Recently on 6th June 2014 our National Assembly of Pakistan passed a bill containing amendments in the existing anti terrorism act 1997 which focused on recording of evidence in anti terrorism cases through video link. The basic purpose of this amendment can be either its cost effectiveness or protection of the witnesses and to minimize the security threats. Cost effectiveness means if a person is sitting abroad one can record his testimony through videoconferencing instead to make him travel all the way spending hefty amount just to record his version.
First of all we need to examine the reason for introducing such amendment in Pakistan judicial system. Such an amendment is first of its kind in Pakistan Judicial system. This amendment is introduced but whether its legal consequences and technical obstacles were taken into consideration is a question mark. The exposure and experience of our judges is not compatible with such an amendment neither amendment is compatible with our judiciary training. We must take measures to train our judiciary with the latest technologies to make them properly judge and administer the trial in order to fight crime of every form. We are still waiting for any such policy to be implemented. 
As criminal lawyer, jail trials which are supposed to be conducted in Jail for sensitive and dangerous prisoners are the main cause for this amendment. In routine whenever there is order for jail trial of a prisoner, the judges along with their staff besides the counsels of both parties have to come to jail for jail trial. The basic phenomenon is to avoid the movement of the prisoner. That’s why the amendment is made in only ATA 1997 not in any civil or criminal procedural law which clearly envisages the domain of its effectiveness. Besides that the protection of the prosecution witnesses is another reason for introducing such technology in Pakistan judicial system.
The amendment referring to a video link means use of interactive telecommunications technologies for witness testimony via simultaneous two-way video and audio transmissions. This technology allows for a witness to testify from a room adjoining the courtroom via closed-circuit television or from a distant or undisclosed location through an audio-visual link. In the courtroom setting, a judge, the defendant, the defence counsel and the prosecutor can ask questions of the witness and see and hear the witness’ answers and impressions in real time transmission. Videoconferencing equipment can permit the concurrent transmission of computer images, such as documents so that video can be displayed on one screen and the computer data on another. In other words, a remote witness can be seen on a big screen while the documents being discussed by the witnesses can be visible (to a judge or jury) on screen monitors.
Internationally this technology is being used by international criminal tribunals such as International criminal court, the international criminal tribunal for Rawanda, the International Criminal Tribunal for the former Yugoslavia, the Special Court for Sierra Leone and the Extraordinary Chambers in the Courts of Cambodia. Similarly many countries have already deployed this system in their courts but to a limited extend.
We should never underestimate the powers who are always active against our national security and there is quite probability that our databases containing judicial data will also be compromised in the same manner as Edward snowden, the former NSA-US contractor,  disclosed in the past.
One thing is very important that when we talk about Anti Terrorism cases we talk about criminal matters involving national security in one way or other. Therefore we need to be extra careful from the recent disclosure of NSA whistle blower Edward snowden who disclosed that how much of Pakistan data was screened without the knowledge and authorization of Pakistan Government. According to his figures Pakistan was second country after Iran whose intelligence was compromised on a mass level.  Are we really equipped enough to make sure the security of our interactive telecommunication technology because this could be something more dangerous and risky as compared to manual system of recording testimonies if the telecommunication lines are compromised.
Legally speaking Pakistan need to work a lot on legal side of this amendment as we are directly hitting section 353 of Criminal Procedure code. Accused presence will be virtual through video link but will be regarded as physical presence but can the judge see his emotions or vice versa, can the accused counsel discuss anything in private with his client? Furthermore who will digitally sign the recorded evidence? How can we make sure that the recorded evidence will not be manipulated? Are we planning for any secure backups of these recordings? We need to draft proper rules in detail which will define the minimum standard of technical details for establishing this videoconferencing system. And also the procedure for recording any such testimony through video link. Who and how this system will be managed and where the backup and recording of videos will be available and whether it will be available for parties or public or not.
On one side we are addressing the security of our witnesses and on the other side we are making a video film which will show their picture along with their statement making them more vulnerable to security threats if the recorded video film is not secured. 
Laws are said to represent the mindset of the state body and their implementation show the physical strength of the state body. No doubt we have big holes in our judicial system but this effort is appraisable. The alarming obstacles must not be ignored before bringing the system alive. It is good gesture to bring the technology into life and to feel its power but never to forget that “with great power, comes great responsibility”.

Saturday, 22 March 2014

IS PAKISTAN GOING TO BE A LEGAL HEAVEN FOR CYBER CRIMINALS?

Any efforts ever made in regard to the promulgation of the newly awaited cyber crime bill have always been appreciated in all fields of the life. However the welcoming gesture got a big shock after I got hold of the copy of the draft of the newly awaited cyber crime law to be enforced in Pakistan. I was hoping that the new law will come with power to eradicate the Cyber crime from the society which exists in form of social crime, fiscal crime, national crime, individual crime, conventional crime and likewise any other form of crime involving information technology. However after going through the draft, I felt that Pakistan is going to be another heaven for the cyber criminals. In the era where developed countries are preparing their cyber warriors, we are taking cyber crime so lightly that unfortunately I found most of the offences in the new law as bailable offences. Hence such an attitude towards cyber crime will encourage the crime where you start measuring the punishment with the scale of money i.e. fines. I always felt that our society is badly lacking the expertise to properly fight with the cyber crime only because of no law but now we stand on a more dangerous position where we are providing them legal cover in form of small fines and ignorable punishments.
Personally as a practicing lawyer with expertise in cyber crime, I always felt that most of the respected judiciary with reference to cyber crime doesn’t have the proper exposure of the nature of criminals they are dealing with; instead they don’t take it as a heinous form of crime. However after such an impotent draft for the cyber crime bill, I think the judiciary will justify itself in the best possible manner and the cyber criminals will be enjoying an edge over prosecution, system and the victims of such crimes.
An effective law is not the one which punishes the criminals but create a fear factor in the society so that any person who get charged with any offence, must try his level best to prove his innocence but where the main element of determent has been ignored i.e. the punishment, no other factor can take its place and hence making the law easily playable by the criminals.
World is consider as a global village with no geographical boundaries especially talking in context of cyber crime. Recently the disclosure of the Edward Snowden (former member of NSA-US) is a clear and prime example of the level of security implemented in our information systems in Pakistan. Even though we have not learned any lesson from our past and still willing to compromise our cyber security on small amounts in forms of fines. For example if you have illegally accessed a program or data intentionally you will be charged with 9 months punishment or fine of two hundred thousand rupees only or both. We do have sections which needs appreciation but overall as all the offences are bail able except one, such a giving up attitude is not appreciate able.
Pakistan is working on its National cyber security policy under the leadership of Ammar Jaffri and support of chairman senate defense committee, Senator Mushahid Hussain. However my personal opinion is that such a draft will badly affect the National Cyber Security Policy also as it is going to be the main and basic law for dealing with the cyber crime. Hence efforts should be made to make the law effective and powerful to combat the crime properly. My whole opinion should be consider in the best interest of the criminal justice system of Pakistan.

Monday, 2 December 2013

Latest and final blow being given to the cyber crime laws

Hope this will be the last and final blow for the cyber crime bill to get pass all legal requirements and get into action. Statement said that all stake holders are being taken on-board for the finalization of the Cyber Crime Bill before tabling it in National Assembly for approval. Secretary IT, Chairman PTA, Mr. Kamran Ali Khattak, Member (Legal), Mr. Yasir Qadir, Member (Telecom) and representatives from FIA and IT Industry were present in the meeting. A high level committee has been constituted headed by Senior Legislative Advisor to Ministry of Law, Justice and Human Rights. The other members of the committee includes Member (Legal), MoIT and Director (IT), MoIT, a representative from IT Industry, PTA and FIA respectively. The committee has been assigned the task to review the Draft Bill within one week time period and submit its report to Ministry of IT.

Wednesday, 7 August 2013

USA- Cyber Warriors Act 2013

A group of eight senators recently introduced a bill that would establish cybersecurity civil support teams (CSTs) in the National Guard, mirroring National Guard teams set up to deploy their specialized expertise for dealing with incidents involving weapons of mass destruction. 

The Cyber Warrior Act of 2013 would set up Cyber and Computer Network Incident Response Teams (CCNIRTs) in each of the 50 states and four US territories under the direction of the National Guard Bureau, much like the WMD-CSTs. Under the legislation, a governor or the secretary of defense could activate CCNIRTs, also known as "Cyber Guards," in response to a cyberattack.

Sen. Kirsten Gillibrand (D-NY), the leading sponsor of the bill, called the bill a means by which to call up cybersecurity experts to combat cyberthreats to US infrastructure.

"Cyberattacks are at the top of the threats that could affect every aspect of our national and economic security," Gillibrand said in a statement on March 22. "Terrorists could shut down electric grids in the middle of winter, zero-out bank accounts, or take down a stock exchange causing an unimaginable amount of disruption and harm. Meanwhile, our military and homeland cyberdefense forces are thousands short of the need identified by our leaders.  We must ensure that we can recruit and retain talented individuals who can protect our nation's cybersecurity at home and abroad."

Most of the co-sponsors of the Cyber Warrior Act are Democrats, but two Republicans joined Gillibrand in introducing the legislation, including Sens. Roy Blunt (R-Mo.) and David Vitter (R-La.). Blunt hailed the concept as a means to make good use of civilian cybersecurity talent through the National Guard and to expand on the concept of National Guard cybersecurity units introduced by states such as Missouri, Delaware, Louisiana and Washington.

"As cyberattacks are something we're increasingly more and more concerned about, having people in the Guard who are also out there every day in the IT community would be an incredible way to increase access to skilled employees that the uniform forces may not be able to afford," Blunt said in a statement. "I believe Missouri could certainly be a prototype for what these units should look like nationwide."

Blunt first mentioned the idea of extending "cyberwarrior opportunities in the National Guard" to Gen. Keith Alexander, head of the National Security Agency and commander of US Cyber Command, during a hearing of the Senate Armed Services Committee, on March 12, noting that Gillibrand, Vitter and he were contemplating the legislation.

Alexander revealed that Cyber Command already had been discussing cybersecurity support with National Guard departments in each state.

"Senator, we have National Guard folks on our staff; we are actively working that with the Guard. A few weeks ago, I sat down with all of the adjutant generals from all of the states and walked through how we can do this and how we train everyone to the same standards, active and Guard," Alexander testified.

The National Guard units in each state can provide the FBI and the Department of Homeland Security specialized assistance in response and recovery to cyberattacks, working with NSA and Cyber Command to complement the military activities of those organizations, Alexander said.

Leveraging the private sector experience of IT professionals through National Guard activation would provide a unique opportunity to assess cybersecurity skills in a catastrophe, lawmakers agreed.

Sen. Chris Coons (D-Del.) drew the parallel between the manner in which the National Guard already supports civil authorities in times of disaster and the way in which it could do so in the event of a cyberattack.

"The National Guard is always ready when natural or manmade disasters strike at home," Coons said in a statement. "The Cyber Warrior Act allows them to respond to cyberdisasters, too, an increasingly common threat to our country from organized crime, terrorists and even nation-states. The Cyber Warrior Act will ensure that in the first hours and days after a devastating cyberattack, our local responders will have the same support of the National Guard for response and recovery that they do when a hurricane strikes. Delaware's 166th Network Warfare Squadron is a model for what can be achieved when the Guard leverages the unique private-sector skills and experiences of its members, and this bill will help other states build similar capacity."

Governors also could tap the Cyber Guards to train state and local law enforcement and other responders in cybersecurity procedures and to provide support for cybersecurity best practices.

Under the Cyber Warriors Act, the secretary of defense would report on the means by which the Pentagon finds and hires cybersecurity experts. Alan Paller of the SANS Institute estimated the Department of Defense has about 10,000 less cybersecurity experts than it requires. (The Pentagon has about 2,000, lawmakers said.)

Other sponsors of the bill include Sen. Patrick Leahy (D-Vt.), co-chair of the Senate National Guard Caucus, and Sens. Mary Landrieu (D-La.), Mark Warner (D-Va.) and Patty Murray (D-Wash.). Sen. Lindsey Graham (R-SC), co-chair of the National Guard Caucus and a colonel in the South Carolina National Guard, has not yet signaled his support for the bill.

from : http://www.hstoday.us/single-article/senators-seek-national-guard-cybersecurity-civil-support-teams/8461dd77befa9b1506273a976c5c2b15.html

Wednesday, 10 July 2013

Atlast ! Cyber Security Policy for Pakistan- Inter Services Cyber Command

Senate Committee on Defence and Defence Production Chairman Mushahid Hussain Sayed Monday stressed on establishing a 'cyber security task force' in collaboration with various ministries and security organisations. In his address of welcome at a seminar on 'Defending Cyber Security Strategy for Pakistan,' Senator Mushahid presented his seven-point action plan for promoting cyber security in the country. 
He apprehended that this cyber security threat can affect Pakistan's national defence, security, intelligence, diplomacy, nuclear and missile programme, economy, energy, education, civil aviation as well as industrial and manufacturing units both in the private and public sector. So cyber security is an issue of paramount importance for Pakistan's stability and progress. 

Mushahid quoted that even President Obama has declared that the "cyber threat is one of the most serious economic and national security challenges we faces as a nation" and that "America's prosperity in the 21st century will depend on cyber security." He maintained that Pakistan's cyber security has to have three fundamental elements. Pakistan's digital infrastructure must have the ability to 
                                                                 - resist attacks, 
                                                                 - cyber penetration 
                                                                 - disruption. 
Defend against emerging cyber threats, whether state sponsored or otherwise, and ability to retaliate regionally, at least. The country should have ability to recover quickly from cyber incidents whether caused by cyber aggression, accident or natural disaster. 

Following the recommendations made in seminar, action plan for a Cyber Secured Pakistan has been proposed which includes relevant legislation to preserve, protect and promote Pakistan cyber security, drafting for which has already begun. Bills in Parliament for Cyber Security will be tabled. 

Cyber security threat should be accepted and recognised as new, emerging national security threat by the Government of Pakistan, similar to the threats like terrorism and military aggression. Establishing a National Computer Emergency Response Team (PKCERT). Establishing a Cyber-Security Task Force with affiliation of Ministry of Defence, Ministry of IT, Ministry of Interior, Ministry of Foreign Affairs, Ministry of Information and our security organisations plus relevant and leading professionals from the private security so that Pakistan can take steps to combat this new emerging threat and formulate Cyber Security Strategy for Pakistan. 

Under the office of the Chairman, Joint Chiefs of Staff Committee, an Inter-Services Cyber Command should be established to co-ordinate cyber security and cyber defence for the Pakistan Armed Forces. Within the framework of Saarc, Pakistan should take the initiative to initiate talks among the 8-member states particularly India to establish acceptable norms of behaviour in cyber security among the SAARC countries so that these countries are not engaged in cyber warfare against each other. If Pakistan and India can have an agreement not to attack each other nuclear installations, why not an agreement could be reached seeking the prevention of cyber warfare against each other, the committee recommended. 


* source of report is dependent and copied from Business recorder

Tuesday, 25 June 2013

NATIONAL SECURITY AGENCY OF UNITED STATES DID BOUNDLESS CYBER CRIME WITH “BOUNDLESS INFORMANT”

From the last few days, the news highlighting Edward Snowden whereabouts was of main interest but what did he revealed to Guardian and washington post  is much more important as it relates to national security. I didn’t used the name of any country when I talk about national security because this is the worst form of crime ever did in the history of nations where national security of all the countries is at risk. Therefore naming any one country will not do the job. We are talking about boundless crime did by US-NSA data mining tool namely “boundless informant”. It would be not out of place to mention what Julian assange (founder of wikileaks) Lawyer, Michael Ratner said, "You have to have a country that's going to stand up to the United States".
 Edward Snowden, a system administrator born on 21 june, 1983, employee/contractor in the CIA who gave documents to “The Guardian” and “The Washington Post” newspapers disclosing U.S. surveillance programs that collect vast amounts of phone records and online data in the name of foreign intelligence, often sweeping up information of American citizens. Through this tool officials have the ability to collect phone and Internet information broadly but need a warrant to examine specific cases where they believe terrorism is involved. And more surprisingly everything was being done under an unconstitutional statute of united states i.e. Foreign Intelligence Surveillance Act of 1978. American civil liberties union has challenged this act as unconstitutional and has also filed an appeal in the supreme court of United States which decided the matter namely Clapper Vs Amnesty International USA on 26th February 2013.    
As a Pakistani, I am least concerned with the internal matters of US, but what about our law, our information, our privacy, does it allow any one to violate the privacy of information of our nation. You must be shocked to know that Pakistan was the second largest country whose information’s privacy was compromised and 13.5 billion intelligence was violated by the US NSA. When I saw the heat image generated by the data mining tool i.e. boundless informant, there were only two countries in red colour and Pakistan was one of them. It means that we were on top of the list. What sort of information has been compromised is really important and can this happen again is more important. 
There are a number of questions which sparked in my mind as I saw the image. How is it possible, are we not protected as a nation. Where is the defence budget going if the information is not protected in Pakistan. Todays wars are not of weapons but of information. And we as a nation has failed to protect our information. In my point of view we need to take extra precautionary steps to fight against such acts of international cyber crime. It is very very alarming that how all the information was compromised without the intervention of our government. I am here to discuss and criticize on each and every level of our government. Whether it is the army who is concern with the national security, or it is the Pakistan telecommunication authority who is responsible to “promote and protect the interest of users of telecommunication services in Pakistan” u/s 4 (1)(c) of Pakistan telecommunication re-organization act 1996.  where is the writ of government, for god sake we are in the cyber era and we are still fighting Talibans for nothing. We don’t have any foreign policy w.r.t cyber crime, we do not have laws for cyber crime.  We are not even properly equipped with the level of expertise which are needed to counter cyber crime in todays world of technology. Our government must take concrete steps.

Saturday, 22 June 2013

Cyber Laws in Pakistan


Cyber Laws in Pakistan don’t have any exceptional history, as seen in the international trend, the cyber law making in Pakistan started mainly after 2001 i.e. Electronic Transaction Ordinance 2002. Furthermore a very pointing law, promulgated in 2007, i.e. Prevention of Electronic Crime Ordinance 2007 (PECO). I happened to study the PECO in reference to some cases. It looks good, complete and comprehensive and covering crime from every angle committed in a cyber environment. In start, I feel good about it but later on one thing keeps bothering me i.e. it did not provide a complete remedy for Intellectual Property rights infringement.
Later on, somehow I came to get a copy of Indian Information Technology Act 2000 . Things were very disappointing. I feel a very big and huge unfilled gap in the legislation of PECO, 2007. In fact I personally didn’t notice it unless or until I happened to get the Indian act for comparison. This unfilled gap was the awareness.  Awareness methods through which one can keep himself safe and secure. Here I am giving a comparison in a table form for the chapters of IT BILL 2000(India), ETO 2002(Pakistan) and PECO 2007(Pakistan).


In the above mentioned table, I tried to bring things in a very simple comparison. Nature and the basic architect of the different laws can be easily classified to make some conclusion. If we have a look on the IT bill 2000, which is implemented in India, we will notice that the designer has designed the Law with its basic emphasis on the awareness and introducing safety procedures. Whereas if we have a look to our laws structure, we do find punishments but no procedure to avoid those punishments or to avoid becoming a target or part of any such criminal activity which comes in the domain of cyber environment. Do we find any such thing in our laws?
I appreciate the steps our government has so far taken in establishing grounds for Laws related cyber environment in Pakistan. My request to the government is to change the nature and style of our legislation. May be we can adopt any more better and advanced model of cyber environment then other countries but not more disappointing.  

What Measures Should Government take? 
An incomplete and criminal nature of legislation supports the law enforcement agencies to misuse the loop holes left in the legislation. Our law should be focused on the procedures one can take to avoid any mishap. It is very unfortunate that in PECO, we don’t even find a single chapter related safety precautions. We don’t find anything dealing with the procedures for avoiding any cyber crime.
According to my point of view, in today’s world, computers are the weapons and therefore if we equip someone with this weapon, it’s the duty of government to also give them awareness of this weapon for its positive use. The government should initiate awareness campaign. The main interesting thing in this awareness campaign is that domain of this campaign is well defined i.e. computer literate or technology literate. What I suggest is that the government should introduce a compulsory subject in universities, from where most of our technology related public belongs. Contents of such subject should be covering the cyber environment, how to avoid being a target of cyber crimes or becoming part of such crimes.  Such Subject should be   from the Government to guide and to educate the computer literates about these cyber crimes. This will result in a network of information and automatically we will see the results of such awareness and control over cyber environment.