Pakistan Proclaims Death Sentence for Cyber Terror

by Gopalan on Nov 10 2008 10:31 AM

Pakistani president Asif Ali Zardari has signed a law making cyber terror a crime "punishable with death."

However, executions will only be allowed if the hack attack "causes [the] death of any person," the Prevention of Electronic Crimes law states.

But the definition of what is considered "cyber terror" is alarmingly broad in the law, proposed last year and signed Thursday by the Pakistani president. Not only does it apply to "any person, group or organization who, with terroristic intent utilizes, accesses or causes to be accessed a computer or computer network or electronic system or electronic device or by any available means, and thereby knowingly engages in or attempts to engage in a terroristic act."

The ordinance also considers cyber terrorism to be:

(a) altering by addition, deletion, or change or attempting to alter information that may result in the imminent injury, sickness, or death to any segment of the population;

(b)  transmission or attempted transmission of a harmful program with the purpose of substantially disrupting or disabling any computer network operated by the Government or any public entity;

(c)  aiding the commission of or attempting to aid the commission of an act of violence against the sovereignty of Pakistan, whether or not the commission of such act of violence is actually completed; or

(d)  stealing or copying, or attempting to steal or copy, or secure classified information or data necessary to manufacture any form of chemical, biological or nuclear weapon, or any other weapon of mass destruction.

In contrast, the maximum penalty for a hacking crime under U.S. law is 20 years in prison. Although, as we've seen in recent years, Washington seems to give itself a little, um, leeway when it comes to perceived terror threats.

Cyber terrorism is described as the accessing of a computer network or electronic system by someone who then “knowingly engages in or attempts to engage in a terroristic act”.

“Whoever commits the offence of cyber terrorism and causes death of any person shall be punishable with death or imprisonment for life,” according to the ordinance, which was published by the state-run APP news agency.

The Prevention of Electronic Crimes law will be applicable to anyone who commits a crime detrimental to national security through the use of a computer or any other electronic device, the government said in the ordinance.

It listed several definitions of a “terroristic act” including stealing or copying, or attempting to steal or copy, classified information necessary to manufacture any form of chemical, biological or nuclear weapon.

Naeem Noor Khan, an alleged al-Qaeda operative and computer expert, was arrested in Pakistan in 2004 and files found on his laptop contained details of a plot to attack US financial buildings and locations in Britain.

He was released last year on the orders of the Supreme Court but it is not known whether he is now in the custody of security agencies.

Amir Rana, an expert on terrorism in Pakistan, said the law raised fears that it would be abused by Pakistani law enforcement agencies. 

The investigating agencies now acquire the right to enter any home to seize personal computers. This kind of a blank cheque could have incalculable consequences in a country where authorities at various levels are notorious for misusing their powers.

The ordinance also set out punishments for other offences, including electronic fraud, electronic forgery, system damage, unauthorised access to codes and misuse of encryption. Punishments for those crimes ranged from three to 10 years in prison.