PLJ 2023 Cr.C. 371 (FB)
[Lahore High Court, Lahore]
Present: Miss Aalia Neelum, Syed Shahbaz Ali Rizvi and Farooq Haider, JJ.
Mst. SAIMA NOREEN--Petitioner
versus
STATE and another--Respondents
Crl. A. No. 59829 of 2021 and Crl. Misc. No. 2 in of 2021,
decided on 31.01.2013.
Criminal Procedure Code, 1898 (V of 1898)--
----Ss. 428 r/w 561-A--Prevention of Electronic Crimes Act, (XL of 2016), Ss. 32/35/36/41--Qanun-e-Shahadat Order, (10 of 1984), Art. 46-A/72/73 & 78-A--Application for summoning of CDR--“Call Data Record” (CDR)--Standard Operating Procedure “SOP” for obtaining CDR--“Voice Record Transcript” or “End to End Audio Recording”--Applicant/appellant has been convicted and sentenced under section 9(c) of the Control of Narcotics Substance Act, 1997--Applicant/appellant has filed appeal--During trial of the case, applicant filed application for summoning representative of Jazz Telecom Company for verification of CDRs and also exhibiting the same but same was dismissed by the Trial Court--CDR is abbreviation of “Cell Data Record” of SIM which is abbreviation of “Subscriber Identity Module”--PTA was established u/S. 3 of Pakistan Telecommunication (Reorganization) Act, 1996 and is mandated to regulate the establishment, maintenance and operation of the telecommunication system and provision of telecommunication services in Pakistan--Service providers are bound, amongst others, to maintain call date record (CDR) of its customers/users of mobile phone for a period of one year--Government enjoys facility of said stored CDR in the investigation of certain crimes in the country--Under Section 35 of PECA 2016 powers of authorized officer have been mentioned--Section 36 of the Act ibid has provided the mechanism for dealing with the seized data or information system--Section 41of PECA 2016 deals with “confidentiality of information”--Section 36 of the Act ibid has provided the mechanism for dealing with the seized data or information system--Federal and Provincial Interior Ministries have authorized the police department under their jurisdiction and other law enforcement agencies to obtain the CDRs as and when required from the service providers--Investigating Officer will receive the CDR through recovery memo and same will be tendered/produced before the Court in accordance with law--Unauthorized issuance of SIM card, etc is also offence for which punishment has been provided under section 17 of the Act--Accused can take any plea and he has to simply show possibility of its correctness but such possibility must be based on conclusive and reliable piece of evidence--“Call Data Record” (CDR) is not conclusive piece of evidence for the purpose of determining and establishing the identity and presence of any witness or person at some exact locale/position/place--Application filed by applicant for summoning representative of a telecom company (Jazz) for verification of photocopy of CDRs was dismissed by the learned Trial Court and said order was not challenged and same attained finality--Necessity of taking additional evidence at the appellate stage must be felt by the appellate court itself and it does not depend upon what a party to the appeal thinks of such necessity--During trial, applicant did not ask/move for production and bringing any voice record transcript/ “end to end audio recording” of any phone call as well as forensic analysis report of the same--At this appellate stage, brining of “Call Data Record” (CDR) through additional evidence on record of instant appeal is neither necessary for just decision of the case nor the same would serve any useful purpose for the applicant/appellant in any manner whatsoever--At this appellate stage, brining of “Call Data Record” (CDR) through additional evidence on record of instant appeal is neither necessary for just decision of the case nor the same would serve any useful purpose for the applicant/appellant in any manner whatsoever--Application is without merits and same is hereby dismissed.
[Pp. 376, 378, 386 391, 395, 396] A, B, E, F, L, P, T, U, W
PLD 1976 SC 452; 2022 PC.rLJ 59; 2016 SCMR 274; 2021 SCMR 522; 2021 SCMR 873 ref.
Prevention of Electronic Crimes Act, 2016 (XL of 2016)--
----CDR--CDR is abbreviation of “Cell Data Record” of SIM which is abbreviation of “Subscriber Identity Module”. [P. 377] C
Prevention of Electronic Crimes Act, 2016 (XL of 2016)--
----S. 32--CDR--Service providers are bound, amongst others, to maintain call date record (CDR) of its customers/users of mobile phone for a period of one year. [P. 378] D
Qanun-e-Shahadat Order, 1984 (10 of 1984)--
----Arts. 46-A/72/73 & 78-A--It is to be considered as primary evidence as provided by Explanation No.3 and 4 of Article 73 of Qanun-e-Shahadat Order, 1984--As per Article 46-A of the Order ibid statements in the form of electronic documents generated, received or recorded by an automated information system while it is in working order, are relevant facts--As per Article 72 of the Qanun-e-Shahadat Order, 1984, contents of documents may be proved either by primary or by secondary evidence--If electronic document is alleged to be signed or to have been generated wholly or in part by any person through the use of an information system, and where such allegation is denied then the application of a security procedure must be proved as required by Article 78-A of the Order.
[Pp. 387, 388] G, H, I, J
Prevention of Electronic Crimes Act, 2016 (XL of 2016)--
----S. 41--CDR--Standard Operating Procedure “SOP” for obtaining CDR--Only authorized officer can generate/obtain CDR from the automated system and he cannot delegate his said powers by providing his specified E.Mail to his any subordinate or anybody else--Said authorized officer is bound to maintain confidentiality of said generated CDR/document under section 41 of the Act ibid and SOP. [P. 388] K
Prevention of Electronic Crimes Act, 2016 (XL of 2016)--
----S.s 32 & 41--Mere production of CDR data--Cell Phone Tower--Voice Recording Transcript--“Call Date Record” of said SIM because CDR only shows use of SIM in territorial /geographical jurisdiction of “Cell Phone Tower” installed by telecom operator and does not disclosed that who is actually/exactly carrying and using said SIM--“Voice Record Transcript” or “End to End Audio Recording” can reflect the detail/identification of the user. Therefore, without “Voice Recording Transcript”, mere “Call Date Record” (CDR) alone of the SIM is inconclusive piece of evidence regarding identity of its user/carrier. [P. 392] M
2016 SCMR 274; 2021 SCMR 522 ref.
Prevention of Electronic Crimes Act, 2016 (XL of 2016)--
----Ss. 32 & 41--Voice Record Transcript--Voice Record Transcript or “End to End Audio/Video Recording” of the call cannot be relied upon without forensic report. [P. 393] N
2021 SCMR 873; PLD 2019 SC 675 ref.
Prevention of Electronic Crimes Act, 2016 (XL of 2016)--
----Ss. 32 & 41--Requirements for proving audio tape or video before a court of law have been elaborated--Guidelines by the supreme court of Pakistan. [P. 393] O
PLD 2019 SC 675 ref.
Prevention of Electronic Crimes Act, 2016 (XL of 2016)--
----Ss. 32 & 41--CDR--“Call Data Record” (CDR) is not conclusive piece of evidence for the purpose of determining and establishing the identity and presence of any witness or person at some exact locale/position/place. [P. 395] Q
Administration of Justice--
----Administration of justice--Finality in order--Application filed by applicant for summoning representative of a telecom company (Jazz) for verification of photocopy of CDRs was dismissed by the learned Trial Court and said order was not challenged and same attained finality. [P. 395] R
Criminal Procedure Code, 1898 (V of 1898)--
----S. 428--Additional evidence--Only said piece of evidence can be brought on record through additional evidence at appellate stage which has been considered as necessary for decision of the case and is having concrete evidentiary worth beyond shadow of doubt.
[P. 395] S
Criminal Procedure Code, 1898 (V of 1898)--
----S. 428--Additional evidence--If any piece of evidence was in the knowledge/notice to party but neither produced nor asked to be produced during trial then same cannot be allowed to come on record under Section 428 Cr.P.C at appellate stage. [P. 396] V
PLD 2001 SC 384 ref.
Mr. Muhammad Zubair Khalid Chaudhary, Advocate for Applicant/Appellant.
Rana Ahsan Aziz, Additional Prosecutor General and Mr. Muhammad Waqas Anwar, Deputy Prosecutor General.
Mr. Asad Ali Bajwa, Deputy Attorney General, Ch. Naseer Ahmad Gujjar, Assistant Attorney General and Mr. Muhammad Latif, Assistant Attorney General.
Mr. Ajmal Adil, Assistant Advocate General and Mian Shakeel Ahmad, Assistant Advocate General.
Mr. Muhammad Afzal Khan, Advocate on behalf of Pakistan Telecommunication Authority (PTA), Ms. Sadiqa Khalid Zonal Director PTA and Hamid Maqbool Bhatti, Assistant Director-Law PTA.
Dates of hearing: 9.12.2022.
Order
Crl. Misc. No. 02 of 2021
By means of instant miscellaneous application filed under Section 428, Cr.P.C. read with Section 561-A, Cr.P.C., following prayer has been made:
“It is, therefore, most respectfully prayed that this petition may kindly be allowed and additional evidence in the shape of oral and documentary may either takes itself or by the Court of Session or Magistrate, in the interest of justice, as early as possible.
It is further prayed, till the final decision of this petition, direction may kindly be issued to the relevant mobile companies, to preserve the CDRs, of PW-3 mobile Muhammad Ilyas ASI (0302-8155856), PW-4 Muhammad Aslam Investigating Officer (0300-6034187), PW-5 Aqsa Aslam (0307-0877678), petitioner Saima Noreen and her husband Sheikh Munir (0300-9604095).”
2. Facts of the case, succinctly required for disposal of the instant miscellaneous application are that applicant/appellant has been convicted and sentenced under Section 9(c) of the Control of Narcotics Substance Act, 1997 by learned Additional Sessions Judge/Judge Special Court CNSA, Sargodha vide judgment dated: 02.09.2021; applicant/appellant has filed appeal against aforementioned judgment before this Court, which has already been admitted for regular hearing vide order dated 30.11.2021 passed by this Court; during pendency of main appeal, appellant/applicant has preferred instant miscellaneous application.
3. Learned counsel for the applicant/appellant, while opening his arguments, submits that during trial of the case, while recording her statement under Section 342, Cr.P.C., applicant produced copy of CDR of Mobile No. 0307-0877678 as Mark-C, copy of CDR of Mobile No. 0307-3849701 as Mark-D, copy of CDR of Mobile No. 0302-8155856 as Mark-E and copy of CDR of Mobile No. 0300-6039187 as Mark-F; further submits that applicant filed application for summoning representative of JAZZ Telecom Company for verification of CDRs Mark C, D, E & F and also exhibiting the same but same was dismissed by the learned trial Court vide order dated: 02.06.2021 without adverting to real facts and circumstances of the case in its true perspective; also adds that aforementioned CDRs negate presence of prosecution witnesses at the place of recovery. Learned counsel finally prays for summoning record of aforementioned CDRs along with representative of JAZZ Telecom Company and taking additional evidence in this regard.
4. On the other hand, learned Deputy Attorney General assisted by learned Assistant Attorneys General, learned Assistant Advocates General and learned Additional Prosecutor General assisted by learned Deputy Prosecutor General have opposed this miscellaneous application with vehemence.
5. Learned counsel for Pakistan Telecommunication Authority (hereinafter to be referred as PTA) while submitting report on behalf of PTA submits that record of CDR is only kept for one year by service provider and this application has been filed with much delay hence now it is impossible to produce the same; also adds that CDR is preserved by automated system without intervention of service provider hence summoning of representative of service provider is of no avail in this case and finally requests for dismissal of this application.
6. Arguments advanced pro and contra have been heard and available record perused.
7. CDR is abbreviation of “Call Data Record” of SIM which is abbreviation of “Subscriber Identity Module”. As per “Report” submitted on behalf of Pakistan Telecommunication Authority, PTA was established under Section 3 of Pakistan Telecommunication (Re-organization) Act, 1996 and is mandated to regulate the establishment, maintenance and operation of the telecommunication system and provision of telecommunication services in Pakistan. Prevention of Electronic Crimes Act, 2016 (hereinafter to be referred as PECA, 2016) is the law which has been legislated and promulgated to prevent unauthorized acts with respect to information systems and to provide mechanism for related offences as well as procedure for investigation, prosecution, trial and international cooperation with respect thereof and matters connected therewith or ancillary thereto. Federal Government of Pakistan under Section 29 read with Section 51 of PECA, 2016 made/notified the Prevention of Electronic Crimes Investigation Rules, 2018 for carrying out the purpose of PECA, 2016. PTA is a regulator and it has entered into contracts with cellular telecommunication companies which provide cellular phone service to the people in Pakistan as the “Service Provider”; term “Service Provider” has been defined in Section 2 (xxviii) of PECA, 2016 which is hereby reproduced:
“(xxviii) “service provider” includes a person who,--
(a) acts as a service provider in relation to sending, receiving, storing, processing or distribution of any electronic communication or the provision of other services in relation to electronic communication through an information system;
(b) owns, possesses, operates, manages or controls a public switched network or provides telecommunication services; or
(c) processes or stores data on behalf of such electronic communication service or users of such service;”
Section 32 of PECA, 2016 provides that “a service provider shall within its existing or required technical capability, retain its specified traffic data for a minimum period of one year or such period as the “Authority” may notify from time to time” which is hereby reproduced:
“32. Retention of traffic data.--(1) A service provider shall, within its existing or required technical capability, retain its specified traffic data for a minimum period of one year or such period as the Authority may notify from time to time and, subject to production of a warrant issued by the Court, provide that data to the investigation agency or the authorized officer whenever so required.
(2) The service providers shall retain the traffic data under sub-section (1) by fulfilling all the requirements of data retention and its originality as provided under Sections 5 and 6 of the Electronic Transactions Ordinance, 2002 (LI of 2002).
(3) Any owner of the information system who is not a licensee of the Authority and violates sub-section (1) shall be guilty of an offence punishable, if committed for the first time, with fine which may extend to ten million rupees and upon any subsequent conviction shall be punishable with imprisonment which may extend to six months or with fine or with both:--
Provided that where the violation is committed by a licensee of the Authority, the same shall be deemed to be a violation of the terms and conditions of the licensee and shall be treated as such under the Pakistan Telecommunication (Re-organization) Act, 1996 (XVII of 1996).
Said requirement of retaining traffic data is also mentioned in the service agreements/license issued to cellular telecommunication companies (licensee) and its clause 6-8-1 is relevant in this regard. Therefore, service providers are bound, amongst others, to maintain call data record (CDR) of its customers/users of mobile phone for a period of one year. Main object of maintaining said record is purely technical in nature and to facilitate the better provision of service inclusive of installation of various equipment and expansion of the equipment from time to time in this regard. Said “data” is stored in the form of pickets at the information system/server belonging to said service provider. As “data” is voluminous in nature, therefore, its long time preservation becomes impossible and that is why a period of one year is fixed in the agreement/license (mentioned above). Government enjoys facility of said stored CDR in the investigation of certain crimes in the country. Federal Ministry of Interior, Government of Pakistan regulates the procedure for the acquisition of CDR for the said purpose from the service providers. Section 2(xx) of PECA, 2016 defines “Information System” which means an electronic system for creating, generating, sending, receiving, storing, reproducing, displaying, recording or processing any information whereas Section 2(xix) of Act ibid defines “information” which includes text, message, data, voice, sound, database, video, signals, software, computer programmes, any forms of intelligence as defined under the Pakistan Telecommunication (Re-organization) Act, 1996 and codes including object code and source code. “Information system” is presumed to be built, maintained and operated in most secured environment, however, damage to the data cannot be ruled out. The term “data” is defined in Section 2(xiii) of PECA, 2016 and it includes content data and traffic data; as per Section 2(viii) of Act ibid, “content data” means any representation of fact, information or concept for processing in an information system including source code or a program suitable to cause an information system to perform a function; and as per Section 2(xxx) of Act ibid, “traffic data” means data relating to a communication indicating its origin, destination, route, time, size, duration or type of service whereas “data damage” has been defined in Section 2(xiv) of Act ibid as under:
“(xiv) “data damage” means alteration, deletion, deterioration, erasure, relocation, suppression of data or making data temporarily or permanently unavailable;”
Similarly, “unauthorized access” has been defined in Section 2(xxxi) of PECA, 2016 which is hereby reproduced:
“(xxxi) “unauthorized access” means access to an information system or data which is not available for access by general public, without authorization or in violation of the terms and conditions of the authorization;”
whereas Section 2(xxxii) of the Act ibid defines “unauthorized interception” as under:
“(xxxii) “unauthorized interception” shall mean in relation to an information system or data, any interception without authorization;”
and “authorization” has been defined under Section 2(v) of PECA, 2016 as under:
“(v) “authorization” means authorization by law or by the person empowered to make such authorization under the law:
Provided that where an information system or data is available for open access by the general public, access to or transmission of such information system or data shall be deemed to be authorized for the purposes of this Act;”
whereas “authorized officer” has been defined by Section 2(vi) of the Act ibid as below:
“(vi) “authorized officer” means an officer of the investigation agency authorized to perform any function on behalf of the investigation agency by or under this Act;”
Other related terms have also been defined by Section 2 of PECA, 2016 which are hereby reproduced for ready reference:
“2. Definitions. (1) In this Act, unless there is anything repugnant in the subject or context,--
(i) “act includes,--
(a) a series of acts or omissions contrary to the provisions of this Act; or
(b) causing an act to be done by a person either directly or through an automated information system or automated mechanism or self-executing, adaptive or autonomous device and whether having temporary or permanent impact;
(ii) “access to data” means gaining control or ability to use, copy, modify or delete any data held in or generated by any device or information system;
(iii) “access to information system” means gaining control or ability to use any part or whole of an information system whether or not through infringing any security measure;
(iv) “Authority” means Pakistan Telecommunication Authority established under the Pakistan Telecommunication (Re-organization) Act, 1996 (XVII of 1996);
……………..
(vii) “Code” means the Code of Criminal Procedure, 1898 (Act V of 1898);
………………
(ix) “Court” means the Court of competent jurisdiction designated under this Act;
(x) “critical infrastructure” means critical elements of infrastructure namely assets, facilities, systems, networks or processes the loss or compromise of which could result in,--
(a) major detrimental impact on the availability, integrity or delivery of essential services including those services, whose integrity, if compromised, could result in significant loss of life or casualties, taking into account significant economic or social impacts; or
(b) significant impact on national security, national defense, or the functioning of the state:
Provided that the Government may designate any private or Government infrastructure in accordance with the objectives of sub-paragraphs (i) and (ii) above, as critical infrastructure as may be prescribed under this Act;
(xi) “critical infrastructure information system or data” means an information system, program or data that supports or performs a function with respect to a critical infrastructure;
(xii) “damage to an information system” means any unauthorized change in the ordinary working of an information system that impairs its performance, access, output or change in location whether temporary or permanent and with or without causing any change in the system;
………….
(xv) “device” includes,--
(a) physical device or article;
(b) any electronic or virtual tool that is not in physical form;
(c) a password, access code or similar data, in electronic or other form, by which the whole or any part of an information system is capable of being accessed; or
(d) automated, self-executing, adaptive or autonomous devices, programs or information systems;
(xvi) “dishonest intention” means intention to cause injury, wrongful gain or wrongful loss or harm to any person or to create hatred or incitement to violence;
(xvii) “electronic” includes electrical, digital, magnetic, optical, biometric, electrochemical, electromechanical, wireless or electromagnetic technology;
(xviii) “identity information” means an information which may authenticate or identify an individual or an information system and enable access to any data or information system;
(xix) “information” includes text, message, data, voice, sound, database, video, signals, software, computer programmes, any forms of intelligence as defined under the Pakistan Telecommunication (Re-organization) Act, 1996 (XVII of 1996) and codes including object code and source code;
(xx) “information system” means an electronic system for creating, generating, sending, receiving, storing, reproducing, displaying, recording or processing any information;
(xxi) “integrity” means, in relation to an electronic document, electronic signature or advanced electronic signature, the electronic document, electronic signature or advanced electronic signature that has not been tampered with, altered or modified since a particular point in time;
(xxii) “interference with information system or data” means and includes an unauthorized act in relation to an information system or data that may disturb its normal working or form with or without causing any actual damage to such system or data;
(xxiii) “investigation agency” means the law enforcement agency established by or designated under this Act;
(xxiv) “minor” means, notwithstanding anything contained in any other law, any person who has not completed the age of eighteen years;
(xxv) “offence” means an offence punishable under this Act except when committed by a person under ten years of age or by a person above ten years of age and under fourteen years of age, who has not attained sufficient maturity of understanding to judge the nature and consequences of his conduct on that occasion;
(xxvi) “rules” means rules made under this Act;
(xxvii) “seize” with respect to an information system or data includes taking possession of such system or data or making and retaining a copy of the data;
………….
(xxix) “subscriber information” means any information held in any form by a service provider relating to a subscriber other than traffic data;
………………..
(xxxxiii) “unsolicited information” means the information which is sent for commercial and marketing purposes against explicit rejection of the recipient and does not include marketing authorized under the law.
(2) Unless the context provides otherwise, any other expression used in this Act or rules made thereunder but not defined in this Act, shall have the same meanings assigned to the expressions in the Pakistan Penal Code, 1860 (Act XLV of 1860), the Code of Criminal Procedure, 1898 (Act V of 1898) and the Qanoon-e-Shahadat Order, 1984 (P.O.No. X of 1984), as the case may be.”
Under Section 35 of PECA, 2016 powers of authorized officer have been mentioned which is reproduced as under:
“35. Powers of an authorized officer.--(1) Subject to provisions of this Act, an authorized officer shall have the powers to,--
(a) have access to and inspect the operation of any specified information system;
(b) use or cause to be used any specified information system to search any specified data contained in or available to such system;
(c) obtain and copy only relevant data, use equipment to make copies and obtain an intelligible output from an information system;
(d) have access to or demand any information in readable and comprehensible format or plain version;
(e) require any person by whom or on whose behalf, the authorized officer has reasonable cause to believe, any information system has been used to grant access to any data within an information system within the control of such person;
(f) require any person having charge of or otherwise concerned with the operation of any information system to provide him reasonable technical and other assistance as the authorized officer may require for investigation of an offence under this Act; and
(g) require any person who is in possession of decryption information of an information system, device or data under investigation to grant him access to such data, device or information system in unencrypted or decrypted intelligible format for the purpose of investigating any such offence:--
Explanation.--Decryption information means information or technology that enables a person to readily retransform or unscramble encrypted data from its unreadable form and from ciphered data to intelligible data.
(2) In exercise of the power of search and seizure of any information system, program or data the authorized officer at all times shall,--
(a) act with proportionality;
(b) take all precautions to maintain integrity and secrecy of the information system and data in respect of which a warrant for search or seizure has been issued;
(c) not disrupt or interfere with the integrity or running and operation of any information system or data that is not the subject of the offences identified in the application for which a warrant for search or seizure has been issued;
(d) avoid disruption to the continued legitimate business operations and the premises subjected to search or seizure under this Act; and
(e) avoid disruption to any information system, program or data not connected with the information system that is not the subject of the offences identified in the application for which a warrant has been issued or is not necessary for the investigation of the specified offence in respect of which a warrant has been issued.
(3) When seizing or securing any data or information the authorized officer shall make all efforts to use technical measures to maintain its integrity and chain of custody. The authorized officer shall seize an information system, data, device or articles, in part or in whole, as a last resort only in the event where it is not possible under the circumstances to use such technical measures or where use of such technical measures by themselves shall not be sufficient to maintain the integrity and chain of custody of the data or information system being seized.
(4) Where an authorized officer seizes or secures any data or information system, the authorized officer shall ensure that data or information system while in the possession or in the access of the authorized officer is not released to any other person including competitors or public at large and details including log of any action performed on the information system or data is maintained in a manner prescribed under this Act.”
Whereas Section 36 of the Act ibid has provided the mechanism for dealing with the seized data or information system which is also hereby reproduced:-
“36. Dealing with seized data or information system.--(1) If any data or information system has been seized or secured following a search or seizure under this Act, the authorized officer who undertook the search or seizure shall, at the time of the seizure,--
(a) make a list of what has been seized or rendered inaccessible, with the date and time of seizure; and
(b) give a copy of that list to,--
(i) the occupier of the premises; or
(ii) the owner of the data or information system; or
(iii) the person from whose possession the data or information system has been seized, in a prescribed manner in the presence of two witnesses.
(2) The authorized officer, upon an application of the owner of the data or information system or an authorized agent of the owner and on payment of prescribed costs, shall provide forensic image of the data or information system to the owner or his authorized agent within a time prescribed under this Act.
(3) If the authorized officer has reasons to believe that providing forensic image of the data or information system to the owner under sub-section (2) may prejudice,--
(a) the investigation in connection with which the search was carried out; or
(b) another ongoing investigation; or
(c) any criminal proceedings that are pending or that may be brought in relation to any of those investigations, the authorized officer shall, within seven days of receipt of the application under sub-section (2), approach the Court for seeking an order not to provide copy of the seized data or information system.
(4) The Court, upon receipt of an application from an authorized officer under sub-section (3), may after recording reasons in writing pass such order as deemed appropriate in the circumstances of the case.
(5) The costs associated with the exercise of rights under this section shall be borne by the person exercising these rights.”
and Section 41 of PECA, 2016 deals with “confidentiality of information” which is hereby reproduced:
“41. Confidentiality of information.--Notwithstanding immunity granted under any other law for the time being in force, any person including a service provider while providing services under the terms of lawful contract or otherwise in accordance with the law, or an authorized officer who has secured access to any material or data containing personal information about another person, discloses such material to any other person, except when required by law, without the consent of the person concerned or in breach of lawful contract with the intent to cause or knowing that he is likely to cause harm, wrongful loss or gain to any person or compromise confidentiality of such material or data shall be punished with imprisonment for a term which may extend to three years or with fine which may extend to one million rupees or with both:
Provided that the burden of proof of any defense taken by an accused service provider or an authorized officer that he was acting in good faith, shall be on such a service provider or the authorized officer, as the case may be.”
8. As per report submitted by PTA, Federal and Provincial Interior Ministries have authorized the police department under their jurisdiction and other law enforcement agencies to obtain the CDRs as and when required from the service providers. The officials, who perform said job and have been duly authorized by designation as well as other relevant information relating to them, whereby their authority can be identified, have been shared with the service providers.
Generally, they are authorized to obtain the requisite CDR through e.mail which is replied to by the automated system and there is no human involvement at the end of the service providers. In reply to Court’s query, learned counsel for PTA submits that there is no need to summon any representative of service provider for verification of CDR because there is no human involvement in replying the information relating to CDR by the automated system.
Subject to any mechanical error or hacking there is no possibility of leakage of CDR at the end of “service provider”. The leakage of the data and information, if any, is likely to have happened at the other end i.e. who has requisitioned the information.
It goes without saying that in order to ensure that CDR was duly generated and further to preserve/maintain its accuracy it would be appropriate rather necessary for the authorized officer, who has obtained or got generated the CDR by using his e.mail from automated system to affix his stamp and signatures as well as certificate on it while clearly mentioning therein that in which case it was required, who asked for it to him and when he received said request, and on which date and time, he generated the same by using his e.mail and this exercise will of course provide a safeguard to the generated CDR for its use and reliance. Investigating Officer will receive the CDR through recovery memo. and same will be tendered/produced before the Court in accordance with law; needless to mention that it is to be considered as primary evidence as provided by Explanation Nos. 3 and 4 of Article 73 of Qanun-e-Shahadat Order, 1984, which are hereby reproduced:-
“73. Primary evidence. Primary evidence means the document itself produced for the inspection of the Court.
……………..
[Explanation 3. A printout or other form of output of an automated information system shall not be denied the status of primary evidence solely for the reason that it was generated, sent, received or stored in electronic form if the automated information system was in working order at all material times and, for the purpose thereof, in the absence of evidence to the contrary, it shall be presumed that the automated information system was in working order at all material times.
Explanation 4. A printout or other form of reproduction of an electronic Document, other than a Document mentioned in Explanation 3 above, first generated, sent, received or stored in electronic form, shall be treated as primary evidence where a security procedure was applied thereto at the time it was generated, sent, received or stored]”
As per Article 46-A of the Order ibid statements in the form of electronic documents generated, received or recorded by an automated information system while it is in working order, are relevant facts and it is hereby reproduced for ready reference:-
“[46-A Relevance of information generated, received or recorded by automated information system. Statements in the form of electronic documents generated, received or recorded by an automated information system while it is in working order, are relevant facts.]”
As per Article 72 of the Qanun-e-Shahadat Order, 1984, contents of documents may be proved either by primary or by secondary evidence which is hereby reproduced:-
“72. Proof of contents of documents. The contents of documents may be proved either by primary or by secondary evidence.”
but it is also relevant to mention here that if electronic document is alleged to be signed or to have been generated wholly or in part by any person through the use of an information system, and where such allegation is denied then the application of a security procedure must be proved as required by Article 78-A of the Order ibid which is hereby reproduced:-
“[78-A. Proof of electronic signature and electronic document.--If an electronic document is alleged to be signed or to have been generated wholly or in part by any person through the use of an information system, and where such allegation is denied, the application of a security procedure to the signature or the electronic document must be proved]”
Nutshell is that procedure for tendering CDR in evidence and proving the same would be like any other primary evidence (as detailed above).
9. Learned Law Officer during arguments produced copies of Standard Operating Procedure “SOP” for obtaining CDR and perusal of the same reveals that only authorized officer can generate/obtain CDR from the automated system and he cannot delegate his said powers by providing his specified e.mail to his any subordinate or anybody else for regulating and generating/preparing any such document/CDR. At the cost of repetition it is again mentioned here that said authorized officer is bound to maintain confidentiality of said generated CDR/document under Section 41 of the Act ibid and SOP (mentioned above). Since authorized officer cannot authorize any of his subordinate to generate CDR hence if he provides his e.mail to any of his subordinate then he frustrates the spirit of phenomena whereby he was only authorized by designation to use said e.mail and generate the document and will have to face the consequences as provided under the law irrespective of his designation. It is relevant to mention here that offences of committing of electronic forgery and electronic fraud have been made punishable under Section 13 of PECA 2016 and same is hereby reproduced:
13. Electronic forgery.--(1) Whoever interferes with or uses any information system, device or data, with the intent to cause damage or injury to the public or to any person, or to make any illegal claim or title or to cause any person to part with property or to enter into any express or implied contract, or with intent to commit fraud by any input, alteration, deletion, or suppression of data, resulting in unauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless of the fact that the data is directly readable and intelligible or not, shall be punished with imprisonment of either description for a term which may extend to three years, or with fine which may extend to two hundred and fifty thousand rupees or with both. (2) Whoever commits offence under sub-section (1) in relation to a critical infrastructure information system or data shall be punished with imprisonment for a term which may extend to seven years or with fine which may extend to five million rupees or with both.”
Similarly, having the unauthorized access to information system, unauthorized copying or transmission of critical infrastructure information system or data has been declared as offence punishable under PECA, 2016 and Sections 3, 4, 5, 6, 7 and 8 of Act ibid are hereby reproduced for ready reference:
“3. Unauthorized access to information system or
data.--Whoever with dishonest intention gains unauthorized access to any information system or data shall be punished with imprisonment for a term which may extend to three months or with fine which may extend to fifty thousand rupees or with both.
4. Unauthorized copying or transmission of data.--Whoever with dishonest intention and without authorization copies or otherwise transmits or causes to be transmitted any data shall be punished with imprisonment for a term which may extend to six months, or with fine which may extend to one hundred thousand rupees or with both.
5. Interference with information system or data.--Whoever with dishonest intention interferes with or damages or causes to be interfered with or damages any part or whole of an information system or data shall be punished with imprisonment which may extend to two years or with fine which may extend to five hundred thousand rupees or with both.
6. Unauthorized access to critical infrastructure information system or data.--Whoever with dishonest intention gains unauthorized access to any critical infrastructure information system or data shall be punished with imprisonment which may extend to three years or with fine which may extend to one million rupees or with both.
7. Unauthorized copying or transmission of critical infrastructure data.--Whoever with dishonest intention and without authorization copies or otherwise transmits or causes to be transmitted any critical infrastructure data shall be punished with imprisonment for a term which may extend to five years, or with fine which may extend to five million rupees or with both.
8. Interference with critical infrastructure information system or data.--Whoever with dishonest intention interferes with or damages, or causes to be interfered with or damaged, any part or whole of a critical information system, or data, shall be punished with imprisonment which may extend to seven years or with fine which may extend to ten million rupees or with both.”
Electronic fraud, making, obtaining or supplying device for use
in offences have also been made as offence punishable under the PECA, 2016 and Sections: 14 and 15 of the Act ibid are hereby reproduced:
“14. Electronic fraud.--Whoever with the intent for wrongful gain interferes with or uses any information system, device or data or induces any person to enter into a relationship or deceives any person, which act or omission is likely to cause damage or harm to that person or any other person shall be punished with imprisonment for a term which may extend to two years or with fine which may extend to ten million rupees or with both.
15. Making, obtaining, or supplying device for use in offence.--Whoever produces, makes, generates, adapts, exports, supplies, offers to supply or imports for use any information system, data or device, with the intent to be used or believing that it is primarily to be used to commit or to assist in the commission of an offence under this Act shall, without prejudice to any other liability that he may incur in this behalf, be punished with imprisonment for a term which may extend to six months or with fine which may extend to fifty thousand rupees or with both.”
It is very much relevant to mention here that unauthorized use of identity information is also punishable under Section 16 of PECA, 2016 and same is hereby reproduced:
“16. Unauthorized use of identity information.--(1) Whoever obtains, sells, possesses, transmits or uses another person’s identity information without authorization shall be punished with imprisonment for a term which may extend to three years or with fine which may extend to five million rupees, or with both,
(2) Any person whose identity information is obtained, sold, possessed, used or transmitted may apply to the Authority for securing, destroying, blocking access or preventing transmission of identity information referred to in sub-section (1) and the Authority on receipt of such application may take such measures as deemed appropriate for securing, destroying or preventing transmission of such identity information.”
We have also been apprised during hearing that so many SIM cards are being issued unauthorizedly. It is again important to mention here that unauthorized issuance of SIM card, etc. is also offence for which punishment has been provided under Section 17 of the Act ibid which is hereby reproduced:
“17. Unauthorized issuance of SIM cards etc.--Whoever sells or otherwise provides subscriber identity module (SIM) card, re-usable identification module (R-IUM) or universal integrated circuit card (UICC) or other module designed for authenticating users to establish connection with the network and to be used in cellular mobile, wireless phone or other digital devices such as tablets, without obtaining and verification of the subscriber’s antecedents in the mode and manner for the time being approved by the Authority shall be punished with imprisonment for a term which may extend to three years or with fine which may extend to five hundred thousand rupees or with both.”
We were apprised by learned counsel for Pakistan Telecommunication Authority that CDRs of one province are being issued in other provinces unauthorizedly and information in this regard is being leaked also which is of course very dangerous situation and we leave it to the Government of Pakistan, Ministry of Interior to look into this aspect as well as other connected/ancillary offences/violations and take appropriate measures in this regard.
It is very much relevant to mention here that if question in a case is only regarding availability of any SIM in the territorial jurisdiction of any cellular tower at the time of receiving or making any particular phone call then perhaps CDR would provide some help but if the matter in issue is about presence of any human being either witness or accused on some particular place as a recipient or maker of the phone call as in this case is then situation is quite different/otherwise.
10. Although any accused or witness can claim or admit possession and use of any SIM “Subscriber Identity Module” by him or anybody else at the time of occurrence or any other relevant time yet mere such claim or admission is not sufficient for relying on CDR “Call Data Record” of said SIM because CDR only shows use of SIM in territorial/geographical jurisdiction of “Cell Phone Tower” installed by telecom operator and does not disclose that who is actually/exactly carrying and using said SIM; however, “Voice Record Transcript” or “End to End Audio Recording” can reflect the detail/identification of the user. Therefore, without “Voice Recording Transcript”, mere “Call Data Record” (CDR) alone of the SIM is inconclusive piece of evidence regarding identity of its user/carrier; in this regard, guidance has been sought from the case of “Azeem Khan and another versus Mujahid Khan and others” (2016 SCMR 274); relevant portion from Paragraph No. 22 of said case law is hereby reproduced:
“22. The cell phone call data collected is of no help to the prosecution for the reasons that numerous calls have been made indicating continuous interaction between the two cell phones, contrary to the evidence given by Muhammad Wali (PW-3), who has stated at the trial that the unknown caller made calls on his cell phone four times. No competent witness was produced at the trial, who provided the call data, Ex.P-1 to Ex.P-5. No voice record transcript has been brought on record---.”
(emphasis added).
Guidance on the subject has also been sought from the case of “Mian Khalid Perviz versus The State through Special Prosecutor ANF and another” (2021 SCMR 522); relevant portion from Paragraph No. 7 of said case law reads as follows:-
“---Mere production of CDR DATA without transcripts of the calls or end to end audio recording cannot be considered/used as evidence worth reliance. Besides the call transcripts, it should also be established on the record that callers on both the ends were the same persons whose calls data is being used in evidence. While considering such type of evidence extra care is required to be taken by the Courts as advancement of science and technology, on the other hand, has also made it very convenient and easy to edit and make changes of one’s choice as highlighted and discussed in the case of Ishtiaq Ahmad Mirza supra. We also can lay hand on the case of Azeem Khan v. Mujahid Khan (2016 SCMR 274) in this regard. So, the CDR DATA produced by the said witnesses is of no help to the Appellant and cannot be termed as evidence worth reliance to shatter the direct evidence adduced by the prosecution.”
(emphasis added).
Even “Voice Record Transcript” or “End to End Audio/Video Recording” of the call cannot be relied upon without forensic report about its genuineness; in this regard case of “The State through P.G. Sindh and others versus Ahmed Omar Sheikh and others” (2021 SCMR 873) can advantageously be referred; relevant portion from paragraph No. 15 of said case law is hereby reproduced:-
“---In absence of any forensic report about the genuineness or otherwise of the said video clip, no reliance can be placed on such piece of evidence as held in the case of Asfandyar and another v. Kamran and another (2016 SCMR 2084).”
(emphasis added)
Requirements insisted upon by the august Supreme Court of Pakistan for proving audio tape or video before a Court of law have been elaborated in Paragraph-11 of the case of “Ishtiaq Ahmed Mirza and 2 others versus Federation of Pakistn and others” (PLD 2019 Supreme Court 675) and same are hereby reproduced:-
* No audio tape or video can be relied upon by a Court until the same is proved to be genuine and not tampered with or doctored.
* A forensic report prepared by an analyst of the Punjab Forensic Science Agency in respect of an audio tape or video is per se admissible in evidence in view of the provisions of Section 9(3) of the Punjab Forensic Science Agency Act, 2007.
* Under Article 164 of the Qanun-e-Shahadat Order, 1984 it lies in the discretion of a Court to allow any evidence becoming available through an audio tape or video to be produced.
* Even where a Court allows an audio tape or video to be produced in evidence such audio tape or video has to be proved in accordance with the law of evidence.
* Accuracy of the recording must be proved and satisfactory evidence, direct or circumstantial, has to be produced so as to rule out any possibility of tampering with the record.
* An audio tape or video sought to be produced in evidence must be the actual record of the conversation as and when it was made or of the event as and when it took place.
* The person recording the conversation or event has to be produced.
* The person recording the conversation or event must produce the audio tape or video himself.
* The audio tape or video must be played in the Court.
* An audio tape or video produced before a Court as evidence ought to be clearly audible or viewable.
* The person recording the conversation or event must identify the voice of the person speaking or the person seen or the voice or person seen may be identified by any other person who recognizes such voice or person.
* Any other person present at the time of making of the conversation or taking place of the event may also testify in support of the conversation heard in the audio tape or the event shown in the video.
* The voices recorded or the persons shown must be properly identified.
* The evidence sought to be produced through an audio tape or video has to be relevant to the controversy and otherwise admissible.
* Safe custody of the audio tape or video after its preparation till production before the Court must be proved.
* The transcript of the audio tape or video must have been prepared under independent supervision and control.
* The person recording an audio tape or video may be a person whose part of routine duties is recording of an audio tape or video and he should not be a person who has recorded the audio tape or video for the purpose of laying a trap to procure evidence.
* The source of an audio tape or video becoming available has to be disclosed.
* The date of acquiring the audio tape or video by the person producing it before the Court ought to be disclosed by such person.
* An audio tape or video produced at a late stage of a judicial proceeding may be looked at with suspicion.
* A formal application has to be filed before the Court by the person desiring an audio tape or video to be brought on the record of the case as evidence. “
Of course, accused can take any plea and he has to simply show possibility of its correctness but such possibility must be based on conclusive and reliable piece of evidence.”
We are also conscious of the fact that extending of undue and gratuitous/obliging concessions by witnesses during recording of their statements is not uncommon in our system and in this regard, case of “ Muhammad Sharif versus Muhammad Javed alias Jeda Tedi and five others” (PLD 1976 SC 452) can be advantageously referred, hence mere admission of the witness regarding use of any SIM must be corroborated not only by its CDR but also by “end to end” audio recording of “voice call” confirmed by due forensic analysis. Furthermore, CDR and voice record transcript as well as its forensic analysis report must be proved in accordance with law for reliance.
So far as case of “Muhammad Asif Ali Usama versus The State and two others” (2022 PCr.LJ 59) is concerned, it has been observed by us that aforementioned case-laws i.e. (Azeem Khan and another versus Mujahid Khan and others) 2016 SCMR 274, (Mian Khalid Perviz versus The State through Special Prosecutor ANF and another) 2021 SCMR 522 and (The State through P.G. Sindh and others versus Ahmed Omar Sheikh and others) 2021 SCRM 873 have not been discussed in it and we respectfully did not agree with ratio of the same.
11. In peculiar facts and circumstances of the case, at this appellate stage, “Call Data Record” (CDR) is not conclusive piece of evidence for the purpose of determining and establishing the identity and presence of any witness or person at some exact locale/ position/place. Application filed by applicant for summoning representative of a telecom company (JAZZ) for verification of photocopy of CDRs was dismissed by the learned trial Court and said order was not challenged and same attained finality. It is important to mention here that only said piece of evidence can be brought on record through additional evidence at appellate stage which has been considered as necessary for decision of the case and is having concrete evidentiary worth beyond shadow of doubt, however, in the instant appeal, aforementioned Call Data Record (CDR) does not fulfill said condition/criteria. In Ishtiaq Ahmed Mirza’s case (mentioned supra), the august Supreme Court of Pakistan has held that necessity of taking additional evidence at the appellate stage must be felt by the appellate Court itself and it does not depend upon what a party to the appeal thinks of such necessity; relevant portion from Paragraph No. 12 of said case law reads as follows:
“---The necessity of taking additional evidence at the appellate stage must be felt by the appellate Court itself and the same is not to depend upon what a party to the appeal thinks of such necessity---.”
(emphasis added).
During trial, applicant did not ask/move for production and bringing any voice record transcript/ “end to end audio recording” of any phone call as well as forensic analysis report of the same, on record as evidence and by now it is well settled that if any piece of evidence was in the knowledge/notice to party but neither produced nor asked to be produced during trial then same cannot be allowed to come on record under Section 428, Cr.P.C. at appellate stage; in this regard, case of “Dildar versus The State through Pakistan Narcotics Control Board, Quetta” (PLD 2001 SC 384) can also be referred and its relevant Paragraph No. 9 available at Page No. 390 is hereby reproduced:-
“It is well-settled by now that such powers are to be exercised only where the additional evidence was either not available at the trial or the party concerned was prevented from producing it either by circumstances beyond its control or by reason of misunderstanding or mistake.”
We are not commenting further on the subject as appreciation of evidence is yet to be made/done at the time of final hearing of the appeal.
12. For what has been discussed above, we are of the considered view that at this appellate stage, bringing of “Call Data Record” (CDR) through additional evidence on record of instant appeal is neither necessary for just decision of the case nor the same would serve any useful purpose for the applicant/appellant in any manner whatsoever. In such perspective, instant miscellaneous application is without merits and same is hereby dismissed.
(K.Q.B.) Application dismissed
0 Comments