کال ڈیٹا ریکارڈ کے بارے میں لاہور ہائیکورٹ کے تین ججز پر مشتمل بنچ کا مورخہ 31.01.2023 کا نہایت معلومآتی فیصلہ۔
جس میں اس موضوع کے ہر پہلو کی نہایت تفصیل کے ساتھ وضاحت کی گئی ھے
Procedure for tendering CDR in evidence and proving the same would be like any other primary evidence.
Standard Operating Procedure “SOP” for obtaining CDR.
Perusal of the same reveals thatonly authorized officer can generate/obtain CDR from the automated system and he cannot delegate his said powers by providing his specified e.mail to his any subordinate or anybody else for regulating and generating/preparing any such document/CDR. At the cost of repetition it is again mentioned here that said authorized officer is bound to maintain confidentiality of said generated CDR/document under Section: 41 of the Act ibid and SOP (mentioned above). Since authorized officer cannot authorize any of his subordinate to generate CDR hence if he provides his e.mail to any of his subordinate then he frustrates the spirit of phenomena whereby he was only authorized by designation to use said e.mail and generate the document and will have to face the consequences as provided under the law irrespective of his designation. It is relevant to mention here that offences of committing of electronic forgery and electronic fraud have been made punishable under Section: 13 of PECA 2016
It is very much relevant to mention here that if question in a case is only regarding availability of any SIM in the territorial jurisdiction of any cellular tower at the time of receiving or making any particular phone call then perhaps CDR would provide some help but if the matter in issue is about presence of any human being either witness or accused on some particular place as a recipient or maker of the phone call as in this case is, then situation is quite different/otherwise.
Although any accused or witness can claim or admit possession and use of any SIM “Subscriber Identity Module’ by him or anybody else at the time of occurrence or any other relevant time yet mere such claim or admission is not sufficient for relying on CDR “Call Data Record” of said SIM because CDR only shows use of SIM in territorial/geographical jurisdiction of “Cell Phone Tower” installed by telecom operator and does not disclose that who is actually/exactly carrying and using said SIM; however, “Voice Record Transcript” or “End to End Audio Recording” can reflect the detail/identification of the user. Therefore, without “Voice Recording Transcript”, mere “Call Data Record” (CDR) alone of the SIM is inconclusive piece of evidence regarding identity of its user/carrier;
Even “Voice Record Transcript” or “End to End Audio/Video Recording” of the call cannot be relied upon without forensic report about its genuineness.
Mere admission of the witness regarding use of any SIM must be corroborated not only by its CDR but also by “end to end” audio recording of “voice call” confirmed by due forensic analysis. Furthermore, CDR and voice record transcript as well as its forensic analysis report must be proved in accordance with law for reliance.
CDR is abbreviation of “Call Data Record” of SIM which is abbreviation of “Subscriber Identity Module”. As per “Report” submitted on behalf of Pakistan Telecommunication Authority, PTA was established under Section: 3 of Pakistan Telecommunication (Reorganization) Act, 1996 and is mandated to regulate the establishment, maintenance and operation of the telecommunication system and provision of telecommunication services in Pakistan. Prevention of Electronic Crimes Act, 2016 (hereinafter to be referred as PECA 2016) is the law which has been legislated and promulgated to prevent unauthorized acts with respect to information systems and to provide mechanism for related offences as well as procedure for investigation, prosecution, trial and international cooperation with respect thereof and matters connected therewith or ancillary thereto. Federal Government of Pakistan under Section: 29 read with Section 51 of PECA 2016 made/notified the Prevention of Electronic Crimes Investigation Rules, 2018 for carrying out the purpose of PECA 2016. PTA is a regulator and it has entered into contracts with cellular telecommunication companies which provide cellular phone service to the people in Pakistan as the “Service Provider”; term “Service Provider” has been defined in Section: 2 (xxviii) of PECA 2016.
Section: 32 of PECA 2016 provides that “a service provider shall within its existing or required technical capability, retain its specified traffic data for a minimum period of one year or such period as the “Authority” may notify from time to time”.
Said requirement of retaining traffic data is also mentioned in the service agreements/license issued to cellular telecommunication companies (licensee) and its clause 6-8-1 is relevant in this regard. Therefore, service providers are bound, amongst others, to maintain call data record (CDR) of its customers/users of mobile phone for a period of one year. Main object of maintaining said record is purely technical in nature and to facilitate the better provision of service inclusive of installation of various equipment and expansion of the equipment from time to time in this regard. Said “data” is stored in the form of pickets at the information system/server belonging to said service provider. As “data” is voluminous in nature, therefore, its long time preservation becomes impossible and that is why a period of one year is fixed in the agreement/license (mentioned above). Government enjoys facility of said stored CDR in the investigation of certain crimes in the country. Federal Ministry of Interior, Government of Pakistan regulates the procedure for the acquisition of CDR for the said purpose from the service providers. Section: 2(xx) of PECA 2016 defines “Information System” which means an electronic system for creating, generating, sending, receiving, storing, reproducing, displaying, recording or processing any information whereas Section: 2(xix) of Act ibid defines “information” which includes text, message, data, voice, sound, database, video, signals, software, computer programmes, any forms of intelligence as defined under the Pakistan Telecommunication (Reorganization) Act, 1996 and codes including object code and source code. “Information system” is presumed to be built, maintained and operated in most secured environment, however, damage to the data cannot be ruled out. The term “data” is defined in Section: 2(xiii) of PECA 2016 and it includes content data and traffic data; as per Section: 2(viii) of Act ibid, “content data” means any representation of fact, information or concept for processing in an information system including source code or a program suitable to cause an information system to perform a function; and as per Section: 2(xxx) of Act ibid, “traffic data” means data relating to a communication indicating its origin, destination, route, time, size, duration or type of service whereas ‘data damage” has been defined in Section: 2(xiv) of Act.
As per report submitted by PTA, Federal and Provincial Interior Ministries have authorized the police department under their jurisdiction and other law enforcement agencies to obtain the CDRs as and when required from the service providers. The officials, who perform said job and have been duly authorized by designation as well as other relevant information relating to them, whereby their authority can be identified, have been shared with the service providers.
Generally, they are authorized to obtain the requisite CDR through e.mail which is replied to by the automated system and there is no human involvement at the end of the service providers. In reply to Court’s query, learned counsel for PTA submits that there is no need to summon any representative of service provider for verification of CDR because there is no human involvement in replying the information relating to CDR by the automated system.
Subject to any mechanical error or hacking there is no possibility of leakage of CDR at the end of “service provider”. The leakage of the data and information, if any, is likely to have happened at the other end i.e. who has requisitioned the information.
It goes without saying that in order to ensure that CDR was duly generated and further to preserve/maintain its accuracy it would be appropriate rather necessary for the authorized officer, who has obtained or got generated the CDR by using his e.mail from automated system to affix his stamp and signatures as well as certificate on it while clearly mentioning therein that in which case it was required, who asked for it to him and when he received said request, and on which date and time, he generated the same by using his e.mail and this exercise will of course provide a safeguard to the generated CDR for its use and reliance. Investigating Officer will receive the CDR through recovery memo and same will be tendered/produced before the Court in accordance with law; needless to mention that it is to be considered as primary evidence as provided by Explanation No.3 and 4 of Article 73 of Qanun-eShahadat Order 1984.
Extending of undue and gratuitous/obliging concessions by witnesses during recording of their statements is not uncommon in our system a
Standard Operating Procedure “SOP” for obtaining CDR.
Perusal of the same reveals thatonly authorized officer can generate/obtain CDR from the automated system and he cannot delegate his said powers by providing his specified e.mail to his any subordinate or anybody else for regulating and generating/preparing any such document/CDR. At the cost of repetition it is again mentioned here that said authorized officer is bound to maintain confidentiality of said generated CDR/document under Section: 41 of the Act ibid and SOP (mentioned above). Since authorized officer cannot authorize any of his subordinate to generate CDR hence if he provides his e.mail to any of his subordinate then he frustrates the spirit of phenomena whereby he was only authorized by designation to use said e.mail and generate the document and will have to face the consequences as provided under the law irrespective of his designation. It is relevant to mention here that offences of committing of electronic forgery and electronic fraud have been made punishable under Section: 13 of PECA 2016
It is very much relevant to mention here that if question in a case is only regarding availability of any SIM in the territorial jurisdiction of any cellular tower at the time of receiving or making any particular phone call then perhaps CDR would provide some help but if the matter in issue is about presence of any human being either witness or accused on some particular place as a recipient or maker of the phone call as in this case is, then situation is quite different/otherwise.
Although any accused or witness can claim or admit possession and use of any SIM “Subscriber Identity Module’ by him or anybody else at the time of occurrence or any other relevant time yet mere such claim or admission is not sufficient for relying on CDR “Call Data Record” of said SIM because CDR only shows use of SIM in territorial/geographical jurisdiction of “Cell Phone Tower” installed by telecom operator and does not disclose that who is actually/exactly carrying and using said SIM; however, “Voice Record Transcript” or “End to End Audio Recording” can reflect the detail/identification of the user. Therefore, without “Voice Recording Transcript”, mere “Call Data Record” (CDR) alone of the SIM is inconclusive piece of evidence regarding identity of its user/carrier;
Even “Voice Record Transcript” or “End to End Audio/Video Recording” of the call cannot be relied upon without forensic report about its genuineness.
Mere admission of the witness regarding use of any SIM must be corroborated not only by its CDR but also by “end to end” audio recording of “voice call” confirmed by due forensic analysis. Furthermore, CDR and voice record transcript as well as its forensic analysis report must be proved in accordance with law for reliance.
CDR is abbreviation of “Call Data Record” of SIM which is abbreviation of “Subscriber Identity Module”. As per “Report” submitted on behalf of Pakistan Telecommunication Authority, PTA was established under Section: 3 of Pakistan Telecommunication (Reorganization) Act, 1996 and is mandated to regulate the establishment, maintenance and operation of the telecommunication system and provision of telecommunication services in Pakistan. Prevention of Electronic Crimes Act, 2016 (hereinafter to be referred as PECA 2016) is the law which has been legislated and promulgated to prevent unauthorized acts with respect to information systems and to provide mechanism for related offences as well as procedure for investigation, prosecution, trial and international cooperation with respect thereof and matters connected therewith or ancillary thereto. Federal Government of Pakistan under Section: 29 read with Section 51 of PECA 2016 made/notified the Prevention of Electronic Crimes Investigation Rules, 2018 for carrying out the purpose of PECA 2016. PTA is a regulator and it has entered into contracts with cellular telecommunication companies which provide cellular phone service to the people in Pakistan as the “Service Provider”; term “Service Provider” has been defined in Section: 2 (xxviii) of PECA 2016.
Section: 32 of PECA 2016 provides that “a service provider shall within its existing or required technical capability, retain its specified traffic data for a minimum period of one year or such period as the “Authority” may notify from time to time”.
Said requirement of retaining traffic data is also mentioned in the service agreements/license issued to cellular telecommunication companies (licensee) and its clause 6-8-1 is relevant in this regard. Therefore, service providers are bound, amongst others, to maintain call data record (CDR) of its customers/users of mobile phone for a period of one year. Main object of maintaining said record is purely technical in nature and to facilitate the better provision of service inclusive of installation of various equipment and expansion of the equipment from time to time in this regard. Said “data” is stored in the form of pickets at the information system/server belonging to said service provider. As “data” is voluminous in nature, therefore, its long time preservation becomes impossible and that is why a period of one year is fixed in the agreement/license (mentioned above). Government enjoys facility of said stored CDR in the investigation of certain crimes in the country. Federal Ministry of Interior, Government of Pakistan regulates the procedure for the acquisition of CDR for the said purpose from the service providers. Section: 2(xx) of PECA 2016 defines “Information System” which means an electronic system for creating, generating, sending, receiving, storing, reproducing, displaying, recording or processing any information whereas Section: 2(xix) of Act ibid defines “information” which includes text, message, data, voice, sound, database, video, signals, software, computer programmes, any forms of intelligence as defined under the Pakistan Telecommunication (Reorganization) Act, 1996 and codes including object code and source code. “Information system” is presumed to be built, maintained and operated in most secured environment, however, damage to the data cannot be ruled out. The term “data” is defined in Section: 2(xiii) of PECA 2016 and it includes content data and traffic data; as per Section: 2(viii) of Act ibid, “content data” means any representation of fact, information or concept for processing in an information system including source code or a program suitable to cause an information system to perform a function; and as per Section: 2(xxx) of Act ibid, “traffic data” means data relating to a communication indicating its origin, destination, route, time, size, duration or type of service whereas ‘data damage” has been defined in Section: 2(xiv) of Act.
As per report submitted by PTA, Federal and Provincial Interior Ministries have authorized the police department under their jurisdiction and other law enforcement agencies to obtain the CDRs as and when required from the service providers. The officials, who perform said job and have been duly authorized by designation as well as other relevant information relating to them, whereby their authority can be identified, have been shared with the service providers.
Generally, they are authorized to obtain the requisite CDR through e.mail which is replied to by the automated system and there is no human involvement at the end of the service providers. In reply to Court’s query, learned counsel for PTA submits that there is no need to summon any representative of service provider for verification of CDR because there is no human involvement in replying the information relating to CDR by the automated system.
Subject to any mechanical error or hacking there is no possibility of leakage of CDR at the end of “service provider”. The leakage of the data and information, if any, is likely to have happened at the other end i.e. who has requisitioned the information.
It goes without saying that in order to ensure that CDR was duly generated and further to preserve/maintain its accuracy it would be appropriate rather necessary for the authorized officer, who has obtained or got generated the CDR by using his e.mail from automated system to affix his stamp and signatures as well as certificate on it while clearly mentioning therein that in which case it was required, who asked for it to him and when he received said request, and on which date and time, he generated the same by using his e.mail and this exercise will of course provide a safeguard to the generated CDR for its use and reliance. Investigating Officer will receive the CDR through recovery memo and same will be tendered/produced before the Court in accordance with law; needless to mention that it is to be considered as primary evidence as provided by Explanation No.3 and 4 of Article 73 of Qanun-eShahadat Order 1984.
Extending of undue and gratuitous/obliging concessions by witnesses during recording of their statements is not uncommon in our system a
Reliance of the Judgment is as follows:
Crl. Appeal
CM/2/59829/21
Mst. Saima Nareen . Vs State Etc
Aalia Neelum) Judge
(Syed Shahbaz Ali Rizvi) Judge
(Farooq Haider) Judge
Pronounced in open court on 31.01.2023.
CM/2/59829/21
Mst. Saima Nareen . Vs State Etc
Aalia Neelum) Judge
(Syed Shahbaz Ali Rizvi) Judge
(Farooq Haider) Judge
Pronounced in open court on 31.01.2023.