Home
>
Tax
>
Access to E-records by Taxing Authorities: A Case for Pakistan (Part I)

Access to E-records by Taxing Authorities: A Case for Pakistan (Part I)

Background issues of access to records

To assess the records at hosted remote retained out of the jurisdiction of Pakistan root many legal issues which are needed to be addressed. Hereinafter there is description of the emerging legal issue of access to e-records.

Lack of statutory provisions for access to electronic data at remote Server

The access to record in electronic data is one of most difficult issue where record has been kept in remote hosting place which requires authorization and permission of the taxpayer and web hosting site.

The statutory provision of section 25 of the sale tax the phrase 'electronic data' has been used to get access to database of the record but no specific direction is available. Look at the section 25 of Sale tax Act 1990

"?A person who is required to maintain any record or documents under this Act or any other law shall, as and when required by an officer of Sales Tax, produce record or documents which are in his possession or control or in the possession or control of his agent; and where such record or documents have been kept on electronic data, he shall allow access to such officer of Sales Tax and use of any machine on which such data is kept."

The detail provisions in section 175 income tax ordinance 2002 regarding access to e-records,"In order to enforce any provision of this Ordinance (including for the purpose of making an audit of a taxpayer or a survey of persons liable to tax), the Commissioner or any officer authorised in writing by the Commissioner for the purposes of this section ? (a) shall, at all times and without prior notice, have full and free access to any premises, place, accounts, documents or computer;?(d) may, where a hard copy or computer disk of information stored on a computer is not made available, impound and retain the computer for as long as is necessary to copy the information required."

These provision has reproduced at length of the Income Tax Ordinance 2001 for getting access to the e-record but the statute is itself is silence on the point of record of business which has been conducted by e-commerce, how the computer can be accessed by tax officer which has uploaded at remote web server, in light of this fact it can be easily concluded that these legislative construction are inadequate.

The legislative construction are more strict and explicit in defining the right to access of the tax officer for purpose of verify of record but as comparison with the Sale Tax Act 1990,where the statutory detail is missing.

The section 18 of Central Excise Duties Act 1944 runs as under, "?Search made under this act or any rule made there under carried out in accordance with provisions of the code of criminal Procedure (V of 1898), relating with respect to search and arrest made under this code." There is also required the reconstruction of the statute of rule 96 of central duties rules 1945 regarding the special procedure for imposition of central excise duties on services.

The Criminal procedure itself is ineffective before the emerging issue of the e-commerce transactions.

Legality of hacking right

The term "computer hacking" technically defined as the penetration into computer systems, which is not done with the purpose of manipulation, sabotage or espionage, it could be for the pleasure or conspiracy into the technical security computer and net works system. The person who commit offence under above mentioned definition is regarded Hacker. Hacker as individual uses the modern programming tool or built in software to cause damage to networks. The hacking as process of getting access can be used as tool for getting access into computer e-database purpose of imposition of taxation and record verification. To get access and verify the record being hosting in remote services often requires the use of hacking to get access to records. The use of hacking as legal tools requires use of hacking soft wares with most modern technology and means employed to curb any evasion of tax and verify the e- record.

No specific statutory provisions are available for the defining the authorized hacking rights on the part of tax officer reason being lack use of modern technologies.

Security and privacy issues of web Hosting sites

In western legal history, the legislation for security and privacy laws was promulgated in earlier 1970s and 1980s concerned the protection of personal rights and privacy in particular. The relevant legislation was enacted to new challenges to privacy by the increasing possibilities of electronic data processing to collect, store, connect and transfer personal data in 1990s. The advent of era of www the legislative inadequacy was felt and the traditional provisions for the protection of secrecy were amendment for providing more protection to security and privacy of site and electronic net work for purpose of promotion of business and consumer confidence in net trading. The covered part of the personality fundamental rights and proved to be far too narrow for a protection against the new dangers of violation of database of computer and networks. All criminal laws of various states have their historical background of providing penal provisions for curbing cyber and electronic offenses for the protection of secrecy and security of database of computer networks. These provisions can be found in the core of criminal laws. Here aim of providing brief description of these reforms is that these reforms have created secure environment for online transaction which ultimate provide legal system for collection of electronic commerce taxation. One way these reform has provided protect to consumer and business concern but the security rights has created so many legal barriers in way of getting access to server database on part of taxing authorities for assessing the exactness of records exhibited for purpose of taxing. I am here therefore speaking of an international tax authorities exercising their own jurisdiction for exercising their right of taxation. The security and privacy laws clearly show the common problems of all national tax systems.

These laws in fact provided Immunity to these site to disclose information related with identity of consumer and businesses which are related to security procedure, no person or authority is permitted to question the data base or to disclose any password, key or other secret information exclusively within his private knowledge of these network system which enables their use of the security procedure or advanced electronic signature to claim immunity against any authority . There number of tax haven sites that come to contract with provider for providing complete secrecy against business records.

The most formidable task is getting access to remote data is the legal shelter being provided by the remote hosting servers. The right to breach the security right as statutory is not possible in case of hosting of data at remote server, unless the tax payer be compelled to facilities the access to e-data.

The legal issues of multi jurisdiction

I have discussed the territorial jurisdiction at length on chapter on "Jurisdiction". Here I shall discuss the jurisdiction of taxing authorities to access the records not available in state jurisdiction. The cross border jurisdiction often leads to multi jurisdiction of various states. The most important legal issue which hamper in the way of implementation of statutory right of tax authorities is to collect taxes on cross border e-transaction. This legal question often arise the multi jurisdictional issue which requires for just adjudication of tax disputes. Tax legislation, generally, requires a taxpayer to maintain books and e-records for a period of five years . On the internet, records of business transactions are being created in electronic form and the requirement to keep records for tax purposes applies to records kept in electronic form for period of give is a difficult to do. The concept of examining computer based records, although a specialist audit area is not new to CBR. There is possible that is likely to witness an increase in e-business records being maintained in electronic form and to match this growth, adequate number of staff resources and training will have to be devoted to, and invested in, computer audit in the near future. In addition, as a business trading on the internet may not have a readily identifiable physical presence, it will not always be clear where the basic business records are held. Any person intent on being non-compliant can keep records in an offshore location. Central board of revenue has already been faced with the difficulties in just tax compliance when records relevant to a taxable Pakistani activity are kept in an offshore location. The increased globalization of trade means that records can be held in many locations around the world for valid business reasons. The revenue authorities' response has been for its auditors to carry out the audit of the physical records in the offshore location. It is likely that auditors will have to face multi jurisdictional problems in future be able to access off-shore records on the internet. There will be a reduced need for physical visits to sites where records are kept. The revenue authorities already have not been legally powered to enable it to carry out its audit function regardless of the means by which records are maintained and regardless of location. At present companies trading in Pakistan do not need to physically maintain sufficient records in this country to enable their tax position to be established to the satisfaction of the Central board of revenue.

The encryption is a possible technique for computer auditors for verification of records out of state jurisdiction. Encryption keys can be used for legitimate business purposes to preserve confidentiality and prevent unauthorized access to sensitive commercial data. In proposing the legal changes concerning the standards under which records may be stored electronically, Central Board of Revenue should ensure that it always has access to a means of decrypting data within taxing jurisdiction irrespective of fact that where the data base has been hosted.

Issues of authenticating the integrity of business records

As comparison with traditional based methods original records are held in form of paper based form. These record has its own advantages and disadvantage too. With conventional commerce original records can be examined for the attributes of authenticity and integrity. Since, with e-commerce transactions have begun, the original documents are stored in electronic form which provides enough opportunity for tax payer to tamper with the records. The development of confidence in physically viewing the originals knowing that they are unaltered is not possible. However, the modern device and software has been developed to check the authenticity and integrity of record to identify alterations to computer records but their use is limited to few advance countries. The revenue authorities of these countries specifically use accounting software for this purpose. We are entering into era where the business concerns are more feel comfort in maintaining their record in electronic form. Many of us in the workplace feel more comfortable with paper-based records. But is this comfort an illusion? But to question the integrity of paper based record can not said unaltered. The paper based records can be altered, lost or falsified but doing same with e-record can be done with relative easy. We are moving into paper based record keeping to electronic form but our revenue authorities are not familiar with the tools and procedures for checking paper records. The employed by private enterprise are more technologically advance as comparison with our taxing authorities. Whereas, CBR tools for validating computer records are new and, perhaps, less intuitive just because pace of advancement is slower as comparison with private enterprises. The CBR must adopt following strategies to overcome the technological gap has created but them and enterprises. First they have to train their staff for computer auditing because computer records has their particular specially when are hosted at remote servers. The second step once the staff has been trained. They should be equipped with more tools for validation and verification of records and finally CBR must promote the maintenance of records in computer based form because it's easier and effective assessment.

What matters for the revenue authorities is that businesses more likely to perpetrate tax fraud are identified through correct risk analysis. This does not depend on the nature of the records as between paper-based and computerized.

In conclusion, revenue auditors will require a higher level of computer skilled staff in future to allow accurate interpretation of computerized records systems. It will also be necessary for revenue auditors to have systems analysis skills to validate the data models for e-business which are to be used in a given accounting environment. This will also need manipulation records accurately trace transactions through such systems. The computer software industry is aware of potential for loss of audit trail arising from business being conducted on the internet. As mentioned already, the software industry is developing new techniques to ensure the integrity of electronic records. An example of this is a technique called "message digests". A message digests works by attaching a unique message to an electronic record. Any subsequent change to the record can be traced by comparing the original digest with a newly created digest based on the current state of the file data. Once again we see an emerging overlap of interest between the public and private sector; both are keen for ecommerce to work well and both face common problems. The point has been well made that the private sector, particularly the auditing profession, has the same interest as tax auditors in safeguarding the integrity of e-commerce records. One area of focus is the impact of significant electronic processing of information on the auditor's ability to rely on substantive, observable evidence in the conduct of an audit.

The writer is an advocate of High Court and practicing immigration and corporate laws in Pakistan since September 2001. He is a self employed and pioneer in research on electronic commerce taxation in Pakistan. His articles were published widely in the critical areas of cyber crimes, electronic commerce, e-taxation and various other topics. He wrote LL.M thesis on titled "Legislation of electronic commerce taxation in Pakistan" in which he provided comprehensive legal proposals for statutory reconstruction of tax laws for purpose of imposition of taxation on e-business in Pakistan. Currently he is conducting is research on topic 'Electronic commerce taxation: emerging legal issues of digital evidence'.Author can be contacted by adil.waseem@lawyer.com

tidy up service Glenview ..

In The News:

Essential phone settings to enable before losing your device, including Find My network, location services and security features for iPhone and Android.

The Fox News AI Newsletter gives readers the latest AI technology advancements, covering the challenges and opportunities AI presents.

Cybersecurity research shows weak passwords remain a major threat, with simple patterns and number sequences putting millions of accounts at risk.

New Android malware BankBot YNRK silences phones, steals banking data and drains crypto wallets automatically. Learn how this advanced threat works.

FDA approves first human trial for Paradromics' brain-computer interface that could restore speech for paralyzed patients through neural technology.

New phishing platform QRR targets Microsoft 365 users across 1,000 domains in 90 countries. Learn how to spot fake login pages and protect your accounts.

OpenTable now uses AI to track your dining habits and share insights with restaurants. Learn what data they collect and how to protect your privacy.

Google's discontinued Nest thermostats still secretly upload home data to company servers despite losing smart features, raising serious privacy concerns.

New Android malware NGate steals NFC payment codes in real-time, allowing criminals to withdraw cash from ATMs without your card. Learn protection tips.

DoorDash confirms data breach exposing customer names, emails, addresses after social engineering attack. Learn how to protect yourself from scams.

Concerned about Google's AI scanning your Gmail? Learn how to disable Gemini features that access your emails, Drive files and Chat messages for privacy.

Google warns Android users about dangerous fake VPN apps hiding malware that steals passwords, banking details and personal data from phones and tablets.

Apple's digital passport feature lets iPhone users breeze through TSA checkpoints this holiday season using Digital ID technology at 250+ airports.

A new phishing scam targets family photos with fake "Cloud Storage Full" alerts. Criminals steal credit card information through fake sites. Learn protection tips.

South Korean scientists create ultra-thin fabric muscles that turn clothes into robotic assistants, lifting 33 pounds while weighing under half an ounce.

Archer Aviation has acquired Hawthorne Airport for $126M to launch an LA air taxi network ahead of the 2028 Olympics, featuring AI-powered eVTOL operations and next-gen aviation tech.

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

Fake AI apps disguised as "ChatGPT" and "DALL·E" are flooding app stores with dangerous malware that steals data and monitors users without detection.

Fake buyers demand specific vehicle reports from unknown sites to steal credit card information from car sellers, but warning signs can help identify these scams before paying.

Android users can now manage apps across multiple devices more easily with Google Play Store's updated remote uninstall button in the latest update.

NASA's Perseverance rover discovers shiny metallic rock on Mars that could be a meteorite from an ancient asteroid, containing high levels of iron and nickel.

Holiday scams spike during Black Friday and Cyber Monday as criminals exploit your leaked personal data. Learn how to protect yourself from fake stores and phishing.

Commerce Department proposes TP-Link router ban over Chinese security risks. Learn how this potential prohibition could affect your home network and devices.

Hyundai AutoEver America suffered a data breach affecting 2,000 current and former employees, exposing names, Social Security numbers and driver's license information.

Washington court rules automated license plate reader images are public records, even when stored by vendors like Flock Safety, setting precedent for transparency.