Making Punjab Safe City Authority Smarter
As a general observation, technological innovation in the public sector in Pakistan does not sustain well. The reason is that at the time of the inception of a new initiative, both innovation and technology are not introduced through a legal framework, leaving the sustainability of the initiative at the discretion of public officials. Mindful of the situation, the government integrated and institutionalized the Punjab Safe City Authority through a provincial statute, the Punjab Safe City Authority Act, 2016. In the larger constitutional context, Articles 81(e) and 121(e) of the Constitution of Pakistan, 1973 provide that no expenditure can be charged on the public budget unless it is so provided by the law, thereby making it absolutely essential to introduce the Authority through a law to enable it to receive funding from the provincial budget.
As a principal architect of the Punjab Safe City Authority Act, 2016, the author along with other team members introduced the law as an organizational law to provide for the administrative structure of the Authority. By doing so, the Authority was made legally sustainable, but the real task is to make it legally operational and integrate it into the larger justice system of Pakistan, so an adjunctive law is to follow, i.e. the law providing for detailed binding legal procedures about the processing of technology in a viable, consistent and legally acceptable manner. While the organizational law made the Authority itself legally safe, the adjunctive law is supposed to make it legally smart. In this write-up, effort will be made to identify some of the areas in which the adjunctive law needs to be developed for the Punjab Safe City Authority.
First of all the Authority needs to provide for standards of accountability as required under Section 9 of the Punjab Safe City Authority Act, 2016. In absence of such standards of accountability, criminal law dealing with the information technology will become applicable (such as the Prevention of Electronic Crimes Act, 2016). It may be noted that the Prevention of Electronic Crimes Act, 2016 is very expansive in its scope. For example, the definition of an ‘act’ in Section 2(i) of the Prevention of the Electronic Crimes Act, 2016 includes ‘omission’ and acts affected by the ‘automated information system’, thus implying to import liability of the Artificial Intelligent System (AIS) to the operator of the information system. The expansive effect of the federal criminal law cannot be undone by non obstante clauses and immunity clauses included in the Punjab Safe City Authority Act, 2016. Likewise, the Prevention of the Electronic Crimes Act, 2016 divides the data into three types:
- (a) traffic data,
- (b) content data, and
- (c) the critical infrastructure data.
Each type of data is then treated separately in the Prevention of the Electronic Crimes Act, 2016. In the context of the Punjab Safe City Authority, the detailed rules and regulations that deal with traffic, content and critical infrastructure data need to be drafted by clearly specifying the caveats of the usage and safeguards for the officers of the Authority. Likewise, two safeguards that have been provided to the service providers through Section 38 of the Prevention of the Electronic Crimes Act, 2016 should also be extended to the officials working at the Authority. These two safeguards include:
- limited liability, and
- the reversal of burden of proof on the person accusing the service provider of involvement in a criminal activity.
Secondly, a detailed legally binding procedure to enable officials to conduct online surveillance through cameras while providing for privacy safeguards is another area that needs to be regulated through a legal framework. Equally important is the legal procedure to be employed for the collection, preservation, storage and management of data. Police officers have started taking video images and clips from the data stored and managed by the Authority, which must meet the standards set in the Qanoon-e-Shahadat Order, 1984, which is a federal law.
Thirdly, there is a need to provide for a legal framework to cover the forward and backward linkage of data amongst different provincial and federal organizations that would make the law on data sharing more certain, consistent and integrated. Data-logging and sharing, of course, must also be legally covered to safeguard the integrity of the system.
Fourthly, the law should also provide for enabling legal provisions on the monitoring of open source communications and for allowing the Authority to conduct a forensic analysis of data found at the heart of an inquiry or investigation. For this, a legal liaison between the Punjab Forensic Science Agency Act, 2007 and the Punjab Safe City Authority Act, 2016 must be established with special reference to preventive and detective policing scenarios.
The Punjab Safe City Authority Act, 2016, by establishing a horizontal relationship with other provincial legislation and a vertical relationship with federal laws, can help make the Authority truly ‘safe’ as well as ‘smart’.
The views expressed in this article are those of the author and do not necessarily represent the views of CourtingTheLaw.com or any organization with which he might be associated.