Access to E-records by Taxing Authorities: A Case for Pakistan (Part I)

Background issues of access to records

To assess the records at hosted remote retained out of the jurisdiction of Pakistan root many legal issues which are needed to be addressed. Hereinafter there is description of the emerging legal issue of access to e-records.

Lack of statutory provisions for access to electronic data at remote Server

The access to record in electronic data is one of most difficult issue where record has been kept in remote hosting place which requires authorization and permission of the taxpayer and web hosting site.

The statutory provision of section 25 of the sale tax the phrase 'electronic data' has been used to get access to database of the record but no specific direction is available. Look at the section 25 of Sale tax Act 1990

"?A person who is required to maintain any record or documents under this Act or any other law shall, as and when required by an officer of Sales Tax, produce record or documents which are in his possession or control or in the possession or control of his agent; and where such record or documents have been kept on electronic data, he shall allow access to such officer of Sales Tax and use of any machine on which such data is kept."

The detail provisions in section 175 income tax ordinance 2002 regarding access to e-records,"In order to enforce any provision of this Ordinance (including for the purpose of making an audit of a taxpayer or a survey of persons liable to tax), the Commissioner or any officer authorised in writing by the Commissioner for the purposes of this section ? (a) shall, at all times and without prior notice, have full and free access to any premises, place, accounts, documents or computer;?(d) may, where a hard copy or computer disk of information stored on a computer is not made available, impound and retain the computer for as long as is necessary to copy the information required."

These provision has reproduced at length of the Income Tax Ordinance 2001 for getting access to the e-record but the statute is itself is silence on the point of record of business which has been conducted by e-commerce, how the computer can be accessed by tax officer which has uploaded at remote web server, in light of this fact it can be easily concluded that these legislative construction are inadequate.

The legislative construction are more strict and explicit in defining the right to access of the tax officer for purpose of verify of record but as comparison with the Sale Tax Act 1990,where the statutory detail is missing.

The section 18 of Central Excise Duties Act 1944 runs as under, "?Search made under this act or any rule made there under carried out in accordance with provisions of the code of criminal Procedure (V of 1898), relating with respect to search and arrest made under this code." There is also required the reconstruction of the statute of rule 96 of central duties rules 1945 regarding the special procedure for imposition of central excise duties on services.

The Criminal procedure itself is ineffective before the emerging issue of the e-commerce transactions.

Legality of hacking right

The term "computer hacking" technically defined as the penetration into computer systems, which is not done with the purpose of manipulation, sabotage or espionage, it could be for the pleasure or conspiracy into the technical security computer and net works system. The person who commit offence under above mentioned definition is regarded Hacker. Hacker as individual uses the modern programming tool or built in software to cause damage to networks. The hacking as process of getting access can be used as tool for getting access into computer e-database purpose of imposition of taxation and record verification. To get access and verify the record being hosting in remote services often requires the use of hacking to get access to records. The use of hacking as legal tools requires use of hacking soft wares with most modern technology and means employed to curb any evasion of tax and verify the e- record.

No specific statutory provisions are available for the defining the authorized hacking rights on the part of tax officer reason being lack use of modern technologies.

Security and privacy issues of web Hosting sites

In western legal history, the legislation for security and privacy laws was promulgated in earlier 1970s and 1980s concerned the protection of personal rights and privacy in particular. The relevant legislation was enacted to new challenges to privacy by the increasing possibilities of electronic data processing to collect, store, connect and transfer personal data in 1990s. The advent of era of www the legislative inadequacy was felt and the traditional provisions for the protection of secrecy were amendment for providing more protection to security and privacy of site and electronic net work for purpose of promotion of business and consumer confidence in net trading. The covered part of the personality fundamental rights and proved to be far too narrow for a protection against the new dangers of violation of database of computer and networks. All criminal laws of various states have their historical background of providing penal provisions for curbing cyber and electronic offenses for the protection of secrecy and security of database of computer networks. These provisions can be found in the core of criminal laws. Here aim of providing brief description of these reforms is that these reforms have created secure environment for online transaction which ultimate provide legal system for collection of electronic commerce taxation. One way these reform has provided protect to consumer and business concern but the security rights has created so many legal barriers in way of getting access to server database on part of taxing authorities for assessing the exactness of records exhibited for purpose of taxing. I am here therefore speaking of an international tax authorities exercising their own jurisdiction for exercising their right of taxation. The security and privacy laws clearly show the common problems of all national tax systems.

These laws in fact provided Immunity to these site to disclose information related with identity of consumer and businesses which are related to security procedure, no person or authority is permitted to question the data base or to disclose any password, key or other secret information exclusively within his private knowledge of these network system which enables their use of the security procedure or advanced electronic signature to claim immunity against any authority . There number of tax haven sites that come to contract with provider for providing complete secrecy against business records.

The most formidable task is getting access to remote data is the legal shelter being provided by the remote hosting servers. The right to breach the security right as statutory is not possible in case of hosting of data at remote server, unless the tax payer be compelled to facilities the access to e-data.

The legal issues of multi jurisdiction

I have discussed the territorial jurisdiction at length on chapter on "Jurisdiction". Here I shall discuss the jurisdiction of taxing authorities to access the records not available in state jurisdiction. The cross border jurisdiction often leads to multi jurisdiction of various states. The most important legal issue which hamper in the way of implementation of statutory right of tax authorities is to collect taxes on cross border e-transaction. This legal question often arise the multi jurisdictional issue which requires for just adjudication of tax disputes. Tax legislation, generally, requires a taxpayer to maintain books and e-records for a period of five years . On the internet, records of business transactions are being created in electronic form and the requirement to keep records for tax purposes applies to records kept in electronic form for period of give is a difficult to do. The concept of examining computer based records, although a specialist audit area is not new to CBR. There is possible that is likely to witness an increase in e-business records being maintained in electronic form and to match this growth, adequate number of staff resources and training will have to be devoted to, and invested in, computer audit in the near future. In addition, as a business trading on the internet may not have a readily identifiable physical presence, it will not always be clear where the basic business records are held. Any person intent on being non-compliant can keep records in an offshore location. Central board of revenue has already been faced with the difficulties in just tax compliance when records relevant to a taxable Pakistani activity are kept in an offshore location. The increased globalization of trade means that records can be held in many locations around the world for valid business reasons. The revenue authorities' response has been for its auditors to carry out the audit of the physical records in the offshore location. It is likely that auditors will have to face multi jurisdictional problems in future be able to access off-shore records on the internet. There will be a reduced need for physical visits to sites where records are kept. The revenue authorities already have not been legally powered to enable it to carry out its audit function regardless of the means by which records are maintained and regardless of location. At present companies trading in Pakistan do not need to physically maintain sufficient records in this country to enable their tax position to be established to the satisfaction of the Central board of revenue.

The encryption is a possible technique for computer auditors for verification of records out of state jurisdiction. Encryption keys can be used for legitimate business purposes to preserve confidentiality and prevent unauthorized access to sensitive commercial data. In proposing the legal changes concerning the standards under which records may be stored electronically, Central Board of Revenue should ensure that it always has access to a means of decrypting data within taxing jurisdiction irrespective of fact that where the data base has been hosted.

Issues of authenticating the integrity of business records

As comparison with traditional based methods original records are held in form of paper based form. These record has its own advantages and disadvantage too. With conventional commerce original records can be examined for the attributes of authenticity and integrity. Since, with e-commerce transactions have begun, the original documents are stored in electronic form which provides enough opportunity for tax payer to tamper with the records. The development of confidence in physically viewing the originals knowing that they are unaltered is not possible. However, the modern device and software has been developed to check the authenticity and integrity of record to identify alterations to computer records but their use is limited to few advance countries. The revenue authorities of these countries specifically use accounting software for this purpose. We are entering into era where the business concerns are more feel comfort in maintaining their record in electronic form. Many of us in the workplace feel more comfortable with paper-based records. But is this comfort an illusion? But to question the integrity of paper based record can not said unaltered. The paper based records can be altered, lost or falsified but doing same with e-record can be done with relative easy. We are moving into paper based record keeping to electronic form but our revenue authorities are not familiar with the tools and procedures for checking paper records. The employed by private enterprise are more technologically advance as comparison with our taxing authorities. Whereas, CBR tools for validating computer records are new and, perhaps, less intuitive just because pace of advancement is slower as comparison with private enterprises. The CBR must adopt following strategies to overcome the technological gap has created but them and enterprises. First they have to train their staff for computer auditing because computer records has their particular specially when are hosted at remote servers. The second step once the staff has been trained. They should be equipped with more tools for validation and verification of records and finally CBR must promote the maintenance of records in computer based form because it's easier and effective assessment.

What matters for the revenue authorities is that businesses more likely to perpetrate tax fraud are identified through correct risk analysis. This does not depend on the nature of the records as between paper-based and computerized.

In conclusion, revenue auditors will require a higher level of computer skilled staff in future to allow accurate interpretation of computerized records systems. It will also be necessary for revenue auditors to have systems analysis skills to validate the data models for e-business which are to be used in a given accounting environment. This will also need manipulation records accurately trace transactions through such systems. The computer software industry is aware of potential for loss of audit trail arising from business being conducted on the internet. As mentioned already, the software industry is developing new techniques to ensure the integrity of electronic records. An example of this is a technique called "message digests". A message digests works by attaching a unique message to an electronic record. Any subsequent change to the record can be traced by comparing the original digest with a newly created digest based on the current state of the file data. Once again we see an emerging overlap of interest between the public and private sector; both are keen for ecommerce to work well and both face common problems. The point has been well made that the private sector, particularly the auditing profession, has the same interest as tax auditors in safeguarding the integrity of e-commerce records. One area of focus is the impact of significant electronic processing of information on the auditor's ability to rely on substantive, observable evidence in the conduct of an audit.

The writer is an advocate of High Court and practicing immigration and corporate laws in Pakistan since September 2001. He is a self employed and pioneer in research on electronic commerce taxation in Pakistan. His articles were published widely in the critical areas of cyber crimes, electronic commerce, e-taxation and various other topics. He wrote LL.M thesis on titled "Legislation of electronic commerce taxation in Pakistan" in which he provided comprehensive legal proposals for statutory reconstruction of tax laws for purpose of imposition of taxation on e-business in Pakistan. Currently he is conducting is research on topic 'Electronic commerce taxation: emerging legal issues of digital evidence'.Author can be contacted by [email protected]