| UNAUTHORIZED HACKINGThe term "computer | | | | payer be compelled to facilities the access |
| hacking" traditionally describes the | | | | to e-data.AUTHENTICATING THE INTEGRITY OF |
| penetration into computer systems, which is | | | | BUSINESS RECORDSWith conventional commerce |
| not carried out with the aims of | | | | original records are paper-based and can be |
| manipulation, sabotage or espionage, but for | | | | examined for the attributes of authenticity |
| the pleasure of overcoming the technical | | | | and integrity. Since, with e-commerce |
| security measures. In practice, this kind of | | | | transactions, the original documents are |
| offense can be frequently found. As far as | | | | stored in electronic form the comfort of |
| damage is concerned, a differentiation must | | | | physically viewing the originals knowing that |
| be made. In numerous cases, the attacked | | | | they are unaltered does not exist. However, |
| computer user is not actually harmed, but | | | | software is being developed to identify |
| only endangered. Contrary to this, | | | | alterations to computer records. Specific |
| considerable damages occur in other cases | | | | accounting software may also be deployed for |
| especially when the perpetrators later use | | | | this purpose. Many of us in the workplace |
| their knowledge for committing espionage and | | | | feel more comfortable with paper-based |
| sabotage. In any case the "formal sphere of | | | | records. But is this comfort an illusion? |
| secrecy" or the integrity of the concerned | | | | Paper records can be altered, lost or |
| computer systems is violated. Also it is very | | | | falsified. So too can computer records. The |
| tough to draw a dividing line between what | | | | fact is that we are familiar with the tools |
| can be considered mild and what endangers | | | | and procedures for checking paper records. |
| life. Consider someone breaking into the | | | | Whereas, he tools for validating computer |
| online flight system of an Pakistan Airlines | | | | records are new and, perhaps, less intuitive. |
| flight. He or she is definitely endangering | | | | Revenue authorities are likely to reach a |
| the lives of those on board though it may | | | | number of conclusions to do with this over |
| have been done for fun's.To get access and | | | | the next few years:* Computer audit means |
| verify the record being hosting in remote | | | | more and different training of staff.* Once |
| services often requires the use of hacking to | | | | staff is trained, computer audit will have |
| get access to records. The use of hacking as | | | | advantages over traditional audit in terms of |
| legal tools requires use of hacking soft | | | | speed, precision and flexibility. It will be |
| wares with most modern technology and means | | | | seen as the only way to audit large |
| employed to curb any evasion of tax and | | | | companies, in particular.* Computer audit |
| verify the e- record.No specific statutory | | | | will make it easier to examine both |
| provisions are available for the defining the | | | | accounting systems and the records which go |
| authorized hacking rights on the part of tax | | | | to make up those systems. Overall, it is not |
| officer.SECURITY AND PRIVACY ISSUES OF WEB | | | | the fact that records are paper or |
| HOSTING SITESIn numerous Western legal | | | | computer-based that matters.What matters for |
| systems, the first "computer-specific" | | | | Revenue is that businesses more likely to |
| reforms of law during the 1970s and 1980s | | | | perpetrate tax fraud are identified through |
| concerned the protection of personal rights | | | | correct risk analysis. This does not depend |
| and privacy in particular. The relevant | | | | on the nature of the records as between |
| legislation was a reaction to new challenges | | | | paper-based and computerized. In conclusion, |
| to privacy by the increasing possibilities of | | | | Revenue auditors will require a higher level |
| electronic data processing to gather, store, | | | | of computer skills in future to allow |
| connect and transfer personal data. The | | | | accurate interpretation of computerized |
| traditional provisions for the protection of | | | | records systems. It will also be necessary |
| secrecy only covered part of the personality | | | | for Revenue auditors to have systems analysis |
| right and proved to be far too narrow for a | | | | skills to validate the data models used in a |
| protection against the new dangers. A | | | | given accounting environment. They will also |
| differentiation in criminal data protection | | | | need manipulation skills to accurately trace |
| law which can be found in all countries today | | | | transactions through such systems. The |
| results from this historic development: | | | | computer software industry is aware of |
| Traditional offenses for the protection of | | | | potential for loss of audit trail arising |
| secrecy (e.g. for doctors, lawyers or public | | | | from business being conducted on the |
| officials) can still be found in the core of | | | | internet. As mentioned already, the industry |
| criminal law, i.e. the Criminal Code. | | | | is developing techniques to ensure the |
| Personal data receives indirect criminal | | | | integrity of electronic records. An example |
| protection by general criminal provisions | | | | of this is a technique called "message |
| that are not limited to personal data . We | | | | digests". A message digests works by |
| can therefore speak of an international wave | | | | attaching a unique message to an electronic |
| of reform, which clearly shows the common | | | | record. Any subsequent change to the record |
| problems of all national legal systems.There | | | | can be detected by comparing the original |
| are often Immunity is provided against | | | | digest with a newly created digest based on |
| disclosure of information relating to | | | | the current state of the file data. Once |
| security procedure, no person shall be | | | | again we see an emerging overlap of interest |
| compelled to disclose any password, key or | | | | between the public and private sector; both |
| other secret information exclusively within | | | | are keen for ecommerce to work well and both |
| his private knowledge, which enables his use | | | | face common problems. The point has been well |
| of the security procedure or advanced | | | | made that the private sector, particularly |
| electronic signature shall not confer any | | | | the auditing profession, has the same |
| immunity where such information is used for | | | | interest as tax auditors in safeguarding the |
| the commission of any offence under any law | | | | integrity of e-commerce records. One area of |
| for the time being in force.The most | | | | focus is the impact of significant electronic |
| formidable task is getting access to remote | | | | processing of information on the auditor's |
| data is the shelter being provided by the | | | | ability to rely on substantive, observable |
| remote hosting site for maintenance of the | | | | evidence in the conduct of an audit.FILING OF |
| privacy and security of the database. The | | | | TAX RETURN OF E-BUSINESS AND FURNISHING |
| right to breach the security right as | | | | EVIDENCESelf-assessment relies on taxpayers |
| statutory is not possible in case of hosting | | | | voluntarily meeting their tax obligations. |
| of data at remote server, unless the tax | | | | |