A critical analysis on need for regulation in cyberspace

From Advocatespedia, The Law Encyclopedia
Jump to: navigation, search

Simple way we can say that cyber crime is unlawful acts wherein the computer is either a tool or a target or both Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000.

We can categorize Cyber crimes in two ways

The Computer as a Target :-using a computer to attack other computers.

e.g. Hacking, Virus/Worm attacks, DOS attack etc.

The computer as a weapon :-using a computer to commit real world crimes.

e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.

Cyber Crime regulated by Cyber Laws or Internet Laws.

Technical Aspects

Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as

a. Unauthorized access & Hacking:-

Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.

Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network.

Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. By hacking web server taking control on another persons website called as web hijacking

b. Trojan Attack:-

The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans. The name Trojan Horse is popular.Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the trojan. TCP/IP protocol is the usual protocol type used for communications, but some functions of the trojans use the UDP protocol as well.

c. Virus and Worm attack:-

A program that has capability to infect other programs and make copies of itself and spread into other programs is called virus.

Programs that multiply like viruses but spread from computer to computer are called as worms.

d. E-mail & IRC related crimes:-

1. Email spoofing : Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source.

2. Email Spamming : Email "spamming" refers to sending email to thousands and thousands of users - similar to a chain letter.

3 Sending malicious codes through email

E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending a link of website which on visiting downloads malicious code.

4. Email bombing : E-mail "bombing" is characterized by abusers repeatedly sending an identical email message to a particular address.

5. Sending threatening emails

6. Defamatory emails

7. Email frauds

8. IRC related

Three main ways to attack IRC are: "verbalâ⦣8218;?Ŧ#8220; attacks, clone attacks, and flood attacks.

e. Denial of Service attacks:-Flooding a computer resource with more requests than it can handle. This causes the resource to crash thereby denying access of service to authorized usersusers.

Introduction

The computer-generated world of internet is known as cyberspace and the laws prevailing this area are known as Cyber laws and all the users of this space come under the ambit of these laws as it carries a kind of worldwide jurisdiction. Cyber law can also be described as that branch of law that deals with legal issues related to use of inter-networked information technology. In short, cyber law is the law governing computers and the internet.

The growth of Electronic Commerce has propelled the need for vibrant and effective regulatory mechanisms which would further strengthen the legal infrastructure, so crucial to the success of Electronic Commerce. All these governing mechanisms and legal structures come within the domain of Cyber law.

Cyber law is important because it touches almost all aspects of transactions and activities and on involving the internet, World Wide Web and cyberspace. Every action and reaction in cyberspace has some legal and cyber legal angles.

Cyber Crime is not defined in Information Technology Act 2000 nor in the National Cyber Security Policy 2013 nor in any other regulation in India. In fact, it cannot be too. Crime or offence has been dealt with elaborately listing various acts and the punishments for each, under the Indian Penal Code, 1860 and quite a few other legislations too. Hence, to define cyber-crime, one can say, it is just a combination of crime and computer. To put it in simple terms ‘any offence or crime in which a computer is used is a cyber-crime’. Interestingly even a petty offence like stealing or pick pocket can be brought within the broader purview of cybercrime if the basic data or aid to such an offence is a computer or an information stored in a computer used (or misused) by the fraudster. The I.T. Act defines a computer, computer network, data, information and all other necessary ingredients that form part of a cybercrime.

In a cyber-crime, computer or the data itself the target or the object of offence or a tool in committing some other offence, providing the necessary inputs for that offence. All such acts of crime will come under the broader definition of cyber-crime.

Cyber law encompasses laws relating to

Cyber crimes

Electronic and digital signatures

Intellectual property

Data protection and privacy

History

The Internet is a global system of interconnected computer networks that use the standardized Internet Protocol Suite (TCP/IP). It is a network of networks that consists of millions of private and public, academic, business and government networks of local to global scope that are linked by copper wires, fiber optic cables, wireless connections and other technologies. The Internet carries a vast array of information resources and services, most notably the inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructure to support electronic mail, in addition to popular services such as online chat, file transfer and file sharing, online gaming, and Voice over Internet Protocol (VoIP) person to person communication via voice and video. The origins of the Internet dates back to the 1960s when the United States funded research projects of its military agencies to build robust, fault tolerant and distributed computer networks. This research and a period of civilian funding of a new U.S. backbone by the National Science Foundation spawned worldwide participation in the development of new networking technologies and led to the commercialization of an international network in the mid-1990s, and resulted in the following popularization of countless applications in virtually every aspect of modern human life.

The terms ‘Internet’ and ‘World Wide Web’ are often used in everyday speech without much distinction. However, the Internet and the World Wide Web are not one and the same. The Internet is a global data communications system. It is a hardware and software infrastructure that provides connectivity between computers. In contrast, the Web is one of the services communicated via the Internet. It is a collection of interconnected documents and other resources, linked by hyperlinks and Uniform Resource Locator (URLs).

The World Wide Web was invented in 1989 by the English Physicist Tim Berners-Lee, now the Director of the World Wide Web Consortium, and later assisted by Robert Cailliau, a Belgian computer scientist, while both were working at CERN in Geneva, Switzerland. In 1990, they proposed building a “web of nodes” storing “hypertext pages” viewed by “browsers” on a network and released that web in December.

Overall the Internet usage saw a tremendous growth. From 2000 to 2009, the number of Internet users globally rose from 394 million to 1.858 billion. By 2010, 22 percent of the world’s population had access to computers with one billion Google searches every day, 300 million Internet users reading blogs and two billion videos viewed daily on YouTube.

After English (27%), the most requested languages on the World Wide Web are Chinese (23%), Spanish (8%), Japanese (5%), Portuguese and German (4% each), Arabic, French and Russian (3% each), and Korean (2%). Bu region, 42% of the world’s Internet users are based in Asia, 24% in Europe, 14% in North America, 10% in Latin America and the Caribbean taken together, 6% in Africa, 3% in the Middle East and 1% in Australia/Oceania.


Need for Cyber Law

In today’s techno-savvy environment, the world is becoming more and more digitally sophisticated and so are the crimes. Internet was initially developed as a research and information sharing tool and was in an unregulated manner. As the time passed by it became more transactional with e-business, e-commerce, e-governance and e-procurement etc. All legal issues related to internet crime are dealt with through cyber laws. As the number of internet users is on the rise, the need for cyber laws and their application has also gathered great momentum.

In today’s highly digitalized world, almost everyone is affected by cyber law. For example:

Almost all transactions in shares are in demat form.

Almost all companies extensively depend upon their computer networks and keep their valuable data in electronic form.

Government forms including income tax returns, company law forms etc. are now filled in electronic form.

Consumers are increasingly using credit/debit cards for shopping.

Most people are using email, phones and SMS messages for communication.

Even in “non-cyber crime” cases, important evidence is found in computers/cell phones eg: in cases of murder, divorce, kidnapping, tax evasion, organized crime, terrorist operations, counterfeit currency etc.

Cyber crime cases such as online banking frauds, online share trading fraud, source code theft, credit card fraud, tax evasion, virus attacks, cyber sabotage, phishing attacks, email hijacking, denial of service, hacking, pornography etc. are becoming common.

Digital signatures and e-contracts are fast replacing conventional method of transacting business.

Technology per se is never a disputed issue but for whom and at what cost has been the issue in the ambit of governance. The cyber revolution holds the promise of quickly reaching the masses as opposed to the earlier technologies, which had a trickle-down effect. Such a promise and potential can only be realized with an appropriate legal regime based on a given socio-economic matrix.

The rising Cyber Crime

As per the cybercrime data maintained by National Crime Records Bureau (NCRB), a total of 217, 288, 420 and 966 Cyber Crime cases were registered under the Information Technology Act, 2000 during 2007, 2008, 2009 and 2010 respectively. Also, a total of 328, 176, 276 and 356 cases were registered under Cyber Crime related Sections of Indian Penal Code (IPC) during 2007, 2008, 2009 and 2010 respectively. A total of 154, 178, 288, 799 persons were arrested under Information Technology Act 2000 during 2007-2010. A total number of 429, 195, 263 and 294 persons were arrested under Cyber Crime related Sections of Indian Penal Code (IPC) during 2007-2010.

As per 2011 NCRB figures, there were 1791 cases registered under the IT Act during the year 2011 as compared to 966 cases during the previous year (2010) thereby reporting an increase of 854% in 2011 over 2010.

Of this, 19.5% cases (349 out of 1791 cases) were reported from Andhra Pradesh followed by Maharashtra (306), Kerala (227), Karnataka (151) and Rajasthan (122). And 46.1% (826 cases) of the total 1791 cases registered under IT Act, 2000 were related to loss/damage to computer resource/utility reported under hacking with computer systems.

According to NCRB, the police have recorded less than 5000; only 4829 cases and made fewer arrests (3187) between 2007 2011, under both the Information Technology (IT) Act as well as the Indian Penal Code (IPC).

And convictions remain in single digits, according to lawyers. Only 487 persons were arrested for committing such offences during the year 2011. There were 496 cases of obscene publications/transmission in electronic form during the year 2011 wherein 443 persons were arrested.

A major program has been initiated on development of cyber forensics specifically cyber forensic tools, setting up of infrastructure for investigation and training of the users, particularly police and judicial officers in use of this tool to collect and analyse the digital evidence and present them in Court.

• Indian Computer Emergency Response Team (CERT-In) and Centre for Development of Advanced Computing (CDAC) are involved in providing basic and advanced training of Law Enforcement Agencies, Forensic labs and judiciary on the procedures and methodology of collecting, analysing and presenting digital evidence.

• Cyber forensic training lab has been set up at Training Academy of Central Bureau of Investigation (CBI) to impart basic and advanced training in Cyber Forensics and Investigation of Cyber Crimes to Police Officers associated with CBI. In addition, Government has set up cyber forensic training and investigation labs in Kerala, Assam, Mizoram, Nagaland, Arunachal Pradesh, Tripura, Meghalaya, Manipur and Jammu and Kashmir.

• In collaboration with Data Security Council of India (DSCI), NASSCOM, Cyber Forensic Labs have been set up at Mumbai, Bengaluru, Pune and Kolkata. DSCI has organized 112 training programmes on Cyber Crime Investigation and awareness and a total of 3680 Police officials, judiciary and Public prosecutors have been trained through these programmes.

Indian Computer Emergency Response Team (CERT-In) issues alerts, advisories and guidelines regarding cyber security threats and measures to be taken to prevent cyber incidents and enhance security of Information Technology systems.

• Cyber Laws in India: In India, cyber laws are contained in the Information Technology Act, 2000 (“IT Act”) which came into force on October 17, 2000. The main purpose of the Act is to provide legal recognition to electronic commerce and to facilitate filing of electronic records with the Government.

India has an extremely detailed and well-defined legal system in place. Numerous laws have been enacted and implemented and the foremost amongst them is the Constitution of India. We have inter alia, amongst others, the Indian Penal Code, the Indian Evidence Act 1872, the Reserve Bank of India Act, 1934, the Companies Act, and so on. However, the arrival of internet signalled the beginning of the rise of new and complex legal issues. It may be pertinent to mention that all the existing laws in place in India were enacted way back keeping in mind the relevant political, social, economic, and cultural scenario of that relevant time. Nobody then could really visualize about the Internet. Despite the vivid insight of our master draftsmen the requirements of cyberspace could hardly ever be anticipated. As such, the coming of the Internet led to the emergence of numerous tricky legal issues and glitches which required the enactment of Cyber laws.

The existing laws of India, even with the most compassionate and liberal interpretation could not be interpreted in the light of the emergency cyberspace, to include all aspects relating to different activities in cyberspace. In fact, the practical experience and the wisdom of judgement found that it shall not be without major threats and pitfalls, if the existing laws were to be interpreted in the scenario of emerging cyberspace, without enacting new cyber laws. Hence, the need for enactment of relevant cyber laws.

None of the existing laws gave any legal validity or sanction to the activities in Cyberspace. For example, the Net is used by a large majority of users for email. Yet till today, email id not “legal” in our country. There is no law in the country, which gives legal validity, and sanction to email. Courts and judiciary in our country have been reluctant to grant judicial recognition to the legality of email in the absence of any specific law having been enacted by the Parliament. As such the need has arisen for Cyber law.

Internet requires an enabling and supportive legal substructure in tune with the times. This legal infrastructure can only be given by the enactment of the relevant Cyber laws as the traditional laws have failed to grant the same. E-commerce, the biggest future of Internet, can only be possible if necessary legal infrastructure compliments the same to enable its pulsating growth.

All these and other varied considerations created a conductive atmosphere for the need for enacting relevant cyber laws in India.


• Jurisdiction:

If a crime is committed on a computer or computer network in India by a person resident outside India, then can the offence be tried by the Courts in India?

According to Section 1(2) of Information Technology Act, 2000, the Act extends to the whole of India and also applies to any offence or contravention committed outside India by any person. Further Section 75 of the I.T. Act, 2000 also mentions about the applicability of the Act for any offence or contravention committed outside India. According to this section, the Act will apply to an offence contravention committed outside India by any person, if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.

A Police officer not below the rank of Deputy Superintendent of Police should only investigate any offence under this Act. (Sec. 78 of I.T Act, 2000)

Without a duly signed extradition treaty or a multilateral cooperation arrangement, trial of such offences and conviction is a difficult proposition.

• Intermediaries: Section 79 deals with the immunity available to intermediaries. The Information Technology (Intermediaries guidelines) Rules, 2011 governs the duties of the intermediaries.

“Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet device providers, web hosting service providers, search engines, online payment sites, online auction sites, online market places and cyber cafes.

Intermediary will not be liable for any third party information, data or communication link hosted by him. It will apply only if:

The function of the intermediary is limited to providing access to a communiqué system over which information made available by third parties is communicated or temporarily stored or hosted. The intermediary does not initiate the transmission or select the receiver of the transmission and select or modify the information contained in the transmission.

The intermediary observes due diligence while discharging his duties. The intermediary will be held liable if he collaborated or assisted or aided or persuaded whether by intimidations or promise or otherwise in the commission of the unlawful act. He will also be liable if upon receiving actual knowledge or on being notified that any information, data or communication link residing in or connected to a computer resource controlled by it is being used to commit an unlawful act and it fails to expeditiously remove or disable access to that material.

The intermediary should observe the following due diligence while discharging his duties:

The intermediary should publish the rules and regulations, privacy policy and user agreement for access or usage of the intermediary’s computer resource by any person. Such rules and guidelines, terms and conditions or user agreement shall inform the users of computer resource not to host, display, upload, amend, publish, transmit, update or share any information. The intermediary should not knowingly host or publish any information or should not initiate the transmission, select the receiver of transmission, and select or modify the information contained in the transmission. The intermediary, on whose computer system information is stored or hosted or published, upon obtaining knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature about any such data should act within thirty six hours and where applicable, work with user or owner of such information to disable such information. Further the intermediary should preserve such information and associated records for at least ninety days for investigation purposes. The Intermediary should inform its users that in case of non-compliance with rules and guidelines, user agreement and privacy policy for access or usage of intermediary computer resource, the Intermediary has the right to immediately dismiss the access or usage lights of the users to the computer resource of Intermediary and remove non-compliant information. The intermediary should strictly follow the provisions of the Act or any other laws for the time being in force. When required by lawful order, the intermediary should provide information or any such assistance to Government Agencies who are lawfully authorized for exploratory, shielding, cyber security activity. The intermediary should take all rational measures to secure its computer resource and information contained therein.


CASE LAWS

• Sub Inspector Rajinder Singh vs State Of Haryana & Others on 14 July, 2009

• organization skills and scientific approach displayed in solving cyber crime cases.

• Punjab-Haryana High Court -

• Ms.Rohiniarora vs Government Of Nct Of Delhi on 6 January, 2012

• Adjudicating Authority is not expected to enquire into cyber crime cases until such time a complaint is made ... paid by the Complainant for enquiring into cyber crime cases. However, in order to satisfy the Appellant, who while relying

• Central Information Commission - Cites

• Obinna Nicodemus Enweka Alias ... vs State Of Orissa on 22 November, 2017

• connection with CID C.B. Cyber Crime P.S. Case No.12 of 2016 corresponding to C.T. Case ... mobile numbers are common in Odisha Cyber Crime case and Goa Cyber Crime case. The investigating officer received

• Orissa High Court -

• Vijay Govind vs State & Anr. on 7 February, 2014

• necessary. 2.10. It is submitted that in a case of cyber crime custodial interrogation is imperative as only the accused ... data belonging to the complainant company. In a case involving cyber crime, it is only after seizure, retrieval and analysis

• Delhi High Court -

• Ms.Rohini Arora vs Government Of Nct Of Delhi on 13 July, 2012

• This petition emanates from a CIC decision in case no. CIC/AD/A/2011/002338 dated 06.01.2012 in which ... adopted for the Tribunal to take up a cyber crime case and affirming their position that the court fees will

• Central Information communist.

REFERENCES

• Dr. Farooq Ahmad, Cyber Law in India, New Era Law

• Publications, Edition 4th, 2011

• Dr. GeorgiosZekos, Issues of Cyberspace and E-Commerce,

• ICFAI University Press, 2008

• Dr. Gupta & Agarwal, Cyber Laws, Premier Publishing

• Company, Allahabad, 2010

• G.D. Khosla, Know Your Copyright, Eastern Law House

• Publication, Calcutta, 1986

• Harish Chander, Cyber Laws and IT Protection, PHI

• learning Private Ltd. Publication, New Delhi, 2012

• RohasNagpal, Intellectual Property Issues and Cyberspace,

• Asian School of Cyber Law Publication,Pune,2008

• S. K. Varma& Mittal, Legal Dimensions of Cyberspace,

• Indian Law Institute, New Delhi, 2003

• V.K. Ahuja, Intellectual Property Rights in India, Lexis Nexis

• Butterworth's Wadhwa, Nagpur, 2009

• VakulSharma, Information Technology, Universal Law

• Publishing Company, New Delhi, 2013

• Tabrez Ahmad, Cyber Law and E-Commerce, APH

• Publishing Corp., New Delhi, 2003

• www.org/wiki/Copyright_aspects_of_hyperlinking_and_

Framing

• www.wipo.int/

• www.makeinindia.com/intellectual property facts/

• www.saraswatnet.com/article5.html

• www.indiankanoon.org