Need for data protection in cyberspace: An analysis
From Advocatespedia, The Law Encyclopedia
Cyberspace refers to the virtual computer world with a virtual space, and more specifically, is an electronic medium used to form a global computer network to facilitate online communication. It is a large computer network made up of many worldwide computer networks that employ TCP/IP protocol to aid in communication and data exchange activities. Cyberspace is also called as the world of internet. Thus, cyberspace is an online platform where individuals or entities can interact with each other.
Currently, India is facing many problems and resettlement in data protection due to lack of proper legal framework. There are number of crimes are happening in today’s internet era. The theft and sale of stolen data is happening all over the countries where there is no restriction in such kind of acts in this technological era. As India being the developing country, it has become the largest outsource of data processing in the world could become the epicenter of cybercrime this is mainly due to the lack of appropriate legislation. The Data security council of India (DSCI) and Department of Information and technology (DIT) must take some steps with regard to it. The best solution is to form codified legislation along with the suitable public and employees awareness. Now, time has come for making adequate laws for the cyber crimes in India. its time to pay attention for the data security in India. To reduce data breaches and cyber crimes in India the government have to make strong cyber laws.
Data protection methods
Under Article 21 of the Constitution, right to privacy has now become our fundamental right and one of the basic human rights to life. Information privacy, involves the establishment of rules relating to personal data such as information regarding credit details or medical details, etc. It is also known as data protection. In today’s digital era, data is a valuable asset. Data is an important raw-material for Call Centers and I.T. Companies and Stock markets. It is an important tool for corporate sector to capture larger market shares.
Cryptography, an import to the recipient is confidential or intercepted by anyone but the intended party. It is very similar to showing a Identity card like a voter ID or a PAN or Aadhaar, etc. which verifies the identity of a person in the real world.
Under world common law
There are some codified cyber laws to restrict cyber crimes. One of them is the Information Technology Act which came into force in 2008 is based on Model Law of Electronic Commerce adopted by United Nations Commission of Internal Trade Law (UNCITRAL). The Act contains 93 clauses and is divided into XIII Chapters.
The objective of the Act is to protect the data which are saved by the persons, entities or organization. The Act seeks to substitute electronic records in place of paper documents. The electronic records are to be authenticated by way of affixing digital signatures. The Act also permits preservation of documents and records in electronic form, principles for determining time, place of dispatch and receipt of electronic records, etc. The various sections and provisions which penalizes certain cyber crimes in India are briefed below:
Under the Information Technology Act, 2000:
• Section 43: This section provides protection against destruction and unauthorized access of the computer system by imposing heavy penalty up to one crore. The imposition of penalty is the also for the unauthorized introduction of computer viruses.
• Section 65: This section provides for protection against tampering of computer source documents.
• Section 66: Hacking has been defined under this section and the penalty imposed for hacking is outlined to imprisonment of up to three years or fine up to two lakh rupees or both on the hacker.
• Section 70: This section provides protection to the data stored in the protected system. It penalizes any access or attempt to secure access of that system.
• Section 72: This section provides protection against breach of confidentiality and privacy of the data.1
Under the Indian Penal Code of 1870: ‘Theft’ under section 378 is defined as ‘Whoever, intending to take dishonestly any movable property out of the possession of any person without that person’s consent, moves that property in order to such taking, is said to commit theft.’ Here, the data being an incorporeal property under ‘moveable property’ is covered under the definition of Theft if such data transmission is in the form of a medium such as CD, pen drives, floppy, etc.
The Dow Jones Case:
Dow Jones & Co., the publisher of Wall Street Journal was sued in Victoria, Australia by Joseph Gutnick, for publishing an online Article named ‘Unholy Gains’ on servers maintained at New Jersey , US. The court held that as the materials complained of was made comprehensible when downloaded in Victoria , the courts in Victoria had jurisdiction.
The Young Case
The suit was filed against two newspapers making defamatory comments on a prison warden in Virginia. The jurisdiction of the court was objected. The District court accepted the jurisdiction but the same was reversed by the US Court 4th Circuit. The appellate court ruled that the newspapers did not target their websites nor had they published the same for the Virginia audience, so merely because any one could download the articles from the website did not bestow jurisdiction to the Virginia court.2
The Yahoo case
Yahoo, the Internet Service Provider, displayed Nazi materials and provides auction of Nazi insignia. The French Law considered it as illegal , but a French user could see Nazi material and also purchase Nazi insignia from Yahoo site. A suit for injunction filed against Yahoo was allowed.
Yahoo simultaneously filed a suit in the US court to declare the French order unenforceable as it violated the first amendment to the US Constitution. The district Court ruled that the Constitution protects free speech and trumped the French court requiring Yahoo to remove Nazi material from the website.3
The Bank NSP Case
The Bank NSP case is the one where a management trainee of the bank was engaged to be married. The couple exchanged many emails using the company computers. After some time the two broke up and the girl created fraudulent email ids such as "indianbarassociations" and sent emails to the boy's foreign clients. She used the banks computer to do this. The boy's company lost a large number of clients and took the bank to court. The bank was held liable for the emails sent using the bank's system.
Syed Asifuddin and Ors. Vs. The State of Andhra Pradesh
In this case, Tata Indicom employees manipulated the electronic 32- bit number (ESN) programmed into cell phones theft were exclusively franchised to Reliance Infocomm. Court held that tampering with source code invokes Section 65 of the Information Technology Act.