The legal dimensions
ASHOK KUMAR
THE laws of nature govern our universe as well as human life. Additionally, human beings being social animals are also subject to regulation by formal and informal rules and laws brought about by communities. Eventually, governments make laws and rules to regulate systematic life amongst citizens as it is the state’s responsibility to protect the life and property of every individual with due respect. Further, the citizens expect and seek from the government that the legal provisions guarantee and assure effective and deterrent enforcement and implementation of laws at all stages.
In the fast moving world of today, crime respects no jurisdictions – rather it enjoys unlimited geographical jurisdiction across the globe. Hence, we find crimes being committed even in space or through the Internet world across countries. At the turn of the century, human beings entered an era of cyber space, so we may even claim that we live in a cyber world. It is useful to recall that the term ‘cyberspace’ was first used way back in 1984 by William Gibson in his Sci-fi novel Neuromancer to describe the virtual world of computers, prescient given that crime, facilitated by the rapid development of the Internet, now increasingly takes place unfettered by boundary jurisdictions of nation states.
It is, therefore, essential to understand cyber law. In general, cyber law is a generic term, which refers to all legal and regulatory aspects of the Internet and the world-wide web. Anything concerning or related to, or emanating from, any legal aspects, or issues, or any activity of Netizens and others in cyberspace comes within the ambit of cyber law. In other words, cyber law is a tool that provides legal recognition to electronic documents and a framework to support e-filing and e-commerce transactions. It also provides a legal framework to mitigate/check cyber crimes in a particular set-up.
The growth of electronic commerce has fuelled the need for vibrant and effective regulatory mechanisms, which would further strengthen the legal infrastructure, so crucial to the accomplishment of electronic commerce and control and regulate cyber crime. All these regulatory mechanisms and legal infrastructure come within the domain of cyber law. It is critical to underscore that strong cyber laws and implementation and enforcement per se is a dire need for which each and every government must play a significant role in managing the affairs of electronic commerce and controlling cyber crime. This is essential for countries across the world to retain faith in the legal enforcement agencies of each country.
L
ike other legal systems, the law relating to cyber crime is an evolving and growing process, as newer challenges are continually surfacing in this field. Consequently, due to the fast growth of internet, various legal issues have arisen, more particularly in the area of cyber crime such as domain name disputes, intellectual property rights disputes, electronic commerce issues, privacy, encryption, electronic contracts, spamming, banking crime and so on, which makes it essential for all governments to enact effective and strong regulations to control both offences and offenders.Today, cyberspace touches practically everything and everyone. It provides a platform for innovation and prosperity and also the means to improve general welfare around the globe. But with the broad reach of a loose and lightly regulated digital infrastructure, great risks threaten nations, private enterprise, and individual rights. The government has a responsibility to address these strategic vulnerabilities to ensure the safety and security of all vital assets of a nation from mineral, agricultural, commercial, industrial, manpower and offshore at one end to the vital defence, nuclear, space and communications at the other.
T
he United Nations Commission on International Trade Law (UNCITRAL) adopted the Model Law on Electronics Commerce in 1996. The General Assembly of the United Nations by its Resolution No. 51/162 dated January 1997, recommended that all states should give favourable consideration to the said model law when they enact or revise their laws. The model law provides for equal legal treatment of users of electronic communication. Pursuant to a recent declaration by member countries, the World Trade Organization (WTO) is likely to initiate a programme to handle its work in this area, including the possible creation of multilateral trade deals through the medium of electronic commerce.The WTO conference in Seattle was to focus on this issue. Held in November 1999, 135 nations, representing three-four of the world population, haggled over issues such as access and markets. WTO is primarily mandated to promote the freest possible flow of trade globally. India is also a member of WTO and participated in the discussions in Seattle. The focus was primarily on the world’s oldest and newest industry: agricultural and electronic commerce (e-commerce). But the conference could not make a breakthrough, so the present attention of the world remains on agriculture and e-commerce.
Though the word crime carries the general meaning as a legal wrong that can be followed by criminal proceedings which may result in punishment, cyber crime refers to unlawful acts wherein the computer is either a tool or target or both. The world’s first computer specific law was enacted in 1970 by the German state of Hesse in the form of a Data Protection Act, 1970. With the advancement of cyber technology, its misuse has also expanded to a level necessitating a need for strict statutory laws to regulate criminal activity in the cyber world and to protect the technological advanced systems. It is under these circumstances that the Indian Parliament passed the Information Technology Act, 2000 on 17 October 2000 on the lines of the model laws of the United Nations to enact exhaustive and comprehensive laws to deal with technology in the field of e-commerce, e-governance, e-banking, as well as penalties and punishments in the field of cyber crime. Indian cyber laws have been amended twice in view of fast changing developments in ICT (information communication technology) and usage of the Internet worldwide as most work of all organizations, whether public or private, now takes place through networking across the world.
With cyber crime growing day by day, it is difficult to find a distinction between cyber crime and conventional crime. To achieve some clarity, cyber crime may be classified under different categories which are as follows.
C
yber Crimes in the personal domain comprise of harassment via email, cyber stalking, dissemination of obscene material, defamation, pornography (specially child pornography), hacking of passwords, email and SMS spoofing, cheating and fraud, among others. At present harassment is commonplace and on the increase in social sites such as Facebook and Twitter.A recent survey conducted by an international agency claims that more than 20% of total earnings through networks is coming from pornography websites for which certain stringent regulations are the need of the hour. However, no country is taking a lead in this grey area.
It is not uncommon to read reports about criminals having stolen individual identities, thereby living ‘legally’ in the name of an innocent person! Besides crimes in the personal domain, there are crimes against a person’s property, cyber crimes against government, and cyber crimes against society at large. An unlawful act done with the intention of causing harm to cyberspace will affect a large number of persons. Some of these offences are cyber trafficking, online gambling, financial crimes, attack on individual privacy, and other crimes that take place through the Internet.
T
he UNO is of the strict view that every country should have strong cyber laws to control cyber crime through organizations like a cyber security council. However, the member-countries of the United Nations are not sufficiently organized to address the growing problem of cyber security across the world. After the 9/11 attack, almost all developed countries have enacted a cyber security policy and tightened their laws. The leaders amongst them are the G7 countries, which as a group have been interacting at every possible level to ward off threats from any kind of cyber attack as their economies are today integrated in cyber space.According to government figures, India was the 10th most intensely cyber attacked country in 2010-11. However, today it stands second only to the US. With Internet usage, including through mobile phones, rising dramatically – from 202 million users in March 2010 to 412 million in March 2011 and 485 million in March 2012 – India is now second only to China in the number of devices connected to the net. Therefore, the Indian government needs to be more scrupulous and prove its cyber security strength to the world to ensure confidence in the management of networking in the country, without any hesitation or reluctance.
Today, threats emanating from cyber space are one of the most serious economic and national security challenges facing almost all the countries of the world. It would not be an exaggeration to say that the very survival of human life in the 21st century will depend on cyber security and technological know-how.
The central government introduced the Information Technology Bill in Parliament on 12 December 1999, which was to form the basis for cyber law legislation to provide a legal framework for electronic commerce and to enable electronic governance in the country. The bill also sought to make consequential amendments to the Penal Code, 1860 (IPC) and the Evidence Act, 1872, the Bankers Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith. The bill was passed by the Lok Sabha on 16 May 2000 after some modifications, found approval in the Raj Sabha on 17 May 2000 and received the President’s assent on 9 June 2000.
T
he first person, globally, to be prosecuted under the Computer and Fraud Act was Robert T. Morris, son of former National Security Agency Scientist Robert Morris. He created a worm while at Cornell as a student, claiming that he intended to use the worm to check how large the internet was at that time. He was ultimately sentenced to three years’ probation, 400 hours of community service and fined $10500. Fred Cohen, a Ph.D. student at the University of Southern California wrote a short programme in 1983 as an experiment, which could ‘infect’ computers, make copies of it, and spread the infection from one machine to another. Though computer scientists had warned that computer viruses were possible, Cohen’s was the first documented case. A professor of his suggested the name ‘virus’.From China, Wang Qun, better known by the nickname ‘playgirl’, was arrested by Chinese police in Hubei province and the first to be booked as an internet hacker in China. He was a 19 year old computer student, arrested in connection with the alleged posting of pornographic material on the homepages of several government-run websites.
T
here is little doubt that the Internet has proved to be a boon for society throughout the world. But at the same time it has caused some problems due to criminals and criminal minds. The Internet has compelled society to learn a new style to express criminal tendencies. As recently as 1990, less than a hundred thousand people were able to log on to the Internet worldwide. Today more than 1000 million people are hooked up to surf and browse the net around the globe. On one hand, it is certainly a sign of development in the arena of information and communication technology across the world. On the other hand, due to an increase in the number of Netizens (users of the network), misuse of technology in cyber space was catching up which gave birth to cyber crimes both at the domestic and international level.The evolution of Information Technology (IT) gave birth to cyber space, wherein the Internet provided equal opportunity for people to access any information, data storage, analysis etc., with the use of high technology. No doubt, India too is also taking the lead, at least trying not to lag behind in any manner by adhering to international standards of communications and by building an Internet infrastructure. But at the same time the Indian government is unable to curb cyber crime to the extent the developed world has done.
A
ccording to its Section 43, ‘Whoever does any act or destroys, deletes, alters and disrupts or causes disruption of any computer with the intention of damaging the whole data of the computer system without the permission of the owner of the computer, shall be liable to pay a fine up to one crore to the person so affected by way of remedy. Further, under its Section 43A, where a body corporate is maintaining and protecting the data of the persons as provided by the central government, if there is any negligent act or failure in protecting the data/information then a body corporate shall be liable to pay compensation to persons so affected. And Section 66 deals with ‘hacking with computer systems’ and provides for imprisonment up to three years or a fine, which may extend up to two years or both.The following are some of the key parts of the act:
1. It provides for a regulatory regime to supervise the digital signature system, essential for carrying out financial transactions through the Internet and other electronic modes. It also provides for the appointment of a controller and other authorities for the purpose of the act.
2. To enable electronic governance, it provides the use and acceptance of electronic records and agencies, making the interaction between citizen and government easy.
3. It creates civil and criminal liability for contravention of the act.
4. There is a provision to publish an electronic gazette or official gazette where all regulations, rules, orders, bylaws and notifications can be accessed over the Internet.
5. Makes illegal the tampering of computer documents and publishing obscene information in electronic form.
6. The act empowers the controller to decrypt any coded information and direct any agency to intercept any information transmitted through any computer network.
7. It provides for penalties. Any person who without permission of the owner or any other person who is in charge of a computer, computer system or computer network:
a) Accesses or secures access to such computer, computer system or computer network;
b) Downloads, copies or extracts any data, computer database or information from such computer, computer system and computer network including information or data held or stored in any removable storage medium;
c) Introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
d) Damages or cause to be damaged any computer, computer system or computer network, data, computer database or any other programme residing in such computer, computer system or computer network;
e) Disrupts or causes disruption of any computer, computer system or computer network;
f) Denies or causes the denial of access to any person authorized to access any computer, compute system or computer network by any mean;
g) Provides any assistance to any person to facilities, access to a computer, compute system or computer network in contravention of the provisions of this act, rules or regulations made thereunder;
h) Charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system or computer network; He shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected. It also provides for penalty for failure to furnish information, return, etc. to the controller of the certifying authority.
8. It provides for the establishment of adjudicatory and appellate authorities.
9. It stipulates penalties for offences, e.g., tempering with computer source and documents hacking, etc. and for contraventions committed outside India, but involving a computer or network located in India; it also provides that any police officer not below the rank of a deputy superintendent is empowered to search and arrest without warrant any person for violating the provisions of the act. It provides for confiscation of any computer system floppies, compact disks, tape drivers or any other accessories, etc.
10. It mandates the constitution of a cyber regulation advisory committee.
11. The act shall override earlier laws.
I
n the end, for India to maintain a leading edge in the IT information technology space, it must take a comprehensive view of cyber security. Not only are stringent laws with severe punishment required, but it is important to educate and create a judiciary with knowledge of cyberspace, IT and communications. Our strategic resources need to be guarded through competent, educated and knowledgeable cyber security professionals. The corporate sector must be encouraged to proportionately contribute to R&D in cyber security programmes in view of the increasing public private partnership ventures. Every nation should come forward with a cyber security policy to check transborder cyber crimes and to bring offenders to justice.