The term ‘cyber crime’ is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state.
Cyber crime is criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cyber crime also includes non-monetary offences, such as creating and distributing viruses on other computers or posting confidential business information on the Internet.
Perhaps the most prominent form of cyber crime is identity theft, in which criminals use the Internet to steal personal information from other users. Two of the most common ways this is done is through phishing and pharming. Both of these methods lure users to fake websites (that appear to be legitimate), where they are asked to enter personal information. This includes login information, such as usernames and passwords, phone numbers, addresses, credit card numbers, bank account numbers, and other information criminals can use to "steal" another person's identity. For this reason, it is smart to always check the URL or Web address of a site to make sure it is legitimate before entering your personal information.
Because cyber crime covers such a broad scope of criminal activity, the examples above are only a few of the thousands of crimes that are considered cyber crimes. While computers and the Internet have made our lives easier in many ways, it is unfortunate that people also use these technologies to take advantage of others. Therefore, it is smart to protect yourself by using antivirus and spy ware blocking software and being careful where you enter your personal information.
Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.
CONVENTIONAL CRIME
Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is “a legal wrong that can be followed by criminal proceedings which may result into punishment.”
(1) The hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin “the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences”.
(2) A crime may be said to be any conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences.
DEFINITION OF CYBER CRIME
Cyber crime is the latest and perhaps the most complicated problem in the cyber world. “Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime” [1]. “Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime” [2]
A generalized definition of cyber crime may be “ unlawful acts wherein the computer is either a tool or target or both”(3) The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases-
unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data did ling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.
The Oxford Reference Online defines cyber crime as crime committed over the Internet. The Encyclopaedia Britannica defines cyber crime as any crime that is committed by means of special knowledge or expert use of computer technology.
Cyber crime could reasonably include a wide variety of criminal offences and activities. The scope of this definition becomes wider with a frequent companion or substitute term “computer-related crime.” Examples activities that are considered
cyber crime can be found in the United Nations Manual on the Prevention and Control of Computer-Related Crime. The manual includes fraud, forgery, computer sabotage, unauthorised access and copying of computer programs as examples of cyber crime. (www.uncjin.org/Documents/EighthCongress.html)
example of such cyber is the Computer Crimes Act 1997. This cyber law addresses and looks into areas of cyber crime activities [3]
REASONS FOR CYBER CRIME
Hart in his work “ The Concept of Law” has said ‘human beings are vulnerable so rule of law is required to protect them’. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be:
1 Capacity to store data in comparatively small space-
The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much more easier.
2 Easy to access-
The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.
3. Complex-
The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.
4. Negligence-
Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.
5. Loss of evidence-
Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.
CYBER CRIMINALS
The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals-
1. Children and adolescents between the age group of 6 – 18 years
The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove themselves to be outstanding amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal Bharati (
2. Organised hackers-
These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.
3. Professional hackers / crackers –
Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are ven employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.
4. Discontented employees-
This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee.
MODE AND MANNER OF COMMITING CYBER CRIME
Mode and manner of committing cyber crime [4]
1. Theft of Telecommunications Services
The "phone phreakers" of three decades ago set a precedent for what has become a major criminal industry. By gaining access to an organization’s telephone switchboard (PBX) individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties (Gold 1999). Offenders may gain access to the switchboard by impersonating a technician, by fraudulently obtaining an employee's access code, or by using software available on the internet. Some sophisticated offenders loop between PBX systems to evade detection. Additional forms of service theft include capturing "calling card" details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored value telephone cards.
It has been suggested that as long ago as 1990, security failures at one major telecommunications carrier cost approximately £290 million, and that more recently, up to 5% of total industry turnover has been lost to fraud (Schieck 1995: 2-5; Newman 1998). Costs to individual subscribers can also be significant In one case, computer hackers in the
2. Communications in Furtherance of Criminal Conspiracies
Just as legitimate organizations in the private and public sectors rely upon information systems for communications and record keeping, so too are the activities of criminal organizations enhanced by technology.
There is evidence of telecommunications equipment being used to facilitate organized drug trafficking, gambling, prostitution, money laundering, child pornography and trade in weapons (in those jurisdictions where such activities are illegal). The use of encryption technology may place criminal communications beyond the reach of law enforcement.
The use of computer networks to produce and distribute child pornography has become the subject of increasing attention. Today, these materials can be imported across national borders at the speed of light (Grant, David and Grabosky 1997). The more overt manifestations of internet child pornography entail a modest degree of organization, as required by the infrastructure of IRC and WWW, but the activity appears largely confined to individuals.
By contrast, some of the less publicly visible traffic in child pornography activity appears to entail a greater degree of organization. Although knowledge is confined to that conduct which has been the target of successful police investigation, there appear to have been a number of networks which extend cross-nationally, use sophisticated technologies of concealment, and entail a significant degree of coordination.
Illustrative of such activity was the Wonderland Club, an international network with members in at least 14 nations ranging from Europe, to North America, to
3. Telecommunications Piracy
Digital technology permits perfect reproduction and easy dissemination of print, graphics, sound, and multimedia combinations. The temptation to reproduce copyrighted material for personal use, for sale at a lower price, or indeed, for free distribution, has proven irresistable to many.
This has caused considerable concern to owners of copyrighted material. Each year, it has been estimated that losses of between US$15 and US$17 billion are sustained by industry by reason of copyright infringement (United States, Information Infrastructure Task Force 1995, 131).
The Software Publishers Association has estimated that $7.4 billion worth of software was lost to piracy in 1993 with $2 billion of that being stolen from the Internet (Meyer and Underwood 1994).
Ryan (1998) puts the cost of foreign piracy to American industry at more than $10 billion in 1996, including $1.8 billion in the film industry, $1.2 billion in music, $3.8 billion in business application software, and $690 million in book publishing.
According to the Straits Times (8/11/99) A copy of the most recent James Bond Film The World is Not Enough, was available free on the internet before its official release.
When creators of a work, in whatever medium, are unable to profit from their creations, there can be a chilling effect on creative effort generally, in addition to financial loss.
4. Dissemination of Offensive Materials
Content considered by some to be objectionable exists in abundance in cyberspace. This includes, among much else, sexually explicit materials, racist propaganda, and instructions for the fabrication of incendiary and explosive devices. Telecommunications systems can also be used for harassing, threatening or intrusive communications, from the traditional obscene telephone call to its contemporary manifestation in "cyber-stalking", in which persistent messages are sent to an unwilling recipient.
One man allegedly stole nude photographs of his former girlfriend and her new boyfriend and posted them on the Internet, along with her name, address and telephone number. The unfortunate couple, residents of
In another case a rejected suitor posted invitations on the Internet under the name of a 28-year-old woman, the would-be object of his affections, that said that she had fantasies of rape and gang rape. He then communicated via email with men who replied to the solicitations and gave out personal information about the woman, including her address, phone number, details of her physical appearance and how to bypass her home security system. Strange men turned up at her home on six different occasions and she received many obscene phone calls. While the woman was not physically assaulted, she would not answer the phone, was afraid to leave her home, and lost her job (Miller 1999; Miller and Maharaj 1999).
One former university student in
Computer networks may also be used in furtherance of extortion. The Sunday Times (
5. Electronic Money Laundering and Tax Evasion
For some time now, electronic funds transfers have assisted in concealing and in moving the proceeds of crime. Emerging technologies will greatly assist in concealing the origin of ill-gotten gains. Legitimately derived income may also be more easily concealed from taxation authorities. Large financial institutions will no longer be the only ones with the ability to achieve electronic funds transfers transiting numerous jurisdictions at the speed of light. The development of informal banking institutions and parallel banking systems may permit central bank supervision to be bypassed, but can also facilitate the evasion of cash transaction reporting requirements in those nations which have them. Traditional underground banks, which have flourished in Asian countries for centuries, will enjoy even greater capacity through the use of telecommunications.
With the emergence and proliferation of various technologies of electronic commerce, one can easily envisage how traditional countermeasures against money laundering and tax evasion may soon be of limited value. I may soon be able to sell you a quantity of heroin, in return for an untraceable transfer of stored value to my "smart-card", which I then download anonymously to my account in a financial institution situated in an overseas jurisdiction which protects the privacy of banking clients. I can discreetly draw upon these funds as and when I may require, downloading them back to my stored value card (Wahlert 1996).
6. Electronic Vandalism, Terrorism and Extortion
As never before, western industrial society is dependent upon complex data processing and telecommunications systems. Damage to, or interference with, any of these systems can lead to catastrophic consequences. Whether motivated by curiosity or vindictiveness electronic intruders cause inconvenience at best, and have the potential for inflicting massive harm (Hundley and Anderson 1995, Schwartau 1994).
While this potential has yet to be realised, a number of individuals and protest groups have hacked the official web pages of various governmental and commercial organisations (Rathmell 1997). http://www.2600.com/hacked_pages/ (visited 4 January 2000). This may also operate in reverse: early in 1999 an organised hacking incident was apparently directed at a server which hosted the Internet domain for East Timor, which at the time was seeking its independence from
Defence planners around the world are investing substantially in information warfare - means of disrupting the information technology infrastructure of defense systems (Stix 1995). Attempts were made to disrupt the computer systems of the Sri Lankan Government (Associated Press 1998), and of the North Atlantic Treaty Organization during the 1999 bombing of
More recently, an extortionist in
7. Sales and Investment Fraud
As electronic commerce becomes more prevalent, the application of digital technology to fraudulent endeavours will be that much greater. The use of the telephone for fraudulent sales pitches, deceptive charitable solicitations, or bogus investment overtures is increasingly common. Cyberspace now abounds with a wide variety of investment opportunities, from traditional securities such as stocks and bonds, to more exotic opportunities such as coconut farming, the sale and leaseback of automatic teller machines, and worldwide telephone lotteries (Cella and Stark 1997 837-844). Indeed, the digital age has been accompanied by unprecedented opportunities for misinformation. Fraudsters now enjoy direct access to millions of prospective victims around the world, instantaneously and at minimal cost.
Classic pyramid schemes and "Exciting, Low-Risk Investment Opportunities" are not uncommon. The technology of the World Wide Web is ideally suited to investment solicitations. In the words of two SEC staff "At very little cost, and from the privacy of a basement office or living room, the fraudster can produce a home page that looks better and more sophisticated than that of a Fortune 500 company" (Cella and Stark 1997, 822).
8. Illegal Interception of Telecommunications
Developments in telecommunications provide new opportunities for electronic eavesdropping. From activities as time-honoured as surveillance of an unfaithful spouse, to the newest forms of political and industrial espionage, telecommunications interception has increasing applications. Here again, technological developments create new vulnerabilities. The electromagnetic signals emitted by a computer may themselves be intercepted. Cables may act as broadcast antennas. Existing law does not prevent the remote monitoring of computer radiation.
It has been reported that the notorious American hacker Kevin Poulsen was able to gain access to law enforcement and national security wiretap data prior to his arrest in 1991 (Littman 1997). In 1995, hackers employed by a criminal organization attacked the communications system of the Amsterdam Police. The hackers succeeded in gaining police operational intelligence, and in disrupting police communications (Rathmell 1997).
9. Electronic Funds Transfer Fraud
Electronic funds transfer systems have begun to proliferate, and so has the risk that such transactions may be intercepted and diverted. Valid credit card numbers can be intercepted electronically, as well as physically; the digital information stored on a card can be counterfeited.
Of course, we don't need Willie Sutton to remind us that banks are where they keep the money. In 1994, a Russian hacker Vladimir Levin, operating from St Petersburg, accessed the computers of Citibank's central wire transfer department, and transferred funds from large corporate accounts to other accounts which had been opened by his accomplices in The United States, the Netherlands, Finland, Germany, and Israel. Officials from one of the corporate victims, located in
The above forms of computer-related crime are not necessarily mutually exclusive, and need not occur in isolation. Just as an armed robber might steal an automobile to facilitate a quick getaway, so too can one steal telecommunications services and use them for purposes of vandalism, fraud, or in furtherance of a criminal conspiracy.1 Computer-related crime may be compound in nature, combining two or more of the generic forms outlined above.
The various activities of Kevin Mitnick, as described in Hafner and Markoff (1991) are illustrative.
CLASSIFICATION
The subject of cyber crime may be broadly classified under the following three groups. They are-
1. Against Individuals
a. their person &
b. their property of an individual
2. Against Organization
a. Government
b. Firm, Company, Group of Individuals.
3. Against Society at large
The following are the crimes, which can be committed against the followings group
Against Individuals: –
i. Harassment via e-mails.
ii. Cyber-stalking.
iii. Dissemination of obscene material.
iv. Defamation.
v. Unauthorized control/access over computer system.
vi. Indecent exposure
vii. Email spoofing
viii. Cheating & Fraud
Against Individual Property: -
i. Computer vandalism.
ii. Transmitting virus.
iii. Netrespass
iv. Unauthorized control/access over computer system.
v. Intellectual Property crimes
vi. Internet time thefts
Against Organization: -
i. Unauthorized control/access over computer system
ii. Possession of unauthorized information.
iii. Cyber terrorism against the government organization.
iv. Distribution of pirated software etc.
Against Society at large: -
i. Pornography (basically child pornography).
ii. Polluting the youth through indecent exposure.
iii. Trafficking
iv. Financial crimes
v.
vi. Online gambling
vii. Forgery
The above mentioned offences may discussed in brief as follows:
1. Harassment via e-mails
Harassment through e-mails is not a new concept. It is very similar to harassing through letters. Recently I had received a mail from a lady wherein she complained about the same. Her former boy friend was sending her mails constantly sometimes emotionally blackmailing her and also threatening her. This is a very common type of harassment via e-mails.
2. Cyber-stalking
The
3. Dissemination of obscene material/ Indecent exposure/ Pornography (basically child pornography) / Polluting through indecent exposure
Pornography on the net may take various forms. It may include the hosting of web site containing these prohibited materials.Use of computers for producing these obscene materials. Downloading through the Internet, obscene materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. Two known cases of pornography are the Delhi Bal Bharati case and the
4. Defamation
It is an act of imputing any person with intent to lower the person in the estimation of the right-thinking members of society generally or to cause him to be shunned or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. E.g. the mail account of Rohit was hacked and some mails were sent from his account to some of his batch mates regarding his affair with a girl with intent to defame him.
5. Unauthorized control/access over computer system
This activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term "unauthorized access" interchangeably with the term "hacking" to prevent confusion as the term used in the Act of 2000 is much wider than hacking.
6. E mail spoofing
A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's origin to be different from which actually it originates. Recently spoofed mails were sent on the name of Mr. Na.Vijayashankar (naavi.org), which contained virus.
Rajesh Manyar, a graduate student at
7. Computer vandalism
Vandalism means deliberately destroying or damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer or by physically damaging a computer or its peripherals.
8. Transmitting virus/worms
This topic has been adequately dealt herein above.
9. Intellectual Property crimes / Distribution of pirated software
Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, copyright infringement, trademark and service mark violation, theft of computer source code, etc.
The Hyderabad Court has in a land mark judgement has convicted three people and sentenced them to six months imprisonment and fine of 50,000 each for unauthorized copying and sell of pirated software. [6]
10. Cyber terrorism against the government organization
At this juncture a necessity may be felt that what is the need to distinguish between cyber terrorism and cyber crime. Both are criminal acts. However there is a compelling need to distinguish between both these crimes. A cyber crime is generally a domestic issue, which may have international consequences, however cyber terrorism is a global concern, which has domestic as well as international consequences. The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate emails, attacks on sensitive computer networks, etc. Technology savvy terrorists are using 512-bit encryption, which is next to impossible to decrypt. The recent example may be cited of – Osama Bin Laden, the LTTE, attack on
Cyber terrorism may be defined to be “ the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives” (4)
Another definition may be attempted to cover within its ambit every act of cyber terrorism.
A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption of services or means of communications essential to the community or in damaging property with the view to –
(i) putting the public or any section of the public in fear; or
(ii) affecting adversely the harmony between different religious, racial, language or regional groups or castes or communities; or
(iii) coercing or overawing the government established by law; or
(iv) endangering the sovereignty and integrity of the nation
and a cyber terrorist is the person who uses the computer system as a means or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber terrorism.
11. Trafficking
Trafficking may assume different forms. It may be trafficking in drugs, human beings, arms weapons etc. These forms of trafficking are going unchecked because they are carried on under pseudonyms. A racket was busted in Chennai where drugs were being sold under the pseudonym of honey.
12. Fraud & Cheating
Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. It may assume different forms. Some of the cases of online fraud and cheating that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc.
Recently the Court of Metropolitan Magistrate Delhi [7] found guilty a 24-year-old engineer working in a call centre, of fraudulently gaining the details of Campa's credit card and bought a television and a cordless phone from Sony website. Metropolitan magistrate Gulshan Kumar convicted Azim for cheating under IPC, but did not send him to jail. Instead, Azim was asked to furnish a personal bond of Rs 20,000, and was released on a year's probation.
PREVENTION OF CYBER CRIME
Prevention is always better than cure. It is always better to take certain precaution while operating the net. A should make them his part of cyber life. Saileshkumar Zarkar, technical advisor and network security consultant to the Mumbai Police Cyber crime Cell, advocates the 5P mantra for online security: Precaution, Prevention, Protection, Preservation and Perseverance. A netizen should keep in mind the following things-
1. To prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place.
2. Always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.
3. Always use latest and up date anti virus software to guard against virus attacks.
4. Always keep back up volumes so that one may not suffer data loss in case of virus contamination
5. Never send your credit card number to any site that is not secured, to guard against frauds.
6. Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children.
7. It is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.
8. Web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this.
9. Use of firewalls may be beneficial.
10. Web servers running public sites must be physically separate protected from internal corporate network.
Adjudication of a Cyber Crime - On the directions of the Bombay High Court the Central Government has by a notification dated 25.03.03 has decided that the Secretary to the Information Technology Department in each state by designation would be appointed as the AO for each state.
STATUTORY PROVISONS
The Indian parliament considered it necessary to give effect to the resolution by which the General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations Commission on Trade Law. As a consequence of which the Information Technology Act 2000 was passed and enforced on 17th May 2000.the preamble of this Act states its objective to legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker’s Book Evidence Act1891 and the Reserve Bank of India Act 1934. The basic purpose to incorporate the changes in these Acts is to make them compatible with the Act of 2000. So that they may regulate and control the affairs of the cyber world in an effective manner.
The Information Technology Act deals with the various cyber crimes in chapters IX & XI. The important sections are Ss. 43,65 [8]. Section 43 in particular deals with the unauthorised access, unauthorised downloading, virus attacks or any contaminant, causes damage, disruption, denial of access, interference with the service availed by a person. This section provide for a fine up to Rs. 1 Crore by way of remedy. Section 65 deals with ‘tampering with computer source documents’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Section [9] deals with ‘hacking with computer system’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Further section 67 deals with publication of obscene material and provides for imprisonment up to a term of 10 years and also with fine up to Rs. 2 lakhs. [10]
ANALYSIS OF THE STATUTORY PROVISONS
The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was no legislation on this specialised field. The Act has however during its application has proved to be inadequate to a certain extent. The various loopholes in the Act are-
1. The hurry in which the legislation was passed, without sufficient public debate, did not really serve the desired purpose
Experts are of the opinion that one of the reasons for the inadequacy of the legislation has been the hurry in which it was passed by the parliament and it is also a fact that sufficient time was not given for public debate.
2. “Cyberlaws, in their very preamble and aim, state that they are targeted at aiding e-commerce, and are not meant to regulate cybercrime”
Mr. Pavan Duggal holds the opinion that the main intention of the legislators has been to provide for a law to regulate the e-commerce and with that aim the I.T.Act 2000 was passed, which also is one of the reasons for its inadequacy to deal with cases of cyber crime.
At this point I would like to express my respectful dissent with Mr. Duggal. I feel that the above statement by Mr. Duggal is not fundamentally correct. The reason being that the preamble does state that the Act aims at legalising e-commerce. However it does not stop here. It further amends the I.P.C., Evidence Act, Banker’s Book Evidence and RBI Act also. The Act also aims to deal with all matters connected therewith or incidental thereto. It is a cardinal rule of interpretation that “text should be read as a whole to gather the meaning”. It seems that the above statement has been made in total disregard of this rule of interpretation. The preamble, if read as a whole, makes it very clear that the Act equally aims at legalising e-commerce and to curb any offences arising there from.
3. Cyber torts
The recent cases including Cyber stalking cyber harassment, cyber nuisance, and cyber defamation have shown that the I.T.Act 2000 has not dealt with those offences. Further it is also contended that in future new forms of cyber crime will emerge which even need to be taken care of. Therefore
4. Cyber crime in the Act is neither comprehensive nor exhaustive
Mr. Duggal believes that we need dedicated legislation on cyber crime that can supplement the Indian Penal Code. The contemporary view is held by Mr. Prathamesh Popat who has stated- "The IT Act, 2000 is not comprehensive enough and doesn't even define the term 'cyber crime". (8) Mr. Duggal has further commented, “
I feel that a new legislation on cyber crime is totally unwarranted. The reason is that the new legislation not come alone but will bring with it the same confusion, the same dissatisfaction and the same desire to supplant it by further new legislation. Mr. Duggal has stated above the need to supplement IPC by a new legislation. If that is the issue then the present legislation along with the Penal Code when read harmoniously and co- jointly is sufficient to deal with the present problems of cyber crime. Further there are other legislations to deal with the intellectual property crimes on the cyber space such as the Patents Act, Copy Right Act, Trade Marks Act.
5. Ambiguity in the definitions
The definition of hacking provided in section 66 of the Act is very wide and capable of misapplication. There is every possibility of this section being misapplied and in fact the
Further section 67 is also vague to certain extent. It is difficult to define the term lascivious information or obscene pornographic information. Further our inability to deal with the cases of cyber pornography has been proved by the Bal Bharati case.
6. Uniform law
Mr. Vinod Kumar (9) holds the opinion that the need of the hour is a worldwide uniform cyber law to combat cyber crime. Cyber crime is a global phenomenon and therefore the initiative to fight it should come from the same level. E.g. the author of the love bug virus was appreciated by his countrymen.
7. Lack of awareness
One important reason that the Act of 2000 is not achieving complete success is the lack of awareness among the s about their rights. Further most of the cases are going unreported. If the people are vigilant about their rights the law definitely protects their right. E.g. the
8. Jurisdiction issues
Jurisdiction is also one of the debatable issues in the cases of cyber crime due to the very universal nature of cyber space. With the ever-growing arms of cyber space the territorial concept seems to vanish. New methods of dispute resolution should give way to the conventional methods. The Act of 2000 is very silent on these issues.
9. Extra territorial application
Though S.75 provides for extra-territorial operations of this law, but they could be meaningful only when backed with provisions recognizing orders and warrants for Information issued by competent authorities outside their jurisdiction and measure for cooperation for exchange of material and evidence of computer crimes between law enforcement agencies.
10. Raising a cyber army
By using the word ‘cyber army’ by no means I want to convey the idea of virtual army, rather I am laying emphasis on the need for a well equipped task force to deal with the new trends of hi tech crime. The government has taken a leap in this direction by constituting cyber crime cells in all metropolitan and other important cities. Further the establishment of the Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI) 11) is definitely a welcome step in this direction. There are man cases in which the C.B.I has achieved success. The present position of cases of cyber crime (17) is –
Case 1: When a woman at an MNC started receiving obscene calls, CBI found her colleague had posted her personal details on Mumbaidating.com.
Status: Probe on
Case 2: CBI arrested a man from UP, Mohammed Feroz, who placed ads offering jobs in
Status: Chargesheet not filed
Case 3: The official web-site of the Central Board of Direct Taxes was hacked last year. As Pakistan-based hackers were responsible, authorities there were informed through Interpol.
Status: Pak not cooperating.
11. Cyber savvy bench
Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the enactment according to the order of the day. One such stage, which needs appreciation, is the P.I.L., which the Kerela High Court has accepted through an email. The role of the judges in today’s word may be gathered by the statement- judges carve ‘law is’ to ‘law ought to be’. Mr T.K.Vishwanathan, member secretary, Law Commission , has highlighted the requirements for introducing e-courts in
12. Dynamic form of cyber crime
Speaking on the dynamic nature of cyber crime FBI Director Louis Freeh has said, "In short, even though we have markedly improved our capabilities to fight cyber intrusions the problem is growing even faster and we are falling further behind.” The (de)creativity of human mind cannot be checked by any law. Thus the only way out is the liberal construction while applying the statutory provisions to cyber crime cases.
13. Hesitation to report offences
As stated above one of the fatal drawbacks of the Act has been the cases going unreported. One obvious reason is the non-cooperative police force. This was proved by the
INTERNATIONAL LAW ENFORCEMENT IN CYBERSPACE
Computer-related crime
Computer-related crime, otherwise known as cyber crime, refers to
attacks against the infrastructure of computer systems on the internet
or private networks. Crimes such as online practices of forgery and
fraud are also considered as cyber crimes. The digital world has
enabled the use of computers and other communication tools, not
only as weapons from which traditional crimes can be committed,
but also the creation of new crimes brought about by the very
existence of such technology. And for these new crimes, older
legislative instruments have become inadequate and difficult to apply
to such an environment. Developing countries have become ideal
breeding grounds as well as targets for online criminals. This is
mainly due to the fact that many of these countries are new to the
online environment and technology in general. This is added to the
rapid development and proliferation of advanced technological tools,
software and know-how through ICTS. Developed countries
themselves have only started dealing with these issues in the past
decade or so, and it is a fact that technology progresses at a much
faster pace than legislative bodies and governmental authorities
respond. It is therefore not surprising that many criminals seek haven
in countries where cyber crime laws do not yet exist in order to
commit criminal acts without fear of criminal sanctions.
Consequently, the more immediate concern is to elaborate and
implement legislation which will be able to deal with cyber crime
appropriately. Several international conventions exist which already
try to deal with these new, sometimes complex, issues and adopt an
appropriate framework for them
International
The United Nations Resolutions 55/63 [11] and 56/121 [12] on
Combating the Criminal Misuse of Information Technology
(Annex 36) tried to address the problem of safe havens for those who
criminally misuse information technologies by requesting that States
put into place laws to eliminate such havens. Recommendations
included increased cooperation in law enforcement during
investigation and prosecution of computer-related crime, the
protection of confidentiality, availability and integrity of computer
systems from unauthorized impairment by the legal system.
Preservation of data in investigations of such crimes was an
important concern as well as fast access to such data and the
penalization of criminal abuse.
Two further Resolutions were adopted, Resolutions 57/239 and
58/199 [13] on the Creation of a Global Culture of Security and the
Protection of Criminal Information Infrastructure.
The first Resolution focused principally on the need for States to take
action domestically on nine goals: awareness, responsibility,
response, ethics, democracy, risk assessment, security design and
implementation, security management and reassessment. The second
Resolution noted the interdependence on information infrastructures
with other sectors of global infrastructure critical for public services.
The Annex to the Resolution listed different elements for protecting
critical infrastructures.
The Eleventh UN Congress on Crime and Prevention and Criminal
Justice, which took place in April 2005, undertook a Workshop
which looked at measures to combat computer-related crime. The
Workshop report identified several different types of computer related
crime and has tried to elaborate a conceptual model with
regard to definitions of cyber crime. This included illegal criminal
conduct in the case of crimes directed at computing and
communication technologies themselves, crimes involving the use of
digital technologies, as well as crimes involving the incidental use of
computers with respect to the commission of other crimes, making
the computer a source of digital evidence. Crimes that target ICTs
include theft of telecommunications and computer services by using
hacking techniques in order to gain unauthorized access, password
cracking, digital cloning, and credit card fraud. Other conduct, such
as denial of service attacks, can effectively crash servers and
websites, but this has been dealt with under the availability chapter.
CONCLUSION
With all new wonders, come new worries. The internet is no
exception. In just over a decade, this technological miracle has
brought societies the world over closer together than in the whole
history of international relations. Unfortunately, this has meant that
disruption of its infrastructure will have a global effect. The internet
can only ever be as secure as its weakest link. In order to strengthen
the overall infrastructure, efforts by each country must be made at a
supranational level in an attempt to cooperate and coordinate with
each other so as to come to harmonized terms on matters regarding
security. In light of the tremendous growth of electronic commerce,
the potential for many developing countries is great. Minimum
physical infrastructure is required, and thus capital investment, which
previously would have been used in construction and production on
physical locations, can be used for launching and securing online
business.
Credibility in a country’s e-commerce activities heavily relies on the
validity and authenticity of electronic contractual relationships. If
legislative enforcement cannot be guaranteed, then contractual
relations will be undermined. Electronic contracts and electronic
evidence have become an accepted format in the courts and
recognized by governments in many developed countries. With the
use of encryption technologies, electronic signatures have become
binding on contractual documents. Cryptographic techniques such as
the Public Key Infrastructure have become one of the most reliable
technologies to date for authenticating individuals. This form of
electronic signature has become internationally recognized, with
involvement by the United Nations with the UNCITRAL Model Law
on Electronic Signatures of 2001. Encryption technologies also help
secure confidentiality of communication, for contractual and noncontractual communication alike.
Privacy, however, has become another matter. Although encryption
technologies may be applied to protect users’ privacy, not all data
about a user will be under his control. Collection of data by public
and commercial entities remains widely accepted but calls for
protection of the data have reached listening ears in the European
level, and Member States have enacted laws to protect users’ data
online. However, such laws cannot reach further than their own
jurisdiction, and as long as users can access websites and impart
personal identifying information to a site in a country where no data
protection laws exist for electronic communications, then their own
data protection laws cannot protect that information without a mutual
recognition and cooperation treaty between the two countries.
Privacy has also been threatened by the ever growing problem of
unsolicited commercial e-mails, otherwise known as spam. Spam
represents a significant challenge to users, internet service providers,
states and legal systems worldwide. The cost of spam is significant
and growing, and its increasing volume threatens to destroy the
utility of electronic communications [14] During the ITU WSIS
Thematic Meeting on Countering Spam in July 2004, the Chairman’s
Report emphasized the importance of a comprehensive approach to
solving the problem of spam and made legal governance one of the
necessary means. During the 2005 ITU Thematic Meeting on
Cyber security in July 2005, a comparative analysis of spam laws was
undertaken in order to optimize the pursuit for a model law in this
area. It is suggested in this analysis that an alignment and conformity
of legal rules can improve the enforcer’s ability to operate, as
spammers do, across jurisdictional borders.
Additionally, it is suggested that the creation of a model law would
reduce the cost and challenges for legal systems that have not yet
addressed spam issues, stating that these countries could enact and
implement the law, with confidence that it approaches a set of best
practices in this area. The analysis, however, underlines that a model
law is not an instant solution to the spam problem. Cleaning up spam
is a question of resources, enforcement and the effective integration
of anti-spam laws with existing technology, market and norms-based
approaches. Regulators will have to work closely with technical
experts to track spammers down and collect electronic evidence of
violations. It is a not just a question of implementation of anti-spam
laws, but also of effective enforcement.
This problem has become increasingly important over the past few years, as a significant percentage of spam promotes some type of fraud against the recipient, from phishing scams to viruses used for denial of service
attacks, including illegal financial schemes and offers for products of
dubious quality or legality.[15]
Cybercrime has also taken on a global scale, with criminals basing
themselves in countries with little or no legislation against
cybercrime. However, with international instruments such as the
Council of
such a treaty by countries could prove extremely valuable in fighting
cybercrime at an international level. Although many countries have
signed, only a few have ratified it, and the legislative and
enforcement authorities in many countries are slow on the uptake.
Countries should be aware, however, that, with the current pace of
technological developments, the international dimension of
cybercrime, and consequently of cybersecurity, is yet unchartered.
The targets of attacks affect the whole of the internet and although, at
the moment, the main targets are private companies and individual
end users, it will not be long before attacks on critical infrastructure
become common.
Developing countries are the most concerned with this. Lack of
security can and will effectively spoil the benefits of the internet,
both on an economic and governmental scale. Furthermore, failure to
ensure adequate minimum security standards will negatively affect
the rest of the world, and might even lead to a refusal by other
countries to connect with a country, thus excluding it from the new
world order. It is clear that international cooperation cannot be
limited to technological considerations. Law enforcement and
national security must also play a determining role. But ensuring
security in cyberspace will require an international law enforcement
effort. It will also be imperative that countries cooperate with each
other, and that real efforts are made to assist developing countries,
which often lack experience and legal knowledge on this front. It is
vital that countries do not underestimate the importance of securing
cyberspace if the internet is to flourish to its full capacity, bestowing
its benefits on a global scale.
Bibliography
Granville Williams
Proprietary Articles Trade Association v. A.G.for
Nagpal R. – What is Cyber Crime
Nagpal R- Defining Cyber Terrorism
Duggal Pawan – The Internet: Legal Dimensions
Duggal Pawan - Is this Treaty a Treat
Duggal Pawan - Cybercrime
Kapoor G.V. - Byte by Byte
Kumar Vinod – Winning the
Mehta Dewang- Role of Police In Tackling Internet Crimes
Postal address
Superintendent of Police,
Cyber Crime Investigation Cell,
5th Floor, Block No.3, CGO Complex,
Phone: 4362203, 4392424
e-mail- cbiccic@bol.net.in
Main Sources
International
UN Resolutions 55/63 of
UN Resolutions 57/239 and 58/199 of
Eleventh UN Congress on Crime and Prevention and Criminal Justice, April 2005, Workshop 6: Measures to combat computer-related crime.
UN recommendations on fighting cybercrime as published by the
Council of
[2] Duggal Pawan
[4] Grabosky, P & Smith, R, 1998 Crime in the Digital Age,Federation Press,Sydney (co-published with the Australian Institute of Criminology).
[6]
[8] Cyber-Crime/Cyber-Regulation,
www.japanlaw.info/law2004/JAPAN_LAW_2004_CYBER_CRIME_CYBER_REGULATION.html
[9] Privacy International, Country Reports,
www.privacyinternational.org/survey/phr2000/countrieshp.html
[10] For the sake of convenience the readers are requested to read sections 43, 65, 66,67 of the Information Technology Act.
[12]
[13]
[14] ITU WSIS Thematic Meeting on Cyber security, A Comparative Analysis of Spam Laws: the Quest for a Model Law,
[15] United States Federal Trade Commission, False Claims in Spam, 2003, www.ftc.gov/reports/spam/030429spamreport.pdf
Join LAWyersClubIndia's network for daily News Updates, Judgment Summaries, Articles, Forum Threads, Online Law Courses, and MUCH MORE!!"
Tags :Others