You are on page 1of 25

Online Certificate Course

on
Cyber Law

PAPER 1: INTRODUCTION TO THE CYBER WORLD AND


CYBER LAW
PART B: AN OVERVIEW OF CYBER LAW

FOR
THE INDIAN LAW INSTITUTE
(Deemed University)
Bhagwandas Road
New Delhi - 110001

1
Table of Contents

An Overview of Cyber Law 3


- The World Created by Technology 3
* Cyberspace – A Technology Driven World 3
* Differentiating Between Cyberspace & Physical World 4
* Laws for Cyberspace 5
* Cyber Laws: A New Beginning 5
- Defining Cyber Law 6
- Building Blocks of Cyber Law 7
* Netizens 7
* Cyberspace 8
* Technology 9
* Scope of Cyber Laws 11
(a) E-commerce Law 11
(b) Online Contracts 12
(c) Copyright 12
(d) Trademark 13
(e) Business Software Patenting 15
(f) E-taxation 15
(g) E-governance 17
(h) Cyber Crimes 18
* Cyber Laws & India 19
- Approach of the Information Technology Act, 2000 20
- A Facilitating Act 21
* Cyber Contraventions under the Act 22
* Cyber Offences under the Act 22
- What Cyber Laws Might Teach? 23
(a) Sense of Security 24
(b) Global Recognition 24
(c) Value Addition 24

2
An Overview of Cyber Law

The World Created by Technology


We live in a technology driven world. The world that technology has created
is a world of machines - computers, computer systems and computer networks. This
world is unique in the sense that it creates a beautiful interface between hardware and
software. If hardware can be termed as a tangible component then the software
provides an intangible component. It is this combination of hardware and software,
which has created a world straight out of science fiction. This world is an open
melting pot of diverse cultures and social practices. It is forever evolving and works
24x7 without even pausing for a second. It is a man made world without geographical
and man-made boundaries.

Cyberspace – A Technology Driven World


In fact, technology has proved to be a great leveller. It has helped in creating a
dynamic world out of nowhere! It has created ‘machine-clones’ in the form of
computers – a high-speed data processing device performing arithmetic, logical and
memory functions by manipulating optical, magnetic or electrical impulses. The
power of one ‘machine-clone’ is power of all connected ‘machine clones’, which may
be termed as ‘network-of-networks’ or Internet. This dynamic virtual space created by
the networks of ‘machine clones’ has been termed as cyberspace. Therefore, while
Internet is a fact, cyberspace is a fiction. It is an intangible space created by the
medium of Internet1. It has no physical attributes yet one can see it, hear it and
interact with it.

The word ‘Cyberspace’ was first used by William Gibson in his science fiction
book Neuromancer, published in 1984. It depicted the story of a hacker (of
databases), named Case whose job was to steal databases for a fee. Gibson portrayed

1
The New Oxford Dictionary of English defines Internet as an international computer network
providing electronic mail and information from computers in educational institutions, government
agencies, and industry, accessible to the general public via modem links.

3
cyberspace as a three-dimensional virtual landscape created by network of computers.
Cyberspace according to him looked like a physical space but actually was a
computer-generated construction representing abstract data. Neuromancer, though a
difficult book to read and comprehend, nevertheless caught the imagination of public
and with the result it was in 1986, English Dictionaries introduced the new word
‘cyberspace’. The New Oxford Dictionary of English defines ‘Cyberspace’ as the
notional environment in which communication over computer networks occurs. It also
introduced another English word – Cyberpunks – a person who accesses computer
networks illegally, especially with malicious intent.

Interestingly, the word ‘cyber’ as a prefix was first used in the English word
‘Cybernetics’, which is taken from a Greek word Kubernetes meaning ‘steersman’.
Cybernetics is the science of communications and automatic control systems in both
machines and living things. This term was introduced and popularized by the U.S.
mathematician Norbert Wiener in a book with that title published in 1948.
Cybernetics is an interdisciplinary subject and includes neurophysiologists,
psychologists, and computer engineers.

Cyberspace is a virtual medium. It has no boundaries, no geographical mass,


or gravity. No laws of Newton or Einstein are applicable here! Cyberspace represents
an interconnected space created by computers, computer systems or computer
networks. It exists in a form of bits and bytes – 0’s and 1’s. In fact the entire
cyberspace is a combination of 0’s and 1’s and this combination is constantly
changing. Every second there is a new combination of 0’s and 1’s. It is nothing but a
set of electronic impulses. It is a computer-generated construction representing
abstract data. It is information driven world. In a way, cyberspace can be imagined as
a huge repository of information in the form of computer databases, wherein new
databases are being formed, accessed, retrieved and deleted by every passing second.

Differentiating Between Cyberspace & Physical World


Cyberspace is a digital medium and not a physical world. It is limitless,
constantly changing its shape, attributes and characteristics. It is an interactive world
and cannot be referred to as a xerox version of the geographical space. Such a version
exists only in the films like Matrix! If physical world is static, well defined and

4
incremental, then cyberspace is dynamic, undefined and exponential. The contours of
physical world are fixed, but that of cyberspace is as vast as human imagination and
thus cannot be given a fixed shape. As millions of neurons exist in human brain
creating a spectre of life, similarly cyberspace represents network of millions of
computers creating a spectre of digital life! Thus, cyberspace can be treated as a
natural extension of physical world into an infinite world.

Laws for Cyberspace


Though cyberspace is an extension of a physical world, a world that is
governed by a body of laws, rules and regulations. The first and the foremost question
is – should it be regulated or not? The answer is – yes, as cyberspace does not exist in
isolation and is intricately connected to the physical world, which is being a regulated
and hence such a space by this logic should also be regulated. This raises another
question – how to regulate this medium, which is dynamic, infinite and intangible?
Regulating cyberspace means regulating both man and the machine. It is interesting to
note that in cyberspace not only man but also the machine could be both victims as
well as perpetrators of cyber crimes. For example, a computer could be seen both as a
victim as well as a victimizer. That is, a computer can be hacked into and at the same
time, the same computer can act as a resource of hacking. Would one say the similar
things for a knife or a pistol? Both knife and pistol can be considered as a victimizer,
but never a victim! This makes cyberspace a very interesting medium in the eyes of
law. The law for cyberspace is to regulate the man and the machine. Since, one can
regulate man, but not the machine! The question is – how to regulate the machine?
Here, the law works on a premise that if man could be regulated, then the machine can
also be regulated.

Cyber Laws: A New Beginning


As discussed above, cyberspace is an emerging digital medium and requires a
set of laws to regulate human behaviour in the cyberspace. The body of such laws can
be referred to as cyber laws. It is obligatory to note that the basic objective of cyber
laws is to regulate human behaviour and not technology. Cyber laws are technology
intensive laws, advocating the use but not the misuse of technology.

5
The idea is to articulate that the rule of law exists in cyberspace. Cyberspace
requires cyber law. It would be a misnomer to suggest that cyber laws are meant to
check the human behaviour in cyberspace only. Any physical act, which gets
translated into violation of any right of a person in digital medium (cyberspace),
would be treated as cyberspace violations. Let us not forget that it is the technology
platform and its application, which separates cyberspace from physical world. For
example, A, a person with a criminal intent uses computer or computer network to
defraud another person, B – then in such a case A could be punished under cyber law
provisions. It was his actions in the physical world, which got manifested in the
cyberspace.

Defining Cyber Law


The word “cyber law” encompasses all the cases, statutes and constitutional
provisions that affect persons and institutions who control the entry to cyberspace,
provide access to cyberspace, create the hardware and software which enable people
to access cyberspace or use their own devices to go ‘online’ and enter cyberspace.
If one examines the aforesaid definition, basic concept of cyber laws evolves around
the phrase: ‘access to cyberspace’. How one can access cyberspace? The requirement
from the point of user is:
(a) a computer or communication device with a usage pack to download data
from Internet service provider; or
(b) a computer with a broadband connection from Internet service provider.

Without such basic hardware and software tools, one cannot access
cyberspace. Public and private institutions in the form of Government(s), hardware
manufacturers and software application providers act as a gatekeepers of cyberspace.
Access is granted to those, who have got the necessary tools to access cyberspace.
With a click of a mouse or punching keystrokes or touching a screen or oral
communication, gates of cyberspace are opened for the users’. It is just an act of
personal communication with a device that separates an individual from physical
space to cyberspace. Any illegal, wrongful or dishonest act committed in cyberspace
would be covered under the cyber law provisions. Let us take an example of a person,
X. By click of a mouse, he moves to a website based in New York and purchases
goods; again by a click of a mouse, he moves to a website based in Hong Kong and

6
purchases goods; and once again by a click of a mouse, he moves to a website based
in Paris. Suppose X has used a forged global credit card to make purchases in New
York, Hong Kong and Paris. Did X commit an offence? Yes, he did, but this would
fall under the category of ‘cyber fraud’, rather than a case of a physical fraud and X
would be tried under the cyber criminal provisions.

In other words, the effectiveness of cyber law comes from the fact that it
legally binds actions of any individual using computer, computer system or computer
networks or communication device. In the above example, it was actions (of X),
which were in the form of set of commands given to a device by means of a click of a
mouse, touch or a keystroke. Computer executed the command as given by X. From
the legal perspective, it was a cyber fraud perpetuated by the X. The computer acted
as it was under the control of X. Nevertheless, cyber law would extend its jurisdiction
over both man and device and thus by implications it legally binds all individuals and
devices accessing cyberspace.

Building Blocks of Cyber Law


Cyber law is still a new branch of law and is developing very fast. It is imperative
that one should know the three basic building blocks of cyber laws, namely:
(a) Netizens,
(b) Cyberspace, and
(c) Technology

Netizens
Cyber law has introduced a very important concept of netizens. Who are they?
Which country, they belong to? Are they recognized as citizens under the Constitution
of their country? Do they have fundamental rights? Do they have fundamental duties,
as well?

A Netizen is an inhabitant of the worldwide web (Internet). He is the one, who


inhabits the Net and uses it as an extension of his day-to-day physical world. He
replicates his physical world actions, like socializing, buying, selling etc. in an online
medium. He transcends geographical space and time by a click of a mouse. He
recognizes no man-made or geographical boundaries. There is no end to what a

7
netizen can do. The most interesting facet of being netizen is that he could be
anonymous, nameless and faceless person, if he wants to and yet can indulge in all
kind of activities.

A netizen differs from a citizen in the sense that a netizen unlike a citizen has
no constitutional guarantees. No Constitution recognizes netizens as citizens and grant
them constitutional rights and duties. Constitution of a country is meant for a specific
geographical area. It is meant for the people that reside within that geographical area.
Netizens being the traveler of digital highways are basically nameless, faceless
nomads crisscrossing the worldwide for convenience. But one should not forget that
in cyberspace, netizens exist, citizens don’t! It is for these netizens, cyber laws have
come into existence.

Believe it or not, over a period of time many virtual countries have come up
on the Net. They are no longer figment of imagination. Best-known is the Kingdom of
Talossa. It was founded by a schoolboy, Robert Ben Madison, in 1979. Kingdom of
Talossa has its own language, government, written history, laws, constitution and
citizens. Kingdom of Talossa proudly proclaims:

“The Kingdom of Talossa is an independent, sovereign nation in North


America, which seceded peacefully from the United States in 1979 (but we're not sure
the United States noticed). Our Kingdom is located on the western shore of La Már
Talossán (Lake Michigan), surrounded by the U.S. city of Milwaukee, Wisconsin, but
today most of our active citizens live in other parts of the United States and Canada,
Europe, South America, Asia, and Africa2.”

Interestingly, like, Kingdom of Talossa there are other virtual nation states
(micronations), like Imperium of Durntkinstan, Kingdom of Bosworth, Free State
of Darryl, etc.

Cyberspace
Cyber law is for cyberspace. This does not mean that cyber laws would only
regulate whatever being done in the cyberspace only. Since, it is difficult to separate

2
See, www.kingdomoftalossa.net

8
out between the physical space and the cyberspace, it is only logical that cyberspace
to include the activities, which have happened in the physical space just prior to entry
into cyberspace.
Cyberspace is a key building block of cyber law. In fact, one of the most
important facets of cyber law is to act as a bridge between the physical space and the
cyberspace, in order to regulate interface between man and machine. Cyberspace in
that way is a ‘man made machine world’ reshaping itself periodically. The question is
– should it be regulated by physical set of laws already in existence or should be
regulated by new set of laws? It is important to note that the present of cyber laws are
an extension of physical laws in cyberspace. These are ‘analogy-seeking’ laws. For
example, if law of contract exists between a buyer and seller in the physical world,
then the same law of contract to be taken into account, if there is e-commerce
involving a buyer and a seller in electronic market place.

Interestingly, netizens are even purchasing virtual properties on the worldwide


web. For example, Second Life3 is a 3 D virtual world entirely created by its residents.
Believe it or not, it is inhabited by millions of residents from around the globe! Even
ebay.com conducts land auctions of parcels of land available on Second Life on
regular basis.

Technology
Cyber laws are technology intensive laws. They revolve around technology
and its applications. Cyber laws establish norms of accepted human behaviour in
cyberspace.

Presently, there exists two-technology school of laws: one is called,


Technology Specific School and the other one, Technology Neutral School. The
debate is – what sort of laws should be adopted and why?

Technology Specific School argues that the law should recognize only one
given set of technology or technology standard. That is, law treats other standards as
illegal, non-binding and thus not permissible. The main advantage of this School is
that it creates a single technology platform for the entire community. The main

3
See, www.secondlife.com

9
disadvantage of this School is that it kills technological innovations and helps in
creating monopolistic business, which is bad for the community.

Technology Neutral School argues that the law should remain neutral when it
comes to giving due recognition to any technology or technology standards. It treats
all technologies or technology standards at par. Law does not discriminate between
the technologies. The main advantage of this School is that helps in providing
efficient and useful technologies for the community. The main disadvantage of this
School is that it creates a multiple technology platforms and may increase the cost of
assimilation of technology for the entire community.

It is important to note that both technology specific law and technology neutral
laws may co-exist at any given point of time. Often it is seen that the developed
countries with a wider technology users’ base have multiplicity of technology
platforms, whereas the developing countries with a narrow technology users’ base
have one common technology platform to begin with. The reason is that in a
developing country, technology is at a premium and hence the users are few, whereas
in a developed country there are large number of users and there is technology
maturity and hence are multiplicity of technology platforms. For example, technology
specific law grants legal validity to digital signature created using a specific
technology only. Digital signatures created using any other technology not prescribed
under law would be considered as invalid. A technology neutral law regime would not
impose any such restrictions. Digital signatures (or Electronic Signatures) created by
any technology would welcome.

In India, earlier we were following a technology specific regime. Under the


law (The Information Technology Act, 2000), digital signatures using prescribed
asymmetric cryptosystem standard is considered legally valid. Use of any other
standards would render the said digital signature invalid. When this Act came into
existence, the technology usage was quite low, but with the passage of time in India
technology maturity has increased and that’s why in the Information Technology
(Amendment) Act 2008, a technological migration towards the technology neutral
regime has started. India now legally recognises Electronic Signature in the form of
Aadhhar based eSign. The truth is, countries like, South Korea, Malaysia and

10
Germany also had technology specific legislation, but in 2004 & 2005, they all have
migrated to technology neutral legislation.

Scope of Cyber Laws


Though study of cyber laws is a new branch of law, but it is touching all other
areas of law having a technology component. Laws related to e-commerce, online
contracts, copyright, trademark, business software patenting, e-taxation, e-
Governance and cyber crimes fall within the meaning and scope of cyber laws.

(a) E-commerce Law


E-commerce defined simply, is the commercial transaction of services in an electronic
format. It is also referred to as “any transaction conducted over the Internet or through
Internet access, comprising the sale, lease, license, offer or delivery of property,
goods, services or information, whether or not for consideration, and includes the
provision of Internet access”4. The US Census Bureau measures e-commerce by
looking at “the value of goods and services sold online whether over open networks
such as the Internet, or over proprietary networks running systems such as EDI. 5 Any
dispute involving any e-commerce activity, whether at buyer or seller’s end, would
mean dispute happening in the cyberspace. Presently, all disputes related to e-
commerce between the consumers and the sellers are being adjudicated under the
Consumer Protection Act, 1986. Interestingly, the said Act does not define the term
‘e-commerce’.

It was only in March 2016 that term e-commerce has been defined in India. The Press
Note6 issued by the Department of Industrial Policy & Promotion (DIPP) defines it as
“buying and selling of goods and services including digital products over digital &
electronic network” and articulated ‘e-commerce entity’ as a company incorporated
under the Companies Act 1956 or the Companies Act 2013 or a foreign company
covered under section 2 (42) of the Companies Act, 2013 or an office, branch or
agency in India as provided in section 2 (v) (iii) of FEMA 1999, owned or controlled
by a person resident outside India and conducting the e-commerce business.

4
The Internet Tax Freedom Act (ITFA), 1998.
5
US Department of Commerce, US Census Bureau, E-Stat, at 1 (March, 18, 2002).
6
Press Note No.3 (2016 Series), dated 29.03.2016.

11
(b) Online Contracts
The Indian Contract Act, 1872 lays down that for a contract to happen there
has to be proposal, assent to the proposal, which transforms into a promise. A promise
supported by consideration becomes an agreement and an agreement enforceable by
law is contract. Online contracts represent the formation of series of contractual
obligations in an online environment. From a legal perspective, an online contract
follows the same pre-requisite as being followed in offline (physical) contract. At a
basic level, online contract formation requires online offer/proposal by one party and
its online acceptance by the other party. Electronic contracts, by their very nature, are
dynamic and often multi layered transactions. With a layered contract, agreement to a
contract may not occur at a single point in time. There exist a chain of successive
events – e-offer, e-acceptance, consideration etc., combination of which may lead to
electronic contract formation.
The legality of electronic communication process culminating into electronic
contracts is also based on common law of contract. In online contracting process,
technology is an added dimension and hence, it is important that the contracting
parties should be prudent and aware of their obligations and liabilities before they
click on on-screen “I Agree” text or icon. Section 10A of the Information Technology
Act provides for validity of contracts formed through electronic means.

(c) Copyright
Copyright is about protecting original expression. Copyright protects “original
works of authorship” that are fixed in any tangible medium of expression from which
they can be perceived, reproduced, or otherwise communicated either directly or with
the aid of a machine or devicei. Copyright arises as soon as a ‘work’ is created (or
fixed). It does not extend to any idea, procedure, process, system, method of
operation, concept, principle or discovery, unless fixed in a tangible form. In the
digital medium, every web page accessible or published in the World Wide Web is to
be taken as a literary ‘copyrightable’ work. It protects all written text materials,
graphic images/ designs, drawings, any linked sound, video files or films, whether
part of a web page or a website. That is, copyright protects the “look and feel” of a
website.

A copyright owner has five exclusive statutory rights such as:

12
(a) to fix (store) the information in a tangible form.
(b) to reproduce the copyrighted work.
(c) to sell, rent, lease, or otherwise distribute copies of the copyright work to the
public.
(d) to perform and display publicly the copyright work.
(e) to prepare derivative works based on the copyright work.

• It is significant to note that the activities like caching, mirroring,


downloading, scanning, peer-to-peer file sharing etc. prima facie,
infringe exclusive statutory rights of a copyright owner. In this context,
it is obligatory to note that the World Wide Web works on ‘open source’,
i.e., non-proprietary software and applications, which is often being
referred to as ‘çopy left’. This has emerged from “Free Software
Foundation” (FSF) which was founded in 1984 to promote the use of
“free software”, programs unencumbered by proprietary restrictions on
alterations, revisions, repairs, and distribution. There are four specific
freedoms central to Free Software movement: (a) the freedom to run a
program for any purpose, (b) the freedom to examine and adapt a
program (and thus to get access to the source code – “Open Source”), (c)
the freedom to distribute copies, and (d) the freedom to improve any
program.

Incidentally, Internet works on ‘copy left’. Running gears of Internet, like


Apache (web server), BIND the most common Domain Name Server (DNS),
Sendmail (Mail Transfer Agent) and open-source TCP/IP stacks and utilities and
scripting languages such as Perl, PHP and Python – all work silently
transporting data on the Web.

(d) Trademark
Internet and the worldwide web represent the online medium. It is natural that
a business entity claiming ownership of certain trademarks would like to extend its
monopoly to this new medium as well. But the monopoly rights of trademark owners
to own, license, sell, exhibit, market or promote are being threatened by web based
technology tools, like search engines, meta tags, and hyperlinks.

Similarly, in the last 15 years, domain names have become a kind of ‘e-commerce
marks’ in the online medium. These are digital business addresses – a point of
business contact or transaction. Functionally speaking, Domain names provide a
system of easy-to-remember Internet addresses, which can be translated by the

13
Domain Name System (DNS) into the numeric addresses (Internet Protocol (IP)
numbers) used by the network. Cybersquatters, Typosquatters and other trademark
infringers have made the web a legal minefield. The questions that has foxed the
courts for many years now are – Is domain name a property? If yes, to whom does
such property belong? Is a domain name the property of the first person that registers
it or is it the property of the trademark owner that has invested time and money
developing goodwill and reputation associated with the mark? Non-judicial dispute
resolution under Uniform Domain Name Dispute Resolution Policy (UDRP) has been
done by the following Internet Corporation for Assigned Names & Numbers
(ICANN) approved dispute-resolution service providers:

(i) Asian Domain Name Dispute Resolution Centre [ADNDRC] (approved;


effective 28 February 2002)
(ii) CPR Institute for Dispute Resolution (approved; effective 22 May 2000)
(iii) National Arbitration Forum (approved ;effective 23 December 1999)
(iv) WIPO (approved; effective 1 December 1999)

In India, The National Internet Exchange of India (NIXI) has been set up to facilitate
exchange of domestic Internet traffic within the country by Internet Service Providers
in India. NIXI has also been entrusted with the responsibility of setting up of .IN
country code top-level domain (ccTLD) Registry by the Government of
7
India .Owners of registered Indian trademarks or service marks who wish to protect
their marks were given the opportunity to apply for .IN domain names before the
general public. The period from January 1 to January 21, 2005 was marked as sunrise
period. It was specifically meant for owners of registered Indian trademarks or service
marks to obtain .IN domain names. After the sunrise period, the registry was thrown
open for real-time, open registration for the general public. Registration is available
for .in, .co.in, .net.in, .org.in, .firm.in, .gen.in, and .ind.in. Further, in order to
resolve disputes related to .IN domain names NIXI has evolved an Alternative
Dispute Resolution mechanism namely .INDRP (.IN Domain Name Dispute
Resolution Policy) and INDRP Rules of Procedures are based on the Indian
Arbitration & Conciliation Act, 1996 and the principles given under the Uniform
Dispute Resolution Policy of ICANN. It came into effect from 28th June 2005. In one

7
.IN Registry has been created by the National Internet Exchange of India (NIXI). Promoted by the
Department of Information Technology (DIT) in association with The Internet Service Providers
Association of India (DIT), NIXI is a Not-for-Profit Company under Section 25 of the Indian
Companies Act, 1956, with the objective of facilitating improved Internet services in the country. Also,
see (www.nixi.in, www.ispai.in).

14
of the most significant developments, NIXI has launched in August 2014 .भारत
Internationalized Domain Names (IDNs) in the Devanagari Script supports the
following eight languages: Bodo(Boro), Dogri, Hindi, Konkani, Maithili, Marathi,
Nepali, and Sindhi-Devanagari8.
(e) Business Software Patenting
Patent protects a process, while copyright protects expression. Patents confer
stronger rights than copyrights. One computer programme consists of thousands of
instructions. Every programme is unique, as it is a combination of logically arranged
algorithms and techniques. Programmes are covered under copyright law, whereas,
algorithms and techniques qualify for patenting9.

For many years, it was held that since, software is strings of logical
instructions, “mental processes” and hence could not be patented. Also they had to be
preserved in the public domain as the “basic tools of scientific and technological
work”. Later, software was granted patents for industrial processes. With the advent
of worldwide web and e-commerce coming of age, the debate of software patenting
acquired a new platform in the form of ‘business software patents’.

Big e-commerce etailers, like Amazon, Apple and Ebay have been trying to
patent the backend software technologies of their front-end operations. Whether, it
could be Amazon’s 1-Click purchasing model, or Apple’s Progress Bar (to show how
much longer needed to complete purchase) or Clickable links in Email, etc.. By
patenting such business methods, companies are not only protecting their revenue
models but are also adding significant business value to their sites. Extending patents
in e-business environment would mean monopolysing commonplace ‘e-business
methods’.

(f) E-taxation
The advent of e-commerce has opened up a Pandora’s box – how to tax e-
commerce? Is it possible to tax such transactions in view of nature of Internet? Should
e-commerce be taxed on lines of physical commercial activities? There are more
questions than answers.

8
Sharma, Vakul, 2015 (4th Edn.): Information Technology – Law & Practice, Universal Law
Publication, p.546.
9
Sharma, Vakul, 2006: Handbook of Cyber Laws, Macmillan (India)

15
The broad consensus that has emerged is: (i) that online transactions should
not be immune from taxation solely because the sale is conducted through a medium
distinct from that of a traditional physical businesses, and (ii) that it is not prudent to
tax these online transactions purely on the basis of traditional taxation approach
applicable to offline businesses.

As e-commerce represent online transactions involving consumer(s) and


business (es) – is occurring instantaneously, which makes it difficult to determine
who the buyer and seller are and where they are respectively located? Another
question is how to tax such online transactions? From a point of electronic taxation
following issues may emerge10:
 Who is the customer?
 Where does the customer live?
 Did the transaction constitute sale of tangible property, the performance of a
service, or the transfer of intangible property?
 Which jurisdiction has the authority to tax the sale?
 What online activities constitute sales for sales tax purposes?
 What constitutes a business connection/substantial nexus within a taxing
jurisdiction?
 Can Central and/or State Government(s) technologically capable to monitor all
online transactions?
 What kind of record retention requirements is necessary for tax purposes?
Answers to the aforesaid set of questions would lay down the ground rules of
electronic taxation vis-à-vis e-commerce. What should be done? Should we wait and
formulate new rules on e-taxation or until then utilize the traditional tax rules
available to us to resolve these complex issues. It is not to be forgotten that cyber laws
are still developing.
E-taxation is a reality in India. The Finance Act, 2016 has statutorily recognized e-
taxation by inserting a Chapter VIII: Equalisation Levy [Ss 161 – 180]. This concept
of equalization levy has been adopted from the ‘Proposal for equalization levy on
specified transactions’, prepared by the Committee on Taxation of E-commerce11.

10
Michael L. Rustad and Cyrus Daftary, 2002: E-business Legal Handbook, Aspen Law & Business
11
Available at: http://incometaxindia.gov.in/news/report-of-committee-on-taxation-of-e-commerce-
feb-2016.pdf

16
Now, the Internet majors, like Google, Microsoft, FaceBook, etc. has no other options
but to pay taxes in India!

(g) e-Governance
The World Bank defines e-governance as the use of information and
communication technologies by government agencies to transform relations with
citizens, business and other arms of the government. It involves information
technology enabled initiatives that are used for improving (i) the interaction between
government and citizens or government and businesses - e-services (ii) the internal
government operations - e-administration and (iii) external interactions – e-society.

e-Governance is a kind of ‘window of opportunity’ facilitating a much faster,


convenient, transparent and dynamic interaction between the government and its
people. It has also been referred to as ‘i-governance’- integrated governance1 as it
integrates people, processes, information and technology in the service of achieving
governance objectives.

It should not be forgotten that there exists an inherent dichotomy between the
system of governance and technology (web). One on hand the government system is
regulated, hierarchical and static, whereas on the other technology is creative, non-
hierarchical and dynamic. The question is how to collate the system of governance
with technology. e-Governance practices need legal sanctity. It is thus imperative that
basic governmental functions and practices from publication of an Electronic Gazette
to acceptance, issuance, creation, retention or preservation of any document; and
participation in any monetary transaction in the electronic form should have a force of
law behind them.
Cyber laws facilitate e-Governance practices by promoting various e-Governance
initiatives, like electronic filing of documents with the Government agencies, use of
electronic records and digital signatures in Government and its agencies, retention or
preservation of electronic records in electronic form and publication of rule,
regulation, etc., in Electronic Gazette.
It is important to note here that there is no difference between ‘Digital India’ and e-
Governance! Digital India is an initiative, which should be seen as sub-set of e-
Governance, empowering the citizen to have access to Government services
efficiently. Concepts, like Smart City, and Digital Locker facility are now reality.

17
Moreover, covering more than 900 million residents of India under “Aadhaar” has in
fact made availability of ‘Electronic Delivery of Services’ (EDS) to each and every
household in India closure to the goal of ‘minimum government and maximum
governance’.
(h) Cyber Crimes
Cyber crime is a collective term encompassing both ‘cyber contraventions’
and ‘cyber offences’. The word ‘cyber’ is synonymous with computer, computer
system or computer network. Thus, cyber crime may be defined as any illegal act that
involves a computer, computer system or computer network, i.e. any illegal act for
which knowledge of computer technology is essential for its perpetration,
investigation, or prosecution.

The mens rea12 in case of ‘cyber crime’ comprises of two elements. First,
there must be ‘intent to secure access to any program or data held in any computer,
computer system or computer network. Secondly, the person must know at the time
that he commits the actus reus that the access he intends to secure is unauthorized.
The intent does not have to be directed at any particular program or data or at
programs or data held in any computer, computer system or computer network.

The difference between ‘cyber contravention’ and ‘cyber offence’ is more


about the degree and extent of criminal activity rather than anything else. For
example, a mere unauthorized access to a computer, computer system or computer
network may amount to ‘cyber contravention’ but for a ‘cyber offence’ it is the
specific criminal violation that resulted from the unauthorized access to a computer,
computer system or computer network that has to be taken into consideration.

Cyber laws provide the basic mechanism to prosecute any person, who is
reasonably suspected of having committed or of committing or of being about to
commit any offence using any computer, computer system or computer network.
Cyber laws combating cyber crimes have an overriding effect on any other laws for

12
Mens rea” is a state of mind. Under criminal law, mens rea is considered as the “guilty
intention” and unless it is found that the ‘accused’ had the guilty intention to commit the ‘crime’
he cannot be held ‘guilty’ of committing the crime.
[Director of Enforcement v M.C.T.M. Corpn. (P) Ltd., (1996) 2 SCC 471]

18
the time being in force. It is obligatory to note that section 81 of the Information
Technology Act being a special Act provides for such overriding effect.

Cyber Laws & India


In India the cyber laws are synonymous with the Information Technology Act,
2000. The IT revolution, in India started in mid 1980s and since then it has been
moving like a juggernaut. While India was riding the information superhighway
without any traffic rules, other countries in the world were framing rules and
regulations to control access to Internet and also for business over the worldwide web.

Since Internet is not confined within the geographical limits of a country, one
of the United Nations agencies ‘United Nations Commission on International Trade
Law’ (UNCITRAL) proposed a certain level of uniformity of laws in all member
countries. To this effect, the Model Law on Electronic Commerce was adopted by the
United Nations Commission on International Trade Law (UNCITRAL)13 in its
twenty-ninth session. Later a resolution14 of the General Assembly recommended that
all States give favourable consideration to the Model Law on Electronic Commerce
when they enact or revise their laws, in view of the need for uniformity of the law
applicable to alternatives to paper-based methods of communication and storage of
information.

In India, the then Department of Electronics (DoE) was given the mandate to
have an enactment in place, on the lines of the UNCITRAL’s Model Law on
Electronic Commerce soon after its adoption by the UN General Assembly. It was a
foresight on the part of the Government of India to initiate the entire process of
enacting India’s first ever information technology legislation soon after its adoption
by the UN General Assembly. There were two reasons:
(a) to facilitate to the development of a secure regulatory environment for
electronic commerce by providing a legal infrastructure to govern electronic
contracts, authenticity and integrity of electronic transactions, the use of
digital signatures and other issues related to electronic commerce; and
13
The UN General Assembly by its resolution 2205 (XXI) of December 17, 1966 created United
Nations Commission on International Trade Law (UNCITRAL) with a mandate to further the
progressive harmonization and unification of the law of international trade.
14
Resolution A/RES/51/162 adopted by the General Assembly of the United Nations on January 30,
1997.

19
(b) to showcase India’s growing IT knowledgebase and the role of Government in
safeguarding and promoting IT sector.

India enacted the Information Technology Act, 2000 based on the


UNCITRAL’s Model Law on Electronic Commerce. It received the assent of the
President on the June 9, 2000 and came into force on October 17, 2000. It is important
to understand that while enacting the Information Technology Act, 2000, the
legislative intent has been not to ignore the national perspective of information
technology and also to ensure that it should have an international perspective as
advocated by the said Model Law.

Approach of the Information Technology Act, 2000


Since the Information Technology Act, 2000 is based on the UNCITRAL’s
Model Law on Electronic Commerce, which provides for “functional equivalent
approach”. It is based on an analysis of the purposes and functions of the traditional
paper-based requirement with a view to determining how those purposes or functions
could be fulfilled through electronic-commerce techniques. The idea is that the
adoption of the functional-equivalent approach should not result in imposing on users
of electronic commerce more stringent standards of security (and the related costs)
than in a paper-based environment.

For example, it treats paper document and its electronic equivalent (electronic
record) at par. That is, if a paper document is admissible in a court of law, then its
functional equivalent in the ‘electronic form’, i.e., the electronic record should also be
admissible in the court of law. In other words, the law will not discriminate between a
paper record and its functional equivalent electronic record and likewise, between
physical signature and its functional equivalent digital (electronic) signature.

Aims and Objectives of the Information Technology Act, 2000


The preamble of the Information Technology Act, 2000 reads “ An Act to
provide legal recognition for transactions carried out by means of electronic
communication, commonly referred to as “electronic commerce”’ which involve the
use of alternatives to paper-based methods of communication and storage of

20
information, to facilitate electronic filing of documents with the Government
agencies”.

The aims and objectives of the Act make it:


(a) a facilitating Act,
(b) an enabling Act, and
(c) a regulating Act

(a) A Facilitating Act


The Information Technology Act, 2000 is a facilitating Act as it facilitates
both e-commerce and e-Governance. Interestingly, the UNCITRAL Model Law of E-
commerce on which this Act is based has made no reference to e-Governance. But it
was the collective wisdom of the legislature, which saw the necessity of introducing
concepts like e-Governance in this Act. In fact, the entire ‘Chapter III’ of the Act is
devoted to e-Governance and e-Governance practices. There are 10 sections in the
aforesaid Chapter III of the Act, from section 4 to section 10A, which deal with e-
Governance issues. These sections form the basic law related to electronic governance
rights, which have been conferred to the persons and the Government(s)– both Central
and State Governments. It is applicable to the whole of India, including the State of
Jammu and Kashmir.
It is important to understand that the Information Technology Act, 2000 is the
first enactment of its kind in India, which grants ‘e-Governance rights’ to the citizens
of India.

(b) An Enabling Act


The Information Technology Act, 2000 is an enabling Act as it enables a legal
regime of electronic records and digital (electronic) signatures. That is, in order to be
called legally binding all electronic records, communications or transactions must
meet the fundamental requirements, one authenticity of the sender to enable the
recipient (or relying party) to determine who really sent the message, two message’s
integrity, the recipient must be able to determine whether or not the message received
has been modified en route or is incomplete and third, non-repudiation, the ability to
ensure that the sender cannot falsely deny sending the message, nor falsely deny the
contents of the message.

21
The Act provides for Digital signatures15, which may be considered functional
equivalent to physical world signatures capable of meeting all the fundamental
requirements, like authenticity of the sender, message integrity and non-repudiation.
Digital signature is a misnomer. It does not mean scanning the handwritten signatures
electronically. In fact by applying digital signatures one may actually transform an
electronic message into an alphanumeric code. It requires a key pair (private key for
encryption and public key for decryption) and a hash function (algorithm). It is
significant to note that the Information Technology (Amendment) Act 2008 has
recognised ‘electronic signatures’ as functional equivalent to physical signatures.
“Aadhaar based eSign” is one such example of legally recognised electronic
signatures.

(c) A Regulating Act


The Information Technology Act, 2000 is a regulating Act as it regulates
cyber crimes. As stated above, cyber crime is a collective term encompassing both
‘cyber contraventions’ and ‘cyber offences’. The Act not only demarcates
contraventions from offences, but also provides a separate redressal mechanism for
both. The classification of cyber contraventions and cyber offences under the
Information Technology Act and amendments thereof is as follows:

Cyber Contraventions under the Act Cyber Offences under the Act
Deals primarily with unauthorized access Deals with computer, computer system or
to computer, computer system or computer network related serious
computer network offences
Section 43 (a) to (j) and section 43A Sections 65-74
May result in civil prosecution May result in criminal prosecution
Judicial proceedings before the Judicial proceedings to be held before the
Adjudicating Officer appropriate ‘Court’ as per the nature of

15
It is based on asymmetric cryptography, wherein two different keys are used to encrypt and decrypt
the electronic records. A private key is used to encrypt an electronic record and a public key is used to
decrypt the said record. Private key is kept confidential and is to be used by the signer (subscriber) to
create the digital signature, whereas the public key is more widely known and is used by a relying party
to verify the digital signature and is listed in the digital signature certificate.

22
offence, whether cognizable or non-
cognizable
Provision of appeal. Provision of appeal.
Power to investigate any contravention Power to investigate any offence lies with
lies with the Adjudicating Officer, the police officer not below the rank of
Controller or any officer authorized by Inspector
him
Offender liable to pay damages by way of Offender punishable with imprisonment
compensation not exceeding five crore term or fine or with both
rupees to the person so affected.
Table: Cyber Contraventions and Cyber Offences under the Act

With the enactment of the Information Technology Act, 2000, in India, the
law has taken a quantum jump to include even the intangibles under its purview. This
Act is a proactive piece of legislation and is not only in tune with the UNCITRAL’s
Model Law on Electronic Commerce but it also unfolds various aspects of
information technology to promote efficient delivery of Government services by
means of reliable electronic records.

Cyber laws are new legal resources to check violations in cyberspace. It would
be wrong to treat them differently from the other widely prevalent physical laws. All
laws flow from the Constitution of a country and cyber laws (of a country) are no
different! The aims & objectives, scope, approach, criteria of cyber law may be
different but that does not mean that they are superior to the laws applicable
previously. The legal construction of cyber law provisions is no different from other
statutes, codes and enactments. The idea is to maintain uniformity with other statutory
provisions. Cyber laws may have been given a special status by the lawmakers but
that does not mean its superiority in a legal system.

What Cyber Laws Might Teach?


The purpose of studying cyber laws is crucial from today’s perspective, as technology
has become part of our everyday existence. Study of cyber laws would provide:

23
(a) Sense of Security
The study of cyber law provides a sense of security to the learner. It brings in
a level of confidence in the sense that it would make the learner knowledgeable about
what are his rights in cyberspace and would become aware of what constitutes a
wrongful behaviour. Further, he would become aware of the legal remedies available
to him in case of violation of his rights in cyberspace. It would help the learner to
appreciate technology as a law abiding citizen.

(b) Global Recognition


Cyber law is a common usage term in the legal parlance. It includes
legislations such as: Information Technology law, Computer law, Internet law, E-
commerce law, E-transactions law, Digital signature law, Electronic Signature law
etc.

Irrespective of the nationality of cyber law legislation(s) presently available in


the world, the fact is that all such legislations are based on mother law, i.e., The
United Nations Commission on International Trade Law (UNCITRAL) Model Law
on E-commerce, 1996. It makes Cyber law education scalable, globally. In other
words, knowledge of cyber laws of one country would help in understanding similar
laws elsewhere.

Value Addition
To a learner, knowledge of cyber laws would be a value addition, irrespective
of his professional qualifications and would certainly help the learner to move up on
the knowledge value chain. Cyber law education does not call for any specialized
knowledge either in law or technology. It is a valuable resource to meet challenges
and explore opportunities in the global village. Every day new lexicon being added
into the ever growing field of cyber laws, i.e., from ‘social media’ to ‘net neutrality’
to ‘bit coin’ to ‘Internet of Things’ (IoT) to ‘cyber terrorism’ to ‘right to forgotten’ to
‘google tax’ to ‘export control of technology’ to ‘privacy shield’…..the list is endless.
In other words, learning never stops!

Learning about cyber laws is an opportunity to be in sync with the present day
world. Many believe that cyberspace simply cannot be regulated. They argue that

24
behaviour in cyberspace, is beyond government’s reach. The anonymity and multi-
jurisdictionality of cyberspace makes control by government in cyberspace
impossible. This belief about cyberspace is wrong16. It is wrong to assume that its
architecture (code) cannot be changed or that government cannot take steps to change
this architecture. Law is Code!

16
Lessig, Lawrence, 1999: The Law of the Horse, 113 Harv. L. Rev. 501

25