Professional Documents
Culture Documents
BACKGROUNDER
Structure
1.1 Introduction
1.2 Objectives
1.3 Challenges to Laws
1.4 Information Technology Act, 2000
1.4.1 A Quick Overview of the Act
1.5 Critiques of the I.T. Act
1.6 Proposed Amendments to the I.T. Act
1.7 Summary
1.8 Terminal Questions
1.9 Answers and Hints
1.10 References and Suggested Readings
1.1 INTRODUCTION
This is the first unit of the first block of Course 2. This unit discusses the main
challenges posed by information and communication technology to the law.
This unit also gives an overview of the IT Act, 2000 and discusses the
amendments suggested by the expert committee set up by the government.
We are now in the age of the information society wherein it is recognised that
“information and communication are at the core of human progress. Rapid
progress of these technologies opens completely new opportunities to attain
higher levels of development.”(From the Declaration of Principles, World
Summit on the Information society, ‘Geneva 2003 and Tunis 2005). It has
been realised that this technology can in benefit millions of people and therefore
governments as well as other stake holders have a key role in promoting the
spread of the use of the technology more so with the intent to bridge the
digital divide that represents the uneven distribution of the benefits of
information technology today.
The phenomenal connectivity of the net has logically led it to become the
most potential instrument for economic activity and governance; e-commerce
and e-governance. With the development of this new technology, and with the
realisation that such technology affects human life and relations, societal peace
and order and proprietary rights, it was felt that there was a need for laws to
regulate conduct in cyberspace accordingly. The need to regulate was also felt
because of the immense potential that the medium has to contribute towards
development, which can be achieved only through an optimum policy and
legal regime governing it. Thus the Internet which as a medium has had a
laissez faire growth with ‘netizens’ all over the globe voluntarily contributing
substantially to its expansion is now coming more and more within the ambit
of governmental regulation. Regulations relating to the Internet are being
made today by national government and also by international intergovernmental
bodies and international organizations. The whole body of laws and regulations
both national and international governing cyberspace constitutes what is known
as cyber laws. This however does not mean that the cyberspace does not
continue to be an area of expression and innovation for adventurers. Almost
on a daily basis human innovation and expression is visible on the Internet.
While going through this and subsequent 2 units, it is recommended that you
should keep a copy of the IT Act with you because on many occasions you
would find it beneficial to read the sections and subsections of the Act relevant
to the topic you are studying.
1.2 OBJECTIVES
After studying this unit you should be able to:
• discuss the challenges which the law should address to keep pace with
the new information and communication technology;
• describe the legislative measures taken by India to address the challenges;
• examine as to what extent the IT Act has been able to address the
challenges posed by the information and communication technology; and
• discuss the amendments as suggested by experts to make the more effective
Act in regulating the area.
Some of the challenges of making technology based laws are that there is a
chance of them being soon outdated. Therefore, it is desirable that laws as far
as possible must be drafted in a technology neutral way. Again it is against
equity and fairness if offline conduct is governed differently from online
conduct. This give rise to the possibility of crime shifting from one place to
the other if there is an inconsistency in laws. Consistency between the two
laws is therefore desirable. Laws must also cater to the need of prevention and
investigation of crimes. For instance, with the advent of telephones, wire
tapping laws were introduced, similar laws to deal with unlawful conduct in
the Internet would become necessary.
The first technology based law in India was the Indian Telegraph Act of 1885.
This law was framed with the advent of the telegraph and later covered yet
another advance in technology, the telephone. In the domain of technology
driven law falls the Information Technology Act, 2000.While the Information
Technology Act is the most significant Act addressing conduct in cyberspace
in India, there are a whole lot of other Acts that would apply to govern and
regulate conduct and transactions in cyberspace. Take for instance online
contracts. Apart from the relevant provisions of the IT Act like Sections 12
and 13, the Indian Contract Act, the Sale of Goods Act, 1930 etc would be
relevant to determine the legality of such contracts. Further the provisions of
the Competition Act, 2002 or in case of unfair trade practices, the Consumer
Protection Act 1986, would also be relevant.
As far as illegal activities on the net are concerned, apart from specific
provisions in the IT Act that penalizes them, a whole gamut of other Acts
would govern them. For instance in case of an Internet fraud, based on the
nature of the fraud perpetrated, Acts such as the Companies Act, 1956, the
Securities and Exchange Board of India Act, the Banking Regulation Act, the
Public Gambling Act, 1867 and the Indian Penal Code would also apply. For
online pornography while section 67 of the IT Act would apply, section 293-
294 of the IPC as well as the Cinematograph Act, 1952, the Indecent
Representation of women Act and the Young Persons (Harmful Publications)
Act, 1956 would apply. For matters relating to Internet sale of prohibited
9
Laws and Entities substances like arms and narcotics the Arms Act, 1959, the Explosives Act,
Governing Cyberspace
1884, the Narcotic Drugs and Psychotropic substances Act, 1985 would apply.
Thus it can be inferred that while the IT Act is the quintessential Act regulating
conduct on the Internet based on the facts of a case or the nature of a transaction,
several other Acts may be applicable. Therefore, cyber laws includes the whole
set of legislation that can be applied to determine conduct on the Internet.
One of the main drawbacks of the Act seems to be its inadequacy in providing
sufficient data protection provisions. With the transformation of the Internet
into the main arena of conduct of economic activities, there is a danger of the
possibility of key data being the target of crooks, for snooping paparazzi, for
espionage agencies etc.
The IT Act does not offer much in terms of protection of intellectual property
on the net. In other words there are no provisions in the act to protect copyrights,
patents or trademarks. To take a more specific example, the Act has no
provisions to deal with what is known as ‘cyber squatting’ relating to domain
name disputes. Though the area is presently covered laws relating to intellectual
property like Trade Marks, it is desirable for the IT Act also to have such a
provision. For instance when a major company wishes to register a domain
name in lets say .in, and it suddenly finds someone else wholly unconnected
to the company having registered the name of the company in that category,
the company has no remedy under the IT Act though it has the trademark for
that name. Similarly, there are no provisions in the IT Act to address cyber
theft, cyber stalking, cyber defamation etc.
On privacy issues also the Act has come in for a lot of flak. It does not
prohibit behaviour like spams and unsolicited e-mails that flood one’s in-box.
Neither does it provide for instances where there is a misuse of confidential
private data collected online.
The IT Act also is silent on issues relating to cross border taxation arising out
of international trade, which in the long run is inevitable and would turn out
to be a contentious issue.
Even from the purely technological standpoint there is a criticism that the Act
binds digital signatures to the asymmetric encryption system, limiting the
scope of innovation in technology. This is a drawback given the fact that
technology is constantly changing with one system giving place to another.
There has been a general criticism of the wide powers given to the police
under the Act. Fear, especially among cyber café owners, regarding misuse of
powers under the IT Act, 2000 is not misplaced. Anyone can be searched and
arrested without any warrant at any point of time in a public place. But at the
13
Laws and Entities same time, the fact that committing a computer crime over the net and the
Governing Cyberspace
possibility of escaping thereafter is so much more viable, that providing such
policing powers to check the menace of computer crimes is also equally
important. Again, interception of electronic messages and e-mails might be
necessary under certain situations but the authorities cannot be given a free-
hand in interception as and when they feel. Similarly, we need to enquire and
delve deeper into police powers of investigation, search and warrant under the
IT Act, 2000 and look for a more balanced solution.
Another criticism of the Act seems to be that offences can be prosecuted both
under the civil and the criminal procedure system. Some of the instances that
provide for fine would have to be taken as per provisions of the civil procedure
code which is generally perceived to be a slow process. Other offences that
involve punishments of imprisonment would be as per the provisions of the
Criminal Procedure Code.
Finally, how the Act will be interpreted by a court of law and its implementation
and flaws in the long run are yet to be tested on a case-specific factual terrain
as the number of cases that have come before the higher courts under the Act
is just a handful.
A new section is being added (Sec 67(2)) to address child pornography with
higher punishment and fine of global standards. So also now a new form of
illegal conduct called video voyeurism, which means capturing the private
area of an individual without his/her consent and then transmitting it, has been
included as punishable conduct.
With regards to the use of encryption and also with relation to interception and
monitoring and decryption of any information, provisions that have a bearing
on national security, some changes based on the recommendation of the Ministry
of Home Affairs as well as the Inter Ministerial Working Group on Cyber
Laws and Cyber Forensics has been proposed.
Please answer the following Self Assessment Question.
1.7 SUMMARY
• With the phenomenal growth of information and communication
technology and its importance in development it was soon realised that
the field had to be regulated. Regulation of a technological advancement
bought in technology based laws, principally the IT Act.
• In this connection laws can be categorised into two classes—
15
Laws and Entities 1) Laws may be technology neutral such as laws relating to defamation,
Governing Cyberspace
forgery, contract company etc. Here it is immaterial whether activities
covered by these acts are performed on the Internet or not.
2) Laws relating to the activities which can be performed on the Internet
only such as hacking, denial of services, viruses etc.
• Cyber laws in the domestic field consist of the IT Act supplemented by
a wide number of other Acts.
• The Act gives legal recognition to e-commerce, e-governance, digital
signature keeping records in electronic form etc. It also defines crimes
relating to computer and Internet and makes provisions for their
investigation and makes provision for punishment.
• We have also seen that the IT Act has a lot of scope for improvement and
that an amendment is already in the cards. The expert committee set up
by the government has suggested making the Act more technology neutral.
Some of the amendments suggested by the committee are — replacement
of the word — digital signature by electronic signature, making provision
for electronic contract, child pornography, etc.
17
Laws and Entities
Governing Cyberspace UNIT 2 INFORMATION TECHNOLOGY
ACT – PART I
Structure
2.1 Introduction
2.2 Objectives
2.3 Statement of Objects and Reasons
2.4 Application of the Act – The Extra-Territorial Effect
2.5 Digital Signatures (Chapters II, V, VI, VII, VIII)
2.5.1 Controller of Certifying Authorities
2.5.2 Licence to Issue Digital Signature Certificates
2.6 E-governance (Chapter III)
2.6.1 Functional-Equivalent Approach
2.6.2 Legal Recognition of Electronic Records
2.6.3 Legal Recognition of Digital Signatures
2.6.4 Use of Electronic Records and Digital Signatures in Government and its
Agencies
2.6.5 Retention of Electronic Records
2.7 Summary
2.8 Terminal Questions
2.9 Answers and Hints
2.10 References and Suggested Readings
2.1 INTRODUCTION
In the previous unit we have tried to present a broad picture of the IT Act. In
the next two units, we shall examine the provisions of the Information
Technology Act, 2000 in detail. In this unit we shall discuss the objectives for
which this Act has been passed. This unit will also discuss the extra-territorial
application of the Act. This has become important because computer related
wrongs know no boundaries. A wrongful act committed in one country may
affect the computers and computer networks of not only the country where the
wrong has been committed but also of other countries.
The IT Act has introduced certain new concepts such as “digital signature”
“e-governance” etc. The Act gives legal recognition to the electronic records
and treat its at par with the paper based system if all the safeguards are
followed.
2.2 OBJECTIVES
After studying this unit you should be able to:
• discuss the aims and objectives of the Act i.e. what does the Act try to
achieve?
18
• analyse the concept of digital signature and discuss the powers and Information Technology
Act – Part I
functions of the issuing authorities a authority to exercise control over the
issuance of digital signatures; and
• discuss the provisions relating to e-governance and legal recognition of
electronic records.
Another object was clearly aimed at giving effect to the United Nations General
Assembly Resolution1 whereby the Model Law on Electronic Commerce was
adopted by the United Nations Commission on International Trade Law. It
recommended the States to give a favourable consideration to the Model Law
when they enact or revise their laws, ‘in view of the need for uniformity of the
law applicable to alternatives to paper-based methods of communication and
storage of information’. Thus, the idea has been to make a shift from the
paper-based system to electronic system whereby the communication and
storage of data would be through the electronic medium rather than on paper.
Cyber crimes have been dealt with by providing for punishment for certain
computer-related wrongs. Finally, the Act also provides for electronic transfer
of funds. Various other Acts namely the Indian Penal Code, 1860, the Indian
Evidence Act, 1872, the Reserve Bank of India Act, 1934 and the Bankers’
Books Evidence Act, 1891 have been suitably amended to suit the electronic era.
It is noticeable that with the IT Act, there has been a conceptual change with
regard to the applicability of a statute. Due to the borderless connectivity of
the computers through the Internet, and the ease with which one can commit
a cyber crime in India while physically located beyond the boundaries of the
country, the Parliament has made the provisions of the Act applicable
irrespective of where the accused might be physically located. In contrast, if
we see the extent of operation of the Indian Penal Code (IPC) under section
1,3 it extends only ‘to the whole of India except the State of Jammu and
Kashmir’. No further applicability clause has been provided for. Section 2 of
the IPC makes every person including a foreigner liable to punishment for
every act or omission contrary to the provisions of IPC, of which he/she shall
be guilty in India. Sections 3 and 4 of the IPC relate to the extra-territorial
operation of the Code. But these sections too are restrictive in nature and not
as broad as the combined effect of section 1(2) read with section 75 of the IT
Act.
Please answer the following Self Assessment Question.
VII, VIII)
Before we start discussing the topic of digital signature under the IT Act we
must bear in mind that the expert committee to review the IT Act (discussed
in the previous chapter) has proposed one major change that is the substitution
of “digital signature” with “electronic signature” through an amendment to
section 4. Digital signature is thus recognised as one of the types of electronic
signature only. Therefore, very soon all references to digital signature in the
IT Act may be substituted with electronic signature.
The whole system creates a hierarchy in which at the top of is the Controller
of Certifying Authorities who has the power to appoint Certifying Authorities
and grant them the licence to issue Digital Signature Certificates. In turn, the
Certifying Authorities can issue such Certificates to the subscribers. The process
of application, renewal, suspension and revocation of licence of the Certifying
Authorities has been provided. Likewise, the power to issue, suspend and
revoke digital signature certificates is given in the hands of the Certifying
Authorities. A hierarchy of digital signature certificates too has been provided
for the purpose of verification of genuineness of digital signatures which
ultimately can be verified by the Controller of Certifying Authorities who
under the Act is the highest authority for digital signatures and related matters.
The functions of the Controller have been enumerated under section 18 of the
Act. These functions basically relate to Certifying Authorities or Digital
Signature Certificate. It is the Controller’s duty to regulate and control almost
each and every activity of the Certifying Authorities. This is particularly
important since the primary work of the Certifying Authorities is issuance of
digital signatures and setting up infrastructure for its subsequent public
verification. The Controller also has the function of specifying the form and
content of a Digital Certificate and the key as also specifying the contents of
written, printed, or visual materials and advertisements that may be distributed
or used in respect of a Digital Signature Certificate and the public key. In case
of conflict of interests between the Certifying Authorities and the subscribers,
the Controller has been empowered to resolve the same.
Section 44 of the Act deems the fulfillment of the requirement of any information
to be in writing in typewritten or printed form, if such information fulfills two
conditions. Firstly, such information should be rendered or made available in
an electronic form (for example, in a floppy disk). Secondly, such information
is accessible as to be usable for a subsequent reference. The word ‘accessible’,
as per the UNCITRAL guide, is meant to imply that information in the form
of computer data should be readable and interpretable, and that the software
that might be necessary to render such information readable should be retained.
The word ‘usable’ is not intended to cover only human use but also computer
processing. ‘Subsequent reference’ seems to imply merely the need for future
reference. The carefully worded section does not seem to lay down any stringent
standards as to the reliability or durability of the electronic record. Rather, it
merely requires that such information if made available at a certain point of
time in electronic form should be available for usage at some future time as
well. The purpose is to basically provide a legal sanctity to production of any
information in electronic form. Whether such information provided is correct,
or authentic, or unaltered, or reliable is not within the purview of this section.
If the law provides something to be in writing, then, subject to certain
conditions, the legal requirement of writing would be fulfilled if such
information is in electronic form.
2.7 SUMMARY
• In this unit we have examined in detail the objects and reasons for the IT
Act, the applicability of the Act i.e. the extra territorial application of the
Act, provisions relating to digital signatures, e-commerce and e-
governance. This part of the IT Act deals with the recognition of the
electronic record and its legalisation as an alternative to paper based
records.
26
• The aim of the Act is to give legal recognition to the information collected, Information Technology
Act – Part I
stored and utilized in electronic form so as to facilitate electronic commerce
and e-governance.
• The Act gives legal recognition to digital signature and provides for the
issuance, of it. It also provides for the controlling mechanism to check
abuse of digital signature.
• The Act provides for the appointment of the controller of the certifying
authority who shall issue licences to the authorities who can issue digital
signatures. The Controller has also been granted powers to recognise
foreign certifying authorities in this respect.
• The Act adopts the functional equivalent approach i.e. if the electronic
records satisfy the same level of reliability as the paper document, it
should be given the same recognition as the paper based record.
It is noticeable that with the IT Act, there has been a conceptual change
with regard to the applicability of a statute. Due to the borderless
connectivity of the computers through the Internet, and the ease with
which one can commit a cyber crime in India while physically located
beyond the boundaries of the country, the Parliament has made the
provisions of the Act applicable irrespective of where the accused might
be physically located. In contrast, if we see the extent of operation of the
Indian Penal Code (IPC) under section 1, it extends only ‘to the whole
of India except the State of Jammu and Kashmir’. No further applicability
clause has been provided for. Section 2 of the IPC makes every person
including a foreigner liable to punishment for every act or omission
contrary to the provisions of IPC, of which he shall be guilty in India.
Sections 3 and 4 of the IPC relate to the extra-territorial operation of the
Code. But these sections too are restrictive in nature and not as broad as
the combined effect of section 1(2) read with section 75 of the IT Act.
2) Affixing the digital signature implies the electronic authentication of an
electronic document. It performs the same function as the signature by
hand. The Act makes provision for the appointment of a Controller of
Certifying Authorities that is empowered to grant licences to authorities
who may issue digital signatures. The Act makes elaborate provisions in
this regard.
3) Functional equivalent approach in the context of electronic signature and
records mean that they perform similar functions as the signature by hand
and paper based documents. If these are done with adequate safeguards,
they are more reliable than their traditional counterparts.
28
5. S. 5. Legal recognition of digital signatures. Where any law provides that Information Technology
Act – Part I
information or any other matter shall be authenticated by affixing the
signature or any document shall be signed or bear the signature of any
person (then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied, if such information
or matter is authenticated by means of digital signature affixed in such
manner as may be prescribed by the Central Government.
6. Para. 53 of the Guide to Enactment of the UNCITRAL Model Law on
Electronic Commerce (1996).
7. Explanation. — For the purposes of this section, “signed”, with its
grammatical variations and cognate expressions, shall, with reference to
a person, mean affixing of his hand written signature or any mark on any
document and the expression “signature” shall be construed accordingly.
8. S. 2(e). – ‘appropriate Government’ means as respects any matter, - (I)
enumerated in List II of the Seventh Schedule to the Constitution; (ii)
relating to any law enacted under List III of the Seventh Schedule to the
Constitution, the State Government and in any other case, the Central
Government.
29
Laws and Entities
Governing Cyberspace UNIT 3 INFORMATION TECHNOLOGY
ACT – PART II
Structure
3.1 Introduction
3.2 Objectives
3.3 Adjudication (Chapter IX)
3.3.1 Adjudicating Officer
3.3.2 Cyber Regulations Appellate Tribunal
3.4 Penalties and Offences (Chapter IX & XI)
3.4.1 Penalties
3.4.2 Offences
3.4.3 Investigation
3.5 Network Service Provider Liability (Chapter XII)
3.6 Amendments to Certain Statutes
3.6.1 Amendments to the Indian Penal Code, 1860
3.6.2 Amendments to the Indian Evidence Act, 1872
3.7 Summary
3.8 Terminal Questions
3.9 Answers and Hints
3.10 References and Suggested Readings
3.1 INTRODUCTION
In the previous unit you have seen that various new concepts such as digital
signature, e-governance, functional equivalent approach etc. have been
introduced by the IT Act, 2000. The first unit of this block gave you some idea
as to what types of challenges are faced by the legal system due to the
advancement of information technology.
You may have understood the fact that these challenges require different types
of adjudicatory mechanism and different types of offences and penalties to be
incorporated in law because the existing law cannot deal adequately with
these issues.
The Act also amends certain provisions of Indian Penal Code, Indian Evidence
Act etc. The objective of these amendments is to enlarge the definitions of
certain offences so as to include within them the commission of these offences
electronically and give legal recognition to evidence of electronic records.
30
While studying this unit it is recommended that apart from the copy of the IT Information Technology
Act – Part II
Act, 2000, you should also keep the copies of the IPC, 1860 and Indian
Evidence Act, 1872 with you for having a glance at the bare provisions of
these Acts to understand the true scope of this unit.
3.2 OBJECTIVES
After studying this unit, you should be able to:
• define the term and discuss network service provider and his/her liabilities
for offences committed using his/her network. What are the circumstances
under which he/she may be exempted from such liabilities?
31
Laws and Entities 3.3.2 Cyber Regulations Appellate Tribunal
Governing Cyberspace
Section 57 of the Act provides for appeal to the CRAT. Sub-section (1) gives
the right to appeal to any person who is aggrieved by the order of the Controller
or an adjudicating officer under this Act to CRAT having jurisdiction in the
matter. However, this right is subject to the provisions of sub-section (2)
which prohibits any appeal against any order of an adjudicating officer made
with the consent of the parties.
Section 61 of the Act bars the jurisdiction of all other courts to entertain any
suit or proceeding in respect of any matter which an adjudicating officer or the
CRAT is empowered under this Act to determine. The section further provides
that no injunction shall be granted by any court or other authority in respect
of any action taken or to be taken in pursuance of any power conferred under
this Act.
Section 62 of the Act provides for an appeal to the High Court against the
order of the CRAT. Such appeal can be made on any question of fact or law
arising out of the order appealed against. The scope, therefore, of interference
in the order of the CRAT by the High Court is quite wide.
32
Please answer the following Self Assessment Question. Information Technology
Act – Part II
Self Assessment Question 1 Spend 3 Min.
Give a brief account of the powers and functions of the adjudicating
officer and the CRAT.
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
3.4.1 Penalties
Three kinds of conduct have been listed out in the Act which would give rise
to civil consequences. Firstly, any person involved in any action relating to
damage to computer, computer system, etc., under section 43 of the Act,
would be liable to damages. Second group pertains to failure to furnish
information, returns, etc. under section 44. And finally section 45 contains the
residuary clause.
Section 43 of the Act provides a list of activities which, if carried out by any
person without the permission of the owner or any other person who is in
charge of a computer, computer system or computer network, would cause
such person who is carrying out the act to be liable to pay damages by way
of compensation not exceeding one crore rupees to the person so affected.
Such activities include:
A) Accessing or securing access to a computer, computer system or computer
network. This in effect refers to unauthorized access.
33
Laws and Entities B) Downloading, copying or extracting any data, computer database or
Governing Cyberspace
information from such computer, computer system or computer network
including information or data held or stored in any removable storage
medium. This means data theft and would also include acts of copyright
infringement like downloading of music.
C) Introducing or causing to be introduced any computer contaminant or
computer virus into any computer, computer system or computer network.
D) Damaging or causing to be damaged any computer, computer system or
computer network, data, computer database or any other programmes
residing in such computer, computer system or computer network.
E) Disrupting or causing disruption of any computer, computer system or
computer network.
F) Denying or causing the denial of access to any person authorized to
access any computer, computer system or computer network by any means.
G) Providing any assistance to any person to facilitate access to a computer,
computer system or computer network in contravention of the provisions
of this Act, rules or regulations made there under. This is a facet of
hacking.
H) Charging the services availed of by a person to the account of another
person by tampering with or manipulation any computer, computer system
or computer network. This refers to theft of Internet hours.
Confiscation of computer, computer system, floppies, compact disks, tape
drives or any other accessories in respect of which of any provision of this
Act, rules, orders or regulations has been or is being contravened, can be
resorted to under section 76.
3.4.2 Offences
Chapter XI of the Act enumerates the various acts which constitute an offence
under the Act along with the punishment be it either imprisonment or fine or
both. Such offences:
Section 78 of the Act places the powers of investigation with a police officer
not below the rank of Deputy Superintendent of Police. This provision overrides
anything contrary in the Code of Criminal Procedure. Section 80 confers the
powers on police officers to enter and search premises.
Please answer the following Self Assessment Question.
38
Please answer the following Self Assessment Question. Information Technology
Act – Part II
Self Assessment Question 3 & 4 Spend 6 Min.
Discuss in brief the amendment made by the IT Act, 2000 in the IPC.
What is the objective behind these amendments?
Discuss the amendments made by the IT Act, 2000 in the Evidence Act,
1872. What is the purpose of this amendment?
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
3.7 SUMMARY
In this unit we have discussed the adjudicatory mechanisms provided in the
IT Act, 2000. We have also discussed the offences and penalties provided for
in the Act including the liability of the service providers. Finally we have also
examined the amendments made by the IT Act, 2000 in the Indian Penal
Code, 1860 and Indian Evidence Act, 1872. The purpose of these amendments
is to redefine various offences so as to include the commission of these offences
electronically and to give the electronic records the same evidentiary value as
the paper based documents.
3 & 4) The objective of the amendments in the various statutes by this act is
to give same status to the electronic records and signature as the paper based
documents and signature underhand.
42
UNIT 4 INTERNATIONAL TREATIES,
CONVENTIONS AND PROTOCOLS
CONCERNING CYBERSPACE
Structure
4.1 Introduction
4.2 Objectives
4.3 United Nations Commission on International Trade Law
4.4 World Summit on Information Society
4.5 United Nations Commission on Trade and Development
4.6 Council of Europe
4.7 World Trade Organization
4.8 World Intellectual Property Organization
4.9 Summary
4.10 Terminal Question
4.11 Answers and Hints
4.12 References and Suggested Readings
4.1 INTRODUCTION
After discussing domestic law in the previous three units, in this unit we shall
discuss the international instruments and institutions dealing with cyber law
and cyberspace. These are also integral parts of the legal system because the
challenges posed by ICT are of universal nature, hence they cannot be addressed
by one country alone without international cooperation.
The laws of cyber laws constitute the laws and regulations administered by
national institutions together with the ones administered by international,
intergovernmental and international non governmental organizations. Several
International agencies are active in matters relating to the regulation of
cyberspace and the media through which they execute these regulations are
international legal instruments like treaties, agreements, conventions, charters,
protocols, declarations, memoranda of understanding, modus vivendi and
exchange of notes. In fact, the meaning of the terms used to describe an
international instrument is variable, changing from State to State, from region
to region and instrument to instrument. Some of the terms can easily be
interchanged: an instrument that is designated “agreement” might also be
called “treaty”. The 1969 Vienna Convention on the Law of Treaties is the
principal law governing the international law of rights and obligations that
treaties entail. In this chapter we shall discuss some of the important
international instruments that have a bearing on the global cyber law regime
and as a natural corollary we shall also examine the work of the international
organizations that are the custodians of these instruments.
43
Laws and Entities
Governing Cyberspace 4.2 OBJECTIVES
After studying this unit you should be able to:
• discuss the efforts made internationally to facilitate the growth and
accessibility of Information and Communication Technology; and
• examine the role played by the international organizations and agencies
to give electronic records the same recognition as paper based documents.
Following the framing of the Model Law the United Nations General Assembly
by its Resolution No. 51/62, dated 30th January 19972 , recommended that all
states should give favourable consideration to the said law when they frame
or revise their own law. The model law with its provision for equal treatment
of users of electronic communications and paper based communication soon
became the basis of several national legislations including the Information
Technology Act of 2000 of India.
Currently the UNCITRAL in 2005 came out with the United Nations
Convention on the Use of Electronic Communications in International
Contracts. This was adopted by the General Assembly on 23 November 2005;
the Convention aims to enhance legal certainty and commercial predictability
where electronic communications are used in relation to international contracts.
It addresses the determination of a party’s location in an electronic environment;
44
the time and place of dispatch and receipt of electronic communications; the International Treaties,
Conventions and Protocols
use of automated message systems for contract formation; and the criteria to Concerning Cyberspace
be used for establishing functional equivalence between electronic
communications and paper documents — including “original” paper documents
— as well as between electronic authentication methods and hand-written
signatures. This instrument is now open for countries to sign and ratify.
Please answer the following Self Assessment Question.
UNCTAD has also published the Digital Divide: ICT Development Indices
2004, which benchmarks ICT diffusion for over 150 countries using indices
of connectivity and access. It also monitors trends in ICT development to raise
awareness and helps formulate policies aimed at narrowing the digital divide.
The Convention contains four chapters: (I) Use of terms; (II) Measures to be
taken at domestic level – substantive law and procedural law; (III) International
co-operation; (IV) Final clauses.
49
Laws and Entities Section 1 of Chapter II (substantive law issues) covers both criminalization
Governing Cyberspace
provisions and other connected provisions in the area of computer- or computer-
related crime: it first defines 9 offences grouped in 4 different categories, then
deals with ancillary liability and sanctions. The following offences are defined
by the Convention: illegal access, illegal interception, data interference, and
system interference, misuse of devices, computer-related forgery, computer-
related fraud, offences related to child pornography and offences related to
copyright and neighbouring rights.
Chapter III contains the provisions concerning traditional and computer crime-
related mutual assistance as well as extradition rules. It covers traditional
mutual assistance in two situations: where no legal basis (treaty, reciprocal
legislation, etc.) exists between parties – in which case its provisions apply –
and where such a basis exists – in which case the existing arrangements also
apply to assistance under this Convention. Computer- or computer-related
crime specific assistance applies to situations and covers, subject to extra-
conditions, the same range of procedural powers as defined in Chapter II. In
addition, Chapter III contains a provision on a specific type of transporter
access to stored computer data which does not require mutual assistance (with
consent or where publicly available) and provides for the setting up of a 24/7
network for ensuring speedy assistance among the Parties.
After the Doha Ministerial Declaration, the General Council agreed to hold
“dedicated” discussions on cross-cutting issues, i.e. issues whose potential
relevance may “cut across” different agreements of the multilateral system. So
far, there have been five discussions dedicated to electronic commerce, held
under the General Council’s auspices.
Participants in the dedicated discussions hold the view that the examination
of these crosscutting issues is unfinished, and that further work to clarify these
issues is needed.
Please answer the following Self Assessment Question.
Among the IP Issues on the Internet, the problem of the abusive registration
of trademarks as domain names known in other words as cyber squatting is
one of the areas that the WIPO addresses. The WIPO works through Uniform
Domain Name Dispute Resolution Policy adopted by ICANN, and provides
the services of a Domain name registrar. It also provides for alternative dispute
resolution services through its Arbitration and Mediation center.
Significant issues in the field of copyright have been examined for a number
of years through various public and private processes, at WIPO and other
international organizations, and at national and regional levels. Significant
progress has been made, with international consensus having already emerged
on some of these issues. In 1996, two treaties were adopted by consensus by
more than 100 countries at WIPO: the WIPO Copyright Treaty (WCT) and
the WIPO Performances and Phonograms Treaty (WPPT) (commonly referred
to as the “Internet Treaties”). The treaties, each having reached their 30th
ratification or accession, both have entered into force: the WCT on March 6,
2002, and the WPPT on May 20, 2002.
The WIPO Internet Treaties are designed to update and supplement the existing
international treaties on copyright and related rights, namely, the Berne
Convention and the Rome Convention. They respond to the challenges posed
by the digital technologies and, in particular, the dissemination of protected
material over the global networks that make up the Internet. The contents of
the Internet Treaties can be divided into three parts: (1) incorporation of
certain provisions of the TRIPS Agreement not previously included explicitly
in WIPO treaties (e.g. protection of computer programs and original databases
as literary works under copyright law); (2) updates not specific to digital
technologies (e.g., the generalized right of communication to the public); and
(3) provisions that specifically address the impact of digital technologies.
Although the Internet Treaties have now entered into force, in order that they
are truly effective in the digital environment, they must become widely adopted
in countries around the world, and their provisions must be incorporated in
52 national legislation.
There have also been some regulations from other intergovernmental bodies International Treaties,
Conventions and Protocols
like the European Union and also by international non-governmental bodies Concerning Cyberspace
like international chambers of Commerce.
4.9 SUMMARY
Cyber laws also include all the international instruments governing cyberspace.
Therefore in this chapter we have examined some important international
treaties, bodies international instruments formulated by various international
organizations such as the United Nations Commission on International Trade
Law (UNCITRAL), the work of the World Summit on Information Society
(WSIS), the United Nations Commission on Trade and Development
(UNCTAD), Council of Europe, World Trade Organization (WTO) and the
World Intellectual Property Organization (WIPO).
53
Laws and Entities 2) Under the aegis of the United Nations, with the International
Governing Cyberspace
Telecommunication Union playing a key role, a World Summit on
Information Society (WSIS) was held in two phases in Geneva, 1-12
December 2003 and in Tunis, 16-18 November 2005. In Geneva in 2003,
world leaders realising the immense potential of information and
communication technologies in human development, declared their
“common desire and commitment to build a people-centered, inclusive
and development oriented information society, where everyone can create,
access, utilize and share information and knowledge, enabling individuals,
communities and peoples to achieve their full potential in promoting their
sustainable development and improving their quality of life, premised on
purposes and principles of the Charter of the United Nations and respecting
fully and upholding the Universal Declaration of Human Rights.” Amongst
the objectives of the of the WSIS was to address the uneven distribution
of the benefits of the information technology revolution between the
developed and developing countries and within societies, what is known
as the digital divide.
A Plan of Action was adopted in Geneva to give effect to the vision of
an inclusive information and communication society aimed at bridging
the digital divide and building digital solidarity. The targets that were laid
down in the action plan to be achieved by 2015 by all nations are listed
below.
a) to connect villages with ICTs and establish community access points;
b) to connect universities, colleges, secondary schools and primary
schools with ICTs;
c) to connect scientific and research centres with ICTs;
d) to connect public libraries, cultural centres, museums, post offices
and archives with ICTs;
e) to connect health centers and hospitals with ICTs;
f) to connect all local and central government departments and establish
websites and e-mail addresses;
g) to adapt all primary and secondary school curricula to meet the
challenges of the Information Society, taking into account national
circumstances;
h) to ensure that all of the world’s population have access to television
and radio services;
i) to encourage the development of content and to put in place technical
conditions in order to facilitate the presence and use of all world
languages on the Internet;
j) to ensure that more than half the world’s inhabitants have access to
ICTs within their reach.
54
3) The growing importance of electronic commerce in global trade led World International Treaties,
Conventions and Protocols
Trade Organization (WTO) members to adopt a declaration on global Concerning Cyberspace
electronic commerce on 20 May 1998 at their Second Ministerial
Conference in Geneva, Switzerland. The Declaration directed the WTO
General Council to establish a comprehensive work programme to examine
all trade-related issues arising from electronic commerce, and to present
a progress report to the WTO’s Third Ministerial Conference.
55
Laws and Entities
Governing Cyberspace UNIT 5 GUIDELINES ISSUED BY VARIOUS
MINISTRIES
Structure
5.1 Introduction
5.2 Objectives
5.3 Broadband Policy, 2004
5.4 .IN Internet Domain Name – Policy Framework
5.5 Draft Policy Guidelines on Web-site Development, Hosting and
Maintenance
5.6 New Telecom Policy 1999 (NTP 1999)
5.7 Information Technology Security Guidelines
5.8 SEBI Guidelines on Internet-based Trading and Services
5.9 Guidelines for Setting up of International Gateways for Internet
5.10 Summary
5.11 Terminal Questions
5.12 Answers and Hints
5.1 INTRODUCTION
Different ministries under the Government of India as also State Governments
have come out with guidelines and policy related to information technology.
Under the Government of India the most important guidelines pertaining to
the information and communication technologies have been issued by the
Ministry of Communications and Information Technology and under it the
Department of Information Technology and also the Department of
Telecommunications. Some other ministries have also issued guidelines for
instance relating to e-governance. Guidelines and regulations issued by
regulators like the Telecom Regulatory Authority of India also have a strong
bearing on the subject. In this unit we would go through some of the more
important guidelines and policy statements issued by the ministries, which
have a bearing on the universe of cyber laws and regulations in the Indian
context.
5.2 OBJECTIVES
After studying this unit you should be able to:
• analyse how these guidelines have facilitated the growth and accessibility
of ICT.
56
Guidelines Issued by
5.3 BROADBAND POLICY, 2004 Various Ministries
The policy explains: it is a fact that the demand for Broadband is primarily
conditioned and driven by Internet and PC penetration. The current level of
Internet and Broadband access in the country is low as compared to many
Asian countries. Penetration of Broadband, Internet and Personal Computer in
the country was 0.02%, 0.4% and 0.8% respectively at the end of December,
2003. Currently, high speed Internet access is available at various speeds from
64 kilobits per second (kbps) onwards and presently an always-on high speed
Internet access at 128 kbps is considered as ‘Broadband’. While there are no
uniform standards for Broadband connectivity, various countries follow various
standards. The policy defines Broadband connectivity as:
The policy estimates a growth for Broadband and Internet subscribers in the
country through various technologies is as follows:
57
Laws and Entities Please answer the following Self Assessment Question.
Governing Cyberspace
Self Assessment Question 1 Spend 3 min.
Discuss the broad band Policy of the Indian Government.
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
The policy explains that the system of registration of Internet domain names
can facilitate the proliferation of Internet in a country. Many countries have
therefore adopted liberal and market friendly policies to register large number
of Internet domain names under their country code, broadly consistent with
global policy and procedures of domain registration. The policy identified that
in India; just under 7000 domains have been registered by the Registry at 2nd
58
and 3rd levels under .IN country code over the past decade or so. This number Guidelines Issued by
Various Ministries
does not truly represent the penetration of Information Technology (IT) in
India when compared with a number of companies and public institutions
engaged in IT and IT enabled services (ITeS). The slow growth of .IN domain
has been adjudged to be largely due to the absence of contemporary processes
and infrastructure, and an over cautious registration policy followed. It is
widely recognised that .IN domain name has untapped growth potential. A
proactive policy for .IN domain proliferation can establish the .IN as a globally
recognised symbol of India’s growth and developments in the area of
information technology. Therefore, the policy under the new framework for
implementation of .IN Registry focuses on creating liberal, efficient and market
friendly processes and a distributed organizational structure.
Under the policy, The National Internet Exchange of India (NIXI), a not-for-
profit company formed under section 25 of Indian Companies Act, 1956
promoted by the Department of Information Technology (DIT) in association
with the Internet Service Providers Association of India (ISPAI). It has been
entrusted with the responsibility of setting up the Registry for .IN country
code Top Level Domain name (ccTLD). For this the NIXI will create the .IN
Network Information Centre (INNIC) to operate as a Registry for .IN domain
in India.
With the implementation of the new policy by INNIC under NIXI, a 100,000
.IN domain name registrations at the end of 1st of its operation year has been
targeted, with an average annual growth of 50% over a couple of years
thereafter.
The following will be the institutional framework of the .IN Registry:
• The .IN Registry will be a Not-for-Profit organization, and will function
as an autonomous body, accountable to the government. Its responsibility
will be to maintain .IN domain to ensure its operational stability, reliability
and security.
• An executive order through a gazette notification will be issued by the
Department of Information Technology (DIT), Government of India
according a legal status to the Registry for .IN domain in India. It will
also mention the role of National Informatics Centre (NIC), ERNET and
the nominated Defense Organization as Registrars for handling .gov.in,
edu.in, .ac.in and .mil.in registrations respectively.
• The .IN Registry by itself will not carry out registrations. It will do so
through a number of Registrars to be appointed by it through an open
process of selection on the basis of transparent eligibility criteria.
• The Registrars will either be ISPs themselves who are connected to the
National Internet Exchange of India (NIXI), or use the services of such
ISP who is connected to NIXI.
The policy also includes the .In Sunrise Policy and the .IN Domain Name
Dispute Resolution Policy (INDRP). Under the sunrise policy, owners of
registered Indian trademarks or service marks who wish to protect their marks
have been given the opportunity to apply for .IN domain names before the
general public. 59
Laws and Entities
Governing Cyberspace 5.5 DRAFT POLICY GUIDELINES ON WEB-
SITE DEVELOPMENT, HOSTING AND
MAINTENANCE
The Department of Administrative Reforms and Public Grievances under the
Ministry of Personnel, Public Grievances and Pensions issued Draft Policy
guidelines on Web-site Development, Hosting and Maintenance for the guidance
of other ministries and departments of the government. The guidelines have
been laid down with the objective of inspiring and facilitating the “realisation
of an e-government, which encompasses interlaid the development and
deployment of citizen centric services through web enabled processes, electronic
workflows, enabled applications, collaborative partnerships and participation
of citizens, clients and stakeholders”.
The guidelines recognised that the Web site of a Ministry/Department or its
portal which integrates several Websites of its constituent offices and units, is
a speedy and effective means for dissemination of information, interaction
with people and for delivery of services to citizens. Also that the Portal or
Website is significant in terms of its capability and potential in serving as an
important link between the government and the citizens. It presents the face
of the organization, its mission, vision, functions, activities, performance, etc.
It provides features enabling public and stakeholders to give their views/
feedback and in realising digital democracy.
Effective operation and management of the website and associated electronic
workflows, re-engineered processes, enhance the quality of governance, help
achieve improved productivities and realise envisaged outcomes leading to a
responsive and transparent governance leveraging on knowledge, inputs,
feedback of citizens and stakeholders.
The guidelines have stated that in order to further the aims and objectives
described above, the Website will include the following main contents:-
• Mission, Vision, Objectives, Clients, Charter
• Organizational Set-up and Directory
• Functions
• Constitutional, Legal and Administrative Framework
• Ministry
• Plan, Schemes, Programmes and Projects
• Services offered
• Publications and Reports
• Feedback Mechanism
• Notice Board, what is new?
• Announcements, Press Release, Tenders, Procurement and Disposal
• FAQ and Help
60 • Archives
Guidelines Issued by
5.6 NEW TELECOM POLICY 1999 (NTP 1999) Various Ministries
After the Telecom Policy of 1994, the government came out with a New
Telecom Policy in 1999. Some of the provisions have a bearing on cyber-
space like the statement on electronic commerce. The policy says, “On-line
Electronic Commerce will be encouraged so that information can be passed
seamlessly. The requirement to develop adequate bandwidth of the order of
10 Gb on national routes and even terabytes on certain congested important
national routes will be immediately addressed to so that growth of IT as well
as electronic commerce will not be hampered.” Similarly on Internet Telephony
the policy says, “Internet telephony shall not be permitted at this stage. However,
Government will continue to monitor the technological innovations and their
impact on national development and review this issue at an appropriate time”.
The policy also elaborates on the role of a regulator. The Telecom Regulatory
Authority of India (TRAI) was formed in January 1997 with a view to provide
an effective regulatory framework and adequate safeguards to ensure fair
competition and protection of consumer interests. The Government is committed
to a strong and independent regulator with comprehensive powers and clear
authority to effectively perform its functions.
When different pieces of information at one level are integrated to form higher
value information, the responsibility for its security needs also should go up
in the hierarchy to the integrator and should require higher level of authority
62
for its access. It should be absolutely clear with respect to each information Guidelines Issued by
Various Ministries
as to who are its owner, its custodian, and its users. It is the duty of the owner
to assign the right classification to the information so that the required level
of security can be enforced. The custodian of information is responsible for
the proper implementation of security guidelines and making the information
available to the users on a need to know basis.
5.10 SUMMARY
The guidelines issued by the various ministries also form the integral part of
the regulatory environment of the cyberspace. Thus in this unit we have
examined some of the important guidelines issued by the various ministries.
These include the Broadband Policy, 2004, .IN Internet Domain Name – Policy
Framework, Draft Policy Guidelines on Web-site Development, Hosting and
64
Maintenance, the New Telecom Policy, 1999 (NTP 1999), the Information Guidelines Issued by
Various Ministries
Technology Security Guidelines, the SEBI Guidelines on Internet-based Trading
and Services and Guidelines for Setting up International Gateways for Internet.
65
UNIT 6 INTRODUCTION TO COMPUTER
WRONGS
Structure
6.1 Introduction
6.2 Objectives
6.3 Computer Wrongs
6.4 Classification of Computer Crimes
6.5 Commission of Multiple Computer Wrongs
6.6 Challenges to Laws
6.6.1 Technology-neutral and Technology-based Laws
6.6.2 Regulation Versus Freedom on the Internet
6.6.3 Internet Crime Different from other Technology Crimes
6.7 Information Technology Act, 2000
6.8 Offences Under the IT Act
6.9 Investigation Under the IT Act
6.10 Convention on Cyber Crime – Council of Europe
6.11 Summary
6.12 Terminal Questions
6.13 Answers and Hints
6.14 References and Suggested Readings
6.1 INTRODUCTION
In this unit which is the first unit of this block, attempt has been made to give
an overview of the computer wrongs. In the subsequent units we shall discuss
various classes of computer wrongs.
5
Cyber Crimes and Torts
6.2 OBJECTIVES
After studying this unit, you should be able to:
• discuss the concepts of computer wrong and how the civil wrongs can
be distinguished from the computer crimes, how the computer crimes are
classified;
• distinguish between the concept of technology based and technology
neutral laws;
• examine the issues involved in the regulation of cyberspace; and
• discuss how the matter has been dealt by the I.T. Act, 2000.
WRONGS
Another concern in computer crimes is the possibility of and ease with which
an offender can commit multiple crimes at one goes. It is very possible and
in fact, quite likely that an offender in the process of committing one computer
crime commits other crimes as well. We can take a few instances to illustrate
the point:
A) In case of data theft, one has to hack (unauthorized access) the computer
or any other electronic storage medium and only then can be commit
theft. Thus data theft includes hacking and theft.
B) To initiate a Distributed Denial-of-service, installation of virus, and Trojan
horses on the ‘slave’/compromised systems would be needed. The date
of ‘target’ computer may also be altered or destroyed in the process.
Thus, DDoS includes hacking, introduction of virus and data alteration.
C) Web defacing can be achieved by first hacking into the computer system.
The Indian statutory regulation, specifically Section 66 of the Indian Information
Technology Act, 2000, in the area of computer crimes is quite comprehensive
and concise. It is noticeable that most of the computer crimes culminate into
section 66. Subsequent units on specific computer crimes would make the
point clear.
Please answer the following Self Assessment Question.
7
Cyber Crimes and Torts
6.6 CHALLENGES TO LAWS
India is today re-discovering itself – technologically. Being a developing country,
it realises that the Internet and the use of computers are powerful tools for its
economic development. Economic development presupposes existence of an
appropriate regulatory regime. The biggest challenge to the law is to keep
pace with technology.
Clearly, with the development of new technology and with the realisation that
such technology affects human life and relations and the peace, order and
proprietary rights in society, laws must be framed to regulate conduct
accordingly. Let’s take for instance theft of passwords. Passwords are a
combination of alphabets and numbers and are central to the operation of
computers. These are nothing but keys to gain entry into computer systems.
Stealing a password or unauthorized access using someone else’s password
must be recognised as merely the first step to committing a crime. Similarly,
networks need to be recognised as highways for movement of information and
communication and not for cranks to dig holes or put up impediments. One
can enter into a private computer network only when one is authorized to
enter much the same way as to enter into a private physical space. Web pages
as private property can be considered as displays in shops. One can watch but
cannot break the glass of the shop. Similarly, one can browse, but not tamper
with or destroy.
8
Please answer the following Self Assessment Question. Introduction to Computer
Wrongs
Self Assessment Question 2 Spend 3 Min.
What is technology based law and technology neutral law?
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
In the following units, common computer crimes have been discussed. Wherever
possible, not only the meaning and scope of the crime but also its coverage
under the Indian Information Technology Act, 2000, the Indian Penal code and
other minor criminal Acts have been discussed. The computer crimes can be
classified into the following categories:
33(2) Failure of any Certifying Authority to surrender Person in whose favour the licence is
a licence under Section 33(1) after such licence issued shall be punished with
has been suspended or revoked [Section 25(1)]. imprisonment which may extend upto
six months or a fine which may extend
upto Rs.10,000 or both.
68(2) Failure to comply with the order of Controller Punishable with imprisonment for a
under section 68(1) which empowers the term not exceeding three years or to a
Controller to direct, by order, a Certifying fine not exceeding Rs. 2,00,000/- or
Authority or any employee of such Authority to both.
to take such measures or cease carrying on
such activities as specified in the order if those
are necessary to ensure compliance with the
provisions of this Act, rule or any regulations
made thereunder.
69(3) Failure to assist an agency [referred in section Punishable with imprisonment for a
69(2)] which is required to intercept any term which may extend to seven years.
information as required by an order of the
Controller [under section 69(1)]
11
Cyber Crimes and Torts
appropriate Government vide a notification may extend to ten years and shall also be
under section 70(1)] in contravention of the liable to fine.
provisions of this section [that is such person
is not authorized by the appropriate
Government under section 70(2) to access
the protected system].
72 Securing access to any electronic record, Punishable with imprisonment for a term
book, register, correspondence, information, which may extend to two years, or with
document or other material by any person in fine which may extend to one Rs.
pursuance of any of the powers conferred 1,00,000/- or with both.
under this Act, rules or regulations made
thereunder without the consent of the person
concerned and thereafter, disclosing such
electronic record, etc. to any other person.
6.11 SUMMARY
Computer wrongs include both civil wrongs and crimes. The Information
Technology Act, 2000 covers both– civil wrongs and crimes. For the purposes
of committing a crime, a computer can be used both as a tool as well as a
target. Sometimes, it is used to make the offender more efficient in the
commission of the crime. It is very possible and in fact, quite likely that an
offender in the process of committing one computer crime commits other
crimes as well. One of the challenges of making technology-based laws is that
there is a chance of such laws being outdated soon. The debate in the world
between regulation and freedom on the Net has now more or less been settled
in favour of the need for regulation. Governments have begun taking steps to
regulate the Net.
2) Technology based laws are those in which computer is the means or the
target of the crime such as hacking etc. While technology neutral laws
are ordinary laws and it is immaterial whether computer is used or not
such as defamation etc.
1. See, for example, David R. Johnson & David Post. “Law and Borders—
<http://www.lessig.org/content/standard/0,1902,3006,00.html>.
1199-1250.
coe.int/Treaty/en/Treaties/html/185.htm>.
16
UNIT 7 CONVENTIONAL CRIMES
THROUGH COMPUTER
Structure
7.1 Introduction
7.2 Objectives
7.3 Cyber Defamation
7.3.1 Quantitative Impact of Cyber Defamation
7.3.2 Qualitative Impact of Cyber Defamation
7.3.3 Corporate Cyber Smear
7.3.4 Indian law
7.4 Digital Forgery
7.4.1 Indian Law
7.4.2 Convention on Cyber Crime – Council of Europe
7.5 Cyber Pornography
7.5.1 Increase in Cyber Pornography
7.5.2 Child Pornography
7.5.3 Indian Law
7.5.4 Cyber Crime Convention
7.6 Cyber Stalking/Harassment
7.6.1 Preferred Mode of Harassment
7.6.2 Indian Law
7.7 Online Gambling
7.7.1 Indian Law
7.8 Online Sale of Illegal Articles
7.8.1 Indian Law
7.9 Summary
7.10 Terminal Questions
7.11 Answers and Hints
7.12 References and Suggested Readings
7.1 INTRODUCTION
In the previous unit we have tried to give the general introduction of the
computer wrongs. In this unit we shall discuss the offences which are known
as the technologically neutral offences. These offences do not depend on
computer for their commission although their quantitative and qualitative impact
changes when committed on the cyberspace.
Many of the wrongful acts enlisted as an offence under the Indian Penal Code,
1860 are capable of being committed with the use or aid of or through computers
and technology. The technology acts only as a new medium to commit such
17
Cyber Crimes and Torts crimes. With the ease of use and anonymity available on the Internet, many
of the crimes like defamation, forgery, pornography, etc. are being committed
online.
While studying this unit you should keep the copy of the IPC for the quick
references of the definitions of the offences discussed in this unit.
7.2 OBJECTIVES
After studying this unit, you should be able to:
• discuss the offences defined under Indian Penal Code which are capable
of being committed on the internet;
• examine the new dimensions that have been added to these offences by
the use of information and communication technology (ICT); and
• analyse whether the provisions of Indian Penal Code dealing with these
offences are capable enough to address the challenges posed by the
information and communication technology with regard to these offences.
In the good old days, slander was more popular and possible. After the
popularity of the printing press, one witnessed the increase in libel. With the
advent of information technology and the Internet, libel has become much
more common and of course, easier. In this context, arises cyber defamation.
In simple words, it implies defamation by anything which can be read, seen
or heard with the help of computers/technology. Since the Internet has been
described as having some or all of the characteristics of a newspaper, a television
station, a magazine, a telephone system, an electronic library and a publishing
house, there are certain noticeable differences between online and offline attempt
of defamation which makes the online defamation more vigorous and effective.
19
Cyber Crimes and Torts 499. Defamation.Whoever, by words either spoken or intended to be read, or
by signs or by visible representations, makes or publishes any imputation
concerning any person intending to harm, or knowing or having reason to
believe that such imputation will harm, the reputation of such person, is said,
except in the cases hereinafter expected, to defame that person.
A bare perusal of the section above makes it clear that no specific mention has
been made with regard to any electronic publication. Section 4 of the IT Act,
however, gives legal recognition to electronic records. It reads as under:
Section 464 of the IPC was amended by section 91 of the IT Act to include
a false electronic record. Under section 464, a person is said to make a false
electronic record:
1) Who dishonestly or fraudulently makes or transmits any electronic record
or part of any electronic record, or, affixes any digital signature on any
electronic record, or, makes any mark denoting the authenticity of the
digital signature, with the intention of causing it to be believed that such
electronic record or part of electronic record or digital signature was
made, executed, transmitted or affixed by or by the authority of a person
by whom or by whose authority he knows that it was not made, executed
or affixed; or 21
Cyber Crimes and Torts 2) Who, without lawful authority, dishonestly or fraudulently, by cancellation
or otherwise, alters an electronic record in any material part thereof, after
it has been made, executed or affixed with digital signature either by
himself or by any other person, whether such person be living or dead
at the time of such alteration; or
Explanation 3 to section 464 has also been inserted which, for the purpose of
this section, provides for the expression ‘affixing digital signature’ to have the
same meaning as assigned to it in section 2(1)(d)3 of the IT Act.
22
Please answer the following Self Assessment Question. Conventional Crimes
Through Computer
Self Assessment Question 2 Spend 3 Min.
What is digital forgery? How the technology has made its detection
sometimes very difficult?
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
Individuals can easily view thousands of pornographic images day and night
within the privacy of the four walls of their homes. The Internet has decreased
the hurdle of shame that comes with purchasing pornographic materials in a
shop or the embarrassment of being caught with physical hard copies of porno
23
Cyber Crimes and Torts materials. The consumer of such publications is more comfortable in opening
a website and viewing/watching. With availability of broadband connections
and high downloading speeds, the demand, though privately, seems to have
risen.
On the other hand, anonymity has encouraged the offender to come out with
more explicit and real material with higher degrees of inducement. Anybody
can upload information onto a website from anywhere with the entire world
as its market/consumer. It is extremely difficult to pinpoint persons responsible
for such activities. It is also important to note that in countries where certain
degree of pornographic material is permitted to be published and distributed,
offenders quite often publish their information online from such countries
though knowing well that the online market extends well beyond the
geographical boundaries.
e) Ease of indirect harassment: The cyber stalker does not directly harass
his victim. Rather, he would post such comments on a common discussion
board that would prompt the other users to send messages to the victim
under a misconceived notion.
In the first successful prosecution under California’s new cyber stalking law,
prosecutors in the Los Angeles District Attorney’s Office obtained a guilty
plea from a 50-year-old former security guard who used the Internet to solicit
the rape of a woman who rejected his romantic advances. The defendant
terrorized his 28-year-old victim by impersonating her in various Internet chat
rooms and online bulletin boards, where he posted, along with her telephone
number and address, messages that she fantasized of being raped. On at least
six occasions, sometimes in the middle of the night, men knocked on the
woman’s door saying they wanted to rape her. The former security guard
pleaded guilty in April 1999.5
Similar problem arose in State of Tamil Nadu v Suhar Katti,6 where a family
friend who wanted to marry a widow, on her refusal, started posting online
messages in her name as if she is soliciting. These messages resulted in
annoying phone calls. On a police complaint made in February 2004,
the accused was traced, put to trial and was ultimately found guilty of
offences under sections 469, 509 of the Indian Penal Code and section 67 of
the IT Act.
27
Cyber Crimes and Torts Please answer the following Self Assessment Question.
In an interesting case, the managers and owners of six Internet sports betting
companies that operated offshore and allowed bettors in the United States to
gamble on football, basketball and other sports were charged with illegally
using the wires and telephone to transmit bets. The 14 individuals accused of
running the illegal betting operations were set up offshore in Caribbean or
Central American locations where sports betting is legal. Though the owners
contended that they are beyond the law because they are located in countries
where gambling is legal, the prosecution was of the view that so long as
money is wired or telephone calls are made from the United States, it doesn’t
28 matter where the company is set up.7
7.7.1 Indian Law Conventional Crimes
Through Computer
The Public Gambling Act, 1867 prohibits gambling. Section 3 of the Act
imposes a fine on the person opening a common gaming-house for others.
However, it is also worth noting that the Act presumes a physical place where
gambling will take place. The interpretation clause of the Act defined ‘common
gaming-house’ as any house, walled enclosure, room or place in which card,
dice, tables or other instruments of gaming are kept or used for the profit or
gain of the person owning, occupying, using or keeping such place.
The sale of illegal articles on the Internet is also one of those computer crimes
where the computer is merely a tool to commit the crime. The traditional
crime is already not permissible under various statutes. However, it is being
committed by using computer and through the Internet where one gets a better
and bigger market along with the benefit of anonymity.
7.9 SUMMARY
This unit discusses the crimes enumerated in the IPC which can be committed
with the aid of the Information Communication Technology (ICT) with more
ease and some times with more impunity.
Defamation law – aims at protecting the reputation of the injured person and
giving him the right to sue if his reputation is damaged. If a defamatory
statement is published on the website, it may have more quantitive and
qualitative impact as compared to the publication in a newspaper etc. for
instance e-mailing a defamatory statement to a large number of persons or
posting it on a discussion board or newsgroups of a profession e.g. lawyers
etc. may prove to be very injurious.
Pornography – means writings, pictures and films which are sexually exciting.
Pornographic material on the Internet can be accessed by any one any where
in the world in privacy and without feeling shame irrespective of whether the
law of such country permits it or not.
Gambling – online gambling websites can be operated from the country where
it is not illegal. In such types of virtual casinos, it is not necessary to be
present in the country from where the site is being operated. A person can be
engaged in gambling while sitting in his home even if it is illegal in his
country.
Online illegal sale of articles – such as drugs, arms, pirated copies of software’s
etc. Internet provides a bigger market and privacy to the seller. Through online
shopping, these goods can be sold even if their sale is prohibited by law.
30
Conventional Crimes
7.10 TERMINAL QUESTIONS Through Computer
a) Ease of communication
c) Anonymity: The cyber stalker can easily use an identity mask thereby
safeguarding his real identity.
Study the offences discussed in the unit and see how ICT has provided the
technology which can be used in the commission of these offences.
national/longterm/intgambling/stories/charged.htm.>.
Egmore on 05.11.2004.
32
Conventional Crimes
3. <http://www.usdoj.gov/criminal/cybercrime/cyberstalking.htm>. Through Computer
060210-03.html>.
7. <http://www.legalservicesindia.com/articles/defcy.htm>.
33
Cyber Crimes and Torts
UNIT 8 CRIMES AND TORTS
COMMITTED ON A COMPUTER
NETWORK AND RELATING TO
ELECTRONIC MAIL
Structure
8.1 Introductions
8.2 Objectives
8.3 Hacking/Unauthorized Access
8.3.1 Hacker Ethics
8.3.2 Indian Law
8.3.3 Cyber Crime Convention of the Council of Europe
8.4 Denial of Service
8.4.1 Distributed Denial of Service
8.4.2 Indian Law
8.4.3 Convention on Cyber Crime of the Council of Europe
8.5 Crimes Relating to Electronic Mail: E-mail Spamming/E-mail Bombing
8.5.1 Problem for ISPs
8.5.2 ‘False’ Spam Messages
8.5.3 Indian Law
8.5.4 Cyber Crime Convention of the Council of Europe
8.6 Crimes Relating to Electronic Mail: E-mail Spoofing
8.6.1 Indian Law
8.6.2 Cyber Crime Convention of the Council of Europe
8.7 Summary
8.8 Terminal Questions
8.9 Answers and Hints
8.10 References and Suggested Readings
8.1 INTRODUCTION
In the previous unit we have discussed that the information and communication
technology has added new dimentions to traditional crimes. Computer and
cyberspace has given rise to many of the wrongs which were hitherto unknown
to the mankind. These crimes are of very complicated nature and highly
sophisticated technology is applied in committing these crimes. This unit
discusses some of them. In this unit we shall also discuss how these offences
have been dealt with in the Indian law and Cyber Crime Convention of the
Council of Europe.
It is recomended that you should read chapter IX and XI of the IT Act, 2000
which defines these offences. Sub-section 3 of the Unit 3 of the Block 1 may
34 be referred to in this connection.
Crimes and Torts
8.2 OBJECTIVES Committed on a Computer
Network and Relating to
After studying this unit, you should be able to: Electronic Mail
• analyse the concept of hacking and what is Indian law on the issue?;
• discuss various forms of denyal of service and legal provisions dealing
with the issue; and
• discuss how the unsolicited e-mail spanning and e-spoofing has caused
problems to the user and service providers and is Indian law sufficient
to deal with this menace?
In March 2005, one Mr. Lyttle, who is known as one of the members of the
self-titled hacking group called ‘The Deceptive Duo’, pleaded guilty and
admitted that he unlawfully accessed computer systems of various American
federal agencies in April 2002, including the Department of Defense’s Defense
Logistic Information Service (DLIS), the Office of Health Affairs (OHA), and
NASA’s Ames Research Center (ARC). In particular, Mr. Lyttle admitted that
he gained unauthorized accessed to DLIS computers in Battle Creek, Michigan,
for the purpose of obtaining files that he later used to deface an OHA website
hosted on computers in San Antonio, Texas.1
The definition provided under the Indian law surpasses the generally accepted
meaning of hacking. Section 66(1) of the IT Act requires hacking to mean:
“(1) Whoever with the intent to cause or knowing that he is likely to cause
wrongful loss or damage to the public or any person destroys or deletes or
alters any information residing in a computer resource or diminishes its value
or utility or affects it injuriously by any means, commits hack.”
A plain reading makes it amply clear that the pre-requisite for ‘hacking’ is not
plain unauthorized access to a computer, whether intentional or not, but further
requires: (a) destruction or deletion or alteration of any information residing
in a computer resource; (b) such activity has lead to the diminishing of the
value or utility of the information or affects it injuriously by any means; and,
(c) such activity was done to cause or knowing that it is likely to cause
36
wrongful loss or damage to the public or any person. We will revert to further Crimes and Torts
Committed on a Computer
discussion on this a bit later in this unit. Network and Relating to
Electronic Mail
The Indian law provides for damages in case mere hacking or unauthorized
access into a computer system. A person might just gain access, without
authorization, into a computer system and do nothing else. The IT Act provides
for payment of compensation in case of such illegal intrusion. Section 43 (a)
provides that:
“If any person without permission of the owner or any other person who is in
charge of a computer, computer system or computer network, —
a) accesses or secures access to such computer, computer system or computer
network;
he shall be liable to pay damages by way of compensation not exceeding one
crore rupees to the person so affected.”
Thus, any access to a computer without the permission of the owner or any
other person who is in-charge would entail civil consequences. There is no
requirement of any actual damage, either data or information damage or
computer damage, for liability under section 43(a). Mere unauthorized access
is enough.
Hacking coupled with some other act would lead to criminal charges. If an act
done comes within the definition of hacking provided in Section 66(1)
reproduced above, it would be punishable in accordance with sub-section (2)
of Section 66:
A reading of sub-section (1) makes it clear that the emphasis for committing
‘hacking’ under the IT Act is on the effect i.e. on the information residing in
the computer and any subsequent wrongful loss due to access rather than mere
access to a computer itself. For instance, if somebody needs to steal credit
card numbers and passwords from a computer system, he has to necessarily
access the computer and then download the information. Such access might
be authorized or unauthorized. The emphasis of ‘hacking’, under Section 66,
is not on the nature of access but rather on the act done subsequent to such
access. Generally, ‘hacking’ concerns access to a computer. Further acts are
categorised under different cyber crimes. However, as we move ahead and
deal with different kinds of cyber crimes, it would be clear that most, if not
all, of the cyber crimes emanate from section 66(1). The Indian law, for the
purposes of cyber crimes, is almost condensed into section 66.
Special provisions have been framed under the IT Act for protection of
‘protected systems’. Section 70 deals with declaration of a system to be a
protected system, persons authorized to access such system and further provides
for punishment in case unauthorized access into protected system. It reads
thus:
37
Cyber Crimes and Torts “70. Protected system.
1) The appropriate Government may, by notification in the Official Gazette,
declare that any computer, computer system or computer network to be
a protected system.
2) The appropriate Government may, by order in writing, authorize the
persons who are authorized to access protected systems notified under
sub-section (1).
3) Any person who secures access or attempts to secure access to a protected
system in contravention of the provisions of this section shall be punished
with imprisonment of either description for a term which may extend to
ten years and shall also be liable to fine.”
The appropriate Government has been defined under clause (3) of sub-section
(1) of Section 2 as:
“appropriate Government” means as respects any matter,—
i) enumerated in List II of the Seventh Schedule to the Constitution;
ii) relating to any State law enacted under List III of the Seventh Schedule
to the Constitution, the State Government and in any other case, the
Central Government;
Instances of a ‘protected system’ could be computer systems belonging to the
defence, income tax department computer systems, atomic and nuclear energy
systems, computer systems of educational institutions of national importance
like the Super Computer Centre at the Indian Institute of Sciences, Bangalore.
It is noticeable that where the maximum punishment for hacking under section
66 is three years imprisonment, the same can go upto ten years in case of
access or attempt to access to a protected system under section 70.
Examples include:
• Attempts to ‘flood’ a network, thereby preventing legitimate network
traffic;
• Attempts to disrupt connections between two machines, thereby preventing
access to a service;
• Attempts to prevent a particular individual from accessing a service;
• Attempts to disrupt service to a specific system or person.
Denial-of-service attacks can essentially disable one’s computer or one’s
network. Depending on the nature of the enterprise, this can effectively disable
an organization. The term can be applied to any situation where an attacker
attempts to prevent the use or delivery of a valued resource to its intended
audience or customer. It can be implemented via multiple methods, physically
and digitally.
“If any person without permission of the owner or any other person who is in
charge of a computer, computer system or computer network, —
(b) denies or causes the denial of access to any person authorized to access
any computer, computer system or computer network by any means;
“Article 5 – System interference: Each Party shall adopt such legislative and
other measures as may be necessary to establish as criminal offences under its
domestic law, when committed intentionally, the serious hindering without
right of the functioning of a computer system by inputting, transmitting,
damaging, deleting, deteriorating, altering or suppressing computer data.”
The attacker interferes with the system while it, without right, transmits and/
or inputs data which seriously hinders the functioning of a computer system.
The Convention requires every member-country to make domestic laws which
establishes such acts as criminal offences.
Please answer the following Self Assessment Question.
In March 2006, one Clason from New Hampshire (USA) with two more
associates pleaded guilty of transmission of spam e-mails containing graphic
pornographic images. They conspired to engage in the business of sending
spam e-mails for their own personal gain. America Online, Inc. received more
than 600,000 complaints between Jan. 30, 2004 and June 9, 2004 from its
users regarding spam e-mails that had allegedly been sent by the defendants’
spamming operation. The e-mails sent by the accused advertised pornographic
Internet Web sites in order to earn commissions for directing Internet traffic
to these Web sites.4
Spam is an unsolicited message requiring one’s time and effort to get rid off.
A regular supply of such spam messages would naturally result in considerable
annoyance. It would also directly hamper the interest of the user in his electronic
mailbox where he does not expect any interference and encroachment. The
result, apart from loss of Internet working hours and thwarting one’s regular
e-mail stream, could be one of mental agony and distress.
details, credit card number and password to access online account, etc.
In Federal Trade Commission v. Brian D. Westby [2004 WL 1175047 (N.D.I11.),
Case No.03 C 2540, judgment on 4 Mar. 2004.] et al, the US District Court of
Illinois found the defendants guilty of spoofing and passed an order of injunction
restraining and enjoining them from the practice of spoofing in connection with
the advertising, promotion, offering or sale of goods in commerce. Since May
2002, the defendant has been engaged in the activity of sending unsolicited bulk
commercial emails with e-mail addresses of un-related third parties as the “reply-
to” or “from” address. As a result, third parties whose e-mail addresses or domain
names were spoofed suffered injury to their reputations by having themselves
wrongfully affiliated with the sending of bulk unsolicited e-mail.
8.7 SUMMARY
Computer and cyberspace has given rise to many of the wrongs which were
hitherto unknown to the mankind. These crimes are of very complicated nature
and highly sophisticated technology is applied in committing these crimes.
Indian IT Act has made adequate provisions for punishing these crimes. Some
of the examples of this crimes are –
Hacking/Unauthorized Access
• Hacker Ethics
• Indian Law
• Cyber Crime Convention
Denial of Service
• Distributed Denial of Service
• Crimes relating to Electronic Mail: E-mail Spamming/E-mail Bombing
• Problem for ISPs
• ‘False’ spam messages
• Indian Law
• Cyber Crime Convention
46
Crimes relating to Electronic Mail Crimes and Torts
Committed on a Computer
• E-mail Spoofing Network and Relating to
Electronic Mail
• Indian Law
• Cyber Crime Convention
2. <http://www.usdoj.gov/usao/can/press/html/2005_04_25_
heckenkamp.html>.
3. <http://www.usdoj.gov/usao/can/press/html/2005_12_28_
Clarkbotplea.htm>.
pr/2006/March/06_crm_123.html>.
48
UNIT 9 CRIMES RELATING TO DATA
ALTERATION/DESTRUCTION
Structure
9.1 Introduction
9.2 Objectives
9.3 Internet Fraud and Financial Crimes
9.3.1 Auction and Retail Schemes Online
9.3.2 Business Opportunity/Work-at-home Schemes Online
9.3.3 Identity Theft and Fraud
9.3.4 Credit Card Fraud
9.3.5 Online Investment Schemes
9.3.5.1 Issuance of False Stocks
9.3.5.2 Market Manipulation Schemes
9.3.5.3 Pyramid or Ponzi Schemes
9.3.6 Fraudulent Financial Solicitation
9.3.7 Phishing
9.3.7.1 Indian Law
9.3.8 Convention on Cyber Crime – Council of Europe
9.4 Virus, Worms, Trojan Horses and Logic Bombs
9.4.1 Virus & Worms
9.4.2 Trojan Horses
9.4.3 Logic Bombs
9.4.4 Back Door
9.4.5 Indian Law
9.4.6 Cyber Crime Convention of the Council of Europe
9.5 Theft of Internet Hours
9.5.1 Indian Law
9.6 Salami Attacks
9.6.1 Indian Law
9.7 Data Diddling
9.7.1 Indian Law
9.8 Steganography
9.9 Summary
9.10 Terminal Questions
9.11 Answers and Hints
9.12 References and Suggested Readings
9.1 INTRODUCTION
Like the previous unit, this unit also discusses the the crimes which are
committed on the cyberspace. These crimes are commonly called as the crimes
relating to the data alteration and destruction.
49
Cyber Crimes and Torts Crimes relating to data alteration and data destruction are increasing day-by-
day. As the use of computer and Internet is increasing, more and more people
are finding it benificial in their day-to-day life many of the transactions of
various types are being conducted on the Internet. This has provided opportunity
to unscruplous people who are indulging in all sorts of activities to defraud
and cheat innocent people using Internet.
This unit tries to discuss some of the comman types of such crimes on the
Internet and laws to prevent such crimes.
9.2 OBJECTIVES
After studying this unit, you should be able to:
• discuss what internet fraud is and what its various forms are;
• analyse and distinguish amongst the various types of viruses, worms,
trojan horses, and logic bombs etc and discuss how they are harmful to
the computer and computer-networks; and
• analyse other forms of Internet fraud such as theft of Internet hours,
salami attacks, data diddling, steganography etc.
Identity theft and identity fraud are terms used to refer to all types of crime
in which someone wrongfully obtains and uses another person’s personal data
in some way that involves fraud or deception, typically for economic gain.
Unlike one’s fingerprints, which are unique to oneself and cannot be given to
someone else for their use, one’s personal data like bank account number or
credit card number, telephone calling card number, and other valuable
identifying data can be used, if they fall into the wrong hands, to personally
profit at other’s expense.
On January 30, 2006, Gary S. Kraser pleaded guilty in the United States
District Court for the Southern District of Florida to online fraud in connection
with his fraudulent solicitation of charitable donations supposedly intended
for Hurricane Katrina relief. According to the indictment, the defendant falsely
claimed in conversations on the Internet, and ultimately via the website
www.AirKatrina.com, that he was piloting flights to Louisiana to provide
medical supplies to the areas affected by Hurricane Katrina and to evacuate
children and others in critical medical condition. He further claimed that he
had organized a group of Florida pilots to assist him in his supposed relief
efforts. In just two days, the defendant received almost $40,000 in donations
from 48 different victims from around the world.
9.3.7 Phishing
Phishing is the act of sending an e-mail to a user falsely claiming to be an
established legitimate enterprise in an attempt to scam the user into surrendering
private information that will be used for identity theft. The e-mail directs the
user to visit a Web site where they are asked to update personal information,
such as passwords and credit card, social security, and bank account numbers,
that the legitimate organization already has. The Web site, however, is bogus
and set up only to steal the user’s information.
52
The Delhi High Court in the case of NASSCOM v. Ajay Sood 3 elaborated Crimes Relating to Data
Alteration/Destruction
upon the concept of ‘phishing’. The defendants were operating a placement
agency involved in head-hunting and recruitment. In order to obtain personal
data, which they could use for purposes of head-hunting, the defendants
composed and sent e-mails to third parties in the name of NASSCOM. The
plaintiff had filed the suit inter alia praying for a decree of permanent injunction
restraining the defendants from circulating fraudulent e-mails purportedly
originating from the plaintiff. The court declared ‘phishing’ on the Internet to
be a form of Internet fraud and hence, an illegal act. The court stated, by way
of an example, that typical phishing scams involve persons who pretend to
represent online banks and siphon cash from e-banking accounts after conning
consumers into handing over confidential banking details. This case had a
unique bend since it was filed not by the one who was cheated but by the
organization, who was being wrongly represented that is NASSCOM. In this
regard, the court was of the view that even though there is no specific legislation
in India to penalize phishing, it is illegal being “a misrepresentation made in
the course of trade leading to confusion as to the source and origin of the e-
mail causing immense harm not only to the consumer but even the person
whose name, identity or password is misused”. The court held the act of
phishing as passing off and tarnishing the plaintiff’s image, thereby bringing
it within the realm of trademark law.
The IT Act deals with the crimes relating to Internet fraud and online investment
fraud in sections 43(d), 65 and 66.
“43. If any person without permission of the owner or any other person who
is in charge of a computer, computer system or computer network, —
One Smith was involved in unleashing the “Melissa” computer virus in 1999,
causing millions of dollars in damage and infecting untold numbers of
computers and computer networks. He posted an infected document on the
Internet newsgroup “Alt.Sex”. The posting contained a message enticing readers
to download and open the document with the hope of finding passcodes to
adult-content websites. Opening and downloading the message caused the
Melissa virus to infect victim computers. The virus altered Microsoft word
processing programs such that any document created using the programs would
then be infected with the Melissa virus. The virus also lowered macro security
settings in the word processing programs. The virus then proliferated via the
Microsoft Outlook program, causing computers to send electronic e-mail to
the first 50 addresses in the computer user’s address book. Because each
infected computer could infect 50 additional computers, which in turn could
infect another 50 computers, the virus proliferated rapidly and exponentially,
resulting in substantial interruption or impairment of public communications
or services. According to reports from business and government following the
spread of the virus, its rapid distribution disrupted computer networks by
overloading e-mail servers, resulting in the shutdown of networks and significant
costs to repair or cleanse computer systems. Smith was eventually sentenced
to prison after pleading guilty.5
“43. If any person without permission of the owner or any other person who
is in charge of a computer, computer system or computer network, —
57
Cyber Crimes and Torts The law pertaining to viruses, worms, Trojan horses and logic bombs have all
been culminated into the above provision. The explanations to the words
‘computer contaminant’ and ‘computer virus’ are wide enough to cover all the
above.
“43. If any person without permission of the owner or any other person who
is in charge of a computer, computer system or computer network, —
Section 477A of the IPC makes it an offence for any clerk, officer or servant
to wilfully and with an intend to defraud, to destroy, alter, mutilate or falsify
any electronic record or making or abetting the making of any false entry in
any such electronic record. Therefore, making alterations in and additions of
any electronic entry in the bank’s computers would bring the offender within
the ambit of section 477A of the IPC.
59
Cyber Crimes and Torts This is also covered by section 66 of the IT Act whereunder any destruction
or deletion or alteration of any information residing in computer resource or
diminishing its value or utility or affecting it injuriously so as to cause wrongful
loss or damage to the public or any person would be an offence.
9.8 STEGANOGRAPHY
Steganography is the process of hiding one message or file inside another
message or file. According to Dictionary.com, steganography (also known as
‘steg’ or ‘stego’) is “the art of writing in cipher, or in characters, which are
not intelligible except to persons who have the key”. It has been used in
ancient times as well.8 In computer terms, steganography has evolved into the
practice of hiding a message within a larger one in such a way that others
cannot discern the presence or contents of the hidden message. In contemporary
terms, steganography has evolved into a digital strategy of hiding a file.9 For
instance, steganographers can hide an image inside another image, an audio
file, or a video file, or they can hide an audio or video file inside another
media file or even inside a large graphic file. Steganography differs from
cryptography in that while cryptography works to mask the content of a message,
steganography works to mask the very existence of the message.10
Though steganography can be used for quite a many legitimate purposes like
watermarking images for copyright protection or secure confidentiality of
information, it is used equally or rather more for illegitimate goals. It requires
mention that mere use of steganography is not illegal in itself. It is a
misconception that steganography is a computer crime. At the most, it can be
a tool for committing another crime but cannot be a crime in itself. For
example, one might send a military secret message hidden in a picture file,
and then such act would be an offence under the Official Secrets Act. However,
it is to be noted that it was not the use of steganography but rather sending
of the military secret that is punishable. Likewise, if one is distributing
pornographic pictures by hiding it in another picture with the help of
steganography, such distribution would be punishable under section 67 of the
IT Act. Therefore, mere use of steganography is not an offence. It merely
assists a person in commission of some other offence.
Please answer the following Self Assessment Question.
9.9 SUMMARY
With the increase in the use of computers and Internet, the crimes relating to
data alteration and destruction are increasing. These crimes have manifested
61
Cyber Crimes and Torts in various forms in which either a person has to loose money etc or data stored
on the computer is damaged or destroyed. Law has tried to keep pace with it
and has made many of such acts punishable.
1. <http://security.iia.net.au/downloads/doznalrt-ftc.pdf>.
2. <http://www.corp.ca.gov/pressrel/nr0011.htm>.
the Income Tax Act, 1961 are, to some extent, exempted from income
tax.
7. < http://www.usdoj.gov/criminal/cybercrime/duronioIndict.htm>.
www.rcmp.ca/scams/ccprev_e.htm>.
9. For example, in ancient Rome and Greece, text was traditionally written
on wax that was poured on top of stone tablets. If the sender of the
information wanted to obscure the message – for purposes of military
intelligence, for instance – they would use steganography: the wax would
be scraped off and the message would be inscribed or written directly on
the tablet, wax would then be poured on top of the message, thereby
obscuring not just its meaning but its very existence. See, Kristy Westphal,
“Stenography Revealed”, Computer Crime Research Center <http://
www.crime-research.org/eng/library/Steganography.html>.
10. Ibid.
Center <http://www.crime-research.org/eng/library/Jack2.htm>.
63
UNIT 10 ISSUES OF JURISDICTION AND
APPLICABLE LAW IN
CYBERSPACE
Structure
10.1 Introduction
10.2 Objectives
10.3 Jurisdiction in Cyberspace
10.3.1 Theories of Jurisdiction in Criminal Cases
10.3.2 General Jurisdiction in Computer Crimes
10.3.3 Application of ‘Effects’ Doctrine in Computer Crimes
10.3.4 Convention on Cyber Crime – Council of Europe
10.4 Applicable Law in Computer Crimes
10.5 Summary
10.6 Terminal Questions
10.7 Answers and Hints
10.8 References and Suggested Readings
10.1 INTRODUCTION
In the previous block we have discussed the various types of cyber wrongs. In
the first unit of this block we shall discuss the jurisdictional issues involved in
adjudging these wrongs i.e. which court or courts can take cognizance of these
offences.
This unit deals with jurisdiction and applicable law with respect to computer
crimes and offenders. The issue of jurisdiction of courts in crimes is perplexing
in the cyberspace world and computer crimes era. It is easier to sit in New Zealand
and hack a computer in Chandigarh and steal digital information than it would
be for a thief to physically steal something from the neighbourhood. The digital
world makes national and international borders a relic. Courts exercising
jurisdiction on the basis of such national and international borders are left aghast
by the speed and ease with which a cyber-criminal moves from one jurisdiction
to another with the use of a mouse. The issue arising out of such activities, at the
foremost, contains that of the jurisdiction of a court. Which court shall have the
jurisdiction to entertain the matter? And then, which law shall be applicable in
such cases?
In an online environment, the offender and the victim might reside in different
geographical locations governed by different procedural and substantive laws –
probably, in different countries. For instance, a person might open an online
gambling website while in Las Vegas. The website is open for all to see and use.
It might be legal in Las Vegas. But, when people access and make use of this
website in, say, Qatar, Australia and Indonesia, the question as to permissibility
of offering to gamble might crop up.
5
Dispute Resolutions in
Cyberspace 10.2 OBJECTIVES
After studying this unit you should be able to:
• explain the term jurisdiction and discuss the importance of it in cyberspace;
• discuss various theories relating the criminal jurisdiction quoting relevant
provisions of Indian laws and court decisions; and
• analyse the importance of the effect doctrine in the light of the extra territorial
nature of the cyber crimes; and
• examine the issue of applicable law with special reference to India by citing
relevant sections of the IT Act 2000.
To fully appreciate and comprehend this issue, we first need to understand the
jurisdiction issues arising in an offline environment in India in criminal cases
and the body of law applicable to ascertain jurisdiction. Then we proceed to
apply the same rules in a cyberspace environment and assess the difficulties.
There are six generally accepted bases of jurisdiction or theories under which a
state may claim to have jurisdiction to prescribe a rule of law over an activity.1
Subjective territoriality is by far the most important of the six. The substantial
part of criminal legislation across the globe is based on the theory that if an
activity takes place within the territory of the particular country, then the said
country has the jurisdiction to regulate and punish for such activity. For instance,
section 2 of the Indian Penal Code provides for punishment of offences committed
within India.
6
Objective territoriality is invoked where the action takes place outside the Issues of Jurisdiction and
Applicable Law in
territory of the forum state, but the primary effect of that activity is within the Cyberspace
forum state. Commonly known as the ‘effects’ doctrine is the situation , where
the action takes place outside the territory of a country, but the primary effect of
that activity is within the said country, it assumed jurisdiction. For instance, a
person from Pakistan shoots across the border and an Indian is injured in the
process. Though the action was initiated in Pakistan, the effect was in India.
Section 179 of the Code of Criminal Procedure endorses the effects doctrine.
Nationality is the basis for jurisdiction where the forum state asserts the right to
prescribe a law for an action based on the nationality of the actor. For instance,
section 4 of the Indian Penal Code stipulates that the provisions of the Code
would also apply to any offence committed by any citizen of India in any place
without and beyond India.
With the advent of Internet and increase in cyber crime, especially, cross-border
illegal activities, it is a matter of much concern to the courts whether they have
the jurisdiction to put the offenders under trial and if found guilty, eventually
punish them.
Thus, any computer crime committed, say, in Indore, would be tried by the
criminal courts in Indore itself. However, computer crime, by its very nature, is
capable of being committed at more than one place at the same time. For instance,
a person sitting in Mumbai can hack into a computer at the IISc at Bangalore
through a proxy server located at Kanpur. In such situations, the offence can be
inquired into and tried by a court having jurisdiction over any of such areas
where the crime has been committed. Section 178 of the Code provides for this
kind of a situation:
Under the Indian criminal law, section 179 of the Code of Criminal Procedure,
1973 embodies the effects doctrine, which reads as under:
“179. Offence triable, where act is done or consequence ensues: When an act is
an offence by reason of anything which has been done and of a consequence
which has ensued, the offence may be inquired into or tried by a court within
whose local jurisdiction such thing has been done or such consequence has
ensued.”
“The above section contemplates two Courts having jurisdiction and the trial is
permitted to take place in any one of those two Courts. One is the Court within
whose local jurisdiction the act has been done and the other is the Court within
whose local jurisdiction the consequence has ensued.”
For instance, it is well settled that where a sub-standard article is sold and an
offence is committed, the place where the same is marketed will equally have
jurisdiction to try an offence against the manufacturers as well as the distributors
[State of Punjab v Nohar Chand, (1984) 3 SCC 512; State of Rajasthan v Rajesh
Medical Agencies. 1987 SCC Supp 242].
Section 179 contemplates cases where the act done and its consequence happen
to be in two different jurisdictions and provides that in such cases, the offence
constituted by the act and the consequence may be inquired into or tried in either
of the two jurisdictions. In an Indian case of this nature, ‘A’ at Karachi was
making representations to the complainant at Bombay, through letters, telegrams
and telephone talks, sometimes directly to ‘B’ and sometimes through a
commission agent. ‘B’ parted with money in good faith of these representations,
which were false. The Supreme Court held that the representations were made
to ‘B’ at Bombay notwithstanding that ‘A’ was making the representations from
Karachi. Hence the entire offence took place at Bombay and not merely one
ingredient of it, (which was consequence of the false representations), namely,
the parting with the money by ‘B’. The Apex Court held that the offence would
be triable both at the place from where the false representations were made as
well as where the parting of property took place [Mobarak Ali Ahmed v State of
Bombay. AIR 1957 SC 857].
In India, the Information Technology Act delves deep into the issue of applicable
law in computer crimes. It clarifies that any act which is committed either within
or without India would be illegal if it is an offence under the Act.
10
To begin with, sub-section (2) of Section 1 of the Act states that: Issues of Jurisdiction and
Applicable Law in
Cyberspace
It shall extend to the whole of India and, save as otherwise provided in this Act,
it applies also to any offence or contravention thereunder committed outside
India by any person.
2) For the purposes of sub-section (1), this Act shall apply to an offence or
contravention committed outside India by any person if the act or conduct
constituting the offence or contravention involved a computer 4 , computer
system5 or computer network6 located in India.
The above two provisions make it clear that the offence, though committed outside
India, is punishable in India. Thus, a Nepalese, sitting in Canada initiates a
Distributed Denial of Service involving computer networks in India to obstruct
Yahoo e-mail services, such a person, if put to trial in India, can be found
punishable under the IT Act. The above provisions have been drafted in broad
terms.
Section 2 of the Indian Penal Code deals with punishment of offence committed
within India. This poses no problem. If an illegal act concerning computers is
committed within India, it is the provisions of the Code which would apply to
such acts.
Section 4 of the Indian Penal Code, on the other hand, applies the Nationality
doctrine. It deals with acts and omissions of Indian citizens abroad. It further
regulates the action of any person irrespective of his/her nationality, if such
person happens to be on a ship or aircraft registered in India. The section reads
as under:
11
Dispute Resolutions in Extension of Code to extra-territorial offences.- The provisions of this Code
Cyberspace
apply also to any offence committed by – (1) any citizen of India in any place
without and beyond India; (2) any person on any ship or aircraft registered in
India wherever it may be.
Explanation – In this section the word “offence” includes every act committed
outside India, which if committed in India would be punishable under this
Code.
Thus, the provisions of the Code would apply if an Indian citizen anywhere
outside India commits any computer crime punishable under the Indian Penal
Code, like digital forgery or cyberstalking.
So far as computer crimes are concerned, the Indian law seems to be in shape.
However, issues like extradition of computer criminals and international co-
operation also need to be addressed with equal vigour for quicker booking of the
guilty.
You may now like to attempt a Self Assessment Question.
3) Examine the issue of applicable law in cyber crime. How is the issue dealt
with by the Indian IT Act?
“The above section contemplates two Courts having jurisdiction and the
trial is permitted to take place in any one of those two Courts. One is the
Court within whose local jurisdiction the act has been done and the other is
the Court within whose local jurisdiction the consequence has ensued.”
13
Dispute Resolutions in Once a court has assumed jurisdiction, the next question is: what body of
Cyberspace
substantive law should be used to resolve the problem? It is the substantive
criminal law of a country which declares whether a particular activity is a crime
or not. Every country has its own set of criminal laws. What is a crime in one
country might be an innocent act in another. Online activities create a vast scope
for confusion. It might even act as a haven. An offender can skillfully carve out
a niche for himself in the cyber world where he is not answerable for his criminal
activities because of his physical presence in a country whose cyber criminal
laws are not matured enough to pin him down.
In India, the Information Technology Act delves deep into the issue of applicable
law in computer crimes. It clarifies that any act which is committed either within
or without India would be illegal if it is an offence under the Act.
In India, the Information Technology Act delves deep into the issue of applicable
law in computer crimes. It clarifies that any act which is committed either within
or without India would be illegal if it is an offence under the Act.
It shall extend to the whole of India and, save as otherwise provided in this Act,
it applies also to any offence or contravention thereunder committed outside
India by any person.
75. Act to apply for offence or contravention committed outside India.- (1)
Subject to the provisions of sub-section (2), the provisions of this Act shall apply
also to any offence or contravention committed outside India by any person
irrespective of his nationality.
(2) For the purposes of sub-section (1), this Act shall apply to an offence or
contravention committed outside India by any person if the act or conduct
constituting the offence or contravention involved a computer , computer system
or computer network located in India.
Section 2 of the Indian Penal Code deals with punishment of offence committed
within India. This poses no problem. If an illegal act concerning computers is
committed within India, it is the provisions of the Code which would apply to
such acts.
This section will apply in a situation where the accused, at the time of committing
the offence that he/she is charged with, is amenable to Indian courts. Section 3
of the IPC has a broad ambit and it extends to any person not necessarily a
14 citizen of India but governed by Indian law for acts committed beyond India.
Section 4 of the Indian Penal Code, on the other hand, applies the Nationality Issues of Jurisdiction and
Applicable Law in
doctrine. It deals with acts and omissions of Indian citizens abroad. It Cyberspace
further regulates the action of any person irrespective of his/her nationality, if
such person happens to be on a ship or aircraft registered in India. The section
reads as under:
Spaces 4”
menthe.html>.
2. For example, a wounding inflicted in Scotland is triable in England if a
person standing on the Scottish Bank of the Tweed fires at and wounds a
person in England. This is the ‘terminatory theory’ of the criminal act; the
elements of the rime being spilt between two countries, it is regarded as
being committed where the proscribed result takes place. Even if the
attacker misses, he can be tried in England for the attempt.
3. For instance, Section 4 of the Swedish Penal Code states that a crime is
deemed to have been committed where the criminal act was perpetrated
and also where the crime was completed or, in the case of an attempt,
where the intended crime would have been completed.
4. S.2(i) – ‘computer’ means any electronic, magnetic, optical or other high-
speed data processing device or system which performs logical, arithmetic
and memory functions by manipulations of electronic, magnetic or optical
impulses, and includes all input, output, processing, storage, computer
software or communication facilities which are connected or related to the
computer in a computer system or computer network.
5. S.2(j) – ‘computer network’ means the interconnection of one or more
computers through – (i) the use of satellite, microwave, terrestrial line or
other communication media; and (ii) terminals or a complex consisting of
two or more interconnected computers whether or not the interconnection
is continuously maintained.
6. S.2(l) – ‘computer system’ means a device or collection of devices, including
input or output support devices and excluding calculators which are not
programmable and capable of being used in conjunction with external files
which contain computer programs, electronic instructions, input data and
output data that performs logic, arithmetic, data storage and retrieval,
communication control and other functions.
15
Dispute Resolutions in
Cyberspace UNIT 11 ENFORCEMENT ISSUES IN
CYBERSPACE
Structure
11.1 Introduction
11.2 Objectives
11.3 Prevention
11.3.1 Deterrence as a Means of Prevention
11.3.2 Technology as Aid to Prevention
11.3.3 User Awareness
11.3.4 The IT Act and Prevention of Offences
11.4 Detection of Crime
11.5 Use of Cyber Forensics
11.6 On-going Efforts in India
11.7 Summary
11.8 Terminal Questions
11.9 Answers and Hints
11.10 References and Suggested Readings
11.1 INTRODUCTION
In the previous unit we have discussed the jurisdictional issues involved in
computer wrongs. The next step in logical order is to discuss the issue of
enforcement i.e. how the law should be applied. This area includes various matters
such as prevention, investigation, computer forensics etc. This unit discusses
some of these issues.
There is significant difference between crime on the Internet and a crime with
another modern technology like the telephone. While crimes are rarely directed
against a telephone as an instrument, computers often become the victims of
attack.1 Nature of crime on the computer is challenging and requires new
definitions and understanding and a restatement of accepted norms of criminal
conduct and punishment because of several reasons. Computers, apart from being
costly equipment are also the repository of immense amount of data. This data
can sometimes contain valuable scientific inputs, purely personal matter, study
16
works, e-mails, and official work. Tampering with this data or stealing it is much Enforcement Issues in
Cyberspace
more harmful than stealing the computer. This requires the recognition of data
as a special form of property and data as a privacy right.
Clearly, with the development of new technology, and with the realisation that
such technology affects human life and relations and the peace and order and
proprietary rights in society, laws must be framed to regulate conduct accordingly.
Let’s take for instance theft of passwords. Passwords are central to the operation
of computers. These are nothing but keys to gain entry into computer systems
and nothing but a combination of alphabets and numbers. Stealing a password
or unauthorized access using someone else’s password must be recognised as
the beginning of crime. Similarly, networks need to be recognised as highways
for movement of information and communication and not the sites for cranks to
dig holes or put up impediments. Networks, as private roads, can be entered into
only by authorization. Web pages, as private property akin to display in shops,
can be browsed, but not tampered with or destroyed. Law enforcement can be
divided into two parts: (a) prevention and (b) detection.
11.2 OBJECTIVES
After studying this unit you should be able to:
• analyse the sophisticated nature of the computer related crimes;
• discuss how the prevention techniques in computer related crimes are
different from that of traditional crimes;
• examine to the extent to which technology can be helpful in prevention of
such crimes and the role that the public awareness about such crimes can
play in this direction; and
• analyse the concept of computer forensics i.e. have an idea as to how the
detection of cyber crimes involves different kind of technique.
11.3 PREVENTION
As far as the law enforcement agencies are concerned, prevention of crime is
more important and one of priority than the detection of one after it has occurred. 17
Dispute Resolutions in In the physical world, the police prevents crime through techniques like patrolling,
Cyberspace
rushing on emergency calls, presence at important functions, fairs, festivals,
rallies, guarding of vital installations and providing security to VIP’s. Collections
of intelligence on suspects, surveillance, warning minor offenders are also
important aspects of crime prevention. The question is, are these techniques
used by police in the real world for the prevention of crime desirable or practical
in the wired world. Are they sufficient or should new and innovative methods of
prevention be used? Another concern facing us is that, many of the social norms
and ethics, which act as a deterrent to the commission of crime in the real world,
are either non-existent or undeveloped for conduct over the Net.
Some of the ways in which security can be protected are – access control through
use of secure passwords, cryptographic tools making communications secure,
shielding of emissions, firewall technology to screen traffic.6 Organizations stand
to gain a lot by training their employees in safe practices and threats to security.
Explanation to the section says that for the purposes of this sub-section, the
expression “public place” includes any public conveyance, any hotel, any shop
or any other place intended for use by, or accessible to the public”. Therefore, a
police officer can enter a cyber café on his/her regular rounds just to check if
19
Dispute Resolutions in offences under the Act are being committed. Apart from this some state
Cyberspace
governments7 have also initiated moves to regulate the operation of cyber cafés
including their registration and maintenance of records regarding accessing of
computers at such places.
Sub-section (1) of section 80 provides that any police officer, not below the rank
of a Deputy Superintendent of Police, or any other officer of the Central
Government or a state government authorized by the Central Government in
this behalf may enter any public place and arrest without warrant any person
found therein who is reasonably suspected of having committed or of committing
or of being about to commit any offence under the Act. For the purposes of sub-
section (1), the expression ‘public place’ has been explained to include any
conveyance, any hotel, any shop or any other place intended for use by, or
accessible by the public.
Powers under sub-section (1) of section 80 have been considered as very wide
powers. However, the reason for giving such wide powers might have been the
concern over the convenience with which one can commit acts from a public
place amounting to an offence under the Act and escape at the minimum possible
time as also the possibility of wiping away of evidence. In this process, what has
been overlooked is the fact of undue harassment of the owners of such places
like cyber cafés and also possible misuse of such powers. The provisions of the
Code of Criminal Procedure are to apply in relation to any entry, search or arrest
made under section 80, subject of course to the provisions of the section itself.
Please answer the following Self Assessment Question.
Investigation, for the purposes of the Code of Criminal Procedure, 1973, has
been held by the Supreme Court [State of Maharashtra v. Rajendra, (1997) 3
Crimes 285] to consist generally of the following steps:
1) proceeding to the spot
2) ascertaining all the facts and circumstances of the case
3) discovery and arrest of the suspected offender
4) collection of evidence relating to the commission of the offence which
may consist of,
a) the examination of various persons (including, the accused) and the
reduction of their statement into writing, if the officer thinks fit,
b) the search of places and seizure of things considered necessary for the
investigation and to be produced at the trial, and
5) formation of the opinion as to whether on the materials collected, there is a
case to place the accused before a magistrate for trial and if so, taking the
necessary steps for the same by filing a charge-sheet under section 173.
Investigation of crimes on the Internet is still in its infancy. Investigators are
literally writing the book on investigative techniques with each new case.8
Detection of crime on the Net can be only as good as the investigators. The
specialised nature of computer crime requires a specialised response. It requires
cops especially suited and trained to deal with it.9 Often detection of cyber
crime is a team effort by police along with technical assistance.
Since computers which are the subjects of crime are in the possession of victims,
making them aware of security measures is one of the best means of preventing
crime on the Internet. The greatest security threat to computer systems is from
insiders. Studies reveal that over 70% of all computer theft is committed from
within organizations. Keeping a check on one’s own employees is a means to
prevent such offences. But the problem here is that some of the means of
monitoring like keystroke monitoring checking logs of usage, etc. may be in
conflict with privacy rights.
b) The IT Act and Prevention of offences
The IT Act has conferred power on the police to prevent the commission of
offences under the Act. Section 80 (1) states, “Notwithstanding anything
contained in the Code of Criminal Procedure, 1973, any police officer, not
below the rank of a Deputy Superintendent of Police, or any other officer
of the Central Government or a State Government authorized by the Central
Government in this behalf may enter any public place and search and arrest
without warrant any person found therein who is reasonably suspected or
having committed or of committing or of being about to commit any offence
under this Act. “Explanation to the section says that for the purposes of
this sub-section, the expression “public place” includes any public
conveyance, any hotel, any shop or any other place intended for use by, or
accessible to the public”. Therefore, a police officer can enter a cyber café
on his/her regular rounds just to check if offences under the Act are being
committed. Apart from this some state governments have also initiated
moves to regulate the operation of cyber cafés including their registration
and maintenance of records regarding accessing of computers at such places.
Sub-section (1) of section 80 provides that any police officer, not below
the rank of a Deputy Superintendent of Police, or any other officer of the
Central Government or a state government authorized by the Central
Government in this behalf may enter any public place and arrest without
warrant any person found therein who is reasonably suspected of having
committed or of committing or of being about to commit any offence under
the Act. For the purposes of sub-section (1), the expression ‘public place’
has been explained to include any conveyance, any hotel, any shop or any
other place intended for use by, or accessible by the public.
2) Problem in detection of computer crimes arises mostly because of
availability of various crime-concealment techniques in cyberspace:
passwords, digital compression, steganography, remote storage (at remote
ISP hosts), audit disabling (disabling log of activities), etc. Concealing
crimes through anonymity using anonymous re-mailer service, sending
anonymous e-mails or anonymous digital cash helps in money laundering,
computer penetrating and lopping (breaking into another computer and
using that as a launching pad to cover tracks). Detection of computer crimes
requires Internet research skills, necessary court orders including search
warrants of premises and electronic surveillance. Use of Cyber Forensics
is a very important ingredient in the investigation of cyber crimes. Cyber
26
forensics is the discovery, analysis, and reconstruction of evidence extracted Enforcement Issues in
Cyberspace
from any element of computer systems, computer networks, computer
media, and computer peripherals that allow investigators to solve the crime.
3) Use of Cyber Forensics is a very important ingredient in the investigation
of cyber crimes. Cyber forensics is the discovery, analysis, and
reconstruction of evidence extracted from any element of computer systems,
computer networks, computer media, and computer peripherals that allow
investigators to solve a crime. Two distinct components exist in the emerging
field of cyber forensics. The first, computer forensics, deals with gathering
evidence from computer media seized at the crime scene. Principal concerns
with computer forensics involve imaging storage media, recovering deleted
files, searching slack and free space, and preserving the collected
information for litigation purposes. For this purpose several computer
forensic tools are available to investigators. The second component, network
forensics, is a more technically challenging aspect of cyber forensics. It
gathers digital evidence that is distributed across large-scale, complex
networks. Often this evidence is transient in nature and is not preserved
within permanent storage media. Network forensics deals primarily with
in-depth analysis of computer network intrusion evidence, while current
commercial intrusion analysis tools are inadequate to deal with today’s
networked, distributed environments.
2. <http://en.wikipedia.org/wiki/Cyber-terrorism>.
April. 2001:1003-1009.
quoted in ibid.
network from the outside world or protects one part of the network from
another.
7. See for instance the Karnataka Act dealing with the registration of cyber
cafés.
11. National Crime Record Bureau. “Crime in India 2004”. Ministry of Home
IF0016.html>.
28
UNIT 12 ONLINE DISPUTE RESOLUTION
Structure
12.1 Introduction
12.2 Objectives
12.3 Alternative Dispute Resolution
12.4 Information Technology
12.5 Online Dispute Resolution
12.6 Functioning of the Online Dispute Resolution (ODR) System
12.7 Kinds of Disputes Handled in an ODR Environment
12.8 Communication Modes in ODR
12.8.1 E-mail
12.8.2 Discussion Boards
12.8.3 Instant Messaging
12.8.4 Audio Conferencing
12.8.5 Video Conferencing
12.9 Kinds of ODR
12.9.1 Blind Bidding or Blind Negotiation
12.9.2 Online Negotiation
12.9.3 Online Negotiation-cum-Mediation
12.9.4 Document/E-mail Arbitration for Disputes Arising from E-commerce
Transactions
12.9.5 Online Arbitration Through Video-conferencing.
12.9.6 Peer Jury and Panel Jury
12.10 Generating E-confidence – Disclosure-based Approach
12.11 Legal Concerns
12.12 Summary
12.13 Terminal Questions
12.14 Answers and Hints
12.15 References and Suggested Readings
12.1 INTRODUCTION
Due to various reasons such as huge backlog, paucity of courts, highly technical
nature of the procedures of courts etc. the need for an alternative dispute resolution
mechanism is felt by society. The new concept of online dispute resolution [ODR]
is gaining ground. This unit attempts to give some idea about these new methods
of alternative dispute resolution [ADR].
12.2 OBJECTIVES
After studying this unit you should be able to:
• analyse the concept of alternative dispute resolution and its advantages;
• discuss the concept of online dispute resolution including its various
connotations, how it works and what types of disputes are commonly settled
by this system.
There are two important changes which result from the above change of medium.
Firstly, there has been a universal acceptance of the use of computers and Internet.
Increasingly, people are getting ‘online’ and more numbers are making use of
information technology in a variety of arenas including research, fun,
entertainment, communication, trade and commerce. Secondly and more
importantly, the commercial world has accepted computer technology not only
for the purpose of collection, assimilation and processing of data and information
30
(which initially was the idea to control the Industrial Revolution) but rather for Online Dispute Resolution
making as a tool for furthering their own business interests.
These changes also signify the possibility of rise in clash of interests of the
parties that is rise in disputes. As more and more people tend to get online, and
the commercial world increasingly begins to prefer internet. As its medium reach
to the consumers and sell its products and more consumers became willing to
purchase goods and services on the net, there is a likelihood of certain disputes
which inevitably arise in such commercial transactions from time to time.
Therefore, with the coming and use of information technology, another area of
dispute has sprung up which needs to be looked into and tackled. These kinds of
disputes have their own variety of legal hurdles like the issue of jurisdiction or
the question of the law applicable to the dispute due to the cross-border nature
of the Internet.
It would include the solving of (by any means, either online mechanism or offline
method including court adjudication) disputes which essentially arise from an
online transaction, for example, defect in a computer software purchased and
downloaded online. Secondly, ODR can be looked into from the perspective of
method of solving of a dispute (be the dispute offline or online). This means that
newer ways of solving a dispute are being developed by making use of the online
environment which can be applied to solve any kind of disputes. ODR in this
context would include online negotiation, online mediation, online arbitration,
online neutral evaluation, online peer jury, etc. We are concerned with the method-
based approach.
32
Please answer the following Self Assessment Question. Enforcement Issues in
Cyberspace
Self Assessment Question 2 Spend 3 Min.
Discuss how the online dispute resolution system works.
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
For example, if there arises a contractual dispute between two businessmen and
they agree to have an online mediation, they can approach an ODR institution,
submit their dispute, have an online mediator appointed, and proceed with the
mediation process online. In case a settlement is reached at, it can be reduced to
writing, signed and ultimately, can be enforced as a decree of court under the
provisions of the Indian Arbitration and Conciliation Act, 1996.
Similarly, if a company offers ODR services for its products, a consumer can
very well lodge a complaint on the company’s website and the dispute resolution
process can be initiated. For example, a classic case of solving complaints is the
online services of Supreme Court Cases2 (SCC). In case any subscriber fails to
receive a particular volume/part/issue of SCC, he can go to the website of SCC
and fill up the complaint form. SCC, after checking its records and verification,
gets back to the subscriber through e-mail with any further clarification it requires
on the matter and suggesting solutions like sending another copy of the missing
volume/part/issue and hence, solving the problem. This is a small yet feasible
and working model of ODR where a subscriber instead of approaching the
company through letters or personally can immediately log on to the website of
33
Dispute Resolutions in the company, lodges its complaint through a standard online complaint form
Cyberspace
and through mutual negotiations, the problem is solved.
Another side of the coin is solving of online disputes online. Many a time, in
case of a dispute which has arisen due to online transactions, consumers prefer
that the dispute is solved there and then through online services instead of
approaching the company through the process of writing letters, phone, etc. Any
reliable ODR institution would be great assistance to solve such online disputes.
In such a situation, ODR is helpful especially if the company has its own in-
house ODR service for online transactions to enable the customer to quickly
have an online talk with the company representative and amicably resolve the
dispute. In case of any differences, the company gives the customer an option to
approach an independent and impartial ODR institution through which the
problem can be solved.
Please answer the following Self Assessment Question.
35
Dispute Resolutions in
Cyberspace Self Assessment Question 4 Spend 3 Min.
Discuss various modes of communication in ODR system.
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
For example, SquareTrade.com provides individual and B2B buyers and sellers
an online negotiation-cum-mediation environment. The complainant files a case
with SquareTrade by completing an online form that helps identify the situation
and possible resolutions. The other party is notified by e-mail and responds to
the case. Communication from both parties is posted on a private Case Page.
Then Direct Negotiation begins. During Direct Negotiation, the parties
communicate with each other in a confidential, impartial forum. If the case is
not resolved, SquareTrade assigns a mediator from the SquareTrade Network
who helps the parties reach a mutually acceptable settlement.3
12.12 SUMMARY
Lately, there has been an increased awareness of protecting the Interest rather
than emphasizing the legal right. The use of ADR found favour in furtherance of
business interests rather than enforcing legal rights stricto sensu. ODR includes
online negotiation, online mediation, online arbitration, online neutral evaluation,
online peer jury, etc. In the context of ODR, the ‘online environment’ has a wide
connotation in terms of ‘a setup making use of technology and communication
facilities’. An Online ADR service center functions somewhat like an offline
arbitral institution. Making use of online arbitration services ad hoc is the same
as approaching an arbitral institution after the dispute arises or inserting an
arbitration clause of a specific online arbitration institution in the contract. One
of the advantages of online environment over F2F environment is the availability
of various communication modes to a user. Communication modes in ODR
include e-mail, discussion boards, instant messaging, audio conferencing and
video conferencing. The different kinds of ODR are blind bidding or blind
negotiation, online negotiation, online negotiation-cum-mediation, document/
e-mail arbitration, online arbitration through video-conferencing and peer jury
and panel jury. It is most important that the ODR institution is able to generate e-
trust and e-confidence among the users of the online system. Legal concerns
relating to ODR in India are well taken care of by a conjoint reading of the
Arbitration and Conciliation Act, 1996 and the Information Technology Act,
2000.
41
Dispute Resolutions in 4) Document/E-mail Arbitration for disputes arising from E-commerce
Cyberspace
transactions.
5) Online arbitration through video-conferencing.
6) Peer Jury and Panel Jury
There might be certain legal concerns regarding implementation of ODR
in India. After all, if, through an ODR institution based at Delhi, arbitration
is conducted where the arbitrator is in Mumbai and one party is in Chennai
and the other in Bangalore, certain legal questions do arise for consideration.
For this purpose, we need to read the Indian Arbitration and Conciliation
Act, 1996 (Arbitration Act) with the Information and Technology Act, 2000
(IT Act).
The above mentioned Act have adequately dealt with the issue.
2) An Online ADR service center functions somewhat like an offline arbitral
institution. One can approach these institutions either ad hoc or on an
agreement basis. Companies generally have a pre-arrangement for
settlement of disputes, be it business to business (B2B) or business to
consumer (B2C), under the aegis of such online arbitral institutions.
Agreements are made out between the institution and the company as regards
the method of initiating the process into action, kind of settlement to be
pursued, the fee structure, goodwill and good faith of the parties, rights
and responsibilities of the parties and the arbitral institution, the procedures
to be followed, law applicable, confidentiality, security, etc. When a dispute
arises, either the company or the consumer (who is pre informed as to the
existence of such an arbitral institution to which the company is associated)
approaches the institution. The other party is then contacted and depending
upon the service provided or agreed for, negotiation, mediation, arbitration,
conciliation, evaluation or any other service is pursued. This is a bird’s eye
view of the whole arrangement.
3) ODR implies a change of medium to solve disputes. It is a catalyst to help
people solve their disputes. ODR is apt for solving of both online and offline
disputes.
For example, if there arises a contractual dispute between two businessmen
and they agree to have an online mediation, they can approach an ODR
institution, submit their dispute, have an online mediator appointed, and
proceed with the mediation process online. In case a settlement is reached
at, it can be reduced to writing, signed and ultimately, can be enforced as a
decree of court under the provisions of the Indian Arbitration and
Conciliation Act, 1996.
4) One of the advantages of online environment over offline environment is
the availability of various communication modes to a user. It becomes
important to select the appropriate mode to conduct the ODR process since
different kinds of disputes require different types of modes. E-mail
Discussion Boards Instant Messaging Audio conferencing Video
conferencing.
42
Enforcement Issues in
12.15 REFERENCES AND SUGGESTED READINGS Cyberspace
2. <http:\\www.ebc-india.com>.
3. <http://www.squaretrade.com/spl/jsp/eln/el.jsp?stmp=elance>.
4. <http://resolutionforum.org/services.html>.
5. http://www.i-courthouse.com/main.taf?area1_id=about&area2_id=faqs –>.
“In the event that a dispute arises out of this transaction, the parties agree
to submit that dispute for binding resolution through iCourthouse. In the
event that a party shall refuse to submit the dispute to iCourthouse, or files
an action in any other court without first offering dispute resolution through
iCourthouse, that party shall lose any right to attorney’s fees it might
otherwise be entitled to. The parties further agree that any verdict of
iCourthouse may be reduced to a judgement in any court having jurisdiction
over the parties, at the option of any party, without further adjudication.”
6. For example, one can use the following language to make your decision
enforceable: “We, the parties to case number – agree that the verdict
rendered by the jury in the iCourthouse case will be binding on us, and
will be enforceable as a judgment in a court of appropriate jurisdiction.”
April 2002.
7. Where any law provides that information or any other matter shall be in
writing or in the typewritten or printed form, then, notwithstanding anything
contained in such law, such requirement shall be deemed to have been
satisfied if such information or matter is-
a) rendered or made available in an electronic form; and
b) accessible so as to be usable for a subsequent reference.
8. Where any law provides that information or any other matter shall be
authenticated by affixing the signature or any document shall be signed or
bear the signature of any person (then, notwithstanding anything contained
in such law, such requirement shall be deemed to have been satisfied, if
such information or matter is authenticated by means of digital signature
affixed in such manner as may be prescribed by the Central Government.
Explanation.– For the purposes of this section, “signed”, with its
grammatical variations and cognate expressions, shall, with reference to a
person, mean affixing of his hand written signature or any mark on any
document and the expression “signature” shall be construed accordingly.
43