Professional Documents
Culture Documents
ity
THESIS
rs
ve
SUBMITTED FOR THE AWARD OF THE DEGREE OF
ni
U
lim
us
Doctor of Philosophy
M
h
In
ar
lig
Law
A
y,
ar
br
Li
d
za
SUBMITTED BY
A
SUNOWAR AMEER
na
la
au
M
DEPARTMENT OF LAW
ALIGARH MUSLIM UNIVERSITY
ALIGARH (UP) INDIA
2021
Abstract
ABSTRACT
Technological advancements have created plethora of new opportunities for criminals
to misuse information technologies such as unauthorized access into the computers of
others, hacking, Trojan attacks, e-mail and IRC related crimes, denial of service
attacks, etc. The growth of cyber crime in the world as well as in India is rapid and to
curb its scope and complexity is the emergent need of today. Cyber space offers a
plenty of opportunities for cyber criminals either to cause harm to innocent people or
to make money quickly at the cost of innocent citizens. The growing danger from
crimes committed against computers, or against information on computers, is
ity
beginning to claim attention in national capitals. In most countries around the world,
rs
however, existing laws are likely to be either insufficient or unenforceable against
ve
such crimes. Self-protection, while essential, is not sufficient to make cyberspace a
ni
U
safe place. The rule of law must also be enforced. Cyber crimes are easy to learn and
lim
to commit. However they require few resources relative to the potential damage
us
caused to person as well as world at large without being physically present in a
M
h
jurisdiction.
ar
lig
Law has become more complicated in curtailing the increasing incidents of cyber
ar
crime. Techniques used in committing cyber crime dramatically increase both the
br
Li
technical and legal complexities for investigating and prosecuting agencies. Hence, it
d
can be said that it is impossible to eliminate cyber crime from the cyber space but it is
za
A
possible to prevent them by generating awareness among the people about the tools,
na
techniques and modes which the cyber offenders invariably use in committing the
la
au
cyber crimes so that they can be countered by using protective and preventive devices.
M
India is among few countries, which enacted IT Act, 2000 to curtail the incidents of
cybercrimes. But the aim of the legislation was to cover commercial and economic
crimes only. There are no direct provisions, which specifically deal with the
1|Page
Abstract
protection of nitizens and only some stray provisions of the Act deal with the crimes
in cyber space. The IT Act is silent on the issue of cyber security in the cyber space.
ity
information on that system which is not connected to the internet. The nitizens should
rs
ve
report the cyber-crime as soon as possible so that the offenders do not have an
ni
opportunity to escape.
U
lim
The right to privacy is important for the general development of the human being.
us
This idea must be characterized appropriately. This right is under danger because of
M
such technology. Such advancements have attacked the individual’s personal as well
lig
A
as private life. Right to privacy and Data protection are twins however not
y,
indistinguishable. They are identified with one another. Privacy rights are not
ar
br
supreme. The Indian courts through a number of decisions have proclaimed that it is a
Li
fundamental right under section 21 of the constitution. The new advances present new
d
za
methods for security infringement, for example, spamming, phishing, cookies, etc.
A
Process Outsourcing (BPO) division, the Indian government has laid down the Rules.
M
But we need foolproof privacy law. The Information Technology Act, 2000 has a
number of civil and criminal obligations to prevent the security information
infringements. Method of data collection has been prescribed under the Rules. The
Data Protection Bill, 2018 imposes very strict and huge penalty in case of privacy
breach but this Bill is still pending before the Parliament. It ought to be converted into
an Act after threadbare discussion on the provisions so that privacy right may be
ensured and data protection infringements may be dealt with strictly in this modern
technological age.
2|Page
Abstract
The concept of the cyber security is very inclusive. It cannot be conceptualized only
with privacy, fundamental rights, information, data protection, etc. Its dimensions
vary day by day with the technological advancement of the cyber world. The impact
of the technological revolution is far-reaching, forcing us to recognize information as
a vital resource of the country, which need special attention. New kinds of cyber
security breaches lead to new cyber crimes which should be combated with the new
strategies, the policy as well laws. There is an urgent need to protect the very basic
components of the cyber security i.e. availability, integrity, confidentiality.
ity
institutions that are working ahead for the better protection of the cyber space and
rs
ve
save it from security attacks. They have articulated various mechanisms, formulate
ni
strategies to combat the newly technological cyber crimes. However, as per records,
U
there is increase in the number of reported cyber crimes, what to say of unreported.
lim
The existing laws and policy in India do not arrest the problem in effective manner.
us
M
India has increasing number of internet users therefore there is need of effective and
h
ar
comprehensive cyber security protection law, policy as well as strategies. The law and
lig
cyber criminality.
y,
ar
br
On the basis of analysis of chapters of the thesis and discussion thereunder, it is well
Li
socio-economic changes in all sphere of human lives in 21st century. With the
A
enormous growth in access to cyberspace, E-commerce has become very easy for
na
la
every person. The use of cyberspace as a platform to connect with each other and
au
numerous cyber threats before the global community. The cyber criminals along with
the advancement of the technology are developing day by day new means for
committing new age crime known as the cybercrime. Because of its extra territorial
jurisdiction the perpetrator can commit cybercrimes without being present in that
territory. The concept of Jurisdiction over cyber-crimes has been a debatable topic.
Ellen S. Podger in his famous work has etched-out the cardinal issues in determining
jurisdiction in cyber-crime which are as follows:
3|Page
Abstract
Moreover, it has been argued by many authors and jurists that since the internet is a
borderless world, a separate regulatory law is required to ensure its safety, security
ity
and confidentiality. The urgent need of cyber security laws has become one of the
rs
ve
most compelling priorities for the global nations. The issue of cybersecurity is not just
ni
a technical problem that can be ‘solved’; it is a risk to be managed by a combination
U
lim
of defensive technology, judicious analysis, information warfare and traditional
us
diplomacy because of its far reaching consequences. Nations have to take appropriate
M
sharing mechanisms and to educate both corporate and home users about
A
y,
cyberspace.
br
Li
Tracking of cyber criminals is yet another issue which need to be solved at national
d
za
and international levels. It is not only the laws dealing with cybercrimes that must
A
exist in various countries, but the collection of appropriate cyber forensic data in
na
la
various jurisdictions and their proper presentation in the courts of law are essential to
au
book the criminals and to give justice to the victims belonging to different countries.
M
The term Cyber security needs to be defined comprehensively. Given the current state
of play in cyber security, it is not surprising that the most discussion on the cyber
security sooner or later end as a confusing mix of viewpoint on fundamental rights,
privacy, law enforcement, human rights, globalization and national security, thus
leading to gridlock. With the progress of time, different perspective and approaches
are coming out to tackle this confused state of affairs.
4|Page
Abstract
Prevention is always better than cure. It is certainly better to take precautions while
operating the net because the creativity of human mind cannot be checked by any law.
As it is righty said that even devil did not know what is going on in human mind,
precaution, prevention, protection, preservation and perseverance really hold the key
to tackle the problem efficiently. Cyber crime is the deadliest epidemic of our planet
and has emerged as a major source of governments’ concern across the globe.
The Information Technology (IT) is vast and complex area. The growth in the number
of internet usage fuelled by easier availability of Information and Communication
Technology (ICT), the widespread use of computers globally and the computer savvy
ity
young generation are some of the key factors that contribute to the cybercrime. There
rs
ve
is a need of comprehensive cyber security mechanism to protect the privacy of the
ni
individual as well as the national security. The word ‘cyber security’ is yet to be
U
defined in a comprehensive manner because of the complex and fact changing nature
lim
of information and communication technology at global and national level but one of
us
M
the most concise one can be found on the Techtarget website and it states: ‘Cyber
h
ar
networks, computer, programs and data from attack, damage or unauthorized access.
A
Cyber security has become a big deal. The risks related to cybersecurity is an issue of
y,
ar
concern. Everyone is worried about the risks involved. To overcome such risks many
br
law firms and organisations have started practicing cybersecurity laws. To understand
Li
d
clearly what the cybersecurity laws are, one should take into consideration the
za
A
following questions:
na
la
1. What necessary steps a victim can take to uncover the traces or evidence of
au
intrusion?
M
2. What are the necessary remedies available to the victim to minimise or stop the
loss incurred by such intrusion?
3. What are the liabilities of perpetrators for such intrusion?
4. How these liabilities are to be fixed in a definite manner so that victim gets relief?
5. What are the regulatory authorities, and what powers do they have to enforce
cybersecurity standards?
6. What further steps are required so that the world as a whole can work as a team?
5|Page
Abstract
The nature of cybercrime and the legal issues are global. Through international
organizations, such as the International Telecommunication Union (ITU), The
International Criminal Police Organization (INTERPOL), United Nations Office on
Drugs and Crime (UNODC), G8 Group of States, Council of Europe, Organization of
American States (OAS), Asia Pacific Economic Cooperation (APEC), The
Organization for Economic Cooperation and Development (OECD), The
Commonwealth, European Union, efforts have been taken to ensure the
harmonization of legislation in the individual countries. There are various
organisations which are continuously working at global as well as regional level to
combat the increasing number of cyber security problems and thereby cyber
ity
rs
criminality.
ve
ni
There is no doubt that the international organizations like The Internet Corporation for
U
Assigned Names and Number (ICANN), The Organisation for Economic corporation
lim
and Development (OECD), and UN based institution ITU are dealing with the cyber
us
M
related issues and continuously trying to establish global internet governance for
h
ar
global commons. To deal with such kind of emerging problems like cyber-crimes and
lig
cyber security before the country the Indian Parliament has passed the Information
A
2008 as well as the National Cyber Security Policy, 2013 with the aim of protecting
br
technology are generating security threats day by day which has resulted in large scale
za
A
denial of basic human rights through information security challenges. In spite of the
na
potentiality of the above existing legislation and policy the problem has not been
la
arrested in an effective manner. Like other legal system, the law relating to
au
M
6|Page
Abstract
Statement of Problem
The convergence of computer network and telecommunications facilitated by the
digital technologies have given birth to a common space called ‘cyberspace’. This
cyberspace has become a platform for a galaxy of human activities with converge on
the internet. Internet is increasingly being used for communication, commerce,
advertising, banking, education, research and entertainment. There is hardly any
human activity that is not touched by the internet. Thus, the emergence of information
technology has increased the rate of cyber attacks and the present cyber law is proving
to be incapable to meet the needs of present day. Therefore, there is a need to amend
ity
the existing law to provide better cyber security and also to formulate effective cyber
rs
crimes prevention strategies and impart cyber crime investigation training to the law
ve
enforcement agencies of India.
ni
U
lim
Aims and Objectives
us
The main objectives of the present study are as under:
M
2 To study the cyber space usage in Indian scenario and the cyber security
lig
risks.
A
3
ar
7|Page
Abstract
light on government machinery and its policies for providing cybersecurity to the
nation in order to minimize the risk of cyber attacks.
Research Questions
Q1. Whether the Information Technology Act, 2000 is well equipped to resolve
Information Technology related issues?
Q2. Whether the cyber crime cell and cybercrime labs really help in investigating
cyber crime?
Q3. What is the role of the Indian Computer Emergency Response Team (CERT-In)
and other organizations in preventing cybercrime?
ity
Q4. Whether the policies initiated by the government are effective in avoiding the risk
rs
ve
to cybersecurity and privacy?
ni
Q5. What steps are required to ensure better legal regime on the above stated sensitive
U
lim
issues?
us
Hypotheses
M
h
computers showed that the IT Act, 2000 is not well equipped. Ministry of Home
A
Affairs under the Cyber Crime Investigation program is supporting the establishment
y,
ar
of Cyber Crime Police Station (CCPS) and Cyber Crime Investigations and Forensic
br
Training Facilities (CCIFTF) in each State/ Union Territory of India under Police
Li
d
Modernization Scheme. Every State has opened the cybercrime cell. However, all
za
these cells follow the same Code of Criminal Procedure,1973 (Cr.P.C.) which is
A
na
followed for conventional crimes. The Cr.P.C does not contain effective provisions to
la
cybersecurity and privacy particularly. Various steps have been taken at the level of
legislature and executive to respond to computer security incidents, create awareness
on security issues and to improve alertness in critical sector organizations as a part of
the ‘Crisis Management Plan’ (CMP) for countering cyber-attacks and cyber
terrorism. All Ministries/ Departments of Central Government, State Governments
and their organizations and critical sectors have been mandated to continuously assess
the posture of their IT systems and networks still these policies and plans do not
appear to be sufficient as position is far from satisfactory.
8|Page
Abstract
Research Methodology
The present study is doctrinal in nature which involves an in-depth study of the source
materials, text reviews, case studies. It also traces the legislative development in the
national and international level. Primary as well as secondary sources like legal texts,
books, articles, encyclopedias, research papers, newspapers, and the internet material
will be assessed in order to get the most pertinent information.
Plan of Study
The researcher has systematically divided this research into seven chapters detailed as
under.
ity
rs
Chapter-1 titled “Understanding Cybercrimes” deals with the history of internet,
ve
ni
meaning and concept of cyber space. After giving brief understanding about both of
U
them, the researcher has discussed the meaning and various types of cybercrime
lim
committed all over the world including the methodology used by offenders to commit
us
M
these crimes.
h
ar
various types of cybercrime and its impact. In this chapter, an attempt has been made
A
y,
to briefly discuss cyber security scenario in India vis a vis various criminal activity.
ar
Reports of National Crimes Record Bureau (NCRB) from 2014-2018 dealing with
br
Li
cybercrimes has been discussed and analysed with special reference to cyber
d
za
Chapter-3 titled “Right to Privacy and Data Protection in Cyber Space” the
la
researcher has taken a closer look in the debate focusing on the related but distinct
au
M
concept of privacy and data protection. An attempt has been made to throw the light
on the recent problem of privacy violation in cyberspace. This study focuses on the
need for a data protection bill in India and the precautionary measures to deal with
this problem in the face of growing threats to privacy. By the end, we will have a
clear idea of what privacy and data protection means. How these two issues differ and
overlap. How both are affected by the digital age. How one can engage with
companies and government to protect and strengthen these rights.
9|Page
Abstract
ity
rs
Chapter-6 titled “Grievance Redressal Mechanism” points out various mechanisms
ve
for addressing the grievances in case of cyber violation or criminal misuse of
ni
U
information technology.
lim
Chapter-7 titled “Judicial Response” deals with the role of judiciary towards
us
M
cybercrime in India. In this chapter researcher has discussed the role played by the
h
ar
honorable Supreme Court of India and honourable High Courts through innovative
lig
Finally the study has been concluded upon the base of research and few suggestions
ar
br
have been given with a view to combat the cybercrime. Some of these suggestions
Li
included:
d
za
A
10 | P a g e
Abstract
ity
rs
ve
Crime is a social evil and though the Police are primarily responsible to take effective
ni
steps to protect us, the society itself need to collectively address the menace and take
U
such steps as may be necessary to reduce the incidences of cyber crime This requires
lim
an understanding of the nature of the crimes by every member of the society so that
us
M
preventive measures can be taken by all.
h
ar
lig
A
y,
ar
br
Li
d
za
A
na
la
au
M
11 | P a g e