A brief Overview of Cyber Law by Vakul Sharma

The World Created by Technology

We live in a technology driven world. The world that technology has created is a world of machines - computers, computer systems and computer networks. This world is unique in the sense that it creates a beautiful interface between hardware and software. If hardware can be termed as a tangible component then the software provides an intangible component. It is this combination of hardware and software, which has created a world straight out of science fiction. This world is an open melting pot of diverse cultures and social practices. It is forever evolving and works 24x7 without even pausing for a second. It is a man made world without geographical and manmade boundaries. Cyberspace A Technology Driven World In fact, technology has proved to be a great leveller. It has helped in creating a dynamic world out of nowhere! It has created machine-clones in the form of computers a high-speed data processing device performing arithmetic, logical and memory functions by manipulating optical, magnetic or electrical impulses. The power of one machine-clone is power of all connected machine clones, which may be termed as network-of-networks or Internet. This dynamic virtual space created by the networks of machine clones has been termed as cyberspace. Therefore, while Internet is a fact, cyberspace is a fiction. It is an intangible space created by the medium of Internet1. It has no physical attributes yet one can see it, hear it and interact with it. The word Cyberspace was first used by William Gibson in his science fiction book Neuromancer, published in 1984. It depicted the story of a hacker (of databases), named Case whose job was to steal databases for a fee. Gibson portrayed cyberspace as a three-dimensional virtual landscape created by network of computers. Cyberspace according to him looked like a physical space but actually was a computer-generated construction representing abstract data. Neuromancer, though a difficult book to read and comprehend, nevertheless caught the imagination of public and with the result it was in 1986, English Dictionaries introduced the new word cyberspace. The New Oxford Dictionary of English defines Cyberspace as the notional environment in which communication over computer networks occurs. It also introduced another English word Cyberpunks a person who accesses computer networks illegally, especially with malicious intent.

Interestingly, the word cyber as a prefix was first used in the English word Cybernetics, which is taken from a Greek word Kubernetes meaning steersman. Cybernetics is the science of communications and automatic control systems in both machines and living things. This term was introduced and popularized by the U.S. mathematician Norbert Wiener in a book with that title published in 1948. Cybernetics is an interdisciplinary subject and includes neurophysiologists, psychologists, and computer engineers. Cyberspace is a virtual medium. It has no boundaries, no geographical mass, or gravity. No laws of Newton or Einstein are applicable here! Cyberspace represents an interconnected space created by computers, computer systems or computer networks. It exists in a form of bits and bytes 0s and 1s. In fact the entire cyberspace is a combination of 0s and 1s and this combination is constantly changing. Every second there is a new combination of 0s and 1s. It is nothing but a set of electronic impulses. It is a computer-generated construction representing abstract data. It is information driven world. In a way, cyberspace can be imagined as a huge repository of information in the form of computer databases, wherein new databases are being formed, accessed, retrieved and deleted by every passing second. Differentiating Between Cyberspace & Physical World Cyberspace is a digital medium and not a physical world. It is limitless, constantly changing its shape, attributes and characteristics. It is an interactive world and cannot be referred to as a xerox version of the geographical space. Such a version exists only in the films like Matrix! If physical world is static, well defined and incremental, then cyberspace is dynamic, undefined and exponential. The contours of physical world are fixed, but that of cyberspace is as vast as human imagination and thus cannot be given a fixed shape. As millions of neurons exist in human brain creating a spectre of life, similarly cyberspace represents network of millions of computers creating a spectre of digital life! Thus, cyberspace can be treated as a natural extension of physical world into an infinite world. Laws for Cyberspace Though cyberspace is an extension of a physical world, a world that is governed by a body of laws, rules and regulations. The first and the foremost question is should it be regulated or not? The answer is yes, as cyberspace does not exist in isolation and is intricately connected to the physical world, which is being a regulated and hence such a space by this logic should also be regulated. This raises another question how to regulate this medium, which is dynamic, infinite and intangible? Regulating cyberspace means regulating both man and the machine. It is interesting to note that in cyberspace not only man but also the machine could be both victims as well as perpetrators of

cyber crimes. For example, a computer could be seen both as a victim as well as a victimizer. That is, a computer can be hacked into and at the same time, the same computer can act as a resource of hacking. Would one say the similar things for a knife or a pistol? Both knife and pistol can be considered as a victimizer, but never a victim! This makes cyberspace a very interesting medium in the eyes of law. The law for cyberspace is to regulate the man and the machine. Since, one can regulate man, but not the machine! The question is how to regulate the machine? Here, the law works on a premise that if man could be regulated, then the machine can also be regulated. Cyber Laws: A New Beginning As discussed above, cyberspace is an emerging digital medium and requires a set of laws to regulate human behaviour in the cyberspace. The body of such laws can be referred to as cyber laws. It is obligatory to note that the basic objective of cyber laws is to regulate human behaviour and not technology. Cyber laws are technology intensive laws, advocating the use but not the misuse of technology. The idea is to articulate that the rule of law exists in cyberspace. Cyberspace requires cyber law. It would be a misnomer to suggest that cyber laws are meant to check the human behaviour in cyberspace only. Any physical act, which gets translated into violation of any right of a person in digital medium (cyberspace), would be treated as cyberspace violations. Let us not forget that it is the technology platform and its application, which separates cyberspace from physical world. For example, A, a person with a criminal intent uses computer or computer network to defraud another person, B then in such a case A could be punished under cyber law provisions. It was his actions in the physical world, which got manifested in the cyberspace. Defining Cyber Law The word cyber law encompasses all the cases, statutes and constitutional provisions that affect persons and institutions who control the entry to cyberspace, provide access to cyberspace, create the hardware and software which enable people to access cyberspace or use their own devices to go online and enter cyberspace. If one examines the aforesaid definition, basic concept of cyber laws evolves around the phrase: access to cyberspace. How one can access cyberspace? The requirement from the point of user is: (a) a computer system with a modem facility, a telephone line and an Internet hours usage pack from a network service provider; or (b) a computer system with a modem facility and a broadband connection from a network service provider.

Without such basic hardware and software tools, one cannot access cyberspace. Public and private institutions in the form of Government(s), hardware manufacturers and software application providers act as a gatekeepers of cyberspace. Access is granted to those, who have got the necessary tools to access cyberspace. With a click of a mouse or punching keystrokes, gates of cyberspace are opened for the users. It is just a click-of-amouse that separates an individual from physical space to cyberspace. Any illegal, wrongful or dishonest act committed in cyberspace would be covered under the cyber law provisions. Let us take an example of a person, X. By click of a mouse, he moves to a website based in New York and purchases goods; again by a click of a mouse, he moves to a website based in Hong Kong and purchases goods; and once again by a click of a mouse, he moves to a website based in Paris. Suppose X has used a forged global credit card to make purchases in New York, Hong Kong and Paris. Did X commit an offence? Yes, he did, but this would fall under the category of cyber fraud, rather than a case of a physical fraud and X would be tried under the cyber criminal provisions. In other words, the effectiveness of cyber law comes from the fact that it legally binds actions of any individual using computer, computer system or computer networks. In the above example, it was actions (of X), which were in the form of set of commands given to computer by means of a click of a mouse or a keystroke. Computer executed the command as given by X. From the legal perspective, it was a cyber fraud perpetuated by the X. The computer acted as it was under the control of X. Nevertheless, cyber law would extend its jurisdiction over both man and machine (computer) and thus by implications it legally binds all individuals and machines accessing cyberspace. Building Blocks of Cyber Law Cyber law is a new branch of law and is growing very fast. It is imperative that one should know the three basic building blocks of cyber laws, namely: (a) Netizens, (b) Cyberspace, and (c) Technology Netizens Cyber law has introduced a very important concept of netizens. Who are they? Which country, they belong to? Are they recognized as citizens under the Constitution of their country? Do they have fundamental rights? Do they have fundamental duties, as well? . He replicates his physical world actions, like socializing, buying, selling etc. in an online medium. He transcends geographical space and time by a click of a mouse. He recognizes no man-made or geographical

boundaries. There is no end to what a netizen can do. The most interesting facet of being netizen is that he could be anonymous, nameless and faceless person, if he wants to and yet can indulge in all kind of activities. A netizen differs from a citizen in the sense that a netizen unlike a citizen has no constitutional guarantees. No Constitution recognizes netizens as citizens and grant them constitutional rights and duties. Constitution of a country is meant for a specific geographical area. It is meant for the people that reside within that geographical area. Netizens being the traveler of digital highways are basically nameless, faceless nomads crisscrossing the worldwide for convenience. But one should not forget that in cyberspace, netizens exist, citizens dont! It is for these netizens, cyber laws have come into existence. Believe it or not, over a period of time many virtual countries have come up on the Net. They are no longer figment of imagination. Best-known is the Kingdom of Talossa. It was founded by a schoolboy, Robert Ben Madison, in 1979. Kingdom of Talossa has its own language, government, written history, laws, constitution and citizens. The Kingdom of Talossa is an independent, sovereign nation in North America, which seceded peacefully from the United States in 1979 (but we're not sure the United States noticed). Our Kingdom is located on the western shore of La Mr Talossn (Lake Michigan), surrounded by the U.S. city of Milwaukee, Wisconsin, but today most of our active citizens live in other parts of the United States and Canada, Europe, South America, Asia, and Africa.[ www.kingdomoftalossa.net] Interestingly, like, Kingdom of Talossa there are other virtual nation states (micronations), like Astrumia, Thrace, Lyonesse and Amokolia. Cyberspace Cyber law is for cyberspace. This does not mean that cyber laws would only regulate whatever being done in the cyberspace only. Since, it is difficult to separate out between the physical space and the cyberspace, it is only logical that cyberspace to include the activities, which have happened in the physical space just prior to entry into cyberspace. Cyberspace is a key building block of cyber law. In fact, one of the most important facets of cyber law is to act as a bridge between the physical space and the cyberspace, in order to regulate interface between man and machine. Cyberspace in that way is a man made machine world reshaping itself periodically. The question is should it be regulated by physical set of laws already in existence or should be regulated by new set of laws? It is important to note that the present of cyber laws are an extension of physical laws in cyberspace. These are analogy-seeking laws. For example, if law of contract exists between a buyer and seller in the physical world, then the same law of contract to be taken into account, if there is e-commerce

involving a buyer and a seller in electronic market place. Interestingly, netizens are even purchasing virtual properties on the worldwide web. For example, Second Life3 is a 3 D virtual world entirely created by its residents. Believe it or not, it is inhabited by millions of residents from around the globe! Even ebay.com conducts land auctions of parcels of land available on Second Life on regular basis.[ See, www.secondlife.com]

Technology Cyber laws are technology intensive laws. They revolve around technology and its applications. Cyber laws establish norms of accepted human behaviour in cyberspace. Presently, there exists two-technology school of laws: one is called, Technology Specific School and the other one, Technology Neutral School. The debate is what sort of laws should be adopted and why? Technology Specific School argues that the law should recognize only one given set of technology or technology standard. That is, law treats other standards as illegal, non-binding and thus not permissible. The main advantage of this School is that it creates a single technology platform for the entire community. The main disadvantage of this School is that it kills technological innovations and helps in creating monopolistic business, which is bad for the community. Technology Neutral School argues that the law should remain neutral when it comes to giving due recognition to any technology or technology standards. It treats all technologies or technology standards at par. Law does not discriminate between the technologies. The main advantage of this School is that helps in providing efficient and useful technologies for the community. The main disadvantage of this School is that it creates a multiple technology platforms and may increase the cost of assimilation of technology for the entire community. It is important to note that both technology specific law and technology neutral laws may co-exist at any given point of time. Often it is seen that the developed countries with a wider technology users base have multiplicity of technology platforms, whereas the developing countries with a narrow technology users base have one common technology platform to begin with. The reason is that in a developing country, technology is at a premium and hence the users are few, whereas in a developed country there are large number of users and there is technology maturity and hence are multiplicity of technology platforms. For example, technology specific law grants legal validity to digital signature created using a specific technology only. Digital

signatures created using any other technology not prescribed under law would be considered as invalid. A technology neutral law regime would not impose any such restrictions. Digital signatures (or Electronic Signatures) created by any technology would welcome. In India, we used to follow a technology specific regime. Under the law (The Information Technology Act, 2000), digital signatures using prescribed asymmetric cryptosystem standard is considered legally valid. Use of any other standards would render the said digital signature invalid. When this Act came into existence, the technology usage was quite low, but with the passage of time in India technology maturity has increased and thats why inthe new Information Technology (Amendment) Act, 2008 has now migrated towards the technology neutral regime. The truth is, countries like, South Korea, Malaysia and Germany also had technology specific legislation, but in 2004 & 2005, they all have migrated to technology neutral legislation. Scope of Cyber Laws Though study of cyber laws is a new branch of law, but it is touching all other areas of law having a technology component. Laws related to ecommerce,online contracts, copyright, trademark, business software patenting, e-taxation, e-governance and cyber crimes fall within the meaning and scope of cyber laws. (a) E-commerce Law E-commerce defined simply, is the commercial transaction of services in an electronic format. It is also referred to as any transaction conducted over the Internet or through Internet access, comprising the sale, lease, license, offer or delivery of property, goods, services or information, whether or not for consideration, and includes the provision of Internet access4. The US Census Bureau measures e-commerce by looking at the value of goods and services sold online whether over open networks such as the Internet, or over proprietary networks running systems such as EDI.5 Any dispute involving any e-commerce activity, whether at buyer or sellers end, would mean dispute happening in the cyberspace. (b) Online Contracts The Indian Contract Act, 1872 lays down that for a contract to happen there has to be proposal, assent to the proposal, which transforms into a promise. A promise supported by consideration becomes an agreement and an agreement enforceable by law is contract. Online contracts represent the formation of series of contractual obligations in an online environment. From a legal perspective, an online contract follows the same pre-requisite as being followed in offline (physical) contract. At a basic level, online contract formation requires online offer/proposal by one party and its online

acceptance by the other party. Electronic contracts, by their very nature, are dynamic and often multi layered transactions. With a layered contract, agreement to a contract may not occur at a single point in time. There exist a chain of successive events e-offer, e-acceptance, consideration etc., combination of which may lead to electronic contract formation. The legality of electronic communication process culminating into electronic contracts is also based on common law of contract. In online contracting process, technology is an added dimension and hence, it is important that the contracting parties should be prudent and aware of their obligations and liabilities before they click on on-screen I Agree text or icon. (c) Copyright Copyright is about protecting original expression. Copyright protects original works of authorship that are fixed in any tangible medium of expression from which they can be perceived, reproduced, or otherwise communicated either directly or with the aid of a machine or devicei. Copyright arises as soon as a work is created (or fixed). It does not extend to any idea, procedure, process, system, method of operation, concept, principle or discovery, unless fixed in a tangible form. In the digital medium, every web page accessible or published in the World Wide Web is to be taken as a literary copyrightable work. It protects all written text materials, graphic images/ designs, drawings, any linked sound, video files or films, whether part of a web page or a website. That is, copyright protects the look and feel of a website. A copyright owner has five exclusive statutory rights such as: (a) to fix (store) the information in a tangible form. (b) to reproduce the copyrighted work. (c) to sell, rent, lease, or otherwise distribute copies of the copyright work to the public. (d) to perform and display publicly the copyright work. (e) to prepare derivative works based on the copyright work. It is significant to note that the activities like caching, mirroring, downloading, scanning, peer-to-peer file sharing etc. prima facie, infringe exclusive statutory rights of a copyright owner. (d) Trademark Internet and the worldwide web represent the online medium. It is natural that a business entity claiming ownership of certain trademarks would like to extend its monopoly to this new medium as well. But the monopoly rights of trademark owners to own, license, sell, exhibit, market or promote are being threatened by web based technology tools, like search engines, meta tags, and hyperlinks. Similarly, in the last 15 years, domain names have become a kind of ecommerce marks in the online medium. These are digital business addresses

 a point of business contact or transaction. Functionally speaking, Domain names provide a system of easy-to-remember Internet addresses, which can be translated by the Domain Name System (DNS) into the numeric addresses (Internet Protocol (IP) numbers) used by the network. Cybersquatters, Typosquatters and other trademark infringers have made the web a legal minefield. The questions that has foxed the courts for many years now are Is domain name a property? If yes, to whom does such property belong? Is a domain name the property of the first person that registers it or is it the property of the trademark owner that has invested time and money developing goodwill and reputation associated with the mark? (e) Business Software Patenting Patent protects a process, while copyright protects expression. Patents confer stronger rights than copyrights. One computer programme consists of thousands of instructions. Every programme is unique, as it is a combination of logically arranged algorithms and techniques. Programmes are covered under copyright law, whereas, algorithms and techniques qualify for patenting. For many years, it was held that since, software is strings of logical instructions, mental processes and hence could not be patented. Also they had to be preserved in the public domain as the basic tools of scientific and technological work. Later, software was granted patents for industrial processes. With the advent of worldwide web and e-commerce coming of age, the debate of software patenting acquired a new platform in the form of business software patents. Big e-commerce retailers, like Amazon, Priceline and Ebay are going for patenting the backend software technologies of their front-end operations. Whether, it could be Amazons 1Click model, or Pricelines reverse auction mechanism. By patenting such business methods, companies are not only protecting their revenue models but are also adding significant business value to their sites. Extending patents in e-business environment would mean monopolysing commonplace e-business methods. (f) E-taxation The advent of e-commerce has opened up a Pandoras box how to tax e-commerce? Is it possible to tax such transactions in view of nature of Internet? Should e-commerce be taxed on lines of physical commercial activities? There are more questions than answers. The broad consensus that has emerged is: (i) that online transactions should not be immune from taxation solely because the sale is conducted through a medium distinct from that of a traditional physical businesses, and (ii) that it is not prudent to tax these online transactions purely on the basis of traditional taxation approach applicable to offline businesses.

As e-commerce represent online transactions involving consumer(s) and business (es) is occurring instantaneously, which makes it difficult to determine who the buyer and seller are and where they are respectively located? Another question is how to tax such online transactions? From a point of electronic taxation following issues may emerge7: Who is the customer? Where does the customer live? Did the transaction constitute sale of tangible property, the performance of a service, or the transfer of intangible property? Which jurisdiction has the authority to tax the sale? What online activities constitute sales for sales tax purposes? What constitutes a business connection/substantial nexus within a taxing jurisdiction? Can Central and/or State Government(s) technologically capable to monitor all online transactions? What kind of record retention requirements is necessary for tax purposes? Answers to the aforesaid set of questions would lay down the ground rules of electronic taxation vis--vis e-commerce. What should be done? Should we wait and formulate new rules on e-taxation or until then utilize the traditional tax rules available to us to resolve these complex issues. It is not to be forgotten that cyber laws are still in nascent stage of development and are developing by seeking analogies from the physical world. (g) E-governance The World Bank defines e-governance as the use of information and communication technologies by government agencies to transform relations with citizens, business and other arms of the government. It involves information technology enabled initiatives that are used for improving (i) the interaction between government and citizens or government and businesses e-services (ii) the internal government operations - e-administration and (iii) external interactions e-society. E-governance is a kind of window of opportunity facilitating a much faster, convenient, transparent and dynamic interaction between the government and its people. It has also been referred to as i-governanceintegrated governance1 as it integrates people, processes, information and technology in the service of achieving governance objectives. It should not be forgotten that there exists an inherent dichotomy between the system of governance and technology (web). One on hand the government system is regulated, hierarchical and static, whereas on the other technology is creative, non-hierarchical and dynamic8. The question is how to collate the system of governance with technology. E-governance practices need legal sanctity. It is thus imperative that basic governmental functions and practices from publication of an Electronic Gazette to acceptance,

issuance, creation, retention or preservation of any document; and participation in any monetary transaction in the electronic form should have a force of law behind them. Cyber laws facilitate e-governance practices by promoting various egovernance initiatives, like electronic filing of documents with the Government agencies, use of electronic records and digital signatures in Government and its agencies, retention or preservation of electronic records in electronic form and publication of rule, regulation, etc., in Electronic Gazette. (h) Cyber Crimes Cyber crime is a collective term encompassing both cyber contraventions and cyber offences. The word cyber is synonymous with computer, computer system or computer network. Thus, cyber crime may be defined as any illegal act that involves a computer, computer system or computer network, i.e. any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution. The mens rea in case of cyber crime comprises of two elements. First, there must be intent to secure access to any program or data held in any computer, computer system or computer network. Secondly, the person must know at the time that he commits the actus reus that the access he intends to secure is unauthorized. The intent does not have to be directed at any particular program or data or at programs or data held in any computer, computer system or computer network. The difference between cyber contravention and cyber offence is more about the degree and extent of criminal activity rather than anything else. For example, a mere unauthorized access to a computer, computer system or computer network may amount to cyber contravention but for a cyber offence it is the specific criminal violation that resulted from the unauthorized access to a computer, computer system or computer network that has to be taken into consideration. Cyber laws provide the basic mechanism to prosecute any person, who is reasonably suspected of having committed or of committing or of being 9 Mens rea is a state of mind. Under criminal law, mens rea is considered as the guilty intention and unless it is found that the accused had the guilty intention to commit the crime he cannot be held guilty of committing the crime. [Director of Enforcement v M.C.T.M. Corpn. (P) Ltd., (1996) 2 SCC 471] about to commit any offence using any computer, computer system or computer network. Cyber laws combating cyber crimes have an overriding effect on any other laws for the time being in force.

Cyber Laws & India In India the cyber laws are synonymous with the Information Technology Act, 2000. The IT revolution, in India started in mid 1980s and since then it has been moving like a juggernaut. While India was riding the information superhighway without any traffic rules, other countries in the world were framing rules and regulations to control access to Internet and also for business over the worldwide web. Since Internet is not confined within the geographical limits of a country, one of the United Nations agencies United Nations Commission on International Trade Law (UNCITRAL) proposed a certain level of uniformity of laws in all member countries. To this effect, the Model Law on Electronic Commerce was adopted by the United Nations Commission on International Trade Law (UNCITRAL) in its twenty-ninth session. Later a resolution11 of the General Assembly recommended that all States give favourable consideration to the Model Law on Electronic Commerce when they enact or revise their laws, in view of the need for uniformity of the law applicable to alternatives to paper-based methods of communication and storage of information. In India, the then Department of Electronics (DoE) was given the mandate to have an enactment in place, on the lines of the UNCITRALs Model Law on Electronic Commerce soon after its adoption by the UN General Assembly. It was a foresight on the part of the Government of India to initiate the entire process of enacting Indias first ever information The UN General Assembly by its resolution 2205 (XXI) of December 17, 1966 created United Nations Commission on International Trade Law (UNCITRAL) with a mandate to further the progressive harmonization and unification of the law of international trade. Resolution A/RES/51/162 adopted by the General Assembly of the United Nations on January 30,1997. technology legislation soon after its adoption by the UN General Assembly. There were two reasons: (a) to facilitate to the development of a secure regulatory environment for electronic commerce by providing a legal infrastructure to govern electronic contracts, authenticity and integrity of electronic transactions, the use of digital signatures and other issues related to electronic commerce; and (b) to showcase Indias growing IT knowledgebase and the role of Government in safeguarding and promoting IT sector. India enacted the Information Technology Act, 2000 based on the UNCITRALs Model Law on Electronic Commerce. It received the assent of the President on the June 9, 2000 and came into force on October 17, 2000. It is important to understand that while enacting the Information Technology Act, 2000, the legislative intent has been not to ignore the national perspective of

information technology and also to ensure that it should have an international perspective as advocated by the said Model Law. Approach of the Information Technology Act, 2000 Since the Information Technology Act, 2000 is based on the UNCITRALs Model Law on Electronic Commerce, which provides for functional equivalent approach. It is based on an analysis of the purposes and functions of the traditional paper-based requirement with a view to determining how those purposes or functions could be fulfilled through electronic-commerce techniques. The idea is that the adoption of the functional-equivalent approach should not result in imposing on users of electronic commerce more stringent standards of security (and the related costs) than in a paper-based environment. For example, it treats paper document and its electronic equivalent (electronic record) at par. That is, if a paper document is admissible in a court of law, then its functional equivalent in the electronic form, i.e., the electronic record should also be admissible in the court of law. Aims and Objectives of the Information Technology Act, 2000 The preamble of the Information Technology Act, 2000 reads An Act to provide legal recognition for transactions carried out by means of electronic communication, commonly referred to as electronic commerce which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies.