You are on page 1of 10

CYBER LAW & INFORMATION TECHNOLOGY by Talwant Singh Addl. Distt.

& Sessions Judge, Delhi

talwant@yahoo.com
Success in any field of human activity leads to crime that needs mechanisms to control it. Legal provisions should provide assurance to users, empowerment to law enforcement agencies and deterrence to criminals. The law is as stringent as its enforcement. Crime is no longer limited to space, time or a group of people. Cyber space creates moral, civil and criminal wrongs. It has now given a new way to express criminal tendencies. Back in 1990, less than 100,000 people were able to log on to the Internet worldwide. Now around 500 million people are hooked up to surf the net around the globe. Until recently, many information technology (IT) professionals lacked awareness of and interest in the cyber crime phenomenon. In many cases, law enforcement officers have lacked the tools needed to tackle the problem; old laws didnt quite fit the crimes being committed, new laws hadnt quite caught up to the reality of what was happening, and there were few court precedents to look to for guidance. Furthermore, debates over privacy issues hampered the ability of enforcement agents to gather the evidence needed to prosecute these new cases. Finally, there was a certain amount of antipathyor at the least, distrust between the two most important players in any effective fight against cyber crime: law enforcement agencies and computer professionals. Yet close cooperation between the two is crucial if we are to control the cyber crime problem and make the Internet a safe place for its users. Law enforcement personnel understand the criminal mindset and know the basics of gathering evidence and bringing offenders to justice. IT personnel understand computers and networks, how they work, and how to track down information on them. Each has half of the key to defeating the cyber criminal. IT professionals need good definitions of cybercrime in order to know when (and what) to report to police, but law enforcement agencies must have statutory definitions of specific crimes in order to charge a criminal with an offense. The first step in specifically defining individual cybercrimes is to sort all the acts that can be considered cybercrimes into organized categories. United Nations Definition of Cybercrime Cybercrime spans not only state but national boundaries as well. Perhaps we should look to international organizations to provide a standard definition of the crime. At the Tenth United Nations Congress on the Prevention of Crime and Treatment of Offenders, in a workshop devoted to the issues of crimes related to computer networks, cybercrime was broken into two categories and defined thus: a. Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of electronic operations that targets the security of computer systems and the data processed by them. b. Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession [and] offering or distributing information by means of a computer system or network. Of course, these definitions are complicated by the fact that an act may be illegal in one nation but not in another. There are more concrete examples, including i. Unauthorized access ii. Damage to computer data or programs iii. Computer sabotage iv. Unauthorized interception of communications v. Computer espionage These definitions, although not completely definitive, do give us a good starting pointone that has some international recognition and agreementfor determining just what we mean by the term cybercrime. In Indian law, cyber crime has to be voluntary and willful, an act or omission that adversely affects a person or property. The IT Act provides the backbone for e-commerce and Indias approach has been to look at e-governance and e-commerce

primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects. In the present global situation where cyber control mechanisms are important we need to push cyber laws. Cyber Crimes are a new class of crimes to India rapidly expanding due to extensive use of internet. Getting the right lead and making the right interpretation are very important in solving a cyber crime. The 7 stage continuum of a criminal case starts from perpetration to registration to reporting, investigation, prosecution, adjudication and execution. The system can not be stronger than the weakest link in the chain. In India, there are 30 million policemen to train apart from 12,000 strong Judiciary. Police in India are trying to become cyber crime savvy and hiring people who are trained in the area. Many police stations in Delhi have computers which will be soon connected to the Head Quarters. Cyber Police Stations are functioning in major Cities all over the Country. The pace of the investigations can become faster; judicial sensitivity and knowledge need to improve. Focus needs to be on educating the police and district judiciary. IT Institutions can also play a role in this area. We need to sensitize our investigators and judges to the nuances of the system. National judicial Academy at Bhopal (MP) and State Judicial Academies are also running short-term Cyber Courses for Judges but much more is needed to be done. Technology nuances are important in a spam infested environment where privacy can be compromised and individuals can be subjected to become a victim unsuspectingly. Most cyber criminals have a counter part in the real world. If loss of property or persons is caused the criminal is punishable under the IPC also. Since the law enforcement agencies find it is easier to handle it under the IPC, IT Act cases are not getting reported and when reported are not necessarily dealt with under the IT Act. A lengthy and intensive process of learning is required. A whole series of initiatives of cyber forensics were undertaken and cyber law procedures resulted out of it. This is an area where learning takes place every day as we are all beginners in this area. We are looking for solutions faster than the problems can get invented. We need to move faster than the criminals. The real issue is how to prevent cyber crime. For this, there is need to raise the probability of apprehension and conviction. India has a law on evidence that considers admissibility, authenticity, accuracy, and completeness to convince the judiciary. The challenge in cyber crime cases includes getting evidence that will stand scrutiny in a foreign court. For this India needs total international cooperation with specialised agencies of different countries. Police has to ensure that they have seized exactly what was there at the scene of crime, is the same that has been analysed and the report presented in court is based on this evidence. It has to maintain the chain of custody. The threat is not from the intelligence of criminals but from our ignorance and the will to fight it. The law is stricter now on producing evidence especially where electronic documents are concerned. The computer is the target and the tool for the perpetration of crime. It is used for the communication of the criminal activity such as the injection of a virus/worm which can crash entire networks. The Information Technology (IT) Act, 2000, specifies the acts which have been made punishable. Since the primary objective of this Act is to create an enabling environment for commercial use of I.T., certain omissions and commissions of criminals while using computers have not been included. With the legal recognition of Electronic Records and the amendments made in the several sections of the IPC vide the IT Act, 2000, several offences having bearing on cyber-arena are also registered under the appropriate sections of the IPC. As per the report of National Crime Records Bureau, in 2005, a total 179 cases were registered under IT Act 2000, of which about 50 percent (88 cases) were related to Obscene Publications / Transmission in electronic form, normally known as cyber pornography. 125 persons were arrested for committing such offences during 2005. There were 74 cases of Hacking of computer systems during the year wherein 41 persons were arrested. Out of the total (74) Hacking cases, those relating to Loss/Damage of computer resource/utility under Sec 66(1) of the IT Act were 44.6 percent (33 cases) whereas the cases related to Hacking under Section 66(2) of IT Act were 55.4 percent (41 cases). Tamil Nadu (15) and Delhi (4) registered maximum cases under Sec 66(1) of the IT Act out of total 33 such cases at the National level. Out of the total 41 cases relating to Hacking under Sec. 66(2), most of the cases (24 cases) were reported from Karnataka followed by Andhra Pradesh (9) and Maharashtra (8). During the year, a total of 302 cases were registered under IPC Sections as compared to 279 such cases during 2004 thereby reporting an increase of 8.2 percent in 2005 over 2004. Gujarat reported maximum number of such cases, nearly 50.6 percent of total cases (153 out of 302) like in previous year 2004 followed by Andhra Pradesh 22.5 percent (68 cases). Out of total 302 cases registered under IPC, majority of the crimes fall under 2 categories viz. Criminal Breach of Trust or Fraud (186) and Counterfeiting of Currency/Stamps (59). Though, these offences fall under the traditional IPC crimes, the cases had the cyber tone wherein computer, Internet or its related aspects were present in the crime and hence they were categorised as Cyber Crimes under IPC. Out of the 53,625 cases reported under head Cheating during 2005, the Cyber Forgery (48 cases) accounted for 0.09 percent. The Cyber frauds (186) accounted for 1.4 percent out of the total Criminal Breach of Trust cases (13,572). The Forgery (Cyber) cases were highest in Andhra Pradesh (28) followed by Punjab (12). The cases of Cyber Fraud were highest in Gujarat (118) followed by Punjab (28) and Andhra Pradesh (20). A total of 377 persons were arrested in the

country for Cyber Crimes under IPC during 2005. Of these, 57.0 percent (215) of total such offenders (377) were taken into custody for offences under 'Criminal Breach of Trust/Fraud (Cyber)', 22.0 percent (83) for Counterfeiting of Currency/Stamps and 18.8 percent (71) for offences under Cyber Forgery. The States such as Gujarat (159), Andhra Pradesh (110), Chhattisgarh and Punjab (51 each) have reported higher arrests for Cyber Crimes registered under IPC. Bangalore (38), Chennai (20) and Delhi (10) cities have reported high incidence of such cases (68 out of 94 cases) accounting for more than half of the cases (72.3%) reported under IT Act, 2000. Surat city has reported the highest incidence (146 out of 163 cases) of cases reported under IPC sections accounting for more than 89.6 percent. The latest statistics show that cybercrime is actually on the rise. However, it is true that in India, cybercrime is not reported too much about. Consequently there is a false sense of complacency that cybercrime does not exist and that society is safe from cybercrime. This is not the correct picture. The fact is that people in our country do not report cybercrimes for many reasons. Many do not want to face harassment by the police. There is also the fear of bad publicity in the media, which could hurt their reputation and standing in society. Also, it becomes extremely difficult to convince the police to register any cybercrime, because of lack of orientation and awareness about cybercrimes and their registration and handling by the police. A recent survey indicates that for every 500 cybercrime incidents that take place, only 50 are reported to the police and out of that only one is actually registered. These figures indicate how difficult it is to convince the police to register a cybercrime. The establishment of cybercrime cells in different parts of the country was expected to boost cybercrime reporting and prosecution. However, these cells havent quite kept up with expectations. Netizens should not be under the impression that cybercrime is vanishing and they must realize that with each passing day, cyberspace becomes a more dangerous place to be in, where criminals roam freely to execute their criminals intentions encouraged by the so-called anonymity that internet provides. The absolutely poor rate of cyber crime conviction in the country has also not helped the cause of regulating cybercrime. There has only been few cybercrime convictions in the whole country, which can be counted on fingers. We need to ensure that we have specialized procedures for prosecution of cybercrime cases so as to tackle them on a priority basis,. This is necessary so as to win the faith of the people in the ability of the system to tackle cybercrime. We must ensure that our system provides for stringent punishment of cybercrimes and cyber criminals so that the same acts as a deterrent for others. Threat Perceptions A survey released by the UK government has revealed that the British public is now more fearful of cybercrime than burglary and crimes against the person. According to its results, Internet users fear bankcard fraud the most (27 percent), followed by cybercrime (21 percent) and burglary (16 percent). This shows that hi-tech crime has firmly overtaken conventional burglaries, muggings and thefts in the list of the publics fears, as the Internet has become firmly embedded into the British society, with some 57 percent of households having online access. Interestingly, University of Abertay in Dundee, Scotland (UK) is now offering a BSc Hons in Ethical Hacking and Countermeasures. Cyber-Crime Update An initiative has been taken to provide a much-awaited On-Line Library of Cyber Cases in India. It is updated regularily and provides the relevant law, regulations, cases and articles related to cyber law. The Library can be assessed at

www.cybercases.blogspot.com

Introduction
Internet is a new medium, yet it is one medium that has changed human perceptions, behaviour and visions. Internet has demolished national boundaries and has made the world as one big family.

Some say Internet means unbriddled freedom and is an anarchy. But it is also amply clear that there can be law within the Internet . Humanity has been so much dedicated to the growth of the technological and infratstructural aspects of Internet that the legal mechanisms relating to Internet and cyberspace has taken a back seat. As with each passing day, new horizons of cyberspace are being discovered and explored, there is all the more need for legal mechanisms governing cyberspace. But the Cyberlaw as on date is in a stage of its infancy. It is being constantly evolved. Cyberlaw Association aims to contribute to the ever evolving cyber legal jurisprudence and emerging legal issues pertaining to Cyberspace, Internet and the World Wide Web. Cyberlaw Association is a not for profit association that was found more that a decade ago to encourage the growth of Cyberlaw in different jurisdictions. It was also initially devised to be meeting point of all related similar thinking individuals and legal entities who had an interest in the evolution, growth and development of Cyber Law, and Cyber Law legal jurisprudence. Cyber Law Association is the common meeting point of legal professionals, scholars, jurists and other stakeholders who all are committed to the growth of cyberlaw and cyberlegal jurisprudence. Ever since the formation of the Cyber Law Association, lot of developments have taken place pertaining to cyberlaw. These developments have initiated more debate, discussion and interaction. Cyberlaw Association is a platform that allows relevant interested members to discuss and debate the ambit and manifestation of emerging legal trends in cyberspace.

Cyber Law of India : Introduction


In Simple way we can say that cyber crime is unlawful acts wherein the computer is either a tool or a target or both

Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000.
We can categorize Cyber crimes in two ways The Computer as a Target :-using a computer to attack other computers. e.g. Hacking, Virus/Worm attacks, DOS attack etc. The computer as a weapon :-using a computer to commit real world crimes. e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc. Cyber Crime regulated by Cyber Laws or Internet Laws. Technical Aspects Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as a. Unauthorized access & Hacking:Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.

Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use readymade computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. By hacking web server taking control on another persons website called as web hijacking b. Trojan Attack:The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans. The name Trojan Horse is popular. Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the trojan. TCP/IP protocol is the usual protocol type used for communications, but some functions of the trojans use the UDP protocol as well. c. Virus and Worm attack:A program that has capability to infect other programs and make copies of itself and spread into other programs is called virus. Programs that multiply like viruses but spread from computer to computer are called as worms. d. E-mail & IRC related crimes:1. Email spoofing Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. Please Read 2. Email Spamming Email "spamming" refers to sending email to thousands and thousands of users - similar to a chain letter. 3 Sending malicious codes through email E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending a link of website which on visiting downloads malicious code. 4. Email bombing E-mail "bombing" is characterized by abusers repeatedly sending an identical email message to a particular address. 5. Sending threatening emails

6. Defamatory emails 7. Email frauds 8. IRC related Three main ways to attack IRC are: "verbal 8218;? #8220; attacks, clone attacks, and flood attacks. e. Denial of Service attacks:Flooding a computer resource with more requests than it can handle. This causes the resource to crash thereby denying access of service to authorized users. Examples include attempts to "flood" a network, thereby preventing legitimate network traffic attempts to disrupt connections between two machines, thereby preventing access to a service attempts to prevent a particular individual from accessing a service attempts to disrupt service to a specific system or person. You can check some confidentiality agreement template of online websites here.
Distributed DOS A distributed denial of service (DoS) attack is accomplished by using the Internet to break into computers and using them to attack a network. Hundreds or thousands of computer systems across the Internet can be turned into zombies and used to attack another system or website. Types of DOS There are three basic types of attack: a. Consumption of scarce, limited, or non-renewable resources like NW bandwith, RAM, CPU time. Even power, cool air, or water can affect. b. Destruction or Alteration of Configuration Information c. Physical Destruction or Alteration of Network Components e. Pornography:The literal mining of the term 'Pornography' is describing or showing sexual acts in order to cause sexual excitement through books, films, etc. This would include pornographic websites; pornographic material produced using computers and use of internet to download and transmit pornographic videos, pictures, photos, writings etc. Adult entertainment is largest industry on internet.There are more than 420 million individual pornographic webpages today. Research shows that 50% of the web-sites containing potentially illegal contents relating to child abuse were Pay-Per-View. This indicates that abusive images of children over Internet have been highly commercialized.

Pornography delivered over mobile phones is now a burgeoning business, driven by the increase in sophisticated services that deliver video clips and streaming video, in addition to text and images. Effects of Pornography Research has shown that pornography and its messages are involved in shaping attitudes and encouraging behavior that can harm individual users and their families. Pornography is often viewed in secret, which creates deception within marriages that can lead to divorce in some cases. In addition, pornography promotes the allure of adultery, prostitution and unreal expectations that can result in dangerous promiscuous behavior. Some of the common, but false messages sent by sexualized culture. Sex with anyone, under any circumstances, any way it is desired, is beneficial and does not have negative consequences. Women have one value - to meet the sexual demands of men. Marriage and children are obstacles to sexual fulfillment. Everyone is involved in promiscuous sexual activity, infidelity and premarital sex. Pornography Addiction Dr. Victor Cline, an expert on Sexual Addiction, found that there is a four-step progression among many who consume pornography. 1.Addiction: Pornography provides a powerful sexual stimulant or aphrodisiac effect, followed by sexual release, most often through masturbation. 2.Escalation: Over time addicts require more explicit and deviant material to meet their sexual "needs." 3.Desensitization: What was first perceived as gross, shocking and disturbing, in time becomes common and acceptable. 4.Acting out sexually: There is an increasing tendency to act out behaviors viewed in pornography. g. Forgery:Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. Also impersonate another person is considered forgery. h. IPR Violations:These include software piracy, copyright infringement, trademarks violations, theft of computer source code, patent violations. etc. Cyber Squatting- Domain names are also trademarks and protected by ICANNs domain dispute resolution policy and also under trademark laws. Cyber Squatters registers domain name identical to popular service providers domain so as to attract their users and get benefit from it.

i. Cyber Terrorism:Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets. Others like police, medical, fire and rescue systems etc. Cyberterrorism is an attractive option for modern terrorists for several reasons. 1.It is cheaper than traditional terrorist methods. 2.Cyberterrorism is more anonymous than traditional terrorist methods. 3.The variety and number of targets are enormous. 4.Cyberterrorism can be conducted remotely, a feature that isespecially appealing to terrorists. 5.Cyberterrorism has the potential to affect directly a larger number of people. j. Banking/Credit card Related crimes:In the corporate world, Internet hackers are continually looking for opportunities to compromise a companys security in order to gain access to confidential banking and financial information. Use of stolen card information or fake credit/debit cards are common. Bank employee can grab money using programs to deduce small amount of money from all customer accounts and adding it to own account also called as salami. k. E-commerce/ Investment Frauds:Sales and Investment frauds. An offering that uses false or fraudulent claims to solicit investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit securities. Merchandise or services that were purchased or contracted by individuals online are never delivered. The fraud attributable to the misrepresentation of a product advertised for sale through an Internet auction site or the nondelivery of products purchased through an Internet auction site. Investors are enticed to invest in this fraudulent scheme by the promises of abnormally high profits. l. Sale of illegal articles:This would include trade of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication. Research shows that number of people employed in this criminal area. Daily peoples receiving so many emails with offer of banned or illegal products for sale. m. Online gambling:There are millions of websites hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering. n. Defamation: Defamation can be understood as the intentional infringement of another person's right to his good name.

Cyber Defamation occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person's friends. Information posted to a bulletin board can be accessed by anyone. This means that anyone can place Cyber defamation is also called as Cyber smearing. Cyber Stacking:Cyber stalking involves following a persons movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc. In general, the harasser intends to cause emotional distress and has no legitimate purpose to his communications. p. Pedophiles:Also there are persons who intentionally prey upon children. Specially with a teen they will let the teen know that fully understand the feelings towards adult and in particular teen parents. They earns teens trust and gradually seduce them into sexual or indecent acts. Pedophiles lure the children by distributing pornographic material, then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions. q. Identity Theft :Identity theft is the fastest growing crime in countries like America. Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud. Identity theft is a vehicle for perpetrating other types of fraud schemes. r. Data diddling:Data diddling involves changing data prior or during input into a computer. In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the process of having information stored in a computer file. It also include automatic changing the financial information for some time before processing and then restoring original information. s. Theft of Internet Hours:Unauthorized use of Internet hours paid for by another person. By gaining access to an organisation's telephone switchboard (PBX) individuals or criminal organizations can obtain access to dialin/dial-out circuits and then make their own calls or sell call time to third parties. Additional forms of service theft include capturing 'calling card' details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored value telephone cards. t. Theft of computer system (Hardware):This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral attached to the computer. u. Physically damaging a computer system:-

Physically damaging a computer or its peripheralseither by shock, fire or excess electric supply etc. v. Breach of Privacy and Confidentiality Privacy Privacy refers to the right of an individual/s to determine when, how and to what extent his or her personal data will be shared with others. Breach of privacy means unauthorized use or distribution or disclosure of personal information like medical records, sexual preferences, financial status etc. Confidentiality It means non disclosure of information to unauthorized or unwanted persons. In addition to Personal information some other type of information which useful for business and leakage of such information to other persons may cause damage to business or person, such information should be protected. Generally for protecting secrecy of such information, parties while sharing information forms an agreement about he procedure of handling of information and to not to disclose such information to third parties or use it in such a way that it will be disclosed to third parties. Many times party or their employees leak such valuable information for monitory gains and causes breach of contract of confidentiality. Special techniques such as Social Engineering are commonly used to obtain confidential information.

You might also like