The apt answer of this question lies in all pervasive threat perception which is looming large in the cyber space. The threat or menace to the cyber space is no more a virtual one but a practical one which makes its mark palpable in every aspect of cyber space blurring the geographical boundaries of this planet. Such menace has now crystallized into various kinds of a specific crime which is in broader sense called CYBERCRIME.
The Cyber Crime is now no more limited to few sporadic incidents of unauthorized access to a particular computer or a particular cyber space with a view to damaging its data or sabotaging the system which few years were called the Computer Espionage. The Cyber crime has spread to such proportion that a formal categorization of its crime is no more possible. Every single day gives birth to a new kind of cyber crime making every single effort to stop it almost a futile exercise. Some of the current cyber crimes are - Cyber stalking, Tapering with Digital Signature Certificate ,Cyber harassment, Cyber fraud, Cyber defamation, Spam, Hacking, Trafficking, Distribution, Posting and Dissemination of obscene material including pornography, Indecent exposure and child pornography etc. The rise in the variety of cyber crime as a natural corollary increases the rate of cyber crime all over the globe. Going by the data of National Crimes Records Bureau the number of pending cases relating to cyber crime in India has witnesses nearly 300% growth from the year 2002 to 2007 as in the year 2002 there was merely 70 cases pending whereas the same is 217 in the year 2007. This rapid growth of crime has left no room for doubt that this country indeed requires a dedicated Statute which would deal with all the possible aspects of cyber space and crime involving it which spread its tentacles in every corner of the global arena.
The habitat of more than a billion people in this country has no doubt makes the legal issues more complex to watch and implement. The augment of internet and rapid growth of MNCs has made it inevitable that the commercial transactions are regularly taking place from a remote corner to another far away corner of this country and the Corporate Field having taken resort to electronic mode of communication primarily internet makes it imperative to give legal recognition to not only the agreements executed through internet but even communications made through the medium of internet. The Cyber Law is hence no doubt the right step in the right direction.
Before the enactment of Cyber Law i.e. Information Technology Act there was great vacuum in the law of evidence, the guidelines of proof of a case irrespective of its civil or criminal nature to cover various issues which encompasses the disputes or offence in cyber space. The enactment of Cyber Law has paved with its stride the necessary amendments in the India Evidence Act, Indian Penal Code, and The Bankers Book Evidence Act etc to give effect of the IT Act to its fullest.
The enormity with which the Cyber Crime has occupied the cyber space, the threat perception of the people has also undergone a sea change. Nowadays the people started getting more fearful about the cyber crime than even the burglary or the theft. The growing dependence on cyber space has made it inevitable that a specialized Law gives protection to the activities which the people indulge in through the media of internet. The dependence on cyber space with the each passing day would be on the rise and not be on the wane making it imperative that at least a sense of security prevails in the mind of the people while sharing cyber space.
The scope of Cyber Law in India is enormous to say the least. Before delving into the scope of Cyber Law we must understand that the octopus grip of Cyber Crime has spread to unavoidable presence of person, property and most importantly the Government in the Cyber Space. The terrorism against the Government popularly called Cyber Terrorism has the potent of causing far reaching and most deadly mark in the lives of people and the State Machinery. So most of the abuses or crimes done through the internet have been tried to be covered by the Information Technology (Amendment) Act 2008 which has been in force from 27.10.2009 bridging most of the loopholes which were found in the original Act.
(i)Section 65 to section 67 B of the IT Act have prescribed for punishment by way of imprisonment up to 3 years of fine up to 10 lakhs of Rupees depending upon the nature of offence.
(ii)Even the Intermediaries are not spared by way of section 67C of the Act. The Controller has been given enough power to give directions by virtue of section 68 of the Act. Section 69 to 70 of the Act has authorized the Central Government to monitor, intercept or even block for public access any particular information for the purpose of cyber security, to collect traffic data or to declare any computer resource a Protected System.
(iii) Section 71 to 74 has given necessary security in the domain of privacy and for acts of misrepresentation, fraudulent publication or forged electronic signature by prescribing punishment by way imprisonment or fine up to 3 years and Rs 5 lac respectively.
(iv)The Act has also made liable the Company or a Firm for the acts of Contravention or offence by its Director of the Partner.
(v) The application of other Penal laws like Indian Penal Code, Arms Act, Copyrights Act , Narcotics Drugs and Psychotropic Act etc parallelly for the offence done in the Cyber Space has made the IT Act more relevant with the advent of progressive means of communications through cyberspace. That is why cyber laws do not mean IT Act alone.
In a nutshell the amendments made in the year 2008 has almost covered the gaps or lacuna which was found to be palpable when this Act first came into force. The term ‘electronic signature’ replaced the previous ‘digital signature’ to make this Act more applicable. The Cyber Law now has been made to apply in the case of ‘communication device’ as well to bring the high end mobile phones within its ambit. Section 10 A has been added to legally recognise agreements executed through e-mails. Section 43A has made the Body Corporate which is in charge of computer resource liable for not maintaining proper security. Most importantly section 81 of the Act has given this statute an overriding effect. The T Act has been made enforceable against the abettor or the person who took attempt to commit the crime as well.
This question deals with the aspect of extra territorial jurisdiction for an offence under Cyber L.aw. The primary penal law in India i.e. Indian Penal Code which also covers many forms of crimes including criminal intimidation, defamation, forgery, cheating, extortion which are widely committed by the cyber offenders by using cyber space has also covered this issue where by section 4 the Code prescribes for punishment for any Indian citizen who has committed any offence outside India but found in India if such offence done by that person is punishable in India as well. The It Act has also facilitated such applicability further by making such similar provision. The section 75 of the It Act after its amendment in the year 2008 has made this Act applicable for commission of offence or contravention outside India as well. This section is even broader in its sense and applicability as even the citizens other than this country guilty of cyber crime has also been taken within its fold. Only small condition for its applicability is that such person must use any computer system or network located in India. So such accused person can be prosecuted in India by bringing that person through International Treaties after undergoing procedural compliance called Extradition. Though India is not a member of any of the Cyber Crime Treaties like Hague Convention but it has extradition treaties with most of the countries and it is a signatory to TRIPS (Trade Related Aspects of Intellectual Property Rights) under the aegis of WTO thereby making it amenable to global jurisdiction on copyright, patent or trademarks disputes.
The ethical activities of the netizens mostly involve the activities which are called by the Cyber society as ethical hacker. Hacking means unethical access to a computer system. Now those persons who through unauthorisedly access to a computer system but do that with the view to find out the fissure in the security system but do not make any attempt to steal or damage any data or the network are largely called ethical hacker. Like the crackers they are not the outlaw in the society and the sole purpose of their activity is to highlight the shortcomings in the security of system so that the same may be repaired to restrain any such future unauthorized access. However section 66 of the It Act in India has made it clear that before counting hacking as crime such unauthorized access must be made with the intention or knowledge so as to cause wrongful loss or damage to the public or the person and must result in alteration ,deletion or destruction of any information in the computer source. So by virtue of section 43 of the It Act if any such activities do not fulfill the criteria as mentioned herein the same would not be counted as a crime and hence would not be liable to pay any compensation.
Nowadays this hacking and cracking occupies the major portion of cyber crime worldwide. Still there is a fine line between hacking and cracking. Hackers are mostly perceived to be respected member of the technocrats who finds the loopholes in system for its betterment whereas the crackers are those who make the same thing but for the purpose of criminal activities with criminal intent.
A hacker may be a person who is expert with computers and/or programming to such extent where they know all of the in's and out's of a system. There is largely not much illegality involved with being a hacker if he indulges in ethical activities. He mostly does this to find out the security flaws so that the owner or the administrator of the system or the source comes to know about this for sealing the breach.
A cracker is also a hacker but he uses his expertise for personal gains outside of the law. EX: stealing data, changing bank accounts, distributing viruses etc.
What the hacker does with their knowledge of systems within the definition of the law is what defines them as hacker versus a cracker. We can hence safely say that all crackers are hackers, but not all hackers are crackers.
Hackers regard crackers as a less educated group of individuals that cannot truly create their own work, and simply steal other people's work to cause mischief, or for personal gain. However people often due to lack of proper understanding uses these words interchangeably.
In the face of progressive Cyber Crime often out pacing the means to check it, it has become more important to take some various preventive measures for a regular online user to protect both his identity and the content of his communication.
(a) Since transmission of electronic documents occupies the major chunk of cyber space in today’s emerging global market, if the authenticity of such documents are not maintained the very foundation of global trade would come to standstill. Hence application of electronic signature, Cryptography , Hash Function, Split Key Architecture or Digital Time Stamping goes a long way to save the transmission of electronic documents from the clutches of Cyber Crime offender.
(b) Storing the electronic document in removable storage device behind the Firewall also helps to keep the document in safe custody. The person using internet should be watchful to check the Digital Certificate given by the Certifying Authority while sharing information with any website.
(c) Use of Platform for Privacy Preferences by the member of cyber society also helps to create a sense of security in the online activities.. Moreover if the netizens worldwide apply the UN Guidelines to follow while using cyber space then no doubt the cyber space could be freed from the clutches of cyber crime to a large extent. Some of the guidelines are- purpose specification, lawfulness and fairness, interested person access, non discrimination, super vision and sanction and keeping of personal data by International Government Organisation etc.
(d) Avoidance of using the same e-mail id which is used in social networking sites or given in any public profile while dealing with the banking activities including online transfer of money also helps to protect the user’s identity from falling in the hands of eavesdropper. Little caution while sharing the password with any website, how secured it may be, only protect the user in his online activities. Adopting some precious little like installing up-to-date anti-virus software, using security programme to have control over the cookies do wonders for the benefit of the online users.
The hacking of CBI website along with other alleged 270 government websites in India has caused a lot of stir in the both private and public domain. Such rampant hacking of Government websites has no doubt exposed how ill equipped our mainstay of the Investigating Agency and loopholes in the filtering controls of National Informatics Centre, the Organisation which manages the servers across the country.
Even the sources in the IB admit that the expertise of government machinery is not sufficient. And the only way to counter such future attacks seems to make it urgent to create a team of dedicated hackers or cyber army who with the permission of security agency would keep a watch on the important websites of the Government to prevent recurrence of such ignominy to our nation. The Government is also heard to be thinking on that line. However in Kerala the Computer Emergency Response Team prevented similar attempts of threat to government websites which only proves that if the Government agencies want it can indeed take appropriate preventive measures against such attacks in future.
The Indian Cyber Army in the meantime retaliated by attacking and defacing the official website of Oil and Gas Regulatory Authority, one of the most secured government website in Pakistan.
Yes these types of organized cyber attacks against the civilians or the government’s cyber property could indeed be termed as cyber terrorism. The cyber terrorism like a commonplace terrorism has been successful to create a panic in the minds of the people who often are found to be unawares when attacks are made causing a fear psychosis in their mind about the next possible attack. It is nothing but a proxy war creating as much of damages as could be possible in the property of the enemy of the cyber attackers. The defacement of a website may not be the only casualty. Cyber terrorism may soon target the Information System which control some basic civic services, banking systems or even the Stock Market or private sectors
So the government with a view to protect its civilians or its property from the cyber terrorism should install the Protective Security Blanket over the important Information System and Installations. Adopting counter measures against such attacks should also be productive. Creation of a Cyber Army with legal recognition only for the protection of the cyber space and property is the need of the hour. Creation of Computer Emergency Response Team is the right step in the right direction by the Government. The Government should also take a pro active measure by identifying the IP address and the website, if any, of the cyber terrorists and should destroy the source and those who harbours of such crime for which no doubt a global consensus needs to be in place.
Another important measure for protection against cyber terrorism and war could be taken if the Corporate World where undoubtedly the online activities are at wide scale is made to understand its threat and the actions to be taken for its protection. Mere negligence and or apathy to take such counter or protective measures sometimes compromise the security of the people or its customers at large and the only means to stem it is to implement a comprehensive Cyber Law Compliancy like the Governments in Europe and America do. India is yet to do on this aspect and the same can be implemented only if the government enforces some kind of issuing Compliance Certificate in default of imposition of heavy penalty may be levied. The Certifying Authority should be made more vigilant while discharging its functions.
A Data Protection Laws for ensuring that no Data Confidentiality is lost resulting from the Transcription Centers which have seen phenomenal growth in India once the Foreign Firms found India as its favourite place for outsourcing.
The Government could also seriously think to raise a dedicated Cyber Inspector on the line of other countries like South Africa. A Special Task Force for the purpose of Cyber Crime only can be set up so that ill effects of wide spread computer illiteracy in the existing Police Force in India could be mitigated.
The answer is a mixture of both yes and no. It would be false to state if we call that the Indian netizens are unaware of the Cyber Laws in this country. The problem is only 10% of the total offences committed gets reported making us believe that the computer users are not versed with the Cyber Laws in India. But the fact is the computer users a or netizens are averse to lodge the complaint due to the fact that once such case is registered they have been subjected to the grueling stages of tardy prosecution. The ill equipped law enforcing agency and the not so trained judiciary only add the further woes to the crippling Cyber Laws. It is not the lack of awareness but the apathy of the netizens to bring the culprits to book which is responsible to the small amount of cases pending under Cyber Laws compared to the regular criminal or civil cases. Moreover making the case under IT Act as a quasi civil nature does not help either. So the victim or the law enforcing agency is more eager to register a case for defamation or intimidation under the provision of Indian Penal Code than that under the IT Act.
Moreover keeping certain all important Acts or provisions of law like Negotiable Instrument Act, Will, Trust, intellectual Property Rights, Power of Attorney or Conveyance of immoveable property outside the jurisdiction of IT Act does not render any help. The issues of chat room abuse, domain name or theft of internet hours are also kept outside the purview of IT Act. The lack of parameter to implement the IT Act further compounds the problem.
Still we can neither lose any hope nor ignore that the registration of cases under the Cyber Laws for the last few years only increased rather than getting decreased.
The government no doubt can play a pivotal role in spreading awareness and the best result in this respect could be yielded not by mere publicity through advertisement in both print or electronic media but by means of e- governance and imparting IT training to its staff. The launching of e-courts in most of the states even including the lower judiciary literates a large chunk of people who mostly go to the court very often. However the main hurdle in spreading the literacy which plagues the whole system is the ill trained lawyers, law enforcing agents and the judges. Unless the infrastructure which enforce, execute and adjudicate the issues involving cyber laws gets improved with well trained members the people at large would refuse to get literate with the Cyber Laws. The legislation of Communication Convergence Bill is another measure by which the Cyber Laws could be spread to more people by way of its wide stretch of application.
Devajyoti Barman, Advocate
High Court at Calcutta