A Study of Emerging Issues of Cyber Law

By Shivesh Shrivastava (PH, CCL) ~ Law College Dehradun, Faculty of Uttaranchal University.

Abstract

In today’s world, everything is lunging towards the cyber world, via digitization and networking to fast-track their way to the abundance of benefits of the online world. Fields such as marketing, commerce, communication have not only been revolutionized but have completely evolved new, previously non-existent branches such as online marketing, e-commerce, and online communications. But as is the rule of evolution, following the evolution of prey, the predator evolves soon after. And thus, the cyber world birthed an entirely new category of criminal methodology commonly referred to as cyber crime. To handle the atrocity of cyber crime the development of law and order at the same pace is crucial. Although the prevalent laws namely, IT ACT 2000, National Cyber Security Policy, etc cover some aspects of cyber crime; it is far from being said that cyber laws in India are up to the required standards. For instance, issues such as cyber vandalism, cyber violence, and cyber rape are completely unaddressed. Even the term “Cyber Crimes” has not been recognized under any statutory text. Therefore, this paper will mainly focus on the challenges faced due to cyber crime, the immediate need for development in the laws covering the issue of cyber crime and issues prevalent on the cyber enforcement side of the equation.

Introduction

In this time of the growth of technological ecosystems around the world the outcome has resulted in a two-edged sword with a vast positive and a genuine negative side. Out of the money, one outcome of rapid development and digitization is the birth of cyberspace. Cyberspace has virtually affected every field of lifestyle and economy significantly but alongside it a new methodology of Criminal activity has been formulated known as cyber crime.  The internet was initially developed for military communication and Intel, but since then it has grown into a vast network that comprises of everything imaginable.  to keep up with the legal aspect of this scenario,  Cyber Law came into existence. Cyber crimes such as hacking and unauthorized access, Trojan attack, virus and worm attack, denial of access attack etc. have increased exponentially. The term cyber crime has neither an origin nor reference in any statutory text.  in the tenth United Nation Congress on prevention of crime and treatment of offenders, a workshop was held devoted to to the issue of crimes related to cyberspace,  there in  cyber crime was segmented into two categories which are:

 a. the narrow definition under which cyber crime was defined as any illegal behaviour done by means of electronic operations that target the security of computer systems and data protected inside them.

 b. a broader definition wherein cyber crime was defined as any illegal behaviour committed by means of an operation on a network that includes crime such as illegally possessing or disturbing information via the means of a computer system or network.

According to the Norton report the frequency with which cyber-attacks were held on Indian assets with public and private infrastructure or properties were equally frequent and common.

Following a hack, that targeted the government’s official email in the month of July 2013 Government published and national Cyber security policy. However, this policy can’t be said to have addressed all the nuisances of cyber crime As the policy only goes as far as providing the guidelines for standard operating procedure and does not maximize potential to attain optimum benefit. For instance, the security concerns that are caused by Telecom Industries integration with cyberspace has totally been ignored in the policy. This area of criminal methodology certainly begs the attention of the lawmakers as it is majorly unaddressed severely important.

2. Literature Survey

Advancement of technology leads to the rise of criminal activities and IT Act 2000 provides the ways to deal with the cyber crimes. This model contains positive aspect from the prospective of e-commerce but it doesn’t solve all the problems and issue overnight.[1]

IT Act considered to the ambiguous law as the area of jurisdiction in the context of the internet is unclear. Computer forensics is gaining significance in the field of investigation of cyber crime evidence as in the real world the evidence are tangible but in the virtual world of cyberspace it is difficult to expunge the information from the computer system and for handling this computer forensics efficient and knowledgeable computer expert because any carelessness leads to the loss of evidence.[2]

Though IT (amendment) Act 2008 tackles more even after its amendment IPC doesn’t use the term ‘cyber crime’ at any point. After the year 2008 it can be seen that there is increase in the cyber crime as criminals discover loopholes within that law and they perform the illegal activities. Cyber crime can be against the person, property and government.[3]

There are few court precedents to look for guidance and old laws didn’t quit fit the crime being committed. There is need to push cyber laws. Our system should provide for stern punishment so that criminal acts as a deterrent for other.[4]

 Applicability of cyber law increased by IT Act (amendment) 2008. The definition part of evidence act was amended.[5]

Territorial jurisdiction is major issue which is not satisfactorily addressed in IT Act 2000. It is generally seen that the investigator generally avoid to take the complaints on the ground of jurisdiction.[6]

The growth of the India has not been achieved as all the faces which include E- courts, online dispute resolution functionality, good cyber law, cyber forensic etc. IT Act needs the revision. And there should be provision of scientific and technical professional training to lawyer in India.[7]

Cyber crime is the one of the emerging trend of crime which has the prospective to destroy each and every aspect of the life as it is easy to commit but it’s really hard to detect and often hard to locate in jurisdiction terms, given the geographical indeterminacy of the net.[8]

There is need for the Cyber Security to protect the evolving ICT. The expert group should find and recommend suitable mix of solutions in critical ICT systems supporting the governance structure of the nation.[9]

By understanding the threat of the cyber developing capacity for offensive actions in this cyber domain is a sine quo non. Nations, non-state actors, terrorists, groups and individuals pace a challenge to growth which is increasing going to be dependent on the cyber domain so there is need to identify technology in this regard.[10]

 Any person who commits malicious act called adversary. Adversary may be outsider and insider. Outsiders are other than insider. Insider is one who authorizes access to nuclear facility or sensitive operations. They complimented by their authority such as power to gain admittance. Cybercrime is multi-billion-dollar problem and for great promise of the computer age there is need to enforce effective law to keep drawbacks for over shadowing.[11]

Cyber security is major concern of government and private sector around the world. Cyber threat can be in the form of cyber-attack, but can also be in result of “mistakes” or even natural disasters. So there should be specific approach to the particular problem in the framework of cyber security [12]

From all these it is clearly evident that there is the existence of a pool of challenges to be addressed such as cyber security and a legal framework that covers all ide ranging topics like cloud computing, social media frauds, scams, etc.

3. CYBER LAW

The development of cyber laws in 20^th century began with the step of UNCITRAL, i.e. the United Nations Modern Law of Electronics Commerce in 1996. It was recognised therein that the focus of legal provisions should be the users, enforcement agencies and discouragement of criminals as the responsibility of the crime falls in the hands of the person behind the misuse of technology and not the technology itself. This went on to establish, for the first time that it is crucial to understand that it is not the computer or the technology that commits the crime but rather it is a human act. Following this, the UN general assembly gave recommendation for consideration of UNCITRAL Model Law in formulation of Cyber Laws to each state. Complying with the recommendation of UN General Assembly the Indian government also acknowledged the need to legislate following the UNCITRAL Model Law. This led to the formulation and implementation of Information and Technology Act 2000. The implementation of IT Act 200 led to the amendment of various sections of the Indian Penal Code (e.g. 192, 204, 463, 464, 468 to 470, 471, 474, 476 etc ). Major changes such as recognition of electronic evidences, maintenance of electronic records and documents were recognised. Prior to this only physical evidence and documentation possessed legal status. In brief the act deals with the following topics:

1. Legal identification of Electronic document.
2. Legal identification of Digital Signatures
3. Offenses and Contraventions Justice
4. Dispensation Systems for cybercrimes.

The IT Act 2000 attempts to embed the legal system with the requirements of the cyber era and it also deals with the issue of cybercrime with the limited perspective of e-commerce in the country. It boldly attempts to provide an infrastructure that supports the commission of e-commerce by backing it with legal groundwork such as recognition of electronic signatures. But the Act fails to exempt ambiguity in certain areas such as, jurisdiction with regard to the internet. As per section 1 (2) provides that the act covers in its ambit all of India and any office or contravention thereunder committed outside India by any person.

Various issues under Cyber Law enforcements.

1. Issues with the legislature

Territorial jurisdiction is fails to provide a satisfactory clarity through its mention in sections 46, 48, 57 and 61 with respect to adjudication process and the procedure in connection with it. Moreover section 80 gives the power to a police officer to enter a search a public place for cyber crime since cyber crime is a virtual event such legislation creates a plethora of ambiguity. In cases of a cyber-attack from one state to another, the legislature holds silence again and thus there arises a ton of ambiguity of jurisdiction. Moreover the IPC fails to acknowledge even the basic terms such as Cyber Crime throughout its entirety.

As opposed to a physical act of crime that has physical evidences that are comparatively easier to find and make sense of, such as a murder weapon, fingerprints, etc. a virtual crime has digital evidence that is harder to locate, extract and understand. Thus a team of experts is required to access such event. This required body of experts has also not been provided for in the IT act. According to a report by National Crime Records Bureau 4231 cases of cyber crimes were registered under IT Act and IPC during 2009-11 and a total of 1184 persons were apprehended for the same. This clarifies the need of a body of cyber forensics experts.

Alongside cyber forensic experts there is also a need for updating of technical hardware and software to efficiently tackle the issue of cyber crime. Precisely because of this reason the when the world wide cyber-attack known as the “wannacry” attack hit India, the  national security was threatened.

The loose set of laws has let the telecom industries handle user security in a futile manor as there exists no rigid guidelines in this regard. This has been considered to be the primary reason for the increasing no of cyber crime attacks including mobile devices. And furthermore the policies that were passed, unlike other statutes, just provide guidelines with respect to the standard operating procedure and do not hold enforceability. Therefore it can be said that NCSP has limited potential and benefits.

Another issue if simply is that the laws just are not at the same pace at which the cyber crime is growing. For instance cloud computing attacks, Denial of Service attacks are unaddressed. This is troublesome specially with arrival of services like e-locker services via banks, online police records and confidential documents, online records of personal documents, and personal data, etc. this data can be and has been inappropriately accessed in the past.

According to the IT committee’s 52^nd report the statistics on the no. of offences under IPC and IT Act 2000 are as under:

 (one unit = 1000 cases)

The above graph shows the presents the statistics for the ratio of no of cases registered and the no of people arrested through the years 2010-12, under IPC and IT Act 2000. During the years 2010, 2011, 2012 respectively 1322, 2213 and 3477 cases were registered whereas only 1191, 1630 and 2071 were arrested in the same years. This clearly establishes the incapability of the law enforcement agencies to apprehend the criminals, thus providing a physical proof of all the issues previously discusses.

Suggested solution to the situation.

IT Act 2000 is a paper tiger and there is a crucial need to bring some changes in order to strengthen it.

1. To start with this, IT Act (amendment) Act 2008 considerably reduced the quantum of  punishments for a vast spectrum of cyber crimes, this needs to be rectified and furthermore a bulk of cyber crime needs to be made a non-bail able offence. This shall be done in order to establish a deterrence effect in the minds of the criminal mass.
2. Furthermore, the legislation needs to be updated critically to embed all the up to date terminologies and kinds of cyber crime.
3.  The ambiguity with regard to jurisdiction should be clarified in order to facilitate the enforceability towards cyber crime.
4. Appropriate and rigid guidelines and policies should be enforced towards the protection of user data in all commercial sectors as well as telecom industries.
5. Finally, a structured organisation of cyber forensics should be established throughout the country along with up to date hardware and software facilities.

According to the 52^nd report published by the standing committee on Information and Technology, the statistics on the rate at which the government websites were hacked in inclusion with other websites are:

(1 unit = 10000 websites)

In the following graph the statistics make it clear that the there is an increasing no of cyber-attacks and not only on commercial websites. In the year 2008 there were 6310 websites hacks, in 2009 there were 12161, in 2010 there were 20701, in 2011 there were 21699, in 2012 27605 and in the year 2013 only till the month of June there were 12693 attacks. But in order to concrete the point the following graph shows the no. of government websites hacked during 2008-13.

According to the above figure it can easily be deduced that the no. of cyber attacks show just as steady a rise in case of government websites as commercial websites. In the year 2008 to 2013 the no of cases were 90,201,303,308,308,371(upto june) respectively. At this rate if the issue stays unaddressed for long it has a potential to emerge as a national crisis and threaten the very national security of India.

Conclusion

For addressing the emerging issue of cyber crime the Indian legal system needs to gain a significant pace and make amendments in the legislation as well as the executionary bodies. Although India has otherwise a highly defined legal system this particular area requires more attention. The current laws even with the support of liberal interpretation can’t cover the ambit of the current cyber issues. The entire legislative infrastructure requires an update to harmonise the laws with the cyber issues of this era. Finally, it can be said that not addressing this is not an option as it has an effect from a common person’s life to National Security of India.

References

• [1] Maneesh Taneja and Dr. D.B Tiwari,”Cyber Law”, International Referred Research Journal, vol.11 (21) October, 2010, pp. 63-65.
• [2] Yougal Joshi and Ananda Singh, “A Study of Cyber Crime and Security Scenario”,International Journal of Engineering and Management Research, vol.3 (3) June, 2013, pp.13-18.
• [3]Ravikumar S. Patel and Dr.Dhaval Kathiriya, “Evolution of Cybercrimes in India” International Journal of Emerging Trends & Technology in Computer Science, vol.2 (4) July – August 2013.
• [4] Talwant Singh, “Cyber Law and IT” pp. 1-4
• [5]Rohitk.Gupta, “An Overview of Cyber laws vs. Cybercrimes: In Indian Perspective”, 2013. [6]Rohit k Gupta, “An Overview of Cyber law vs. Cybercrimes”, 2013.
• [7]Prabhat Dalei and Tannya Brahme, “Cyber Crime and Cyber law in India: An Analysis” ‘International journal of humanities and Applied science’ Vol.2 (4), 2014.
• [8] Aashish Kumar Purohit , “ Role of Metadata in Cyber Forensic and Status of Indian Cyber Law” , International Journal of computer technology application, vol.2(5) sepoct, 2011. [9]M.M.Chaturvedi, M.P.Gupta and Jaijit Bhattacharya “Cyber Security Infrastructure in India : A Study”pp.1-15
• [10]IDSA Task Report, “India’s cyber security challenged” March, 2012
• [11] Angshuman Jana and Kunal Kumar Mondal, “A survey of India Cyber Crime and Law and its prevention approach” ‘International journal of Advance Computer Technology’.
• [12] David Satola and Henry L.July , “Towards a Dynamic Approach to Enhancing International cooperation and collaboration in Cyber Security Framework”, ‘The MW. Mitchell law journal’.