MAHESHWARI & CO. Advocates and Legal Consultants Sunday, February 20, 2011 at Kochi Joint Seminar organised by the UIA, UIA India Chapter and the Inter-Pacific Bar Association (IPBA) A Paper on Cyberspace Usages: Challenges and Dispute Resolution By : Vipul Maheshwari Managing Partner, MAHESHWARI & CO. 1 MAHESHWARI & CO. Advocates and Legal Consultants Introduction Cyberspace- Issues at the forefront Challenges in Cyberspace Disputes resolution in Cyberspace Conclusion/Suggestion 2 MAHESHWARI & CO. Advocates and Legal Consultants Cyberspace • Coined in 1980s by Science friction writer William Gibson. • Cyberspace like physical space comprises of four sub concepts i.e. place, distance, size and route. • In general Cyberspace represents the new medium of communication, electronic communication, which is fast outmoding, or even replacing more traditional methods of communication. This includes computers, networks, the internet, software, data storage devices (such as hard disks USB disks etc), websites, emails and even electronic devices such as cell phones, ATM machines etc. • Unique features- borderless space, dynamic, anonymity, speed, cost effective, marked with rapid technological advances. 3 MAHESHWARI & CO. Advocates and Legal Consultants Cyber Laws in Cyberspace • The Information Technology, Inventions and Discoveries widen the scientific horizons but pose new challenges for the legal world. Therefore, solutions for the disputes arising out of these challenges, whether statutory or otherwise, are referred as the “Cyber Laws.” • European Union, USA, United Nations Commission On International Trade Law (UNCITRAL) have already framed important laws to regulate cyberspace. In India, Information Technology Act (ITA) is also based on UNCITRAL model, all cyber laws are contained in Information Technology Act, 2000. MAHESHWARI & CO. Advocates and Legal Consultants With the advent of the internet, transmission of information and transacting of business across borders, various issues related to cyberspace have cropped up on legal front. Following are some major issues:- i. Jurisdiction ii. Cyber Crime iii. Intellectual Property iv. Cyber Forensic v. E-commerce vi. Electronic Evidence vii. Privacy viii.Contract MAHESHWARI & CO. Advocates and Legal Consultants Inherent Challenges • US and the West drafted their own legislations by either adapting their existing laws in the context of cyberspace or creating new laws in respect thereof. • Determining jurisdiction and formation of e-contracts are two key issues on which traditional legal principles have been largely applied by Courts worldwide. For e.g. Longarm Statutes enacted in US and Minimum Contacts test. • General consensus that in the e-world, electronic signatures and electronic documents are equally legally valid as the hand-written signatures or hard copy paper documents. • India enacted its first law on IT through the IT Act, 2000 based on the principles elucidated in the UNCITRAL Model law of e-commerce. It extends to whole of India and also applies to any offence or contravention there under committed outside India by any person. MAHESHWARI & CO. Advocates and Legal Consultants Legal Challenges Conflicting Jurisdictional Problems • Jurisdiction is the authority of a court to hear a case and resolve a dispute. The issue of Jurisdiction is highly conflicting and debatable in cyber law as to the maintainability of any suit which has been filed. Jurisdiction in International Legal Disputes • In the cyberspace, there is no geographical boundaries. It establishes immediate long-distance communications with anyone who can have access to any website. • No judicial body exists to deal with legal commercial problems arising between citizens of different countries. • There is no uniform, international jurisdictional law of universal application, and such questions are generally a matter of conflict of law, particularly private international law. MAHESHWARI & CO. Advocates and Legal Consultants • Where the contents of a web site are legal in one country and illegal in another : In the absence of a uniform jurisdictional code, legal practitioners are generally left with a conflict of law issue. Position in Europe- The Brussels convention is the controlling document for jurisdictional issue within the European Union (“E.U.”). Also the fundamentals of jurisdiction within EU countries are based on statute or regulation, instead of constitutional due process applied in case laws, as in the U.S. Leading International Cases- • Zippo Manufacturer v Zippo Dot com 952 F. Supp. 1119 (D.C.W.D. Pa. 1997)-The Court observed that The developing law of jurisdiction must address itself weather a particular event in cyberspace is controlled by the laws of the state or country where the website is located, by the laws of the state or country where the internet service provider is located, by the laws of the state or country where the user is located or perhaps by all of these laws. • Calder v. Jones 465 U.S. 783 (1984)- United States Supreme Court held that a court within a state could assert personal jurisdiction over the author and editor of a national magazine which published an allegedly libelous article about a resident of that state, and where the magazine had wide circulation in that state. MAHESHWARI & CO. Advocates and Legal Consultants Position in India- In India, all cyber laws are governed by the IT Act. However, IT Act does not deal with some major legal issues including the issue of jurisdiction. • It is well-established law in India that where more than one court has jurisdiction in a certain matter, an agreement between the parties to confer jurisdiction only on one to the exclusion of the other(s) is valid. • In case there is no agreement, the respective court considers the balance of convenience and interests of justice while deciding for the forum. MAHESHWARI & CO. Advocates and Legal Consultants Cyber Crime • Cyber crime is a crime committed over the Internet. • It could be against the government, property and against any person in various forms. • The law enforcement agencies are facing difficulties in dealing with cyber crime. • In India, Information Technology Act, 2000 is the legislation that deals with issue related to cyber crime. MAHESHWARI & CO. Advocates and Legal Consultants Types of Cyber Crime Cyber Crime Brief Description Relevant Section Punishments in IT Act Cyber Stalking Stealthily following a person, 43, 65, 66 3 years, or with tracking his internet chats. fine up to 2 lakh Cyber Pornography Publishing Obscene in Electronic 67, 67 (2) 10 years and with including child pornography Form involving children fine may extends te to 10 lakh Intellectual Property Crimes Source Code Tampering, piracy, 65 3 years, or with copyright infringement etc. fine up to 2 lakh Cyber Terrorism Protection against cyber terrorism 69 Imprisonment for a term, may extend to 7 years Cyber Hacking Destruction, deletion, alteration, etc 66 3 years, or with in a computer resources fine up to 2 lakh Phishing Bank Financial Frauds in Electronic 43, 65, 66 3 years, or with Banking fine up to 2 lakh Privacy Unauthorised access to computer 43, 66, 67, 69, 72 MAHESHWARI & CO. Advocates and Legal Consultants Increasing Cyber threats in India • Today Cyber crime is a bigger threat to India in comparison to physical crime. In a survey conducted by National crime records Bureau, Ministry of Home Affairs shows that cyber crime is increasing everyday in various forms. • Cyber Crimes increased by 22.7% in 2007 as compared to previous year. • Cyber Forgery 64.0% (217 out of total 339) and Cyber Fraud 21.5% (73 out of 339) were the main cases under IPC category for Cyber Crimes. • 63.05% of the offenders under IT Act were in the age group 18-30 years (97 out of 154) and 55.2% of the offenders under IPC Sections were in the age group 30-45 years (237 out of 429). • According to analysts at the Indian Institute of Science, Tax evasion, cheating on the Internet, identity theft, child pornography and other cyber crimes cause a loss of $50 billion annually. MAHESHWARI & CO. Advocates and Legal Consultants • Presently, Network vulnerabilities have been increasing at a rate of over 40% year-on-year. • According to CERT, Ministry of Information Technology survey Cyber Crime accelerated about 50 times since 2004. • As per U.K. study, reported cases of spam, hacking and fraud in India multiplied 50-fold since 2004 to 2007. • Symantec Global Internet Security Threat Report, 2010 says that India moved up from 11th to 5th position on chart quantifying malicious cyber activity in 2009 MAHESHWARI & CO. Advocates and Legal Consultants Cases Registered Person Arrested 120 140 125 99 120 100 88 100 80 74 76 86 69 81 80 59 60 63 60 48 40 41 40 20 10 10 11 20 13 9 10 8 4 5 1 0 2 3 0 0 0 1 0 0 0 Obscence Obscence Breach of Breach of publication publication Tempering Hacking Failure Confidenti Tempering Hacking Failure Confidenti /transmissi /transmissi ality ality on on 2005 10 74 88 1 5 2005 10 41 125 0 13 2006 10 59 69 0 0 2006 8 63 81 0 0 2007 11 76 99 4 9 2007 2 48 86 1 3 MAHESHWARI & CO. Advocates and Legal Consultants Contractual difficulties • Recently, India has emerged as a major player in the computer software and resources sector. Data shows that India will have the largest number of internet-users in Asia in near future. • IT Act deals with some contractual aspects in E-commerce . However, several practical problems arise when we form a contract. • In general contract, we see that the acceptor can revoke acceptance of the offer before it comes to the knowledge of the offeror, but what would be the case where an acceptance is sent via an electronic record, it may not be possible for the acceptor to revoke it before it comes to the knowledge of the offeror. However, there may be one possibility where revocation may still take place i.e. when the acceptance is sent by an electronic record and the same is sent to a computer resource which is not the designated computer resource of the offeror, but it is not clear what would prevail when both the acceptance-revocation are retrieved by the offeror at the same time. • Indian courts following the traditions of common law have developed the doctrine of “last-shot rule”. This cardinal rule states that an acceptance should be unqualified and absolute and any acceptance even with little variation is no acceptance at all. MAHESHWARI & CO. Advocates and Legal Consultants Protection of Intellectual Property • Intellectual Property is a property that arises from the human intellect. It is a product of human creation. • In broad field of IPR, there are various acts which govern intellectual property assets. In cyberspace, the problem began when unrelated party started using intellectual property of others or of famous brand with the intention to use it otherwise. Section 65 of ITA provides for protection of IPR from misuse. • In the present scenario, trademark disputes pose a serious challenge, as that is one area where the major developments have taken place. One of the first issues to arise in relation to IPR due to cyberspace was with respect to domain names. MAHESHWARI & CO. Advocates and Legal Consultants Electronic Evidence • Each time a crime is committed whether in physical form or in cyber space, the success of prosecution largely depends on the quality of evidence presented at the trial, but this pose a serious challenge before the investigation agencies to collect and preserve the evidence. • The Indian Evidence Act, 1872 (section 3) and Information Technology Act, 2000 (section 4) grants legal recognition to electronic records and evidence submitted in form of electronic records. • Leading case law- State vs. Mohd. Afzal and others (2003 (71) drj 178)-The Delhi High Court concluded that the person who is challenges the accuracy of computer evidence on the ground of misuse of system, then the challenger has to establish the challenge. Mere theoretical and generic doubts cannot be cast on the evidence. • International cooperation is required in providing electronic evidence in order to meet out the problem of international terrorism. MAHESHWARI & CO. Advocates and Legal Consultants Technological Challenges • Globalization and ICT (Information and Communication Technology) revolution in India has changed the form of information drastically. It made information more accessible portable and handy. The Right of Privacy vis-à-vis Data Protection • The right of privacy is part of Article 21 of the Indian constitution, but it is not absolute. Disclosure of private information is justified under certain circumstances. • In Kharak Singh V. State of U.P. (AIR 1963 SC 1295)- Apex court read the right to privacy to be within the ambit of Article 21 and construed it as a fundamental right. • The exclusion of privacy protection to only those who are aware of their rights, or the formal recognition of privacy in a legal system is not a challenge faced only by India. Globally, protection of privacy has been a challenge in many countries, and even now it has an uncertain status in many parts of the world. MAHESHWARI & CO. Advocates and Legal Consultants The right of privacy may be infringed by: • Utilizing private data already collected for a purpose other than for which it was collected. • Sending of unsolicited e-mails of spamming. • Unauthorized reading of e-mails of others. The relevant sections of the Information Technology Act (ITA) relating to privacy:- • Section 43 provides protection against unauthorised access to the computer system including unauthorised downloading, extraction and copying of data. • Section 66 provides protection against hacking. • Section 67 gives protection against unauthorised access to data. • Section 69 protects against cyber terrorism. • Section 72 protects an individual’s privacy and confidentiality. MAHESHWARI & CO. Advocates and Legal Consultants Data protection laws • Though the ITA does enforce a level of data protection, it is far from flawless. The ITA in many ways falls short of International standards and data protections enacted in other countries in the world. It lacks the following:- • The definition and classification of data types. • The nature and protection of the categories of data. • Data controllers and data processors have distinct roles. • Clear restrictions on the manner of data collection. • Clear guidelines on the purposes for which the data can be put and to whom it can be sent. • Standards and technical measures governing the collection, storage, access to, protection, retention and destruction of data. • It does not provide strong safeguard and penalties against the aforesaid breaches. MAHESHWARI & CO. Advocates and Legal Consultants Political and social challenges • Nowadays, we find that Media plays an important role in democracy to make people aware about information related to government policy and the grievances which people have. But at the same time it also encroaches on privacy. • Recently, India has adopted new technologies by way of social networking sites like orkut, facebook, twitter etc., where people of same interest groups come together as a community. In such communities lots of people share information of the latest happenings, express their views, criticize on certain issues etc. All these activities can elevate sensitive issues, which may lead to communicable imbalance in the society. • Blogs are increasingly popular in today’s world. Through blogs, people can express their thoughts and views on public and government sectors, so there is possibility that sensitive information may be forged and its original intension may be lost. MAHESHWARI & CO. Advocates and Legal Consultants Practical Challenges Regulating Cyber Cafes: • In India, Cyber cafes have emerged as base for cyber crime including cyber terrorism. Various offences relating to cyber crime suggest that local cyber cafes have been used for sending threatening mails to any individual or to any high officials. • Earlier, cyber cafes were required to create detailed records about their customer’s browsing habits, but the same is not being abided by the Cafes. Dispute settlement: • The IT Act provides various modes of dispute settlements. However, citizens are not aware of various kinds of commonly committed cyber offences, procedure for filing a case, resolving a dispute. There is also a lacuna of trained judges and skilled investigators. Contractual Aspect: • This unprecedented growth of internet calls for a legal framework for e-commerce in India. IT act deals with some contractual aspect in E-commerce. However, several practical problems still exist when we form a contract. MAHESHWARI & CO. Advocates and Legal Consultants Indian Laws i. Information Technology Act, 2000 ii. Information Technology (Amendment) Act, 2008 iii. Cyber crime investigation cell iv. Communications convergence Bill, 2001 v. Cyber security forum-Joint collaboration between India and U.S. i. E-Governance and E-Policy ii. Punishments International initiatives i. Arbitration and Mediation- Conventions ii. World Intellectual Property Organisation (WIPO) iii. Council of Europe Convention on cyber crime iv. Cyber Tribunals 23 MAHESHWARI & CO. Advocates and Legal Consultants Some Important Provisions with regard to Dispute Resolution Conferred legal validity and recognition to Electronic Documents & Digital Signatures. Legal recognition to e-contracts. Set up Regulatory regime to supervise Certifying Authorities. Laid down Civil and Criminal liabilities for contravention of provisions of IT Act, 2000. Created the office of Adjudicating Authority to adjudge contraventions. Chapter X of IT Act creates a Cyber Appellate Tribunal to oversee adjudication of cyber crimes. However, in a case where there exists an arbitration agreement, the court is under obligation to refer the parties to arbitration in terms of the arbitration agreement. MAHESHWARI & CO. Advocates and Legal Consultants Salient features of the Information Technology Act, 2000 • Extends to the whole of India (Section 1). • Authentication of electronic records (Section 3) • Legal Framework for affixing Digital signature by use of asymmetric crypto system and hash function (Section 3) • Legal recognition of electronic records (Section 4) • Legal recognition of digital signatures (Section 5) • Retention of electronic record (Section 7) • Publication of Official Gazette in electronic form (Section 8) • Security procedure for electronic records and digital signature (Sections 14, 15, 16) • Licensing and Regulation of Certifying authorities for issuing digital signature certificates (Sections 17-42) • Functions of Controller (Section 18) 25 MAHESHWARI & CO. Advocates and Legal Consultants • Data Protection (Sections 43 & 66). • Various types of computer crimes defined and stringent penalties provided under the Act (Section 43 and Sections 66, 67, 72) • Establishment of Cyber Appellate Tribunal under the Act (Sections 48-56) • • Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court (Section 57) • Appeal from order of Cyber Appellate Tribunal to High Court (Section 62) • Interception of information from computer to computer (Section 69) • Act to apply for offences or contraventions committed outside India (Section 75) • • Investigation of computer crimes to be investigated by officer at the DSP (Deputy Superintendent of Police) level. • Power of police officers and other officers to enter into any public place and search and arrest without warrant (Section 80) • Offences by the Companies (Section 85) • Constitution of Cyber Regulations Advisory Committee who will advice the Central Government and Controller (Section 88) 26 MAHESHWARI & CO. Advocates and Legal Consultants New provisions added through Amendments- IT (Amendment) Act, 2008 • New Section to address technology neutrality from its present “technology specific” form (i.e. Digital Signature to Electronic Signature)- Section 3A • New Section to address promotion of e-Governance & other IT application a) Delivery of Service b) Outsourcing – Public Private Partnership- Section 6A • New Section to address electronic contract-Section 10A • New Section to address data protection and privacy -Section 43 • Body corporate to implement best security practices-Sections 43A &72A • Multimember Appellate Tribunal-Sections 49-52 • Offensive messages and Spam-Section 66A • Pornography-Section 67A • Preservation and Retention of Data/Information-Section 67C • Blocking of Information for public access-Section 69A 27 MAHESHWARI & CO. Advocates and Legal Consultants • Monitoring of Traffic Data and Information for Cyber Security-Section 69B • New section for designating agency for protection of Critical Information Infrastructure-Section 70A • New Section for power to CERT-In to call and analyse information relating to breach in cyber space and cyber security-Section 70 B • Revision of existing Section 79 for prescribing liabilities of service providers in certain cases and to Empower Central Government to prescribe guidelines to be observed by the service providers for providing services. It also regulate cyber cafes.-Section 79 • New Section for Examiner of Digital Evidence-Section 79A • New Section for power to prescribe modes of Encryption-Section 84A • Punishment for most of offences were reduced from three years to two years 28 MAHESHWARI & CO. Advocates and Legal Consultants • Mumbai Cyber lab is a joint initiative of Mumbai police and NASSCOM. There should be a definite forum to redress the grievances under the Cyber Space. • More Public awareness campaigns • Training of police officers to effectively combat cyber crimes • More Cyber crime police cells set up across the country • Effective E-surveillance • Websites aid in creating awareness and encouraging reporting of cyber crime cases. • Specialised Training of forensic investigators and experts • Active coordination between police and other law enforcement agencies is required. • Cyber security forum-Joint collaboration between India and U.S. • Regulation of Cyber cafes • Proposed communication Bill, 2001 could be a milestone in resolving disputes more effectively and practically in cyberspace. 29 MAHESHWARI & CO. Advocates and Legal Consultants Cyberspace does not recognise geopolitical boundaries. Parties from anywhere in the world can transact business with someone located anywhere else. A dispute may arise at any time, specially when different nations apply different laws to similar disputes. Therefore, International agreements in form of convention and cooperation is required for various dispute resolutions in International arena. Arbitration and mediation could be a first resort for dispute resolution, reason being it has an international treaty i.e. New York Convention on the Recognition and Enforcement of Foreign Awards which provides for ready enforcement of an award in the territory of virtually all trading nations of the globe. World Intellectual Property Organisation (WIPO), Council of Europe convention on cyber crime, the virtual magistrate and the Cyber Tribunals are steps towards meeting these needs. For instance recently, India has established a Cyber Security Forum to collaborate with United States on responding to cyber security threat. MAHESHWARI & CO. Advocates and Legal Consultants a. We need to promote and facilitate the fair use of cyber space among general masses and also there is an immediate requirement of skilled investigators and trained judges for fair and effective dispute resolution. b. India needs to address various questions, issues relating to cyberspace and the most appropriate way to start is the creation of a comprehensive legislation which should address broad area of cyberspace taking into consideration sectoral, institutional and individual requirements. The proposed Communication Convergence Bill, 2001 could be a milestone in answering all these questions. c. The amendments in several laws by the IT Act are a good beginning but several changes are still needed for the act to ensure both functional equivalence and technological neutrality. d. International agreements by way of convention and cooperation is required for various dispute resolutions in International arena. 31 Thank You!