Workshop on “Cyber Crime”

Document Sample
Workshop on “Cyber Crime” Powered By Docstoc
					                        MAHESHWARI & CO.
                       Advocates and Legal Consultants

                     Sunday, February 20, 2011 at Kochi
                    Joint Seminar organised by the UIA,
        UIA India Chapter and the Inter-Pacific Bar Association (IPBA)

          A Paper on Cyberspace Usages:
         Challenges and Dispute Resolution

By :
Vipul Maheshwari
Managing Partner,
                                          MAHESHWARI & CO.
                                          Advocates and Legal Consultants

   Introduction
   Cyberspace- Issues at the forefront
   Challenges in Cyberspace
   Disputes resolution in Cyberspace
   Conclusion/Suggestion

                                                                   MAHESHWARI & CO.
                                                                   Advocates and Legal Consultants

   Cyberspace
•   Coined in 1980s by Science friction writer William Gibson.
•   Cyberspace like physical space comprises of four sub
    concepts i.e. place, distance, size and route.
•   In general Cyberspace represents the new medium of
    communication, electronic communication, which is fast
    outmoding, or even replacing more traditional methods of
    communication. This includes computers, networks, the
    internet, software, data storage devices (such as hard disks
    USB disks etc), websites, emails and even electronic devices
    such as cell phones, ATM machines etc.
•   Unique features- borderless space, dynamic, anonymity,
    speed, cost effective, marked with rapid technological

                                                                  MAHESHWARI & CO.
                                                                   Advocates and Legal Consultants

   Cyber Laws in Cyberspace
•   The Information Technology, Inventions and Discoveries widen the
    scientific horizons but pose new challenges for the legal world. Therefore,
    solutions for the disputes arising out of these challenges, whether statutory
    or otherwise, are referred as the “Cyber Laws.”
•   European Union, USA, United Nations Commission On International Trade
    Law (UNCITRAL) have already framed important laws to regulate
    cyberspace. In India, Information Technology Act (ITA) is also based on
    UNCITRAL model, all cyber laws are contained in Information Technology
    Act, 2000.
                                                          MAHESHWARI & CO.
                                                           Advocates and Legal Consultants

    With the advent of the internet, transmission of information
     and transacting of business across borders, various issues related
     to cyberspace have cropped up on legal front.

    Following are some major issues:-
i.   Jurisdiction
ii. Cyber Crime
iii. Intellectual Property
iv. Cyber Forensic
v. E-commerce
vi. Electronic Evidence
vii. Privacy
                                                                          MAHESHWARI & CO.
                                                                          Advocates and Legal Consultants

   Inherent Challenges

•   US and the West drafted their own legislations by either
    adapting their existing laws in the context of cyberspace
    or creating new laws in respect thereof.
•   Determining jurisdiction and formation of e-contracts are two key issues on which
    traditional legal principles have been largely applied by Courts worldwide. For e.g.
    Longarm Statutes enacted in US and Minimum Contacts test.
•   General consensus that in the e-world, electronic signatures and electronic documents
    are equally legally valid as the hand-written signatures or hard copy paper documents.
•   India enacted its first law on IT through the IT Act, 2000 based on the principles
    elucidated in the UNCITRAL Model law of e-commerce. It extends to whole of
    India and also applies to any offence or contravention there under committed outside
    India by any person.
                                                                              MAHESHWARI & CO.
                                                                              Advocates and Legal Consultants

   Legal Challenges

 Conflicting Jurisdictional Problems
• Jurisdiction is the authority of a court to hear a case and resolve a
  dispute. The issue of Jurisdiction is highly conflicting and debatable in
  cyber law as to the maintainability of any suit which has been filed.

   Jurisdiction in International Legal Disputes
•   In the cyberspace, there is no geographical boundaries. It establishes
    immediate long-distance communications with anyone who can have access to any
•   No judicial body exists to deal with legal commercial problems arising between
    citizens of different countries.
•   There is no uniform, international jurisdictional law of universal application, and such
    questions are generally a matter of conflict of law, particularly private international
                                                                                    MAHESHWARI & CO.
                                                                                    Advocates and Legal Consultants

•   Where the contents of a web site are legal in one country and illegal in another
    : In the absence of a uniform jurisdictional code, legal practitioners are generally left
    with a conflict of law issue.

   Position in Europe- The Brussels convention is the controlling document for
    jurisdictional issue within the European Union (“E.U.”). Also the fundamentals of
    jurisdiction within EU countries are based on statute or regulation, instead of
    constitutional due process applied in case laws, as in the U.S.

   Leading International Cases-
•   Zippo Manufacturer v Zippo Dot com 952 F. Supp. 1119 (D.C.W.D. Pa. 1997)-The Court observed
    that The developing law of jurisdiction must address itself weather a particular event in
    cyberspace is controlled by the laws of the state or country where the website is located, by the
    laws of the state or country where the internet service provider is located, by the laws of the
    state or country where the user is located or perhaps by all of these laws.

•   Calder v. Jones 465 U.S. 783 (1984)- United States Supreme Court held that a court within
    a state could assert personal jurisdiction over the author and editor of a national magazine which
    published an allegedly libelous article about a resident of that state, and where the magazine had
    wide circulation in that state.
                                                                           MAHESHWARI & CO.
                                                                            Advocates and Legal Consultants

   Position in India- In India, all cyber laws are governed by the IT Act. However, IT
    Act does not deal with some major legal issues including the issue of jurisdiction.

•   It is well-established law in India that where more than one court has jurisdiction in a
    certain matter, an agreement between the parties to confer jurisdiction only on one to
    the exclusion of the other(s) is valid.

•   In case there is no agreement, the respective court considers the balance of
    convenience and interests of justice while deciding for the forum.
                                                                MAHESHWARI & CO.
                                                                Advocates and Legal Consultants

   Cyber Crime

•   Cyber crime is a crime committed over the Internet.

•   It could be against the government, property and
    against any person in various forms.

•   The law enforcement agencies are facing difficulties in
    dealing with cyber crime.

•   In India, Information Technology Act, 2000 is the
    legislation that deals with issue related to cyber crime.
                                                                                         MAHESHWARI & CO.
                                                                                         Advocates and Legal Consultants

  Types of Cyber Crime
Cyber Crime                    Brief Description                        Relevant Section       Punishments
                                                                        in IT Act
Cyber Stalking                 Stealthily following a person,           43, 65, 66             3 years, or with
                               tracking his internet chats.                                    fine up to 2 lakh

Cyber Pornography              Publishing Obscene in Electronic         67, 67 (2)             10 years and with
including child pornography    Form involving children                                         fine may extends
  te                                                                                           to 10 lakh
Intellectual Property Crimes   Source Code Tampering, piracy,           65                     3 years, or with
                               copyright infringement etc.                                     fine up to 2 lakh

Cyber Terrorism                Protection against cyber terrorism       69                     Imprisonment
                                                                                               for a term, may
                                                                                               extend to 7 years
Cyber Hacking                  Destruction, deletion, alteration, etc   66                     3 years, or with
                               in a computer resources                                         fine up to 2 lakh

Phishing                       Bank Financial Frauds in Electronic      43, 65, 66             3 years, or with
                               Banking                                                         fine up to 2 lakh

Privacy                        Unauthorised access to computer          43, 66, 67, 69, 72
                                                                                  MAHESHWARI & CO.
                                                                                  Advocates and Legal Consultants

   Increasing Cyber threats in India

•   Today Cyber crime is a bigger threat to India in comparison
    to physical crime. In a survey conducted by National crime
    records Bureau, Ministry of Home Affairs shows that cyber
    crime is increasing everyday in various forms.

•   Cyber Crimes increased by 22.7% in 2007 as compared to previous year.

•   Cyber Forgery 64.0% (217 out of total 339) and Cyber Fraud 21.5% (73 out of 339) were the
    main cases under IPC category for Cyber Crimes.

•   63.05% of the offenders under IT Act were in the age group 18-30 years (97 out of 154) and
    55.2% of the offenders under IPC Sections were in the age group 30-45 years (237 out of 429).

•   According to analysts at the Indian Institute of Science, Tax evasion, cheating on the Internet,
    identity theft, child pornography and other cyber crimes cause a loss of $50 billion annually.
                                                                                    MAHESHWARI & CO.
                                                                                    Advocates and Legal Consultants

•   Presently, Network vulnerabilities have been increasing at a rate of over 40% year-on-year.

•   According to CERT, Ministry of Information Technology survey Cyber Crime accelerated about
    50 times since 2004.

•   As per U.K. study, reported cases of spam, hacking and fraud in India multiplied 50-fold since
    2004 to 2007.

•   Symantec Global Internet Security Threat Report, 2010 says that India moved up from 11th to 5th
    position on chart quantifying malicious cyber activity in 2009
                                                                                                                       MAHESHWARI & CO.
                                                                                                                       Advocates and Legal Consultants

                    Cases Registered                                                             Person Arrested
120                                                                      140
                                             99                          120
 80                74        76                                                                                        86
                                        69                                                                        81
 60                                                                                              63
 40                                                                                         41

        10 10 11                                                          20                                                              13
                                                                     9           10 8
                                                        4    5
                                                  1 0                                   2                                                           3
                                                                 0                                                           0 0 1             0
  0                                                                        0
                                  Obscence                                                                 Obscence
                                                            Breach of                                                                   Breach of
                                  publication                                                              publication
       Tempering   Hacking                        Failure   Confidenti          Tempering   Hacking                          Failure    Confidenti
                                  /transmissi                                                              /transmissi
                                                               ality                                                                       ality
                                      on                                                                       on
2005      10            74              88          1            5       2005      10            41           125               0              13
2006      10            59              69          0            0       2006       8            63               81            0              0
2007      11            76              99          4            9       2007       2            48               86            1              3
                                                                                   MAHESHWARI & CO.
                                                                                   Advocates and Legal Consultants

   Contractual difficulties
•   Recently, India has emerged as a major player in the computer software
    and resources sector. Data shows that India will have the largest number
    of internet-users in Asia in near future.

•   IT Act deals with some contractual aspects in E-commerce . However, several practical problems
    arise when we form a contract.

•   In general contract, we see that the acceptor can revoke acceptance of the offer before it comes
    to the knowledge of the offeror, but what would be the case where an acceptance is sent via an
    electronic record, it may not be possible for the acceptor to revoke it before it comes to the
    knowledge of the offeror. However, there may be one possibility where revocation may still take
    place i.e. when the acceptance is sent by an electronic record and the same is sent to a computer
    resource which is not the designated computer resource of the offeror, but it is not clear what
    would prevail when both the acceptance-revocation are retrieved by the offeror at the same time.

•   Indian courts following the traditions of common law have developed the doctrine of “last-shot
    rule”. This cardinal rule states that an acceptance should be unqualified and absolute and any
    acceptance even with little variation is no acceptance at all.
                                                                     MAHESHWARI & CO.
                                                                     Advocates and Legal Consultants

   Protection of Intellectual Property

•   Intellectual Property is a property that arises from the
    human intellect. It is a product of human creation.

•   In broad field of IPR, there are various acts which govern
    intellectual property assets. In cyberspace, the problem began when unrelated
    party started using intellectual property of others or of famous brand with
    the intention to use it otherwise. Section 65 of ITA provides for protection
    of IPR from misuse.

•   In the present scenario, trademark disputes pose a serious challenge, as that is
    one area where the major developments have taken place. One of the first
    issues to arise in relation to IPR due to cyberspace was with respect to
    domain names.
                                                                                  MAHESHWARI & CO.
                                                                                  Advocates and Legal Consultants

   Electronic Evidence
•   Each time a crime is committed whether in physical form or in
    cyber space, the success of prosecution largely depends on the
    quality of evidence presented at the trial, but this pose a serious
    challenge before the investigation agencies to collect and
    preserve the evidence.

•   The Indian Evidence Act, 1872 (section 3) and Information Technology Act, 2000
    (section 4) grants legal recognition to electronic records and evidence submitted in
    form of electronic records.

•   Leading case law- State vs. Mohd. Afzal and others (2003 (71) drj 178)-The Delhi High
    Court concluded that the person who is challenges the accuracy of computer evidence on the
    ground of misuse of system, then the challenger has to establish the challenge. Mere theoretical
    and generic doubts cannot be cast on the evidence.

•   International cooperation is required in providing electronic evidence in order to meet
    out the problem of international terrorism.
                                                                                MAHESHWARI & CO.
                                                                                Advocates and Legal Consultants

   Technological Challenges
•   Globalization and ICT (Information and Communication
    Technology) revolution in India has changed the form of
    information drastically. It made information more accessible
    portable and handy.

   The Right of Privacy vis-à-vis Data Protection
•   The right of privacy is part of Article 21 of the Indian constitution, but it is not
    absolute. Disclosure of private information is justified under certain circumstances.

•   In Kharak Singh V. State of U.P. (AIR 1963 SC 1295)- Apex court read the right to privacy to
    be within the ambit of Article 21 and construed it as a fundamental right.

•   The exclusion of privacy protection to only those who are aware of their rights, or the
    formal recognition of privacy in a legal system is not a challenge faced only by India.
    Globally, protection of privacy has been a challenge in many countries, and even now
    it has an uncertain status in many parts of the world.
                                                                       MAHESHWARI & CO.
                                                                       Advocates and Legal Consultants

    The right of privacy may be infringed by:
•   Utilizing private data already collected for a purpose other than for which it was
•   Sending of unsolicited e-mails of spamming.
•   Unauthorized reading of e-mails of others.

   The relevant sections of the Information Technology Act (ITA) relating to
•   Section 43 provides protection against unauthorised access to the computer system
    including unauthorised downloading, extraction and copying of data.
•   Section 66 provides protection against hacking.
•   Section 67 gives protection against unauthorised access to data.
•   Section 69 protects against cyber terrorism.
•   Section 72 protects an individual’s privacy and confidentiality.
                                                                        MAHESHWARI & CO.
                                                                        Advocates and Legal Consultants

   Data protection laws

•   Though the ITA does enforce a level of data protection, it is far from flawless. The
    ITA in many ways falls short of International standards and data protections enacted
    in other countries in the world. It lacks the following:-
•   The definition and classification of data types.
•   The nature and protection of the categories of data.
•   Data controllers and data processors have distinct roles.
•   Clear restrictions on the manner of data collection.
•   Clear guidelines on the purposes for which the data can be put and to whom it can be
•   Standards and technical measures governing the collection, storage, access to,
    protection, retention and destruction of data.
•   It does not provide strong safeguard and penalties against the aforesaid breaches.
                                                                             MAHESHWARI & CO.
                                                                             Advocates and Legal Consultants

   Political and social challenges
•   Nowadays, we find that Media plays an important role in
    democracy to make people aware about information related to
    government policy and the grievances which people have. But at
    the same time it also encroaches on privacy.

•   Recently, India has adopted new technologies by way of social networking sites like
    orkut, facebook, twitter etc., where people of same interest groups come together as a
    community. In such communities lots of people share information of the latest
    happenings, express their views, criticize on certain issues etc. All these activities can
    elevate sensitive issues, which may lead to communicable imbalance in the society.

•   Blogs are increasingly popular in today’s world. Through blogs, people can express
    their thoughts and views on public and government sectors, so there is possibility that
    sensitive information may be forged and its original intension may be lost.
                                                                        MAHESHWARI & CO.
                                                                        Advocates and Legal Consultants

   Practical Challenges
   Regulating Cyber Cafes:
•   In India, Cyber cafes have emerged as base for cyber crime including
    cyber terrorism. Various offences relating to cyber crime suggest that
    local cyber cafes have been used for sending threatening mails to any
    individual or to any high officials.
•   Earlier, cyber cafes were required to create detailed records about their customer’s
    browsing habits, but the same is not being abided by the Cafes.
   Dispute settlement:
•   The IT Act provides various modes of dispute settlements. However, citizens are not
    aware of various kinds of commonly committed cyber offences, procedure for filing a
    case, resolving a dispute. There is also a lacuna of trained judges and skilled
   Contractual Aspect:
•   This unprecedented growth of internet calls for a legal framework for e-commerce in
    India. IT act deals with some contractual aspect in E-commerce. However, several
    practical problems still exist when we form a contract.
                                                           MAHESHWARI & CO.
                                                           Advocates and Legal Consultants

      Indian Laws

i.      Information Technology Act, 2000
ii.     Information Technology (Amendment) Act, 2008
iii.    Cyber crime investigation cell
iv.     Communications convergence Bill, 2001
v.      Cyber security forum-Joint collaboration between
         India and U.S.
i.      E-Governance and E-Policy
ii.     Punishments

       International initiatives
i.      Arbitration and Mediation- Conventions
ii.     World Intellectual Property Organisation (WIPO)
iii.    Council of Europe Convention on cyber crime
iv.     Cyber Tribunals

                                                                            MAHESHWARI & CO.
                                                                            Advocates and Legal Consultants

Some Important Provisions with regard to Dispute Resolution
   Conferred legal validity and recognition to Electronic Documents & Digital

   Legal recognition to e-contracts.

   Set up Regulatory regime to supervise Certifying Authorities.

   Laid down Civil and Criminal liabilities for contravention of provisions of IT Act,

   Created the office of Adjudicating Authority to adjudge contraventions.

   Chapter X of IT Act creates a Cyber Appellate Tribunal to oversee adjudication of
    cyber crimes. However, in a case where there exists an arbitration agreement, the
    court is under obligation to refer the parties to arbitration in terms of the arbitration
                                                                        MAHESHWARI & CO.
                                                                        Advocates and Legal Consultants

Salient features of the Information Technology Act, 2000

•   Extends to the whole of India (Section 1).
•   Authentication of electronic records (Section 3)
•   Legal Framework for affixing Digital signature by use of asymmetric crypto
    system and hash function (Section 3)
•   Legal recognition of electronic records (Section 4)
•   Legal recognition of digital signatures (Section 5)
•   Retention of electronic record (Section 7)
•   Publication of Official Gazette in electronic form (Section 8)
•   Security procedure for electronic records and digital signature (Sections 14, 15,
•   Licensing and Regulation of Certifying authorities for issuing digital signature
    certificates (Sections 17-42)
•   Functions of Controller (Section 18)

                                                                             MAHESHWARI & CO.
                                                                              Advocates and Legal Consultants

•   Data Protection (Sections 43 & 66).
•   Various types of computer crimes defined and stringent penalties provided under the Act
    (Section 43 and Sections 66, 67, 72)
•   Establishment of Cyber Appellate Tribunal under the Act (Sections 48-56)
•   Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil
    Court (Section 57)
•   Appeal from order of Cyber Appellate Tribunal to High Court (Section 62)
•   Interception of information from computer to computer (Section 69)
•   Act to apply for offences or contraventions committed outside India (Section 75)
•   Investigation of computer crimes to be investigated by officer at the DSP (Deputy
    Superintendent of Police) level.
•   Power of police officers and other officers to enter into any public place and search and
    arrest without warrant (Section 80)
•   Offences by the Companies (Section 85)
•   Constitution of Cyber Regulations Advisory Committee who will advice the Central
    Government and Controller (Section 88)
                                                                              MAHESHWARI & CO.
                                                                              Advocates and Legal Consultants

New provisions added through Amendments- IT (Amendment) Act, 2008
•   New Section to address technology neutrality from its present “technology specific” form (i.e.
    Digital Signature to Electronic Signature)- Section 3A
•   New Section to address promotion of e-Governance & other IT application
    a) Delivery of Service
    b) Outsourcing – Public Private Partnership- Section 6A

•   New Section to address electronic contract-Section 10A
•   New Section to address data protection and privacy -Section 43
•   Body corporate to implement best security practices-Sections 43A &72A
•   Multimember Appellate Tribunal-Sections 49-52
•   Offensive messages and Spam-Section 66A
•   Pornography-Section 67A
•   Preservation and Retention of Data/Information-Section 67C
•   Blocking of Information for public access-Section 69A
                                                                           MAHESHWARI & CO.
                                                                            Advocates and Legal Consultants

•   Monitoring of Traffic Data and Information for Cyber Security-Section 69B
•   New section for designating agency for protection of Critical Information
    Infrastructure-Section 70A
•   New Section for power to CERT-In to call and analyse information relating to breach
    in cyber space and cyber security-Section 70 B
•   Revision of existing Section 79 for prescribing liabilities of service providers in certain
    cases and to Empower Central Government to prescribe guidelines to be observed by
    the service providers for providing services. It also regulate cyber cafes.-Section 79
•   New Section for Examiner of Digital Evidence-Section 79A
•   New Section for power to prescribe modes of Encryption-Section 84A
•   Punishment for most of offences were reduced from three years to two years

                                                                                MAHESHWARI & CO.
                                                                                 Advocates and Legal Consultants

•   Mumbai Cyber lab is a joint initiative of Mumbai police and NASSCOM. There should be a
    definite forum to redress the grievances under the Cyber Space.
•   More Public awareness campaigns
•   Training of police officers to effectively combat cyber crimes
•   More Cyber crime police cells set up across the country
•   Effective E-surveillance
•   Websites aid in creating awareness and encouraging reporting of cyber crime cases.
•   Specialised Training of forensic investigators and experts
•   Active coordination between police and other law enforcement agencies is required.
•   Cyber security forum-Joint collaboration between India and U.S.
•   Regulation of Cyber cafes
•   Proposed communication Bill, 2001 could be a milestone in resolving disputes more effectively
    and practically in cyberspace.
                                                                            MAHESHWARI & CO.
                                                                             Advocates and Legal Consultants

   Cyberspace does not recognise geopolitical boundaries. Parties from anywhere in the
    world can transact business with someone located anywhere else. A dispute may arise
    at any time, specially when different nations apply different laws to similar disputes.
    Therefore, International agreements in form of convention and cooperation is
    required for various dispute resolutions in International arena.

   Arbitration and mediation could be a first resort for dispute resolution, reason being it
    has an international treaty i.e. New York Convention on the Recognition and
    Enforcement of Foreign Awards which provides for ready enforcement of an award
    in the territory of virtually all trading nations of the globe.

   World Intellectual Property Organisation (WIPO), Council of Europe convention on
    cyber crime, the virtual magistrate and the Cyber Tribunals are steps towards meeting
    these needs. For instance recently, India has established a Cyber Security Forum to
    collaborate with United States on responding to cyber security threat.
                                                                             MAHESHWARI & CO.
                                                                             Advocates and Legal Consultants

a. We need to promote and facilitate the fair use of cyber space
   among general masses and also there is an immediate requirement
   of skilled investigators and trained judges for fair and effective
   dispute resolution.

b. India needs to address various questions, issues relating to
   cyberspace and the most appropriate way to start is the creation of a comprehensive
   legislation which should address broad area of cyberspace taking into consideration
   sectoral, institutional and individual requirements. The proposed Communication
   Convergence Bill, 2001 could be a milestone in answering all these questions.

c. The amendments in several laws by the IT Act are a good beginning but several changes are
   still needed for the act to ensure both functional equivalence and technological neutrality.

d. International agreements by way of convention and cooperation is required for various
   dispute resolutions in International arena.