Topics
Cyber Crimes-An Indian overview
15th November 2006
Author: Navin Kumar | Views: 9

With the advent of the new technologies and the advancement in the mode of communications, the Internet has become a new form of life. The Internet is has become the fastest mode of communication and has spread its sphere, covering all possible shades of mankind. It has become not only a part of life but life in itself. It's an old saying that all the goods things bring some darkness within itself. The same is true with the computers, the Internet and with the technologies also. The advent of the computer has been a boon to students, lawyers, businessmen, teachers, doctors, researchers and also to the criminals.

The word 'crime' as strike to us to mean unauthorized access, damage to property, theft, fraud, mischief and the publication of obscene and indecent material etc. The expression ?crime? is defined as an act, which subjects the doer to legal punishment or any offence against morality, social order or any unjust or shameful act. The Code of Criminal Procedure of India defines the word ?offence? to mean as an act or omission made punishable by any law for the time being in force. With the emergence of Internet, the traditional crimes have assumed new dimensions. The Information Technology Act has added a new word, cyber crimes, which covers various kinds of computer and Internet related crimes, which can be classified into the following heads:
a) Hacking without any intention to commit any further offence or crime.
b) Unauthorized access with intention to commit further offence. These can include theft, fraud, mis-appropriation, forgery, nuisance tempering with source code, publishing of information which is obscene in electronic form etc.

c) Destruction of digital information through use of viruses.
?Hacking? is a crime, which entails cracking systems and gaining unauthorized access to the data stored in them. Hacking generally is the pastime of computer experts, who do it only for the kicks and excitement of it and may not intend to cause further harm or may not intend to perpetrate further offences. Recently there have been certain incidents where the hacker has hacked into sites and added/posted malicious and indecent material on the site. The incidents most likely happen with the intention of mischief and causing damage by way of defamation etc rather than anything else. The menace of hacking has donned such immense proportions that some of the biggest companies in the world are finding it increasingly impossible to cope with them.

The real tangible threat of ?hacking? comes in when an unauthorized access to a system is done with the intention of committing further crimes like fraud, misrepresentation, downloading data in order to commit infringement of copyright, accessing sensitive and top secret data from defence sites etc. Some of the most common types of fraud as committed on the net include bogus online investment newsletters, which give a biased and untrue advice on stocks and securities thereby fictionally giving a pull to the share value of bogus companies etc.

Firstly, let us view the offence of hacking in terms of Indian Penal Code. The provision, which comes close to describing hacking, is ?criminal trespass?. But to prove criminal trespass under section 441 of the IPC, the ingredients of ?unauthorized entry into or upon property against the will of the person in possession? and/or ?lawfully obtained entry but wrongfully remaining thereon? must be satisfied.

In applying the section to hacking on the Internet, the prime question that needs to be answered is as to whether website is a ?property?. For this it is imperative to consider the computer or the virtual area of the net as a ?property?. In order to do this we must consider the common jargon used to describe the world of Internet including site, home page, visiting a site and traveling on the super highway are just a few examples.

Thus, as trespass actions are grounded in the idea of protecting the owners control over real property, there is no inherent reason as to why the owners control over a websites could not be considered as species of property subject to trespass. It is for this reason that hacking is made a crime punishable under Section 66 (2) of the Information Technology Act, 2000 providing for an imprisonment up to 3 years or with fine up to Rs. 2 lacs or with both.

The next question of importance, which arises for consideration, is when a hacker has no intention to commit any further crimes after having trespassed unauthorisedly into the property of other. The question is whether such hacking can be said to constitute intimidation or annoyance. To my mind, the answer to the question is in the affirmative as any person unauthorisedly entering into your property causes annoyance and may result into intimidation.

The offence of hacking, if committed with an intention of committing further offences, a parallel for such offences can be drawn from the offences of theft, fraud, mis-appropriation, forgery, nuisance etc. If a person gains unauthorized access to the ?Property? (website) of another, breaching confidentiality of electronic documents, the same is punishable under Section 72 of the I. T. Act punishable with an imprisonment up to 2 years or fine up to 1 lac or with both.

Section 25 of the Indian Penal Code defines 'Fraudulently' as an action or deed done with an intention of deceit. The two main ingredients to be satisfied are 'Deceit' or an 'Intention to deceit' and either actual injury or possible injury or an intent to expose some person to actual or possible injury.

Internet fraud is a form of white-collar crime whose growth is as rapid and diverse as the growth of the Internet itself. In fact, the diversity of areas in which the Internet is being used to do fraud people and organization is astonishing. While there are innumerable scams and frauds going on, on the Internet, many of them relate to investments. They may be classified broadly yet not comprehensively into the following categories:

- Online Investment Newsletters: Hundreds of online investment newsletters have appeared on the Internet in recent years. Many offer investors seemingly unbiased information free of charge about featured companies or recommending, ?stock picks of the month?. While legitimate online newsletters can help investors gather valuable information, some online newsletters are tools for fraud.

- Bulletin Boards: Online bulletin boards ? whether newsgroups, usenet, or web-based-have become an increasingly popular forum for investors to share information. Bulletin boards typically feature ?threads? made up of numerous messages on various investment opportunities.

- E-mail Online Spams: Because ?spam?-junk e-mail-is so cheap and easy to create, fraudsters increasingly use it to find investors for bogus investment schemes or to spread false information about a company. Spam allows the unscrupulous to target many potential investors. Using a bulk email programme, spammers can send personalized messages to thousands and even millions of Internet users at a time.

These offences can be related, most conveniently, to the offences of fraud and cheating.

Thirdly, let us view the menace of Viruses in the light of the provisions of the IPC. The offence of deliberately and malafidely destroying or altering the data bases of alien computers may best be described as 'Mischief' as defined in sections 425 to 440 of the Indian Penal Code. The essential ingredients for the offence of Mischief being

A wrongful loss or damage to the public or any person
B intention to cause such damage or knowledge that such damage or loss might be caused.
C destruction of property or such alteration to such property as may render it useless or diminishes its value and/or utility.
amply cover and describes the commission of the offence of destruction of digital data.

Viruses are self-replicating programs, which on entering a system attach themselves to the digital data of the host computer, thereby destroying and/or altering it and/or rendering it beyond comprehension and making it useless. Computer viruses transfer from computer to computer by disguising itself as a harmless E-mail or any other such thing thereby infecting and destroying the data of the recipient computer as well. The menace of computer viruses has reached the stage of being an incurable disease. On an average a million computer viruses are generated every year. Multinational companies and some of the top government organizations together, all over the world, spend billions of dollars every year on the research and development of anti virus programs. Further millions of dollars are spent every ear, recovering and reconstituting the data lost to viruses.

It has been mentioned that website could be considered to be the ?property?. Further, it cannot be denied that viruses, however harmless, cause damage to some extent. Thus the requirement of damage to property is met in the form of alteration or destruction of digital information through viruses.

As far as intention to cause damage is concerned, the only defence that the offender who has authored the viruses or other such programme can claim is that his intention was not to cause damage to the specific computers or computer systems affected. However, the offence of mischief by definition does not require specific intent and therefore the offender cannot escape law for the damage caused. It could, for this reason, be asserted that an author of a computer virus may be held liable for the offence of mischief under Section 425 of the Indian Penal Code.

The law dealing with Cyber crimes has now been codified in the I. T. Act, 2000 and Chapter XI deals with computer crimes and provide for punishments for these offences. Another area of cyber crime is with regard to defamation and the Internet. There are various issues related to Internet defamation. These include question of jurisdiction and also questions relating to lack of legal awareness amongst people using the Internet.

An essential ingredient for Defamation as defined under section 499 of the Indian Penal Code is 'Publication'. The question is what constitutes ?publication? on the net, looms large. Can e-mails be considered ?publication? when personal correspondence is not. If not, then who can stop an unscrupulous man from sending defamatory e-mails to all and sundry via the media of bulk e-mail. And if yes, then where does the liability lie if there is defamatory material posted on a bulletin board. Is the Internet Service Provider (ISP) liable under section 501 of the Indian Penal Code, which makes the publisher/printer of defamatory material, the prime offender. If we were to juxtapose the penal law to the present case, the ISP would be held liable but under the Information Technology Act, 2000, the Internet Service Provider has been exonerated from liability under Section 79 as long as he can prove that the offence/contravention has occurred without his knowledge and that he had exercised due diligence to prevent the commission of such offence/contravention.

The key business of the Internet is computer software. The issue of computer software piracy is itself not a new one. However, the issue, which arises out of having computer software on the Internet, is the manner in which piracy is done, the rights and liabilities of various parties involved in the process and the steps taken to curb it. In India, computer software falls under copyright laws and therefore, the software can be protected under the Copyright Act. The problem is that the philosophy behind the Internet is freedom of information and freedom to information. In other words, there is no restriction to the information available on the Internet in any form. On the other hand, the philosophy behind intellectual property protection is to give monopolistic protection to the authors. These two philosophies are in direct conflict with each other. Considering the extent to which the computer programme and communications software are growing in market size and economic value, the nature of protection to be provided is extremely important.

Cyber squatting as an offence relates to the registration of a domain name by an entity who does not have an inherent right or a similar or identical trade mark registration in it's favor, with the sole view and intention to sell them to the legitimate user in order to earn illegal profits.

In the Bisleri case, the Delhi High Court on a complaint by the proprietors of the TM Bisleri and the domain name Bislerimineralwater.com restrained IT COMPANY from using the domain name Bisleri.com.

In another recent judgment passed by the Delhi High court in Yahoo! Inc. vs Akash Arora 1999 PTC 201, the court has restrained the defendant from using the Domain name yahooindia.com on the ground that it violated the rights of the plaintiff who was the owner of the domain name yahoo.com which was registered prior in time in 69 countries though not in India.

What makes this case a little more interesting and novel is that the defendant after registering the offending domain name had pasted a disclaimer on the forthcoming site saying that their site was independent and in no way related to yahoo.com. of the plaintiff's. It was observed by Hon'ble Justice M.K. Sharma that Due to the nature of Internet use, defendant's appropriation of the plaintiff's mark as a domain name and home page address couldn't adequately be remedied by a disclaimer. It was also observed that considering the vastness of the internet and its relatively recent availability to the general public, many internet users are not sophisticated enough to distinguish between the subtle difference in the domain names of the parties.

It is also noteworthy that while deciding this matter the court considered the ratio of Montari Industries case and the Whirlpool case, which have laid down the concept of trans, border reputation.

In Rediff Communications vs Cyberbooth, the defendants were restrained from using the domain name radiff .com as it was deceptively similar to the Plaintiff's registered domain name rediff.com.
In Investsmart India Limited vs ICICI & Anr , the defendant had got registered in it's name a domain name investmartindia.com. The plaintiff claimed that the defendant was violating its rights, as they were the registered proprietors of the domain name investsmartindia.com. The application of the plaintiffs for the grant of interim injunction was dismissed in this case because it was found that the plaintiff's had concealed from the court, the fact that the defendants had registered their domain name prior in time to the plaintiffs.
The internet and internet related crimes are increasing at an alarming rate. The laws that we are presently trying to fit into the modern scenario, answer some questions but leave twice the number unanswered. The loopholes left by the existing penal provisions make Internet a virtual haven for cyber criminals to carry on their illegal activities unchecked.
In all the crimes examined in this chapter, there is one fundamental aspect that poses serious difficulties. This is the question of jurisdiction. The nature of Internet is such that geographical and political boundaries have been rendered irrelevant. A person with access to a computer and the Internet might be participating, attempting or planning a criminal act anywhere in the world.
The Internet is, in a remote sense, analogous to the ?High Seas?. No one owns it, yet people of all nationalities use it. This makes the control of cyber crime an international issue.
One suggested has been to try and bring cyber crimes under International Crimes, similar to offences such piracy under the Law of the Sea, which may be tried in any country. This is a rather ambitious plan and is unlikely to receive sufficient support from the international community.
However, the formulation of an International Model Law on Cyber crime (based on which various countries could legislate and ensure harmony between various territorial laws) could be one of the more practical approaches. Early steps are underway among the G8 countries to begin an initiative for a set of global standards for cyber crime. The success of this initiative could go a long way in tightening the screws on cyber criminals from all over.

Navin Kumar
NAASHREE ASSOCIATES
Advocates
Main office: 70, Asha Pushpa Vihar, Kaushambi, Sector-14, GZB. - 201010(N.C.R. Delhi)
Litigation cell: 6, Babar Lane, Ist Floor, Bengali Market, New Delhi-110001.
Email- lex@naashree.com Web site - www.naashree.com

This article is free for republishing
Source: http://www.goinglegal.com/article_99782_100.html
Occupation: Partner at Naashree Associates, Advocates
Mr. Navin Kumar is a partner at a leading Indian law firm Naashree Associates, Advocates. He may be contacted at lex@naashree.com.
http://www.naashree.com
Related Articles