cyber law lecturer henry o. quarshie. definition of cyber crime cyber crime is growing rapidly and...

CYBER LAW

LECTURERHENRY O. QUARSHIE

Definition of Cyber Crime

• Cyber crime is growing rapidly and so the definition for cyber crime is still evolving.

• Cyber crime is generally used to describe criminal activity in which computer or/and network is a tool, a target, or a place of criminal activity. Not only criminal activity but this term also includes traditional crimes in which computers or networks are instruments to commit them.

• Since cyber space has no geographical boundaries, conflicts occur when the rights of Netizens are viewed in the eyes of citizens of physical space.

• Conventional crime and cyber crime include conduct whether an act or omission which causes breach of law. The terms ‘computer crime’ and ‘cyber crime’ are used interchangeably.

• Marc M Goodman says that a computer crime can be classified into three main categories

• (i) as crimes where the computer is the target, • (ii) crimes where computer is the tool of the

crime. • (iii) crimes where the computer is incidental.

• Suresh T Viswanathan defines computer crimeas (i) any illegal action in which a computer is a

tool or object of the crime; in other words, any crime, the means or purpose of which is to influence the purpose of the computer .

• (ii) any incident associated with computer technology in which a perpetrator by intention made or could have made a gain.

(iii) Computer abuse is considered as any illegal, unethical or unauthorized behaviour relating to the automatic processing and transmission of data.

Difference Between cyber crime and conventional crime

• The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state.

However, there are certain differences between the two. It would be relevant to points out these similarities and differences between the two.

• Cyber criminals refuse to be bounded by the conventional jurisdictional areas of nations, originating an attack from almost any computer in the world, passing it across multiple national boundaries, or designing attacks that appear to be originating from foreign sources. Such techniques dramatically increase both the technical and legal complexities of investigating and prosecuting cyber crimes.

• Unlike conventional crimes against persons or property such as rape, burglary and murder, cyber crimes are very skill intensive. Stock of hacking skills is thus a prerequisite to

cyber/online crimes. Whereas minimal skill is needed for opportunistic attacks, targeted attacks require more sophisticated skills.

Why cyber crime

• Cyber crime is promoted by the various factors like new technologies, complexity and loss of evidence. The computers are easy to access by means of these new complex technologies. The unauthorized access to a computer system is made possible by installing technologies like key loggers that can steal the access codes, voice recorders etc. that can bypass firewalls and get into the system.

• The reasons for the vulnerability of computersmay be said to be:(i) Capacity to store data in comparatively small

space The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium much easily.

• (ii) Easy to access• (iii) ComplexThe computers work on operating systems and

these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.

• (iv) NegligenceNegligence is very closely connected with

human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.

• (v) Loss of evidenceLoss of evidence is a very common and obvious

problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.

Cyber criminals and their objectives

• Cyber criminals can be categorized based on the objective that they have in their mind.

• Children and teenagers in the group of 8 to 18 fall in one category. This group is, by nature, anxious to know and explore things. Like the two sides of a coin, Internet also has good and bad effects.

• The parents and the educational institutions should create awareness in students about the good and bad effects of Internet. By proper guidance this group can be eliminated from the list of cyber criminals.

• The other group of cyber criminals is the hackers. Some of the hackers hack to fulfill their political objectives. Some hack the site of their competent to get the valuable and reliable information to get over them. There is another type of hackers who hack the system to pay back their enemies. They hack the information to create problems for their enemies.

CLASSIFICATION OF CRIMES

• Crime is a social phenomenon. Crime is an act that is prohibited by law. Cyber crime is the most latest and complicated problem in the cyber space. A generalized definition of cyber crime is “unlawful acts wherein the computer is either a tool or target or both.”

• Cyber crimes can be classified on various basis such as on the basis of

(a)subject of crime,(b) against whom crime is committed and (c) on the basis of temporal nature of criminal

activities being carried out on computers and Internet.

The subject of cyber crime may be broadly classified under the following three groups:

• (i) Against individuals• It may be against individual persons or their property. Following

are the crimes, which can be committed against Individual persons:

• Harassment via e-mails• Cyber-stalking• Dissemination of obscene material• Defamation• Unauthorized control/access over computer system• Indecent exposure;• Email spoofing• Cheating and Fraud.

• Following are the crimes which can be committed against individual property:

• Computer vandalism• Transmitting virus• Netrespass• Unauthorized control/access over computer

system• Intellectual Property crimes• Internet time thefts.

(ii) Against organization• It may be against the Government, a firm, a

company or a group of individuals. Following are the crimes against an organization:

• Unauthorized control/access over computer system.• Possession of unauthorized information• Cyber terrorism against the government

organization• Distribution of pirated software.

• (iii) Against the society at large• Following are the crimes:• Pornography (largely child pornography)• Polluting the youth through indecent exposure• Trafficking• Financial crimes• Sale of illegal articles• Online gambling• Forgery.

Definition of cyber Law

• The word “cyber law” encompasses all the cases, statutes and constitutional provisions that affect persons and institutions who control the entry to cyberspace, provide access to cyberspace, create the hardware and software which enable people to access cyberspace or use their own devices to

go ‘online’ and enter cyberspace.• If one examines the aforesaid definition, basic concept

of cyber laws evolves around the phrase: ‘access to cyberspace’. How one can access cyberspace?

• The requirement from the point of user is:(a) a computer system with a modem facility, a

telephone line and an Internet hours usage pack from a network service provider; or

(b) a computer system with a modem facility and a broadband connection from a network service provider.

• Without such basic hardware and software tools, one cannot access cyberspace.

Cyberspace and the Physical world

• Cyberspace is a digital medium and not a physical world. It is limitless, constantly changing its shape, attributes and characteristics. It is an interactive world and cannot be referred to as a Xerox version of the geographical space. Such a version exists only in the films like Matrix! If physical world is static, well defined and incremental, then cyberspace is dynamic, undefined and exponential.

The contours of physical world are fixed, but that of cyberspace is as vast as human imagination and thus cannot be given a fixed shape. As millions of neurons exist in human brain creating a spectre of life, similarly cyberspace represents network of millions of computers creating a spectre of digital life! Thus, cyberspace can be treated as a natural extension of physical world into an infinite world.

• Though cyberspace is an extension of a physical world, a world that is governed by a body of laws, rules and regulations. The first and the foremost question is – should it be regulated or not?

• The answer is – yes, as cyberspace does not exist in isolation and is intricately connected to the physical world, which is being a regulated and hence such a space by this logic should also be regulated.

• This raises another question – how to regulate this medium, which is dynamic, infinite and intangible?

• Regulating cyberspace means regulating both man and the machine. It is interesting to note that in cyberspace not only man but also the machine could be both victims as well as perpetrators of cyber crimes. For example, a computer could be seen both as a victim as well

• as a victimizer. That is, a computer can be hacked into and at the same time, the same computer can act as a resource of hacking.

Jurisdictional Issues

• Computer and cyber crimes inevitably often have a transnational aspect to them, which can give rise to complex jurisdictional issues involving persons, things and acts being present or carried out in a number of different countries. This can be as true for individual acts of criminality as it is for the multinational criminal organisation.

• Even where the perpetrator and the victim are located in the same jurisdiction, relevant evidence may reside on a server located in another jurisdiction.

• Hence, in most of the internet based activities, traditional legal concepts and principles are sometimes challenged by the nature of the

environment. As a consequence, legislators, law enforcement agencies and the judiciary have had to address issues of cyber crime

jurisdiction at a number of levels.

• Since Internet is everywhere, the commission of a crime can take place anywhere on the Internet, due to which the internet user finds him subjected to the jurisdiction of many countries for a single act. Occasionally this may lead to a

situation where a person is subject of an extradition request from many countries. Ordinarily the jurisdiction of a court is related to the place where the offence is committed.

• This is based on the English common law position that all crimes are local and should be tried only by the local courts within whose jurisdiction the act was committed.

Issues relating to Evidence

• In the case of electronic documents produced as "Primary Evidence", the document itself must be produced to the Court. However, such electronic document obviously has to be carried on a media and can be read only with the assistance of an appropriate Computer with appropriate operating software and application software.

• In many cases even in non-electronic documents, a document may be in a language other than the language of the Court in which case it needs to be translated and submitted for the understanding of the Court by an Expert.

• Normally the person making submission of the document also submits the translation from one of the "Experts". If the counter party does not accept the "Expert's opinion", the court may have to listen to another "Expert" and his interpretation and come to its own conclusion of what is the correct interpretation of a document.

• In the case of the Electronic documents, under the same analogy, "Presentation" of document is the responsibility of the prosecution or the person making use of the document in support of his contention before the Court. Based on his "Reading" of the documents, he submits his case.

The international problem

• Laws, criminal justice systems and international cooperation have not kept pace with technological change. Only a few countries have adequate laws to address the problem, and of these, not one has resolved all of the legal, enforcement and prevention problems.

• When the issue is elevated to the international scene, the problems and inadequacies are magnified. Computer crime is a new form of transnational crime and effectively addressing it requires concerted international cooperation. This can only happen, however, if there is a common framework for understanding what the problem is and what solutions there may be.

• Some of the problems surrounding international cooperation in the area of computer crime and criminal law can be summarized as follows:

• The lack of global consensus on what types of conduct should constitute a computer-related crime;

• The lack of global consensus on the legal definition of criminal conduct;

• The lack of expertise on the part of police, prosecutors and the courts in this field;

• The inadequacy of legal powers for investigation and access to computer systems, including the inapplicability of seizure powers to intangibles such as computerized data;

• The lack of harmonization between the different national procedural laws concerning the investigation of computer-related crimes;

• The transnational character of many computer crimes; • The lack of extradition and mutual assistance treaties

and of synchronized law enforcement mechanisms that would permit international cooperation, or the inability of existing treaties to take into account the dynamics and special requirements of computer-crime investigation.

Regional action

• Examination of these questions has already occurred to some degree at the international and regional levels. In particular, the Organisation for Economic Co-operation and Development (OECD) and the Council of Europe have produced guidelines for policy makers and legislators.

• From 1985 to 1989, the Select Committee of Experts on Computer-Related Crime of the Council of Europe discussed the legal problems of computer crime. The Select Committee and the European Committee on Crime Problems prepared Recommendation No. R(89)9, which was adopted by the Council on 13 September 1989.

• The minimum list of offences for which uniform criminal policy on legislation concerning computer-related crime had been achieved enumerates the following offences:

1: Computer fraud. The input, alteration, erasure or suppression of computer data or computer programs, or other interference with the course of data processing that influences the result of data processing, thereby causing economic or possessory loss of property of another person with the intent of procuring an unlawful economic gain for himself or for another person;

• 2: Computer forgery. The input, alteration erasure or suppression of computer data or computer programs, or other interference with the course of data processing in a manner or under such conditions, as prescribed by national law, that it would constitute the offence of forgery if it had been committed with respect to a traditional object of such an offence;

• 3:Damage to computer data or computer programs. The erasure, damaging, deterioration or suppression of computer data or computer programs without right;

4: Computer sabotage. The input, alteration erasure or suppression of computer data or computer programs, or other interference with computer systems, with the intent to hinder the functioning of a computer or a telecommunications system;

5: Unauthorized access. The access without right to a computer system or network by infringing security measures;

• 6:Unauthorized interception. The interception, made without right and by technical means, of communications to, from and within a computer system or network;

• 7: Unauthorized reproduction of a protected computer program. The reproduction, distribution or communication to the public without right of a computer program which is protected by law;

• 8: Unauthorized reproduction of a topography. The reproduction without right of a topography protected by law, of a semiconductor product, or the commercial exploitation or the importation for that purpose, done without right, of a topography or of a semiconductor product manufactured by using the topography."

Scope of Cyber Laws

• E-commerce defined simply, is the commercial transaction of services in an electronic format. It is also referred to as “any transaction conducted over the Internet or through Internet access, comprising the sale, lease, license, offer or delivery of property, goods, services or information, whether or not for consideration, and includes the provision of Internet access”

• Any dispute involving any e-commerce activity, whether at buyer or seller’s end, would mean dispute happening in the cyberspace.

TYPES OF E-COMMERCE

• E-Commerce may be classified into various types depending on the number and nature of parties at both ends of the transaction. Any commercial transaction requires involvement of at least two participants. Depending on the types of the participants, E-Commerce may be classified into the following types:

• A. Business- to-Business E-CommerceThis is E-Commerce between two or more business

establishment. This is commonly known as B2B E-Commerce.

Generally this type of Ecommerce will not involve retailing and sale of end products. While B2C E-Commerce has received much publicity over the last few years due to the rapid development and deep penetration of the Internet across the globe B2B E-Commerce clearly represents a much larger portion of total electronic transactions in terms of revenue.

• An example of B2B electronic commerce is a business firm that uses a network for ordering from its suppliers, receiving invoices and making payments electronically.

• B. Business to Consumer E-CommerceThis is the type of E-Commerce, which is

consumer centered and involves the sale of end user products and services. Commonly this type of Ecommerce is known as B2C E-Commerce. Generally this type involves retailing of end products and services.

• C. Business-to-Government E-CommerceThe E-Commerce between business and

government, which is usually, abbreviated as B2G.

• D. Consumer-to-Consumer E-Commerce or People-to-People E-Commerce

This type of transactions involve are between consumers or people (C2C or P2P).

IMPORTANT ISSUES IN GLOBAL E-COMMERCE

• In the modern times E-Commerce has increasingly emerged as an important means of business and trade. But at the same time it has posed various challenges to national policy makers and legislators as regards its governance.

• Furthermore, its born global nature has created various jurisdictional issues, raising controversies over who should have authority to decide in case of a dispute as well as how they should be handled. Because of these reasons E-Commerce and its governance are involved in various policy dilemmas and issues.

• The following issues need special attention.

• 1)Issues relating to Access:Access issues include access to infrastructure,

access to content, universal access.• 2)Issues relating to Trust: The various trust related issues are privacy,

security, consumer protection and content regulation.

• 3)Issues relating to Ground Rules: Issues relating to ground rules are issues of

taxation, intellectual property rights, commercial laws including contract law, international trade and standards are categorized as ground rules-related issues.

Electronic Contracts

• Online Contracts• The Contract Act, lays down that for a

contract to happen there has to be proposal, assent to the proposal, which transforms into a promise. A promise supported by consideration becomes an agreement and an agreement enforceable by law is contract. Online contracts represent the

• formation of series of contractual obligations in an online environment. From a legal perspective, an online contract follows the same pre-requisite as being followed in offline (physical) contract.

• Electronic contracts, by their very nature, are dynamic and often multi layered transactions.

• The legality of electronic communication process culminating into electronic contracts is also based on common law of contract.

• In online contracting process, technology is an added dimension and hence, it is important that the contracting parties should be prudent and aware of their obligations and liabilities before they click on on-screen “I Agree” text or icon.

Essentials of electronic contracts

• As in every other contract, an electronic contract requires the following necessary ingredients,

• 1; An offer needs to be made. In many transactions the offer is not made directly. The consumer browses’ the website of a merchant and chooses what he will like to purchase. The offer is made by the consumer on placing the products in the virtual ‘basket’ or ‘shopping cart’ for payment.

• The offer is not made by a website displaying items for sale at a particular price. This is actually an invitation to offer and hence is revocable at any time up to the time of acceptance.

• 2: The offer needs to be accepted: The acceptance is usually undertaken after the offer has been made by the consumer in relation with the invitation to offer.

3: There has to be lawful consideration. Any contract to be enforceable by law must have lawful consideration. i.e. when both parties give and receive something in return.

4: There has to be an intention to create legal relations. If there is no intention on the part of the parties to create legal relationships, then no contract is possible between them.

• 5: The parties must be competent to contract: All parties to the contract must be legally

competent to enter into the contract.6: There must be free and genuine: Consent is

said to be free when there is no misrepresentation, undue influence or fraud.

7: The Object to the contract must be lawful: A valid contract presupposes a lawful object.

• Thus a contract for selling narcotic drugs or pornography online is void.

8: There must be certainty and possibility of performance. A contract to be enforceable, must be not be vague or uncertain and must be possibility of performance. A contract, which is impossible to perform, cannot be enforced, e.g. where a website promises to sell land on the moon.

• Copyright• Copyright is about protecting original expression.

Copyright protects “original works of authorship” that are fixed in any tangible medium of expression from which they can be perceived, reproduced, or otherwise communicated either directly or with the aid of a machine or device.

Copyright arises as soon as a ‘work’ is created (or fixed). It does not extend to any idea, procedure, process, system, method of operation, concept, principle or discovery, unless fixed in a tangible form.

• In the digital medium, every web page accessible or published in the World Wide Web is to be taken as a literary ‘copyrightable’ work. It protects all written text materials, graphic images/ designs, drawings, any linked sound, video files or films, whether part of a web page or a website. That is, copyright protects the “look and feel” of a website.

• A copyright owner has five exclusive statutory rights such as:(a) to fix (store) the information in a tangible form.

(b) to reproduce the copyrighted work.(c) to sell, rent, lease, or otherwise distribute copies of

the copyright work to the public.(d) to perform and display publicly the copyright work. (e) to prepare derivative works based on the copyright

work.

• It is significant to note that the activities like caching, mirroring, downloading, scanning, peer-to-peer file sharing etc. prima facie, infringe exclusive statutory rights of a copyright owner.

• Trademark• Internet and the worldwide web represent the

online medium. It is natural that a business entity claiming ownership of certain trademarks would like to extend its monopoly to this new medium as well. But the monopoly rights of trademark owners to own, license, sell, exhibit, market or promote are being threatened by web based technology tools, like search engines, meta tags, and hyperlinks.

• Similarly, in the last 15 years, domain names have become a kind of ‘ecommerce marks’ in the online medium. These are digital business addresses – a point of business contact or transaction.

• Functionally speaking, Domain names provide a system of easy-to-remember Internet addresses, which can be translated by the Domain Name System (DNS) into the numeric addresses (Internet Protocol (IP) numbers) used by the network. Cybersquatters, Typosquatters and other trademark infringers have made the web a legal minefield.

• Business Software Patenting• Patent protects a process, while copyright protects

expression. Patents confer stronger rights than copyrights. One computer programme consists of thousands of instructions. Every programme is unique, as it is a combination of logically arranged algorithms and techniques. Programmes are covered under copyright law, whereas, algorithms and techniques qualify for patenting.

• E-taxation• The advent of e-commerce has opened up a

Pandora’s box – how to tax e-commerce? Is it possible to tax such transactions in view of nature of Internet? Should e-commerce be taxed on lines of physical commercial activities? There are more questions than answers.

• The broad consensus that has emerged is: (i) that online transactions should not be

immune from taxation solely because the sale is conducted through a medium distinct from that of a traditional physical businesses, and

(ii) that it is not prudent to tax these online transactions purely on the basis of traditional taxation approach applicable to offline businesses.

• As e-commerce represent online transactions involving consumer(s) and business (es) – is occurring instantaneously, which makes it difficult to determine who the buyer and seller are and where they are respectively located? Another question is how to tax such online transactions? From a point of electronic taxation following issues may emerge

• Who is the customer?• Where does the customer live?• Did the transaction constitute sale of tangible

property, the performance of a service, or the transfer of intangible property?

• Which jurisdiction has the authority to tax the sale?

• What online activities constitute sales for sales tax purposes?

• E-governance• The World Bank defines e-governance as the use of

information and communication technologies by government agencies to transform relations with citizens, business and other arms of the government. It involves

• information technology enabled initiatives that are used for improving

(i) the interaction between government and citizens or government and businesses -e-services

(ii) the internal government operations - e-administration (iii)external interactions – e-society.

• E-governance is a kind of ‘window of opportunity’ facilitating a much faster, convenient, transparent and dynamic interaction between the government and its people. It has also been referred to as ‘i-governance’- integrated governance1 as it integrates people, processes, information and technology in the service of achieving governance objectives.

• What constitutes a business connection/substantial nexus within a taxing jurisdiction?

Can Central and/or State Government(s) technologically capable to monitor all online transactions?

• · What kind of record retention requirements is necessary for tax purposes?