CHANAK CHANAKY YA NATIO NATIONAL NAL LAW LAW UNIVERSITY
Impact of Internet Technology on Economic Crime Cyber Law
Submitted to: Mr. Kumar Gaurav
Submitted by: Anubhuti Varma Roll No- 721 5th Year, 9th Semester
ACKNOWLEDGEMENT
I take take this this opportu opportunit nity y to expres expresss my hum humble ble gratitud gratitudee and personal personal regard regardss to Mr. Kumar Gaurav, for inspiring us and guiding us during the course of this project work and also for his
cooperation and guidance from time to time during the course of this project work on the topic “Impact of internet technology on Economic crime ”.
Anubhuti Varma
2 | Page
Research Methodoo!" Aims and bjecti!es" The aim of the project is to present a detailed study of # I#$act o% I&ter&et Tech&oo!" o& Eco&o#'c Cr'#e(
$cope and Limitations" The project is basically based on the doctrinal method of research as no field work is done on this particular topic% The whole project is made with the use of the secondary sources% ðod of 'riting" The method of writing followed in the course of this research paper is primarily analytical and descripti!e% &ode of Citation" The researcher has followed uniform form of citation throughout the course of this research paper% $ources of (ata" The following secondary sources of data ha!e been used in the project) *% +ooks ,% 'ebsites -% $tatute
3 | Page
Co&te&ts
I.T/(0CTI.%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%1 IT LE2I$LATI. I. I.(IA%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%3 &ET4($ 0$E( 5/ C6+E/ C/I&E%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%*7 C6+E/ $EC0/IT6 8 LE2AL I$$0E$%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%,9 C4ALLE.2E$ 5ACE( +6 2VE/.&E.T%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%,, C.CL0$I.%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%,:
4 | Page
INTRODUCTION
Economic crimes refer to illegal acts committed by an indi!idual or a group of indi!iduals to obtain a financial or professional ad!antage% In such crimes; the offenderenal Code does not use the term #cyber crime< at any point e!en after its amendment by the Information Technology ?amendment@ Act ,99; the Indian Cyber law% +ut BCyber $ecurity is defined under $ection ?,@ ?b@ means protecting information; eDuipment; de!ices
1 Ecoomic !rime "a# $No%ember &,2'1(, &)''*m+, htt*:deitios)uslegal)comeecoomic-crime.2') 2 !yber !rime $No%ember &, 2'1(, &)2/*m+, htt*:###)*#c)iassets*d0s*ublicatios2'11ecoomic-crime-sur%ey-2'11-idia-re*ort)*d0
5 | Page
computer; computer resource; communication de!ice and information stored therein from unauthoried access; use; disclosure; disruption; modification or destruction%-
IT LEGISLATION IN INDIA &id F9
Cyber law is a term used to describe the legal issues related to use of communications technology; particularly Bcyberspace; i%e% the Internet% It is less of a distinct field of law in the way that property or contract are; as it is an intersection of many legal fields; including intellectual property; pri!acy; freedom of expression; and jurisdiction% In essence; cyber law is an attempt to apply laws designed for the physical world; to human acti!ity on the Internet% In India; The IT Act; ,999 as amended by The IT ?Amendment@ Act; ,99 is known as the Cyber law% It has a separate chapter GI entitled Bffences in which !arious cyber crimes ha!e been declared as penal offences punishable with imprisonment and fine%
Prashat ali, 3y*es o0 !yber !rimes ad !yber "a#s i 4ida $No%ember 9, 7)'*m+, htt*:###)csi-idia)orgcdocumetlibrarygetle6uuid'(7c&2/d-171c(9dc-b71b-(b((c5919b/ ) ( 3he beets ad ris8s o0 a et#or8ed #orld $No%ember &, 2'1(, &)&*m+, htt*:###)*#c)comgeecoomic-crime-sur%eycybercrime)html
6 | Page
The 0nited .ations Commission on International Trade Law ?0.CIT/AL@ adopted the &odel Law on e)commerce in *FF3% The 2eneral Assembly of 0nited .ations passed a resolution in Hanuary *FF7 inter alia; recommending all $tates in the 0. to gi!e fa!ourable considerations to the said &odel Law; which pro!ides for recognition to electronic records and according it the same treatment like a paper communication and record%1
O)*ect'+es o% I.T. e!'sat'o& '& I&d'a, It is against this background the 2o!ernment of India
enacted its Information Technology Act ,999 with the objecti!es as follows; stated in the preface to the Act itself; Bto pro!ide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication; commonly referred to as electronic commerce; which in!ol!e the use of alternati!es to paper)based methods of communication and storage of information; to facilitate electronic filing of documents with the 2o!ernment agencies and further to amend the Indian >enal Code; the Indian E!idence Act; *7,; the +ankersJ +ooks E!idence Act; *F* and the /eser!e +ank of India Act; *F-: and for matters connected therewith or incidental thereto%
The Information Technology Act; ,999; was thus passed as the Act .o%,* of ,999; got >resident assent on F Hune and was made effecti!e from *7 ctober ,999% The Act essentially deals with the following issues" • • • •
Legal /ecognition of Electronic (ocuments Legal /ecognition of (igital $ignatures ffenses and Contra!entions Hustice (ispensation $ystems for cyber crimes%
A#e&d#e&t Act -/, +eing the first legislation in the nation on technology; computers and
ecommerce and e)communication; the Act was the subject of extensi!e debates; elaborate re!iews and detailed criticisms; with one arm of the industry criticiing some sections of the Act to be draconian and other stating it is too diluted and lenient% There were some conspicuous omissions too resulting in the in!estigators relying more and more on the time)tested ?one and
5 4bid)
7 | Page
half century)old@ Indian >enal Code e!en in technology based cases with the I%T% Act also being referred in the process and the reliance more on I>C rather on the ITA%3
Thus the need for an amendment 8 a detailed one 8 was felt for the I%T% Act almost from the year ,99-)9: itself% &ajor industry bodies were consulted and ad!isory groups were formed to go into the percei!ed lacunae in the I%T% Act and comparing it with similar legislations in other nations and to suggest recommendations% $uch recommendations were analysed and subseDuently taken up as a comprehensi!e Amendment Act and after considerable administrati!e procedures; the consolidated amendment called the Information Technology Amendment Act ,99 was placed in the >arliament and passed without much debate; towards the end of ,99 ?by which time the &umbai terrorist attack of ,3 .o!ember ,99 had taken place@% This Amendment Act got the >resident assent on 1 5eb ,99F and was made effecti!e from ,7 ctober ,99F% $ome of the notable features of the ITAA are as follows" K 5ocussing on data pri!acy K 5ocussing on Information $ecurity K (efining cyber caf K &aking digital signature technology neutral K (efining reasonable security practices to be followed by corporate K /edefining the role of intermediaries K /ecognising the role of Indian Computer Emergency /esponse Team K Inclusion of some additional cyber crimes like child pornography and cyber terrorism K authoriing an Inspector to in!estigate cyber offences ?as against the ($> earlier@
Ho0 the Act 's str1ct1red " The Act totally has *- chapters and F9 sections ?the last four
sections namely sections F* to F: in the ITA ,999 dealt with the amendments to the four Acts namely the Indian >enal Code *39; The Indian E!idence Act *7,; The +ankers< +ooks E!idence Act *F* and the /eser!e +ank of India Act *F-:@% The Act begins with preliminary
/ (r% $arla 2upta and +eniprasad Agrawal; BInformation Technology; Law and >ractice; ,99F;
>remier >ublishing Company; Allahabad%
8 | Page
and definitions and from thereon the chapters that follow deal with authentication of electronic records; digital signatures; electronic signatures etc% Elaborate procedures for certifying authorities ?for digital certificates as per IT Act ),999 and since replaced by electronic signatures in the ITAA ),99@ ha!e been spelt out% The ci!il offence of data theft and the process of adjudication and appellate procedures ha!e been described% Then the Act goes on to define and describe some of the well)known cyber crimes and lays down the punishments therefore% Then the concept of due diligence; role of intermediaries and some miscellaneous pro!isions ha!e been described%7
/ules and procedures mentioned in the Act ha!e also been laid down in a phased manner; with the latest one on the definition of pri!ate and sensiti!e personal data and the role of intermediaries; due diligence etc%; being defined as recently as April ,9**%
A$$'ca)''t", The Act extends to the whole of India and except as otherwise pro!ided; it applies
to also any offence or contra!ention there under committed outside India by any person% There are some specific exclusions to the Act ?ie where it is not applicable@ as detailed in the 5irst $chedule; stated below" a@ negotiable instrument ?ther than a cheDue@ as defined in section *- of the .egotiable Instruments Act; **M b@ a power)of)attorney as defined in section *A of the >owers)of)Attorney Act; *,M c@ a trust as defined in section - of the Indian Trusts Act; *, d@ a will as defined in clause ?h@ of section , of the Indian $uccession Act; *F,1 including any other testamentary disposition e@ any contract for the sale or con!eyance of immo!able property or any interest in such propertyM f@ any such class of documents or transactions as may be notified by the Central 2o!ernment
Sect'o& 23 deals with penalties and compensation for damage to computer; computer system etc% 7 ;uide to college maor ecoomic crime $No%ember&, &)2'*m+, htt*:###)#orld#idelear)comolie-educatio-guidecrimial-usticeecoomic-crimemaor)htm
9 | Page
This section is the first major and significant legislati!e step in India to combat the issue of data theft% The IT industry has for long been clamouring for a legislation in India to address the crime of data theft; just like physical theft or larceny of goods and commodities% This $ection addresses the ci!il offence of theft of data% If any person without permission of the owner or any other person who is in charge of a computer; accesses or downloads; copies or extracts any data or introduces any computer contaminant like !irus or damages or disrupts any computer or denies access to a computer to an authorised user or tampers and so on; he shall be liable to pay damages to the person so affected% Earlier in the ITA ),999 the maximum damages under this head was /s%* crore; which ?the ceiling@ was since remo!ed in the ITAA; ,99%
The essence of this $ection is c'+' 'a)''t". Criminality in the offence of data theft is being separately dealt with later under $ections 31 and 33% 'riting a !irus program or spreading a !irus mail; a bot; a Trojan or any other malware in a computer network or causing a (enial of $er!ice Attack in a ser!er will all come under this $ection and attract ci!il liability by way of compensation% 0nder this $ection; words like Computer Virus; Compute Contaminant; Computer database and $ource Code are all described and defined%
Nuestions like the employees< liability in an organisation which is sued against for data theft or such offences and the amount of responsibility of the employer or the owner and the concept of due diligence were all debated in the first few years of ITA ),999 in court litigations like the baee%com case and other cases. $ubseDuently need was felt for defining the corporate liability for data protection and information security at the corporate le!el was gi!en a serious look%
Thus the new Sect'o& 234A dealing with compensation for failure to protect data was introduced in the ITAA ),99% This is another watershed in the area of data protection especially at the corporate le!el% As per this $ection; where a body corporate is negligent in implementing reasonable security practices and thereby causes wrongful loss or gain to any person; such body corporate shall be liable to pay damages by way of compensation to the person so affected% The
& (r% $arla 2upta and +eniprasad Agrawal; BInformation Technology; Law and >ractice; ,99F; >remier >ublishing Company; Allahabad%
10 | P a g e
$ection further explains the phrase #body corporate< and Duite significantly the phrases #reasonable security practices and procedures< and #sensiti!e personal data or information<% Thus the corporate responsibility for data protection is greatly emphasied by inserting $ection :-A whereby corporates are under an obligation to ensure adoption of reasonable security practices% 5urther what is sensiti!e personal data has since been clarified by the central go!ernment !ide its .otification dated ** April ,9** gi!ing the list of all such data which includes password; details of bank accounts or card details; medical records etc% After this notification; the IT industry in the nation including techsa!!y and widely technology)based banking and other sectors became suddenly aware of the responsibility of data protection and a general awareness increased on what is data pri!acy and what is the role of top management and the Information $ecurity (epartment in organisations in ensuring data protection; especially while handling the customers< and other third party data%
/easonable $ecurity >ractices K $ite certification K $ecurity initiati!es K Awareness Training K Conformance to $tandards; certification K >olicies and adherence to policies K >olicies like password policy; Access Control; email >olicy etc K >eriodic monitoring and re!iew% The Information Technology ?/easonable security practices and procedures and sensiti!e personal data or information@ /ules ha!e since been notified by the 2o!ernment of India; (ept of I%T% on ** April ,9**% Any body corporate or a person on its behalf shall be considered to ha!e complied with reasonable security practices and procedures; if they ha!e implemented such security practices and standards and ha!e a comprehensi!e documented information security programme and information security policies containing managerial; technical; operational and physical security control measures commensurate with the information assets being protected with the nature of business% In the e!ent of an information security breach; the body corporate or a person on its behalf shall be reDuired to demonstrate; as and when called upon to do so by the 11 | P a g e
agency mandated under the law; that they ha!e implemented security control measures as per their documented information security programme and information security policies% The international $tandard I$OI$OIEC ,799* on Information Technology 8 $ecurity TechniDues ) Information $ecurity &anagement $ystem ) /eDuirements is one such standard referred to in sub)rule ?*@%
In !iew of the foregoing; it has now become a major compliance issue on the part of not only IT companies but also those in the +anking and 5inancial $ector especially those banks with huge computerised operations dealing with public data and depending hea!ily on technology% In times of a litigation or any security breach resulting in a claim of compensation of financial loss amount or damages; it would be the huge responsibility on the part of those body corporate to pro!e that that saidF
B/easonable $ecurity >ractices and >rocedures were actually in place and all the steps mentioned in the /ules passed in April ,9** stated abo!e; ha!e been taken% In the near future; this is one of the sections that is going to create much noise and be the subject of much debates in the e!ent of litigations; like in re)defining the role of an employee; the responsibility of an employer or the top management in data protection and issues like the actual and !icarious responsibility; the actual and contributory negligence of all stake holders in!ol!ed etc%
The issue has wider ramifications especially in the case of a co1d co#$1t'&! scenario 5the practice of using a network of remote ser!ers hosted on the Internet to store; manage; and process data; rather than a local ser!er; with the ser!ices managed by the pro!ider sold on demand; for the amount of time used@ where more and more organisations handle the data of others and the information is stored elsewhere and not in the owners< system% >ossibly; more debates will emanate on the Duestion of information owners !is a !is the information container and the information custodians and the $er!ice Le!el 9 ;uide to college maor ecoomic crime $No%ember&, &)2'*m+, htt*:###)#orld#idelear)comolie-educatio-guidecrimial-usticeecoomic-crimemaor)htm
12 | P a g e
Agreements of all parties in!ol!ed will assume a greater significance%
Ad*1d'cat'o&, 4a!ing dealt with ci!il offences; the Act then goes on to describe ci!il remedy to
such offences in the form of adjudication without ha!ing to resort to the procedure of filing a complaint with the police or other in!estigating agencies% Adjudication powers and procedures ha!e been elaborately laid down in $ections :3 and thereafter% The Central 2o!ernment may appoint any officer not below the rank of a director to the 2o!ernment of India or a state 2o!ernment as the adjudicator%
$ecretary in any state is normally the nominated Adjudicator for all ci!il offences arising out of data thefts and resultant losses in the particular state% If at all one section can be criticied to be absolutely lacking in popularity in the IT Act; it is this pro!ision% In the first ten years of existence of the ITA; there ha!e been only a !ery few applications made in the nation; that too in the major metros almost all of which are under different stages of judicial process and adjudications ha!e been obtained in possibly less than fi!e cases% The first adjudication obtained under this pro!ision was in Chennai; Tamil .adu;
In a case in!ol!ing ICICI +ank in which the bank was told to compensate the applicant with the amount wrongfully debited in Internet +anking; along with cost and damages% in April ,9*9% This section should be gi!en much popularity and awareness should be spread among the public especially the !ictims of cyber crimes and data theft that such a procedure does exist without recourse to going to the police and filing a case% It is time the state spends some time and thought in enhancing awareness on the pro!ision of adjudication for ci!il offences in cyber litigations like data theft etc so that the purpose for which such useful pro!isions ha!e been made; are effecti!ely utilied by the litigant public%*9
There is an appellate procedure under this process and the composition of Cyber Appellate Tribunal at the national le!el; has also been described in the Act% E!ery adjudicating officer has 1' ;uide to college maor ecoomic crime $No%ember&, &)2'*m+, htt*:###)#orld#idelear)comolie-educatio-guidecrimial-usticeecoomic-crimemaor)htm
13 | P a g e
the powers of a ci!il court and the Cyber Appellate Tribunal has the powers !ested in a ci!il court under the Code of Ci!il >rocedure%
After discussing the procedures relating to appeals etc and the duties and powers of Cyber Appellate Tribunal; the Act mo!es to the actual criminal acts coming under the broader definition of cyber crimes% It would be pertinent to note that the Act only lists some of the cyber crimes; ?without defining a cyber crime@ and stipulates the punishments for such offences% The criminal pro!isions of the IT Act and those dealing with cogniable offences and criminal acts follow from Chapter IG titled Bffences
Sect'o& 67, Tampering with source documents is dealt with under this section% Concealing;
destroying; altering any computer source code when the same is reDuired to be kept or maintained by law is an offence punishable with three years imprisonment or two lakh rupees or with both% 5abrication of an electronic record or committing forgery by way of interpolations in C( produced as e!idence in a court ? Bhim Sen Garg v. State of Rajasthan and others11@ attract punishment under this $ection% Computer source code under this $ection refers to the listing of programmes; computer commands; design and layout etc in any form% Sect'o& 66, Computer related offences are dealt with under this $ection% (ata theft stated in
$ection :- is referred to in this $ection% 'hereas it was a plain and simple ci!il offence with the remedy of compensation and damages only; in that $ection; here it is the same act but with a criminal intention thus making it a criminal offence% The act of data theft or the offence stated in $ection :- if done dishonestly or fraudulently becomes a punishable offence under this $ection and attracts imprisonment upto three years or a fine of fi!e lakh rupees or both% Earlier hacking was defined in $ec 33 and it was an offence% .ow after the amendment; data theft of $ec :- is being referred to in $ec 33 by making this section more purposeful and the word #hacking< is not used% The word #hacking< was earlier called a crime in this $ection and at the same time; courses on #ethical hacking< were also taught academically% This led to an anomalous situation of people asking how an illegal acti!ity be taught academically with a word #ethical< prefixed to it% Then can there be training programmes; for instance; on BEthical burglary; BEthical Assault etc say for courses on physical defenceP 11 ,993 Cri LH -:3-%
14 | P a g e
This tricky situation was put an end to; by the ITAA when it re)phrased the $ection 33 by mapping it with the ci!il liability of $ection :- and remo!ing the word #4acking<% 4owe!er the act of hacking is still certainly an offence as per this $ection; though some experts interpret #hacking< as generally for good purposes ?ob!iously to facilitate naming of the courses as ethical hacking@ and #cracking< for illegal purposes% It would be rele!ant to note that the technology in!ol!ed in both is the same and the act is the same; whereas in #hacking< the owner or email spoofing@ are all co!ered here% >unishment for these acts is imprisonment upto three years or fine% 33+ (ishonestly recei!ing stolen computer resource or communication de!ice with punishment upto three years or one lakh rupees as fine or both% 33C Electronic signature or other identity theft like using others< password or electronic signature etc% >unishment is three years imprisonment or fine of one lakh rupees or both%
33( Cheating by personation using computer resource or a communication de!ice shall be punished with imprisonment of either description for a term which extend to three years and shall also be liable to fine which may extend to one lakh rupee%
33E >ri!acy !iolation 8 >ublishing or transmitting pri!ate area of any person without his or her consent etc% >unishment is three years imprisonment or two lakh rupees fine or both%
335 Cyber terrorism 8 Intent to threaten the unity; integrity; security or so!ereignty of the nation and denying access to any person authoried to access the computer resource or attempting to penetrate or access a computer resource without authoriation% Acts of causing a computer contaminant ?like !irus or Trojan 4orse or other spyware or malware@ likely to cause death or injuries to persons or damage to or destruction of property etc% come under this $ection% >unishment is life imprisonment% It may be obser!ed that all acts under $%33 are cogniable and non)bailable offences% Intention or the knowledge to cause wrongful loss to others ie the 15 | P a g e
existence of criminal intention and the e!il mind ie concept of mens rea, destruction; deletion; alteration or diminishing in !alue or utility of data are all the major ingredients to bring any act under this $ection% To summarise; what was ci!il liability with entitlement for compensations and damages in $ection :-; has been referred to here; if committed with criminal intent; making it a criminal liability attracting imprisonment and fine or both% Sect'o& 68 deals with publishing or transmitting obscene material in electronic form% The earlier
$ection in ITA was later widened as per ITAA ,99 in which child pornography and retention of records by intermediaries were all included%*, >ublishing or transmitting obscene material in electronic form is dealt with here% 'hoe!er publishes or transmits any material which is lasci!ious or appeals to the prurient interest or if its effect is such as to tend to depra!e and corrupt persons who are likely to read the matter contained in it; shall be punished with first con!iction for a term upto three years and fine of fi!e lakh rupees and in second con!iction for a term of fi!e years and fine of ten lakh rupees or both% This $ection is of historical importance since the landmark judgement in what is considered to be the first e!er con!iction under I%T% Act ,999 in India; was obtained in this $ection in the famous case BState of Tamil Nadu v. Suhas Katti” on 1 .o!ember ,99:% The strength of the $ection and the reliability of electronic e!idences were pro!ed by the prosecution and con!iction was brought about in this case; in!ol!ing sending obscene message in the name of a married women amounting to cyber stalking; email spoofing and the criminal acti!ity stated in this $ection%
Sect'o& 684A deals with publishing or transmitting of material containing sexually explicit act in
electronic form% Contents of $ection 37 when combined with the material containing sexually explicit material attract penalty under this $ection% Sect'o& 69, This is an interesting section in the sense that it empowers the 2o!ernment or
agencies as stipulated in the $ection; to intercept; monitor or decrypt any information generated; transmitted; recei!ed or stored in any computer resource; subject to compliance of procedure as laid down here% This power can be exercised if the Central 2o!ernment or the $tate 2o!ernment; as the case may be; is satisfied that it is necessary or expedient in the interest of so!ereignty or 12 (r% $arla 2upta and +eniprasad Agrawal; BInformation Technology; Law and >ractice; ,99F; >remier >ublishing Company; Allahabad%
16 | P a g e
integrity of India; defence of India; security of the $tate; friendly relations with foreign $tates or public order or for pre!enting incitement to the commission of any cogniable o ffence relating to abo!e or for in!estigation of any offence% In any such case too; the necessary procedure as may be prescribed; is to be followed and the reasons for taking such action are to be recorded in writing; by order; directing any agency of the appropriate 2o!ernment% The subscriber or intermediary shall extend all facilities and technical assistance when called up on to do so%
$ection 3FA inserted in the ITAA; !ests with the Central 2o!ernment or any of its officers with the powers to issue directions for blocking for public access of any information through any computer resource; under the same circumstances as mentioned abo!e% $ection 3F+ discusses the power to authorise to monitor and collect traffic data or information through any computer resource%
17 | P a g e
METHODS USED :OR CY;ER CRIME
Control o!er the physical world is generally localied; low)tech and underpinned by many well established practices and procedures% The challenge to this seemingly well)oiled machinery is offered by a new paradigm of organied crime)#cybercrime<% The increasing use of the internet by all facets of society has led to the e!olution of new field of criminal acti!ity that is defined by its dependence on the internet% 'hile certain aspects of cyber crime are held common with pre!iously existing forms of criminality it is ne!ertheless true that cyber crime forms a distinct category of its own; one that reDuires different mechanisms to deal with it% &ost of the cyber crime in!ol!es multiple; undetectable; small crimes or micro)crimes% Although the headline e!ents are those where gangs of organied criminals use technical mean to electronically steal millions from banksM successful operations at beginning of decade used simple fraud techniDue to steal small !alue denominations from multiple indi!iduals without alerting the !ictims or the law enforcement agencies% A!enues for these operations could range from gaining illegal access to personal bank accounts to selling access to compromised computers%*Viruses and worms) Viruses and worms are computer programs that affect the storage de!ices of a computer or network; which then replicate information without the knowledge of the user% $pam emails) $pam emails are unsolicited emails or junk newsgroup postings% $pam emails are sent without the consent of the recei!er Q potentially creating a wide range of problems if they are not filtered appropriately% Trojan) A Trojan is a program that appears legitimate% 4owe!er; once run; it mo!es on to locate password information or makes the system more !ulnerable to future entry% r a Trojan may simply destroy programs or data on the hard disk
1 Sa0eguardig
18 | P a g e
(enial)of)ser!ice?(o$@) (o$ occurs when criminals attempt to bring down or cripple indi!idual websites; computers or networks; often by flooding them with messages% &alware) &alware is a software that takes control of any indi!idualhishing) >hishing attacks are designed to steal a personCs and then charged clients for a limited period of unfettered access% As is the case with most business ser!ices; customers willing to pay extra can obtain premium ser!ices such as a complete #clean)
19 | P a g e
up< of the stolen data; i%e% getting rid of low)!alue information and assistance with indexation and tagging of data; etc%*: .ew skills; technologies and in!estigati!e techniDues; applied in a global context; are reDuired to detect; pre!ent and respond to cyber)crime% This is not just about the Cyber)crime has spawned many entrepreneurs; though of dubious repute% They ha!e gi!en rise to new criminal hacking enterprises aimed not at committing fraud but at pro!iding ser!ices to help others commit fraud% This operation enables people to commit crime !icariously; i%e% without any direct perpetration% Another model is to create a subscription based identity theft ser!ice rather than stealing personal credentials themsel!es cyber criminals ha!e hacked into >Cs and then charged clients for a limited period of unfettered access% As is the case with most business ser!ices; customers willing to pay extra can obtain premium ser!ices such as a complete #clean)up< of the stolen data; i%e% getting rid of low)!alue information and assistance with indexation and tagging of data; etc%*1 Law enforcement with regard to in!estigating crimes and handling e!idence; dealing with offenders; and assisting !ictims; poses complex new challenges% There is an unprecedented need for international commitment; coordination and cooperation since cyber)crime is truly a global phenomenon% It is also important to ha!e a better understanding about the nature of the problem and to address the issue of significant under)reporting of this dangerous phenomenon% >re!ention and partnerships will be essential to fight cyber crime%
1( 4bid) 15 4bid)
20 | P a g e
CY;ER SECURITY < LEGAL ISSUES
The major concern is primarily attacks on networks and the need for coming up with appropriate legislati!e frameworks for enhancing; preser!ing and promoting cyber security% Lawmakers needs to come up with appropriate enabling legal regimes that not only protect and preser!e cyber security; but also further instill a culture of cyber security amongst the netien Large number of existing cyber legislations across the world; do not yet address important issues pertaining to cyber security% A more renewed focus and emphasis on coming up with effecti!e mandatory pro!isions is reDuired which would help protect; preser!e and promote cyber security in the context of use of computers; computer systems; computer networks; computer resources as also communication de!ices%*3 &obile law challenges As the mobile users in India are increasing considerably; the use of mobile de!ices and content generated there from are likely to bring forth significant new challenges for cyber legal jurisprudence% There are no defined jurisdictions dedicated to laws dealing with the use of communication de!ices and mobile platforms% As increasingly people use mobile de!ices for output and input acti!ities; there will be increased emphasis on meeting up with the legal challenges emerging with the use of mobility de!ices; more so in the context of mobile crimes; mobile data protection and mobile pri!acy% $pam galore As more and more users get added to the Internet and mobile bandwagon; email and mobile spammers will find increasingly inno!ati!e methodologies and procedures to target at digital users% Law makers are likely to be under pressure to come with up effecti!e legislati!e pro!isions to deal with the menace of spam% 1/ Su*ra ote )
21 | P a g e
Cloud computing legal issues As India is mo!ing towards the adoption of cloud computing; !arious important legal challenges pertaining to cloud computing will continue to seek attention of Cyberlaw makers% Cloud computing brings with it; !arious distincti!e new challenges including that of data security; data pri!acy; jurisdiction and a !ariety of other legal issues%$ocial media legal issuesIn the recent times there ha!e been increasingly significant legal issues and challenges raised by social media% As social media websites continues to become the fertile ground for targeting by all rele!ant lawyers; law enforcement agencies and intelligence agencies; social media continues to become the preferred repository of all data% As such; social media crimes are increasing dramatically% Inappropriate use of social media is further increasing; thereby leading to !arious legal conseDuences for the users% The concept of pri!acy in the context of social
22 | P a g e
CHALLENGES :ACED ;Y GOVERNMENT
Although go!ernments are acti!ely focused on fighting and pre!enting cyber criminals from damaging infrastructure; the !ery nature of cyberspace poses a number of challenges to the implementation of cyber regulations in any country% 'ithin cyberspace it is often difficult to determine political borders and culprits% 5urthermore; the cyber criminal community and their techniDues are continously e!ol!ing; making it more challenging for go!ernments and companies to keep up with e!er)changing techniDues%*7 Tracking the origin of crime According to /ob 'ainwright; (irector of Europol; criminal in!estigations of cyber crimes are complex; as the criminal acti!ity itself is borderless by nature% Tracing cyber criminals poses a challenge% 'hile many experts speculate that the cyber attacks on Estonia and 2eorgia; for instance; were directed by the /ussian cyber agencies; some of the attacks ha!e been traced to the computers originating in 'estern countries% 2rowth of the underground cyber crime economy A major threat that may hamper the fight against cyber crime is the growth of an underground economy; which for many cyber criminals can be a lucrati!e !enture% The underground economy attracts many digital experts and talented indi!iduals with a specialty around cyber initiati!e% In the cyber underworld; the hackers and organied crime rings operate by selling confidential stolen intelligence% /esearch shows that criminals are trading bank account information for 0$=*98*,1; credit card data for up to 0$=-9 per card; and email account data for up to 0$=*,%* ften; the acDuired data is used in illegal online purchases and in
17 Ecoomic !rime $No%ember &, 9)2*m+, htt*:###)cbi)lm)ih)go%*ubmed1''&'7
1& Su*ra ote 5)
23 | P a g e
exchange for other monetary transactions% The untraceability of the origin of these transactions poses a major challenge to go!ernment agencies in their efforts to fight crimes of this nature% $hortage of skilled cyber crime fighters Implementing cyber security measures reDuires skilled manpower% 4owe!er; most countries face a shortage of skilled people to counter such cyber attacks% According to /onald .oble; 4ead of Interpol; BAn effecti!e cyber attack does not reDuire an armyM it takes just one indi!idual% 4owe!er; there is a se!ere shortage of skills and expertise to fight this type of crimeM not only at Interpol; but in law enforcement e!erywhere% &oreo!er; most trained or skilled people are recruited by the pri!ate sector; as it offers higher financial rewards% In the 0R; the >Ce0 has experienced this shortage first hand; with only :9 core team members% $imilarly; in Australia; the majority of the cyber crime incidents; particularly minor incidents; remain unsol!ed or are not in!estigated due to the lack of e5orensic skills and expertise% 'idespread use of pirated software ne of the major challenges to pre!enting cyber crime is the pre!alence of software piracy; as pirated software is more prone to attacks by !iruses; malware and trojans% Experts belie!e that rapid growth of Consumer >C markets in emerging countries ) such as India; +rail and China ) has contributed largely to the rising piracy rates% The pirated software can include not only games; mo!ies; office applications and operating systems; but also security software% ften; users prefer to obtain a pirated security software; rather than purchase and upgrade legal !ersion; therefore increasing the !ulnerability of their systems to cyber attacks% 5or instance; one of the reasons for the spread of the Conficker !irus in ,99 was the lack of automatic security updates for unlicensed software%*F The issue becomes more significant for those countries where pirated software is a common occurrence% China; which is one of the largest such markets; reported that nearly 0$=*F billion was spent on pirated software in ,99F% In India; the unlicensed software
19 Su*ra ote 2)
24 | P a g e
market !alue stands at nearly 0$=, billion%,9 Ensuring cyber security is also a major challenge for 2ulf Cooperation Council ?2CC@ countries; where 19 percent of software is pirated%,*
CONCLUSION
$ince most serious economic crimes often in!ol!e transitional organied criminals and international transactions; international co)operation in the fight of these crimes is deemed one of the most important measures% All nations must be concerned about the seriousness of the problems and put united effort in their solution% A common global approach to deal with the problem could contribute to further strengthening international co)operation and law enforcement mechanisms% This would reDuire standardiation of legal definitions of economic crimes and expertise for in!estigating such crimes within law enforcement agencies% It is clear that national so!ereignty does not permit in!estigations within the territory of different countries without the permission of the national authorities and legal experts always disagree on matters relating to territorial jurisdictions for the trial of economic crime offenders% Economic crime in!estigations need the support and in!ol!ement of authorities of all countries in!ol!ed%,, To pre!ent and manage economic crime; it is necessary to in!est as much in information technology de!elopment as in protection measures% InadeDuate protection measures ha!e gi!en offender opportunities to act when they should not%,- (e!eloping countries ha!e a uniDue 2' 3he gro#ig global thread o0 ecoomic ad cyber crime 1' $2'12+, htt*:###)utica)eduacademicistitutesecii*ublicatiosmediaglobalthreatcrime)*d0
21 4bid) 22 oica N =gu, !halleges o0 usig 40ormatio 3echology to !ombat Ecoomic !rime, htt*s:###)academia)edu752&91'!hallegeso0>sig40ormatio3echology3o!omba tEcoomic!rime
2 4bid)
25 | P a g e
opportunity to integrate security measures at the early stage rather at a later stage% It may be cheaper at the early point to integrate security in IT de!elopment% The only thing is that it may reDuire upfront in!estments% $trategies must be formulated early enough to pre!ent economic crimes; de!elop counter measures including de!elopment and promotion of technical means of protection% In other words; nations should be proacti!e in crime pre!ention and management% 5ighting economic crimes after they ha!e occurred can be !ery expensi!e and difficult% Awareness can be a !ery important economic crimes pre!ention; control and detection measure% Increasing public awareness will play a !ery significant role especially in the case where regulations are not well enforced% 2o!ernments should ha!e a clear concept; proper structure and process of enforcement for increasing public awareness% Educational systems ha!e to be restructured to eDuip the youths and indeed the public to cope with the changing times in the economy in positi!e ways% ther ways of creating awareness is through workshops and seminars and through moral upbringing of young ones by homes and religious organiations%
26 | P a g e
;I;LIOGRA=HY +ooks •
Rarnika $eth; BCyber Laws in the Information Technology Age; *st ed%; ,99F; Lexis
•
.exis; +utterworths 'adhwa; .agpur% (r% $arla 2upta and +eniprasad Agrawal; BInformation Technology; Law and >ractice; ,99F; >remier >ublishing Company; Allahabad%
'ebsites • • • • • • •
www%academia%edu www%csi)india%org www%definitions%uselegal%com www%ncbi%nlm%nih%go! www%pwc%in www%utica%edu www%worldwidelearn%com
27 | P a g e