CYBER CRIMES

INTRODUCTION:

The term cyber crime is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state.

Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.

CONVENTIONAL CRIME-

Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is a legal wrong that can be followed by criminal proceedings which may result into punishment.1 The hallmark of criminality is that, it is breach of the criminal law. As per Lord Atkin the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences.2
1

(1) GLANVILLE WILLIAMS (2) Proprietary Articles Trade Association v. Attorney General of Canada(1932)

A crime may be said to be any conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences.

CYBER CRIME

Cyber crime is the latest and perhaps the most complicated problem in the cyber world. Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime. Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime.

A generalized definition of cyber crime may be unlawful acts wherein the computer is either a tool or target or both3. The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.

DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME-

(3) Nagpal R, What is Cyber Crime, p.11

There is apparently no distinction between cyber and conventional crime. However on a deep introspection we may say that there exists a fine line of demarcation between the conventional and cyber crime, which is appreciable. The demarcation lies in the involvement of the medium in cases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium.

REASONS FOR CYBER CRIME: Hart in his work The Concept of Law has said human beings are vulnerable so rule of law is required to protect them. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be:

Capacity to store data in comparatively small space-

The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much more easier.

Easy to accessThe problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.

3.Complex-

The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.

4. Negligence-

Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.

5. Loss of evidence-

Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.

CYBER CRIMINALS:

The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals-

1. Children and adolescents between the age group of 6 18 years

The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove themselves to be outstanding amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends.

2. Organised hackers-

These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.

3. Professional hackers / crackers

Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are people employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.

4. Discontented employees5

This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee.

MODE AND MANNER OF COMMITING CYBER CRIME:

Unauthorized access to computer systems or networks / HackingThis kind of offence is normally referred as hacking in the generic sense. However the framers of the information technology act 2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for unauthorized access as the latter has wide connotation.

Theft of information contained in electronic formThis includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the data physically or by tampering them through the virtual medium.

Email bombingThis kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail servers there by ultimately resulting into crashing.

Data diddlingThis kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. The
6

electricity board faced similar problem of data diddling while the department was being computerised.

Salami attacksThis kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the banks system, which deducted 10 cents from every account and deposited it in a particular account.

Denial of Service attackThe computer of the victim is flooded with more requests than it can handle which cause it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial of service attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo.

7.

Virus / worm attacks-

Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. It almost brought development of Internet to a complete halt.
7

8.

Logic bombs-

These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).

Trojan attacksThis term has its origin in the word Trojan horse. In software field this means an unauthorized programme, which passively gains control over anothers system by representing itself as an authorised programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam installed in the computer obtained her nude photographs. He further harassed this lady.

Internet time theftsNormally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwas case- the Internet hours were used up by any other person. This was perhaps one of the first reported cases related to cyber crime in India. However this case made the police infamous as to their lack of understanding of the nature of cyber crime.

11. Web jacking-

This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even mutilate or change the information on the site. This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that of the gold fish case. In this case the site was hacked and the information pertaining to gold fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a process where by control over the site of another is made backed by some consideration for it.

CLASSIFICATION: The subject of cyber crime may be broadly classified under the following three groups. They are-

1. Against Individuals

a. their person & b. their property of an individual

2. Against Organization

a. Government c. Firm, Company, Group of Individuals.

9

3. Against Society at large

The following are the crimes, which can be committed against the followings group

Against Individuals:

i. Harassment via e-mails. ii. Cyber-stalking. iii. Dissemination of obscene material. iv. Defamation. v. Unauthorized control/access over computer system. vi. Indecent exposure vii. Email spoofing viii. Cheating & Fraud

Against Individual Property: -

10

i. Computer vandalism. ii. Transmitting virus. iii. Netrespass iv. Unauthorized control/access over computer system. v. Intellectual Property crimes vi. Internet time thefts

Against Organization: -

i. Unauthorized control/access over computer system ii. Possession of unauthorized information. iii. Cyber terrorism against the government organization. iv. Distribution of pirated software etc.

Against Society at large: -

i. Pornography (basically child pornography). ii. Polluting the youth through indecent exposure.
11

iii. Trafficking iv. Financial crimes v. Sale of illegal articles vi. Online gambling vii. Forgery

The above mentioned offences are discussed in brief as follows:

1. Harassment via e-mails-

Harassment through e-mails is not a new concept. It is very similar to harassing through letters. Recently I had received a mail from a lady wherein she complained about the same. Her former boyfriend was sending her mails constantly sometimes emotionally blackmailing her and also threatening her. This is a very common type of harassment via e-mails.

2. Cyber-stalking-

The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.

3. Dissemination of obscene material/ Indecent exposure/ Pornography (basically child pornography) / Polluting through indecent exposure12

Pornography on the net may take various forms. It may include the hosting of web site containing these prohibited materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. Two known cases of pornography are the D.P.S RK Puram case and the Bombay case wherein two Swiss couple used to force the slum children for obscene photographs. The Mumbai police later arrested them.

4. Defamation

It is an act of imputing any person with intent to lower the person in the estimation of the right-thinking members of society generally or to cause him to be shunned or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. E.g. the mail account of a student was hacked and some mails were sent from his account to some of his batch mates regarding his affair with a girl with intent to defame him.

4.

Unauthorized control/access over computer system-

This activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term "unauthorized access" interchangeably with the term "hacking" to prevent confusion as the term used in the Act of 2000 is much wider than hacking.

5.

E mail spoofing-

13

A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's origin to be different from which actually it originates. Recently spoofed mails were sent on the name of Mr.NA.Vijayashankar, which contained virus.

Rajesh Manyar, a graduate student at Purdue University in Indiana, was arrested for threatening to detonate a nuclear device in the college campus. The alleged e- mail was sent from the account of another student to the vice president for student services. However the mail was traced to be sent from the account of Rajesh Manyar.

6. Computer vandalism-

Vandalism means deliberately destroying or damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer or by physically damaging a computer or its peripherals.

7. Transmitting virus/worms-

This topic has been adequately dealt herein above.

8. Intellectual Property crimes / Distribution of pirated software-

14

Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, copyright infringement, trademark and service mark violation, theft of computer source code, etc.

The Hyderabad Court has in a land mark judgement has convicted three people and sentenced them to six months imprisonment and fine of 50,000 each for unauthorized copying and sell of pirated software. (16)

9. Cyber Terrorism

Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.

Computers and the internet are becoming an essential part of our daily life. They are being used by individuals and societies to make their life easier. They use them for storing information, processing data, sending and receiving messages, communications, controlling machines, typing, editing, designing, drawing, and almost all aspects of life.

The most deadly and destructive consequence of this helplessness is the emergence of the concept of cyber terrorism. The traditional concepts and methods of terrorism have taken new dimensions, which are more destructive and deadly in nature. In the age of information technology the terrorists have acquired an expertise to produce the most deadly combination of weapons and technology, which if not properly safeguarded in due course
15

of time, will take its own toll. The damage so produced would be almost irreversible and most catastrophic in nature. In short, we are facing the worst form of terrorism popularly known as "Cyber Terrorism". The expression "cyber terrorism" includes an intentional negative and harmful use of the information technology for producing destructive and harmful effects to the property, whether tangible or intangible, of others. For instance, hacking of a computer system and then deleting the useful and valuable business information of the rival competitor is a part and parcel of cyber terrorism.

The definition of "cyber terrorism" cannot be made exhaustive as the nature of crime is such that it must be left to be inclusive in nature. The nature of "cyberspace is such that new methods and technologies are invented regularly; hence it is not advisable to put the definition in a straightjacket formula or pigeons hole. In fact, the first effort of the Courts should be to interpret the definition as liberally as possible so that the menace of cyber terrorism can be tackled stringently and with a punitive hand.

The law dealing with cyber terrorism is, however, not adequate to meet the precarious intentions of these cyber terrorists and requires a rejuvenation in the light and context of the latest developments all over the world.

A. Definition of Cyber TerrorismBefore we can discuss the possibilities of cyber terrorism, we must have some working definitions. The word cyber terrorism refers to two elements: cyberspace and terrorism.

Another word for cyberspace is the virtual world i,e a place in which computer programs function and data moves. Terrorism is a much used term, with many definitions. For the purposes of this presentation, we will use the United States Department of State definition: The term terrorism means
16

premeditated, politically motivated violence perpetrated against non combatant targets by sub national groups or clandestine agents.

If we combine these definitions, we construct a working definition such as the following: Cyber terrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against non combatant targets by sub national groups or clandestine agents.4

The basic definition of Cyber-terrorism subsumed over time to encompass such things as simply defacing a web site or server, or attacking non-critical systems, resulting in the term becoming less useful. There is also a train of thought that says cyber terrorism does not exist and is really a matter of hacking or information warfare. Some disagree with labelling it terrorism proper because of the unlikelihood of the creation of fear of significant physical harm or death in a population using electronic means, considering current attack and protective technologies.

B. Who are cyber terrorists?5 From American point of view the most dangerous terrorist group is AlQaeda which is considered the first enemy for the US. According to US officials data from computers seized in Afghanistan indicate that the group has scouted systems that control American energy facilities, water distribution, communication systems, and other critical infrastructure.

(4) DR. MUDWAI MUKHTAR ELMUSHARAF, Cyber Terrorism: The new kind of Terrorism, Computer Crime Research Center
5

(5) Supra Note (4)

17

After April 2001 collision of US navy spy plane and Chinese fighter jet, Chinese hackers launched Denial os Service (DoS) attacks against American web sites. A study that covered the second half of the year 2002 showed that the most dangerous nation for originating malicious cyber attacks is the United States with 35.4% of the cases down from 40% for the first half of the same year. South Korea came next with 12.8%, followed by China 6.2% then Germany 6.7% then France 4%. The UK came number 9 with 2.2%. According to the same study, Israel was the most active country in terms of number of cyber attacks related to the number of internet users. There are so many groups who are very active in attacking their targets through the computers.

The Unix Security Guards (USG) launched a lot of digital attacks in May 2002.

Another group called World's Fantabulas Defacers (WFD) attacked many Indian sites. Also there is another pro Pakistan group called Anti India Crew (AIC) who launched many cyber attacks against India.

C. Why do they use cyber attacks? Cyber terrorist prefer using the cyber attack methods because of many advantages for it. It is Cheaper than traditional methods. The action is very difficult to be tracked. They can hide their personalities and location. There are no physical barriers or check points to cross. They can do it remotely from anywhere in the world.
18

They can use this method to attack a big number of targets. They can affect a large number of people.

D. Forms of cyber terrorism(I) Privacy violation: The law of privacy is the recognition of the individual's right to be let alone and to have his personal space inviolate. The right to privacy as an independent and distinctive concept originated in the field of Tort law, under which a new cause of action for damages resulting from unlawful invasion of privacy was recognized. In recent times, however, this right has acquired a constitutional status, the violation of which attracts both civil as well as criminal consequences under the respective laws. The intensity and complexity of life have rendered necessary some retreat from the world. Man under the refining influence of culture, has become sensitive to publicity, so that solitude and privacy have become essential to the individual. Modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury. Right to privacy is a part of the right to life and personal liberty enshrined under Article 21 of the Constitution of India. With the advent of information technology the traditional concept of right to privacy has taken new dimensions, which require a different legal outlook. To meet this challenge recourse of Information Technology Act, 2000 can be taken.

The various provisions of the Act aptly protect the online privacy rights of the citizens. Certain acts have been categorized as offences and contraventions, which have tendency to intrude with the privacy rights of the citizens.

(II) Secret information appropriation and data theft:

19

The information technology can be misused for appropriating the valuable Government secrets and data of private individuals and the Government and its agencies. A computer network owned by the Government may contain valuable information concerning defence and other top secrets, which the Government will not wish to share otherwise. The same can be targeted by the terrorists to facilitate their activities, including destruction of property. It must be noted that the definition of property is not restricted to movables or immovables alone.

In R.K. Dalmia v Delhi Administration6 the Supreme Court held that the word "property" is used in the I.P.C in a much wider sense than the expression "movable property". There is no good reason to restrict the meaning of the word "property" to moveable property only, when it is used without any qualification. Whether the offence defined in a particular section of IPC can be committed in respect of any particular kind of property, will depend not on the interpretation of the word "property" but on the fact whether that particular kind of property can be subject to the acts covered by that section.

(III) Demolition of e-governance base: The aim of e-governance is to make the interaction of the citizens with the government offices hassle free and to share information in a free and transparent manner. It further makes the right to information a meaningful reality. In a democracy, people govern themselves and they cannot govern themselves properly unless they are aware of social, political, economic and other issues confronting them. To enable them to make a proper judgment on those issues, they must have the benefit of a range of opinions on those issues. Right to receive and impart information is implicit in free speech. This, right to receive information is, however, not absolute but is subject to reasonable restrictions which may be imposed by the Government in public interest.
6

(6) AIR 1962 SC 1821

20

(IV) Distributed denial of services attack: The cyber terrorists may also use the method of distributed denial of services (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate traffic is prohibited from reaching the Government or its agencies computers. This results in immense pecuniary and strategic loss to the government and its agencies.

It must be noted that thousands of compromised computers can be used to simultaneously attack a single host, thus making its electronic existence invisible to the genuine and legitimate citizens and end users. The law in this regard is crystal clear.

(V) Network damage and disruptions: The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This activity may divert the attention of the security agencies for the time being thus giving the terrorists extra time and makes their task comparatively easier. This process may involve a combination of computer tampering, virus attacks, hacking, etc.

E. The danger of cyber terrorismGeneral John Gordon, the White House Homeland Security Advisor, speaking at the RSA security conference in San Francisco, CA Feb. 25, 2004 indicated that whether someone detonates a bomb that cause bodily harm to
21

innocent people or hacked into a web-based IT system in a way that could, for instance, take a power grid offline and result in blackout, the result is ostensibly the same. He also stated that the potential for a terrorist cyber attack is real.

Cyber terrorists can destroy the economy of the country by attacking the critical infrastructure in the big towns such as electric power and water supply, still the blackout of the North Western states in the US in Aug. 15, 2003 is unknown whether it was a terrorist act or not, or by attacking the banks and financial institutions and play with their computer systems.

Senator Jon Kyle, chairman of the senate judiciary subcommittee on terrorism, technology and homeland security mentioned that members of alQaeda have tried to target the electric power grids, transportation systems, and financial institutions.

In England the National High-Tech Crime Unit (NHTCU) survey showed that 97% of the UK companies were victims to cyber crime during the period from June 2002 to June 2003.

Cyber terrorists can endanger the security of the nation by targeting the sensitive and secret information (by stealing, disclosing, or destroying).

F. The Impact of Cyber Terrorism- a brief idea The intention of a cyber terrorism attack could range from economic disruption through the interruption of financial networks and systems or used in support of a physical attack to cause further confusion and possible delays in proper response. Although cyber attacks have caused billions of dollars in damage and affected the lives of millions, we have yet witness the
22

implications of a truly catastrophic cyber terrorism attack. What would some of the implications be?

Direct Cost Implications Loss of sales during the disruption Staff time, network delays, intermittent access for business users Increased insurance costs due to litigation Loss of intellectual property - research, pricing, etc. Costs of forensics for recovery and litigation Loss of critical communications in time of emergency.

Indirect Cost Implications Loss of confidence and credibility in our financial systems Tarnished relationships& public image globally Strained business partner relationships - domestic and internationally Loss of future customer revenues for an individual or group of companies Loss of trust in the government and computer industry

G. Some incidents of cyber terrorismThe following are notable incidents of cyber terrorism: In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day over a two-week period. The messages read "We are the Internet Black Tigers and we're doing this to disrupt your communications."
23

Intelligence authorities characterized it as the first known attack by terrorists against a country's computer systems. During the Kosovo conflict in 1999, NATO computers were blasted with e-mail bombs and hit with denial-of-service attacks by hacktivists protesting the NATO bombings. In addition, businesses, public organizations, and academic institutes received highly politicized virus-laden e-mails from a range of Eastern European countries, according to reports. Web defacements were also common. Since December 1997, the Electronic Disturbance Theatre (EDT) has been conducting Web sit-ins against various sites in support of the Mexican Zapatistas. At a designated time, thousands of protestors point their browsers to a target site using software that floods the target with rapid and repeated download requests. EDT's software has also been used by animal rights groups against organizations said to abuse animals. Electrohippies, another group of hacktivists, conducted Web sit-ins against the WTO when they met in Seattle in late 1999.

One of the worst incidents of cyber terrorists at work was when crackers in Romania illegally gained access to the computers controlling the life support systems at an Antarctic research station, endangering the 58 scientists involved. More recently, in May 2007 Estonia was subjected to a mass cyber-attack by hackers inside the Russian Federation which some evidence suggests was coordinated by the Russian government, though Russian officials deny any knowledge of this. This attack was apparently in response to the removal of a Russian World War II war memorial from downtown Estonia.

H. Efforts of combating cyber terrorismThe Interpol, with its 178 member countries, is doing a great job in fighting against cyber terrorism. They are helping all the member countries and training their personnel. The Council of Europe Convention on Cyber
24

Crime, which is the first international treaty for fighting against computer crime, is the result of 4 years work by experts from the 45 member and nonmember countries including Japan, USA, and Canada. This treaty has already enforced after its ratification by Lithuania on 21st of March 2004.

The Association of South East Asia Nations (ASEAN) has set plans for sharing information on computer security. They are going to create a regional cyber-crime unit by the year 2005.

The protection of I.T.A can be claimed for: (a) Preventing privacy violations, (b) Preventing information and data theft, (c) Preventing distributed denial of services attack (DDOS), and (d) Preventing network damage and destruction.

I. Protection from cyber terrorism- a few suggestions Currently there are no foolproof ways to protect a system. The completely secure system can never be accessed by anyone. Most of the militaries classified information is kept on machines with no outside connection, as a form of prevention of cyber terrorism. Apart from such isolation, the most common method of protection is encryption. The wide spread use of encryption is inhibited by the governments ban on its exportation, so intercontinental communication is left relatively insecure. The Clinton administration and the FBI oppose the export of encryption in favour of a system where by the government can gain the key to an encrypted system after gaining a court order to do so. The director of the FBI's stance is that the Internet was not intended to go unpoliced and that the police need to protect people's privacy and public-safety rights there. Encryption's
25

drawback is that it does not protect the entire system, an attack designed to cripple the whole system, such as a virus, is unaffected by encryption.

Others promote the use of firewalls to screen all communications to a system, including e-mail messages, which may carry logic bombs. Firewall is a relatively generic term for methods of filtering access to a network. They may come in the form of a computer, router other communications device or in the form of a network configuration. Firewalls serve to define the services and access that are permitted to each user. One method is to screen user requests to check if they come from a previously defined domain or Internet Protocol (IP) address. Another method is to prohibit Telnet access into the system.

Here are few key things to remember to protect from cyber-terrorism: 1. All accounts should have passwords and the passwords should be unusual, difficult to guess. 2. Change the network configuration when defects become know. 3. Check with vendors for upgrades and patches. 4. Audit systems and check logs to help in detecting and tracing an intruder. 5. If you are ever unsure about the safety of a site, or receive suspicious email from an unknown address, don't access it. It could be trouble.

J. Indian law & Cyber terrorism7In India there is no law, which is specifically dealing with prevention of malware through aggressive defence. Thus, the analogous provisions have to be applied in a purposive manner. The protection against malware attacks can be claimed under the following categories:
7

(7) Cyber Terrorism- The Dark Side of the Web World

26

(1) Protection available under the Constitution of India, and (2) Protection available under other statutes.

(1) Protection under the Constitution of India: The protection available under the Constitution of any country is the strongest and the safest one since it is the supreme document and all other laws derive their power and validity from it. If a law satisfies the rigorous tests of the Constitutional validity, then its applicability and validity cannot be challenge and it becomes absolutely binding. The Constitutions of India, like other Constitutions of the world, is organic and living in nature and is capable of moulding itself as per the time and requirements of the society.

(2) Protection under other statutes: The protection available under the Constitution is further strengthened by various statutory enactments. These protections can be classified as: (A) Protection under the Indian Penal Code (I.P.C), 1860, and (B) Protection under the Information Technology Act (ITA), 2000.

ConclusionThe problems associated with the use of malware are not peculiar to any particular country as the menace is global in nature. The countries all over the world are facing this problem and are trying their level best to eliminate this problem. The problem, however, cannot be effectively curbed unless popular public support and a vigilant judiciary back it. The legislature cannot enact a law against the general public opinion of the nation at large. Thus, first a public support has to be obtained not only at the national level but at the international level as well. The people all over the world are not against the enactment of statutes curbing the use of malware, but they are
27

conscious about their legitimate rights. Thus, the law to be enacted by the legislature must take care of public interest on a priority basis. This can be achieved if a suitable technology is supported by an apt legislation, which can exclusively take care of the menace created by the computers sending the malware. Thus, the self-help measures recognized by the legislature should not be disproportionate and excessive than the threat received by the malware. Further, while using such self-help measures the property and rights of the general public should not be affected. It would also not be unreasonable to demand that such self-help measures should not themselves commit any illegal act r omission. Thus, a self-help measure should not be such as may destroy or steal the data or secret information stored in the computer of the person sending the malware. It must be noted that two wrongs cannot make a thing right. Thus, a demarcating line between selfhelp and taking law in ones own hand must be drawn. In the ultimate analysis we must not forget that self-help measures are watchdogs and not blood-hounds, and their purpose should be restricted to legitimate and proportionate defensive actions only. In India, fortunately, we have a sound legal base for dealing with malware and the public at large has no problem in supporting the self-help measures to combat cyber terrorism and malware.

10. Trafficking

Trafficking may assume different forms. It may be trafficking in drugs, human beings, arms weapons etc. These forms of trafficking are going unchecked because they are carried on under pseudonyms. A racket was busted in Chennai where drugs were being sold under the pseudonym of honey.

28

11. Fraud & Cheating Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. It may assume different forms. Some of the cases of online fraud and cheating that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc.

Recently the Court of Metropolitan Magistrate Delhi8 found guilty a 24year-old engineer working in a call centre, of fraudulently gaining the details of Campa's credit card and bought a television and a cordless phone from Sony website. Metropolitan magistrate Gulshan Kumar convicted Azim for cheating under IPC, but did not send him to jail. Instead, Azim was asked to furnish a personal bond of Rs 20,000, and was released on a year's probation.

STATUTORY PROVISONS:

The Indian parliament considered it necessary to give effect to the resolution by which the General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations Commission on Trade Law. As a consequence of which the Information Technology Act 2000 was passed and enforced on 17th May 2000.The preamble of this Act states its objective to legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Bankers Book Evidence Act1891 and the Reserve Bank of India Act 1934. The basic purpose to incorporate the changes in these Acts is to make them compatible with the Act of 2000 and so that they may regulate and control the affairs of the cyber world in an effective manner.

(8) Hindustan Times

29

The Information Technology Act deals with the various cyber crimes in chapters IX & XI. The important sections are Ss. 43,65,66,67. Section 43 in particular deals with the unauthorised access, unauthorised downloading, virus attacks or any contaminant, causes damage, disruption, denial of access, interference with the service availed by a person. This section provide for a fine up to Rs. 1 Crore by way of remedy. Section 65 deals with tampering with computer source documents and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Section 66 deals with hacking with computer system and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Further section 67 deals with publication of obscene material and provides for imprisonment up to a term of 10 years and also with fine up to Rs. 2 lakhs. ( The offences included in the IT Act 2000 are as follows: 1. Tampering with the computer source documents. 2. Hacking with computer system. 3. Publishing of information which is obscene in electronic form. 4. Power of Controller to give directions 5. Directions of Controller to a subscriber to extend facilities to decrypt information 6. Protected system 7. Penalty for misrepresentation 8. Penalty for breach of confidentiality and privacy 9. Penalty for publishing Digital Signature Certificate false in certain particulars 10. Publication for fraudulent purpose 11. Act to apply for offence or contravention committed outside India 12. Confiscation
30

13. Penalties or confiscation not to interfere with other punishments. 14. Power to investigate offences.

Offences Under The IT Act 2000: Section 65. Tampering with computer source documents: Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer Programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the being time in force, shall be punishable with imprisonment up to three year, or with fine which may extend up to two lakh rupees, or with both.

Explanation: For the purpose of this section computer source code means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

Object: The object of the section is to protect the intellectual property invested in the computer. It is an attempt to protect the computer source documents (codes) beyond what is available under the Copyright Law

Essential ingredients of the section: 1. knowingly or intentionally concealing , 2. knowingly or intentionally destroying, 3. knowingly or intentionally altering, 4. knowingly or intentionally causing others to conceal,
31

5. knowingly or intentionally causing another to destroy, 6. knowingly or intentionally causing another to alter. This section extends towards the Copyright Act and helps the companies to protect their source code of their programmes. Penalties: Section 65 is tried by any magistrate. This is cognizable and non- bailable offence. Penalties: Imprisonment up to 3 years and / or Fine: Two lakh rupees.

Case Laws: 1. Frios v/s State of Kerela Facts: In this case it was declared that the FRIENDS application software as protected system. The author of the application challenged the notification and the constitutional validity of software under Section 70. The court upheld the validity of both.

It included tampering with source code. Computer source code the electronic form, it can be printed on paper.

Held: The court held that Tampering with Source code are punishable with three years jail and or two lakh rupees fine of rupees two lakh rupees for altering, concealing and destroying the source code.

2. Syed Asifuddin case9:

9

(9) 2005 CriLJ 4314

32

Facts: In this case the Tata Indicom employees were arrested for manipulation of the electronic 32- bit number (ESN) programmed into cell phones theft were exclusively franchised to Reliance Infocom. Held: Court held that Tampering with source code invokes Section 65 of the Information Technology Act.

3. Parliament Attack Case10: Facts: In this case several terrorist attacked on 13 December, 2001Parliament House. In this the Digital evidence played an important role during their prosecution. The accused argued that computers and evidence can easily be tampered and hence should not be relied.

In Parliament case several smart device storage disks and devices, a Laptop were recovered from the truck intercepted at Srinagar pursuant to information given by two suspects. The laptop included the evidence of fake identity cards, video files containing clips of the political leaders with the background of Parliament in the background shot from T.V news channels. In this case design of Ministry of Home Affairs car sticker, there was game wolf pack with user name of Ashiq. There was the name in one of the fake identity cards used by the terrorist. No back up was taken therefore it was challenged in the Court.

Held: Challenges to the accuracy of computer evidence should be established by the challenger. Mere theoretical and generic doubts cannot be cast on the evidence.

Section66. Hacking with the computer system:

10

(10) 2001

33

(1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.

(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

Explanation: The section tells about the hacking activity.

Essential ingredients of the section: 1. Whoever with intention or knowledge. 2. Causing wrongful loss or damage to the public or any person. 3. Destroying or altering any information residing in a computer resource. 4. Or diminishes its value or utility or. 5. Affects it injuriously by any means. Penalties: Punishment: Imprisoned up to three years and Fine: which may extend up to two lakh rupees.Or with both.

Case Laws: 1. R v/s Gold & Schifreen11.

11

(11) 1988 1 AC 1063

34

In this case it is observed that the accused gained access to the British telecom Prestl Gold computers networks file amount to dishonest trick and not criminal offence.

2. R v/s Whitley12. In this case the accused gained unauthorized access to the Joint Academic Network (JANET) and deleted, added files and changed the passwords to deny access to the authorized users.

The perspective of the section is not merely protect the information but to protect the integrity and security of computer resources from attacks by unauthorized person seeking to enter such resource, whatever may be the intention or motive.

Cases Reported In India: Official website of Maharastra government hacked.

The official website of the government of Maharashtra was hacked by Hackers Cool Al- Jazeera, and claimed them they were from Saudi Arabia13.

Section 67. Publishing of obscene information in electronic form: Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstance, to read see or hear the matter
12

(12) (1994) 3 S.C.R 830 (13) 2004

13

35

contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees.

Essential ingredients of this section: 1. Publishing or transmitting, or causing to be published, pornographic material in electronic form. Penalties: Punishment: (1) On first conviction --- imprisonment which may extend up to five years. Fine: up to on first conviction which may extend to one lakh rupees.

(2) On second conviction ---- imprisonment up to which may extend to ten years and Fine which may extend up to two lakh rupees.

Case Laws: 1. The State of Tamil Nadu v/s Suhas Katti14.

Facts: This case is about posting obscene, defamatory and annoying message about a divorcee woman in the Yahoo message group. E-mails were forwarded to the victim for information by the accused through a false email account opened by him in the name of the victim. These postings resulted in annoying phone calls to the lady. Based on the complaint police nabbed the accused. He was a known family friend of the victim and was interested in marrying her. She married to another person, but that marriage
14

(14) 2004

36

ended in divorce and the accused started contacting her once again. And her reluctance to marry him he started harassing her through internet.

Held: The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.

The accused paid fine amount and he was lodged at Central Prison, Chennai. This is considered the first case convicted under section 67 of Information Technology Act 2000 in India.

2. In a recent case, a groom's family received numerous emails containing defamatory information about the prospective bride. Fortunately, they did not believe the emails and chose to take the matter to the police. The sender of the emails turned out to be the girl's step-father, who did not want the girl to get married, as he would have lost control over her property, of which he was the legal guardian.

2. Avnish Bajaj (CEO of bazzee.com now a part of the eBay group of companies) case15.

Facts: There were three accused first is the Delhi school boy and IIT Kharagpur Ravi Raj and the service provider Avnish Bajaj.

15

(15) (2005) 3 Comp, LJ 364 (Del)

37

The law on the subject is very clear. The sections slapped on the three accused were Section 292 (sale, distribution, public exhibition, etc., of an obscene object) and Section 294 (obscene acts, songs, etc., in a public place) of the Indian Penal Code (IPC), and Section 67 (publishing information which is obscene in electronic form) of the Information Technology Act 2000. In addition, the schoolboy faces a charge under Section 201 of the IPC (destruction of evidence), for there is apprehension that he had destroyed the mobile phone that he used in the episode. These offences invite a stiff penalty, namely, imprisonment ranging from two to five years, in the case of a first time conviction, and/or fines.

Held: In this case the Service provider Avnish Bajaj was later acquitted and the Delhi school boy was granted bail by Juvenile Justice Board and was taken into police charge and detained into Observation Home for two days.

4. DASKHINA Kannada police have solved the first case of cyber crime in the district.

A press release by Dakshina Kannada Police said here on Saturday that a Father at a Christian institution in the city had approached the Superintendent of Police with a complaint that he was getting offensive and obscene e-mails.

Police said that all the three admitted that they had done this to tarnish the image of the Father. As the three tendered an unconditional apology to the Father and gave a written undertaking that they would not repeat such act in future, the complainant withdrew his complaint. Following this, the police dropped the charges against the culprit.

38

The release said that sending of offensive and obscene e-mails is an offence under the Indian Information Technology Act 2000. If the charges are framed.

Section 68. Power of controller to give directions: (1) The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, rules or any regulations made there under.

(2) Any person who fails to comply with any order under sub-section (1) shall be guilty of an offence and shall be liable on conviction to imprisonment for a term not exceeding three years or to a fine not exceeding two lakh rupees or to both.

Explanation: Any person who fails to comply with any order under sub section (1) of the above section, shall be guilty of an offence and shall be convicted for a term not less then three years or to a fine exceeding two lakh rupees or to both.

The under this section is non-bailable& cognizable. Penalties: Punishment: imprisonment up to a term not exceeding three years Fine: not exceeding two lakh rupees.

Section 69. Directions of Controller to a subscriber to extend facilities to decrypt information:

39

(1) If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence; for reasons to be recorded in writing, by order, direct any agency of the Government to intercept any information transmitted through any computer resource.

(2) The subscriber or any person in charge of the computer resource shall, when called upon by any agency which has been directed under sub-section (1), extend all facilities and technical assistance to decrypt the information.

(3) The subscriber or any person who fails to assist the agency referred to in subsection (2) shall be punished with an imprisonment for a term which may extend to seven years.

Penalties: Punishment: imprisonment for a term which may extend to seven years.

The offence is cognizable and non- bailable. Section 70. Protected System: (1) The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system.

(2) The appropriate Government may, by order in writing, authorize the persons who are authorized to access protected systems notified under subsection (1).
40

(3) Any person who secures access or attempts to secure access to a protected system in contravention of the provision of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.

Explanation: This section grants the power to the appropriate government to declare any computer, computer system or computer network, to be a protected system. Only authorized person has the right to access to protected system. Penalties: Punishment: the imprisonment which may extend to ten years and fine.

Section 71. Penalty for misrepresentation: (1) Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate, as the case may be, shall be punished with imprisonment for a term which may extend to two years, or which fine which may extend to one lakh rupees, or with both.

Penalties: Punishment: imprisonment which may extend to two years Fine: may extend to one lakh rupees or with both.

Section 72. Penalty for breach of confidentiality and privacy: Save as otherwise provide in this Act or any other law for the time being in force, any person who, in pursuance of any of the powers conferred under this Act, rules or regulation made there under, has secured assess to any electronic record, book, register, correspondence, information, document or
41

other material without the consent of the person concerned discloses such material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

Explanation: This section relates to any to nay person who in pursuance of any of the powers conferred by the Act or it allied rules and regulations has secured access to any: Electronic record, books, register, correspondence, information, document, or other material.

If such person discloses such information, he will be punished with punished. It would not apply to disclosure of personal information of a person by a website, by his email service provider.

Penalties: Punishment: term which may extend to two years. Fine: one lakh rupees or with both.

Section 73. Penalty for publishing Digital Signature Certificate false in certain particulars: (1) No person shall publish a Digital Signature Certificate or otherwise make it available to any other person with the knowledge that(a) The Certifying Authority listed in the certificate has not issued it; or (b) The subscriber listed in the certificate has not accepted it; or (c) The certificate has been revoked or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation.

42

(2) Any person who contravenes the provisions of sub-section (1) shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

Explanation: The Certifying Authority listed in the certificate has not issued it or, The subscriber listed in the certificate has not accepted it or the certificate has been revoked or suspended. The Certifying authority may also suspend the Digital Signature Certificate if it is of the opinion that the digital signature certificate should be suspended in public interest.

A digital signature may not be revoked unless the subscriber has been given opportunity of being heard in the matter. On revocation the Certifying Authority need to communicate the same with the subscriber. Such publication is not an offence it is the purpose of verifying a digital signature created prior to such suspension or revocation.

Penalties: Punishment imprisonment of a term of which may extend to two years. Fine: fine may extend to 1 lakh rupees or with both.

Case Laws: 1. Bennett Coleman & Co. v/s Union of India. In this case the publication has been stated that publication means dissemination and circulation. In the context of digital medium, the term publication includes and transmission of information or data in electronic form.
43

Section 74. Publication for fraudulent purpose: Whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend to two years, or with fine which extend to one lakh rupees, or with both.

Explanation: This section prescribes punishment for the following acts:

Knowingly creating a digital signature certificate for any i. fraudulent purpose or, ii. unlawful purpose.

Knowingly publishing a digital signature certificate for any i. fraudulent purpose or ii. unlawful purpose

Knowingly making available a digital signature certificate for any i. fraudulent purpose or ii. unlawful purpose.

Penalties: Punishment: imprisonment for a term up to two years. Fine: up to one lakh or both.
44

Section 75. Act to apply for offence or contravention committed outside India: (1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality. (2) For the purposes of sub-section (1), this Act shall apply to an offence or

Contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.

Explanation: This section has broader perspective including cyber crime, committed by cyber criminals, of any nationality, any territoriality.

Case Laws: R v/s Governor of Brixton prison and another16. Facts: In this case the Citibank faced the wrath of a hacker on its cash management system, resulting in illegal transfer of funds from customers account in to the accounts of the hacker, later identified as Valdimer Levin and his accomplices. After Levin was arrested he was extradite to the United States. One of the most important issues was jurisdictional issue, the place of origin of the cyber crime.

Held: The Court held that the real- time nature of the communication link between Levin and Citibank computer meant that Levins keystrokes were actually occurring on the Citibank computer.

16

(16) [1997] AC 741 (HL)

45

It is thus important that in order to resolve the disputes related to jurisdiction, the issue of territoriality and nationality must be placed by a much broader criteria embracing principles of reasonableness and fairness to accommodate overlapping or conflicting interests of states, in spirit of universal jurisdiction.

Section 76. Confiscation: Any computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, in respect of which any provisions of this Act, rules, orders or regulations made there under has been or is being contravened, shall be liable to confiscation :

Provided that where it is established to the satisfaction of the court adjudicating the confiscation that the person in whose possession, power or control of any such computer, computer system, floppies, compact disks, tape drives or any other accessories relating thereto is found is not responsible for the contravention of the provisions of this Act, rules orders or regulations made there under, the court may, instead of making an order for confiscation of such computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, make such other order authorized by this Act against the person contravening of the provisions of this Act, rules, orders or regulations made there under as it may think fit.

Explanation: The aforesaid section highlights that all devices whether computer, computer system, floppies, compact disks, tape drives or any other storage, communication, input or output device which helped in the contravention of any provision of this Act, rules, orders, or regulations made under there under liable to be confiscated.

46

77. Penalties or confiscation not to interfere with other punishments: No penalty imposed or confiscation made under this Act shall prevent the imposition of any other punishment to which the person affected thereby is liable under any other law for the time being in force.

Explanation: The aforesaid section lays down a mandatory condition, which states the Penalties or confiscation not to interfere with other punishments to which the person affected thereby is liable under any other law for the time being in force.

78. Power to investigate offences: Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police officer not below the rank of Deputy Superintendent of Police shall investigate any offence under this Act.

Explanation: The police officer not below the rank of Deputy Superintendent of police shall investigate the offence.

ANALYSIS OF THE STATUTORY PROVISONS:

The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was no legislation on this specialised field. The Act has however during its application has proved to be inadequate to a certain extent. The various loopholes in the Act are-

47

1. The hurry in which the legislation was passed, without sufficient public debate, did not really serve the desired purpose17-

Experts are of the opinion that one of the reasons for the inadequacy of the legislation has been the hurry in which it was passed by the parliament and it is also a fact that sufficient time was not given for public debate.

2. Cyber laws, in their very preamble and aim, state that they are targeted at aiding e-commerce, and are not meant to regulate cyber crime18

Mr. Pavan Duggal holds the opinion that the main intention of the legislators has been to provide for a law to regulate the e-commerce and with that aim the I.T.Act 2000 was passed, which also is one of the reasons for its inadequacy to deal with cases of cyber crime.

3. Cyber torts-

The recent cases including Cyber stalking cyber harassment, cyber nuisance, and cyber defamation have shown that the I.T Act 2000 has not dealt with those offences. Further it is also contended that in future new forms of cyber crime will emerge which even need to be taken care of. Therefore India should sign the cyber crime convention. However the I.T Act 2000 read with the Penal Code is capable of dealing with these felonies.

17

(17) Duggal Pavan, Is This Treaty a Threat, naavi.org

18

(18) ibid note (17)

48

4. Cyber crime in the Act is neither comprehensive nor exhaustive-

Mr. Duggal believes that we need dedicated legislation on cyber crime that can supplement the Indian Penal Code. The contemporary view is held by Mr. Prathamesh Popat who has stated- "The IT Act, 2000 is not comprehensive enough and doesn't even define the term 'cyber crime"19. Mr.Duggal has further commented, India, as a nation, has to cope with an urgent need to regulate and punish those committing cyber crimes, but with no specific provisions to do so. Supporters of the Indian Penal Code School vehemently argue that IPC has stood the test of time and that it is not necessary to incorporate any special laws on cyber crime. This is because it is debated by them that the IPC alone is sufficient for all kinds of crime. However, in practical terms, the argument does not have appropriate backing. It has to be distinctly understood that cyber crime and cyberspace are completely new whelms, where numerous new possibilities and opportunities emerge by the day in the form of new kinds of crimes.20

5. Ambiguity in the definitions-

The definition of hacking provided in section 66 of the Act is very wide and capable of misapplication. There is every possibility of this section being misapplied and in fact the Delhi court has misapplied it. The infamous go2nextjob has made it very clear that what may be the fate of a person who is booked under section 66 or the constant threat under which the citizens are till s. 66 exists in its present form.

Further section 67 is also vague to certain extent. It is difficult to define the term lascivious information or obscene pornographic information. Further
19

(19) Kapoor G.V, Byte by Byte

20

(20) Supra Note 17

49

our inability to deal with the cases of cyber pornography has been proved by the Bal Bharati case.

6. Uniform law-

Mr. Vinod Kumar21 holds the opinion that the need of the hour is a worldwide uniform cyber law to combat cyber crime. Cyber crime is a global phenomenon and therefore the initiative to fight it should come from the same level. E.g. the author of the love bug virus was appreciated by his countrymen.

7. Lack of awareness-

One important reason that the Act of 2000 is not achieving complete success is the lack of awareness among the s about their rights. Further most of the cases are going unreported. If the people are vigilant about their rights the law definitely protects their right. E.g. the Delhi high court in October 2002 prevented a person from selling Microsoft pirated software over an auction site. Achievement was also made in the case before the court of metropolitan magistrate Delhi wherein a person was convicted for online cheating by buying Sony products using a stolen credit card.22

8. Jurisdiction issues-

Jurisdiction is also one of the debatable issues in the cases of cyber crime due to the very universal nature of cyber space. With the ever-growing arms
21

(21) Kumar Vinod, Winning The Battle Against Cyber Crime, p.87 (22) Pavan Duggal, History of Cyber Crime, Times Of India (NEW DELHI), August 31, 2011

22

50

of cyber space the territorial concept seems to vanish. New methods of dispute resolution should give way to the conventional methods. The Act of 2000 is very silent on these issues.

9. Extra territorial application-

Though S.75 provides for extra-territorial operations of this law, but they could be meaningful only when backed with provisions recognizing orders and warrants for Information issued by competent authorities outside their jurisdiction and measure for cooperation for exchange of material and evidence of computer crimes between law enforcement agencies.

10. Raising a cyber army-

By using the word cyber army by no means I want to convey the idea of virtual army, rather I am laying emphasis on the need for a well equipped task force to deal with the new trends of hi tech crime. The government has taken a leap in this direction by constituting cyber crime cells in all metropolitan and other important cities. Further the establishment of the Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI) is definitely a welcome step in this direction. There are many cases in which the C.B.I has achieved success. The present position of cases of cyber crime23 is :

Case 1: When a woman at an MNC started receiving obscene calls, CBI found her colleague had posted her personal details on Mumbaidating.com.

23

(23) www.naavi.org

51

Status: Probe on

Case 2: CBI arrested a man from UP, Mohammed Feroz, who placed ads offering jobs in Germany. He talked to applicants via e-mail and asked them to deposit money in his bank account in Delhi.

Status: Chargesheet not filed

Case 3: The official web-site of the Central Board of Direct Taxes was hacked last year. As Pakistan-based hackers were responsible, authorities there were informed through Interpol.

Status: Pak not cooperating.

11. Cyber savvy bench-

Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the enactment according to the order of the day. One such stage, which needs appreciation, is the P.I.L., which the Kerala High Court has accepted through an email. The role of the judges in todays word may be gathered by the statement- judges carve law is to law ought to be. Mr T.K.Vishwanathan, member secretary, Law Commission , has highlighted the requirements for introducing e-courts in India. In his article published in The Hindu he has stated if there is one area of Governance where IT can make a huge difference to Indian public is in the Judicial System.

12. Dynamic form of cyber crime52

Speaking on the dynamic nature of cyber crime FBI Director Louis Freeh has said, "In short, even though we have markedly improved our capabilities to fight cyber intrusions the problem is growing even faster and we are falling further behind. The (de)creativity of human mind cannot be checked by any law. Thus the only way out is the liberal construction while applying the statutory provisions to cyber crime cases.

13. Hesitation to report offences-

As stated above one of the fatal drawbacks of the Act has been the cases going unreported. One obvious reason is the non-cooperative police force. This was proved by the Delhi time theft case. "The police are a powerful force today which can play an instrumental role in preventing cybercrime. At the same time, it can also end up wielding the rod and harassing innocent s, preventing them from going about their normal cyber business." 24 This attitude of the administration is also revelled by incident that took place at Merrut and Belgam. (for the facts of these incidents refer to naavi.com). For complete realisation of the provisions of this Act a cooperative police force is require.

INFORMATION TECHNLOGY AMENDMENT ACT 2008

The Information Technology Amendment Act, 2008 (IT Act 2008) is a substantial addition to India's Information Technology Act (ITA-2000). The IT Amendment Act was passed by the Indian Parliament in October 2008 and came into force a year later. The Act is administered by the Indian Computer Emergency Response Team (CERT-In).
24

(24) Mehta Dewang, Role of Police in Tackling Internet Crimes

53

The original Act was developed to promote the IT industry, regulate ecommerce, facilitate e-governance and prevent cybercrime. The Act also sought to foster security practices within India that would serve the country in a global context. The Amendment was created to address issues that the original bill failed to cover and to accommodate further development of IT and related security concerns since the original law was passed.

Changes in the Amendment include: redefining terms such as "communication device" to reflect current use; validating electronic signatures and contracts; making the owner of a given IP address responsible for content accessed or distributed through it; and making corporations responsible for implementing effective data security practices and liable for breaches.

The Amendment has been criticized for decreasing the penalties for some cybercrimes and for lacking sufficient safeguards to protect the civil rights of individuals. Section 69, for example, authorizes the Indian government to intercept, monitor, decrypt and block data at its discretion. According to PavanDuggal, a cyber law consultant and advocate at the Supreme Court of India, "The Act has provided Indian government with the power of surveillance, monitoring and blocking data traffic. The new powers under the amendment act tend to give Indian government a texture and color of being a surveillance state." Major amendments to IT Act 2000 are: Electronic Signature Section 2(ta) introduces the term electronic signature. Now digital signature has been made a subset of electronic signature. In the definition of electronic signature it has been given that it includes digital signature.
54

Section 3A has been introduced for electronic signature which says that a subscriber may authenticate electronic records by electronic signature. The authentication was earlier possible only by digital signature. Section 2(tb) has been introduced to define the term electronic signature certificate. Now digital signature certificate has been made a subset of electronic signature certificate.

Cyber Appellate Tribunal The name of Cyber Regulations Appellate Tribunal has been changed to Cyber Appellate Tribunal. Cyber Appellate Tribunal has been made a multi-member entity. This will provide for more expertise for the Tribunal.

Intermediary Definition of intermediary has been modified. As per the amendments in various sections now intermediaries are made more responsible and liable towards their acts. New Section 67C asks intermediaries to preserve and retain certain records for a stated period. New Section 69B is also quite stringent to intermediaries.

For e-governance Section 6A introduced to provide for appointment of Service Providers by appropriate government for e-governance services. Section 7A makes audit of electronic documents mandatory wherever physical documents, records required audit. This provision will put considerable work load on the government.

55

Offences New sections have been introduced to cover new offences. Section 66A Sending offensive messages Section 66B Receiving a stolen computer resource Section 66C Identity theft Section 66D Cheating by personation Section 66E Violation of privacy, video voyeurism Section 66F Cyber Terrorism (Life Sentence) New Sections introduced Section 67A To cover material containing sexually explicit act Section 67B To cover child pornography Section 67C To make intermediaries preserve and retain certain records for a stated period.(Imprisonment 3 years and fine.)

For National Security Purpose Section 69A has been introduced to enable blocking of websites by the central government. Section 69B provides powers to central government to collect traffic data from any computer resource. It could be either in transit or in storage. This move by the government was necessary for national security purpose but it may lead to abuse of power by government.

Other Important Amendments Section 1(4) in the Information Technology Act, 2000 contained a list of documents which were excluded from the applicability of the act. The list
56

has now been moved to Schedule 1 of the ITAA 2008. This move can be considered as a procedural simplification made by the amendment. A notification will be required to make additions or deletions to this list. Every notification issued in this regard shall be laid before each House of Parliament. Some more new definitions added communication device, cyber caf, cyber security. Compensation limit has been removed from Section 43. Section 43A introduced to make body corporate liable to pay damages by way of compensation for failure to protect sensitive personal data or information. No limit has been set for compensation. Changes in Section 46 have brought Civil Court below the High Court into the cyber related disputes for the first time. The powers of the Adjudicator has been limited for claims uptoRs 5 crores. For claims above Rs 5 crores Civil Courts authority has been introduced. In Section 66 dishonesty and fraudulent intention has been made necessary. Section 72A has been introduced for data protection purpose. It provides for punishment for disclosure of information in breach of lawful contract. Imprisonment of 3 years or fine uptoRs 5 lakhs or both for cases relating to data breach has been provided. Section 77A introduced to provide for compounding of offences with punishment upto 3 years. The powers under Section 80 were earlier available to DSP is now available to Inspectors. Section 81 has been amended to keep the primacy of Copyright and Patent Acts above ITA 2000.

57

New Section 84C introduced to make an attempt to commit an offence punishable. The punishment will be half of the punishment meant for the offence. State Governments will be exercising far more powers under the ITAA 2008 than what was envisaged under ITA 2000

CYBER CRIMES CONVICTIONS AND JUDGEMENTS IN INDIA25

Case 1: First conviction in India

A complaint was filed in by Sony India Private Ltd, which runs a website called sony-sambandh.com, targeting Non Resident Indians. The website enables NRIs to send Sony products to their friends and relatives in India after they pay for it online.

The company undertakes to deliver the products to the concerned recipients. In May 2002,someone logged onto the website under the identity of Barbara Campa and ordered a Sony Colour Television set and a cordless head phone. A lady gave her credit card number for payment and requested that the products be delivered to ArifAzim in Noida. The payment was duly cleared by the credit card agency and the transaction processed. After following the relevant procedures of due diligence and checking, the company delivered the items to ArifAzim.

At the time of delivery, the company took digital photographs showing the delivery being accepted by ArifAzim.

25

(25) www.alertindian.com

58

The transaction closed at that, but after one and a half months the credit card agency informed the company that this was an unauthorized transaction as the real owner had denied having made the purchase.

The company lodged a complaint for online cheating at the Central Bureau of Investigation which registered a case under Section 418, 419 and 420 of the Indian Penal Code.

The matter was investigated into and ArifAzim was arrested. Investigations revealed that ArifAzim, while working at a call centre in Noida gained access to the credit card number of an American national which he misused on the companys site.

The CBI recovered the colour television and the cordless head phone.

The accused admitted his guilt and the court of ShriGulshan Kumar Metropolitan Magistrate, New Delhi, convicted ArifAzim under Section 418, 419 and 420 of the Indian Penal Code this being the first time that a cyber crime has been convicted.

The court, however, felt that as the accused was a young boy of 24 years and a first-time convict, a lenient view needed to be taken. The court therefore released the accused on probation for one year.

Case-2: First juvenile accused in a cyber crime case

59

In April 2001 a person from New Delhi complained to the crime branch regarding the website. Amazing.com, he claimed, carried vulgar remarks about his daughter and a few of her classmates. During the inquiry, printouts of the site were taken and proceedings initiated.

After investigation a student of Class 11 and classmate of the girl was arrested.

The juvenile board in Nov 2003 refused to discharge the boy accused of creating a website with vulgar remarks about his classmate.

The accuseds advocate had sought that his client be discharged on the ground that he was not in a stable state of mind. Seeking discharge, the advocate further said that the trial has been pending for about two years.

While rejecting the accuseds application, metropolitan magistrate SantoshSnehi Mann said: The mental condition under which the juvenile came into conflict with the law shall be taken into consideration during the final order. Mann, however, dropped the sections of Indecent Representation of Women (Prohibition) Act.

The accused would face trial under the Information Technology Act and for intending to outrage the modesty of a woman. She held the inquiry could not be closed on technical ground, especially when the allegations were not denied by the accused.
60

Case 3: First case convicted under Information Technology Act 2000 of India

The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. E-Mails were also forwarded to the victim for information by the accused through a false email account opened by him in the name of the victim. The posting of the message resulted in annoying phone calls to the lady in the belief that she was soliciting.

Based on a complaint made by the victim in February 2004, the Police traced the accused to Mumbai and arrested him within the next few days. The accused was a known family friend of the victim and was reportedly interested in marrying her. She however married another person. This marriage later ended in divorce and the accused started contacting her once again. On her reluctance to marry him, the accused took up the harassment through the Internet.

On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC before The Honble Addl. CMM Egmore by citing 18 witnesses and 34 documents and material objects. The same was taken on file in C.C.NO.4680/2004. On the prosecution side 12 witnesses were examined and entire documents were marked.

The Defence argued that the offending mails would have been given either by ex-husband of the complainant or the complainant her self to implicate
61

the accused as accused alleged to have turned down the request of the complainant to marry her.

Further the Defence counsel argued that some of the documentary evidence was not sustainable under Section 65 B of the Indian Evidence Act. However, the court based on the expert witness of Naavi and other evidence produced including the witness of the Cyber Cafe owners came to the conclusion that the crime was conclusively proved.

The court has also held that because of the meticulous investigation carried on by the IO, the origination of the obscene message was traced out and the real culprit has been brought before the court of law. In this case Sri S. Kothandaraman, Special Public Prosecutor appointed by the Government conducted the case.

Honourable Sri.Arulraj, Additional Chief Metropolitan Magistrate, Egmore, delivered the judgement on 5-11-04 as follows:

The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.

62

Case 4: Father & son convicted under IT act in Kerala

The Additional District and Sessions Court here has upheld a lower courts verdict in the first cyber case filed in the State sentencing a Pentecostal Church priest and his son to rigorous imprisonment in 2006.

Disposing of the appeal filed by the priest T.S. Balan and his son, AneeshBalan, against the order of the Chief Judicial Magistrate, on Wednesday,

Additional District Judge T.U. Mathewkutty said it was time the government took effective measures to check the growing trend of cyber crimes in the State. The court upheld the magistrates order sentencing the two to three-year rigorous imprisonment and imposing a fine of Rs. 25,000 under Section 67 of the information technology (IT) Act; awarding six months rigorous imprisonment under Section 120(B) of the Indian Penal Code; and ordering one year rigorous imprisonment and imposing a fine of Rs. 10,000 under Section 469 of the code.

The court revoked the sentence under Section 66 of the IT Act.

The cyber case dates back to January-February 2002 and the priest and his son became the first to be convicted of committing a cyber crime.

The two were found guilty of morphing, web-hosting and e-mailing nude pictures of Pastor Abraham and his family.
63

Balan had worked with the pastor until he fell out with him and was shown the door by the latter.

Balan joined the Sharon Pentecostal Church later.

The prosecution said the duo had morphed photographs of Abraham, his son, Valsan Abraham, and daughter, Starla Luke, and e-mailed them from fake mail IDs with captions.

The morphed pictures were put on the web and the accused, who edited a local magazine called The Defender, wrote about these photos in his publication.

Valsan received the pictures on the Internet and asked his father to file a complaint to the police. A police party raided the house ofBalan and his son at Perumbavoor and collected evidences.

The magistrates verdict came after a four-year trial, for which the court had to procure a computer with Internet connection and accessories.

The police had to secure the services of a computer analyst too to piece together the evidences. Twenty-nine witnesses, including the internet service provider and Bharat Sanchar Nigam Ltd., had to depose before the court.

64

Case 5: Well-known orthopaedist in Chennai got life Dr. L Prakash stood convicted of manipulating his patients in various ways, forcing them to commit sex acts on camera and posting the pictures and videos on the Internet.

The 50-year-old doctor landed in the police net in December 2001 when a young man who had acted in one of his porn films lodged a complaint with the police.

Apparently the doctor had promised the young man that the movie would be circulated only in select circles abroad and had the shock of his life when he saw himself in a porn video posted on the web.

Subsequent police investigations opened up a Pandora's box. Prakash and his younger brother, settled in the US, had piled up close to one lakh shots and video footages, some real and many morphed.

They reportedly minted huge money in the porn business, it was stated.

Fast track court judge R Radha, who convicted all the four in Feb 2008 , also imposed a fine of Rs 1.27 lakh on Prakash, the main accused in the case, and Rs 2,500 each on his three associates - Saravanan, Vijayan and AsirGunasingh.

The Judge while awarding life term to Prakash observed that considering the gravity of the offences committed by the main accused, maximum punishment under the Immoral Trafficking Act (life imprisonment) should be given to him and no leniency should be shown.
65

The Judge sentenced Prakash under the Immoral Trafficking Act, IPC, Arms Act and Indecent Representation of Women (Prevention) Act among others.

Case 6:Juvenile found guilty for sending threatening email

A 16 year old student from Ahmedabad who threatened to blow up Andheri Railway station in an email message was found guilty by the Juvenile court in Mumbai.

A private news channel received an email on 18 March 2008 claiming sender as DawoodIbrahim gang saying a bomb would be planted on an unspecified train to blow it up.

The case was registered in Andheri Police station under section 506 of IPC and transfered to cyber crime investigation cell. During Investigation CCIC traced the cyber cafe from which the email account was created and threatening email was sent.

Cafe owner told police about freinds which had come that day to surf the net. Police summoned them and found that the system which was used to send email was accessed by only one customer. On 22nd March 08, police arrested the boy a Class XII science student who during interrogation said that he sent the email for fun of having his prank flashed as breaking news on television.

66

Case 7:Two Nigerians sentenced 7 years RI for online fraud

A local court in Malappuram district in Kerala sentenced two Nigerians to five years rigorous imprisonment on July 20, 2011 in a cyber-crime case. The two had cheated a doctor in the district of Rs 30 lakh about two years ago. Johnson Nwanonyi(32) and Michel Obiorahmuozboa (34), both hailing from Anambra state in Nigeria, were sentenced each under sections 420(cheating)-5 years, and 468(forgery)-5 years of IPC and section 66(D) (phishing) of Information Technology (Amendment) Act 2008 -2 years and a fine of Rs 1.25 lakh by a Chief Judicial Magistrate V Dileep in Manjeri in Malappuram district. The sentence would run concurrently.

According to the charges filed by the Karipur police, the duo had cheated the doctor Dr C C Thomas, hailing from Valluvambram in Malappuram district after they sent an e-mail inviting application to recover a huge sum of unclaimed money left behind by a Nigerian businessman. They had advertised that the money, kept aside for charitable hospital, was lying unclaimed in a bank. When the doctor responded to the e-mail, they tricked him by asking to pay Rs 30 lakh as processing fee. But a planned move by the police and the doctor succeeded when the Nigerians were lured into Kerala in March 2010. They were then arrested by the Karipur police. The strong evidence based on which the prosecution presented the case became crucial in the first verdict against financial fraud under the IT Act. Deputy Director for Prosecution V C Ismayil appeared for the prosecution.

Case 8:AP High Court dismisses Google's Petition contending being intermediary it cannot be held liable for defamation
67

THE HONOURABLE SRI JUSTICE SAMUDRALA GOVINDARAJULU, AP High Court Crl.P.No.7207 OF 2009 19-04-2011

Google India Pvt. Ltd., M/s.Visaka Industries Limited and another Counsel for the Petitioner : Sri NunepallyHarinath Counsel for the 1st Respondent: Sri N.V.Anantha Krishna Counsel for the 2nd respondent: Public Prosecutor

:ORDER:

The petitioner/A-2 is accused of offences punishable under Sections 120-B, 500, 501/34 I.P.C in C.C. No.679 of 2009 on the file of XI Additional Chief Metropolitan Magistrate, Secunderabad along with another. The petitioner/A-2 is Google India Private Limited represented by its Managing Director (Sales and Operations). The 1st respondent/complainant is Visaka Industries Limited, Secunderabad represented by its authorised signatory who is its Deputy Manager- Legal. The complainant is engaged in business of manufacturing and selling of Asbestos cement sheets and allied products. It is alleged that A-1 viz., Gopala Krishna is a Co-ordinator "Ban Asbestos India" a group which is hosted by A-2 and publishes regular articles in the said group and that on 21.11.2008 an article was published in the said group and it was captioned as "poisoning the system; Hindustan Times" aiming at a single manufacturer of Asbestos cement products viz., the complainant and names of renowned politicians of the country G.VenkataSwamy and Sonia Gandhi who have nothing to do with the ownership or management of the
68

complainant-company were named in that article. It is further alleged that on 31.07.2008 another article captioned as "Visaka Asbestos Industries making gains" and that both the above articles contained defamatory statements against the complainant and they are available in Cyber space in the form of articles for world wide audience. In the complaint, details of defamatory remarks made in several other articles published by A-1 in A-2 group are given in detail, which details may not be necessary for the purpose of disposal of this criminal petition.

2) It is contended by the senior counsel appearing for the petitioner/A-2 that actions of intermediaries such as Google Inc., which is a service provider providing platform for end users to upload content, does not amount to publication in law and consequently the question of holding such intermediaries liable for defamation does not arise. Senior Counsel appearing for the petitioner placed reliance on Section 79 of the Information Technology Act, 2000 (in short, the Act) in support of this contention.

3) Section 79 which occurs in Chapter XII of the Act originally as it stood enacted in the year 2000 reads as follows:

"CHAPTER XII NETWORK SERVICE PROVIDERS NOT TO BE LIABLE IN CERTAIN CASES

79. Network service providers not to be liable in certain cases: For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence
69

to prevent the commission of such offence or contravention. Explanation. For the purposes of this section, (a) "network service provider" means an intermediary; (b) "third party information" means any information dealt with by a network service provider in his capacity as an intermediary."

The said provision exempts network service providers from liability under the Act, rules or regulations made thereunder for any third party information or data made available by him. It did not exempt a network service provider from liability muchless criminal liability for the offences under other laws or more particularly under the Indian Penal Code. Further, the above provision exempts network service provider from liability, only on proof that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention. Proof in that regard can be let in by way of leading evidence by the accused. Therefore, the said question is a question of fact which this Court may not go into in this petition filed under Section 482 Cr.P.C.

4) Chapter XII of the Act including Section 79 was amended by the Information Technology (Amendment) Act, 2008 (10 of 2009) dated 05.02.2009 with effect from 27.10.2009 by way of substituting the following in the place of original chapter:

"CHAPTER XII INTERMEDIARIES NOT TO BE LIABLE IN CERTAIN CASES 79. Exemption from liability of intermediary in certain cases: (1) Notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-sections (2) and (3), an
70

intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him. (2) The provisions of sub-section (1) shall apply if- (a) the functions of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; or (b) the intermediary does not(i) initiate the transmission, (ii) select the receiver of the transmission, and (iii) select or modify the information contained in the transmission; (c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf. (3) The provisions of Sub-section(1) shall not apply if(a) The intermediary has conspired or abetted or aided or induces whether by threats or promise or otherwise in the commission of the unlawful act; (b) upon receiving actual knowledge, or on being notified by information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner. Explanation.- For the purposes of this section, the expression "third party information" means any information dealt with an intermediary in his capacity as an intermediary."

It is only under the said amendment, non-obstenti clause was incorporated in Section 79 keeping application of other laws outside the purview in a fact
71

situation covered by the said provision. Now, after the amendment, an intermediary like a network service provider can claim exemption from application of any other law in respect of any third party information, data or communication link made available or hosted by him; provided he satisfied the requirements under Sub-section (2) of Section 79. Further, as per amended Sub- section (3) of Section 79, the exemption under Sub-section (1) cannot be applied by any Court and cannot be claimed by any intermediary in case the intermediary entered into any conspiracy in respect thereof. Also, the intermediary cannot claim exemption under Sub-section (1) in case he fails to expeditiously remove or disable access to the objectionable material or unlawful activity even after receiving actual knowledge thereof. In the case on hand, in spite of the 1st respondent issuing notice bringing the petitioner about dissemination of defamatory material and unlawful activity on the part of A-1 through the medium of A-2, the petitioner/A-2 did not move its little finger to block the said material or to stop dissemination of the unlawful and objectionable material. Therefore, the petitioner/A-2 cannot claim any exemption either under Section 79 of the Act as it stood originally or Section 79 of the Act after the amendment which took effect from 27.10.2009. The present case in the lower Court was instituted in January, 2009 relating to the offences which are being perpetrated from 31.07.2009 onwards i.e., since long prior to the amendment to the said provision.

5) There is no exemption of any criminal liability in respect of a company which is a juristic person and which has no body that can be damned or contemned. In case found guilty, the petitioner company can be awarded with appropriate punishment though not corporal punishment. In that view of the matter, I find no merit in this criminal petition.

6) Accordingly, the Criminal Petition is dismissed.

72

PREVENTION OF CYBER CRIME:

Prevention is always better than cure. It is always better to take certain precaution while operating the net. Saileshkumar Zarkar, technical advisor and network security consultant to the Mumbai Police Cyber crime Cell, advocates the 5P mantra for online security: Precaution, Prevention, Protection, Preservation and Perseverance26. A citizen should keep in mind the following things-

1.

To prevent cyber stalking avoid disclosing any information pertaining to one self. This is as good as disclosing your identity to strangers in public place.

2.

Always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.

3.

Always use latest and up dateanti virus software to guard against virus attacks.

4.

Always keep back up volumes so that one may not suffer data loss in case of virus contamination

26

(26) www.mediatimes.biz

73

5.

Never send your credit card number to any site that is not secured, to guard against frauds.

6.

Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children.

7.

It is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.

8.

Web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this.

9.

Use of firewalls may be beneficial.

10.

Web servers running public sites must be physically separate protected from internal corporate network.

Adjudication of a Cyber Crime - On the directions of the Bombay High Court the Central Government has by a notification dated 25.03.03 has decided that the Secretary to the Information Technology Department in each state by designation would be appointed as the AO for each state.

CONCLUSION:

74

The capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. I would conclude with a word of caution for the pro-legislation school that it should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and prove to be counter-productive.

75

BIBLIOGRAPHY
THE INFORMATION TECHNOLOGY ACT, 2000 THE INFORMATION TECHNOLOGY AMENDMENT ACT, 2008 GLANVILLE WILLIAMS

Duggal Pawan, THE INTERNET: LEGAL DIMENSIONS Nagpal Rohas, WHAT IS CYBER CRIME Nagapl Rohas, DEFINING CYBER TERRORISM Duggal Pawan, IS THIS TREATY A THREAT Kapoor G.V, BYTE BY BYTE Kumar Vinod, WINNING THE BATTLE AGAINST CYBER CRIME Mehta Dewang, ROLE OF POLICE IN TACKLING INTERNET CRIMES CYBER TERRORISM- THE DARK SIDE OF THE CYBER WORLD, www.legalserviceindia.com www.alertindian.com www.mediatimes.biz

HINDUSTAN TIMES TIMES OF INDIA

76

77