The advent of computers has been a boom to students, lawyers, businessmen, doctors, teachers….and lastly criminals. Unauthorised access and damage to property, theft, and the distribution of obscene and indecent materials are all kinds of familiar crimes; and have assumed new dimensions with the emergence of internet. The internet is fast becoming a way of life for millions of people. However it is also being transformed into haven for criminals as the crime rates on internet is increasing at an alarming rate each day which will be discussed further.
There have been various kinds of computer and internet related crimes. The most common amongst these is the use of viruses to corrupt or destroy data stored in computer systems. These viruses can be attached to e mails, FTPed programmes, etc. Other forms of crimes such as fraud, robbery and forgery also exist in cyber world. Bogus schemes on the internet have already robbed many people of a vast amount of money. The internet also makes defamation, assault on a person’s character, and many more. In fact with the growth of crimes through internet it is directly proportional to the growth cyber world and reason of its potential threat on our society of various crimes that can be committed and attempted.
In India, the Information Technology Act 2000 was enacted after the United Nation General Assembly Resolution A/RES/51/162, dated the 30th January, 1997 by adopting the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law. This was the first step towards the Law relating to e-commerce at international level to regulate an alternative form of commerce and to give legal status in the area of e-commerce. It was enacted taking into consideration UNICITRAL model of Law on e- commerce 1996.
New technologies create new criminal opportunities but few new types of crime. What distinguishes cybercrime from traditional criminal activity? Obviously, one difference is the use of the digital computer, but technology alone is insufficient for any distinction that might exist between different realms of criminal activity. Criminals do not need a computer to commit fraud, traffic in child pornography and intellectual property, steal an identity, or violate someone’s privacy. All those activities existed before the “cyber” prefix became ubiquitous. Cybercrime, especially involving the Internet, represents an extension of existing criminal behaviour alongside some novel illegal activities.
Challenges to the Criminal Justice System
Ordinarily, the law keeps pace with the technology changes in society. However, rapid technological changes and advancement like the internet clearly threaten to leave the law behind. To a technical specialist, the internet is a global network of computers based on TCP/IP and other high speed communications protocols with thousands of nodes and millions of users. For the rest of the world, the internet is an exciting way to communicate. The main uses of the internet are to exchange electronic mail, transfer of files between computers, and remotely access host computers.
Unfortunately, the wide variety of information that can be transferred, the open, unregulated nature of the internet, and the irrelevance of geography means that the internet also provides fertile ground for criminal enterprise. Since, internet is composed of computers, crimes occurring on internet are “computer crimes”. But defining a ‘computer crime’ is difficult as a computer can be the subject or object of a crime. Subject as it can be used for the purpose of criminal activity and object as it target any computer or network to access info or some king of illegal activity.
Science internet’s strength and purpose is facilitation of communication, traditional crimes such as conspiracy, solicitation fraud and even espionage can be committed via internet. The problem, however lies not in the fact that so many diverse kinds of crimes can be committed using the internet but the fact that exist is criminal law might be ill equipped to deal with this high sophisticated medium of committing crime.
This challenge is posed due to two fundamental aspects:
- The relative newness of the internet and the corresponding antiquity of the present law in force.
- The irrelevance of geography, which poses serious question with regards to jurisdictional matters that are fundamental for any criminal proceeding.
It must realised that these challenges are fundamental. It is hence essential that the nature of these crimes be understood; only then there can be any progress in moving towards meeting them successfully.
We must remember that the basic Indian law of crimes, i.e. the Indian Penal Code, 1860 (IPC) has no definition of a computer crime. That is understandable owing to the fact that at the time of its framing there was no such Information technology Act, 2000, this was the law applicable to all cybercrimes. Also the IPC will still apply to all these circumstances as section 77 of IT Act provides liability under any other law. So the substantive provision of the IPC still do apply to such offences. Therefore, it is worthwhile to examine cybercrime in the context of IPC.
Ingredients of Crime:
The definition of a crime has always been regarded as a matter of great difficulty. It is a general principal of criminal law that a person may be convicted of a crime unless the prosecution has proved beyond all doubts that:
- He has caused a certain event, responsibility is to be attributed to him for the existence of a certain state of affairs, which is forbidden by criminal law; and
- He had a defined state of mind in relation to the causing of the event or the existence of the state of affairs.
Actus Reus in Internet Crimes:
The element of actus reus in internet crimes is relatively easy to identify, but is not always easy to prove. The fact is that it can be termed as a crime can be said to have taken place when a person is:
- Trying to make a computer function.
- Trying to access data stored on a computer which has access to data stored outside like a hacker uses an authorised persons password to login to any company’s main server, hoping to gain access to the company’s consumer details would still be considered as being held in a computer.
- If he or she uses the internet to attempt to gain access, signals pass through various computers. Each of these computers is made to perform a function on the instruction which the person gave to the first computer in the chain. Each such function can be said to constitute actus reus.
- Attempting to login, even if those attempts fail. This is because most hackers have an automated system of trying passwords, the very running of which can be considered to be a function being performed.
Mens Rea in Internet Crimes:
An essential ingredient for determining Mens Rea on the part of the offender is that he or she must have been aware at the time of causing the computer to perform the function that the access intended to be secured was unauthorised. There must be, on the part the hacker, intention to secure access, through this intention can be directed at any computer and not at a particular computer. Thus, the hacker need not be aware of which computer he or she is exactly attacking. Further, this intention to secure access also need not be directed at any particular, or particular kind of, programme or data. It is enough that the hacker intended to secure access to programmes or data per se.
Thus, there are two vital ingredients for Mens rea to be applied to a hacker:
- The access intended to be secured must have been unauthorized;
- The hacker should have been aware of the same at the same time he or she tried to secure the access.
The second ingredient is easier to prove if the accused hacker is a person from outside who has no authority whatsoever to access the data stored in the computer or the computers, however, it is difficult to prove the same in the case of a hacker with limited authority.
Types of internet Crimes
Hacker is computer expert who uses his knowledge to gain unauthorized access to the computer network. He’s not any person who intends to break through the system but also includes one who has no intent to damage the system but intends to learn more by using one’s computer. Information Technology Act, 2000 doesn’t make hacking per se an offence but looks into factor of mens rea. Crackers on other hand use the information cause disruption to the network for personal and political motives. Hacking by an insider or an employee is quite prominent in present date. Section 66 (b) of the Information Technology Act, 2000, provides punishment of imprisonment for the term of 3 years and fine which may extent to two lakhs rupees, or with both.
Banks and other financial institutions are threatened by the terrorist groups to use their sensitive information resulting in heavy loss and in turn ask for ransom amount from them. There are various methods used by hackers to gain unauthorised access to the computers apart from use of viruses like Trojans and worms etc.
“Mere Accessing” of Criminal Information on the Internet
There are a number of sites on the Internet that are hosts to some criminal activity or the other. These are openly flaunted and advertised on the net. Some of these sites provide a complete guide to crimes and how to commit them on the net, while others have directories of passwords that can be used to gain access to restricted sites, mostly pornographic sites.
It is quite a difficult task to point out the precise statutory crime being committed by individuals who access such sites. The apparent lack of any law against such acts by users has encouraged the proliferation of such sites on the Internet. It cannot be denied that such sites have the potential to make crime on the net as also otherwise uncontrollable. There are a number of sites, which provide ready to use manuals for making bombs including chemical and biological weapons. However, the problem with framing any law against “mere accessing” of such a site is that it would be difficult to sustain any prosecution without proving intention. It might also result in criminalization of the innocent act of just accessing such a site. For example, if a regular user of a credit card accesses a site giving information about how to commit scams related to credit cards so that he may be aware of pre-empting steps which he can take, he might be liable to be prosecuted under such a law.
Fraud on the Internet
Internet fraud is a form of white-collar crime whose growth may be as rapid and diverse as the growth of the Internet itself. For our purposes, the term “Internet fraud” may be broadly defined as any fraud committed through or with the aid of computer programming or Internet-related communications such as websites, email, and chat rooms. According to the consumer organization, Internet Fraud Watch, the number of consumer complaints it receives about Internet fraud schemes has risen dramatically in recent times.
The types of Internet fraud schemes that law enforcement authorities are identifying extend well beyond securities-based transactions to many other situations, such as spurious investment and business opportunities, online auctions, sales of computer and Internet related products and services, and credit card issuing. In fact, the diversity of areas in which the Internet is being used to defraud people and organizations is astounding.
Alteration and Destruction of Digital Information
The single largest menace facing the world of computers, today, is the threat of corruption and destruction of digital information induced by a human agent with the help of various types of “programmes”. The most commonly known programmes can be classified broadly into the following categories:
A computer virus is a programme designed to replicate and spread, generally with the victim being oblivious to its existence. Computer viruses spread by attaching themselves to other programmes (e.g., word processors or spreadsheets application files) or to the boot sector of a disk. When an infected file is activated-or executed-or when the computer is started from an infected disk, the virus itself is also executed. Often, it lurks in computer memory, waiting to infect the next programme that is activated, or the next disk that is accessed.
- Trojan Horse;
A malicious, security-breaking programme that is disguised as something benign, such as a directory lister, archiver, game, or even a programme to find and destroy viruses.
A programme that propagates itself over a network, reproducing itself as it goes. Nowadays the term has negative connotations, as it is assumed that only crackers write worms. Perhaps the best-known example was Robert T. Morris’s ‘Internet Worm’ of 1988, a ‘benign’ one that got out of control and hogged hundreds of Suns and VAXen across the U.S. . .
- Logic Bombs;
A code surreptitiously inserted into an application or operating system that causes it to perform some destructive or security-compromising activity whenever specified conditions are met.
In this section, the menace created by viruses and legal provisions can be made use of against Trojan horses, worms, logic bombs, etc. There are other computer pathogens, such as the “worms” that occasionally afflict networks and the “trojan horses” that put a deceptively friendly face on malicious programmes, but viruses are the most common computer ill by far. Seeking to avoid hyper technical arguments about what is and is not a “virus”- or a “worm” or a “trojan horse”, etc. and whether they differ from “viruses”, the Computer Abuse Act, 1994, of United States of America outlaws the “transmission of a programme, information, code or command” that cause(s) damage to a computer, computer system, network, information, data or programme”. Any such preventive laws should encompass both existing viruses and any future virus-like creations.
The Menace of Virus
Computer viruses have pervaded popular culture at least as successfully as they have the world’s computer population. Yet, they have not received enough scientific scrutiny. Much of their popular presence is attributable to an obvious but deep biological analogy: computer viruses replicate by attaching themselves to a host (a programme or computer instead of a biological cell) and co-opting the host’s resources to make copies of themselves. Symptoms can range from unpleasant to fatal. Computer viruses spread from programme to programme and computer to computer, much as biological viruses spread within individuals and among individual members of a society.
Most viruses attack personal computers (PCs). More than 10,000 viruses have appeared so far, and unscrupulous programmers generate roughly another six every day.
It is thus clear that the menace of viruses and other such “computer pathogens” has to be regulated and controlled through the creation of a legal regime that is flexible enough to tackle existing as well as future contingencies. It is imperative to look at the present legal system and examine whether it measures up to the challenges posed by such advanced instruments of crime. Under the Indian Penal Code, the offence that can be related to the alteration and destruction of digital information most closely is that of mischief.
Defamation on the Internet
Another grey area is with regard to law of defamation and the Internet. There are a plethora of issues related to Internet defamation. These include questions of jurisdiction and also questions relating to lack of legal awareness amongst people using the Internet. Internet users cannot be regarded as a homogeneous group. It is imperative to distinguish the liability of those who give individuals and corporations access to the Internet from that of individual users. The former includes not only ISP’s but also non-commercial hosts such as universities.
There is no settled definition of pornography or obscenity. What is considered simply sexually explicit but not obscene in USA may well be considered obscene in India. There have been many attempts to limit the availability of pornographic content on the Internet by governments and law enforcement bodies all around the world but with little effect.
Pornography on the Internet is available in different formats. These range from pictures and short animated movies, to sound files and stories. The Internet also makes it possible to discuss sex, see live sex acts, and arrange sexual activities from computer screens. Although the Indian Constitution guarantees the fundamental right of freedom of speech and expression, it has been held that a law against obscenity is constitutional. The Supreme Court has defined obscene as “offensive to modesty or decency; lewd, filthy, repulsive. Section 67 of the IT Act is the most serious Indian law penalizing cyber pornography. Other Indian laws that deal with pornography include the Indecent Representation of Women (Prohibition) Act and the Indian Penal Code.
One type of cybercrime that targets the government in particular is cyber terrorism. It’s a powerful platform for terrorist activity since it can be done in relative anonymity across the entire planet. Cyber terrorism shares similar traits to other cybercrimes. However, it tends to focus on disrupting computer systems and/or intimidating or coercing individuals in order to further a political or religious ideology.
More than ever in history, our society is significantly dependent upon computers. Our financial system, aviation system, and all of our sensitive national security information contained on government computers are potential targets of cyber terrorism.
Cyber terrorism is a real threat. But to keep it in perspective, it is extremely difficult to damage to our infrastructure via the nation’s computer systems. Taking control of government computer systems from the outside is extremely difficult, and requires a great deal of specialized knowledge.
I.T Legislation in India
With the era of globalisation and computerisation started at the Mid 90’s more and more computer linked to emerge into a new era of cyberspace, e commerce and governance. So then most of the international trade and transaction were done with the help of internet and it was quick as well as convenient which turned into a boom in our world and more people and enterprises switched to this new medium of Information Technology.
The United Nations Commission on International Trade Law (UNCITRAL) adopted the Model Law on e-commerce in 1996. The General Assembly of United Nations passed a resolution in January 1997 inter alia, recommending all States in the UN to give favourable considerations to the said Model Law, which provides for recognition to electronic records and according it the same treatment like a paper communication and record.
With this the Act has various grey area which needed to look up and fix it as it’s necessary to be par with the time and technology or else with every update of the internet the law will be left behind which will merely make it as a law inconsistent of its purpose.
- This Act has a contradiction with the jurisdiction issue.
- Electronic commerce is based on the system of domain names. The IT Act, 2000 does not even touch the issues relating to domain names.
- The IT Act, 2000 does not deal with any issues concerning the protection of Intellectual Property Rights in the context of the online environment. Contentious yet very important issues concerning online copyrights, trademarks and patents have been left untouched by the law, thereby leaving many loopholes.
- As the cyber law is growing, so are the new forms and manifestations of cybercrimes. The offences defined in the IT Act, 2000 are by no means exhaustive. These Include:-
- Cyber theft
- Cyber stalking
- Cyber harassment
- Cyber defamation
- Cyber fraud
- Misuse of credit card numbers
- Chat room abuse
- Another grey area of the IT Act is that the same does not touch upon any anti- trust issues.
With the legislation containing these grey areas needed to be fixed as soon as possible. The terrorist activities and attacks on Delhi High Court, Mumbai 26/11, blasts in Ahmadabad are some few reflections of threat to mankind are made with the help of cyber space and technology. The jurisdiction problem is there in the implementation part which should be removed because the cyber criminals does not have any jurisdiction limit then why do the laws have, after all they laws are there, to punish the criminal but present scenario gives them the chance to escape.
Implications of rising cybercrime:
Every day, nearly 150,000 viruses and other malicious codes circulate through cyberspace, affecting 148,000 computers in corporate and government offices. In the US over the course of one year, the amount of information lost to cybercrime nearly doubled, from US$265 million to US$560 million, according to a report by the Internet Crime Complaint Centre (IC3), which is supported by the US Federal Bureau of Investigation.
Consequently, cybercrime requires highly responsive and internationally coordinated control measures, making investigation and reporting of such crimes resource-intensive.
As corporations and government offices are increasingly becoming the target of cyber-attacks, the costs to maintain, protect and restore cyber infrastructure have increased rapidly. In the UK, the annual cost resulting from cybercrime is estimated at GBP27 billion (US$43 billion). A major portion of that is the result of intellectual property (IP) theft, which is expected to account for an annual total of GBP9.2 billion (US$14 billion), while espionage activities are expected to cost more than GBP7 billion (US$11 billion). In Germany, phishing activity is estimated to have increased 70 percent year-over-year in 2010, resulting in a loss of EUR17 million (US$22 million), according to a joint report by the German information technology trade group Bitkom and the German Federal Criminal Police Office.
No one denies the positive and proactive role of cyberspace in today’s world and the dramatic change of our means to work and education through internet. Every technology have a bright as well as a dark side. So we should be aware of this dark side with necessary ways to deal with such condition. The IT Act is a big milestone for setting up a law to deal with cybercrime. It has many advantages as it gave legal recognition to electronic records, transactions, authentication and certification of digital signatures, prevention of computer crimes etc. but at the same time is inflicted with various drawbacks also like it doesn’t refer to the protection of Intellectual Property rights, domain name, cybersquatting etc.
There should be an active participation of government and cyber cell organisation in forming awareness to public and enterprises. They should organise training and education programmes in institutions, companies and common sectors of government. The number of the cyber cops in India should be increased. The jurisdiction problem is there in the implementation part which should be removed because the cyber criminals does not have any jurisdiction limit then why do the laws have, after all they laws are there, to punish the criminal but present scenario gives them the chance to escape.
Unification of internet laws:
There is a need for unification of Internet law so as to reduce the confusion in the application like for publication of harmful contents or such sites, we have Indian Penal Code (IPC), Obscenity Law, Communication Decency law, self-regulation, Information Technology Act 2000, Data Protection Act, Indian Penal Code, Criminal Procedure Code etc. but as they deal with the subject vaguely therefore lacks efficient enforceability mechanism. Due to numerous Laws dealing with the subject there lays confusion as to their applicability, and none of the Law deals with the subject specifically. So what really happens is lack of applicability from various laws and the suggestion is that of unification of laws by merging laws into a code which is efficient enough to tackle with such issue of cybercrime.
The main problem which is seen universal in tackling is lack of enforcement agencies to combat crime relating to internet and bring some level of confidence in users. Present laws lacks proper enforcement and unable to deter the terrorist group from committing cybercrime and the punishment provides by the Act it’s almost inefficient and just provide punishment of 3 years max. There should be harsher law to deal with such alarming rate of serious cybercrime and threat to such financial, information and destruction of computer system. With passage of time and betterment of technology in the present date, has also resulted in numerous number of Information technology related crimes therefore changes are suggested to combat the problem equally fast.
Information Technology Act is applicable to all the persons irrespective of their nationalities (i.e. to non-citizens also) who commits offence under the Information Technology Act outside India, provided the act or conduct constituting the offence or contravention involves computer, computer systems, or computer networks located in India under Section 1 and Section 75 of the Information Technology Act, but this provision lacks practical value until and unless the person can be extradited to India. Therefore it’s advised that we should have Extradition treaties among countries. To make such provisions workable.
Like Iran India should form Cyber Cell unit to up its fight against cybercrime. The designated web watchdog team will be responsible for targeting specific networking websites that engage in espionage and incite riots.
The US Federal Bureau of Investigation (FBI) has established a separate division to address cybercrime in a coordinated manner. In October 2010, the FBI arrested more than 90 people, who were believed to be engaged in an international crime syndicate that hacked into US computer networks to steal US$70 million same can be incorporated in India.
Implementing cyber security measures requires skilled manpower. However, most countries face a shortage of skilled people to counter such cyber-attacks. So by promoting awareness and education we can have an efficient man power to deal serious cyber-attacks.
About the Author
Faculty of Law,
Jamia Milia Islamia University,
(a) By hacking into the site; and
(b) Through external agents such as viruses.