CA Rajkumar S. Adukia
“Cyber” is a prefix used to describe a person, thing, or idea as part of the computer and information age. Taken from kybernetes, Greek word for “steersman” or “governor,” it was first used in cybernetics, a word coined by Norbert Wiener and his colleagues. The virtual world of internet is known as cyberspace and the laws governing this area are known as Cyber laws and all the netizens of this space come under the ambit of these laws as it carries a kind of universal jurisdiction. Cyber law can also be described as that branch of law that deals with legal issues related to use of inter-networked information technology. In short, cyber law is the law governing computers and the internet.
The growth of Electronic Commerce has propelled the need for vibrant and effective regulatory mechanisms which would further strengthen the legal infrastructure, so crucial to the success of Electronic Commerce. All these regulatory mechanisms and legal infrastructures come within the domain of Cyber law.
Cyber law is important because it touches almost all aspects of transactions and activities on and involving the internet, World Wide Web and cyberspace. Every action and reaction in cyberspace has some legal and cyber legal perspectives.
Cyber law encompasses laws relating to –
• Cyber crimes
• Electronic and digital signatures
• Intellectual property
• Data protection and privacy
1.1. History of Internet and World Wide Web
The Internet is a global system of interconnected computer networks that use the standardized Internet Protocol Suite (TCP/IP). It is a network of networks that consists of millions of private and public, academic, business, and government networks of local to global scope that are linked by copper wires, fiber-optic cables, wireless connections, and other technologies. The Internet carries a vast array of information resources and services, most notably the inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructure to support electronic mail, in addition to popular services such as online chat, file transfer and file sharing, online gaming, and Voice over Internet Protocol (VoIP) person-to-person communication via voice and video.
The origins of the Internet dates back to the 1960s when the United States funded research projects of its military agencies to build robust, fault-tolerant and distributed computer networks. This research and a period of civilian funding of a new U.S. backbone by the National Science Foundation spawned worldwide participation in the development of new networking technologies and led to the commercialization of an international network in the mid 1990s, and resulted in the following popularization of countless applications in virtually every aspect of modern human life.
The terms Internet and World Wide Web are often used in everyday speech without much distinction. However, the Internet and the World Wide Web are not one and the same. The Internet is a global data communications system. It is a hardware and software infrastructure that provides connectivity between computers. In contrast, the Web is one of the services communicated via the Internet. It is a collection of interconnected documents and other resources, linked by hyperlinks and Uniform Resource Locator [URLs].
The World Wide Web was invented in 1989 by the English physicist Tim Berners-Lee, now the Director of the World Wide Web Consortium, and later assisted by Robert Cailliau, a Belgian computer scientist, while both were working at CERN in Geneva, Switzerland. In 1990, they proposed building a ??web of nodes?? storing ??hypertext pages?? viewed by ??browsers?? on a network and released that web in December.
Overall Internet usage has seen tremendous growth. From 2000 to 2009, the number of Internet users globally rose from 394 million to 1.858 billion. By 2010, 22 percent of the world?s population had access to computers with 1 billion Google searches every day, 300 million Internet users reading blogs, and 2 billion videos viewed daily on YouTube.
After English (27%), the most requested languages on the World Wide Web are Chinese (23%), Spanish (8%), Japanese (5%), Portuguese and German (4% each), Arabic, French and Russian (3% each), and Korean (2%). By region, 42% of the world?s Internet users are based in Asia, 24% in Europe, 14% in North America, 10% in Latin America and the Caribbean taken together, 6% in Africa, 3% in the Middle East and 1% in Australia/Oceania.
1.2. Need for Cyber law
In today’s techno-savvy environment, the world is becoming more and more digitally sophisticated and so are the crimes. Internet was initially developed as a research and information sharing tool and was in an unregulated manner. As the time passed by it became more transactional with e-business, e-commerce, e-governance and e-procurement etc. All legal issues related to internet crime are dealt with through cyber laws. As the number of internet users is on the rise, the need for cyber laws and their application has also gathered great momentum.
In today’s highly digitalized world, almost everyone is affected by cyber law. For example:
• Almost all transactions in shares are in demat form.
• Almost all companies extensively depend upon their computer networks and keep their valuable data in electronic form.
• Government forms including income tax returns, company law forms etc. are now filled in electronic form.
• Consumers are increasingly using credit cards for shopping.
• Most people are using email, cell phones and SMS messages for communication.
• Even in “non-cyber crime” cases, important evidence is found in computers / cell phones e.g. in cases of divorce, murder, kidnapping, tax evasion, organized crime, terrorist operations, counterfeit currency etc.
• Cyber crime cases such as online banking frauds, online share trading fraud, source code theft, credit card fraud, tax evasion, virus attacks, cyber sabotage, phishing attacks, email hijacking, denial of service, hacking, pornography etc are becoming common.
• Digital signatures and e-contracts are fast replacing conventional methods of transacting business.
Technology per se is never a disputed issue but for whom and at what cost has been the issue in the ambit of governance. The cyber revolution holds the promise of quickly reaching the masses as opposed to the earlier technologies, which had a trickledown effect. Such a promise and potential can only be realized with an appropriate legal regime based on a given socio-economic matrix.
1.3. Cyber crime on the rise
A major programme has been initiated on development of cyber forensics specifically cyber forensic tools, setting up of infrastructure for investigation and training of the users, particularly police and judicial officers in use of this tool to collect and analyze the digital evidence and present them in Court.
Indian Computer Emergency Response Team (CERT-In) and Centre for Development of Advanced Computing (CDAC) are involved in providing basic and advanced training of Law Enforcement Agencies, Forensic labs and judiciary on the procedures and methodology of collecting, analyzing and presenting digital evidence.
Cyber forensic training lab has been set up at Training Academy of Central Bureau of Investigation (CBI) to impart basic and advanced training in Cyber Forensics and Investigation of Cyber Crimes to Police Officers associated with CBI. In addition, Government has set up cyber forensic training and investigation labs in Kerala, Assam, Mizoram, Nagaland, Arunachal Pradesh, Tripura, Meghalaya, Manipur and Jammu & Kashmir.
In collaboration with Data Security Council of India (DSCI), NASSCOM, Cyber Forensic Labs have been set up at Mumbai, Bengaluru, Pune and Kolkata. DSCI has organized 112 training programmes on Cyber Crime Investigation and awareness and a total of 3680 Police officials, judiciary and Public prosecutors have been trained through these programmes.
Indian Computer Emergency Response Team (CERT-In) issues alerts, advisories and guidelines regarding cyber security threats and measures to be taken to prevent cyber incidents and enhance security of Information Technology systems.
1.4. Important terms related to cyber law
“Access” with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. (Sec.2(1)(a) of IT Act, 2000)
“Addressee” means a person who is intended by the originator to receive the electronic record but does not include any intermediary. (Sec.2(1)(b) of IT Act, 2000)
“Affixing Electronic Signature” with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of Electronic Signature. (Sec.2(1)(d) of IT Act, 2000)
“Asymmetric Crypto System” means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature. (Sec.2(1)(f) of IT Act, 2000)
“Certifying Authority” means a person who has been granted a license to issue a Electronic Signature Certificate under section 24. (Sec.2(1)(g) of IT Act, 2000)
“Communication Device” means Cell Phones, Personal Digital Assistance (Sic), or combination of both or any other device used to communicate, send or transmit any text, video, audio, or image. (Sec.2(1)(ha) of IT Act, 2000)
“Computer” means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network (Sec.2(1)(i) of IT Act, 2000)
“Computer Network” means the interconnection of one or more Computers or Computer systems or Communication device through-
(i) the use of satellite, microwave, terrestrial line, wire, wireless or other communication media; and
(ii) terminals or a complex consisting of two or more interconnected computers or communication device whether or not the interconnection is continuously maintained. (Sec.2(1)(j) of IT Act, 2000)
“Computer Resource” means computer, communication device, computer system, computer network, data, computer database or software. (Sec.2(1)(k) of IT Act, 2000)
“Computer System” means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data, and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions. (Sec.2(1)(l) of IT Act, 2000)
“Cyber cafe” means any facility from where access to the Internet is offered by any person in the ordinary course of business to the members of the public. (Sec.2(1)(na) of IT Act, 2000)
“Cyber Security” means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction. (Sec.2(1)(nb) of IT Act, 2000)
(o) “Data” means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer. (Sec.2(1)(o) of IT Act, 2000)
(p) “Digital Signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3. (Sec.2(1)(p) of IT Act, 2000)
“Electronic Form” with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device. (Sec.2(1)(r) of IT Act, 2000)
“Electronic Record” means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche. (Sec.2(1)(t) of IT Act, 2000)
“Electronic signature” means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature. (Sec.2(1)(ta) of IT Act, 2000)
“Function”, in relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer. (Sec.2(1)(u) of IT Act, 2000)
“Information” includes data, message, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche. (Sec.2(1)(v) of IT Act, 2000)
“Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes. (Sec.2(1)(w) of IT Act, 2000)
“Key Pair”, in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key. (Sec.2(1)(x) of IT Act, 2000)
“Originator” means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary. (Sec.2(1)(za) of IT Act, 2000)
“Private Key” means the key of a key pair used to create a digital signature. (Sec.2(1)(zc) of IT Act, 2000)
“Public Key” means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate. (Sec.2(1)(zd) of IT Act, 2000)
“Secure System” means computer hardware, software, and procedure that -:
(a) are reasonably secure from unauthorized access and misuse;
(b) provide a reasonable level of reliability and correct operation;
(c) are reasonably suited to performing the intended functions; and
(d) adhere to generally accepted security procedures. (Sec.2(1)(ze) of IT Act, 2000)
“Subscriber” means a person in whose name the Electronic Signature Certificate is issued. (Sec.2(1)(zg) of IT Act, 2000)
To Read more