Cyber Law: IT Act, Cybercrimes
Published by Emil Abraham,
Cyber law is any law that applies to the internet and internet-related technologies. Cyber law is one of the newest areas of the legal system. This is because internet technology develops at such a rapid pace. Cyber law provides legal protections to people using the internet. This includes both businesses and everyday citizens. Understanding cyber law is of the utmost importance to anyone who uses the internet. Cyber Law has also been referred to as the "law of the internet."
Areas that are related to cyber law include cybercrime and cybersecurity. With the right cybersecurity, businesses and people can protect themselves from cybercrime. Cybersecurity looks to address weaknesses in computers and networks. The International Cybersecurity Standard is known as ISO 27001
Cybersecurity policy is focused on providing guidance to anyone that might be vulnerable to cybercrime. This includes businesses, individuals, and even the government. Many countries are looking for ways to promote cybersecurity and prevent cybercrime. For instance, the Indian government passed the Information Technology Act in 2000. The main goal of this law is to improve transmission of data over the internet while keeping it safe.
The Information Technology Act
The Information Technology Act, 2000 or ITA, 2000 or IT Act, was notified on October 17, 2000. It is the law that deals with cybercrime and electronic commerce in India. In 1996, the United Nations Commission on International Trade Law (UNCITRAL) adopted the model law on electronic commerce (e-commerce) to bring uniformity in the law in different countries.
Further, the General Assembly of the United Nations recommended that all countries must consider this model law before making changes to their own laws. India became the 12th country to enable cyber law after it passed the Information Technology Act, 2000. While the first draft was created by the Ministry of Commerce, Government of India as the ECommerce Act, 1998, it was redrafted as the ‘Information Technology Bill, 1999’, and passed in May 2000.
Objectives of the IT Act
The Information Technology Act, 2000 provides legal recognition to the transaction done via electronic exchange of data and other electronic means of communication or electronic commerce transactions.
This also involves the use of alternatives to a paper-based method of communication and information storage to facilitate the electronic filing of documents with the Government agencies.
Further, this act amended the Indian Penal Code 1860, the Indian Evidence Act 1872, the Bankers’ Books Evidence Act 1891, and the Reserve Bank of India Act 1934.
The objectives of the Act are as follows:
1. Grant legal recognition to all transactions done via electronic exchange of data or other electronic means of communication or e-commerce, in place of the earlier paper-based method of communication.
2. Give legal recognition to digital signatures for the authentication of any information or matters requiring legal authentication
3. Facilitate the electronic filing of documents with Government agencies and also departments
4. Facilitate the electronic storage of data
5. Give legal sanction and also facilitate the electronic transfer of funds between banks and financial institutions
6. Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve Bank of India Act, 1934, for keeping the books of accounts in electronic form.
Features of the Information Technology Act, 2000
1. All electronic contracts made through secure electronic channels are legally valid.
2. Legal recognition for digital signatures.
3. Security measures for electronic records and also digital signatures are in place
4. A procedure for the appointment of adjudicating officers for holding inquiries under the Act is finalized
5. Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act. Further, this tribunal will handle all appeals made against the order of the Controller or Adjudicating Officer.
6. An appeal against the order of the Cyber Appellant Tribunal is possible only in the High Court
7. Digital Signatures will use an asymmetric cryptosystem and also a hash function
8. Provision for the appointment of the Controller of Certifying Authorities (CCA) to license and regulate the working of Certifying Authorities. The Controller to act as a repository of all digital signatures.
9. The Act applies to offences or contraventions committed outside India
10. Senior police officers and other officers can enter any public place and search and arrest without warrant
11. Provisions for the constitution of a Cyber Regulations Advisory Committee to advise the Central Government and Controller.
Cybercrime
Cybercrime, or computer-oriented crime, is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrimes can be defined as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (networks including chat rooms, emails, notice boards and groups) and mobile phones".
Categories of Cyber Crime
Generally, there are three major categories of cybercrimes that you need to know about. These categories include:
* Crimes Against People. While these crimes occur online, they affect the lives of actual people. Some of these crimes include cyber harassment and stalking, distribution of child pornography, various types of spoofing, credit card fraud, human trafficking, identity theft, and online related libel or slander.
* Crimes Against Property. Some online crimes happen against property, such as a computer or server. These crimes include DDOS attacks, hacking, virus transmission, cyber and typo squatting, computer vandalism, copyright infringement, and IPR violations.
* Crimes Against Government. When a cybercrime is committed against the government, it is considered an attack on that nation's sovereignty and an act of war. Cybercrimes against the government include hacking, accessing confidential information, cyber warfare, cyber terrorism, and pirated software.
Most of these types of cybercrimes have been addressed by the IT ACT of 2000 and the IPC. Cybercrimes under the IT ACT include:
* Sec. 65, Tampering with Computer Source Documents.
* Sec. 66, Hacking Computer Systems and Data Alteration.
* Sec. 67, Publishing Obscene Information.
* Sec. 70, Unauthorized Access of Protected Systems.
* Sec. 72, Breach of Confidentiality and Privacy.
* Sec. 73, Publishing False Digital Signature Certificates.
Special Laws and Cybercrimes under the IPC include:
* Sending Threating Messages by Email, Indian Penal Code (IPC) Sec. 503.
* Sending Defamatory Messages by Email, Indian Penal Code (IPC) Sec. 499
* Forgery of Electronic Records, Indian Penal Code (IPC) Sec. 463
* Bogus Websites & Cyber Fraud, Indian Penal Code (IPC) Sec. 420
* Email Spoofing, Indian Penal Code (IPC) Sec. 463
* Web-Jacking, Indian Penal Code (IPC) Sec. 383
* Email Abuse, Indian Penal Code (IPC) Sec. 500
There are also cybercrimes under the Special Acts, which include:
* Online Sale of Arms Under Arms Act, 1959
* Online Sale of Drugs Under Narcotic Drugs and Psychotropic Substances Act, 1985
In a landmark judgment upholding freedom of expression, the Supreme Court has struck down Section 66A of the amended Indian Information Technology Act, 2000 ("IT Act"), a provision in the cyber law which provides power to arrest a person for posting allegedly "offensive" content on websites. The apex court ruled that the section falls outside Article 19(2) of the Constitution, which relates to freedom of speech, and thus has to be struck down in its entirety.
Section 66A of the IT Act defines the punishment for sending "offensive" messages through a computer or any other communication device like a mobile phone or a tablet. A conviction can fetch a maximum of three years in jail and a fine.
Some of the common cyber crimes are as follows:
Hacking
Hacker is a computer expert who uses his knowledge to gain unauthorized
access to the computer network.
Cracking
Crackers, on the other hand, use the information to cause disruption to the
network for personal and political motives.
Virus
A computer virus is a computer program that can copy itself and infect a
computer without permission or knowledge of the user. Viruses are used by
hackers to infect the user's computer and damage data saved on the computer
by use of 'payload' in viruses which carries damaging code.
Data diddling
This kind of an attack involves altering raw data just before it is processed by
a computer and then changing it back after the processing is complete
Electricity boards in India have been victims to data diddling programs inserted when private parties were computerizing their systems, e.g., modifying grades, changing credit ratings, altering security clearance information, fixing salaries, or circumventing book-keeping and audit regulations.
Logic bomb
A program in which damage (the payload) is delivered when a particular logical condition occurs; e.g., not having the author's name in the payroll file. Logic bombs are a kind of Trojan Horse; time bombs are a type of logic bomb. Most viruses are logic bombs.
Phreaking
A phreak is someone who breaks into the telephone network illegally, to make free long-distance phone calls or to tap phone lines. In cyber terms, phreak is anyone who breaks or tries to break the security of a computer network.
Cyber terrorism
An intentional negative and harmful use of the information technology for producing destructive and harmful effects to the property, whether tangible or intangible, of others. For instance, hacking of a computer system and then deleting the useful and valuable business information of the rival competitor is a part and parcel of cyber terrorism. Cyber terrorism is the leveraging of a target's computers and information, particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure. It could take various forms such as hacking into computer systems, introducing viruses to vulnerable networks, web site defacing, denial-of-service attack, terroristic threats made via electronic communication, demolition of e-governance base etc.
Spamming
A popular name for e-mail sent to many unwilling recipients in order to sell
products or services (or sometimes to cheat naïve customers).
Spoofing
Using incorrect identification; usually applied to electronic misrepresentation
as putting the wrong originating address on a TCP/IP packet. Much used in denial of service (DDoS) attacks. A spoofed email maybe said to be one, which misrepresents its origin. It shows its origin to be different from which it actually originates.
Phishing
Using a spoofed e-mail or website hat imitates or duplicates an official communication or page to trick victims into revealing logon or other confidential information that can be used for penetration, financial fraud or identity theft.
Internet Pharming
Redirecting the website used by customer to another bogus website by hijacking the victim’s DNS server (they are computers responsible for resolving internet names into real addresses) and changing their IP address to fake website by manipulating DNS server. This redirects user’s original website to a false website to gain unauthorised information.
You can refer the IT Act Document here: Download PDF