This article has been written by Samridhi Prakash from Symbiosis Law School, Noida.
The word Cyber has its root in the Greek word kybernetes and its first usage can be traced back to cybernetes, as phrased by Norbert Wiener. The advent of computer technology has brought about a revolutionary change in the progress of human society. With computers came the internet or the world wide web which gives rise to the concept of Cyberspace, where personal as well as community boundaries are not specifically distinguished. Deception and disguise go hand in hand with the internet which gives birth to the need for a legal framework in place to regulate cyberspace. Most of these netizens employ the computer and internet with malicious intent, either for own personal benefit or under influence.
The development of Electronic Commerce has impelled the requirement for energetic and compelling administrative instruments which would additionally reinforce the legal institution, essential to the further growth of Electronic Commerce. Every one of these administrative components and legal frameworks come under the ambit of Cyber law.
‘Cyber crime’ as a term was first proposed by Sussman and Heuston in 1995 amid a mix of information technology related crime tags. Cybercrime is best thought of as a set of acts or conducts rather than a single action. These are illegal acts in which a digital information system is used as a tool or a combination of the two. Electronic crimes, computer-related crimes, e-crime, high-technology crime, information age crime, and other terms are used to describe cybercrime.
In simple terms, Cyber Crime refers to offenses or crimes committed using electronic communications or information systems. These are basically illegal activities that involve a computer and a network. An unusual feature relating to cyber crimes is that the victim and the offender may never undergo direct contact. To reduce the chances of detection and prosecution, cybercriminals frequently operate from countries with no or weak cybercrime laws.
TYPES OF CYBER CRIME
1. Cyber Crime Against Individuals- Crimes committed against an individual or a person by a cyber criminal.
Internet Relay Chat (IRC) Crime
2. Cyber Crime Against Property- These include crimes such as computer vandalism, IP crimes, online threatening etc.
3. Cyber Crime Against Organisations- A few examples include unauthorised changing/deleting of data, unauthorised reading/copying of confidential data.
4. Cyber Crime Against Society- These crimes circumvent the security of the society as a whole.
Another useful categorisation is carried out under two main headers-
Where the computer is used as a weapon- Such as in the cases of Internet Phishing, Spoofing, Farming, Wire Transfer.
Where the computer is a mark of attack- Such as in the cases of Hacking, Virus Attacks, DOS Attacks.
HISTORICAL EVOLUTION OF CYBER CRIME
From Morris Worm to ransomware, cybercrime has progressed. Many countries, including India, are attempting to prevent these crimes or attacks, but these attacks continue to affect our nation and pose a threat to its security. The eventful history of cyber crimes can be segregated into 3 phases:
PHASE I – 1870s to early 1980s
The first cases of surface hacking can be dated back to the 1870s, when telephone phreaking was used to deceive people (hacking long-distance telephone networks illegally so as to make free calls). Because the internet began in the United States, it was here that the first computer-assisted crime occurred in 1969. The end of 1970 saw the evolution of cyber pornography. In a seminar conducted by author Len Adleman in 1983, the first known computer “virus” was designed and tested. It was Germany which first enacted a regulatory law to govern cyberspace technology.
PHASE II – Late 1980s to 1990s
This period saw the first instance of cyber theft in the infamous case of R v. Thompson where confidential information of US Govt. and NASA was hacked by cyber criminals. Other significant landmark cases of cyber crimes include R. v. Gold and United States of America v. Jake Baker and Arthur Gonda.
In the case of Yahoo, Inc v. Akash Arora, India had its first brush with cyber crime in 1999. Yahoo filed a lawsuit seeking permanent injunction to prevent the defendants and their partners from using the domain name ‘Yahooindia.com’ for commercial purposes. The court clearly stated that other businesses cannot use the Yahoo! Trademark.
PHASE III – Since 2000
The Indian Parliament ultimately enacted a law to tackle cybercrime in the year 2000. The Information Technology Act (ITA) of 2000 was passed with the sole purpose of establishing a legal framework for business transactions conducted via the internet. The Indian Court, in Rediff Communications Ltd. V. Cyberbooth, took note of the large number of instances involving trademark infringements and reaffirmed the Yahoo! decision. Before tackling cybercrime, it was realized that a slew of concerns needed to be addressed. Post 2004, ‘carding’ swept across the cyber crime sector, which involved international credit card frauds. Other notable recent cyber attacks include the Union Bank of India heist (2016), Wannacry Ransomware(2017), Zynga(2019) etc.
CYBER SECURITY LAW IN INDIA
The Information Technology Act, 2000 (“IT Act”), which went into effect on October 17, 2000, contains laws relating to cyber legislation in India. The Act’s principal goal is to give internet trade legal legitimacy and make it easier to file electronic records with the Govt. With the advancement of technology and the emergence of new means of committing crime using the Internet and computers, the need to revise the IT Act, 2000 arose to include new types of cyber offenses and to close other gaps that hampered the efficient implementation of the IT Act, 2000. As a result, the Information Technology (Amendment) Act, 2008 was passed and went into force on October 27, 2009. On various counts, the IT (Amendment) Act of 2008 has brought forth significant revisions to the IT Act of 2000.
INFORMATION TECHNOLOGY ACT, 2000
The Information Technology Act of 2000 governs the use of computers, computer systems and networks, as well as data and information in electronic form. This legislation covers a wide range of topics, including electronic authentication, digital/electronic signatures, cybercrime, and network service provider liability.
Cyber laws are questionable in their efficacy. Despite the fact that the parliament attempted to provide a solid legal framework to govern and define the bar for user information that can be evaded in cyberspace, in truth, the Parliament’s efforts are praiseworthy, as it has revised a large number of laws to conform to the IT Act’s objectives. The IT Act, 2000 defaults in catering to the remedies for emerging cyber threats. Apart from lack of variety in laws, there has been weak implementation of the existing laws by the governing body. The laws need to be tailored in a technology neutral manner with their scope expanding over at least all known cyber issues and those stemming from them. Even the cases which do get registered witness a low conviction rate, hampering the effectiveness of cyber security laws in India.
The quantum of punishment offered under this act seems to be soft on the criminals. This needs to be revised or else the very purpose of this act will stand defeated. The narrow cyberspace issue spectrum of the IT Act facilitates unprecedented growth in the cyber threats every day. A number of issues which plague the internet today have not been provided enough coverage under the act. The IT Act has a long road left to travel and needs to undergo extensive amendments to incorporate within itself the capacity to secure India’s cyberspace.
As our reliance on technology grows, cyber laws in India and around the world must be updated and reviewed on a regular basis. The pandemic has also driven a large portion of the workforce into a remote working mode, highlighting the importance of app security. The world of this generation is digital and thus, more needs to be done to protect them from the traps and snares of this mind-boggling technological maze. Legislators must go above and beyond to stay ahead of the impostors in order to stop them in their tracks. Cybercrime can be managed, but it will take the combined efforts of legislators, Internet providers, intermediaries such as banks and shopping sites, and of course, the users. Only these stakeholders’ sensible actions, assuring their adherence to the law of cyberspace, can ensure online safety and resilience. Cyberspace security can be solidified at homes as well with a little more precaution and involvement from the ends of guardians. The recent incident of Bois Locker Room has been an eye-opener for a lot of us and should be seen as a one time issue stimulating swift action on part of the relevant authorities.
While some issues will always persist owing to the open nature of cyberspace, some level of vulnerability will always be present and cannot be entirely eliminated. As a result, ethical use of the internet is expected and encouraged.
Cybernetics: Control & Communication in Animal & The Machine, Reissue of 1961 IInd Edition, Norbert Wiener, MIT Press, Cambridge
Oxford Handbook of Crime & Public Policy, Michael Tonry, Oxford University Press, 2009
J L. Riccardi, The German Federal Data Protection Act of 1977: Protecting the Right to Privacy?, 6 B.C. Int’l & Comp. L. Rev. 243 (1983), http://lawdigitalcommons.bc.edu/iclr/vol6/iss1/8
R v. Thompson [(1984) 79 Cr App R 191]
R. v. Gold ( 2 WLR 984)
United States of America v. Jake Baker and Arthur Gonda [(1995) 890 F.Supp, 1375 (E.D. Mich)]
Yahoo, Inc v. Akash Arora [(1999) 19 PTC 229 (Delhi)]
Rediff Communications Ltd. V. Cyberbooth (AIR 2000 Bom 27)
Rohit K. Gupta, India: An Overview Of Cyber Laws vs. Cyber Crimes: In Indian Perspective (2013)
Curated by Shivanshika Samaddar of National Law University Delhi.