Transcript CYBER LAW - Henry .O. Quarshie | Lecturer

CYBER LAW
LECTURER
HENRY O. QUARSHIE
Definition of Cyber Crime
• Cyber crime is growing rapidly and so the definition for
cyber crime is still evolving.
• Cyber crime is generally used to describe criminal
activity in which computer or/and network is a tool, a
target, or a place of criminal activity. Not only criminal
activity but this term also includes traditional crimes in
which computers or networks are instruments to
commit them.
• Since cyber space has no geographical boundaries,
conflicts occur when the rights of Netizens are viewed
in the eyes of citizens of physical space.
• Conventional crime and cyber crime include
conduct whether an act or omission which
causes breach of law. The terms ‘computer
crime’ and ‘cyber crime’ are used
interchangeably.
• Marc M Goodman says that a computer crime
can be classified into three main categories
• (i) as crimes where the computer is the target,
• (ii) crimes where computer is the tool of the
crime.
• (iii) crimes where the computer is incidental.
• Suresh T Viswanathan defines computer crime
as (i) any illegal action in which a computer is a
tool or object of the crime; in other words,
any crime, the means or purpose of which is
to influence the purpose of the computer .
• (ii) any incident associated with computer
technology in which a perpetrator by intention
made or could have made a gain.
(iii) Computer abuse is considered as any illegal,
unethical or unauthorized behaviour relating
to the automatic processing and transmission
of data.
Difference Between cyber crime and
conventional crime
• The concept of cyber crime is not radically
different from the concept of conventional crime.
Both include conduct whether act or omission,
which cause breach of rules of law and
counterbalanced by the sanction of the state.
However, there are certain differences between the
two. It would be relevant to points out these
similarities and differences between the two.
• Cyber criminals refuse to be bounded by the
conventional jurisdictional areas of nations,
originating an attack from almost any
computer in the world, passing it across
multiple national boundaries, or designing
attacks that appear to be originating from
foreign sources. Such techniques dramatically
increase both the technical and legal
complexities of investigating and prosecuting
cyber crimes.
• Unlike conventional crimes against persons or
property such as rape, burglary and murder,
cyber crimes are very skill intensive. Stock of
hacking skills is thus a prerequisite to
cyber/online crimes. Whereas minimal skill is
needed for opportunistic attacks, targeted
attacks require more sophisticated skills.
Why cyber crime
• Cyber crime is promoted by the various
factors like new technologies, complexity and
loss of evidence. The computers are easy to
access by means of these new complex
technologies. The unauthorized access to a
computer system is made possible by
installing technologies like key loggers that can
steal the access codes, voice recorders etc.
that can bypass firewalls and get into the
system.
• The reasons for the vulnerability of computers
may be said to be:
(i) Capacity to store data in comparatively small
space The computer has unique characteristic
of storing data in a very small space. This
affords to remove or derive information either
through physical or virtual medium much
easily.
• (ii) Easy to access
• (iii) Complex
The computers work on operating systems and
these operating systems in turn are composed
of millions of codes. Human mind is fallible
and it is not possible that there might not be a
lapse at any stage. The cyber criminals take
advantage of these lacunas and penetrate into
the computer system.
• (iv) Negligence
Negligence is very closely connected with
human conduct. It is therefore very probable
that while protecting the computer system
there might be any negligence, which in turn
provides a cyber criminal to gain access and
control over the computer system.
• (v) Loss of evidence
Loss of evidence is a very common and obvious
problem as all the data are routinely
destroyed. Further collection of data outside
the territorial extent also paralyses this system
of crime investigation.
Cyber criminals and their objectives
• Cyber criminals can be categorized based on the
objective that they have in their mind.
• Children and teenagers in the group of 8 to 18 fall
in one category. This group is, by nature, anxious
to know and explore things. Like the two sides of
a coin, Internet also has good and bad effects.
• The parents and the educational institutions
should create awareness in students about the
good and bad effects of Internet. By proper
guidance this group can be eliminated from the
list of cyber criminals.
• The other group of cyber criminals is the
hackers. Some of the hackers hack to fulfill
their political objectives. Some hack the site of
their competent to get the valuable and
reliable information to get over them. There is
another type of hackers who hack the system
to pay back their enemies. They hack the
information to create problems for their
enemies.
CLASSIFICATION OF CRIMES
• Crime is a social phenomenon. Crime is an act
that is prohibited by law. Cyber crime is the
most latest and complicated problem in the
cyber space. A generalized definition of cyber
crime is “unlawful acts wherein the computer
is either a tool or target or both.”
• Cyber crimes can be classified on various basis
such as on the basis of
(a)subject of crime,
(b) against whom crime is committed and
(c) on the basis of temporal nature of criminal
activities being carried out on computers and
Internet.
The subject of cyber crime may be broadly
classified under the following three groups:
• (i) Against individuals
• It may be against individual persons or their property.
Following are the crimes, which can be committed against
Individual persons:
• Harassment via e-mails
• Cyber-stalking
• Dissemination of obscene material
• Defamation
• Unauthorized control/access over computer system
• Indecent exposure;
• Email spoofing
• Cheating and Fraud.
• Following are the crimes which can be committed
against individual property:
• Computer vandalism
• Transmitting virus
• Netrespass
• Unauthorized control/access over computer
system
• Intellectual Property crimes
• Internet time thefts.
(ii) Against organization
• It may be against the Government, a firm, a
company or a group of individuals. Following are
the crimes against an organization:
• Unauthorized control/access over computer
system.
• Possession of unauthorized information
• Cyber terrorism against the government
organization
• Distribution of pirated software.
•
•
•
•
•
•
•
•
•
(iii) Against the society at large
Following are the crimes:
Pornography (largely child pornography)
Polluting the youth through indecent exposure
Trafficking
Financial crimes
Sale of illegal articles
Online gambling
Forgery.
Definition of cyber Law
• The word “cyber law” encompasses all the cases,
statutes and constitutional provisions that affect
persons and institutions who control the entry to
cyberspace, provide access to cyberspace, create
the hardware and software which enable people
to access cyberspace or use their own devices to
go ‘online’ and enter cyberspace.
• If one examines the aforesaid definition, basic
concept of cyber laws evolves around the phrase:
‘access to cyberspace’. How one can access
cyberspace?
• The requirement from the point of user is:
(a) a computer system with a modem facility, a
telephone line and an Internet hours usage
pack from a network service provider; or
(b) a computer system with a modem facility
and a broadband connection from a network
service provider.
• Without such basic hardware and software
tools, one cannot access cyberspace.
Cyberspace and the Physical world
• Cyberspace is a digital medium and not a
physical world. It is limitless, constantly
changing its shape, attributes and
characteristics. It is an interactive world and
cannot be referred to as a Xerox version of the
geographical space. Such a version exists only
in the films like Matrix! If physical world is
static, well defined and incremental, then
cyberspace is dynamic, undefined and
exponential.
The contours of physical world are fixed, but
that of cyberspace is as vast as human
imagination and thus cannot be given a fixed
shape. As millions of neurons exist in human
brain creating a spectre of life, similarly
cyberspace represents network of millions of
computers creating a spectre of digital life!
Thus, cyberspace can be treated as a natural
extension of physical world into an infinite
world.
• Though cyberspace is an extension of a physical world,
a world that is governed by a body of laws, rules and
regulations. The first and the foremost question is –
should it be regulated or not?
• The answer is – yes, as cyberspace does not exist in
isolation and is intricately connected to the physical
world, which is being a regulated and hence such a
space by this logic should also be regulated.
• This raises another question – how to regulate this
medium, which is dynamic, infinite and intangible?
• Regulating cyberspace means regulating both
man and the machine. It is interesting to note
that in cyberspace not only man but also the
machine could be both victims as well as
perpetrators of cyber crimes. For example, a
computer could be seen both as a victim as well
• as a victimizer. That is, a computer can be hacked
into and at the same time, the same computer
can act as a resource of hacking.
Jurisdictional Issues
• Computer and cyber crimes inevitably often have
a transnational aspect to them, which can give
rise to complex jurisdictional issues involving
persons, things and acts being present or carried
out in a number of different countries. This can
be as true for individual acts of criminality as it is
for the multinational criminal organisation.
• Even where the perpetrator and the victim are
located in the same jurisdiction, relevant
evidence may reside on a server located in
another jurisdiction.
• Hence, in most of the internet based activities,
traditional legal concepts and principles are
sometimes challenged by the nature of the
environment. As a consequence, legislators, law
enforcement agencies and the judiciary have
had to address issues of cyber crime
jurisdiction at a number of levels.
• Since Internet is everywhere, the commission of a
crime can take place anywhere on the Internet,
due to which the internet user finds him
subjected to the jurisdiction of many countries
for a single act. Occasionally this may lead to a
situation where a person is subject of an extradition
request from many countries. Ordinarily the
jurisdiction of a court is related to the place
where the offence is committed.
• This is based on the English common law
position that all crimes are local and should be
tried only by the local courts within whose
jurisdiction the act was committed.
Issues relating to Evidence
• In the case of electronic documents produced as
"Primary Evidence", the document itself must be
produced to the Court. However, such electronic
document obviously has to be carried on a media and
can be read only with the assistance of an appropriate
Computer with appropriate operating software and
application software.
• In many cases even in non-electronic documents, a
document may be in a language other than the
language of the Court in which case it needs to be
translated and submitted for the understanding of the
Court by an Expert.
• Normally the person making submission of the
document also submits the translation from one of the
"Experts". If the counter party does not accept the
"Expert's opinion", the court may have to listen to
another "Expert" and his interpretation and come to its
own conclusion of what is the correct interpretation of
a document.
• In the case of the Electronic documents, under the
same analogy, "Presentation" of document is the
responsibility of the prosecution or the person making
use of the document in support of his contention
before the Court. Based on his "Reading" of the
documents, he submits his case.
The international problem
• Laws, criminal justice systems and
international cooperation have not kept pace
with technological change. Only a few
countries have adequate laws to address the
problem, and of these, not one has resolved
all of the legal, enforcement and prevention
problems.
• When the issue is elevated to the
international scene, the problems and
inadequacies are magnified. Computer crime
is a new form of transnational crime and
effectively addressing it requires concerted
international cooperation. This can only
happen, however, if there is a common
framework for understanding what the
problem is and what solutions there may be.
• Some of the problems surrounding
international cooperation in the area of
computer crime and criminal law can be
summarized as follows:
• The lack of global consensus on what types of
conduct should constitute a computer-related
crime;
• The lack of global consensus on the legal
definition of criminal conduct;
• The lack of expertise on the part of police,
prosecutors and the courts in this field;
• The inadequacy of legal powers for
investigation and access to computer systems,
including the inapplicability of seizure powers
to intangibles such as computerized data;
• The lack of harmonization between the different
national procedural laws concerning the
investigation of computer-related crimes;
• The transnational character of many computer
crimes;
• The lack of extradition and mutual assistance
treaties and of synchronized law enforcement
mechanisms that would permit international
cooperation, or the inability of existing treaties to
take into account the dynamics and special
requirements of computer-crime investigation.
Regional action
• Examination of these questions has already
occurred to some degree at the international
and regional levels. In particular, the
Organisation for Economic Co-operation and
Development (OECD) and the Council of
Europe have produced guidelines for policy
makers and legislators.
• From 1985 to 1989, the Select Committee of
Experts on Computer-Related Crime of the
Council of Europe discussed the legal
problems of computer crime. The Select
Committee and the European Committee on
Crime Problems prepared Recommendation
No. R(89)9, which was adopted by the Council
on 13 September 1989.
• The minimum list of offences for which uniform
criminal policy on legislation concerning computerrelated crime had been achieved enumerates the
following offences:
1: Computer fraud. The input, alteration, erasure or
suppression of computer data or computer programs,
or other interference with the course of data
processing that influences the result of data
processing, thereby causing economic or possessory
loss of property of another person with the intent of
procuring an unlawful economic gain for himself or for
another person;
• 2: Computer forgery. The input, alteration
erasure or suppression of computer data or
computer programs, or other interference
with the course of data processing in a
manner or under such conditions, as
prescribed by national law, that it would
constitute the offence of forgery if it had been
committed with respect to a traditional object
of such an offence;
• 3:Damage to computer data or computer programs. The
erasure, damaging, deterioration or suppression of
computer data or computer programs without right;
4: Computer sabotage. The input, alteration erasure or
suppression of computer data or computer programs, or
other interference with computer systems, with the intent
to hinder the functioning of a computer or a
telecommunications system;
5: Unauthorized access. The access without right to a
computer system or network by infringing security
measures;
• 6:Unauthorized interception. The interception, made
without right and by technical means, of communications
to, from and within a computer system or network;
• 7: Unauthorized reproduction of a protected computer
program. The reproduction, distribution or communication
to the public without right of a computer program which is
protected by law;
• 8: Unauthorized reproduction of a topography. The
reproduction without right of a topography protected by
law, of a semiconductor product, or the commercial
exploitation or the importation for that purpose, done
without right, of a topography or of a semiconductor
product manufactured by using the topography."
Scope of Cyber Laws
• E-commerce defined simply, is the commercial
transaction of services in an electronic format.
It is also referred to as “any transaction
conducted over the Internet or through
Internet access, comprising the sale, lease,
license, offer or delivery of property, goods,
services or information, whether or not for
consideration, and includes the provision of
Internet access”
• Any dispute involving any e-commerce
activity, whether at buyer or seller’s end,
would mean dispute happening in the
cyberspace.
TYPES OF E-COMMERCE
• E-Commerce may be classified into various
types depending on the number and nature of
parties at both ends of the transaction. Any
commercial transaction requires involvement
of at least two participants. Depending on the
types of the participants, E-Commerce may be
classified into the following types:
• A. Business- to-Business E-Commerce
This is E-Commerce between two or more business
establishment. This is commonly known as B2B ECommerce.
Generally this type of Ecommerce will not involve
retailing and sale of end products. While B2C ECommerce has received much publicity over the last
few years due to the rapid development and deep
penetration of the Internet across the globe B2B ECommerce clearly represents a much larger portion of
total electronic transactions in terms of revenue.
• An example of B2B electronic commerce is a
business firm that uses a network for ordering
from its suppliers, receiving invoices and
making payments electronically.
• B. Business to Consumer E-Commerce
This is the type of E-Commerce, which is
consumer centered and involves the sale of
end user products and services. Commonly
this type of Ecommerce is known as B2C ECommerce. Generally this type involves
retailing of end products and services.
• C. Business-to-Government E-Commerce
The E-Commerce between business and
government, which is usually, abbreviated as
B2G.
• D. Consumer-to-Consumer E-Commerce or
People-to-People E-Commerce
This type of transactions involve are between
consumers or people (C2C or P2P).
IMPORTANT ISSUES IN GLOBAL ECOMMERCE
• In the modern times E-Commerce has increasingly emerged
as an important means of business and trade. But at the
same time it has posed various challenges to national policy
makers and legislators as regards its governance.
• Furthermore, its born global nature has created various
jurisdictional issues, raising controversies over who should
have authority to decide in case of a dispute as well as how
they should be handled. Because of these reasons ECommerce and its governance are involved in various policy
dilemmas and issues.
• The following issues need special attention.
• 1)Issues relating to Access:
Access issues include access to infrastructure,
access to content, universal access.
• 2)Issues relating to Trust:
The various trust related issues are privacy,
security, consumer protection and content
regulation.
• 3)Issues relating to Ground Rules:
Issues relating to ground rules are issues of
taxation, intellectual property rights,
commercial laws including contract law,
international trade and standards are
categorized as ground rules-related issues.
Electronic Contracts
• Online Contracts
• The Contract Act, lays down that for a
contract to happen there has to be proposal,
assent to the proposal, which transforms into
a promise. A promise supported by
consideration becomes an agreement and an
agreement enforceable by law is contract.
Online contracts represent the
• formation of series of contractual obligations
in an online environment. From a legal
perspective, an online contract follows the
same pre-requisite as being followed in offline
(physical) contract.
• Electronic contracts, by their very nature, are
dynamic and often multi layered transactions.
• The legality of electronic communication
process culminating into electronic contracts
is also based on common law of contract.
• In online contracting process, technology is an
added dimension and hence, it is important
that the contracting parties should be prudent
and aware of their obligations and liabilities
before they click on on-screen “I Agree” text
or icon.
Essentials of electronic contracts
• As in every other contract, an electronic contract
requires the following necessary ingredients,
• 1; An offer needs to be made. In many
transactions the offer is not made directly. The
consumer browses’ the website of a merchant
and chooses what he will like to purchase. The
offer is made by the consumer on placing the
products in the virtual ‘basket’ or ‘shopping cart’
for payment.
• The offer is not made by a website displaying
items for sale at a particular price. This is
actually an invitation to offer and hence is
revocable at any time up to the time of
acceptance.
• 2: The offer needs to be accepted: The
acceptance is usually undertaken after the
offer has been made by the consumer in
relation with the invitation to offer.
3: There has to be lawful consideration. Any
contract to be enforceable by law must have
lawful consideration. i.e. when both parties
give and receive something in return.
4: There has to be an intention to create legal
relations. If there is no intention on the part of
the parties to create legal relationships, then
no contract is possible between them.
• 5: The parties must be competent to contract:
All parties to the contract must be legally
competent to enter into the contract.
6: There must be free and genuine: Consent is
said to be free when there is no
misrepresentation, undue influence or fraud.
7: The Object to the contract must be lawful: A
valid contract presupposes a lawful object.
• Thus a contract for selling narcotic drugs or
pornography online is void.
8: There must be certainty and possibility of
performance. A contract to be enforceable,
must be not be vague or uncertain and must
be possibility of performance. A contract,
which is impossible to perform, cannot be
enforced, e.g. where a website promises to
sell land on the moon.
• Copyright
• Copyright is about protecting original expression.
Copyright protects “original works of authorship” that
are fixed in any tangible medium of expression from
which they can be perceived, reproduced, or otherwise
communicated either directly or with the aid of a
machine or device.
Copyright arises as soon as a ‘work’ is created (or fixed).
It does not extend to any idea, procedure, process,
system, method of operation, concept, principle or
discovery, unless fixed in a tangible form.
• In the digital medium, every web page
accessible or published in the World Wide
Web is to be taken as a literary ‘copyrightable’
work. It protects all written text materials,
graphic images/ designs, drawings, any linked
sound, video files or films, whether part of a
web page or a website. That is, copyright
protects the “look and feel” of a website.
• A copyright owner has five exclusive statutory
rights such as:(a) to fix (store) the information in
a tangible form.
(b) to reproduce the copyrighted work.
(c) to sell, rent, lease, or otherwise distribute copies
of the copyright work to the public.
(d) to perform and display publicly the copyright
work.
(e) to prepare derivative works based on the
copyright work.
• It is significant to note that the activities like
caching, mirroring, downloading, scanning,
peer-to-peer file sharing etc. prima facie,
infringe exclusive statutory rights of a
copyright owner.
• Trademark
• Internet and the worldwide web represent the
online medium. It is natural that a business entity
claiming ownership of certain trademarks would
like to extend its monopoly to this new medium
as well. But the monopoly rights of trademark
owners to own, license, sell, exhibit, market or
promote are being threatened by web based
technology tools, like search engines, meta tags,
and hyperlinks.
• Similarly, in the last 15 years, domain names have
become a kind of ‘ecommerce marks’ in the online
medium. These are digital business addresses – a point
of business contact or transaction.
• Functionally speaking, Domain names provide a system
of easy-to-remember Internet addresses, which can be
translated by the Domain Name System (DNS) into the
numeric addresses (Internet Protocol (IP) numbers)
used by the network. Cybersquatters, Typosquatters
and other trademark infringers have made the web a
legal minefield.
• Business Software Patenting
• Patent protects a process, while copyright
protects expression. Patents confer stronger
rights than copyrights. One computer programme
consists of thousands of instructions. Every
programme is unique, as it is a combination of
logically arranged algorithms and techniques.
Programmes are covered under copyright law,
whereas, algorithms and techniques qualify for
patenting.
• E-taxation
• The advent of e-commerce has opened up a
Pandora’s box – how to tax e-commerce? Is it
possible to tax such transactions in view of
nature of Internet? Should e-commerce be
taxed on lines of physical commercial
activities? There are more questions than
answers.
• The broad consensus that has emerged is:
(i) that online transactions should not be
immune from taxation solely because the sale
is conducted through a medium distinct from
that of a traditional physical businesses, and
(ii) that it is not prudent to tax these online
transactions purely on the basis of traditional
taxation approach applicable to offline
businesses.
• As e-commerce represent online transactions
involving consumer(s) and business (es) – is
occurring instantaneously, which makes it
difficult to determine who the buyer and
seller are and where they are respectively
located? Another question is how to tax such
online transactions? From a point of electronic
taxation following issues may emerge
• Who is the customer?
• Where does the customer live?
• Did the transaction constitute sale of tangible
property, the performance of a service, or the
transfer of intangible property?
• Which jurisdiction has the authority to tax the
sale?
• What online activities constitute sales for sales
tax purposes?
• E-governance
• The World Bank defines e-governance as the use of
information and communication technologies by
government agencies to transform relations with
citizens, business and other arms of the government. It
involves
• information technology enabled initiatives that are
used for improving
(i) the interaction between government and citizens or
government and businesses -e-services
(ii) the internal government operations - e-administration
(iii)external interactions – e-society.
• E-governance is a kind of ‘window of
opportunity’ facilitating a much faster,
convenient, transparent and dynamic
interaction between the government and its
people. It has also been referred to as ‘igovernance’- integrated governance1 as it
integrates people, processes, information and
technology in the service of achieving
governance objectives.
• What constitutes a business
connection/substantial nexus within a taxing
jurisdiction?
Can Central and/or State Government(s)
technologically capable to monitor all online
transactions?
• · What kind of record retention requirements
is necessary for tax purposes?