Computer Crime Research Center

cybercrime/img12.jpg

Cybercrime and cyberterrorism: Preventive defense for cyberspace violations

Date: March 10, 2006
Source: Computer Crime Research Center
By: Praveen Dalal

Page 1 2 3 4 5 6 Next
... appropriation and data theft by use of malware will be dealt with punitive sting and monetary impositions .
(c) Prevention of distributed denial of services attack: A malware may also use the method of distributed denial of services (DDOS) to overburden the electronic bases of individuals. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate traffic is prohibited from reaching the Government or its agencies computers. The law in this regard is crystal clear. If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network -
(a) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
(b) disrupts or causes disruption of any computer, computer system or computer network;
(c) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;
he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected . The expression "Computer Contaminant" means any set of computer instructions that are designed -
(a) to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or
(b) by any means to usurp the normal operation of the computer, computer system, or computer network . Thus, distribute denial of services by use of malware will be tackled by invoking the provisions of sections 43,65 and 66 collectively.

(d) Prevention of network damage and destruction: The law in this regard provides that if any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network -
(a) accesses or secures access to such computer, computer system or computer network
(b) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
(c) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
(d) disrupts or causes disruption of any computer, computer system or computer network;
(e) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;
he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected . The expression "Computer Virus" means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource . The person tampering with such computer source documents shall be punishable with imprisonment up to 3 years or with fine, which may extend up to Rs.2 lakhs, or with both . Further, if a person causes wrongful loss or damage to any person, by destroying, deleting or altering any information residing in his (owner’s) compute resource or diminishes its value or utility or affects it injuriously by any means, he commits hacking and thus, violates the rights of the owner. The person hacking shall be punishable with imprisonment up to 3 years or with fine, which may extend up to Rs.2 lakhs, or with both. However, an innocent infringer will not be liable if he proves that he committed the act without any intention or knowledge . A network service provider will be liable for various violations and contraventions mentioned under the Act if he makes available any third party information or data to a person for the commission of an offence or contravention. However, a network service provider will not be liable if he proves that the offence or contravention was committed without his knowledge or he had exercised all due diligence to prevent such commission . Thus, these provisions can be safely invoked to punish the offender for network damage and disruptions caused by the use of malware.

V. Jurisdictional problem

Jurisdiction is an aspect of state sovereignty and it refers to judicial, legislative and administrative competence. Although jurisdiction is an aspect of sovereignty, it is not coextensive with it. The laws of a nation may have extra-territorial impact extending the jurisdiction beyond the sovereign and territorial limits of that nation. This is particularly so where the medium of Internet is used which recognizes no sovereignty and territorial limitations. The Indian jurisprudence regarding jurisdiction over Internet is in its earlier stages, which is developing and maturing in a systematic manner. The existence of Internet has eliminated the safeguards, which were traditionally available for the protection of various rights, including the copyright. This has given rise to the jurisdictional problems for all the countries of the world. The countries all over the world, realizing this problem, resorted to the only available method of dealing with this problem by harmonizing their domestic laws as per various international treaties and conventions. This, however, has not completely eliminated the jurisdictional problems though moderate success has been achieved by exercising the “long arm jurisdiction” by the municipal courts of foreign countries. This necessity of long-arm jurisdiction is particularly felt in cases of violations of various intellectual property rights, including the copyright. It must be noted that, generally, the scholars point towards the following “theories” under which a country may claim prescriptive jurisdiction:
(a) a country may claim jurisdiction based on “objective territoriality” when an activity takes place within the country,
(b) a “subjective territoriality” may attach when an activity takes place outside a nation’s borders but the “primary effect” of the action is within the nation’s borders,
(c) a country may assert jurisdiction based on the nationality of either the actor or the victim,
(d) in exceptional circumstances, providing the right to protect the nation’s sovereignty when faced with threats recognised as particularly serious in the international community.
In addition to establishing a connecting nexus, traditional international doctrine also calls for a “reasonable” connection between the offender and the forum. Depending on the factual context, courts look to such factors, as whether the activity of individual has a “substantial and foreseeable effect” on the territory, whether a “genuine link” exists between the actor and the forum, the character of the activity and the importance of the regulation giving rise to the controversy, the extent to which exceptions are harmed by the regulation, and the importance of the regulation in the international community. The traditional jurisdictional paradigms may provide a framework to guide analysis of cases arising in cyberspace .

VI. Judicial response

One the problem of jurisdiction is solved; the court has to consider the reasonability and desirability of the action of the person who has defended his technological property. The first duty of a court, while doing so, is to do complete justice. In today's world we cannot afford to say that "justice must not only be done but it must also be seemed to be done". The concept of justice requires that:
(1) It must firstly be done in a just, fair and reasonable manner,
(2) It must be seemed to be done, and
(3) It must be "felt" to be done.
Thus, unless this third element of "felt to be done" is satisfied, the concept of justice is not complete because this third element is the most important component of justice delivery system. The public at large in India has a great faith in Indian judiciary and this third element is absolutely essential to maintain and preserve that faith and confidence. A court of law cannot render justice unless the ultimate decision is based on the contemporary law as prevailing in the society. A decision based on an old law, which does not satisfy the requirements of the present situation, and environment should be avoided. In such a situation the efforts of the courts should be to give the law a "purposive, updating and an ongoing interpretation”. This position makes the interface of justice delivery system with the information technology inevitable and unavoidable . The response of the Supreme Court of India is satisfactory and justice oriented, as far as the awareness and use of information technology is concerned. The Supreme Court has held that if the notice were transmitted by Fax, it would be a due compliance with the legal requirement . Similarly, the Supreme Court has held that an accused need not be physically present in the Court to answer the questions put to him by the court, whilst recording his statement through means of modern technologies, under section 313 of the Criminal Procedure Code, 1973 . The Supreme Court also used and encouraged the use of “video conferencing” for doing complete justice . The Supreme Court further declared that in holding trial of child sex abuse or rape a screen or some arrangements may be made where the victim or witness do not see the body or face of the...
Page 1 2 3 4 5 6 Next


Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo