Computer Crime Research Center

etc/eye2.jpg

Private defence in cyberspace

Date: January 10, 2006
Source: Computer Crime Research Center
By: Praveen Dalal

The aim of this article is to analyse the applicability of the concept of “private defence” in cyberspace, particularly against cyber terrorism. The traditional concept of private defence is available under the provisions of Indian Penal Code, 1860 (IPC). The same is equally applicable to the Information Technology Act, 2000, (ITA) as well, though with its peculiar modifications. The future of “Cyber forensics” depends upon this recognition very much as cyber forensic is not only “curative” but also “preventive” in nature.

I. Introduction

The information technology is a double edge sword, which can be used for destructive as well as constructive work. Thus, the fate of many ventures depends upon the benign or vice intentions, as the case may be, of the person dealing with and using the technology. For instance, a malicious intention forwarded in the form of hacking, data theft, virus attack, etc can bring only destructive results. These methods, however, may also be used for checking the authenticity, safety and security of one’s technological device, which has been primarily relied upon and trusted for providing the security to a particular organisation. For instance, the creator of the “Sasser worm” has been hired as a “security software programmer” by a German firm, so that he can make firewalls, which will stop suspected files from entering computer systems . This exercise of hiring those persons who are responsible for causing havoc and nuisance is the recognition of the growing and inevitable need of “self protection”, which is recognised in all the countries of the world. In fact, a society without protection in the form of “self help” cannot be visualised in the present electronic era. The content providers, all over the world, have favoured proposed legislations in their respective countries, which allow them to disable copyright infringers’computers. In some countries the software developers have vehemently supported the legislations which allows them to remotely disable the computer violating the terms and conditions of the license allowing the use of the software. This position has, however, given birth to a debate about the desirability, propriety and the legality of a law providing for a disabling effect to these “malware” . The problem is further made complicate due to absence of a uniform law solving the “jurisdictional problem”. The Internet recognises no boundaries; hence the attacker or offender may belong to any part of the world, where the law of the offended country may not be effective. This has strengthened the need for a “techno-legal’ solution rather than a pure legal recourse in the present electronic era .

II. The need of private defence

The most deadly and destructive consequence of this helplessness is the emergence of the concept of “cyber terrorism”. The traditional concepts and methods of terrorism have taken new dimensions, which are more destructive and deadly in nature. In the age of information technology the terrorists have acquired an expertise to produce the most deadly combination of weapons and technology, which if not properly safeguarded in due course of time, will take its own toll. The damage so produced would be almost irreversible and most catastrophic in nature. In short, we are facing the worst form of terrorism popularly known as "Cyber Terrorism". The expression "cyber terrorism" includes an intentional negative and harmful use of the information technology for producing destructive and harmful effects to the property, whether tangible or intangible, of others. For instance, hacking of a computer system and then deleting the useful and valuable business information of the rival competitor is a part and parcel of cyber terrorism. The definition of "cyber terrorism" cannot be made exhaustive as the nature of crime is such that it must be left to be inclusive in nature. The nature of "cyberspace " is such that new methods and technologies are invented regularly; hence it is not advisable to put the definition in a straightjacket formula or pigeons hole. In fact, the first effort of the Courts should be to interpret the definition as liberally as possible so that the menace of cyber terrorism can be tackled stringently and with a punitive hand. The law dealing with cyber terrorism is, however, not adequate to meet the precarious intentions of these cyber terrorists and requires a rejuvenation in the light and context of the latest developments all over the world. The laws have to take care of the problems originating at the international level because the Internet, through which these terrorist activities are carried out, recognises no boundaries. Thus, a cyber terrorist can collapse the economic structure of a country from a place with which a country may not have any reciprocal arrangements, including an "extradition treaty". The only safeguard in such a situation is to use the latest technology to counter these problems. Thus, a good combination of the latest security technology and a law dealing with cyber terrorism is the need of the hour .

III. The concept of private defence

In India there is no law, which is specifically dealing with prevention of malware through private defense. Thus, the existing analogous provisions have to be applied in a purposive manner. The following provisions of the I.P.C, which is a general law dealing with offences in India, are of great significance in dealing with and tackling the use of malware by the use of private defence:

(i) Section 96 of the Code declares that nothing is an offence, which is done in the exercise of the right of private defence. This section recognises the principle of self-help which is considered to be just, fair and reasonable in all the countries of the world.

(ii) Section 97 of the Code provides that every person has a right, subject to the restrictions contained in Section 99, to defend:
Secondly- The property, whether moveable or immoveable, of himself or of any other person, against any act which is an offence falling under the definition of theft, robbery, mischief or criminal trespass. This section recognises the right of a “third party” to protect the property of another, besides protecting his property. Thus, a public-spirited individual has a right to self-help by helping innocent victims of malware. For instance, a netizen who is an expert in protecting computers from viruses may make a programme, which has a potential to curb the virus put on the internet and may launch the same on it. In such a situation the person launching the malware cannot complain that such third party has no reason to feel aggrieved and has no right to retaliate. Such an action on the part of that public-spirited individual is morally, equitably and legally justified and will be protected by this section. This is a benign concept and it requires the most liberal, purposive and updating interpretation.

(iii) Section 99, among other things, provides that there is no right of private defence in cases in which there is time to have recourse to the protection of the public authorities. Further, it provides that the right to private defence in no case extends to the inflicting of more harm than it is necessary to inflict for the purpose of defence, i.e. the principle of proportionality. It is suggested that this section applies to offences involving human beings as such and not the results created due to acts or omissions of the human beings. Thus, the requirement of taking recourse to public authorities arises only when the following two requirements are fulfilled:

(a) There must not be any apprehension of death or grievous hurt (because in that case the concerned person is left with no choice but the instant life saving action) by the act or omission in question, and
(b) Such act or omission must originate out of an active physical participation of human agency and it should not be limited to any act or omission unsupported by its physical presence.

Reading Section 103 along with Section 99 further strengthens this argument. Section 103 provides that the “right of private defence of property” extends, under the restrictions mentioned in Section 99, to the voluntary causing “death” or of any other harm to the wrongdoer, if the offence of robbery, house breaking by night, mischief by fire to certain properties, theft, mischief or house trespass, are committed or attempted to be committed under such circumstances as may reasonably cause apprehension that death or grievous hurt will be the consequence, if such right of private defence is not exercised. A close reading of these sections reveals that these sections are tracing the operation of private defence vis-à-vis human being’s active and physical involvement and not in the sense of malware. This position is made crystal clear if we read the definition of “death” under section 46, which provides that the word “death” denotes death of a human being, unless the contrary appears from the context. It would bring absurd results if we argue that the context in the present situation is talking about the “death of the computer” or the “operating system”. Similarly, it will be unreasonable, in fact unrealistic and imaginary, to argue that for protecting one’s computer from malware, every time recourse to public authorities has to be taken. In fact, the main reason for providing the provisions concerning private defense is that State cannot protect the life and property of the citizen at all times. Thus, as a measure of...


Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo