Computer Crime Research Center

cybercrime/img12.jpg

Cybercrime and cyberterrorism: Preventive defense for cyberspace violations

Date: March 10, 2006
Source: Computer Crime Research Center
By: Praveen Dalal

The aim of this article is to explore how far a person can use the retaliation tactics of preventive defence in India, whose computer has been targeted for a wrong, nuisance, virus attacks, etc. The opinion in this context is sharply divided across the globe and some advocate for its use while others considers it to be an illegal act.

I. Introduction

The information technology is a double edge sword, which can be used for destructive as well as constructive work. Thus, the fate of many ventures depends upon the benign or vice intentions, as the case may be, of the person dealing with and using the technology. For instance, a malicious intention forwarded in the form of hacking, data theft, virus attack, etc can bring only destructive results. These methods, however, may also be used for checking the authenticity, safety and security of one’s technological device, which has been primarily relied upon and trusted for providing the security to a particular organisation. For instance, the creator of the “Sasser worm” has been hired as a “security software programmer” by a German firm, so that he can make firewalls, which will stop suspected files from entering computer systems . This exercise of hiring those persons who are responsible for causing havoc and nuisance is the recognition of the growing and inevitable need of “self protection”, which is recognised in all the countries of the world. In fact, a society without protection in the form of “self help” cannot be visualised in the present electronic era. The content providers, all over the world, have favoured proposed legislations in their respective countries, which allow them to disable copyright infringers’computers. In some countries the software developers have vehemently supported the legislations which allows them to remotely disable the computer violating the terms and conditions of the license allowing the use of the software. This position has, however, given birth to a debate about the desirability, propriety and the legality of a law providing for a disabling effect to these “malware” . The problem is further made complicate due to absence of a uniform law solving the “jurisdictional problem”. The Internet recognises no boundaries; hence the attacker or offender may belong to any part of the world, where the law of the offended country may not be effective. This has strengthened the need for a “techno-legal’ solution rather than a pure legal recourse, which is not effective in the electronic era.

II. Cyber terrorism

The most deadly and destructive consequence of this helplessness is the emergence of the concept of “cyber terrorism”. The traditional concepts and methods of terrorism have taken new dimensions, which are more destructive and deadly in nature. In the age of information technology the terrorists have acquired an expertise to produce the most deadly combination of weapons and technology, which if not properly safeguarded in due course of time, will take its own toll. The damage so produced would be almost irreversible and most catastrophic in nature. In short, we are facing the worst form of terrorism popularly known as "Cyber Terrorism". The expression "cyber terrorism" includes an intentional negative and harmful use of the information technology for producing destructive and harmful effects to the property, whether tangible or intangible, of others. For instance, hacking of a computer system and then deleting the useful and valuable business information of the rival competitor is a part and parcel of cyber terrorism. The definition of "cyber terrorism" cannot be made exhaustive as the nature of crime is such that it must be left to be inclusive in nature. The nature of "cyberspace " is such that new methods and technologies are invented regularly; hence it is not advisable to put the definition in a straightjacket formula or pigeons hole. In fact, the first effort of the Courts should be to interpret the definition as liberally as possible so that the menace of cyber terrorism can be tackled stringently and with a punitive hand. The law dealing with cyber terrorism is, however, not adequate to meet the precarious intentions of these cyber terrorists and requires a rejuvenation in the light and context of the latest developments all over the world. The laws have to take care of the problems originating at the international level because the Internet, through which these terrorist activities are carried out, recognises no boundaries. Thus, a cyber terrorist can collapse the economic structure of a country from a place with which a country may not have any reciprocal arrangements, including an "extradition treaty". The only safeguard in such a situation is to use the latest technology to counter these problems. Thus, a good combination of the latest security technology and a law dealing with cyber terrorism is the need of the hour .

III. Counterstrike through aggressive defence

The concept of counterstrike through aggressive defence presupposes the adoption and use of information technology to produce legitimate and legalized disabling and reasonably destructive effects. Some adopted measures completely destroys the functioning of the offending computer while others simply disable the computer for the time being by either shutting it down or making it temporarily non-functional. Thus, the adopted measure to gain public support and legitimacy must be “proportionate” to the harm that could have caused had that measure not been adopted. For instance, the shutting down of the computer of the person using the malware is permissible whereas the destruction or procurement of data and information stored in such computer, having no connection and association with that malware, may not be commensurate with the protection requirements. Such destruction or procurement of data may be unlawful and perhaps exceed the limits of self-defence. Thus, technology adopted must not only be safe and effective, but it must also be “ legal and law-abiding”. A countermeasure, which is not very accurate, and law abiding would be a remedy worst than the malady and hence it should be avoided. For instance, if a virus has been launched by using a public server, then by disabling that server the genuine and legitimate users will be unnecessarily harassed and they would be denied the services which they are otherwise entitled to. Thus, the countermeasure measure adopted must be job specific and not disproportionate to the injury sought to be remedied.

IV. Indian perspective

In India there is no law, which is specifically dealing with prevention of malware through aggressive defense. Thus, the analogous provisions have to be applied in a purposive manner. The protection against malware attacks can be claimed under the following categories:
(1) Protection available under the Constitution of India, and
(2) Protection available under other statutes.

(1) Protection under the Constitution of India: The protection available under the Constitution of any country is the strongest and the safest one since it is the supreme document and all other laws derive their power and validity from it. If a law satisfies the rigorous tests of the Constitutional validity, then its applicability and validity cannot be challenge and it becomes absolutely binding. The Constitutions of India, like other Constitutions of the world, is organic and living in nature and is capable of molding itself as per the time and requirements of the society. It is presumed that the Parliament intends the court to apply to an ongoing Act a construction that continuously updates its wordings to allow for changes since the Act was initially framed. While it remains law, it has to be treated as always speaking. This means that in its application on any day, the language of the Act though necessarily embedded in its own time, is nevertheless to be construed in accordance with the need to treat it as a current law . We cannot allow the dead hand of the past to stifle the growth of the living present. Law cannot stand still; it must change with the changing social concepts and values. If the bark that protects the tree fails to grow and expand along with the tree, it will either choke the tree or if it is a living tree it will shed that bark and grow a living bark for itself. Similarly, if the law fails to respond to the needs of changing society, then either it will stifle the growth of the society and choke its progress or if the society is vigorous enough, it will cast away the law, which stands in the way of its growth. Law must therefore constantly be on the move adapting itself to the fast-changing society and not lag behind . Thus, horizons of constitutional law are expanding and they can easily tackle the problems of cyber terrorism and the menace of malware. It must be noted that as a general rule the protection of fundamental rights is available against the might of the “ State and its Instrumentalities”. This, however, does not mean that the protection cannot be extended against “Private individuals” having no element and colour of Statehood. There are instances where the Supreme Court has extended the protection of fundamental rights against private individuals. For instance, a writ of Habeas Corpus can be issued, when a person complains of illegal custody or detention of an individual by a private person . Similarly, the Supreme Court has the power to regulate private rights in public interest by legitimately exercising its powers . In Vishaka v State of Rajasthan the Supreme Court held that the protection against sexual harassment at workplace is available even...
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo