Cybercrime and cyberterrorism: Preventive defense for cyberspace violations

Date: March 10, 2006
Source: Computer Crime Research Center
By: Praveen Dalal

... Thus, to this extent, and in this sense only, Section 103 is subject to section 99. This interpretation satisfies the conflicting interests of private defence of information technology and the proportionate action required to be taken by the person exercising the private defence. This is not the end of this matter. Sections 99 and 103 must be interpreted in the light of Section 105 to make them meaningful. Section 105 of the Code provides that the right of private defence of property commences as soon as a reasonable apprehension of danger to property commences. There is a possibility that a particular malware may not give rise to such apprehension at all because of its programming and operational specifications. In such a case, the owner of the information technology comes to its knowledge when the damage has already been done. In such a situation no useful purpose will be served by approaching the public authorities, as they cannot undo what has already been done. To avoid such an eventuality, it is advisable to adopt precautionary technological measures, since precaution is always better than the cumbersome and expensive cure. As a concluding argument it may be pointed out that, by virtue of Section 40 of the Code, the right of private defence is allowed against offences committed under the “special laws” as well. In India the Information Technology Act, 2000 (ITA) is a special law applicable to matters pertaining to information technology. Thus, the provisions pf private defence will also take their colour from it. In case there is a conflict between the provisions of the Code and the ITA, the latter will prevail. Fortunately, there is no conflict between the provisions of the Code and ITA, hence the interpretation given to the sections, as mentioned above, together with a purposive interpretation of the provisions of the ITA would be sufficient to take care of the principles governing private defence of technological property, including the Intellectual property Rights stored in it.

(xiii) Section 268 of the Code talks about public nuisance which is an offence against the public either by doing a thing which tends to annoy the community in general, or by neglecting to do anything which he common good requires. It cannot be disputed that viruses and worms are perfect examples of public nuisance and the person launching them can be prosecuted under this section.

(xiv) Section 378 of the code provides that whoever dishonestly misappropriates or converts to his own use any moveable property, he shall be punished with the specified punishment. As per the section it is not necessary that the finder should know who is the owner of the property or that any particular person is the owner of it. It is sufficient is, at the time of appropriating it; he dos not believe to be his own property. It must be noted that wrongfully gaining data from the computer of another through hacking or violating the copyright of a software developer by illegally downloading it could be safely treated as criminal misappropriation of property within the meaning of this section. Similarly, the data derived or software may be sold or used for commercial purposes. In such a situation, the offender converts that property for his own use and is liable to be prosecuted under this section.

(xv) Section 425 provides that whoever, with intent to cause, or knowing that he is likely to cause, wrongful loss or damage to the public or to any person, causes the destruction of any property, or any such change in any property or in the situation thereof as destroys or diminishes its value or utility or affects injuriously, commits mischief.
Explanation 1 to the section provides that it is not essential to the offence of mischief that the offender should intend to cause loss or damage to the owner of the property injured or destroyed. It is sufficient if he intends to cause, or knows that he is likely to cause, wrongful loss or damage to any person by injuring any property, whether it belongs to that person or not. This section is directly applicable to any mischief caused by malware. The applicability of the section is very wide and it is capable of taking care of all sorts of mischief through malware.

(B) Protection under I.T.Act, 2000: The menace created by the malware can be effectively curbed only if we supplement the provisions of the I.P.C with the stringent provisions of the Information Technology Act, 2000. It must be appreciated that there is nothing, which prevent the Courts from combining provisions of various statutes to do the complete justice; so long the provisions can operate in the presence of each other. If, however, the provisions contained in the different enactments are in conflict with each other and are irreconcilable, then the statute later in point of time will prevail due to its overriding provisions. Further, there is presumption against a repeal by implication; and the reason of this rule is based on the theory that the Legislature while enacting a law has a complete knowledge of the existing laws on the same subject matter, and therefore, when it does not provide a repealing provision, the intention is clear not to repeal the existing legislation . When the new Act contains a repealing section mentioning the Acts, which it expressly repeals, the presumption against implied repeal of other laws is further strengthened on the principle that the express intention of one person or thing is the exclusion of another. Thus, with the enactment I.T.A, the Indian Penal Code, 1860 is neither expressly nor impliedly repealed and the provisions of I.T.A can be supplemented with the provisions of I.P.C to do complete justice.
The protection of I.T.A can be claimed for:
(a) Preventing privacy violations,
(b) Preventing information and data theft,
(c) Preventing distributed denial of services attack (DDOS), and
(d) Preventing network damage and destruction.

(a) Prevention of privacy violations: The law of privacy is the recognition of the individual's right to be let alone and to have his personal space inviolate. The right to privacy as an independent and distinctive concept originated in the field of Tort law, under which a new cause of action for damages resulting from unlawful invasion of privacy was recognised. In recent times, however, this right has acquired a constitutional status , the violation of which attracts both civil as well as criminal consequences under the respective laws. The intensity and complexity of life have rendered necessary some retreat from the world. Man under the refining influence of culture, has become sensitive to publicity, so that solitude and privacy have become essential to the individual. Modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury . Right to privacy is a part of the right to life and personal liberty enshrined under Article 21 of the Constitution of India. With the advent of information technology the traditional concept of right to privacy has taken new dimensions, which require a different legal outlook. To meet this challenge recourse of Information Technology Act, 2000 can be taken. The various provisions of the Act aptly protect the online privacy rights of the netizens. Certain acts have been categorised as offences and contraventions, which have tendency to intrude with the privacy rights of the netizens. These rights are available against the offenders using the malware. Section 1 (2) read with Section 75 of the Act provides for an extra-territorial application of the provisions of the Act. Thus, if a person (including a foreign national) contravenes the privacy of an individual by means of computer, computer system or computer network located in India, he would be liable under the provisions of the Act .

(b) Prevention of information and data theft: The information technology can be misused for appropriating the valuable Government secrets and data of private individuals and the Government and its agencies. A computer network owned by the Government may contain valuable information concerning defence and other top secrets, which the Government will not wish to share otherwise. In R.K. Dalmia v Delhi Administration the Supreme Court held that the word "property" is used in the I.P.C in a much wider sense than the expression "movable property". There is no good reason to restrict the meaning of the word "property" to moveable property only, when it is used without any qualification. Whether the offence defined in a particular section of IPC can be committed in respect of any particular kind of property, will depend not on the interpretation of the word "property" but on the fact whether that particular kind of property can be subject to the acts covered by that section. Thus, if any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network -
(a) accesses or secures access to such computer, computer system or computer network.
(b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
(c) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected . The expression "Damage" means to destroy, alter, delete, add, modify or re-arrange any computer resource by any means . These provisions make it clear that secret information appropriation and data theft by use of malware...

---

Add comment  Email to a Friend