WHAT IS CYBER LAW?
To be able to answer that question we must first understand the meaning of Law. Simply put, law encompasses the rules of conduct, that have been approved by the government, enforced over a certain territory, and must be obeyed by all persons within that territory. Violation of these rules will lead to government sanctions such as imprisonment or fine.
The term cyber or cyberspace signifies everything related to computers, the internet, data, networks, software, data storage devices (such as hard disks, USB disks etc) and even airplanes, ATM machines, baby monitors, biometric devices, bitcoin wallets, CCTV cameras, drones, gaming consoles, health trackers, medical devices, smart-watches, and more.
Thus, a simplified definition of cyber law is that it is the “law governing cyberspace”.
WHAT ABOUT CYBER CRIME?
An interesting definition of cyber-crime was provided in the “Computer Crime: Criminal Justice Resource Manual” published in 1989. According to this manual, cyber-crime covers the following:
- Computer Crime
any violation of specific laws that relate to computer crime,
- Computer Related Crime
violations of criminal law that involve knowledge of computer technology
- Computer Abuse
intentional acts that may or may not be specifically prohibited by criminal statutes.
Any intentional act involving knowledge of computers or technology is computer abuse if any of the perpetrators gained and / or any of the victims suffered.
THE NEED FOR CYBER LAW
The first question that a student of cyber law will ask is whether there is a need for a separate field of law to cover cyberspace. Isn’t conventional law adequate to cover cyberspace?
Let us consider cases where so-called conventional crimes are carried out using computers or the Internet as a tool. Consider cases like spread of pornographic material, criminal threats delivered via email, websites that defame someone or spread racial hatred etc. In all these cases, the computer is merely incidental to the crime. Distributing pamphlets promoting racial enmity is in essence similar to putting up a website promoting such ill feelings.
Of course, it can be argued that when technology is used to commit such crimes, the effect and spread of the crime increases enormously. Printing and distributing pamphlets, even in one locality, are time consuming and expensive tasks while putting up a globally accessible website is very easy.
In such cases, it can be argued that conventional law can handle cyber cases. The Government can simply impose a stricter liability (by way of imprisonment and fines) if the crime is committed using certain specified technologies. A simplified example would be stating that spreading pornography by electronic means should be punished more severely than spreading pornography by conventional means.
Now here’s where it gets mind-numbing…
As long as we are dealing with such issues, conventional law would be adequate. The challenges emerge when we deal with more complex issues such as ‘theft’ of data. Under conventional law, theft relates to “movable property being taken out of the possession of someone”.
The General Clauses Act defines movable property as “property of every description, except immovable property”. The same law defines immovable property as “land, benefits to arise out of land, and things attached to the earth, or permanently fastened to anything attached to the earth”. Movement and possession are ideas in the real world, whereas data becomes fluid and intangible and is an element of the virtual world. However, with only these two definitions at hand, it can be concluded that the computer and by such extension data should be movable property.
Let us examine how such a law (Conventional Law) would apply to a scenario where ‘data is stolen’. Consider a personal computer on which some information is stored. Let us presume that some unauthorized person picks up the computer and takes it away without the permission of the owner. Has (s)he committed theft? Yes, in this case, it is theft.
Question is, theft of what? Theft of the computer? Of the data? Or theft of both?
A) COPYING DATA
Now consider that some unauthorized person simply copies the data from the computer onto his pen drive. Would this be theft? Presuming that the intangible data could be movable property, the concept of theft would still not apply as the possession of the data has not been taken away from the owner. The owner still has the ‘original’ data on the computer under their control. The ‘thief’ simply has a ‘copy’ of that data. In the digital world, the copy and the original are indistinguishable in almost every case.
B) TRUE POSSESSION OF DATA
Consider another illustration on the issue of ‘possession’ of data. Aria uses the email account email@example.com for personal communication. Naturally, a lot of emails, images, documents, etc. are sent and received using this account. The first question is, who ‘possesses’ this email account? Is it Aria because she has the username and password needed to ‘login’ and view the emails? Or it is Google Inc because the emails are stored on their servers?
C) AUTHORISED ACCESS TO DATA
Another question would arise if some unauthorized person obtains Aria’s password. Can it be said that now that person is also in possession of the emails because he has the password to ‘login’ and view the emails?
D) MOBILITY AND JURISDICTION FOR DATA
Another legal challenge emerges because of the ‘mobility’ of data. Let us consider an example of international trade in the conventional world. Aryan purchases steel from a factory in China, uses the steel to manufacture nails in a factory in India, and then sells the nails to a trader in the USA. The various Governments can easily regulate and impose taxes at various stages of this business process.
Now consider that Aryan has shifted to an ‘online’ business. He sits in his house in Pune (India) and uses his computer to create pirated versions of expensive software. He then sells this pirated software through a website (hosted on a server located in Russia). People from all over the world can visit Aryan’s website and purchase the pirated software. Aryan collects the money using a PayPal account that is linked to his bank account in a tax haven country like the Cayman Islands.
It would be extremely difficult for any Government or Authority to trace Aryan’s activities.
It is abundantly clear that for such complexities, amongst many more, that conventional laws are inadequate and insufficient to say the very least.
What do you think? Share your views with us in the comments or DM us on our Social Platforms.