Cyber Law: The Need for a Dedicated Field of Law

Malaika Naidu
WHAT IS CYBER LAW?

To be able to answer that question we must first understand the meaning of Law. Simply put, law encompasses the rules of conduct, that have been approved by the government, enforced over a certain territory, and must be obeyed by all persons within that territory. Violation of these rules will lead to government sanctions such as imprisonment or fine.

The term cyber or cyberspace signifies everything related to computers, the internet, data, networks, software, data storage devices (such as hard disks, USB disks etc) and even airplanes, ATM machines, baby monitors, biometric devices, bitcoin wallets, CCTV cameras, drones, gaming consoles, health trackers, medical devices, smart-watches, and more.

Thus, a simplified definition of cyber law is that it is the “law governing cyberspace”.

WHAT ABOUT CYBER CRIME?

An interesting definition of cyber-crime was provided in the “Computer Crime: Criminal Justice Resource Manual” published in 1989. According to this manual, cyber-crime covers the following:

  1. Computer Crime
    any violation of specific laws that relate to computer crime,
  2. Computer Related Crime
    violations of criminal law that involve knowledge of computer technology
  3. Computer Abuse
    intentional acts that may or may not be specifically prohibited by criminal statutes.

Any intentional act involving knowledge of computers or technology is computer abuse if any of the perpetrators gained and / or any of the victims suffered.

THE NEED FOR CYBER LAW

The first question that a student of cyber law will ask is whether there is a need for a separate field of law to cover cyberspace. Isn’t conventional law adequate to cover cyberspace?

Let us consider cases where so-called conventional crimes are carried out using computers or the Internet as a tool. Consider cases like spread of pornographic material, criminal threats delivered via email, websites that defame someone or spread racial hatred etc. In all these cases, the computer is merely incidental to the crime. Distributing pamphlets promoting racial enmity is in essence similar to putting up a website promoting such ill feelings.

Of course, it can be argued that when technology is used to commit such crimes, the effect and spread of the crime increases enormously. Printing and distributing pamphlets, even in one locality, are time consuming and expensive tasks while putting up a globally accessible website is very easy.

In such cases, it can be argued that conventional law can handle cyber cases. The Government can simply impose a stricter liability (by way of imprisonment and fines) if the crime is committed using certain specified technologies. A simplified example would be stating that spreading pornography by electronic means should be punished more severely than spreading pornography by conventional means.

Now here’s where it gets mind-numbing…

As long as we are dealing with such issues, conventional law would be adequate. The challenges emerge when we deal with more complex issues such as ‘theft’ of data. Under conventional law, theft relates to “movable property being taken out of the possession of someone”.

The General Clauses Act defines movable property as “property of every description, except immovable property”. The same law defines immovable property as “land, benefits to arise out of land, and things attached to the earth, or permanently fastened to anything attached to the earth”. Movement and possession are ideas in the real world, whereas data becomes fluid and intangible and is an element of the virtual world. However, with only these two definitions at hand, it can be concluded that the computer and by such extension data should be movable property.

Let us examine how such a law (Conventional Law) would apply to a scenario where ‘data is stolen’. Consider a personal computer on which some information is stored. Let us presume that some unauthorized person picks up the computer and takes it away without the permission of the owner. Has (s)he committed theft? Yes, in this case, it is theft.

Question is, theft of what? Theft of the computer? Of the data? Or theft of both?

A) COPYING DATA

Now consider that some unauthorized person simply copies the data from the computer onto his pen drive. Would this be theft? Presuming that the intangible data could be movable property, the concept of theft would still not apply as the possession of the data has not been taken away from the owner. The owner still has the ‘original’ data on the computer under their control. The ‘thief’ simply has a ‘copy’ of that data. In the digital world, the copy and the original are indistinguishable in almost every case.

B) TRUE POSSESSION OF DATA

Consider another illustration on the issue of ‘possession’ of data. Aria uses the email account aria@gmail.com for personal communication. Naturally, a lot of emails, images, documents, etc. are sent and received using this account. The first question is, who ‘possesses’ this email account? Is it Aria because she has the username and password needed to ‘login’ and view the emails? Or it is Google Inc because the emails are stored on their servers?

C) AUTHORISED ACCESS TO DATA

Another question would arise if some unauthorized person obtains Aria’s password. Can it be said that now that person is also in possession of the emails because he has the password to ‘login’ and view the emails?

D) MOBILITY AND JURISDICTION FOR DATA

Another legal challenge emerges because of the ‘mobility’ of data. Let us consider an example of international trade in the conventional world. Aryan purchases steel from a factory in China, uses the steel to manufacture nails in a factory in India, and then sells the nails to a trader in the USA. The various Governments can easily regulate and impose taxes at various stages of this business process.

Now consider that Aryan has shifted to an ‘online’ business. He sits in his house in Pune (India) and uses his computer to create pirated versions of expensive software. He then sells this pirated software through a website (hosted on a server located in Russia). People from all over the world can visit Aryan’s website and purchase the pirated software. Aryan collects the money using a PayPal account that is linked to his bank account in a tax haven country like the Cayman Islands.

It would be extremely difficult for any Government or Authority to trace Aryan’s activities.

It is abundantly clear that for such complexities, amongst many more, that conventional laws are inadequate and insufficient to say the very least.

What do you think? Share your views with us in the comments or DM us on our Social Platforms.

The Importance of Cyber Law

Malaika Naidu

In the simplest words, Cyber Law is any law that concerns cyberspace. This includes everything related to computers, software, data storage devices, cloud storage and even electronic devices such as ATM machines, biometric devices, health trackers and so on. That explanation alone is quite indicative of why today’s digital world needs strict cyber laws. This article will elaborate on that by introducing you to the purpose of cyber law and its relevance in day to day functions.

Some questions to get you thinking:

How do we identify a cyber threat?
Who do we seek help from in case of a cyber-crime?
What can an individual/organisation do to protect itself?
What rights and responsibilities do we have as netizens?

What is Cyber Law?

Commonly called Internet Law, it lays down a framework of rules that dictate and differentiate right from wrong in the ever-elusive cyber world. These laws cover information access, data privacy, communications, intellectual property, personal privacy and freedom of speech, among others. Using cyber laws, one can seek help and recourse from cybercriminal activities such as data theft, identity theft, credit card fraud, malware attacks, the list goes on.

With the increase in Internet traffic, (which is only going to further rise exponentially) there is bound to be a proportionate increase in the number of illegal activities. Given that the internet is a global phenomenon, the burden of cyber safety falls on the whole word. Interestingly, this leads to one of the biggest challenges of cyber law. Generically speaking ‘Law’ in itself is geographically bound which means the law of Country A can typically be implemented only on the citizens and entities of that country and only within its geographical territory. Internet and technology, on the other hand, are boundless and completely agnostic of geographic boundaries.

So, consider your computer (in India) is infected by a ransomware attack, through a code deployed from a computer in Russia by a person sitting in Dubai. Who do you go to for help?

This is just the beginning of why everyone, individuals and organisation alike, should know cyber laws that can help them seek recourse in the unfortunate event that they become victims of cyber-crime. Imagine, in the time you take to read this article, numerous cyber-crimes would have successfully been executed all over the world.

For how convenient our lives have become with technology and the internet, it has made it that much easier for cybercriminals too! Cybercriminals use computers, with all the developments in tech, for their illegal and malicious activities. What started off as a threat to big companies, banks and governments have now become a real threat to average individuals like you and me.  Some of the major issues covered by Cyber Law are:

Fraud

There’s no denying that we live on the internet. Life as we know it would come to a standstill if we were to wake up to a world with no data connectivity. Naturally, this opens us to vulnerabilities like data theft through malware attacks, financial fraud through phishing emails, and identify theft which has been made even simpler through social media. Any unusual activity in your mail, social media platforms, banking apps, or even your photo editing apps should be reported immediately! Always be vigilant with your information and who you share it with.

Copyright

Every time you download a song without paying for it, you are committing a cyber-crime. This extends to all copyrighted material such as books, movies, photographs, etc. Even downloading unlicensed software is a copyright violation. Here the focus of the law is to protect copyright owners like artists, brands and businesses from unauthorised use of their work.

Defamation

Here comes the infamous argument of free speech and exactly what all can one get away with on the internet. Are we allowed to say anything and everything just because we have a personal account on a social media platform? Overarchingly, defamation is any false claim/ statement made about a person or entity to someone other than the victim in question. We are all well aware how rampant this is in the cyber world. As such, defamation is covered under Tort Law in civil cases and/or IPC in case of criminal cases. However, if the defamatory statement is made through an electronic medium, then the IPC has provisions suitable to tackle the matter in cyberspace.

E-Contracts

“I agree to the terms and conditions” – you’d be surprised what all you end up agreeing to when you accept these terms and conditions. The moment you accept those terms, you are entering a legally binding contract. Now the question arises, if that contract is being written up by the company then it’s probably in their favour, so where does that leave you and protection of your data? Unlike regular contracts that usually have a time frame for which the agreement holds true, such as a rent agreement for 11 months, how long are you bound by an e-contract? Is it possible you’ve given Google permission to track your data forever and ever? Think.

Do we really need to say more?

The issues stated above barely scratch the surface of how little awareness we have about cyber law and how much we really, really need it! For example, we know theft is illegal and we understand the legal repercussions of fine and/or imprisonment if a thief is caught. But do you know if you are or are not in violation of copyright when you use images from Google? When you take a screenshot of a conversation without letting the other person know, and you share this screenshot with someone else, is there possibly a cyber-crime there?

             On the flip side, if personal images from your phone are somehow leaked on the internet, are you aware of how to seek help for the same? Is it even possible to get all those images removed from the internet? Imagine you leave your phone unattended, or if it is stolen, and someone makes purchases through apps on your phone like Myntra or Swiggy… Or even transfers money to their own account, what can you do about it? Can the law protect you in that situation?

Food for thought.

If you’d like to know more about the depth of cyber law and its importance, read the follow-up article “Cyber Law: The Need for a Dedicated Field of Law”. If you have any questions or comments, please do reach out to us. You can also get regular news and updates on cyber law on our Instagram and Facebook pages. Don’t miss out!