Do You Use Torrents?

Malaika Naidu

Torrenting is one of the most popular methods of procuring movies, music, books, games, etc. from the internet. Every day, millions of gigabytes of data are downloaded through torrent engines such as uTorrent. Although the number has reduced with the rise in popularity of streaming websites like Netflix, Amazon Prime, and Hotstar, and music apps like Gaana, Spotify, and YouTube Music, these streaming sites have only marginally reduced the overall amount of torrenting.

What is torrenting and how does it work?

Torrenting is a peer-to-peer (P2P) file-sharing technology where multiple users can connect and share files over a network. When torrenting a file, a peer not only downloads from the source but also from other peers of the torrent, hence facilitating a smoother and faster file transfer.
The more seeders (peers who are downloading the file and uploading it to be used by others) for a torrent, the faster the file will download. The download speed reduces with increase in leechers (peers who download a file but restrict upload from their server to be used by others).

One reason for the popularity of torrenting is that it’s free! Aside from the security risk to your computer, torrenting is a hassle-free process. Of course, this leads to a significant loss of revenue for the content creators like authors, artists, producers, etc. Hence, the entertainment industry is pushing for quicker releases to streaming sites and books are migrating to ebooks and audiobooks; they want to make their content widely available so that users don’t feel compelled to torrent.

Is it safe to use?

Torrent engines such as uTorrent are safe applications made by trusted entities. The problem is the file that you download using these engines. A file could contain malicious content and infect your computer once downloaded. Also, as a P2P system, your IP address is tracked and available to other peers. Also, your ISP may monitor the files that you torrent! Using a VPN is an easy way around this issue. However, that will not prevent you from unintentionally downloading a malicious file.

Is it illegal?

Torrenting is only a system of file sharing between peers and is not illegal in itself. The legality of torrenting depends on the file being downloaded. If the file is not copyrighted, then using torrents to download the file is legal. However, if the file is copyrighted, then downloading it is illegal as per copyright infringement laws. Most countries have laws that protect against intellectual property theft. Any content that is protected under copyright cannot be downloaded off the internet, unless made free by the copyright-holder.

Where does the buck stop?

For that, let’s first identify the actors in this system.

  • Hosts – the organisations behind the torrent websites that hold the torrent files.
  • Peers – users who upload and download files on these websites.
  • Engine Developers – those who create apps like uTorrent to download the files.

Given that torrenting or P2P file exchange is not illegal, the Hosts claim to be without blame in the whole process. Their defence is that they only create a platform for users to upload and download files from. The opposing argument can be that the Hosts bear the responsibility of ensuring that the files uploaded are copyright-free. The Developers who create the torrent engines claim they are completely in the clear as their applications are only used as a medium to download torrent files. Since torrenting is legal, they are clear of blame.

Then come the peers. The Peers that download torrent files claim that they are unaware of which files are copyright free and which are copyrighted. While this is a loose argument, it creates enough grey area to protect them from being convicted of copyright infringement. And finally, the Peers have upload files to these websites. Here again the lines are blurry because each peers is technically a source for the torrent file in question. So, should the blame rest only with the original uploader or also with all the peers? And remember, if it’s a copyrighted file, then even the leeches are to blame.

This is one of the reasons that the conviction rate is very low in cases of illegal torrenting. It’s often unclear whom all the copyright-holders should go after. Often, they only sue the hosts. And from the last decade or so it’s quite clear how easily these hosts are able to avoid the law. One of the oldest websites till date, The Pirate Bay, is caught up in litigation in multiple countries, yet continues to thrive through proxies and regularly changing their domain name.

And finally, there is the matter of jurisdiction. Laws are geographically bound while the world the internet recognises no boundaries, making it near impossible to curb illegal torrenting. Another issue is the degree of severity. The cyber cells in India at least, are short staffed and over-worked. So often they prefer to focus on issues like financial fraud, identity theft, cyberterrorism etc.

Now, this is not all there is to torrenting. There are other aspects like the cost of intellectual property theft and copyright ownership, and even technological aspects like VPNs and the Tor Network. However, for now, it’s important to take note that file sharing or torrenting is legal as long as the files are copyright-free.

What do you think about torrenting? Share your views with us.
And if you’re interested to learn more about this topic, let us know!

Hiding Behind Incognito Browsing

Malaika Naidu

A major hype word and internet trend today is data privacy. Add to this the vulnerability brought in by excess use of social media and the integration of technology into all aspects of our day to day life. You’ll realise it’s a tricky world online. So, what do you do?
“Trust private browsing to protect your online activity and your data.” Well, yes and no.

Private browsing is a privacy feature available with all popular browsers. In Chrome, the most common browser, this feature is called incognito browsing. This feature ensures that while in use, your browser will not save any cookies, passwords, or search results. The main benefit is that if there are multiple users on a single computer, they won’t be able to see each other’s history and usage. However, this does not prevent your Internet Service Provider (ISP) from tracking your online activity.  

When using incognito browsing, a wholly isolated browsing session is launched that does not interact with regular browsing. For example, if you’re logged into your Facebook account on your regular browser and you open Facebook on incognito browser, you can log in with a different account and won’t be automatically logged in. Incognito does not save any passwords or websites visited earlier.

            Now here’s the crux.

Private browsing prevents your browser from saving online activity and passwords, but it cannot stop other applications on your computer from monitoring the same. Spyware, key loggers and third-party programs can continue to collect this data. The same applies to your ISP, routers or main servers at colleges and organisations. Also, when you visit any website, the data bytes leave your computer and travel through the network to the website’s server, where they will get tracked and saved. This cannot be prevented by private browsing.

To reiterate, private browsing only makes sure that no history is saved on your computer,  preventing other users from gaining access to your browsing history.

So, what can you do?

If you really need to mask your online activity, you could try Tor browsing. Tor is an encrypted network that reroutes your traffic through relays, making it difficult to track your actual IP address. This prevents your ISP and any other monitors from viewing your browsing history. And the websites you visit will not be able to log your IP address. Keep in mind, Tor speeds are considerably slower than regular internet browsing due to the relays.

Because of the anonymity that Tor offers, it is often used to bypass internet censorship and intense monitoring. People living under repressive government with strict laws and censorship tend to use Tor networks for access to the internet. However, it’s not a great idea to use Tor for regular browsing. The anonymity is not worth the significantly slower browsing speed.

If you would like to know more about Tor browsing, it’s pros and cons, and how it fits into the legal framework, let us know in the comment. You can also write to us on any of our social media pages. Till then, keep reading, stay updated, be aware!

Safety on Social Media Platforms

Malaika Naidu

The most valuable resource today is not oil, water or fresh air – it’s data! An article in The Economist recently outlined just how valuable this resource is to organisations the world over. It’s alarming how data mining can influence people and hence dictate real events. Now answer this, where can one find unlimited, often unprotected, data?

Yes, Social Media.

What started off as platforms to engage with friends and peers has fast turned into a gateway for all sorts of transactions. Given that social media platforms are not strictly bound by age, almost everyone has an account on at least one such platform - Facebook, Twitter, Instagram, and LinkedIn being the Big Four.

Some still use it for mere entertainment, like a quick scroll through while you wait for your food at a café. But with the sheer reach of these platforms, many now use them as tools to increase or represent their businesses, thereby adding a whole new dimension to the user data now available through these websites/apps.

If you willingly share any valuable data about yourself or those in your life, then you have to be ready for those waiting to misuse it. Internet crime is seeing a marked shift from basic email-related crimes to social media crimes. These include identity theft, photo morphing, romance scams and of course, cyberbullying and cyber stalking! 

Cyberbullying and cyberstalking are becoming serious safety issues. The anonymity of the internet allows people to easily get away with saying or doing things that they probably won’t dare to do in real life. People go out of their way to create fake profiles solely for such purposes. This is why it’s important to connect and interact only with individuals you already know in real life or through trusted connections. However, your vulnerability on social media is not just in your hands.

Let’s assume you take all the required precautions to ensure that you don’t put any personal data on your Instagram account. You only upload photos of your photography. But then a friend of yours puts a photo of you and in the description mentions personal information about you – your birthday, your pet’s name or your parents’ names. Maybe even tags the location to your house. Now, all your effort to keep your personal data offline is slowly getting negated.

Some might ask, how bad can the damage from social media be? Do these crimes even require as much attention as say bank frauds?

Well, a recent report, called Social Media Platforms and the Cybercrime Economy, stated that cybercriminals are earning at least $3.25 billion per year from social media-enabled cybercrime, with the breakdown of earnings being close to:

  • Illegal pharmaceutical sales (i.e. prescription drugs) – $1.9 bn
  • Stolen data sales – $630 m
  • Financial fraud – $290 m
  • Crypto-mining malware – $250 m
  • Romance/dating fraud – $138 m

The crux of the issue is the ease with which cybercriminals can access data of millions of users, globally. We’ve said it often and we continue to stress on it – just as the internet has made our lives easier, faster and more convenient, so has it helped the criminals too! In fact, research states that one out of five large organisations is now potentially infected with malware distributed via social media. Nearly 40% of malware infections are linked to malvertising, add to that 30% that comes from malicious plug-ins and apps.

Yet, don’t worry. As always, you just need to do the basics and you will considerably reduce your vulnerability.

  • Keep your passwords long with mixed characters; change them regularly
  • Approach the internet with distrust – what you see online is rarely a representation of reality
  • If you can’t say it in front of your grandmother, don’t say it on social media
  • Always log out from others’ devices. Ideally, log out from your own phone/laptop too!
  • Regularly update your settings for privacy and content sharing
  • Just because you have connections, doesn’t mean you must accept the friend request
  • Use two-factor authentication!
  • Avoid sharing personal information that can be used against you

And please, if you do witness a cybercrime, report it! If someone you know is posting content that is against the platform’s policies, report! Internet safety is a community effort.

Do you have some safety practices that you would like to share?

Cyber Law: The Need for a Dedicated Field of Law

Malaika Naidu
WHAT IS CYBER LAW?

To be able to answer that question we must first understand the meaning of Law. Simply put, law encompasses the rules of conduct, that have been approved by the government, enforced over a certain territory, and must be obeyed by all persons within that territory. Violation of these rules will lead to government sanctions such as imprisonment or fine.

The term cyber or cyberspace signifies everything related to computers, the internet, data, networks, software, data storage devices (such as hard disks, USB disks etc) and even airplanes, ATM machines, baby monitors, biometric devices, bitcoin wallets, CCTV cameras, drones, gaming consoles, health trackers, medical devices, smart-watches, and more.

Thus, a simplified definition of cyber law is that it is the “law governing cyberspace”.

WHAT ABOUT CYBER CRIME?

An interesting definition of cyber-crime was provided in the “Computer Crime: Criminal Justice Resource Manual” published in 1989. According to this manual, cyber-crime covers the following:

  1. Computer Crime
    any violation of specific laws that relate to computer crime,
  2. Computer Related Crime
    violations of criminal law that involve knowledge of computer technology
  3. Computer Abuse
    intentional acts that may or may not be specifically prohibited by criminal statutes.

Any intentional act involving knowledge of computers or technology is computer abuse if any of the perpetrators gained and / or any of the victims suffered.

THE NEED FOR CYBER LAW

The first question that a student of cyber law will ask is whether there is a need for a separate field of law to cover cyberspace. Isn’t conventional law adequate to cover cyberspace?

Let us consider cases where so-called conventional crimes are carried out using computers or the Internet as a tool. Consider cases like spread of pornographic material, criminal threats delivered via email, websites that defame someone or spread racial hatred etc. In all these cases, the computer is merely incidental to the crime. Distributing pamphlets promoting racial enmity is in essence similar to putting up a website promoting such ill feelings.

Of course, it can be argued that when technology is used to commit such crimes, the effect and spread of the crime increases enormously. Printing and distributing pamphlets, even in one locality, are time consuming and expensive tasks while putting up a globally accessible website is very easy.

In such cases, it can be argued that conventional law can handle cyber cases. The Government can simply impose a stricter liability (by way of imprisonment and fines) if the crime is committed using certain specified technologies. A simplified example would be stating that spreading pornography by electronic means should be punished more severely than spreading pornography by conventional means.

Now here’s where it gets mind-numbing…

As long as we are dealing with such issues, conventional law would be adequate. The challenges emerge when we deal with more complex issues such as ‘theft’ of data. Under conventional law, theft relates to “movable property being taken out of the possession of someone”.

The General Clauses Act defines movable property as “property of every description, except immovable property”. The same law defines immovable property as “land, benefits to arise out of land, and things attached to the earth, or permanently fastened to anything attached to the earth”. Movement and possession are ideas in the real world, whereas data becomes fluid and intangible and is an element of the virtual world. However, with only these two definitions at hand, it can be concluded that the computer and by such extension data should be movable property.

Let us examine how such a law (Conventional Law) would apply to a scenario where ‘data is stolen’. Consider a personal computer on which some information is stored. Let us presume that some unauthorized person picks up the computer and takes it away without the permission of the owner. Has (s)he committed theft? Yes, in this case, it is theft.

Question is, theft of what? Theft of the computer? Of the data? Or theft of both?

A) COPYING DATA

Now consider that some unauthorized person simply copies the data from the computer onto his pen drive. Would this be theft? Presuming that the intangible data could be movable property, the concept of theft would still not apply as the possession of the data has not been taken away from the owner. The owner still has the ‘original’ data on the computer under their control. The ‘thief’ simply has a ‘copy’ of that data. In the digital world, the copy and the original are indistinguishable in almost every case.

B) TRUE POSSESSION OF DATA

Consider another illustration on the issue of ‘possession’ of data. Aria uses the email account aria@gmail.com for personal communication. Naturally, a lot of emails, images, documents, etc. are sent and received using this account. The first question is, who ‘possesses’ this email account? Is it Aria because she has the username and password needed to ‘login’ and view the emails? Or it is Google Inc because the emails are stored on their servers?

C) AUTHORISED ACCESS TO DATA

Another question would arise if some unauthorized person obtains Aria’s password. Can it be said that now that person is also in possession of the emails because he has the password to ‘login’ and view the emails?

D) MOBILITY AND JURISDICTION FOR DATA

Another legal challenge emerges because of the ‘mobility’ of data. Let us consider an example of international trade in the conventional world. Aryan purchases steel from a factory in China, uses the steel to manufacture nails in a factory in India, and then sells the nails to a trader in the USA. The various Governments can easily regulate and impose taxes at various stages of this business process.

Now consider that Aryan has shifted to an ‘online’ business. He sits in his house in Pune (India) and uses his computer to create pirated versions of expensive software. He then sells this pirated software through a website (hosted on a server located in Russia). People from all over the world can visit Aryan’s website and purchase the pirated software. Aryan collects the money using a PayPal account that is linked to his bank account in a tax haven country like the Cayman Islands.

It would be extremely difficult for any Government or Authority to trace Aryan’s activities.

It is abundantly clear that for such complexities, amongst many more, that conventional laws are inadequate and insufficient to say the very least.

What do you think? Share your views with us in the comments or DM us on our Social Platforms.

Math Money: A simple introduction to crypto-currencies

Math Money : A simple introduction to crypto-currencies

Crypto-currencies (bitcoin et al) have caught the attention of Governments, enforcement agencies, geeks and the general public.

This document provides a simple introduction to crypto-currencies and briefly introduces terms such as cryptography, hash functions, proof-of-work, digital signatures, mining, merkle root & tree, crypto-currency addresses and wallets.

This document is intended for the novice reader and may suffer from errors inherent when a complex topic is (over?) simplified.

Download the document (PDF: 164 KB) from:
https://asianlaws.org/docs/Math_Money.pdf

The ASCL ecosystem

When you enrol for a premium plus course with Asian School of Cyber Laws (CCI+, CFA+, IPCL+, CT+), you don't get just a course. You get the super-awesome ASCL experience:

1. Mentor
Each plus student is allotted a mentor for guidance through the course. Your mentor is available through email, google hangout and whatsapp. ASCL mentors are experts with 15+ years of solid real-world experience in the field of cyber crime control and cyber law.

2. ASCL official courseware
All ASCL official courseware is designed, built and updated by experts with 15+ years of solid real-world experience in the field of cyber crime control and cyber law. ASCL official courseware is provided to students in digital as well as paper form.

3. ASCL Case studies
Our case studies are simulations based on actual cases that ASCL experts have solved over the last 16 years.

4. Reference material
Our reference material is curated by our experts from the best and most credible sources. This consists of research papers, eBooks, reports and more.

5. Contact classes
We conduct contact classes for our plus courses at Mumbai, Pune, Goa & Bangalore. These classes facilitate face-to-face interaction and query resolution with our experts. Contact classes also help you connect and network with other students.

6. COIN
As an ASCL student (and alumni) you get exclusive access to the Collaborative Online Investigation Network (COIN). This is an interactive platform empowering the world's enforcement agencies to tackle cyber crime & other cases involving digital evidence. COIN contains 1000+ checkpoints, info-blocks and warnings for investigation & forensics (cyber and non-cyber), field guides, a collaboration platform, intelligence network, suspect tracker and tons more. Check it out at www.coin.org.in

7. Conference on Cyber Crime Control (c4)
From 2016 onwards, plus students will get special access to India's #1 cyber crime control conference. For details on this year's conference, please visit: http://www.cyber.edu.in

8. Special projects
Our best students get opportunities to intern with enforcement agencies on cutting edge projects. They also get to work with the ASCL Cyber Task Force which identifies remedial, legal, legislative and policy solutions to problem issues in cyberspace.

9. Student of the month
Get global recognition by winning the ASCL student of the month award.

10. Special visits
We are working hard to set up special visits to some of the best forensic labs and investigation centers.

11. ASCL Alumni network
The ASCL Alumni network helps you to re-connect with former friends and classmates, network with ASCL alumni and even earn points for referring students to do ASCL courses.

7 steps to building an awesome career in cyber crime control

2014 was the most active year as far as cyber criminals are concerned.

The victims were some of the world's largest banks, retailers, online businesses, entertainment companies, telecom giants, insurance companies, hospitals, oil companies & aerospace companies.

And governments, municipalities, tax departments, police departments and super-secret agencies.

And countless cars, CCTV cameras & bitcoin wallets.

And the list goes on...

The massive hacks and cyber-attacks of 2014 have led to a huge increase in awareness about the impact of cyber crime.

Companies, law enforcement and individuals have begun to realise the urgent need for expertise in cyber crime investigation, computer forensics, cyber law and cyber security.

In such an environment it's not too difficult to build a super-awesome career in cyber crime control if you follow these 7 steps:

1. Create awesome content

  • Write great articles and submit them to popular websites, blogs, magazines and journals.
  • Develop interesting case studies and pose these challenges on public forums.
  • Also work on cutting edge research papers concerning latest advancements in cyber crime control.
  • Answer questions and raise discussions on platforms such as Quora, LinkedIn, Twitter etc.

2. Network like a champ

Networking is about making connections and building enduring, mutually beneficial relationships. Ultimately, it's not just what you know, it's also who you know that matters.

  • Join relevant industry organizations.
  • Learn to use Linkedin like a pro.

3. Attend conferences

Conferences are a great platform for learning from the gurus, information sharing and networking.

It's even better if you get a chance to speak at good conferences.

4. Help the local police

Volunteer with the local police and make sure you do a great job helping them crack cases and spreading awareness.

They may not give you any money, but it will be great for your branding and also open up possible avenues to work full-time with law enforcement agencies all over the country.

5. Spread awareness in schools and colleges

Volunteer to give cyber crime and security awareness lectures in schools and colleges. It will do a world of good for your reputation as an expert in the field.

6. Go social

  • Build and maintain an awesome profile on popular social media platforms like Facebook and LinkedIn.
  • Maintain a blog and regularly post relevant news and articles.
  • Maintain and regularly update a personal website.

7. Spread the word about ASCL

You have worked really hard to get certified from Asian School of Cyber Laws. Your credibility will grow enormously when you assert yourself as part of an organization that is a global pioneer in the field of cyber law and cyber crime investigation. Ensure that the certification you receive from ASCL receives the appreciation it deserves.

Keep coming back to this post - we are going to regularly update it. Send in your comments and feedback to info@asianlaws.org