Safety on Social Media Platforms

Malaika Naidu

The most valuable resource today is not oil, water or fresh air – it’s data! An article in The Economist recently outlined just how valuable this resource is to organisations the world over. It’s alarming how data mining can influence people and hence dictate real events. Now answer this, where can one find unlimited, often unprotected, data?

Yes, Social Media.

What started off as platforms to engage with friends and peers has fast turned into a gateway for all sorts of transactions. Given that social media platforms are not strictly bound by age, almost everyone has an account on at least one such platform - Facebook, Twitter, Instagram, and LinkedIn being the Big Four.

Some still use it for mere entertainment, like a quick scroll through while you wait for your food at a café. But with the sheer reach of these platforms, many now use them as tools to increase or represent their businesses, thereby adding a whole new dimension to the user data now available through these websites/apps.

If you willingly share any valuable data about yourself or those in your life, then you have to be ready for those waiting to misuse it. Internet crime is seeing a marked shift from basic email-related crimes to social media crimes. These include identity theft, photo morphing, romance scams and of course, cyberbullying and cyber stalking! 

Cyberbullying and cyberstalking are becoming serious safety issues. The anonymity of the internet allows people to easily get away with saying or doing things that they probably won’t dare to do in real life. People go out of their way to create fake profiles solely for such purposes. This is why it’s important to connect and interact only with individuals you already know in real life or through trusted connections. However, your vulnerability on social media is not just in your hands.

Let’s assume you take all the required precautions to ensure that you don’t put any personal data on your Instagram account. You only upload photos of your photography. But then a friend of yours puts a photo of you and in the description mentions personal information about you – your birthday, your pet’s name or your parents’ names. Maybe even tags the location to your house. Now, all your effort to keep your personal data offline is slowly getting negated.

Some might ask, how bad can the damage from social media be? Do these crimes even require as much attention as say bank frauds?

Well, a recent report, called Social Media Platforms and the Cybercrime Economy, stated that cybercriminals are earning at least $3.25 billion per year from social media-enabled cybercrime, with the breakdown of earnings being close to:

  • Illegal pharmaceutical sales (i.e. prescription drugs) – $1.9 bn
  • Stolen data sales – $630 m
  • Financial fraud – $290 m
  • Crypto-mining malware – $250 m
  • Romance/dating fraud – $138 m

The crux of the issue is the ease with which cybercriminals can access data of millions of users, globally. We’ve said it often and we continue to stress on it – just as the internet has made our lives easier, faster and more convenient, so has it helped the criminals too! In fact, research states that one out of five large organisations is now potentially infected with malware distributed via social media. Nearly 40% of malware infections are linked to malvertising, add to that 30% that comes from malicious plug-ins and apps.

Yet, don’t worry. As always, you just need to do the basics and you will considerably reduce your vulnerability.

  • Keep your passwords long with mixed characters; change them regularly
  • Approach the internet with distrust – what you see online is rarely a representation of reality
  • If you can’t say it in front of your grandmother, don’t say it on social media
  • Always log out from others’ devices. Ideally, log out from your own phone/laptop too!
  • Regularly update your settings for privacy and content sharing
  • Just because you have connections, doesn’t mean you must accept the friend request
  • Use two-factor authentication!
  • Avoid sharing personal information that can be used against you

And please, if you do witness a cybercrime, report it! If someone you know is posting content that is against the platform’s policies, report! Internet safety is a community effort.

Do you have some safety practices that you would like to share?

Safety Tips for Net-Banking

Malaika Naidu

From immediate money transfers to quick online payments, there are many perks to online banking. It comes as no surprise that India, and the world, is becoming increasingly comfortable with online banking. However, with so many people going online to manage their money, threats have arisen at an even faster rate. Hackers and cybercriminals are better equipped to commit financial fraud with these increased vulnerabilities. So, you need to be better protected and prepared for the consequences.

Don’t resign yourself to a world of unsafe banking. And obviously, you can’t move away from it because honestly, it’s convenient and super-efficient. Also, it reduces our carbon footprint by removing all the paper that would otherwise be required in traditional transactions. Now, let’s learn how you can protect your money.
Here are some simple online-banking security tips you can practice to increase your data protection and money security.

1) Don’t Use Public Wi-Fi Networks

Public Wi-Fi networks or shared networks have reduced security and are not remotely as encrypted as your home networks or mobile data. Hackers and cyber criminals work at exploiting exactly these network vulnerabilities. And once they gain access, your data is as good as gone.

2) Verify the URL for “https”

This should become a practice in general when browsing online. Always, always, ALWAYS look for ‘https’ when doing online money transactions, along with the little lock icon in the beginning of the URL bar / website address bar. This means the website is encrypted and converts data into undecipherable content before sharing over the internet. So, if a hacker/cyber-criminal intercepts the data, they won’t be able to make sense of it.

3) Automatic Login is Like Begging to be Hacked!

Automatic login, though not recommended, it still okay for your social media accounts, e-commerce accounts like Amazon, streaming platforms like Netflix, but it is a DEFINITE NO for anything to do with finances. For any online transactions, make sure the browser isn’t automatically saving your data, even on your personal devices!

4) Email and Text Scams

Your bank will NEVER call you for any private details like ATM PIN and net banking password. Even to verify your account, your bank will only ask you for details like your phone number and birth date, maybe address at best. Be wary of such phishing attacks. Any notification for a free iPhone or a lottery in exchange for bank details should be deleted and forgotten. And if you do make a mistake, immediately notify your bank!

5) Strong Password. STRONG Password.

At this point, we’re starting to sound like parrots. Or stuck tape recorders. Anything you do online should have a strong password. Anything you do online with money should have a password stronger than Hercules + Zeus + The Avengers + Wonder Woman too!
Remember, a strong password doesn’t have to be complicated. It just needs a little effort. Apart from alpha-numeric with symbols, mix it up with uncommon words or use languages other than English. It’s really time we smarten up.

6) Banking Apps and Websites

Though the market has apps and websites that offer to control all your bank accounts using a single platform, don’t take them up on their offer! Some of these apps may even be verified, but their encryption and safety standards will never compare to the bank’s own app/website. Banking should be done only and solely on the verified application or website of the concerned bank.   

7) Turn off Bluetooth and Hotspot

Using these features reduces your encryption ever so slightly to allow easier connectivity. Though marginally, your phone is more vulnerable than it would otherwise be when these are switched off. Especially if you’re in a café or any place where there are many open channels. You can always turn them back on after you have finished your online banking.

8) Check your Account Statement

Check your account statement as regularly as you check your mail / Facebook / Instagram or whatever else. It takes about 3 minutes to open the banking app and just glance at the last 4-5 transactions. If anything seems odd or suspicious, immediately verify with your bank. It is better to be safe than sorry!

9) Be Vigilant

If you’re using your laptop, never conduct banking transactions with multiple tabs running simultaneously. On your mobile, close all apps before launching your banking app. And this goes without saying but – do NOT leave your laptop or phone unattended with any banking apps / websites open. In fact, if you’re going to walk away from your laptop / mobile, always lock the screen!

In the unfortunate circumstance that you are a victim of any financial fraud despite all the steps discussed above, here’s what you can do.

Reach out to your bank immediately. In the case of online banking, they will immediately lock your account till further notice. If it’s an issue with cards, they will disable the cards immediately. Next, file a complaint (FIR) with the nearest police station. If it’s a cybercrime issue, the police station is obligated to forward your case to the cyber cell. If the police station refuses to take your complaint and pushes you to go to the cyber cell yourself, stand your ground and insist on the FIR. However, if you want, you can file a case with both.

But, don’t depend on these systems to ensure you will get your money back. It is always better to prevent crime altogether. Small precautions can go a long way in protecting your money.
Do you have any cases you would like to share with us?

Aadhar + Social Media > Privacy?

Antony Clement Rubin and Janani Krishnamurthy were until recently unknown names in the field of law. Then they went to town questioning our very understanding of privacy.

They filed PILs in the Madras High Court asking for authentication of identity on social media. Their reason – to curb cyberbullying and instances of defamatory posts on social media.

Their demand? That Aadhar be linked to people’s social media profiles.

Advocate General K K Venugopal appeared on behalf of the Tamil Nadu government in the Supreme Court and presented this demand as a solution to curbing fake news and defamatory, anti-national and terror-sponsoring articles and porn on social media.

Social media giant Facebook has taken a stand against the motion. No surprises there. Facebook claims that such linking will violate users’ privacy. It has also said that it will be impossible for it to share Aadhar over Whatsapp as the platform has end-to-end encryption and that even Facebook cannot access it.

So, what happens if the Court grants this petition? It may mean the end of privacy on social media. It may also very well lead the way to a drastic drop in online defamatory posts, rumour mongering, anti-national posts etc. Social media platforms across the board may overnight become powerful tools for surveillance.

Then, there are the approximately 10 crore “niraadhars” of India. Those who have not registered for Aadhar. What happens to them? Do their social media accounts get disabled?

Whatever the decision of the apex court, this petition has certainly raised some important privacy vs. cybercrime considerations.

What would your decision be? We’d love to hear what you have to say about this. Do share your views with us!

Cyber Law: The Need for a Dedicated Field of Law

Malaika Naidu
WHAT IS CYBER LAW?

To be able to answer that question we must first understand the meaning of Law. Simply put, law encompasses the rules of conduct, that have been approved by the government, enforced over a certain territory, and must be obeyed by all persons within that territory. Violation of these rules will lead to government sanctions such as imprisonment or fine.

The term cyber or cyberspace signifies everything related to computers, the internet, data, networks, software, data storage devices (such as hard disks, USB disks etc) and even airplanes, ATM machines, baby monitors, biometric devices, bitcoin wallets, CCTV cameras, drones, gaming consoles, health trackers, medical devices, smart-watches, and more.

Thus, a simplified definition of cyber law is that it is the “law governing cyberspace”.

WHAT ABOUT CYBER CRIME?

An interesting definition of cyber-crime was provided in the “Computer Crime: Criminal Justice Resource Manual” published in 1989. According to this manual, cyber-crime covers the following:

  1. Computer Crime
    any violation of specific laws that relate to computer crime,
  2. Computer Related Crime
    violations of criminal law that involve knowledge of computer technology
  3. Computer Abuse
    intentional acts that may or may not be specifically prohibited by criminal statutes.

Any intentional act involving knowledge of computers or technology is computer abuse if any of the perpetrators gained and / or any of the victims suffered.

THE NEED FOR CYBER LAW

The first question that a student of cyber law will ask is whether there is a need for a separate field of law to cover cyberspace. Isn’t conventional law adequate to cover cyberspace?

Let us consider cases where so-called conventional crimes are carried out using computers or the Internet as a tool. Consider cases like spread of pornographic material, criminal threats delivered via email, websites that defame someone or spread racial hatred etc. In all these cases, the computer is merely incidental to the crime. Distributing pamphlets promoting racial enmity is in essence similar to putting up a website promoting such ill feelings.

Of course, it can be argued that when technology is used to commit such crimes, the effect and spread of the crime increases enormously. Printing and distributing pamphlets, even in one locality, are time consuming and expensive tasks while putting up a globally accessible website is very easy.

In such cases, it can be argued that conventional law can handle cyber cases. The Government can simply impose a stricter liability (by way of imprisonment and fines) if the crime is committed using certain specified technologies. A simplified example would be stating that spreading pornography by electronic means should be punished more severely than spreading pornography by conventional means.

Now here’s where it gets mind-numbing…

As long as we are dealing with such issues, conventional law would be adequate. The challenges emerge when we deal with more complex issues such as ‘theft’ of data. Under conventional law, theft relates to “movable property being taken out of the possession of someone”.

The General Clauses Act defines movable property as “property of every description, except immovable property”. The same law defines immovable property as “land, benefits to arise out of land, and things attached to the earth, or permanently fastened to anything attached to the earth”. Movement and possession are ideas in the real world, whereas data becomes fluid and intangible and is an element of the virtual world. However, with only these two definitions at hand, it can be concluded that the computer and by such extension data should be movable property.

Let us examine how such a law (Conventional Law) would apply to a scenario where ‘data is stolen’. Consider a personal computer on which some information is stored. Let us presume that some unauthorized person picks up the computer and takes it away without the permission of the owner. Has (s)he committed theft? Yes, in this case, it is theft.

Question is, theft of what? Theft of the computer? Of the data? Or theft of both?

A) COPYING DATA

Now consider that some unauthorized person simply copies the data from the computer onto his pen drive. Would this be theft? Presuming that the intangible data could be movable property, the concept of theft would still not apply as the possession of the data has not been taken away from the owner. The owner still has the ‘original’ data on the computer under their control. The ‘thief’ simply has a ‘copy’ of that data. In the digital world, the copy and the original are indistinguishable in almost every case.

B) TRUE POSSESSION OF DATA

Consider another illustration on the issue of ‘possession’ of data. Aria uses the email account aria@gmail.com for personal communication. Naturally, a lot of emails, images, documents, etc. are sent and received using this account. The first question is, who ‘possesses’ this email account? Is it Aria because she has the username and password needed to ‘login’ and view the emails? Or it is Google Inc because the emails are stored on their servers?

C) AUTHORISED ACCESS TO DATA

Another question would arise if some unauthorized person obtains Aria’s password. Can it be said that now that person is also in possession of the emails because he has the password to ‘login’ and view the emails?

D) MOBILITY AND JURISDICTION FOR DATA

Another legal challenge emerges because of the ‘mobility’ of data. Let us consider an example of international trade in the conventional world. Aryan purchases steel from a factory in China, uses the steel to manufacture nails in a factory in India, and then sells the nails to a trader in the USA. The various Governments can easily regulate and impose taxes at various stages of this business process.

Now consider that Aryan has shifted to an ‘online’ business. He sits in his house in Pune (India) and uses his computer to create pirated versions of expensive software. He then sells this pirated software through a website (hosted on a server located in Russia). People from all over the world can visit Aryan’s website and purchase the pirated software. Aryan collects the money using a PayPal account that is linked to his bank account in a tax haven country like the Cayman Islands.

It would be extremely difficult for any Government or Authority to trace Aryan’s activities.

It is abundantly clear that for such complexities, amongst many more, that conventional laws are inadequate and insufficient to say the very least.

What do you think? Share your views with us in the comments or DM us on our Social Platforms.

The Importance of Cyber Law

Malaika Naidu

In the simplest words, Cyber Law is any law that concerns cyberspace. This includes everything related to computers, software, data storage devices, cloud storage and even electronic devices such as ATM machines, biometric devices, health trackers and so on. That explanation alone is quite indicative of why today’s digital world needs strict cyber laws. This article will elaborate on that by introducing you to the purpose of cyber law and its relevance in day to day functions.

Some questions to get you thinking:

How do we identify a cyber threat?
Who do we seek help from in case of a cyber-crime?
What can an individual/organisation do to protect itself?
What rights and responsibilities do we have as netizens?

What is Cyber Law?

Commonly called Internet Law, it lays down a framework of rules that dictate and differentiate right from wrong in the ever-elusive cyber world. These laws cover information access, data privacy, communications, intellectual property, personal privacy and freedom of speech, among others. Using cyber laws, one can seek help and recourse from cybercriminal activities such as data theft, identity theft, credit card fraud, malware attacks, the list goes on.

With the increase in Internet traffic, (which is only going to further rise exponentially) there is bound to be a proportionate increase in the number of illegal activities. Given that the internet is a global phenomenon, the burden of cyber safety falls on the whole word. Interestingly, this leads to one of the biggest challenges of cyber law. Generically speaking ‘Law’ in itself is geographically bound which means the law of Country A can typically be implemented only on the citizens and entities of that country and only within its geographical territory. Internet and technology, on the other hand, are boundless and completely agnostic of geographic boundaries.

So, consider your computer (in India) is infected by a ransomware attack, through a code deployed from a computer in Russia by a person sitting in Dubai. Who do you go to for help?

This is just the beginning of why everyone, individuals and organisation alike, should know cyber laws that can help them seek recourse in the unfortunate event that they become victims of cyber-crime. Imagine, in the time you take to read this article, numerous cyber-crimes would have successfully been executed all over the world.

For how convenient our lives have become with technology and the internet, it has made it that much easier for cybercriminals too! Cybercriminals use computers, with all the developments in tech, for their illegal and malicious activities. What started off as a threat to big companies, banks and governments have now become a real threat to average individuals like you and me.  Some of the major issues covered by Cyber Law are:

Fraud

There’s no denying that we live on the internet. Life as we know it would come to a standstill if we were to wake up to a world with no data connectivity. Naturally, this opens us to vulnerabilities like data theft through malware attacks, financial fraud through phishing emails, and identify theft which has been made even simpler through social media. Any unusual activity in your mail, social media platforms, banking apps, or even your photo editing apps should be reported immediately! Always be vigilant with your information and who you share it with.

Copyright

Every time you download a song without paying for it, you are committing a cyber-crime. This extends to all copyrighted material such as books, movies, photographs, etc. Even downloading unlicensed software is a copyright violation. Here the focus of the law is to protect copyright owners like artists, brands and businesses from unauthorised use of their work.

Defamation

Here comes the infamous argument of free speech and exactly what all can one get away with on the internet. Are we allowed to say anything and everything just because we have a personal account on a social media platform? Overarchingly, defamation is any false claim/ statement made about a person or entity to someone other than the victim in question. We are all well aware how rampant this is in the cyber world. As such, defamation is covered under Tort Law in civil cases and/or IPC in case of criminal cases. However, if the defamatory statement is made through an electronic medium, then the IPC has provisions suitable to tackle the matter in cyberspace.

E-Contracts

“I agree to the terms and conditions” – you’d be surprised what all you end up agreeing to when you accept these terms and conditions. The moment you accept those terms, you are entering a legally binding contract. Now the question arises, if that contract is being written up by the company then it’s probably in their favour, so where does that leave you and protection of your data? Unlike regular contracts that usually have a time frame for which the agreement holds true, such as a rent agreement for 11 months, how long are you bound by an e-contract? Is it possible you’ve given Google permission to track your data forever and ever? Think.

Do we really need to say more?

The issues stated above barely scratch the surface of how little awareness we have about cyber law and how much we really, really need it! For example, we know theft is illegal and we understand the legal repercussions of fine and/or imprisonment if a thief is caught. But do you know if you are or are not in violation of copyright when you use images from Google? When you take a screenshot of a conversation without letting the other person know, and you share this screenshot with someone else, is there possibly a cyber-crime there?

             On the flip side, if personal images from your phone are somehow leaked on the internet, are you aware of how to seek help for the same? Is it even possible to get all those images removed from the internet? Imagine you leave your phone unattended, or if it is stolen, and someone makes purchases through apps on your phone like Myntra or Swiggy… Or even transfers money to their own account, what can you do about it? Can the law protect you in that situation?

Food for thought.

If you’d like to know more about the depth of cyber law and its importance, read the follow-up article “Cyber Law: The Need for a Dedicated Field of Law”. If you have any questions or comments, please do reach out to us. You can also get regular news and updates on cyber law on our Instagram and Facebook pages. Don’t miss out!

Cyber Crime Trends in 2019

Malaika Naidu

In 2017, 2 billion data records were compromised,
followed by more than 4.5 billion records in just the first half of 2018.

With every passing year, and at an accelerated pace since 2010, cybercriminals are using more advanced and scalable tools to breach privacy. And they are clearly getting results!

In the last 2 years, we see some cyber-crimes becoming more prevalent than others. Cyber safety organisations around the world fear that the growth of cyber-crimes in just these 6 months of 2019 will surpass the numbers of 2017 and 2018 put together. Give that a serious thought for a minute.

Cyber-crimes grow and evolve with consumer behaviour trends. So, the trending cyber-crimes complement our usage patterns of the internet and technology. In the last decade, emails and chat rooms used to be the most common methods of communication online. This decade, we see a shift to mobile apps like WhatsApp and Viber and social platforms like Facebook, Instagram and Snapchat. Naturally, we see a shift from the number of email related frauds to social media frauds. Not to say that email frauds don’t happen anymore, it’s just that today we are more vulnerable on social media. And the numbers support this claim.

In 2018 alone, social media fraud increased by 43% from the year prior. Similarly, fraud in mobile channels has grown significantly in the last few years. In the same year, almost 70% of cyber-crimes originated or took form through vulnerabilities in mobile channels. A white paper, ‘Current State of Cybercrime – 2019’ by RSA Security says that the ease of use of such channels, absence of usage fees and other such simplicities will only help this trend grow exponentially.

So, what do we need to look out for in 2019?

Phishing Attacks

Phishing, as the name suggests, is looking or seeking private information under a guise. This usually happens through emails, instant messaging or text messages. The attacker masquerades as a trusted entity in order to hook and procure information such as passwords and PINs. One of the most efficient cyber-crimes, phishing is only growing in its complexity, ensuring its success further.  To add to the problem, phishing kits are easily available on the dark net. Meaning anyone with basic technical knowledge can purchase the kit and execute the attack. Once a phishing attack is successful, there is very little recourse for the victim.

Remote Access Threats

Basically, remote access is to gain unauthorised administrator access to a device, such as a computer or smart TV, from a remote network. This means the device being attacked and the device that is executing the attack are on separate networks. In 2018, the biggest remote access attack was cryptojacking, which targeted cyptocurrency owners. Now with Internet of Things and connected homes, we have only made ourselves even more vulnerable. These attacks can happen on any device connected to a network with open ports. Most common devices to come under this attack are computers, cameras, smart TVs, Network-Attached Storage (NAS) devices, alarm systems and home appliances.

Smartphone Vulnerabilities

We’ve started using mobile phones for everything from communication to banking. We are comfortable accessing and/or storing sensitive information on our mobile phones without proper protection of any sort, unlike how almost all of us have a firewall or antivirus on our computers. Think about all the apps that have access to data on your phones. Have you done your due diligence before downloading a random photo editing app? Aside from apps, another way attackers exploit our phones is through the two-step authentication system. While being one of the most widely used cybersecurity tools, it has actually increased our security risk in case a phone is stolen or lost.

How? Many platforms, including Facebook and Gmail, allow you to login on a fresh device using a code that will be sent to your phone. Similar vulnerabilities arise with OTPs. So, while this system adds a layer of security, it also makes you vulnerable in case your phone is stolen.

Artificial Intelligence (AI): Future of Tech

Every development in technology can be used for good and bad, as the user may see fit. Industries are working on cybersecurity systems perfected with AI, while hackers are using the same technology for themselves to become more effective. It doesn’t help that the qualities of AI inherently serve malicious purposes. AI systems are easy to create and separate the human element. Meaning, the hacker gets the advantage of being disconnected from the crime while still bearing the fruit. As we continue to pour millions into the development of AI, we’re simultaneously making it easier for cybercriminals. Think about the robots that are being developed for the medical industry – how do we prevent that robot from being hacked and turning violent instead of helpful?
Or even chatbots? Airline companies, banking websites, almost all e-commerce websites, and even educational organisations have chatbots on their websites. We’ve become comfortable chatting with a bot and often share privileged information when seeking help from the chatbot. How do you confirm that the chatbot hasn’t been compromised by a hacker? Are you mindful of what information you may be sharing with a hacker or do you share whatever information is asked for hoping to get help with whatever your grievance was?

Technology is both a friend and a foe. The expansive penetration of internet accessibility has only added to our conveniences and our problems. Be vigilant and do your due diligence when interacting through technology, straight away from the moment you go live on the internet.

What are some of the steps you take to protect yourself online?

VPN when using a public Wi-Fi?
Anti-virus on your phone?
Covering your webcam when not in use?
Turning off appliances/electronics when not in use?

Take a minute and think over your safety and security online – it is critical and completely in your hands!!!

Introduction to ASCL Courses

Malaika Naidu
Asian School of Cyber Laws Blog Background
Introduction to ASCL courses

Asian School of Cyber Laws is an organisation that strives to make education easily accessible and efficiently delivered. Our journey began in 1999, even before the Information Technology Act (2000) came into effect. Bringing together the fields of Information Technology and Law, our courses are carefully crafted to serve members of the legal fraternity as well as individuals from other fields such as business, banking, law enforcement, CA, CS, engineering, marketing and more. Over the last 20 years, we’ve shared our knowledge with over 75,000 students.

In a world where almost all our interactions are digital, and online safety is non-negotiable, people still tend to share ATM pins with others, write down passwords, and leave themselves logged in on computers that are not theirs. Some even continue to use QWERTY as a password!

ASCL has been ceaselessly working towards remedying this and strives to make cyber education as simple to comprehend as 2+2=4.

All our courses are for a duration of 6-months with digital course material and online examinations. Here’s a brief overview:

Diploma in Cyber Law (DCL)
An introduction to the field of cyber law, DCL covers the basics that everyone must know about the laws that govern cyber space. The course will help you navigate real situations like leaked photos, credit card fraud, hacked emails or social media accounts, and other such real cyber issues. The syllabus covers the fundamentals of cyber law with actual case examples.

Cyber Crime Prosecution and Defence (CCPD)
CCPD will help you navigate the judicial and investigative framework under the Information Technology Act, 2000. This tailor-made course for lawyers and law enforcement officers, covers relevant entities, terms and concepts with cyber-crime case laws and global cyber-crime law all from the perspective of presenting cases in prosecution or defence. An expert level course that requires participants to have at least completed their graduation, it’s also available to law students who have completed 3 years of the integrated 5-year LLb program.

Digital Evidence Specialist (DES)
Digital evidence is becoming increasingly relevant in conventional and unconventional crimes such as murder, adultery, data theft, matrimony scams, cyber stalking, online banking fraud and many more. This is only natural given we use the internet for everything from communication to buying groceries! This course covers the various types of digital evidence and standard operating procedures using case files. It emphasises on the collection and the subsequent production of such evidence in a court of law. Participants need to complete their under-grad to apply for DES. It’s also available to law students who have completed 3 years of the integrated 5 year LLb program.

Internet Investigation Specialist (IIS)
With the rapid growth in cyber-crimes, internet investigators are a growing breed. This course starts from the basics of the internet and the World Wide Web, followed by tools, tips and tricks to conduct digital investigation. From emails to screenshots, browser history to social media activity, including cloud safety and bitcoins – IIS will help you achieve Sherlock’s level of attention to detail and crime solving ability!

There you have it. To start your journey in the cyber world with ASCL, click here! The best part is – we’re constantly looking at feedback to develop fresh courses that could fill gaps in the current system. Soon, we will be offering state of the art courses in Intellectual Property Law too. Stay tuned for more updates!

Cyber Education- the Road Less Known

Cyber Education - the road less known

I’m not a techie, nor a lawyer and yet here I am in a field that takes on both these mammoths. I’ve been here a long time; India’s had her cyber law in place since the year 2000. So, it’s deeply disappointing to see the confusion in students and professionals alike about the various aspects of a cyber education.

Yes, I said cyber education and not just an IT education. So, I’m not only talking about the technology in cyberspace. I’m referring to the other side of the spectrum.

9 out of 10 people today have faced some type of cybercrime. And yet, almost 7 out of those 9 will not know what to do about it.

I thought about cybercrime, you know, as a non-techie and a non-lawyer, and decided to break it down to its foundation stones.

Here, let’s create our first bifurcation. Cybercrime may be divided into 2 parts — Pre-crime and Post-crime

Pre-crime

This is where your crime hasn’t happened yet. So, you are basically hoping for the best and preparing for the worst. This can also be divided further into:

1. Cyber security

In layman’s terms, every step that you take to ensure that your computer hardware, computer software, networks, accounts etc. remain safe from any breach, aka cybercrime, is cyber security. Simple, isn’t it? Well, simple is where this article stays. You want a connoisseur’s break up of the cyber security menu, see: The 9 sides of cyber security

2. Cyber Insurance

The obvious next step in pre-crime schedule. What you may not be able to secure ought to be insured.

Post-crime

This is where your cybercrime worst has happened. Now, hopefully, you aren’t affected too badly. But even if you are, there are divisions to this part that can help you.

1. Cyber Law

This is the law that governs cyberspace and as often as not has jurisdiction beyond your country. So, where do you report a cybercrime. Cyber law tells you the where, how and whom to approach. It also tells you the punishments for various cybercrimes. You know, in case you may be committing one?

2. Cyber Investigation

Here’s where the sleuths step in. Professionals here need to have that investigative streak and need to be armed with the latest tools and techniques of cyber investigation. This is where you get answers to how the cybercrime was committed and with any luck, may just get the criminal. And again, if you want the real dirt on what all an investigator needs to know, see — 25 Skills Essential for a Cyber Crime Investigator

So, you’re a student or professional who has a thought that they want a piece of the humongous cybercrime pie. This article may just have helped you understand where you want to be.

Just be prepared to keep learning to stay abreast in this ever-evolving super-exciting space.

What is cyber law and why do we need it?

What is cyber law and why do we need it?

What is Cyber Law?

In order to arrive at an acceptable definition of the term Cyber Law, we must first understand the meaning of the term law. Simply put, law encompasses the rules of conduct:

  1. that have been approved by the government, and
  2. which are in force over a certain territory, and
  3. which must be obeyed by all persons on that territory. Violation of these rules will lead to government action such as imprisonment or fine or an order to pay compensation.

The term cyber or cyberspace has today come to signify everything related to computers, the Internet, websites, data, emails, networks, software, data storage devices (such as hard disks, USB disks etc) and even Airplanes, ATM machines, Baby monitors, Biometric devices, Bitcoin wallets, Cars, CCTV cameras, Drones, Gaming consoles, Health trackers, Medical devices, Power plants, Self-aiming rifles, Ships, Smart-watches, Smartphones & more.

Thus a simplified definition of cyber law is that it is the “law governing cyber space”.

The issues addressed by cyber law include cyber crime, electronic commerce

1. Cyber crime

An interesting definition of cyber crime was provided in the “Computer Crime: Criminal Justice Resource Manual” published in 1989. According to this manual, cyber crime covered the following:

  1. computer crime i.e. any violation of specific laws that relate to computer crime,
  2. computer related crime i.e. violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution,
  3. computer abuse i.e. intentional acts that may or may not be specifically prohibited by criminal statutes. Any intentional act involving knowledge of computer use or technology is computer abuse if one or more perpetrators made or could have made gain and / or one or more victims suffered or could have suffered loss.

2. Electronic commerce

The term electronic commerce or E-commerce is used to refer to electronic data used in commercial transactions. Electronic commerce laws usually address issues of data authentication by electronic and/or digital signatures.

3. Intellectual Property in as much as it applies to cyberspace

This encompasses:

  1. copyright law in relation to computer software, computer source code, websites, cell phone content etc;
  2. software and source code licenses;
  3. trademark law with relation to domain names, meta tags, mirroring, framing, linking etc.;
  4. semiconductor law which relates to the protection of semiconductor integrated circuits design and layouts;
  5. patent law in relation to computer hardware and software.

4. Data protection & privacy

Data protection and privacy laws address legal issues arising in the collecting, storing and transmitting sensitive personal data by data controllers such as banks, hospitals, email service providers etc.

The Need for Cyber Law

The first question that a student of cyber law will ask is whether there is a need for a separate field of law to cover cyberspace. Isn’t conventional law adequate to cover cyberspace?

Let us consider cases where so-called conventional crimes are carried out using computers or the Internet as a tool. Consider cases of spread of pornographic material, criminal threats delivered via email, websites that defame someone or spread racial hatred etc. In all these cases, the computer is merely incidental to the crime. Distributing pamphlets promoting racial enmity is in essence similar to putting up a website promoting such ill feelings.

Of course, it can be argued that when technology is used to commit such crimes, the effect and spread of the crime increases enormously. Printing and distributing pamphlets even in one locality is a time consuming and expensive task while putting up a globally accessible website is very easy.

In such cases, it can be argued that conventional law can handle cyber cases. The Government can simply impose a stricter liability (by way of imprisonment and fines) if the crime is committed using certain specified technologies. A simplified example would be stating that spreading pornography by electronic means should be punished more severely than spreading pornography by conventional means[1].

As long as we are dealing with such issues, conventional law would be adequate. The challenges emerge when we deal with more complex issues such as ‘theft’ of data. Under conventional law, theft relates to “movable property being taken out of the possession of someone”.

The General Clauses Act defines movable property as “property of every description, except immovable property”. The same law defines immovable property as “land, benefits to arise out of land, and things attached to the earth, or permanently fastened to anything attached to the earth”. Using these definitions, we can say that the computer is movable property.

Let us examine how such a law would apply to a scenario where data is ‘stolen’. Consider my personal computer on which I have stored some information. Let us presume that some unauthorized person picks up my computer and takes it away without my permission. Has he committed theft? The elements to consider are whether some movable property has been taken out of the possession of someone. The computer is movable property and I am the legal owner entitled to possess it. The thief has dishonestly taken this movable property out of my possession. It is theft.

Now consider that some unauthorized person simply copies the data from my computer onto his pen drive. Would this be theft? Presuming that the intangible data is movable property, the concept of theft would still not apply as the possession of the data has not been taken from me. I still have the ‘original’ data on the computer under my control. The ‘thief’ simply has a ‘copy’ of that data. In the digital world, the copy and the original are indistinguishable in almost every case.

Consider another illustration on the issue of ‘possession’ of data. I use the email account rohasnagpal@gmail.com for personal communication. Naturally, a lot of emails, images, documents etc are sent and received by me using this account. The first question is, who ‘possesses’ this email account? Is it me because I have the username and password needed to ‘login’ and view the emails? Or it is Google Inc because the emails are stored on their computers?

Another question would arise if some unauthorized person obtains my password. Can it be said that now that person is also in possession of my emails because he has the password to ‘login’ and view the emails?

Another legal challenge emerges because of the ‘mobility’ of data. Let us consider an example of international trade in the conventional world. Sameer purchases steel from a factory in China uses the steel to manufacture nails in a factory in India and then sells the nails to a trader in the USA. The various Governments can easily regulate and impose taxes at various stages of this business process.

Now consider that Sameer has shifted to an ‘online’ business. He sits in his house in Pune (India) and uses his computer to create pirated versions of expensive software. He then sells this pirated software through a website (hosted on a server located in Russia). People from all over the world can visit Sameer’s website and purchase the pirated software. Sameer collects the money using a PayPal account that is linked to his bank account in a tax haven country like the Cayman Islands.

It would be extremely difficult for any Government to trace Sameer’s activities.

It is for these and other complexities that conventional law is unfit to handle issues relating to cyberspace. This brings in the need for a separate branch of law to tackle cyberspace.