These Rules had come up in the light that there should be no compromise of the Constitutional rights of the Digital Nagriks by all online intermediaries, and that is the Right to Privacy, which had garnered a lot of attention due to the WhatsApp -Twitter and the Central Government friction last year.

The main attention of this draft is creating a hierarchy for redressal mechanism of grievance, updating the existing due diligence along with additional due diligence by social media intermediaries.

The time frame has been maintained to 24(twenty-four) hours for not only being limited to acknowledging the complaint, but further including suspension, removal, or blocking of any user or user account and redressal within 72(seventy-two) hours if there is a request for the removal of information and communication link as in the era of digitalisation and cyberspace it takes no time for any content to go viral like a forest fire, with a total time frame of 15 days for resolution.

There is also the proposal to set up the Grievance Appellate Committee to hear appeals against the decision of the Grievance Officer. However, this does not stop a user from moving the Court of Law.

The social media intermediaries include intermediary, social media intermediary and significant social media intermediary. Under due diligence and compliance, the Social Media Intermediary should prominently publish their rules and regulations, privacy policy and user agreement for access or usage by any user and ensure its compliance while making sure that the user is not in violation of the rules laid down thereunder relating to uploading, hosting. displaying, modifying, publishing, transmitting, storing, or sharing any information.

The additional due diligence for Significant Social Media Intermediary (SSMI) calls for appointment of a Chief Compliance Officer, a Nodal Contact Person, and a Resident Grievance Officer, who should be an employee of such intermediaries and specifically a resident of India.

The Rule that has been in the limelight for all such media intermediaries it to enable identification of the first originator for any information as may be required under Information Technology (Procedure and Safeguards for interception, monitoring, decryption of information) Rules,2009 However, it clearly states that such requirement shall be only by way of an order and to protect the sovereignty and integrity of India, the security of the State and like concerns. Nonetheless, the social intermediaries are worried and have raised concern as it would lead to breach of privacy. 

While reading these rules a lot of similarity can be found between the Data Protection Bill which also calls for chief compliance officer and grievance officer. The SSMI’s here sound very similar to significant data fiduciary and certainly the new draft of the Data Protection Bill has been speaking in terms of social media intermediaries to be treated as publishers along with implementation of a mechanism to hold them responsible for content published by unverified accounts on such platforms.

It’s a very interesting space to keep a watch on as India is moving leaps and bounds towards digitalisation.

Author:

Rachna Shroff, Advocate with 12+ years of experience working as an in-house counsel with expertise in contract management, litigation, research, compliance, and advisory. She is also a Gold- Medalist in MBA-HR. I have been currently working in the e-gaming space. She is also a faculty for the Art of Living and conducts Happiness Programs

The post Information Technology Act’2000 and it’s Rules for the Digital Nagriks appeared first on Legal Desire Media and Insights.

Hotspots for Cybercrimes

There are certain economies in the Former Soviet Union and Central and Eastern Europe (FSU&CEE) that have become hotspots for cybercrime. Among the top ten economies from where most internet scams emerged in the early 2000s, six were from FSU&CEE. Cybercrimes have been happening all over the globe for a few centuries, yet the penalties are light compared to traditional crimes. The individuals committing such crimes primarily lie between the ages of 10-15 years old, and hence the judges only have a few benchmarks to refer to. Lawyers and judges are trying to decide on appropriate sentences for such offenses and offenders. The state and federal governments have enacted legislation criminalizing specific activities related to computers, networks, and the internet, each with its own set of restrictions and punishments. The penalties for cybercrimes range from one year in jail and a $6,000 fine to 99 years in prison and a $60,000 fine in Alabama, for example. Florida defines cybercrime as acts against intellectual property or computer users under its Computer Crimes Act.

Cybercrime Penalties

Some cybercrime penalties may be excessive in comparison to the harm done. In contrast to the damage or irritation caused by the cybercriminal, the typical punishment is minor. With fewer cybercrime convictions than regular crimes, courts have few options when it comes to sentences. As a result, judges sentencing somebody for the first time for a cybercrime may not impose the appropriate penalty. Encouraging trends suggest that cybercrime sanctions will finally match the demand for justice. For the fight against hackers coming from across the Atlantic, the Department of Justice implanted a special prosecutor into the European criminal justice agency.

The Federal Bureau of Investigation has assigned three other cyber assistants to international offices, and more are planned for the future. The Computer Fraud and Abuse Act is a classic example of how politicians in the United States have responded by tightening and widening laws to counter the concerns. Researchers at the Center assess the impact of this and other laws and regulations on cybercrime, determining whether specific provisions accomplish their intended goals and have costly unforeseen outcomes. The purpose of this study is to generate broad generalizations regarding the kind of rules and regulations that decrease fraud and increase security.

India and Cybercrimes

India’s first cyber crime conviction occurred in 2013. Sony India Private Ltd, the company behind www.sony-sambandh.com, which targets non-resident Indians, filed a complaint. Sony items can be transferred to friends and family in India after NRIs pay online.

The firm guarantees delivery of the items to the intended recipients. According to the cybercrime case study, Barbara Campa purchased a Sony Color Television and cordless headphones on the website in May 2002. Arif Azim in Noida was requested to send the items using her credit card information. The credit card company cleared the payment, and the transaction was completed. Upon completion of the due diligence and inspection process, the business delivered the products to Arif Azim.

When Arif Azim accepted the item at the time of delivery, the firm took digital pictures. It was completed at that point, but the credit card company informed the firm after one and a half months that the purchase was unlawful. This is because the valid owner denied making it.

As a result, the Central Bureau of Investigation opened an investigation under the Indian Penal Code sections 418, 419, and 420. After the case was examined, Arif Azim was arrested. Researches have found that Arif Azim obtained the credit card number of an American citizen while working at a Noida contact center, which he exploited on the company’s website. The CBI recovered a color television and cordless headphones from a cyber fraud case that was one-of-a-kind. The CBI had sufficient evidence to establish their case; thus, the accused acknowledged his guilt. Cybercrime was found guilty for the first time by Arif Azim under Sections 418, 419, and 420 of the Indian Penal Code.

On the other hand, the court believed that because the accused was a young kid of 24 years old and a first-time offender, a liberal approach was required. As a result, the court sentenced the accused to a year of probation. The decision has enormous ramifications for the entire country. Apart from being the first cyber crime conviction, it has demonstrated that the Indian Penal Code may be effectively used for some types of cybercrime that are not covered under the Information Technology Act 2000. Second, a decision like this sends a strong message to everyone that the law cannot be manipulated.

Cyber Security

Cyber Security is considered highly important; the international community must acknowledge a “staggering enforcement gap,” as highlighted in recent research by the Third Way. Not only is the current wave of cybercrime primarily unknown, but the odds of being successfully investigated and convicted for a cyberattack in the United States are currently believed to be as low as 0.05 percent. This is consistent with other findings from throughout the world. This is for a crime expected to cost $6 trillion to the global economy by 2021. In the case of violent crime, the corresponding likelihood is 46%. The international community must consider why this is occurring and what may be done to change it.

According to legal analysis, the outmoded Computer Misuse Act jeopardizes Britain’s cyber defenses by preventing investigators from dealing efficiently with online threats while over-punishing immature offenders. The Criminal Law Reform Now Network (CLRNN) report advocates for immediate modification of the rules regulating unlawful access to computers, denial of service attacks, and other digital crimes, thirty years after hacking became a criminal offense. The 144-page report, sponsored by academic attorneys from Birmingham and Cambridge universities, claims that the 1990 Computer Misuse Act “cries out for revision” and that public interest hacking defenses must be developed. According to the Globe Economic Forum’s Global Risks Report 2019, widespread loss of faith in the internet is the fifth most considerable strategic risk confronting the world. The paper outlines the scope of the security community’s issues and the new possibilities and alliances that may be formed to enable public good in this period of unprecedented technological change. The security problem of the twenty-first century will continue to be cybercrime.

The community must agree on what is vital shortly, focus on a shared vision of that future, and begin a genuine conversation about getting there. This is challenging but vital because it concerns what countries and companies agree on rather than what they disagree on. This might include a shared awareness of the need to close the cybercrime enforcement gap, combat transnational organized cybercrime before it becomes epidemic, and eliminate safe havens for cybercriminal networks. There must be a recognition that cybercrime is a global issue that necessitates a worldwide solution. No country or organization exists in isolation. A new generation of alliances between international, national, and corporate organizations is required for the globe as a whole. The difficulty in conducting investigations on attackers generally working overseas against different and dissimilar technological systems employing communications technology, which makes every attack global by default, is primarily to blame for the enforcement gap.

Cyber enforcement gap

Closing the cyber enforcement gap will necessitate greater global integration and interaction among nations from a policy and capacity standpoint. It also necessitates a greater level of collaboration between law enforcement and the commercial sector. This is a once-in-a-lifetime chance to create trust amongst entities and agree on common principles, the groundwork for a new global architecture. If this is not accomplished, the digital economy and conventional institutions that offer security and confidence across society would be jeopardized. While cybercrime is still in its early stages, hackers will continue to develop new ways to damage people in the future. Penalties and legislation must adjust to reflect this. Technology and legislation will continue to grow and change as law enforcement becomes more conscious of the need to combat cybercrime. Sentencing is still a shifting target; nonetheless, they will soon find it more difficult to conceal and avoid the law.

Bibliography

1. Housen-Couriel, Deborah. “The Evolving Law on Cyber Terrorism: Dilemmas in International Law and Israeli Law.” International Institute for Counter-Terrorism (ICT), 2013. http://www.jstor.org/stable/resrep09430.
2. Jabbour, K. T., & Devendorf, E. (2017). Cyber Threat Characterization. The Cyber Defense Review, 2(3), 79–94. http://www.jstor.org/stable/26267387

The post Are the Laws outdated for the new emerging Cybercrimes? appeared first on Legal Desire Media and Insights.

         “The right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution.”[1]

Recently Facebook had a deal with Jio in which the former invested in Jio, a subsidiary of Reliance Industry Ltd. which rose concerns on the privacy of the citizens of India by Facebook’s buying of  9.99% stack in Jio of worth 43,574.[2]

The technology involved in the deal

The use of Artificial intelligence in such platforms collects a lot of data related to the activities of the users. Jio has 387.5 million subscribers in India who are using various Jio services as:

Jio T.V for news and entertainment,

A JIo for online shopping,

Jio savan for music listening,

Jio pay for online payments,

Jio fiber for internet broadband services.

Recently Jio has also launched Jio meet for online video group callings. Facebook has 280 million users in India. Facebook-owned Whatsapp and Instagram have 400 million and 120 million respectively. The partnership of these two Giants has raised serious concerns of data protection and competition law In India. After jio- facebook deal Jio decided to launch the online retail services on the Facebook-owned WhatsApp.  Services have been started in some cities soon after the deal.[3] As use and sharing of meta-data are allowed in India, the companies can use this data for analysis to take advantage in their businesses.  With the help of analytics and data Interpretation of such a large and variety of meta-data, a lot of other information can be drawn which would fall under the definition of privacy.

A fine example of using and manipulating general data is the Cambridge Analytica case, in which the company simply gathered simple data to gather information about the psychology of the person, and then by analysis of this data the opinions of the person can be manipulated.[4]  N According to some experts Cambridge Analytica also worked in India in the same way as in the USA but it was never got investigated in India.[5] This shows the concerns related to data protection and privacy in India and the attitude of the Government towards it. The lack of awareness about data protection and privacy in society is also a big issue. With the use of Artificial Intelligence (AI) and machine learning (ML) a lot of information can be dawned from this meta-data.

Will Jio share data to Facebook?

The Jio’s privacy policy says that the company limits the data sharing (PAN, address, photograph, contact number, passport etc)  in certain circumstances to a scenario like a merger and acquisition that affects the company and the partners. The exception of sharing of data with “partners” includes consultant, contractors, vendors, companies, and affiliates who provides a host of services including customer service, website hosting, It services data analysis, infrastructure hosting and similar services.[6] The Jio-Facebook partnership can put Facebook in the category of a partner, which would allow Jio to share the data of its subscribers.

Need of the data protection laws

With the reach and use of Technology in the lives of people especially in the IT and communication sector have deepened the need for laws to regulate the data collected by the service provides. The government’s policies like digital India and promotions of the use of technology in almost every sector in the country have increased the number of users.

We need a law which regulates and protects the data collected by the services providers. India needs a law like the General Data Protection Regulation (GDPR) which is a fine example of data protection. This law was enforced by European Union in January 2012 which is the core of Europe’s digital privacy legislation. The law makes sure that personal data should be collected legally and should be protected from misuse and exploitation.

This law applies to any organization which is an operation within the EU and any organization outside the EU but offering goods and services to the customer of businesses in the EU. This means every company providing services in EU have to need a GDPR compliance strategy.[7]

GDPR brings the right to be forgotten and right to know when the data is being compromised or hacked, the organization have to notify within the 72 hours of the breach. In case of non-compliance with the GDPR, there is a penalty of 10 million or 4 percent of companies annual global turnover. Even in case of mishandling of data in other ways put a penalty of 10 million Euros or 2 per cent of annual global turnover. The best thing about GDPR is that there is no ‘one size fits all’ approach to preparing for the laws but each business needs to know what they need to comply with the law. So this law would apply to everyone from a single person company to a MNC.

If India is supposed to have such a regulation the protection of data and privacy of citizens can be ensured. Although in 2019 Personal Data Protection Bill was introduced in parliament but still not been passed. The need for a strict regulation will be needed in the future as the government would be coming with more and more policies to digitize India and the threat to the data protection and privacy will increase. 

The technology growth is accelerating and new technologies will emerge which would need to control and regulate and we will need such laws. The technologies like Face reading apps and Deep fake already have put serious legal concerns. Under article 21 read with article 19 of the constitution makes privacy the most important right of the citizen of the country. So to protect these rights we need to regulate these technologies.

The post Jio-Facebook Deal in the era of digital India: Concerns of privacy and data protection appeared first on Legal Desire Media and Insights.

Cybercrime can be described as a type of crime committed by criminals with the use of computers as a tool. The crime can be anything ranging from downloading movies illegally (Piracy), sending spam emails, or trying to gain access over other’s devices connected to the internet (hacking). Since the internet has no geographical limitations, and boundaries it makes it hard to catch the criminals who committed cybercrimes. Cybercrime has the potentials to impact business, and as well as personal. According to cybersecurity ventures’ annual cybercrime report [1], it is estimated that cybercrime damages 6 Trillion USD by 2021. This estimation can show how serious is cybercrime in a business context. Also, a case study [2] conducted by Ponemon Institute LLC and jointly developed by Accenture points out that the average cost of cybercrime in an organization costs 13 Million USD in 2019, which is 1.4 Million USD higher than previous years.

During Covid-19

Covid-19, a Pandemic that turned the world upside down. So far, the world has seen several pandemics before, but Covid-19 is different. Because it bought a threat not only to the physical world but also to the Virtual world (CyberSpace). Day by day the number of cyber attacks increasing dramatically. On 4^th August 2020, Interpol released the report [3] which shows the magnificent rate of cyberattacks during this pandemic period. Also, at the moment the attacks are rapidly moving towards small businesses and corporations, governments, and critical infrastructure than to individual targets. When focusing particularly on Southeast Asia, the major threats are Covid-19 related scams, especially Phishing campaigns that mainly themed on Government Covid-19 relief funds. Also, as per IBM’s report [4], between March, and May 2020 there is more 6000 percentage of increases in COVID-19 themed attacks which mainly focuses on Malware sales in the Dark Web. Microsoft security endpoint report [5] reveals that most of the compromises that happened in this pandemic are the results of the attacks that existed earlier. The interesting point to notice here is several malware groups are using the persistence method. During the Covid-19 attacks, the most targeted fields are the critical infrastructure, these include Government organizations, health care, and educational sectors. When getting deep inside the technical part, most of the phishing attacks consists of the URL of advanced malware, so if a single user clicks the URL it can lead to the compromisation of the entire network. With this methodology, the attacker can easily gain access to the network and plant the backdoors which provide persistent access.

When particularly focus on India, the state Kerala records a high quantity of cybercrimes during the lockdown period [6]. The motivation behind these attacks is to compromise the device and acquire banking details. One more interesting cybercrime happened is infected mobile applications such as CoronaSafetyMask [7] that scam the people by announcing they will provide the mask, then collected the money, then installed the trojans like Ginp, Anubis, and Cerberus on the devices.

In India, the most specific cyber attack is using Phishing. State Bank of India (SBI) warned its users to stay alert on the phishing attempts. According to SBIs Twitter post [8], they warned the users not to open the emails from ncov2019@gov.in with a subject line Free COVID-19 Testing.

State-sponsored attacks

In general, state-sponsored cyber-attacks are a type of cyber-attacks that involves the support of a particular country. In the Covid-19 situation, the two countries faced this state-sponsored cyber-attacks. First Australia, and second India. In mid-June 2020, the Australian Prime Minister revealed that [9], Australia is being targeted by state-sponsored cyberattacks, where the attack techniques are very sophisticated. The prime minister did not mention any specific country name that was involved in it. The main target domains are banking, power plants, private organizations, and multiple public services, and agencies. At the end of June 2020, Maharashtra police officials revealed that [10], China-based hackers tried over 40,000 cyber-attacks on India within 5 days. The most targeted domains are banking and information technology. The email address mentioned in the SBI’s twitter post was found in this hacking attempt. After founding it, the Government warned people about this.

Prevention

As a part of preventions, the Government is doing what they can. In June 2020, the Indian government warns against Covid-19 themes phishing attacks. Also, in July 2020, India, and Israel signed a cybersecurity agreement in-order to protect against COVID-19 cybercrimes [11]. This action is appreciable. With this agreement both the countries will share the information, and best practices through their CERTs (Computer Emergency Response Teams), this approach will strengthen the cyberspace of both the countries.

When we look into the cybersecurity chain, the human is the most vulnerable target, no matter how secure the system is, a single human error can lead to dangerous situations. The best example is Twitter Bitcoin Incident, which happened in July [12]. In this, the hackers gained access to Twitter’s system by using the phishing method on its employee. So, the best method to prevent ourselves from cyber-attacks is to follow cyber hygiene. The following are some of the methods to try,

·    Don’t use the same password for all the accounts. Use a minimum of 8-character passwords.

·       Do Download software/apps from official sources such as Playstore, etc…

·      Update your devices/software often.

·      Don’t open email/SMS links and/or attachments received from unknown people/sources.

·     Always keep two backups, one is in an external storage device, another one is in the cloud.

·      Don’t share sensitive information such as passwords, bank details to anyone else.

·      Don’t connect to open WIFI, and if connected try to use the device with a VPN.

·      Use multi-factor authentication.

Conclusion

In this digital era, the internet became essentials in all areas ranging from transportation to satellite connectivity. As the internet grows the threat also grows tremendously, and as more and more devices getting connected to the internet, the more and more it’s getting complicated to catch the criminals. While the prevention controls are getting smarter, the hacker also coming up with new technologies to counter it. So, cybersecurity is everyone’s responsibility.

References

1.     https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

2.     https://www.accenture.com/_acnmedia/pdf-96/accenture-2019-cost-of-cybercrime-study-final.pdf

3.     https://www.interpol.int/en/content/download/15526/file/COVID-19%20Cybercrime%20Analysis%20Report-%20August%202020.pdf

4.     https://www.ibm.com/downloads/cas/Y5QGA7VZ

5.     https://news.microsoft.com/en-in/microsoft-security-endpoint-threat-report-2019-india/

6.     https://economictimes.indiatimes.com/tech/internet/kerala-records-highest-number-of-cybercrimes-during-lockdown/articleshow/75865802.cms

7.     https://www.zscaler.com/blogs/research/new-android-app-offers-coronavirus-safety-mask-delivers-sms-trojan

8.     https://twitter.com/TheOfficialSBI/status/1274692359469428737

9.     https://www.theguardian.com/australia-news/2020/jun/19/australia-cyber-attack-attacks-hack-state-based-actor-says-australian-prime-minister-scott-morrison

10.  https://www.ndtv.com/india-news/rise-in-cyber-attacks-from-china-over-40-000-cases-in-5-days-official-2251111

11.  https://portswigger.net/daily-swig/israel-and-india-sign-cybersecurity-agreement-to-protect-against-covid-19-cyber-attacks

12.  https://www.theverge.com/2020/7/30/21348974/twitter-spear-phishing-attack-bitcoin-scam

AUTHOR

VISHAL SAMSON DAVID SELVAM,

EDITH COWAN UNIVERSITY, AUSTRALIA – PSB ACADEMY, SINGAPORE

The post Defending Cyber Crimes during Covid-19 appeared first on Legal Desire Media and Insights.

 Introduction

Cyber bullying can be defined as harassing, intimidating or humiliating a person with the help of electronic means. As far as bullying is concerned, we cannot possibly limit the meaning of this term to a few aspects. Cyber bullying could thus encompass many inherent issues like cyber stalking, trolling, trickery, impersonation and intentional exclusion. Roasting is a new trend prevalent in social media. Roasting was introduced as a type of humour in which an individual is subjected to jokes and pun to amuse the larger audience. Initially, the roasting culture was among close friends and family. However, present day roasting is an entirely different scenario.

It is indeed necessary to explore the background and history of ‘roasting’. All India Bakchod (AIB) Knockout was one of the well-known controversies related to celebrity roasting. Show involved a few renowned Bollywood celebrities. However, show was taken out of the YouTube channel due to widespread criticism from legal activists, celebrities and other spectators. Recently, there were issues raised against a person alleged to have roasted a few people who were active in TikTok (a social networking and entertainment platform).

The legal framework that regulates ‘roasting’ and similar activities has time and again been analysed. The key legislations to be focussed in this regard are the Indian Penal Code, Information Technology Act and the Constitution of India.

Existing Legal Structure Related to Cyber Bullying in India

Closely related provisions of Information Technology Act, 2000 are:

·         Section 67A specifies punishment for publishing or transmitting any material containing sexually explicit act in the electronic form.

·         Section 66E deals with punishment for violation of privacy of an individual intentionally or knowingly by capturing, publishing or transmitting the image of a private area of that person without his or her consent.

It is clear from the above mentioned sections that we cannot rely on them for all cases with regard to cyber bullying. In other words, there is no clear-cut or specific law to deal with cyber bullying and related issues like online roasting. This is the reason why we generally depend on Indian Penal Code, 1860 under such circumstances.

Provisions of Indian Penal Code, 1860 that are largely depended on under similar situations:

·         Section 499: Defamation

·         Section 354A: Offence of making sexually coloured comments or sexual harassment. Involves matters like seeking undesirable sexual favours from a woman.

·         Section 354D: Stalking, striding behind or purposefully following a woman. Monitoring a woman’s personal information through electronic means also come under the purview of this section.

·         Section 292A: Involves printing of books etc. of indecent or scurrilous matters intended to blackmail a person.

·         Section 509: Comprises of issues like uttering words intended to insult the modesty of a lady.

·         Section 507: Criminal intimidation by concealing identity (anonymous blackmailing).

The need for a specific legal schema with regard to “cyber bullying” is thus established. It could ease the whole procedure and no doubt, reduce the occurrence of such incidents to a large extent.

Analysis based on the Indian Constitution

The right to freedom of speech and expression enshrined under Article 19(1) (a) need to be critically analysed in every such situation.  The right allows citizens to think and speak without bounds. At the same time, reasonable restrictions to this right are provided under Article 19(2). It was held in A.K.Gopalan v. The State of Madras[1] that, “man as a rational being, desires to do many things, but in a civil society his desires have to be controlled, regulated and reconciled with the exercise of similar desires”.

In Ranjit D. Udeshi v. State Of Maharashtra[2], the constitutional validity of Section 292 of the Indian Penal Code was challenged. The facts of the case involve the alleged sale of obscene books by the accused. It was questioned based on Article 19 of the Indian Constitution, stating that section creates an unreasonable restriction on freedom of speech and expression. The Hon’ble court confirmed the validity of section 292 IPC in this case. Therefore, it is fair enough to say that the right to express thoughts can be restricted for the benefit of a larger population. Moreover, the larger public interest prevails when compared to individual rights.

The freedom of speech can be curtailed under various grounds such as public order, morality, defamation, decency etc. Henceforth, the act of roasting may also fall under one or more of the above mentioned categories of restrictions. When an individual is roasted in front of family members or close acquaintances, the impact created is very meagre. On the other hand, the effect is huge when the same act is performed in social media. Size of the audience is much larger and it can disturb public order if the content being spoken or published happens to be immoral. Apart from personal defamation, such activities have a wider impact on the society at large.

Conclusion

Adherence to the policies and community standards as provided by social media sites is of immense significance. For instance video sharing platforms like YouTube provides plethora of guidelines to the users. Smart and rational usage can eliminate problems to a large extent. However, a secondary level augmentation can be made by addition of a better filtering mechanism using factors like consent and age of the users.

Information Technology Act combined with certain other legal provisions like Indian Penal Code is perhaps the only available method to deal with issues like roasting and cyber bullying in online media. The verdicts in such cases would be different if there is a ‘definite legislation’ to address the offence of cyber bullying.  Also, various branches of cyber bullying cannot even be addressed within the purview of the existing laws. All these points add to the need of a specific law in this area.

The post Cyber Bullying and Roasting on Online Media: Legal Perspective appeared first on Legal Desire Media and Insights.

The concept of the trademark in cyberspace has become very important as the use of technology is growing day by day and the whole world has become a connected global unit. In order to understand this concept, we first need to understand what do the two terms ‘trademark’ and ‘cyberspace’ mean.

With the growing complexities of trade and commerce in the world, the flow of counterfeit products in the market have become rampant. The importance of intellectual property is growing every day and its scope has extended across borders and has gained international recognition. If a bona fide buyer purchases a good or commodity believing it to be a product offered by a particular trader and later when he or she finds out that it was not up to the mark or the product does not belong to the presumed trader. This process often results in the bad reputation of that trader. Therefore, a need to create a unique mark which symbolize a particular trader as the source of the product becomes essential. It is important not only for the trader but also to protect the consumer from being fooled by counterfeit products.

In this scenario, Trademark plays a significant role. A trademark can generally be defined as any mark, symbol or a word, emblem that represents a company or any product. It can be a legally registered mark.

The Intellectual property protection in relation to trade was recognized by the world trade organization (WHO) in the form of TRIPS agreement. The Trade Related Aspects of Intellectual Property Rights (TRIPS) agreement was created as a legal agreement between the member states of the WTO. The agreement came into effect on 1 January, 1995. The agreement is considered a landmark and complete agreement on Intellectual property rights. Article 15 of the act deals with trademarks and lays down directory details for the protection of the same. India is a signatory to the TRIPS agreement.    

The Trade marks act, 1999 is the intellectual property law in India that govern the trademark. Section 2(1) (zb) defines ‘trademark’ as a mark capable of being represented graphically and which is capable of distinguishing the good and service of one person from those of others and may include shape of goods, their packaging and combination of colors.

The Sind High court observed that Trademark in general refers to any picture, or word or marker which is fixed on and with the product of a particular trader with an aim to differentiate that particular good or product from those products and good which are of similar nature. For example, Whirlpool of the Whirlpool Corporation, USA, Red Bull of the Red Bull GmbH etc. are some popular trademarks in the market.

Cyberspace in laymen terminology refers to the space created by the use of the computer technology. In other words, it refers to the virtual space created by the connection between different computers. The Merriam Webster Dictionary defines cyber space as ‘the online world of the computer networks and especially the internet.’ Thus, the concept of Cyberspace is intangible in nature. The cyberspace is not restricted to a particular geographic territory, it lacks any barrier of physicality and extends to the whole world, connecting anyone and everyone.

Cyberspace is a shared space where interactions and communications take place through the platform of the internet. The internet technology is revolutionizing the world and the trend of carrying out trade and commerce using the cyber platform has come into vogue. Many e-commerce websites are also developing to facilitate such kind of trade and carry out successful transactions between the consumer and the traders. The use of online platforms has boosted the economies of different countries.

There is no physical interaction between the parties of the trade. The online space becomes a preferred choice of the consumers as consumers are able to surf through the available without any restriction and time barrier, they are granted the freedom to compare prices of different products and satisfy themselves completely before making the payment for any product. The cyberspace medium has made transaction and trading much simpler and easier.   

With the world entering the online era where nowadays each and every activity of our daily lives in being influenced by the internet. It becomes essential to protect the intellectual property on the internet in this cyberspace. 

The Cyberspace is not free from flaws. Cyber crime such as cyber fraud, cyber-attacks, cyber wars etc. are also taking place on a frequent note and the complexity of the crimes is of such a nature that it becomes very difficult to determine the jurisdiction and punish the offender who may be sitting in some other part of the world. 

TRADEMARKS IN CYBERSPACE:  

Traditionally the trademark law was applicable to protect those traders who had a registered trademarks, by providing them an exclusive right to carry on trade under that mark and preventing any third parties from using the same. However, with the rise of the internet and the paradigm shift from the traditional trading process to the online platform. Many new challenges have taken birth in relation to protection of trademark.

The domain name is one of the main areas where the conflict relating to the trademark in cyber space arises. Domain name can simply mean the name used by a website, it is like an address which is used by the people to access that particular website.  The domain name is very important in the identification of computers done with the use of IP address which is present in the form of some codes. But due to the complex numeric coding of the IP address; easier alternatives that can be remembered by all were developed. This alternative is a domain name, it can be a combination of words, symbols and numbers. For example: www.lawyerswork.com is an example of a domain name.

Registration of domain name is very important to establish a formal marketable existence on the internet. There is as such no trademark review of the domain names as it is burdensome work for the registrar. Therefore, there arises disputes regarding the domain name vis-à-vis trademark  under four circumstances.

The first situation is called the Cyber-squatting. It refers to the act of registering a domain name which is made for the purpose of carrying out trade and commerce. The domain name is the trade name of a particular company but is not registered by the company. Such a registration is made by a third party with a view to make profit by selling the domain name to the actual owner. Until the third party has the domain name, the owner is not able to register his trademark as domain name, thereby his right of registering become infringed. It is observed that domain name is an identification of a company. In general terms, it performs the same functions as that of the trademark of a particular company. The domain name is more than just an address to reach a particular website.   

Further if a person registers a domain name which is identical or similar to the trademark of a company to which he has no commercial connection, then an injunction against the person can be passed. There was no law made in relation to the protection of the domain name.  United States was the first country to introduce a legislation in this regard. It was called the Cybersquatting infringement act, 1999.

The second situation is the cyber parasite where the gains and profit are made by the use of the actual domain name. The method would involve using a similar or wrongly spelled domain name which is similar to that of a famous trademark. Such techniques are used to pass off products by method of deception to the innocent consumers. In the case of Rediff Communication Ltd. V. Cybertooth and Another where the defendant had registered a domain name similar to that of the plaintiff was carrying a business of similar nature. Court observed that the defendant had an intention to carry out his trade and business under the trademark or trade name of plaintiff, thereby there being an infringement of the plaintiff’s right.

The third situation is the Cyber twin. This situation arises where both of the parties to the case hold an authentic claim towards a particular domain name.

The fourth situation in relation to the domain name is the reverse cyber-squatting. This is counter process to the cyber-squatting. It involves the owners of the trademark trying to take over the domain name by trying techniques of making false allegations of cybersquatting against the rightful owner of the domain name. The domain name owner in order to avoid any legal charges, is compelled to transfer the domain name to the trademark owner.

Apart from the above-mentioned challenges, there are also some other challenges posed in the cyberspace on the trademark of a company. Hypertext links is another area where a conflict regarding a trademark may arise in the cyber space. It simply refers to transferring the user from one website location to another. These links are set between web pages. For example, on some web page; we see a hyperlink of ‘Gucci’ and upon clicking the link, we are not taken to the official web-page of the brand but to some other web page which may sell similar product but not of the brand Gucci. Such hyperlink result in the infringement of trademarks. Further, it is easy to control the hyperlink present in the cyber space. Therefore, a practical answer is yet to be devised in this aspect. 

Use of Keywords can also sometimes lead to infringement of trademark in a cyberspace. Many times, the web pages use popular trademarks as keyword and so that their web pageappears on the top during the search. The innocent buyer may be deceived by the use of trademark and this results in infringement.

INDIA:

India is not new to the concept of infringement of trademark in the cyberspace. India Trademark act, 1999 is a comprehensive legislation which deals with infringement of trademarks. As of now, the Indian legal system does not have a full dedicated statute to deal with issues relating to domain name or cybersquatting etc. but the scope of the trademarks act is very vast. The Yahoo Inc v. Akash Arora and Another is a landmark case law in India in relation to protection of trademark in the cyberspace. In this case before the Delhi high court where the defendant had taken a domain name similar to that of the plaintiff. The court recognized the scope of trademarks over the domain name and granted the protection to the plaintiff under the trademarks act.

REMEDIES:

There are many remedies which can be taken up in case of infringement of trademark in the cyberspace. The world Intellectual Property Organization (WIPO) is one organization at an international level created for the protection of the intellectual property and there is an arbitration forum made under this organization where claims can be made at an international level. Further many other legislation have been made to provide remedies.

We know that the Section 28 of the trademarks act provide the exclusive right to the owner of a trademark to use their trademark and prevent others from using it. The National Internet Exchange of India was founded in 2003 to facilitate theproper and enhanced internet services in the country. It also provides some protection for trademark infringement in the cyberspace.

CONCLUSION:

The development of the internet services has changed the face of the world and has affected all aspects of the society. The Domain names have become an important element in the cyberspace and the crimes regarding the same are on the rise in context to trademarks. Therefore, it becomes very important to frame a comprehensive legislation in this regard. Further a gentle balance between the trademark’s rights and freedom of speech over the internet needs to be established. 

The post Trademark in Cyberspace appeared first on Legal Desire Media and Insights.

Today, the internet is the fastest technique on earth and it is the best solution people consider looking into. It has all the perks and advantages like communication, advertisement, download, emailing but there are many things that make the world of the internet not safe for kids and adults too as a matter of fact.

As technology evolved, the need to control human behavior evolved too. Cyber laws came into existence to ensure that people use technology without misusing it. If a person commits an act which violates the right of a person in cyberspace then it is treated as cyberspace violation and punishable under the provisions of cyber laws.

Cyberspace is completely different from the

Physical world. Many people are using the internet for illegal and immoral activities which need some supervision hence, to provide cyber security to users; the government introduced several cyber laws.

In cyberspace, things like money laundering, identity theft, etc have generated a need to enhance cyber security. Cyber law covers legal sues related to the use of communication, transactional and distributive aspects of network information technologies and devices.

Cyber law encompasses laws relating to

●       Cyber crime

●       Intellectual property

●       Electronic and data signature

●       Data protection and privacy.

Cyber crimeis a criminal activity where a computer or a network is used as a tool or sources for committing crime.According to The Cambridge English Dictionary, cyber crimes are the crimes which are committed with the use of computers or relating to computers, especially through the internet.

Crimes which contain use of information or usage of electronic means in furtherance of crime are covered under the ambit of cybercrime.

Cyberspace crime can be committed against person, property, government.

Some examples of cybercrime are money laundering, software piracy, cyber phishing, cyber pornography, spamming, cyber terrorism, credit card fraud and so on.

Intellectual property refers to anything created by human mind. Eg.A song, a book.

These include:

Copyright law

Trademark law

Patent law

Software and source code licenses.

Data protection intends to achieve a fair balance between the privacy right of the individuals and the interests of the data controllers like the banks, hospitals.

Need for cyber laws

Cyberspace is ethereal element that is impossible to govern using conventional laws. As the technology grows, the range of online interaction increase which increases the chances of being a victim to cyber crimeeg. Breach of online contracts, online torts and crime, etc.

Companies also depend upon the computer for storing their valuable data; most of the people are now using email, online transaction; thus there is a need for a law which protects the privacy and the interests of the individuals.

Hence, it became necessary to            `12222222 adopt strict laws for regulating the criminal activities relating to cyber crime and to punish the person behind it and to give justice to the victims of cybercrime.

Today, there is a need to regulate the cyber crime and it is necessary to enact stricter laws in case of cyber terrorism and hackers.

It act 2000

There was no statue in India to regulate the governing of cyber laws involving privacy issues, intellectual property rights issue. In order to make strict laws for regulating criminal activities in cyber crime; information technology act 2000 was enacted by the parliament of India to protect the e- banking, e-commerce and punishments in the field of cyber crimes.

The Act begins with:

“ an act to provide legal recognition for transaction carried out by the means of electronic data interchange and other means of electronic communication commonly referred to as electronic commerce”…….

The IT acts main purpose was to give legal recognition to electronic commerce and to facilitate filling of electronic records with the government.

This act was further amended in the form of IT AMMENDMENT ACT 2000.

 The IT AMMENDMENT ACT added several new sections relating to cyber terrorism and data protection and digital signatures were replaced with electronic signatures.

Cyber Laws in India

·         The Indian penal code

·         The Evidence Act

·         The Code of Criminal Procedure

And much more.

Section 65 -(tampering with the computer source document) states that if a person intentionally destroys or misuses the computer then that person can be punished with imprisonment and fine up to Rs.20,000.

Section 66 – (hacking the computer) states that if an individual with a criminal mind intentionally accesses the computer in an unauthorized way which causes injuries to the person or public at large then that person can be punished with imprisonment and fine up to 50,000.

Section 66 A– (sending of offensive message)

States that sending messages or causing annoyance through an

Electronic communication or sending an email to mislead or deceive the recipient about the origin of Such messages (commonly known as IP or email spoofing) are all covered here. Punishment for these Acts is imprisonment up to three years or fine.

Section 66 B– (intentionally receive electronic device) receiving stolen computer or any device which they know is stolen can be held under this section and punishes with imprisonment and fine up to 1 lakh.

Section 66 C – identity theft like using another person password or electronicsignature then can be punished with imprisonment and fine up to 1 lack.

Section 66 E- (privacy violation)

If a person publishes nude pictures without consent than that person can be imprisoned with 2 lakh fine.

Section 66 F– (cyber terrorism)

If a person accesses a government website which is restricted in an unlawful way which harms the integrity or the sovereignty of the nation then that person can be punished with imprisonment.

Section 67– if a person publishes image which is objectionable in nature or lowers the dignity of the person in the eye if otherthen that person can be punished with imprisonment and fine up to 1 lakh.

Section 67A- if a person publishes image which is objectionable in nature or lowers the dignity of the person in theeye if otherthen that person can be punished with imprisonment and fine up to 1 lakh.

And even the person viewing it can be held liable and can be punished for participating in offense by doing the same.

Section 71- misrepresentation before certifying authority can be punished with imprisonment and fine up to Rs.10, 000.

In India, criminal activity is considered under Indian penal code. Indian penal code is still effective and covers all kinds of crime.

The IT  ACT 2000 deals with commerce along with e- commerce under which it provides certain provisions which deal with unauthorized use of computers.

The act contains various offences such as violation of privacy, publishing obscene material; offensive messages, etc are all considered as crimes under IPC.

Section 503-Sending threatening messages by email under section.

Section 499 IPC- Sending defamatory messages by emails

Section 463– forgery of electronic records

Section 192 of the IPC deals with fabricating false evidence

Section 420– bogus websites, cyber frauds

Section 383– web jacking

Section 500– email abuse

Section 463– email spoofing

Section 292– pornographic

The offences are committed by using a computer as a tool then too it is subject to the Indian penal code apart from the crimes like web jacking, threatening emails, etc are within the preview of section 383 of the Indian penal code.

A concept like fraud comes under Indian penal code because it is not defined under the IT act.

When a cyber fraud is committed it would be considered as cheating under section 415 of the IPC.

When a person commits crimes using the internet it comes under section 416 of the IPC.

hence, various crimes like cyber stalking, cyber squatting, data diddling, cyber defamation, Trojan attack, forgery , identity theft and various such crimes are covered under IPC.

EVIDENCE ACT

Evidence are a major factor in cyber crime.

In a criminal investigation,  once cannot immediately seize the hard disk and keep it as an exhibit taken from the crime scene.

When filing a case under IT ACT; be it civil or criminal filed with the police where the evidence is in opponents computer system. Unless the police swings into full action and sieze the evidence,  the evidence could be easily destroyed.

 In the indian legal system ,it requires to prove guilt beyond reasonable doubt . thus the main highlight of the evidence act in the view of IT Act 2000 is it recognizes electronic record.

Section 65, section 65B, section 65 B(4) are some of the sections under this act.

Conclusion

Apart from IPC AND Information technology act there are others laws relating to cybercrime in India:

Common law, laws relating to IPRs and so on.

With increasing growth in the technology, there are chances of any individual being victim to cybercrime.The Indian legal system has various laws covering crimes in cyberspace and these laws help the victims get justice.

Hence, to strengthen the investigation process it is necessary to educate the IO’s regarding search and seizure. And not to tamper with evidence has to be a major criteria.

The post Laws applicable in Cyberspace in India appeared first on Legal Desire Media and Insights.

There are various kinds of Intellectual Property Rights such as:

–        Copyrights

–        Trademark

–        Performers rights

–        Database rights

–        Patent

Advantages of Intellectual Property Rights:

–        Exclusive rights are granted to the original creator of the work

–        As exclusive rights are granted to the owner, work can be shared instead of keeping it confidential

–        Aids in both financial and social development

Intellectual Property Rights in Cyber space:

To safeguard and ensure the safety of the businesses that are being carried out in the online medium, the Intellectual Property Rights must be taken care of and protected. It is important to create and ensure an effective property management as well as a protection mechanism. It is the duty of the Intellectual Property Right owner to ensure that no mala fide acts done by the offender to ensure the safety and protection of the content.

There are various types of infringements such as Hyper linking, Framing, Meta tags, Copyright violation, spamming, etc.

The Patent law grants the security and protection of the original content and the inventions made by the authors which is in the form of computer effect which thus falls in the ambit of the cyber jurisdiction. The Patent Act of 1970 provides for the punishment for the unauthorised access and use of patents of other original workers. It penalises this Act and provides for the punishment for up to a period of two years. As per the Section 118, it also penalises for the contravention of secrecy provisions in the field of Intellectual Property Rights. Section 120 of the Patent Law Act punishes for the unauthorised claim into patent rights of an individual with a fine of one lakh rupees.

The main attempt in this field is to protect the original work and the content created by the original worker. A number of treaties such as Trade Related Aspects of Intellectual Property Rights (TRIPS) were accepted at the Berne Convention which provides for the protection and safeguard of original artistic and literary works. Other such treaties are the Deposit of International Designs, the Patent Cooperation Treaty and the WIPO Copyright treaty.

As the vulnerability is high in the cyberspace, it is of utmost importance to make this space safe and secure. A few strategies that could be adopted to ensure this are as follows:

–        Create a safe and secure cyber ecosystem

–        Open standards must be encouraged

–        The Regulatory Framework must be strengthened

–        Mechanisms of IT security must be created

–        More number of E-governance services

–        The core critical information structure must be protected

Intellectual Property Rights in IT based technologies:

There are a few Information Technology Products that are safeguarded as Intellectual Property such as databases, software, hardware and web processes such as e-commerce websites, e-commerce websites with domain names, cyber contracts, trademarks and patents.

Patents in Information Technology:

Any kinds of practical application in the computer device is known to be patentable. Not all soft wares are patentable but devices like pacemakers are very much patentable. A particular computer program is authorised for patenting only when it contributes to an art. If this program enhances the speed and the efficiency of the existing program, it has the eligibility to get a patent for the same program. A few software patents are as follows:

–        Program algorithms

–        Program language translations

–        Menu arrangements

–        OS functions

–        Editing functions and interface features

–        Display presentations

The United States of America has recognised the patents for businesses like online stock trading, gambling, e-commerce, etc.

What is non-patentable?

Soft wares are basically a form of intangible properties that are safeguarded by copyrights and not patents, as in the case of literary and artistic works. Programming languages are treated as any basic languages like English, French, etc are also not patentable but are protected under the copyright law. Many countries have been debating regarding this to make even the software programming languages to be protected under the patent law as the patent law provides for a larger protection. The computer programmes and languages are not considered as a new invention as they only solve a mathematical or a computer related problem and thus is not used in any practical application and field.

Difference between a patent and a copyright?

The protection granted by a patent is much stronger as compared to the protection granted under the copyright act. The patent law safeguards the whole concept with which the invention has been made whereas the copyright safeguards the overall outcome of the invention and the concept. In the programming languages, if any program code has the same function of another, the patent law is said to be violated. Patents have a longer process that includes filing whereas a copyright is effective immediately after they are given the publication right.

In India, the patent once granted is valid only for a period of 14 years whereas the copyright once granted is effective for as long as the original creator lives as well as another 60 years. The patent is known to give a stronger protection to the programming language and it is known to violate the patent if a similar program is made and not the copyright law. Patents are known to be statutory and are thus protected by the Government body that comes within that particular jurisdiction. On the other side, copyrights are known to be a universal right.

Software patent law in India

There is no specific provision pertaining to the protection of software in the Indian Patent Law.[1]The Indian Patent Office does not follow any guidelines with regards to the computer software. As the computer coding programmes and languages are not patentable, depending on the functioning of the particular programme, it may be granted the patent. India has taken a step forward in granting registration for patents.

Cyber laws

India has enacted various legislations such as the Information Technology Act, 2000 which issues various guidelines pertaining to the activities that could be carried out in the cyberspace. As per the cyber laws in India, the Intellectual Properties may be used by anyone strictly only for research purposes, and this does not mean that the researcher can use the exact same work. He must give the credits and references to the original author.

Cyber Crime

A cyber crime is given under the Information Technology Act, 2000 as any unauthorised access into the computer system or network to cause disruption of the data stored and misuse it. The cyber criminal may choose to cause damage to the network by introducing computer contaminants into the software, by hacking into the system. The provisions of the said Act attempt at penalising each cyber offence committed. The punishment differs from case to case depending on the crime committed as well as the facts and circumstances of the case.

Patent misuse:

It is an illegal behaviour committed by the owner of the patent rights. It is an affirmative defence which is recognises the fact that it is possible that the owner of the patent to abuse the exclusive patent right granted to him.[2]

When a patent misuse has been constituted, the patent would be deemed useless. It constitutes an illegal behaviour where the patent owner may constitute a patent misuse: The patent owner may either violate the antitrust laws or improperly widen the scope of the patent with an ill intention to derive profits out of the same. The patent in dispute must be held unenforceable until the dispute has been resolved between the two parties.[3]

For instance, a patent misuse is said to be constituted when the original patent holder tries to expand his product with the particular patent by entering into other licensing agreements. This is the intentional misuse of a patent by the original creator himself.

Patent misuse in the technology industry:

It is extremely easy for technological products to overlap with another similar product which basically constitutes a technological patent infringement or misuse. Following are a few famous cases:

–        The Amazon company made an attempt in adopting the one-click patent.

–        Microsoft and Google resolved a patent issue for over five years regarding the X-Box gaming console as well as the smartphones of the brand name – Motorola.

A few landmark cases pertaining to the misuse and infringement of patent are as follows.

–        The famous case of O’Reilly V. Morse concluded that mere copying of the idea does not constitute the misuse of the patent. Patent misuse is said to be constituted only when the copied idea is executed.

–        In the case of Manufacturing Company V. Convertible Top Replacement Company, it was held that a clear distinction must be made between the repairing of a patented product as well as the reconstruction of a patented product.

–        The famous case of KSR V. Teleflex held that for any inventions made that have an obvious concept, there must not be any patent right. It was said that the patent rights must be given only to innovative inventions.

–        The case of Alice Corporation V. CLS Bank held that a few inventions and ideas are too vague and abstract to be given the patent right.[4]

Apple V. Samsung:

A very famous case in the field of patent infringement is the case of Apple V. Samsung that went on for about 7 years.[5] The dispute revolved around allegations made by Apple that Samsung has copied the phone design, similar features like tapping on the screen to zoom as well as the similarities in the layout of the home screen. The dispute was resolved in the Court of Law in the United States of America. More than 50 patent dispute cases had been filed by the two parties in various countries across the globe such as Italy, Japan, England, France, etc.

In 2010, Apple had sent a notice to Samsung to be aware of copying and creating a similar software and filed a suit in 2011. Samsung denied the accusations by saying that Apple copied the patents of Samsung, but the jury has favoured Apple by asking them to pay a sum of around 1 billion dollars. In the revision trial when the Jury finally said that there has been a mutual patent infringement that has been constituted by both the parties, the companies came into a mutual agreement to drop all the patent infringement cases that had been filed. 16 smartphones that were in the dispute of patent infringement were not available in the market during the trials of the suit. Finally, in 2018, the Supreme Court rejected the plea saying that the patent infringement has occurred but not of the entire device but only a part of it. Samsung was ordered to pay around 540 billion dollars to Apple as compensatory charged for copying of features.

Various guidelines have been issued in various Conventions such as the Berne Convention, OECD Convention on Data Protection, the WIPO Performance and Phonograms treaty, etc. to ensure that the Intellectual Property Rights are safeguarded and not misused even on the wide online platforms. As the world is swiftly adapting to the cyber space and living in a virtual world, the rights of an individual too must be protected with utmost care as it is very easy to fall prey to the cyber-crimes owing to the advantages that the cyber offender has as his identity remains anonymous. The legislations that we have now are not efficient enough and this can be clearly understood with the enormously increasing cyber-crimes on a daily basis.

The post Patent Misuse in Cyber Space appeared first on Legal Desire Media and Insights.

Routine Activity Theory (RAT)

Routine activity theory makes a connection between crime and its environment and lays stress on its ecological process. According to the Routine activity theory, the three major factors of victimization are the presence of motivated offender, availability of suitable target and lack of capable guardian. In 1979, Marcus Felson and Lawrence E. Cohen tested that explanation for changes in crimes through empirical evaluation of their principle postulates. So as to verify that the dispersion of activities far away from home and family could increase the probabilities of becoming the acceptable  target and diminish the presence of capable guardian, to verify that suitability of targets influenced mediatory contacts which solitary life far away from the family environment could raise victimisation rates and at last to do to verify that rise in crime was associated to changes in structure of  daily activities in life.

Social Learning Theory (SLT)

Social learning theory is learning through observations. There is various study which reflects the cybercrime learned from peer groups In Social Learning theory explaining the relationship between peer social influences and chances of committing crime like cyber harassment.

Case Study

Phishing calls is increasing day-by-day and it is basically originating from local villages. Recently, an internet series JAMTARA, (Jamtara is a district of Jharkhand state) shows how they portray themselves as bank employee, this breed of young fraud would use various tricks to fool their victim across country. They started conversation like this “Sir, you utilize an ATM Card, and you get a message two days ago that it had been blocked?’’ Every day they make uncountable calls from their village Jamtara. By doing these quite phishing calls from time to time would make off with as high Rs. 2-3 lacs in a very day.

References

1)     https://blog.avast.com/psychology-of-cybercrime (Access 14:04:2020)

2)     http://www.cambridgeblog.org/2013/09/forensic-psychology-vs-cybercriminals/ (Access 14:04:2020)

Author- Sumit Mishra, Legal Intern (2020)

Sumit Mishra, Born on 09 Aug 1995, at Bihar, India. He has completed B.Sc. (Hons.) Forensic Science from Galgotias University, Greater Noida, U.P. He is pursuing M.Sc. Forensic Science from Department of Anthropology, University of Delhi.  He has done training in Central Forensic Science Laboratory (CBI), New Delhi in Physics Division and Photo Division. He has participated in National & International Conferences & Workshops.

The post Psychology of Cyber Criminal appeared first on Legal Desire Media and Insights.

There are three categories in which hackers can be divided:

1. White hats: they are the security professionals who uses their skills to strengthen the network and secure it from bad guys. Generally called as ethical hackers.
2. Black hats: they are the malicious hackers or crackers who use their skills for malicious purposes. They are the one from whom the white hackers provide protection.
3. Grey hats: they become white hats or black hats according to the situations. They are generally self-proclaimed ethical hacker.

Role of Ethics in Hacking

Ethics play an important role in differentiating computer crimes from innocent activities. Hackers should always act in a professional way to differentiate themselves from the cyber criminals. Some may even say that how can hacking be ethical? But hacking becomes ethical in a sense that as long as it enable organizations computer systems impenetrable by the crackers who steal unauthorized data for their own benefit. Thus exposing the vulnerabilities and giving chance to enhance the network system. But the issue of ethics is very dicey. There is no so called tradition of hacking ethics or a code of honor. This vacuum create external forces to determine as to how to respond when an ethical dilemmas arises. So the wheels of justice can turn differently for different people. It can reward or punish for the hacking efforts. Apparently arbitrary range of outcomes depends somewhat on the law, but it relies even more on different interpretations of ethical principles. These interpretations, in turn, hinge on various beliefs as to where to place the onus for the discovery and reporting of security flaws.

Placing the liability is the most complex task here because according to accountability principle a manufacturer is held accountable for the quality of the product but this principle can’t be applied here as software’s cannot be inherently dangerous so it is not possible to test all of the different ways that a program can operate with thousands of other software products. Thus, it is illogical to hold derelict software manufacturers liable in the same way we hold derelict automobile manufacturers liable. In this sector competition is fierce so the pressure to launch is high which create conflict with the software testing process.

Evolution of Ethical Hacking

The ethics of hacking developed over a long period of time. In its early days of development a well-known manifestos “ethics” prompted the individual right to experience pure, uninhibited hacking freedom. Naturally, “freedom” meant different things to different hackers, and whatever the hackers assumed as appropriate they did it accordingly. Sometimes, this freedom took the form of illegal activities. Fortunately, slowly these hacking ethics or should we say the lack of it began to change, and today the stage is set for hackers to assert their rights of self-regulation.  Hackers have to some extend embraced this opportunity to establish guidelines surrounding their most often than not controversial hacking activities. Recent evidence suggests that hackers are beginning to take an interest in the manner in which they are portrayed in the media, and are striving to gain recognition for their contributions in the world of computing. Predictably, however, hackers’ efforts to attain a respectable standing in the community have been an uphill battle. Nevertheless, hackers have begun to organize and call attention to their accomplishments, thereby ushering their hacking activities into the mainstream by organizing conferences etc.

Early attempt to provide an ethic code was made by Levy who repeatedly argues that a “hacker ethic” is responsible for finding and promoting the best and most efficient code for computer programs. He then promotes the somewhat anarchic “Hacker’s Code of Ethics,” and contends that access to systems should be “unlimited and total. But encourages hackers to disregard established rules and laws. The ethical discussion advanced little after 1980’s, as hackers continued to assert their rights to unbridled system access. The Hacker Manifesto, written by a well-known hacker who goes by the alias “The Mentor,” is a short essay that, like Levy’s Code, is cited frequently on the Internet. The Manifesto mimics Levy’s Hacker’s Code of Ethics, in that it makes no excuses, sets no boundaries. The new hacker policies provide a structured guidance and offer a reasonable dialogue between the parties involved. Discussions surrounding the continued development of a genuine hackers’ ethic are in full stride.

Why Ethical Hacking is Legal?

To resolve this issue of network security government and business houses started following the approach where they test their security by have computer security personal to break into their computer system. Here these professions intrude into the system just in a way a cracker would do but don’t damage the system or steal any information instead they report back about the loopholes and vulnerabilities of the existing system. So ethical hacking is legal as it is performed with the permission of the owner to discover vulnerabilities of the system and suggest ways to improve it. It is part of an information risk management program that allows security improvement. There many certified courses also taught by various institution on ethical hacking.

As computers has become a new tool to conduct business as well as crime, so the two worlds of information technology and legal system have had to approach each other independently and need to meet at a point called cyber law. The Information and Technology Act, 2000 (IT Act) covers all types of cyber-crime committed in the country including hacking which is provided under section 43 and 66. But in 2008 the word” hacker” was removed as ethical hacking is considered legal. Now every government body, private information security organizations, law enforcement professionals are constantly updating law and technologies to counter each new and emerging form of contract. Section 43A of the IT Act deals with the civil liability of cyber offenders. The section deals with the compensation that should be made for failure of protection of the date. Penal liability of cracking arises when the intention or the liability of the cracker to harm the system or steal any important information gets established. If the cracker only trespasses the system without any intention to harm, it only remains a form of civil liability under section 43A. The criminal trespass can also result in other penal activities punishable under Indian Penal Code like cyber theft that can be punishable under section 378 of Indian Penal Code.

Ethical hacking is legal and there is no controversy around it but it is very difficult to teach ethical hacking as a course because nobody can be so sure about the students intention with which they are studying the course and their purpose only will differentiate them from the cyber criminals.

1.5 Conclusion

Technological advancement is essential for human development but it should be a regulated one otherwise in no time will become a curse. Ethical hacking is a relative issue and staying inside the lines will depend upon the individual’s interpretation thus regulation of it becomes highly complex.  There needs to be more awareness in the country regarding hacking and cracking. The laws made by the government are stringent but lack a bit of enforceability and awareness in the society. Most of the minor cases of hacking go unnoticed because people abstain from filing cases for petty crimes even when there is harsh punishment for it. Also, it is very difficult to track a virtual hacker due to lack equipment. Since hacking can happen anywhere in the world, it gets tough for the police to trace him and punish him in another country. The punishment can also be a bit harsher to prevent people from indulging in such acts.

References and Citations

1. Danish Jamil and Muhammad Numan Ali Khan,” Is Ethical Hacking Ethical?”, International Journal of Engineering Science and Technology (IJEST) Vol. 3 No. 5 May 2011 pp 3758.
2. Gabriella Coleman and Alex Golub,” Hacker practice: Moral genres and the cultural articulation of liberalism”, Anthropological Theory 2008 8 pp. 255.
3. Tom Forester I and Perry Morrison,” Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing”, Spring Issue, Volume 4 1991pp 193.
4. Ryan, Patrick S.,” War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics”. Virginia Journal of Law & Technology, Vol. 9, No. 7, Summer 2004.
5. Amit Nair,” Be the one: The great ethical hacking guide”, R & D, available at: http://bedaone.blogspot.in/p/chapter-1-introduction-to-ethical.html.
6. Michael E. Whitman, Herbert J. Mattord, Readings & Cases in Information Security: Law & Ethics, course technology Cengage learning, 2011(ed).

Contributed by:

Kritika Jain, Legal Intern at Legal Desire

The post Ethical Hacking and It’s Legality appeared first on Legal Desire Media and Insights.