Wednesday, September 30, 2009

The Law that Governs Cyber Crime....



The European Commission adopted a proposal for new laws against cybercrime to harmonise laws that deal with hacking, viruses and denial of service attacks. All EU Member States are also members of the Council of Europe which recently agreed a Cybercrime Convention with the same aim

The Commission adopted its proposal for a Council Framework Decision on "Attacks against information systems" seeks to ensure that Europe's law enforcement and judicial authorities can take action against crimes for which existing laws were not designed. It also aims to encourage and promote information security. Antonio Vitorino, European Commissioner for Justice and Home Affairs, said:
"Member States' laws contain some significant gaps which could hamper the ability of law enforcement and judicial authorities to respond to crimes against information systems. Given the trans-national nature of hacking, virus and denial of service attacks, it is important that the European Union takes action in this area to ensure effective police and judicial co-operation."
The Framework Decision that is now being proposed would approximate criminal law rules and facilitate judicial co-operation for hacking, described by the Commission as “illegal access to information systems” and denial of service and virus attacks – described as “illegal interference with information systems.” The Commission says its proposed Framework Decision is technology neutral and “takes account of the broader Information Society context.” The Commission says the proposed Framework Decision also takes into account other international activities such as the work of the G8 and the Council of Europe Convention on Cybercrime.


In Indian law, cyber crime has to be voluntary and willful, an act or omission that adversely affects a person or property. The IT Act provides the backbone for e-commerce and India’s approach has been to look at e-governance and e-commerce primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects.

Until recently, many information technology (IT) professionals lacked awareness of and interest in the cyber crime phenomenon. In many cases, law enforcement officers have lacked the tools needed to tackle the problem; old laws didn’t quite fit the crimes being committed, new laws hadn’t quite caught up to the reality of what was happening, and there were few court precedents to look to for guidance. Furthermore, debates over privacy issues hampered the ability of enforcement agents to gather the evidence needed to prosecute these new cases. Finally, there was a certain amount of antipathy—or at the least, distrust— between the two most important players in any effective fight against cyber crime: law enforcement agencies and computer professionals. Yet close cooperation between the two is crucial if we are to control the cyber crime problem and make the Internet a safe “place” for its users.

Law enforcement personnel understand the criminal mindset and know the basics of gathering evidence and bringing offenders to justice. IT personnel understand computers and networks, how they work, and how to track down information on them. Each has half of the key to defeating the cyber criminal. IT professionals need good definitions of cybercrime in order to know when (and what) to report to police, but law enforcement agencies must have statutory definitions of specific crimes in order to charge a criminal with an offense. The first step in specifically defining individual cybercrimes is to sort all the acts that can be considered cybercrimes into organized categories.

In Indian law, cyber crime has to be voluntary and willful, an act or omission that adversely affects a person or property. The IT Act provides the backbone for e-commerce and India’s approach has been to look at e-governance and e-commerce primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects.
Courtsey: An Article by Talwant Singh Addl. Distt. & Sessions Judge, Delhi


A broad, inclusive focus is necessary to address problems of cybercrime, going beyond criminal law, penal procedures and law enforcement. The focus should include requirements for the secure functioning of a cyber-economy optimizing business confidence and individual privacy, as well as strategies to promote and protect the innovation and wealth-creating potential and opportunities of information and computing technologies, including early warning and response mechanisms in case of cyberattacks. Behind the prevention and prosecution of computer-related crime looms the larger challenge of creating a global culture of cybersecurity, addressing the needs of all societies, including developing countries, with their emerging and still vulnerable information technology structures.

International cooperation at all levels should be developed further. Because of its universal character, the United Nations system, with improved internal coordination mechanisms called for by the General Assembly, should have the leading role in intergovernmental activities to ensure the functioning and protection of cyberspace so that it is not abused or exploited by criminals or terrorists. In particular, the United Nations system should be instrumental in advancing global approaches to combating cybercrime and to procedures for international cooperation, with a view to averting and mitigating the negative impact of cybercrime on critical infrastructure, sustainable development, protection of privacy, e-commerce, banking and trade.

All States should be encouraged to update their criminal laws as soon as possible, in order to address the particular nature of cybercrime. With respect to traditional forms of crime committed through the use of new technologies, this updating may be done by clarifying or abolishing provisions that are no longer completely adequate, such as statutes unable to address destruction or theft of intangibles, or by creating new provisions for new crimes, such as unauthorized access to computers or computer networks. Such updating should also include procedural laws (for tracing communications, for example) and laws, agreements or arrangements on mutual legal assistance (for rapid preservation of data, for example). In determining the strength of new legislation, States should be encouraged to be inspired by the provisions of the Council of Europe Convention on Cybercrime.

Governments, the private sector and non-governmental organizations should work together to bridge the digital divide, to raise public awareness about the risks of cybercrime and introduce appropriate countermeasures and to enhance the capacity of criminal justice professionals, including law enforcement personnel, prosecutors and judges. For this purpose, national judicial administrations and institutions of legal learning should include comprehensive curricula on computer related crime in their teaching schedules.

Cybercrime policy should be evidence-based and subject to rigorous evaluation to ensure efficiency and effectiveness. Therefore, concerted and coordinated efforts at the international level should be made to establish funding mechanisms to facilitate practical research and curb many types of newly emerging cybercrime. It is, however, equally important to ensure that research be internationally coordinated and that research results be made widely available.

UNODC should bring the results of the Workshop on Measures to Combat Computer-related Crime, to be held during the Eleventh Congress, to the attention of the second phase of the World Summit on the Information Society, to be held in Tunis in 2005, for its consideration.

Courtsey: An Article by Talwant Singh Addl. Distt. & Sessions Judge, Delhi


What is Cyber Crime???

What is this Cyber crime? We read about it in newspapers very often. Let's look at the dictionary definition of Cybercrime: "It is a criminal activity committed on the internet. This is a broad term that describes everything from electronic cracking to denial of service attacks that cause electronic commerce sites to lose money". Mr. Pavan Duggal, who is the President of and consultant, in a report has clearly defined the various categories and types of cybercrimes. Cybercrimes can be basically divided into 3 major categories:

1. Cybercrimes against persons.
2. Cybercrimes against property.
3. Cybercrimes against government.

a) Cybercrimes against persons

Cybercrimes committed against persons include various crimes like transmission of child-pornography, harassment of any one with the use of a computer such as e-mail. The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime to humanity can hardly be amplified. This is one Cybercrime which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation, if not controlled.

A minor girl in Ahmedabad was lured to a private place through cyberchat by a man, who, along with his friends, attempted to gangrape her. As some passersby heard her cry, she was rescued.

Another example wherein the damage was not done to a person but to the masses is the case of the Melissa virus. The Melissa virus first appeared on the internet in March of 1999. It spread rapidly throughout computer systems in the United States and Europe. It is estimated that the virus caused 80 million dollars in damages to computers worldwide.

In the United States alone, the virus made its way through 1.2 million computers in one-fifth of the country's largest businesses. David Smith pleaded guilty on Dec. 9, 1999 to state and federal charges associated with his creation of the Melissa virus. There are numerous examples of such computer viruses few of them being "Melissa" and "love bug".
Cyberharassment is a distinct Cybercrime. Various kinds of harassment can and do occur in cyberspace, or through the use of cyberspace. Harassment can be sexual, racial, religious, or other. Persons perpetuating such harassment are also guilty of cybercrimes. Cyberharassment as a crime also brings us to another related area of violation of privacy of citizens. Violation of privacy of online citizens is a Cybercrime of a grave nature. No one likes any other person invading the invaluable and extremely touchy area of his or her own privacy which the medium of internet grants to the citizen.

b) Cybercrimes against property

The second category of Cyber-crimes is that of Cybercrimes against all forms of property. These crimes include computer vandalism (destruction of others' property), transmission of harmful programmes.

A Mumbai-based upstart engineering company lost a say and much money in the business when the rival company, an industry major, stole the technical database from their computers with the help of a corporate cyberspy.

c) Cybercrimes against government

The third category of Cyber-crimes relate to Cybercrimes against Government. Cyberterrorism is one distinct kind of crime in this category. The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorise the citizens of a country. This crime manifests itself into terrorism when an individual "cracks" into a government or military maintained website.
In a report of, it was said that internet was becoming a boon for the terrorist organisations. According to Mr. A.K. Gupta, Deputy Director (Co-ordination), CBI, terrorist outfits are increasingly using internet to communicate and move funds. "Lashker-e-Toiba is collecting contributions online from its sympathisers all over the world. During the investigation of the Red Fort shootout in Dec. 2000, the accused Ashfaq Ahmed of this terrorist group revealed that the militants are making extensive use of the internet to communicate with the operatives and the sympathisers and also using the medium for intra-bank transfer of funds".

Cracking is amongst the gravest Cyber-crimes known till date. It is a dreadful feeling to know that a stranger has broken into your computer systems without your knowledge and consent and has tampered with precious confidential data and information.

Coupled with this the actuality is that no computer system in the world is cracking proof. It is unanimously agreed that any and every system in the world can be cracked. The recent denial of service attacks seen over the popular commercial sites like E-bay, Yahoo, Amazon and others are a new category of Cyber-crimes which are slowly emerging as being extremely dangerous.
"Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime."
- Pavan Duggal,Supreme Court advocate and cyber law expert