Open Access Research Article
AN AWARENESS OF THE CHRONICLES OF CYBER LAW
Published Paper
Article Details
AN AWARENESS OF THE CHRONICLES OF CYBER LAW
AUTHORED BY
- A NARAYANEE
Abstract
In the modern world, the reliance on
Technology, and cyberspace is inevitable. As we all know technology has
alleviated our existence in so many ways, nonetheless it has also brought so
much chaos to our way of living. Both the experiences that we humans face out
of technology and cyberspace are often inseparable. Perhaps one can avoid the
negative impact of technology by being prudent with the help of legislation
that regulates cyberspace. To stay realistic in the growing global cyberspace,
we must deal with the consequences as much as we deal with the joy of using
technology. Though we have education, not everybody can understand the two
sides of technology but one can be aware of the results that cyberspace brings
to the table.
Introduction
Crime happens when there is a desire
for more and the laws that regulate the society are scant. Nowadays, attending
a seemingly ordinary unknown phone call has a tendency to turn into a big bank
theft or scam. Cybercrime affects individuals, organizations, and society at
large by enticing users with normal phone calls or forwarded link messages in
the name of instant loan givers, data breaches, and online gambling. The
process of Big Money heist always starts in small-scale institutions in a very conventional
way which may not be identifiable even by the literate. The reason for not
being able to escape from this loop of looting is the lack of awareness about
the laws that protect us. To reiterate, not everybody can understand technology
and the same goes for law as well. While one cannot behold all laws and technology
nuances, nor keep up with their day-to-day updates but can be aware of the
overview of cybercrime occurrences across the country that exploits the
individual, MNCs, society, and the extent to which the law is protecting them. This paper aims to bring awareness to cyber
laws and crime, starting with an overview of its evolution. By understanding a few
landmark cases, we could understand the challenges that revolve around the
enforcement of those laws to decide the extent to which we could shed our
involvement in certain technologies.
Evolution of Cyber Law.
Countries began to implement laws and
started to explore the laws of other nations with the intention to safeguard
the privacy of the individual in the late 90’s. Most of these laws were
stemming from the paradigms introduced by the Organization for Economic
Co-operation and Development (OECD). The first data protection law was passed
in the Land of Hesse in Germany in the late 90s followed by which so many other
countries like Sweden, France, and the United States, have adopted the data
protection laws.[1] The Computer
Fraud and Abuse Act, of 1984 was the first-ever act ratified for the purpose of
policing crimes that depend on or arise from computers. The verity that only
one acquisition was ever recorded until the amendment of the act in 1986
revealed the difficulty in writing and enforcing laws for cybercrime.
Following are some of the cybercrime
threats that occurred across the world, which opened the doors for cyber laws:
The world’s first Cyberattack:
Traders in and around Paris would get
information about market fluctuation often by mails that are carried by the
railway coach which usually took several days to reach the traders. Upon
receiving the information, the traders make price changes in order to
effectively capitalize on the opportunities to make money. To get the
information quickly before the other traders, the Blanc Brothers, swayed the
telegraph controller and used the telegraph as a means to get information. They
coerced the operator to introduce a special character or symbol that depicts
the status of the market information received earlier. Thus the inclusion of
the special character would mean that there is no change in the market from the
date of the earlier released information to the present date. This depiction of
information in the telegraph tower will be further observed by another ally in
crime who passes the information to the Blanc brothers. This enabled them to
make more money than the other traders who had to wait for days to get the
information on market status.[2]
Late Hacker: Kevin Mitnick:
Kevin Mitnick falsely represented
himself as an employee and manipulated other employees into obtaining sensitive
information that deals with the internal operating systems of various multinational
corporations such as Nokia and Motorola. He concocted stories of urgency that
imposed fear on other co-workers. In doing so, he influenced the employees to
procure the information that he needed. In possession of all the sensitive
information, he milked the resources for his own personal gain, amassing
millions of money.[3]
Stuxnet Worm
A Malware was launched in Natanz by
an unknown to erode the computers that administered Iran’s nuclear facility. The worm spread surprisingly
fast and affected all the devices to the extent that the whole network is
sabotaged. The malware then changed the codes of the main controls, at the same
time, the worm was programmed to showcase externally that everything was
functioning as it was programmed. This left the experts with no clue about the
damages happening inside the instruments of the nuclear program.[4]
Sony Pictures
Customers who bought PlayStation from
Sony used their services online through which hackers obtained the Credit Card
information of all the customers. Due to this more than a million customers’
privacy was exploited.[5]
Dubsmash
The famous entertainment app allowed
users to upload videos of them lip-syncing for famous songs and dialogues from
movies all over the world. With the help of minimal data entered by the users
to login into the app, the user’s videos and other information were sold on the
dark web. Yet again a mass violation of privacy was recorded.[6]
In India, The Internet bloomed
through Videsh Sanchar Nigam Limited in the late 90s, and soon after that
private operators came into the picture. The first ever case recorded under the
category of Cyber Squatting in India is Yahoo v Akash Arora. This case
pertains to the uniqueness of the domain name that is carried by the business
group out of its exceptional services and if someone uses the same domain name
to reap all the benefits that are earned by the pre-existing domain, then this
is undoubtedly a case of cybersquatting. The court declared that the use of
such pre-existing domain names will attract a negative effect.[7]
With the inconceivable growth of the
internet and the crimes that are arising in cyberspace, the nation needs very
resilient laws to protect its users. Not only do laws need to be resilient,
they should be aligned with the technology of the era. In India, a bill was
drafted by the Department of Electronics (DoE) in the year of 1998 which took
almost a year to be unveiled in the House of Parliament. The Ministry of
Commerce and Ministry of Law and company affairs proposed numerous alterations
and gave a structure to the bill which was introduced in the year 1999. After
being reviewed by the members of the standing committee both houses passed the
bill. Followed by the assent of the president, the Information Technology Bill
came into effect known as the Information Technology Act, 2000. With the
unstoppable growth of technology, the act has gone through so many amendments
and alterations and it continues to undergo changes.[8]
The IT Act, of 2000 dealt solely with
cybercrimes and e – signatures, and the amendment in 2008 introduced provisions
relating to data protection, retaining sensitive information, and the
discussion of penalties for disclosure of information under contractual
violation. In 2011, SPDI Rules known as The Information Technology (Reasonable
security practices and sensitive personal data or Information) was enacted for limited
purposes. Information such as passwords, Bank and respective card details, medical
records of an individual, and other sensitive personal information such as
sexual information, biometrics, etc. were highlighted and the process of
collecting that information, their restricted utilization, and being
accountable for specifying the purpose of collecting such sensitive information
was discussed. While this and many others are in motion, experts have
anticipated the urge for regulation of privacy-related laws. Under the
leadership of AP Shah in 2012, a committee was formed to identify the issues
arising from data privacy. Similarly in the year 2018, Under the retired judge
Mr. B.N Krishna a committee was formed to examine the need for privacy laws on
a large scale and to develop a fundamental model of principles to regulate the
issues. In between the report submitted by both the committee a decision of the
Supreme court in the landmark judgment Puttaswamy
v Union of India, 2017 was acknowledged in a way that emphasized the
importance of data protection and privacy laws in India. In 2019, the Ministry
of Electronics and information technology came up with a bill called Personal
Data Protection Bill which was kept as receptive to viewpoints and then
submitted the same to the Joint Parliamentary Committee. The committee then came
up with so many changes and submitted a revised draft in 2021 which was
withdrawn in 2022 due to various disagreements. With some improvisation, the
bill was summarized as a Digital personal data protection bill and the same was
publicized to receive comments in November 2022. In 2023, the bill underwent
changes once more which was passed by Lok Sabha on the 7th of
August. This marks a milestone in the history of the evolution of cyber law.
Understanding the challenges in the enforcement
of cyber law through landmark judgments
1. Shreya Singhal V Union of India
Shreya Singhal V Union of India is a
landmark case that illuminated the matter of freedom of speech by removing the
ambiguity that was clinging to it. Only this time it was in the form of section
66A of the IT Act, the provision that grants punishment for sending any
offensive messages by means of the internet or other communication device that tends
to create annoyance or inconvenience.
For expressing their resentment towards
the complete shutdown in the wake of a Political leader’s death on Facebook, Shaheen
Dhada and Rinu Srinivasan were arrested. By invoking Section 66A, police had
arrested them, and it was recorded that they were released later on. This paved
the way for public protest following the arrest of these women asserting that
it violates the freedom of speech and expression. In order to prove the
assertion as unconstitutional, a petition was filed against the fact that
section 66A is so narrow and vague and its incapacity to decide the scope of
Article 19 of the Constitution. The petition was upheld by the reasonable
restriction mentioned under Article 19(2) of the constitution as it is not
considerate about creating annoyance or inconvenience. Since Article 19(2) is
very straightforward in criminalizing the speech that challenges or jeopardizes
the interest of the security of the state, friendly relations with foreign
states, anything that disturbs the public order, defamation, or any statement
or assertion that is capable of spurring someone to commit the offense, it
demeans the power of section 66A.
A comment on Facebook concerning the
death of a political leader is complete free speech and one cannot be held
liable under section 66A as it violates the constitutional right as it does not
provide the balance between free speech via online and reasonable restrictions.
For the above-mentioned reason, the court passed a judgment to strike down the
section 66A under the doctrine of severability.[9]
2. Shamsher Singh Verma vs. State of Haryana 2016 SC 1242
The case was filed when the high court
refused to accept the information related to the crime stored in a compact disk
to be displayed as evidence. The dubiousness behind the submission of CD as a
piece of evidence brought up the issue of whether it is mandatory to get
personal admission or negation of a document under section 294(1) of CrPc. After
relying on several other judgments such as R.M Malkani vs. the state of
Maharashtra wherein the court admitted the compact disk as a document as long
as it provides the relevant conversation pertaining to the issue and the voice
is identifiable, the Supreme Court upheld that a compact disk is a document
under section 3 of the Indian Evidence Act. Consequently, the court clarifies
that it is not necessary to get admission under section 294(1) of the CrPC.[10]
3. State of Tamil Nadu Vs Suhas katti C No.4680 of 2004
The Suhas Katti case is the first
ever case to address the cyber–harassing where the harassment began when the
victim has rejected the accused’s marriage proposal. Consequently, the victim
has married someone else and also got divorced. Enraged with the rejection, the
accused started to harass her by sending messages to her known and unknown
people in a way that assassinates her character which is primarily contrary to
her nature by creating a fake account in the name of the victim. As a result of
his action, she received many hateful messages causing mental agony to her.
The complaint was filed against the
accused under section 67 of the IT Act, 2000, and under sections 469 and 509 of
the Indian Penal Code. A charge sheet was filed on him under the above-mentioned
section following which he was penalized with imprisonment of 2 years along
with the fine. The interesting fact that has brought a sense of celebration
among the people regarding this judgment is that the conviction was very
satisfactory and the same has been obtained rapidly within a short span of 7
months from the date of filing the FIR.[11]
4. Avnish Bajaj Vs State of (NCT) of Delhi
A Website called baazee.com released
a porn video and the Delhi police took notice of such video and registered a
FIR. During the investigation, they found that the website is subjected to many
filters that do not allow an individual to post such content, nevertheless, the
video was posted. A charge sheet was filed on the CEO Mr. Avnish Bajaj of the Baaze
website along with their employees named Ravi Raj and others in the role of an
alleged perpetrator who are primarily responsible for such conduct of spreading
pornography content.
Avnish took a stand saying that the
contested video was exchanged between the seller and the buyer without the
interference of the website handler as it is a customer-to-customer interaction
that enables the online sale. The website as a connecting platform receives
commissions for facilitating such sales and generates its main revenue from the
advertisements that the website displays on its page. However, Avnish was
arrested under section 67 of the IT Act and approached the high court for
justice.
Section 67 and 85(1) of the IT Act
were challenged as they penalized the director of the company that inflicted
the law. Apart from the sections mentioned above, section 141 of the Negotiable
Instruments Act illuminated more clarity by interpreting that the offense took
place without the knowledge of the accused and he was able to prove that as
well. With the Application of all the
above laws, the Supreme Court declared that Avanish Bajaj cannot be held liable
as the offense that occurred was against him and without his knowledge. The law
clearly states that criminal liability can be imposed on the director even when
the company has not been contested. In this case, no case was registered
against the company, and the director was not the primary cause of pornography
being displayed on the company’s website. The law also made it clear that the
principle of vicarious liability is invalid in this circumstance as the company
was not placed in the role of the accused.
It is also pertinent to note that the
accused did not tether with the sale that permitted the pornography video.
Hence, Avnish Bajaj was declared not guilty and the offense is without a doubt
attributable to some other unknown person.[12]
5. Nasscom Vs Ajay Sood & Ors [119(2005) DLT 596]
This case gave the precise
interpretation for the term “Phising”. With the intention to obtain information
from a recruitment company, the defendant herein has put himself in the role of
NASSCOM and misled the organization by requesting certain information through
e-mails in order to engage in unethical activities. NASSCOM being aware of his
misrepresentation filed for an injunction against him so as to stop him from
using the name of NASSCOM.
Up until this case there is no
definition that deals with the term phishing nor was there a law that regulates
the same. Despite the deficiency of law, this case was well attended by the
judiciary.
By ascertaining the trademark right
of the plaintiff, the defendant was pronounced guilty, and the case landed on a
settlement where the defendant had to pay a huge sum as compensation for the
alleged infringement.
6. Writs filled in order to challenge the validity of Information
Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
In the year 2021, rules were curated
in order to regulate social media facilitators, Digital news platforms such as
Live Law, The Bar and the Bench, and online movie and other video streaming
platforms such as Netflix, and Amazon under the power provided in section 87 of
the IT Act.
These rules mandated that the social
media facilitators should have their own redressal mechanism platform to ensure
the disputes or grievances raised by a user are addressed promptly and
resolved. Likewise, this also mandated the news media to create a code of
ethics and adhere to the same and also to form a redressal mechanism to ensure
fair treatment in case their rights are violated or met with any act that is
contravention to the act.
As fruitful as it sounds, these rules were not
welcomed by various organizations such as Whats App and the above-mentioned
platforms, and to date it is being challenged and not crystallized.[13]
Umashankar Sivasubramanian V ICICI Bank (Petition No.2462 of 2008)
One of the reputed banks on its own
has requested one of its customers to share his Internet banking username and
password via email. Believing in its authenticity, the customer has shared the
same only to later discover 6.46 had been debited from his account without his
knowledge. He filed for compensation and the adjudicating authority declared
ICICI Bank guilty of an offense as per section 85 which deals with any act that
contravenes the main ambit of Information Technology and section 43 which deals
with penalty and compensation for any act that is done without the permission
by someone who is in the possession of a computer. The provision clearly states
that anyone who steals or accesses data from such a computer will face
penalties or compensation.[14]
Conclusion
Right from establishing a definition
of the term Phishing to striking down section 66 A, we all can believe that
cyber laws need to change in order to evolve and correct their past
interpretation at all levels. The rapid growth that we are going to witness may
bring both joy and jinx. That being said, one needs to be aware and stay within
limits to escape from experiencing the dark side of cyberspace. Regular
upgrades of laws, remedies, frauds, and the mode used by a perpetrator to
facilitate an illegal threat, fraud, or infringement could possibly protect
individuals, organizations, and the government as well. This contribution of
oneself will help us to predict how such illegal activities might enter our
homes.
[1] Abha Chauhan, Evolution and Development of Cyber Law – A study with Special Reference
to India(January2, 2013),https://ssrn.com/abstract=2195557.
[2] Schneier on Security, 1834: The First Cyber Attack, https://www.schneier.com/blog/archives/2018/05/1834_the_first_.html
[3] Dr.Sanjeev Kumar, Historical Genesis and Evolution of
cybercrime and cyber security laws in India,Vol:9 Issue:08 IRJET,2395-0056(2022).
[4] Id.
[5] Id
[6] Id.at 2.
[7] Id.at 2.
[8] Id. at 2.
[9] Shreya Singal Vs Union Of India,
AIR 2015 SC 1523 (India)
[10] Shamsher Singh verma V State of
Haryana, (2016) 15 SCC 485.
[11] State of TamilNadu V Suhas Katti,
(2004) C. No 4680
[12] Avnish Bajaj V state (NCT) of
Delhi, (2010) 105 DRJ 721.
[13] Supinder Singh, Important cases on Information Technology
Act, 2000, LawyersclubIndia( 25 April 2022), https://www.lawyersclubindia.com/articles/important-cases-on-information-technology-act-2000-14861.asp
[14] Supinder Singh, Important cases on Information Technology
Act, 2000, LawyersclubIndia( 25 April 2022), https://www.lawyersclubindia.com/articles/important-cases-on-information-technology-act-2000-14861.asp
Article Information
AN AWARENESS OF THE CHRONICLES OF CYBER LAW
Authors: A NARAYANEE
- Journal IJLRA
- ISSN 2582-6433
- Published 2023/08/30
- Issue 7
About Journal
International Journal for Legal Research and Analysis
- Abbreviation IJLRA
- ISSN 2582-6433
- Access Open Access
- License CC 4.0
All research articles published in International Journal for Legal Research and Analysis are open access and available to read, download and share, subject to proper citation of the original work.
Disclaimer: The opinions expressed in this publication are those of the authors and do not necessarily reflect the views of International Journal for Legal Research and Analysis.