Amarjit & Associates                                   blankHome blankArticles blankCareers blankContact Us blank Podcast
  New Delhi - New York - Zurich

Cybercrimes

On 25th April 2001 the first thing one read in all the newspapers in Delhi was about the registration of a criminal case against students of a school who created a website which is full of pornographic material with a warning “Girls should access this at their own risk”. The website not only contain pornographic material but also contain names of students and teachers of the school with filthy remarks. This is a first case of its type.

With the advancement of technology, we are likely to be confronted with many “first time” type of cases in the cyber world.

The world of Internet today has become a parallel form of life and living because with the availability of artificial intelligence and new technologies, we are now capable of doing things which were not even imaginable few years ago. The Internet is fast becoming a way of life for millions of people and also a way of living because of growing dependence and reliance of the mankind on these machines. The advent of the computer has been a boon to students, lawyers, businessmen, teachers, doctors, researchers and also, of course, to the criminals.

Unauthorized access, damage to property, theft, fraud, mischief and the publication of obscene and indecent material are all familiar crimes. The expression “crime” is defined as an act, which subjects the doer to legal punishment or any offence against morality, social order or any unjust or shameful act. The “offence” is defined in the Code of Criminal Procedure to mean as an act or omission made punishable by any law for the time being in force. With the emergence of Internet, the traditional crimes have assumed new dimensions.

There have been various kinds of computer and Internet related crimes, which can be classified into the following heads:

a) Hacking without any intention to commit any further offence or crime.

b) Unauthorized access with intention to commit further offence. These can include theft, fraud, mis-appropriation, forgery, nuisance tempering with source code, publishing of information which is obscene in electronic form etc.

c) Destruction of digital information through use of viruses.

“Hacking” is a crime, which entails cracking systems and gaining unauthorized access to the data stored in them. Recently there have been certain incidents where the hacker has hacked into sites and added/posted malicious and indecent material on the site. The incidents most likely happen with the intention of mischief and causing damage by way of defamation etc rather than anything else.

The real tangible threat of “hacking” comes in when an unauthorized access to a system is done with an intention of committing further crimes like fraud, misrepresentation, downloading data in order to commit infringement of copyright, accessing sensitive and top secret data from defence sites etc. Some of the most common types of fraud as committed on the net include bogus online investment newsletters, which give a biased and untrue advice on stocks and securities thereby fictionally giving a pull to the share value of bogus companies etc.

Firstly, let us view the offence of hacking in terms of IPC. The provision which comes close to describing hacking is “criminal trespass”. But to prove criminal trespass under section 441 of the IPC, the ingredients of “unauthorized entry into or upon property against the will of the person in possession” and/or “lawfully obtained entry but wrongfully remaining thereon” must be satisfied.

In applying the section to hacking on the Internet, the prime question that needs to be answered is as to whether website is a “property”. For this it is imperative to consider the computer or the virtual area of the net as a “property”. In order to do this we must consider the common jargon used to describe the world of Internet including site, home page, visiting a site and traveling on the super highway are just a few examples. Thus, as trespass actions are grounded in the idea of protecting the owners control over real property, there is no inherent reason as to why the owners control over a websites could not be considered as species of property subject to trespass. It is for this reason that hacking is made a crime punishable under Section 66 (2) of the Information Technology Act, 2000 providing for an imprisonment upto 3 years or with fine upto Rs. 2 lacs or with both.

The next question of importance, which arises for consideration, is when a hacker has no intention to commit any further crimes after having trespassed unauthorisedly into the property of other. The question is whether such hacking can be said to constitute intimidation or annoyance. To my mind, the answer to the question is in the affirmative as any person unauthorisedly entering into your property certainly causes annoyance, which may also result into intimidation.

If the offence of hacking is committed with an intention of committing further offences, a parallel for such offences can be drawn from the offences of theft, fraud, mis-appropriation, forgery, nuisance etc. If a person gains unauthorized access to the “Property” (website) of another, breaching confidentiality of electronic documents, the same is punishable under Section 72 of the I. T. Act punishable with an imprisonment upto 2 years or fine upto 1 lac or with both.

Section 25 of the IPC defines ‘Fraudulently’ as an action or deed done with an intention of deceit. The two main ingredients to be satisfied are Deceit or an intention to deceit and either actual injury or possible injury or an intent to expose some person to actual or possible injury.

Internet fraud is a form of white-collar crime whose growth is as rapid and diverse as the growth of the Internet itself. In fact, the diversity of areas in which the Internet is being used to defraud people and organization is astonishing. While there are innumerable scams and frauds going on, on the Internet, many of them relate to investments. They may be classified broadly, yet not comprehensively, into the following categories:

- Online Investment Newsletters: Hundreds of online investment newsletters have appeared on the Internet in recent years. Many offer investors seemingly unbiased information free of charge about featured companies or recommending “stock picks of the month”. While legitimate online newsletters can help investors gather valuable information, some online newsletters are tools for fraud.

- Bulletin Boards: Online bulletin boards – whether newsgroups, usenet, or web-based-have become an increasingly popular forum for investors to share information. Bulletin boards typically feature “threads” made up of numerous messages on various investment opportunities.

- E-mail Online Spams: Because “spam”-junk e-mail-is so cheap and easy to create, fraudsters increasingly use it to find investors for bogus investment schemes or to spread false information about a company. Spam allows the unscrupulous to target many potential investors. Using a bulk email programme, spammers can send personalized messages to thousands and even millions of Internet users at a time.

These offences can be related, most conveniently, to the offences of fraud and cheating.

Thirdly, let us view the menace of Viruses in the light of the provisions of the IPC. The offence of deliberately and malafidely destroying or altering the data bases of alien computers may best be described as ‘Mischief’ as defined in sections 425 to 440 of the IPC. The essential ingredients for the offence of Mischief being

A wrongful loss or damage to the public or any person
B intention to cause such damage or knowledge that such damage or loss might be caused.
C destruction of property or such alteration to such property as may render it useless or diminishes its value and/or utility amply cover and describes the commission of the offence of destruction of digital data.

Viruses are self-replicating programs, which on entering a system attach themselves to the digital data of the host computer, thereby destroying and/or altering it and/or rendering it beyond comprehension and making it useless. Computer viruses transfer from computer to computer by disguising itself as a harmless E-mail or any other such thing thereby infecting and destroying the data of the recipient computer as well. The menace of computer viruses has reached the stage of being an incurable disease. On an average a million computer viruses are generated every year. Multinational companies and some of the top government organizations together, all over the world, spend billions of dollars every year on the research and development of anti virus programs. Further millions of dollars are spent every year, recovering and reconstituting the data lost to viruses.

It has been mentioned that website could be considered to be the “property”. Further, it cannot be denied that viruses, however harmless, cause damage to property to some extent. Thus the requirement of damage to property is met in the form of alteration or destruction of digital information through viruses.

As far as intention to cause damage is concerned, the only defence that the offender who has authored the viruses or other such programme can claim is that his intention was not to cause damage to the specific computers or computer systems affected. However, the offence of mischief by definition does not require specific intent and therefore the offender cannot escape law for the damage caused. It could, for this reason, be asserted that an author of a computer virus may be held liable for the offence of mischief under Section 425 of the IPC.

The law dealing with Cyber crimes has now been codified in the I. T. Act, 2000 and Chapter XI deals with computer crimes and provide for punishments for these offences. The nature of criminal offences and punishments are given below:

Section Nature of Offence Punishment
65 Tampering with computer source code Imprisonment upto 3 years or with a fine upto Rs. 2 lakhs or with both
66(2) Hacking with Computer system Imprisonment upto 3 years of with a fine upto Rs.2 lakhs or with both
67 Publishing or transmitting obscene material in electronic form Imprisonment upto 5 years and fine upto Rs.1,00,000/- for first conviction.
Imprisonment upto 10 years and fine upto Rs.2,00,000 for second subsequent convictions.
71 Misrepresentation or suppression of material facts to Controller or Certifying Authority to obtain digital signature certificate or to obtain license to issue certificates. Imprisonment upto 2 years or with a fine upto Rs. 1 lakh or with both.


72 Breaching confidentiality of electronic documents to which a person has access Imprisonment upto 2 years or with a fine upto Rs. 1 lakh or with both.
73 Publishing digital signature certificate with false particulars Imprisonment upto 2 years or with a fine upto Rs. 1 lakh or with both.
74 Creating, publishing or making available a digital signature certificate for any fraudulent or unlawful purpose Imprisonment upto 2 years or with a fine upto 1 lakh or with both.


Another area of cybercrime is with regard to defamation. There are various issues related to Internet defamation. These include question of jurisdiction and also questions relating to lack of legal awareness amongst people using the Internet.

An essential ingredient for Defamation as defined under section 499 of the IPC is ‘Publication’. The question is what constitutes “publication” on the net, looms large. Can e-mails be considered “publication” when personal correspondence is not. If not, then who can stop an unscrupulous man from sending defamatory e-mails to all and sundry via the media of bulk e-mail. And if yes, then where does the liability lie if there is defamatory material posted on a bulletin board. Is the Internet Service Provider (ISP) liable under section 501 of the IPC which makes the publisher/printer of defamatory material, the prime offender. If we were to juxtapose the penal law to the present case, the ISP would be held liable but under the Information Technology Act, 2000, the Internet Service Provider has been exonerated from liability under Section 79 as long as he can prove that the offence/contravention has occurred without his knowledge and that he had exercised due diligence to prevent the commission of such offence/contravention.

The key business of the internet is computer software. The issue of computer software piracy is itself not a new one. However, the issue which arises out of having computer software on the internet is the manner in which piracy is done, the rights and liabilities of various parties involved in the process and the steps taken to curb it. In India, computer software falls under copyright laws and therefore, the software can be protected under the Copyright Act. The problem is that the philosophy behind the internet is freedom of information and freedom to information. In other words, there is no restriction to the information available on the internet in any form. On the other hand, the philosophy behind intellectual property protection is to give monopolistic protection to the authors. These two philosophies are in direct conflict with each other. Considering the extent to which the computer programmes and communications software are growing in market size and economic value, the nature of protection to be provided is extremely important. The issues of infringement of copyright are to be addressed by recourse to the provision of Copyright Act as no specific provision has been made for the offences relating to infringement of copyright in the Information and Technology Act.

Cybersquatting as an offence relates to the registration of a domain name by an entity who does not have an inherent right or a similar or identical trade mark registration in it’s favour, with the sole view and intention to sell them to the legitimate user in order to earn illegal profits.

In the Bisleri case, the Delhi High Court on a complaint by the proprietors of the TM Bisleri and the domain name Bislerimineralwater.com restrained an IT Company from using the domain name Bisleri.com.

In another recent judgment passed by the Delhi High court in Yahoo! Inc. v/s Akash Arora 1999 PTC 201, the court has restrained the defendant from using the Domain name yahooindia.com on the ground that it violated the rights of the plaintiff who was the owner of the domain name yahoo.com which was registered prior in time in 69 countries though not in India.

It is also noteworthy that while deciding this matter the court considered the ratio of Montari Industries case and the Whirlpool case which have laid down the concept of trans border reputation.


In Rediff Communications vs Cyberbooth, the defendants were restrained from using the domain name radiff .com as it was deceptively similar to the Plaintiff’s registered domain name rediff.com.

In Investsmart India Limited vs ICICI & Anr , the defendant had got registered in it’s name a domain name investmartindia.com. The plaintiff claimed that the defendant was violating it’s rights as they were the registered proprietors of the domain name investsmartindia.com. The application of the plaintiffs for the grant of interim injunction was dismissed in this case because it was found that the plaintiff’s had concealed from the court, the fact that the defendants had registered their domain name prior in time to the plaintiffs.

The internet and internet related crimes are increasing at an alarming rate. The laws that we are presently trying to fit into the modern scenario, answer some questions but leave twice the number unanswered. The loopholes left by the existing penal provisions make Internet a virtual haven for cyber criminals to carry on their illegal activities unchecked.

In all the crimes examined in this chapter, there is one fundamental aspect that poses serious difficulties. This is the question of jurisdiction. The nature of internet is such that geographical and political boundaries are rendered irrelevant. A person with access to a computer and the Internet might be participating, attempting or planning a criminal act anywhere in the world.

The Internet is, in a remote sense, analogous to the “High Seas”. No one owns it, yet people of all nationalities use it. This makes the control of cybercrime an international issue.

One suggestion has been to try and bring cybercrimes under International Crimes, similar to offences of piracy under the Law of the Sea, which may be tried in any country. This is a rather ambitious plan and is unlikely to receive sufficient support from the international community.

However, the formulation of an International Model Law on Cybercrime (based on which various countries could legislate and ensure harmony between various territorial laws) could be one of the more practical approaches. Early steps are underway among the G8 countries to begin an initiative for a set of global standards for cybercrime. The success of this initiative could go a long way in tightening the screws on cybercriminals from all over.

Copyright Amarjit Singh, Amarjit & Associates. All Rights Reserved. Any unauthorised reproduction is strictly prohibited.

 

    Home | Careers | Contact Us

   Copyright 2006 Amarjit & Associates,New Delhi India. All rights reserved.