Cyber Crime Law Separating Myth From Reality

Remember Bruce Willis, the main protagonist in the fourth installment of the Die Hard series last summer?Live Free or Die Hard depicts Willis as the New York police department detective John McClane who is commissioned to capture a gang of 'cyber terrorists' intent on shutting down the entire world's internet. In today 'sincreasingly volatile world of mobile activated bombs and websites of various militant groups, it is not hard to imagine the Die Hard scenario materializing in real life as well.

One of the most fascinating aspects of modern technology is how it has penetrated every scope and strata of society. Everyone from the uneducated mechanic to the high-profile chief executive officer of a firm now carries a mobile and is aware of what a computer is. This infiltration of technology in our communities has, by and large, proved to be beneficial. But like every other good thing, technology too can be exploited. This exploitation, among other things, has resulted in certain crimes being committed through or against
computers, their affiliated networks and the information contained within them.
Thus, came about the neologism of cyber crime.

Even though the term is now widely used in law circles, disagreements are
aplenty regarding what actually entails cyber crime. President of Naavi.org,
India's largest cyber law information portal suggests that the term is a
misnomer. "The concept of cyber crime is not radically different from that of
conventional crime," says in a report on the portal, "Both include conduct
whether act or omission, which cause breach of rules of law and [are]
counterbalanced by the sanction of the state. Cyber crime may be said to be [one
of] those species, of which, the genus is conventional crime, and where either
the computer is an object or subject of the conduct constituting crime,"

However, despite the similar legal nature of both conventional and cyber crime,
they are substantially different in practice. Cyber crimes are far easier to
learn how to commit, require fewer resources relative to the potential damage
caused, can be committed in a jurisdiction without being physically present in,
and until recently, their status of illegality has been, at best, vague. As the
global technology policy and management consulting firm McConnell Institute
notes in a comprehensive report on the subject, many countries' existing archaic
laws threaten the global information dynamic

"The growing danger from crimes committed against computers, or against
information on computers, is beginning to claim attention in national capitals.
In most countries around the world, however, existing laws are likely to be
unenforceable against such crimes".

The report added, "Existing terrestrial laws against physical acts of trespass
or breaking and entering often do not cover their 'virtual' counterparts. New
kinds of crimes can fall between the cracks."

Furthermore, efficient law enforcement is further complicated by the
transnational nature of cyberspace.

"Mechanisms of cooperation across national borders are complex and slow. Cyber
criminals can defy the conventional jurisdictional realms of sovereign nations,
originating an attack from almost any computer in the world, passing it across
multiple national boundaries, or designing attacks that appear to be originating
from foreign sources. Such techniques dramatically increase both the technical
and legal complexities of investigating and prosecuting cyber crimes."

To protect themselves from those who would steal, deny access to, or destroy
valuable information, public and private institutions have increasingly relied
on security technology. But in today's rapid world of e-commerce, self
protection, however essential, alone cannot make up for a lack of legal
protection. Many countries, therefore, now have separate legislation against
such activities.

The bill covers two basic types of cyber crimes. One in which computers
themselves are targets (such as criminal data access, data damage, malicious
code, and various other kinds of information theft on computer networks), while
the other in which computer and other technology are used as a tool to commit
virtual versions of various conventional crimes (such as cyber terrorism,
electronic fraud and forgery, cyber stalking and spamming, etc).

For the average internet surfer, unaware of the technical definitions of most of
these offences, the law may appear quite confusing at the first glance. It shall
come as no surprise, therefore, that disagreements regarding the ordinance's
interpretation persist even in the broader legal fraternity. In particular, it
has come under fire from civil rights groups and a section of lawyers who
denounce it as "effectively and practically [...] useless against cyber crimes"
but nevertheless creating "enormous obstructions and nuisances for IT enabled
[...] businesses and individuals" as well as considerably sacrificing individual
liberties such as that of privacy.

Mark Tamale (former member of the information technology law forum and the
ministry of science and technology) who has been at the forefront of the
awareness campaign, 'Take a bite out of the cyber crimes law' has criticised
this and other sections of the ordinance as being too ambiguous. He implies that
the law could, as a consequence, render even something as innocuous as googling
'how to make an atomic bomb' a 'terrorist act.' Surely however, the 'knowingly
engages in' portion of the statue as well as the subsequent definition of

'terrorist-ic intent' should make this a highly unlikely possibility.

A more pressing concern however, at least for the average citizen would be of
privacy. Sections of the law pertaining to corporate responsibility require all
internet service providers to store up to 90 days of data regarding consumers'
internet usage. Service providers are also, in turn, legally bound to comply
with federal law enforcement agencies if they require such data. Such broad
ranging powers for the law enforcement agencies are a common feature of the
ordinance, which also empowers the Federal Investigation Authority to issue an
arrest warrant without any direct involvement of the judiciary.

This means that in effect if the peoples found out how you took a picture of the
man that always stands at the beginning of your lane and then posted it in your
blog, then you may end up in jail (section 13 (d) of the bill renders it illegal
to distribute any image on the Web without the prior explicit consent of the
person in the picture). You may also be arrested for bombarding all your
'frands' with Valentine Day wishes (section 13 defines cyber stalking as
'communicating obscene, vulgar, profane, lewd, lascivious or indecent language,
picture or images with an intent to coerce, intimate or harass any person using
a computer network, internet, network site, electronic mail or any other similar
means of communication').

Worse still, if you committed any of 21 crimes enlisted in the bill in your
office premises, you will not only end up in jail yourself, but land your bosses
in hot water as well. For section 21, on offenses by a corporate body, holds any
corporation responsible for any action which was committed on its instruction or
for its benefit. Some of these definitions, even by layman standards paint very
abstruse criteria.

Even if one puts aside valid concerns about the lack of procedural safeguards
and due process to protect the rights and the liberties of individuals, one
cannot help but wonder how it will become a nightmare to implement the law, and
then prove any accusations in a trial, especially given the international nature
of cyber crime. Unless the crimes mentioned in it are defined in a manner
consistent across other international jurisdictions, coordinated efforts by law
enforcement officials to combat cyber crime will remain largely complicated and
unsuccessful. There is also a most pressing need to educate law enforcers
themselves about the nature of technology involved, so they can distinguish
aptly between a casual surfer and genuine cyber criminal. The past reputation of
our law enforcement agencies does not leave one with a lot of confidence in this
respect.

In short, a separate ordinance for cyber crimes is in it self a step in the
right direction. After all, rule of law in any capacity always constitutes
towards blossoming a trustworthy environment for business and individuals to
work in. But merely passing a law has never been enough to curtail any crime;
the real deterrent will be its implementation and awareness among the public.