Académique Documents
Professionnel Documents
Culture Documents
1. Introduction..............................................................Pg 2
6. United Kingdom......................................................Pg 15
8. Pakistan.....................................................................Pg 19
9. Conclusion...............................................................Pg 20
10. References...................................................................Pg
1
Introduction
Cyber Laws are the laws prevailing in the cyber space. Cyber
space has a vast definition which encompasses the terms like
computers, computer networks, software, data storage devices,
the Internet, websites, emails and even electronic devices such as
cell phones, ATM machines, satellites, Microwaves etc. These
Laws cover firstly that they must be standardized by government.
Secondly it should be in force under some specific region and
finally must be obeyed by all persons under such specified region.
Any violation of these rules could give the right to government to
take action such as imprisonment, or fine or an order to pay
compensation as per specified through proper legal jurisdiction.
In India, Cyber Law is a generic term which refers to all the legal
and regulatory aspects of Internet and the World Wide Web. It
handles those crimes, which accomplishes with the help of
computer, computer system, computer network, internet, storage
devices or communication device. The I.T. Act in India has no
2
strict definition but it includes cyber contraventions and cyber
offences. For e.g. cyber contravention is in general describes to
any unauthorized access may or may not come under law and is
of degree of penetration to lesser (may be not to harm
or for educational research purpose ) extent while in case of
cyber crimes they are the exploits for gaining unauthorized access
intentionally to harm. It should be noted that in Indian context the
punishment under for cyber crimes is also given on the basis of
Indian Penal Code (IPC) which is also a constitutional legal hand
book to prosecute criminals engaged in other social crime.
3
means that term access can also be replaced by its noun, verb,
adjective or any grammatical form. Further cognate expressions
are synonyms or the words related to name access e.g. entrance,
sign in, start etc. All the grammatical variations and cognate
expressions are used according to the situation observed.
Analogies:
1. To access computer system remotely with the help of
Trojans
2. Through application of Social Engineering on friends,
relatives etc.
3. With the help of hacking through any software or otherwise
e.g. by using telnet or ftp command.
4. Bye- mail spoofing or MAC spoofing or IP spoofing.
5. By knowing passwords with the help of Key loggers or
shoulder surfing.
Now we will like to define term permission. It can be Full, Partial
or Implied analogy. The best example to understand this term is
Intranet. In colleges each faculty has separate Log-in ID and
password. There is also a Director Log-in which reserves the full
right to verify records of marks, attendances etc. of students that
4
are uploaded by concerned faculty of concerned subject(s) of
whole college. He further can add, delete or modify any uploaded
data of faculty if found with error or in case of any discrepancy.
Now
1. Director Log-in has Full permission to access anybodys
account.
2. Management of College authorized Director Log-in to
confer full right to access any faculty record.
This comes into partial and implied categories of permission. In
regard of Implied it means that Director can access record of
faculty but it is also a Partial permission since he has to look out
only academic activities of faculties he is not authorized to view
the salary status or any financial transaction of faculty which is
under the control of accounts department.
3. There is only one scenario which comes under unauthorized
access. Suppose the Director is on leave and he gives his-log-in Id
and password to his assistant. But due to some malaise intention
he modified the data of a particular faculty. The only way to find
out that what had happened that day is the Log in recovery
through IDPS. The penalty provided for this section is
compensation up to Rs.1 Crore.
5
Assisting Unauthorised Access
6
The penalty provided for this section is compensation up to
Rs.1 crore. Some important case studies which have been
registered in courts of law under Indian Cyber Laws are detailed
down. Further they also describe the Concept of terms hacking
and unauthorized access.
1. A displeased employee of a bank putted down a strong
Magnet near the banks main server. After sometimes the
bank lost the important information related to customers account.
2. Two persons were allegedly arrested in 2002. They used
password cracking software to crack the FTP password for
the Mumbai police website and then change the homepage
of this website with pornographic content.
3. The Delhi Municipal Corporation (DMC) on behalf of
electricity department used to collect money provided
receipts and performed accounting of Electricity bills through
Computer Systems. When this process is transferred to private
party then one of them who was Computer Expert dispensed
large amount of funds by manipulating data files to show less
receipt and bank remittance.
4. A young lady reporter was in trap when during online
surfing related to her articles, she was victimized by somebody.
Someone installed Trojan in her computer. This ladys computer
was located in one of the corners of her bedroom. Trojan
activated everytime she started her internet connection. This
Trojan further starts her web cam International Journal of
Computer Applications Volume 58 No.7, November 2012 15 and
microphone without her knowledge. The connection further
works when she used to disconnect her internet connection. Later
she came to know that many of her pictures and videos were
transferred to pornographic websites.
5. India witnessed its first cybercrime conviction recently in
2002. This all started when Sony India Private Ltd. ran
7
website called www.sony-sambandh.com. The aim of this website
was to send Sony products to their friends and relatives in India
through online payment. In May 2002, someone logged onto the
website under the identity of Barbara Campa and placed a order
of Sony Colour Television set and a cordless head phone and
made online payment through Credit Card for Arif Azim, Noida
The payment was cleared by the credit card agency and the
transaction processed. After following the relevant procedures,
the Sony company delivered the items to Arif Azim. But after one
and a half months the credit card agency informed the company
that this was an unauthorized transaction as the real owner had
denied having made the purchase. The Sony Company lodged a
complaint for online cheating at the Central Bureau of
Investigation which registered a case under Section 418, 419 and
420 of the Indian Penal Code. The matter was investigated into
and Arif Azim was arrested. Investigations revealed that Arif
Azim, while working at a call centre in Noida gained access to the
credit card number of an American national which he misused on
the companys site. The CBI recovered the colour television and
the cordless head phone and Arif was arrested.
8
Scope of Section 43 of IT Act 2000
Section 43. Penalty and This section primarily deals with all
Compensation for damage to such conventions resulting from
computer, computer system, etc. unauthorised access to computer,
If any person without permission of computer system or computer
the owner or Any other person who resources.
is incharge of computer, computer
system or computer network,-
(a) Accesses or secures It may cover instances of
access to such computer, cracking(or hacking), computer
computer system or network trespass, data theft, privacy
or computer resources; violation, software piracy/theft etc.
(b) Downloads, copies or It may cover instances related to
extracts any data, computer digital copying, data and computer
data base or information from database theft, violation of privacy
such computer, computer etc.
system or computer network
including information or data
held or stored in any
removable storage medium.
(c)Introduces or causes to be It may cover instances of deletion,
introduced any computer alteration, damage, modifications of
containment or computer stored computer data or computer
virus into any computer, programs leading data interference.
computer system or computer
network;
(d) Damages or causes to be It may cover instances related to
damaged any computer, computer/online fraud, forgery,
computer system or computer privacy violations etc.
network, data, computer data
base or any other programs
residing in such computer,
9
computer system or computer
network;
(e) Disrupts or causes It may cover instances leading to
disruption of any computer, denial of service attacks, spamming
computer system or computer etc.
network;
(f) Denies or causes the denial of It may cover instances of system
access to any person interference, misuse of computer
authorised to access any devices etc.
computer, computer system or
computer network by any
means;
(g) Provides any assistance It may cover instances of illegal
to any person to facilitate access, misuse of computer devices
access t a computer, computer etc
system or computer network
in contravention of the
provisions of this Act, rules of
this regulations made
thereunder;
(h) Charges the service It may cover instances leading to
availed of by a person to the computer/ online fraud, phishing
account of another person by identity theft etc.
tampering with or
manipulating any computer,
computer system or computer
network;
(i) Destroys, deletes or alters any It may cover instances of
information residing in a cracking(or hacking), data theft,
computer resource or data interference, data loss, denial of
diminishes its value or utility service attacks, online frauds/
or affect it injuriously by any forgeries etc.
means
(j) Steals, conceals, destroys or It may cover instances related to
alters or causes any person to computer programme/ software-
steal, conceal, destroy or alter copyright violations, piracy, theft
any computer source code etc.
used for a computer resource
with an intention to cause
damage.
10
United States
11
damaging a government computer, a bank computer, or a
computer used in, or
affecting, interstate or foreign commerce, 18 U.S.C.
1030(a)(5);
committing fraud an integral part of which involves
unauthorized access to a
government computer, a bank computer, or
a computer used in, or affecting,
interstate or foreign commerce, 18 U.S.C. 1030(a)(4);
Unauthorised Access-
Jurisdiction
The reports offer little insight into the meaning of the third
elementwhat computers are protected from trespassing. There
may be two reasons. Paragraph 1030(a)(3) protects only
government computers and therefore explanations of the sweep
of its coverage in the area of interstate commerce or of financial
institutions are unnecessary. Besides, at least for purposes of
these trespassing offenses of paragraph 1030(a)(3), the statute
itself addresses several of the potentially more nettlesome
questions. First, the construction of the statute itself strongly
suggests that it reaches only computers owned or leased by the
federal government: whoever ... without authorization to access
any non public computer of a department or agency of the United
States, accesses such a computer of that department or agency....
Second, the language of the statute indicates that nonpublic
computers may nevertheless include government computers that
13
the government allows to be used by nongovernmental purposes:
in the case of a [government] computer not exclusively for the
use of the Government of the United States....
Third, the statute covers government computers that are
available to nongovernment users: accesses such a computer ...
that ... in the case of a [government] computer not exclusively for
the use of the Government of the United States, is used by
or for the Government of the United States.... The use of the term
nonpublic, however, makes it clear that this shared access may
not be so broad as to include the general public.
Finally, the section supplies a definition of department of the
United States: [a]s used in this section ... the term department of
the United States means the legislative or judicial branch of the
Government or one of the executive departments enumerated in
[s]ection 101 of title 5;10 and the title supplies a definition of
agency of the United States: [a]s used in this title ... [t]he term
agency includes any department, independent establishment,
commission, administration, authority, board or bureau of the
United States or any corporation in which the United States has a
proprietary interest, unless the context shows that such term was
intended to be used in a more limited sense.
14
United Kingdom
15
23 They intended to deter the more serious criminals from
using a computer to assist in the commission of a criminal offence
or from impairing or hindering access to data stored in a
computer. The basic offence is to attempt or achieve access to a
computer or the data it stores, by inducing a computer to perform
any function with intent to secure access. Hackers who program
their computers to search through password permutations are
therefore liable, even though all their attempts to log on are
rejected by the target computer. The only precondition to liability
is that the hacker should be aware that the access attempted is
unauthorised. Thus, using another person's username or
identifier (ID) and password without proper authority to access
data or a program, or to alter, delete, copy or move a program or
data, or simply to output a program or data to a screen or printer,
or to impersonate that other person using e-mail, online chat, web
or other services, constitute the offence. Even if the initial access
is authorised, subsequent exploration, if there is a hierarchy of
privileges in the system, may lead to entry to parts of the system
for which the requisite privileges are lacking and the offence will
be committed. But looking over a user's shoulder or using
sophisticated electronic equipment to monitor the
electromagnetic radiation emitted by VDUs ("electronic
eavesdropping") is outside the scope of this offence.
16
identity data or to acquire any other data from an unauthorised
source, or modifying the operating system files or some aspect of
the computer's functions to interfere with its operation or
prevent access to any data, including the destruction of files, or
deliberately generating code to cause a complete system
malfunction, are all criminal "modifications". In 2004, John
Thornley pleaded guilty to four offences under 3, having
mounted an attack on a rival site, and introduced a Trojan horse
to bring it down on several occasions, but it was recognized that
the wording of the offence needed to be clarified to confirm that
all forms of denial of service attack are included.
17
Although the fines imposed were modest, they elected to appeal
to the Criminal Division of the Court of Appeal. Their counsel cited
the lack of evidence showing the two had attempted to obtain
material gain from their exploits, and claimed the Forgery and
Counterfeiting Act had been misapplied to their conduct. They
were acquitted by the Lord Justice Lane, but the prosecution
appealed to the House of Lords. In 1988, the Lords upheld the
acquittal. Lord Justice Brandon said:
The Law Lords' ruling led many legal scholars to believe that
hacking was not unlawful as the law then stood. The English Law
Commission (ELC) and its counterpart in Scotland both
considered the matter. The Scottish Law Commission (SLC)
concluded that intrusion was adequately covered in Scotland
under the common law related to deception, but the ELC believed
a new law was necessary.
18
Pakistan
Conclusion
20
resource. They can block public access to any information through
any computer resource.
Dream to keep the society crime-fee will remain a dream in India
as there should be constant endeavour for the legislation to keep
in pace with the fast pace in crimes. Especially in a society that is
dependent more and more on technology, crime based and
electronic offences are bound to increase and the law makers
have to go the extra mile keeping in pace to the fraudsters as
technology is always a double-edged sword and can be used for
both the purposes good or bad.
We can conclude that though the cyber police have become
proactive but the rise in the number of instances may be due to
weak law and to have appropriate legislations for the fast track
crime.
21
References
1. http://www.isaca.org/cyber/Pages/cybersecuritylegislation.as
px
2. https://en.wikipedia.org/wiki/Computer_Misuse_Act_1990
3. https://www.sans.org/reading-
room/whitepapers/legal/federal-computer-crime-laws-1446
4. http://research.ijcaonline.org/volume58/number7/pxc38835
07.pdf
5. https://www.fas.org/sgp/crs/misc/97-1025.pdf
6. http://www.dawn.com/news/1276662
22