Monday, August 5, 2019
Types of Cyber Crime and Strategies for Prevention
Types of Cyber Crime and Strategies for Prevention Crimes In cyber Age And Its Response By Indian Judiciary Table of abbrevaitions AIR All India Reporter AP Andhra Pradesh Art. Article Bom. Bombay ed. Edition Ltd. Limited. P. page number Pat. Patna SCC Supreme Court Cases SCR Supreme Court Reporter Sec. Section Crimes In cyber Age And Its Response By Indian Judiciary Introduction The advent of the third millennium has brought in an era of information society. The new era is the result of rapid changes brought about by the new technology and the cyber world. Obviously the information society offers vast scope and opportunities to human beings to identify information, to evaluate information, and to exchange information for the benefits of the citizens the world over. The in formation technology provides for a new environment, new work culture, new business links and trading networks. It allows information and knowledge based work to be located anywhere. It is virtually transforming and revolutionizing the world. The information technology is a double-edged sword, consistently presenting us with benefits and disadvantages. The increasing opportunities for productivities, efficiency and worldwide communications brought additional users in droves[1]. Today, the internet is a utility, analogous to the electric company and ââ¬Ë.com has become a household expression. The reliability and availability of the internet are critical operational considerations. Activities that threaten these attributes like spamming, spoofing, etc, have grave impacts on its user community. Any illegal act, for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution, is known as cyber crime. Among the various problems emerging out of the internet are the menace of hackers, cyber terrorism, spamming, Trojan horse attacks, denial of service attacks, pornography, cyber stalking etc. Through this paper the researcher will try to study the problem of cyber stalking, cyber defamation, various types of data theft and the laws relating to it. An effort will also be made to recommend some suggestions to fight these dangerous problems, with the response of Indian judiciary to it. Cyber staking Cyber stalking, has been defined as the use of electronic communication including, pagers, cell phones, emails and the internet, to bully, threaten, harass, and intimidate a victim. Moreover, it can also be defined as nothing less than emotional terrorism.[2] Cyber stalking can take many forms. However, Ellison (1999) suggests, cyber stalking can be classified by the type of electronic communication used to stalk the victim and the extent to which the communication is private or public. Ellison (1999) has classified cyber stalking as either ââ¬Ëdirect or ââ¬Ëindirect. For example, ââ¬Ëdirect cyber stalking includes the use of pagers, cell phones and the email to send messages of hate, obscenities and threats, to intimidate a victim. Direct cyber stalking has been reported to be the most common form of cyber stalking with a close resemblance to offline stalking (Wallace, 2000). Why people do it? Generally, to be defined as stalking the behaviour must be unwanted and intrusive. Another important point is that the stalker must also have an intense preoccupation with the victim. The range of behaviour involved in stalking can be broadly grouped in three categories. Firstly, there is following, which includes frequenting workplaces and homes, maintaining surveillance, and engineering ââ¬Å"coincidences.â⬠Secondly, there is communicatingââ¬âby phone, letters, cards, graffiti, gifts, and, Increasingly, electronic mail and the internet (ââ¬Å"cyber stalkingâ⬠).Often the stalker will order goods and services on the victims behalf. Finally comes aggression or violence, in which stalkers threaten their victims, harass their families, damage their property, make false accusations about them, and cause sexual or physical injury. Sexual attractions and motives are other very important reasons for cyberstalking. In USA, the federal law enforcement agencies have encountered numerous instances in which adult paedophiles have made contact with minors through online chat rooms, established a relationship with the child, and later made contact for the purpose of engaging in criminal sexual activities.[3] Nature of cyber staking The nature of cyber stalking is ascertains by the medium which is used for its execution. According to â⬠¦ cyber stalking had been classified into four kinds[4] a) E-mail stalking b) Chat stalking c) Bulletin board systems d) Computer stalking. Email stalking Electronic mail is an electronic postal service that allows individuals to send and receives information in matter of seconds. This sophisticated use of telephone lines allows communication between two people who may or may not know each other but can ââ¬Ëspeak to each other using a computer. In general Email is an insecure method of transmitting information or messages. Everyone who receives an email from a person has access to that persons email id. With some online services as AOL, a persons screen name is also an email address. In addition, when a person posts an item on a newsgroup, that pesons email id may be available to anyone who reads that item. It is unsurprising, then, that email is a favoured medium for cyber stalkers. Technologically sophisticated email harassers send ââ¬Ëmail bombs, filling a persons inbox with hundreds or even thousands of unwanted mails in the hope of making the account useless. Others send electronic viruses that can infect the victims files.[5] Chat stalking A chat room is a connection provided by online services and available on the internet that allows people to communicate in real time via computer text and modem. Cyber stalkers can use chat rooms to slander and endanger their victims. In such cases the Cyber stalking takes on a public rather than a private dimension. As live chat has become more popular amongst users of the internet with tools such as internet relay chat (IRC), it has also become more popular as a medium through which stalkers can identify and pursue their prey. When a person enters a chat room, his screen name joins the list of names of others in the group. Depending on the nature of the chat software, that person can address others in the room and vise versa as a part of the group discussing from a smaller group in a private chat room or send private, one to one instant messages to others anytime.[6] During ââ¬Ëchat, participants type instant messages directly to the computer screens of other participants. When a person posts a message to a public news group this is available for anyone to view copy and store. In addition, a persons name, email address and information about the service provider are easily available for inspection as a part of the message itself. Thus, on the internet, public messages can be accessed by anyone anytime- even years after the message were originally written. In IRC, the harasser may chose to interrupt a persons chat electronically or otherwise target a chat system, making it impossible for someone to carry on a conversation with anyone else. The Cyberstalker can engage in live chat harassment or abuse of the victim( otherwise known as ââ¬Ëflaming) or he/she may leave improper message o the message board or in chat rooms for or about the victim. Bulletin board systems A bulletin board system (BBS) is a local computer that can be called directly with a modem[7]. Usually they are privately operated and offer various services depending on the owner and the users. A bulletin board allows leaving messages in group forums to be read at a later time. Often a BBS is not connected to a network of other computers, but increasingly BBSs are offering internet access and co Cyber stalkers area using bulletin boards to harass their victims.[8] Online have been known to known to post insulting messages on electronic bulletin boards signed with email addresses of the person being harassed. The Cyber stalker can also post statements about the victims or start rumours which spread through the BBS. In addition a Cyber stalker can ââ¬Ëdupe another internet users into harassing or threatening a victim by posting a controversial or enticing message on the board under the name , phone numbers or email address of the victim, resulting in subsequent responses being sent to the victim.[9] Computer stalking With computer stalking, cyber stalker exploits the internet and the windows operating system in order to assume control over the computer of the targeted victim. An individual ââ¬Ëwindows based computer connected to the internet can be identified, allowing the online stalker to exercise control over the computer of the victim. A cyber stalker can communicate directly with his or her target as soon as the target computer connects to the internet. The stalker can also assume control over the victims computer and the only defensive option for the victim is to disconnect and relinquish his or her current internet address.[10] An example of this kind of cyber stalking was the case of a woman who received a message stating ââ¬Ë Im going to get you. The cyber stalker then opened the womans CD-ROM drive in order to prove that he had control over her computer. cyberstalking trends and statistics offenders Previous studies that have investigated stalking offenders by and large, have focused on the offline stalking offender Regardless for the offenders group such as ââ¬Ësimple, ââ¬Ëlove or ââ¬Ëerotomanic statistics reports, male offenders to account for the majority of offline stalking offenders. Working to Halt Online Abuse (2000) statistics also support the gender ratio of offenders claiming, 68% of online harassers/cyber stalkers are male. Furthermore, common social and psychological factors have been found within offline stalking offender population. For example, social factors such as the diversity in socio-economic backgrounds and either underemployment or unemployment have been found significant factors in offline stalking offenders[11]. In a research done on young stalkers between 9 and 18 years of age little difference was found between young and adult offline stalking offenders. For example, the majority of offenders were male, had some form of previous relationship with the victim and experienced social isolation.[12] Victims Currently, there are limited studies on the victims of cyber stalking. Although, anyone has the potential to become a victim of offline stalking or cyber stalking, several factors can increase the statistical likelihood of becoming a victim. Studies[13] that have investigated offenders of offline stalking, have found some common factors within the selection of victims. For example, contrary to public belief, a large proportion of stalking victims are regular people rather than the rich and famous. Goode claimed[14], up to 80% of offline stalking victims are from average socio-economic backgrounds. In addition, the statistical likelihood of becoming a victim increases with gender. Working to Halt Online Abuse (2000) reports, 87% of online harassment/cyber stalking victims are female. However, victim gender statistics may not represent true victims, as females are more likely to report being a victim of online harassment/cyber stalking than males. Although studies have shown that the majority of victims are female of average socio-economic status, studies have also shown that offline stalking is primarily a crime against young people, with most victims between the age of 18 and 29.[15] Stalking as a crime against young people may account for the high prevalence of cyber stalking victims within universities. For example, the University of Cincinnati study showed, 25% of college women had been cyber stalked.[16]. Nevertheless, previous relationships have been shown to increase the likelihood of being stalked offline. For example, it was reported, 65% offline victims had a previous relationship with the stalker[17]. Although studies of offline stalking claim the majority of victims have had a previous relationship with the stalker Working to Halt Online Abuse Statistics[18] fails to support a previous relationship as a significant risk factor, for online harassment/cyber stalking. For example, 53% of victims had no prior relationship with the offender. Therefore, the risk factor of a prior relationship with the stalker may not be as an important factor in cyber stalking, as it is in offline stalking. Psychological effects of cyberstalking Currently, there are few studies on the psychological impact on victims. However, Westrup[19]studied the psychological effects of 232 female offline stalking victims. He found out that the majority of victims had symptoms of PTSD, depression, anxiety and experienced panic attacks. Additionally, it was found that 20% of victims increased alcohol consumption and 74% of victims suffered sleep disturbances[20]. Nevertheless, social and psychological effects of offline stalking cannot be separated as social effects can impact on psychological effects and psychological effects can impact on the social effects. Although the majority of studies have focused on the offline stalking victims, there is no evidence to suggest that cyber stalking is any less of an experience than offline stalking (Minister for Justice and Customs, 2000), As shown, there are many common themes between offline stalking and cyber stalking. For example, offenders are most likely to be male and offline stalking or cyber stalking is the response to a failed (offline/online) relationship. Additionally, young females account for the majority of victims. Furthermore, victims experience significant social and psychological effects from offline stalking or cyber stalking.[21] Legal responses to cyberstalking Cyber stalking is are a relatively new phenomenon and many countries are only now beginning to address the problem. India has also witnessed cases of cyber stalking, cyber harassment and cyber defamation. However, as there is no specific law or provision under the IT Act, a number of these cases are either not registered or are registered under the existing provisions of Indian Penal Codeââ¬âwhich are ineffective and do not cover the said cyber crimes.[22] Since its promulgation, the IT Act 2000 has undergone some changes. One big change is the recognition of electronic documents as evidence in a court of law. Market players believe this will go a long way in giving encouragement to electronic fund transfers and promoting electronic commerce in the country. However, all hope is not lost as the cyber crime cell is conducting training programmes for its forces. It also has plans to organize special courses for corporate to combat cyber crime and use the IT Act effectively. Cyber defamation Defamation can be understood as the intentional infringement of another persons right to his good name. It is the wrongful and intentional publication of words or behavior concerning another person, which has the effect of injuring that persons status, good name, or reputation in society. It is not defamatory to make a critical statement that does not have a tendency to cause damage, even if the statement turns out to be untrue[23]. In this case a claim for malicious falsehood[24] may be raised. Another key feature of the Internet is that users do not have to reveal their identity in order to send e-mail or post messages on bulletin boards. Users are able to communicate and make such postings anonymously or under assumed names. This feature, coupled with the ability to access the internet in privacy and seclusion of ones own home or office and the interactive, responsive nature of communications on the Internet, has resulted in users being far less inhibited about the contents of their messages resulting in cyber space becoming excessively prone to defamation. What is defamatory? As to what is defamatory; Permiter v. Coupland[25] and Youssoupoff v. Metro Goldwyn Mayer Pictures Ltd[26] lay down that it is a publication without justification or lawful excuse, which is calculated to (meaning ââ¬Å"likely toâ⬠) injure the reputation of another by exposing him to ââ¬Å"hatred, contempt, or ridiculeâ⬠[27] and make the claimant ââ¬Å"shunned and avoidedâ⬠. Then in Sim v. Stretch[28] the definition was widened to include the test whether the words tend to lower the plaintiff in the estimation of the right-thinking members of society in general. A persons good name can only be damaged if maligning statements are made to someone other than that person; that is, the defamatory statement must be disclosed to a third person, thereby satisfying the requirement of publication. Thus the law of defamation places a heavy burden on the defendant. All that a plaintiff has to prove, in a defamation action, is the publication of defamatory matter. The onus then lies on the defendant to prove innocence. In essence, the law on defamation attempts to create a workable balance between two equally important human rights: The right to an unimpaired reputation and the right to freedom of expression. In a cyber society, both these interests are increasingly important. Protection of reputation is arguably even more important in a highly technological society, since one may not even encounter an individual or organization other than through the medium of the Internet. Jurisdiction It is a fact that the tried and true real world legal principles do not apply in the digital generation. Even seemingly ubiquitous, time honoured principles must be examined, including whether a court has the power to exercise jurisdiction over a defendant because of the defendants ties to or use of the Internet or Internet related technologies. This jurisdictional rethinking requires us to address the concept that involves the right of the sovereign to exert its power and control over people or entities that use the Internet One of the complexities of the Internet is the fact that Internet communications are very different than telephone communications. The telephone communication system is based on circuit-switching technology, where a dedicated line is allocated for transmission of the entire message between the parties to the communication. A dedicated line, on the other hand, does not accomplish Internet communications. A message sent from an Internet user in India may travel via one or more other countries before reaching a recipient who is also sitting at a computer in India. Therefore, the lack of a physically tangible location and the reality that any Internet communication may travel through multiple jurisdictions creates a variety of complex jurisdictional problems[29]. Position in india Cases of cyber defamation do not fit neatly in the accepted categories of crimes. They represent harm of greater magnitude than the traditional crimes and of a nature different from them. Unlike the traditional crimes, they are not in the shape of positive aggressions or invasions[30]. They may not result in direct or immediate injury; nevertheless, they create a danger, which the law must seek to minimize. Hence, if legislation applicable to such offences, as a matter of policy, departs from legislation applicable to ordinary crimes, in respect of the traditional requirements as to mens rea and the other substantive matters, as well as on points of procedure, the departure would be justified[31] An effort is still wanted to formulate an international law on the use of Internet to curb this imminent danger of cyber crimes and to achieve a crime free cyber space. Defamation laws should be sufficiently flexible to apply to all media. The difficulty is that the defamation laws world over were principally framed at a time when most defamatory publications were either spoken or the product of unsophisticated printing. We do need a stronger legal enforcement regime in India to combat the increasing cyber crimes or in other words, efficacy in dispensation of justice will be instrumental in curtailing such activities. The position in Indian law is not very clear and amendments should be brought to Section 67 of the Information Technology Act, 2000[32] and also to Section 499 of the Indian Penal Code[33], by expressly bring within their ambit offences such as defamation in cyber space, which is certainly a socio-economic offence. Internet Banking Fraud The concept of internet banking was introduced to facilitate the depositors to have access to their financial undertakings globally. But every good thing has its own demerits; the introduction of this system was coupled by a number of fraud incidents in which the money of depositors was embezzled by the net swindlers popularly known as hackers.[34] Digital Extortion For any company doing business on the Internet, its the sound of doom: a computer voice warning of an inbound attack. Call it a cyber-shakedown: A hacker threatens to shut down a companys Web page, unless the business pays up.[35] Digital Extortion can be defined as, ââ¬Å"Illegally penetrating through the system of an enterprise and then compelling it to pay substantial amounts in lieu of their secret data or to save their system from being wiped out by the hackers.â⬠In a recent incident, Security researchers at Websense were trying to learn why a clients files were scrambled when they found a note demanding $200 for the electronic key to the files. The money was to be sent to an online payment service. The data was recovered without paying the ransom, but experts are worried that more sophisticated attacks could be more serious.[36] Credit Card Frauds Credit Card popularly known as plastic money has came up as a panacea for the troubles of carrying huge amount of money in the pocket. The credit card embodies two essential aspects of the basic banking functions: the transmission of payments and the granting of credit. But again the usage of this technology has brought in new forms of crimes with the fraudsters employing entirely new technologies to manipulate this technology for their illegal economic gains because unlike paper money, it was not anonymous and the usage of credit card can be traced. The Indian Legal Response to Data Theft Related Cyber Crimes In the past few years, India has emerged as a leader in information technology. Also, there has been an explosion of the BPO industry in India, an industry which is based primarily on IT[37], an industry where there is a huge risk of data theft since the business primarily is based on huge amounts of sensitive data of the customers. The numbers of computer literates have also grown at a rapid pace. The prices of computers and other peripherals have slashed drastically. Dial-up and Broadband connections, both are found and are easily accessed at cheap rates. All this has resulted in making the middle-class in India computer literate as well. Hence, as a result of all these developments, the Indian Parliament enacted the Information Technology Act, 2000. The researchers will discuss some of the remedies provided for in brief and has also provided certain suggestions as to where the act can be amended. 1) Penalty for Tampering with Computer Files As discussed already, Industrial espionage may also include tampering with the computer files to slow down the system or corrupt databases. Section 65 of the Act defines this sort of offence and prescribes an imprisonment of 3 years or fine extending to two lakh rupees. 2) Penalty for Hacking This also relates to data theft and industrial espionage. Hacking is where a person hacks into a computer resource and in any way destroys, deletes or alters any information is to be punished with an imprisonment of up to three years or a fine extending up to two lakh rupees. For this the requirement of mens rea, i.e. metal element is required. 3) Penalty for Damage of Computer, Computer System, etc. This is the section which can be said to deal directly with data spying. Section 43 says that whosoever without the permission of the owner accesses any computer ,downloads, copies or extracts any data, computer data base or such information is liable to pay compensation not exceeding rupees one crore. It takes care of all the possibilities arising out of such situations. In this case the condition of mens rea is not required, i.e. this section imposes a strict liability on every unauthorized access. 4) Penalty for breach of Confidentiality and Privacy Now, this section seeks to bring to the book people who secure access to any electronic record etc. and without the consent of the person concerned disclose the information to a third party. Shortcomings of the Act: * No steps to combat Internet Piracy- There is absolutely no legislation to combat the menace of piracy which has India firmly in its iron grip .As discussed by the researchers above India is one of the countries where there is rampant violation of copyrights. Pirates sell copyrighted material openly, on the streets, yet nothing can be done about it. * Power of Police To Search Limited to Public Places-Police officers can search public places and arrest any person having committed a cyber crime but it is seldom that such crime takes place in the open. Hence, the police have been limited in its powers by the act. * Issue of Privacy and Surveillance-There is no legislation that protects the citizens from having their physical features being examined and the details stored without their consent. When biometric systems gain currency in India the old argument of Privacy v. Security will have to be waged as it has been waged in the US. As we have seen, there are various aspects of data theft, not only the conventional one, though that remains one of the most well-known ways of data-theft, i.e. data spying .In todays world there is no one way of defining data. Data can still be in the form of a spreadsheet and also you can call information about a person including his physical features, which if they fall into the wrong hands can cause identity theft and can be used in various other ways to commit crime. The companies should monitor their employees, before hiring their employees and after hiring them. Employees should be given incentives and good salaries so that they resist the temptation to give away information to rival companies. Since it is a capitalistic system, competition will always remain, and companies will sink to unfair competition. Hence, unfair practices will always exist, and to minimize those companies should take all precautions necessary. As far as the laws concerning internet piracies go, not only in India, but the entire world needs better and more stringent laws that protect the copyright of intellectual property and stop the rampant copyright violation that has engulfed the whole world. Copyright laws need to be strengthened or else creativity will suffer since the artistes or investors will have no incentive. The music, film and publishing industry have all suffered heavily, to the tune of billions. India, also, needs more legislation, and most importantly of all, it needs to find ways to implement the existing laws, for example giving the police powers to search private places in case of suspicion of cyber crime. The definition of hacking needs to be modified and narrowed, since in the existing legislation the definition includes too many unnecessary acts. A lot of work regarding the use of biometric technology has to be done. The problem which the US face now (as has been discussed above) is the problem which is going to arise now, in India. Though biometric technology is definitely the way to go in view of the increased risk of terrorist attacks all around the globe, but there are serious issues of, not only violation of privacy, but also that of data theft, not only by criminals, but by the state itself Challenges of information technology to existing legal regime The impact of Internet on the existing legal regime can be well appreciated by the fact that the US Congress had introduced more than 50 bills pertaining to Internet and e- commerce, in the first three months of 1999 alone.[38] The issues, which need to be addressed urgently, are security of transactions, privacy, property, protection of children against an easy access to inappropriate content, jurisdiction, and validity of contracts, Procedural rules of evidence and other host of issues. Constitutional issues The issues raised by the advent of the Internet relevant to the constitutional lawyers are freedom of speech and privacy. The questions regarding the freedom of speech, which need to be answered, are: 1. Is publication, of information on the Internet equivalent to the speech and expression made by an ascertained person in real space within the political boundaries? 2. If it amounts to speech and expression should it be then regulated? 3. If it is to be regulated, should it enjoy the freedom available to press and thus subject to restrictions of article 19(2) or be treated as broadcast media, which is subject to governmental regulations? 4. Should we consider Internet a different media unparallel with the traditionally known and have to come up with different legal regime? In the developed world, a record bank is created in which individuals record image is stored. This record image is based on the information collected from different sources pertaining to an individual who remains unaware of the method, process and sources of record image[39].This record image has far reaching implications for an individual who may apply for insurance, medical care, credit and employment benefits.[40] The government also maintains electronic files, which contain sensitive information. This information is shared among the government agencies, private organisations and between the government and private sector, which in fact is facilitated by the technology itself. There is a possibility that the data collected from different sources to prepare a profile is outdated, inaccurate or out rightly false. Translating information to make it computer readable further compounds the problem. This increases the possibility of inaccuracies. Thus the objection is not that the inform ation has been collected with the knowledge of the concerned person, but the objection lies in the fact that an inaccurate information has been collected which will be repeatedly used to evaluate character, reputation, employment chances and credit worthiness of an individual who was not given chance to go through the information before it is finally stored, nor does he know the source where from the information has been collected. The Supreme Court of India has found article 21 flexible enough to encompass right to privacy within its fold. In Peoples Union for Civil Liberties v. Union of India[41] the apex court held the right to privacy a fundamental right. The apex court reminded that this right has its genesis in international instruments more particularly in articles 17[42]and 12[43] of the international Covenant on Civil and Political Rights, 1948, respectively to which India is a signatory and has to respect these instruments as they in no way infringe the domestic laws.[44] There are no two opinions about the fact that the Internet is going to be on central stage in future where an individual cannot be even in a take it or leave it situation. Its pervasiveness, speed and efficiency will provide little scope t
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.