Evolving Strategies for Enforcement of Cyberlaw

Evolving Strategies for Enforcement of Cyberlaw

EVOLVING STRATEGIES FOR ENFORCEMENT OF CYBERLAW Karnika Seth New Delhi, 31 Jan 2010 National Consultation Meeting on Cyberlaws CopyrightedSethAssociates,2010 1 What is the Cyberspace? William Gibson in 1980s wrote a science fiction named Neuromancer wherein computer hackers waged war against secure data. The setting had no physical existence and was named

Cyberspace by Gibson. Unique features - dynamic, borderless space, anonymity, speed, cost effective, marked with rapid technological advances 2 Regulating the Internet.. Proponents of Cyberlaws believe that ones activities on the Internet need regulation by framing laws and rules that govern our activities in the cyberspace. This branch of law

is termed as Cyberlaws European Union, USA, UNCITAL framed important laws to govern cyberspace UNCITRAL Model law of ecommerce 1996 EU data protection Directive DMCA Act 1998 in USA WIPO domain name dispute Resolution policy Critics who advocate no regulation or self regulation in the Virtual space believe that government should have minimum interference in regulating the cyberspace and its use of surveillance or censorship measures. John Perry Barlows Declaration of the Independence of the

cyberspace and David G. Post, The Unsettled Paradox: The Internet, the State, and the Consent of the Governed, 5 IND. J. GLOBAL LEGAL STUD. 521, 539 (1998) 3 Inherent challenges in framing Cyberlaws Some early adopters in the US and the West drafted their own legislations by either adapting their existing laws in the context of cyberspace or creating new laws in respect thereof. Determining jurisdiction and formation the e-contracts are two key issues on which traditional legal principles have been largely applied by Courts worldwide . For e.g . Longarm Statutes enacted in US and Minimum Contacts test. General consensus that in the e-world, electronic signatures and

electronic documents are equally legally valid as the hand-written signatures or hard copy paper documents. Model law on Electronic Commerce in 1996 promotes application of principle of functional equivalence India enacted its first law of IT through the IT Act, 2000 based on the principles elucidated in the UNCITRAL Model law of e-commerce. Extends to whole of India and also applies to any offence or contravention thereunder committed outside India by any person {section 1 (2)} read with Section 75 4 Tests to Determine Jurisdiction in Cyberspace Zippo sliding scale test (1) ( based on interactivity of a website), Effects test (2) based on where effects of an illegal act are felt), Targeting approach principles (3)( based on whether accused solicited business in a particular jurisdiction). (1) Zippo Manufacturer v Zippo Dot com 952 F. Supp. 1119 (D.C.W.D. Pa. 1997) (2) Calder v. Jones465 U.S. 783 (1984).

(3) People v. World Interactive Gaming714 N.Y.S. 2d 844 (N.Y.Sup. 1999), 1999 N.Y. Misc. LEXIS 425 (S.C. N.Y.1999) 5 No Homogenous Cyberlaw Nature of the internet- anonymity element coupled with no territorial borders and absence of uniform law poses a challenge to legislators and enforcement authorities A global consensus with respect to legal enforcement and internet censorship against certain offences such as-Child pornography, Cyberwarfare, threat to national security and cyberterrorism

Different countries differ in treatment of certain other serious issues such as Gambling, hatespeech, political propaganda, defamatory matter, pornography on internet These inturn may be protected by the Right to freedom of speech and expression 6 Challenges in the enforcement of Cyberlaws Challenge 1: Lack of awareness of the cyberlaws among general public Strategy 1: Educate the people about their rights and obligations in cyberspace and legal remedies in cyberspace law Over 80% of our population may not know what are Viruses, Trojans, Malware . 2008 Computer Crime and Security survey of the Computer Security Institute reports that when they were victims of cybercriminal offences, only 27% of organizations (both from the private and public sector) reported them to a law enforcement agency.

7 Cybercrimes defined Computer crime encompass a broad range of potentially illegal activities. It may be divided into one of two types of categories: (1) crimes that target computer networks or devices directly; (2) crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device 8 Types of Cyber crimes

Credit card frauds Cyber pornography Sale of illegal articles-narcotics, weapons, wildlife Online gambling Intellectual Property crimes- software piracy, copyright infringement, trademarks violations, theft of computer source code Email spoofing Forgery Defamation Cyber stalking (section 509 IPC) Phising Cyber terrorism E-mail bombing datadiddling Crime against Government Crime against property

Crime against persons 9 Levels of cyber threats and vulnerabilities Individual sector society State level Global 10 Types of cybercrimes Cyber crimes Web jacking Hacking Information

Theft E-mail bombing Salami attacks Denial of Service attacks Trojan attacks 11 Emerging Cyber threatsGeorgia Tech Information Security Centre- Reports for 2008 Web 2.0 client side attacks Targetted messaging attacks Botnets Threats targeting mobile convergence Threats to RFID

12 Cyber threats in 2009 and Beyond Report of Georgia Tech Information Security Center (GTISC) Malware Data thefts Cyber warfare Botnets Threats to VOIP and mobile convergence 13 Source: Government Accountability Office (GAO), Department of Homeland Security's (DHS's) Role in Critical Infrastructure Protection (CIP) Cybersecurity, GAO-05-434 (Washington, D.C.: May, 2005). Cyber threat groups

Bot network operators Spyware authors Foreign intelligence Insiders Phishers spammers 14 Cybercrimes under IT Act,2000 Tampering with computer source documentSection 65

Computer related offences mens rea+ section 43 Section 66 Sending offensive messages Violation of Cyber terrorism Publishing obscene material Section 67 Privacy Section 66 E

Secure access to protected system Section 70 Section 66 F Penalty for misreprese ntation Section 71 Section 66A Breach of confidential ity/in breach of contract Section 72& 72 A

Receiving stolen computer resource Section 66 B Identity Publishing sexually explicit act Section 67A Child pornograph y Publishing electronic sig certificate falseSection 73

Publishing electronic signature for fraudulent purposeSection 74 theft Section 66C Section 67 B Cheating by impersonati on Section 66D Preservatio n of information by intermediar

y Section 67C Some of crimes covered by IPC such as Sec 463, 470, 471 IPC -forgery of electronic records 15 Some cyber offences dealt with under IPC Criminal breach of trust/Fraud- Sec. 405,406,408,409 IPC Destruction of electronic evidence-Sec.204 IPC False evidence-Sec.193 IPC Offences by or against public servantSec.167,172,173,175 IPC 16

Indian cyber cases Andhra Pradesh Tax Case In the explanation of the Rs. 22 Crore which was recovered from the house of the owner of a plastic firm by the sleuths of vigilance department, the accused person submitted 6000 vouchers to legitimize the amount recovered, but after careful scrutiny of vouchers and contents of his computers it revealed that all of them were made after the raids were conducted . All vouchers were fake computerized vouchers. First Cyberstalking Case Ritu Kohli (first lady to register the cyber stalking case) is a victim of cyber-stalking. A friend of her husband gave her phone number and name on a chat site for immoral purposes. A computer expert, Kohli was able to trace the culprit. Now, the latter is being tried for "outraging the modesty of a woman", under Section 509 of IPC. 17 Cyber cases

Cyber defamation SMC Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra : Indias first case of cyber defamation was reported when a companys employee (defendant) started sending derogatory, defamatory and obscene e-mails about its Managing Director. The emails were anonymous and frequent, and were sent to many of their business associates to tarnish the image and goodwill of the plaintiff company. The plaintiff was able to identify the defendant with the help of a private computer expert and moved the Delhi High Court. The court granted an ad-interim injunction and restrained the employee from sending, publishing and transmitting e-mails, which are defamatory or derogatory to the plaintiffs. Moneylaundering Cyber lotto case: In Andhra Pradesh one Kola Mohan created a website and an email address on the Internet with the address '[email protected]' which shows his own name as beneficiary of 12.5 million pound in Euro lottery. After getting confirmation with the email address a telgu newspaper published this as news. He gathered huge sums from the public as well as from some banks. The fraud came to light only when a cheque amounting Rs 1.73 million discounted by him with Andhra bank got dishonored. 18 Strategy 1-Spreading public awareness on

Cyberlaws Spreading awareness of simple best practices on the internet can effectively assist in reducing the number of cybercrimes installation of antiviruses (i.e McAfee, Norton), installation of firewalls, practicing safe shopping and clicking, avoiding disclosure of sensitive information , system updations and strong passwords 19

Strategy 1-Spreading awareness on Cyberlaws Informing people about legal enforcement procedure and infrastructure in place in their countries to report the cybercrimes and effectively prosecute cybercrime cases. Awareness through professional courses, organizing seminars, workshops global, national , and state level Through print and electronic media, mass campaigns Involvement of Industry specialists, cyberlawyers, forensic experts and industry associations like Nasscom 20 Challenge 2: Our law enforcement officials lack proper training in cyberlaws

Strategy 2: Adequate training to law enforcement officials must be imparted Specialized workshops for law enforcement officers International seminars with involvement of international organizations National & State level Seminars & workshops Police officers require technical training in forensic science to collect, store and preserve electronic evidence Peculiarities of cybercrime investigation need to be discussed & emphasised 21 Challenge 3: Anonymity on the internet poses serious issues in tracing cybercriminals Challenge 3: Anonymity on the internet poses serious issues in tracing cybercriminals as tracing an IP address can be complicated due to use

of proxy servers and other spoofing tools. Strategy 3: It is recommended that adequate manpower and resources are dedicated to developing & promoting technologically sound applications to trace IPs and imparting of forensic science education Use of spoofing and proxy IPs,Freegate, ultrasurf Wifi thefts-Mumbai terrorist attack through hacked wifi system Fast flux Onionrouting Golden Shield Project (a national Internet control and censorship project [1], sometimes referred to as The Great Firewall of China [1] http://en.wikipedia.org/wiki/Golden_Shield_Project 22 Strategy 3- Imparting forensic science education education in cyberforensics is equally essential for collection , storage, and preservation of digital evidence to define, design, produce, and implement efficient security tools and measures of protection support availability, integrity and confidentiality of ICT infrastructures

Security Technologies should be Cost effective; User friendly; Transparent; Auditable; and Third party controllable. 23 Challenge 4: lack of adequate legal provisions to maintain internet usage files and records Strategy 4 : Enacting Stricter laws on maintaining logs and Registers for internet usage The IP can be traced by checking the logs derived from the Internet Service provider . the access to the user details may be denied by Internet Service Provider on jurisdictional grounds or its logs may have simply expired or overwritten. The police may need to secure appropriate legal orders in each jurisdiction where a relevant carrier or ISP is located.

Sometimes no logs are maintained for reasonable duration of time by companies Also the cybercafs may not maintain the required Registers for recording personal details of its customers 24 Strategy 4 : Enacting Stricter laws on maintaining logs and Registers for internet usage Adequate legal mechanisms will need to be developed to tackle these intricate issues. At present only Police orders mandate in India that Cybercafes should maintain in a Register the personal details and identity proof of its internet users. inspections by Police are made to effectively check enforcement of this law Further under Section 79 of the IT Act ,2000 no guidelines exist for ISPs to mandatorily store and preserve logs for a reasonable period 25 Challenge 5: Electronic data is sensitive and can be

easily tampered or destroyed. Strategy 5: Providing cyber forensic science education to law enforcement personnel will assist in protecting sensitive eevidence admissible in court of law Digital photographs are an example of digital information that can be altered in ways that may be difficult to detect. Cyber-specific equivalents of traditional investigation measures includeexpedited preservation of stored computer and also traffic data, the so-called quick freeze procedure to ensure that cybercrime investigations do not fail simply because data were deleted during the (often lengthy and complex) investigation process, search and seizure of stored computer and also traffic data, and real-time collection of traffic data and interception of content data

26 Challenge 6: Law enforcement agencies often find it difficult to keep abreast of the dynamic technical knowhow & tools Strategy 6: Effective Public Private Partnership is recommended to circumvent this problem. The sheer volume of todays internet communication makes it an impossible task for state authorities with limited resources to check the web. normal police and prosecution authorities often lack the technological experience and capacity to investigate and prosecute efficiently State authorities and private companies carry out threat assessments, establish prevention programs and develop technical solutions. 27 Strategy 6: public-private partnerships against cybercrime

operational cooperation in specific cases, blocking of websites containing illegal content such as child pornography or hate speech, private self-regulation through codes of conduct, sharing of necessary and relevant information across the private and public sector, setting up networks of contact points in both the private and the public sector. 28 Strategy 6: public-private partnerships against cybercrime

Mikado operation which took place in Germany in 2006: In 2004, a German TV station had identified a website offering the download of child pornography following payment of 79,99 US$ through an internet credit card transaction into a specific account. A public prosecutor asked 22 German credit card firms to scan all their clients credit card transactions from 2004 and identify those clients who had transferred 79,99 US-$ into the specific account. The credit card firms cooperated on a voluntary basis, and billions of credit card transactions by millions of credit card holders were checked without their consent. 322 persons were identified who had transferred the exact amount into the specific account. 29 Examples of public-private partnership against cybercrime

NCFTA is an alliance between the FBI, US Postal Inspection Service and private industry. Digital PhishNet: public-private cooperation to drive enforcement against phishing websites hosted by NCFTA Signal-Spam was initiated as a public-private organization to identify spammers for enforcement cases London Action Plan, a cooperation between industry and Telecom and Consumer Public Authorities to fight spam European Financial Coalition is a cooperation between law enforcement and IT and financial industry to fight child exploitation 30 Challenge 7: - Institutionalizing the contact points for reporting cybercrimes that affect National sovereignty is absent or weak in many countries.

Challenge 7: - Institutionalizing the contact points for reporting cybercrimes that affect National sovereignty and public good and safeguard Critical Information Infrastructure of a country is absent or weak in many countries. Statutorily recognized accreditation agencies are also absent in few countries Strategy 7: Computer Emergency Response team to be strengthened technically and by infrastructure to aptly serve as national agency for incident response. Establishing statutorily recognised accreditation agencies, creating certification policies, office of Controller of Certifying authority and other security measures will be indispensable in securing the online environment. In many countries such agency is either not statutorily institutionalized or is not well equipped financially, technically, to meet the challenges in cyberspace. Their liaison with the international FIRST (Forum of Incident, Response and Security Teams) community is essential 31 CERT s multiple roles

32 Challenge 8: The Corporate world is not seriously paying the deserved attention to adopting strong ICT culture and best practices Strategy 8: At a corporate level, bringing ICT policy into action is important for enhancing information security practices India inserted Section 43A in the IT Act,2000 whereby any corporate entity that deals in or possesses sensitive personal data or information in a computer resource it owns,controls or operates and is negligent in implementing reasonable security practices that causes wrongful loss or gain to a person , such corporate entity shall be liable to pay damages to the person so affected it is imperative to clearly form the security standards which professional/industry Association can assist in framing or to

develop a law that seeks to achieve the data security objective. 33 Integrated Privacy and Security management for Corporates Adjustments to the security program Annual reviews and audits Monitoring of compliance and enforcement Tools implementation Training Design the policy & tools Forming policy objectives Risk assessment 34 Challenge 9: There are heterogeneous laws and no universal cyberlaw.

Strategy 9: Unification of Cyberlaw through multilateral treaties and other international initiatives Solving the problem of transnationality and involvement of multiple jurisdictions involves A Convention or a Protocol on the United Nations level on cybersecurity and cybercrime should be a global proposal for the present times. multilateral treaties establishing which jurisdiction to apply defining the ensuing legal procedure efficient international cooperation regime and procedures. Serious crimes in cyberspace should be established and

punishable under international law, whether or not they are punishable under national law. Or model prescription by independent cyber experts from across the globe Or self help approach would call on States to undertake efforts at updating their cyberlaws suo moto 35 Strategy 9-International initiatives to harmonize cyberlaws Organization for Economic Co-operation and Development (OECD) first studied the legal issues raised by cybercrime in 1983. In 1997, the G8 instigated the creation of a Contact Points Network, meant to become the reference directory for international cooperation actions on cybercrime. ICT Task Force of the United Nations is preparing draft

proposals for a Law of Cyberspace UN Convention against Transnational Organised Crime,2000 ITU launched in May 2007 the Global Cybercrime Agenda (GCA) for a framework where the international response to growing challenges to cybersecurity could be coordinated. Legal measures, Technical and procedural measures, Organizational structures, Capacity building, and International cooperation. 36 Strategy 9-International initiatives to harmonize cyberlaws Convention on Cybercrime,2001 is an international treaty initially drafted by the Council of Europe (CoE), with the addition of the USA, Canada and Japan through harmonization of cybercriminal offences qualification amongst the legal systems of member states, Provision for laws empowering law enforcement or/and prosecutors with cybercrime investigation capabilities in each member state and provisions for laws and procedures enabling international cooperation amongst member States India has not so far ratified the Convention

37 Challenge 10- Creating cyberlaw does not equate with No cybercrimes Strategy 10: Attention to Sociological aspect is recommended as role of a strong political and governance will cannot be undermined. In Finance Criminelle Marie-Christine Dupuis-Danon notes that for the sociologist and the criminologist alike, it is not because there is a law against corruption that corruption disappears[1] Example-The GAFI issued its famous list of Non-Cooperative Countries or Territories (commonly referred to as the GAFI Blacklist) featuring 23 countries A case in point-Romania [1] Dupuis-Danon, M.-C. Finance Criminelle. 38

Points of caution Point 1- Internet Censorship may transgress globally acceptable parameters. Technology may be misused for bringing out or shielding/blocking political debate and freedom of opinion, and to reinforce authoritarian or repressive governments. enemies of the Internet (at the time of writing: Burma, China, Cuba, Egypt, Iran, NorthKorea, Saudi Arabia, Syria, Tunisia, Turkmenistan, Uzbekistan and Vietnam) based on their use of censorship on the Internet. Could infringe freedom of right to receive free flow of information-Article 19-UN Declaration of Human Rights 39 Caution 2: Internet Surveillance without technical or institutional restraint may infringe ones Right to Privacy The new Internet filtering techniques allow for unlimited

screening and are employed by governments without any technical or institutional restraint. Most prominent has been the OpenNet Initiative (ONI), a collaborative partnership between three leading academic institutions Magic Lantern Trojan horse project, initiated on occurrence of the 9/11 events in the USAFBI uses a light monitoring tool called CIPAV In 2007, the German federal police came up with their own Bundestrojaner (federal trojan) project, but faced mitigation by the Federal Constitutional Court: the latter stated in February 2008 that trojanizing a suspects computer was constitutionally permissible only if actual evidence of a concrete danger existed, and that it was to be conducted only under judicial authorization (i.e. requiring a warrant) 40 Conclusion Effective Legal enforcement of Cyberlaws requires a multipronged approach. No one strategy by itself is self sufficient or mutually exclusive Key Initiatives for implementation

Spreading greater Public awareness on the subject & training to law enforcement personnel Plug out the loopholes in the laws and procedures Private public partnership to combat cybercrimes Global initiatives to enforce cyberlaws through drafting Model Conventions & treaties 41 Thank you! SETH ASSOCIATES ADVOCATES AND LEGAL CONSULTANTS New Delhi Law Office: C-1/16, Daryaganj, New Delhi-110002, India Tel:+91 (11) 65352272, +91 9868119137 Corporate Law Office: B-10, Sector 40, NOIDA-201301, N.C.R ,India Tel: +91 (120) 4352846, +91 9810155766 Fax: +91 (120) 4331304 E-mail: [email protected] 42

Recently Viewed Presentations

  • Main Topic

    Main Topic

    CASE_NOT_FOUND. ORA-06592. Exception raised when no any choice case found in CASE statement as well as no ELSE clause in CASE statement.
  • Upper Extremity H&P: Shoulder Exam

    Upper Extremity H&P: Shoulder Exam

    Neer's Test. Hawkin's Test. Other Special Tests. Speed's Test. O'Brien's Test. Shoulder Apprehension Test. AC Injury: Cross-Arm Test. Pull arm across body (thereby compressing the AC joint) look for pain at the AC joint not just general shoulder pain.
  • Howard Gardner's Multiple Intelligences in the Classroom

    Howard Gardner's Multiple Intelligences in the Classroom

    Howard Gardner's Multiple Intelligences and engagement. Born July 11, 1943 in Scranton, Pennsylvania ... Symbol System. criteria of an Intelligence. Musical. Visual-Spatial. ... Activities: Music Composition, Percussion, Humming, Environmental Sounds, Singing, Tonal Patterns, Music Performance ...
  • al Waves and Boson Stefan Frauendorf densation in

    al Waves and Boson Stefan Frauendorf densation in

    Classical Quadrupole Surface Vibration Yrast line of 5D-harmonic oscillator Generation of angular momentum Quadrupole waves: Theoretical method g-factors High-spin waves Octupole deformation Rotation induced condensation of octupole phonons Dipole transitions Nuclides in mass 230 region Boson condensation Condensation of non-rotating...
  • Elektronska pošta (e-mail)

    Elektronska pošta (e-mail)

    Gmail Gmail je popularni besplatni servis za elektronsku poštu, čiji je vlasnik kompanija Google. Pored drugih prednosti Gmail svojim klijentima trenutno nudi veličinu poštanskog sandučeta od 7495MB na svom serveru, što je više nego dovoljno da ga ne možemo tako...
  • MESOPOTAMIA Early life  Dress  Houses  Roles (Men and

    MESOPOTAMIA Early life Dress Houses Roles (Men and

    The Statue of Zeus at Olympia Alexander the Great conquered many places, including the Mediterranean Island of Rhodes, which was part of ancient Greece. Alexander died quite young from an insect bite around 300 BCE.
  • Presentación de PowerPoint

    Presentación de PowerPoint

    CASE RESOLVING By Naiara Arriola & Irati Basoredo [email protected] [email protected] University of Deusto General Problems of Transnational Law
  • Financial Seminar For Nurses - Home | myPBA

    Financial Seminar For Nurses - Home | myPBA

    Financial Seminar For Nurses ... Simple, Keogh IRA and 401(k), 403(b) Contributions reduce your income tax this year Money grows tax free Taxed when you withdraw money Can start withdrawing at age 59.5 Must start withdrawing at age 70 Tax...