Cyber Laws for CxO, an e News letter from Naavi, April 2010

We intend using this section of the news letter to answer the Cyber Law related queries raised by our readers. This being an inaugural issue, we don’t have any questions to be answered.

We hope that this would be one of the most vibrant sections of this news letter which may generate illuminating debates which would be of use to one and all.

We appreciate if queries are raised by persons indicating their Name, Occupation and Contact details. We however don’t want to restrain the readers from raising questions without revealing their identity. Such readers may therefore send the questions as “Anonymous” in which case even their e-mail ID would not be provided on the news letter.

All questions may however be sent by e-mail to naavi@in.com by e-mail with the subject line containing “Cyber Laws for CxOs”.

“Cyber Terrorism is any premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents."

"A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to particular political, social or ideological agenda"

These definitions essentially mean that “Terrorism committed with the use of Cyber Tools is recognized as Cyber Terrorism”. This definition is however dependent on the damage to the physical society and does not fully address the instances where the damage is restricted to the Cyber Space. We may however extend the definition to Cyber Space attacks since they anyway create uncertainty in the given population.

The Indian Legal definition is contained in the 2008 version of Information Technology Act 2000 which is analyzed in greater detail elsewhere in this news letter. Under Section 66F of the amended Act, destruction of property is covered as one of the requirements for constituting an offence as “Cyber Terrorism” and this may include “Cyber Property”. A few other conditions are also to be fulfilled for a “Cyber Crime” to be escalated as “Cyber Terrorism”.

Cyber Crimes are committed for individual gains. Cyber Terrorism is committed for a cause. However, since Cyber terrorism includes rising of funds and also destabilizing of the normal activities of the society, Cyber Terrorists look at “Cyber Crimes” as helping in their cause. Hence Cyber Terrorists encourage Cyber Crimes. They also try to harness the proceeds of Cyber Crimes to fund the terrorist activities. Hence Cyber terrorists try to establish, maintain and develop an underground economy for Cyber Crimes.

A large part of “Phishing Frauds” raise funds which eventually reach terrorist organizations. To proliferate Phishing, Cyber Terrorists need to maintain the support infrastructure which includes spamming, rogue ISPs etc. Cyber Terrorists may also indulge in “Cyber Extortionist” activities by exploiting the security vulnerabilities in organizations.

A Government Website is hacked and defaced. It carries some messages promoting terrorist cause. Is it Cyber Terrorism?

This has created “damage” to Government property through unauthorized access. If the message displayed can be called as promoting enmity, spreading disharmony etc, the act can be considered as Cyber Terrorism.

I have received a mail stating that “Bombs will be placed in a few Government Offices and set to explode some time next week”. Is it Cyber Terrorism?

It is a threat likely to cause physical damage and loss of life. It would create terror in a section of the society. Hence it may be covered under Cyber Terrorism

A Hacker obtains the e-mail addresses of several Government functionaries including those working in the defense department. Is it Cyber Terrorisim?

Could be. Since the information can be further used to access classified information and used against the interest of the sovereignty and integrity of the nation.

I have received a mail stating that the popular Chief Minister who died in a Helocopter crash was actually murdered by some religious fanatics who created a malfunction in the helicopter deliberately. The message has been sent to many and riots have started in the street. Is it Cyber Terrorism?

Spreading rumours which are likely to cause unrest and incites commission of offences, damages public order could qualify as Cyber Terrorism under Section 66F of ITA 2008

A suspected Naxal sympathizer sends an SMS message to a State Government that if all trains to the Capital city should be stopped ..Otherwise they will be blasted. Is it Cyber Terrorism?

Yes. Cyber Terrorism is also recognized when internal disturbances are caused by the residents or citizens of the country. Even Naxal activities in Cyber Space may come under Section 66F of ITA 2008

One of the main objectives of starting this e-News letter was to disseminate Cyber Law information to the Corporate sector. In order to sustain a momentum for this news letter, it is very important that Readers should raise their doubts on various relevant issues. I am therefore looking forward to such questions flowing in from all of you.

I do appreciate that the mailing list of this newsletter consists of many persons in Government, Banks, and Companies and perhaps even in Police and Judiciary. Some of them may be not comfortable to reveal their identity. We however assure you that unless the readers want, we would not publish their names or even the e-mail address.

We have picked one such question here from a reader sent as “Anonymous” and others may also send their queries similarly. We recognize our responsibility as a “Journal” and ensure that the identity of the person would not be revealed.

Naavi

I just wanted to know details regarding 'deletion of an e-mail without authorized access to the system by a third party, with regards to cyber law and Information technology Act 2008... Anonymous

ANSWER: This offence attracts multiple sections of ITA 2008. “Unauthorized Access” invokes Section 66 along with the civil provisions of Section 43.

“Deletion” also attracts Section 66 and Section 43.

It may be necessary to prove that the deletion was done with intention to create a wrongful harm to any person.

The punishment is a possible imprisonment of upto 3 years. If any financial loss is suffered, damages may be claimed to the extent of the loss and related costs.

The complaint for claiming damages should be made to the Adjudication officer of the relevant State upto a damage claim of Rs 5 crores.

The difficult part is to gather necessary evidence which may be possible only of a complaint is filed with the Police and they initiate investigation.

If the victim remains silent when such an offence has been committed, it may harm his interests when he wants to take action against the same person for a similar act on a later day.

It is therefore recommended that the victim files a complaint and registers an FIR even if the chances of a successful investigation are not bright.

P.S: Views expressed here may be considered as suggestive and other experts may have differing opinions. Answers given here are for academic clarification and debate and do not constitute legal advice.