9 Media and Information Ethics: Cyber laws and Ethics

Vikram Aditya Narayan

 

1.    Introduction

 

The advancements in technology have given rise to a prominent “cyber-space” where people interact through text, audio, images and videos. While the Internet developed substantially during the cold war years as a method to safely transmit information, today it has become much more. In 1996, the United Nations Commission on International Trade Law adopted the Model Law on Electronic Commerce (the “Model Law”). The Model Law took note of the increasing number of transactions in international trade being carried out by means of interchanging of electronic data and the General Assembly of the United Nations in its 85th plenary meeting (vide Resolution 51/162, 1996) recommended that all States give favourable consideration to the Model Law.

 

In furtherance thereof, the Indian Parliament enacted the Information Technology Act, 2000 (the “IT Act”), which came into force on 17th October, 2000. As per its Preamble, the Act is to provide legal recognition for transactions carried out through electronic communications, commonly referred to as “electronic commerce”, using alternatives to paper-based methods of communication. Interestingly, the Preamble further states that it is considered necessary to “promote efficient delivery of Government services by means of reliable electronic records”, thus making it clear that the IT Act was meant to facilitate “e-Governance.”

 

As with any other field, the increased human activity in cyber-space has resulted in a simultaneous increase in criminal offences being performed in cyber-space, even, with cyber-space being the target at times. Pertinently, in the recent case of Shreya Singhal v. Union of India, the Supreme Court of India upheld the argument that there is an intelligible differentia between the Internet and other mediums of communication, in that something posted on the Internet can reach millions of persons all over the world within seconds. Naturally, this is a major challenge for law enforcement agencies of the day, which, in many cases, are governed by out-dated statutes forcing them to adhere to extremely rigid procedures. These offences include infringements to intellectual property rights that have the potential to result in losses of great value over the Internet.

 

This module aims to cover all these aspects of the laws related to cyber-space in India, commonly referred to as “cyber laws”. Coextensive with these laws is the notion that the cyber-space, much like the physical world, is a place requiring ethical behaviour for its smooth functioning. This module also deals with this issue of ethics; what are these ethics and how are they to be imparted?

 

2.The Information Technology Act, 2000 and the 2008 Amendment

 

Among other things, the IT Act was introduced to amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872, the Banker’s Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934 in such a manner that the said acts may effectively govern cyber-space. The Act consists of 13 Chapters having a total of 90 Sections, which deal with offences and contraventions in broad terms. It lays down the regulatory mechanisms for the Certifying authorities, penalty provisions, and the procedures for investigation, adjudication and appeal. It may be noted that a contravention of the IT Act may result in the attraction of civil and/or criminal liability.

 

Soon after the IT Act was enacted, demands for a detailed amendment were made by various major industry bodies. This resulted in the passing of the Amendment Act of 2008, which, inter alia, defined communication devices, cyber cafés, digital signatures (making it technology neutral) and reasonable security practices to be followed by Companies. The said amendment also laid emphasis on data privacy, the role of intermediaries, the role of the Indian Computer Emergency Response Team (“INCERT”) and included new offences like child pornography and cyber terrorism.

 

2.1. Definitions

 

Section 2 of the IT Act contains definitions of certain important phrases. Some important definitions are given below:

 

Section 2(ha) – “Communication device” means cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text, audio or image.

 

Section 2(i) – “Computer” means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.

 

Section 2(j) – “Computer network” means the inter-connection of one or more computers or computer systems or communication device through-

 

(i)      the use of satellite, microwave, terrestrial line, wire, wireless or other communication media; and

 

(ii)    terminals or a complex consisting of two or more inter-connected computers or communication device whether or not the inter-connection is continuously maintained.

 

Section 2(l) – “Computer system” means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data, and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions.

 

Section 2(nb) – “Cyber security” means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.

 

Section 2(o) – “Data” means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

 

Section 2(t) – “Electronic record” means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.

 

The IT Act also defined “digital signature” as authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with Section 3. Finding the definition of digital signature to be too narrow, the IT Amendment Act of 2008 included the definition of “electronic signature” by inserting Section 3A.

 

2.2. Jurisdiction under the Act

 

Typically, there are two kinds of jurisdiction; pecuniary and territorial. While pecuniary jurisdiction pertains to the courts power to hear a dispute of a certain value, territorial jurisdiction refers to the power of the court to hear disputes based on the geographical location of the dispute. An important reason for jurisdiction to be dispersed on the basis of territory is the understanding that the court closest to the cause of action would be best suited direct enforcement of the law. This becomes tricky in cyber-space, as the conventional understanding of territory does not apply. Often the place where the victim of the crime is harmed by the commission of the crime will be different from the place of the offender, which may still be different from the place from where the medium/server is maintained.

 

Section 1(2) of the IT Act states that it shall extend to the whole of India and that it would also apply to any offence or contravention committed outside India by any person, except where otherwise provided under the Act. This provision regarding extra-territorial application of the Act is made clearer when read with Section 75 of the IT Act which specifically provides that, regardless of the nationality of a person committing an offence, the IT Act would also apply to offences committed outside India if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.

 

2.3. Electronic Agreements

 

With the rise of the Internet, online transactions (e-commerce) have assumed great significance. The occurrence of transactions in cyber-space has altered the traditional notions of offer, acceptance and agreement to transact, in that all this can now happen in a much simpler fashion. The law pertaining to offer and acceptance as it takes place over the Internet is laid down under Section 12 and 13 of the IT Act that talk about ‘acknowledgement of receipt’ and ‘time and place of dispatch and receipt of electronic record’ respectively. E-Commerce include Business to Business (B2B), Business to Consumer (B2C) and Customer to Customer (C2C) agreements that use various new methods of transacting, like e-banking and electronic signatures.

Digital and electronic signatures as modes of authentication have already been discussed above. Section 2(ta) of the IT Act provides that electronic signatures include digital signatures. Pertinently, Section 5 deals with legal recognition of such signatures, and provides that authentication by signature may also be done through a digital signature “affixed in such manner as may be prescribed by the Central Government.” As stated in the Preamble to the IT Act, the Act also amends the Indian Evidence Act to provide for the presumption that electronic records and signatures are not altered once they have obtained secure status.

 

One of the most important issues that arise in any form of agreement is that of security, and this is especially so for online transactions where it is difficult to verify the existence/competency of the party transacting over the Internet. Sections 14, 15, 16 & 17 of the IT Act deal with the aspects of security in online transactions. Pertinently, Section 16 states that the Central Government shall prescribe the security procedure for transactions for the purposes of the Act.

 

2.4. Cybercrimes

 

There is no singular or exhaustive definition of “cybercrimes”, and the types of crimes perpetuated under the head of cybercrimes is increasing each day, with further advancements in technology. It is believed that “any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of a cybercrime” (Arora, 2008) According to Susan Brenner (2010), cybercrime is merely the result of exploiting new technologies to commit old crimes in new ways, rather than a completely novel phenomenon. It is generally understood that cybercrimes can be categorized broadly into three categories (Seth, 2010):

 

a)      Cybercrimes against the Government (eg: cyber terrorism);

b)      Cybercrimes against persons (eg: cyber pornography, cyber stalking or cyber defamation); and

c)       Cybercrimes against property (eg: online gambling, IPR infringement, phishing and credit card fraud)

 

Chapter 9 of the IT Act deals with “Penalties, Compensation and Adjudication”, and consists of Sections 43 to 47.   Section 43 of the IT Act provides for penalty and compensation for damage to computer, computer system, etc. The explanation to the provision clarifies that “damage” means to destroy, alter, delete, add, modify or rearrange any computer resource by any means. Sub-sections (a) to (j) cover an array of acts committing without permission of the owner or any other person in charge of a computer, computer system or computer network. These varied offences are explained in Table A given below.

 

Suspicion regarding commission of any of the offences covered under Section 43 would attract civil prosecution, and a person found guilty of contravening any of the sub-sections would be liable to pay damages by way of compensation not exceeding five crore rupees to the person adversely affected. Section 46 & 47 of the IT Act lay down the power of the adjudicating officers appointed by the Central Government to adjudicate offences under Chapter 9, and the manner in which adjudication is to be done. Sections 48 to 61 of the Act concern the powers and functions of the Cyber Appellate Tribunal.

 

Sections 65 to 67 of the IT Act list the punishments for various kinds of cybercrime, the commission of which result in criminal prosecution. Details of these provisions of the IT Act are given in Table B given below:

 

In addition to the above, Sections 70-74 lay down the punishments for certain other cybercrimes including
misrepresentation, breach of confidentiality and privacy, disclosure of information in breach of lawful contract
and publishing fake Electronic Signature Certificates.

 

2.5. The IT Act & Article 19(1)(a) of the Constitution

 

Section 66A of the IT Act, which was introduced by the 2008 amendment, was modelled along the lines of Section 127 of the Telecommunication Act, 2003, prevalent in the United Kingdom. The provision criminalised the sending, by means of a computer resource or a communication device any information that is grossly offensive or has menacing character or any information which the sender knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will. Commission of offences covered under this provision, including the act of cyber stalking, was to attract a punishment of 2-3 years imprisonment and fine. However, recently in the landmark case of Shreya Singhal v. Union of India 2015 SCC OnLine SC 248 the Supreme Court of India declared this provision to be unconstitutional for violating Article 19(1)(a) of the Constitution, which provided the fundamental right to freedom of speech and expression.

 

The judgment also dealt with Section 79A of the IT Act and the Intermediary Rules of 2011 notified under Section 87(2)(g). Together, the Act and Rules placed upon intermediaries the difficult task of exercising due diligence while discharging their functions and screening all content posted online. As per Section 79(3)(b) and Rule 3(4), the intermediary was given the responsibility of determining whether content violated other provisions of the IT Act, and, if it found that such a violation had been committed, the intermediary was required to remove or disable access to such content within 36 hours! Holding that this would not be possible or desirable given the volume of content and complex legal questions involved, the Shreya Singhal judgment read down these two provisions to mean that an intermediary is obligated to remove or disable access to such content only after receiving actual knowledge that a court order had been issued directing it to do so.

 

3. National e-Governance Plan

 

With the exponential growth of cyber-space with each passing day, the potential use of the Internet is growing manifold. This has been recognised by the Government of India, with it rolling out the National e-Governance Plan, as formulated by the Department of Electronics and Information Technology (DEITY) and the Department of Administrative Reforms and Public Grievances (DARPG), in 2006. The stated objective of this plan is to improve delivery of Government services to citizens and businesses, thus moving beyond the B2B, B2C and C2C agreements discussed under ‘Electronic Agreements’. Implementation of the e-Governance is a highly complex process requiring provisioning of hardware & software, networking, process re-engineering and change management. The Government’s focus on the Internet as a medium of development is a testament to the power vested in cyber-space. However, for such a plan to function smoothly, it is crucial that cyber laws are up to date and regulatory authorities are appropriately empowered to check misuse.

 

4.    Ethics of the Cyber-space

 

Ethics are taught and learnt through a variety of institutions – familial, religious, educational, etc. While questions of what is right and wrong have in the physical domain been explored for centuries, the answers to these questions are still not universally agreed on insofar as the virtual world is concerned. Many scholars have argued that students in particular find it difficult to identify wrong from right in the virtual world (Baum, 2008). This has been partly attributed to the human tendency to treat one’s actions in the intangible, virtual world of technologies as less serious than actions in the real world.

 

Cyber ethics are really nothing more than a code of ethics for the Internet. It includes a variety of rules including that:

 

a)      people should not post offensive material towards others;

b)      people must respect the privacy of another person’s online account on any forum just the way we respect others’ physical properties;

c)       people should not share their personal or financial details on a public forum, unless they have thoroughly verified that such details shall be used for the purposes for which they have authorised their use;

d)      people should not impersonate others;

e)      copyrighted information shall not be misused, and generally that information discovered online should be used solely for legal purposes;

 

This is not an exhaustive list, but is merely indicative of the kind of rules that must be inculcated for the Internet to become a reflection of our civil society.

 

5. Criticism of the Existing Legal Framework

 

One major point of criticism often raised against the IT Act is that cyber stalking and cyber harassment have not been specifically defined under it. Although the Indian penal statutes, when read together, do provide a legal framework under which it is possible to catch certain cyber criminals, it may be seen that none of the concerned enactments deal with cybercrimes in totality. Different standards of culpability arise under different statutes and there is often confusion over which statute would even be applicable to a given case. Thus, it has been argued that India should enact an exhaustive Code (Malgi, 2012) that would take into account all the aspects of the law relating to the Internet, including issues like privacy, data protection, defamation, etc.

 

Another point of criticism of the cyber laws in India is that of jurisdiction. This module has already discussed the complexities arising from acts committed in the virtual world. However, even with Section 75 of the IT Act declaring it to be applicable extra-territorially, victims of cybercrimes in India have had difficulties in registering FIRs for the crimes committed because of the jurisdictional issues involved. As suggested in the Draft Explanatory Memorandum to the Draft Convention on Cybercrime (Council of Europe, 2001), one solution to this would be to broaden the territorial notion of jurisdiction to prosecute so that it allows the nation to prosecute whenever the offender’s conduct occurred in whole or in part in the prosecuting nation’s territory. This problem could have even been met if the IT Act dealt with international cooperation on these issues and if the Government were to sign Extradition Treaties that favoured extradition in cases involving the commission of cybercrimes. In any case, training should be imparted to the law enforcement agencies to be sensitive to the difficulty of pinning territorial jurisdiction of seemingly geography-agnostic cybercrimes to one place.

 

6. Summary

 

This module highlights the importance of cyber-space and the need for it to be well regulated. One of the most important aspects of the IT Act is that it provides the legal structure for e-commerce to flourish in India. The abilities of parties to enter into contracts online has diminished transactions costs otherwise involved in signing of contracts and has presented the commercial world with unmatched potential for growth. However, equally important is that the Internet is not misused for the perpetration of crimes, commonly referred to as cybercrimes. The IT Act contains detailed provisions for the prosecution and punishment of persons who commit cyber offenses, and also amends various penal laws to facilitate the same. It also provides for compensation and other remedies to victims of cybercrimes and other forms of abuse faced over the Internet.

 

Meanwhile cyber ethics has developed as a branch of ethics to cover cyber-space, highlighting the need for codes that check human behaviour. While the distinctions between the physical world and the virtual world continue to be a matter of debate, the notion that respect for others’ private space on the Internet is a must is gaining popularity world over. The jurisprudence of laws relating to cyber-space in India is still in its nascent stage, but India is making valiant attempts to keep abreast with the technological developments taking place across the globe. To conclude, it may be stated that cyber laws in India will only truly be effective when they are able to constantly adjust to the new forms in which problems arise over the Internet. For this, an active Legislature, Executive and Judiciary in the field of Internet regulation is an absolute must. However, as the Shreya Singhal judgment has shown us, it is essential that the distinction between “regulation” and “unreasonable restriction” be appreciated.

 

References

  • Arora, Tarun, “The Concept of Cyber Crimes: An Introduction”, Legal News & Views, Volume 22, Issue 6, 2008.
  •  Council of Europe, Draft Explanatory Memorandum to the Draft Convention on Cyber-Crime (2001).
  • B.R Suri & T.N Chhabra, “Cyber Crime”, 1st ed., 2002, Pentagon Press, Delhi.
  • Baum, Janna J., “Cyber Ethics: The New Frontier”, Tech-Trends, Volume 49 (2008), 54-56.
  • Brenner, Susan, “Is There Such a Thing as Virtual Crime?”, California Criminal Law Review, Volume 4, Issue 1, 2001, available at: <http://scholarship.law.berkeley.edu/cgi/viewcontent.cgi?article=1077&context=bjcl> (Last accessed on 12th May, 2015).
  • Malgi, Shashirekha, “Cyber Crimes under Indian IT Laws”, International Journal of Scientific & Engineering Research, Volume 3, Issue 6, 2012, 1-11.
  • Resolution adopted by the General Assembly of the United Nations, A/RES/51/162, 16th December, 1996, available at: <http://www.uncitral.org/pdf/english/texts/electcom/05-89450_Ebook.pdf> (Last accessed on 9th May, 2015).
  • Seth, Karnika, “Cyber Crimes and the Arm of the Law – An Indian Perspective”, available at: <http://www.karnikaseth.com/india-cyber-crimes-and-the-arm-of-law-an-indian-perspective.html> (Last accessed on 11th May, 2015).