CHAPTER-V

INTERNATIONAL PERSPECTIVE OF CYBER CRIME

Cyber space is boundary less world, which cannot divide in particular

countries or territories as like the physical world. Cyber space is subject matter of the
users, because it available to anyone who is having access of the internet or computer.
However, it is duty of legal system to protect the rights of their citizens in the cyber
space. A safe and secure online environment enhances trust and confidence and
contributes to a stable and productive community. In initial period the countries,
which are having the more territory and the strong power to protect are known as
powerful countries. However, now the position has undergone change. In this age of
information technology the countries, which is having latest techniques about internet,
are call the powerful country. Due to this situation, small countries got important
position due to the techniques.

Information and communications technology (ICT) is an integral part of our

daily lives. Whether people have a computer at home, use online banking services or
simply receive electricity supplies, the community's reliance on technology is
increasing. Government and business also take advantage of opportunities for
economic development through increased use of information technology and a
technology aware population with internet connections locally and overseas.

Cyber crime is not a national problem but it is a problem found all over the
world. The international access to information and mobility of data is one of the most
important functions of world economic system. One of the peculiar characters of the
cyber crime is that its impact is very wider than the conventional crime .A criminal
act committed in one part of the world may cause impact at some other part of the
world. In view of reach of the cyber crime, entire world has virtually turned in to a
small village. Another feature is that the criminalization increase in the cyber crime is
uniform all around the world. The basic problem in the implementations of the cyber
crime in the global perspective is that the act is crime in one country and not crime in
another country , that create the basic problem, the same problem was faced in the
famous case of ‘love bug” case where in the citizen of the Philippines cannot be
convicted. Now the enactment of the cyber law has resolve the said problem, now any

126
person who committee crime anywhere and damage the computer of any counters, he
can be held liable to the offence.

5.1 Global perspective

In present day’s everyone is liable to promote a safe and reliable environment

in cyberspace world, in the context of an emerging information society. The
information technology is developed, due to development in the Information
technology, the world becomes a global village, distance between the countries has
drastically undergone change, and this technology allows easy access. The gift of the
20th century is the internet, which connected the entire world but along with easy
access, internet provide easy way to the cyber criminals for committing the crime
from any corner of the world. Thus, cyber crime has the omnipotent characteristics
and therefore, it can have victims anywhere in the world. It is now essential that all
those persons, who deals with cyber world, must have some idea about as to what acts
constitute cyber crime in the different countries of the world. Therefore, the entire
countries of the world have prepared the cyber laws as per their need and ability to
execute it.

Since impact of cyber crime is unbounded, any effort made at national level
have to meet international coverage of sake of effective containment of cyber crime
and protecting the interest of the society. Such situation necessitates understanding of
global legal response relating to the cyber crime. The discoveries and the inventions
both constructive and destructive are very rapid all around the world. In absence of
international cooperation, it will not be possible for any country to know the recent
advances in the other country. A country victim of any kind of latest cyber crime
shall have the opportunity to intimate other countries in time so that it may plan its
defense well in advance83.Therefore the international communication and cooperation
for the effective cyber law is necessary, for effective operation against cyber crime.
Considering the nature of cyber crime, international community has tried to bring the
international cooperation in the implementation of cyber law’s various convention
takes place to deals with the cyber crime.

The legal responses to the cyber crime of various countries of the world are
varied. Such laws are still under its gestation period. There is not even a single law

83
Laws on Cyber Crime: P .K. Singh, (2007) Book Enclave, Jaipur, Page 178.

127
that can state to contain all necessary attributes of modern cyber legislation. For
example, unsolicited calls by telemarketers and others are supposed to be an
infringement upon the right of privacy and liberty of a person, but no provision for
such act is available under the IT Act and rules. However, USA has implemented
special laws for the purpose about 13 years ago and several European countries
follows the model to provide the safeguard to consumer from being harassed by cell
phone companies and telemarketers. Due to immediate need to control the cyber
crime, various countries have enacted the laws as following.

United Kingdom is world’s first country, which initiate the legislation in the
field of Cyber world. The United Kingdom has enacted ‘The Computer Misuse Act,
1990 which content the penal provisions for cyber crimes. The country thereafter
enacted ‘Regulation of Investigatory powers Act 2000’ Austria thereafter took steps
in the field and amended its existing law through the enactment of ‘Cyber Crime Act
2001’ to check cyber crimes. Belgium also amended existing law in November 2000
and made computer forgery, sabotage, computer fraud and hacking criminal offences.
China also enacted ‘Computer Information Network and Internet Security Protection
and Management Regulation, 1997’ to regulate internet activities, but major stress
was on the national security rather than prevention of cyber crimes. Criminal code of
Estonia contains certain provisions governing cyber crimes.

German Penal code also contains certain provisions applicable to crime

committed with the help of computer and computer networks. Ireland has enacted
‘The criminal Damage Act, 1991 containing specific provisions on damages caused to
or by a computer system of network. “The computer Crime Act, 1997” also enacted a
law by Malaysia which deals with especially against the damage to the computer.
Malta enacted ‘The Electronic commerce Act, 2001 even a Mauritius has also enacted
The Information Technology (Miscellaneous Provisions) Act 1998 to check cyber
crime.

1) USA

Information technology is now connected with the developed countries,

because the new techniques in communication technology give various economical
sources, and the USA is super power in the internet technology because 60% web
sites of the globe are merge in USA. However, the basic aim of this technology is

128
going to use for commercial purpose, but it is going to misuse for the other purposes.
In Twenty First century, the criminals rely on the internet and advanced technology,
to extent their criminal activities, these criminals can easily use the internet to carry
out traditional crimes such as distributing illicit drugs and sex trafficking. In addition,
they exploit the digital world to facilitate crimes that are often technology driven,
including identity theft, payment card fraud, and intellectual property theft.
Cybercrimes have economic, public health, and national security implications, among
others. For over three decades, Congress has been concerned about cybercrime and its
related threats. Today, these concerns often arise among a larger discussion
surrounding the federal government’s role in ensuring US cyber security.84

US legal system has enacted various laws regarding cyber crime, because
more than 60 % of the sites on the World Wide Web are located in the USA. To curb
the menace of hacking the US Government has enacted various stringent legislations.
The Wire Fraud statute being the first law used to prosecute computer criminals in
USA. It was seen that the communication wires were used in international commerce
to commit fraud.

The Computer Fraud and Abuse Act, deals with the issue of unauthorized
access in the U S legal system. The legislation was first enacted in 1984, revised in
85
1994, and last amended made in late 1996. Thus, USA has passed several
enactments, which cover various aspect of cyber crime. The States of USA also pass
various federal laws for the protection of cyber crime. These Federal Acts, however
either are to introduced or amend existing provisions in U.S. Federal Code. The
major provisions of U.S. codes governing criminal activities can broadly discussed in
the following heads:

1. Federal Criminal Code Concerning computer crimes:

2. Federal Statutes Governing Intellectual property Rights:

a) Copyright Offences

b) Copyright Management offences

c) Trademark offences
84
Cybercrime: Conceptual Issues for Congress and U.S. Law Enforcement. Kristin M. Finklea
Specialist in Domestic Security. January 9, 2013
85
Cyber Crimes: Law and Policy perspective: Dr.K.S.Manikyam (2009) Hind Law House, Pune. Edi
Page 56.

129
 d) Bootlegging offences

e) Trade Secret Offences

f) Offences concerning the integrity of IP System

g) Offences concerning the Misuse of Dissemination system

3. Cyber Stalking

4. Search and seizure of Computers

5. Guidelines concerning sentences Relevant to cyber crime

U.S.A. has successfully enacted provisions relating to offences, there

investigation and sentencing. The country is leading in the field of checking cyber
crime along through effective police forces, particularly F.B.I., and people
cooperation. The numbers of cyber criminals are also greater in the country because
of predominance of internet and cyber technology in day-to-day life.

But the report of congressional research service speak in different manner

regarding the position of cyber law in U.S.A. According to the report submitted in
January 9, 2013 it contended that U.S. government does not appear to have an official
definition of cybercrime that distinguishes it from crimes committed in what is
considered the real world. Similarly, there is not a definition of cybercrime that
distinguishes it from other forms of cyber threats, and the term is often used
interchangeably with other Internet- or technology-linked malicious acts. Federal law
enforcement agencies often define cybercrime based on their jurisdiction and the
crimes they are charged with investigating. And, just as there is no overarching
definition for cybercrime, there is no single agency that has been designated as the
lead investigative agency for combating cybercrime.

The United States does not have a national strategy exclusively focused on
combating Cyber crime. Rather, there are other, broader strategies that have cyber
crime components, Policy makers may question whether there Should be a distinct
strategy for combating cybercrime or whether efforts to control these crimes are best
addressed through more wide-ranging strategies such as those targeting cyber security
or transnational organized crime. Congress may also question whether these broader
strategies provide specific cybercrime-related objectives and clear means to achieve
these goals.

130
 Comprehensive data on cyber crime incidents and their impact are not
available, and without exact numbers on the current scope and prevalence of
cybercrime, it is difficult to evaluate the magnitude of the threats posed by cyber
criminals. There are a number of issues that have prevented the accurate measurement
and tracking of cybercrime. For one, the lack of a clear sense of what constitutes
cybercrime presents a barrier to tracking inclusive cybercrime data. Additionally,
much of the available data on cyber crime are self-reported, and individuals or
organizations may not realize a cyber crime has taken place or may elect for a host of
reasons not to report it. Policymakers may debate whether to direct a thorough
evaluation of the threats posed by cyber criminals.

The federal role in addressing cyber security is complex. It involves both

securing federal systems and fulfilling the appropriate federal role in protecting
nonfederal systems. There is yet no overarching framework legislation in place, but
many enacted statutes address various aspects of cyber security. Some notable
provisions are in the following acts:

The Counterfeit Access Device and Computer Fraud and Abuse Act of 1984
prohibits various attacks on federal computer systems and on those used by banks and
in interstate and foreign commerce.

The Electronic Communications Privacy Act of 1986 (ECPA) prohibits

unauthorized electronic eavesdropping. The Computer Security Act of 1987 gave the
National Institute of Standards and Technology (NIST) responsibility for developing
security standards for federal computer systems, except the national security systems
that are used for defense and intelligence missions, and gave responsibility to the
Secretary of Commerce for promulgating security standards. This Law deals with the
protection to the data regarding security except the national security.

The Paperwork Reduction Act of 1995 gave the Office of Management and
Budget (OMB) responsibility for developing cyber security policies. The Clinger-
Cohen Act of 1996 made agency heads responsible for ensuring the adequacy of
agency information-security policies and procedures, established the chief
information officer (CIO) position in agencies, and gave the Secretary of Commerce
authority to make promulgated security standards mandatory.

131
 The Homeland Security Act of 2002 (HSA) gave the Department of Homeland
Security (DHS) some cyber security responsibilities in addition to those implied by its
general responsibilities for homeland security and critical infrastructure. The Cyber
Security Research and Development Act, also enacted in 2002, established research
responsibilities in cyber security for the National Science Foundation (NSF) and
NIST. The E-Government Act of 2002 serves as the primary legislative vehicle to
guide federal IT management and initiatives to make information and services
available online, and includes various cyber security requirements.
The Federal Information Security Management Act of 2002 (FISMA) clarified
and strengthened NIST and agency cyber security responsibilities, established a
central federal incident center, and made OMB, rather than the Secretary of
Commerce, responsible for promulgating federal cyber security standards. More than
40 other laws identified by CRS also have provisions relating to cyber security.
Revisions too many of those laws have been proposed. Many cyber security bills and
resolutions have been introduced in the last three Congresses, more than a dozen in
the 113th Congress, over 40 in the 112th, and more than 60 in the 111th. Several have
proposed revisions to current laws, and several received committee or floor action, but
none have become law. In fact, no comprehensive cyber security legislation has been
enacted since 2002.
Being a developed country in the world and mostly creator of 60% percent
world wide web USA has enacted a effective cyber law and the protection of
computer and data is going to protected in effective manner in USA. Due to the
development and experts, the USA has guiding the various countries in the world
regarding the cyber crime and its investigation.
Anti Spam Laws
United States has a specific CAN-Spam Act 2003, which came into force in
January 2004. Major provisions are:

o False and misleading header information is banned

o Deceptive subject lines are prohibited
o Opt-out methods must be provided
o Commercial email must be identified as an advertisement and it must
include the sender's valid physical postal address
o Receivers must be warned of sexually explicit material

132
 Penalties include fine up to USD 11000 and also imprisonment in specific
circumstances.86

2) U.K.

United Kingdom has passed various legislations to deals with cyber crimes
and to regulate the transactions on cyber space. Until the Computer Misuse Act, 1990
was passed, offenders would have been charged under Section 13 of the Theft Act
which deals with, stealing electricity. However, the execution of this Act while
dealing with cyber crime was not possible. Therefore the special Act was passed in
1990 which deals with the computer and its misuse, along with this Regulation of
Investigatory Power Act, 2000 was also passed by U.K.87

The first piece of UK legislation designed to specifically address computer

misuse was the Computer Misuse Act 1990. The act was a response to growing
concern that existing legislation was inadequate for dealing with hackers. The issue
was thrown into sharp relief by the failure to convict Stephen Gold and Robert
Schifreen who gained unauthorized access to BT's Prestel service in 1984 and were
charged under the Forgery and Counterfeiting Act 1981. However, they were
acquitted by the Court of Appeal and the acquittal decision was later upheld by the
House of Lords.

The Computer Misuse Act 1990, 'an Act to make provision for securing
computer material against unauthorized access or modification; and for connected
purposes', set out three computer misuse offences.

1. Unauthorized access to computer material

2. Unauthorized access with intent to commit or facilitate commission of further

offences

3. Unauthorized modification of computer material

The maximum prison sentences specified by the act for each offence were six
months and five years respectively (Amendments to the Computer Misuse Act,
introduced in the Police and Justice Act 2006, are discussed below).

86
Curbing Cyber Crime: A Critique of Information technology Act 2000 and IT Act Amendment 2008,
Sanjay Pandey
87
http://securelist.com/analysis/publications/36253/cybercrime-and-the-law-a-review-of-uk-computer-
crime-legislation/ last access on dated 27/01/16 at 6.00 pm

133
 The first prosecution of an individual for distributing a computer virus came in
1995. Christopher Pile, aka 'the Black Baron' pleaded guilty to eleven charges under
sections 2 and 3 of the Computer Misuse Act and received the 18 months prison
sentence. Pile created the viruses Pathogen and Queeg, both pieces of malware
implemented his SMEG (Simulated Metamorphic Encryption Generator) polymorphic
engine, making them hard to detect, and both were designed to trash substantial
portions of a victim's hard drive. He planted the viruses on bulletin boards disguised
as games and, in one case, as an anti-virus program. It was estimated that the viruses
caused damage amounting to £1 million (The Independent, 16 November 1995).

Another significant conviction under the act was that of Simon Vallor. He
pleaded guilty to creating and distributing the mass-mailing worms Gokar, Redesi and
Admirer, offences covered by section 3 of the Computer Misuse Act. In January 2003
he received a two year prison sentence. It was estimated that his worms spread to
27,000 computers in 42 countries88

The Police and Justice Act 2006 :

The British Police and Justice (2006) bill was granted Royal Assent this week
with some interesting changes being introduced to the Computer Misuse Act (1990)
under Part 5 (Miscellaneous) which could have serious implications for those on the
murkier side of computing. The Computer Misuse Act obviously needed updating, as
most of the threats in existence today were not possible 16 years ago.

Maximum sentencing for unauthorized access to computer material has been

raised to 2 years. The really interesting modifications come under section 3,
“Unauthorized acts with intent to impair operation of computer, etc.”, a person is
guilty of an offence if he knowingly carries out an unauthorized operation with the
intent to impair the operation of a computer, prevent access to any program or data
held on a computer or to effect the reliability of any data held on a computer. The
intent does not need to be directed at any particular computer, any particular
program/data not any data of a particular time. On conviction of carrying out the
aforementioned a prison term of up to 10 years and/or a fine can be passed down.
This section seems to be particularly aimed at those executing malicious code or
initiating denial of service attacks.

88
Cybercrime and the law: a review of UK computer crime legislation By David Emm

134
 An interesting insertion is section 3 A, “Making, supplying or obtaining
articles for use in offence under section 1 or 3”.

(1) A person is guilty of an offence if he makes, adapts, supplies or offers to

supply any article--

(a) knowing that it is designed or adapted for use in the course of or in

connection with an offence under section 1 or 3; or

(b) intending it to be used to commit, or to assist in the commission of, an

offence under section 1 or 3.

(2) A person is guilty of an offence if he obtains any article with a view to its
being supplied for use to commit, or to assist in the commission of, an offence
under section 1 or 3.

(3) In this section “article” includes any program or data held in electronic form.
Therefore, those supplying the means by which to carry out any malicious
attack will also be liable although the maximum term for doing so is 2 years
rather than 10. It will be interesting to see how these new laws are enforced
will soon be able to have vendors supplying mod-chips convicted.89

3) Australia

Australia has enacted the cyber Crime Act, 2001 with a view to amend the
existing law of land relating to computer offences. The Act which were amended by
cyber crime Act are : Australian Security Intelligence Act Organization Act, 1979,
Crimes Act 1914, Criminal code Act 1995, Education Services for the Overseas
students Act 2000, and Telecommunications (Interception) Act 1997, The Act of 2001
has repealed the part VI of the crimes Act 1994 in order to add computer offences in
its schedule. According to the provision of the schedule, the term “access to data of a
computer”, means

(i) the display of the data by the computer or by any other output of the data from
the computer;

(ii) the coping or moving of data to any other place in the computer or top the
data storage devices;

89
http://www.techrepublic.com/blog/data-center/uk-cyber-crime-laws-updated/ last access on dated
5/02/2016 at 8.30 am.

135
(iii) the execution of the program.

The offences as like authorized access with intent to commit any serious
offence is made punishable up to the life imprisonment. 90

Australia's new cybercrime law, which came into force on 1 March 2013,
establishes the legislative framework for Australia's accession to the Council of
Europe Convention on Cybercrime (Convention). The cybercrime law has been
effected by the amendment of a number of existing Commonwealth statutes, including
the Mutual Assistance in Criminal Matters Act 1987, the Criminal Code Act 1995, the
Telecommunications (Interception and Access) Act 1979 and the
Telecommunications Act 1997 .

The essence of the new cybercrime law is to empower Australia's law

enforcement and intelligence agencies to compel carriers to preserve the
communication records of persons suspected of cyber-based crimes. The new law also
expands the Commonwealth cybercrime offences and facilitates international
cooperation between State parties to the Convention through the cross-border sharing
of communication records.91

Australian Government's Cyber Security Strategy:

On November 23rd 2009, the Australian government launched its Cyber

Security Strategy, with an aim “to promote a secure, resilient and trusted electronic
operating environment that supports Australia's national security and maximizes the
benefits of the digital economy” (Attorney-General’s Department, 2013a). The
Strategy is the Australian government’s main cyber security policy in maintaining a
safe and secure cyber world.

The Australian government’s cyber security policy is based on some main

principles, which are illustrated in the inaugural National Security Statement
delivered by the then Prime Minister, Kevin Rudd to the Parliament on December 4th,
2008. In the Statement, it is indicated that national leadership needs to be
strengthened when facing the challenges in fighting cyber offences. Meanwhile,
cooperation and collaboration should be conducted by governments at all levels in

90
Law on cyber crime: P.K.Singh (2007) Book Enclave,Jaipur Page 84.
91
http://www.minterellison.com/publications/cybercrime-privacy-update-201305 last access on dated
18/09/15 at 9.30 am.

136
Australia with organizations, public agencies and corporations in protecting their
online safety while respecting the privacy of other online users. Furthermore, the
Statement also lays stress on the international cooperation in cracking down and
controlling transnational cybercrimes with Australia’s vigorous participation.

In accordance with the guiding principles in the Statement, the Australian

government’s Cyber Security Strategy set out three goals:

a) “for all Australians to know about the security threats to our computers, to
know how to secure our computers, and to know how to help protect our
identities, privacy and finances online”;

b) “for Australian businesses to operate secure and resilient computer systems to

protect their operations and the identity and privacy of their customers”; and

c) “for the Australian government to make sure its computer systems are secure
and resilient” (Attorney-General’s Department, 2013a).

The Strategy demonstrates the measures taken by the Australian government

that brings a range of resources into full play to help protect the online security of the
government, enterprises and individuals in Australia. The Strategy provides a guide
for Australian governments at all levels to recognize the importance of cyber security
and carry out effective actions in this regard. Moreover, it describes how the new
policies formulated by the federal government could help protect Australians and their
businesses in a more productive way. Furthermore, it is noted that the Strategy calls
people’s attention to recognizing the threats posed by the Internet and computer. In
the meanwhile, greater emphasis is attached to each user’s actions and the all national
joint efforts in this regard.

Cybercrime Legislation Amendment Act 2012

On September 12th, 2012, the Cybercrime Legislation Amendment Act 2012,

which originated from the Cybercrime Legislation Amendment Bill 2011, received
Royal Assent. In this Act, a series of amendments made to acts such as the
Telecommunications Act 1997, the Telecommunications (Interception and Access)
Act 1979 and the Mutual Assistance in Criminal Matters Act 1987.

However, it should be noted that the Cybercrime Legislation Amendment Act

2012 was enacted primarily for implementing the Council of Europe Convention on

137
Cybercrime. As stipulated in the Act, when foreign agencies are requesting the
cooperation from the Australian Federal Police in accordance with the sections, “the
Australian Federal Police must give the carrier concerned a written notice (a foreign
preservation notice) which requires the carrier to preserve all stored communications
related” (Australian Government Com Law, 2013c). Furthermore, greater authority
has been given to federal or state authorities in their access to stored communications.
Some particular authorities or the Australian Federal Police are permitted to represent
some foreign countries in accessing the information required. And the access could be
granted even before a lawful warrant is approved. As it usually takes a rather long
time to obtain the approved warrant, the information and data critical to the
investigation and prosecution might have been destroyed. These new provisions in
the Cybercrime Legislation Amendment Act 2012 help preserve the necessary and
important evidence before the warrant is granted to the agencies concerned.92

On observing the Australian strategy on the cyber crime we can say

that the said country has prepared the good strategy on the cyber crime and for
prevention of cyber crime and protection of individual from the cyber crime.

4) Belgium

Belgium is another country, which has, prepared the effective cyber crime, in
the year 2000. The Belgium Parliament enacted new provisions in Criminal Code in
November 2000 in order to make computer forgery, computer fraud and sabotage
criminal offences. The section 550 (b) of the criminal Code specify the computer
crime as, “Any person, who is unauthorized to make an access or maintains his
access to a computer system, may be sentenced to a term of three months to one year
imprisonment and fine”.93.This section provide sub clauses (a) to (g) and different
punishments are provided in the said section.

The section contended that when the offence is committed with intention to
defraud, the term of imprisonment be extended up to 2 years. Thus, the small country
like Belgium has enacted the cyber law.

92
Australia’s Policies and Practices in Combating Cybercrime Submitted by Jiang Lin and Hu Zi, May,
2013.
93
Law on cyber crime: P.K.Singh(2007) Book Enclave,Jaipur Page 86.

138
Comparison with the UK Data Protection Act:

The comparison between the law of developed countries and Indian law gives
a clear picture that the Indian laws need to be analyzed and reviewed in order to
maintain law and regulations. It is clear that UK has its Data Protection Act of 1998
wherein the Act is designed to provide protection and privacy to the personal data of
the individuals residing in UK.

According to the Data Protection Act, the people and Organizations involved
in storing personal data should register with the information commissioner, who is
been appointed by the government as an official of the government in order to keep a
check on the rules and regulations provided by the Act. The Act has certain restriction
in the collection of personal data. Any personal data can be demanded only for one or
more lawful purposes and cannot be further processed or used apart from the
task/tasks that it was needed for. The personal data should not be excessive and
should be relevant and correct and adequate for the purpose/purposes it is needed and
to be processed.

It is quite evident that the European Union and U.S try to protect the Personal
data of their citizens as the Data Protection Act is much sophisticated and moreover
they keep on trying to enhance their system. Though US has a different methodology
from what the European Union follows for the Data Protection and Privacy.

US follow the sectoral approach that consists of mixed legislation and

regulations and self-regulations also. Data is grouped in several classes on the basis of
their utility in US. Hence, a different law structure is followed for each class of data.
While the provision in the Indian IT Act deals with extraction of data, destroying the
data etc. which means that companies don’t get protection of data which forces them
to lead towards separate private contracts to keep their data secured. The European
Union follows and forces the Protection of personal data on all its countries and the
US also complies with the European Union as by the Safe Harbour Agreement can
business be facilitated from the European Union countries. Hence, it is very necessary
for India to comply with the European Union. Though efforts have been made to have
a Data Protection Act in India still the legislature is unable to frame the Bill94

94
112206-7474 IJECS-IJENS © December 2011 IJENS

139
5.2 Comparison of cyber crime in India and USA

Every year, cyber crime in India is going up by 50 per cent and during the last
five years, around 9,000 Indian websites including those of various government
departments were hacked. Many government websites, some of them carrying
sensitive information have become victims of cross-border hacking, mainly from
Pakistan, Bangladesh, Nepal and China. As per IC3’s annual report 2012, India,
ranked among the top five nations for the maximum complaint of cyber crime and it
ranked 6th in terms of complainant loss to the tune of $3,740,736.53. Information and
Cyber insecurity has been ranked at third position in India Risk Survey 2013 to which
companies are most vulnerable. According to Norton cyber crime report 2012, a
global financial loss of up to $110 billion occurred due to cyber crime. The report also
reveals that 66 per cent of Indian online adults have been victims of cyber crime in
their lifetime. In the past 12 months, 56 per cent of online adults in India have
experienced it (a little over 115,000 daily victims or 80 per minute). In India, one in
three online adults (32 per cent) has been a victim of either social or mobile cyber
crime in last 12 months, and 51 per cent of social network users have been victims of
social cyber crime. The report says most internet users take basic steps to protect
themselves and their personal information. These include deleting suspicious emails
and being careful with their personal details online. However, other core precautions
are being ignored. For instance, 25 per cent don't use complex passwords or change
their passwords frequently. And, 38 per cent do not check for the padlock symbol in
the browser before entering sensitive personal information, such as banking details,
online. Well over half of online adults in India report having been notified to change
their password for a compromised email account. Close to 42 million people in India
were hit by cyber crime attacks in the past 12 months, causing an approximate loss of
$8 billion (INR 44,500 Crore). The average direct financial cost per victim is $192, up
18 per cent over 2011 ($163).

In India, Cybercrime cases are registered under Indian Penal Code (IPC) and
under Information Technology Act (IT-Act). The IT Act was enacted in year 2000
and later amended in 2008. During year 2005, 302 persons were booked under IPC
and 179 under IT Act, while in year 2012, 2876 persons were charged under IT Act
and 601 persons were charged under IPC. It shows awareness of IT Act among police
personnel. It is also observed that in year 2012, a total of 2064 persons were arrested

140
in Cybercrime cases and out of these, 1176 arrested persons were between age group
of 18-30 year. In year 2011, a total of 1630 persons were arrested, out of these, 883
persons were of age group 18-30 year of age. A graphical representation of the
statistics is shown in Figure-1 and Figure-2.

141
(Figure-1)

142
(Figure-2)

143
5.2.1 Comparative analysis of Specific Cyber Crimes

Every develop country in the world has prepare the cyber law to regulate the
cyber space and the cyber crime. There are certain cyber crimes, which are common
in every corner of the world, though the territorial aspect in cyber crime offences has
recognized as a transnational, but the similar or rather same cyber crime treated
differently in different two countries, this make difficult to buildup cooperation
among the Nations at international level. As the world is global village, then use of
the computer and internet is quite similar specially for committing the crime. Though
the manner and modes to misuse the computer is different, but the object and main
aim is similar.

The similarity in the object is there because the offences in cyber world are
rather offences against the property or against the privacy. Every legal system has
recognized the right of privacy in their respective countries. As well as the right of
property is also recognized inherited rights of the human being in the world, and it is
internationally recognized in every country. The various cyber crimes which are know
by different names are nothing but similar act against right of privacy and against the
property. The pits and pills of information stored in cyberspace come up as a new
wealth targeted by the cyber crime criminals. The cyber criminals has a lust for the
data storage and use all illegal ways to either temper with it, or to destroy it
completely which give new dimension to the traditional crime of mischief.95 This new
dimension of conventional crime is going to commit by using new technology. This
new techniques bring new cluster to which is unheard up to it. It is only new
dimension, but the base of the crime is same.

The cyber world recognized two kinds of offences, which is known as pure
cyber crime. That is vandalizing digital information and security related offences.
These two offences are nothing but against the property and the privacy. In the
vandalizing digital information means hacking or viruses, worms. These acts destroy
or damage the intellectual property or the important data. The Security related crime
means violating individual privacy as like the cyber defamation. The cyber law of
different countries deals differently with this act. Hacking, stalking, cyber defamation
or tampering with the computer sources are the common offences, which are going to,

95
Cybercrime : Talat Fatima (2011), Eastern Boo Company Lucknow, Page 192.

144
committed in every corner of the world. All legal system has enacted the different
laws to prohibit these offences.

There are various offences, which are common and prohibited in almost all the
legal system. However, the different Laws and policies are recognized in every
country. Therefore, it makes a great impact on the execution of the cyber laws. For
example, information vandalism is the common problem in the cyber world, and
various countries laws deals with problem as following:

5.2.2 Information Vandalism: Comparative study of UK, US and India

Vandalism is the Willful or malicious damage or destruction of the property of

another. Now the computer and the data in the computer is property. This property
can be destructs by the cyber crime as like viruses, worms, Trojan horse, logic bomb.
These offences are the tools of vandalism. These all are illegal act. Most of the legal
systems of the world recognized them under the term vandalism. This crime is
different mode of the conventional crime that is mischief. All kinds of vandalism are
nothing but mischief against the intellectual property by different ways. However, the
different legal system deals with this crime differently. The computer property or data
can be devaluate by different ways whether that is by way of viruses or by logic
booms but ultimate result of that act is destruction of data or devaluate the intellectual
property present in the computer. Then also the different legal system recognized this
illegal act in different footing. Some legal system recognized, it as a crime and
provide punishment and some countries mere recognized it as a wrong and provide
the pecuniary liability as like relief of compensation to the victim.

So far, the vandalism is concern, these three legal systems of USA, UK and
India has provided different legal attitude. The first legal response comes from the US
congress, by passing the Computer Fraud and Abuse Act in 1986, it attempt to
prohibit and penalized the culprit. The object of this statute is to protect the Federal
Government as well as financial and medical institute computer. The data in such
institutes computers are important and is property of governments and the concern
institute. Thought the main object is to protect the data, impliedly it is protection of
the intellectual property of the Federal Government and medical institute. Section 130
(a) (5) (A) of the Said Act prohibits the transmission of, “a program, information,
code or command to a computer or computer system’ with intent to damage, or cause

145
damage to or to withhold or deny the use of computer, a computer service or network,
information data or program. Such transmission is also prohibited if done with
reckless disregard of a substantial and unjustifiable risk of the same effects.”

Thus, the wording of this section provides that the act intentionally is an
offence. The word recklessness is use in the said section. The section provides that
when any program or transmit any program which destroy the data. The Section not
use the particular name of the virus and that is necessary because there are various
programs or kinds of viruses, and it is not statistics, it changes with the time. So any
program that is virus or worms, which destroy the program or any data in the
computer, is offence and made punishable according to this Act. US is the country,
which is facing the problem of virus and vandalism due to which huge economic loss
is sustain in commercial institute of country. Therefore, the US legal system firstly
prohibit such kind of act by enacting the Law in such matter.

UK has recently enacted a special statute relating to this, but before the
specific cyber law regarding the vandalism, the conventional criminal law of UK is
dealing with such kind of act successfully. The Criminal Damage Act, 1972 deals
with offences and penalties regarding the damages to the tangible property, but the
same Act successfully interpreted in case of unauthorized deletion and modification
of computer-based information. In the year 1986,in one of the landmark judgment
,”Cox v. Riley” 96 where the accuse, an employee deleted program from a Plastic
Circuit card that was required to operate a computerizes saw and the court regarding it
as a damage to the value and usefulness of the card, held the accuse liable. But while
dealing with such offences the technical problem arose, because this Act deals with
damage to the tangible property. The court rightly interpreted that the property though
require tangible, not the loss is to be tangible. Considering this technical aspect the
legal system pass a special Act dealing with such kind of issue, that is known as The
Computer Misuse Act 1990.

Computer Misuse Act, 1990 content special provisions to deal with the
menace of the viruses and worms, Section 3 deals with the situation under the name
of, “unauthorized modification” of computer material. It is recognized as a substantial
offence it contents as:

96
(1986) 83 Cri. App..R 54

146
Sec.3(1): A person is guilty of an offence if,

(a) He does any act which cause an authorised modification of the content
of the computer ;and

(b) At the time when he does the act he has the require intent and the
requisite knowledge.

Thus, the special provision in UK deals with the vandalism. The Act comes in
to existence to prevent the huge loss due to virus distribution. The present law is very
much suitable to protect from such kind of vandalism in the UK. This act and
specially Section 3 deals with the offence of mischief, only the nature of the property
has differently recognized in the said Act. Prior to the said enactment the law never
make different between the tenable and intangible though the previous law use the
word tangible. To resolve the dispute of the kinds of the property the special law is
enacted by the UK government but the object of the law is one and same as like the
conventional laws dealing with the offences regarding property and mischief of it.

The Indian legal system also facing the same problem due to development in
the information technology, being a developing nation computer and internet is
important part of various transactions and the official working. Therefore, while
passing the Information Technology Act, 2000, Section 43 of the Act specially deals
with the virus. The IT Act section 43 deals with vandalism but in comparison with the
U K and USA, the Indian law is much lenient because it merely impose the pecuniary
liability on the person responsible to vandalism. Section 43(c) of the IT Acts says,

Penalty for damage to computer, computer system, etc. – If any person

without permission of the owner or any other person who is in charge of a computer ,
computer system or computer network ,-

(c) introduces or cause to introduced any computer contentment or computer virus

into any computer, computer system or pure network;

He shall be liable to pay damages by way of compensation not exceeding one

crore rupees the person so affected.97

Thus, the different three countries and the different Cyber laws deals
differently with the vandalism. The Indian legal systems conventional law that is

97
Information Technology Act, 2000

147
Indian Penal Code deals with the vandalism. It is nothing but offence of mischief as
define in section 425 of the IPC. The offence of mischief as defined in section 425
IPC corresponds to what is designated under the English law as the malicious injury
to the property, in which malice is presumed by the nature of the act and its illegality.
The section is based on the principle enumerated in the maxim, ‘Sin uter tuo ut
allenum no leads’ namely use your own property so as not to injure your neighbor’s
property.98 This offence of mischief is having same ingredients and therefore before
the specific cyber laws, it is perfectly applicable to the offence of any kind of
vandalism.

Vandalism is not only destruction of the cyber or related property but any
change in the said property which reduce its value is also include the same offence.
The offence of mischief is also same. To constitute mischief it is necessary not only
that wrongful loss or damage to the public, or to any person be intended or be likely,
but also that any property be destroyed or any such change should occur in any
property or in the situation thereof that destroys or diminishes its value or utility or
affect it injuriously. Thus the vandalism and mischief is same and the different
countries provides different laws and punishments and fine differently.

98
Indian Penal Code, K.D. Gaur (2011), Universal Law Publication Co. New Delhi. Page 287

148