Lecture notes on legal and ethical issues- Level 400

THE MAIN LAWS AND REGULATIONS GOVERNING DIGITAL

TRANSFORMATION.
The principal laws governing digital transformation in Ghana
include the
Electronic Transactions Act 2008;
Electronic Communications Act 2008;
Data Protection Act 2012;
Payment Systems and Services Act 2019;
National Communications Authority Act 2008;
National Information Technology Agency Act 2008.
Cybersecurity Act 2020

KEY FEATURES OF LAWS

Legal Recognition of Electronic Transactions
The Electronic Communications Act 2008 (ECA) gives statutory
backing to electronic transactions and records within the
jurisdiction. The law provides for the admissibility of electronic
evidence in legal proceedings. Digital certificates and signatures
are given due recognition by the law. The ECA further mandates
public institutions to take steps or enter into arrangements to
ensure that their functions are carried out, delivered or accessed
electronically or online. The legal recognition of electronic
transactions and records was a significant step to put Ghana on a
positive footing towards digital transformation.
Registration and licensing regime
The ECA for instance mandates a person or entity that intends to
operate a public electronic communication service or network or
provide a voice telephone service to obtain a licence from the
National Communications Authority. Entities engaged in
encryption and authentication services are enjoined by law to
obtain a licence from the National Information Technology Agency
(NITA). Payment systems and service providers as well as
electronic money issuers must also obtain a licence from the Bank
of Ghana. Under the Data Protection Act (DPA), data controllers
and data processors are required to register with the Data
Protection Commission before collecting or processing personal
data. These registration and licensing requirements allow for
supervision and streamlining of the electronic communication
service space. The DPA also ensures that services providers
comply with the relevant data protection protocols.
DATA PROTECTION
The integrity and confidentiality of a person’s data finds
expression in the constitutionally guaranteed right to privacy.
Data protection denotes the protection of an individual’s data
from unauthorised access or use. Under the DPA, data processors
and controllers are required to uphold the confidentiality of an
individual’s personal data by complying with the veritable
principles of accountability, the lawfulness of processing, and
specification of the purpose of data collected. Similarly, the
Payment Systems and Services Act directs payment service
providers and electronic money issuers to adhere to principles of
consumer protection which entails the protection of consumer’s
privacy, tangible and intangible assets related to the service
including the personal details, financial information, and
transaction data of the customer. Under the ETA, a provider of an
electronic communication service or remote computing service is
prohibited from knowingly divulging the contents of any record or
information about its customers or subscribers while in electronic
storage or the contents of any communication, which is carried or
maintained on that service to any other person or entity.
Ghanaian law also proscribes the interception of an electronic
record without authorisation.
OFFENCES AND PENALTIES
The aforementioned statutes set out elaborate provisions on
offences and penalties touching on breaches of digital
transformation laws.
The ETA is replete with provisions dealing with cyber offences
ranging from stealing to unauthoried access to electronic records.
Critically, a person who secures unauthorised access or attempts
to secure access to a protected system commits an offence and is
liable on summary conviction to a fine of not more than 5,000
penalty units or to a term of imprisonment of not more than 10
years or to both. A striking feature of the law worth mentioning is
the omnibus criminal provision under section 123 of the ETA to
include offences wholly or partially committed in an electronic
medium or form but are not specifically mentioned in the ETA.
Specifically, such offences committed under any law that gives
rise to the offence, shall be deemed to have been committed
under the relevant law and the provisions of that law shall apply
to the person who commits that offence. Thus, where a person
commits an offence under any existing law in an electronic form,
that person would be liable under that law even though there is
no specific reference to an electronic form.
Under the DPA, a person who purchases personal data or
knowingly obtains or recklessly discloses the personal data of
another person or causes to be disclosed to another person
commits an offence and is liable on summary conviction to a fine
of not more than 250 penalty units or to a term of imprisonment
of not more than two years or both. Likewise, a person who sells
or offers to sell the personal data of another person commits an
offence and is liable on summary conviction to a fine of not more
than 2,500 penalty units or to a term of imprisonment of not
more than five years or to both. Further, a person who knowingly
or recklessly discloses information in contravention of the
confidentiality requirement commits an offence and is liable on
summary conviction to a fine of not more than 2,500 penalty
units or to a term of imprisonment of not more than five years or
to both.
Under the Payment Systems and Services Act, a body corporate
that engages in an electronic money business without
authorisation from the Bank of Ghana commits an offence and is
liable on summary conviction to a fine of not less than 4,000
penalty units and not more than 7,000 penalty units.
Under the ECA, a person who knowingly obstructs or interferes
with the sending, transmission, delivery or reception of
communication or provides an electronic communication service
without a licence commits an offence and is liable on summary
conviction to a fine of not more than 3,000 penalty units or to a
term of imprisonment of not more than five years or to both.
THE MOST RECENT DEVELOPMENTS AFFECTING DIGITAL
TRANSFORMATION PLANS AND PROJECTS
The accelerated process of migrating the economy from a cash-
based one into a cashless economy is a recent noteworthy drive
towards digital transformation in Ghana. Most organisations have
recently adopted electronic means of payment for goods and
services. Mobile money services, electronic payment systems and
services, and online banking services have increased in popularity
over the past decade. The various telecommunication networks in
the country have created mobile banking platforms for customers
for easier and faster financial transactions such as mobile money
transfers, internet banking and Unstructured Supplementary
Service Data (USSD) codes. The Ghana Interbank Payment and
Settlement Systems (GHIPSS) company has created the Mobile
Money Interoperability (MMI) payment platform to allow
transactions across various telecommunications networks in the
country. Some banks have collaborated with payment services
providers to provide online banking services to their customers.
The use of QR codes for payment of goods has recently become
an option for consumers within the country.
The Government as part of its ICT for Accelerated Development
(ICT4AD) policy has introduced programmes meant to enhance
digital transformation. The Ministry of Communications through
the Ghana Investment Fund for Electronic Communications
(GIFEC) in collaboration with Huawei has started the deployment
of about 2,000 Rural Star sites across the country, which will
provide voice and data services for over 3.4 million people in
underserved and unserved communities to extend the national
mobile communication coverage from 83 per cent to 95 per cent.
The government has expanded the automation of government
business processes (e-governance system) to many more state
institutions including the Registrar General’s Department, the
Ghana Passport Office, and Ghana Revenue Authority, the courts
(e-justice), the ports (Paperless Port Systems), and the Lands
Commission amongst others. For instance, the Ministry of Local
Government and Rural Development recently rolled out a new
digital revenue solution, the District Local Revenue (dLRev)
software, which is free cloud-based software specially designed
for the revenue management cycle of data collection, billing,
revenue collection and reporting in about 100 metropolitan,
municipal and district assemblies within the country. These
initiatives have enabled government agencies to migrate their
business and service delivery onto an electronic platform. This
has also helped reduce delays in government services delivery.
The introduction of a digital address system using the Ghana Post
GPS platform has helped generate accurate data regarding the
housing situation in Ghana.
The key legal and practical factors that organisations
should consider for a successful Cloud and data centre
strategy?
The key legal and practical factors an organisation should
consider for a successful cloud and data center strategy include:

• Regulation: There is currently no specific law or regulation

that regulates cloud technology systems in the jurisdiction.
It is expected that the new cybersecurity law (yet to be
assented to by the President) will make provisions for the
regulation of cloud technology. (The new Cybersecurity Act
will establish the Cybersecurity Authority and contains
provisions meant to protect the critical information
infrastructure of the country, regulate cybersecurity
activities and help develop Ghana’s cybersecurity
ecosystem.)
• Internet accessibility: A successful cloud and data centre
establishment relies on affordable and speedy access to the
 internet. This requires investment in internet infrastructure
and services. Ghana has one of the best internet penetration
rates in Africa with a rate of 34 per cent. There are a
number of internet service providers (ISPs) in Ghana.
Among the leading ISPs are MTN Ghana, Vodafone Ghana,
Airtel Tigo, Surfline and Teledata ICT Limited.
• Access to Electricity: Access to a constant and reliable
electricity supply is one of the considerations when setting
up a reliable data centre. Erratic or unstable power supply
can cause damage to machinery and result in possible
system breaches. Ghana has a relatively stable power
system that can support a successful cloud and data centre
operation.
WHAT CONTRACTING POINTS, TECHNIQUES AND BEST
PRACTICES SHOULD ORGANISATIONS BE AWARE OF WHEN
PROCURING DIGITAL TRANSFORMATION SERVICES AT
EACH LEVEL OF THE CLOUD ‘STACK’?
In procuring digital transformation services, an organisation
should consider the following best practices:
Assembling the right team
To get the most out of procuring digital services, an organisation
must secure the services of a team that understands ICT
procurement processes and the peculiar needs of the
organisation. The existence of a team of experts promotes
transparency in the organisation’s process, ensures value for the
projects executed and increases efficiency. Over the past five
years, organisations have prioritised recruiting ICT professionals
with knowledge in procurement on acquiring tailor-made ICT
solutions that truly result in digital transformation.
Digital contract management
Contract management is at the heart of the procurement cycle.
Purchase orders and invoicing can now be done electronically.
Over the past five years, organisations have begun a gradual
migration of contract processes unto digital platforms. With this,
companies can minimise risk and maximise transparency.
Automated procurement processes and contract management
enable a centralised and easily accessible system that is cost-
efficient and guarantees security.
Critically, organisations should be able to understand the specific
ICT solutions they are procuring so that they can assess the
product that is finally delivered. A lack of understanding of the
specifications of the ICT solutions tends to be a major source of
dispute between service providers and organisations.
Data protection
In procuring digital services, an organisation must ensure that
the services or products are compliant with data protection
protocols and principles. All personal data must be collected,
processed, and stored in accordance with the DPA.
WHAT ARE THE TYPICAL POINTS OF CONTENTION IN
CONTRACT DISCUSSIONS AND HOW ARE THEY BEST
RESOLVED DISPUTE RESOLUTION CLAUSES
A contentious point in contract discussions involves the proper
channels to employ in resolving disputes that arise under the
contract. This is due to the challenges that certain dispute
resolution procedures may present to the parties. The court
system of settling disputes is time-consuming and the Ghanaian
courts may lack expertise in a specialised area such as ICT Law.
The parties should consider an Alternative Dispute Resolution
mechanism such as arbitration. The parties may be able to
appoint experts and/or institutions to handle any dispute arising
out a contract for issues to be resolved effectively and
expeditiously.
Delivery of ICT services not fit for purpose
Another contentious issue in contract discussions is that entities
are unable to communicate technically and effectively their
organisation’s ICT needs to service providers for customised
solutions. The result is that the final services or solutions offered
to organisations are inferior and mostly unfit for purpose and
thereby compelling organisations to redo their entire project
because the initial implementation failed to meet the expectations
of the organisation. To resolve this issue, parties must ensure
that during the negotiation stage, product specifications are
clearly defined and communicated. Organisations must endeavour
to consult and use experts in their negotiations and processes
before executing a contract.
How do your jurisdiction’s cybersecurity laws affect
organisations on their digital transformation journey?
Parliament recently passed the Cybersecurity Act 2020. The Act
(the law is yet to be assented to by the president) is expected to
become the primary source of law regulating digital
transformation and its related cybersecurity incidents in Ghana.
The new Cybersecurity Act is expected to regulate cybersecurity
activities, protect the critical information infrastructure of the
country, develop Ghana’s cybersecurity ecosystem and position
organisations to prevent, manage and respond to cybersecurity
incidents in view of the current digital transformation agenda.
The ETA is the primary source of cybersecurity law in Ghana. It is
replete with provisions dealing with acts and breaches of
cyberspace. The ETA encourages organisations to put in place
mechanisms that protect against unauthorised access to
electronic systems, devices, and records. The National Cyber
Security Centre (NCSC), an agency under the Ministry of
Communications, is responsible for Ghana’s cybersecurity
development including cybersecurity incidents response
coordination with the government and with the private sector.
The NCSC works closely with the National Cyber Security
Technical Working Group (NCSTWG) in the implementation of
cybersecurity initiatives across government and non-
governmental sectors. The DPA makes provision for securing the
personal data of users. The laws aforementioned and in particular
the setting up of the NCSC have promoted confidence among
organisations to digitally transform their businesses with the firm
assurance that when there is a breach of their cyberspace, there
is legislation and a dedicated institution to deal with their
concerns. Ghana is also in the process of putting together
legislation that focuses solely on cybersecurity.
How do your jurisdiction’s data protection laws affect
organisations as they undergo digital transformation?
Most businesses within the jurisdiction are unaware of the Data
Protection Act and its guidelines on data processing and storage.
Thus, compliance with these guidelines is minimal and the
statutory agency responsible for ensuring compliance (Data
Protection Commission), has begun engagement with various
organisations to ensure compliance with Ghana’s data protection
laws. The DPA requires data controllers to register with the
Commission before they collect, process and retain data. A data
processor must seek the consent of the data subject before the
collection, processing, and retention of personal data. A data
controller under the DPA cannot retain personal data for a period
longer than is necessary to achieve the purpose for which the
data was collected unless the retention is backed by law or under
a contract between the parties. A data controller is required to
destroy the record at the end of the retention period. A data
controller or processor who intends to collect process or retain
personal data relating to a foreign data subject is expected to
register with the Data Protection Commission and must provide
the name and description of the country to which the data will be
transferred.
What do organisations in your jurisdiction need to do from
a legal standpoint to move software development from
(traditional) Waterfall through Agile (continuous
improvement) to DevOps (continuous delivery)?
Organisations must secure the services of legal experts who
possess the skills and understanding of the interface between
technology law, customer success and product development. IT
legal expertise is relatively underdeveloped in Ghana. A legal
team comprising persons with expertise in contract, procurement
and technology law and experience in business development to
assist organisations to develop or negotiate cutting edge
contracts that envisage the entire software development life
cycle.
What constitutes effective governance and best practice
for digital transformation in your jurisdiction?
Establishing effective accountability, roles and decision-making
authority for an organisation’s digital presence is essential in
digital transformation. Organisations should put in a clear digital
policy that will shape their activities. Ad hoc decisions touching on
an organisation’s digital presence do very little for an
organisation’s digital transformation. Organisations must also put
in place a digital team structure that is responsible for the specific
digital services and products of the organisation. This will ensure
accountability and decentralisation of the production and
maintenance of the organisation’s digital presence. The team
should also monitor its digital platforms to ensure that there is
constant feedback on their products and services.
On the level of the state, government should expand its e-
governance services to other agencies as well as Ghana’s rural
communities. The provision of ICT infrastructure in schools across
the country will help build a strong human resource that is
prepared to participate meaningfully in the digital transformation
agenda in Ghana.

The Inside Track

What aspects of and trends in digital transformation do
you find most interesting and why?
Artificial Intelligence presents a fascinating tool to handle the
growing complexities in the world across various industry sectors
such as agriculture, healthcare, financial services and education. I
am optimistic that Google’s establishment of its first Africa AI
research Centre in Ghana in 2019 will expedite local AI
development and research to increase the pace of Ghana’s (and
Africa’s) digital transformation.
What challenges have you faced as a practitioner in this
area and how have you navigated them?
The most difficult challenge I encounter in my practice is the lack
of local expertise in this area of the law. This is slowing down the
pace of progress in this field. I navigate through this challenge by
constantly building the capacity of practitioners with a genuine
interest in technology law to assist in bridging the knowledge
gap.
What do you see as the essential qualities and skill sets of
an adviser in this area?
Extensive knowledge and understanding of IT Law and policy both
globally and within the specific context of Africa, a thorough
understanding of the client’s requirements and the ability to learn
quickly and adapt to change.

E-COMMERCE AND LEGAL ISSUES

E-commerce (electronic commerce or EC) is defined as

buying and selling of goods and services, or the transmitting
of funds or data, over an electronic network, primarily the
internet. These business transactions occur either as
business-to-business, business-to-consumer, consumer-to-
consumer or consumer-to-business. The terms e-commerce
and e-business are often used interchangeably. The term e-
tail is also sometimes used in reference to transactional
processes for online shopping.

CONTRACT

At the heart of e-commerce is the need for parties to be able to

form valid and legally binding contracts online. Basic questions
relate to how e-contracts can be formed, performed, and enforced
as parties replace paper documents with electronic equivalents.

Offer and Acceptance: Electronic Transaction Act (Act, 2008) deals

with contractual aspects of use of electronic records, such as
attribution, acknowledgement, time and place of dispatch and
receipt. However, since the Act is only an enabling Act, it is to be
read in conjunction with the Contracts Act, (Contract Act (Act
1962)). Formation of any contract, under the Contract Act, would
involve three main ingredients. There has to be an offer, there has
to be an acceptance of the said offer without modification and there
has to be some consideration for the contract. These ingredients
would be applicable to e-contracts. However, a difficult question
that law often arises: How do we know whether the offeree has
ACCEPTED the offer? Additionally, Internet communication does
not consist of a direct line of communication between the sender
and receiver of e-mail as in ordinary means of communication.

The message is broken into chunks in the process of delivery.

This raises issues of the exact time of communication of
acceptance of the contract as such a time is critical for
determination of the rights of the parties. The Act 772 has laid
down certain methods for determining the exact time and place
of dispatch and receipt of the e-mail.
Online Identity: Transactions on the Internet, particularly
consumer-related transactions, often occur between parties who
have no pre-existing relationship, which may raise concerns of the
person’s identity with respect to issues of the person’s capacity,
authority and legitimacy to enter the contract. Digital signatures,
is one of the methods used to determine the identity of the person.
The regulatory framework with respect to digital signatures is
governed by the provisions of the Act. However, various countries
have different legislations regulating digital signatures.

SECURITY

Over the Internet is of immense importance to promote e-

commerce. Companies that keep sensitive information on their
websites must ensure that they have adequate security measures
to safeguard their websites from any unauthorized intrusion. A
company could face security threats externally as well as internally.
Externally, the company could face problems from hackers, viruses
and Trojan horses. Internally, the company must ensure security
against its technical staff and employees. Security can be
maintained by using various security tools such as encryption,
firewalls, access codes / passwords, virus scans and biometrics.
For example, a company could restrict access to the contents on
its website only through the use of a password or login code.
Similarly confidential information on websites could be safeguarded
using firewalls that would prevent any form of external intrusion.
Apart from adequate security measures, appropriate legal
documentation would also be needed. For example, a company
could have an adequate security policy that would bind the people
working in and with the company. Moreover, a company could also
be held liable for inadequate security procedures on its website.
For example, last year, a person decided to sue Nike because the
Nike’s website was hacked and the contents of the domain were
re-directed through the person’s web servers in the U.K., bogging
them down and costing the web hosting company time and money.

AUTHENTICATI0N

All though the Internet eliminates the need for physical contact, it
does not do away with the fact that any form of contract or
transaction would have to be authenticated. Different
authentication technologies have evolved over a period of time to
ensure the identity of the parties entering into online transactions.
However, there are some issues that need to be considered by
companies. a. Digital Signatures to be used as authentication tools:
The IT Act stipulates that digital signatures should be used for the
purposes of authenticating an electronic contract. The digital
signature must follow the Public Key infrastructure (“PKI”). This
acts as a limitation on the use of any other technology for
authentication purposes. If Indian ecommerce companies use
some other form of authentication technology, it could be said that
there has been no authentication at all.
APPLICABLE LAW

Evolving inter-operable technology standards: Laws of different

countries provide different authentication standards, sometimes
specifying a clear technology bias. These different authentication
standards need to be inter-operable so as to facilitate cross-border
transactions.

This would need a high degree of co-operation between countries

and the technology providers. For example, an e-commerce
company that uses PKI authentication technology for online
contracts with Indian consumers, may use different / other forms
of technology while entering into online contracts with consumers
in other countries.

In such a case, these contracts with foreign consumers may not be

recognized in India as the authentication technology used is not
PKI. However, such contracts may be enforceable in the foreign
jurisdiction depending upon the laws of the foreign country.

PRIVACY

An important consideration for every e-commerce website is to

maintain the privacy of its users. Use of innovative technologies
and lack of secure systems makes it easy to obtain personal and
confidential information about individuals and organizations. In
July 2001, a dozen privacy groups filed a complaint in the US about
the privacy issues in Microsoft’s Windows XP operating system.
Some features of the Operating System store personal information
such as passwords and credit card data so that users are not
required to constantly re-enter this information as they surf
through websites.

However, though the Operating System was launched successfully

on October 25, 2001, privacy groups have still criticized the Federal
Trade Commission of not taking any action on the complaint. The
web cookie also faces the risk of extinction under a proposed
European Commission directive. However, the Interactive
Advertising Bureau of UK has marshalled support from several
businesses across Europe to launch a lobbying effort that it calls
“Save our Cookies” as it believes that British companies could lose
approximately US$ 272.1 million if web-cookies are banned.

Privacy concerns have also been raised regarding the Internet

Corporation for Assigned Names and Numbers (“ICANN”) "Who is"
database, which is a publicly searchable resource used to
determine the identity of domain name registrants. The database
includes the name of the individual or company that registered a
given domain name, as well as the owner's address, the dates on
which the domain was created, when it expires and when it was
last updated. Privacy groups criticized the company for selling
information about its registrants, arguing that many of them are
individuals who never agreed to having their information sold as a
commodity when they signed up for the service. Some of the
important privacy concerns over the Internet include:
i dissemination of sensitive and confidential medical, financial and
personal records of individuals and organizations

ii sending spam (unsolicited) e-mails

iii tracking activities of consumers by using web cookies; and

iv unreasonable check and scrutiny on an employee’s activities,

including their email correspondence.

INTELLECTUAL PROPERTY RIGHT

One of the foremost considerations that any company intending to

commence ecommerce activities should bear in mind is the
protection of its intellectual assets. The Internet is a boundless and
unregulated medium and therefore the protection of intellectual
property rights ("IPRs") is a challenge and a growing concern
amongst most e-businesses. While there exist laws in Ghana that
protect IPRs in the physical world, the efficacy of these laws to
safeguard these rights in e-commerce is uncertain. Some of the
significant issues that arise with respect protecting IPRs in e-
commerce are discussed hereunder Determining the subject
matter of protection: With the advent of new technologies, new
forms of IPRs are evolving and the challenge for any business
would be in identifying how best its intellectual assets can be
protected. For example, a software company would have to keep
in mind that in order to patent its software, the software may have
to be combined with physical objects for it to obtain a patent.
Ascertaining novelty I originality: Most intellectual property laws
require that the work / mark / invention must be novel or original.
However, the issue is whether publication or use of a work I
invention I mark in electronic form on the Internet would hinder a
subsequent novelty or originality claim in an IPR application for the
work / invention / mark. An e-commerce company would have to
devote attention to satisfying the parameters of intellectual
property protection including originality requirements in its works
to preclude any infringement actions from third parties who own
similar IPRs.

Enforcing IPRs: As will be discussed under the “Jurisdiction” issue,

it is difficult to adjudicate and decide cyber-disputes. The Internet
makes the duplication, or dissemination of IPR- protected works
easy and instantaneous and its anonymous environment makes it
virtually impossible to detect the infringer. Moreover, infringing
material may be available at a particular location for only a very
short period of time.

A company must also keep in mind that since IPRs are inherently
territorial in nature, it may be difficult to adjudge as to whether the
IPR in a work or invention is infringed, if it is published or used
over the Internet, which is intrinsically boundless in nature. For
example, if ‘Company A’ has a trademark registered in Ghana for
software products, but a web portal based in the US uses the same
trademark for marketing either software products or for marketing
some other goods, it may become difficult for Company A to sue
for infringement.

Moreover, due to differences in laws of different nations, what

constitutes infringement in one country may not constitute
infringement in another. Further, even if Company A succeeds in
proving an infringement action, since the IPR that it owns is only
valid for India, the scope of remedies that may be available to
Company A would be territorial and not global. Thus, the web-
portal may be restrained from displaying its site in India or may
have to put sufficient disclaimer’s on its website.

In order to restrain infringement in other countries, Company A

may need to file proceedings those countries also. This process
may prove to be time-consuming and expensive for the aggrieved
Company.

In light of certain technology driven mechanisms such as electronic

copyright management systems (“ECMS”) and other digital
technologies that are evolving to prevent infringement, the recent
World Intellectual Property Organisation (“WIPO”) Copyright
Treaty12 explicitly mandates that all contracting parties to the
treaty shall have to provide adequate legal remedies against
actions intended to circumvent the effective technological
measures that may used by authors to prevent infringement of
their works.
However, these mechanisms may not be commercially viable and
their use may also depend on international interoperability
standards, as well as privacy concerns. d. Preventing unauthorised
hyperlinking and meta tagging:

The judiciary in many countries is grappling with issues concerning

infringement of IPRs arising from hyperlinking and meta tagging
activities. Courts in certain jurisdictions have held that
hyperlinking, especially deep-linking may constitute copyright
infringement, whereas meta tagging may constitute trademark
infringement. For example, Company A’s website provides an
unauthorised link to Company B’s website, or if Company A’s
website uses meta-tags that are similar to Company B’s
trademarks, Company A could be sued for violating Company B’s
IPRs.

Protection against unfair competition: Protection against unfair

competition covers a broad scope of issues relevant for electronic
commerce. So far, electronic commerce has not been subject to
specific regulations dealing with matters of unfair competition.

Companies on the Internet, have to constantly adapt to and use

the particular technical features of the Internet, such as its
interactivity and support of multimedia applications, for their
marketing practices. Problems may arise with regard to the use of
certain marketing practices such as (i) Interactive marketing
practices (ii) spamming (discussed under the “Privacy and Data
Protection” section) and (iii) immersive marketing. Further,
questions regarding the territorial applicability of such standards
would also arise.

DOMAIN NAMES

A company that commences e-commerce activities would at first

have to get its domain name registered. While registering domain
names, if the company chooses a domain name that is similar to
some domain name or some existing trademark of a third party,
the company could be held liable for cybersquatting. Over the past
few years, domestic and international fora have handled and
decided numerous cybersquatting disputes. Recently the “.info”
top-level domain was opened for registration and within no time
the WIPO has already received two cases for dispute settlement.

Jurisdiction In addition to the nature of corporate structure,

decisions will also have to be taken with respect to the jurisdiction
in which the corporate structure should be situated, as it will
determine the extent of any liability that may arise against the
website. According to the traditional rules of private international
law, the jurisdiction of a nation only extends to individuals who are
within the country or to the transactions and events that occur
within the natural borders of the nation. However, in e-commerce
transactions, if a business derives customers from a particular
country as a result of their website, it may be required to defend
any litigation that may result in that country.
As a result, any content placed on a website should be reviewed
for compliance with the laws of any jurisdiction where an
organisation wishes to market, promote or sell its products or
services as it may run the risk of being sued in any jurisdiction
where the goods are bought or where the services are availed of.
The fact that parties to a contract formed through the Internet may
be located in different jurisdictions may have implications for the
interpretation and enforcement of the contract

Liability Owners of websites should guard against the potential

sources of liability which could lead to legal claims against them.
Since the Internet knows no boundaries, the owner of a website
could be confronted with legal liability for non-compliance or
violation of laws of almost any country. Liability may arise due to
various activities inter alia due to hyperlinking (inserting a clickable
link to another site) and framing (incorporating another website
into a frame or window appearing within a webpage on the linking
site), fraud, libel and defamation, invasion of privacy, trademark
and copyright infringement.

Contractual Liability: A website that offers goods or services

should contain an online contract to which the customer must
assent. The contract needs to be carefully drafted to protect the
website owner from liability and should address the key terms and
conditions for the provisions of goods or services. The contract
should clearly establish the exact time and manner of acceptance
of the contract. In the event of dispute or breach of contract, the
liability of the owner of the website would be limited only to the
extent of the terms of the contract.

Statutory liability: Depending on the type of business, a website

would have to comply with the provisions of the law, central or
state, in that jurisdiction. But various nations differ with respect to
statutory compliances and permitted activities. The website would
therefore, in addition to the state laws, be required to comply with
the provisions of the statutes of the countries in which the website
would be vastly accessed.

Failure to comply with such foreign laws may lead to liability under
such law. For example, an Indian company using comparative
advertising on the worldwide web, not knowing that such practices
are prohibited in Germany and France may be liable for violation
of the laws of Germany or France.

Tortuous Liability: Liability under tort may arise due to wrongful

interference with the business or wrongful defamation or any
remark or action that may cause injury to one’s property or
reputation. Thus, although no contractual relationship may exist as
well as where the interference or damage is unintentional, the
website owner may be liable for wrongful injury.

The law of torts lays down a duty on every man to take reasonable
care to avoid any harm to nay person. The owner of the website
also owes a duty to the user and is bound to take reasonable care
to avoid any harm that may be done.
Taxation The massive growth of e-commerce business has not
gone unseen by the tax authorities. Realizing the potential of
earning tax revenue from such sources, tax authorities world over
are examining the tax implications of e-commerce transactions and
resolving mechanisms to tax such transactions. Therefore, it would
be the primary duty of every company to take reasonable
precautions to ensure that the content on its website is not in
violation of any domestic or foreign content regulation law.

Advertisement Many websites advertise goods or services to

customers. The traditional laws of advertising, which apply to
ordinary sales, are enacted in the interest of all consumers to
prevent deceptive and unfair acts or practices. These laws would
also be applicable to advertising or marketing on the Internet. The
websites may be subject to any liability that may arise due to false
designations, origin, misleading description of fact that are likely
to cause confusion or misrepresent the nature, characteristics,
quality or geographic origin of the goods or services that are
offered for sale in an advertisement.

In addition to advertising laws, depending on the kind of business,

the websites would also have to comply with the laws of applicable
to such a business. Certain countries have introduced legislations
that place limitations on Internet advertising. In such a case, would
a website owner be subject to liability for violation of the laws of a
country even though it was not aware of such limitations or
restrictions on advertisement? For example, the courts have in
certain cases held a website of another country liable for fraudulent
Internet advertising in violation of a state statute.

Further, an advertisement may be exposed to liability under the

consumer protection laws since it may be subject to different
interpretations by the consumer in different jurisdictions. Certain
websites simply display advertisements or banners of other
companies.

In such a case, would the owner of the website be subject to

liability for misleading or fraudulent advertisements that are
displayed on its website? The website should contain appropriate
disclaimers disclaiming any such liability. Most countries have
stringent laws with respect to spamming. Website owners must
ensure that they use legal methods of advertisements and that the
method used does not amount to spamming.

Electronic Payment Issues The instrumental growth in e-

commerce activities has necessitated the evolution of electronic
payment mechanisms. In addition to normal currencies, e-financial
instruments / digital currencies such as cybercash32 and e-cash33
can be used for the purchase of currency as well as capital assets
over the Internet and for carrying on other commercial activities.
CYBER CRIME

When computers and networks came into being in the 1990s,

hacking was done basically to get more information about the
systems. Hackers even competed against one another to win the
tag of the best hacker. As a result, many networks were affected;
right from the military to commercial organizations. Initially, these
hacking attempts were brushed off as mere nuisance as they did
not pose a long-term threat. However, with malicious software
becoming ubiquitous during the same period, hacking started
making networks and systems slow. As hackers became more
skillful, they started using their knowledge and expertise to gain
benefit by exploiting and victimizing others.

As Internet usage is growing daily the world is coming closer. The

World Wide Web sounds like a vast phenomenon but surprisingly
one of its qualities is bringing the world closer making it a smaller
place to live in for its users. However, it has also managed to create
another problem for people who spend long hours browsing the
Cyber World – which is cybercrimes. While law enforcement
agencies are trying to tackle this problem, it is growing steadily
and many people have become victims of hacking, theft, identity
theft and malicious software. One of the best ways to avoid being
a victim of cybercrimes and protecting your sensitive information
is by making use of impenetrable security that uses a unified
system of software and hardware to authenticate any information
that is sent or accessed over the Internet. However, before you
can understand more about this system, let us find out more about
cybercrimes.

Cyber Crime in Modern Society

Today, criminals that indulge in cybercrimes are not driven by ego

or expertise. Instead, they want to use their knowledge to gain
benefits quickly. They are using their expertise to steal, deceive
and exploit people as they find it easy to earn money without
having to do an honest day’s work.
Cybercrimes have become a real threat today and are quite
different from old-school crimes, such as robbing, mugging or
stealing. Unlike these crimes, cybercrimes can be committed single
handedly and does not require the physical presence of the
criminals. The crimes can be committed from a remote location and
the criminals need not worry about the law enforcement agencies
in the country where they are committing crimes. The same
systems that have made it easier for people to conduct e-
commerce and online transactions are now being exploited by
cyber criminals.

Categories of Cyber Crime

Cybercrimes are broadly categorized into three categories, namely

crime against

1. Individual
2. Property
3. Government

Each category can use a variety of methods and the methods used
vary from one criminal to another.

Individual: This type of cybercrime can be in the form of cyber

stalking, distributing pornography, trafficking and “grooming”.
Today, law enforcement agencies are taking this category of
cybercrime very seriously and are joining forces internationally to
reach and arrest the perpetrators.

Government: Although not as common as the other two

categories, crimes against a government are referred to as cyber
terrorism. If successful, this category can wreak havoc and cause
panic amongst the civilian population. In this category, criminals
hack government websites, military websites or circulate
propaganda. The perpetrators can be terrorist outfits or unfriendly
governments of other nations.
Types of Cyber Crimes

When any crime is committed over the Internet it is referred to as

a cybercrime. There are many types of cybercrimes and the most
common ones are explained below:

Hacking: This is a type of crime wherein a person’s computer is

broken into so that his personal or sensitive information can be
accessed. In the United States, hacking is classified as a felony and
punishable as such. This is different from ethical hacking, which
many organizations use to check their Internet security protection.
In hacking, the criminal uses a variety of software to enter a
person’s computer and the person may not be aware that his
computer is being accessed from a remote location.

Theft: This crime occurs when a person violates copyrights and

downloads music, movies, games and software. There are even
peer sharing websites which encourage software piracy and many
of these websites are now being targeted by the FBI. Today, the
justice system is addressing this cybercrime and there are laws
that prevent people from illegal downloading.

Cyber Stalking: This is a kind of online harassment wherein the

victim is subjected to a barrage of online messages and emails.
Typically, these stalkers know their victims and instead of resorting
to offline stalking, they use the Internet to stalk. However, if they
notice that cyber stalking is not having the desired effect, they
begin offline stalking along with cyber stalking to make the victims’
lives more miserable.

Identity Theft: This has become a major problem with people

using the Internet for cash transactions and banking services. In
this cybercrime, a criminal accesses data about a person’s bank
account, credit cards, Social Security, debit card and other
sensitive information to siphon money or to buy things online in
the victim’s name. It can result in major financial losses for the
victim and even spoil the victim’s credit history.
Malicious Software: These are Internet-based software or
programs that are used to disrupt a network. The software is used
to gain access to a system to steal sensitive information or data or
causing damage to software present in the system.

Child soliciting and Abuse: This is also a type of cybercrime

wherein criminals solicit minors via chat rooms for the purpose of
child pornography. The FBI has been spending a lot of time
monitoring chat rooms frequented by children with the hopes of
reducing and preventing child abuse and soliciting.

Ransomware

This is one of the detestable malware-based attacks.

Ransomware enters your computer network and encrypts your
files using public-key encryption, and unlike other malware this
encryption key remains on the hacker’s server. Attacked users
are then asked to pay huge ransoms to receive this private key.

DDoS attacks

DDoS attacks are used to make an online service unavailable and

bring it down, by bombarding or overwhelming it with traffic from
multiple locations and sources. Large networks of infected
computers, called Botnets are developed by planting malware on
the victim computers. The idea is normally to draw attention to the
DDOS attack, and allow the hacker to hack into a system. Extortion
and blackmail could be the other motivations

Botnets

Botnets are networks of compromised computers, controlled by

remote attackers in order to perform such illicit tasks as sending
spam or attacking other computers. Computer Bots can also be
used act like malware and carry out malicious tasks. Then can be
used to assemble a network of computers and then compromise
them
Spam and Phishing

Spamming and phishing are two very common forms of

cybercrimes. There is not much you can do to control them. Spam
is basically unwanted emails and messages. They use Spambots.
Phishing is a method where cyber criminals offer a bait so that you
take it and give out the information they want. The bait can be in
form of a business proposal, announcement of a lottery to which
you never subscribed, and anything that promises you money for
nothing or a small favor. There are online loans companies too,
making claims that you can get insecure loans irrespective of your
location. Doing business with such claims, you are sure to suffer
both financially and mentally.

Such spamming and phishing attempts are mostly emails sent by

random people whom you did not ever hear of. You should stay
away from any such offers especially when you feel that the offer
is too good. The US Cybercrime Center says – do not get into any
kind of agreements that promise something too good to be true.
In most cases, they are fake offers aiming to get your information
and to get your money directly or indirectly.

Social Engineering

Social engineering is a method where the cyber criminals make a

direct contact with you using emails or phones – mostly the
latter. They try to gain your confidence and once they succeed at
it, they get the information they need. This information can be
about you, your money, your company where you work or
anything that can be of interest to the cyber criminals.

it is easy to find out basic information about people from the

Internet. Using this information as the base, the cybercriminal try
to befriend you and once they succeed, they will disappear
leaving you prone to different financial injuries directly or
indirectly.

They can sell the information obtained by you or use it to secure

things like loans in your name
How to Tackle Cyber Crime

It has been seen that most cyber criminals have a loose network
wherein they collaborate and cooperate with one another. Unlike
the real world, these criminals do not fight one another for
supremacy or control. Instead they work together to improve their
skills and even help out each other with new opportunities. Hence,
the usual methods of fighting crime cannot be used against cyber
criminals. While law enforcement agencies are trying to keep pace
with cyber criminals, it is proving to be a Herculean task. This is
primarily because the methods used by cyber criminals and
technology keeps changing too quickly for law enforcement
agencies to be effective. That is why commercial institutions and
government organizations need to look at other methods of
safeguarding themselves.

The best way to go about is using the solutions provided by Cross-

Domain Solutions. When organizations use cross domain cyber
security solutions, they can ensure that exchange of information
adheres to security protocols. The solution allows organizations to
use a unified system comprising of software and hardware that
authenticates both manual and automatic transfer and access of
information when it takes places between different security
classification levels. This allows seamless sharing and access of
information within a specific security classification, but cannot be
intercepted by or advertently revealed to user who is not part of
the security classification. This helps to keep the network and the
systems using the network safe.

Cross Domain Solution offers a way to keep all information

confidential by using safe and secure domains that cannot be
tracked or accessed. This security solution can be used by
commercial and governmental organization to ensure an
impenetrable network while still making sure that users can get
access to the required information easily.
 CHAPTER SIX
CYBER OFFENCES
STEALING
Section 124 of the Criminal Offences Act 1960 (Act 29) on
stealing applies with the necessary modification (a) to anything
done using an electronic processing or procuring
procedure system whether or not the appropriation was by
use of an electronic processing procedure, and (b) to
anything whether or not the medium used in the receiving
in whole or in part was an Electronic Record Appropriation
46 Electronic Transactions Act, 2008 108. (1)

APPROPRIATION

Section 122(2) of the criminal offences act, 1960 (Act 29) on Acts
which amount to appropriation applies with the necessary
modification to anything whether or not the moving, taking,
obtaining, carrying away or dealing is by means of electronic
processing or procuring procedure in part or in whole. (2) for a
cyber offence, “thing” includes any electronic related matter
which results in the loss of property, identity, electronic payment
medium, information, electronic record and any related matter
whether tangible or intangible wherever located on any network if
the accused is subject to prosecution under this Act.

REPRESENTATION

Section 133 of the criminal offences act, 1960 (act 29) on false
pretences applies with the necessary modification to a
representation whether or not the medium used in
communicating the representation in part or in whole was an
electronic processing system and whether or not the
representation consists of an electronic record in part or in whole.

CHARLATANIC ADVERTISEMENT

Section 137 of the criminal offences act, 1960 on charlatanic

advertisement in newspapers applies with the necessary
modification to any publication in an electronic record, website
related publication however described or linked.

ATTEMPT TO COMMIT CRIMES

Section 18 of the criminal offences act, 1960 (Act 29) on

attempts to commit crimes applies with the necessary
modification to any person who attempts to commit a crime
whether the medium used in whole or in part was an electronic
medium or an electronic agent.

AIDING AND ABETTING

Sections 20 and 21 of the criminal offences act, 1960 (act 29) on

abetment of crime applies with the necessary modification to any
person who abets a crime whether the medium used in whole or
in part was an electronic medium or an electronic agent.

DUTY TO PREVENT FELONY

Section 22 of the criminal offences act, 1960 (act 29) on duty to

prevent a felony (Act 29) applies with the necessary modification
to any person who knowing that a person plans to commit or is
committing a felony, fails to use reasonable means to prevent the
commission of the felony whether the medium used in whole or in
part was an Electronic 47 Electronic Transactions Act, 2008 Act 772
medium or an electronic agent and whether the means to prevent
the commission of the offence is an electronic medium or agent.

CONSPIRACY

section 23 of the Criminal Offences Act, 1960 (Act 29) on

conspiracy applies with the necessary modification to any person
who conspires to commit an offence whether the medium used in
whole or in part was an electronic medium or an electronic agent.

FORGERY

Sections 158, 159,161,162,164,166,167,168,169 And 170 Of The

Criminal Offences Act, 1960 (Act 29) on forgery apply with the
necessary modification to any person who forges anything whether
or not the forgery is in whole or in part effected by use of any
electronic process or in electronic form.

INTENT
A person who uses any electronic medium or any electronic agent
whether in part or in whole is deemed to intend to cause or
contribute to causing the event which results from the use or
intervention of the electronic medium or agent.

CRIMINAL NEGLIGENCE

A person who uses an electronic medium or any electronic agent

whether in part or in whole is deemed to have caused an event
negligently if without intending to cause the event, the person
causes it by voluntary action from the use or intervention of an
electronic medium or agent without the skill and care as are
reasonably necessary under the circumstances.

ACCESS TO PROTECTED COMPUTER

A person who secures unauthorised access or attempts to secure

access to a protected system in contravention of a provision of this
act commits an offence and is liable on summary conviction to a
fine of not more than five thousand penalty units or to a term of
imprisonment of not more than ten years or to both.

OBTAINING ELECTRONIC PAYMENT MEDIUM FALSELY

A person who makes or causes to be made either directly or

indirectly, a false representation to procure the issue of an
electronic payment medium personally or to another person
commits an offence and is liable on summary conviction to a fine
of not more than five thousand penalty 48 electronic transactions
act, 2008 units or to a term of imprisonment of not more than ten
years or to both.

ELECTRONIC TRAFFICKING

A person who is found in possession of any electronic related

payment medium invoices, vouchers, sales drafts, or other
representations of devices related to the manufacture or use of the
device without lawful explanation commits the offence of electronic
trafficking and is liable on summary conviction to a fine of not more
than five thousand penalty units or a term of imprisonment of not
more than ten years or to both.

POSSESSION OF ELECTRONIC COUNTERFEIT-MAKING EQUIPMENT

A person who receives, possesses, transfers, buys, sells, controls,

or has custody of equipment used in the manufacture of counterfeit
electronic related materials or electronic record commits an offence
and is liable on summary conviction to a fine of not more than five
thousand penalty units or to a term of imprisonment of not more
than ten years or to both.

GENERAL OFFENCE FOR FRAUDULENT ELECTRONIC FUND

TRANSFER

A person who without authority, in the course of an electronic fund

transfer, uses the personal or financial record or credit account
numbers or electronic payment medium of another with intent to
defraud an issuer or a creditor or who obtains money, goods,
services, or anything fraudulently commits an offence and is liable
on summary conviction to a fine of not more than five thousand
penalty units or to a term of imprisonment of not more than ten
years or to both.

GENERAL PROVISION FOR CYBER OFFENCES

Except as provided for in this act, any offence under a law which is
committed in whole or in part by use of an electronic medium or in
electronic form is deemed to have been committed under that act
and the provisions of that act shall apply with the necessary
modification to the person who commits the offence.

UNAUTHORISED ACCESS OR INTERCEPTION

A person who intentionally accesses or intercepts an electronic

record without authority or permission commits an offence and is
liable on summary conviction to a fine of not more than two
thousand five hundred penalty units or to a term of imprisonment
of not more than five years or to both.

UNAUTHORISED INTERFERENCE WITH ELECTRONIC RECORD

A person who intentionally and without authority interferes with an

electronic record in a way which causes the electronic record to be
modified, destroyed or otherwise rendered ineffective, commits an
offence 49 electronic transactions act, 2008 act 772 and is liable
on summary conviction to a fine of not more than two thousand
five hundred penalty units or to a term of imprisonment of not more
than five years or to both.

UNAUTHORISED ACCESS TO DEVICES

A person who unlawfully produces, sells, offers to sell, procures for

use, designs, adapts for use, distributes or possesses any device,
including a computer programme or a component, which is
designed primarily to overcome security measures for the
protection of an electronic record, or performs any of those
functions with regard to a password, access code or any other
similar kind of electronic record, commits an offence and is liable
on summary conviction to a fine of not more than two thousand
five hundred penalty units or to a term of imprisonment of not more
than five years or to both.

UNAUTHORISED CIRCUMVENTION

A person who without lawful authority utilises a device or computer

programme in order to overcome security measures designed to
protect the electronic record or access to it commits an offence and
is liable on summary conviction to a fine of more than two thousand
five hundred

penalty units or to a term of imprisonment of not more than five

years or to both.

DENIAL OF SERVICE
A person who commits any act described in this act with intent to
interfere with access to an information system to effect a denial,
including a partial denial of service to legitimate users commits an
offence and is liable on summary conviction to a fine of not more
than two thousand five hundred penalty units or a term of
imprisonment of not more than two years or to both.

UNLAWFUL ACCESS TO STORED COMMUNICATIONS

(1) whoever, without lawful authority, intentionally accesses a

facility through which an electronic communication service is
provided, commits an offence and is liable on summary
conviction to a fine of not more than five thousand penalty
units or to a term of imprisonment of not more than ten years
or to both. (2) whoever without lawful authority exceeds an
authorisation to access a facility or obtains, alters, or
prevents authorised access to a wire or electronic
communication while it is in electronic storage in a system
electronic transactions act, 2008 commits an offence and is
liable on summary conviction to a fine of not more than five
thousand penalty units or to a term of imprisonment of not
more than ten years or to both.
UNAUTHORISED ACCESS TO COMPUTER PROGRAMME OR
ELECTRONIC RECORD
1. a person who knowing and without authority causes a
computer to perform any function to secure access to a
programme or electronic record held in that computer or in
any other computer, commits an offence and is liable on
summary conviction to a fine of not more than two thousand
five hundred penalty units or to a term of imprisonment of not
more than five years or to both. (2) for the purposes of
sections 107 to 141, it is immaterial that the act in question
is not directed at (a) a particular programme or electronic
record, (b) a programme or electronic record of any kind, or
(c) a programme or electronic record held in any particular
computer. (3) a person secures or gains access to a
programme or electronic record held in a computer if by
causing the computer to perform any function, the person (a)
alters or erases the programme or electronic record, (b)
copies or moves it to a storage medium other than that in
which it is held or to a different location in the storage medium
in which it is held, (c) uses it, or (d) causes it to be output
from the computer in which it is held, whether by having it
displayed or in any other manner, and references to access to
a programme or electronic record and to an intent to secure
the access, shall be read accordingly.
(4) a person uses a programme if the function the person
causes the computer to perform (a) causes the programme to
be executed, or (b) is itself a function of the programme. (5)
for the purposes of this act, the form of any programme or
electronic record is immaterial.
 UNAUTHORISED MODIFICATION OF COMPUTER
PROGRAMME OR ELECTRONIC RECORD

1. a person who does any direct or an indirect act without

authority which the person knows or ought to have
known will cause an unauthorised modification of any
programme or electronic record held in 51 electronic
transactions act, 2008 act 772 a computer commits an
offence and is liable on summary conviction to a fine of
not more that five thousand penalty units or a term of
imprisonment of not more than ten years or to both.
(2) it is immaterial that the act in question is not directed at (a)
any particular programme or electronic record, (b) a
programme or electronic record of any kind, (c) a programme
or electronic record held in any particular computer, or (d)
any unauthorised modification is, or is intended to be,
permanent or merely temporary.

(3) a modification of a programme or electronic record

occurs if, by the operation of a function of the computer
concerned or any other computer, (a) a programme or
electronic record held in the computer is altered or
erased, (b) a programme or electronic record is added to
or removed from a programme or electronic record held
in the computer, or (c) an act occurs which impairs the
normal operation of any computer.
 (4) an act which contributes towards causing a
modification is regarded as causing IT crime. (5) a
modification is unauthorised if the person who causes it
(a) is not entitled to determine whether the modification
should be made, (b) is not authorised to make the
modification or knowingly acted in excess of the
authorised modification, or (c) does not have consent to
the modification from the person who is entitled.

UNAUTHORISED DISCLOSURE OF ACCESS CODE

A person who knowingly and without authority discloses a

password, access code or any other means of gaining
access to a programme or electronic record held in a
computer commits an offence and is liable on summary
conviction to a fine of not more than ten thousand penalty
units or a term of imprisonment of not more than twenty
years or to both. offence relating to national interest and
security 133.

(1) whoever knowingly accesses a computer without

authorisation or exceeds authorised access, and by means
of the conduct accesses information from a protected
computer commits an offence and is liable on 52 electronic
transactions act, 2008 summary conviction to a fine of not
more than ten thousand penalty units or to a term of
imprisonment of not more than twenty years or to both.

(2) whoever intentionally accesses a computer without

authorisation or exceeds authorised access to a computer
which contains (a) information stored in, transiting through
or in the financial records of a financial institution, or
consumer reporting agency, (b) information from a
department or agency of the government, (c) information
from a protected computer, or (d) information relating to
the security of the republic of ghana commits an offence
and is liable on summary conviction to a fine of not more
than ten thousand penalty units or to imprisonment for a
term of not more than twenty years or to both.

(3) whoever without authorisation or in excess of

authorisation by any act, omission, computer hardware or
software manipulation or use knowingly causes the
transmission of a program, information, code, or command
and as a result of the conduct, causes damage to a
protected computer commits an offence and is liable on
summary conviction to a fine of not more than ten thousand
penalty units or to a term of imprisonment of not more than
twenty years or to both causing a computer to cease to
function.
A person who intentionally engages in conduct, including
virus writing, virus and worm dissemination which causes a
computer to cease to function permanently or temporarily
commits an offence and is liable on summary conviction to
a fine of not more than five thousand penalty units or to
imprisonment for a term of not more than ten years or to
both.

ILLEGAL DEVICES

a person who intentionally, recklessly, without lawful

excuse or justification, possesses, produces, sells, procures
for use, imports, exports, distributes or otherwise makes
available (a) a device, including a computer programme,
that is designed or adapted for the purpose of committing
an offence, or (b) a computer password, access code or
similar electronic record by which the whole or any part of
a computer system is capable of being accessed with the
intent that it be used by a person for an offence commits
an offence and is liable on summary conviction to a fine of
not more than five thousand penalty units or a term of
imprisonment of not more than ten years or to both.

CHILD PORNOGRAPHY

Electronic transactions act, 2008 act 772.

(1) a person who intentionally does any of the following

acts: (a) publishes child pornography through a computer;
(b) produces or procures child pornography for the purpose
of its publication through a computer system; or (c)
possesses child pornography in a computer system or on a
computer or electronic record storage medium commits an
offence and is liable on summary conviction to a fine of not
more than five thousand penalty units or a term of
imprisonment of not more than ten years or to both.

(2) in this section: “child pornography” includes material

that visually depicts (a) a child engaged in sexually explicit
conduct; (b) a person who appears to be a child engaged
in sexually explicit conduct; (c) images representing a child
engaged in sexually explicit conduct; and (d) unauthorised
images of nude children; “child” means a person below
eighteen years; “publish” means (a) distribute, transmit,
disseminate, circulate, deliver, exhibit, lend for gain,
exchange, barter, sell or offer for sale, let on hire or offer
to let on hire, offer in any other way, or make available in
any way;

(b) have in possession or custody, or under control, for the

purpose of doing an act referred to in paragraph (a); and
(c) print, photograph, copy or make in any other manner
whether of the same or of a different kind or nature to carry
out an act referred to in paragraph (a).
Confiscation of assets. a court may order the confiscation
of moneys, proceeds, properties and assets purchased by a
person with proceeds derived from or in the commission of
the offence on the conviction of the person for an offence
under this act and may further order the return of any
money or thing to any victim of the crime.

Order for compensation. Electronic Transactions Act, 2008

772. (1) a court may make an order against a person for
the payment of a sum to be fixed by the court as
compensation to be paid by the person to any person for
damage caused to that person’s computer, program or
electronic record as a result of the offence for which the
sentence is passed.

(2) a claim by a person for damages sustained because of

the offence shall be deemed to have been satisfied to the
extent of an amount which has been paid to the person
under an order for compensation, but the order shall not
limit any right to a civil remedy for the recovery of damages
beyond the amount of compensation paid under the order.
(3) an order for compensation under this section is
recoverable as a civil debt.

OWNERSHIP OF PROGRAMME
 Ownership of programme or electronic record or electronic
record held in a computer is deemed to be property of the
owner of the computer.

CONVICTION AND CIVIL CLAIMS

A conviction shall not limit the right of a complainant to

bring a civil action.

RECORD AND ACCESS TO SEIZED ELECTRONIC

RECORD (1) if a computer or electronic record has been
removed or rendered inaccessible after a search or a
seizure under this act, the person who made the search
shall, at the time of the search or as soon as practicable
after the search, (a) make a list of what has been seized or
rendered inaccessible, with the date and time of seizure,
and (b) give a copy of that list to (i) the occupier of the
premises, or (ii) the person in control of the computer.

(3) The police officer or another authorised person may refuse to

give access or provide copies if giving the access, or
providing the copies (a) would constitute a criminal offence,
or (b) would prejudice (i) the investigation in connection with
which the search was carried out, (ii) another ongoing
investigation, or (iii) criminal proceedings that are pending
or that may be brought in relation to any of those
investigations.
MISCELLANEOUS MATTERS
Electronic transactions act, 2008 Act 772 territorial scope of
offences under this act. (1) this act has effect in relation to a
person of whatever nationality outside as well as within the
country and where an offence under this act is committed by
a person in any place outside the country, the person may
be dealt with as if the offence had been committed within the
country.

this act shall apply if, for the offence in question (a) the
accused was in the country at the material time; (b) the
electronic payment medium, computer or electronic record
was issued in or located or stored in the country at the
material time; (c) the electronic payment medium was issued
by a financial institution in the country; or (d) the offence
occurred within the country, on board a Ghanaian registered
ship or aircraft or on a voyage or flight to or from this country
at the time that the offence was committed, whether
paragraph (a), (b) or (c) applies.

REGULATIONS
The minister may by legislative instrument make regulations
(a) to define, enlarge or restrict the meaning of a word or
expression used in this act; (b) to specify provisions of or
requirements under another enactment to which this act
does not apply; (c) to prescribe records, information or
classes of records or information not applicable to this act;
(d) to prescribe records or classes of records for which a
requirement under law for the signature of a person must be
satisfied by an electronic signature and proof that, in view of
the circumstances including any relevant agreement and the
time the electronic signature was made, (i) the electronic
signature is reliable for the purpose of identifying the person,
and (ii) the association of the electronic signature with the
relevant electronic record is reliable for the purposes for
which the electronic record was made; (e) to provide for
electronic signatures; (f) to provide for the electronic means
to be used to send, receive or retain information or records
in electronic form if Electronic Transactions Act, 2008, an
enactment requires a person to send, receive or retain the
information or records; and (g) to provide for any other
matter necessary for the effective implementation of this act
 CHAPTER SEVEN

INTELLECTUAL PROPERTYISSUES
Intellectual property rights are the legally recognized exclusive
rights to creations of the mind. Under intellectual property law,
owners are granted certain exclusive rights to a variety of
intangible assets, such as musical, literary and artistic works,
discoveries and invention, words phrases, symbols and designs.
Intellectual property is something you create that’s unique.
Common types of intellectual property rights include
COPYRIGHT, TRADEMARKS, PATENT INDUSTRIAL
DESIGNS, TRADE DRESS AND IN SOME JURISDICTIONS
TRADE SECRET.
PATENT
A patent grants an inventor the right to exclude others from
making, using, selling, offering to sell and importing an
invention for a limited period of time in exchange for the public
disclosure of the invention. An inventor is a solution to a specific
technological problem, which may be a product or a process.
A patent registers your invention and allows you to take legal
action against anyone who makes, uses, sell or imports your
invention without your permission.

ESSENTIALS OF PATENT
For one to successful claim patent, he must show that the
invention is:
> New,
> Inventive not just an obvious modification of something that
already exists
Something that can be made
or used YOU CAN’T

PATENT:
Literature, dramatic, musical or artistic work
Schemes, rules or methods- including medical treatment
methods
Anything that’s solely an idea- eg a way of thinking, a
scientific or mathematical discovery. New types of plants,
seeds or animals, the way information is presented
> Search for a similar or identical patents.
> Prepare your patent application including a written description
of your invention and legal statements that defines its
distinctive technical features.
> File your patent application
> The intellectual property office (IPO) will check your
application and do its own search to make sure your invention
does not already exist.
> Your patent application will be published by IPO to give other
people the chance to object.
> The IPO will examine your application and ask you to respond
to any comments the examiner makes.
 > Your application will be granted or refused
After your patent has been granted you can license it to
other people or defend it against infringements.

HOW LONG A PATENT LASTS

A patent can last for 12 years from the date you apply for
it. After you have held a patent for 4 years, you must
renew pay to renew it every year if you want to keep it.

OVERSEAS PATENT

A patent only protects your invention in the country

where the patent is registered.
TRADE MARKS (TRADE MARKS ACT 2004, ACT 664)
Section 1 of Act 664, defines trademarks as any sign or
combination of signs capable of distinguishing the goods or
services of one undertaking from the goods or services of the
other undertakings including words such as personal names,
letters numerals and figurative elements.
A trade mark is a something that makes brand recognizable, e.g.
A logo or a sound.
Registering a trade mark gives one legal right to stop other people
from using it without your permission. The registration last 10
years and is only valid in the country of registration. It can be
renewed every 10 years.
> Check that your brand qualifies as trade mark. You cannot
change it after you have submitted an application.
> Find out if an identical or similar trade already exists. It is
your responsibility to do a thorough search
> Register your trade mark.
> The IPO will check your application and make it public to
give other people the chance to object
 > The IPO accepts or refuses your application. They will send
you a certificate if they accept it.
Upon registration, section 3 confers an exclusive right to
the use of the mark on the owner.

DESIGN RIGHT
A registered design protects the visual appearance or item and
gives exclusive right for that appearance to the extent that, if
necessary, there is a legal right to stop an unauthorized party from
producing or using your design.

Design right protect the way a product looks.

A valid design right must be:
> New ( no similar or identical designs)
> Have distinct character (the appearance of the design is
different to any existing designs)
> Be already registered in an approved jurisdiction.

A DESIGN IS NOT REGISTRABLE IF IT.

> Does not have individual character

> Is offensive
> Is solely dictated by the product’s function.

GEOGRAPHICAL INDICATION
A geographical indication is a sign used on goods that have a
specific geographical origin and possess qualities, a reputation or
characteristics that are essential attributable to that place of origin.
Most commonly, a geographical indication includes the name of the
place of origin of the goods. For example, agricultural products
typically have qualities that derive from their place of product and
are influenced by specific local factors, such as climate and soil.
COPY RIGHT (COPY RIGHT ACT 2005, ACT 690)
Copy right is a basic right which enable creators of literary and
artistic work to receive recognition for their work as author and
financial rewards for their creative works. This right entitled them
to authorize or prohibit the use of their works by others.
WORK ELIGIBLE FOR COPYRIGHT
Section l of Act 690, classifies the following work eligible for
copyright and protection under this Act.
> Literary work
> Artistic work
> Musical work
> Sound recording
> Audio-visual work
> Derivative work and
> Computer software or program.

A copy right owner enjoys two distinct rights. These are

Economic and Moral rights.
ECONOMIC RIGHT: they are financial gain the owner made by
renting of the work by video libraries etc, reproduction of the
work in various form, broadcasting of work by radio station, cable
or satellite. Economic right expires 70 years after the death of
the author and the Economic right is transferable.
MORAL RIGHT: they are not transferable and it includes the
right of the creator to claim authorship of the work that is to say
to be recognized and named as such and the right to oppose any
changes to his work that could harm his or her reputation.

TRADE RELATED INTELLECTUAL PROPERTY AGREEMENT

(TRIPS)
The agreement on trade related aspect of intellectual property right
is an international agreement administered by the World Trade
Organization (WTO) that sets down minimum standards for many
forms of intellectual property (IP) regulation as applied to nationals
of other WTO members.
The TRIPS agreement introduced intellectual property law into the
international trading system.
Specifically, TRIPS requires WYO members to provide copyrights,
covering content producers including performers, producers of
sound recordings and broadcasting organizations etc.
TRIPS also specify enforcement procedure, remedies, and dispute
resolution procedures and can discipline states through WYO’S
dispute settlement mechanism.
WORLD INTELLECTUAL PROPERTY ORGANIZATION (WIPO)
World intellectual property organization: is one of the 17
specialized agencies of the United Nations. WIPO was created in
1967 to encouraged creative activity, to promote the property of
intellectual throughout the world.
WIPO seeks to promote the protection of intellectual property
throughout the world.
IP TREATIES
Intellectual treaties or conventions are rules of law negotiated
among a number of states to establish international standards
regarding respect for intellectual property right in each country.
It is the responsibility of the countries involved to identify in their
constitutions the competent authority for conducting negotiations
and ratifying treaties.

COPYRIGHT ISSUES IN CYBERSPACE

The World Wide Web has given us access to boundless

information. Search engines (Google, Yahoo, Ask Jeeves and
Dogpile, to name a few) can find the answers to simple and
perplexing questions. One of the questions you should be asking
is — what can I copy and what do I treat as research or source
material?

When Is It OK to Copy From the Internet?

Government information is in the public domain, which means

that you are free to copy and paste whole documents without
infringing on copyright. However, it is courteous to the source
and helpful to the reader to give attribution to the government
agency and include the URL in your document. This credit
validates the information you're providing and gives direction to
anyone wishing to study the topic in more depth.

Other sites may offer reproduction rights to you, saying

something such as: We want you to copy and distribute this
information.

Newspapers, magazines and newsletters that post their current

issues and archived articles on the Web usually include a
copyright notice on the individual pieces. So even if they offer a
"printer friendly version" or an option to "e-mail this piece to a
friend," they aren't offering you the choice to cut and paste their
work into your document. You can use their information as
research material and paraphrase their information, giving
attribution to the source.

When Is OK a Relative Term?

You do not have the right to post a document, text, illustration,

photograph, chart, sounds, electronic mail and so forth to your
Web site unless it was created by you or someone working for
you under your direction (work-for-hire), or the owner of the
material has given specific permission (in writing) that you may
create an electronic version and post it on your Web site.

• Example: If you purchase a royalty-free CD-ROM of stock

photographs, illustrations or other art (Corbis, Getty, Eye
 wire), the fine print gives you the right to use the images as
many times and any way you see fit.

• Example: When you hire a photographer to cover an event,

it's wise to specify that the fee covers any and all use of the
pictures. You may only want to document the happening
now, but next week someone may decide the photos would
be great with the article in your printed newsletter, then the
following month another someone might decide to post the
newsletter (photos and all) on your Web site, and next
quarter one particular photo makes its way into a fund-
raising mailing, and then the Ad Council selects these photos
for the public service campaign it's creating on your behalf.
If you didn't make arrangements for these "possibilities"
when you contracted with the photographer, you are
obligated to renegotiate fees for each additional use.
Otherwise the photographer could demand more money for
additional use(s) of the work or worse, sue you for copyright
infringement.

You do not have the right to "copy and paste" text, graphics or
logo from another's Web site and put it on your Web site (or into
printed materials or electronic correspondence or any other use).

• Example: You may ask the owner of another Web site to

give you permission (written) to post a document or graphic
on your site (with proper credit — author's name,
organization's name, URL). Do not overlook this step when
posting logos of sponsoring organizations or companies on
your site. The companies own their own representations and
will appreciate the courtesy of your asking permission. It's
the professional, risk management and legal thing to do.

• Example: You may request permission (in writing) from the

owner of the text or graphic to create a link from your Web
site to his to enable visitors to your site to have direct
access to the information. This exchange usually is a win-
win situation for both parties, and most site owners will
 grant a non profit such permission. Exceptions occur when
you are asking for free access to something the site charges
money to view.

You do have the right to use information on other Web sites as

reference for articles, quizzes, and interactive programs that you
are creating for your Web site, newsletter, fact sheets,
PowerPoint presentations, etc.

• Example: You want to know what points should be covered

in a rental agreement for community groups wishing to use
your facility. You may use search engines to locate
information and samples. Based on this research, you can
list points you want your attorney to include in your
document, or you can draft a sample document for your
attorney to review.

• Example: You want to create a safety tip sheet for your

program participants. You can research several Web sites
and then compile and rewrite the information in your own
words. You may cite the best Web sites in a "Resource"
sheet to print or post on your Web site. However, if you
create links to those URLs, first get permission in writing
from each owner.

Ironically although Web sites are protected by copyright: 1) if

they are and 2) to the extent they are original, the act of
uploading material onto a Web site for people to read implies that
it is permissible to download and use the information. Thus, if
your site contains valuable creative material, you may want to
add a copyright notice to the site.

• Example: Your notice may say WJB nonprofit invites people

who wish to "reprint" material from this send an e-mail
request to the Webmaster.

• Example: The notice should contain the copyright symbol

(©), publication date and copyright owner's name. A
 publication date for online purposes is the date you uploaded
the document. If the work was previously published in a
different medium (print, e-mail) include that date, too.

Reading list

1. Trout, B.J (2007) Cyber Law: A Legal arsenal for

online business.
2. Bissonette, A. M. (2009). Cyber Law: Maximizing
safety and minimizing risk in class. Sage
publications.
3. Bainbridge, D. (2007). Introduction to
Information Technology Law (6th Edition)
Longman.