Fundamentals Of Cyber Law You Need To Know

Need For Cyber Law

With the advances in cyber technology, spurred by the diversity of usage, the internet has penetrated every aspect of our everyday existence. We find ourselves spending more and more time texting on WhatsApp, Telegram and Signal, connecting with people on Facebook, Instagram or the next new thing, and learning a great number of things from playing guitar and sitar to making all kinds of weird cold coffees; exotic dishes with unpronounceable names; skipping rope and sleepwalking through exams to top the class (not sure if that’s a thing yet), not to mention watching a cat competently deliver a flying kick to a dog’s growling face (that’s certainly a thing) with the dog looking more puzzled than offended at its undersized opponent’s foolhardy declaration of war.

The point is, every moment we spend on the internet with data packets flying back and forth, carrying valuable information about what we are interested in, how we like spending our time and what we would be willing to spend money on, we keep ourselves open to computer breaches because different aspects of our lives are differently valuable to different buyers and sellers of information. Everybody interested in our personal information is not looking to harm us, blackmail us or misuse the information to our detriment, but unauthorised access to personal information itself is illegal because every individual has an inherent right to decline to share any personal information he or she does not want to share for any reason or no reason at all unless they are legally bound to share it. That’s where cyber laws step in.

With the rising number of internet users, the operation of the cyber law has also expanded manifold over the past couple of decades, which is also because wherever there are people, there are opportunities for the miscreants to take advantage of the situation and make the most of it for themselves at the cost of the unsuspecting victims. So the more the users, the more the miscreants; and the more the opportunities, the more creative the offenders get, which might explain that in 2019 alone, Indians lost in excess of Rs 1.2 trillion to cyber theft, according to a survey. So even if the survey is off by, say, 50%, it’s still a ton of money to lose. But cyber theft is just one of the several kinds of cyber crimes that are there.

With The Rising Number Of Internet Users, The Operation Of The Cyber Law Has Also Expanded

Variety Of Cyber Crimes

There are a variety of cyber crimes that are committed either independently or as a precursor to or in conjunction with another crime, which may or may not be a cyber crime. That’s because we use computers and other electronic communication devices to do a variety of things; so those devices can also be misused by the offenders to their advantage at our cost in pursuance of all kinds of malevolent purposes. It would be beneficial to have a look at some of the common cyber crimes, most of which you might have already heard of, or been an unfortunate victim of.

Hacking

Hacking is among the commonest of cyber crimes and often the stepping stone for most cyber criminals. Hacking is nothing but unauthorised access to an electronic device such as computers, servers, mobile phone and the like through an electronic break-in, mostly performed remotely by manipulating the security protocols of the target electronic device. While hacking is a kind of unauthorised access, all instances of unauthorised access do not involve hacking, for your phone or computer can be used without authorisation, if someone with malafide intentions chooses to look into or download data from your phone or computer when it’s lying around unattended as you tend to other things in life. Breaking into someone’s computer by electronic means or otherwise with wrongful intent is a crime. What further crimes one might be guilty of depends upon what one does after gaining unauthorised access to an electronic device.

Also Read | What Should You Expect After A 5-Year Law Degree?

Identity Theft

One of the commonest cyber crimes committed following a data break-in is identity theft, mostly for the purpose of making financial gains by fraudulent impersonation, for which purpose the offender obtains such personal information as might be needed to successfully identify himself or herself to the electronic device as the person to be impersonated. Once that security feature is compromised, it’s easy to siphon off money or to perform such other acts as might be needed to perpetrate wrongful gain to the attacker and wrongful loss to the attacked. Sometimes, the purpose of the attack is not money, which does not make identity theft any less of a crime or any less dangerous; only more in some cases.

Since identity theft might also involve the theft of biometric data, it may land the victim of the theft in far more serious trouble than losing money or access to his or her social media account(s) or the device targeted. One might even find oneself accused of serious crimes, and in the cases of high-profile people, the data might fetch a lofty price and may be misused to kick up scandals to make money or to gain some other kind of advantage over the victim.

Data Theft

It’s now a cliche to call data the “new oil”, but nothing quite captures the immense economic heft of data like that parallel. And that’s because data can be used in so many different ways to gain so many kinds of advantages that are directly or indirectly convertible into money, which is why a lot of online services are available for free because the data provided by the users by their merely acting as users is invaluable in terms of what it tells about the consumer behaviour in different segments and at different levels of purchase capability and in different demographies.

A much closer look at even more personal data than one shares on social media can be had by anybody who manages to gain access to your personal electronic devices and such data in sizable amounts is a goldmine of marketable information for the advertisers and advertising agencies and can be sold in the open digital market by the data thieves. That’s what drives data theft.

However, merely having someone’s personal data is by itself not a crime, for what determines whether or not one has committed a crime is the way such data is begotten in the first place, or the way it is used after having been legitimately procured for a certain purpose.

Other Offences

There are several other offences that fall within the description of cyber crimes, but they are mostly perpetrated by committing the offences listed above, and each of those constituent offences is separately punishable. There are some offences for the commission of which computers are infiltrated or available data is abused or manipulated, or some other cyber crime is committed, in which case all instances constituting offences -- cyber crimes and others -- are separately punishable in a single trial as far as all crimes are part of the same transaction. Some of the wrongful and/or criminal acts that might have a cyber crime component are copyright and trademark infringement, industrial espionage, credit card fraud, child pornography etc.

Hacking Is The commonest Of Cyber Crimes And Often The Stepping Stone For Most Cyber Criminals

Cyber Law Practice

Legal practice in cyber law is a mixed practice in civil and criminal streams of law, and generally the lawyers specialising in cyber law take one of the two streams and specialise in a segment within the stream. What makes cyber law practice a bit complicated is that a single transaction may involve the commission of a punishable cyber crime as well as a civil breach, and the remedies available under the law could be a mixed bag, which means that the victim can invoke both civil as well as criminal remedies against the offender. And such simultaneous legal actions may require two different teams of lawyers to take care of the two kinds of litigation arising out of the same transaction.

For instance, corporate espionage may or may not require infiltration of computer systems or data reservoirs because the target information relating to trade secrets, practices and processes may be stored offline the old-fashioned way, but that’s generally not the case because non-digital storage consumes time as well as space and is expensive to maintain for that reason, apart from being difficult to handle, transmit and hard to search through.

Although modern corporate espionage cannot do without breaking into the electronic devices, it’s still conceivable for a rival company to only require a single paper file that was never digitalised or transmitted electronically and it’s also possible that the same physical file was physically stolen and delivered to the rival company by someone working at its behest. In such a case, it’s corporate espionage all the same but does not involve a cyber crime although other offences, such as theft and break-in etc., might have been committed in the process, many of which acts might be punishable offences.

However, if a computer break-in or unauthorised data access is committed in pursuance of corporate espionage, as is most likely in this day and age of digital preeminence, what crimes apart from the data breach -- punishable under Section 72 of the Information Technology Act, 2000 (IT Act) -- are committed will depend upon what is done with or to the data so accessed. And then it would be up to the victim of the crime to decide whether to claim monetary damages only, seek punishment, or do both.

Cyber law, therefore, is not just one law with civil or criminal consequences but is a set of laws prescribing different remedies for different kinds of breaches, which means that there is a greater scope of specialisation and super-specialisation in the field than in many other fields. But it’s a growing area of law practice and is dominated by a relatively small clutch of law firms. So there is indeed a bit of competition here, but there is also sufficient space for the newcomers.

HemRaj Singh is a Delhi-based trial lawyer, specializing in both civil and criminal trials, and writes mainly on law, policy, diplomacy, and international relations. Apart from writing for magazines and websites, including Careers 360, practicing law and teaching Legal Reasoning and Critical Reasoning, he is Editor-at-Large with Lawyers Update, a monthly magazine on law and legal affairs, and was Legal Editor with Universal Law Publishing Company before he started practising law.