Offences in the Internet Age

18 min readOct 26, 2020

ABSTRACT

Rapid development of data technology (IT) has brought with it many new applications like e-commerce and global business. The past few years have seen activities within the legislative arena covering issues like digital signatures, the international recognition of electronic documents and privacy and data protection. Both the developed and developing countries have exhibited keenness to embrace the IT environment. Securing this electronic environment from intrusion, however, continues to be problematic. A particular favourite sort of computer crime would be ‘hacking’. As more computer systems advance to online processing and improved telecommunications, computer hackers are now a true threat. Cybercrime, during a narrow sense (computer crime), stated at covers any illegal behaviour directed by means of electronic operations that focus on the safety of computer systems and therefore the data processed by them. Cybercrime during a broader sense (computer-related crimes) covers any illegal behaviour committed by means of, or in reference to, a computing system or network, including such crimes as criminal possession and offering or distributing information by means of a computing system or network.

INTRODUCTION

In the past few years, many activities within the legislative arena have taken place, covering issues like digital signatures and therefore the recognition of electronic documents internationally. Many governments worldwide have come up with specific legislation criminalizing hacking. Whilst adopting IT and its application are often straightforward, securing this electronic environment from hacking, however, continues to be a problematic issue. Legislation often lags behind. This can be seen from reports on hacking attacks and therefore the frequent requests by enforcement authorities for more resources to handle computer crime.

Governments across the globe have been arguing for the need of strict cyber laws to protect data, law enforcement and national security purposes. Various means of regulation such as backdoors, weak encryption standards and key escrows have been widely employed which has left the information of online users vulnerable not only to uncontrolled access by governments but also to cyber-criminals. The Indian regulatory space has not been untouched by this practice and constitutes laws and policies. Cyberlaw in India is not a separate legal framework. It is a combination of Contract, Intellectual property, Data protection, and privacy laws. Cyber laws supervise the digital circulation of information, software, information security, e-commerce, and monetary transactions. The Information Technology Act, 2000 addresses the gamut of new-age crimes. Computer technology, mobile devices, software, and the internet are both medium and target of such crimes.

So far Indian government had failed to ensure both the modernization of police force of India and formulation of regulations and guidelines for effective investigation of cyber crimes in India. Further, the Indian government has yet to formulate a cyber crimes prevention strategy of India. As a result the cyber security in India is still in an abysmal state leading to cyberattacks like “B.N. FIROS vs STATE of KERALA” and breach of user data like in the case of “FACEBOOK-CAMBRIDGE ANALYTICA DATA SCANDAL”.

B.N. FIROS vs STATE OF KERALA

IN THE HIGH COURT OF KERALA W.A. №685 of 2004
Decided On: 24.05.2006
Appellants: Firos Vs. Respondent: State of Kerala

When an individual or an establishment develops a product, ownership of the said product is an incentive which drives people to deliver their best performance. If the work was collaborative in nature, then the difficulty of ownership is of paramount importance. One such case came before the Supreme Court recently where ownership of a computer software/system was questioned. The government, a worldwide software giant and a computer developer were all parties to the suit which we are discussing today. Government of Kerala, as a part of IT implementation in Government departments, conceived a project idea of “FRIENDS” (Fast, Reliable, Instant, Efficient Network for Disbursement of Services). The project envisaged development of a software for single window collection of bills payable to government, local authorities, various statutory agencies, Government corporations etc. towards tax, fees, charges for electricity, water, etc. A person by making a consolidated payment during a computer counter served through “FRIENDS” system can discharge all his liabilities thanks to the Govt, local authorities and various agencies. In the year 1999, the Govt of Kerala alongside Centre for Development of Imaging Technology (C-DIT), Thiruvananthapuram came up with a thought to supply one window for bill collection. The project was conceptualized as a pilot program and if the software was successful in some districts then there was an idea to roll it out throughout the state. Microsoft Corporation, the world-renowned technology company, offered to develop the software for the Kerala government. The appellant B.N. FIROS was a part of the ‘Microsoft Developer Forum’ and was given the task of developing the software. The Government of Kerala entered into a contract with Firos for setting up and commissioning “FRIENDS” software system in 13 centres all over Kerala for providing integrated services to the customers through a single window for a total consideration of Rs. 13 lakh. Firos set up FRIENDS service centres in all the 13 centres, and they were paid the agreed remuneration. A dispute arose between Firos and the Government with regard to Intellectual Property Rights (IPR) in the FRIENDS software.

The appellant stated that after initial work was completed, the software was tested at one among the centres and was a hit. The government informed the plaintiff of its decision to implement the software throughout the system and requested them to undertake the upkeep and customization of the software. The controversy, during this case, arose when the appellant acknowledged that the respondents were transferring essential rights to a 3rd party which was a breach of contract as per the appellants. Sensing a threat to his literary composition, the appellant filed an application to register his copyright. Meanwhile, one among the respondents, Microsoft Corporation, filed criminal also as civil suits against the appellants and prevented him from registering his copyright in reference to the ‘disputed computer system’.

The Government arranged to switch the developers’ of the software to suit its further requirements through another agency. Firos alleged violation of copyright and filed a criminal complaint against the Govt. A counter case was filed by the Govt against Firos. The Govt of Kerala issued a notification under Section 70 of the Information Technology Act declaring the FRIENDS software installed within the computing system and network established altogether centres in Kerala as a protected system. Firos filed a written petition challenging section 70 of the IT Act.

The respondents filed various cases against the defendants. In one among the suits, the Centre for Development of Imaging Technology prayed that the ‘disputed computer software’ be declared their exclusive property. The rationale provided by the respondents was that the Microsoft Corporation offered to create the software free of cost and therefore the appellant who was working with Microsoft cannot claim any rights as they were governed by a service agreement entered between the respondents and the appellants.

The supreme court of Kerala, where the case was filed heard the contentions of all the parties and opined that notification issued by the government wasn’t bad in law and refused to quash it. The Learned Judge also directed the authorities to prevent the copyrighting process that was initiated by the respondents. As per the order of the court, the respondents were directed to withdraw all the cases that were filed by them against the appellant. However, a condition was set by the court consistent with which the appellant should accept the choice of the Court and convey an equivalent to respondents in 1 year. Aggrieved by the order of the only Bench, the appellant approached a Division Bench of an equivalent court and appealed the choice. The most argument advanced by the appellants before the Division Bench was that the learned Judge did not interpret Section 70 of the knowledge Technology Act correctly.

The operating part of Section 70 is reproduced below:-

70. Protected System. -

(1) The appropriate Government may, by notification in the Official Gazette, declare any computer resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a protected system.

The petitioner claimed that the software built by him was a literary composition consistent with the Copyright Act and is therefore protected. While challenging the ‘disputed notification’, the petitioner stated that the notification is issued only if any pending suits were settled by the court. The Division Bench disagreed with the contentions that were raised by the petitioners and stated that harmonious interpretation of both the Acts (Copyright and knowledge Technology) was necessary. The court was of the opinion that ‘government works’ as defined by Copyright Act was correct to declare the software as ‘protected system’ because the software was developed for the Govt. The software was already implemented throughout the state, and any proceeding in reference to the utilization of it’ll cause unnecessary hindrance to the government and its citizens.

When the appellant was not able to get a favourable order from the lower courts, he moved the Supreme Court. While arguing the matter before Supreme Court, counsel for the appellants advanced the following arguments:-

• Interpretation of Section 70 of the Information Technology Act was challenged again and a special reference was made to the amendments that were made to the Act in 2009. The counsel stated that the power vested in the state to declare any ‘government work’ protected was bad in law and it was unfair to the appellant whose intellectual property was at stake.

• References were also made to various provisions of the Copyright Act and it was contended that the appellant was the person who developed the ‘disputed software’ and as its creator, he should be granted a copyright on the software.

The respondents stated that the 4th respondent, Microsoft Corporation, had offered to develop the software free cost. It was also stated that the appellant was duly reimbursed by the respondents for the work that was done by him. As per the respondents, Microsoft Corporation was the first owner of the software as it was them who gave the necessary support and infrastructure for the implementation of the idea. Respondents also stated that as the appellant was paid for the work that he had undertaken, he was more like an employee/partner but cannot claim to be the first owner.

Conclusions of the court:

1. There is no conflict between the provisions of Copyright Act and Section 70 of IT Act.

2. Section 70 of the IT Act is not unconstitutional.

3. While interpreting section 70 of the IT Act, a harmonious construction with Copyright Act is needed.

4. Section 70 of the IT Act is not against but subject to the provisions of the Copyright Act. 5. Government cannot unilaterally declare any system as “protected” other than “Government work” falling under section 2(k) of the Copyright Act on which Govt.’s copyright is recognized under Section 17(d) of the said Act.

Section 2(k) of the Copyright Act

(k) ‘Government work’ means a work which is made or published by or under the direction or control of -

(i) the Government or any department of the Government;

(ii) any Legislature in India;

(iii) any Court, Tribunal or other judicial authority in India;

Section 17(d) of the Copyright Act

17. First owner of copyright; Subject to the provisions of this Act, the author of a work shall be the owner of the copyright therein;

(d) in the case of a Government work, Government shall, in the absence of any agreement to the contrary, be the first owner of the copyright therein;

While deciding the case, the Supreme Court considered the validity of section 70(1) of I.T Act and observed that the government can only declare those systems ‘protected’ which are very important for the functioning of the state and as per the Learned Judge the software in question fits the bill.

While deciding whether the notification issued by the government of Kerala declared the ‘disputed software’ protected was bad in law, the court observed that as the parties were bound by the Memorandum of Understanding, the appellants cannot claim to be the first owner. As per the Judges, the appellants cannot be considered the first owner as the software was developed for/with Microsoft Corporation as partners and from the onset the respondents were bound by the terms of the agreement entered between by the parties.

The Supreme Court agreed with the decision of the High Court and dismissed the matter.

The Hon’ble Supreme Court has held that power of declaration of ‘protected system’ under Section 70 of the Information Technology Act, 2000 has to be read along with the provisions contained in Sections 2(k) and 17(d) of the Copyright Act, 1957 defining government work and vesting copyright in such work in the government. The Court in the case of B.N. Firos v. State of Kerala also held that amendment in Section 70 of the I.T. Act in 2009 was an attempt to circumscribe the power even further than what was prevailing under the pre-amended law, by narrowing down the ambit of “government work”, and was not a first-time introduction of parameters to govern the exercise of power under said provisions. Upholding the High Court’s Order, the Apex Court rejected appellant-developer’s claim of copyright in a software developed for another firm, which made it available to the government. It observed that intellectual property in the software vested in government as per the MoU, entitling it to declare it as ‘protected system’.

In light of this case, it is often safely assumed that the Govt was correct while declaring the ‘disputed computer software FRIENDS’ as protected. However, it is often observed that the choices of the Court relied on the very fact that Memorandum of Understanding clearly defined the scope of labour and rights of the parties and as per that, the respondents were correct to say the software as their own. The appellant, during this case, may need felt short-changed but the facts reflect that he himself offered to figure on the project and was even purchased the work so as per law he cannot claim ownership on something that was developed for his employer/partner.

FACEBOOK-CAMBRIDGE ANALYTICA DATA SCANDAL

The case discusses the info breach scandal involving the world’s largest social media network, Facebook, its impact on various fields, therefore the challenges facing the social media giant. Designed with the vision of connecting people with their friends and family to get to know what’s happening within the world and to share and express what matters to them, Facebook became a well-liked social media company with about 2.19 billion monthly active users as of the primary quarter of 2018. However, the company’s continuous growth was marred by security concerns. In March 2018, Facebook was caught during a major data breach scandal during which a political consulting company — Cambridge Analytica — pulled out the private data of quite 87 million Facebook users without their consent. The info was allegedly utilized in favour of the US Presidential candidate, Donald Trump, during the 2016 elections. Further, it had been found that the info was also misused to influence the Brexit referendum leads to favour of the Vote Leave campaign. The data were used to influence the opinion of voters on behalf of politicians working with Cambridge Analytica(ex. 2016 America Elections, 2016 Brexit Elections, and more). Firstly the world has not met such a precedent before. More likely that the reason for the failure is in the absence of an appropriate legal basis or deficiency in the law. Legislators of many countries and international organizations such as the EU and others are currently trying to eliminate these gaps. The tech giant’s reaction to the scandal was reportedly clumsy, defensive, and confused. When Facebook need to realize the info breach, it allegedly didn’t do anything and waited for months to send orders to Cambridge Analytica to delete all the info. Further, the corporate didn’t follow up to see whether the illegally acquired data had been deleted. The scandal put Facebook in a situation where it was left facing fire from many Facebook users, lawmakers, and advertisers. Further, the company’s share value also dropped after news of the info breach broke out. There have been several challenges facing Facebook, including hate campaigns running against it and lawsuits filed for the breach of users’ privacy protection. After the info debacle, analysts believed that it might take a couple of years to repair the issues caused by the leakage of users’ private data. Though the corporate took several initiatives to stop such data leaks in the future, it remained to be seen whether it could fix its reputation. Facebook founder and CEO Mark Zuckerberg (Zuckerberg) apologized for the ‘major breach of trust’ but was that enough to reassure users?

Facebook is an application, that changes all of our habits in our lives and has obtained most of our data since it has been developed. We’ve given all our information to Facebook not realizing that this information could change the direction of events in our future lives. Technology has developed very rapidly and continues to evolve. Also, one among the developing areas is data analysis and directing people through social media. This event, which is closely associated with today’s widely discussed data privacy and internet surfing, has changed many things about data privacy and law and increased people’s interest during this issue. Firstly the planet has not met such a precedent before. Therefore, the laws and rules on this subject were unclear and remained unknown. Cambridge Analytica, who played the leading role within the incident, used the gaps during this law to control people’s data and alter their minds, without permission from them. The movement #DeleteFacebook was started and it rapidly swept across the internet. The share value of Facebook also declined sharply after the news and the company’s market value went down by nearly US$50 billion in just two days.

In 2010, Facebook launched a platform called Open Graph for third-party apps. Through this update, external developers could reach out to Facebook users and request permission to access their personal data and that of their Facebook friends. Once the users agreed, the apps gained access to their information like their name, gender, location, birthday, education, political preferences, relationship status, religious views, online chat status, and even their private messages. While CA was blamed for having harvested the data of millions of other people for political and financial gain without their consent, amid the data-privacy scandal, Facebook also had to face the heat in many countries. Initially, the number of people affected was reported to be 50 million. Facebook later revised this to 87 million. Of the affected people, about 70.5 million were in the US, while the remaining were in several other countries, including the UK, Canada, Australia, and India. There were many data analytics companies which used social networking sites for academic research purposes. One such firm was a London-based elections consultancy, Cambridge Analytica (CA), founded by a politically active person, Robert Mercer, co-CEO of a hedge fund, Renaissance Technologies. CA was known to be one of the most prominent companies in the data analytics industry and had handled high-profile clients like Republican candidates Ted Cruz (Cruz) and Ben Carson. Explaining the methodology of CA in 2016, its CEO Alexander Nix (Nix), said, they rolled out a long-form quantitative instrument to probe the underlying traits that inform personality. If you know the personality of the people you are targeting, you can influence your messaging to resonate more effectively with those key groups. While CA was blamed for having harvested the data of millions of other people for political and financial gain without their consent, amid the data-privacy scandal, Facebook also had to face the heat in many countries. Initially, the number of people affected was reported to be 50 million. Facebook later revised this to 87 million. Of the affected people, about 70.5 million were in the US, while the remaining were in several other countries, including the UK, Canada, Australia, and India.

According to information shared by Christopher Wylie, who previously worked with Cambridge Analytica, this application, including 270,000 people, collected gigantic information and picked up an enormous user information of approximately 50 million people, and every one the info collected by this application was sold to Cambridge Analytica (2015,The Guardian). Cambridge Analytica, combining the info of fifty million potential voters with psychological profile details and data in its own hands, has begun to use these data in order to focus on advertisements within the campaign of the many presidential candidates. Cambridge Analytica, which isn’t limited to the US elections, is said to be very effective within the Brexit process.

One among many people who caused this data to be breached was a researcher at Cambridge University named Aleksandr Kogan. Aleksandr Kogan created a survey application to collect people’s data, this app features a “Connect to Facebook” button and when people would click the button, Kogan’s application got permission to breach user’s Facebook data. With the permission, the app would collect user and user’s friend’s data. Data included: their gender, location, birth date, page “likes” and pieces of data like this. That data was then used to analyse people’s behaviours and crate psycho graphics. This is often not a replacement method, most sites use it more or less, but they don’t sell your private data to a different company to be used. But Kogan sold the info to Cambridge Analytica and Cambridge Analytica used data to show people related ads about itself. And these ads were to vary the minds of voters and to confuse them. Data security and protection in Europe is ensured by the GDPR. The GDPR is that the most comprehensive data protection and privacy regulation so far. It establishes precise rules for a way personal data is collected, transferred, processed, and stored. The regulation also grants EU citizens certain rights and protections regarding their personal information. The GDPR will have an impact on online businesses round the world, whether those businesses are located within the EU. If you own or operate an internet site or app that collects and processes personal information of EU citizens, the GDPR applies to you.

This event convinces us power of massive Data and within the electoral process. Your data and knowledge can be misused, once you do something in social media or internet. Computer Science, AI, Machine Learning, Big Data is growing so fast and this is not always excellent news for those who do not know that private information should not be shared. Do not put anything on Facebook that you simply wouldn’t want to be in public domain. We should understand, “Don’t give information about yourself to people you do not know except in extreme circumstances”. This leaves footprints while you browse the web. The digital footprint identifies all traces you allow behind once you use the web. This is often information transmitted online in any form, like form registration, emails and attachments, uploading videos or digital images, and transferring information. All of these leave traces of your personal information and what you do are often employed by others who are online. It is important that you routinely scan and take away your digital track. This helps prevent you and your computer from being exposed to hackers, fraudsters and aggressive advertisers. Companies like Google, Facebook, Amazon have always been hooked into “security”, but this cannot be said about “privacy” as they use it for their own benefit, and they are getting bigger. Therefore, we should always continue our lives knowing that this is only the visible part of the iceberg, and increase our awareness as that seems to be the only thing we can do. Although deleting Facebook may seem like a solution, it doesn’t even come close to the solution because you can reveal who you are from your shared photos, your relationship with your friends, where you are, and many more details, and create a “shadow account” on your behalf. The information shared by people around you without your knowledge is much more than you can imagine, and they are kept by Facebook. Your data is equally important with or without your name.

CONCLUSION

New trends in cybercrime are emerging all the time, with costs to the global economy running to billions of dollars. In the past, cybercrime was committed mainly by individuals or small groups. Today, we are seeing criminal organizations working with criminally minded technology professionals to commit cybercrime, often to fund other illegal activities. Highly complex, these cybercriminal networks bring together individuals from across the globe in real time to commit crimes on an unprecedented scale. Criminal organizations turning increasingly to the Internet to facilitate their activities and maximize their profit in the shortest time. The crimes themselves are not necessarily new — such as theft, fraud, illegal gambling, sale of fake medicines — but they are evolving in line with the opportunities presented online and therefore becoming more widespread and damaging. The question about how to police these crimes has already been constructed, but this task is turning out to be an uphill battle. The reality is that Internet criminals are rarely caught. One reason is that hackers will use one computer in one country to hack another computer in another country. Another eluding technique used is the changing of the emails, which are involved in virus attacks and “phishing” emails so that a pattern cannot be recognized. An individual can do their best to protect themselves simply by being cautious and careful. Internet users need to watch suspicious emails, use unique passwords, and run antivirus and anti-spyware software. Do not open any email or run programs from unknown sources.

Cyber crimes have significantly increased in India. The trends in this regard are not very promising. For instance, the cyber law, cyber security and cyber forensics trends in the year 2013 have showed poor performance of Indian government in these fields. This position has not changed in 2014 as well. For instance, the cyber forensics trends of India 2014 still show inability of India to deal with cyber forensics related issues. India is also clinging to outdated laws like cyber law and telegraphs law and is not investing effectively in the field of intelligence agencies and law enforcement technology for India. In the absence of scientific approach towards digital evidence and cyber crime investigation, there are very few cyber crimes convictions in India. In fact, the Supreme Court of India is hearing many Public Interest Litigations (PILs) in this regard. Realizing the seriousness of the situation, Indian government has announced to formulate a cyber crimes prevention strategy of India. Cyber crimes investigation, however, requires sound techno legal expertise. Skills development through online training and skills development courses in urgently required for Indian law enforcement agencies. Cyber crimes investigation training in India is one such skill development activity that must be imparted to make law enforcement agencies of India modern and up to date. Modernization of police force of India requires not only basic knowledge of information and communication technology (ICT) but also practical trainings in the areas like cyber law, cyber crimes investigation, cyber forensics, etc. Cyber crimes investigation capabilities in India are not up to the standards. Presently, most of the police stations and police officers find it difficult to deal with cyber law and cyber crimes related cases. Another area where India needs to work is to strengthen the cyber forensics investigation capabilities. There is a dire need to develop cyber forensics best practices in India as soon as possible. Police must also ensure cyber law skills development. Similarly, police in India also need to undertake cyber fraud detection trainings so that cyber frauds can be anticipated even before they are committed.