This article has been written by Ashutosh Singh, from Amity Law School, Amity University Kolkata. The article is about how the pandemic has resulted in an increase in cybercrimes and why it has become imperative to copyright your e-commerce to avoid cybercrimes.
Table of Contents
Introduction
The Covid-19 Pandemic has made it necessary for us to stay cooped up in the residence or work from home because of the lockdown or for maintaining social distancing. So, to go about one’s business, one makes use of the Internet extensively. But there is a catch. Working on the internet has its own set of problems.
In the recent past, we have exponentially witnessed the growth of ‘e-commerce’. This again is because of the extensive use of the internet. It has brought about the growth of e-commerce as a business technology which has created a universal platform for doing business and for buying and selling goods and services. One can buy almost anything online now and do personalized shopping, by internet browsing at one’s convenience and at any time and from anywhere. The internet is also an excellent tool for promoting one’s business, but as e-commerce increases, it is not without risks. There is always a risk that others may copy the features and content of one’s website. Small scale industries to large scale industries, both use the huge business opportunities that e-commerce has to offer.
With cyber-crime on the surge, one can fight it by using copyright law, privacy law, and Internet laws. Knowing these laws is therefore important so one can understand how they help in safeguarding an e-commerce website. These days many sensitive transactions are carried out by computer systems over networks resulting in internet security threats or cyber-crime which results in e-commerce transactions to face significant financial and information losses.
How can legal issues associated with the internet be prevented
The cyber law ,i.e., the laws regarding data protection and data security are in the embryonic stage in India and they are still developing with only a few relevant legislation being, the Information Technology Act, 2000 and the Reasonable practices and procedures and sensitive personal data or information rules, 2011. The rise of the internet has affected virtually every branch of law and is expected to transform the relationship between government, technology and law. The terrain of cyberspace creates unique legal dilemmas. The problem is that the internet arena is the world and it outdoes all geographic and political borders, outmoding one of the fundamental tenets of modern law: the laws are relevant within discrete, political territories. When users can access online services and information or communicate with individuals all over the world, which legal jurisdiction should take responsibility for the dispute that may arise? A normal law-abiding citizen utilizes the internet for a lot of useful things and productive purposes. On the other hand, criminals, hackers can misuse the internet’s capabilities and create serious problems. Internet fraud, viruses, destructive programs, copyright infringement, theft of data service create billions of dollars in losses annually.
Central questions concerning internet-related legal issues include:
- If cyberspace constitutes a separate legal domain, should there be a separate branch of cyber law to regulate it?
- Should the existing laws be reinterpreted to adjust to the legal conditions of the electronic world?
- Should the internet remain free from regulation?
No regulation in India defines cyber-crime. Thus, it can be said that it is a combination of crime and computer. Even a petty offence like hacking or data stealing can be brought under the purview of cyber-crime. The I.T Act, 2000 defines the term computer, computer network, data, etc., which form a part of cyber-crime. Cyber law encompasses laws relating to:
- Electronic and Digital Signatures
- Data protection and privacy cyber-crimes
- Intellectual property
To know more about Patenting a website please visit
How cyber-crimes affect e-commerce websites
Anyone doing business online faces a real threat from cybercrime. If you are an online entrepreneur, you first need to learn how to set up an e-commerce site that is safe and secure not only for your business but to your customers also. Customers would not want to shop from an online store where they risk losing their valuable data like banking credentials. Unless one is an e-commerce giant, one might never be able to bounce back. The second chance is unheard of in the e-commerce business and the damage is irreparable. So, it is better to play the right card, right from the beginning. Following are some common ways in which e-commerce businesses are harmed by cybercrimes:
Malware
This is the most common threat to your e-commerce business and must be taken seriously. It has an uncanny property that it can lurk in the background of your computer system and steal your client’s data such as credit card number and other information from insecure retailers. This information is then used by hackers to sell the information to others or commit fraud.
Fraudulent purchases
Counterfeit purchases are transactions that are unapproved by the credit card owned by a third party. A lost or stolen credit card or even an otherwise compromised method of payment could lead to these purchases. Some things to look out for are shipping addresses that don’t match billing addresses, huge or bulk orders, and orders from obscure geographic regions as these may be signs of probable fraudulent actions.
Social spoofing
Social spoofing happens when a cyber-criminal pretends to be an authoritative body to influence a consumer to reveal personal information. The culprit uses social influence to get the information he/she wants. Consider a situation where a spammer may send a message to a customer posing to be their banker. In the message, they request some personal data. Thinking that the request for information is from their banker, the consumer shares the information with the belief that they are speaking with their banker but in fact, they are not.
DDoS (distributed denial of service) attacks:
It is the deliberate and planned breakage or blocking of lawful access by an unauthorized user by flooding the victim’s site with over traffic. Culprits of DOS attacks generally target sites or services such as banks, credit card payment gateways, and even root name servers, hosted on high-profile web servers. A fine example is when on 6th August 2009, millions of twitter users were quietened by the DOS attacks which eventually led to a shutdown of twitter for hours creating a complete twitter blackout.
Phishing
One of the most common security threats of e-commerce is phishing, where hackers come across as legitimate businesses and send emails to the clients to trick them so that they reveal their sensitive personal information by presenting them with a bogus or fake copy of the legitimate website by which the customer is led to believe that the request is coming from the business. Common phishing techniques include emailing the customers or the team of e-commerce with fake messages like ‘you must take this action etc, which is a common phishing technique. However, this technique works only if the customers follow through with the action and provide the hacker access to their login information or other sensitive personal data which can be exploited later.
Data streaming
This involves bulk theft of data which is personal such as credit card details of individuals or groups hacking into precise systems that target the e-commerce domain.
All this results in irreparable damage to the business of e-commerce such as loss of business credibility and brand trust, a high probability of having to take the website offline, and in turn reduced customer retention.
Why do digital products need copyright
Products that exist in the digital form are called digital products or e-goods. Some examples are different types of digital media such as books, music, images, and software, etc. Digital products can also include professional services. For example, if you are a chef, you can sell online courses that teach cooking. Digital products are generally used to teach/instruct in areas such as teaching, cooking, sewing, taking care of pets, gardening, designing an Instagram account, etc. Digitization of content has had a huge impact on copyright law. Since these days most forms of creative content are in digital format, and networks and devices for creating, communicating, modifying digital material and assessing are globally and readily available, enabling anyone to create and distribute copyrighted content. Copyright work is not necessary to be registered in India. But if the product is registered then a certificate of registration is given which serves as a prima facie evidence in a court of law and helps in establishing ownership and easy to file for infringement when it takes place. If the author doesn’t register his/her work as copyright, then it should be properly dated and signed. This is useful in the case of engineering drawings. If the copyright is not registered, then the author might not get economic and moral rights that come along with it. The economic and moral rights are as follows:
Economic rights
- The copyright owner can make copies of the work protected by copyright and sell the same.
- Assign the work (sell): The copyright owner can assign his or her current work to a third-party in return for a one-time payment of royalty.
- The author can license his or her work to one or more companies with a certain fixed set of terms and conditions in exchange for payment.
Moral rights or author’s special rights
- To claim the authorship of the work.
- To claim damages if any distortion, mutilation, modification has been done to the said work which destroys the author’s reputation or honour.
Copyright in digital products is infringed when a person copies, reproduces, adapts, sells infringed copies, communicates the digital product without the license or authority of the copyright owner, or importing those copies to sell.
In India, copyright is protected under the Copyright Act, 1957. Since then it has undergone many amendments from time to time to suit the shifting needs of the society and to confirm protection to the creators of the work. The Copyright (Amendment) Act, 2012 was chiefly to bring the act in conformity with the World Copyright Treaty of 1996 and WIPO Performances and Phonogram Treaty, 1996. This Act extended its provisions for the protection of copyright even in the sphere of digitalization.
UTV Software Communication Ltd vs 1337x and Ors
In the case, UTV Software Communication Ltd vs 1337x and Ors, the plaintiff including UTV Software Communication Ltd, was engaged in creating content, producing, and distributing cinematographic films all over the world including India. The defendants were 30 websites including some unknown websites. It was contended by the plaintiff that the defendant’s websites hosted and provided access to their copyrighted work which resulted in infringement of the copyright of the plaintiff.
Issues
- Whether an infringer of Copyright on the internet is to be treated differently from the infringer in the physical world?
- Whether by seeking blocking of a website dedicated to piracy one becomes an opponent of open and free internet?
Judgement
The court in the 1st issue gave a negative answer that there is no reason why crime in the physical world is not a crime in the digital world, since the Copyright Act, 1957 itself doesn’t make such a distinction. In the second issue, the court said that the key issue about internet freedom is not whether the internet is and should be completely free or whether the government should have unlimited censorship authority, but rather where the appropriate lines are to be drawn, how they are drawn and how they are implemented.
When does one need to file for copyright
As of now copyright in India is directed by the Copyright Act 1957 and the Copyright Rules 2013. To get the copyright registration for the creation it is of huge importance that the creation is one of a kind or unique and capable of being set in a tangible medium. For example, when you create a blog and it’s your original work, then that becomes property of yours, and the copyright is automatically granted. This means that to use your work, others have to seek your permission. Neither registration nor publication, or any other action is required to secure a copyright, although in some countries, the use of a copyright notice is recommended (Berne Convention for the Protection of Literary and Artistic Works). But in a few countries, registration of works is required to be able to take legal action against infringement. It’s possible that you find your work being used by others on some other websites, in their blogs without giving you the due credit. In such cases to secure your work, it is better to register for the copyright of your original work. In India, prior to 1st August 2014, the application for copyright registration could be made offline also. However, to promote the online filing, the option of offline filing was closed.
What is the procedure of getting copyright in India
The procedure for the registration of copyright in India is given in Chapter 10 of the Indian Copyright Act, 1957 and Rule 70 of Copyright Rules, 2013. Copyright protects the original work of the author and the rights of the author. However, the original work of the author doesn’t specifically require registration of the copyright. The procedure for registration is as follows:
Application
Application for registration is made as prescribed in the first schedule. An applicant can file an application for registration of copyright or through his authorized legal representative. This application can be made by applying physically or through an e-filing facility provided on the copyright website. There should be one application for one work. Form IV application should be accompanied by the requisite fee prescribed in the second schedule. The fee amount in the form of work is from INR 500 to INR 40,000. The fee can be demanded draft or Indian postal order from the “Registrar of copyright payable at New Delhi’ or e-payment. Some other information is also required such as name, address, the nationality of the applicant, nature of applicant’s interest in the work and title of the work, etc.
Examination
After the application, the Registrar issues a diary number and the process of examination takes about 30 days. If within 30 days of the receipt of the application, the registrar of copyright receives no objection to such registration, he shall, if satisfied with the particulars of the application on examination, issue a ‘Certificate of Registration’ after he enters the particulars of copyright in the register of copyrights. If the registrar is not satisfied with the application on examination and if any objection is received against the registration, then he may hold such inquiry as he thinks fit, and again another 30 days to the applicant to submit the documents required. The registrar of copyrights gives both parties an opportunity of being heard. After the decision of the owner is given, then if there is still an objection, which if rejected, then the application goes for inspection. The applicant is then asked to remove any difference if found within 30 days.
Registration
If the registrar of copyright is fully satisfied with the application in all respects then the particulars of the copyright are written in the register of copyrights and he issues a certificate of registration.
Cracking cybercrimes during a pandemic
We know that the whole world is going through the novel coronavirus crisis as a result of which most of us are working from home. Social distancing during this period is the new norm and this has led many of us to use the internet to work increasingly and get over the boredom of being home. The disarmament chief of the U.N said that there are an increased technological innovation and online collaboration in the world due to the Covid-19 pandemic and with it, cybercrime has increased manifold at a rate of almost 600% in malicious emails during the present crisis. Cybercrime has always occurred but during this Covid-19 pandemic, the number of crimes has increased by major percentages. Cybercriminals are taking advantage of the situation as much as they can and making money during the crisis. We are forced to do everything online like shopping, schooling, work, entertainment, paying bills, and so on. So, the payment for these online purchases must be done online itself and this is prone to cybercrimes as payment online requires you to share your personal details and this can be hacked by cybercriminals. Cybercrimes can be easily averted if we are alert and are aware of the kind of crimes that can be committed. So, be alert and look out for the following:
- Be aware of the phishing scams as this is a fraudulent attempt of cybercriminals to obtain personal details.
- As people like young adults feel very restricted during the lockdown period, they fall prey to online dating scams. Not all are secure and legitimate, especially the ones that sound too good to be true.
- You may even get emails making offers such as free membership to clubs or offer free products but in all likelihood, if you provide any personal information then you have enabled a cybercriminal to harm you. They can even try to troll you so that you send money to stop the nuisance which is similar to being blackmailed.
- There will also be many mails like job offers and money offers which are mostly scams. Beware of them. It is to exploit the desperation of people who are jobless during the pandemic.
- Only use trusted sites for e-commerce like the sites where you have ordered before and you know that the company is trustworthy.
- If you have or know children taking online classes then it is advisable to keep a check on them and be careful about pop-up messages and emails you get. Try not to open links sent to your email unless you know the sender well.
Lastly, prevention is better than cure always. All are well-advised to take the necessary precautions and if you still fall prey to cybercrime, then you can register your complaint online with National Cybercrime Reporting Portal.
Penalty for cybercrime
Cybercrime can be put into two categories:
- Crimes such as hacking, virus attacks, DOS attack etc, in which the computer is the target.
- Crimes such as IPR violations, pornography, credit card frauds and cyber terrorism, in which the computing is used as a weapon or the medium of committing the crime.
These sections discusses some of the most common cybercrimes and their penalties:
- Hacking and data theft: Sections 43 and 66 of the IT Act penalises people for a number of activities from hacking, data theft, spreading viruses, damaging computers, destroying information, etc. The longest punishment given for this offence is 3 years of imprisonment or fine of Rs 5 lakhs or both.
- Cyberterrorism: Section 66F of IT Act gives punishment for cyber terrorism. Whoever intends to threaten the unity, integrity, security, and sovereignty of India by cyber terrorism, is liable for punishment with imprisonment which can extend to life imprisonment also.
- Tampering with Computer document or source code: Section 65 of the IT Act says that the punishment for this crime is 3 years imprisonment and fine which may extend to Rs 3 lakhs.
- Hacking of email account: If a person’s email account is hacked and obscene emails are sent from the victim’s email account, the person is liable under Sections, 66, 66A, 66C, 67,67A, 67B and 43 of the IT Act.
- Identity theft and cheating by personation: Section 66C and 66D of the IT Act has provision for the punishment of this crime. Anyone who by fraud makes use of the electronic signature, password of another person shall be punished with imprisonment which may extend to 3 years and fine which may extend to Rs 10 lakhs.
- Obscenity: Sections 67,67A and 67B of IT Act give the punishment for publishing and spreading in electronic form the following:
- Obscene material
- Material containing sexually explicit acts.
- Harassing someone by making a public profile on a social networking site.
- Violation of privacy: Section 66E of the IT Act recommends punishment for violation of the privacy of a person and says that any person who intentionally or knowingly captures and publishes an image or a person’s private part without his or her consent, amounts to a violation of the privacy of the person and shall be punished with imprisonment which may extend to 3 years and fine up to Rs 2 Lakhs or both.
- Receipt of stolen property: Section 66B of IT Act spells out the punishment for dishonestly receiving a stolen compute resource or communication device. The punishment given for this offence is 3 years of imprisonment or a fine of Rs 1 lakh or both.
Challenges of copyright
Sharing and creating digital content has become easier than ever before with the emergence of social media platforms such as Youtube, Facebook, and Instagram. As a result, the public is now more familiar with copyright law and its issues because these days digital content is created in new formats by new creators.
Some of the challenges are as follows:
- Renovating Copyright laws: Copyright laws haven’t kept up with the advancement in technology as the copyright laws were mostly developed in the system of print media that slowly evolved its protective work to include creative works, paintings, drawings, and sculptures. It is only later that it expanded to photography and cinema as well. The music industry is where copyright law becomes blurry and complex because of the emergence of new technologies. The protection of user’s rights is a concern for both internet users and internet professionals. So, amidst growing issues about the web protecting, user privacy online and updating copyright laws seem to be the key concerns of online industry leaders.
- The question of jurisdiction: Since the internet is an intangible space, the determination of jurisdiction can be problematic. In the case of online copyright infringement, various countries or regions could be involved. The question then arises as to which jurisdiction would be applicable.
- Copyright and Internet: The internet has been a major threat to copyright for a long time. Copyright works on the internet include news, stories, images, e-books, videos, etc. It’s hard to identify if the work is duplicate or is a copy of a protected work. Some of the infringements of copyright in cyberspace include:
- Downloading and uploading
- Derivative work
- Audio-video works
- Social Media: Social media platforms have become one of the most popular modes of connecting people across the globe. Although the material posted on social media platforms is free, some works are put ignoring the copyright violation which causes major problems. Copyright violations on social media platforms can be in the form of:
- Reposting, saving, or sharing works protected under copyright.
- Reposting and claiming ownership or creation rights of work which is protected work
- Using the content available without the owner’s prior permission.
Role of world intellectual property organization
World Intellectual Property Organization or WIPO is a specialized body of the United Nations which helps the innovator and creator to make the world a better place.WIPO provides a forum for governments to debate and shapes intellectual property laws such as copyright laws to adapt them to the changing needs of the global digital society. Its goal is to make intellectual property work for everyone. WIPO operates an international filing system that makes it easier to protect and promote invention, brands and designs across borders. When a disagreement arises in intellectual property, WIPO provides arbitration and mediation as an alternative to costly court proceedings. WIPO gives people the tools to use IP effectively, helping people to develop their countries from their innovation, ingenuity and creativity, which means more opportunities and more jobs. WIPO provides free access to intellectual property information including more than 55 million trademarks and designs. Since its inception over a hundred years ago, the global intellectual property system overseen by WIPO has helped create an environment where innovation and creativity can flourish.
Recommendations
It is generally observed that businesses only become aware of a cyberattack once it has already happened. Moreover, the cost of a cyberattack, once it has happened, extends beyond the missed revenue from your site being down by fraudulent payments. It is also the potential damage to your brand name which is more costly in the long run. So prevention is better than cure even when we are talking about cyberattacks just like our health. Attitude towards cybercrime detection changes and the authorities concerned must be vigilant so that they can be avoided. Giants of online businesses accept that when online, everyone, whether big or small is a potential target and no individual or business, is too small. Cybercrime prevention is hence more than just a regular change of password but has to be a vital investment for your business. Some recommendations to prevent cybercrime or cyberattack are as follows:
- Backup your data frequently: A good backup system should include backups daily to a cloud or portable storage device, weekly serve back-ups, quarterly and also yearly backups.
- Keep sensitive information safe: If storing online, then one should encrypt one’s data to ensure only approved users can access it. This reduces the risk of information tampering, theft and hacking.
- Usage of complex passwords: To keep sensitive information on the customer’s safe on the servers is the responsibility of online retailers. Try asking your customers to add special characters, mixed numbers and symbols in the passwords they use to make accounts on your website. Prompt them to use passwords which are long and complex because complex and longer logins will make the job of hackers that much more difficult.
- Installation of security software: Firewall security that includes, anti-spyware, anti-spam and anti-virus filters which can help avoid and protect your software from attacks.
- Check who owns your website’s IP rights: Many small businesses outsource their website’s creation, content and design to outside contractors. As a business person, it is wise not to assume that running an e-commerce website, that you automatically own its rights. You will be surprised to know that in fact, it is the independent contractor who usually owns the IP rights of the works they have created. This is even though you have paid for the work. The way around this is to ensure a written contract clarifying who owns the copyright, otherwise, you may learn that the independent web developer owns the copyright and IP rights.
Conclusion
Difficult times being faced by the world at large due to the Covid-19 pandemic. There is an unprecedented increase in internet users out of boredom, curiosity, conduction of business small or large, sales and advertising emails, online marketing, online shopping and online chat rooms, social media etc. There is heavy reliability on e-commerce for running a business as that must continue at all times. But with it comes many other issues such as copyright infringements and cybercrimes. As regards e-commerce, unless you take the necessary measures to protect your copyright, you could lose your IP rights. Cyber Crimes have affected e-commerce also and have resulted in all kinds of headaches for businesses and finally resulted in a huge loss of customers. Companies who have had cyber attacks are unable to regain the trust of their customers out of fear of personal information and identity theft of the customers and business is put in jeopardy. The way forward is to invest in advanced cybercrime detection and prevention to secure your transactions and payments. Before you set up your website, it’s better to be well prepared to avoid legal issues later down the line. Invest in consultation with a legal expert and also an internet expert on e-commerce websites to address your IPR concerns and safeguard yourself against cybercrimes.
References
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: