This article is written by Shambhavi Tripathi, a 3rd-year student of LL.B. in Panjab University, Chandigarh. The article deals with the International and Indian legal regimes relating to cyber crimes and e-commerce and contains a detailed study of the IT Act, 2000.

International Legal Regimes Relating To Cyber Crimes

European Convention on Cyber Crimes

The most significant approach towards cyber crimes and international cyber law was made in the European Convention on CyberCrime held in Budapest on November 23, 2001. It is one of the most important multilateral treaties tackling the issue of cyber crimes and electronic evidence. It was drafted by the Council of Europe along with Canada, Japan, South Africa and the United States of America. This Convention consists of 4 Chapters and 48 Articles in total. This Convention is a criminal justice multilateral treaty that provides States with:

1. The criminalization of certain actions by means of computers and internet; 
2. procedural law to investigate cybercrime and admission of electronic evidence in relation to any crime; and 
3. international police and judicial cooperation on cyber crime and electronic evidence.

Around 67 States are signatory to this Convention and together with ten international organizations (the Commonwealth Secretariat, European Union, INTERPOL, the International Telecommunication Union, the Organisation of American States, the UN Office on Drugs and Crime and others), these signatory states participate as members or observers in the Cybercrime Convention Committee. The Committee deals with the implementation of the Convention by the Signatories. India, however, is not a signatory to the Convention on Cyber crime; therefore, it is not obligated to amend its local laws in accordance with the Convention or implement it. 

The European Convention has served as a model framework for the development of both international and domestic law on cyber crimes, electronic evidence and preventive strategies for the same.

Model Law on Computer and Computer Related Crime

In October 2002, the Commonwealth Secretariat prepared the “Model Law on Computer and Computer Related Crime” for the Commonwealth Nations consisting of 53 member countries. The Model Law widened the criminal liability for offences related to internet and computer systems, and for using illegal devices and methods related to computer technology.

The Model Law also introduced the concept of dual criminality in respect to cyber crimes. It states that the offence would also be punishable if a person commits an offence outside his country, if the person’s actions would constitute an offence under any law of the country where the offence was committed. This concept of dual criminality may lead to prosecution or extradition. Some of the member countries of the Commonwealth have drafted their domestic cyber law based on the Model Law.

The Group of Eight (G8)

At the Denver Summit 1997, the Group of Eight (G8) was mainly focused towards punishing high-tech criminals, and promoting technical and legal developments to counter international computer crimes.  

At the Okinawa Summit 2000, the Okinawa Charter on Global Information Society adopted the principles of international collaboration and harmonization for cybercrime. The Group of Eight agreed on importance and principles for the protection of privacy, free flow of information, and security of transactions.

The Organization for Economic Cooperation and Development (OECD)

The OECD consists of 30 member countries. In 1983, a committee was appointed by the OECD to discuss computer and cyber crimes and criminal law reforms. In December 1999, the OECD officially approved the Guidelines for Consumer Protection in the Context of Electronic Commerce, representing the member States’ consent for consumer protection for e-commerce. 

The OECD adopted Guidelines for the Security of Information Systems and Networks in 2002, to “promote security among all participants as a means of protecting information systems and networks”.

Global international efforts by the United Nations (UN)

In 1990, the General Assembly of the UN adopted the Guidelines Concerning Computerized Personal Data Files; it aimed at taking proper measures to protect the files against both natural and artificial dangers. 

Various resolutions have been endorsed by the UN General Assembly with the same motive to improve cyber security awareness internationally, to fight the criminal misuse of information systems and to prevent cybercrime.

International Legal Regime Relating To e-Commerce

UNCITRAL Model Law on Electronics Commerce, 1996

The UNCITRAL Model Law on Electronic Commerce was adopted by the United Nations Commission on International Trade Law (UNCITRAL) to help countries in framing the legislation for allowing and facilitating e-commerce and e-government. Model Law serves as a model to countries to enhance their laws related to commercial relationships involving the use of computerized or other modern communication techniques. The Model Law puts electronic communications on par with traditional paper-based modes of communication by giving them equal status. It also has provisions related with transmission and receipt of messages and electronic contracts, however, it does not address jurisdictional or conflict of laws issues. The model law has the following characteristics:

1. Establishes rules to validate contracts formed through electronic means and sets rules for forming e-contracts and governing them,
2. Defines the characteristics of valid electronic writing and of an original document,
3. Provides for the legality of electronic signatures for legal and commercial purposes, 
4. Provides for the admission of computer and electronic evidence in court proceedings.

Legal regime in India

IT Act, 2000

• Digital Signature and Electronic Signature- Digital signature means authentication of any electronic record by means of an electronic method or procedure as provided under Sec 3 of the Act.

A subscriber can authenticate any electronic record or identification by electronic signature or electronic authentication. An Amendment to the IT Act in 2008 introduced the term electronic signatures.

• E-Governance- Electronic Governance is dealt with under Sections 4 to 10A of the IT Act, 2000. It provides for legal recognition of electronic records and Electronic signature and also provides for legal recognition of contracts formed through electronic means. 

Filing of any form, application, issue or grant of any license or payment in Government offices and its agencies may be done through the means of electronic form.

1. Regulation of Certifying Authorities- The IT Act provides for the Controller of Certifying Authorities (CCA) to provide license and regulate Certifying Authorities. The Certifying Authorities (CAs) issue digital signature certificates for electronic authentication of subscribers. The CCA certifies the public keys of CAs using its own private key, which enables users in the cyberspace to verify that a given certificate is issued by a licensed CA.
2. Duties of Subscribers- Duties of subscribers are mentioned in Chapter VIII under Sections 40-42. Subscriber means a person in whose name the electronic signature certificate is issued. A subscriber is in a way a customer or a buyer. Duties of subscribers are as followed:

• Sec 40: The subscriber has to generate public key pair by applying the security procedure when any Digital Signature Certificate has been accepted by a subscriber, the public key of which (Digital Signature Certificate) corresponds to the private key the subscriber which is to be listed in the Digital Signature Certificate. 
• Sec 41(1): He shall demonstrate acceptance of the digital signature certificate generated by the certifying authority- to one or more persons, in a repository or otherwise. 
• Sec 41(2): He shall provide correct information.
• Sec 42(1): He shall take reasonable care to retain control of the private key corresponding to the public key listed in his Digital Signature Certificate and shall prevent its disclosure.
• Sec 42(2): If the private key corresponding to the public key listed in the Digital Signature Certificate has been compromised, then, the subscriber shall communicate the same without any delay to the Certifying Authority.
• He shall use the certificate only for the authorized purposes as specified in the certifying authority’s CPS.
• He shall notify any changes in the information without any delay.
• He shall terminate the use of the certificate if the information in the certificate is found to be incorrect and misleading.
• Penalties and Adjudications: Penalties and adjudication are provided under Chapter IX from Sec 43-47.

Penalties

Section 43: If any person without the permission of the owner or any other person who is in charge of a computer, computer system or computer network causes damage to it, then he shall be liable to pay damages by way of compensation to the person so affected.

Section 43A: Where a body corporate fails to protect any personal data which it possess or deals with in its computer resource, thereby causing wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.

Section 44: (a) If any person fails to furnish any document, return, report to the controller, or certifying authority fails to furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each such failure;

(b) If any person fails to file any return or furnish any information, books or other documents within the time specified in the regulations, he shall be liable to a penalty not exceeding five thousand rupees for every day during which such failure continues

(c) If any person fails to maintain books of accounts or records, he shall be liable to a penalty not exceeding ten thousand rupees for every day during which the failure continues.

Section 45: If any person contravenes any rules or regulations made under this Act, for which no penalty has been separately provided, then he shall be liable to pay a compensation not exceeding twenty-five thousand rupees to the person affected by such contravention or a penalty not exceeding twenty-five thousand rupees.

Adjudication

Section 46: The Central Government shall appoint any officer not below the rank of a Director to the Government of India or an equivalent officer of a State Government to be an adjudicating officer for holding an inquiry in the manner prescribed by the Central Government. 

Section 47: While adjudging the quantum of compensation under this Chapter, the adjudicating officer shall consider the following factors: 

(a) the amount of gain of unfair advantage, wherever quantifiable, made as a result of the default; 

(b) the amount of loss caused to any person as a result of the default; 

(c) the repetitive nature of the default.

Offences under the Act: Offences are provided under Chapter XI from Sec 65-76

Section 65: Tampering with computer source documents: If any person conceals, destroys, or alters any computer source document intentionally, then he shall be punishable with imprisonment which may extend to three years, or fine which may extend to two lakh rupees or both.

Section 66: Computer related offences: Any person dishonestly, or fraudulently does any act as referred in Section 43 (damage to computer, computer system), then he shall be he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.

Section 66A: Sending offensive messages through any communication services: If any person sends offensive messages through any communication devices, he shall be punishable with imprisonment for a term which may extend to three years and with fine.

Section 66B: Receiving stolen computer’s resources or communication devices dishonestly: Any person dishonestly, or fraudulently receives or retains any stolen computer resource or communication device, then he shall be shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both. 

Section 66C: Identify theft: Any person dishonestly, or fraudulently make use of Electronic Signature, Password or any other Unique Identification Feature of any other person, then he shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh or both. 

Section 66D: Cheating by personation by the use of computer’s resources: Any person dishonestly, or fraudulently by means of any communication device or computer resource cheats by personating, then he shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.

Section 66E: Violation of privacy: Any person intentionally captures, publishes, or transmits the image of a private area of any person without consent, then he shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both. 

Section 66F: Cyber terrorism: Any person does any act electronically, or with use of computer with intent to threaten unity, integrity, security, or sovereignty of India, then he shall punishable with imprisonment for life.

Section 67: Publishing or transmitting obscene material in electronic form: Any person publishes, or transmits in electronic form any material which appeals to prurient interest, or if its effect is such as to tend to deprave and corrupt persons who are likely to read, see, or hear the matter contained in it, then he shall be shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees. 

Section 67A: Publishing or transmitting of material containing sexually explicit act, etc., in electronic form: Any person publishes, or transmits in electronic form any material which contains sexually explicit act, or conduct, then he shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees. 

Section 67B: Publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form: Whoever transmits or publishes any materials that depict children in sexually explicit act or conduct in any electronics form shall be sentenced for either description for a term which may extend to five years of imprisonment with a fine that could extend to rupees ten lakhs on the first conviction. And in the event of second conviction criminals could be sentenced for either description for a term that could extend to 7 years along with a fine that could extend to rupees ten lakhs.

Section 71: Misrepresentation: Whoever makes any misrepresentation to, or suppresses any material fact from the Controller or the Certifying Authority for obtaining any licence or electronic signature certificate, as the case may be, shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

Section 72: Breach of confidentiality and privacy: If any person who has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person, then he shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both. 

Section 72A: Disclosure of information in breach of lawful contract: If any person who has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, then he shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.

Section 73: Publishing False digital signature certificates: If any person publishes an Electronic Signature Certificate, or make it available to any other person with the knowledge that Certifying Authority has not issued it, or Subscriber has not accepted it, or Certificate has been revoked or suspended then he shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both. 

Section 74: Publication for fraudulent purpose: If any person knowingly creates, publishes, or otherwise makes available Electronic Signature Certificate for any fraudulent or unlawful purpose, then he shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both. 

Other Provisions

Section 75: Act to apply for contravention or offence that is committed outside India: If any person has committed an offence, or contravention committed outside India, and if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India, then the provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality.

Section 76: Confiscation: Any computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, in respect of which any provision of this Act, rules, orders or regulations made thereunder has been or is being contravened, shall be liable to confiscation However, if it is proved that such resources were not used in committing fraud then only person in default will be arrested.

Conclusion

The global nature of cyber crimes has started a war against them both nationally and internationally. International cooperation is highly needed in these times of constant scientific developments in computer and network technology and the threats imposed by cyber criminals. All the above mentioned international regimes are aimed towards achieving that cooperation among various countries to fight cyber crimes and regulate cyber law.

India, even though not a signatory to the Convention on Cyber Crimes, is also trying its best to fight cyber crimes. With the enactment of the IT Act, 2000, and the IT (Amendement) Act, 2008 various developments related to cyber law have occurred in India. However, proper implementation of cyber law is still needed as many people are not aware of the threats the internet can pose. 

References

• Explanatory Report to the Convention on Cybercrime, Para 304, Date of Access: 10.10.2019 <https://rm.coe.int/16800cce5b>
• The Budapest Convention on Cybercrime: a framework for capacity building; GFCE; Dated: 07.12.2016; Date of Access: 10.10.2019 <https://www.thegfce.com/news/news/2016/12/07/budapest-convention-on-cybercrime>
• Chapter III: Emerging International Cyber Law Regime; Shodhganga; Date of Access: 10.10.2019 <https://shodhganga.inflibnet.ac.in/bitstream/10603/120167/5/chapter%203.pdf>
• Xingan Li: International Actions against Cybercrime: Networking Legal Systems in the Networked Crime Scene; Webology, Vol 4, No. 3, September, 2007, Date of Access: 10.10.2019 < http://www.webology.org/2007/v4n3/a45.html#footnote29>
• History And Background Of The Model Law: Guide to Enactment of the UNCITRAL Model Law on Electronic Commerce (1996); Lex Mercatoria; Date of Access: 11.10.2019 

<https://www.jus.uio.no/lm/un.electronic.commerce.model.law.1996/history.background.html>

• UNCITRAL Model Law on Electronic Commerce; IT Law Wiki; Date of Access: 11.10.2019 

<https://itlaw.wikia.org/wiki/UNCITRAL_Model_Law_on_Electronic_Commerce>

• Anuraj Singh: Studies Report on Cyber Law in India & Cybercrime Security; International Journal of Innovative Research in Computer and Communication Engineering; Vol. 5 Issue 6; June 2017 <www.ijircce.com>
• Definition and Duties of Subscriber; LL.B. Corner; Dated: 10.02.2019; Date of Access: 13.10.2019 

< https://www.llbcorner.co.in/2019/02/definition-and-duties-of-subscriber.html>

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skill.