What is Cyber Law?

1.1 What is Cyber Law?

In order to arrive at an acceptable definition of the term Cyber Law, we must first understand the meaning of the term law.

Simply put, law encompasses the rules of conduct:

(1) that have been approved by the government, and

(2) which are in force over a certain territory, and

(3) which must be obeyed by all persons on that territory.

Violation of these rules will lead to government action such as imprisonment or fine or an order to pay compensation.

The term cyber or cyberspace has today come to signify everything related to computers, the Internet, websites, data, emails, networks, software, data storage devices (such as hard disks, USB disks etc) and even electronic devices such as cell phones, ATM machines etc. Thus a simplified definition of cyber law is that it is the “law governing cyber space”. The issues addressed by cyber law include:

1. Cyber crime1
2. Electronic commerce2
3. Intellectual Property in as much as it applies to cyberspace3
4. Data protection & privacy4

For sake of convenience we shall briefly discuss the development of cyber law around the world under two heads – international measures and national measures.

International Measures5

The first comprehensive international effort dealing with the criminal law problems of computer crime was initiated by the Organisation for Economic Co-operation and Development (OECD)6.

From 1983 to 1985, an ad hoc committee of OECD discussed the possibilities of an international harmonization of criminal laws in order to fight computer-related economic crime. In September 1985, the committee recommended that member countries consider the extent to which knowingly committed acts in the field of computer-related abuse should be criminalized and covered by national penal legislation.

In 1986, based on a comparative analysis of substantive law, OECD suggested that the following list of acts could constitute a common denominator for the different approaches being taken by member countries:

1. The input, alteration, erasure and/or suppression of computer data and/or computer programs made willfully with the intent to commit an illegal transfer of funds or of another thing of value;

2. The input, alteration, erasure and/or suppression of computer data and/or computer programs made willfully with the intent to commit a forgery;

3. The input, alteration, erasure and/or suppression of computer data and/or computer programs, or other interference with computer systems, made willfully with the intent to hinder the functioning of a computer and/or telecommunication system;

4. The infringement of the exclusive right of the owner of a protected computer program with the intent to exploit commercially the program and put in on the market;

5. The access to or the interception of a computer and/or telecommunication system made knowingly and without the authorization of the person responsible for the system, either (i) by infringement of security measures or (ii) for other dishonest or harmful intentions."

From 1985 to 1989, the Select Committee of Experts on Computer-Related Crime of the Council of Europe discussed the legal problems of computer crime. The Select Committee and the European Committee on Crime Problems prepared Recommendation No. R(89)9, which was adopted by the Council on 13 September 1989.

This document "recommends the Governments of Member States to take into account, when reviewing their legislation or initiating new legislation, the report on computer-related crime... and in particular the guidelines for the national legislatures".

The guidelines for national legislatures include a minimum list, which reflects the general consensus of the Committee regarding certain computer-related abuses that should be dealt with by criminal law, as well as an optional list, which describes acts that have already been penalized in some States, but on which an international consensus for criminalization could not be reached.

The minimum list of offences for which uniform criminal policy on legislation concerning computer-related crime had been achieved enumerates the following offences:

1. Computer fraud. The input, alteration, erasure or suppression of computer data or computer programs, or other interference with the course of data processing that influences the result of data processing, thereby causing economic or possessory loss of property of another person with the intent of procuring an unlawful economic gain for himself or for another person;

2. Computer forgery. The input, alteration, erasure or suppression of computer data or computer programs, or other interference with the course of data processing in a manner or under such conditions, as prescribed by national law, that it would constitute the offence of forgery if it had been committed with respect to a traditional object of such an offence;

3. Damage to computer data or computer programs. The erasure, damaging, deterioration or suppression of computer data or computer programs without right;

4. Computer sabotage. The input, alteration, erasure or suppression of computer data or computer programs, or other interference with computer systems, with the intent to hinder the functioning of a computer or a telecommunications system;

5. Unauthorized access. The access without right to a computer system or network by infringing security measures;

6. Unauthorized interception. The interception, made without right and by technical means, of communications to, from and within a computer system or network;

7. Unauthorized reproduction of a protected computer program. The reproduction, distribution or communication to the public without right of a computer program which is protected by law;

8. Unauthorized reproduction of a topography. The reproduction without right of a topography protected by law, of a semiconductor product, or the commercial exploitation or the importation for that purpose, done without right, of a topography or of a semiconductor product manufactured by using the topography.

The optional list relates to the following:

1. Alteration of computer data or computer programs. The alteration of computer data or computer programs without right;

2. Computer espionage. The acquisition by improper means or the disclosure, transfer or use of a trade or commercial secret without right or any other legal justification, with intent either to cause economic loss to the person entitled to the secret or to obtain an unlawful economic advantage for oneself or a third person;

3. Unauthorized use of a computer. The use of a computer system or network without right, that either: (i) is made with the acceptance of significant risk of loss being caused to the person entitled to use the system or harm to the system or its functioning, or (ii) is made with the intent to cause loss to the person entitled to use the system or harm to the system or its functioning, or (iii) causes loss to the person entitled to use the system or harm to the system or its functioning;

4. Unauthorized use of a protected computer program. The use without right of a computer program which is protected by law and which has been reproduced without right, with the intent, either to procure an unlawful economic gain for himself or for another person or to cause harm to the holder of the right.

In 1990, the legal aspects of computer crime were also discussed by the United Nations, particularly at the Eighth United Nations Congress on the Prevention of Crime and the Treatment of Offenders, at Havana, as well as at the accompanying symposium on computer crime organized by the Foundation for Responsible Computing. The Eighth United Nations Congress adopted a resolution on computer-related crime. In its resolution 45/121, the General Assembly welcomed the instruments and resolutions adopted by the Eighth Congress and invited Governments to be guided by them in the formulation of appropriate legislation and policy directives in accordance with the economic, social, legal, cultural and political circumstances of each country. The United Nations Commission on International Trade Law (UNCITRAL) formulated the UNCITRAL Model Law on Electronic Commerce in 1996. The Model Law is intended to facilitate the use of modern means of communication and storage of information. It is based on the establishment of a functional equivalent in electronic media for paper-based concepts such as "writing", "signature" and "original".

The Convention on Cybercrime of the Council of Europe is currently the only binding international instrument on the issue of cyber crime. The convention serves as a guideline for countries developing a comprehensive national legislation against Cybercrime. It also serves as a framework for international cooperation between State Parties to the treaty7.

The Convention is supplemented by a Protocol on Xenophobia and Racism committed through computer systems.

National Measures

Being at the forefront of computer technology, and being the country that developed what is today referred to as the Internet, the USA has been the global leader in developing laws relating to cyber crime.

In 1977, Senator Abraham Ribicoff introduced the first Federal Systems Protection Act Bill. This evolved into House Bill 5616 in 1986, which resulted in the Computer Fraud and Abuse Act of 1987 established as Article 1030, Chapter 47 of Title 18 of Criminal Code. The US states of Florida, Michigan, Colorado, Rhode Island and Arizona were the first to have computer crime laws based on the first Ribicoff bill8.

Some of the earlier relevant federal legislations include the Communications Fraud and Abuse Act of 1986, the Electronic Communications Privacy Act of 1986, the Credit Card Fraud Act of 1984, the Federal Copyright Act of 1976 and the Wire Fraud Act.

Also relevant are provisions of the Electronic Fund Transfer Act (Title XX of Financial Institutions Regulatory and Interest Rate Control Act of 1978) and the Federal Privacy Act of 1974 (codified in 5 USC Sect. 552a).

Some of the more recent US legislations relevant to cyber law are the 'No Electronic Theft' Act (1997), the Digital Millennium Copyright Act (1998), the Internet Tax Freedom Act (1998), the Child Online Protection Act (1998), the U.S. Trademark Cyberpiracy Prevention Act (1999), the Uniform Electronic Transactions Act (UETA) (1999), the Uniform Computer Information Transactions Act (UCITA) (2000), the Electronic Signatures in Global & National Commerce Act (E-Sign) (2000), the Children’s Internet Protection Act (2001) and the USA Patriot Act (2001).

In China, the relevant laws are the Computer Information Network and Internet Security, Protection and Management Regulations (1997), the Regulations on Computer Software Protection (2002) and the Criminal Law of the People's Republic of China (1979) as revised in 1997.

In Australia the relevant law for cyber crime is the Cybercrime Act (2001) and the revised Criminal Code Act (1995). For electronic commerce, the relevant law is the Electronic Transactions Act 1999. Also relevant is The Commonwealth’s Privacy Act (1988).

In Canada, the relevant law for cyber crime is the Criminal Code as amended to include computer crimes. For electronic commerce, the relevant law is the Electronic Transactions Act (2001).

In Malaysia, the relevant law for cyber crime is the Computer Crimes Act (1997). For electronic commerce, the relevant law is the Digital Signatures Act (1997).

In Singapore the relevant law for cyber crime is the Computer Misuse Act. For electronic commerce, the relevant law is the Electronic Transactions Act (1998).

In United Arab Emirates (UAE), the relevant law for cyber crime is the Federal Law No. 2 of 2006 Combating Information Technology Crimes. For electronic commerce, the relevant law is the Law No. 2 of 2002 of the Emirate of Dubai – Electronic Transactions and Commerce Law.

In the United Kingdom the relevant laws for cyber crime are the Forgery and Counterfeiting Act (1981), Computer Misuse Act (1990), Data Protection Act (1998), Terrorism Act (2000), Regulation of Investigatory Powers Act (2000), Anti-terrorism, Crime and Security Act (2001) and Fraud Act (2006). For electronic commerce, the relevant laws are the Electronic Communications Act (2000) and the Electronic Signatures Regulations (2002).

In Japan the relevant laws for cyber crime are the Unauthorized Computer Access Law (Law No. 128 of 1999) and the Online Dating Site Regulating Act (June 2008).

In India, the primary legislation for cyber crimes as well as electronic commerce is the Information Technology Act (2000) as amended by the Information Technology (Amendment) Act, 2008. Also relevant for cyber crimes is the amended Indian Penal Code.