Law relating to Unauthorized Access

March 6, 2011, by | Start Discussion

One of the most publicized risks to information systems is that of unauthorised access, often referred to as hacking. For some, hacking is seen as something that happens to other people typically large or high profile organisations. But this is not the case, as use of the Internet grows, so too does the number of attacks.

Generally, Unauthorized Access is when a person who does not have permission to connect to or use a system gains entry in a manner unintended by the system owner.

Unauthorized Access under IT Act

Law of Unauthorized access has been described under three sections, viz. Sec. 43, Sec. 66 and Sec. 70. Before understanding meaning of Unauthorized Access, let's first understand the term access. 

Sec. 2 (1) (a) defines access as "access" with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network; 

Here, gaining entry into also applies to physical access, e.g. a massive supercomputer is located in a room. Rohit breaks its door and entered into it. He has gained access to the computer. 

Section 43:- Penalty and compensation for damage to computer, computer system, etc. 

If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network,
 
a)    accesses or secures access to such a computer, computer system or computer network or computer resource;
b)    downloads, copies or extracts any data, computer data base or information from such a computer, computer system or computer network including information or data held or stored in any removable storage medium;
 
Explanation. For the purpose of this section,
 
"computer data base" means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalized manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network;
 
c)    introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer network;
 
Explanation. For the purpose of this section,
 
"computer contaminant" means any set of computer instructions that are designed
 
(1) to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or
(2) by any means to usurp the normal operation of the computer, computer system, or computer network;
 
·    "computer virus" means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource; by any means. 

d)    damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such a computer, computer system or computer network;
 
Explanation.  For the purpose of this section,
 
"damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by any means.
 
e)    disrupts or causes disruption of any computer, computer system or computer network;

f)    denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;

g)     provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;

h)    charges the services availed by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network,

i)     destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;

j)    steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage; 

Explanation. For the purposes of this section,
 
Computer source code means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

Punishment for contravening provisions of this Section is to pay damages by way of compensation to the person affected.

Sec. 66:- Computer related offences

If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.

Explanation.for the purpose of this section,

(1) the word dishonestly as per section 24 of the Indian Penal Code means Whoever does anything with the intention of causing wrongful gain to one person or wrongful loss to another person, is said to do that thing "dishonestly". 

(2) the word fraudulently as per section 25 of the Indian Penal Code means, A person is said to do a thing fraudulently if he does that thing with intent to defraud but not otherwise. 

Sec. 70:- Unauthorized access to protected systems  

1)    The appropriate Government may, by notification in the Official Gazette, declare any computer resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a protected system.

Explanation.For the purpose of this section, Critical Information Infrastructure means the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.

2)    The appropriate Government may, by order in writing, authorise the persons who are authorised to access protected systems notified under sub-section (1).

3)    Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.

Appropriate Government is determined as per Schedule VII of the Constitution of India. Schedule VII contains three lists:-
 

  • ·    Union
  • ·    State
  • ·    Concurrent

Central Government (parliament) has exclusive rights to make laws on items mentioned in the Union list. E.g. Defence, banking, economy, foreign relations, atomic energy, etc.

State Government has exclusive rights to make laws on the items mentioned in the State list. E.g. Police, law & order, local government, etc.

Central as well as state government has powers to make laws on the items mentioned in the concurrent list. E.g. electricity, forests, etc.

Illustration: – If the computer network of the RBI has been declared as a protected system, Central Government would be the responsible Government.

Sagar is a Law graduate. He is Head at Asian School of Cyber Laws(Maharashtra). He specializes in Cyber Law, Intellectual Property Law and Corporate Law. He teaches at numerous educational institutions across India.

Leave a Reply