Kamis, 04 Desember 2008

Data Theft in Cyber Space – Issues and Laws

The rapid development of Information technology poses new challenges before the law. These challenges are not confined to any single traditional legal category but arise in, for example, Criminal Law, Intellectual Property Law, Contract and Tort. One such challenge is the growing menace of “Data Theft”. It is the term used when any information in the form of data is illegally copied or taken from a business or other individual without his knowledge or consent.



Data as a valuable asset



Data is a valuable asset in this modern era of Information Technology (IT). Data is an important raw-material for Call Centers and I.T. Companies. Data has also become an important tool and weapon for Corporates to capture larger market shares. Due to the importance of Data in this new era, its security has become a major issue with the I.T. industry. The piracy of data is a threat, faced by the I.T. players, who spend millions to compile or buy data from the market. Their profits depend upon the security of their Data.




Issues


The major issue regarding Data Theft is its International character, for example Systems may be accessed in USA, the data manipulated in China and the consequences felt in India. The result of this ability is that different sovereignties, jurisdictions, laws and rules will come into play which again is an issue in itself. Further, collection of evidence in such circumstances become another issue as investigation in three different countries, all of whom may not be in talking terms, is almost impossible and poor technical know-how of our cops adds to the woes. Also, the lack of coordination between different investigating agencies and a not-so-sure extradition process is another head ache. However the biggest of all these issues is the lack of specific laws in the country dealing with this crime, so even if the culprit is caught he can easily get away by picking and choosing any of the of various loopholes in our law.




Does India have sufficient Laws?



The problem of data theft which has emerged as one of the major cyber crimes worldwide has attracted little attention of law makers in India. Unlike U.K which has The Data Protection Act, 1984 there is no specific legislation in India to tackle this problem, though India boasts of its Information Technology Act, 2000 to address the ever growing menace of cyber crimes, including data theft. The truth is that our IT Act, 2000 is not well equipped to tackle such crimes. The various provisions of the IT Act, 2000 which deal with the problem to some extent are briefly discussed below.



Section 43:- This section provides protection against destruction and unauthorized access of the computer system by imposing heavy penalty up to one crore. The unauthorized downloading, extraction and copying of data are also covered under this section. Clause ‘C’ of this section imposes penalty for unauthorized introduction of computer viruses of contaminants. Clause ‘G’ provides penalties for assisting the unauthorized access.



Section 65:- This section provides for computer source code. If anyone knowingly or intentionally conceals, destroys, alters or causes another to do as such shall have to suffer imprisonment of up to 3 years or fine up to 2 lakh rupees. Thus protection has been provided against tampering of computer source documents.


Section 66:- Protection against hacking has been provided under this section. As per this section, hacking is defined as any act with an intention to cause wrongful loss or damage to any person or with the knowledge that wrongful loss or damage will be caused to any person and information residing in a computer resource must be either destroyed, deleted, altered or its value and utility get diminished. This section imposes the penalty of imprisonment of up to three years or fine up to two lakh rupees or both on the hacker.



Section 70:- This section provides protection to the data stored in the protected system. Protected systems are those computers, computer system or computer network to which the appropriate government, by issuing gazette information in the official gazette, declared it as a protected system. Any access or attempt to secure access of that system in contravention of the provision of this section will make the person accessed liable for punishment of imprisonment which may extend to ten years and shall also be liable to fine.



Section 72:- This section provides protection against breach of confidentiality and privacy of the data. As per this, any person upon whom powers have been conferred under IT Act and allied rules to secure access to any electronic record, book, register, correspondence, information document of other material discloses it to any other person, shall be punished with imprisonment which may extend to two years or with fine which may extend to one lakh rupees or both.





Can Data Theft be covered under IPC?



Section 378 of the Indian Penal Code, 1860 defines ‘Theft’ as follows:-


Theft – Whoever, intending to take dishonestly any movable property out of the possession of any person without that person’s consent, moves that property in order to such taking, is said to commit theft.



Section 22 of I.P.C., 1860 defines “movable property” as follows:-


“The words “movable property” are intended to include corporeal property of every description, except land and things attached to the earth or permanently fastened to anything which is attached to the earth.”



Since Section 378 I.P.C., only refers to “Movable Property” i.e. Corporeal Property, and Data by itself is intangible, it is not covered under the definition of "Theft”. However, if Data is stored in a medium (CD, Floppy etc.) and such medium is stolen, it would be covered under the definition of ‘Theft’, since the medium is a movable property. But, if Data is transmitted electronically, i.e., in intangible form, it would not specifically constitute theft under the IPC.



“Data”, in its intangible form, can at best be put at par with electricity. The question whether electricity could be stolen, arose before the Hon’ble Supreme Court in the case “Avtar Singh vs. State of Punjab” (AIR 1965 SC 666). Answering the question, the Supreme Court held that electricity is not a movable property, hence, is not covered under the definition of ‘Theft’ under Section 378 IPC. However, since Section 39 of the Electricity Act extended Section 378 IPC to apply to electricity, so it so became specifically covered within the meaning of “Theft”. It is therefore imperative that a provision like in the Electricity Act be inserted in the IT Act, 2000 to extend the application of section 378 IPC to data theft specifically.





What do we need and why do we need?



It is imperative in today’s world that an emerging IT super power like India has a comprehensive legislation to protect its booming IT and BPO Industries (worst affected industries) against such crimes. Though the IT Act may appear sufficient in this regard but it is not comprehensive enough to tackle the minute technological intricacies involved in such a crime which leaves loopholes in the law and the culprits get away easily. Since this problem is not confined to one nation and has international dimensions, India must look forward to be a signatory to any international convention or treaty in this regard. Also it high time that our national police organizations are trained to deal with such crimes.

2 komentar:

shrey mengatakan...

cu, gw udah coba..
bisa buat search pi nyari blog gw gbisa..

tenk2 mengatakan...

mungkin emang blom masuk nek....
emang lama qo masuknya...
sabar ya....

Posting Komentar