Cybersecurity in India: An Ignored World
Date: February 07, 2007Source: Computer Crime Research Center
By:
India is on the verge of a technology revolution and the driving force behind the same is the acceptance and adoption of Information and Communication Technology (ICT) and its benefits. This technology revolution may, however, fail to bring the desired and much needed result if we do not adopt a sound and country oriented e-governance policy. A sound e-governance policy presupposes the existence of a sound and secure e-governance base as well. The security and safety of various ICT platforms and projects in India must be considered on a priority basis before any e-governance base is made fully functional. This presupposes the adoption and use of security measures more particularly empowering judiciary and law enforcement manpower with the knowledge and use of cyber forensics and digital evidencing.
I. Introduction
The information technology is a double edge sword, which can be used for destructive as well as constructive work. Thus, the fate of many ventures depends upon the benign or vice intentions, as the case may be, of the person dealing with and using the technology. For instance, a malicious intention forwarded in the form of hacking, data theft, virus attack, etc can bring only destructive results unless and until these methods have been used for checking the authenticity, safety and security of the technological device which has been primarily relied upon and trusted for providing the security to a particular organisation. For instance, the creator of the “Sasser worm” has been hired as a “security software programmer” by a German firm, so that he can make firewalls, which will stop suspected files from entering computer systems. [1] Thus, these methods may also be used for checking the authenticity, safety and security of one’s technological device, which has been primarily relied upon and trusted for providing the security to a particular organisation. In fact, a society without protection in the form of “self help” cannot be visualised in the present electronic era. [2] Thus, we must concentrate upon securing our ICT and e-governance bases before we start encashing their benefits. The same can be effectively achieved if we give due importance to this fact while discussing, drafting and adopting policies decisions pertaining to ICT in general and e-governance in particular. The same is also important for an effective e-commerce base and an insecure and unsafe ICT base can be the biggest discouraging factor for a flourishing e-commerce business. The factors relevant for this situation are too numerous to be discussed in a single work. Thus, it would be better if we concentrate on each factor in a separate but coherent and holistic manner. The need of the hour is to set priority for a secure and safe electronic environment so that its benefits can be reaped to the maximum possible extent.
II. Cyber Forensics
The concepts of cyber security and cyber forensics are not only interrelated but also indispensably required for the success of each other. The former secures the ICT and e-governance base whereas the latter indicates the loopholes and limitations of the adopted measures to secure the base. The latter also becomes essential to punish the deviants so that a deterrent example can be set. There is, however, a problem regarding acquiring expertise in the latter aspect. This is so because though a computer can be secured even by a person with simple technical knowledge the ascertainment and preservation of the evidence is a tough task. For instance, one can install an anti-virus software, firewall, adjust security settings of the browser, etc but the same cannot be said about making a mirror copy of hard disk, extracting deleted files and documents, preserving logs of activities over internet, etc. Further one can understand the difficulty involved in the prosecution and presentation of a case before a court of law because it is very difficult to explain the evidence acquired to a not so techno savvy judge. The problem becomes more complicated in the absence of sufficient numbers of trained lawyers in this crucial field.
The Cyber Forensics has given new dimensions to the Criminal laws, especially the Evidence law. Electronic evidence and their collection and presentation have posed a challenge to the investigation agencies, prosecution agencies and judiciary. The scope of Cyber Forensics is no more confined to the investigation regime only but is expanding to other segments of justice administration system as well. The justice delivery system cannot afford to take the IT revolution lightly. The significance of cyber forensics emanates from this interface of justice delivery system with the Information Technology.
III. The need of Cyber Forensics
The growing use of IT has posed certain challenges before the justice delivery system that have to be met keeping in mind the contemporary IT revolution. The contemporary need of Cyber Forensics is essential for the following reasons:
(a) The traditional methods are inadequate: The law may be categorised as substantive and procedural. The substantive law fixes the liability whereas the procedural law provides the means and methods by which the substantive liability has to contended, analysed and proved. The procedural aspects providing for the guilt establishment provisions were always there but their interface with the IT has almost created a deadlock in investigative and adjudicative mechanisms. The challenges posed by IT are peculiar to contemporary society and so must be their solution. The traditional procedural mechanisms, including forensic science methods, are neither applicable nor appropriate for this situation. Thus, “cyber forensics” is the need of the hour. India is the 12th country in the world that has its own “Cyber law” (IT Act, 2000). However, most of the people of India, including lawyers, judges, professors, etc, are not aware about its existence and use. The traditional forensic methods like finger impressions, DNA testing, blood and other tests, etc play a limited role in this arena.
(b) The changing face of crimes and criminals: The use of Internet has changed the entire platform of crime, criminal and their prosecution. This process involves crimes like hacking, pornography, privacy violations, spamming, phishing, pharming, identity theft, cyber terrorisms, etc. The modus operendi is different that makes it very difficult to trace the culprits. This is because of the anonymous nature of Internet. Besides, certain sites are available that provides sufficient technological measures to maintain secrecy. Similarly, various sites openly provide hacking and other tools to assist commission of various cyber crimes. The Internet is boundary less and that makes the investigation and punishment very difficult. These objects of criminal law will become a distant reality till we have cyber forensics to tackle them.
(c) The need of comparison: There is a dire need to compare the traditional crimes and criminals with the crimes and criminal in the IT environment. More specifically, the following must be the parameters of this comparison:
(a) Nature of the crime
(b) Manner/Methods of commission of the crime,
(c) Purpose of the crime,
(d) Players involves in these crimes, etc.
Thus, Cyber Forensics is required to be used by the following players of criminal justice system:
(a) Investigation machinery- Statutory as well as non-statutory
(b) Prosecution machinery, and
(c) Adjudication machinery- Judicial, quasi-judicial or administrative.
(d) Jurisdictional dilemma: The Internet is not subject to any territorial limits and none can claim any jurisdiction over a particular incidence. Thus, at times there is conflict of laws. The best way is to use the tool of Cyber Forensics as a “preventive measure” rather than using it for “curative purposes”.
IV. Conclusion
The growing use of ICT for administration of all the spheres of our daily life cannot be ignored. Further, we also cannot ignore the need to secure the ICT infrastructures used for meeting these social functions. The threat from “malware” is not only apparent but also very worrisome. There cannot be a single solution to counter such threats. We need a techno-legal “harmonised law”. Neither pure law nor pure technology will be of any use. Firstly, a good combination of law and technology must be established and then an effort must be made to harmonise the laws of various countries keeping in mind common security standards. In the era of e-governance and e-commerce a lack of common security standards can create havoc for the global trade in goods and services. The tool of Cyber Forensics, which is not only preventive but also curative, can help a lot in establishing a much needed judicial administration system and security base.[3]
© Praveen Dalal. All rights reserved with the author.
* Arbitrator, Consultant and Advocate, Supreme Court of India.
Managing Partner-Perry4law (Legal Firm, New Delhi, India)
Contact at: [email protected] , [email protected]
[1] Praveen Dalal, “Securing cyberspace by private defence”, http://cyberforensicsinindia.blogspot.com/2006/01/securing-cyberspace-by-private-defence.html
[2] Praveen Dalal, “ICT strategy in India: The need of rejuvenation”,...
Add comment Email to a Friend