Computer Crime Research Center

etc/eye2.jpg

Techno-Legal Compliance In India: An Essential Requirement

Date: July 19, 2006
Source: Computer Crime Research Center
By: Praveen Dalal

... individuals and the Government and its agencies. A computer network owned by the Government may contain valuable information concerning defence and other top secrets, which the Government will not wish to share otherwise. The same can be targeted by the terrorists to facilitate their activities, including destruction of property.

(c) Demolition of e-governance base

The aim of e-governance is to make the interaction of the citizens with the government offices hassle free and to share information in a free and transparent manner. It further makes the right to information a meaningful reality. It must be noted that the primary aim of all cyber terrorist activities is to collapse a sound communication system, which includes an e-governance base. Thus, by a combination of virus attacks and hacking techniques, the e-governance base of the government can be caused to be collapsed. This would be more deleterious and disastrous as compared to other tangible damages, which were caused by the traditional terrorist activities. Similarly, the terrorists to the common detriment of the nation at large can illegally obtain information legitimately protected from public scrutiny by the government in the interest of security of the nation. Thus, a strong e-governance base with the latest security methods and systems is the need of the hour.

(d) Distributed denial of services attack

The cyber terrorists may also use the method of distributed denial of services (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate traffic is prohibited from reaching the Government or its agencies computers. This results in immense pecuniary and strategic loss to the government and its agencies. It must be noted that thousands of compromised computers can be used to simultaneously attack a single host, thus making its electronic existence invisible to the genuine and legitimate netizens and end users. This is the most commonly used method to collapse the base of a corporate competitor. The companies must be very cautious regarding their technological base so that DDOS cannot occur.

(e) Network damage and disruptions

The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This activity may divert the attention of the security agencies for the time being thus giving the terrorists extra time and makes their task comparatively easier. This process may involve a combination of computer tampering, virus attacks, hacking, etc. The companies must be very particular and cautious about such suspicious activities.

(2) Cyber extortions

The offence of extortion is not new but in existence from long time. The same has, however, taken different shades and ramifications. Under the traditional Penal law the offence of extortion is completed the moment an offender intentionally puts any person in fear of “any injury” to that person, or to any other, and thereby dishonestly induces the person so put in fear to deliver to any person any property or valuable security, or anything signed or sealed which may be converted into a valuable security. The expression “injury” denotes any harm whatever illegally caused to any person, in body, mind, reputation or property. The modern form of extortion is totally different from its traditional counterpart. The hackers have found a way to lock up the electronic documents on any person’s computer and then demand $ 200 over the internet to get them back. The modus operendi is very simple. The files and documents are encrypted after hacking the computer of the victim. A ransom note is left behind that contains a contact address in the form of e-mail address. Once contacted, a demand of $ 200 is made to “unlock” the files and documents.

The offence of cyber extortion now uses a new kind of malware circulating on the Internet that freezes a computer and then asks for a ransom to be paid electronically. The new Trojan falls into a class of viruses described as "ransomware." Once run, the Trojan freezes the computer, displaying a message saying files are being deleted every 30 minutes. It describes the procedure as to how to send $10.99 electronically to free the computer. Interestingly, last time a “pass word” was provided once payment was made, though that was finally broken and distribute openly. This time, the offenders have technologically improved their modus operendi. They have decided to block access to the computer itself.

Things like these are expected in future also and companies must be very careful about these attacks. This is a dangerous trend and unfortunately the Ministry of Information Technology has “diluted” the “Offences “section of IT Act, 2000 further in their proposed amendments. Instead of taking care of newer offences and contravention, the Ministry preferred to dilute the criminal sanctions to a ridiculous level. Thus the companies must equip themselves with a techno-legal solution that satisfies the due diligence requirement of the IT Act, 2000.


(3) E-mail manipulations

In today’s world e-mail communication is not only the most commonly used method of communication but also the most effective one. However, it has a darker side as well. E-mails can be intercepted in transit in the same manner as telephones can be. In an online environment, any person with average technological knowledge can set up "sniffer programs” to scan all traffic flowing between the targeted computer and its proposed destinations. This is known as “e-mail snooping”. The notorious software known as Carnivore can also be used for e-mail monitoring and surveillance. The Alibris e-mail tampering case, reported in a press release at the Department of Justice web server, is another example. Thus, e-mails can be manipulated, tampered with and even deleted without the knowledge of the account holder. An “unsecure”e-mail account not supported by any “Digital Signature” would definitely be vulnerable to online attacks. The companies must be very cautious about their trade secrets and confidential information that may be leaked due to e-mail manipulations.

The companies are at serious risk of various online threats. This is more so where the other countries are technologically more advanced. One of the peculiar features of the Internet is that an online attack can be launched from any corner of the World. If a person possesses superior technological knowledge, then he can manipulate the online environment from any part of the World. The present requirement is to keep the security of the online environment updated and as per the International standards. The companies may face corporate criminal liability on various counts if they keep on neglecting the techno-legal requirement of the contemporary society.

III. Corporate criminal liability

Corporations are as much part of our society as are any other social institution. Corporations represent a distinct and powerful force at regional, national and global levels and they wield enormous economic powers. Besides governments and governmental agencies, it is the corporations that are the more and more effective agents of action in our society. But, corporations, as we understand today, have not been same in the past. The multitude of roles the corporations play in the present day human life have been necessitated by the demands of the society, as it kept on ‘developing’. The development of the society, at various points of time, has had a direct influence on the structure and functions of the corporation. This had led to an ever increasing demand for the law to recognise the change and suit its applications, accordingly. Today, a corporation is an artificial entity that the law treats as having its own legal personality, separate from and independent of the persons who make up the corporation . A corporation has an existence separate from the shareholders constituting it and they cannot be held liable for the wrongs committed by the corporation. The corporations are run by natural persons and these peoples’ actions can be criminal in nature and can sometimes even result in great economical as well as human loss to the society. The development of the law relating to corporate criminal liability in India is not only similar to that in English law, but also greatly influenced by the English Law. Further, under Indian law as well as under the English law, a Company is a creation of the law. It is not a human being but is an artificial person. On incorporation, the company acquires a separate legal entity distinct from and independent of its members. When a company is incorporated, all dealings are with the company and all persons behind the company are disregarded, however important they may be. Thus, a veil is drawn between the company and its members. Normally, the principle of corporate personality of a company is respected in most of the cases. The separate personality of the company is, however, a statutory privilege; it must be used for legal and legitimate business purposes only. Where a fraudulent, dishonest or improper use is made of the legal entity, the concerned individual will not be allowed to take shelter behind the corporate personality. The court will break...
Add comment  Email to a Friend

Discussion is closed - view comments archieve
2008-08-24 00:37:54 - I Agree. What would you do with hard disks... Manoj
2006-11-27 05:32:43 - ciao io sono amina volio asere tu amica ciao amina
Total 2 comments
Copyright © 2001-2024 Computer Crime Research Center
CCRC logo