Cybercrime in Nepal

Table of Contents

ACKNOWLEDGEMENT

CHAPTER I - INTRODUCTION
1.1. Background
1.2. Research Questions
1.3. Methodology

CHAPTER II – OVERVIEW ON CYBERCRIME
2.1. Introduction
2.2. What are Cybercrime?
2.3. Modus Operandi of Cybercrime

CHAPTER III – CYBERCRIME IN NEPAL
3.1. Nepalese Legal Regime governing Cybercrime
3.1.1. Electronic Transaction Act, 2008
3.1.2. Banking Offence and Punishment Act, 2008
3.1.3. Children's Act 1992
3.1.4. Some Public (Crime and Punishment) Act, 1970
3.1.5. The Patent, Design and Trademark Act, 1965
3.1.6. Copyright Act, 2002
3.1.7. Consumer Protection Act, 1998
3.1.8. Other
3.2. Threat of Cybercrime in Nepal
3.3. Present Scenario
3.3.1. Cases
3.3.2. Complaint registered tendency
3.4. Prospective threats that may arise

CHAPTER 4 – EUROPEAN CONVENTION ON CYBERCRIME
4.1. International perspective
4.2. European Convention on Cybercrime

CHAPTER V – ANALYSIS
5.1. Nepalese legal regime addressing current or prospective modus operandi of cybercrime
5.1.1. Substantive Legal Regime
5.1.2. Enforcement
5.2. Comparison of Nepalese legal regime with Convention on Cybercrime

CHAPTER VI – CONCLUSION AND RECOMMENDATION
6.1. Conclusion
6.2. Recommendation

Bibliography

ACKNOWLEDGEMENT

I wish to acknowledge and express my sincere gratitude to my dissertation supervisor Mr. Tobias Mahler (PhD) who, irrespective of his professional engagements agreed to supervise my thesis. I highly appreciate the beneficial comments he made on my thesis and thank him for his patience with me. The paper would not have completed without his support and assistance.

This thesis would not have been completed without motivation and assistance of my parents and family members.

I am also very gratified to Ms. Pooja Khatri for lending a hand in every thick and thin and incessantly motivating me during my entire work. I am also indebted to my colleagues Mr. Anurag Devkota, Mr. Roshan Gupta, Mr. Bidhan Khaniya, Mr. Barun Ghimire and Mr. Nischal Pokharel, Mr. Bikash Thapa and Mr. Neetij Rai for providing the assistance in completing my dissertation.

I am grateful towards Inspector General of Nepal Police, Mr. Upendrakanta Aryal for his openness in providing data of Nepal police for educational purpose. Similarly, I am thankful towards Inspectors Shaligram Poudel and Subash Thakuri, Deputy Superintendent of Police Mr. Chandra Singh Dhami, officials of Central Bureau of Investigation, Central Department of Investigation, Cybercrime Cell of Nepal Police – Hanumandhoka, Kathmandu District Court and Supreme Court of Nepal.

I genuinely appreciate the assistance done by Norwegian State Education Loan Fund for providing my all economic support for writing the dissertation.

November 2014

CHAPTER I - INTRODUCTION

1.1. Background

"Because of its technological advancements, today’s criminals can be more nimble and more elusive than ever before. If you can sit in a kitchen in St. Petersburg, Russia, and steal from a bank in New York, you understand the dimensions of the problem."^[1]

— Former U.S. Attorney General Janet Reno

Computers and the Internet has now become backbone for virtually all facets of modern life, from personal communications and finance to the processing and management of electrical grids and power plants are being dependent with computer and internet.^[2]In today's 21st Century, our lives have been dominated by computers and communication networks. The advent of computers has had far-reaching effects and, although some people may not have had the opportunity to navigate the “digital highway”^[3]directly, they probably have been touched in other ways. Although the growth of technology in present era has resulted in flaunt of commercial growth, thriving economies and spread of democracy, on the other hand it has also resulted in increment of cost. One such cost that we now face is a new twist on traditional crime – cybercrime.^[4]Criminological research has expanded its focus over the last two decades to address the various forms of technology-enabled crime and the applicability of traditional theories to account for offending.^[5]The rapid growth of the information and communication technology (ICT) networks in cyberspace has created new opportunities for criminals in perpetrating crime, and to exploit online vulnerabilities and attack countries’ critical information infrastructure.^[6]As a result of intensification of information technology, the modus operandi in commission of crime has resulted in abet of technology in committing crime. The crime of fraud or defamation or forgery that used to be committed traditionally by use of paper or verbal way have now turned to be committed in social networking or e-commerce. These crimes have been occurring since the creation of the internet and technology. If there is information to be shared, there is information to be sabotaged. The challenge is countered by every online individual, company or organization across the globe.^[7]

In particular, cybercrime against business is growing all around the world. It is estimated that the likely annual cost to the global economy from cybercrime is more than $400 billion.^[8]A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion.^[9]Even the smallest of these figures is more than the national income of most countries and governments and companies underestimate how much risk they face from cybercrime and how quickly this risk can grow. One European survey points out that 43% of over 3000 surveyed companies, organizations, government agencies believe that cybercrime will be the biggest and most damaging class of criminal activity in the future.^[10]The increasing role of the Internet sales, the massive amount of data transferred through the computerized information systems inside and outside organizations, much of which is very sensitive and is related to the core of business; the immense use of Internet in the workplace; and increased access to confidential information, all of these are factors that contribute to the growing threat of cybercrime.^[11]

Nepal, a landlocked country positioned in South Asia cannot be exceptional territory for commission of cybercrime. The incidence of cybercrime in Nepal is directly proportional to the level of progress made in Nepal in information technology. The internet users in Nepal have been rampantly increased. As per the data provided by International Monetary Fund, there were 50,000 internet users in Nepal in 2000 which has increased to 2,690,162 in 2012.^[12] According to the World Bank, internet penetration had reached 13.3 percent in Nepal as of December 2013.^[13]Increase in internet user has certainly increased the instances of cybercrime in Nepal. As discussed in later chapter of this thesis, newspaper reports, police reports, the database of the police, judicial decisions and data from scholars' articles support the fact that Nepal has been evidenced as a hub for increasing cybercrime in recent days. The media almost daily reports cases regarding cybercrime in Nepal, which however is not same when researcher examines the report of courts and police, which means that the instances of cybercrime are either unreported or the perpetrator is not invoked with offence. The thesis aims to address the issue of instances of cybercrime being unreported or not being invoked. Thus this thesis broadly intends to highlight the present modus operandi of instances of cybercrime and evaluate whether or not the existing substantive laws of Nepal have been able to address the growing new pattern of commission of crime. While evaluating the laws, the thesis also examines the Nepalese legal system in light of the standard set forth by European Convention on Cybercrime^[14].

1.2. Research Questions

Broadly, the thesis aims to resolve two research questions. Firstly, whether or not the legal regime of cybercrime in Nepal has been able to address current or prospective modus operandi of cyber related crime? And secondly, whether Nepalese legal regime related to cybercrime is in line with the standards set forth in Convention on Cybercrime, 2001 for addressing the cybercrime?

1.3. Methodology

The dissertation is substantially based on secondary resources such as scholar's article, books, and data from police, annual report of court and informal unstructured discussion with personnel from relevant authorities. Furthermore, the thesis has undertaken empirical study of cases and reports along with unstructured interview with relevant officials using random purposive sampling. After observation of secondary sources, unstructured interview, the paper has used primary sources such as treaties and laws to make a analytical study where the findings has been analyzed and conclusion has been drawn.

CHAPTER II – OVERVIEW ON CYBERCRIME

2.1. Introduction

Cybercrime is the emerging crime around the globe which has unique modus operandi and can be committed being domiciled in any part of world against individual/institution situated in other part. Technocrats are well affirmed with the threat of cybercrime so are constantly working to develop new technology so as to prevent cybercrime, i.e. the world stands at a crossroads for developing defence mechanisms against it.^[15]Most cybercrimes, however, do not involve violence but rather greed, pride, or play on some character weakness of the victims. It is difficult to identify the culprit, as the net can be a vicious web of deceit and can be accessed from any part of the globe. For these reasons, cybercrimes are considered as "white-collar crimes".^[16]Furthermore, cybercrime produces high returns at low risk and (relatively) low cost for the perpetrators. The rate of return on cybercrime favors the criminal; the incentive is to steal more.^[17]The rate of return per victim on cybercrime can be very low, but because the costs and risks of engaging in it are even lower, cybercrime remains an irresistible criminal activity.^[18]

Cybercrime can generally be divided into two broad categories – crime that are facilitated by computers or the internet, and crimes against computers or computer system.^[19]Cyber-crime is an extension of traditional crime but it takes place in cyberspace^[20]-- the nonphysical environment created by computer systems. By utilizing globally connected phone systems and the world’s largest computer network, the Internet, cyber-criminals are able to reach out from just about anywhere in the world to just about any computer system, as long as they have access to a communications link.^[21]Ability of world wide access has resulted into territory-less dimension of cybercrime. Cybercrime, therefore, has an international aspect that creates many difficulties for nations that may wish to halt it or simply mitigate its effects.^[22]Moreover, cyber-crime is generally understood as the use of a computer-based means to commit an illegal act. One typical definition describes cyber-crime as "any crime that is facilitated or committed using a computer, network, or hardware device."^[23]As cybercrime is not bound by physical borders the criminal can found anywhere around the world – which itself has made cybercrime as universal natured crime.

2.2. What are Cybercrime?

The criminal activities to constitute as cybercrime is itself not clearly developed and there is no exhaustive list providing all set of cybercrime. There are number of definition of cybercrime which has separate specification of crime categorizing as cybercrime. The scope of criminal activities and their social consequences can be summarized by a typology of computer-related crime that comprises of two sets of crimes,^[24]i.e., conventional crimes, in which computers are instrumental to the offence, such as online attacks on computer networks, destruction of databases etc and conventional criminal cases in which evidence exists in digital form, such as cyber-vandalism and terrorism, insertion of viruses, worms, defamation, extortion, etc.

Similarly, McCusker has identified number of offences in three sets as cybercrime threats^[25], i.e., offences against the confidentiality, integrity and availability of computer data and systems (via activities such as hacking, deception, interception and espionage), computer-related ‘traditional’ crimes (fraud and forgery), content-related computer offences (such as website defacement and dissemination of false information) and offences relating to the infringement of copyright and related rights (such as the unauthorized reproduction and use of programs and databases).

In 2013, United Nations Office of Drugs and crime, making an attempt to define cybercrime has categorized cybercrime broadly into three areas^[26], i.e. (i) Acts against the confidentiality, integrity and availability of computer data or systems, (ii) Computer‐related acts for personal or financial gain or harm and (iii) Computer content‐related act. Cybercrime does not have universally accepted definition and it varies from academic scholars to the legislation.

Furthermore, the tenth United Nations Congress on the Prevention of Crime and the Treatment of Offenders as of the year 2000 has categorized five offenses as cyber-crime^[27], viz., unauthorized access, damage to computer data or programs, sabotage to hinder the functioning of a computer system or network, unauthorized interception of data to, from and within a system or network and computer espionage.

European Convention on Cybercrime, 2001 has substantially^[28]enlisted four sets of cybercrime which shall be discussed in greater detail in later section, i.e., offence against confidentiality, integrity and availability of computer data and systems– which includes crime such as illegal access, illegal interception, data interference, system interference and misuse of devices, computer related offences – which includes computer related forgery and fraud, content related offences – which includes offence related to child pornography and infringement of copyrights and related rights and ancillary liability – which includes offence of attempt, aiding or abetting and corporate liability.

Different actions which may amount to crime have been broadly classified into three categories.^[29]Firstly, cybercrimes where computer is used as a target which includes offences such as sabotage of computer systems or computer networks or operating system and program, theft of data or information or intellectual property such as software or marketing information, blackmailing based on information gained from computerized files such as personal history, sexual preferences, financial data, etc and Illegal access. Secondly, cybercrimes where computer is an instrument facilitating the crime includes offences such as software piracy, counterfeiting, copyright violation of computer programs, theft of technological equipment and illegal sale of duplicate CD. Thirdly, cybercrimes where computer is incidental to other crimes which includes those crime in which computer is not essential for the crime to occur, but computerization does help in the incidence of crime by processing of huge amount of information and makes the crime more difficult to be traced and identified – example money laundering, unlawful banking transactions

Thus, from discussion made in this chapter, any activity that uses computer as an instrumentality, target or a means for perpetrating further crime, falls within the ambit of cybercrime.^[30]As stipulated above, definitions and nature of cybercrime have been focused on the functional part rather than a universally accepted legal definition. Thesine qua nonfor cybercrime is that there should be an involvement of virtual cyber medium (computer) at any stage of crime. From the scholars view and legal propositions, there are some of peculiar features of cybercrime^[31], viz., cyber crime is global phenomenon which does not have any territorial barriers or jurisdictional restrictions, there is non-existence of any physical evidence, evidence of cybercrime is in digital format identified only by trained and skilled person, perpetrator of cybercrime largely be technocrats, Furthermore cybercrime is new approach identified by perpetrator such as electronic vandalism, transnational crime, electronic money laundering, counterfeiting, etc which includes computer network attack as well as electronic approach of committing traditional crimes and there is non requirement of disclosure of identity – can manage anonymity

At the outset, it is necessary to seek distinction between “true” cyber crime (i.e. dishonest or malicious acts which would not exist outside of an online environment, or at least not in the same kind of form or with anything like the same impact), and crime which is simply “e-enabled” (i.e. a criminal act known to the world before the advent of the worldwide web, but which is now increasingly perpetrated over the Internet).^[32]

2.3. Modus Operandi of Cybercrime

Modus operandi is a criminal investigation term for "way of operating," which may prove the accused has a pattern of repeating the same criminal acts using the same method.^[33]Modus operandi is a Latin term that means a method of operating^[34]. It refers to the manner in which a crime has been committed^[35]or characteristic way a criminal commits a specific type of crime. Moreover, modus operandi is a routine mode of conduct in which individualized techniques are employed in commission of crime^[36]which is the behaviour necessary for the successful commission of a crime.

Criminal's modus operandi is comprised of learned behaviour that can evolve and develop over time.^[37]Modus operandi is functional in nature and often serves or fails one or more purposes^[38]: (a) Protection of offender's identity, (b) Successful completion of the crime and (c) facilitation of offender escape. Thus, Modus operandi is the principle that a criminal is likely to use the same technique repeatedly, and any analysis or record of that technique used in every serious crime will provide a means of identification in a particular crime.

Modus operandi of cybercrime is observed in many semblances. Modus operandi of cybercrime depends on the prime objective of the perpetrator, i.e. actusreusof the crime. Most often, cybercrime is understood with its most advertised forms – web hacking, unauthorized access, publication of illicit material in computer worlds. However, apart from these commonly understood guises, there are other instances of cybercrime; relevant example would be instance of distributed denial-of-service attacks in early 2000 that brought down e-commerce sites in USA and Europe.^[39]Also in 2000, a Russian hacker named “Maxus” stole thousands of credit card numbers from the online merchant CD Universe and held them for ransom at $100,000 (U.S.). When his demands were not met, he posted 25,000 of the numbers to a public Web site.^[40]

Specifically, offenders may adjust their tactics to fit new environments, but the general nature of criminality in on-line spaces has not changed. Cybercrime incorporates anything from defamation in social networking sites or fraudulent transaction of money from online bank account. It also includes non-monetary offenses, such as creating viruses on other computers or posting confidential business information on the Internet.^[41]By virtue of the tools being used today to commit cybercrimes, criminals are now more anonymous and thereby difficult to identify.^[42]However, it must be understood that, cybercrime is not strictly speaking a technology problem – it is a strategy problem, a human problem and a process problem.^[43] After all, organizations are not being attacked by computers, but by people attempting to exploit human frailty as much as technical vulnerability.^[44]

In cybercrime, the modus operandi depends on the case to case basis where perpetrator uses several modes of technology to commit the crime. For example, for the purpose of proliferation of prostitution business, the perpetrator may host a website or blog or disseminate information through social networking sites. Similarly, perpetrator may defame through social networking sites or gain economically by fraudulently accessing information of victim. Because of new technology and mode of transaction, the modus operandi of cybercrime has been changing day to day. Previously, the illegal access was committed by accessing the respective system but now due to increase in cloud computing, the perpetrator has started with deception via cloud system.

Similarly, the perpetrator has been infringing the online copyright and trademark by hacking digital right management system that author has introduced in respective creation or product. The perpetrator has also infringed trademark by selling counterfeit product through online sales. These are the example of changing modus operandi in cybercrime that world has been facing today. However, as stated above, the modus operandi of cybercrime has different facets which depend on theactusreusof the perpetrator.

CHAPTER III – CYBERCRIME IN NEPAL

3.1. Nepalese Legal Regime governing Cybercrime

3.1.1. Electronic Transaction Act, 2008

There was no separate and independent law related to computer crimes prior to the enactment of the Electronic Transaction Act, 2008 (hereinafter referred to as 'ETA') and all the computer related crimes were tried under the traditional law of crimes, i.e. Country Code and sector specified criminal laws. Because of increasing use of computer in commission of different crimes and commission of crime against computer, it posed practical problem for the regulating agencies to regulate cyberspace transaction of citizens. ETA was promulgated by parliament of Nepal recognizing the expediency to make, legal provision for authentication and regularization of the recognition, validity, integrity and reliability of generation, production, processing, storage, communication and transmission system of electronic records by making the transactions to be carried out by means of electronic data exchange or by any other means of electronic communications, reliable and secured.^[45]Furthermore, the act was promulgated for controlling the acts of unauthorized use of electronic records or of making alternation in such records through the illegal manner.^[46]

Under definition clause of the act^[47], certain terminology related to cybercrime has been defined which includes definition of computer, computer database, computer network, data, access, electronic record, computer accessory and so on. Major part of ETA governs provision related to electronic record and digital signature^[48], controller and certifying authority^[49], digital signatures and certificates^[50], subscriber's duties and rights^[51], government use of digital signature^[52], network service^[53]and constitution of tribunals. However, chapter 9 under ETA explicitly provides provision related to offence relating to computer.^[54]

Broadly, ETA has criminalized eleven types of act as cybercrime where the act has mixed the offences related to computer and offence related in obtaining certification license for digital signature under the same heading of 'offence related to computer'. In context of this dissertation, the crime that has been included as cyber crime are : to pirate, destroy or alter computer source code, unauthorized access in computer materials, to damage to any computer and information system, publication of illegal materials in electronic form, to disclose confidentiality, to commit computer fraud, abetment to commit computer related offence and accomplice of offence.

In more detail, section 44 of ETA has criminalized the act of piracy, destruction or alteration of computer source code. If any person knowingly or withmala fideintention, pirates, destroys, alters computer source code to be used for any computer, computer program, computer system or computer network or cause, other to do so, shall be liable with punishment with imprisonment not exceeding three years or with a fine not exceeding two hundred thousand rupees or with both.^[55]Clarification of the section 44 has provided that 'computer source code' means the listing of programs, computer command, computer design and layout and program analysis of the computer resources in any form.

Section 45 of ETA has criminalized the act of unauthorized access in computer material. If any person with an intention to have access in any program, information or data of any computer, uses such a computer without authorization of the owner of or the person responsible for such computer or even in the case of authorization, performs any act with an intention to have access in any program, information or data contrary to from such authorization, such a person shall be liable to the punishment with the fine not exceeding two hundred thousand rupees or with imprisonment not exceeding three years or with both depending on the seriousness of the offence.^[56]

Section 46 has criminalized the act of damaging any computer and information system. If any person knowingly and with amala fideintention to cause wrongful loss or damage to any institution destroys, damages, deletes, alters, disrupts any information of any computer source by any means or diminishes value and utility of such information or affects it injuriously or causes any person to carry out such an act, such a person shall be liable to the punishment with the fine not exceeding two thousand rupees and with imprisonment not exceeding three years or with both.^[57]

Section 47 has criminalized the act of publication of illegal materials in electronic form. Although constitution of Nepal has guaranteed freedom of expression,^[58]ETA limits the freedom of expression. Pursuant to ETA, if any person publishes or displays any material in the electronic media including computer, internet which are prohibited to publish or display by the prevailing law or which may be contrary to the public morality or decent behaviour or any types of materials which may spread hate or jealousy against anyone or which may jeopardize the harmonious relations subsisting among the people of various castes, tribes and communities shall be liable to the punishment with the fine not exceeding one hundred thousand rupees or with the imprisonment not exceeding five years or with both.^[59]

Section 48 has criminalized the act of disclosure of confidentiality. If any person who has an access in any record, book, register, correspondence, information, documents or any other material under the authority divulges or causes to divulge confidentiality of such to any unauthorized person, he/she shall be liable to the punishment with a fine not exceeding ten thousand rupees or with imprisonment not exceeding two years or with both, depending on the degree of offence.^[60]

Section 52 of ETA has criminalized the act of commission of computer fraud. If any person with an intention to commit any fraud or any other illegal act, creates, publishes […] of acquires benefit from the payment of any bill, balance amount of any one's account, any inventory or ATM card in connivance of or otherwise by committing any fraud, amount of the financial benefit so acquired shall be recovered from the offender and be given to the person concerned and such an offender shall be liable to the punishment with a fine not exceeding one hundred thousand rupees or with an imprisonment not exceeding two years or with both.^[61]

Section 53 of ETA has criminalized abetment to commit computer related offence. A person who abets other to commit an offence relating to computer under the act or who attempts or is involved in the conspiracy to commit such an offence shall be liable to the punishment with a fine not exceeding fifty thousand rupees or with imprisonment not exceeding six months or with both, depending on the degree of the offence.^[62]Section 54 of the ETA has criminalized punishment to the accomplice. A person who assists other to commit any offence under the act or acts as accomplice, by any means shall be liable to one half of the punishment for which the principal is liable.^[63]

Furthermore, the act stipulated extra-territorial jurisdiction in case of cybercrime. If any person commits any act which constitutes offence under the act and which involves the computer, computer system or network system located in Nepal, even though such an act is committed while residing outside Nepal, a case may be filed against such a person and shall be punished accordingly.^[64]Furthermore, for the offence committed by a corporate person, such an offence shall be deemed to have been committed by a person who was responsible as chief for the operation of the corporate body at the time of committing such an offence.^[65]However, if the person acting as chief proves that such an offence was committed without his/her knowledge or that he/she has exercised all reasonable efforts to prevent such and offence, he/she shall not be liable to the guilty.^[66]The act under cybercrime may also deem to be criminalized under other laws. If any act deemed to be an offence under ETA and also deemed to be offence under the other laws prevailing, it shall not be deemed to have been hindered by ETA to file a separate case and punish accordingly^[67]-- for example the online defamation can be tied under laws for defamation, online prostitution can be filed under laws prohibiting prostitution, online gambling under laws prohibiting gambling in Nepal and so on.

3.1.2. Banking Offence and Punishment Act, 2008

Banking Offence and Punishment Act, 2008 is the law governing banking operation and transaction. Section 6 of the act has prohibited obtaining or making payment by way of abuse or unauthorized use of a credit card, debit card, automated teller machine (ATM) card or other electronic means.^[68]The person committing this crime shall be punished with recovery of amount and punishment up to five years depending on the amount of money.^[69]

3.1.3. Children's Act 1992

Children's Act, 1992, promulgated to protect and promote children's rights, to far extent has addressed the prohibition of child pornography broadly. Section 16(2) of the act prohibits making photograph of child for the purpose of engaging a child in immoral profession. Section 16(3) prohibits publication, exhibition or distribution of photograph or personal events or description of a child tarnishing the character of such child. Section 53 of the act provides punishment for the person committing such crime including seizure of the photograph and reasonable compensation to children for adverse effect on character of child.

3.1.4. Some Public (Crime and Punishment) Act, 1970

Some Public (Crime and Punishment) Act, 1970 has prohibited certain action amounting it to be as public crime which includes commission of act to make obscene show by using obscene speech, word or gesture in public place^[70], to print or publish any obscene materials using obscene language or by any word or picture which denotes obscene meaning; or to exhibit or sell or distribute such obscene publication in public place other than the purpose of public health or health science^[71], to threat or scold or tease or to commit any undue act or to express any undue thing to anyone through telephone, letter or any other means or medium with keeping intention to intimidate, terrorize or cause trouble or to insult or defame or harass to him/her.^[72]The act has stipulated penalty for commission of crime as stipulated above with punishment of fine up to ten thousand rupees and compensation to the victim.

3.1.5. The Patent, Design and Trademark Act, 1965

The Patent, Design and Trademark Act, 1965 has prohibited copy or use or cause to use in the name of others trademark without transforming the ownership or permission^[73]which incase committed shall be fined with amount not exceeding one hundred thousand rupees and confiscation of the goods.

3.1.6. Copyright Act, 2002

Copyright Act, 2002 has addressed the crime related to copyright where the act has protected copyright of expression of ideas including computer program. The act has also stipulated punishment for breach of copyright protection such as reproduction of copies of work^[74], advertise or publicize by copying a work belonging to another person with a motive of taking advantage of reputation gained by that work^[75], make work of other by changing the form and language of work with motive of deriving economic benefit^[76], to import/produce/rent any equipment or device prepared with intention of circumventing any device and other act related with infringement of copyright. Furthermore, the act has prohibited importation of copies of work or sound recording, either made in a foreign country or sourced otherwise, into Nepal for business purpose shall not be permitted if preparation of such copies would be considered illegal if they were prepared in Nepal^[77]. The act has prescribed punishment to perpetrator with monetary fine, imprisonment and compensation.^[78]

3.1.7. Consumer Protection Act, 1998

Consumer Protection Act, 1998 has prohibited unfair trade practice where the act defines "Unfair trade practices" as the sale or supply of consumer goods or services by making false or misleading claims about their actual quality, quantity, price, measurement, design, make etc., or the sale or supply of consumer goods produced by others by affecting their quality, quantity, price, measurement, design, make, etc.

3.1.8. Other

There are certain sector specific laws which can be invoked in case of commission of such crime in online world which can also be defined as cybercrime if in case committed via online or using computer or network. Practicing Black Marketing in online trade is to be regulated by Black Marketing and some other social offence and punishment act, 1975; online Gambling is addressed by Gambling Act, 1963; online practice of prostitution is addressed by Human Trafficking and Transportation (Control) Act, 2007 where section 6 prohibits prostitution; online defamation is addressed by Libel and Slander Act, 1959 where libel/defamation is criminalized with punishment; online lotteries are to be regulated by Lotteries Act, 1968.

3.2. Threat of Cybercrime in Nepal

Nepal is not exceptional territory for observing cybercrime threats. Growth in internet and computer users, development of technology, and widespread use of computer amongst people has resulted in the use of computer for commission of crime. The rapid development of computer connectivity and role of the internet in the emergence of new e-commerce has resulted in growth of cybercrime in Nepal which has compelled national government to address the need for regulation and security on the 'information superhighways'^[79]. The new opportunities created in cyberspace have enhanced the capacity of individual offenders and criminal networks that have emerged to exploit vulnerabilities in the new economy.^[80]Making an observation of existing pattern and trend of cybercrime in Nepal, threat of cybercrime is still likely to grow in coming years because of certain factors. Firstly, there is increasing business that are potential victims of cyber-crime (such as e-commerce, online banking, online store), secondly there is rise in number of potential perpetrators, thirdly, because of lack of precaution the cyber world is being used by general people, fourthly, the law has not been adequately amended as a need of time, and fourthly, investigation and lack of cyber forensic has diminished the chance of being caught. Compared to last few years, the pattern of cybercrime has been changed today and that will certainly be different in upcoming years. Previously, the trend of cybercrime in Nepal was limited to email blackmail, SMS blackmail, illicit publication in online world, data piracy, etc. But now the perpetrator has been committing different practices such as unauthorized access of data, phishing, online fraud, online sale of counterfeit products, online illegal activities such as prostitution. This part of the dissertation aims to focus on present situation of cybercrime in Nepal followed by the perspective problems that may arise in Nepal as cybercrime.

3.3. Present Scenario

In following section of this dissertation, major cases reported and data provided by authorized agency has been discussed for examining the present scenario of cybercrime and its threat in Nepal.

3.3.1. Cases

In this part, certain reported cases are discussed which exemplifies the existing pattern of cybercrime in Nepal. These cases are collected from the national daily newspaper where media constantly has been reporting commission of various instances of cybercrime in Nepal. Although there are many cases reported by newspaper, the author has attempted to take few similar cases for exemplification of the tendency and pattern of cybercrime.

i. Defamation online or Internet harassment

Nepal Police have caught a 27 -year-old man, who allegedly impersonated a girl in a Facebook account. Acting on behalf of the girl, perpetrator posted vulgar comments and nude photographs to different men including her friends.^[81]

Similarly,a victim lodged a complaint with police on August 1, 2011, demanding an action, after he was tagged to nude photographs and online porn links^[82]. Likewise, police arrested perpetrator in a case where the mobile number of a girl was publicly displayed on a fake account created in her name, soliciting sexual relationships. She made complaint to police, when she started getting telephone calls from strangers, asking about “rates per night".^[83]

ii. Unauthorized Access / Hacking

On March 18, 2013, Nepal Police arrested Naresh Lamgade of Anarmani, Jhapa for allegedly hacking into the accounts of Nabil Bank’s customers by creating a fake website of the bank.^[84]The perpetrator first sent email messages to Nabil’s e-banking customers asking them to change their security codes and providing links to do so. Whoever clicked on the link was taken to the fake e-banking website of Bank. When its account holders entered their identity and password, they unsuspectingly revealed their private login details to Lamgade. Similar cases were reported to Police as crime committed for e-banking of Nepal Investment Bank^[85], Bank of Asia in Nepal^[86].

[...]

---

^[1] Lehrer,Jim,Hacking Around, A News Hour Report on Hacking, In: The NewsHour,(April. 16, 2001).

^[2] Thomas J. Holt and Bossler, Badam M,An assessment of the current state of cybercrime scholarship, In: Deviant Behavior, 35 (2014), pp. 1-20.

^[3] E. Gabrys,The International Dimensions of Cyber-Crime, Part I, In: Information Systems Security, 11(2002), pp 21-22.

^[4] Ibid.

^[5] Holt and Bossler, (2014), pp. 1-20.

^[6] Draft UN Treaty on an International Criminal Court or Tribunal for Cyberspace, Schjolberg, Stein, (cybercrimelaw.net), 9th Edition, 2014.

^[7] Nick Nykodym et al,Criminal Profiling and insider cybercrime, In: Computer Law and Security Report, 21 (2005), pp. 408-411.

^[8] Centre for Strategic and International Studies,Net Losses : Estimating the Global Cost of Cybercrime, Economic impact of Cybercrime II, 2014, http://www.mcafee.com/ca/resources/reports/rp-economic-impact-cybercrime2.pdf, pp. 2 [visited 23 October 2014].

^[9] Ibid.

^[10] Krempl, Stegan.,Web of Deceit, In: Financial Times, September 2001, as cited in Nykodym et al (2005), pp. 411.

^[11] Nykodym, N. & Kehayov, R.,Cybercrime from the inside, Unpublished manuscript, as cited in Nykodym et al (2005), pp. 411.

^[12] Internet World Stats – Usage and Population Statistic,Nepal,(2013), http://www.internetworldstats.com/asia/np.htm, [Visited 23 September 2014].

^[13] World Bank, Nepal: Internet Users (per 100 people),2014, https://www.quandl.com/WORLDBANK/NPL_IT_NET_USER_P2-Nepal-Internet-users-per-100-people [Visited 25 September 2014].

^[14] Convention on Cybercrime, Council of Europe, ETS No. 185, http://conventions.coe.int/Treaty/en/Treaties/html/185.htm [Visited 23 September 2014].

^[15] Nykodym, Nick & Robert Taylor. The World’s Current Efforts Against Cybercrime, In: Computer Law and Security Report, 20(2004), pp. 390-395.

^[16] Phulara, Bashu Dev,Crime: Tackling Cybercrime in Nepal, In: The Nepal Digest, Newyork, year 15 volume XI, issue 1 (November 24, 2004).

^[17] Centre for Strategic and International Studies,Net Losses : Estimating the Global Cost of Cybercrime, Economic impact of Cybercrime II, 2014, http://www.mcafee.com/ca/resources/reports/rp-economic-impact-cybercrime2.pdf, pp. 10 [visited 23 October 2014].

^[18] Ibid.

^[19] Cyber Law Text and Cases, Gerald R. Ferrera [et al], India, (Cengage Learning), 3rd Edition, 2012, pp. 402.

^[20] The term “cyberspace” was first used by author William Gibson in his 1984 science fiction novelNeuromanceras cited in Gabrys(2002), pp. 23.

^[21] Gabrys (2002), pp. 23.

^[22] Gabrys,(2002), pp. 24.

^[23] Gordon, Sarah & Richard Ford,On the Definition and Classification of Cybercrime,In: J. Computer Virology, 2 (2006), pp. 13.

^[24] Broadhurst, Roderic,Developments in the global law enforcement of cybercrime,In : Policing: an International Journal of Police Strategies and Management, 29(3)(2006), pp. 408-433.

^[25] Mc.Cusker, R.,Transnational organized cybercrime: distinguishing threat from reality,In: Crime, Law and Social Change, 46(2006), pp. 257-273.

^[26] Ibid., 16.

^[27] Tenth U.N Congress on Prevention of Crime and Treatment of Offenders, Vienna, April 10-17, 2000, as cited inJudiciary-Friendly Forensics of Software Copyright Infringement, Vinod Polpaya Bhattathiripad, Pennsylvania, (Information Science Reference), 2014.

^[28] Section 1, Convention on Cybercrime, 2001.

^[29] Cybercrimes and Law,Vishwanath Paranjape, Allahabad, India, (Central Law Agency), 2010 pp. 26.

^[30] Ibid., pp.7.

^[31] Ibid., pp. 24.

^[32] Burden, Kit and Creole Palner,Cyber Crime – A new breed of criminal?, In: Computer Law & Security Report, 19(3) (2003), pp. 222.

^[33] Cornell University Law School - Legal Information Institute,modus operandi, www.law.cornell.edu/wex/modus_operandi [Visited 9 October 2014].

^[34] Berning, JMSP,Modus Operandi as Technique in Suspect Identification in Burglary Cases, (2008) http://uir.unisa.ac.za/bitstream/handle/10500/2408/dissertation.pdf.txt?sequence=2 [Visited 19 October 2014].

^[35] Criminal Investigation, Gross, H, London, (Sweet and Maxwell) 1924.

^[36] Berning (2008).

^[37] Turvey, B, Modus Operandi, In: Encyclopaedia of Forensic Science, London, (Academic Press), 2000, pp. 231-232.

^[38] Ibid.

^[39] Gabrys(2002).

^[40] Gabrys(2002).

^[41] Michael, K. Adu, Alese Boniface K and Adewale Olumide S,Mitigating Cybercrime and Online Social Networks Threats in Nigeria, In: Proceedings of the World Congress on Engineering and Computer Science, USA, 1 (2014).

^[42] Ibid.

^[43] Economic Crime: A threat to business globally, PWC's global economic crime survey, 2014, pp. 32,www.pwc.com/crimesurvey, [Visited 26 October 2014].

^[44] Ibid.

^[45] Electronic Transaction Act, 8 December 2008, Preamble.

^[46] ETA, 2008, preamble, para 2.

^[47] Ibid., Section 2.

^[48] Ibid., Chapter 2 and 3.

^[49] Ibid., Chapter 4.

^[50] Ibid., Chapter 5.

^[51] Ibid., Chapter 6.

^[52] Ibid., Chapter 7.

^[53] Ibid., Chapter 8.

^[54] Ibid., Chapter 9.

^[55] Ibid., Section 44.

^[56] Ibid., Section 45.

^[57] Ibid., Section 46.

^[58] Interim Constitution of Nepal, 2006, Article 13(3)(a).

^[59] ETA, 2008, Section 47.

^[60] Ibid., Section 48.

^[61] Ibid., Section 52.

^[62] Ibid., Section 53.

^[63] Ibid., Section 54.

^[64] Ibid., Section 55.

^[65] Ibid., Section 57.

^[66] Ibid., Clarification, Section 57.

^[67] Ibid., Section 59.

^[68] Banking Offence and Punishment Act, 2008, Section 6.

^[69] Ibid., Section 15.

^[70] Some Public (Crime and Punishment) Act, 1970, Section 2(1)(c).

^[71] Ibid., Section 2(1)(c1).

^[72] Ibid., Section 2(1)(j).

^[73] Patent, Design and Trademark Act, 1965, Section 16(2).

^[74] Copyright Act, 2002, Section 25(1)(a).

^[75] Ibid., Section 25(1)(b).

^[76] Ibid., Section 25(1)(c).

^[77] Ibid., Section 26.

^[78] Ibid., Section 27.

^[79] Broadhurst (2006) pp. 408 – 433.

^[80] Broadhurst (2006), pp. 408.

^[81] Sarkar, Avik,Cyber-Crime 27 Year Old Man Arrested in Nepal,Kathmandu, (2011), http://www.voiceofgreyhat.com/2011/10/cyber-crime-27-year-old-man-arrested-in.html, [Visited Date 9 September 2014].

^[82] Adhikari, Ankit. Facebook at core of cybercrimes, In: The Kathmandu Post, 4 August 2012, http://www.ekantipur.com/the-kathmandu-post/2012/04/08/top-story/facebook-at-core-of-cyber-crimes/233584.html, [Visited 9 October 2014].

^[83] Ibid.

^[84] Shrestha, Prithvi Man,Phishing incidents wake up Nepali banks to security threats, In: The Kathmandu Post, Kathmandu, 15 April 2013.

^[85] Ibid.

^[86] Ibid.