An overview of cyber-crimes and cyber law in India and Nepal

Table of contents

List of Abbreviations

Chapter I
1. Introduction
1.1 Background:
1.2 Statement of problem:
1.3 Objectives:
1.4 Significance of study:
1.5 Scope of study:
1.6 Operational definitions of key terms:
1.7 Review of literature
1.8 Methodology
1.9 Organization of study

Chapter II
Conceptual framework of cyber-crime and related laws in Nepal and India:
2.1 Concept of cyber, cyber-crime and cyber law
2.1.1 Cyber:
2.1.2 Cyber-crime:
2.1.3 Cyber law:
2.2 Development of cyber laws in Nepal and India
2.1.1 In Nepal:
2.1.2 In India:
2.3 Types of cyber-crime:
2.4 Effects of cybercrime:
a. Identity Theft
b. Security Costs
c. Monetary Losses
d. Piracy
2.5 Need for cyber law

Chapter III
3.1 Cyber laws in Nepal and India:
1. In Nepal:

Cases of Nepal

SapanaThapa vs. BidhurPrashadBhatta

Police vs. KirtanPokhrel

Maya Rai (Disguised name of the victim) vs. TikaBahadurMagar and two others

Government of Nepal vs. Ravi Kumar Kesari

2. In India

Cases of India
Avnish Bajaj vs. State famously known as Bazee. Com case 2005
Sreekanth C. Nair vs. Licensee Developer (2008) blocking of website
Kent RO systems ltd and ANR vsAmitKotak and ORS (EBAY- JAN 2017)
3.2Comparison between IT Act and ETA Act :
·Findings/Conclusion/Suggestions
Findings
Suggestions:
Conclusions:

Bibliography

List of Abbreviations

1. IS- Information System.
2. C2C- Consumer to Consumer
3. C2B- Consumer to Business
4. B2C- Business to Consumer
5. B2B- Business to Business
6. UN- United Nation
7. UNCITRAL- UN Commission on International Trade and Arbitration Law
8. WIPO- World Intellectual Property Law
9. UCLA students- University of California, Loss Angeles
10. DIA- Defense Intelligence Agency
11. CIA- Central Intelligence Agency
12. NSA- National Security Agency
13. DNS- Domain Name Server
14. ATM- Automated Teller Machine
15. HTML- Hypertext Markup Language
16. URL- Universal Resource Locator
17. ITA 2000- Information Technology Act, 2000 of India
18. IPC- Indian Penal Code
19. IT- Information Technology
20. TRIPs- Trade Related Aspects Of Intellectual Property Right’s
21. UDHR- Universal Declaration on Human Rights
22. ICCPR- International Covenant on Civil and Political Rights
23. IP- Internet Protocol
24. ISPs- Internet Service Providers
25. NTA- Nepal Telecommunication Authority
26. ISPAN- Internet Service Provider Association Of Nepal
27. ETA- Electronic Transaction Act
28. FoE- Freedom of Expression

Preface

In twenty first century the world has emerged as a global village and hence business, trades and all the international institutions, all the nations are being compelled to be a part of Cyberspace. In simple concerns, Cyberspace and cyber world are the most useful method for exercising the fundamental right of freedom of expression as in this world everybody has equal right to express their thoughts in front of large public, but this cyberspace has also been giving an open space for the cyber users to misuse the power of cyber world by giving the cyber users unauthorized access to infringe into the accounts of others.

This topic on "An overview of cyber-crime, cyber law with comparative study on ETA 2063 of Nepal and IT Act 2000 of India" is very relevant in the present context of developing and developed economy such as Nepal and India respectively. Creating rules and laws binding on nations is a matter for international negotiations and mutual acceptance by governments. The strong nations have the power to make the rules in their favour and the authority to implement those rules. But, an undeveloped nation cannot bargain and is unable to afford these international sets of rules and policies. They are compelled but not compatible.

I find this topic highlighting the similarities and differences between the laws of developing country and that of developed country. The major challenge, however for the weak economic nations like us is to combat with the growing issues relating to cyberspace and one world. With the growing and developing pillars of Nepal the concept of cyber law is very necessary as with the development of Nepal the issues relating to cybercrime are also growing day by day, which shall be combat by implementing strong laws relating cyber. So, I chose this topic for my paper. For example, the recent ATM fraud and Ransom ware like activities by cyber users are weakening the pillars of a nation. Hence, strong construction of cyber laws in Nepal as of India and other developed nations is very important.

Finally, I strongly believe that this project has made a timely and worthwhile contribution to sort out the types of cyber-crimes in Nepal and India and to compare the cyber laws between our developing country Nepal and neighbouring developed country India.

Thank You Pallavi Neupane

Acknowledgement

This seminar paper is submitted to National Law College as one of the requirements for B.A.LL.B programme conducted by the Faculty of law, Tribhuvan University. This requirement has acquainted in us knowledge to conduct short research and writing short seminar papers based on research.

The topic of my paper "Comparative study on laws regarding cyber-crime in Nepal and India" is relevant in the present modern era. I hope this seminar paper will be of great use to learn about the cyber, cyber-crime and cyber laws in the context of Nepal and India.

I would like to take this opportunity to express my gratitude to my teachers at the faculty of Law who have been supporting me constantly. I lack any words to express my profound appreciation to my supervisor Mrs.Arya Singh for her constant support and guidance also I would like to thank my seniors who helped me throughout the process of making this seminar paper.

Finally, I would like to thank all of my friends and my family who assisted me with their constant support and encouragement.

23rd May 2018 Pallavi Neupane

Chapter I

1. Introduction

1.1 Background:

Computers and the Internet has now become backbone for virtually all facets of modern life, from personal communications and finance to the processing and management of electrical grids and power plants are being dependent with computer and internet. In today's 21st Century, our lives have been dominated by computers and communication networks. The internet has revolutionized the life styles and brought new dimensions to our ways of life. The advent of computers has had far-reaching effects and, although some people may not have had the opportunity to navigate the “digital highway”¹ directly, they probably have been touched in other ways. The world’s least developed as well as developed countries including Nepal and India have rewarded themselves of the opportunity to rapidly develop education, health, agriculture, tourism, trade and various other sectors using Information technologies. We are living in e-age. The expression e-age means ‘the age of e-governance, e-commerce, e-communication, e-security and so on and means our existence and living in the cyber world. However, in today’s e-Age, ‘crime’ has extended itself beyond physical assault or mental torture; now it also affects our e-life. Although the growth of technology in present era has resulted in flaunt of commercial growth, thriving economies and spread of democracy, on the other hand it has also resulted in increment of cost. One such cost that we now face is a new twist on traditional crime – cybercrime.² Likewise many laws are also drafted/ made to regulate or control those kinds of crimes.

Before knowing the laws regarding cyber-crimes, we must know what cyber-crime actually is. Cybercrime also called as computer crime is any illegal activity that involves a computer or network connected device such as a mobile phone. Cyber-crimes like software, Piracy, Hacking etc. are increasing rapidly. To control those criminal activities, the ETA in Nepal is declared by Ministry of IT and Telecommunication in 2005 AD which is popularly known as cyber law. Whereas in India, Information technology Act 2008 is being enforced which was made effective from 27 Oct. 2009. The IT Act 2008 has brought marked changes in the IT Act 2000 on several counts. Similarly there are other several Acts and rules drafted/made in order to regulate or prevent cyber-crimes which can be termed as cyber laws.

1.2 Statement of problem:

In the present era, almost all the people are connected with internet/ social medias. There are many positive as well as negative parts of internet. Beside its positive parts, some people are misusing it whereas some people are becoming victims of the cyber-crime and there may be the situation where the victims and the criminals even don’t know what cyber-crime is. In the view of the researcher, there are no sufficient laws to regulate the cyber-crimes in Nepal as compared to neighboring developed country India. So the researcher is trying to introduce the cyber-crime, their various forms/kinds, cyber laws and compare Indian laws/ Acts to that of Nepal in order to find pros and cons of Nepalese cyber laws.

1.3 Objectives:

1. To know what the cyber-crime is and it’s various kinds.
2. To know the laws regarding cyber-crimes of Nepal and India.
3. To compare ETA Act of Nepal and IT Act of India.

1.4 Significance of study:

The entire world is moving towards development and simultaneously towards technological advancement and the rapid development of internet and computer technology globally has led to the growth of new forms of transnational crime especially. The problems and crimes brought by or in sector of information technology/ internet have virtually no boundaries. The researcher believes that the final paper will provide the readers with knowledge of cyber-crimes, cyber laws of Nepal and India especially ETA Act of Nepal and IT Act of India.

1.5 Scope of study:

On this research paper, the researcher has tried to focus on cyber-crime, its types, Electronic Transaction Act of Nepal and Information Technology Act of India and compare between these two. This paper may touch any other laws, rules or regulations of the countries but will not deal with them deeply. It will contain some cases of both the countries but there is no any time period limit for the cases.

1.6 Operational definitions of key terms:

CBI Manual:

a. Crimes committed by using computers as a means including conventional crimes.
b. Crimes in which computers are targets.

United Nations:

Cyber-crime in a narrow sense: any illegal behavior directed by means of electronic operations that targets the security of computer systems and the data processed by them.

Cyber-crime in a broader sense:

Any illegal behavior committed by means of or in relation to, a computer system or network, including such crimes as illegal possession and offering or distribution information by means of a computer system or network.

1.7 Review of literature

Cyber-crimes and legal measures, MAanish Kumar Chaubey.

In this book, new trends of cyber-crimes and the legal measures to prevent them are also described in detail. The book is very useful to aware people including students, lawyers, bankers, police officers and other people who use computer for personal and trade purpose about various facets of information technology and cyber-crimes.

Cyber law and crimes, Barkha and U.Rama Mohan, Third edition 13, March 2011

This book provides useful inputs to all sections of the people particularly parents, school managements and those who are interested in building food character of children. In this book, Authors put an effort to bring awareness among readers about the types of crimes hovering over the information technology and to keep them vigilant in tackling such problems, besides taking precautions while using the internet.

1.8 Methodology

This paper is based on doctrinal study. The researcher has taken account both primary and secondary sources of data. Primary sources of information are constitution, Acts and regulations of both Nepal and India while secondary sources of information are articles, journals, commentaries and book. Researcher has also followed Bluebook rules of citation.

1.9 Organization of study

This research paper is divided into five chapters, they are:

Chapter one: Introduction, it includes introduction of topic and methodology of study.

Chapter two: Conceptual framework of cyber, cybercrime and cyber law.

Chapter three: Cyber laws of Nepal and India and comparison between IT Act 2000 and ETA 2063.

Chapter four: Findings, Conclusions, Suggestions and Bibliography.

Chapter II

Conceptual framework of cyber-crime and related laws in Nepal and India:

2.1 Concept of cyber, cyber-crime and cyber law

2.1.1 Cyber:

Cyber is a prefix used in a growing number of technologies and IT terms to describe new things that are being made possible by the spread of computers. It is a prefix used to describe a person, thing or idea as part of the computer and information age. It was first used in cybernetics, a word coined by Norbert Wiener and his colleagues. Common usages include cyber culture, cyberpunk and cyberspace. A combining form meaning “computer, computer network or virtual reality used in the formation of compound words and by extension meaning “expressing vision of the future.” Simply the cyber means a computer, computer network and cybernetic, relating to computer, internet and overall computer network.³

2.1.2 Cyber-crime:

“Cyberspace must be one of the most contested words in contemporary culture. Wherever the term appears, it becomes the subject of speculation and controversy, as critics and proponents argue over its function and future. This tug of war over the terrain of cyberspace has generated more confusion and revealed more paradoxes than it has created clarity.”⁴

-Michelle Kendrick

"Because of its technological advancements, today’s criminals can be more nimble and more elusive than ever before. If you can sit in a kitchen in St. Petersburg, Russia, and steal from a bank in New York, you understand the dimensions of the problem."⁵

-Former U.S. Attorney General Janet Reno

Cyber-crime encompasses any criminal act dealing with computers and networks. Cyber-crime also includes traditional crimes conducted through the internet. It is not defined in IT Act, 2000, neither in the IT amendment Act 2008 nor in any other legislation in India. Offence or crime has been dealt with elaborately listing various acts and the punishments for each under the Indian Penal code 1860 and quite a few other legislations too. Hence to define cyber-crime we can say it is “ just a combination of crime and computer”.

We all are very familiar to the computers and internets directly or indirectly. Initially when man invented computer and then the internet technology for communicating between computers was evolved, he would have never thought that this cyber space could be misused for criminal activities and which required regulations. However, as we all know, everything has its pros and cons and so computers and internet are not an exception. Now almost all of us might have heard the term computer crime, cyber-crime, e-crime, hi-tech crime or electronic crime which is nothing but an activity done with a criminal intent in cyber space.⁶

The first recorded cyber-crime took place in the year 1820. That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan, and China. The era of modern computers, however, began with the analytical engine of Charles Babbage. In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in fear amongst Jacquard’s employees that their committed acts of sabotage to discourage Jacquard from further use of the new technology. In India, parliament gave effect to a resolution of the General Assembly of the United Nations for adoption of a Model Law on Electronic Commerce. The consequence was the passing of Information Technology Act 2000.⁷

The latest statistics show that cybercrime is actually on the rise. However, it is true that India and Nepal cybercrime is not reported too much about. Consequently there is a false sense of complacency that cybercrime does not exist and that society is safe from cybercrime. This is not the correct picture. The fact is that people do not report cybercrimes for many reasons. Many do not want to face harassment by the police. There is also the fear of bad publicity in the media, which could hurt their reputation and standing in society. Also, it becomes extremely difficult to convince the police to register any cybercrime, because of lack of orientation and awareness about cybercrimes and their registration and handling by the police.

2.1.3 Cyber law:

There is no clear definition of Cyber Law, Computer Law or Information and Communication Technology Law. However the subject can be briefly defined as the legal subject that emanated from the development of technologies, the innovation of computers and other related devices, the use of Internet and Electronic Data Interchange, etc.⁸ Cyber Law or, less colloquially, Internet Law, is a term that encapsulates the legal issues related to the use of communicative, transactional and distributive aspects of networked information devices and technologies.⁹ It is less a distinct field of law in the way that property or contract are, as it is a domain covering many areas of law and regulation.¹⁰

Cyber Law is the law governing cyber space. Cyber Law is a generic term which refers to all the legal and regulatory aspects of Internet and the World Wide Web. Anything concerned with or related to or emanating from any legal aspects or issues concerning any activity of citizens and others, in Cyberspace comes within the ambit of Cyber Law.

The number of cyber-crime is directly proportional to the level of advancement in information technologies. So there came to exist the need of cyber law to control the cyber-crimes and to punish the cyber criminals. There are so many Acts, rules, regulations, policies and laws regarding cyber-crime all over the world where cyber-crimes exist. But here the researcher focuses only on two Acts regarding cyber-crimes, each of India and Nepal. They are IT Act 2000, its amendment 2008 and ETA Act 2063 respectively.

2.2 Development of cyber laws in Nepal and India

2.1.1 In Nepal:

The internet users in Nepal are being increased rapidly day by day. Increase in internet user has certainly increased the instances of cybercrime in Nepal due to which the enactment of cyber laws was needed.

The government of Nepal passed "The Electronic Transaction and Digital Signature Act-Ordinance" popularly known as "Cyber Law" on 30th Bhadra 2061 BS(15 September,2004).But the government of Nepal (House of Representatives) has approved the Electronic Transaction Act-2063 only on 4th December 2006 and the Ministry of environment, science and technology (MoEST) formulated the Regulations. After that Rules regarding cyber-crime is passed on 2064 BS known as ETA Rules 2064. Before this there were no any cyber laws in Nepal to regulate and control cyber-crimes. And the cyber-crimes were used to be treated as other traditional crimes being based on the national code. In fact the cyber-crimes were not used to be recognized as special crimes¹¹.

2.1.2 In India:

The Information Communication Technology revolution in India had its beginning in 1975, when the Government of India strategically decided to take effective steps for the development of information systems and the utilization of information resources. The National Informatics Centre under the Electronic Commission/Department of Electronics was the outcome of this view and was assisted by United Nations Development Program (UNDP). The formation of National Association of Software Services Companies in the early 1990s reflects on India’s strength in this sector. Internet in India came in 1995 and after almost 5 years, India gets ready to legislate its first cyber law.¹²

INFORMATION TECHNOLOGY ACT, 2000 The Information Technology Act, 2000 heralded a new cyber law regime in the country. India became the 12th nation in the world to enact cyber laws.

The Union Cabinet approved the bill on May 13, 2000 and on May 17, 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received the assent of the President on 9th June 2000 and came to be known as the Information Technology Act, 2000. The Act came into force on 17th October 2000.¹³

With the passage of time, as technology developed further and new methods of committing crime using Internet & computers surfaced, the need was felt to amend the IT Act, 2000 to insert new kinds of cyber offences and plug in other loopholes that posed hurdles in the effective enforcement of the IT Act, 2000.¹⁴ This led to the passage of the Information Technology (Amendment) Act, 2008 which was made effective from 27 October 2009. The IT (Amendment) Act, 2008 has brought marked changes in the IT Act, 2000 on several counts.

2.3 Types of cyber-crime:

There are various types of cyber which are described as below:

Crimes/ offences tackled in IT Act 2000:

i. HACKING:

“Hacking” is a crime, which entails cracking systems and gaining unauthorized access to the data stored in them. Originally, the term “hacker” describes any amateur computer programmer who discovered ways to make software run more efficiently.¹⁵

ii. TAMPERING WITH COMPUTER SOURCE DOCUMENTS:

A person who knowingly or, intentionally conceals, destroys, alters or causes another to conceal, destroys and alter any computer source code used for a computer program, computer system or computer network, when the computer source code is required to be kept or maintained by law is punishable. For instance the C.D. ROM in which the source code files are stored, making a C file into a CPP file or removing the read only attributes of a file.¹⁶

iii. PUBLISHING OF INFORMATION, WHICH IS OBSCENE IN ELECTRONIC FORM:

A person who publishes or transmits or causes to be published in the electronic form, any material which is lascivious, or if its effect is such as to tend to deprave and corrupt persons who are likely to read, see or hear the matter contained or embodied in it, is liable to punishment.¹⁷

Electronic Transaction Act 2063 (2008) of Nepal has provisioned offences relating to computer which means cyber-crime in chapter 9 which is described below:

iv. To pirate, destroy or alter computer source code:

When computer source code is required to be kept as it is position for the time being the prevailing law, if any person, knowingly or with mala fide intention, pirates, Destroys, alters computer sources code to be used for any computer, computer programme, computer system or computer network or cause, other to do so.¹⁸

v. Unauthorized Access in Computer Materials:

If any person with an intention to have access in any programme, information or data of any computer, uses such a computer without authorization of the owner of or the person responsible for such a computer or even in the case of authorization, performs any act with an intention to have access in any programme, information or data contrary to from such authorization.¹⁹

vi. Damage to any Computer and Information System:

If any person knowingly and with a mala fide intention to cause wrongful loss or damage to any institution destroys, damages, deletes, alters, disrupts any information of any computer source by any means or diminishes value and utility of such information or affects it injuriously or causes any person to carry out.²⁰

vii. Publication of illegal materials in electronic form:

If any person publishes or displays any material in the electronic media including computer, internet which are prohibited to publish or display by the prevailing law or which may be contrary to the public morality or decent behavior or any types of materials which may spread hate or jealousy against anyone or which may jeopardize the harmonious relations subsisting among the peoples of various castes, tribes and communities.²¹

viii. Confidentiality to Divulge:

If any person who has an access in any record, book, register, correspondence, information, documents or any other material under the authority conferred under this Act or Rules framed hereunder divulges or causes to divulge confidentiality of such record, books, registers, correspondence, information, documents or materials to any unauthorized person.

ix. To commit computer fraud

If any person, with an intention to commit any fraud or any other illegal act, creates, publishes or otherwise provides digital signature certificate or acquires benefit from the payment of any bill, balance amount of any one's account, any inventory or ATM card in connivance of or otherwise by committing any fraud.²²

x. Abetment to commit computer related offence

A person who abets other to commit an offence relating to computer under this Act or who attempts or is involved in the conspiracy to commit such an offence.²³

There are some other cyber-crimes too which are not being mentioned in the cyber laws of India and Nepal which are as follows:

xi. Cyber Squatting:

Cyber-squatting is the act of registering a famous Domain Name and then selling it for a fortune. This is an issue that has not been tackled in IT Act 2000.²⁴

xii. Phishing

Phishing is just one of the many frauds on the internet, trying to fool people into parting with their money. Phishing refers to the receipt of unsolicited emails by customers of financial Institutions, requesting them to enter their username, password or other personal information to access their account for some reason. The fraudster then has access to the customer’s online bank account and to the funds contained in that account.

xiii. Cyber stalking

It is use of the internet or other electronic means to stalk someone. This term is used interchangeably with online harassment and online abuse. Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person appearing at a person’s home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person’s property.

xiv. Vishing

Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of “Voice” and phishing. Vishing exploits the public’s trust in landline telephone services. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.²⁵

xv. Malwarecomes in many different forms. Some hackers specifically target users' financial information by installing key loggers onto victims' computers. Malware samples can also reach users via a number of delivery methods, including phishing attacks and malicious software packages that exploit software vulnerabilities.

xvi. Morphing: Change or cause to change smoothly from one image to another by small gradual steps using computer animation techniques.

xvii. DoS attacks: DoS attacks are used to make an online service unavailable and bring it downby bombarding or overwhelming it with traffic from multiple locations and sources. Large networks of infected computers called Botnet (a network of private computers infected with malicious softwarewithout the owners' knowledge) are developed by planting malware on the victim computers. The idea is normally to draw attention to the DOS attack, and allow the hacker to hack into a system.Extortion and blackmail could be the other motivations.

[...]

---

¹ E. Gabrys, The International Dimensions of Cyber-Crime, Part I, In: Information Systems Security, 11(2002), pp 21-22.

² Ibid.

³ Cyber crimes and legal measures, Dr Manish Kumar Chaubey

⁴ Ibid.

⁵ Lehrer,Jim,Hacking Around, A News Hour Report on Hacking, In: The NewsHour , (April. 16, 2001).

⁶ https://www.emc.com/collateral/fraud-report/current-state-cybercrime-2013.pdf

⁷ Supra, 3

⁸ Adam J. Mambi, ICT Law Book - A Source Book for Information & Communication Technologies and Cyber Law,1, MkukinaNyota Publishers Ltd., Tanzania, 2010.

⁹ Anupa P. Kumar, Cyber Law - A View to Social Security, 11, Published under the banner YFI and Anupa Kumar, 2009.

¹⁰ Ibid.

¹¹ Supra, 8

¹² http://www.indiancybersecurity.com/cyber_law/8_history_of_cyber_law_in_india.html

¹³ R.K. Bagga, Kenneth Keniston (eds.), et. al., The State, I.T. and Development, 137, Sage Publications India Pvt. Ltd. , New Delhi, 2005

¹⁴ http://www.indiancybersecurity.com/cyber_law/8_history_of_cyber_law_in_india.html

¹⁵ Supra, 3

¹⁶ Ibid

¹⁷ IT Act 2000

¹⁸ ETA, 2008

¹⁹ Ibid.

²⁰ Ibid.

²² ETA 2063

²³ Ibid.

²⁴ Ibid.

²⁵ https://www.legalindia.com/cyber-crimes-and-the-law/