CYBER LAW AND CYBER CRIMES - A COMPARATIVE STUDY

THESIS SUBMITTED TO _________________________________NAGARJUNA

UNIVERSITY IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR THE AWARD
OF THE Ph.D IN LAW

Submitted by:
Name: Mohd. Akbar Khan
Place: Hyderabad
January, 2014

Declaration
This is to declare that the thesis submitted by me __________________, bearing
___________________, for the partial fulfillment of the award of Ph.D. degree, to Nagarjuna
University, on the topic, "CYBER LAW AND CYBER CRIMES A

COMPARATIVE

STUDY", This is the authentic work carried by me alone and had successfully completed, and
submitted the thesis with in the period allotted by the authorities.

______________, who is presently an ____________, has supervised the thesis, during

_______________.

The ingredients provide in the thesis are not submitted to any other purpose except to this
University for the partial fulfillment of requirement for the award Ph.D degree in Law.

___________________________

Date:
Place:

CERTIFICATE

This is to certify that ______________, bearing ______________, has submitted the thesis on
the topic CYBER LAW AND CYBER CRIMES A COMPARATIVE STUDY, for the
partial fulfillment of the award of Ph.D in Law, which is the bonafied work carried out by him
alone from _________________University,__________________

The ingredients provide in the thesis are not submitted to any other purpose except to this
university for the partial fulfillment of requirement for the award of the Ph.D.

Supervisor
Date:
Place: Hyderabad.

INDEX
Page No.
CHAPTER I

Introduction

1-5

CHAPTER II

The World of Internet

6-18

CHAPTER III

Emerging Trends in Cyber Crime

19-31

CHAPTER IV

A Comparative Study of Cyber Laws: Regulations

by International Organizations

CHAPTER V

International Jurisdiction in Cyberspace: A

Comparative Perspective

CHAPTER VI

CHAPTER VII

32-63

64-93

A Critical Evaluation of Cyber

Law-IT ACT

94-117

Conclusion

118-122

CHAPTER NO 1
INTRODUCTION
CYBER LAW AND CYBER CRIME
Cyber law is a new phenomenon having emerged much after the onset of Internet. Internet grew
in a completely unplanned and unregulated manner. Even the inventors of Internet could not
have really anticipated the scope and far reaching consequences of cyberspace. The growth rate
of cyberspace has been enormous. Internet is growing rapidly and with the population of Internet
ever increasing, Cyberspace is becoming the new preferred environment of the world.
With the spontaneous and almost phenomenal growth of cyberspace, new and technically
complex issues relating to various legal aspects of cyberspace began cropping up. In response to
the absolutely complex and newly emerging legal issues relating to cyberspace, Cyber law or the
law of Internet came into being. The growth of Cyberspace has resulted in the development of a
new and highly specialized branch of law called Cyber laws.
Since cyberspace is neither determined nor contingent, law making and law enforcement of
cyberspace is met with new challenges. The interpretation of relationship between physical
location and legally defined online information requires an in depth conceptual understanding of
cyberspace, which is the basis for operation of cyber law.

MEANING, NATURE AND EMERGENCE OF CYBERSPACE

The word cyberspace descends from cybernetics, a phrase coined in 1961 by mathematician
Norbert wiener. He coined the term from the Greek term KYBERNEETES, which means
navigator. He describes cybernetics as control of communication in the animal and the machine.
The prefix cyber means rudder or governor that which controls.
Different types of cyberspace exist within and around the internet. Attempts were also made to
classify the various cyberspace to this date. Researchers in the related fields have restated their
domains in conjunction with different cyberspaces.
The space can be classified into three types.
C space: The space within computers
Cyberspace: The use of computers to communicate
Cyber-place: The infrastructure of the digital world.

There is no one exhaustive definition of the term "Cyber law". However, simply put, Cyber law
is a term which refers to all the legal and regulatory aspects of Internet and the World Wide
Web. Anything concerned with or related to, or emanating from, any legal aspects or issues
concerning any activity of netizens and others, in Cyberspace comes within the ambit of Cyber
law.
The entry of the Internet into the everyday lives of millions of people across the globe has
transformed many different aspects of material life. The experiences such as those of identity,
community and interpersonal interaction have changed in tune with information technology. We
are almost living another parallel life over the internet. The bits and bytes are identifying us. It is
not an exaggeration to say that nearly all humanly experiences are being felt on the net. Efforts
are on to make optimum utilization of the internet. It has become an essential tool for nurturing
the unique form of highly customized user oriented service platform.
Physical infrastructure: Entity that reflects the conventional geography.
Topological info-structure: A space that follows its own spatial configuration and hyper links.
The nodes, edges and the information exchanged at this level exist within the electronic space. In
other words arbitrary hyperlinks are more important than geographical location.
Invented cyber-structure: A virtual, visible space of the fictional world that maintains distance
and orientation is invented by structures like three dimensional and multi-user virtual city.1
Hybrid-structure: A partially distorted, mixed-reality of online chat or videoconferencing and
multi-player interactive games.
When the hybrid structures are increased cyber cities and palaces will grow. These cities contain;
The electronically reproduced structures.
Activities performed within these cities.
Participants who perform these activities.
Cyber cities are easily built and maintained in a server and the users can enter these cities
through computer network. These cyber cities are basically free from financial constraints. Once
a cyber city opens it grows and develops much faster almost evenly in all directions and
sprawling outwards.2
Legal Framework for Cyberspace:
1

Cyber Law, ICFAI Journal of Cyber Law, The ICFAI University Press, 2009, at p 6-7.
Supra Note 1.

As the cyber cities are emerging fast then there could be problems relating to property matters in
cyberspace. Use of internet involves use of computers that may not be necessarily ours, as we
need a computer to access internet. In this sense of property rights everyone using internet would
be guilty in the eye of law. For example, any protected or confidential material posted on a
website would be accessible to everyone across the globe. Therefore, it is necessary for the
courts to maintain a balance between property rights as well as the free accessible nature of the
internet.
Metaphor:
Cyberspace has been compared with real space whereas cyberspace is only a virtual world and
can only be grasped and understood. No legal doctrine should confuse physical space with
cyberspace as there is a vast difference between both the terms. Use of metaphor will unify the
law and takeaway all the classifications of interests that are to be protected. This makes the law
more predictable and efficient.
Property in cyberspace:
The property rights of computer owners could well be protected if they lay in the hands of
system administrators as they may be able to make most efficient use of property rights. Hence
cyber property rights should be centered on the service provider.
Technical Boundaries:
It can very well be understood that cyberspace has no technical boundary as a student of
Osmania University in India can refer to the books say from Yale University of another country
with permission from that University, thus proving that cyberspace has no technical boundaries.
Cyberspace has technical boundary but no legal boundary.
Sovereignty is Doubtful:
Control over physical space and people are possible as law making requires some type of
mechanism for the enforcement of law. Ex, American government cannot impose its law
mechanism to a business that is operating in say, in United Kingdom. As United Kingdom also
cannot impose its laws on a business operating in some other country, hence its a vice versa.
Thus it, practically proves that sovereignty is doubtful and it is not practicable in cyberspace.
Proximity does not exist:
The correspondence between physical and law space also reflects deep rooted relationship. That
is, any trademark law governs the use of trademarks for that particular country because it has

more direct impact on persons and assets located within that geographical territory. But this type
of proximity does not exist in cyberspace.

Consent of the subjects:

Persons residing in particular geographical border are subject to law making bodies of that
particular border only. Similarly, allocation of responsibility among levels of government
proceedings, for many legal problems, physical proximity between the responsible authority and
those directly affected by the law. It is easy to determine the will of individuals who are in
physical proximity to one another.
Torts in cyberspace:
A trespass to a chattel (personal possession) may be committed intentionally with a chattel in the
possession of another.3 One of the important ingredients of chattel trespass is that there should be
tangible interference with the property.4 Different judiciaries have different views on the term
tangible interference. Indirect touching or even entry may constitute to tangible interference.
Some courts even said to the extent that smoke, sound waves, may also satisfy the condition of
tangible interference. The law of any given place must take into account the special
characteristics of the space it regulates and the types of persons, places and things found there.
Just like Indian jurisprudence reflects its unique historical experience and culture, the law of
Cyberspace will reflect its special character, which differs from anything found in the physical
world. The law of the Net must be prepared to deal with persons who demonstrate themselves by
means of a particular ID, user account, or domain name. New perspectives on these ideas may
develop in the course of time.
Law defined as a thoughtful group conversation about core values, will persist. But it cannot and
should not be the same law as that applicable to physically, geographically defined territories.
Copyright Law:
Taking cyberspace seriously would clarify the debate about how to apply copyright law
principles in the digital age. The basic justification for the copyright protection is that bestowing
an exclusive property right to control the reproduction and distribution of works on authors will

3
4

State vs. McGraw, 459 N.E.2d 61 (1984).

Thrifty-Tel, Inc. v. Bezenek, 46 Cal. App. 4th 1559 (1996).

increase the supply of such works thus offering authors a financial incentive for their creation.
As for authorship in cyberspace, authors can now , for the first time in history, deliver copies of
their creations instantaneously and at no cost anywhere in the world to counter to, this
fundamental characteristic of the new environment. So the unique characteristic of cyberspace
severely challenges the traditional copyright concepts.

Defamation Law:
Messages that are transmitted on the Net from one place to another may become the cause of
liability for defamation. Messages that are transmitted through different countries pass through
different laws and liability may be imposed based on the publication of multiple jurisdictions and
standards. A person who uploads a potentially defamatory or derogatory statement would be
liable to determine the rules applicable to his own actions. The defamed person may take
advantage in lieu of monetary compensation for certain defamatory net-based messages.
Consumer protection:
Now a days Cyberspace is treated as a distinct market place to assess concentration and market
power. Here also implementation of consumer protection law in cyberspace would be weak. It is
possible to create a new online in any corner of an expanding online space. So that guidelines
from consumer protection agencies through online website and discussions with other customers
is made possible.
Self regulation:
Governments cannot stop the electronic communication coming across their borders even if they
want to stop. Nor it can make a right to regulate internet on supposed locals harms caused
outside its jurisdiction that is other countries or outside its borders. One nation cannot and should
not monopolize rule-making for the entire Net, cementing the fact that Net is lawless as it does
not come under physical jurisdiction.
Hence emphasis should be made on self-regulation of Net, since no other alternative is yet
evolved. Attempts are being made to fix the metaphor of cyberspace into the fixed parameters of
a studied system. Efforts are being put in to establish a realistic approach to the cyberspace by
comparing it with different spaces like geographical space, political space, etc. theories like
Theories of encapsulation, Theory of inter-connectivity should also be discussed so that a clear
picture emerges for the cyber thought.

CHAPTER NO 2
THE WORLD OF INTERNET
INTRODUCTION
The word internet is derived from two words, interconnection and Networks. Inter - among,
between Net is a derivation of the latin root nect which means to join or to tie. So, technically the
word internet means tied together.
Internet is a worldwide computer network. Also referred to as net, it is a worldwide system of
computer networks, that is, a network of networks, which allows users to share information on
those linked computers. Each of these networks comprises of a number of networks. Local area
networks (LANs) are connected by using public switched networks to create a Wide Area
Network (WAN) and when a number of WANs and a number of other interconnected networks
such as intranet and extranet are connected it results in Internet. ISPs (internet service providers)
are the persons who provide connection to Internet. Internet is spreading at a very fast speed as it
took only 4 years to reach out to 50 million people increasing the horizon of cyberspace. The
number of net users has increased to many folds in the past few years. The number of net users
spiraled to a dizzying level of 2.4 billion in 2012 as compared to the number of net users to 700
million in 2001 and to a mere number of just143 million in 1998.China had 565 million internet
users in 2012 more than any other Country in the World. India has the third largest number of net
users which is next to China and the US. There are about 633 million websites online as per
Web Server Survey Dec 2012. It gives the user independence to decide and view what they want
to see and hear. Thus internet is evolving into a huge gigantic network.
Evolution of internet:
The vast, global internet of today had rather humble origins when it initiated. In 1969, the
Department of Defense Advanced Research Projects Agency (ARPA) developed an experimental

network called ARPA net to link together four supercomputing centres for military research.
This network had the many and difficult design requirements that it had to be fast, reliable, and
capable of withstanding a nuclear bomb destroying any one computer center on the network.
From those original four computers, this network evolved into the sprawling network of millions
of computers we know today as the internet.
Internet started in the year 1960 by the United States Department of Defence. That network was
known as advanced research projects agency network (ARPANET), which linked US scientific
and academic researchers. By 1970s, Advanced Research Projects Agency (ARPA) helped in the
development of a new protocol known as TCP/IP (Transmission Control Protocol/ Internet
Protocol) for transferring data between the networks. The TCP/IP is the core of Internet.
In the 1980s, Usenet Newsgroups and electronic Mail (E-Mail) came into picture. Internet really
became famous in the 1990s after the development of the World Wide Web (WWW). It is
amazing to know that in 1993 June there were only 130 websites, but now there are millions of
websites on internet. In 1991 the CERN (Council European pour la Recherche Nucleaire) team
developed the protocol based on the hypertext (HTTP) that makes it possible to connect content
on the web with hyperlinks. However, the WWW permitted access to internet using graphical
user interface (GUI) and the use of hypertext links to access information across the internet. With
the growth of internet, the quality, and the variety of information and accessibility of the content
on internet also grew randomly. Now the websites provided the users with a range of experiences
such as videos, pictures, multimedia (sound, video), and interactivity.
Services of internet:
Internet can be classified on the basis of size of networks, geographical location or the protocols
used.
Internet mainly provides four types of services;
Private access ( communication services)
Information retrieval services
Area based networks (Web services)
World wide access (world wide web)
Private access or communication services:

The communication services available on the internet are used to access different types of
information (personal and professional) and some are used to exchange information with other
persons or groups according to their interests. This includes intranet and extranet.
Intranet is an internet based computing network located within an organization. They are the
private and secure access systems for the internal use of the company. They are based on the
same technology components of the internet. One of the main considerations of an intranet is the
security it offers to the sensitive company data. Intranet possesses a security system called a
firewall. It blocks unauthorized users from entering and accessing the intranet.
Extranet is a network which links selected resources of intranet such that they can be accessed
not only by internal personnel but by selected customers, suppliers, and other strategic offices.
They allow outsiders to access internal data but on a controlled basis. They enable individuals in
various organizations to share information and business partners to meet common business goals.
Both Intranet and Extranet offer security and controlled access.
Electronic mail (E-Mail) is the most common internet services used to send and receive
electronic messages throughout the world. It may consist of text, images, audio clips, video clips
it also allows users to attach files, documents, executable programs, spreadsheets and graphs.
The main advantage of an E-mail is that it is much easier, cheaper and faster as the same
message can be send to many people simultaneously.
Internet telephony is also known as Voice over internet protocol (VoIP). It allows users to talk
across the internet to any PC equipped to receive call for the price of only the internet
connection. Although the sound quality may be poor during the transmission but it may be called
the cheapest and most affordable way of communication.
Telnet is the oldest internet services that allow us to logon to a remote computer that is attached
to the internet. It acts as an intermediator between your computer and the remote computer. Ex:
library catalogues, online databases and reading of online books and articles.
Newsgroups are a forum for interested people to discuss topics of common interests on anything
between people. Some newsgroups are freely accessed while some are to be subscribed. To
participate in a discussion the user has to send a message to the newsgroup using Electronic
bulletin boards (EBB) which is seen by all the members of the newsgroup.
The entire collection of the internet newsgroups is known as Usenet which contains thousands of
newsgroups on thousands of topics.

Mailing lists is an organised way to enable group of internet users to share information through
E-Mail on a specific topic or for a specific purpose. It looks similar to a newsgroup except that it
uses E-Mail mailing list instead of a bulletin board.
Instead messaging is an online, interactive real time communication between two or more people
who are connected to the internet. Its unique features are chat privately, send immediate
message, voice telephony, E=mail sending and receiving, file transfer and file sharing , group
chat etc. yahoo messenger and msn messenger are most common instead messaging
programmes.
Internet service providers:
The internet services providers or ISPs offer a wide range of services to individuals or
organisations and many other commerce services. They connect people to the web. An efficient
ISP depends on the following aspects;
Quality of services
Customer support levels
Reliability.
The computers that are connected to the ISPs are connected through the phone networks. The
ISPs maintain a pool of modems for their dial in customers. This setting may be called as a port
server, as it serves access to the internetwork.
Application service provider: The ASPs offer services to support, manage and maintain an
organizations application, these are paid services. The ASP model eliminates specialised IT
infrastructure for the application as well as supporting applications. The services provided
includes web hosting at ASPs facilities with high reliability, security and other services. Hence
ASPs are more acceptable and affordable.
There are other online services also that provide direct access to the users without any fee, but
the information accessibility lies within their proprietary networks. American online and
Microsoft Network are examples of online services that provide direct access.
Information retrieval services:
These are a collection of thousands of servers which maintain information. The users can access
information and data from these huge databases but there is no central listing of sites and data.
Many information retrieval services have been designed to retrieve information in a quick
manner. The most popular and the latest method of search and retrieval of information on

computer is World Wide Web (www). It uses formatting language commonly called as Html or
hyper text markup language. Users can directly access the source by typing the internet address
also called uniform resource locator (URL). Some of these retrieval services are:
Archie:
These are FTP servers on the internet containing information. If you are searching for a file all
you have to do is type the name of the file in the archie servers home page, which in turn returns
FTP sites that contains files.
File Transfer Protocol (FTP):
The transfer of files between computers connected to the internet takes place through FTP. The
sharing of files is done using a FTP client program installed on the users computer. However
there are stored files that can be accessed by anyone called the Anonymous servers. Some FTP
servers require user name and password to login.
Gopher:
Gopher provides hierarchical structure that can be used to search, retrieve, and display
documents on the internet. Gopher has its own list of menus on different subjects. Each menu
consists of short self explanatory note. This process continues until the file searched for is
obtained. Turbo Gopher is the commonly used Gopher client program.
In the todays era of rapid growth, Information technology is encompassing all walks of life all
over the world. These technological developments have made the transition from paper to
paperless transactions possible. We are now creating new standards of speed, efficiency, and
accuracy in communication, which has become key tools for boosting innovations, creativity and
increasing overall productivity. Computers are extensively used to store confidential data of
political, social, economic or personal nature bringing immense benefit to the society.
The rapid development of Internet and Computer technology globally has led to the growth of
new forms of transnational crime especially Internet related. These crimes have virtually no
boundaries and may affect any country across the globe. Thus, there is a need for awareness and
enactment of necessary legislation in all countries for the prevention of computer related crime.
Globally Internet and Computer based commerce and communications cut across territorial
boundaries, thereby creating a new realm of human activity and undermining the feasibility and
legitimacy of applying laws based on geographic boundaries. This new boundary, which is made
up of the screens and passwords, separate the Cyber world from the "real world" of atoms.

Territorially based law-making and law-enforcing authorities find this new environment deeply
threatening.

DOMAIN OF INTERNET
Internet Architecture Board
The Internet Architecture Board (IAB) is the committee charged with oversight of the technical
and engineering development of the internet by the Internet Society (ISOC).
It oversees a number of Task Forces, of which the most important are the Internet Engineering
Task Force (IETF) and the Internet Research Task Force (IRTF).
The body which eventually became the IAB was originally formed by the United States Internet
Defence's .Defense Advanced Research Projects Agency under the name Internet Configuration
Control Board in 1979; it eventually became the Internet Advisory Board in September, 1984,
and then the Internet Activities Board in May, 1986 (the name was changed, while keeping the
same acronym). It finally became the Internet Architecture Board, under ISOC, in January, 1992,
as part of the Internet's transition from a U.S.-government entity to an international, public
entity.
IAB activities
The IAB's current responsibilities include:
Architectural Oversight: The IAB provides oversight of, and occasional commentary on, aspects
of the architecture for the network protocols and procedures used by the Internet.
Standards Process Oversight and Appeal: The IAB provides oversight of the process used to
create Internet Standards. The IAB serves as an appeal board for complaints of improper
execution of the standards process, through acting as an appeal body in respect of an Internet
Engineering Steering Group (IESG) standards decision.
Request for Comments series: The IAB is responsible for editorial management and publication
of the Request for Comments (RFC) document series.
Internet Assigned Numbers Authority: In conjunction of the Internet Corporation for Assigned
Names and Numbers (ICANN), the IAB is responsible for administration of the assignment of
IETF protocol parameter values by the Internet Assigned Numbers Authority (IANA).

External Liaison: The IAB acts as representative of the interests of the IETF in liaison
relationships with other organizations concerned with standards and other technical and
organizational issues relevant to the world-wide Internet.
Advice to the Internet Society: The IAB acts as a source of advice and guidance to the Board of
Trustees and Officers of ISOC concerning technical, architectural, procedural, and (where
appropriate) policy matters pertaining to the Internet and its enabling technologies.
Internet Engineering Steering Group Confirmation: The IAB confirms the IETF Chair and IESG
Area Directors, from nominations provided by the IETF Nominating Committee.
Internet Research Task Force Chair: The IAB selects a chair of the IRTF for a renewable two
year term.
Internet censorship is control or suppression of the publishing or accessing of information on the
Internet. The legal issues are similar to offline censorship.
One difference is that national borders are more permeable online: residents of a country that
bans certain information can find it on websites hosted outside the country. A government can
try to prevent its citizens from viewing these even if it has no control over the websites
themselves. Filtering can be based on a blacklist or be dynamic. In the case of a blacklist, that list
is usually not published. The list may be produced manually or automatically.
Barring total control over Internet-connected computers, such as in North Korea, total censorship
of information on the Internet is very difficult (or impossible) to achieve due to the underlying
distributed technology of the Internet. Pseudonymity and data havens (such as free net) allow
unconditional free speech as the technology guarantees that material cannot be removed and the
author of any information is impossible to link to a physical identity or organization.
In some cases, Internet censorship may involve deceit. In such cases the censoring authority may
block content while leading the public to believe that censorship has not been applied. This may
be done by having the ISP provide a fake "Not Found" error message upon the request of an
Internet page that is actually found but blocked.
In November 2007, "Father of the Internet Vint Cerf stated that he sees Government- led
Control of the Internet Failing due to private ownership. Many internet experts use the term
splinter net to describe some of the effects of national Firewalls. The verb River crab
colloquially refers to censorship of the internet, particularly in Asia.
Methods

Jo Glanville, editor of on Index on Censorship observes that "censorship, for the first time in its
history, is now a commercial enterprise".
Technical censorship
Some commonly used methods for (partial) censoring content are:
IP blocking: Access to a certain IP address is denied. If the target Web site is hosted in a shared
hosting server on all websites on the same server will be blocked. This affects IP-based protocols
such as HTTP,FTP and POP.A typical circumvention method is to find proxies that have access
to the target websites, but proxies may be jammed or blocked, and some Web sites, such as
Wikipedia (when editing), also block proxies. Some large websites like Google have allocated
additional IP addresses to circumvent the block, but later the block was extended to cover the
new IPs.
Uniform Resource Locator (URL) filtering. Scan the requested URL string for target keywords
regardless of the domain name specified in the URL. This affects the HTTP protocol. Typical
circumvention methods are to use escaped characters in the URL, or to use encrypted protocols
such as VPN and TLS/SSL.
Packet filtering. Terminate TCP packet transmissions when a certain number of controversial
keywords are detected. This affects all TCP-based protocols such as HTTP, FTP and POP, but
search engine results pages are more likely to be censored. Typical circumvention methods are to
use encrypted connections - such as VPN and TLS/SSL - to escape the HTML content, or by
reducing the TCP/IP slacks MTU/MSS to reduce the amount of text contained in a given packet.
A circumvention method is to ignore the reset packet sent by the firewall.
Reverse surveillance. Computers accessing certain websites including Google are automatically
exposed to reverse scanning from the ISP in an apparent attempt to extract further information
from the "offending" system.
One of the most popular filtering software programmes is Smart Filters, owned by Secure
computing in California, which has recently been bought by MCA Fee. Smart Filter has been
used by Tunisia, Saudi Arabia, Sudan, as well as in the US and the UK.
Full block
A technically simpler method of internet censorship is to completely cut off all routers, either by
software or by hardware (turning off machines, pulling out cables). This appears to have been the
case on 27/28 January 2011 during the 2011 Egyptian protests in what has been widely described

as an "unprecedented" internet block. About 3500 Border Gateway Protocol (BGP) routes to
Egyptian networks were shut down from about 22:10 to 22:35 UTC 27 January. This full block
was implemented without cutting off major intercontinental Fibre-optics links, with Renesys
stating on 27 January, "Critical European-Asian fiber-optic routes through Egypt appear to be
unaffected for now."
"By-catch".
Automatic censorship sometimes stops matter which it was not intended to stop. An example is
that automatic censorship against sexual words in matter for children, set to block the word
cunt", has been known to block the Lincolnshire (UK) place name Scunthorpe.
Portal censorship
Major portals occasionally exclude web sites that they would ordinarily include. This renders a
site invisible to people who do not know where to find it. When a major portal does this, it has a
similar effect as censorship. Sometimes this exclusion is done to satisfy a legal or other
requirement, other times it is purely at the discretion of the portal.
Examples: Google.de and Google.fr remove Neo-Nazi and other listings in compliance with
German and French law.
Major web portal official statements on site removal
Google: Google may temporarily or permanently remove sites from its index and search results if
it believes it is obligated to do so by law, if the sites do not meet Google's quality guidelines, or
for other reasons, such as if the sites detract from users' ability to locate relevant information."
Yahoo!: Yahoo!'s terms of service state that they reserve the right to "pre-screen, refuse or
remove" any content that they feel violates the terms of service or deem distasteful; however,
removing information is never obligatory. Yahoo! also does not reserve the right to pre-screen
any information.
Circumvention
There are a number of resources that allow users to bypass the technical aspects of Internet
censorship. Each solution has differing ease of use, speed, and security from other options. Most,
however, rely on gaining access to an internet connection that is not subject to filtering, often in
a different jurisdiction not subject to the same censorship laws. This is an inherent problem in
internet censorship in that so long as there is one publicly accessible system in the world without
censorship, it will still be possible to have access to censored material.

Proxy websites
Proxy websites are often the simplest and fastest way to access banned websites in censored
nations. Such websites work by being themselves un-banned but capable of displaying banned
material within them. This is usually accomplished by entering a URL address which the proxy
website will fetch and display. They recommend using the https protocol since it is encrypted
and harder to block.
Java Anon Proxy
Java Anon Proxy is primarily strong, free and open source anonymizer software available for all
operating systems. As of 2004, it also includes a blocking resistance functionality that allows
users to circumvent the blocking of the underlying anonymity service AN.ON by accessing it via
other users of the software (forwarding client).
Virtual Private Networks (VPNs)
Using Virtual Private Networks, a user who experiences internet censorship can create a secure
connection to a more permissive country, and browse the internet as if they were situated in that
country. Some services are offered for a monthly fee, others are ad-supported.
Psiphon
Psiphon software allows users in nations with censored Internet such as China to access banned
websites like Wikipedia. The service requires that the software be installed on a computer with
uncensored access to the Internet so that the computer can act as a proxy for users in censored
environments.
Free net
Free net is a decentralized, censorship-resistant distributed data store. Unlike many other P2P
applications, Free net does not have a single application which provides all functionality.
I2P
I2P is open source software that can be used for anonymous surfing, chatting, blogging and file
transfers, among other things.
Jon Dos
Jon Dos is based on open source software and provides secure and fast anonym zing networking.
Tor
Tor is software implementation that allows users to bypass Internet censorship while granting
strong anonymity.

Sneakernets
Sneakernet is a term used to describe the transfer of electronic information, especially computer
files, by physically carrying data on storage media from one place to another. A sneakernet can
move data regardless of network restrictions simply by not using the network at all.
Internet censorship impact on society:
Internet censorship by country
In 2006, Reporters without Borders (Reporters sans frontires, RSF), a Paris-based international
non-governmental organization that advocates freedom of the press, started publishing a list of
"Enemies of the Internet". The organization classifies a country as an enemy of the internet
because "all of these countries mark themselves out not just for their capacity to censor news and
information online but also for their almost systematic repression of Internet users.
Reporters without Borders "countries under surveillance"
In March 2012, Reporters without Borders added India to its list of "countries under
surveillance", stating that:
Since the Mumbai bombings of 2008, the Indian authorities have stepped up Internet surveillance
and pressure on technical service providers, while publicly rejecting accusations of censorship.
The national security policy of the worlds biggest democracy is undermining freedom of
expression and the protection of Internet users personal data.
Freedom House report
The India country report that is included in Freedom Houses Freedom on the Net 2012 report,
says:
India's overall Internet Freedom Status is "Partly Free", unchanged from 2009.
India has a score of 39 on a scale from 0 (most free) to 100 (least free), which places
India 20 out of the 47 countries worldwide that were included in the 2012 report. This is
considered, by Freedom House, to be a "notable" decrease from the previous year's rank
of 14 out of the 37 countries worldwide that were included in the 2011 report.
India ranks third out of the eleven countries in Asia included in the 2012 report.
Prior to 2008, censorship of Internet content by the Indian government was relatively rare
and sporadic.

 Following the November 2008 terrorist attacks in Mumbai, which killed 171 people, the
Indian Parliament passed amendments to the Information Technology Act (ITA) that
expanded the governments censorship and monitoring capabilities.
While there is no sustained government policy or strategy to block access to Internet
content on a large scale, measures for removing certain content from the web, sometimes
for fear they could incite violence, have become more common.
Pressure on private companies to remove information that is perceived to endanger public
order or national security has increased since late 2009, with the implementation of the
amended ITA. Companies are required to have designated employees to receive
government blocking requests, and assigns up to seven years imprisonment private
service providersincluding ISPs, search engines, and cybercafesthat do not comply
with the government's blocking requests.
The government and non-state actors have intensified pressure on intermediaries,
including social media applications, to remove upon request a wide range of content
vaguely defined as offensive and potentially pre-screen user-generated content.
Internet users have sporadically faced prosecution for online postings, and private
companies hosting the content are obliged by law to hand over user information to the
authorities.
In 2009, the Supreme Court ruled that both bloggers and moderators can face libel suits
and even criminal prosecution for comments posted by other users on their websites.
Prior judicial approval for communications interception is not required and both central
and state governments have the power to issue directives on interception, monitoring, and
decryption. All licensed ISPs are obliged by law to sign an agreement that allows Indian
government authorities to access user data.
In April 2011, the government instituted Information Technology (Intermediary
Guidelines) Rules, which require intermediariesincluding search engines and socialnetworking sitesto remove content within 36 hours if an individual complains that it is
offensive.
The list of potentially offensive content is both wide-ranging and vague. It includes
information

that

is

disparaging,

harmful,

blasphemous,

pornographic,

encourages gambling, infringes proprietary rights, or threatens the unity, integrity,

defence, security or sovereignty of India, friendly relations with foreign states or public
order.
Under the 2008 ITA, intermediaries in India are protected from prosecution for content
posted by third parties, but according to the 2011 rules, they risk losing such immunity if
they do not remove the offensive content within 36 hours of notification. Meanwhile, the
rules do not provide an avenue for content producers to be informed of the removal or to
contest the decision.
Internet users:
The total number of Internet users across the globe are persons using the internet from any
device including mobile phones is almost to the extent of more than 2.4 billion recorded in the
year 2013 and the total number of websites is 633 million as per web server survey report. China
had 568 million internet users more than any other country in the World. Chinas internet
penetration among its total population was roughly 42% in mid-2012.
Next is the United States of America with a total of 254 million internet users followed by India
with 151 million internet users. India has the fastest internet traffic growth globally and is
expected to have 348 million users by 2017, a study by networking giant Cisco said.
According to Cisco's Visuals Networking Index (VNI) forecast (2012-17), internet traffic in
India will reach 2.5 exabytes per month in 2017, up from 393 petabytes per month in 2012. One
exabyte equals 1 million terabytes.
The Internet penetration in India remains at 12 per cent vs. 43 per cent in China and 80 per cent
in the US.
However, the low penetration means that India presents unmatchable growth opportunity for the
Internet sector in coming years. India is likely to witness a golden period of the Internet sector
between 2013 to 2018 with incredible growth opportunity and secular growth adoption for ECommerce, Internet advertising, social media, search, online content, and services relating to ECommerce and Internet advertising.
This shows that the use of internet as a medium of information and communication has come to
stay and would continue to revolutionize the said fields for years to come thereby challenging.
Thus the Government cannot impose restraint on freedom of expression enshrined in our
Constitution, thereby struggle to resolve the matter so as to strike a balance somewhere between
expression and censored freedom of expression.

The policy must be to root out cyber crimes but not to choke the medium of expression and there
is also a big responsibility on the part of users as well to see that the medium is properly used
and not abused, utilized but not misused.
The legislation must be stringent enough to control the menace of cyber crimes and not to
intimidate the users of internet, who believe in the healthy and positive growth of freedom of
expression and do not make mockery of our Constitutional norms.

CHAPTER NO 3

EMERGING TRENDS IN CYBER CRIME

INTRODUCTION
As the new millennium dawned, the computer has gained popularity in every aspect of our lives.
This includes the use of computers by persons involved in the commission of crimes. Today,
computers play a major role in almost every crime that is committed. Every crime that is
committed is not necessarily a computer crime, but it does mean that law enforcement must
become much more computer literate just to be able to keep up with the criminal element.
According to Donn Parker, For the first time in human history, computers and automated
processes make it possible to possess, not just commit, a crime. Today, criminals can pass a
complete crime in software from one to another, each improving or adapting it to his or her own
needs.5
The first recorded cyber crime took place in the year 1820. The era of modern computers,
however, began with the analytical engine of Charles Babbage. Cyber crime is an evil having its
origin in the growing dependence on computers in modern life. In a day and age when
everything from microwave ovens and refrigerators to nuclear power plants is being run on
computers, cyber crime has assumed rather threatening implications.
The majority of what are termed cyber-crimes is really violations of longstanding criminal law,
perpetrated through the use of computers or information networks. The problems of crime using
computers will rarely require the creation of new substantive criminal law; rather, they suggest
need for better and more effective means of international cooperation to enforce existing laws.
On the other hand, there are new and serious problems posed by attacks against computers and
information systems, such as malicious hacking, dissemination of viruses, and denial-of-service
attacks. Such attacks should be effectively prohibited, wherever they may originate. At the same
time, it is to be remembered that often the most effective way to counter such attacks is to
quickly deploy technical countermeasures; therefore, to the extent that well-meaning but
overbroad criminal regulations diminish the technical edge of legitimate information security
research and engineering, they could have the unintended consequence of actually undermining
information security.

R.M. Kamble, C.Vishwapriya, Cyber Crimes and Information Technology, NALSAR Law Review, Vol. 4, No.
1, at pp. 7-8.

What is a Computer Crime?

a) Criminals Can Operate Anonymously Over the Computer Networks.
b) Hackers Invade Privacy.
c) Hackers Destroy "Property" in the Form of Computer Files or Records.
d) Hackers Injure Other Computer Users by Destroying Information Systems.
e) Computer Pirates Steal Intellectual Property.
What is meant by Cyber Crimes?
The crimes committed with respect to the cyber world or any component thereof. In this sense,
cyber crimes shall be dealt with under the criminal codes of a given legal system. Cyber crimes
may also be viewed as the acts which have been declared as such under any cyber law in force in
a particular legal system.6
Computer crime or cyber crimes refer to any crime that involves a computer and a network,
where the computers may or may not have played an instrumental part in the commission of a
crime and also an illegal activity using a computer, and includes computer-related extortion,
fraud and forgery and unauthorized access to or interference with data.
Definition of Cyber Crime
Defining cyber crimes, as "acts that are punishable by the Information Technology Act" would
be unsuitable as the Indian Penal Code also covers many cyber crimes, such as email spoofing
and cyber defamation, sending threatening emails etc. A simple yet sturdy definition of cyber
crime would be "unlawful acts wherein the computer is either a tool or a target or both".
Cyber Crimes can be categorized in two ways:
1. The crimes in which the computer is the target. Examples of such crimes are hacking,
virus attacks, DOS attack etc.
2. The crimes in which the computer is used as a weapon. These types of crimes include
cyber terrorism, IPR violations, credit card frauds, EFT frauds, pornography etc.

CYBER CRIMES AGAINST PERSONS

There are certain offences which affect the personality of individuals can be defined as:

Dr.J.P. Mishra, An Introduction to Cyber Law, Central Law Publications, Allahabad, 1 st Ed., 2012, at pp. 161.

Harassment via E-Mails: It is very common type of harassment through sending letters,
attachments of files & folders i.e. via e-mails. At present harassment is common as usage of
social sites i.e. Face book, Twitter etc. increasing day by day.
Cyber-Stalking: It means expressed or implied a physical threat that creates fear through the use
of computer technology such as internet, e-mail, phones, text messages, webcam, websites or
videos.
In general terms, stalking can be termed as the repeated acts of harassment targeting the victim
such as following the victim, making harassing phone calls, killing the victims pet, vandalizing
victims property, leaving written messages or objects. Stalking may be followed by serious
violent acts such as physical harm to the victim. Cyber Stalking means repeated acts of
harassment or threatening behavior of the cyber criminal towards the victim by using internet
services. Both kind of Stalkers i.e., Online & Offline have desire to control the victims life.
Dissemination of Obscene Material: It includes Indecent exposure/ Pornography (basically
child pornography), hosting of web site containing these prohibited materials. These obscene
matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind.
Defamation: It is an act of imputing any person with intent to lower down the dignity of the
person by hacking his mail account and sending some mails with using vulgar language to
unknown persons mail account.
When a person publishes defamatory matter about someone on a website or sends e-mails
containing defamatory information to all of that persons friends, it is termed as cyber defamation.
Hacking: It means unauthorized control/access over computer system and act of hacking
completely destroys the whole data as well as computer programmes. Hackers usually hacks
telecommunication and mobile network.
Unauthorized access means any kind of access without the permission of either of the rightful or
person in charge of the computer, computer system or computer network. Hacking means an
illegal intrusion into a computer system and/or network. Every act committed towards breaking
into a computer and/or network is hacking. Hackers write or use ready-made computer programs
to attack the target computer. They possess the desire to destruct and they get the kick out of
such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit
card information, transferring money from various bank accounts to their own account followed
by withdrawal of money. Government websites are the most targeted sites for the hackers.

Cracking: It is amongst the gravest cyber crimes known till date. It is a dreadful feeling to know
that a stranger has broken into your computer systems without your knowledge and consent and
has tampered with precious confidential data and information.
E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its origin. It
shows its origin to be different from which actually it originates.
SMS Spoofing: Spoofing is a blocking through spam which means the unwanted uninvited
messages. Here a offender steals identity of another in the form of mobile phone number and
sending SMS via internet and receiver gets the SMS from the mobile phone number of the
victim. It is very serious cyber crime against any individual.
Carding: It means false ATM cards i.e. Debit and Credit cards used by criminals for their
monetary benefits through withdrawing money from the victims bank account mala-fide. There
is always unauthorized use of ATM cards in this type of cyber crimes.
Cheating & Fraud: It means the person who is doing the act of cyber crime i.e. stealing
password and data storage has done it with having guilty mind which leads to fraud and cheating.
Pornography: Pornography means showing sexual acts in order to cause sexual excitement. The
definition of pornography also includes pornographic websites, pornographic magazines
produced using computer and the internet pornography delivered over mobile phones.
Child Pornography: It involves the use of computer networks to create, distribute, or access
materials that sexually exploit underage children.
The Internet is being highly used as a medium to sexually abuse children. The children are viable
victim to the cyber crime. Computers and internet having become a necessity of every
household, the children have got an easy access to the internet. There is an easy access to the
pornographic contents on the internet. Pedophiles lure the children by distributing pornographic
material and then they try to meet them for sex or to take their nude photographs including their
engagement in sexual positions. Sometimes Pedophiles contact children in the chat rooms posing
as teenagers or a child of similar age and then they start becoming friendlier with them and win
their confidence. Then slowly pedophiles start sexual chat to help children shed their inhibitions
about sex and then call them out for personal interaction and starts actual exploitation of the
children by offering them some money or falsely promising them good opportunities in life. The
pedophiles then sexually exploit the children either by using them as sexual objects or by taking
their pornographic pictures in order to sell those over the internet.

Assault by Threat: refers to threatening a person with fear for their lives or lives of their
families through the use of a computer network i.e. E-mail, videos or phones.
Cyber crimes committed against persons include various crimes like transmission of childpornography, harassment of a person using a computer such as through e-mail. The trafficking,
distribution, posting, and dissemination of obscene material including pornography and indecent
exposure, constitutes one of the most important Cyber crimes known today. The potential harm
of

such

crime

to

humanity

can

hardly

be

explained.

Cyber-harassment is a distinct Cyber crime: Various kinds of harassment can and do occur in
cyberspace, or through the use of cyberspace. Harassment can be sexual, racial, religious, or
other.

Persons

perpetuating

such

harassment

are

also

guilty

of

cyber

crimes.

Cyber harassment as a crime also brings us to another related area of violation of privacy of
citizens. Violation of privacy of online citizens is a Cyber crime of a grave nature. No one likes
any other person invading the invaluable and extremely touchy area of his or her own privacy
which the medium of internet grants to the citizen.

CRIMES AGAINST PERSONS PROPERTY

The second category of Cyber-crimes is that of Cyber crimes against all forms of property. These
crimes include computer vandalism (destruction of others' property) and transmission of harmful
programmes.
A Mumbai-based upstart engineering company lost a say and much money in the business when
the rival company, an industry major, stole the technical database from their computers with the
help of a corporate cyber spy.
As there is rapid growth in the international trade where businesses and consumers are
increasingly using computers to create, transmit and to store information in the electronic form
instead of traditional paper documents. There are certain offences which affects persons
properties which are as follows:
Intellectual Property Crimes: Intellectual property consists of a bundle of rights. An unlawful
act by which the owner is deprived completely of or partially of his rights is an offence. The
common form of IPR violation may be said to be software piracy, infringement of copyright,
trademark, patents, designs and service mark violation, theft of computer source code, etc.

Cyber Squatting: It means where two persons claim for the same Domain Name either by
claiming that they had registered the name first on by right of using it before the other or using
something similar to that previously. For example two similar names i.e. www.yahoo.com
and www.yaahoo.com.
Cyber Vandalism: Vandalism means deliberately destroying or damaging property of another.
Thus cyber vandalism means destroying or damaging the data when a network service is stopped
or disrupted. It may include within its purview any kind of physical harm done to the computer
of any person. These acts may take the form of the theft of a computer, some part of a computer
or a peripheral attached to the computer.
Hacking Computer System: Hacktivism attacks those included Famous Twitter, blogging
platform by unauthorized access/control over the computer. Due to the hacking activity there will
be loss of data as well as computer. Also research especially indicates that those attacks were not
mainly intended for financial gain too and to diminish the reputation of particular person or
company.
Transmitting Virus: Viruses are programs that attach themselves to a computer or to a file and
then circulate themselves to other files and to other computers on a network. They usually affect
the data on a computer, either by altering or deleting it. Worm attacks plays major role in
affecting the computerize system of the individuals.
Cyber Trespass: It means to access someones computer without the right authorization of the
owner and does not disturb, alter, misuse, or damage data or system by using wireless internet
connection.
Internet Time Thefts: Basically, Internet time theft comes under hacking. It is the use by an
unauthorized person, of the Internet hours paid for by another person. The person who gets
access to someone elses ISP user ID and password, either by hacking or by gaining access to it
by illegal means, uses it to access the Internet without the other persons knowledge. You can
identify time theft if your Internet time has to be recharged often, despite infrequent usage.

CYBERCRIMES AGAINST GOVERNMENT

The third category of Cyber-crimes relates to Cyber crimes against Government. Cyber terrorism
is one distinct kind of crime in this category. The growth of internet has shown that the medium
of Cyberspace is being used by individuals and groups to threaten the international governments

as also to terrorise the citizens of a country. This crime manifests itself into terrorism when an
individual "cracks" into a government or military maintained website. The Parliament attack in
Delhi and the recent Mumbai attack fall under this category.
There are certain offences done by group of persons intending to threaten the international
governments by using internet facilities. It includes:
Cyber Terrorism: Cyber terrorism is a major burning issue in the domestic as well as global
concern. The common form of these terrorist attacks on the Internet is by distributed denial of
service attacks, hate websites and hate e-mails, attacks on sensitive computer networks etc.
Cyber terrorism activities endanger the sovereignty and integrity of the nation.
Cyber Warfare: It refers to politically motivated hacking to conduct sabotage and espionage. It
is a form of information warfare sometimes seen as analogous to conventional warfare although
this analogy is controversial for both its accuracy and its political motivation.
Distribution of pirated software: It means distributing pirated software from one computer to
another intending to destroy the data and official records of the government.
Possession of Unauthorized Information: It is very easy to access any information by the
terrorists with the aid of internet and to possess that information for political, religious, social,
ideological objectives.

CYBERCRIMES AGAINST SOCIETY AT LARGE

An unlawful act done with the intention of causing harm to the cyberspace will affect large
number of persons. These offences include:
Child Pornography: It involves the use of computer networks to create, distribute, or access
materials that sexually exploit underage children. It also includes activities concerning indecent
exposure and obscenity.
Cyber Trafficking: It may be trafficking in drugs, human beings, arms weapons etc. which
affects large number of persons. Trafficking in the cyberspace is also a gravest crime.
Online Gambling: Online fraud and cheating is one of the most lucrative businesses that are
growing today in the cyber space. There are many cases that have come to light are those
pertaining to credit card crimes, contractual crimes, offering jobs, etc.

Financial Crimes: This type of offence is common as there is rapid growth in the users of
networking sites and phone networking where culprit will try to attack by sending bogus mails or
messages through internet. Ex: Using credit cards by obtaining password illegally.
Forgery: It means to deceive large number of persons by sending threatening mails as online
business transactions are becoming the habitual need of todays life style.
Computers, printers and scanners are used to forge counterfeit currency notes, postage and
revenue stamps, mark sheets etc. These are made using computers, and high quality scanners and
printers.

AFFECTS WHOM
Cyber Crimes always affects the companies of any size because almost all the companies gain an
online presence and take advantage of the rapid gains in the technology but greater attention to
be given to its security risks. In the modern cyber world cyber crimes is the major issue which is
affecting individual as well as society at large too.

NEED OF CYBER LAW

Information technology has spread throughout the world. The computer is used in each and every
sector wherein cyberspace provides equal opportunities to all for economic growth and human
development. As the user of cyberspace grows increasingly diverse and the range of online
interaction expands, there is expansion in the cyber crimes i.e. breach of online contracts,
perpetration of online torts and crimes etc. Due to these consequences there was need to adopt a
strict law by the cyber space authority to regulate criminal activities relating to cyber and to
provide better administration of justice to the victim of cyber crime. In the modern cyber
technology world it is very much necessary to regulate cyber crimes and most importantly cyber
law should be made stricter in the case of cyber terrorism and hack

PENALTY FOR DAMAGE TO COMPUTER SYSTEM

According to the Section: 43 of Information Technology Act, 2000 whoever does any act of
destroys, deletes, alters and disrupts or causes disruption of any computer with the intention of
damaging of the whole data of the computer system without the permission of the owner of the
computer, shall be liable to pay fine up to 1crore to the person so affected by way of remedy.

According to the Section:43A which is inserted by Information Technology(Amendment) Act,

2008 where a body corporate is maintaining and protecting the data of the persons as provided by
the central government, if there is any negligent act or failure in protecting the data/ information
then a body corporate shall be liable to pay compensation to person so affected. And Section 66
deals with hacking with computer system and provides for imprisonment up to 3 years or fine,
which may extend up to 2 years or both.
India had enacted its first Cyber Law through IT Act 2000. It has been amended and now in 2008
the revised version is under implementation.
Pauline Reich is an American lawyer and professor at Waseda University of Law in Tokyo,
Japan.
As hailed by the Japan Times, she is 'A pioneer in the field of cyber crime.' She spoke to SME
WORLD on the present state of cyber crime in India and other countries and what are the
systems in place for dealing with the menace.

CASE STUDY-ATTACKS ON CYBERSPACE

Worm Attack:
The Robert Tappan Morris well Known as First Hacker, Son of former National Security Agency
Scientist Robert Morris, was the first person to be prosecuted under the Computer and Fraud
Act, 1986. He has created worm while at Cornell as student claiming that he intended to use the
worm to check how large the internet was that time. The worm was uncontrollable due to which
around 6000 computer machines were destroyed and many computers were shut down until they
had completely malfunctioned. He was ultimately sentenced to three years probation, 400 hours
of community service and assessed a fine of $10500. So there must be strict laws to punish the
criminals who are involved in cyber crime activities.
Hacker Attack:
Fred Cohen, a Ph.D. student at the University of Southern California wrote a short program in
the year 1983, as an experiment, that could infect computers, make copies of itself, and spread
from one machine to another. It was beginning & it was hidden inside a larger, legitimate
program, which was loaded into a computer on a floppy disk and many computers were sold
which can be accommodate at present too. Other computer scientists had warned that computer

viruses were possible, but Cohens was the first to be documented. A professor of his suggested
the name virus. Cohen now runs a computer security firm.
Internet Hacker:
Wang Qun, who was known by the nickname of playgirl, was arrested by chinese police in the
Hubei province first ever arrest of an internet hacker in China. He was a 19 year old computing
student, arrested in connection with the alleged posting of pornographic material on the
homepages of several government-run web sites. Wang had openly boasted in internet chat
rooms that he had also hacked over 30 other web sites too.

Preventive Measures for Cyber Crimes:

Prevention is always better than cure. A netizen should take certain precautions while operating
the internet and should follow certain preventive measures for cyber crimes which can be defined
as:
Identification of exposures through education will assist responsible companies and firms to
meet these challenges.
One should avoid disclosing any personal information to strangers via e-mail or while chatting.
One must avoid sending any photograph to strangers by online as misusing of photograph
incidents increasing day by day.
An update Anti-virus software to guard against virus attacks should be used by all the netizens
and should also keep back up volumes so that one may not suffer data loss in case of virus
contamination.
A person should never send his credit card number to any site that is not secured, to guard
against frauds.
It is always the parents who have to keep a watch on the sites that your children are accessing, to
prevent any kind of harassment or depravation in children.
Web site owners should watch traffic and check any irregularity on the site. It is the
responsibility of the web site owners to adopt some policy for preventing cyber crimes as
number of internet users are growing day by day.
Web servers running public sites must be physically separately protected from internal corporate
network.
It is better to use a security programmes by the body corporate to control information on sites.

Strict statutory laws need to be passed by the Legislatures keeping in mind the interest of
netizens.
IT department should pass certain guidelines and notifications for the protection of computer
system and should also bring out with some more strict laws to breakdown the criminal activities
relating to cyberspace.
As Cyber Crime is the major threat to all the countries worldwide, certain steps should be taken
at the international level for preventing the cybercrime.
A complete justice must be provided to the victims of cyber crimes by way of compensatory
remedy and offenders to be punished with highest type of punishment so that it will anticipate
the criminals of cyber crime.
The users of computer system and internet are increasing worldwide, whereby it is easy to access
any information easily within a few seconds by using internet which is the medium for huge
information and a large base of communication around the world. Certain precautionary
measures should be taken by netizens while using the internet which will assist in challenging
this major threat Cyber Crime.

CRIMINAL LAW GENERAL PRINCIPLES

According to criminal law, certain persons are excluded from criminal liability for their actions,
if at the relevant time; they had not reached an age of criminal responsibility. After reaching the
initial age, there may be levels of responsibility dictated by age and the type of offense allegedly
committed.
Governments enact laws to label certain types of activity as wrongful or illegal. Behavior of a
more antisocial nature can be stigmatized in a more positive way to show society's disapproval
through the use of the word criminal. In this context, laws tend to use the phrase, "age of
criminal responsibility" in two different ways:
1. As a definition of the process for dealing with alleged offenders, the range of ages
specifies the exemption of a child from the adult system of prosecution and punishment.
Most states develop special juvenile justice systems in parallel to the adult criminal
justice system. Children are diverted into this system when they have committed what
would have been an offense in an adult.

2. As the physical capacity of a child to commit a crime is not fully developed and hence,
children are deemed incapable of committing some sexual or other acts requiring abilities
of a more mature quality.
The age of majority is the threshold of adulthood as it is conceptualized in law. It is the
chronological moment when children legally assume majority control over their persons and
their actions and decisions, thereby terminating the legal control and legal responsibilities of
their parents over and for them.
But in the cyber world it is not possible to follow these traditional principles of criminal law to
fix liability. Statistics reveal that in the cyber world, most of the offenders are those who are
under the age of majority. Therefore, some other mechanism has to be evolved to deal with cyber
criminals.

TODAYS HACKERS TOMORROWS SECURITY ANALYSTS

Frank William Abagnale, Jr. is a former check con artist, forger and imposter who, for five years
in the 1960s, passed bad checks worth more than $2.5 million in 26 countries. During this time,
he used eight aliases even more to cash bad checks. Currently he runs Abagnale and
Associates, a financial fraud consultancy company. His life story provided the inspiration for the
feature film Catch Me if You Can.
An Indian teenage hacking expert who has helped global think-tanks and police officials combat
computer attackers and digital swindlers is spurning job offers to pursue a degree at the
prestigious Stanford University. Ankit Fadia, 18 has crisscrossed India, giving lectures to police
departments, software companies, educational institutions and government agencies on how to
fight "cyber criminals" and deal with computer viruses.
Fadia, developed his computer skills after spending long hours on the Internet, breaking into
Web sites as an "ethical hacker" and then informing companies about their sites' vulnerability.
Also, he wants to start his own computer security firm.
Also, not all hackers are bad. There are certain hackers whose job is to intrude into a software
system by evading or disabling security measures and checks how vulnerable the system is to the
bad hackers. Ethical computer hacking has come of age in order to stop or pre-empt intruders

from messing around with a computer programme. Financial transactions are the mainstay of
banking operations. Banks and other such institutions need to be extra careful of the bad hackers.
Ethical hackers do what a hacker does but only to identify the loopholes in software
programmes.

CYBER ETHICS
Ethics and morality in different circumstances connotes varied and complex meanings. Each and
everything which is opposed to public policy, against public welfare and which may disturb
public tranquility may be termed to be immoral and unethical.
In the past terms such as imperialism, colonialism, apartheid, which were burning issues have
given way to cyber crime, hacking, 'cyber-ethics' etc. Today in the present era there is a need to
evolve a 'cyber-jurisprudence' based on which 'cyber-ethics' can be evaluated and criticized.
Further there is a dire need for evolving a code of Ethics on the Cyber-Space and discipline.

CONCLUSION
The Information Technology Act 2000 was passed when the country was facing the problem of
growing cyber crimes. Since the Internet is the medium for huge information and a large base of
communications around the world, it is necessary to take certain precautions while operating it.
Therefore, in order to prevent cyber crime it is important to educate everyone and practice safe
computing.
Following Frank William Abagnale & Robert Morris, many other hackers are intending to make
use of their skills for better purposes. This trend continues even now where companies as their
security analysts hire the brilliant hackers. Also, there is a dire need for evolving a code of Ethics
on the Cyber-Space and discipline. In the cyberspace, following traditional principles of criminal
law to fix liability is not possible. Since most of the cyber criminals are those who are under the
age of majority, some other legal framework has to be evolved to deal with them. Since cyber
world has no boundaries, it is a Herculean task to frame laws to cover each and every aspect.
But, however a balance has to be maintained and laws be evolved so as to keep a check on cyber
crimes.

CHAPTER NO 4
A COMPARATIVE STUDY OF CYBER LAWS/CYBER CRIMES
INTRODUCTION
Recently the face of cybercrime has changed as a result of the emergence of new Internet
environments, organised cybercrime groups and new 'smart' viruses. Thus, the development of
new accessible technologies and the expansion of the Internet have led to a number of new
criminal behaviours. 7 This has led to a call for specialised legislation to combat these new
criminal behaviours. The profile of the cybercriminal has also changed from the 'nerdy loner' to

The development of the Internet and the advancement of computer technology have also resulted in the creation of
new opportunities for those who engage in illegal activity. See Brenner 2001 Murdoch Univ EJL 1. Brenner argues
that law enforcement officials (police officials) should be equipped with the necessary legal tools to pursue
cybercriminals. To this end, every legal system should take adequate measures to ensure that its criminal and
procedural laws can meet the challenges posed by cybercrimes.

one who is now a syndicate member.8 However, cybercrime knows no borders. It is irrelevant for
the perpetrator and the victim of a crime to meet, as the unlawful actions committed by a
perpetrator in one country may have a direct and immediate effect in another country.
Computer crimes also impact inter alia on the protection of privacy, the prosecution of economic
crimes, the protection of intellectual property and procedural provisions that assist in the
prosecution of computer crimes. Many countries are resorting to computer-specific criminal
codes that address unauthorised access and manipulation of data. However, countries that
regulate political discourse find it difficult to regulate freedom of expression, as what constitutes
acceptable speech in one country is unacceptable in another country.

COMPARATIVE PERSPECTIVE
Many countries have legal systems which involve a combination of English law, Roman Dutch
law and constitutional law. These laws are promulgated to apply to traditional crimes such as
murder, assault, theft and fraud. A problem therefore arises when these 'antiquated' procedural
laws are confronted with infringements that arise in the IT environment. The inadequacy of
existing criminal laws to address computer offences has led to the introduction of new legislation
to keep abreast with modern technology.

INDIA
In India, cybercrime has to be voluntary and willful, an act that adversely affects a person or his
property. The Cybercrimes and Information Technology Act (IT), 2000 (the IT Act 2000) was
introduced to amend outdated laws and to adequately address cybercrime. Although the primary
objective of the Act was to create conducive environment for commercial use of IT, it also aims
to provide a legal framework for the protection of all electronic records and other activities
carried out by electronic means. The Act also prescribes remedies for corporations where their
8

The perpetrator who is physically located in one country can wreak havoc in other countries as the 'love bug'
episode illustrates. The 'love bug' virus emanating from the Philippines, launched during May 2000, affected twenty
countries and caused $10 billion in damage. As there were no relevant computer offence laws in the Philippines, the
creator of the virus escaped punishment due to the lack of appropriate laws with which to charge him (the
perpetrator). This virus illustrates the problems that this type of activity poses for law enforcement (the police) in
cross-border prosecution, such as the lack of cybercrime-specific criminal laws, the inadequacy of criminal laws, the
lack of international agreements, the difficulties with jurisdiction and the difficulty in determining the number and
effect of cyber offences. Brenner (n 5) 3. Also see Wilson 2006 Aust LJ 700 and Goodman and Brenner
2002 IJLIT 140-141, for further discussion about the 'love bug' virus.

computer systems are tampered with. The IT Act 2000 provides legal recognition of digital
signatures and a legal framework for E-governance, offences, penalties, adjudication and
investigation of cybercrime.9 Although the Act was introduced but it had its own shortcomings:
it did not effectively address cyberstalking and cyber harassment; it contained ambiguous
definitions; there was a lack of awareness by netizens about their rights; the question of
jurisdiction was not addressed in the Act, and there were problems with extra-territorial
jurisdiction.
Although cybercrime is on the increase it is not adequately reported to avoid harassment of
offenders by the police and companies also want to avoid bad publicity in the media. However,
the increase in ATM frauds and cybercrime led to calls to amend the IT Act 2000 and this
resulted in the Information Technology (Amendment) Act, 2008. It prescribes punishment
which could extend to life imprisonment for cyber terrorism (Section 66F) and imprisonment of
five years, and a fine of Rs10 lakh for publishing obscene material or transmitting obscene
material in electronic form (Section 67). A severe punishment is also prescribed for offences
relating to the misuse of computers and communication equipment.
The Indian Government introduced the Information Technology (Amendment) Act, 2008 to
overcome shortcomings in the current law. The imposition of stringent punishment for cyber
terrorism demonstrates the government's intention to prevent terrorists from using the Internet to
perpetrate crime.10 The Cyber Appellate Tribunal is a specialised tribunal which hears appeals in
cyber cases. Specialised tribunals are important because they prioritise and expedite cyber cases.

INFORMATION TECHNOLOGY IN CHINA

Internet
Announcement of the Ministry of Information Industry on the Adjustment of China Internet
Domain Name System 2006

Ch IX refers to penalties for damage to a computer and computer systems. Damages are fixed at Rs 1000 000
(Rupees) for affected persons. It also requires the adjudicating officer not below the rank of Director to adjudicate
contraventions of the Act. Ch X refers to a Cyber Regulations Appellate Tribunal, which hears appeals against the
decision of the adjudicating officer. Ch XI prescribes various offences such as tampering with computer documents,
publishing obscene information and hacking. These offences will be investigated by a police officer not below the
rank of a Deputy Superintendent of the Police.
10
The role of the police in combating cybercrime has been criticized because of the poor rate of conviction.
However, the police in India are now becoming cybercrime aware and hiring trained people, and cyber police
stations are functioning in major cities throughout the country. See Singh 2009 www.ind.ii.org/

In order to satisfy the development of the Internet, it has been partly adjusted as the China
Internet Domain Name System (adding the category domain name .MIL under the top-level
domain name CN) in accordance with Article 6 of the Measures for the Administration of
China Internet Domain Names. The adjusted China Internet Domain Name System came into
force as of March 1, 2006.
Measures for the Administration of the Publication of Audio-Visual Programs through the
Internet or Other Information Network - 2004
The present Measures are formulated for the purpose of regulating the order of publication of
audio-visual programs through the internet and other information network, strengthening
supervision and administration, and promoting the development of socialist culture and ethics.
The Administration Rules on the Dissemination of Audio and Visual Programs over the Internet
or Other Information Networks - 2003
The Rules have been promulgated to regulate AV programs over information networks, to
enhance the supervision and administration thereof, and promote the development of socialist
spiritual civilization.
Provisions on the Technical Measures for the Protection of the Security of the Internet 2006
The present Provisions are formulated according to the Administrative Measures for the Security
Protection of the Computer Information Network Linked to the Internet for the purpose of
intensifying and regulating the technical prevention for the sake of Internet security,
guaranteeing the network security and information security of the Internet, promoting the sound
and orderly development of the Internet and safeguarding the state security, social order and
public interests.
Computer Information Network and Internet Security, Protection and Management Regulations
1997
In order to strengthen the security and the protection of computer information networks and of
the Internet, and to preserve the social order and social stability, these regulations have been
established on the basis of the "PRC Computer Information Network Protection Regulations",
the "PRC Temporary Regulations on Computer Information Networks and the Internet" and
other laws and administrative regulations.

Decision of the Standing Committee of the National People's Congress on Preserving Computer
Network Security - 2000 (Adopted at the 19th Meeting of the Standing Committee of the Ninth
National People's Congress on December 28, 2000)
Thanks to the vigorous advocacy and promotion by the State, China's computer network is
applied more and more extensively in economic development and other fields of endeavour,
which has brought about deep- going changes in the mode of production, other work, study and
people's way of life and will continue to do so, which will play an important role in speeding up
the development of the national economy and science and technology as well as the
computerization of public services.
Meanwhile, the question of how to ensure the operational and information security of the
computer network has aroused general concern in the whole society.
The following decision has been adopted in order to promote what is beneficial and eliminate
what is harmful, promote the sound development of China's computer network, preserve the
security of the State, safeguard interests and protect the lawful rights and interests of individuals,
legal corporations and other organizations.
1. For the purpose of ensuring the operational security of the computer network, anyone
who commits any of the following acts, which constitutes a crime, shall be investigated
for criminal responsibility in accordance with the relevant provisions in the Criminal
Law:
i.

Invading the computer data system of State affairs, national defence buildup or the
sophisticated realms of science and technology;

ii.

Intentionally inventing and spreading destructive programs such as computer viruses

to attack the computer system and the communications network, thus damaging the
computer system and the communications network; or

iii.

In violation of State regulations, discontinuing the computer network or the

communications service without authorization, thus making it impossible for the
computer network or the communications system to operate normally.

2. For the purpose of preserving the security of the State and maintaining social stability,
anyone who commits any of the following acts, which constitutes a crime, shall be
investigated for criminal responsibility in accordance with the relevant provisions in the
Criminal Law:

i.

Making use of the computer network to spread rumours, libels or publicize or

disseminate other harmful information for purpose of whipping up attempts to subvert
state power and overthrowing the socialist system, or to split the country and
undermine unification of the State;

ii.

Stealing or divulging State secrets, intelligence or military secrets via the computer
network;

iii.

Making use of the computer network to stir up ethnic hostility or discrimination, and
thus undermining national unity; or

iv.

Making use of the computer network to form cult organizations or contact members
of cult organizations, thus obstructing the implementation of State laws and
administrative regulations.

3. For the purpose of maintaining order of the socialist market economy and ensuring the
administration of public order, anyone who commits any of the following acts, which
constitutes a crime, shall be investigated for criminal responsibility in accordance with
the relevant provisions in the Criminal Law;
i.

Making use of the computer network to sell shoddy products or give false publicity to
commodities or services;

ii.

Making use of the computer network to jeopardize another person's business

credibility and commodity reputation;

iii.

Making use of the computer network to infringe on another person's intellectual

property right;

iv.

Making use of the computer network to fabricate and spread false information which
effects the exchange of securities and futures or other information which disrupts
financial order; or

v.

Establishing on the computer network pornographic web sites or web pages,

providing services for connecting pornographic web sites, or spreading pornographic
books and periodicals, movies, audiovisuals or pictures.

4. For the purpose of protecting the lawful rights of the person and property of individuals,
legal corporations and other organizations, anyone who commits any of the following
acts, which constitutes a crime, shall be investigated for criminal responsibility in
accordance with the relevant provisions in the Criminal Law:

i.

Making use of the computer network to humiliate another person or to libel another
person with fabrications;

ii.

In violation of the law, intercepting, tampering with or deleting other persons' emails
or other data, thus infringing on citizens' freedom and privacy of correspondence; or

iii.

Making use of the computer network to commit theft, fraud or blackmail.

5. Anyone who, making use of the computer network, commits any act other than the ones
listed in the first, second, third and fourth items of this Decision, which constitutes a
crime, shall be investigated for criminal responsibility in accordance with the relevant
provisions in the Criminal Law.
6. Anyone who, making use of the computer network, commits any illegal act which is in
violation of the administration of public security but does not constitute a crime shall be
punished by the public security organ in accordance with the Regulations on
Administrative Penalties for Public Security;
Anyone who violates other laws or administrative regulations, which does not constitute
a crime, shall be given administrative punishment by the relevant administrative
department in accordance with law; the persons who are directly in charge and the other
persons who are directly responsible shall be given administrative or disciplinary
sanctions in accordance with law.
Anyone who, making use of the computer network, infringes on another person's lawful
rights and interests, which constitutes a tort, shall be bear civil liability in accordance
with law.
7. While promoting the application of the computer network and the popularization of
network technology, the people's governments at all levels and the departments
concerned shall take effective measures to attach importance to and support research and
development of the technology for computer network security and enhance the ability of
maintaining security of the network.
The department in charge shall increase publicity and education in the importance of the
operational and information security of the computer network and exercise effective
supervision in accordance with law, in order to prevent and stop any illegal activities
conducted via the computer network and create a good social environment for the healthy
development of the computer network.

Any unit that engages in the computer network business shall carry out activities in
accordance with law and, when it discovers illegal or criminal acts or harmful information on
the computer network, shall take measures to suspend transmission of harmful information
and report the matter to the relevant authority without delay.
All units or individuals shall. When using the computer network, observe disciplines and
laws and resist all illegal and criminal acts and harmful information.
The people's courts, the people's procuratorates, the public security organs and the organs for
State security shall perform their own duties and closely cooperate with each other so as to
crack down on all the crimes committed via the computer network.
We should mobilize all the forces of the society and rely on the joint efforts of the entire
community in order to ensure the operational and information security of the computer
network and promote socialist ethical and material progress.
Measures for the Administration of Internet E-mail Services - 2006
The present Measures are formulated in accordance with the Telecommunication Regulation of
the Peoples Republic of China, the Measures for the Administration of Internet Information
Services, as well as other laws and administrative regulations for the purpose of regulating
Internet e-mail services and safeguarding the lawful rights of Internet e-mail service users.
Measures for Managing Internet Information Services - 2000
Article 15:
IIS providers shall not produce, reproduce, release, or disseminate information that contains any
of the following:
1. Information that goes against the basic principles set in the constitution;
2. Information that endangers national security, divulges state secrets, subverts the
government, or undermines national unity;
3. Information that is detrimental to the honor and interests of the state;
4. Information that instigates ethnic hatred or ethnic discrimination, or that undermines
national unity;
5. Information that undermines the state's policy towards religions or that preaches the
teachings of evil cults or that promotes feudalistic and superstitious beliefs;

6. Information that disseminates rumors, disturbs social order, or undermines social

stability; Information that spreads pornography or other salacious materials; promotes
gambling, violence, homicide, or terrorism; or instigates crimes;
7. Information that insults or slanders other people, or infringes upon other people's
legitimate rights and interests; or 9. Other information prohibited by the law or
administrative regulations.
Regulation for Administration of Internet Access Service Places - 2002 1
Article 1
The purpose of enhancing the administration of internet access service places, regulating the
business behaviors of service providers, protecting the legitimate rights and interests of public
members and service providers, ensuring the healthy development of internet access service
activities, and promoting the socialist spiritual civilization, this Regulation is formulated.
Chinas Internet Policy in 2013:
With real name registration, the devolution of responsibility extends beyond the website
operators and reaches individual users. When each Weibo post becomes tied to an identified
person, then each individual user will be more likely to practice self-censorship with respect to
their own posts.
Even without real name registration for user generated content websites, true anonymity on
Chinas internet does not exist for most users. When registering for home or business internet
access, real name registration is already required.
Seventy percent of mobile phone users also register with their real names according to Chinas
Ministry of Industry and Information Technology, and the new rules suggest that the anonymous
prepaid mobile phone cards will be phased out. Internet cafs are also required to record the real
identity of each user.
As a result, unless someone posting on Weibo is being very careful, the government already has
the means to identify the author of an unwanted post. The six people arrested in connection with
spreading rumors of a coup attempt in the spring of 2012 discovered this fact the hard way.
To achieve self-censorship, however, the users must first understand that they can and will be
held accountable for the content they post. As a result, it would not be surprising to see
implementation of real name registration accompanied by publicity campaigns and a number of
high profile prosecutions for posting illegal content.

This new rules were issued by the standing committee of the National Peoples Congress, which
has a higher position in the official government structure than both the municipality of Beijing
and the General Administration of Press and Publication.
As a result, the issuance of these rules suggests not only that Chinas leadership at the highest
levels support the rules, but that those same top leaders are paying attention to the issue of
anonyms Weibo posts. With such high level focus, Chinas internet users should expect a much
greater effort to fully implementation real name registration this time.

AUSTRALIAN LAW
Electronic Transactions Act 1999.
The object of this Act is to provide a regulatory framework that:
a) Recognizes the importance of the information economy to the future economic and social
prosperity of Australia; and
b) Facilitates the use of electronic transactions; and
c) Promotes business and community confidence in the use of electronic transactions; and
d) Enables business and the community to use electronic communications in their dealings
with government.
Australia signs on to international cybercrime treaty
4 March 2013
Australia has now formally joined 38 other nations as a party to the worlds first international
treaty on crimes committed via the Internet.
Australia becoming a party to the Council of Europe Convention on Cybercrime will help
combat criminal offences relating to forgery, fraud, child pornography, and infringement of
copyright and intellectual property, said Attorney-General Mark Dreyfus.
The internet makes it easy for criminals to operate from abroad, especially from those countries
where regulations and enforcement arrangements are weaker.
These powers will allow Australian law enforcement agencies to rapidly obtain data about
communications relevant to cybercrimes from partner agencies around the world.

The Convention will also ensure vital evidence is not lost before a mutual assistance request can
be completed.
Becoming party to the Convention ensures Australian legislation is consistent with international
best practice. It enables domestic agencies to access and share information to facilitate
international investigations and help countries in the region build capacity to address cybercrime.
Australia will be able to benefit from reciprocal powers offered by the 38 other nations. This is
good news for fighting crime and will help make it easier for police to track down cyber
criminals around the world.
Cybercrime Legislation Amendment Act 2012
With the Convention now in effect, Australias investigative agencies are able to use new powers
contained in the Cybercrime Legislation Amendment Act 2012 to work with cybercrime
investigators around the globe.
The Act amended certain Commonwealth cybercrime offences and enabled domestic agencies to
access and share information relating to international investigations.
Mr Dreyfus says the Act also created new privacy protections, safeguards and reporting
requirements for the exercise of new and existing powers.
The privacy protections in the Act maintain robust protections for Australians, he said.
A warrant is always required to access the content of a communication whether the information
is in Australia, or accessed from overseas under the Cybercrime Convention.
The Cybercrime Act and the Cybercrime Convention do not impact in any way on the need to
have a warrant to access content from a telephone call, SMS or e-mail.
The Convention focuses on supporting international co-operation between nations, which is
separate from the PJCIS inquiry which is about ensuring our agencies are equipped to deal with
the changing dynamics of communication and its infrastructure.
The final Schedule of the Commonwealth Cybercrime Legislation Amendment Act 2012 (No.
120) has been slated to start on 1 March 2013, the same day as the Council of Europe
Convention on Cybercrime comes into force for Australia.
The Act introduces changes in the Telecommunications Act 1997 and Telecommunications
(Interception and Access) Act 1979 and will force carriers and internet service providers (ISPs)
to preserve stored communications, when requested by certain domestic authorities (such as the

Australian Federal Police), or when requested by those authorities acting on behalf of nominated
foreign countries.
Schedule 3 affects the Criminal Code Act 1995 (CTH) and reflects amendments made to ensure
that computer related offences in Part 10.7 are applicable to both State and Territory offences as
well as Commonwealth offences. In particular, Part 10.7 concentrates on offences relating to
illegal access, modification and impairment of computer data.
It is yet to be seen whether the privacy safeguards touted during the bill's second reading debate
will have any impact on enforcement of the criminal provisions in the Act's third schedule. 11

SOUTH AFRICAN LAW

Position before the inception of the Electronic Communications and Transactions Act 25 of
2002
Most of the so-called traditional crimes such as murder, rape, theft, malicious injury to property
and housebreaking originate from the South African common law, namely Roman-Dutch law.
These traditional crimes deal only with tangibles whereas IT crime or cybercrime deals with
intangibles. The perception has thus arisen that the common law cannot effectively deal with IT
crime.12
Before the commencement of the Electronic Communications and Transactions Act 25 of 2002
(hereinafter, the ECT), the common law and statutory law applied to online forms of offences
such as indecency (child pornography), fraud (cyber fraud) and crimen injuria (cybersmearing). 13 However, the common law was ineffective in addressing crimes such as theft,
extortion, spamming and phishing.
The case of S v Mas 14 considered the question of admissibility of computer-generated
documents. The court held that documents which contain information that has been processed

11

www.timebase.com.au, last accessed on 20th of Nov., 2013.

To illustrate this, the common-law crime of theft is not adequate for combating IT crime in South Africa. So too
the common-law crime of fraud. For further discussion about the inability of the common law to address IT crime,
see Anon 2005 Cyber Law 121, par 346-349. Also see Burchell 2002 SALJ 585, where Professor Burchell states that
the common law is not suited to punish conduct such as unauthorised access to computer systems and altering
computer data. However, he maintains that conduct committed using a computer as an instrument is generally
covered by existing common-law crimes such as theft, fraud, invasion of privacy and murder.
13
Prior to the inception of the ECT, crimes such as the possession and distribution of child pornography could be
prosecuted in terms of s 27(1) and s 28 of the Films and Publications Act 65 of 1996.
14
2002 (2) SACR 387. It should be noted that this case was decided before the inception of the ECT. The court
in Mashiyi referred to Narlis v South African Bank of Athens 1976 (2) SA 573 (A), which held that a computer print12

and generated by a computer are not admissible as evidence in a criminal trial. On the other
hand, the court found that where documents have been scanned to produce an electronic image of
the original, then such an image is regarded as an exact image and is therefore admissible.
However, in terms of the "prevailing law" the court could not admit into evidence the disputed
documents which contained information that has been processed and generated by a computer. 15
The ECT and its effect16
The aim of the ECT is inter alia "to provide for the facilitation and regulation of electronic
communications and transactions; to provide for the development of a national e-strategy for the
Republic; to promote universal access for electronic communications, transactions and the use of
electronic transactions by SMMEs; to prevent abuse of information systems and to encourage the
use of e-government services". Indeed, the focus of the ECT is on protecting 'data' or data
messages. The ECT deals comprehensively with cybercrime in Chapter X111. The following
offences are punishable offences in the ECT, namely sections 86(4) and 86(3) address new forms
of crimes, the law being called anti-cracking (anti-thwarting) and hacking law, which prohibits
the selling, designing or producing of anti-security circumventing technology; e-mail bombing
and spamming is addressed in terms of sections 86(5) and 45 of the ECT respectively; whereas
the crimes of extortion, fraud and forgery are addressed in terms of section 87. 17 Section 3 of the
ECT provides that in instances where the ECT has not made any specific provisions for criminal
sanctions, then the common law will prevail. However, other statutory remedies prevail in the
prosecution of other cybercrime. For example, money laundering and other financially related

out cannot be received as evidence in terms of s 34 of the Civil Proceedings Evidence Act 25 of 1965. The reason for
the rejection of a computer print-out as admissible evidence in the above case was that a computer is not a person
and therefore a computer print-out is not a statement made by a person. The court also referred to S v Harper 1981
(1) SA 88 (D) which found that computer-generated documents were admissible under the section only if the
computer merely stored or recorded the information.
15
It should be noted that this discussion deals only with certain provisions of the ECT. A detailed discussion of the
provisions of the ECT is beyond the scope of this article.
16
Therefore, s 86 prevents unauthorized access to or interception of or interference with data; s 87 refers to
computer-related extortion, fraud and forgery whilst s 88 refers to aiding and abetting. Regarding anti-pirating
software and the protection of security software, see s 86(4) of the ECT and s 27 of the Copyright Act 98 of 1978
respectively. The creation of law that addresses new crimes such as hacking is considered to be one of the greatest
contributions by the ECT. It is submitted that any measure that protects the integrity of data is welcome, as this is
fundamental to successful electronic commerce. Also see Mndzima and Snail 2009www.hg.org/; Van der Merwe
2003 JCRDL 43-44 and Van der Merwe 2007 (n 1) 313 for further discussion on these provisions.
17
It should be noted that POCAA targets organised crime, money laundering and criminal gang activities both
nationally and internationally, whilst FICA outlaws money laundering and other unlawful actions.

crimes are addressed in terms of the Prevention of Organised Crime Second Amendment Act 38
of 1999 (POCAA) and Financial Intelligence Centre Act 2001 (FICA).18
The Act has also created 'cyber-inspectors' who are authorised to enter premises or access
information regarding cybercrime.19 Cyber inspectors are empowered in terms of the Act to enter
any premises and access information that may impact on an investigation into cybercrime.
However, the provision in respect of search and seizure (section 82) may infringe section 14 of
the Constitution of the Republic of South Africa 1996 (the right to privacy).20
The criminal sanctions in the ECT have been criticized for not being severe enough. 21 To
illustrate this, section 89(1) provides a maximum period of one year's imprisonment for most
crimes prohibited by section 86, whilst the crimes prohibited in sections 86(4) and (5) (matters
such as denial of service-attacks) and crimes prohibited in section 87 (extortion, fraud and
forgery) prescribe a fine or imprisonment not exceeding five years. However, the Regulation of
Interception of Communications and Provision of Communications-Related Information Act 70
of 2002 (the RICA) prescribes harsher measures. 22 Thus, the criminal sanctions in the ECT
appear to be inadequate when compared with the RICA. It is submitted that more stringent
penalties are required to deter cyber criminals.

18

See inter alia, Seccombe v AG 1919 TPD 270 at 277; S v Mpumlo 1986 (3) SA 485 (E) at 489. However, there are
exceptions to the general rule where the original document is destroyed, it cannot be located, or its production is
illegal. Secondary evidence is admissible in these circumstances. See inter alia, Ex parte Ntuli 1970 (2) SA 278
(W). It should be noted that South African e-discovery obligations arise from the ECT read together with the
Uniform Rules of Court (which were promulgated during 1965).
19
S 14 provides that everyone has a right to privacy, which includes the right not to have their person or home
searched, their property searched, their possessions seized, or the privacy of their communications infringed.
However, this may be limited in terms of s 36 of the Constitution (limitation clause).
20
Van der Merwe et al (n 77) 78.
21
S 51 of the RICA prescribes fines not exceeding R 2 000 000 or imprisonment not exceeding ten years. Regarding
juristic
persons,
fines
may
increase
to
a
maximum
of
R 5 000 000. For further evaluation of the criminal provisions of the ECT, see Van der Merwe et al (n 77) 75-78.
22
Jurisdiction refers to the competence of a court to hear a matter. Usually the courts will exercise jurisdiction
regarding offences committed on South African territory only. See inter alia, S v Maseki 1981 (4) SA 374 (T). The
general rule regarding jurisdiction was that when a crime was committed outside the borders of SA, a South African
court will not have jurisdiction to adjudicate on the case. However, there are exceptions, namely high treason, theft
committed in a foreign country, and offences committed on board ships or on aircrafts. For further information see
Bekker et al "The criminal courts" 37-38. Also see Bid Industrial Holdings (Pty) Ltd v Strang 2007 SCA 144 (RSA),
where the Supreme Court of Appeal had to consider the constitutionality of jurisdictional arrest of a foreigner and
whether it was aimed at founding or confirming arrest. The Court found legally competent alternatives to requiring
arrest as a jurisdictional prerequisite where attachment is not possible, such as serving the defendant with summons
whilst he was in SA, or establishing a connection between the suit and the area of jurisdiction, for example by the
cause of action arising within the court's area of jurisdiction.

Jurisdictional issues are regulated by section 90 of the ECT.23 To illustrate this, section 90 of the
ECT provides that a court in the Republic (SA) trying an offence in terms of this act committed
elsewhere will have jurisdiction in the following instances:
a) Where the offence was committed in the Republic;
b) Where part of the offence was committed in the Republic or the result of the offence had
an effect in the Republic;
c) Where the offence was committed by a South African citizen or a person with permanent
residence in the Republic or a person carrying on business in the Republic; 24or
d) The offence was committed on board any ship or aircraft registered in the Republic or on
a voyage or flight from the Republic at the time that the offence was committed. 25
Section 90(b) is helpful because it facilitates the prosecution of perpetrators who create and
disseminate viruses overseas, because these viruses may damage our computer networks.
Similarly, it facilitates the prosecution of overseas -based hackers who may damage our
computer systems. A South African court will thus be vested with jurisdiction because the
above-mentioned crimes "had an effect in the Republic". A South African court will also have
jurisdiction if a South African national commits a cybercrime abroad based solely on the
nationality of the perpetrator. However, the jurisdictional provisions of the ECT are not without
criticism.

23

It is submitted that s 90 is more comprehensive than a 22 of the COECC. Art 22 provides that a country has
jurisdiction when an offence is committed in:
a) its territory;
b) on board a ship flying a flag of that party;
c) on board an aircraft registered in that country;
d) by one of its nationals if the offence is punishable under criminal law where it was committed or if the
offence
was
committed
outside
the
territorial
jurisdiction
of
any
state.
The application of s 90 is, however, limited to crimes that can be committed under the ECT.
24
S 90(c) is regarded as being "too broad". It appears that where no country has jurisdiction in respect of the
offence, then the nationality of the perpetrator should play an important role in deciding where he should be
prosecuted. This conforms with art 22 of the COECC.
25
S 90(d) is also said to be problematic, because it differs from s 28(1)(d) of the Magistrate's Courts Act 32 of 1944,
which requires the "whole cause of action" to take place within a particular court or district (territorial borders),
whilst s 90(d) provides for jurisdiction in terms of nationality rather than because the offence was committed within
its territorial borders. It is also problematic if the cybercrime is committed beyond our borders but the offender is
prosecuted in South Africa. Then the question arises as to which regional court or district court has jurisdiction to
hear the matter. The ECT has also been criticised for "missing the opportunity to address some of the jurisdictional
problems, particularly the regulation of jurisdictional connecting factors in e-contracts". In this regard, see Sibanda
"Choice of law" 264. S 90 is also criticised for failing to address sexual crimes. See Van Zyl 2008 JCRDL 235 in
this regard.

CYBER CRIMES IN BANKING SECTOR

South African banks are also vulnerable to cybercrime. 26 Banks have expressed concern about
the increase in phishing schemes.27 Cybercrime is said to be increasing rapidly in South Africa.
Many companies are said to underestimate the threat from phishing, data loss, identity theft,
information leakage and other cyber activities. It is also acknowledged that many of the phishing
operators are part of the Nigerian 419 scam.28 The recent bank SMS scam case has also raised
serious questions about the security of online banking. 29 However, the establishment of
organisations such as SABRIC to combat cybercrime in the banking industry is lauded. SABRIC
provides the banking industry with crime risk information management services and facilitates
inter-bank initiatives to reduce the risk of organised bank-related crime through effective public
private partnerships.30 It is submitted that the private sector has a vested interest in addressing
bank-related crime.
Way forward
South Africa has adopted the COECC but not ratified it. The treaty contains important provisions
to assist law enforcement (the police) in their fight against transborder cybercrime. Therefore,
South Africa needs to ratify the cybercrime treaty to avoid becoming an easy target for
international cybercrime. The South African government seems to be presently focused on basic
service delivery and more traditional crimes, given the current situation in the country where
crime and poverty are rife. However, the establishment of the Computer Security Incident
Response Team (CSIRT) indicates that the aim to tackle cyber crime is gathering
momentum.31 The South African Law Reform Commission (SALRC) has also recommended the
introduction of legislation on the protection of personal information (so-called "information
26

See inter alia Anon 2007 www.crime-research.org/ and Herselman and Warren 2004 www.dealin.edu.au/ It is
advocated in the latter article that South Africa should learn from and apply the Organisation for Economic Cooperation and Development (OECD) guidelines (2002) to safeguard businesses against cybercrime.
27
The major banks such as Absa, Standard Bank and First National Bank have confirmed breach of their clients'
accounts by phishing schemes during 2007. See Anon 2007 www.iol.co.za/ Also see Van der Merwe et al (n 77) 6667 for further discussion about the vulnerability of South African banks.
28
The so-called '419' swindle is named after the article in the Nigerian penal code which outlaws it.
29
It involved a Vodacom employee who was working with a syndicate to intercept SMS notifications from banks to
their customers. It has been reported that about R 7-million was siphoned off from customers' accounts as result of
this scam. See Chelemu 2009 The Times 6.
30
SABRIC was established in 2002 as a wholly-owned subsidiary of the Banking Association. Its key stakeholders
are the four major South African banks, namely, Standard Bank, Nedbank, Absa and First National Bank. For
further information, see SABRIC 2009 www.sabric.co.za.
31
See Anon 2007 it-online.co.za/; Anon 2009 www.ib.com/. The latter article commends the actions of the SA
government in reducing software piracy.

protection legislation or information privacy legislation"). 32 It is submitted that the promulgation

of information protection legislation in South Africa will impact on inter alia the Promotion of
Access to Information Act 2 of 2000 (the PAIA) and the ECT as far as information privacy is
concerned.
It is submitted that South Africa can learn from the approaches followed in other countries. We
can take note of the UK model (as in the CMA) by introducing stricter penalties in the ECT. We
need to prescribe harsher penalties to deter cyber criminals. We can also examine the feasibility
of introducing collaborative initiatives involving the police, the private sector and academics to
combat cybercrime (as in the US and the UK). It is important to involve all role players in the
struggle against cybercrime. The role of the Australian Banking Association in combating rising
levels of cybercrime in the banking industry can be favourably compared to the role of SABRIC.
It is important to enlist the aid of the private sector to combat cybercrime. The introduction of a
Cyber Appellate Tribunal similar to that in India will also ensure that cyber cases are given
priority. It will also lessen the case load on our already over-burdened courts. Indeed, our police
and judiciary should also become more cybercrime savvy, like their Indian counterparts. Last but
not least, we should follow the US in ratifying the COECC, as the treaty offers a global approach
to the global problem of cybercrime.

OVERALL ASSESSMENT
African countries have been criticised for dealing inadequately with cybercrime as their law
enforcement agencies are inadequately equipped in terms of personnel, intelligence and
infrastructure, and the private sector is also lagging behind in curbing cybercrime. African
countries are pre-occupied with attending to pressing issues such as poverty, the Aids crisis, the
fuel crisis, political instability, ethnic instability and traditional crimes such as murder, rape and
theft, with the result that the fight against cybercrime is lagging behind. It is submitted that
international mutual legal and technical assistance should be rendered to African countries by
corporate and individual entities to effectively combat cybercrime in Africa. African countries
need to build partnerships to combat internet crime and corruption. Nevertheless, it is laudable
32

See SALRC Discussion Paper 109. It should be noted that information protection relates to the protection of a
person's right to privacy. The right to privacy is protected in terms of s 14 of the Constitution. The Protection of
Personal Information Bill is regarded as a mechanism for the protection of the right to information protection and
will be enacted at some time during 2009.

that other African countries (besides South Africa) are making attempts to address cybercrime.
Kenya has enacted cyber legislation to combat cyber crimes.33 Botswana has presented a Bill on
Cybercrime and Computer-Related Crimes to the National Assembly, which will go for a third
reading before it is signed into law. 34 The Economic Community of West African States
(ECOWAS) has also met to discuss inter alia the implementation of ICT policy and legislation,
access and interconnection regulation, the granting of universal access and the provision of
guidelines for gradual transition to open markets. 35 There is a growing recognition that
cybercrime is thriving on the African continent because of a lack of IT knowledge by the public
and the absence of suitable legal frameworks to deal with cybercrime at national and regional
levels. Attempts are therefore being made to address cybercrime.

GULF STATES
Pirated software causes heavy losses for software companies worldwide.36 The Gulf Cooperation
Council (the GCC) recommended during June 2007 that members adopt a treaty on cybercrimes
among the Gulf States.37

UNITED ARAB EMIRATES

The United Arab Emirates (the UAE) was the first country to enact a comprehensive cyber law
among the Gulf States. The Cybercrimes Act, Law No 2 of 2006, contains 29 articles, and it
contains prohibitions inter alia against hacking, credit-card fraud, human trafficking, and abuse
of any Islamic holy shrine or ritual.38 The Act prescribes punishment ranging from imprisonment
to a fine or both. The terms of imprisonment range from one year to seven years and the fines
33

The Kenyan Communications Act was passed by the Kenyan Parliament and signed by the President during
January 2009. The Act includes legislation on cybercrime in s 83 W-Z and s 84 A-F on inter alia unauthorised
access to computer data, access with intent to commit offences, unauthorised access to and interception of computer
services, damaging or denying access to computer systems, unlawful possession of devices and data, electronic
fraud, tampering with computer source documents and publishing obscene material in electronic form. See further,
Cybercrime Law 2009 www.cybercrimelaw.net/
34
Ibid.
35
See Ogundeji 2008 www.thestandard.com/
36
To illustrate this, in 2006 alone, member companies of BSA lost around $40 billion (about Dh 146,9 million).
Anon 2006b archive.gulfnews.com/
37
It should be noted that the GCC members are Bahrain, Kuwait, Oman, Qatar, Saudi Arabia and the UAE. For
further discussion, see Howe 2007 archive.gulfnews.com/; Roberts archive.gulfnews.com/
38
The UAE has also enacted an effective copyright law which takes tough action against piracy. Anon 2006a
archive.gulfnews.com/ For further discussion of the UAE Cybercrime Act see also Van der Merwe et al ICT Law
101.

range from Dh 20, 000 to Dh 50,000 (Dhirams) depending on the type of offence committed.
The Act has been effective in addressing cybercrime in the country. The GCC countries were
urged to follow the example of the UAE by enacting comprehensive cyber legislation.

SAUDI ARABIA
Saudi Arabia passed laws governing cybercrime during October 2006. 39 The Shoura Council,
which is responsible for enacting laws in Saudi Arabia, passed the Kingdom's first legislation to
address the rise in electronic crime. The Council enacted provisions inter alia in illegal access
and data interference. The legislation addresses offences such as hacking, defamation, and the
spread of terrorism. It is aimed at protecting individuals, companies and organisations from
being defamed or harmed via the Internet. The maximum punishment under the new legislation
is a prison sentence of ten years and a fine of $1,3 million. It can be imposed on anyone found
guilty of hacking into government networks to steal information related to national security or
using the Internet to support terrorism.

QATAR
There are no specific laws addressing internet crime in Qatar. However, internet crimes are
regulated by the Penal Code Act 11 of 2004. Currently, law enforcement authorities are unable to
effectively prosecute cyber criminals, such as hackers, who steal personal data from computers
and place malicious programmes on PCs undetected so as to gather information such as
passwords and credit card numbers. Some hackers have been arrested and prosecuted in the past
in terms of the country's telecommunications and criminal laws. 40 However, there have been
increasing calls for stringent legal steps to fight cybercrime. 41 Difficulties are encountered with
finding sufficient evidence for prosecution, as the perpetrators are often very intelligent and
expert at covering their tracks. Victims are also hesitant to come forward and report crimes
because of embarrassment. According to the ICTQATAR Regulatory Authority's legal and
regulatory manager, Meegan Webb, there are no specific laws addressing cyber criminal activity

39

Also see Bowman 2006 www.itp.net/

See Anon 2006b archive.gulfnews.com/
41
Townson 2008 www.gulf-times.com/
40

in Qatar.42 A need also arises to extend current laws to cover businesses operating outside Qatar,
but which are conducting business within the country. Qatar is said to account for 4,3% of
infected computers in the Middle East, and data-stealing hardware which infiltrates the most
secure enterprises is said to be on the increase. 43 Thus, a need exists for the formulation of
adequate cybercrime legislation to combat cybercrime in Qatar. 44
The Gulf States have recognised their vulnerability to cybercrime. They have taken steps to
address this problem by introducing specialised legislation to address cybercrime. Qatar is also
taking steps to enact adequate cybercrime legislation. It is submitted that the existence of
adequate laws outlawing cyber criminal activities facilitates the prosecution of cyber criminals
by law enforcement officials (the police). However, countries which introduce computer-specific
criminal statutes should also adapt their rules of evidence to computer crimes to facilitate
prosecution of cyber criminals.

AUSTRALIA
In the Australian context, cybercrime has been defined as "any unauthorised activity which
involves or uses computers, digital technology, the Internet, communication systems or
networks".45 This definition may encompass a number of financially devastating attacks such as
computer worms and viruses, Trojan programmes designed to capture personal information,
large-scale phishing scams, and other means of identity theft.46 The inadequacy of the existing
criminal laws to address computer misuse and computer offences has led to calls for distinct
statutory laws for computer offences in order to keep up with modern technology.
The multi-jurisdictional dimension of the Internet has led to the enactment of special extraterritorial jurisdiction for computer-related offences. The Model Criminal Code and Cybercrime
Act 2001 (Cth) addresses computer-related crimes. 47 The aim of the Cth is to protect the

42

ICTQATAR had been involved with drafting the telecommunications law, as well as the draft e-commerce law
which is expected to be passed in the near future. Ibid.
43
See Anon 2009 www.zawya.com. It should be noted that Trend Micro, an international company specialising in
internet content security, is educating regional organisations and individuals about cybercrime.
44
Townson (n 80).
45
See Bronitt and Gani 2003 Crim LJ 304. The authors review the evolution of and the changing rationale for
computer-related offences in Australia in their article.
46
Wilson (n 7) 694.
47
It should be noted that s 15(1)(a)(c) of the Australian Criminal Code 1995 provides that if the conduct occurred
wholly outside Australia but the perpetrator is an Australian citizen, either the individual or corporation is subject to
jurisdiction. The Cybercrime Act 2001 (Cth) which has been influenced by the COECC, has also improved

commercial integrity of systems that process and store information rather than the information
itself.48 Jurisdiction in Australia is governed by a combination of judicial development of the
common law and legislative reform. Australian criminal law assumes that "all crime is local" and
this idea of territoriality has been criticised for failing to consider the extra-territorial effect of
offences. 49 The modern legislative trend is to extend the extra-territorial reach of offences.
Consequently, the Cth extends jurisdiction extra-territorially and identifies the alleged offender's
national status as the basis for conferring jurisdiction. Thus Australian citizens who commit
computer offences in countries that have no real or important links to their home jurisdiction can
now be prosecuted in terms of the Cth. To illustrate this, in Director of Public Prosecution v
Sutcliffe50 an Australian citizen, Brian Sutcliffe, was accused of stalking a Canadian actress who
lived in Toronto. The charges were based on Sutcliffes has telephoned the victim and written to
her repeatedly over several years. The Australian prosecutor charged Sutcliffe with stalking but
the magistrate dismissed the charges. The magistrate found that she lacked jurisdiction to
adjudicate the matter because the crime of stalking occurred in Canada, where the victim was
located. However, the Supreme Court of Victoria reversed the decision. The Court found that
Sutcliffe was a resident of Australia and had committed all of the ingredients of the crime "save
for the harmful effect" in Australia. Therefore, it was held that his conduct and presence in
Australia established a "sufficient connection" to allow the court to exercise jurisdiction over the
proceedings.
It has been suggested that laws allowing the police to rapidly secure evidence stored on
computers and to obtain real-time access to network traffic may be needed for Australia to join a

evidence-gathering by introducing expanded search warrant powers to conduct covert surveillance. According to
Janine Wilson, computer viruses and denial of service attacks are new computer offences which have arisen as a
result of changing technology and the pervasiveness of the Internet. These offences cannot be effectively prosecuted
under traditional criminal laws. Both the Cth and the amendments to the Criminal Code have attempted to fill this
void by regulating unauthorised computer access and misuse. Id 699. It should be noted that New Zealand has also
adopted criminal codes to address both the interception of digital communications and unauthorised access, namely
the Crimes Act 1961. See Allan (n 11) 159.
48
Bronitt and Gani (n 57) 309.
49
The termination theory, which has been regarded as the basis for criminal jurisdiction under the common law in
the Australian Capital Territory, New South Wales, South Australia and Victoria, has been criticised for its
incompatibility with cybercrimes and legal entities. Id 310.
50
[2001] VSC 43 (Victoria, Australia).

global treaty aimed at fighting fraud and electronic crime. 51 According to the Federal Attorney
General's Department project director, Steven Stroud,
A review is being carried out to establish what legislative changes would be
needed if the Australian government were to join the COECC.52
Some academic writers advocate the participation of private actors and stakeholders such as
credit card companies and corporations in the fight against cybercrime, because these
stakeholders have a vested interest.53 Janine Wilson also calls for effective partnerships with the
private sector and international entities in order to effectively manage and combat
cybercrime. 54 The involvement of the private sector will help to improve the ability of law
enforcement (the police) to effectively perform its role of combating cybercrime, and will also
assist the private sector to address cyber-threats. This will also help to minimise financial
damage. 55 In Australia, the role of the financial services industry in targeting cybercrime
developed as a result of its being targeted by cybercriminals, and in this regard the Australian
Bankers Association has undertaken a number of projects addressing the problem of rising levels
of cybercrime.61
The extension of jurisdiction extra-territorially in the Cth adheres to the modern legislative trend.
This is commendable. Although Australia has not joined the COECC, it is taking positive steps
to review its current legislation to bring it in line with the COECC. The role of the Australian
Banking Association in addressing the rising level of cybercrime is praiseworthy. One needs to
foster co-operation and collaboration between the state and the private sector to effectively
combat cybercrime.

UNITED KINGDOM
51

See Dearne Australian It News Limited 2009 http://www.australianit.news.com.au/story, last accessed on 21 May
2013.
52
The Convention, which provides a standard framework for investigating and prosecuting crimes involving
computers across national borders, has already been adopted by more than 45 countries. The Convention provides
for data retention by service carriers, and for the expedited collection of evidence stored on computers. However,
Australia doesn't have laws to this effect. Therefore it is advocated that the current legislation needs to be amended
to reflect these provisions. Ibid.
53
These multinational corporations also have powers to prevent and detect crime that transcends national borders.
Bronitt and Gani (n 57) 313, 317.
54
Wilson (n 7) 694. The article considers inter alia, the nature and scale of cybercrime in the private sector and the
financial services industry, and the need for effective public and private partnerships to stem the tide of increasing
instances of cybercrime, to obtain recovery of lost funds, and to pursue the perpetrators of cybercrime.
55
Id 700-701.

There was widespread agreement in the 1980s that the United Kingdom's existing computer law
was outdated.56 The UK's ratification of the COECC also led to calls to amend the Computer
Misuse Act 1990 (the CMA). The CMA was consequently amended on 1 October 2008 57 to
clarify the meaning of "unauthorised access" to a computer.58 The inclusion of a new provision
also makes it an offence to to make, adapt, supply or offer to supply any item of hardware,
software or data for use in the commission of an offence under the Act. 59 The maximum penalty
for unauthorised access to a computer system has been increased from six months to two years in
prison.60 Denial of service attacks is also criminalised, and the maximum penalty is ten years'
imprisonment. It is also an offence to distribute hacking tools for criminal purposes. Although
the amendments are lauded, it has been suggested that alternative government mechanisms are
required to better address the growing problem of computer misuse. 61 The Home Office has
recently announced a proposal to make it harder for child sex-offenders to meet children
online.62
In the United Kingdom, the jurisdiction of the English courts was considered inter alia in R v
Smith (Wallace) No 4.63 The Court of Appeal had to consider the following facts: the physical
presence of the defendant within England, the fact that substantial criminal activities took place
in England, and whether or not it was necessary for the "last act" to be committed within its
jurisdiction. The court found that the question of whether the English courts have jurisdiction or

56

It should be noted that the English courts concluded that their existing laws did not accommodate nor reflect the
changes brought about by computer technology. See inter alia R v Gold (1988) AC 1063, where the defendant was
acquitted because there were no laws to prevent unlawful access to a computer. This led to the enactment of the
Computer Misuse Act 1990. However, this act was soon found to be ineffective in addressing cybercrime. See
McKenna 2004 Infosecurity Today 5.
57
See Leyden 2008 www.theregister.co.uk/ Although the Police and Justice Act 2006 deals mostly with policing
reform, it also contains amendments to the Computer Misuse Act 1990. Also see Fafinski 2008 Journal of Criminal
Law 53-66. The article looks at the rationale behind the amendments and examines the implications for cyber law. It
is noted that the particular problem of computer misuse presents difficulties for criminal law. Therefore, it is
suggested that this issue be further explored to achieve alternative government mechanisms to address the problem.
58
The new wording prohibits unauthorised acts relating to computers.
59
See further, Fafinski (n 48) 59.
60
This makes the offense serious enough that an extradition request can now be filed.
61
See Fafinski (n 48) 53-66. However, the advent of the initiative called the National Hi-Tech Crime Unit, which
brings the police, private sector and academics together to combat cybercrime is lauded. See Brenner and Clarke (n
3) 682.
62
This is designed to stop child sex-offenders using social networking websites. Registered child sex-offenders will
now have to provide their e-mail addresses to the police or face five years in prison. The first UK Social Networking
Guidance has also been published, which provides advice on how to stay safe online. See Anon The Peninsula 9.
63
[2004] EWCA Crim 631. It should be noted that s 4 and s 5 of the CMA also provide that the UK has jurisdiction
to try the offender if the offence is 'significantly linked' to the UK.

not depends on where the last act took place,64 and it was established that a substantial part of the
offence took place in England and Wales. Thus, it appears that if the offender is within the
jurisdiction of the United Kingdom then the English courts have jurisdiction to try the offender.
There is little judicial support for the approach in England and Wales that allows prosecution in
cases where an element of the offence occurred within the court's jurisdiction.However, the
statement that the terminatory approach has universal support is criticised. 65
The UK experience demonstrates that the UK is trying its best to keep cyber criminals at bay: the
increase in the penalty for unauthorised access to a computer (from six months to two years) and
the criminalisation of denial of service attacks illustrate a tougher stance on cybercrime.
Innovative proposals aimed at child sex offenders have been introduced by the Home Office. The
advent of the National Hi-Tech Crime Unit is also lauded. This initiative, which brings the
police, the private sector and academics together to combat cybercrime, ensures the participation
of all of the key parties in the fight against cybercrime.

UNITED STATES OF AMERICA

The National Information Infrastructure Protection Act of 1996 (hereinafter, the NIIPA or 'the
1996 Act') protects individuals against various crimes involving "protected computers". 66 Both
the US Secret Service and the FBI have jurisdiction over offences committed under the NIIPA,
the latter through the USA Patriot Act.67 The Electronic Communications Privacy Act of 1986
(hereinafter the ECPA) is also aimed at non-traditional crimes such as hacking. It prohibits any
obtaining, altering or preventing unauthorised access to electronic storage. 68
Federal offences include cyber fraud, identity theft, spamming, cyber stalking, cyber fraud,
making intentional false representations online, identity theft, the use of password sniffers, the
64

This is the termination theory which is supported by much case law. See further, Ormerod 2004 Crim LR 953.
Ibid.
66
See s 1030 of Title 18 of the NIIPA. This includes a computer involved in interstate commerce or
communications or any computer attached to the Internet. Offences include the prohibition of access to information
without authorisation or computer hacking. See s 1030(a) regarding the types of offences and definition of electronic
storage. It should also be noted that s 1030 confers jurisdiction to prosecute when the conduct at issue impacts upon
the federal government and where the USA is itself the victim. See Bazelon et al (n 1) 265. Also see Brenner and
Koops (n 3) 25.
67
See s 1030 (d) of the NIIPA. It should be noted that the Patriot Act was introduced on 23 October 2001 to
safeguard homeland security after the 9/11 attacks. Both the Patriot Act of 2001 and the Cyber Security Act of 2002
contain amendments to the NIIPA.
68
See s 2701(a) of the ECPA. In US v Councilman 385 F3d 793 (First Circuit 2005), the court found that the ECPA
was enacted to increase government's powers to wiretap so as to include the digital transmission of electronic data.
65

decimation and creation of worms as well as the writing of viruses and Trojan horses, website
defacements and web-spoofing. 69 Many states such as Arkansas and California have enacted
anti-spam laws to regulate the use of Internet communications that send unsolicited
advertisements for the purpose of promoting real property, goods, or services for sale or lease.
Statutes have also been enacted in some states such as Arkansas and Georgia to provide civil
compensatory damages so as to encourage the victims of computer crimes to come forward.70
Jurisdictional problems arise for state prosecutors when causes of action are committed in
different states, because the jurisdictional rules of criminal law require the prosecutor to prove
that the defendant intended to cause harm within his state. As a result, many states have amended
their jurisdictional rules to address the new concerns that arise from the global nature of the
Internet. To illustrate this, Wisconsin's criminal statutes confer jurisdiction even where the cause
of action has no consequence in the state; some states such as Arizona, Kansas, New York and
Missouri allow jurisdiction where a result of the offence occurs in the state whether or not an
element occurs in the state, whilst Alabama, California and South Dakota have statutes
conferring jurisdiction where an offence begins outside the state but "consummates within the
state". 71 US Code section 1030 also considers the nationality of the victim and it confers
jurisdiction to prosecute when the conduct at issue impacts upon the federal government, where
the US is itself the victim.

THE UNITED NATION

Various resolutions on combating the criminal misuse of information technologies were adopted
by the General Assembly which are as follow:
The General Assembly resolutions 55/63 of 4th December 2000, 56/121 of 19 December 2001
and 64/211 of 21December 2009 relates to combating the criminal misuse of information
technologies.
69

The sale of non-prescriptive drugs, firearms, explosives, cigarettes, alcohol and visas on the Internet is strictly
monitored. The No Electronic Theft Act regulates copyright offences and copyright management offences, while the
Digital Millennium Copyright Act addresses piracy. For further information, see Snail and Madziwa 2008 Without
Prejudice 30-31.
70
See Bazelon et al (n 1) 304-305.
71
Thus, in the US many states take a broad approach to the question of jurisdiction. For example, in Arkansas the
computer crime legislation provides that a person is liable for prosecution if the offence originates in the state or has
consequences in the state (Arkansas Code s 5-27-606(2003)). In Northern Carolina it is an offence where the
electronic communication was originally sent from or where it was originally received in the state (North Carolina
General Statute s 14-453.2 (2002)). Also see Audal et al 2008 ACLR 269-270.

Its other resolutions regarding the prevention of cyber crimes are 2004/26 of 21 July 2004
entitled International cooperation in the prevention, investigation, prosecution and punishment
of fraud, the criminal misuse and falsification of identity and related crimes and resolution
2007/20 of 26 July 2007 entitled International cooperation in the prevention, investigation,
prosecution and punishment of economic fraud and identity-related crime.
Reaffirming also Commission on Crime Prevention and Criminal Justice resolution 16/2 of 27
April 2007 entitledEffective crime prevention and criminal justice responses to combat sexual
exploitation of children,
Taking note of resolution 9, on computer-related crimes, adopted by the Eighth United Nations
Congress on the Prevention of Crime and the Treatment of Offenders, in which States were
called upon to intensify their efforts to more effectively combat computer-related abuses.
The outcome of the Tenth United Nations Congress on the Prevention of Crime and the
Treatment of Offenders on meeting the challenges of the twenty-first century in combating crime
and promoting justice is quite significant.

THE COUNCIL OF EUROPE

Convention on Cyber Crime of 2001 is a historic milestone in the combat against cybercrime.
Member states should complete the ratification and other states should consider the possibility of
acceding to the convention or evaluate the advisability of implementing the principles of the
convention. The council of Europe established a Committee of experts on crime in Cyber-space
in 1997.
The committee prepared the proposal for a convention on Cyber-crime, and the Council of
Europe convention on Cyber Crime was adopted and opened for signatures at a conference in
Budapest, Hungary in 2001. As of May 2013, 39 states had ratified the convention; while a
further 12 states had signed the convention but not ratified it.

THE EUROPEAN UNION

In the European Union, the Commission of the European Communities presented on
April 19, 2002 was a proposal for a council framework decision on attacks against information
systems. The proposal was adopted by the Council in 2005 and includes Article 2: Illegal access

to Information Systems, Article 3: Illegal Systems Interference and Article 4: Illegal Data
Interference.
Large-scale attacks against information systems and various other forms of cyber crime, such as
online identity theft or on-line child abuse, are subject to rapidly evolving technological
developments. The EU's responses to such crimes are equally innovative and flexible, ranging
from support for cross-border cyber-investigations and training of police to legislative measures.
A dedicated European Cybercrime Centre within Europol started operation in January 2013.

ASEAN
The Association of South East Asian Nations (ASEAN) had established a high level ministerial
meeting on Transnational Crime. ASEAN and China would jointly pursue joint actions and
measure and formulate cooperative and emergency response procedures for purposes of
maintaining and enhancing cyber-security and preventing and combating cybercrime.
The four-day 2nd ASEAN Conference on working toward a Cyber-pornography-free Southeast
Asia held in the city of TAGBILARAN in Philippines from April 22 to 26 tackled the regionwide problem on cybercrimes, amidst todays technological advances.
The conference was funded by the South Korean government and attended by officials of the
Philippines, Lao PDR, Cambodia, Vietnam, Indonesia, Malaysia, Singapore and Thailandidentified factors that contributed to the proliferation of cyber pornography and cyberprostitution, and vowed to fight these via inter-country linkages in the ASEAN region.
Reducing, if not eliminating, cybercrimes that continue to prey on innocent minors had prompted
ASEAN officials to conduct the conference, which was a follow-through of the first one held in
June 2012, hoping, this time, the participants would come up with regional agenda and
recommendations to address the problem.

APEC
The Ministers and leaders of the Asia Pacific Economic Cooperation (APEC) had made a
Commitment at a meeting in 2002 which included, An endeavor to enact a comprehensive set of
laws relating to cyber-security and cybercrime that are consistent with the provisions of
international legal instruments, including United Nations General Assembly Resolution 55/63and
the Convention on Cyber Crime by October 2003.

Indonesia was mandated the chairman of Regulatory Roundtable session in the 47th APECTEL
Working Group Meeting. The event took place in 22-27 April 2013 and discussed several issues
of telecommunication such as broadband, new technology development, and a number of
technical issues agreed by APEC economies.
The 47th APECTEL WG meeting is held in Indonesia, in accordance with the results of the
46th APECTEL WG Meeting 2012 in St. Petersburg, Russia, said Head Committee of
APECTEL, Ikhsan Baidirus, in Legian, Bali.
Baidirus explained that the event is participated by 126 delegations who are group
representatives of telecommunication area from 21 APEC member economies.
The results of the Working Group will be presented in the APEC Telecommunication Ministers
meeting, which eventually will be discussed by leaders of APEC in the APEC Leaders meeting
in October 2013 in Bali.

G-8 STATES
At the Moscow meeting in 2006 for the G8 Justice and Home Affairs ministers discussed
cybercrime and issues of cybercrime. In a statement it was emphasized, We also discussed
issues related to sharing accumulated international experience in combating terrorism, as well as
comparative analysis of relevant pieces of legislation on that score.
We discussed the necessity of improving effective countermeasures that will prevent IT terrorism
and terrorist acts in this sphere of high technologies. For that it is necessary to set a measure to
prevent such possible criminal acts, including on the sphere of telecommunication. That includes
work against the selling of private data, counterfeit information and application of viruses and
other harmful computer programs.
We will instruct our experts to generate unified approaches to fighting cyber criminality, and we
will need an international legal base for this particular work, and we will apply all of that to
prevent terrorists from using computer and internet sites for hiring new terrorist and the
recruitment of other illegal actors.

SAARC
Ways to combat terrorism, piracy and trafficking in narcotics came up for discussion among
Interior and Home Ministers of the eight-member SAARC grouping in their crucial meeting at a

Maldivian resort on 25th September 2012. The grouping comprises India, Pakistan, Nepal,
Bangladesh, Bhutan, Sri Lanka, Maldives and Afghanistan.
Cyber crimes, trafficking in women and children in South Asia and mutual assistance in criminal
matters were other issues discussed at the fifth meeting of the SAARC Home/Interior Ministers,
which was inaugurated by Maldives Vice President Mohamed Waheed Deen at Bandos Island
Resort in Male.
In his inaugural address, Waheed Deen said that SAARC was embarking on highlighting one of
the most important issues that face all the nations of the world -- its security.
He also drew attention of the delegates to the "serious threats" faced by the Maldives like piracy,
drug smuggling, human trafficking and terrorism and hoped that solutions would be found

CHALLENGES DERIVING FROM CYBERCRIME

Cybercrime differs from traditional crimes because it can be committed with relative ease, it
requires few resources and it can be committed in a jurisdiction without the offenders being
physically present. 72 The fact that cybercrime does not require physical proximity between a
victim and perpetrator also compounds the problem of detection. 73 The challenges deriving from
cybercrime arise in four main areas namely, logistics, combating anonymity, accessing electronic
information and transnational enforcement.74
An important challenge to state officials in prosecuting cybercrime is one of jurisdiction.
Traditionally, crime and punishment were seen to be locally based, regional or national.
However, this has changed today with the transnational character of cybercrime posing many
problems.75 The globally connected Internet has made cybercrime a trans-border problem with
the result that "no island is an island". 76 The 'love bug' virus illustrates that the existence of
cybercrime laws is a fundamental prerequisite for investigation as well as prosecution. The
72

Regarding examples of cybercrime, see Goodman and Brenner (n 7) 142, 146-150.

Other difficulties have been recognised: although cybercrime is committed by a small percentage of the
population, the number of cybercrimes exceeds that of traditional crimes; there are also difficulties with gathering
evidence and apprehending perpetrators; cybercrime patterns are not well documented; it is also difficult to
categorise crimes; inaccurate cybercrime statistics exist because many cybercrimes go undetected and many are
unreported. See Brenner and Clarke (n 3) 666-667.
74
Allan 2005 NZLR 150. Allan examines the problems posed by cybercrime, and notes that orthodox responses such
as criminalisation, the enhancement of enforcement powers and the use of countering technology are ineffective in a
virtual context. Allan advocates the use of alternative strategies such as those that encourage Internet users to share
the burden of securing informational privacy.
75
The 'love bug' virus is an example of this. See inter alia Goodman and Brenner (n 7) 140.
76
See Xingan 2007 Webology 2.
73

Philippine's failure to have cybercrime legislation in place meant that a Philippine national
inflicted damage in twenty countries but suffered no consequences for his acts, This failure to
have legislation impacted around the globe and illustrated the fragility of our modern networked
world.77 Therefore, the international character of cybercrime calls for international co-ordination
and co-operation to address computer-related offences worldwide. Law enforcement officials
cannot prosecute cyber criminals unless countries have adequate laws in place outlawing such
criminal activities.
Another challenge facing the IT environment is the diverging interests of those affected by
cybercrime: on the one hand, individuals have a right to free speech and privacy and on the other
hand there is society's need to combat crime and secure community networks and the interests of
big business. Informational privacy is thus important. The assistance of third parties such as
Internet service providers and telecommunication entities would assist law enforcement agencies
in their fight against cybercrime.78 Co-operation with the private sector is also encouraged. A
balanced approach that considers privacy interests and the need for effective prosecution of
cybercrime is the way forward.79 The need to eradicate cybercrime also depends on reaching a
consensus on minimal standards for securing fundamental procedural due process guarantees
such as respecting the rights of citizens under search and seizure provisions.80
A need thus arises for worldwide criminalisation to address the cybercrime problem. However,
some undeveloped countries may have inadequate investigative powers or technological
capacities to address the problem. Attempts to adopt, harmonise and streamline international
cybercrime laws by conventions such as the Council of Europe's Convention on Cybercrime
(hereinafter the COECC) and the United Nations Convention against Transnational Organised
Crime are lauded. However, international co-operation by countries is needed to comply with
these Conventions to ensure the integrity of the Internet and address the global nature of
77

Onel de Guzman (a former computer science student) was identified as the person responsible for creating and
disseminating the 'love bug' virus. However, Philippine law did not criminalise hacking or the distribution of
viruses. The Philippine officials struggled with the question of how to prosecute De Guzman. They finally charged
him with theft and credit card fraud but the charges were dismissed. De Guzman could not be extradited for
prosecution in other countries such as the US (which has cybercrime laws) because the conduct attributed to De
Guzman was not a crime in the Philippines. Extradition treaties require 'double criminality', namely the act for
which a person is extradited must be a crime in both the extraditing country and the country seeking the extradition.
De Guzman could not be charged for disseminating the 'love bug' virus. This meant that no one was prosecuted for
the 'love bug' virus. See Goodman and Brenner (n 7) 142.
78
Allan (n 11) 163.
79
Id 178.
80
Also see Kerr 2005/2006 Harvard LR 532-585.

cybercrime. The COECC, which was signed in Hungary on the 23rd of November 2001, aims at
encouraging countries to combat cybercrime.81 It criminalises certain computer actions such as
the interception of non-public transmission of computer data, establishes corporate liability, calls
for the production of stored computer data and recommends mutual assistance between countries
during investigations.82 The COECC is said to be the first international treaty on crimes via the
Internet and other computer networks dealing particularly with infringements of copyright,
computer-related fraud, child pornography and violations of network security. The main
objective is to pursue a common criminal policy aimed at the protection of society against
cybercrime, especially by adopting appropriate legislation and fostering international cooperation. Although the COECC aims at international co-operation in prosecuting cybercrime, it
contains no provision for co-operation in securing networks.83 Thus, the Convention's underlying
premise that harmonising national laws will improve law enforcement's ability to react across
national borders is laudable but the difficulty lies in its implementation.84

CONCLUSION
The global nature of computer technology presents a challenge to nations to address
cybercrime. 85 Domestic solutions are inadequate because cyberspace has no geographic or
81

The Council of Europe has drawn up a convention to respond to the challenges posed by cybercrime. The
Convention was adopted on 8 November 2001 by the Foreign Ministers of the Council's member states and nonmember states, namely the United States, Canada, Japan and South Africa. It was opened for signature on 23
November 2001 in Budapest, Hungary. The Convention entered into force on 1 July 2004. The Additional Protocol
to the Convention on Cybercrime requiring states to criminalise the dissemination of racist and xenophobic material
through computer systems was adopted on 7 November 2002 by the Committee of Ministers. The two main
objectives are to harmonise criminal law in the fight against racism and xenophobia on the Internet and to improve
international co-operation in this area. It was opened for signature during January 2003. It should be noted that
European Cybercrime law is based primarily on the COECC. See further, Cybercrime Law 2007
www.cybercrimelaw.net/
82
See Jahankhani 2007 IJESDF 9 for further discussion.
83
Also see Miquelan-Weissmann (n 3) 329-361. It should be noted that SA has signed but not ratified the COECC.
It is the only African country to have done so.
84
Brenner and Clarke (n 3) 671. The cyber crime treaty is also criticised for not providing adequate guarantees for
fundamental due processes. See Miquelan-Weissmann (n 3) 356-357.
85
The following reasons illustrate the difficulty in addressing cybercrime: the lack of tools for the use of police to
tackle the problem; the fact that the 'old' laws do not fit the 'new' crimes being committed; the fact that the new laws
have not adjusted to the reality on the ground; that there are few precedents to be used for guidance; that there are
debates over privacy issues which hamper the ability of enforcement agents to gather evidence needed to prosecute

political boundaries, and many computer systems can be easily accessed from anywhere in the
world. It is also difficult to obtain accurate cybercrime statistics because an unknown number of
crimes go undetected and unreported. It is also costly to develop and maintain security and other
preventative measures. International financial organisations are also common targets for
computer fraud and embezzlement schemes. 86 Organised crime and terrorist groups are also
using sophisticated computer technology to bypass government detection and carry out
destructive acts of violence. 87 It is thus a continuous uphill battle to develop computer crime
legislation that applies to both domestic and international audiences. 88
The efforts of professional organisations such as the International Criminal Police Organisation
(Interpol) are necessary to combat cybercrime. To this end, Interpol has provided technical
guidance in cybercrime detection, investigation and evidence collection. 89 The role of multinational organisations such as the Commonwealth of Nations, the Group of 8 (the G8) and the
Organisation for Economic Co-operation and Development (the OECD) is important because
their work encompasses a broader territorial environment.90 The COECC's role is also lauded as
it attempts to establish consistency in the cybercrime laws of various countries. However, many
states still have to sign, let alone ratify, the Convention to serve as a deterrent. 91 The unanimous
participation of all nations is required in order to achieve meaningful prosecution.
Although technology advancement is welcomed, it has created numerous challenges. There is a
need for security-related features on the internet to respond to these challenges. Countries should
strive to strike a balance between protecting the safety and security of individuals and

new cases; and that the distrust between police and computer professionals hampers close co-operation between the
two parties to effectively address the cybercrime problem and make the Internet a safe place. See Singh (n 72) 1.
86
See Bazelon et al (n 1) 306.
87
The case of Rami Yousef who orchestrated the 1993 World Trade Center bombing by using encryption to store
details of his scheme on his laptop computer is a case in point. Ibid.
88
Regarding the practical impediments to international investigation and enforcement, see Miquelan-Weissmann (n
3) 335-336.
89
Interpol is co-operating with credit card companies to combat payment fraud by building a database on Interpol's
web site. Interpol is also making efforts to establish a network for collating information relating to illegal activities
on the Internet. Regional efforts have also been made to combat cybercrime by bodies such as the Asia-Pacific
Economic Co-operation (APEC), the Council of Europe (the COE), the European Union and the Organisation of
American States (the OAS). However, these regional efforts are limited to specific states. See Xingan (n 15) 3-4.
90
International organisations examine the promotion of security awareness at both the international and national
levels, the harmonisation of national legislation, coordination and co-operation in law enforcement and they direct
anti-cybercrime actions.
91
International co-operation is required to punish cybercrime offenders. Thus, international co-operation is limited
to the particular participants and treaty signatories who have enacted domestic cybercrime legislation.

guaranteeing the free dissemination of information and opinion. 92 H Jahankhani calls for a global
digital community to take steps to evaluate and safeguard cyber legislation to achieve efficient
and socially responsible use of the Internet, because the global community is responsible for
evaluating such legislation.93 An effective fight against cybercrime requires increased, rapid and
efficient international co-operation in criminal matters. Regarding the problem with jurisdiction,
Brenner suggests that a country should expand the "territorial notion" of jurisdiction to prosecute
so that it allows a country to prosecute regardless of whether the offender's conduct occurred in
whole or in part in the prosecuting country's territory. 94 Brenner also suggests that countries
should evaluate their procedural law governing collection and analysis of evidence to include
intangible evidence derived from cybercrimes as opposed to traditional crimes which generate
tangible evidence. 95 The courts also need to understand the technical characteristics of the
Internet and develop well-settled precedents to address the question of jurisdiction in an
intelligent and logical manner. Indeed the judicious use of criminal sanctions and administrative
regulation is mooted as an effective way to prevent cybercrime. 96
It is submitted that the advent of the ECT goes a long way towards addressing cybercrime in
South Africa. However, there is room for improvement.97 As stated earlier, South Africa needs
to ratify the COECC to avoid becoming vulnerable to international cybercrime. A need also
arises for the introduction of more specialised prosecutors and specialised procedures to facilitate
the prosecution of cybercrime cases on a priority basis. Internet users should also be encouraged
to share the burden of securing informational privacy where feasible. 98 Computer ethics
education should also be taught to children in schools to educate them about the negative
consequences of committing cybercrime. The possibility exists that new forms of cybercrime
will emerge with evolving technology. New cyber laws should therefore be introduced to
respond to these rapid changes. There should also be continuous research and training of IT

92

The efforts by the UK Home Office to censure sex offencers on the Internet are lauded. See Anon (n 53) 9.
See Jahankhani (n 26) 10.
94
She also suggests that countries should impose their own criminal laws on their citizens when the citizens are
abroad, which would facilitate prosecution when a crime was committed abroad. The 'love bug' virus has
demonstrated that cybercriminals can exploit gaps in a country's penal and procedural laws to evade prosecution.
Brenner (n 5) 14.
95
Id.
96
Brenner and Clarke (n 3) 709.
97
The ECT is criticised for not having severe criminal penalties. It is recommended that the criminal jurisdictional
limit and the anti-spam provision in the ECT should be amended. See Van der Merwe (n 1) 319 in this regard.
98
See Allan (n11) 149-150.
93

security personnel, finance services sector personnel, police officers, prosecutors and the
judiciary to keep them abreast of advancing computer technology. At the end of the day, a
balanced approach that considers the protection of fundamental human rights and the need for
the effective prosecution of cybercrimes is the way forward.

CHAPTER 5
INTERNATIONAL JURISDICTION IN CYBERSPACE: A
COMPARATIVE PERSPECTIVE

INTRODUCTION
Cyberspace is a borderless worlda world of its own. It refuses to accord to the geopolitical
boundaries the respect that private international law has always accorded to them and on which it
is based. Therefore there is a need to have a different solution to this different problem. The
solution lies neither in adopting a hands-off approach nor in simply extending mutatis
mutandis the existing conicts rules. A treaty based international harmonisation model as the
most ideal one where rules are certain and predictable and at the same time exible in order to
ensure that the potential benets of this technology are meaningfully consumed by the human
civilisation.
When the traditional conflict of laws rules relating to jurisdiction of courts were being evolved, it
was perhaps too nascent a stage in the development of science to contemplate
a technological advancement which would deny and defy all notions of political and
geographical boundaries. What science could not contemplate, law (perhaps rightly) did not
provide for. This is the most discernible argument against the adequacy and appropriateness of
extending mutatis mutandis the existing conflicts rules to govern cyberspace.
The claim for its appropriateness, as advanced by some, is contradicted by the very nature and
concept of the conflict of laws. The claims of adequacy and appropriateness are also opposed to
the genesis and the process of evolution of the conflicts rules. The (traditional) conflict rules
were evolved to address a category of disputes which involved legally relevant foreign elements.
Here, foreign refers to territorially foreign, determined by and according to the geopolitical
boundaries.
The internet, on the other hand, is truly a borderless world. It refuses to accord to the (traditional)
geopolitical boundaries the respect and sanctity which has been historically accorded to them.
The disregard of these boundaries by the internet gives rise to a multitude of problems, of which
the problem of jurisdiction is but the foremost. The issue gains special significance in matters
concerning cyberspace in that cyberspace is merely a medium of effecting or facilitating certain
acts, which have real world implications. Thus acts committed in the borderless cyber world
eventually have to be enforced in the bordered real world. Simply put, the inventionextension dichotomy comes to this: the claim of invention of new rules based on the a-

national nature of cyberspace is often countered in that behind the cyber-veil99 are human
beings, connected to states by nationality and/or residence, calling for extension of the
existing conflicts norms.

JURISDICTION AND SOVEREIGNTY

Issues of jurisdiction and sovereignty have quickly come to the fore in the era of the Internet.
The Internet does not tend to make geographical and jurisdictional boundaries clear, but Internet
users remain in physical jurisdictions and are subject to laws independent of their presence on
the Internet. As such, a single transaction may involve the laws of at least three jurisdictions:
1. The laws of the state/nation in which the user resides,
2. The laws of the state/nation that apply where the server hosting the transaction is located,
and
3. The laws of the state/nation which apply to the person or business with whom the
transaction takes place.
So a user in one of the United States conducting a transaction with another user in Britain
through a server in Canada could theoretically be subject to the laws of all three countries as they
relate to the transaction at hand.
Jurisdiction is an aspect of state sovereignty and it refers to judicial, legislative and
administrative competence. Although jurisdiction is an aspect of sovereignty, it is not
coextensive with it.

99

The author seeks motivation from the principle of piercing of the corporate veil which is a well-recognised
principle of company law at least in the common law countries. See generally, for an excellent treatment of the
concept, Paul Davies, Gower and Davies Principles of Modern Company Law, 7th edn (London: Sweet and
Maxwell, London, 2003), pp.181190. See further, Marc T. Moore, A Temple built on Faulty Foundations:
Piercing the Corporate Veil and the Legacy of Salomon v Salomon (March 2006) Journal of Business Law 180;
Katherine Lyons, Piercing the Corporate Veil in the International Arena (2006) 33(2) Syracuse Journal of
International Law and Commerce 523; Lucas Bergkamp and Wan-Q Pak, Piercing the Corporate Veil:
Shareholder Liability for Corporate Torts (2001) 8(2) Maastricht Journal of European and Comparative Law 167;
Robert B. Thompson, Piercing the Veil within Corporate Groups: Corporate Shareholders as mere Investors
(1999) 13(2) Connecticut Journal of International Law 379; Carsten Alting, Piercing the Corporate Veil in
American and German Law: Liability of Individuals and Entities: a Comparative View [1995] Tulsa Journal of
Comparative and International Law 187. See also, for English cases, Trebanog Working Club and Institute Ltd v
McDonald [1940] K.B. 516; Holdsworth v Caddies [1955] 1 W.L.R. 352; Lee v Lees Air Farming Ltd [1961] A.C.
12, P.C.; DHN Food Distributors Ltd v Tower Hamlets [1976] 1 W.L.R. 852; Adams v Cape Industries [1990] 2
W.L.R. 786; In re H [1996] 2 All E.R. 291.

The laws of a nation may have extraterritorial impact extending the jurisdiction beyond the
sovereign and territorial limits of that nation. This is particularly problematic as the medium of
the Internet does not explicitly recognize sovereignty and territorial limitations.
There is no uniform, international jurisdictional law of universal application, and such questions
are generally a matter of conflict of laws, particularly private international law. An example
would be where the contents of a web site are legal in one country and illegal in another. In the
absence of a uniform jurisdictional code, legal practitioners are generally left with a conflict of
law issue.
Another major problem of cyber law lies in whether to treat the Internet as if it were physical
space (and thus subject to a given jurisdiction's laws) or to act as if the Internet is a world unto
itself (and therefore free of such restraints).
The problem of jurisdiction arises because it is only in the real world that there exist mechanisms
to confer rights, immunities, privileges, etc. with no corresponding equivalent
in the cyber world. In other words, rights are rights only vis- ` a-vis the real world. On account of
the differences in the normative standards of conduct among the different political
units in the real world, the question of jurisdiction becomes particularly important, for what may
be legal in one legal system may be prohibited by another, and the same may be circumstantially
justifiable in yet another. 100 Fortunately, on account of the absence of a pluralist regime (or
indeed any regime), there exists no such difference in the cyber world. In other words, the
differentiation between legality and illegality is not maintained in the cyber world, independent
of the real world. In such a situation, when the real world actors become cyberactors and perform
acts disregarding all legal regimes (or perhaps even where complying with their own legal
order), the following question frequently arises: whether each cyberactor is justified in acting
pursuant to the notions of legality as prevalent in his own legal system alone, whether based
on nationality or domicile or mere territorial presence, and thereby imposing them on the whole
world? A related and more difficult question is one of choosing a judicial forum and seeking
remedies particularly where an act committed in cyberspace by a person, subject to the
sovereignty of one state, amounts to the violation of a right guaranteed by another.
100

The degree to which the exercise of the freedom of speech and expression is permitted in different legal systems
is a glaring example of the aforementioned difference. For example, much of the freedom guaranteed to individuals
in the United States through the Constitutions First Amendment is not available in many other states, particularly
the Islamic and the Communist world. The recent controversy over the publication of a caricature of the Prophet
in a leading newspaper well illustrates the difference in the extent of freedom enjoyed.

Both these questions pose immense difficulty for they require a compromise between competing
claims of the two worlds and their underlying concepts of liberty. In this special briefing, the
author seeks to address the latter of the questions. The issue of jurisdiction is of interest for two
reasons: first, it takes a lot of litigation to know where to litigate; and, secondly, the issue of
jurisdiction is the first one that the court must face and answer in affirmative before it may
proceed to adjudicate upon any other.
Besides doing a general survey of the doctrine of international jurisdiction and making a
comparative study of how the question of curial jurisdiction has been answered in different legal
systems, particularly the American, the English, the Continental and the Indian, this briefing
seeks to critically assess the feasibility of the different proposed solutions. It highlights the
merits of treaty based international harmonisation as a solution to the issue of cyberspace
jurisdiction, which the author prefers over others. Finally, the briefing concludes by proposing
some connections which may form reasonable and acceptable bases of jurisdiction for drawing
up an international convention in order to make the Internet a more rule based regime ensuring
clarity, predictability and certainty.
Doctrine of international jurisdiction
Based whether on any rule of international law or any notion of international comity,101 each
state must accord respect to the sovereignty of every other and must not interfere with aspects by
which sovereignty is manifested by other states. Territoriality to that extent is an inevitable
consequence of sovereign equality of states and peaceful coexistence. Jurisdiction principles,
both personal and prescriptive, were originally derived from an assumption about the
absoluteness of boundaries and sovereign power within them102 and were grounded in political
practicality. Considering the territorial nature of sovereignty today, as a universal rule,
jurisdiction extends (and is limited) to everybody and everything within the sovereigns
territory and to his nationals wherever they may be. In other words, laws extend so far as, but
no further than the sovereignty of the State which puts them into force. 103 By jurisdiction is
101

Comity, in the legal sense, is neither a matter of absolute obligation, on the one hand, nor of mere courtesy and
goodwill, upon the other. But, it is the recognition which one state allows within its territory to the legislative,
executive or judicial acts of another nation, having regard to international duty and convenience and to the rights of
its own citizens or of other persons who are under the protection of its laws: Hilton v Guyot 159 U.S. 113 (1895).
102
Rodney D. Ryder, Guide to Cyber Laws (Informational Technology Act, 2000, E-Commerce, Data Protection
and the Interne, 1st edn, Nagpur: Wadhwa & Co Law Publishing Co, 2001, p.207.
103
F.A. Mann, The Doctrine of International Jurisdiction Revisited after Twenty Years (1984) 169 Recueil des
Cours de lAcademie de Droit International 9.

meant the right of a state to prescribe, give effect to, and adjudicate upon violations of,
normative standards for regulation of human conduct. It defines the legitimate scope of
governmental powers. 104 The term jurisdiction covers within its ambit the authority of a
sovereign to act in legislative, executive and judicial character. In the legislative character, a
state has the power, exercisable as a constitutional discretion, to prescribe rules for regulating the
conduct of persons. By enforcement jurisdiction is meant the power of a sovereign to effect
implementation of its laws. Lastly, the power of the courts of a sovereign to hear and adjudicate
upon certain matters in dispute is referred to as curial jurisdiction. The extent and limit of each of
the three types of jurisdiction may ultimately be traced to the ability of a state, whether by use of
coercive force or through bilateral or multilateral negotiations and treaties, to give effect to the
same. Unlike its early understandings, modern sovereignty is neither absolute nor unfettered. It is
strongly confined to the territorial limits of its political borders, flowing from a realistic
attribution of rights, power and reason. 105 The presumption regarding the absoluteness of
control of the sovereign over all persons and things present within its territorial dominion was
very strong particularly at a time when the concept of nation state was evolving. However,
later developments in science and technology, growth of international trade and a resultant
increase in cross-border movement of persons and commission of acts made inevitable the
relaxation, to some extent, of this presumption. Accordingly, the sovereigns accorded mutual
recognition, under certain circumstances, to multiple sovereign authority 106 over persons and
conduct, otherwise located within the territory of one state.
In this regard, the need for the exercise of multiple sovereign authority, based on principles of
reasonableness and fairness, has been aptly summarised by Professor von Mehren 107 in the
following words:
As economies and societies become more complex and interrelated, institutions, principles,
procedures and rules are needed to facilitate co-ordination and co-operation for common
purposes. The legal order today seeks not only to prevent one person from interfering with
anothers private sphere, but also assists and regulates private ordering of the individuals.
104

Henry H. Perritt Jr, Jurisdiction and the Internet: Basic Anglo/American Perspectives Projects in the Coming
2000s, available at www.kentlaw.edu.
105
Mann, supra note 108, at 25.
106
Ryder, supra note 107, at 209.
107
Arthur T. von Mehren, Recognition and Enforcement ofForeign Judgments: General Theory and the Role of
Jurisdictional Requirements (1980-II) 167 Recueil des Cours 9 (emphasis added).

Identifying the adjudicators from whom relief may be soughtas well as establishing the
premises for their workcan be relatively complex when one society is in picture; complexities
and difficulties multiply as controversies implicate more than one group or society, especially
where the groups or societies differ in their values and institutions.
Legislative jurisdiction
The argument that the legislative jurisdiction of a state is, in principle, unlimited is not wholly
correct, for no legislature may be deemed to have intended to prescribe a conduct for
the enforcement of which it has no means or basis and whose recognition beyond its own
political frontiers is itself doubtful.
Any such legislation, laying down standards of conduct, would interfere, to a great extent, with
the corresponding power of the other sovereign(s). Thus the prescriptive jurisdiction of a state is
generally confined to persons and/or acts within its territorial dominion.108 The jurisdiction is
limited to acts and persons properly subject to its sovereignty, notwithstanding that the mandate
may be contained in more comprehensive phraseology.109 No state may be permitted to assert an
unrestricted liberty to act in the field of private international law. Enforcement jurisdiction
Enforcement jurisdiction concerns not the law prescribed by a state to regulate acts outside its
own territory, but the lawfulness of the states own act to give effect to such regulation.110 It is
concerned with a states power to act in the sense of exercising sovereign authority, i.e.
ascertaining the extent to which a state can act in another to give effect to its own laws.
Undoubtedly, the enforcement jurisdiction is not unlimited since a state is in principle under no
duty . . . to tolerate the performance or execution of acts of sovereignty of another state. 111 By
its very nature, it is exercisable only upon the existence of, though not necessarily coextensive
with, the legislative jurisdiction. However, the mere existence of the former does not give, in all
cases, sufficient basis to conclude also the existence of the latter.
Adjudicative jurisdiction

108

Queen v Jameson [1896] 2 Q.B. 425.

See for example, the expression [n]o person under Art.21 or [e]very person under Art.22(2) of the
Constitution of India; cf. all citizens under Art.19(1). See also the use of the words all agreements under s.10
of [Indian] Contract Act 1872, and s.1(2) of [Indian] Information Technology Act 2000.
110
Mann, supra note 108, at 42.
111
Decision of the Federal Constitutional Court of Germany, March 22, 1983.
109

Adjudicative jurisdiction 112 concerns the power of a sovereign, acting through its judicial
organ, to hear disputes and to render judgments binding upon the parties thereto. It is the power
of a court to determine the rights and obligations of the parties to a dispute and to exercise any
judicial power in relation to it. Adjudicative jurisdiction defines the extent of the authority of a
court to administer justice prescribed with reference to the subject-matter, pecuniary value and
local limits,113 i.e. to take cognisance of the matters presented in a formal way for its decision.114
Thus a court must satisfy itself of the simultaneous existence of the pecuniary, subject matter as
well as territorial bases for it to lawfully exercise its jurisdiction.
A court will proceed to assume jurisdiction if only it reasonably expects the terms of the decision
to be carried into effect. Beyond its political borders, where a state is usually possessed of no
coercive force and where the likelihood of enforcement is contingent on the will of another state,
there is little reason for the court to assume curial jurisdiction. Therefore, like enforcement
jurisdiction, adjudicative jurisdiction is also essentially territorial.115 However, factors like the
growing complexities of the modern society, freer movement of men and goods and the advent
of the virtual world have forced courts to assume jurisdiction even in cases where all the
elements are not domestic. In such a case, i.e. where the lis involves a foreign element, curial
jurisdiction refers to the ability of a judicial tribunal to compel appearance of the defendant and
adjudicate upon the rights litigated with the object to enforce compliance with the terms of the
decision.
Even though curial jurisdiction is merely an emanation of the international jurisdiction to
legislate,116 unlike the latter, the former has remained largely immune from the doctrine of
closeness of contact, and has continued with a near strict adherence to the maxim actor
sequitur forum rei,117 based on the rationale of ease, and in some cases the only possibility, of
enforcement. Thus, in the international context, jurisdiction primarily depends upon the
territorial nexus of the defendant or the cause of action. In other words, a court must, before it

112

This type of jurisdiction is also referred to as Personal Jurisdiction, Curial Jurisdiction and Jurisdiction in
personam.
113
Raja Soap Factory v S. P. Shantharaj AIR 1965 SC 1449.
114
Official Trustee v Sachindra AIR 1969 SC 823, 827, citing Halsburys Laws of England, 4th edn, Vol.10,
para.17.
115
The Siskina [1979] A.C. 210 at 254, per Lord Diplock.
116
That is legislative jurisdiction includes personal jurisdiction.
117
The plaintiff must submit to the defendants court.

can legitimately exercise curial jurisdiction, find at least one domestic element in the dispute,
which it has been called to adjudicate upon.118
International jurisdiction and cyberspace119
Cyberspace, which constitutes a technology-driven imaginary space, defies control by
mechanisms evolved in the real world essentially based on geopolitical boundaries. It is a new
social order, which cuts across cultures, civilisations, religions, etc. and creates a new realm of
human activity120 forcing mankind to rethink the appropriateness of extending the existing rules
to it. Cyberspace clearly disregards the general correspondence, existing in the real world,
between physical borders and lawspacebased on considerations of power, effects,
legitimacy and notice.121 The law, in the non-virtual world, works essentially on a two-way
premise that a certain set of legal rules is applicable to only one set of persons, who are present
within the limits of the sovereign prescribing such rules, and to none other122; and that a certain
set of persons are required to comply with only one set of standards, and with none other.
It is this perception, which having been mutually recognised and accepted by most sovereigns
gives the requisite strength and legitimacy to each sovereign to enforce its legal rules within its
territory.
However, the case with the cyber world is different as it admits of no territory or polity based
borders sufficient to impose a certain set of rules to a certain territorially defined set of persons.
This leads each cyberactor to act according to his own legal order (or perhaps no legal order at
all), leading to blatant violations of what may be guaranteed rights under other legal regimes.
Litigation involving the internet has thus increased as the internet has developed and expanded.
The border-breaching nature of cyberspace, the substantial difference in the substantive laws
of different states and the absence of any enforcement mechanism in the virtual world
118

See also von Mehren, supra note 112: The importance of the theory ultimately rests on a trait of human nature,
one especially strong in contemporaryWestern societies namely, an extraordinary, seemingly innate preference for
action that is consistent and at a more sophisticated state, can be seen and expressed with what has gone before.
Apart from theories, may other considerations, including administrability, regulatory concerns and economic and
social circumstances are factored with varying weights, into a legal orders law of jurisdiction (emphasis in
original).
119
For an excellent general treatment of this complex subject, see Dan Burk, Federalism in Cyberspace (1996) 28
University of Connecticut Law Review 1095 and Henry H. Perritt Jr, Jurisdiction in Cyberspace (1996) 41
Villanova Law Review 1.
120
David R. Johnson and David G. Post, Law & BordersThe Rise of Law in Cyberspace (1996) 48 Stanford
Law Review 1367.
121
supra note 125, at 1368.
122
Except in a case where another sovereign also prescribes the same set of rules, in which case also there is only
one set of persons vis- `a-vis the set of rules in question.

give rise to a multiplicity of judicial forums, since the cause of action and the parties are spread
across physical borders. This enables a plaintiff to choose his forum, and the defendant, in his
turn, to question the jurisdiction of the chosen court. Any ruling on the question requires a
balancing of the interests of the plaintiff, who has a right to choose his forum and the defendant,
who cannot be exposed to the contingency of facing litigation in any and every court. The courts
are accordingly struggling to come up with a coherent doctrine of personal jurisdiction for
internet transactions.
Far from there being unanimously agreed concrete rules, there are at least two broad and
diametrically opposite ways in which different legal systems and scholars are responding to the
problem. Some scholars and systems find appropriate to borrow . . . the principles of [conflict
of laws relating to] personal jurisdiction and extending them to cyberspace setting. 123 Others,
realising that the addresses of the computers on the internet are digital rarely containing
geographic indications, find traditional rules of private international law grossly inadequate and
often suggest exposition of new rules to address this new situation.
A comparative study shows that each legal system has responded to this question differently,
based upon its own ideas of justice, expediency, convenience and experience, and guided by the
prevalent constitutional and political order. While some states have adhered to the requirement of
territorial nexus as the basis of jurisdiction, others claim to have adapted and relaxed the
jurisdictional basis to better counter the challenges posed by, and keep pace with,
developments in science and technology.

THE POSITION IN THE UNITED STATES

Personal jurisdiction
To properly exercise jurisdiction, a court must find sufficient nexus between the defendant or the
res, on the one hand and the forum on the other. The law of personal jurisdiction has changed
over time reflecting changes of a more mobile society. The approach to which the US courts
adhered for a long time was reformulated to allow jurisdiction over non-resident individuals and

123

Vakul Sharma, Information Technology Law and Practice, New Delhi Universal Law, 2004, p.262.

entities based on the minimum contacts of the out-of-state party.124 The two bases for a US
court to exercise jurisdiction are discussed below:

Territoriality
Physical presence in a state is always a basis for personal jurisdiction. The exercise of
jurisdiction is permitted over people and property within the territorial borders.125 In such a case,
physical presence in a forum state is a basis for personal jurisdiction, even when an out-of-state
individual enters the forum state for a brief time.126 Physical presence in the forum state satisfies
the requirement of constitutional due process.
Jurisdiction over out-of-state defendants
Where the defendant is not physically present, a US court exercises jurisdiction through the
out-of-state statute route. There are two requirements subject to which a court can exercise
personal jurisdiction over an out-of-state defendant.127 First, there must be statutory authority
granting the court jurisdiction over the defendant. And, secondly, the due process clause of the
Constitution must be satisfied. In a number of cases, the reach of state statutory authority has
been limited because of violations of the constitutional due process. Thus, determining whether a
court may exercise personal jurisdiction128 over a defendant requires a two-step inquiry.
The first test, the legislative sanction, relates to the inquiry whether there is a legislative grant of
authority authorising the court to exercise jurisdiction over the defendant? It may be founded
either in the federal or state statutes. Some federal statutes thus authorise the court to exercise
124

Kevin M. Clermont, The Role of Private International Law in the United States: Beating the Not-quite-dead
Horse of Jurisdiction in Ronald A. Brand and Mark Walter (eds) Private Law, Private International Law and
Judicial Cooperation in the EUUS Relationship (Thompson/West, 2005); Ugo Mattei and Jeffrey Lena, US
Jurisdiction over Conflicts arising outside the United States: Some hegemonic implications (2001) 24(3) Hastings
International and Comparative Law Review 381; Brian Pearce, The Comity Doctrine as a barrier to Judicial
Jurisdiction: A USEU Comparison (1994) 30(2) Stanford Journal of International Law 525; Andrew L. Strauss,
Where America ends and the international order begins: interpreting the jurisdictional reach of the U.S.
constitution in light of a proposed Hague Convention on Jurisdiction and Satisfaction of Judgments (1998) 61(4)
Albany Law Review 1237.
125
Pennoyer v Neff 95 U.S. 714 (1877); see also Philip Kurland, The Supreme Court, the Due Process and the In
Personam Jurisdiction of State Courts: From Pennoyer to Denckla (1958) 25 University of Chicago Law Review
569.
126
Burnham v Superior Court 495 U.S. 604 (1990).
127
In Hess v Pawloski 274 U.S. 352 (1927), it was held by the US Supreme Court that jurisdiction may be exercised
over any nonresident who was operating a motor vehicle within the state and was involved in an accident.
128
Some scholars believe that as disputes over conduct taking place on the internet increase in frequency, as they
surely will, we may be returning to that relatively primitive condition; that is, precisely because of the
overwhelming complexity of applying these diverse rules to internet conduct, the inquiry may return to a relatively
simple set of questions: does the defendant have assets within the jurisdiction of the court or not?

personal jurisdiction over any defendant located within the United States. If no specialised
federal law provision exists, the Federal Rules of Civil Procedure direct the federal court to look
to the long-arm statute of the state in which the court is located to determine whether or not it
has personal jurisdiction over the defendant. All states have additional provisions, long-arm
statutes,129 providing that their courts may, in certain circumstances, assert personal jurisdiction
over non-residents also.130 The second test concerns the constitutional limitations.
A statutory basis is not per se sufficient to lawfully exercise jurisdiction. It must further pass the
test of constitutional limitations. In 1877, in the landmark Pennoyer v Neff 131 decision, the US
Supreme Court, holding that the due process clause of the Constitution constrains the states in
the exercise of personal jurisdiction over non-residents, observed that (1) every State possesses
exclusive jurisdiction and sovereignty over persons and property within its territory; and, (2)
no State can exercise direct jurisdiction and authority over persons or property without its
territory. These principles may have been adequate in the 19th century, when occasions for
exercising personal jurisdiction across state lines were relatively infrequent. But, by the middle
of the 20th century, the court relaxed the rule to include cases of virtual presence132 also.
Minimum contacts
The Supreme Court in International Shoe v Washington133 first made lenient the rule to include
the criterion of minimum contact on the reasoning that the due process requires only that in
order to subject a defendant to a judgement in personam [personal jurisdiction], if he be not
present within the territory of the forum, he have certain minimum contacts with it such that

129

The Uniform Interstate and International Procedure Act (UIIPA), which is a model long arm statute that several
states have enacted. For a typical example, see s.302 of the New York States long-arm statute (NY C.P.L.R 302).
130
The name long-arm comes from the purpose of these statutes, which is to reach into another state and exercise
jurisdiction over a nonresident defendant. See generally C.M. Cerna, Hugo Princz v. Federal Republic of
Germany: How far does the Long- Arm Jurisdiction of US Law reach (1995) 8(2) Leiden Journal of International
Law 377.
131
95 U.S. 714 (1877).
132
As Prof. Burk has noted, the personal jurisdiction problems posed by virtual commerce and internet telepresence
are in many ways the culmination of a long evolution of legal doctrine occasioned by changing technology.
Traditionally, jurisdiction over the person was premised on the physical presence of the individual in the forum; this
continues to be a viable jurisdictional basis. However, increased physical mobility due to automobiles and other
modern transportation placed this jurisdictional basis under severe strain, as did disputes over virtual entities such
as corporations that have no physical situs, and over virtual properties such as stocks and debts that similarly lack
physical form. Burk, supra note 125, at 1107 (emphasis added).
133
326 U.S. 310 (1945). The case involved a Washington court attempting to assert jurisdiction over a corporation
that was incorporated in Delaware and had a principal place of business in Missouri.

the maintenance of the suit does not offend traditional notions of fair play and substantial
justice .134
However, the minimum contacts test, which formed the basis of jurisdiction in the International
Shoe case,135 was not a mere mechanical test, but one that depended on the quality and nature
of the activity in relation to the fair and orderly administration of laws.136 Thus courts must
consider both the amount and nature of the partys contacts with the state and the relationship
between the contacts and the claims when determining whether the court can exercise personal
jurisdiction over that party.
Reasonable anticipation
In order to further safeguard the rights of out of state defendants, a further caveat was added to
the quality and nature of minimum contacts test. This was that the defendants contact with
the forum state should be foreseeable,137 i.e. a court would not have jurisdiction unless
it could be shown that the defendant had purposefully availed himself of the privilege of
conducting business in the forum. 138 This critical test of foreseeability is not the mere
likelihood that a product will find its way into the forum state, but required a reasonable
anticipation of being hailed into court there.139
Effects cases
In the effects cases, 140 the Supreme Court based jurisdiction on the principle that the
defendant knew that his action would be injurious to the plaintiff therefore he must be reasonably
presumed to have anticipated being haled into court where the injury occurred. The effects
cases are of particular importance in cyberspace because any conduct in cyberspace often has
effects in various jurisdictions.
To summarise, the treatment of the issue of jurisdiction in the United Statesbased on the
minimum contacts standardis as follows:

134

International Shoe v Washington, supra note 138, at p. 316.

supra note 139.
136
supra note 138, at p. 319.
137
World-Wide Volkswagen Corp v Woodson 444 U.S. 286 (1980). The case concerned a car accident that occurred
in Oklahoma and for which the Oklahoma state court was held not to have jurisdiction over out-of-state defendants.
The defendants, a New York car dealer and a New England regional distributor, sold the plaintiffs, then residents of
New York, a car in New York. The plaintiffs subsequently moved to Arizona, and while travelling through
Oklahoma got into an accident caused by the allegedly defective car.
138
Cybersell, Inc v Cybersell, Inc 130 F. 3d 414; Hanson v Denckla 357 U.S. 235, 253 (1958).
139
Cybersell, supra note 143.
140
See generally Calder v Jones 465 U.S. 783 (1984); Keeton v Hustler Magazine, Inc. 465 U.S. 770 (1984).
135

1. There must be some act by which the defendant purposefully avails [itself] of the
privilege of conducting activities with the forum state141;
2. The plaintiff must show either that the defendants contacts with the forum are
continuous and systematic, or that the suit arises out of or is related to those contacts 142;
3. The defendants conduct and connection with the forum state must be such that he
should reasonably anticipate being haled into court there 143; and
4. The exercise of personal jurisdiction must be reasonable. 144
Personal jurisdiction in cyberspace
A state governed by the rule of law and guided by ubi jus ibi remedium would always permit
some legislative powers in its judges. Faced with new situations, the judges either create
new rules or suitably modify the existing ones. In the field of international jurisdiction in
cyberspace, the US courts seem to have taken principally the latter recourse. Having for long
recognised that personal jurisdiction must adapt to progress in technology,145 the US courts have
successfully applied the principles established in the International Shoe case 146 to cases
involving the internet.147
A rather simple test of proportionality has been employed for the purpose. Simply put, it comes
to this:
the likelihood that personal jurisdiction can be constitutionally exercised is directly
proportionate to the nature and quality of commercial activity that an entity conducts over the
Internet.148
The nature and quality of commercial activity is determined on the basis of the test of
minimum contacts. Once the threshold of minimum contacts is crossed, the courts in the
United States assume jurisdiction. However, the twin requirement that the defendant must
purposefully avail himself of the privilege of conducting activities with the forum state at
141

Hanson, supra note 143.

Helicopteros Nacionales de Colombia v Hall 466 U.S. 408, 415416 (1984).
143
WorldWide Volkswagen Corp v Woodson, supra note 142, at 297.
144
Burger King Corp v Rudzewicz 471 U.S. 462, 476477 (1985). The Supreme Court has also offered a list of five
jurisdictional fairness factors, which include the inconvenience to the defendant of defending in that forum, the
forum states interest in adjudicating the dispute, the plaintiffs interest in obtaining convenient and effective relief,
the interstate judicial systems interest in efficient resolution of interstate conflicts, and the shared interest of the
states in furthering substantive social policies. Burger King at 477.
145
Hanson, supra note 143, at 250251.
146
International Shoe Co v Washington, supra note 138.
147
See, e.g. CompuServe, Inc v Patterson 89 F. 3d 1257 (6th Cir. 1996).
148
Zippo Manufacturing Co v Zippo Dot Com, Inc 952 F. Supp. 1119, 1124 (1996).
142

times gives rise to serious problems. The claim of reasonableness of exercise of personal
jurisdiction is pitted against the rule of assumption of jurisdiction based on the universality of
access of web pages.
The US courts balance these claims by a three-prong categorisation of all internet activities into
(1) active websites149; (2) websites permitting exchange of information with the host computer;
and (3) passive websites. 150 The response with respect to the first and the last categories is
without much difficulty. The US courts exercise jurisdiction over defendants acting through
active websites since this involve[s] the knowing and repeated transmission of computer files
over the internet. 151 Ordinarily, jurisdiction is not exercised over those who merely supply
information through passive websites, without anything more since doing otherwise would be
[in]consistent with traditional personal jurisdiction case law . . .. 152 The second set of
categories on the other hand often creates a high degree of confusion and complications. In these
cases, the exercise of jurisdiction is determined by examining the level of interactivity and
commercial nature of the exchange of information that occurs on the Web site.153
In this regard, a sliding scale test, measuring the degree of interactivity of the website is
found to be usually decisive. 154 The facts must satisfy the power prong of International
Shoes minimum contacts as well as the reasonableness prong in order for the court to
properly exercise jurisdiction. The court must be inclined to find the totality of contacts 155 in
a totality of circumstances 156 as a test of jurisdiction, particularly where online activities are
tied with offline acts.
With respect to the middle interactive category, a court finds that [this] category of Internet
contacts as described in Zippo needs further refinement to include the fundamental requirement
of personal jurisdiction: deliberate action within the forum state in the form of transactions
between the defendant and the residents of the forum or conduct of the defendant purposefully

149

See generally CompuServe, supra note 152.

See Bensusan Restaurant Corp v King 937 F. Supp. 295 (S.D.N.Y. 1996).
151
See Zippo, supra note 153, at 1124 (citing CompuServe, supra note 152).
152
Hearst Corp v Goldberger 1997 WL 97097, 1 (1997).
153
Zippo, supra note 153, at 1124 (citing Maritz, Inc v Cybergold, Inc 947 F.Supp. 1328 (E.D.Mo.1996)).
154
Zippo, supra note 153, at 1119 (emphasis added).
155
Millennium Enterprises, Inc v Millennium Music, LP 1999 WL 27060 (1999).
156
Zippo Manufacturing Co v Zippo Dot Com, supra note 153.
150

directed at the residents of the forum state. It requires something more than mere advertising on
the Internet.157
Thus a mere possibility of doing business within the forum residents is not a constitutional
ground for the exercise of personal jurisdiction.158 Therefore, where advertising intends
to draw residents of the forum or targets the forum then the exercise of jurisdiction is proper,159
as this it is based on the premise that the defendant has some minimum assurance as to where the
conduct will and will not render him liable to suit.160
To summarise the position, the law in the United States does not apply any single jurisdiction
theory161 which would be appropriate for all cases. Mere website advertisement does not, per se,
confer upon a court specific jurisdiction 162 since the defendant did not contract to sell any
goods or services to any citizens of [the forum state] over the Internet site.163
The case of advertisement over the internet is no different from advertising in a national
magazine 164 and therefore does not constitute continuous and substantial contacts with the
forum state165 to provide personal jurisdiction.166
Even where advertisement on the websites is accompanied by certain other traditional or offline
acts, for example, advertising with the phone number, the same may not also give a court the
jurisdiction in the cause,167 unless the offline activity is sufficient to produce the constitutionally
imperative reasonable minimum contact with the forum state. 168 In this category are the
activities of a bilateral nature and if such a case is made out, the courts in the United States have
been quick to assume jurisdiction. Another example of nonadherence by the United States to any
singular criterion of cyber-jurisdiction is the Insect Systems case,169 where specific jurisdiction

157

Millennium Enterprises, Inc v Millennium Music, LP, supra note 160 (emphasis added)
Origin Instruments v Adaptive Computer Systems 1999 WL 76794.
159
Transcraft v Doonan Trailer 1997 WL 733905.
160
Smith v Hobby Lobby Stores 968 F.Supp. 1356 (1997).
161
See Weber v Jolly Hotels 977 F.Supp. 327 (1997).
162
Bensusan v King, supra note 155.
163
Smith v Hobby Lobby Stores, supra note 165.
164
Hearst Corp v Goldberger, supra note 157, at 1.
165
See, e.g. Gehling v St Georges School of Medicine 773 F.2d 539, 542 (3d Cir. 1985).
166
Hearst Corp v Goldberger, supra note 157, at 10; See also, Bensusan, supra note 160, at 301 (the creation of
website is not sufficient to find that defendant purposefully availed himself of forum).
167
Ragonese v Rosenfeld 722 A. 2d. 991 (1998).
168
American Network v Access America 975 F. Supp. 494 (1997).
169
Insect Systems v Instruction Set 937 F. Supp. 161 (1996).
158

was assumed by the court,170 contrary to the generally accepted position in the United States
in the case of passive websites.
While there are requirements of minimum contacts and reasonableness and the broad
categorisation of all websites in three different sets based on the degree of activity, there
is enough case law to show that these two criteria have not always been adhered to. The US law,
in this area, manifests, at its best, its common law fabric and design: there are legal rules for
basing jurisdiction, but the number of rules and their field of operation is so limited and
unpredictable that it leaves much (or rather everything) at the judges discretion.
It sometimes leads to, as is the case in all common law countries, unpredictable and unexpected
solutions. But, the common law has always preferred justice in each case over any claim of
predictability. All this, of course, is subject to the prevailing constitutional order. The United
States just seems to follow this common law thinking.

THE POSITION IN ENGLAND AND EUROPE

Personal jurisdiction
The English conflict rules171 have more or less adhered to the rule of territoriality as the basis of
an adjudicative jurisdiction.
In England, there are now two quite different sets of rules as to jurisdiction of the English
courts. In many cases, jurisdiction is still governed by what may be called the traditional rules,
though in a growing proportion of cases, they are replaced by the Convention rules. 172 The
rules of international jurisdiction of the EC Member States are now governed by a Community
instrument, Regulation 44/2001. This substitutes the Brussels Convention, which after March 1,
2002 ceases to operate between the Parties to that Convention, except in their relations to
Denmark. 173 The Regulation is binding in its entirety and directly applicable to the Member
States.174 The Regulation is binding on and applicable to the United Kingdom also as a result of
the exercise by the United Kingdom of the opt-in option. Since there remains no difference
between the UK law and that of the other Member States, in the second half of this section, a
170

Maritz v Cybergold 947 F. Supp. 1328 (1996).

See generally Cheshire and North, Private International Law, 12th edn, Butterworths & Co, London, 1992;
Dicey and Morris on Conflict of Laws, 13th edn (2000);
172
David McClean (ed.), Morris: The Conflict of Laws, 4th edn (Universal Publishing Co, 2004), p.60; See also,
Dicey and Morrison Conflict of Laws, supra note 175, at 291301.
173
See Regulation 44/2001 Art.1(3) and Art.68(1).
174
Regulation 44/2001 Art.76 read with Art.249 of the EC Treaty.
171

survey of the jurisdiction rules in the European Union States will be done after a survey of the
traditional jurisdiction rules in the United Kingdom.
The traditional rules
The traditional rules permit an English court to exercise jurisdiction when (1) the defendant is
present within England and the writ is served upon him; (2) he submits to the jurisdiction of the
court175; or (3) he is served, at the discretion of the court,176 with the writ, in accordance with the
Rules of the Supreme Court177 outside England. This was a shift from the earlier position where
English courts founded jurisdiction based on the location of the assets or nationality or presence
of the defendant.178
In other words, if the defendant is informed or is put on notice of an action, an English court
would exercise jurisdiction over him. Mere physical presence of a person, for howsoever short a
period,179 within the territorial limits of England makes him liable to the service of the writ, and
consequently,makes him amendable to jurisdiction. In certain cases, the court may also permit
substituted service.180
The Brussels (I) Regulation
The traditional rules on jurisdiction in the United Kingdom (and elsewhere in Europe) underwent
a substantial modification with the coming into force of the EC Treaty and the
respective accession by the states thereto. This happened on account of two specific treaty
provisions contained in the EC Treaty: first, Art.249 of the EC Treaty which provides for taking
of measures including adoption of directives and regulations in matters over which the
Community has competence; and secondly, amendment of the EC Treaty by the Amsterdam
Treaty, as a result of which matters concerning cooperation in civil jurisdiction stood
transferred from the third to the first pillar.181 Articles 65 and 293 of the EC Treaty underwent
amendment and the competence was therefore divided between the Community and the Member
States. This gave the EC competence to take measures in accordance with

175

Deverall v Grant Advertising, Inc [1955] Ch. 111.

See generally Johnson v Taylor Bros [1920] A.C. 144.
177
Rules of the Supreme Court, Ord.11, r.1(1), replacing ss.18 and 19 of the Common Law Procedure Act 1852.
178
See also Art.23 of the German Code of Civil Procedure and Art.14 of the French Civil Procedure Code.
179
Maharanee of Baroda v Wildenstein [1972] 2 Q.B. 283.
180
Field v Bennett [1886] 3 T.L.R. 239; Fry v Moore [1889] 23 Q.B.D. 395; Porter v Freudenberg [1915] 1 K.B.
857.
181
See Alex Mills, The Private History of International Law (2005) 55(1) International and Comparative Law
Quarterly 1.
176

Art.249. The Council of European Union, thus complying with Arts 61(c) and 67(1) of the EC
Treaty and considering the Commissions proposal and the opinions of the Parliament and the
ESC, adopted EC Council Regulation 44/2001 on December 22, 2000. The Regulation entered
into force on March 1, 2002 in accordance with Art.76 of the Regulation.
The Regulation aims at providing highly predictable and well-defined rules182 on jurisdiction in
order to maintain an area of freedom, security and justice 183 ensuring free movements of
persons,184 sound operation of the internal market185 and sound administration of justice.186
The Regulation therefore applies in civil and commercial matters whatever the nature of the
court or tribunal. 187 The general rule is the rule of jurisdiction based on domicile of the
defendant, i.e. persons domiciled in a Member State shall, whatever their nationality, be sued in
the courts of that Member State. 188 The domicile-jurisdiction rule is not, however, an
absolute one and admits of a number of exceptions provided for under Arts 3 to 7.
The Regulation, taking particular care of situations where the parties bargaining power can be
assumed to be unequal, provides for much flexible bases of jurisdiction in favour of the weaker
party.189 Of these, the rules governing consumer contracts are of interest to our discussion here.
Section 4 of c.II of the Regulation provides for special jurisdiction rules in respect of consumer
contracts. To provide a strong protection regime to the consumers, the Regulation permits a
consumer to sue in a Member State based on there being a branch, agency or other establishment
in a Member State even where the actual party to the contract is not domiciled there. 190 A
consumer may also sue in the Member State of his domicile. 191 A protection against any
contradictory operation of the principle of party autonomy is also excluded except where the
provisions are sought to be derogated from by an ex post facto agreement or in case of ex ante
agreement on choice of courts, only where both the parties are habitually resident in the same
Member state. 192 Besides this broad category of rules creating favourable rules for weaker

182

Regulation 44/2001 Preamble Recital 11.

Regulation 44/2001 Preamble Recital 1.
184
Regulation 44/2001 Preamble Recital 1.
185
Regulation 44/2001 Preamble Recital 2.
186
Regulation 44/2001 Preamble Recital 12.
187
Regulation 44/2001 Art.1(1).
188
Regulation 44/2001 Art.2(1) (emphasis added).
189
See Regulation 44/2001 c.II ss.3 (Insurance Contracts), 4 (Consumer Contracts) and 5 (Employment Contracts).
190
Regulation 44/2001 Art.15(2).
191
Regulation 44/2001 Art.16(1).
192
Regulation 44/2001 Art.17.
183

parties, another set of rules are particularly relevant to the discussion. These are contained in
Art.5, which provides for additional special jurisdiction rules in cases inter alia of contracts
and torts. Place of performance of the obligation in question, determined as the place of
delivery of goods or rendering of services, 193 furnishes a basis for jurisdiction in cases of
contracts.194 For all delictual or quasi-delictual claims, the courts at the place of occurrence of
the harmful event have jurisdiction.195 The jurisdiction rule under Art.5(3) gives effect also to the
principle of ubiquity and therefore includes the place of the event giving rise to the harm apart
from the place where the damage actually occurred.196 However, to the defamation claims, this
rule applies with the following clarification: the place of event giving rise to the harm is the
place of issuance and putting into circulation of libellous material, i.e. the place where the
publisher is established.197
Where a contract contains a choice of court clause, the normal rule, based on the recognition of
the principle of party autonomy, is in favour of enforcement of such a clause. 198 While the
Regulation provides that where the chosen court is a court of a Member State such court
shall have jurisdiction, 199 there is however no provision by which any other court is
prohibited from assuming jurisdiction on any basis provided for elsewhere in the Regulation. In
other words, there is a positive basis but no corresponding negative mandate. What, however,
there is in the Regulation, is a provision barring jurisdiction of any court other than the court
first seised of the proceedings, i.e. a lis pendens provision. The existence, on the statute book,
of these two provisions therefore leads to the question whether the rule of lis pendens applies
also to a case where the parties have made a choice of court.
Contrary to what was logical and perhaps obvious for some like the United Kingdom, the
European Court of Justice, maintaining its position of the mandatory nature of Art.2, 200 gave
precedence to the rule of lis pendens over the rule endorsing enforcement of choice of court

193

Regulation 44/2001 Art.5(1)(b).

Regulation 44/2001 Art.5(1)(a).
195
Regulation 44/2001 Art.5(3).
196
Bier v Mines de Potasse dAlsace [1976] E.C.R. 1735.
197
Shervill v Press Alliance [1995] E.C.R 495.
198
Regulation 44/2001 Art.23, under the section entitled Prorogation of Jurisdiction. In this regard, it must be
distinguished from a more widely used phraseology [e]xclusive [j]urisdiction,which expression is used by the
Regulation in the sense of nonderogable exclusive jurisdiction, of certain courts to try specificmatters, as conferred
and arising out of the Regulation itself.
199
Regulation 44/2001 Art.23.
200
Case C-128/01 Owusu v Jackson, ECJ, March 1, 2005.
194

agreements.201 That Art.2 of the Regulation is mandatory and that the jurisdiction, once assumed
on a basis provided in the Regulation, cannot be declined by resorting to the municipal law gives
rise to an acute difficulty in a situation where the chosen court is one not in any of the Member
States202 since this runs the risk of irreconcilable judgments, at least at the international, if not the
European Union level.

Personal jurisdiction in cyberspace

In England, cases raising the issue of jurisdiction in cyberspace have been limited in number and
confined particularly to matters of defamation and cyber crimes. 203 There will be no great
difficulty in finding a basis for the assertion of jurisdiction by the English courts in most cases
involving defamation via the internet. The publication of the defamatory material within the
jurisdiction of a court is a basis for the exercise of jurisdiction under the traditional rules, the
Conventions and the Regulation since this constitutes the place where the harmful event
occurred.204 The place of publication is at the very heart of the cause of action for defamation.
The fact of publication in the jurisdiction of court is therefore highly relevant.205 Since for the
purpose of the defamation law, material is published at the place(s) where it is read, heard or
seen, rather than the place from which it originates,206 a separate publication occurs, or and a
separate cause of action accrues each time the material is read, heard or seen. This furnishes the
basis for jurisdiction to virtually all places in the world because of the publication to a global
audience.207 An English court in such a case would therefore be tempted to consider the plea of
forum non conveniens. The differences in the possibility of the publishers to limit the circulation
of materials published mark the difference between internet publications and the more traditional
publication such as newspapers and magazines.
There is therefore force in the argument in cases involving internet publications that a rule like
the English doctrine of forum non conveniens should be more readily exercised.
201

Erich Gasser GmbH v MISAT Srl Case 116/02, December 9, 2003.

See generally Kurt Siehr, European Private International Law and Non-European Countries in Borchers and
Zekoll (eds), supra note 185, at p.299.
203
A discussion of jurisdiction in case of cyber crimes is outside the scope of the present article, and the same is not
addressed or dealt with here.
204
Under the Conventions and the Regulation, the damages are however limited to the injury within that state, unless
the defendant is a domicile in that state.
205
Schapira v Ahronson [1999] E.M.L.R. 7355.
206
Shevill v Presse Alliance [1995] 2 A.C. 18.
207
Lee Teck Chee v Merill Lynch International Bank Ltd, supra note 211.
202

With regard to the contracts entered into through cyberspace, there is little reason to assume that
a different and rather flexible treatment would be accorded to such contracts.
Any argument in favour of a treatment any more favourable than that accorded to a nonelectronically concluded contract is expected to be dismissed by the ECJ considering the present
mood, trend and objective of ECJ, which seems to be one Europe. In such a case, expecting
that the court would dilute its regime and puncture its harmonisation drive merely to respond to a
technological advancement seems too improbable.208 Secondly, if in respect of e-contracts the
jurisdiction regime is sought to be made less rigid, it may provide the parties to act contrary to
the spirit of the Regulation even while complying with form; and all this merely be opting for
cyberspace as the place of contracting.

THE POSITION IN INDIA

Personal jurisdiction
The principle of lex fori is applicable with full force in all mattes of procedure. No rule of
procedure of foreign law is recognised. It was held in Ramanathan Chettier v Soma Sunderam
Chettier209 that India accepts the well-established principle of private international law that the
law of the forum in which the legal proceedings are instituted governs all matters of procedure.
In India, the law of personal jurisdiction is governed by the Code of Civil Procedure 1908 (the
Code). The Code does not lay any separate set of rules for jurisdiction in case of international
private disputes.210 It incorporates specific provisions for meeting the requirements of serving the
procedure beyond territorial limits.211 In matter of jurisdiction what is treated differently is the
question of subject-matter competence and not of territorial competence, i.e. the question of
territorial jurisdiction arises in the same way in an international private dispute as in a domestic
dispute.
The Code provides general provisions regarding jurisdiction on the basis of pecuniary limit,
subject matter and territory. Sections 16 to 20 of the Code regulate the issue of territorial
jurisdiction for institution of suits.
208

See generally ChristopherWilliamPappas, Comparative US and EU Approaches to E-Commerce Regulation:

Jurisdiction, Electronic Contracts, Electronic Signatures and Taxation (2002) 31 Denver Journal of International
Law and Policy 325.
209
AIR 1964 Mad. 527; see also Nallatamlei v Ponuswami ILR [1879] 2 Mad. 406.
210
See ss.9 and 15 of the Code of Civil Procedure 1908.
211
See Ord.V, rr.24 to 26.

Rules as to the nature of suit

Based on the subject-matter suits are divided into three classes: (1) suits in respect of immovable
property; (2) suits for torts to persons or movable property; and (3) suits of any other kind.
Suits of immovable property must be filed within the local limits of whose jurisdiction the
property situated.212 The Code therefore incorporates the principle of lex situs and therefore the
property in this section may refer to only property situated in India. Suits for wrongs to
persons and movable property may be instituted in the courts within whose local limits the
wrong is done or the defendant resides or carries on business or personally works of gain.213
Suits of any other kind are dealt with under s.20 of the Code which is the default rule
providing for all others cases not covered by any of the foregoing rules. Under s.20, a court can
exercise jurisdiction in actions involving persons where: (a) the defendant, or each of the
defendants where there are more than one, at the time of the commencement of
the suit, actually and voluntarily resides, or carries on business, or personally works for work; or
(b) any of the defendants, where there are more than one, at the time of commencement of the
suit actually and voluntarily resides, or carries on business, or personally works for gain,
provided that in such case with the leave of the court has been obtained or the defendants who do
not reside or carry on business, or personally work for gain, as aforesaid, acquiesce in such
institution; or (c) the cause of section wholly or partly arises.
Rules enforcing agreement of parties
It is well-established law in India that where more than one court has jurisdiction in a certain
matter, an agreement between the parties to confer jurisdiction only on one to the exclusion of
the other(s) is valid.214 The Indian law therefore recognises and gives effect to the principle of
party autonomy.
However, this extent of autonomy does not travel far enough so as to confer jurisdiction on a
court which it inherently lacks.215 Party autonomy is also subject to the maxim ex dole malo non
oritur action.216
Thus the position of law on the point is that first, a choice of law agreement is permissible; and
secondly, the agreement operates only in respect of a court which does not otherwise inherently
212

The Code ss.16 and 17.

The Code s.19.
214
Hakkam Singh v Gammon (India) Ltd AIR 1971SC 740.
215
United Commercial Bank v Workmen [1951] S.C.R. 380.
216
ABC Laminart (P) Ltd v AP Agencies AIR 1989 SC 1239.
213

lack jurisdiction. In any such case, the courts also consider the balance of convenience and
interests of justice while deciding for the forum.217
Thus, in India, the principle is well settled that residence in the territorial limits of a court
furnishes a ground for exercise of jurisdiction.218 Similarly, conduct of business by a defendant
in a forum also gives to the forum court to exercise jurisdiction, irrespective of his non-presence
within the jurisdiction.219 The Indian courts also assume adjudicative jurisdiction on the basis of
the territorial nexus with the cause of action.220 In this regard, the consistent view of the courts in
India is that the courts are empowered to pass judgments even against non-resident foreigners, if
the cause of action arises in whole or part within the territorial limits of the court.221 The Code
also provides for rules and procedure for international service of the processes of the court.222
However, since the courts in India do not assume jurisdiction, unlike in England, on the basis of
service of writ, these provisions are of not much consequence to issues of jurisdiction.
Personal jurisdiction in cyberspace
Unfortunately, only a very few cases concerning personal jurisdiction in cyberspace have been
decided by the superior courts in India.223 The reason perhaps is that residents in India have not
yet accepted or adapted themselves to this new technology as a fit mechanism to undertake legal
obligations (coupled with an extremely slow justice delivery system).
The approach adopted is similar to the minimum contacts approach of the United States
coupled with the compliance of the proximity test of the Code.224 Considering the present rules
of international jurisdiction and the tendency of the Indian courts to suitably modify, the
existing domestic rules to international situations in other areas of private international law may
be analysed. The reaction of the court would much depend on whether the contract contained a
choice of court clause or not.

217

Union of India v Navigation Maritime Bulgare AIR 1973 Cal. 526.

Kashinath v Anant ILR (1899) 34 Bom. 407.
219
Chunnilal Kastuschand v Dundappa Donappa AIR 1951 Bom. 190.
220
Ram Bhat v Shankar Baswant ILR (1902) 25 Bom. 528.
221
R. Blainpain and B. Verschraegev (eds), International Encyclopedia of Laws: Private International Law (The
Hague: Kluwer Law International, 2005), p.555.
222
See generally Ords III, V of the First Schedule to the Code.
223
Though there are a few cases on cyber crimes and domain name disputes. See for example, BulBul Roy Mishra v
City Public Prosecutor, Criminal Original Petition No.2205 of 2006, decided April 4, 2006.
224
(India TV) Independent News Service Pvt Ltd v India Broadcast Live LLC CS (OS) No.102/2007, decision dated
July 10, 2007.
218

Case I: where the contract contains a choice of court clause. In such a case, the Indian courts
would normally give effect to such a clause subject only to a survey of forum non conveniens
particularly when the same would result in foreclosure of its own jurisdiction.
Case II: where the contract does not stipulate an agreed forum. In a case of this sort, the Indian
courts would be inclined to apply the test of s.20 CPC since none of the other provisions seem to
be of much assistance. The court would make a twin inquiry: place of habitual residence of the
defendant and proximity of the cause of action to the forum, where even an in part cause of
action may furnish sufficient basis to exercise jurisdiction. Thus the Code provides for the tests
of both objectivity and proximity to base its jurisdiction.
While the legal system favours exercise of jurisdiction on the basis of proximity of cause of
action, its exercise based on the residence of the defendant is also accepted for three reasons:
a) Ease of enforcement;
b) Compliance with audi alteram partem; and
c) The (draconian) law of contempt of courts in India (as in most other common law
countries).
For the purpose of determining whether the cause of action arose in the local limits of a court,
the courts generally go into the question of place of conclusion of the contract.225
However, it seems that the place of conclusion of contract would not be of much assistance in
case of an e-contract. 226 There would be an insoluble confusion between the rules governing
completion of communication of offer, acceptance and revocation.227 The rule in the Bhagwan
Dass case228 would neither apply nor lend much support in reaching a reasonable solution in
contracts entered into through the internet.
Thus the Indian position as may also be inferred from the trend of the Indian courts may be
summarised as follows:
An Indian court would not decline jurisdiction merely on the ground that the international
contract in entered through the internet. It examines the two bases of jurisdiction: domicile of the
defendant and proximity to cause of action. Even if one is found to be satisfied, the Indian court
225

See Bhagwan Dass Govardhan Dass Kedia v Purshottam Dass & Co AIR 1966 SC 543.
The anarchic rule conferring jurisdiction on the court where the contract was concluded has ceased to be
operative in almost all legal systems today. India, unfortunately, continues with this outdated rule.
227
See [Indian] Contract Act 1872 s.4.
228
Supra Note 230; the test laid down in this case is that in cases of means of instantaneous communication, the
contract is said to be concluded at the place where the acceptance comes to the knowledge of the proposer.
226

it seems would assume jurisdiction. However, it would be for the plaintiff to prima facie also
convince that the courts elsewhere do not have a better basis of jurisdiction since the Indian
courts in such a case may also feel tempted to analyse the issue of jurisdiction from the stand
point of the doctrine of forum non conveniens as also anti-suit injunctions and thus decline to
exercise jurisdiction even where there existed legal basis to do so.229
The solution
There exist irreconcilable differences in what different scholars consider to be solution(s) to the
problem of jurisdiction in cyberspace. The vast spectrum of diversity has at one end, a
suggestion that there exists no reason to be panicky about cyberspace as the new world230 and
that it merely requires a straightforward application231 of existing conflict rules; whereas the
scholars at the other extreme suggest a need for a fundamental re-examination 232 of the
working of jurisdiction and creation of an entirely new set of rules.233 The difficulty in agreeing
upon potential solution(s) arises and is deep-rooted in the very understanding of cyberspace,
whether as a place, a means of communication, technological state of mind, etc. 234 For the
purpose of an analytical study of the topic, the different suggestions may be considered.
There are four basic competing models for the governance of the global net235: simple extension
(with adjustments) of the existing rules of international jurisdiction236; a multilateral treaty based
establishment of new and uniform jurisdiction rules 237 ; establishment of a new international
organisation to propose a set of rules appropriate for cyberspace jurisdiction; and, an optimism of
emergence of individual decentralised decisions by various actors and stakeholders.

229

(India TV) Independent News Service v India Broadcast Live, above fn.126.
Jack L. Goldsmith, About Cyberanarchy (1998) 65 U. Chi. L.R. 1199.
231
Henry H. Perritt Jr, Jurisdiction and the Internet: Basic Anglo/American Perspectives Projects in the Coming
2000s, www.ilpf.org; Henry H. Perritt Jr, The Internet is Changing International Law (1998) 73 Chicago-Kent
Law Review 997 (1998).
232
David R. Johnson and David G. Post, Law and BordersThe Rise of Law in Cyberspace (1996) 48 Stan. L.R.
1367.
233
David R. Johnson and David G. Post, And How shall the net be governed? A meditation on the relative virtues
of decentralized, Emergent Law, available at www.cli.org, last accessed on 20th of Nov. 2013.
234
See Ryder, supra note 107, at 206.
235
Johnson and Post, supra note 138.
236
Uta Kohl, Legal Reasoning and Legal Change in the age of the Internet: Why the Ground Rules are still Valid
(1999) 7(2) International Journal of Law and Information Technology 123; see also Uta Kohl, Eggs, Jurisdiction
and the Internet (2002) 51 International and Comparative Law Quarterly 555 (2002); Andreas Manolopoulos,
Raising Cyberspace: The Interaction between Law and Technology (2003) 11 International Journal of Law and
Technology 40.
237
Moritz Keller, Lessons from The Hague: Internet Jurisdiction in Contract and Tort Cases in the EC and the
US (2004) 23 John Marshall Journal of Computer and Information Law 1.
230

None of these models is free from difficulty. Each has merits and demerits of its own. However,
the model endorsing the conclusion of a multilateral treaty based establishment of new and
uniform jurisdiction rules seems most appropriate for several reasons. One factor which favours
such a model over all others is the story of evolution and development of private international
law. We began from a stage when there was no foreign element in disputes before municipal
courts.
The gradual increase in international trade and movement of persons and goods necessitated
private international law rules. Owing to limited means and resources, different legal systems
answered the same set of foreign elements in their own unique way, which was in some instances
strikingly different from one another. This resulted in different set of conflicts rules in different
countries. Upon realising that such diverse conflict rules actually hampered, rather than
promoted, international trade and movement of persons and goods, the world wake up to a
harmonisation drive.
Unfortunately, this drive has not so far been successful in most areas of conflicts. In context of
cyberspace, we are at much the same stage as we were centuries back when international trade
had just begun to open up. To allow sovereigns to develop their own rules of cyberspace
jurisdiction without having made an endeavour to reach a treaty based solution would mean
rewinding to centuries back and to ignore the wisdom and experience we gained during all these
years. The mistakes that we committed by compulsion centuries ago should not be committed by
choice now.
Since cyberspace is a global phenomenon which transcends, ignores and bypasses geo-political
borders, solutions likely to be appropriate must also be global, or in any case multilateral. In
other words, the likelihood that a proposed scheme or arrangement would resolve the issue of
jurisdiction effectively increases with the increase in multilateral basis. Therefore, despite its
demerits of being a slow process and a generalised approach, it seems
that international harmonisationwhether in the form of voluntary convergence of national
regulatory laws or of a treaty adopting a uniform international standard or by soft cooperation among national enforcement agencieswould be the most promising and feasible
solution, provided that the scheme of the treaty admits of limited reservations and establishes an
international regulatory body and a dispute resolution system.

Besides being a charter of a uniform international standard, 238 a treaty may also specify the
outcome characteristics of particular transactions; state general governmental policy objectives;
or establish international choice-of-law rules that specify which nations law governs particular
transactions. 239 At the same time, one cannot afford to lose sight of the fact that any legal
doctrine that gives the right of regulation of the net to one country (or state, county or city) must
give that right to all sovereigns.
Therefore, all States must decline to exercise jurisdiction unless they consider it equally
permissible for other states, in similar circumstances, to assume jurisdiction. Even if the present
state240 of knowledge and understanding of cyberspace and legal issues related thereto does not
permit a detailed agreement on intricate technology based issues, a more policy based framework
convention would only form a strong foundation for the future harmonisation and guide the
municipal courts in this regard. Thus, to whatever extent agreement is possible; a convention
may be negotiated and drawn up. However, for aspects on which no consensus may be reached,
an international monitoring or regulatory body with some binding authority may be assigned the
task of analysing, etc. rules of cyber jurisdiction. Such a body may, on the lines of UNCITRAL,
UNIDROIT, etc. may propose and adopt certain model laws for the states to base their municipal
legislations on.241
Still other aspects may have to be inevitably left to the municipal courts to rule upon since it is
only in a real factual situation that issues which could not be contemplated will arise, requiring
courts to adjudicate upon the legitimate interests of the parties. Expecting a comprehensive treaty
based solution on all possible issues is unrealistic and also undesired for cyberspace is only a few
decades old and a number of more complex issues are yet to surface. And, to decline to act
merely because a comprehensive agreement looks difficult is to act contrary to the collected
wisdom from the past.

238

An example of a treaty establishing a uniform international standard is the United Nations Convention on the
International Sale of Goods.
239
A good example of a treaty that establishes an international choice-of-law regime is the Rome Convention on the
Law Governing Contracts.
240
So far, international harmonization of issues of jurisdiction is relatively limited. Various international
Conventions dealing with the harmonization of specific areas of law contain provisions on jurisdiction over disputes
arising in the specific field. However, as regards jurisdiction and the enforcement of foreign judgements in general,
a widely accepted multilateral instrumentwhich would also cover intellectual property disputesdoes not yet
exist: WIPO on International Harmonization of Jurisdictional Issues, available at www.wipo.int.
241
The UNCITRAL Model Law on Arbitration sets a valuable precedent as it forms the basis for domestic
legislations in a number of states, including India.

SOME PROPOSED RULES OF JURISDICTION

Considering the complexities of the cyber world and conscious that the presently known
complexities are only the tip of the iceberg, as well as realising that disputes have and will
continue to arise, it is a considered view that the following may form reasonable and acceptable
bases of jurisdiction for an international convention. However, since disputes would arise even
before a certain degree of international harmonisation is reached, compelling the courts to render
judgments, the following are the suggestions on the issue of personal jurisdiction in cyberspace
to municipal courts:
Domicile-jurisdiction rule
The nearly universally accepted rule of founding jurisdiction on the basis of the domicile of the
defendant may constitute a good general rule for cyberspace also. The territorial nexus of the
defendant is not expected to produce much disagreement or opposition. A Brussels Regulation
Art.2-type rule may find quick agreement. However, the definition of the expression
domicile, unlike in the Regulation, should not be left to the municipal regimes.
At the same time, territorial nexus must not be confused for mere casual presence and for a very
short period of time. Most legal systems, including England, have abdicated this rule in favour of
a rule of domicile and/or habitual residence. However, physical territorial presence at the time of
the commission of an act so as to facilitate its commission may also form a just basis for
jurisdiction.
Rule of proximity to cause of action. Since physical territorial presence is often inconsequential
to a wrongful act in cyberspace and mostly difficult to trace, an extended meaning may be
assigned to presence as contextual presence. Presence must thus be presence for the
purpose of and in relation to the cause of action. Proximity to the cause of action may serve as a
reasonable basis for exercise of what Americans understand to be special jurisdiction.
Even so, proximity must not be sought to be determined in terms of minimum contacts or any
other municipal law expression to ensure a highest degree of uniformity. Whether or not there is
an actual proximity to the cause of action may be, instead, best left as a question of fact, to be
determined by application of the judicial mind to the facts of each particular case. This approach
is expected to meet criticism of some of the sceptics and would ensure that each state imparts

justice in each individual case in accordance with its own notions of constitutional rights and
obligations.
This approach has the merit of adequately blending legal predictability (of the basis of
jurisdiction) with flexibility (of its exercise) in each individual case. This would also partly
accommodate the concern of the United States to give necessary choice to the parties to
determine whether or not they wish to become connected to (and consequently, subject to the
laws of) any given sovereign in respect of a cause of action.242
Effects as a basis of jurisdiction If the mere contact, on the basis of which jurisdiction is
sought to be assumed, is the effects of an online act, its exercise must be declined unless the
effect is itself an essential ingredient of the wrongful act243 or unless there exists no other more
appropriate forum for redress to the plaintiff. In such a case, the place where the harm occurred
or its effects surfaced may form an acceptable jurisdictional basis.
Special rules in cases of consumer contracts In the context of consumer contracts, a rule
favouring a very strong protectionist regime may not be suitable for cyberspace. Any
overambitious rule akin to the Brussels I Regulation Art.15 is likely to lose sight of the market
self regulation approach of the United States. The latter seems to be a more appropriate rule for
consumer contracts concluded through cyberspace.
The inappropriateness of the rule can be best understood by examining the implications, if such a
rule is hypothetically adopted. Consumers are generally spread across jurisdictions and the
deliberations one makes while deciding in favour of or against concluding a consumer
relationship is far less than in a B2B contract. The possibility of negotiation is much less in
consumer contracts and whatever little there is, is often excluded by the municipal laws of
different countries, sometimes in the name of public policy, sometimes in the name of
mandatory rules and sometimes under the banner of constitutionally guaranteed
fundamental rights. This would expose a potential seller/service provider to the risk of
litigation in almost all countries of the world. Any temptation to be guided by an emotion to
protect the weak consumer must therefore be resisted in favour of the need to prevent the
242

The report on Global Jurisdiction Issues Created by the Internet (American Bar Association, 2000, s.2.2,
London meeting draft) prepared and submitted by the American Bar Association clearly indicates the importance of
targeting for the purposes of jurisdiction to prescribe and to adjudicate: Such a chosen relationship will subject the
foreign actor to both personal and prescriptive jurisdiction. The critical issues are the intent of the website sponsor
and what constitutes sufficient evidence of that intent. When transactions are involved, the best evidence of intent is
the willingness to deal with the persons in that forum.
243
For example, in defamation it may be resorted to.

hindrance in the development of the internet as a means of entering into legally binding relations.
Such a rule may further, in some cases, lead to a denial of an effective compliance of the rule of
audi alteram partem.
Nevertheless, since the consumer needs to be given at least some protection considering his weak
bargaining power, it may be reasonable to adopt a rule conferring jurisdiction upon the courts of
the state where the consumer is domiciled if the other party also has an office, branch, agency or
other establishment etc within the territorial limits of the same state. Similarly, jurisdiction may
be exercised when it is made out on the basis of proximity of the cause of action.
Some of the rules referred to in the previous section may be of great assistance in an effort to
reach a treaty on international jurisdiction in cyberspace. These rules have been chosen and
proposed on a two prong criterion: (1) the degree of acceptance and (2) reasonableness. A
balance must therefore be made between the necessary liberty for technology and the need to
check its possible abuse. While a strict view on cyberspace jurisdiction runs the risk of its
unbridled and unchecked misuse, a rather casual view of jurisdiction may mean fighting the
wrong enemy with the wrong weapons in the wrong battlefield. This may indeed retard the
potential growth of the internet. Thus each court must properly weigh and address the competing
claims of the parties before giving effect to one over the other, keeping in view also the
possibility of enforcement.244 It is here that the necessity of international harmonisation steps in.
Since all international harmonisation is a compromise, an overambitious agenda to have a
comprehensive and perfect set of rules may be detrimental to the whole exercise.

CONCLUSIONS
In a matter which is as unknown to a judge as a legislator, it is difficult to suggest whether a
common law or a civil law approach should be the preferred one. To favour the view to learn
with experience and time would mean allowing the common law courts enough time to decide
a good number of cases and attract the application of their doctrine of stare decisis. This would
jeopardise the harmonisation process at a later stage. To favour the other approach of laying
down some inflexible rules (purporting to be comprehensive) comes with the risk of
compromising justice.

244

See the relation between enforcement and curial jurisdiction under the heading International jurisdiction
above.

While the desired harmonisation is not reached and/or the states do not legislate on the basis of
the model laws referred to above, the difficulty will remain paramount for the courts. It is
there that the important question will arise: in the absence of statutory and international
guidelines on cyber jurisdiction, how far would resorting to private international law norms, as
prevalent in different legal systems, be justified and/or feasible? This inquiry has a twofold
concern: the inevitability of municipal courts decisions and the inappropriateness of conflicts
rules being related to cyberspace.
It must be understood and realised that the rules of jurisdiction, just as any other concept of
private international law, were framed or evolved in order to address the then existing
circumstances, political order, sense of justice and the targeted social order. No rule of law can
be fit for all ages even in identical set of circumstances; a change in time, accompanied by
changing circumstances, socio-political order, therefore calls for modification, and in some
cases, abdication of the old in favour of a new rule. Thus, when any of the factors that
contributed to the formulation of a rule changes, so must also the response of law to them.
The main problem lies in attempting to extend to this new virtual world the existing rules of
private international law, which were evolved to best suit the transactions of a traditional
politically divided real world. The new world is almost completely free from elements that led
to the evolution of conflict rules. The only sustainable solution then seems to lie in framing new
rules, which answer the problems considering the peculiarities of this new world that the courts
are confronted with today.
In such a case, a different approach245 may have to be devised, unique to each legal system and
in accordance with its own constitutional scheme and notions of fairness and justice, in order to
exercise jurisdiction over non-resident online users. To expect or require a municipal court to
uphold and apply an international norm of jurisdiction in complete disregard of the notions of its
own constitutional rights and wrongs, is doubtless impolitic and unrealistic. Undoubtedly law,
being a social science, cannot grow at the pace at which science and technology grow.
Nevertheless, every endeavour must be made to keep pace with their growth. It is possible only
when law modifies itself in the light of new developments in science and technology,
progressing at both a micro, issueby- issue. level as well as a broad, trans-substantive level.

245

Jean-Gabriel Castel and Janet Walker, Canadian Conflict of Laws, 5th edn (Canada: Butterworths, 2003),
para.11.47.

No single model solution is sufficient in itself to adequately address the problem. Cyber
jurisdiction can be addressed only by a proportionate contribution from all the models,
complementing and supplementing each other. But, before adopting any one model or any
combination of different models, it must be remembered that the internet is here to stay, and so is
its potential to commit and facilitate unlawful acts, and the resultant litigation. Therefore it is
necessary for each state to participate in every attempt to harmonise the rules of jurisdiction and
to codify such rules into domestic legislations, even where no international harmonisation is
reached. This will ensure that both sides of cyber litigation will be faced in a predictable forum
with certain legal consequences the prior knowledge of which would enable them to act
accordingly.

CHAPTER NO 6
A CRITICAL EVALUATION OF CYBER LAW IT ACT
INTRODUCTION
Legal aspects of computing are related to various areas of law. Cyber law is a term that
encapsulates the legal issues related to use of communicative, transactional, and distributive
aspects of networked information devices and technologies. It is less a distinct field of law than
property or contract law, as it is a domain covering many areas of law and regulation. Some
leading topics include intellectual property, privacy, freedom of expression, and jurisdiction.
Information Technology Law (or IT Law) is a set of recent legal enactments, currently in
existence in several countries, which governs the process and dissemination of information
digitally. These legal enactments cover a broad gamut of different aspects relating to computer

software, protection of computer software, access and control of digital information, privacy,
security, internet access and usage, and electronic commerce. These laws have been described as
"paper laws" for "paperless environment".

AREAS OF LAW
There is intellectual property in general, including copyright, rules on fair use, and special rules
on copy protection for digital media, and circumvention of such schemes. The area of software
patents is controversial, and still evolving in Europe and elsewhere.246
The related topics of software licenses, end user license agreements, free software licenses and
open-source licenses can involve discussion of product liability, professional liability of
individual developers, warranties, contract law, trade secrets and intellectual property.
In various countries, areas of the computing and communication industries are regulated often
strictly by government bodies.
There are rules on the uses to which computers and computer networks may be put, in particular
there are rules on unauthorized access, data privacy and spamming. There are also limits on the
use of encryption and of equipment which may be used to defeat copy protection schemes. The
export of Hardware and Software between certain states is also controlled.
There are laws governing trade on the Internet, taxation, consumer protection, and advertising.
There are laws on censorship versus freedom of expression, rules on public access to government
information, and individual access to information held on them by private bodies. There are laws
on what data must be retained for law enforcement, and what may not be gathered or retained,
for privacy reasons.
In certain circumstances and jurisdictions, computer communications may be used in evidence,
and to establish contracts. New methods of tapping and surveillance made possible by computers
have wildly differing rules on how they may be used by law enforcement bodies and as evidence
in court.
Computerized voting technology, from polling machines to internet and mobile-phone voting,
raise a host of legal issues.
Some states limit access to the Internet, by law as well as by technical means.

246

Richard Raysman, Peter Brown, Computer Law: Drafting and Negotiating Forms and Agreements, Law
Journal Press, 2008, at p. 10.

JURISDICTION
Issues of jurisdiction and sovereignty have quickly come to the fore in the era of the Internet.
Jurisdiction is an aspect of state sovereignty and it refers to judicial, legislative and
administrative competence. Although jurisdiction is an aspect of sovereignty, it is not
coextensive with it. The laws of a nation may have extraterritorial impact extending the
jurisdiction beyond the sovereign and territorial limits of that nation. This is particularly
problematic as the medium of the Internet does not explicitly recognize sovereignty and
territorial limitations. There is no uniform, international jurisdictional law of universal
application, and such questions are generally a matter of conflict of laws, particularly private
international law. An example would be where the contents of a web site are legal in one country
and illegal in another. In the absence of a uniform jurisdictional code, legal practitioners are
generally left with a conflict of law issue.
Another major problem of cyber law lies in whether to treat the Internet as if it were physical
space (and thus subject to a given jurisdiction's laws) or to act as if the Internet is a world unto
itself (and therefore free of such restraints). Those who favor the latter view often feel that
government should leave the Internet community to self-regulate. John Perry Barlow, for
example, has addressed the governments of the world and stated, "Where there are real conflicts,
where there are wrongs, we will identify them and address them by our means. We are forming
our own Social Contract. This governance will arise according to the conditions of our world, not
yours. Our world is different". 247 A more balanced alternative is the Declaration of Cyber
secession: "Human beings possess a mind, which they are absolutely free to inhabit with no legal
constraints. Human civilization is developing its own (collective) mind. All we want is to be free
to inhabit it with no legal constraints. Since you make sure we cannot harm you, you have no
ethical right to intrude our lives. So stop intruding!" Other scholars argue for more of a
compromise between the two notions, such as Lawrence Lessig's argument that "The problem for
law is to work out how the norms of the two communities are to apply given that the subject to
whom they apply may be in both places at once".248

247

John Perry Barlow, A Declaration of the Independence of Cyberspace; for more detail see,
https://projects.eff.org/~barlow/Declaration-Final.html, last accessed on 15th of Nov., 2013.
248
Lessig, Code 190.

With the internationalism of the Internet, jurisdiction is a much more tricky area than before, and
courts in different countries have taken various views on whether they have jurisdiction over
items published on the Internet, or business agreements entered into over the Internet. This can
cover areas from contract law, trading standards and tax, through rules on unauthorized access,
data privacy and spamming to more political areas such as freedom of speech, censorship, libel
or sedition.
Certainly, the frontier idea that the law does not apply in "Cyberspace" is not true. In fact,
conflicting laws from different jurisdictions may apply, simultaneously, to the same event. The
Internet does not tend to make geographical and jurisdictional boundaries clear, but Internet
users remain in physical jurisdictions and are subject to laws independent of their presence on
the Internet. As such, a single transaction may involve the laws of at least three jurisdictions:
1. The laws of the state/nation in which the user resides,
2. The laws of the state/nation that apply where the server hosting the transaction is located,
and
3. The laws of the state/nation which apply to the person or business with whom the
transaction takes place.
So a user in one of the United States conducting a transaction with another user in Britain
through a server in Canada could theoretically be subject to the laws of all three countries as they
relate to the transaction at hand.
In practical terms, a user of the Internet is subject to the laws of the state or nation within which
he or she goes online. Thus, in the U.S., Jake Baker faced criminal charges for his e-conduct, and
numerous users of peer-to-peer file-sharing software were subject to civil lawsuits for copyright
infringement. This system runs into conflicts, however, when these suits are international in
nature. Simply put, legal conduct in one nation may be decidedly illegal in another. In fact, even
different standards concerning the burden of proof in a civil case can cause jurisdictional
problems. For example, an American celebrity, claiming to be insulted by an online American
magazine, faces a difficult task of winning a lawsuit against that magazine for libel. But if the
celebrity has ties, economic or otherwise, to England, he or she can sue for libel in the British
court system, where the standard of "libelous speech" is far lower.
Internet governance is a live issue in international fora such as the International
Telecommunication Union (ITU), and the role of the current US-based co-ordinating body, the

Internet Corporation for Assigned Names and Numbers (ICANN) was discussed in the UNsponsored World Summit on the Information Society (WSIS) in December 2003

REGULATION OF THE INTERNET

The unique structure of the Internet has raised several judicial concerns. While grounded in
physical computers and other electronic devices, the Internet is independent of any geographic
location. While real individuals connect to the Internet and interact with others, it is possible for
them to withhold personal information and make their real identities anonymous. If there are
laws that could govern the Internet, then it appears that such laws would be fundamentally
different from laws that geographic nations use today.
In their essay "Law and Borders -- The Rise of Law in Cyberspace", David R. Johnson and
David G. Post offer a solution to the problem of Internet governance. Given the Internet's unique
situation, with respect to geography and identity, Johnson and Post believe that it becomes
necessary for the Internet to govern itself. Instead of obeying the laws of a particular country,
Internet citizens will obey the laws of electronic entities like service providers. Instead of
identifying as a physical person, Internet citizens will be known by their usernames or email
addresses. Since the Internet defies geographical boundaries, national laws will no longer apply.
Instead, an entirely new set of laws will be created to address concerns like intellectual property
and individual rights. In effect, the Internet will exist as its own sovereign nation.
Even if the Internet represents a legal paradigm shift, Johnson and Post do not make clear exactly
how or by whom the law of the Internet will be enforced. Instead, the authors see market
mechanisms, like those that Medieval merchants used, guiding Internet citizens' actions like
Adam Smith's invisible hand. Yet, as more physical locations go online, the greater the potential
for physical manifestation of electronic misdeeds. What do we do when someone electronically
turns off the hospital lights?
However, there is also substantial literature and commentary that the internet is not only
"regulable," but is already subject to substantial regulation, both public and private, by many
parties and at many different levels. Leaving aside the most obvious examples of internet
filtering in nations like China or Saudi Arabia or Iran (that monitor content), there are four
primary modes of regulation of the internet described by Lawrence Lessig in his book, Code and
Other Laws of Cyberspace:

1. Law: Standard East Coast Code, and the most self-evident of the four modes of
regulation. As the numerous statutes, evolving case law and precedents make clear, many
actions on the internet are already subject to conventional legislation (both with regard to
transactions conducted on the internet and images posted). Areas like gambling, child
pornography, and fraud are regulated in very similar ways online as off-line. While one
of the most controversial and unclear areas of evolving laws is the determination of what
forum has subject matter jurisdiction over activity (economic and other) conducted on the
internet, particularly as cross border transactions affect local jurisdictions, it is certainly
clear that substantial portions of internet activity are subject to traditional regulation, and
that conduct that is unlawful off-line is presumptively unlawful online, and subject to
similar laws and regulations. Scandals with major corporations led to US legislation
rethinking corporate governance regulations such as the Sarbanes-Oxley Act.
2. Architecture: West Coast Code: these mechanisms concern the parameters of how
information can and cannot be transmitted across the internet. Everything from internet
filtering software (which searches for keywords or specific URLs and blocks them before
they can even appear on the computer requesting them), to encryption programs, to the
very basic architecture of TCP/IP protocol, falls within this category of regulation. It is
arguable that all other modes of regulation either rely on, or are significantly supported
by, regulation via West Coast Code.
3. Norms: As in all other modes of social interaction, conduct is regulated by social norms
and conventions in significant ways. While certain activities or kinds of conduct online
may not be specifically prohibited by the code architecture of the internet, or expressly
prohibited by applicable law, nevertheless these activities or conduct will be invisibly
regulated by the inherent standards of the community, in this case the internet "users."
And just as certain patterns of conduct will cause an individual to be ostracised from our
real world society, so too certain actions will be censored or self-regulated by the norms
of whatever community one chooses to associate with on the internet.
4. Markets: Closely allied with regulation by virtue of social norms, markets also regulate
certain patterns of conduct on the internet. While economic markets will have limited
influence over non-commercial portions of the internet, the internet also creates a virtual
marketplace for information, and such information affects everything from the

comparative valuation of services to the traditional valuation of stocks. In addition, the

increase in popularity of the internet as a means for transacting all forms of commercial
activity, and as a forum for advertisement, has brought the laws of supply and demand in
cyberspace.

NET NEUTRALITY
Another major area of interest is net neutrality, which affects the regulation of the infrastructure
of the Internet. Though not obvious to most Internet users, every packet of data sent and received
by every user on the Internet passes through routers and transmission infrastructure owned by a
collection of private and public entities, including telecommunications companies, universities,
and governments, suggesting that the Internet is not as independent as Barlow and others would
like to believe. This is turning into one of the most critical aspects of cyberlaw and has
immediate jurisdictional implications, as laws in force in one jurisdiction have the potential to
have dramatic effects in other jurisdictions when host servers or telecommunications companies
are affected.

FREE SPEECH IN CYBERSPACE

Article 19 of the Universal Declaration of Human Rights calls for the protection of free
expression in all media. In comparison to traditional print-based media, the accessibility and
relative anonymity of cyber space has torn down traditional barriers between an individual and
his or her ability to publish. Any person with an internet connection has the potential to reach an
audience of millions with little-to-no distribution costs. Yet this new form of highly accessible
authorship in cyber space raises questions and perhaps magnifies legal complexities relating to
the freedom and regulation of speech in cyberspace.
These complexities have taken many forms, three notable examples being the Jake Baker
incident, in which the limits of obscene Internet postings were at issue, the controversial
distribution of the DeCSS code, and Gutnick v Dow Jones, in which libel laws were considered
in the context of online publishing. The last example was particularly significant because it
epitomized the complexities inherent to applying one country's laws (nation-specific by
definition) to the internet (international by nature). In 2003, Jonathan Zittrain considered this

issue in his paper, "Be Careful What You Ask For: Reconciling a Global Internet and Local
Law".
In the UK the case of Keith-Smith v Williams249 confirmed that existing libel laws applied to
internet discussions.250
In terms of the tort liability of ISPs and hosts of internet forums, Section 230(c) of the
Communications Decency Act may provide immunity in the United States.

INTERNET CENSORSHIP
In many countries, speech through cyberspace has proven to be another means of communication
which has been regulated by the government. 251 The Open Net Initiative, whose mission
statement is "to investigate and challenge state filtration and surveillance practices" to
"...generate a credible picture of these practices," has released numerous reports documenting the
filtration of internet-speech in various countries. While China has thus far proven to be the most
rigorous in its attempts to filter unwanted parts of the internet from its citizens,252 many other
countries - including Singapore, Iran, Saudi Arabia, and Tunisia - have engaged in similar
practices of Internet censorship. In one of the most vivid examples of information control, the
Chinese government for a short time transparently forwarded requests to the Google search
engine to its own, state-controlled search engines.
These examples of filtration bring to light many underlying questions concerning the freedom of
speech. For example, does the government have a legitimate role in limiting access to
information? And if so, what forms of regulation are acceptable? For example, some argue that
the blocking of "blogspot" and other websites in India failed to reconcile the conflicting interests
of speech and expression on the one hand and legitimate government concerns on the other hand.

THE CREATION OF PRIVACY IN CYBER-LAW

249

(2006) EWHC 860 (QB)

See, http://www.qesign.com/offer.php?x=Keith-Smith_v_Williams, last accessed on 15th of Nov., 2013.
251
See, http://www.cyberlawsindia.net/lawyering.html, last accessed on 15th of Nov., 2013.
252
Ibid.
250

Warren and Brandeis

At the close of the 19th Century, concerns about privacy captivated the general public, and led to
the 1890 publication of Samuel Warren and Louis Brandeis: "The Right to Privacy". The vitality
of this article can be seen today, when examining the USSC decision of Kyllo v. United
States,253 where it is cited by the majority, those in concurrence, and even those in dissent.
The motivation of both authors to write such an article is heavily debated amongst scholoars,
however, two developments during this time give some insight to the reasons behind it. First, the
sensationalistic press and the concurrent rise and use of "yellow journalism" to promote the sale
of newspapers in the time following the Civil War brought privacy to the forefront of the public
eye. The other reason that brought privacy to the forefront of public concern was the
technological development of "instant photography". This article set the stage for all privacy
legislation to follow during the 20 and 21st Centuries.
Reasonable Expectation of Privacy Test and emerging technology
In 1967, the United States Supreme Court decision in Katz v United States,254 established what is
known as the Reasonable Expectation of Privacy Test to determine the applicability of the Fourth
Amendment in a given situation. It should be noted that the test was not noted by the majority,
but instead it was articulated by the concurring opinion of Justice Harlan. Under this test, 1) a
person must exhibit an "actual (subjective) expectation of privacy" and 2) "the expectation
[must] be one that society is prepared to recognize as 'reasonable.'"
Privacy Act of 1974
Inspired by the Watergate scandal, the United States Congress enacted the Privacy Act of 1974
just four months after the resignation of then President Richard Nixon. In passing this Act,
Congress found that "the privacy of an individual is directly affected by the collection,
maintenance, use, and dissemination of personal information by Federal agencies" and that "the
increasing use of computers and sophisticated information technology, while essential to the
efficient operations of the Government, has greatly magnified the harm to individual privacy that
can occur from any collection, maintenance, use, or dissemination of personal information." 255

Foreign Intelligence Surveillance Act of 1978

253

533 U.S. 27 (2001).

389 U.S. 347 (1967).
255
For More Information See: Privacy Act of 1974.
254

Codified at 50 U.S.C. 1801-1811, this act establishes standards and procedures for use of
electronic surveillance to collect "foreign intelligence" within the United States. 1804(a)(7)(B).
FISA overrides the Electronic Communications Privacy Act during investigations when foreign
intelligence is "a significant purpose" of said investigation. 50 U.S.C. 1804(a)(7)(B) and
1823(a)(7)(B). Another interesting result of FISA, is the creation of the Foreign Intelligence
Surveillance Court (FISC). All FISA orders are reviewed by this special court of federal district
judges. The FISC meets in secret, with all proceedings usually also held from both the public eye
and those targets of the desired surveillance.256 For more information see: Foreign Intelligence
Act
(1986) Electronic Communication Privacy Act
The ECPA represents an effort by the United States Congress to modernize federal wiretap law.
The ECPA amended Title III (see: Omnibus Crime Control and Safe Streets Act of 1968) and
included two new acts in response to developing computer technology and communication
networks. Thus the ECPA in the domestic venue into three parts: 1) Wiretap Act, 2) Stored
Communications Act, and 3) The Pen Register Act.257
(1994) Driver's Privacy Protection Act
The DPPA was passed in response to states selling motor vehicle records to private industry.
These records contained personal information such as name, address, phone number, SSN,
medical information, height, weight, gender, eye color, photograph and date of birth. In 1994,
Congress passed the Driver's Privacy Protection (DPPA), 18 U.S.C. 2721-2725, to cease this
activity.258
(1999) Gramm-Leach-Bliley Act
-This act authorizes widespread sharing of personal information by financial institutions such as
banks, insurers, and investment companies. The GLBA permits sharing of personal information
between companies joined together or affiliated as well as those companies unaffiliated. To
protect privacy, the act requires a variety of agencies such as the SEC, FTC, etc. to establish
"appropriate standards for the financial institutions subject to their jurisdiction" to "insure

256

See, http://www.expertlawyer.in/it-law-cyber-law-internet-law-india.aspx, last accessed on 16th of Nov., 2013.

Cyber Laws/Computer crime or Cyber crimes and Cyber Control Administration. See,
http://administrationpublic.weebly.com/cyber-laws-cyber-crimes-and-cyber-control-administration.html,
last
accessed on 16th of Nov., 2013.
258
For More Information See: Driver's Privacy Protection Act
257

security and confidentiality of customer records and information" and "protect against
unauthorized access" to this information. 15 U.S.C. 6801.259
(2002) Homeland Security Act
Passed by Congress in 2002, the Homeland Security Act, 6 U.S.C. 222, consolidated 22 federal
agencies into what is commonly known today as the Department of Homeland Security (DHS).
The HSA, also created a Privacy Office under the DoHS. The Secretary of Homeland Security
must "appoint a senior official to assume primary responsibility for privacy policy." This privacy
official's responsibilities include but are not limited to: ensuring compliance with the Privacy Act
of 1974, evaluating "legislative and regulatory proposals involving the collection, use, and
disclosure of personal information by the Federal Government", while also preparing an annual
report to Congress.260
(2004) Intelligence Reform and Terrorism Prevention Act
-This Act mandates that intelligence be "provided in its most shareable form" that the heads of
intelligence agencies and federal departments "promote a culture of information sharing." The
IRTPA also sought to establish protection of privacy and civil liberties by setting up a fivemember Privacy and Civil Liberties Oversight Board. This Board offers advice to both the
President of the United States and the entire executive branch of the Federal Government
concerning its actions to ensure that the branch's information sharing policies are adequately
protecting privacy and civil liberties.261
Legal enactments - examples
The Computer Misuse Act 1990, enacted by Great Britain on 29 June 1990, and which came into
force on 29 August 1990, is an example of one of the earliest of such legal enactments. This Act
was enacted with an express purpose of making "provision for securing computer material
against unauthorized access or modification." Certain major provisions of the Computer Misuse
Act 1990 relate to:
"Unauthorized access to computer materials",
"Unauthorized access with intent to commit or facilitate the commission of further
offences", and
"Unauthorized modification of computer material."
259

For More Information See: Gramm-Leach-Bliley Act.

For More Information See: Homeland Security Act.
261
For More Information See: Intelligence Reform and Terrorism Prevention Act
260

The impact of the Computer Misuse Act 1990 has been limited and with the adoption of the
Council of Europe adopts its Convention on Cyber-Crime, it has been indicated that amending
legislation would be introduced in paliamentary session 2004-05 in order to rectify possible gaps
in its coverage, which are many.
The CMA 1990 has many weaknesses, the most notable is its inability to cater for, or provide
suitable protection against a host of high tech attacks/crimes which have became more prevalent
in the last decade. Certain attacks such as DDOS and BOTNET attacks cannot be effectively
brought to justice under the CMA. This ACT has been under review for a number of years.
Computer crimes such as electronic theft are usually prosecuted in the UK under the legislation
that caters for traditional theft (Theft Act 1968), because the CMA is so ineffective.
A recent example of Information Technology Law is India's Information Technology Act 2000,
which became effective from 17 October 2000. This Act applies to whole of India, and its
provisions also apply to any offence or contravention, committed even outside the territorial
jurisdiction of Republic of India, by any person irrespective of his nationality. In order to attract
provisions of this Act, such an offence or contravention should involve a computer, computer
system, or computer network located in India. The IT Act, 2000 provides an extraterritorial
applicability to its provisions by virtue of section 1(2) read with section 75.
India's Information Technology Act 2000 has tried to assimilate legal principles available in
several such laws (relating to Information Technology) enacted earlier in several other countries,
as also various guidelines pertaining to Information Technology Law. The government of India
appointed an Expert Committee to suggest suitable amendments into the existing IT Act, 2000.
The amendments suggested by the Committee were severely criticised on various grounds. The
chief among them was the dilution of criminal sanctions under the proposed amendments. These
amendments, perhaps with some modifications, have been approved by the Cabinet in India on
16 October 2006 and very soon the amendments will be laid down before the Indian Parliament
for suitable legislation.
The IT Act, 2000 needs an overall haul keeping in mind the contemporary standards and
requirements and the Indian law in this regard is lagging far behind. In the absence of proper law
in place, the only recourse is to rely upon the traditional criminal law of India, i.e. Indian Penal
Code, 1860 (IPC)[1]that is highly insufficient for cyber crimes in India. Alternatively, a

purposive, updating and organic interpretation of the existing provisions of the IT Act, 2000 and
IPC by the judiciary must be tried.
The IT Act, 2000 requires a purposive and updating amendment initiative as many contemporary
crimes and contraventions are missing from it. Besides, there is an emergent need of introducing
the concept of cyber forensics in India.
Many Asian and Middle Eastern nations use any number of combinations of code-based
regulation (one of Lessig's four methods of net regulation) to block material that their
governments have deemed inappropriate for their citizens to view. PRC, Saudi Arabia and Iran
are three excellent examples of nations that have achieved high degrees of success in regulating
their citizens access to the Internet. 262
Electronic Signature Laws

U.S. - Electronic Signatures in Global and National Commerce Act

U.S. - Uniform Electronic Transactions Act - adopted by 46 states

U.S. - Digital Signature And Electronic Authentication Law

U.S. - Government Paperwork Elimination Act (GPEA)

U.S. - The Uniform Commercial Code (UCC)

UK - s.7 Electronic Communications Act 2000

European Union - Electronic Signature Directive (1999/93/EC)

Mexico - E-Commerce Act [2000]

Costa Rica - Digital Signature Law 8454 (2005)

Australia - Electronic Transactions Act 1999 (Cth) (also note that there is State and
Territory mirror legislation)

Information Technology Law

1. Florida Electronic Security Act
2. Illinois Electronic Commerce Security Act
3. Texas Penal Code - Computer Crimes Statute
4. Maine Criminal Code - Computer Crimes
5. Singapore Electronic Transactions Act
6. Malaysia Computer Crimes Act
7. Malaysia Digital Signature Act
262

See, http://www.expertlawyer.in/it-law-cyber-law-internet-law-india.aspx, last accessed on 16th of Nov., 2013.

8. UNCITRAL Model Law on Electronic Commerce

9. Information Technology Act 2000 of India
Information Technology Guidelines
1. ABA Digital Signature Guidelines
2. United States Office of Management and Budget

Enforcement agencies
The Information Technology Laws of various countries, and / or their criminal laws generally
stipulate enforcement agencies, entrusted with the task of enforcing the legal provisions and
requirements.
United States Federal Agencies
Many United States federal agencies oversee the use of information technology. Their
regulations are promulgated in the Code of Federal Regulations of the United States.
Over 25 U.S. federal agencies have regulations concerning the use of digital and electronic
signatures.263
India
A live example of such an enforcement agency is Cyber Crime Police Station, Bangalore [2],
India's first exclusive Cyber Crime enforcement agency.

Other examples of such enforcement agencies include:

Cyber Crime Investigation Cell [3] of India's Mumbai Police.

Cyber Crime Police Station[4] of the state Government of Andhra Pradesh, India. This
Police station has jurisdiction over the entire state of Andhra Pradesh, and functions from
the Hyderabad city.

In South India, the Crime Branch of Criminal Investigation Department, Tamilnadu

police, India, has a Cyber Crime Cell at Chennai.

In East India, Cyber Crime Cells have been set up by the Kolkata Police as well as the
Criminal Investigation Department, West Bengal.

Information Technology Lawyer

263

"Federal Agency Digital and Electronic Signature Regulations". Retrieved from www.Isaacbowman.com, last
accessed on 17th of Nov. 2013.

An information technology attorney is a professional who handles a variety of legal matters

related to IT. The attorney gets involved in drafting, negotiating, and interpreting agreements in
the areas of software licensing and maintenance, IT consulting, e-commerce, web site hosting
and development, and telecommunications agreements, as well as handling dispute resolution
and assisting with the client's Internet domain name portfolio. An information technology
attorney works with engineering, IT, and other business units and ensures that customer
information gathered by company is collected, stored and used in compliance with privacy
policies and applicable laws.
Duties also include providing high quality, specialized and practical advice in business-tobusiness and business-to-consumer arrangements and advising on issues like IT outsourcing
arrangements, software and hardware supply and implementation agreements. An information
technology attorney contracts for web site developers and consultants in relation to on-line
projects. Provides support and maintains confidentiality/know how agreements. Contracts for
Internet service providers and data protection advice. An information technology attorney should
have a JD degree or an LL.M degree with admission to the local state bar.
Connectivity via the Internet has greatly abridged geographical distances and made
communication even more rapid. While activities in this limitless new universe are increasing
incessantly, laws must be formulated to monitor these activities. Some countries have been rather
vigilant and formed some laws governing the net. In order to keep pace with the changing
generation, the Indian Parliament passed the much-awaited Information Technology (IT) Act,
2000 (hereinafter referred to as the Act). As they say, "Its better late than never".
In this article, I have tried to summarise the basic and important provisions of the Act. However,
even after it has been passed, a debate over certain controversial issues continues. A large
portion of the industrial community seems to be dissatisfied with certain aspects of the Act. But
on the whole, it is a step in the right direction for India.

HISTORY
The Department of Electronics (DoE) in July 1998 drafted the bill. However, it could only be
introduced in the House on December 16, 1999 (after a gap of almost one and a half years) when
the new IT Ministry was formed. It underwent substantial alteration, with the Commerce
Ministry making suggestions related to e-commerce and matters pertaining to World Trade

Organization (WTO) obligations. The Ministry of Law and Company Affairs then vetted this
joint draft.
After its introduction in the House, the bill was referred to the 42-member Parliamentary
Standing Committee following demands from the Members. The Standing Committee made
several suggestions to be incorporated into the bill. However, only those suggestions that were
approved by the Ministry of Information Technology were incorporated. One of the suggestions
that were highly debated upon was that a cyber caf owner must maintain a register to record the
names and addresses of all people visiting his caf and also a list of the websites that they surfed.
This suggestion was made as an attempt to curb cyber crime and to facilitate speedy locating of a
cyber criminal. However, at the same time it was ridiculed, as it would invade upon a net surfers
privacy and would not be economically viable. As Mr. Dewang Mehta, Executive Director of the
National Association of Software and Service (NASSCOM) said, "it would only result in closing
down of all cyber cafs and ultimately deprive people of these facilities." Finally, this suggestion
was dropped by the IT Ministry in its final draft.
The Union Cabinet approved the bill on May 13, 2000 and both the houses of Parliament finally
passed it by May 17, 2000. The Presidential Assent was finally received in the third week of
June 2000.

IMPORTANT PROVISIONS
The Act is arranged in 13 Chapters comprising of 93 Sections along with Four Schedules.
Preamble:
The Preamble to the Act states that it aims at providing legal recognition for transactions carried
out by means of electronic data interchange and other means of electronic communication,
commonly referred to as "electronic commerce", which involve the use of alternatives to paperbased methods of communication and storage of information and aims at facilitating electronic
filing of documents with the Government agencies.
The General Assembly of the United Nations had adopted the Model Law on Electronic
Commerce adopted by the United Nations Commission on International Trade Law
(UNCITRAL) in its General Assembly Resolution A/RES/51/162 dated January 30, 1997. The
Indian Act is in keeping with this resolution that recommended that member nations of the UN
enact and modify their laws according to the Model Law.

Thus with the enactment of this Act, Internet transactions will now be recognised, on-line
contracts will be enforceable and e-mails will be legally acknowledged. It will tremendously
augment domestic as well as international trade and commerce.
Legitimacy and Use of Digital Signatures:
The Act has adopted the Public Key Infrastructure (PKI) for securing electronic transactions. As
per Section 2(1)(p) of the Act, a digital signature means an authentication of any electronic
record by a subscriber by means of an electronic method or procedure in accordance with the
other provisions of the Act. Thus a subscriber can authenticate an electronic record by affixing
his digital signature. A private key is used to create a digital signature whereas a public key is
used to verify the digital signature and electronic record. They both are unique for each
subscriber and together form a functioning key pair.
Section 5 provides that when any information or other matter needs to be authenticated by the
signature of a person, the same can be authenticated by means of the digital signature affixed in a
manner prescribed by the Central Government. Under Section 10, the Central Government has
powers to make rules prescribing the type of digital signature, the manner in which it shall be
affixed, the procedure to identify the person affixing the signature, the maintenance of integrity,
security and confidentiality of electronic records or payments and rules regarding any other
appropriate matters.
Furthermore, these digital signatures are to be authenticated by Certifying Authorities (CAs)
appointed under the Act. These authorities would inter alia, have the license to issue Digital
Signature Certificates (DSCs). The applicant must have a private key that can create a digital
signature. This private key and the public key listed on the DSC must form the functioning key
pair.
Once the subscriber has accepted the DSC, he shall generate the key pair by applying the
security procedure. Every subscriber is under an obligation to exercise reasonable care and
caution to retain control of the private key corresponding to the public key listed in his DSC. The
subscriber must take all precautions not to disclose the private key to any third party. If however,
the private key is compromised, he must communicate the same to the Certifying Authority (CA)
without any delay.
Writing requirements:

Section 4 of the Act states that when under any particular law, if any information is to be
provided in writing or typewritten or printed form, then notwithstanding that law, the same
information can be provided in electronic form which can also be accessed for any future
reference. This non-obstante provision will make it possible to enter into legally binding
contracts on-line!
Attribution, Acknowledgement and Dispatch of Electronic Records:
Chapter IV of the Act explicates the manner in which electronic records are to be attributed,
acknowledged and dispatched. These provisions play a vital role while entering into agreements
electronically.
Section 11 states that an electronic record shall be attributed to the originator as if it was sent by
him or by a person authorised on his behalf or by an information system programmed to operated
on behalf of the originator.
As per Section 12, the addressee may acknowledge the receipt of the electronic record either in a
particular manner or form as desired by the originator and in the absence of such requirement, by
communication of the acknowledgement to the addresses or by any conduct that would
sufficiently constitute acknowledgement. Normally if the originator has stated that the electronic
record will be binding only on receipt of the acknowledgement, then unless such
acknowledgement is received, the record is not binding. However, if the acknowledgement is not
received within the stipulated time period or in the absence of the time period, within a
reasonable time, the originator may notify the addressee to send the acknowledgement, failing
which the electronic record will be treated as never been sent.
Section 13 specifies that an electronic record is said to have been dispatched the moment it
leaves the computer resource of the originator and said to be received the moment it enters the
computer resource of the addressee.
Utility of electronic records and digital signatures in Government Audits Agencies:
According to the provisions of the Act, any forms or applications that have to be filed with the
appropriated Government office or authorities can be filed or any licence, permit or sanction can
be issued by the Government in an electronic form. Similarly, the receipt or payment of money
can also take place electronically.
Moreover, any documents or records that need to be retained for a specific period may be
retained in an electronic form provided the document or record is easily accessible in the same

format as it was generated, sent or received or in another format that accurately represents the
same information that was originally generated, sent or received. The details of the origin,
destination, date and time of the dispatch or receipt of the record must also be available in the
electronic record.
Furthermore, when any law, rule, regulation or byelaw has to be published in the Official Gazette
of the Government, the same can be published in electronic form. If the same are published in
printed and electronic form, the date of such publication will be the date on which it is first
published.
However, the above mentioned provisions do not give a right to anybody to compel any Ministry
or Department of the Government to use electronic means to accept, issue, create, retain and
preserve any document or execute any monetary transaction. Nevertheless, if these electronic
methods are utilised, the Government will definitely save a lot of money on paper!
Regulation of Certifying Authorities (CAs):
A CA is a person who has been granted a license to issue digital signature certificates. These
CAs are to be supervised by the Controller of CAs appointed by the Central Government. Deputy
or Assistant Controllers may also assist the Controller. The Controller will normally regulate and
monitor the activities of the CAs and lay down the procedure of their conduct.
The Controller has the power to grant and renew licenses to applicants to issue DSCs and at the
same time has the power to even suspend such a license if the terms of the license or the
provisions of the Act are breached. The CAs have to follow certain prescribed rules and
procedures and must comply with the provisions of the Act.
Issuance, Suspension and Revocation of Digital Signature Certificates (DSCs):
As per Section 35, any interested person shall make an application to the CA for a DSC. The
application shall be accompanied by filing fees not exceeding Rs. 25,000 and a certification
practice statement or in the absence of such statement, any other statement containing such
particulars as may be prescribed by the regulations. After scrutinising the application, the CA
may either grant the DSC or reject the application furnishing reasons in writing for the same.
While issuing the DSC, the CA must inter alia, ensure that the applicant holds a private key
which is capable of creating a digital signature and corresponds to the public key to be listed on
the DSC. Both of them together should form a functioning key pair.

The CA also has the power to suspend the DSC in public interest on the request of the subscriber
listed in the DSC or any person authorised on behalf of the subscriber. However, the subscriber
must be given an opportunity to be heard if the DSC is to be suspended for a period exceeding
fifteen days. The CA shall communicate the suspension to the subscriber.
There are two cases in which the DSC can be revoked. Firstly, as per Section 38 (1), it may be
revoked either on the request or death of the subscriber or when the subscriber is a firm or
company, on the dissolution of the firm or winding up of the company. Secondly, according to
Section 38(2), the CA may suo moto revoke it if some material fact in the DSC is false or has
been concealed by the subscriber or the requirements for issue of the DSC are not fulfilled or the
subscriber has been declared insolvent or dead et al.
A notice of suspension or revocation of the DSC must be published by the CA in a repository
specified in the DSC.
Penalties for Computer Crimes:
As per the Act, civil liability and stringent criminal penalties may be imposed on any person who
causes damage to a computer or computer system. The offender would be liable to pay
compensation not exceeding Rs. 1 Crore (10 million) for gaining unauthorised access to a
computer or computer system, damaging it, introducing a virus in the system, denying access to
an authorised person or assisting any person in any of the above activities.
Furthermore, the Act also defines specific penalties for violation of its provisions or of any rules
or regulations made there under. However, if any person contravenes any rules or regulations
framed under the Act for which no specific penalty is prescribed, he will be liable to pay
compensation not exceeding Rs. 25,000.
Moreover, any person who intentionally or knowingly tampers with computer source documents
would be penalised with imprisonment upto three years or a fine of upto Rs. 2 lakhs or both. In
simpler terminology, hacking is made punishable.
The Act also disallows the publishing and dissemination of obscene information and material.
The introduction of this provision should curtail pornography over the net. Any person who
disobeys this provision will be punishable with imprisonment of two years and a fine of Rs.
25,000 for the first conviction. In the event of a subsequent conviction, the imprisonment is five
years and the fine doubles to Rs. 50,000.

The Controller has the power to issue directions for complying with the provisions of the Act.
Failure to comply with his directions is punishable. Moreover, the interference with protected
systems or the reluctance to assist a Government Agency to intercept information in order to
protect state sovereignty and security is also made punishable.
The adjudicating court also has the powers to confiscate any computer, computer system,
floppies, compact disks, tape drives or any accessories in relation to which any provisions of the
Act are being violated. No penalty or confiscation made under this Act will affect the imposition
of any other punishment under any other law in force.
If penalties that are imposed under the Act are not paid, they will be recovered as arrears of land
revenue and the licence or DSC shall be suspended till the penalty is paid.
Adjudicating Officers:
The Central Government shall appoint an officer not below the rank of Director to the
Government of India or equivalent officer of the State Government as an adjudicating officer to
adjudicate upon any inquiry in connection with the contravention of the Act. Such officer must
have the legal and judicial experience as may be prescribed by the Central Government in that
behalf.
The Adjudicating Officer must give the accused person an opportunity to be heard and after
being satisfied that he has violated the law, penalise him according to the provisions of the Act.
While adjudicating, he shall have certain powers of a Civil Court.
Cyber Regulations Appellate Tribunal (CRAT):
A Cyber Regulations Appellate Tribunal (CRAT) is to be set up for appeals from the order of
any adjudicating officer. Every appeal must be filed within a period of forty-five days from the
date on which the person aggrieved receives a copy of the order made by the adjudicating
officer. The appeal must be the appropriate form and accompanied by the prescribed fee. An
appeal may be allowed after the expiry of forty-five days if sufficient cause is shown.
The appeal filed before the Cyber Appellate Tribunal shall be dealt with by it as expeditiously as
possible and endeavour shall be made by it to dispose of the appeal finally within six months
from the date of receipt of the appeal. The CRAT shall also have certain powers of a civil court.
As per Section 61, no court shall have the jurisdiction to entertain any matter that can be decided
by the adjudicating officer or the CRAT. However, a provision has been made to appeal from the
decision of the CRAT to the High Court within sixty days of the date of communication of the

order or decision of the CRAT. The stipulated period may be extended if sufficient cause is
shown. The appeal may be made on either any question of law or question of fact arising from
the order.
Police Powers:
A police officer not below the rank of deputy superintendent of police has the power to enter any
public place and arrest any person without a warrant if he believes that a cyber crime has been or
is about to be committed. This provision may not turn to be very effective for the simple reason
that most of the cyber crimes are committed from private places such as ones own home or
office. Cyber-cafs and public places are rarely used for cyber crimes. However, if the Act did
give the police department powers to enter peoples houses without search warrants, it would
amount to an invasion of the right to privacy and create pandemonium. Keeping this in mind, the
Legislature has tried to balance this provision so as to serve the ends of justice and at the same
time, avoid any chaos.
On being arrested, the accused person must, without any unnecessary delay, be taken or sent to
the magistrate having jurisdiction or to the officer-in-charge of a police station. The provisions of
the Code of Criminal Procedure, 1973 shall apply in relation to any entry, search or arrest made
by the police officer.
Network Service Providers not liable in certain cases:
To quote Section 78, it states:
"For the removal of doubts, it is hereby declared that no person providing any service as a
network service provider shall be liable under this Act, rules or regulations made thereunder for
any third party information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due diligence to
prevent the commission of such offence or contravention."
"Explanation.for the purposes of this section,
a) Network service provider means an intermediary;
b) Third party information means any information dealt with by a network service
provider in his capacity as an intermediary."
Thus a plain reading of the section indicates that if the network service provider is unable to
prove its innocence or ignorance, it will be held liable for the crime.

Cyber Regulations Advisory Committee (CRAC):

The Act also provides that as soon as it is enacted and it comes into force, the Central
Government shall constitute the CRAC. The CRAC will assist the Central Government as well
as the Controller of CAs to form rules and regulations consistent with the provisions of the Act.
The Controller will notify these regulations in the Official Gazette after consultation with the
CRAC and the Central Government.
Amendments:
With the introduction of the IT Act certain amendments are to be carried out in the Indian Penal
Code, 1860, the Indian Evidence Act, 1872, the Banker's Book Evidence Act, 1891 and the
Reserve Bank of India Act, 1934. These amendments will try and make these existing codes
Internet compatible.

LACUNAE
After having discussed the important provisions of the Act, attention should also be drawn to
some of its loopholes.
Inapplicability:
The first and foremost setback is that the provisions of the Act do not apply to the following:
a. A negotiable instrument as defined in Section 13 of the Negotiable Instruments Act,
1881;
b. Power of attorney as defined in Section 1A of the Powers-of-Attorney Act, 1882;
c. A trust as defined in Section 3 of the Indian Trusts Act, 1882;
d. A will as defined in Section (h) of Section 2 of the Indian Succession Act, 1925,
including any other testamentary disposition by whatever name called;
e. Any contract for the sale or conveyance of immovable property or any interest in such
property.
It is envisaged that the efficacy of the Act may not be considerable owing to its restrictive
applicability.
Digital Signatures:
Act deals only with PKI framework for authentication. It does not recognize any other
authentication procedure though the ambit of legal record is wide. This may cause problems for

m-commerce transactions that may not necessarily use the PKI system for authentication and
security purposes.

Qualifications and Powers of Adjudicating Officers Unclear:

The Act is unclear as to the qualifications of an adjudicating officer and the manner in which he
shall adjudicate.
Moreover, though the statute is supposedly a long arm statute, it does not indicate the powers
of the adjudicating officers when a person commits a cyber crime or violates any provisions of
the law from outside India. Several practical difficulties may also arise in importing the cyber
criminal to India. The Act does not lay down any provisions whereby extradition treaties can be
formed with countries where the cyber criminal is located. Therefore, the extra-territorial scope
of the Act may be difficult to achieve.
Furthermore, the powers to impose a penalty for a computer crime upto Rs. 1 crore offers a large
discretion to adjudicating officers and may turn out to be harmful.
Possible Violation of Fundamental Rights:
The provision that no order of the Central Government appointing any person as the presiding
officer of a CRAT shall be called into question in any manner and no act or procedure before a
CRAT shall be called into question in any manner merely because there is a defect in the
constitution of the CRAT may be violative of the fundamental rights of citizens under the
Constitution of India. This provision could be misused by the Central Government in an unfair
and arbitrary manner. It is recommended that is provision be modified so that the interests of the
public at large are safeguarded.
Misuse of Police Powers:
The search and arrest powers given to police officers are without any definite guidelines and may
be ill-used.
ISP Liability - Responsibility for Content Regulation not attributable:
While Section 78 absolves a network service provider of its liability if it can prove its ignorance
and due diligence, it fails to specify as to who would be held liable for such contravention in
such an event. This provision will certainly cause problems when an offence regarding third
party information or provision of data is committed.

No Intellectual Property Rights Protection Guaranteed:

Regulation of intellectual property rights, particularly copyright on the Internet is an evergrowing problem. The Act does not discuss the implications of any copyright violations over the
net. It has no provisions to penalise copyright infringers, commonly known as "pirates" for their
activities over the net. Internet piracy is a major problem has not been tackled by this Act. No
amendments have been proposed to the Copyright Act of India.

CONCLUSION
The IT Act is a comprehensive piece of legislation which aims at policing some of the activities
over the Internet. The fundamental approach of the Act is towards validating and legalising
electronic and on-line transactions. Business transaction costs will be curtailed and transaction
volumes will grow manifold. Computer and Cyber Crimes will hopefully be curbed and
offenders will be strictly penalised. Policing these crimes is extremely necessary. At the same
time the police officers who occupy large powers under the IT Act must also be educated in
computers and Internet. This would help them in executing their powers effectively and
efficiently.
But in order to curb computer crimes, the police alone cannot make all the difference. Awareness
regarding these cyberlaws must be created. Private and Non Governmental organisations must
play an active role in communicating this message to the masses. Moreover, the judiciary will
also have to play a proactive role in adjudicating cyber trials. A large part of the judiciary is
probably unaware of cyberlaws and their implications. They must themselves study the laws
carefully and effectively enforce them. Co-ordination amongst the organisations, police and
judiciary will definitely create some impact and minimise the crime rate.
However, the working and implementation of this law will depend greatly on the rules and
regulations that will be formed by the Government and other authorities constituted under the
Act. The Act is only a skeletal figure, while it is the rules and regulations that will form the
fleshy content.
This Act is not the end but only a beginning to a plethora of legislation that still needs to be
formed. It leaves various issues untouched, some of them relating to intellectual property rights,
data protection and taxation. No concrete regulations have also been formulated for cross border

issues. These issues are of immense importance and the Parliament must speedily frame laws to
govern them.
While legislation will always be lacking behind as time and technology progress, the Parliament
must ensure that it keeps amending the law and enacting new laws to keep pace with everchanging standards. At the same time, Indian law must be consonant with international standards
that are prescribed and that may be prescribed in the future. This is essential if we desire to
effectively regulate this boundless world.
India is amongst few of the countries in the world which have any legal framework for ecommerce and e-governance. Indian industry projections indicate that business transactions over
the net would cross Rs. 2500 crore (Rs.25 Billion) by 2002. The correct and honest
implementation of this Act would definitely be a boon to the Indian Infotech Sector. The Act has
been passed at a time when the Internet population in India is low and therefore it is hoped that
implementing the law should not be very difficult.

CHAPTER NO 7
CONCLUSION
Cyber law is a term that encompasses the legal issues related to use of communicative,
transactional, and distributive aspects of networked information devices and technologies. It is
less a distinct field of law in the way that property or contracts are, as it is a domain covering
many areas of law and regulation. Some leading topics include intellectual property, privacy,
freedom of expression, and jurisdiction. With advances in computers and telecommunications,
most businesses and many individuals have become dependent on computer network systems to
carry out everyday activities.
The genesis of internet was initiated by Vinton Cerf who first developed what later became
known as the internet i.e. the interconnectivity between computers worldwide in the year 1973.
Few years later, on 25th of December 1990, Tim Berners-Lee with the help of Robert Cailliau
and a young student at CERN (Conseil Europen pour la Recherche Nuclaire) invented the
World Wide Web (www) and implemented the first successful communication between a
Hypertext Transfer Protocol (HTTP) client and server via the internet.
The founding fathers hardly had this notion that internet could transform itself into an all
pervading revolution capable of being misused for criminal activities and which required
regulation. Today, where the know-how of internet has become immensely popular and easily
available, added as a subject for studies in educational institution in every society all over the

globe, being used by corporations and governments, hospitals, military, and by almost all
individuals and organizations in the world. Its because of its efficiency and usage in all matters
providing flawless results and products, that has led to internets extraordinary growth and
dependence since the day of its invention till today, which is a shockingly short time for such a
success. Internet has induced a rapid growth in all the sectors and has changed and affected the
human civilization massively making their life easier leaving its mark. In the present time, which
is also called the digital age, many disturbing things are happening in the cyberspace. Due to the
anonymous nature of the internet, it is possible to engage into a variety of criminal activities with
impunity and people with intelligence, have been grossly misusing the aspect of the internet to
perpetuate criminal activities in cyberspace. Hence the need of cyber laws in India.
The importance of cyber law is that it deals with almost all aspects of transaction and activities
concerning Internet, World Wide Web and Cyberspace in India, the fact that almost everybody
these days are using computers and internet whether for personal or business purpose not
completely realizing of the extent of Cyber laws. Many people, all over the sub-continent
illegally download latest movies, songs, softwares etc. from free download providing sites filled
with pirated contents infringing copyrights, trademarks etc, of the owners of the content, almost
freely committing Cybercrimes. This causes huge losses to the original owners of the intellectual
property. Since Cyber law has been recently acquainted with the citizens of India, most are
unaware of the Cybercrimes they have been committing. This is because cyber laws in India are
not strict and are in need of serious amendments with changing nature of the internet, keeping in
mind the interests of the people and owners of intellectual property. Only serious Cybercrimes
and thefts are taken seriously by the authorities in India. But much has changed at present, and it
is just the beginning. Sooner or later, people have to tighten their belts and take notice of
Cyber law for their own benefit.
To counter the menace of Cybercrime, Cyber laws are created by the legislative department to
curb and fight it. The IT Act 2000 attempts to change outdated laws and provides ways to deal
with Cybercrimes so that people can perform purchase transactions over the Net through credit
cards without fear of misuse. In view of the growth in transactions and communications carried
out through electronic records, the Act seeks to empower government departments to accept
filing, creating and retention of official documents in the digital format, and recognizes digital
signature as well. It contains provisions positive for e-commerce in India. Keeping in view, the

rapid growth and development and the changing nature of Cyberspace, government introduced
I.T. (Amendment) Bill 2006. Subsequently in February 2009, I.T. (Amendment) Bill 2008 was
passed as well by the government for meeting changing needs. Police in India are trying to
become cyber crime savvy and are hiring people who are trained in the respective field. A recent
survey indicates that for every 500 cybercrime incidents that takes place, only 50 are reported to
the police and out of that only one is actually registered. These figures indicate that how difficult
it is to convince the police to register a cybercrime. Establishment of cybercrime cells in
different parts of the country was expected to boost cybercrime reporting and prosecution.
However, these cells have not lived up to the expectations. Through the I.T. Act (Amendment)
2008, almost all the cyber crimes have been made bailable and this removed all sorts of
deterrence for the cyber criminals in India worldwide. This was a disastrous step taken by the
Indian governments which instead of creating fear of law in the minds of these white collar cyber
criminals, provided relief to such organized criminals. Indian cyber law is already a piecemeal
attempt and this amendment further made it a bane for India. Concerns regarding India becoming
a safe haven for cyber criminals were incessantly by techno legal experts of India but Indian
government did not pay heed to the same. Naturally, the present situation was bound to arise and
only the government is to be blamed solely.
What is needed to be done is that the Home Minister of India Mr. P. Chidambaram must
seriously consider projects and initiatives that can help in developing cyber skills of police force
in India. Issues like cyber law and cyber forensics have not yet been considered important
enough by him so far. With ever increasing use of technology, police work in India is going to be
more challenging. Hence they must be prepared.
The awareness of cybercrime is constantly on the rise among the citizens of India directly
affecting the expanding limits of cyber laws to fight and curb it. This expansion is inspiring the
young and aspiring lawyers attracting them towards cyber law with a promising career. The rise
in cybercrime has resulted in the growth of cyber laws creating new opportunities for lawyers to
practice. In the modern age where computers and internet are found in every field and
profession, the future of cyber laws appears rich in growth and development and has found an
important place in the legal system and the society. In the fight between cyber crime and
cyber law, the latter is still weaker than the former and lacks resources to fight back. Presently,
the poison of cyber crime is stronger than its anti-dote, cyber law in the Sub-Continent.

There is lot of Problems through which the present Cyber Law of India is passing through. The
problem still remains the same. In India we dont have a dedicated resource that is taking care of
Techno-Legal Laws of India in a holistic manner. Of course, we have a Cyber Law Database of
India. We also have a Techno-Legal ICT Regulations Database in India. These two resources are
tracing back the history of cyber law in India. However, we need a resource that can trace both
history of cyber law in India as well as its current position and the prospective future of the
same. The task is very difficult but it has been successfully achieved by Mr. Praveen Dalal,
Managing Partner of Perry4Law. He has successfully come out with a Dedicated Resource on
cyber law in India. The same is titled Legal Enablement Of ICT Systems in India and is the
exclusive, most comprehensive and holistic web resource in India dealing with Techno-Legal
ICT Laws and Regulations in India.
All the cyber law observers can now access information about cyber law in India and the changes
that are proposed or actually made from time to time. The resource is very futuristic and
promising in nature and it would be good idea if the Government of India (GOI) consults the
same while making, amending or reformulating techno-legal laws in India.
One of the important aspects of this resource is that it is the exclusive resource that is providing a
Constitutional Analysis of the present as well as proposed techno-legal laws in India.
Therefore all of the Civil Liberty Crusaders keep a close eye upon this resource for issues like
Privacy Rights, Life and Liberty, Right to Speech and Expressions, etc. For instance,
surveillance has become a controversial issue since the Information Technology (Amendment)
Bill, 2008 (Bill, 2008) has been proposed. Surprisingly some people are justifying these wide
and unregulated powers as justified under the garb of security that does not exists at all in India.
There is only one answer to the pro surveillance argument and it is a Benjamin Franklin quote:
Those who would give up essential liberty to purchase a little temporary safety deserve neither
liberty nor safety. E-Surveillance should not be a substitute for cyber security and cyber
forensics capabilities. Privacy Rights must be respected and followed in both letter and spirit in
India. He Bill, 2008 has seriously compromised these Fundamental Rights. So friends, wake up
and be a vigilant and legally aware citizens. We will keep on spreading the Cyber Law
Awareness in India so that we may have an informed citizenry.
The Associated Chambers of Commerce and Industry of India (ASSOCHAM) is one of the most
premier and leading Industry Chambers in India which is dedicated to the overall growth of the

Indian Economy and the Indian Nation. Assocham has various Industry Committees which are
focused on different areas of activities and businesses. One of the main focus areas for Assocham
has been Cyberlaw, which is the law of the new frontier, the cyberspace. In that regard,
Assocham has constituted the Assocham Cyberlaw And IT Act Committee (or Assocham
Cyberlaw Committee in short). This committee is a result of the futuristic thought process and
thought leadership of Assocham, led by its current President Mr. Sajjan Jindal. Mr. D.S. Rawat
Secretary General, ASSOCHAM has taken a keen interest in the various activities of
ASSOCHAM Cyberlaw Committee.
This committee aims to contribute to the growth of Cyberlaw Issues to the extent to which they
impact

Indian

Businesses,

Industry,

Companies

and

Indian

Economy.

Assocham is the only Industry body of India to constitute a dedicated special committee on
Cyberlaw. The Assocham Cyberlaw Committee is led by its Chairman, Mr. Pavan Duggal,
Asias and India s leading expert and authority on Cyberlaw. Mr. Pavan Duggal, cyber lawyer
par excellence, is a practicing Advocate, Supreme Court of India and President.
Recently Alexander Seger, Head of Economic Crime Division, Council of Europe, asked India to
be a part of the Convention on Cybercrime. Although the intentions seem to be good yet the end
result would be a big failure. This is so because an action without proper planning and
preparation can never fetch the desired result. India is presently suffering from weak cyber law,
ignored cyber security and absence of cyber forensics capabilities.
The Information Technology Act, 2000 (IT Act, 2000) is the sole cyber law of India that is
regulating all the aspects of cyber law, cyber security and cyber forensics. Undoubtedly, the legal
enablement of ICT (Information and Communications Technology) systems in India is missing
and the Information Technology (Amendment) Act, 2008 now provides with a fairly complete
legal framework but still not devoid of technical lacunae.
It is observed now that the most important step is to follow it up with steps that will enable India
to cooperate internationally in an effective manner so as to control cyber crimes and launch
prophylactic measures to preempt the probability or possibility of cyber terrorism.
India is currently not equipped to sign any International Convention or Treaty regarding Cyber
Law and Cyber Crimes. If the very base is defective we cannot get the result we are craving for.
The IT Act, 2000 is weak, cyber security is missing and cyber forensics capabilities do not exist.
There are no efforts in these directions in India except by private sector.

It is clear that India is not yet ready to sign any international treaty or convention. Signing of the
same would only increase pressure upon the law enforcement and Indian government. The
proper course of actions is to improve its position regarding cyber law, cyber security and cyber
forensics. Once that is achieved, we must proceed towards analysing the draft of European Union
or any other institution.
Therefore, this study is an attempt to address these issues.

BIBLIOGRAPHY
Books and Articles
1. Alting, Carsten, Piercing the Corporate Veil in American and German Law: Liability of
Individuals and Entities: a Comparative View, Tulsa Journal of Comparative and
International Law, 1995.
2. Barlow, John Perry, A Declaration of the Independence of Cyberspace; for more detail
see, https://projects.eff.org/~barlow/Declaration-Final.html.
3. Bergkamp, Lucas, Wan-Q Pak, Piercing the Corporate Veil: Shareholder Liability for
Corporate Torts, Maastricht Journal of European and Comparative Law, Vol. 8, No. 2,
2001.

4. Blainpain, R., B. Verschraegev (eds), International Encyclopedia of Laws: Private

International Law, Kluwer Law International, The Hague 2005.
5. Burk, Dan, Federalism in Cyberspace, University of Connecticut Law Review, 1996.
6. Castel, Jean Gabriel, Janet Walker, Canadian Conflict of Laws, 5th edn, Butterworths,
Canada, 2003.
7. Cerna, C.M., Hugo Princz v. Federal Republic of Germany: How far does the LongArm Jurisdiction of US Law reach, Leiden Journal of International Law, Vol. 8, No. 2,
1995.
8. Cheshire, North, Private International Law, 12th edn, Butterworths & Co, London,
1992.
9. David R. Johnson and David G. Post, And How shall the net be governed? A meditation
on the relative virtues of decentralized, Emergent Law, available at www.cli.org.
10. David R. Johnson and David G. Post, Law & Bordersthe Rise of Law in Cyberspace,
Stanford Law Review, Vol. 48, 1996.
11. Davies, Paul, Gowe Principles of Modern Company Law, 7th edn, Sweet and Maxwell,
London, 2003
12. Dr. Mishra, J.P., An Introduction to Cyber Law, Central Law Publications, Allahabad,
1st Ed., 2012
13. Fafinski, S., Computer Misuse: the Implications of the Police and Justice Act 2006,
Journal of Criminal Law Vol. 72, No. 1, 2008
14. Goldsmith, Jack L., About Cyberanarchy, U. Chi. Law Review., Vol. 65, 1998.
15. Johnson, David R., David G. Post, Law and BordersThe Rise of Law in
Cyberspace, Stan. Law Rewiew, Vol. 48, 1996.
16. Kamble, R.M., C.Vishwapriya, Cyber Crimes and Information Technology, NALSAR
Law Review, Vol. 4, No. 1
17. Keller, Moritz, Lessons from The Hague: Internet Jurisdiction in Contract and Tort
Cases in the EC and the US, John Marshall Journal of Computer and Information Law,
Vol. 23, 2004.
18. Kevin M. Clermont, The Role of Private International Law in the United States:
Beating the Not-quite-dead Horse of Jurisdiction, in Ronald A. Brand and Mark Walter

(eds) Private Law, Private International Law and Judicial Cooperation in the EUUS
Relationship , Thompson West, 2005.
19. Kohl, Uta, Eggs, Jurisdiction and the Internet, International and Comparative Law
Quarterly, Vol. 51, 2002.
20. Kohl, Uta, Legal Reasoning and Legal Change in the age of the Internet: Why the
Ground Rules are still Valid, International Journal of Law and Information Technolog,
Vol. 7, No. 2, 1999..
21. Kurland, Philip, The Supreme Court, the Due Process and the In Personam Jurisdiction
of State Courts: From Pennoyer to Denckla, University of Chicago Law Review, Vol.
25, 1958.
22. Lawrence Collins, Dicey and Morris on Conflict of Laws, 13th edn, Sweet &Maxwell,
London, 2000.
23. Lyons, Katherine, Piercing the Corporate Veil in the International Arena Syracuse
Journal of International Law and Commerce, Vol. 33, No. 2, 2006.
24. Mann, F.A., The Doctrine of International Jurisdiction Revisited after Twenty Years,
Recueil des Cours de lAcademie de Droit International, 1984.
25. Manolopoulos, Andreas, Raising Cyberspace: The Interaction between Law and
Technology, International Journal of Law and Technology, Vol. 11, 2003.
26. Mattei, Ugo, Jeffrey Lena, US Jurisdiction over Conflicts arising outside the United
States: Some hegemonic implications, Hastings International and Comparative Law
Review, Vol. 24, No. 3, 2001.
27. McClean, David, Morris: The Conflict of Laws, 4th edn, Universal Publishing Co,
2004.
28. Mehren, Arthur T. von, Recognition and Enforcement ofForeign Judgments: General
Theory and the Role of Jurisdictional Requirements, Recueil des Cours, 1980.
29. Moore, Marc T., A Temple built on Faulty Foundations: Piercing the Corporate Veil
and the Legacy of Salomon v Salomon, Journal of Business Law, March, 2006.
30. Pearce, Brian, The Comity Doctrine as a barrier to Judicial Jurisdiction: A USEU
Comparison Stanford Journal of International Law, Vol. 30, No. 2, 1994.
31. Perritt, Henry H. Jr, Jurisdiction and the Internet: Basic Anglo/American Perspectives
Projects in the Coming 2000s, available at www.kentlaw.edu.

32. Perritt, Henry H. Jr, Jurisdiction in Cyberspace, Villanova Law Review, vol. 46, No.
1, 1996.
33. Raysman, Richard, Peter Brown, Computer Law: Drafting and Negotiating Forms and
Agreements, Law Journal Press, 2008.
34. Ryder, Rodney D., Guide to Cyber Laws (Informational Technology Act, 2000, ECommerce, Data Protection and the Interne, 1st edn, Nagpur: Wadhwa & Co Law
Publishing Co, 2001.
35. Strauss, Andrew L., Where America ends and the international order begins:
interpreting the jurisdictional reach of the U.S. constitution in light of a proposed Hague
Convention on Jurisdiction and Satisfaction of Judgments, Albany Law Review, Vol.
61, No 4, 1998.
36. Thompson, Robert B., Piercing the Veil within Corporate Groups: Corporate
Shareholders as mere Investors, Connecticut Journal of International Law, Vol. 13, No.
2, 1999.
37. Vakul Sharma, Information Technology Law and Practice, New Delhi Universal Law,
2004.

Websites
1. http://administrationpublic.weebly.com/cyber-laws-cyber-crimes-and-cyber-controladministration.html
2. http://www.cyberlawsindia.net/lawyering.html
3. http://www.expertlawyer.in/it-law-cyber-law-internet-law-india.aspx
4. http://www.qesign.com/offer.php?x=Keith-Smith_v_Williams
5. www.australianit.news.com.au/story
6. www.gulf-times.com
7. www.ind.ii.org
8. www.itp.net
9. www.sabric.co.za
10. www.theregister.co.uk
11. www.timebase.com.au