What is cyber law and why do we need it?

Rohas Nagpal
Dec 23, 2018 · 5 min read

What is Cyber Law?

In order to arrive at an acceptable definition of the term Cyber Law, we must first understand the meaning of the term law. Simply put, law encompasses the rules of conduct:

  1. that have been approved by the government, and
  2. which are in force over a certain territory, and
  3. which must be obeyed by all persons on that territory. Violation of these rules will lead to government action such as imprisonment or fine or an order to pay compensation.

The term cyber or cyberspace has today come to signify everything related to computers, the Internet, websites, data, emails, networks, software, data storage devices (such as hard disks, USB disks etc) and even Airplanes, ATM machines, Baby monitors, Biometric devices, Bitcoin wallets, Cars, CCTV cameras, Drones, Gaming consoles, Health trackers, Medical devices, Power plants, Self-aiming rifles, Ships, Smart-watches, Smartphones & more.

Thus a simplified definition of cyber law is that it is the “law governing cyber space”.

The issues addressed by cyber law include cyber crime, electronic commerce

An interesting definition of cyber crime was provided in the “Computer Crime: Criminal Justice Resource Manual” published in 1989. According to this manual, cyber crime covered the following:

  1. computer crime i.e. any violation of specific laws that relate to computer crime,
  2. computer related crime i.e. violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution,
  3. computer abuse i.e. intentional acts that may or may not be specifically prohibited by criminal statutes. Any intentional act involving knowledge of computer use or technology is computer abuse if one or more perpetrators made or could have made gain and / or one or more victims suffered or could have suffered loss.

The term electronic commerce or E-commerce is used to refer to electronic data used in commercial transactions. Electronic commerce laws usually address issues of data authentication by electronic and/or digital signatures.

This encompasses:

  1. copyright law in relation to computer software, computer source code, websites, cell phone content etc;
  2. software and source code licenses;
  3. trademark law with relation to domain names, meta tags, mirroring, framing, linking etc.;
  4. semiconductor law which relates to the protection of semiconductor integrated circuits design and layouts;
  5. patent law in relation to computer hardware and software.

Data protection and privacy laws address legal issues arising in the collecting, storing and transmitting sensitive personal data by data controllers such as banks, hospitals, email service providers etc.

The need for Cyber Law

The first question that a student of cyber law will ask is whether there is a need for a separate field of law to cover cyberspace. Isn’t conventional law adequate to cover cyberspace?

Let us consider cases where so-called conventional crimes are carried out using computers or the Internet as a tool. Consider cases of spread of pornographic material, criminal threats delivered via email, websites that defame someone or spread racial hatred etc. In all these cases, the computer is merely incidental to the crime. Distributing pamphlets promoting racial enmity is in essence similar to putting up a website promoting such ill feelings.

Of course, it can be argued that when technology is used to commit such crimes, the effect and spread of the crime increases enormously. Printing and distributing pamphlets even in one locality is a time consuming and expensive task while putting up a globally accessible website is very easy.

In such cases, it can be argued that conventional law can handle cyber cases. The Government can simply impose a stricter liability (by way of imprisonment and fines) if the crime is committed using certain specified technologies. A simplified example would be stating that spreading pornography by electronic means should be punished more severely than spreading pornography by conventional means[1].

As long as we are dealing with such issues, conventional law would be adequate. The challenges emerge when we deal with more complex issues such as ‘theft’ of data. Under conventional law, theft relates to “movable property being taken out of the possession of someone”.

The General Clauses Act defines movable property as “property of every description, except immovable property”. The same law defines immovable property as “land, benefits to arise out of land, and things attached to the earth, or permanently fastened to anything attached to the earth”. Using these definitions, we can say that the computer is movable property.

Let us examine how such a law would apply to a scenario where data is ‘stolen’. Consider my personal computer on which I have stored some information. Let us presume that some unauthorized person picks up my computer and takes it away without my permission. Has he committed theft? The elements to consider are whether some movable property has been taken out of the possession of someone. The computer is movable property and I am the legal owner entitled to possess it. The thief has dishonestly taken this movable property out of my possession. It is theft.

Now consider that some unauthorized person simply copies the data from my computer onto his pen drive. Would this be theft? Presuming that the intangible data is movable property, the concept of theft would still not apply as the possession of the data has not been taken from me. I still have the ‘original’ data on the computer under my control. The ‘thief’ simply has a ‘copy’ of that data. In the digital world, the copy and the original are indistinguishable in almost every case.

Consider another illustration on the issue of ‘possession’ of data. I use the email account rohasnagpal@gmail.com for personal communication. Naturally, a lot of emails, images, documents etc are sent and received by me using this account. The first question is, who ‘possesses’ this email account? Is it me because I have the username and password needed to ‘login’ and view the emails? Or it is Google Inc because the emails are stored on their computers?

Another question would arise if some unauthorized person obtains my password. Can it be said that now that person is also in possession of my emails because he has the password to ‘login’ and view the emails?

Another legal challenge emerges because of the ‘mobility’ of data. Let us consider an example of international trade in the conventional world. Sameer purchases steel from a factory in China uses the steel to manufacture nails in a factory in India and then sells the nails to a trader in the USA. The various Governments can easily regulate and impose taxes at various stages of this business process.

Now consider that Sameer has shifted to an ‘online’ business. He sits in his house in Pune (India) and uses his computer to create pirated versions of expensive software. He then sells this pirated software through a website (hosted on a server located in Russia). People from all over the world can visit Sameer’s website and purchase the pirated software. Sameer collects the money using a PayPal account that is linked to his bank account in a tax haven country like the Cayman Islands.

It would be extremely difficult for any Government to trace Sameer’s activities.

It is for these and other complexities that conventional law is unfit to handle issues relating to cyberspace. This brings in the need for a separate branch of law to tackle cyberspace.

Rohas Nagpal

Written by

Retired hacker, blockchain architect, Tintinologist.