In the era of the cyber world, as the use of computers became more popular, the development of technology also expanded and the word ‘cyber’ became more familiar to people. The development of Information Technology (IT) gave birth to cyberspace, in which the Internet provides equal opportunities to all people to access any information, data storage, analysis, etc. using high technology. Due to the increase in the number of citizens, the misuse of technology was increasing in cyberspace which also gave rise to cyber crimes at domestic and international level.
Hackers may be vandalizing your site, viewing confidential information, stealing trade secrets or intellectual property using the Internet. It may also include ‘denial of services’ and virus attacks preventing regular traffic from accessing your site. Cybercrimes are not limited to outsiders only, except in the case of viruses and security-related cybercrimes, which are usually committed by employees of a particular company, who can easily access company passwords and data storage for their own benefit. Cyber crimes also include criminal activities carried out using computers which further aggravate crimes such as financial crimes, sale of illegal goods, pornography, online gambling, intellectual property crimes, e-mail, spoofing, forgery, cyber defamation, cyber stalking, unauthorized access to computer system, theft of information contained in electronic form, e-mail bombing, physically damaging computer system, etc.
Information technology has spread all over the world. Computers are used in every field where cyberspace provides everyone with equal opportunities for economic growth and human development. As the users of cyberspace are becoming increasingly diverse and the range of online interactions is expanding, cyber crimes are also expanding, such as online breach of contracts, online torts and crimes, etc. Due to these consequences, there is a need to adopt a strict law by the cyberspace authority to regulate cyber-related criminal activities and provide better justice administration to the victims of cyber crime. In the world of modern cyber technology, it is necessary to regulate cyber crimes and most importantly, cyber law should be made strict in case of cyber terrorism and hackers.
As the number of users of computer systems and Internet is increasing all over the world, any information can be easily accessed in a few seconds using the Internet, which is a medium of vast information and a huge base of communication all over the world. There are certain precautionary measures that must be taken by netizens while using the Internet that will help challenge this major threat of cybercrime. The growing threat posed by crimes committed against computers or against information stored on computers has begun to attract attention in national capitals. However, existing laws against such crimes are unlikely to be enforced in most countries around the world. This lack of legal protection means that businesses and governments must rely solely on technical measures to protect themselves from those who would steal, deny access to, or destroy valuable information.
This report analyzes the state of the law in 52 countries. It finds that only ten of these countries have amended their laws to cover more than half of the crimes that need to be addressed. While many other initiatives are underway, it is clear that a lot of additional work needs to be done before organizations and individuals can be confident that cybercriminals will think twice before attacking valuable systems and information.
Undeterred by the prospect of arrest or prosecution, cybercriminals around the world lurk on the Internet as an emerging threat to the financial health of businesses, the confidence of their customers, and nations’ security. Headlines of cyberattacks capture our attention with increasing frequency. According to the Computer Emergency Response Team Coordination Center (CERT/CC), the number of reported incidents of security breaches in the first three quarters of 2000 increased by 54% over the total number of incidents reported in 1999. In addition, countless cases of illegal access and damage worldwide remain unreported because victims fear exposure of vulnerabilities, the possibility of copycat crimes, and the loss of public confidence.
Cybercrimes—harmful acts committed by or against computers or networks—differ from most terrestrial crimes in four ways. They are easy to learn to commit; they require very few resources relative to the potential damage they can cause; they can be committed without being physically present in a jurisdiction; And they are often not explicitly illegal. As this report shows, the laws of most countries do not explicitly prohibit cybercrimes. Existing terrestrial laws against physical acts of trespassing or break-ins and intrusions often do not cover their “virtual” counterparts. Web pages, such as e-commerce sites, recently affected by widespread, distributed denial-of-service attacks, may not be covered under older laws as protected forms of property. New types of crime can fall between the cracks, as the Philippines discovered when it attempted to prosecute the perpetrator of the May 2000 Love Bug virus, which caused billions of dollars in damages worldwide.
Effective law enforcement is necessary to implement and enforce alcohol control policies that affect minors’ access to alcohol, in order to reduce access by minors overall. Without such enforcement, communities may come to view alcohol control policies as meaningless and violations of such policies as acceptable. Effective law enforcement is complicated by the international nature of cyberspace. Mechanisms for cooperation across national borders to solve and prosecute crimes are complex and slow. Cybercriminals can disregard the traditional jurisdiction of sovereign nations, launch attacks from almost any computer in the world, send them across multiple national borders, or plan attacks that appear to originate from foreign sources. Such techniques dramatically increase the technical and legal complexities of investigating and prosecuting cybercrimes.
Six weeks after the Love Bug attack, the Philippines outlawed most computer crimes under a sweeping e-commerce law. However, to prevent a recurrence of the disaster that prompted this action, the future of the networked world demands a more proactive approach, whereby governments, industry, and the public work together to create enforceable laws that effectively deter all but the most determined cybercriminals.
Security is a concept everyone is familiar with. We use locks and alarm systems to prevent unwanted people from entering our homes and cars. Computer security is no different. To illustrate computer security, look at most modern office buildings. There are two basic ways a company can implement security, and the third is a hybrid approach. The first way is to have security guards posted at the front door and at each door in the building where entry should be restricted. Employees are assigned an identification card. When the employee wants to enter the building or door, the guard checks the identification card. First, the guard verifies that the employee is the same person as the one written on the ID card. This is authentication—verification of a person’s identity. Next, the guard checks the list of “allowed people.” If the employee is on the list, he or she is allowed entry. Changing an employee’s access is achieved by adding or removing his or her name from a particular guard’s list.
In an August 2000 report, Risky E-Business: Seizing the Opportunity of Global E-Readiness, McConnell International evaluated middle-tier economies’ ability to participate in the digital economy. Considering nations’ information security, the report evaluated public confidence in the security of information processed and stored on networks in each country. In this context, information security includes; assessing the strength of legal protections and progress in protecting intellectual property rights, especially for software; the extent of efforts to protect electronic privacy; and the strength and effectiveness of the legal framework for authorizing digital signatures. The e-Readiness Report also examined the existence of a legal framework to prosecute cybercriminals, as a predictable environment of strong deterrence for computer crime is vital to the effective protection of valuable information and networks.
Although many countries, particularly in Europe and Asia, have paid attention to these broader information security factors, only a few countries were able to demonstrate that adequate legal measures have been taken to hold perpetrators of cybercrime accountable for their actions. Overall, about half of the countries included in the e-Stability study were judged to require substantial improvement in information security. Furthermore, only a small portion of the countries rated as requiring substantial improvement indicated that progress is currently underway.
Outdated laws and regulations, and weak enforcement mechanisms for protecting network information, create a hostile environment in which to conduct e-business both within a country and across national borders. Inadequate legal protection of digital information can create barriers to its exchange and inhibit the growth of e-commerce. As e-business expands globally, the need for robust and consistent means to protect network information will grow.
Extending the rule of law into cyberspace is a critical step toward creating a trustworthy environment for people and businesses. Because this extension is still a work in progress, organizations today must first and foremost protect their systems and information from attack, whether from outsiders or from within. They can only secondarily rely on the deterrence that effective law enforcement can provide. To provide this self-protection, organizations must focus on implementing cybersecurity plans that address people, process, and technology issues. Organizations need to educate employees on security practices, develop holistic plans for handling sensitive data, records, and transactions, and commit resources to incorporating robust security technology—such as firewalls, anti-virus software, intrusion detection tools, and authentication services—throughout the organization’s computer systems.
These systems security tools—software and hardware to protect information systems—are complex and costly to operate. To avoid hassle and expense, system builders and system operators routinely leave security features “turned off,” unnecessarily increasing the vulnerability of information stored on systems. Bugs and security flaws are typically left unfixed, despite known fixes. In addition, no agreed-upon standards exist for benchmarking the quality of tools, and no accepted methodology exists for organizations to determine how much investment in security is sufficient. The inability to measure the costs and benefits of information security investments leaves security managers at a disadvantage when competing for organizational resources. Much work still remains to be done to improve management and technical solutions for information security.
Industry-wide efforts are underway for prevention, response, and collaboration. Around the world, various industries are establishing Information Sharing and Analysis Centers (ISACs) to share real-time information concerning threats, vulnerabilities, attacks, and countermeasures. The recent Global Information Security Summit, sponsored by the World Information Technology and Services Alliance (www.witsa.org), brought together industries, governments, and multilateral organizations across economic sectors to share information and build partnerships. Post-summit working groups are now developing collaborative approaches to address the most critical information security problems. The results of that work will be considered at the second summit in Belfast in May 2001. The summit will also provide an opportunity to protest the progress of nations in updating their laws to cover cybercrimes.
The word miscellaneous comes from the Latin word misere, meaning “to mix.” You have probably heard the saying “mixed bag,” which applies when you don’t know what you are going to get. This is also true for a bag full of miscellaneous items. You can pull out socks and a stick of butter — two things that don’t seem to belong together. Similarly, miscellaneous can describe something with many variations, such as a person who expresses himself in many different ways.
The weak state of global legal protection against cybercrime prompts three courses of action.
1.Firms should keep their network information secure: Laws enforcing property rights work only when property owners take reasonable steps to protect their property. As one observer put it, if homeowners fail to buy locks for their front doors, should cities solve the problem by passing more laws or hiring more police? Even where laws are adequate, network-dependent firms must make their information and systems secure. And where enforceable laws are months or years away, as is the case in most countries, this responsibility is even more important.
2. Governments must ensure their laws apply to cybercrime: National governments remain the primary authority for regulating criminal behavior in most places in the world. One nation has already struggled with, and eventually reformed, its legal authority when faced with the unique challenges presented by cybercrime.
It is important that other countries benefit from this lesson, and examine their current laws to see if they are crafted in a technology-neutral manner that does not eliminate the possibility of prosecuting cybercriminals. In many cases, nations will find that current laws must be updated. The enactment of enforceable computer crime laws that also respect the rights of individuals is an essential next step in the fight against this emerging threat.
3. Firms, governments and civil society should work collaboratively to strengthen the legal framework for cybersecurity: For cross-border prosecution, an act must be a crime in each jurisdiction. Thus, while local legal traditions should be respected, nations should define cybercrimes in a similar way. A significant effort to formulate a model approach is underway at the Council of Europe (see www.coe.int), which comprises 41 countries. The Council is preparing an international convention on cybercrime. The convention addresses illegal access, illegal interception, data interference, systems interference, computer-related forgery, computer-related fraud, and aiding and abetting these crimes. It also considers jurisdiction, extradition, communications interception, and investigative matters related to the production and protection of data. Finally, it promotes cooperation between law enforcement authorities across national borders.
Later in its process, the Council began to consider the views of affected industry and civil society. This process is making the Council’s product more realistic, practical, efficient, balanced, and respectful of due process that protects individual rights. On this point, most observers support provisions to improve law enforcement cooperation across borders. However, industry, through the World Information Technology and Services Alliance (see www.witsa.org/press/), argues that requirements for service providers to monitor communications and assist investigators, as outlined in the draft convention, would be unnecessarily burdensome and costly. Another provision considered objectionable could criminalize the creation and use of intrusive software or hacking programs that are designed for legitimate security testing purposes. This action could stifle advances in technology critical to combating emerging cyber threats. Privacy and human rights advocates (see www.gilc.org) object to the lack of procedural safeguards and due process to protect the rights of individuals in the draft convention, and to the possibility that upcoming national laws would effectively ban privacy, anonymity, and encryption.
The Council plans to issue a final draft of the Convention in December 2000. In 2001, a political process involving national governments will determine the scope and coverage of the final Convention. All countries and all companies are affected because of the international potential of cybercrime. Interested parties, including national governments outside Europe and businesses and non-governmental organizations around the world, should participate vigorously in the consensus process to develop measures that support effective international law enforcement and promote continued development and innovation.
Read Also:
The number of internet users in India is more than 560 million, which is the…
Cyber crime is a crime that involves computers and networks. Finding any computer at a…
As the world is moving forward in the field of digitalization, the threat of cyber…
Digital world creates conditions where nothing remains confidential or secret.’ Has the present world really…
‘Cybercrime in India’ is the term used to describe criminal activities involving a computer or…
Police is an organization of the government, which has to work promptly to maintain law…