Cyberspace: A Holistic Approach
Dr RajuNarayana Swamy (IAS)
Introduction: Cyberspace is inherently a Global Common Place - a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. It does not exist physically, except in the countless miles of electronic circuitry, fibre optic cables and silicon chips which make up our computers and networks. By its very nature, it is everywhere and nowhere at once; it is the everythingness and nothingness of William Gibson’s matrix, but it need not be realized only in futuristic dystopian novel. Cyberspace has now come to denote anything related to computers, the internet, websites and even devices such as ATM machines and cell phones. Thus while internet is a fact, cyberspace is a fiction- a man-made machine world.
Two important concepts that influence the behaviour of a person in cyber space are anonymity and psuedonymity. Anonymity is the ability of an individual to conduct certain transactions without revealing his identity. Pseudonymity on the other hand is the ability of an individual to assume an identity other than that of himselfwhile conducting a transaction.
The advancement of internet has created ambiguity for sovereign territory because network boundaries intersect and transcend national boundaries. The net in a sense is analogous to the “high seas” which no one owns yet people of all the nationalities use. Though in practical terms, an internet user is subject to the laws of the State within which he/she goes online this general rule comes into conflict where the dispute are international in nature. A person in India could break into a bank’s electronic vault hosted on a computer in USA and transfer millions of Rupees to another bank in Switzerland, all within minutes. All he would need is a laptop computer and a cell phone. A cybercriminal is here, there, nowhere, anywhere and everywhere.
Cyber law can be defined as the legal issues that are related to utilisation of communications technology, concretely "cyber space". From the time you register your Area Name, to the time you set up your web site, to the time you promote your website, to the time when you send and receive emails, to the time you conduct electronic commerce transactions on the said site, at every point of time, there are various cyber law issues involved. Two important cases illustrate the requirement of separate law for cyberspace: (a) difficulty in distinguishing adult from child in internet transactions: (b) invasion of our privacy which is quite different from the real world.
Sine qua non for cybercrime
The demarcation between conventional and cybercrimes lies in the involvement of the medium in cases of cybercrime. The sine qua non for cybercrime is that there should be an involvement, at any stage, of the virtual cyber medium. Cybercrimes today range from economic offences (fraud, theft, industrial espionage etc.,) to infringements on privacy, propagation of illegal & harmful content, facilitation of prostitution and organized crime. Cybercrime can halt any railway where it is, it may misguide the planes on its flight through wrong signals, it may cause any important military data to fall into the hands of foreign countries, and it may halt e-media and every system can collapse within a fraction of seconds.
Mention must be made here of Electro Magnetic Pulse(EMP) Bombs and High Energy Radio Frequency (HERF) weapons which differ from the malicious codes, viruses and worms of yester years and are serious menacing perils of the technological age. EMP devices are compact and perpetrators can use them to overload computer circuitry. These devices can destroy a computer’s motherboard and permanently and irretrievably erase data in memory storage devices. Like EMPs, HERF devices use electromagnetic radiation. The difference is that individuals can focus HERF devices on a specific target using a parabolic reflector.
The history of cybercrimes can be divided into the following phases:
- The phase of 1990’s- Computer Fraud and Unauthorized Access toComputer System
- The phase of 2000 to 2003 —Notoriety and Personal Challenge
- The phase of 2004 to 2005 —Lure of Money and Professionalism
- The phase of 2006 to 2008 —Gangs and Discretion
- The phase of 2009 to 2010 —Social Networking and Engineering
- The phase of 2011 to till date
With the advent of social media, cybercrimes are happening at the drop of a hat. The arrival of cloud computing has complicated matters further. Legal rights and regulatory authority for the protection of privacy of cloud computing users are not well defined. Moreover, in the event of dispute between cloud service provider and service user, jurisdiction can be an issue.
Unlike a traditional crime, where the evidence can visibly be seen and felt in the form of weapon, bloodstains, fingerprints, DNA etc. the cybercrime does not leave any such physical evidence. It is very difficult therefore to collect and preserve them until the submission in the court. Offences such as hacking of a website, stealing data stored in computers, espionage, exchange of pornographic material, blackmailing etc. involve detection of source of communication which is a complicated task. Because the police are not having sufficient knowledge in technology, cybercrimes are also generally investigated in the same manner as traditional crimes resulting in very low conviction in cybercrimes.
No wonder why Cyber Forensics has developed from its nascent days to a full-fledged discipline comprising of techniques spanning from creation of ‘bit-for-bit’ copies of stored and deleted information, ‘writeblocking’ in order to ensure that the original information is not changed, and cryptographic file ‘hashes’, or digital signatures, that can demonstrate changes in information. This brings forth the importance of digital evidence which is "information of probative value that is stored or transmitted in binary form." Police officers are used to having evidence they can see and feel such as screwdrivers, knives, and handguns. Digital evidence is something altogether different. It can be found in e-mails, digital photographs, ATM transaction logs, Internet Browser Histories, GPS tracks or even logs from a building's electronic door locks.
In fact, a multi-layered approach towards tackling cybercrimes is the need of the hour in the country. The heart and soul of the approach will be bringing in technologies to prevent cybercrimes in a full-fledged manner. These range from:
- Encrypted Tunneling:
- Secure Sockets Layer (SSL) and Secure HTTP
- Secure Electronic Transform (SET)
A techno legal approach concentrating on effective use of technology to combat the menace coupled with changes in legislation attuned to the non-hierarchical, open and dynamic culture of the "net" is calledfor. It should be the duty of the three stake holders viz. (i) the rulers, regulators, law makers and investigators (ii) Internet or Network Service Providers or banks and other intermediaries and (iii)the users to take care of information security playing their respective role within the permitted parameters and ensuring compliance with the law of the land. Takedowns of websites and forums on the dark web through multi nation collaboration has been done in Europe recently. This initiative has to be supported and cooperation extended to other nations so that the web of crime is disrupted and prevented from turning into a web of profit for the cyber criminals.