Blog Details

Govind Belbaseकथा सङ्ग्रह बाट
1.0

E-commerce: How can the criminal exploitation of commerce over the Internet be prevented, can Nepal benefit from the experience of the UK and US? Govind Belbase Date: 17-04-00

31 Dec, 1969

Introduction

Silicon chip-based technology is one of the main technological developments of the 20th-century. The term cyberspace originally conceives of the territorial nation state being replaced by the “Zaibatsu or corporation stare from the science fiction novel Neuromancer”[1]. The explosion of popular and leisure use that has transformed the Internet has brought terms like ‘electronic democracy’ ‘information superhighway’ the ‘governance of cyberspace’ into public debate.

At the start of 1999, 87 million North Americans and more than 150 million people, worldwide were using the Internet.[2] Use of the Internet, has raised many legal questions for example: “If virtual communities are the way of the future, what legal regime should govern them? Can Lawyers find a way to conceive of virtual legal systems, applied to cyber-nations, which might or might not correspond to today’s real-world nation-states? How can law be made in a community such as the Internet, which wholly lacks a sovereign of the type Austin proposed as essential for the creation of law[3], or even the rule of recognition beloved of HLA Hart?[4] What would substitute for the legislatures and courts of such communities?[5] Might the legal subjects of such virtual legal systems include not only the natural and juristic persons with which lawyers are familiar, but also the virtual personae often adopted by hardened Internet users and electronic role-players, which may differ in name, sex and race from the corresponding “real world” persona of that individual?”[6]

Hypertext is advanced technology of leaflet with which vying the Internet. The Internet launches information rapidly by the means of hypertext that electronic commerce is going to revolutionize spending habits and challenge the way of business.

A major issue for jurists at the present time is how to deal with the rapid development of the Internet site. The prospect of ‘Information superhighway’ telecommunications systems that permit the rapid, indeed virtually instantaneous transmission around the world of all media print, pictures still and moving, sound, and combinations. In short we may say, development and conservation of the new information environment are a discussion point of big issue.

2. What sort of criminal exploitation of commerce do we expect over the Internet?

Information is now the greatest source of wealth. Knowledge, of itself is power. But, ready access to information is not always beneficial. Electronic commerce gave surprises even for experts. Misusage of power hinders human development. Misuse of the on line (Internet) is known as a cyber crime.

Computer technology impacts on criminal exploitation of commerce in two ways. It facilitates the commission of existing crimes such as fraud and theft. It has also given birth to a new range of activities such as computer hacking and the development and distribution of computer viruses. The (UK) Computer Misuse Act 1990 created a new offence of unauthorised access to computer programs or data (Hacking). This have been categorised as committed either inadvertently or fraudulently.

Criminal activity over the Internet has given rise to a some new vocabulary, for Example: “computer hacking”, “time-bombs”, “logic-bombs” and “computer viruses”. Massive computer frauds, wide spread hacking and great disorder disruptions to computer systems caused by viruses are in practice. Determining the true scale of crime is an impossible task. Plenty of crime goes unreported for it has been rumoured. For instance, some financial institutions have been victims of computer crime but they fear that publicity will damage their reputation. Criminal exploitation of commerce over the Internet has been and remains a very serious issue.

It is not always easy or possible for legislation to be drafted in a sufficiently flexible form to adapt to the pace of technological change. Ready identification of the Internet has been stabilized in paradigm. Neither the Act nor the directive essays has an authentic definition of the word ‘Computer’.[7] According to Andrew Terrett the Internet[8] is: “ ‘The Internet is a huge electronic resource’; ’The Internet is a network of computers that allows people to communicate with other people from all over the world’; ‘ It’s is a hacker’s paradise and a computer security nightmare’; ‘It’s the future of commerce’; ‘ It’s a jargon-ridden techno-jungle.”

Lilian Edwards and Chavrlotte Waelde compare cyberlaw with the law of the high-seas, “which are not subject to the territorial laws of any one country, but are subject to the international law of the sea as laid down international treaties and custom. The problem with such and analogy, however, is that while international law is now a mature legal regime in which the sources of law are well defined[9] and recognised by almost all states, any ‘International law of cyberspace’ has yet to emerge and in particular, there is no body or court which has the authority to create or interpret law of the Internet. Although the conception of the Internet as law free is often informed by little more than wishful ignorance or anti- authoritarian feelings, it does however have some core pragmatic reality, given the difficulties of enforcement of national law in relation to cyberspace activities.”[10]

Electronic commerce raises many regulatory issues. Governments will have to ensure that the information superhighway is not misused for crime, for money‑laundering or for undermining national security. Mrs. Justice Arden considers the new challenges for Contract[11], tort and Criminal Law by electronic commerce but she suggests, it should not major change in our law:

> “The introduction of electronic commerce should not lead to major changes in our law. I consider that the introduction of electronic commerce should not turn the law upside down for two reasons:

> · the principles of our civil law have been winnowed out over many centuries. We should not throw them over just because there is a new medium of communication.

> · Freedom of choice as respects the medium of communication will remain. It is therefore desirable to have the same law for on-line activities as for off-line activities as far as possible”[12]

> The Internet is a social, cultural, commercial, educational and entertainment global communications system. The genuine purpose of Internet is to facilitate on-line users to positive change of the society. Common theories of fundamental rights “right to expression” in opposition to “right to privacy” through the world are become in discussion to choose correct balance over the Internet. On-line users themselves are playing an important role to choose legitimacy of their new activities such as electronic frontair foundation.[13]

Human learns new ideas from competition to survive. During the cold war period to transcend the USSR, Internet can be traced to a US defense related academic research initiative in the late 1960’s leading to the development of the ARPA net (Advanced Research Projects Agency Network). After the early 1990's the ‘World Wide Web’ became use of potential commerce activities. There are still many legal standards to be decided before the Internet evolves into the information superhighway. Developing countries are also following in the information superhighway.

Until 1990, electronic media related cases in the courtroom were rarely noticed. Nowadays, different types of activities over the Internet that we currently recognize as crimes are also in courtroom, such as MP3 Vs. RIAA[14]. In the case, new technologies over the Internet are in debate that MP3 music via the Internet are crime or fair competition of commerce. A number of the Internet related offences are considered in electronic commerce. We have already traditional definitions of the ingredients of the crime. We should analyze this conduct in the usual way. The main found criminal exploitation over the Internet are:

> ? Hacking [Unauthorized access to computer material and unauthorised modification of computer programs or data (Computer viruses, Blackmail)]

? Piracy offences (Theft)

? Computer fraud over the Internet

? Child pornography

a) Hacking

> Intrusion in computer data called “Hacking”. It is a common expression over the Internet world and can be applied in many contexts. Accessing of a computer system without the express or permission of the owner of that computer system is “hacking”. A person who engages in this activity is known as a computer hacker. At the beginning, the hacker’s work known as an intellectual challenge and it became information warfare. Hacker challenges the security systems over the Internet. The Internet is not full secure from hackers hitherto. Some software technologies are developing to secure the Internet. Some activities of Hackers thrill the world. “Bevan and Pryce (a schoolboy) revealed that “oversold threats” regarding the implications of breaches of security into major United States defense computers won funding from congress.[15] Bevan, for example, was accused by United States military sources as being ‘a greater threat to world peace than Adolf Hitler’ [16]. The truth was subsequently found to be much less dramatic. However, the new funding led to the development of new military and intelligence ‘info war’ units, which have subsequently sold their security services to private corporations.”[17] Combats between the software formula for security and transcended ideas to intrusion has been developed the Internet, and is carry on.

>

David Bainbridge describes a ‘hacker’ as: “…a person who gains access to a computer system without permission, usually by guessing or surreptitiously discovering which passwords will allow him access. A hacker may simply inspect the contents of the system he/ she has ‘broken into’ or may go on to alter or erase information stored in the system. ‘Computer hacker’ used to mean a person who was very enthusiastic about computers and who would spend most of his waking hours at a computer terminal.”[18]

Nowadays, leaflet practice has been extended with hypertext. The principle protection of the electronic word is analogous to protection of the printed word[19]. We may predict that after a few years ‘letter press’ would be a historical story. Hypertext practice has been started. Readers are not going to libraries. Writers are writing web page on remote room and readers are clicking hypertext on another corner of a remote room. Goods producers maintain their price list on web page. A world has been established in virtual community.

In a recent survey of the US corporations and government agencies by the FBI’s Computer Intrusion Squad and the Computer Security Institute, 30 percent of respondents admitted that outsiders had penetrated their systems in 1998, while 55 percent reported unauthorized access by insiders.[20]

> ? Unauthorised access to computer material - A hacker may gain access remotely, using a computer in his own home or office connected to a telecommunication network. Once the hacker has penetrated a computer system he/ she might do one of several different things. He/ she might read or copy information, which may be highly confidential, he/ she might erase or modify information or programs stored in the computer system, or download programs data. He/ she might simply add something, such as a message boasting of his feat. Hacking violets others fundamental rights as “right to privacy” and hackers may do crime after hacking. Prevention is better than cure, so the unauthorised access to computer material must be controlled. He/ she might be tempted to steal money or direct the computer to have goods sent to him. Computer hacking itself was not a criminal activity in the UK before the Computer Misuse Act 1990.

Common definition of ‘Hacking’ has not been defined. Many jurists such as D.S. Wall[21] define it as a work after trespass and others such as David Bainbridge[22], defines as an intrusion with or without any activities.

Section 1 of the Computer Misuse Act 1990[23] is aimed directly at hackers who gain access to computer programs or data without any further intention to carry out any other act. It says that a person is guilty of an offence if:

? He causes a computer to perform any function with intent to secure access to any program or data held in any computer;

? The access he/ she intends to secure is unauthorised; and

? He knows at the time when he/ she causes the computer to perform the function that that is the case.

> (ii) unauthorised modification of computer programs or data over the Internet - Unauthorised modifications of computer programs or data are restricted by the Computer Misuse Act 1990[24]. After the general use of the Internet, this became a familiar problem. 'Modification' is extensively defined in section 17(7), 17(8) the interpretation section, as the alteration or erasure of any program or data or the addition of any program or data to the contents or computer.

Iii) Computer viruses over the Internet - A computer virus is a self-reproducing program, which spreads throughout a computer system and changes ordinary programs. New viruses over the Internet found every month and software companies are engage to prevent harm.[25] Virus stories are exaggerating. Most fall prey to what some virus experts call "False Authority Syndrome," and it contributes significantly to the spread of fear & myths about computer viruses.[26]

R v Pile (1995) May, was the first time that a person had appeared in court as a result of intentionally introducing computer viruses to a system and the court had no problems in finding a breach of S.3.[27]

> iv) Blackmail - Blackmail is a serious offence. Basically, a person is guilty of blackmail if, with a view to gain for himself or another or with Internet to cause loss to another, he/ she makes any unwarranted demand with menaces. A person would be guilty of blackmail who inserted a 'time-bomb' into a computer system and demanded money in return for details of how to disable the time-bomb. If the demand is made, the offence has been committed. The offence of blackmail will also have been committed even if the computer owner is not worried about the threat because he/ she has a complete, up-to-date set of back-up copies of everything. Blackmail may be associated with a virus.

A university lecturer carried out some consultancy work but when he was paid the client deducted part to pay for the telephone bill the lecture had incurred. The lecturer retaliated by placing a virus in the client’s computer with a massage to the effect that he was owed money and that files were being modified and that he sooner the matter was settled, the less damage would be done. He was convicted of attempted blackmail and fined £500.[28]



> b) Piracy Offences (Theft)

The offence of theft is defined by section 1 of the Theft Act 1968[29] as a dishonest appropriation of property belonging to another with the intention to permanently deprive the other of it. Jurists argue that, owner does not deprive permanently by the piracy offences in the Internet. So the special Act for intellectual property “ Copyright, Design and patents Act 1988” encompasses the piracy offences over the Internet. If the information concerned is copied onto paper belonging to someone else, [30] such as an employer, there will be an offence of theft committed with respect to the paper. Likewise, if a person copies information from the Internet into a disk which belongs to someone else and takes the disk, this would be theft of the disk if the other elements of theft are present such as the intention to permanently deprive the owner of the disk. For example, if a person copied the software into disk belonging to someone else and distributes to download via the Internet he/she may deprive owner permanently.

About software theft, the question arises, 'is software goods?' In the Oxford v: Moss case the Divisional court held that confidential information was not 'property' within the meaning of S.4 of the theft Act 1968.[31]

In the St Albans city and district council v: International computers Ltd [32] case the question was the alteration and deletion of computer data by a 'hacker' could constitute criminal damage within S 1(1) of the criminal Damage Act 1971. In this case Sir Iain Glidewell stated that software could constitute goods. It concerned software used to administer the community charge (poll tax) and has far-reaching implications for software developers who should look carefully at their standard term contracts and level of insurance cover. In the same case [1995] Scottbaker J had stated that, by itself hardware could do nothing, the really important part of the system is the software.

The Copyright, Designs and Patents Act 1988 has been used gradually more to prosecute computer software pirates. Magistrates and judges are at last taking this form of crime seriously, using custodial sentences in some cases. For example, an Oxford computer dealer was imprisoned for six months and fined £5,000 for making unauthorized copies of a popular word processing package with the intention of selling them.[33]

In the America, felony sanctions for copyright infringement were first authorised in 1982, and extended to include computer software. A five-year sentence and fine, which provides for a fine of up to $250,000- for an organisation found guilty of an offence, and for a second or subsequent copyright offence, a ten year prison term is authorised.[34]

Copyright infringement is restricts by law. Infringe copyright in relation to a substantial part of the work, without the permission of the copyright owner is felony. There are certain exceptions to infringement. Some form of knowledge is required to punish infringer, that is, that the person involved know or had reason to believe that he/ she was dealing with infringing copies.

A number of offences may be carried out using Internet. The most appropriate offence to charge is theft. Theft is not normally considered to fall within the 'fraud' group of offences. There is an overlap between theft and fraud. This issue depends on the circumstances. If someone theft money from others account by the means of the Internet is the crime of theft. In the same case he/she misleads the bank and commits the fraud by dishonestly obtain other’s proprerty. In practice, real victim (Account holder) does not proceed to the perpetrator due to the fair of police investigation and court’s long process and he/she claim to bank. Where the two ways are available to claim to choose any one is the right of victim.

? Fraud over the Internet – Dishonestly obtaining on other’s property is fraud. Fraud over the Internet is carried out with the aid of a computer. The United Kingdom’s Audit Commission has defined computer-related fraud, as “any fraudulent behavior connected with computerisation by which someone intends to gain financial advantage.” But, mainly computer frauds involve the use of a computer simply because of the automated nature of banking and commerce.

David Bainbridge defines the phrase " computer fraud" as: "…stealing money or property by means of a computer; that is using a computer to obtain dishonestly, property (including money and cheques) or credit or services or to evade dishonestly some debt or liability. It might involve dishonestly giving an instruction to a computer to transfer funds into a bank account or using a forged bank card to obtain money from a case dispenser (automated teller machine)."[35]

At first sight, obtaining property by deception seems to be most appropriate offence to apply to computer fraud as the culprit usually means to obtain someone else's money or other property by a deception or trick - for example, by pretending to have authority to carry out some transaction using the Internet such as transferring money. The Internet has been used for fraudulent purposes since its application began to spread into the commercial and industrial sectors in the 1990s. The banking sector was an early user of Internet technology.

The Internet greatly facilitates the commission of fraud, which massive frauds are not reported by usually large financial institutions and other victims due to fear of adverse publicity. All the major financial institutions throughout the world use computers and the Internet to carry out their business, and a huge amount of money is transfer by computer. This form of crime causes great anxiety in the commercial world and is considered by the authorities to be very serious. The maximum penalties in the England available are quite heavy and fraud over the Internet can be dealt with by prison sentences of up to ten years. Frauds over the Internet activities of hacker cause losses and damage to the computer data.

> C) Types of computer fraud:

The Audit commission has identified three stages of computer fraud, input, out-put and program fraud. David Bainbridge described[36] as computer fraud to be of two main types: data frauds and programming frauds. Bainbridge describes, in the first type, unauthorised data is entered into a computer or data that should be entered is altered or suppressed. He explains, the main distinguishing factor in this type of fraud is that it is computer data, either input or output data, which is tampered with. Data fraud is probably the most common type of computer fraud (it is the most easily detected) and is relatively easy to carry out. In referring to the Law Commission, David Bainbridge[37] considered four types of computer fraud: entry of unauthorised instruction (input fraud), alteration of input data (data fraud), suppression of data (output fraud), and program fraud.

i) Entry of unauthorised instruction (input fraud) - Input fraud involves the falsification of previous data, or at the moment of its entry into a computer. This is the unauthorised alteration of data prior to it being input into a computer.

> Ii) Alteration of input data (data fraud) - Data fraud, as defined by the Audit commission, differs from input fraud in that with data fraud it is the person entering the data into the computer that makes changes to the data. This form of fraud is also fairly common, easily carried out but will be detected if appropriate checking procedures and auditing are adopted.

> Iii) Suppression of data (output fraud) - Inserting new data may change preinstalled data. Sometime, inserting new data once that may result out put wrong regularly.

> Iv) Program fraud - Computer programmers, analysts and others involved in the commissioning know the security and password system used. Because of their knowledge of the computer systems, computer staff also susceptible to involvement in fraud.

> D) Child pornography The distinction between ‘soft pornography’ and ‘hard pornography’ is still in debate. Definition of hard pornography depends upon wide range of moral, political and policing agendas that in various kind of proper society. The main debate about child pornography over the Internet is consists of pseudo-photographs.

In the America Child pornography is defined as: "any visual depiction of sexually explicit conduct involving children" by 18 USC 2252 (a) (2) (A).[38]

In the England, child pornography is crime. The English court held the verdict about indecent photograph’s data of children over the Internet, in the case R v: Fellows and Arnold[39]. The court of Appeal dismissed an appeal against convictions for possession indecent photographs of a child. Defendant had having an absence article for publication and for distributing indecent photographs, the material in question being available over a computer network. The defendants had contended that such computer data did not constitute a photograph for the purpose of S. 1of the 1978 Act. Evans LJ decided that, "Although the computer disk was not a photograph it was a copy of an indecent photograph. The disk contained data not visible to the eye, which could be converted by appropriate technical means into a print, which exactly reproduced the original photograph from which it was derived. It was a form of copy which made the original photograph, or a copy of it, available for viewing by a person with access to the disk."

3. What laws exist to prevent abuse? So many laws are available to discourage Internet perpetrators in each territorial jurisdiction. Some sort of existing laws, which describe conventional crimes and regulations are already on practice to govern e-commerce. Some sort of laws enacted and a number of amended after the general practice of computer. Global practice of Internet is attempting global criminal impacts. No International entrenched sanction power exists to govern this.

Existing laws include:-

? Some International conventions and multilateral or bilateral treaties, which are identified as an international law governs some global Internet regulations. For example: extradition treaties also help to prosecute, treaties related to telecommunication etc

? Some existing laws governs the internet to which Internet facilitates the commission of existing crimes such as fraud, theft, copyright infringement etc. related Acts.

? Some sort of laws are enacted new all over the world after the practice of computer and a number of existing laws amended or changed to govern high-equipped society.

> ? In the Nepal During 1997, Computer first entered in Nepal, the application of personal computers (PCs) and their commercialization started in the country only in the '80s. The government-owned National Computer Center (NCC), which was dissolved unceremoniously in 1998, started its computerization in some key areas with mainframe computer some three decades ago. But it was only in the nineties that professionalism in the computer sector evolved.[40]

The Internet began in 1995 when Mercantile Communications began providing Internet service. Worldlink Communication followed suit. Now a year after the government made rules making it compulsory for the Internet Service Providers (ISPs) to receive license, the number of ISPs has risen to eleven.[41]

No, special Act related to Internet has been enacted in Nepal hitherto. No, major dispute about the Internet has come to court. Some sort of existing laws are available to prevent, commission of existing crime facilitated by Internet. Licenses are providing for ISPs in accordance with Telecommunication Act 2053 (1997) and penalty for perpetraters is 2500 Rs, who abuse, threat or nuisances by the means of telecommunication.[42] It was only three ISP's were already functioning that the government announced ISP regulations in October, 1997.[43]

> Hacking

Potential computer skill and curiosities of teenagers may produce this problem as a harmful. Hacking from other countries must be check. No any major harm has been found but it is not so far away.

> Piracy

Conventional laws[44] to protect intellectual property rights are not so advanced in Nepal. Academic and commercial sectors seeking contemporary law to invest. Plenty of pirated softwares are available in Nepal that not reported and most of them are product of out of territory. Nepal is obligate to follow international treaties and convention, so improvement of intellectual property laws are essential to protect from piracy activities.

Fraud

Internet and computer facilitate in traditional fraud activities. Existing laws are available to check out this crime in Nepal. 'Muluki Ain' [45] part 4, chapter 1 define fraud. It includes all types of fraud. The obtaining of property by deception seems to be most appropriate to computer fraud as the culprit usually means to obtain someone else's money or other property by a deception or trick.

> Pornography

According to Bhup Raj Pandey, Chief of Nepal Telecommunications Authority (NTA), there are about eight to nine thousand Internet users in Kathmandu and their number is growing steadily. "Herds of pornographic sites are available in Internet and many people use the Internet merely to watch them," says Kumud Bhattarai, an electronics engineer associated with Pilgrims Asia, a software development company, in Kathmandu.[46] Non of legislation is available in the Nepal to control pornography over the Internet.

Existing legislations to govern the Internet in the Nepal:

The Copyright Act 2022(1965)[47] [Intellectual Property Rights law] is amended on 2054B.S.[48] (1998) and the term " Computer Software” includes on section 2(6)[49]. This amendment includes 'Computer Software' in the meaning of imitation. After this amendment sanction for copyright infringement is authorised, a six-month sentence and fine, which provides for fine minimum, 5000 Rs to maximum 100,000 Rs for a person found guilty of an offence. For a second or subsequent copyright offence, a one-year prison term and fine, which provides for a fine of minimum 10,000 Rs to 200,000 Rs for a person found guilty of an offence.

Section 2(gha) & (la) of already existing Act 'Nepal law Interpretation Act 2010(1953)'[50] includes hypertext as the meaning of writing and copy. S.2 (gha) defines "writing" as: Any subject would be accepted as writing, if written on any goods with any number or any sign by the means of any one of them or more, shows or describes the subject for the purpose of reading and writing or for the intention of readable use.

S.2 (la) defines 'copy' as: This word has to understand, for any kinds of written or visual by litho, photography and any other means.

Section 2(gha) of Few Public (Crime and Penalty) Act 2027 (1970)[51] restricts any person to any nuisance disturbance on post, communication, electricity and other similar regular public services. Sanction for perpetrator is authorised, a two year's sentence and fine, which provides for fine of up to 10,000 Rs for a person found guilty of an offence[52].

Recently one cyberspace related law enactment comity has been formulated, and this comity is doing homework.

4. How effective are the laws?

On the one hand technological invention, production, and application have generally accompanied the acquisition and maintenance of power, and therefore, have often facilitated human rights abuses. On the other hand, technology has often been the vehicle of more progressive, even revolutionary change.

The implementation of Internet related laws to control existing abuses, which are facilitate by Internet are not weak, if there are no jurisdictional disputes. Some sort of problems seems to implements of existing laws in new type of crimes born over the Internet community.

On the practice of Internet there is no territorial fence. Common and all other legal systems has adopted jurisdictional legal fence. The main problem to effective implement of law in Internet practice is Jurisdictional practice. It emerged few questions for entrenched definition of law. Different legal systems, such as accusatorial and adversary in different countries is also a difficult to effective equal apply of law in global Internet.

Recent Blogs