Hacking Laws in India
According to section 66 of the IT
Act
(1)Whoever
with the intent to cause or knowing that he is likely to cause wrongful loss or damage
to the public or any person destroys or deletes or alters any information
residing in a computer resource or diminishes its value or utility or affects
it injuriously by
any means, commits hacking.
Knowledge of the likelihood of wrongful loss or damage
AND
2. Destruction or deletion or
alteration of information in a computer
ordiminishing value or utility of a computer resource
or
injuriously affecting a computer resource
Let us discuss the relevant terms
and issues in detail.
Loss signifies
detriment or disadvantage. Loss can be temporary or permanent.
Loss can relate to something that the loser has currently or is likely to get
in the future. This term is best understood through the following
illustrations.
Noodle has suffered a loss of
future revenue that it could have earned from these customers. It has also
suffered a loss of goodwill and reputation.
Wrongful loss is the loss by
unlawful means.
Illustration 1
Sanya has launched an innovative
email service. Sameer gains unauthorised access to her source code, makes
modifications to it and launches a rival email service causing loss to Sanya. This
is wrongful loss as it is caused by unlawful means (unlawful access to the
source code in this
case).
Illustration 2
Sanya has launched an innovative
email service. Sameer hires excellent programmers and develops and launches a better
email service. This causes loss to Sanya. This is NOT wrongful loss as
it is not caused by unlawful means.
Damage for the
purposes of this section implies injury or deterioration caused by an unlawful
act.
Illustration 1
Sameer picks up Sanya’s laptop
with the intention of stealing it. He then accidentally
drops it on the floor, thereby destroying
it. Sameer has caused damage.
Illustration 2
Sanya has left her laptop on a
table. Someone drops water on the table and the water is about to touch the
laptop. With the intention of saving the laptop from the water, Sameer picks it
up from the table. He then accidentally drops it on the floor, thereby
destroying it. Sameer has not caused damage as per this
section.
Illustration 1
Sameer, a thief, picks up Sanya’s
laptop in order to steal it. The intent with which Sameer has picked up the laptop
is to commit theft.
Illustration 2
Sanya has left her laptop on a
table. Someone drops water on the table and the water is about to touch the
laptop. In order to save the laptop from the water, Sameer picks it up from the
table. The intent with which Sameer has picked up the laptop is to protect it
from damage.
To cause means to make
something happen. Cause can be direct or indirect.
Illustration 1
Sameer pressed the “delete”
button on the keyboard causing the data to be deleted. Sameer’s act of pressing
the delete button is the direct cause of the data being deleted.
Illustration 2
Sameer accidentally sends a
computer virus to Pooja by email. Pooja unwittingly downloads the virus. The
virus spreads on her computer and overwrites a lot of data. Sameer’s email was
the indirect cause of the data loss.
The computer virus was the direct
cause of the data loss. Knowingly doing something implies
consciously or wilfully doing something.
Illustration 1
Sameer downloaded software that
enabled him to remotely shut down computers on the network. He felt that the
software would be very useful and thus he installed it on many computers in his
office. He did not know that the software was in effect a Trojan that would
compromise the security of his company. Here Sameer has not installed the
Trojan knowingly.
Illustration 2
Sameer was very disgruntled with
the fact that he was not promoted in his company. Out of anger he installed a
Trojan on many computers in his office. Here Sameer has knowingly installed the
Trojan.
Likely to
cause means probable to cause. The term likely is usually used to mean “in all
probability”. This term has to be interpreted in light of the circumstances of
each case.
Illustration 1
Sameer is working on a Windows computer.
He downloads a virus that is known to damage Windows machines. The virus is likely
to cause damage to his computer.
Illustration 2
Sameer is working on a Linux
computer. He downloads a virus that is known to damage Windows machines. The
virus is not likely to cause damage to his computer.
Illustration 1
Sameer installs a keylogger on a
cyber café computer. The keylogger would steal passwords of all the users of
the cyber café computers. His act is such that it affects the public.
Sameer launches a denial of
service attack on the website of the Railways. This brings down the website and
causes hardships to railway passengers looking to make online reservations or enquiries
using the said website. His act is such that it affects the public.
Person includes
natural persons (such as men, women and children) as well as artificial persons
(such as companies, societies etc).
Information includes data,
text, images, sound, voice, codes, computer programmes, software and data bases
or micro film or computer generated micro fiche. Data is a formalised
representation of information, knowledge, facts, concepts or instructions. Data
undergoes processing by a computer. Data can be in electronic form (e.g. stored
in a CD) or physical form (e.g. computer printouts). Examples of data include computerized
attendance records of a school, information in the RAM of a computer, printouts
of a computerised accounting system etc.
Microfilms are processed
sheets of plastic (similar to the commonly used photograph rolls) that carry
images of documents. These images are usually about 25 times reduced from the
original. The images cannot be viewed by the naked eye and special readers are
used to project the images on a screen. They are most commonly used in
libraries for transmission, storage, reading and printing of books.
Microfiche is a type of
microfilm containing several micro images.
Illustration
The following are information:
a. A photo of Priyanka Chopra
stored on a DVD
b. A Shakira song stored on a CD
c. The ebook version of this book
d. A recording of a phone
conversation
Computer
resource includes computer, computer system, computer network, data, computer
data base or software.
Information residing
in a computer resource must be construed in a wide manner. It includes
information that exists or is present in a computer resource temporarily or
permanently. This is best discussed through the following illustrations.
Illustration 1
A personal computer has a BIOS
chip that contains basic instructions needed to boot up a computer. These
instructions are in the form of “information permanently
residing” on the BIOS (which is a
computer resource).
Illustration 2
Pooja is browsing a website.
While she is viewing the website on her monitor, the information is cached in
her computer in a folder specially reserved for temporary files. Some of that information
is also stored in the RAM of her computer. When the computer is shutdown, the
information in the RAM is lost. These are examples of information that is “temporarily
residing” in a computer resource.
Illustration 3
Other illustrations of
information residing in a computer resource are:
a. Music files stored in an iPod
b. Software installed on a computer
c. Ebook stored on a CD
d. Software installed in a cell
phone
e. Software embedded in a
microwave oven
Destroys means “to make
useless”, “cause to cease to exist”, “nullify”, “to demolish”, or “reduce to
nothing”.
Destroying
information also includes acts that render the information useless for the purpose
for which it had been created.
Illustration 1
Noodle Ltd has created a vast
database of customer details and buying habits.The Noodle managers can query this database using a sophisticated “query management system”. Sameer has developed this unique and path breaking “query management system”
entirely on his own. One day
Sameer quits his job and takes the entire code of the
“query management system” with
him. Now the information in the database is still
intact but it is no longer usable
for the purpose of predicting customer orders.
Sameer has, in effect, also
destroyed the information contained in the database.
Deletes in relation to
electronic information means “to remove”, “to erase”, “to make invisible” etc.
Such deletion can be temporary or permanent.
Illustration 1
Pooja has created a text file
containing her resume. Sameer deletes the file from her computer. On deletion,
the file gets automatically transferred to the “recycle bin” of Pooja’s
computer. Here Sameer has temporarily deleted the file. Sameer empties
the “recycle bin” of Pooja’s computer. The file is still only temporarily deleted
as it can be recovered using cyber forensics. Sameer then uses
specialised wiping software so that the file cannot be recovered using forensics. Now he
has permanently deleted the file.
Illustration 2
Pooja is a novice computer user.
She has created a text file containing her resume. Sameer changes the
properties of the file and makes it a “hidden” file. Although the file still
exists on Pooja’s computer, she can no longer see it. Sameer has deleted the file.
Alters, in relation
to electronic information, means “modifies”, “changes”, “makes different” etc.
This modification or change could be in respect to size, properties, format,
value, utility etc”.
Alteration can be permanent or
temporary. It can also be reversible or irreversible.
Illustration 1
Pooja has created a webpage for
her client. A webpage is essentially an HTML (Hyper Text Markup Language) file.
Sameer changes the file from HTML to text format. He has altered the file. This
is a reversible alteration.Illustration 2
Pooja has created a text file. Sameer changes the properties of the file and makes it a “hidden” file. The file retains its original content but it has been altered as its attributes have changed (it is now a hidden file). This is a reversible alteration.
Illustration 3
Pooja has created a text file named “pooja.txt”. Sameer changes the name of this file to “pooja1.txt”. Although the file retains its original content, it has been altered. This is a reversible alteration.
Illustration 4
Pooja is a graphics designer. She
creates very high resolution images for her clients. A high resolution image
can be magnified several times and still look clear. Sameer is one of her employees.
He changes some of the high resolution images into low resolution images. Although
the low resolution images look the same as the high resolution ones, they cannot
be magnified. The value and utility of the images has been reduced.
This is an
example of permanent and irreversible alteration. Value implies
monetary worth.
Illustration
Pooja is a graphics designer. She
buys a sophisticated computer for Rs 2 lakh. The value of the computer is Rs 2
lakh. She purchases one license of specialized graphics software for Rs 50,000
and installs the software on her computer. The value of the computer is now Rs
2.5 lakh.
She then hires a specialist to
configure her computer for optimal performance. The specialist charges her Rs
10,000 for his services. The value of the computer is now Rs 2.6 lakh.
Illustration 1
The utility of a high resolution image lies in its ability to be magnified several times. This enables the image to be used for various purposes such as on a website, in a printed catalogue, on a large hoarding etc.
Illustration 2
The utility of anti-virus
software is its ability to detect computer viruses and other malicious code.
Illustration 3
The utility of a sophisticated
computer is its ability to render high resolution graphics files in a very
short time.
Diminish means “reduce”
or “lessen”,
Illustration
A computer worm replicates itself
and thereby hogs up system resources such as hard disk space, bandwidth etc.
This can diminish the performance and speed of the computer network.
Diminishes
value means “reduces the monetary worth”.
Illustration
Pooja is a graphics designer. She
creates very high resolution images for her clients. A high resolution image
can be magnified several times and still look clear. She can sell each image
for around Rs 5000. Sameer is one of her employees. He changes some of the high
resolution images into low resolution
images. Although the low resolution images look the same as the high resolution
ones, they cannot be magnified. Now she cannot sell an image for more than Rs
400. Sameer has thus diminished the value of the images.
Illustration
Pooja has purchased a very
sophisticated computer that has 2 GB RAM. This enables the omputer to render a
large image file in 3 seconds. Sameer steals 1 GB RAM from the computer. Now
the computer takes more than 5 seconds to render the image file. Sameer’s act
of stealing the RAM has diminished the utility of Pooja’s computer.
Illustration
A computer virus changes the data
stored in a computer. The virus affects the data.
Injurious means
“harmful”, “hurtful”, or “detrimental”.
Illustration
A computer virus is injurious to
the data stored in a computer.
Affects
injuriously means produces a “harmful or detrimental change”.
Illustration 1
Placing a powerful magnet close
to a floppy disk causes permanent and irreversible damage to the disk. We can say
that the magnet affects the disk injuriously. Dropping a laptop on the floor can affect it injuriously.
Illustration 3
Dropping water on a laptop can
affect it injuriously.
As we can see, the term hacking
has been given a very wide definition under the Indian law. To better
understand the scope of “hacking” under the Indian law let us consider some
illustrations of acts that would be covered by “hacking”.
Illustration 1
A disgruntled employee of a small
Indian bank placed a powerful magnet near the banks’ main server. Over a few
weeks, the bank lost vital data relating to its customer’s accounts.Illustration 2
Mahesh Mhatre and Anand Khare (alias Dr Neukar) were arrested in 2002 for allegedly
defacing the website of the
Mumbai Cyber Crime Cell. They had allegedly used password cracking software to
crack the FTP password for the police website. They then replaced the homepage
of the website with pornographic content.
The punishment provided
for hacking is imprisonment up to 3 years and / or fine up to Rs 2 lakh.
No comments:
Post a Comment