Introduction ‘Cyber Law’ is the commonly used notation for information technology law. In its true sense it is a collection of different provisions of conventional categories of law when the same is addressing legal issues emanating from this branch of technological advancement. This nascent branch of law is gaining more and more importance owing to the widening usage of information technology and resultant increase of legal issues. Retrospection about the subject brings to front certain interesting particulars. In a fiction titled “Neuromancer” the author William Gibson had elaborated a scenario. The telephonic conversation between two persons was the factual premise. Here the two persons are meeting through their conversation. Where do they meet? Is it on first person’s place or the second one’s? The author was of the opinion that it was not both, but on an imaginary space and preferred to call this meeting place “cyber space” referring to a space that was never existing in real. This terminology on later stage was used for addressing the unreal space created by information network. Without hesitation the law that addressed this subject matter also came to be referred with the same.
As mentioned earlier information technology law is an assortment of provisions of conventional law subjects that is having certain connection with information technology. Law of contracts, criminal law, taxation laws, law of evidence, law of torts, constitutional law etcetera are the chief conventional law subjects which are forming part of it. Relevant provisions of all these branches are bundled together to be called as 'cyber law' when issues in information technology are addressed. Even though history has witnessed inspection, growth and out dating of technologies never there has been a branch of law for a specific technology. Law of admiralty is an exception, however a study of law of admiralty shows certain time-tested reasons for it existence. Many branches of technology were instrumental in creating specific legislation. However those legislations were always part of conventional law subjects and not vice versa. Similarly there might have been collection and study of homogenous legislation, but never it resulted in creation of a branch of law.
The Need for a Separate Branch of Law
It is worthwhile to have an examination with respect to the need for a specific branch to address this limb of technology. Literature have been widely published speaking for and against the need of a specific branch of law. Nevertheless inconsiderate to the reasons not favouring, the branch is progressing geometrically.
Conceptually observing one can find peculiarity in information technology. Systems created or employed by man was either processing matter or energy; a lathe is an example for former whereas a transformer is an example for latter. However computing machine is processing information, hitherto a task distinctive to man or even to some extent an animal. Thus there is exclusivity to a computing system.
An element of technical competence or rather computer literacy is required for dealing issues with respect to information technology. Thus in order to cater to such a technically literate group it was a better option to club the relevant portions of conventional laws into a collection rather than teaching the interested pupils different law subjects.
Corporate interest of powerful information technology industry for moulding “cyber law professionals” can also be cited as another compelling reason.
The matchless vertical and horizontal expansion of information technology furthered by its pervasive omnipresence leaves no fields untouched and thus unlike other technologies this technological advancement is making its presence felt in all fields. Thus there can be a high desirability for a separate dwelling into the legal issues of the branch.
Taken any branch of law, the same will be resting on strong jurisprudential basis and should be governed by general principles. The credibility of information technology law is questionable on this point. As mentioned earlier it is an assortment of portions of conventional law subjects and is thus lacking its own jurisprudential basis.
At this juncture reference to certain other facets carries importance. The usual classification of laws are: -
Public and Private - Laws that are mainly on the public domain belongs to the former and others to the latter.
Substantive and Procedural - Laws that define or lays down legal position and laws that details the procedure of legal recourse.
Civil and Criminal – A legal proceeding can be of civil or criminal nature.
However with respect to 'cyber law' the classification cited above is difficult to exist.
Another important thing is that, a legal system relies on certain concepts. The same can be enumerated thus: -
Existence of sovereign – One who creates law.
Territoriality – The geographical area in which a law is valid.
Concept of property – An abstract concept, it pre-supposes a ‘thing’ and an owner for such a ‘thing’.
Relationships of real nature – Law in every discussion is relying on relationships between two entities and all times it is real in nature.
Paper based transactions – Take any branch of law paper based transactions are always referred to.
As far as information technology is concerned the above listed concepts are inexistent on many circumstances. Even if one is identifying the above concepts the extracting of the required legal attributes is difficult to achieve.
Anyhow the continuous growth of the information technology law is not retarded by the arguments against it; the graph of growth is on an uphill.
Legal Issues Covered by 'Cyber Law'
Almost all branches of law are one way or other affected by the growth of information technology. Taken any branch there is presence of issues relating to or arising out of information technology. Nevertheless a pattern shown by law schools shows much importance in the topic is given to contractual issues, problems of tortuous nature, cyber crimes, evidential matters, jurisdictional questions, constitutional concerns and taxation issues. It is interesting to note that another branch of law that ought to have been part of 'cyber law' is still taught separately. This is intellectual property rights wherein relevant issues, with respect to software and to some extent hardware, is part of that particular branch and not part of 'cyber law'. This may be due to the reason that intellectual property rights issues were present from an earlier time. Whereas the inception of 'cyber law' as a separate branch dawned some time in the last decade of the last century. Thus intellectual property rights issues continued to be taken care by that relevant branch of law. All other legal issues associated with information technology are part of 'cyber law'. However in certain courses intellectual property rights are taught together with 'cyber law', nevertheless the general trend is the other way. Literature on the subject is also showing the same pattern.
In addition to the conventional law portions certain unique issues of information technology era are also taken care by this nascent branch. However when one is examining the true nature of the so-called unique issues of information technology, it can be observed that conceptually the real world counter part of the same was already present.
The Scope of the Subject
The growth of information technology is unparalleled in history. The property of convergence makes sure that the ubiquitous machine is leaving nothing. In short, all activities of the Humankind are having or are aided by information technology. As stated earlier 'cyber law' is an assortment of provisions of various branches that are having some element of issues of information technology. When all of the activities of human kind are having a touch of information technology, as the time goes on there would not be any human activity without a pinch of information technology. Thus all branches of law will have issues with respect to information technology. Conversely 'cyber law' will be part and parcel of all other branches. For example some authors are already holding the view that there will not be any crimes in future but only 'cyber' crimes. Similarly, nowadays there is reference about 'cyber' ethics referring to ethics to be maintained by workers of information technology. However in future when all are using information technology the general ethics itself will be 'cyber' ethics. Thus even the concept of ethics will be giving way to 'cyber' ethics.
Certain phenomena are omnipresent in everything and the societal system as a whole in all its activities presupposes its existence. Writing and reading; and the knowledge of it referred as literacy is part and parcel of all walks of human activity. As mentioned earlier all branches of law in one-way or other have accepted this as a reality or necessity. In future computer literacy will be as important as the general concept of literacy. Thus the intermediary or accessory nature of information processing device will be unavoidable and societal system in its entirety will be considering it as just like writing or reading and legal system will not be an exception.
Thus one can see that there is a very high priority requirement of accruing knowledge of legal issues of information technology. As the time goes on the issues in concern of 'cyber law' will be increasing by leaps and bounds. It may also lead to a situation whereby issues in all other branches of law getting accumulated in 'cyber law'. Contrarily the using of information technology in all spheres of life will result in a situation whereby there will not be any requirement of separate treatment of legal issues of information technology. In short one may say either 'cyber law' will engulf all other branches of law or 'cyber law' will crumble and dissolve into respective parent branches. Anyhow the importance of studying of legal issues of information technology is not to be belittled.
Major Legal Initiatives
Examining the initiatives of world countries for addressing legal issues of information technology seldom show a pattern. Even though multiple issues are present few, countries have attempted comprehensive legislation. However with respect to legal acceptance of electronic documents, electronic communication and electronic signature almost all the major countries have made legislations. Certain legislations have covered other legal issues together with this; however statistics reveals the same as very few.
Starting from the initiative of Utah State of United States of America in 1995 there was a chain of legislative as well as other initiatives in creating laws in this branch of technology. The Utah Code had four chapters namely Notaries Public Reform Act, Commissioners of Deeds, Utah Digital Signature Act and Uniform Electronic Transactions Act. The third and fourth chapters were the important ones as far as 'cyber law' was concerned. The legal validation of digital signature was covered by the former whereas the latter dealt with electronic communication. The Utah Digital Signature Act is holding a pivotal position and can be considered as the first true 'cyber law' legislation. However the too much stress on technology was later not much accepted by other initiatives.
Due to the encompassing nature and global reach of information technology it was nothing but a necessity that there should be a uniform nature of treatment among the world countries. UNCITRAL, became the torchbearer by adopting The Model Law on Electronic Commerce in 1996 (UNCITRAL is the short notation for United Nations Commission on International Trade Law. A United Nations functionary based in Vienna, Austria which develops model laws and standard documents meant to facilitate international commercial transactions among other activities. The Model Code was accepted by the United Nations General Assembly Resolution 51/162 of 16th December 1996). Vide the same the commission recommended the member nations to follow the model law while creating laws in the subject. Here also the discussion was centred on authentication and validation of electronic documents.
The laws passed by other countries like Germany - The Digital Signature Act, 1997; Singapore – The Electronic Transactions Act, 1998; Federal Government of United States of America - The Uniform Electronic Transactions Act, 1999; Finland - The Act on Electronic Service in the Administration, 2000; Philippines - The Electronic Commerce Act, 2000 etcetera are some other important legislations in this area. As can be understood from the titles itself many were concentrating on norms and conditions for legal validation of electronic transactions and mainly centred on signature. A technologically neutral and mature treatment of electronic signature is present in the Finnish law. With respect to issues like privacy, piracy, hacking, cracking, stalking etcetera almost all the initiatives follows general nature only differing in the punishments accept. The Electronic Commerce Act, 2000 of Philippines was a somewhat comprehensive covering other major issues and was highly precautious and severe with respect to 'cyber' crimes. This can be attributed to the great deal of damage done by the fatal “I Love You” virus that originated from Philippines.
A study about the inception and growth of 'cyber law' will show that before the coming into of large-scale legislations the law schools of developed nations especially United States had started teaching of subject. And when issues of this particular branch of technology came before Courts the general trend shown by the judiciary was to fall back on conventional legal provisions and to decide the issue presented before it. On the basis of these case discussions and those which were faced by corporate entities within itself, law schools were dwelling into the same.
Information Technology Act, 2000
Without doubts one of the most awaited, expected, celebrated, discussed, debated law passed by Central Government in the recent past is The Information Technology Act, 2000. It was the need of the time that a statutory enactment be made for putting in black and white the legal position with respect to this emerging area.
The Act acknowledges the driving nature of the UNCITRAL Model Law on Electronic Commerce. The introductory portion further mentions that the Act is an endeavour to give legal recognition for electronic transaction and to facilitate filing of electronic documents with the government. The Act also makes certain amendments to The Indian Penal Code, 1860, The Indian Evidence Act, 1872, The Bankers’ Books Evidence Act, 1891 and The Reserve Bank of India Act, 1934.
While glancing through the Act one can find that the same is a small piece of enactment for addressing this nascent field that is having huge ramifications. There are only 94 Sections arranged in thirteen Chapters and it is followed by 4 Schedules in which the amendments to the above mentioned four Acts are incorporated. Even though there are thirteen Chapters the more than half of the Act is entirely dedicated to digital signature and related issues. This can be argued as a normal outcome since the aim of the Act itself is to facilitate electronic transaction and authentication is a necessary end for electronic transaction.
Chapter I of the Act is the preliminary one and is also titled the same. The interesting provision of the portion is Clause (4) of the Section 1. The said provision excludes negotiable instruments (other than cheque), power of attorney, trust, will, contracts with respect to immovable properties and any class of documents or transactions that may be notified by the Central Government from the purview of the Act. One can raise doubt why such a class of documents has been excluded from the operation of the Act. The author holds the view that the delicacy of the State in readily embracing the technology is evident by this exclusion. However laws made by various other world counties also shows this trend. The common nature of the documents mentioned above is that all are highly critical in nature and the State is not willing to accept an electronic document instead of the time tested documents in its paper form. May be in future when electronic transaction becomes the order of the day one can expect the expulsion of these exclusions from the Act. The
Chapter II is titled as Digital Signature and is having two sections and vides the same it is recognizing the legal validity of digitally and electronically signed electronic documents. Then follows the Chapter III titled Electronic Governance and the same occupies Sections 4 to 10. The details with respect to acceptance of electronic documents at governmental level and such things are the core. Chapter IV is titled Attribution, Acknowledgement and Despatch of Electronic Records and the same contains 3 Sections. Secure Electronic Records and Secure Digital Signature is the title given to Chapter V. Both these chapters are loyal to their titles. Chapter VI bearing the heading Regulation of Certifying Authorities is one of the lengthiest Chapters of the Act running from Section 17 to Section 34. As the title mentions the same is detailing the role and mode of working of certifying authorities and is more of a procedural one mainly laying down the administrative norms. Chapter VII covering Sections 35 to 39 is named Digital Signature Certificate and is about form and format of the same. Chapter VIII with three sections and is given the heading Duties of the Subscriber.
With Chapter IX which it titled as Penalties and Adjudication, the provisions with respect to signature comes to an end. Section 43 of the same is an elaborate one discussing penalty for damage to computer system. Unauthorised access is the bottom line of the discussion and various incidence of the same is detailed. The enumeration of various points are precise and definite nevertheless one can consider this as a short coming also. The attempt to define the minute details will result in exclusion of certain categories of unauthorised access owing to its non-specification. The role of Adjudicating Officer who is to give the decision on issues arising under the Act is mentioned in this Chapter.
Chapter X is comparatively a big one and is covering the issue of with respect to the Appellate Tribunal and is titled the Cyber Appellate Tribunal. The setting up of the Appellate Tribunal for deciding issues under the Act is detailed here. An appeal from the decision of the Controller or Adjudicating Officer lies to the Tribunal.
Offences is the title given to Chapter XI. The major category of usual computer crimes are covered by referring to Section 43. Punishment can be fine and/or imprisonment and the maximum prescribed is upto rupees 10 lakhs and life imprisonment respectively. The Government can also declare a computer, computer system or computer network as a protected system and any unauthorized access or attempt to access is an offence that is punishable by an imprisonment which may go to ten years and/or a non specified fine. It is further provided that all the punishments under the Act is in addition to other legal remedies. That means penal actions under other laws can also be taken against perpetrator simultaneously.
Chapter XII is having only Section 79 and is titled Intermediaries Not To Be Liable in Certain Cases. The last Chapter that is XIII is titled Miscellaneous. As a name itself signifies an assorted items are dealt in the Chapter.