Menu

CYBER ATTACK: NEW THREAT TO LEGAL PANORAMA

Publications, Research paper
ABSTRACT

In today’s digital era, cyber attacks pose formidable challenges to the confidentiality and integrity of legal systems worldwide, including in India. This research examines the impact of cyber attacks on the Indian legal panorama, highlighting the vulnerabilities faced by law firms, legal professionals and other legal entities. The study adopts a qualitative approach, inclusive of a thorough literature review of academic articles, case studies, legal texts and governmental reports on cyber security and cyber laws in India. Key areas of focus include potency of Information Technology Act, 2000, in addressing cyber crimes, judicial responses to cyber threats through case analyses, and the dynamic role of legal frameworks in protection against cyber vulnerabilities. Key sections of the IT Act, such as Sections 65, 66, 66A, are examined to understand their role in handling cyber attack. The landmark case of Shreya Singhal v. Union of India is analyzed to emphasize the balance between freedom of speech and regulation of digital communication. The research highlights the need for continuous legal reform, cybersecurity education and collaboration among stakeholders to enhance endurance against cyber threats. Recommendations include ongoing training for legal professionals, strong cybersecurity measures and updates to existing laws to tackle evolving threats.

KEYWORDS

Cyber attacks, Legal systems, Information Technology Act,2000 , Cybersecurity, Judicial responses, Legal reform

INTRODUCTION

A cyber attack is basically an intentional effort which is done with an aim to steal, disable, destroy, alter or expose data, applications or other assets through unauthorized access to a digital device, computer system or network. Any individual or group of individuals can launch a cyber attack from anywhere. Cybercriminals who carry out these attacks are often referred as threat actors, bad actors and hackers. 

In today’s digital world, the legal landscape faces many unexpected challenges posed by cyber attacks. As the technology evolves, the methods and sophistication of cyber threats also continues to be dynamic, targeting critical infrastructure and sensitive information across various sectors. Even the legal profession, which is traditionally seen as a bastion of integrity and confidentiality, is susceptible to these threats. 

The rise of cyber attacks brings formidable challenges to the legal panorama. Attacks ranging unauthorised data access and data breaches to sophisticated phishing schemes, have the potential to harm the integrity and confidentiality of legal information. Law firms, legal professionals and judicial systems are increasingly becoming targets, with attackers seeking to destroy the vulnerabilities for espionage, financial gain or other unlawful motives. The ramifications of such attacks are far reaching as it not only affects the immediate victims but also undermines public trust in legal system. 

RESEARCH METHODOLOGY

This research utilizes a qualitative approach to explore the impact of cyber attacks on the legal landscape. The methodology involves a comprehensive review of existing literature including academic journals, legal texts, case studies and governmental reports related to cyber security and cyber laws in India. This literature review serves as the foundation for understanding the current state of the cyber threats face by legal entities. Additionally, the research will analyze relevant case laws and court judgements, such as the landmark case of Shreya Singhal v. Union of India. The findings from this research will contribute to a detailed understanding of the intersection between cyber security and legal practice, which will further provide recommendations for strengthening legal frameworks to tackle cyber attacks efficiently.

REVIEW OF LITERATURE

Cyber Attack is a serious threat that has been defined by many lawyers and jurists. Oona A. Hathaway defines it as an action that is performed to undermine the functions of a computer network for the purpose of national or political security. He views cyber attacks as complex activities that defy traditional principles governing armed conflict under the law of war. He emphasized the necessity of defining cyber attack to address legal implications effectively. 

Uma & Padmavathi view cyber attacks as manipulation of cyberspace with a motive of accessing unauthorized or secure information, disabling networks, engaging in espionage and stealing data and money. The author highlights a critical knowledge gap that intensifies vulnerability to such attacks, stressing the need and importance of legal frameworks to enable authentic defence measures.

CYBER LAWS IN INDIA

When internet was developed, its founders did not have any idea that the Internet could evolve itself into a revolutionary thing that could be used for unlawful and criminal activities. In today’s scenario, many distressing things are happening in cyberspace. Cyber laws in India play a significant role in limiting and controlling unlawful activities. It is crucial as it affects almost every type of activities on the Internet, the World Wide Web and cyberspace. 

Cyber Law may seem like a technical thing but actually it is quite the opposite. Every action and reaction in cyberspace has legal implications. Cyber Law regulates and controls online activities, providing a legal framework to tackle issues such as identity theft, data breach, hacking, fraud and espionage. It is important for protecting intellectual property rights in the digital world, including copyrights, patents and trademarks, so that the business can safeguard their digital assets.

THE IMPERATIVE OF THE IT ACT, 2000 (INDIA) IN CYBER LAW

The Information Technology Act, 2000 which is also known as the IT Act is an act which is proposed by the Parliament of India on October 17, 2000. The IT Act, 2000 attempts to transform outdated laws and provides different ways to tackle cyber crimes so that lawful secure digital, electronic and online transactions can be carried out. 

IT Act, 2000 provides a legal recognition for the transactions that are conducted through Electronic Data Interchange (EDI) and other forms of electronic communication, commonly known as ‘electronic commerce’, carried out to utilize the alternatives to paper-based methods of communication and information storage. The Act aims on enabling the electronic filing of documents with the government agencies and amends the Indian Penal Code (IPC), Indian Evidence Act,1872, The Banker’s Book Evidence Act,1891 and the Reserve Bank of India Act,1934, addressing incidental and related matters.

  • WHEREAS through resolution A/RES/51/162 dated January 30,1997, the General Assembly of the United Nations adopted the Model Law on Electronic Commerce as United Nations Commission on International Trade Law.
  • AND WHEREAS the resolution encourages all States to consider the Model Law when enacting or revising their laws to bring uniformity in the legal framework applicable to the alternatives of the paper-based methods of information storages and communication.
  • AND WHEREAS it is held necessary to implement this resolution and promote the reliable delivery of government services through the use of authentic electronic records.

The Act has proposed a structured legal framework for the origin and authentication of electronic communications through digital signature. 

  • The IT Act, 2000, confers legal recognition upon electronic communications, particularly emails, as admissible and valid forms of evidence in judicial proceedings. This provision highlights the legality and enforceability of electronic documents, thereby bring its use into existence in courts of law and ensuring that the electronic communication is treated with the same legitimacy as paper-based documents.
  • The Act provides an overarching legal framework for facilitating electronic commerce. The Act establishes a legal infrastructure for e-Businesses which enables companies to engage in electronic transactions with confidence, knowing that their transactions are supported and succoured by legally enforceable regulations and standards.
  • Digital Signature is conferred a legal recognition and validity under the IT Act, 2000. This provision ensures that digital signatures can be used to verify and authenticate electronic documents, and provides the same level of security and trust as handwritten signatures. The Act specifies that the digital signatures must comply with specified security procedures, so that their reliability is enhanced.
  • The Act provides the opportunity to corporate entities to become Certifying Authorities, responsible for issuing Digital Signature Certificates. This provision enables businesses to become trusted entities that can authenticate and verify digital signatures, thereby playing a material role in the digital system and contributing to the safety and integrity of electronic transactions.
  •  The Act facilitates companies to file applications, forms and other documents with government authorities and agencies in electronic form. This provision makes the interaction with governmental entities easier, reduces paperwork and enhances efficiency in operations.
  • By providing a statutory definition for secure digital signatures, the IT Act, 2000 addresses the paramount issue of security. This ensures that digital signatures that are utilized in electronic communications meet required security standards, thereby safeguarding the authenticity and integrity of digital transactions and communications under the law.
SECTION 65 OF INFORMATION TECHNOLOGY ACT, 2000

Section 65 of the Information Technology Act, 2000, confronts the serious issue of tampering with computer source documents. This provision explicitly focuses on any individual who knowingly or intentionally conceals, destroys or alters or causes another to conceal, destroy or alter any computer, computer program, computer system or computer network. The legal requirement mandates the preservation of such source code as required by law, which is important for regulatory compliance and security purposes. The result of violations of this section can result in severe penalties, including a fine of up to two lakh rupees, imprisonment for the term of three years or both.

The importance of Section 65 lies in its role in maintaining the security, reliability and integrity of computer systems. Computer Source code tampering can introduce severe vulnerabilities, which may lead to data breaches, unauthorized access and system failures. Section 65 ensures that such unlawful activities are met with strict legal consequences. This statutory safeguard highlights the necessity of maintaining the sanctity of digital infrastructure and information, thereby ensuring overall legal compliance within the digital domain.

SECTION 66 OF INFORMATION TECHNOLOGY ACT, 2000

Section 66 of the Information Technology Act, 2000, focuses on computer-related offences involving fraudulent or dishonest actions. According to this provision, any person who, with fraudulent or dishonest intent commits any of the acts that is described in Section 43 of the IT Act, shall be liable to penal consequences. The punishment for such offences include imprisonment for a term that may extend to three years, a fine that may extend to five lakh or both.

Section 66 specifies hacking as the unauthorized access to a computer network or system. It includes not only gaining entry into secure systems but also finding a way around security measures to interrupt operations or obtain sensitive information.

SECTION 66A OF INFORMATION TECHNOLOGY ACT, 2000

Section 66A of the Information Technology Act, 2000, was designed to tackle the misuse of digital communication tools to send offensive, false, or misleading messages by penalizing it. The provision included three main clauses, each focusing on different forms of harmful communication. 

Clause (a) Any information that is grossly offensive or has menacing character 

  • It targets the transmission of information that is very threatening or offensive in nature. For instance, messages that contain explicit threats of violence, hate speech or some other content that is designed to cause intense distress or fear fall under this clause.

Clause (b) Any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device

  • This clause addresses the intentional distribution of false information with a motive of causing serious harm. The sender must know that the information is false and must send it continuously to achieve malicious ends such as causing danger, annoyance or hatred.

Clause (c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages, shall be punishable with imprisonment for a term which may extend to three years and with fine.

  • This clause is specifically about emails and electronic messages that are intended to cause inconvenience or annoyance or to mislead the recipient about the message’s origin. This could include phishing attempts, spam emails or any message that is sent with an intent to mislead the recipient regarding who sent the message.
SECTION 66B OF INFORMATION TECHNOLOGY ACT, 2000

Section 66B of the Information Technology Act, 2000, is designed to penalize individuals who intentionally retain or acquire stolen computer resources or communication devices. The provision focuses on acts of dishonesty in the possession of digital assets, highlighting the importance of awareness or reasonable belief regarding the stolen nature of the item. The term “dishonestly” in the section implies a wrongful intent in retaining or acquiring the computer resource or communication device, different from inadvertent possession or lack of knowledge of its stolen status.

The punishment prescriber under Section 66B highlights the seriousness with which such offences are handled. Offenders that are convicted under this provision are punished with imprisonment for a term that may extend up to three years. The court also has discretion to impose a fine, the maximum amount of which can be extended up to one lakh rupees. In certain cases, both imprisonment and a fine may be imposed, depending on the circumstances and severity of the offence as determined during the judicial proceedings.

SECTION 66E OF INFORMATION TECHNOLOGY ACT, 2000

Section 66E of the Information Technology Act, 2000, confronts the infringement of privacy concerning the capturing, transmitting or publishing of images of a person’s private parts without their knowledge and consent. The motive of this section is protection of individual privacy and personal dignity in the digital age. The violation of Section 66E can result in severe penalties, including imprisonment for up to three years, a fine of up to two lakh rupees, or both.

The provision acknowledges the importance of personal privacy and aims to prevent the use of technology for unlawful purposes. The act of capturing images without consent is considered a notable violation of personal space and dignity. It covers situations where individuals may be unknowingly subjected to such intrusive actions, ensuring that culprits are held accountable.

UPHOLDING FREEDOM OF SPEECH – SHREYA SINGHAL VS UOI

In a landmark judgment, the Supreme Court of India rendered Section 66A of the Information Technology Act, 2000 null and void, marking a turning point in the country’s legal and constitutional landscape. 

The case originated from the arrest of two women under Section 66A for intentionally posting offensive comments on a social media platform Facebook regarding the shutdown of Mumbai following a political leader’s death. This incident sparked public outcry and media scrutiny, spurring the petitioners to the challenge the lawfulness of Section 66A on grounds of its infringement of the fundamental right to freedom of expression guaranteed under Article 19(1)(a) of the Indian Constitution.

The Court’s decision, delivered by Justices Chelameshwar and Nariman, delved into a rigorous analysis of Section 66A’s provisions and their compatibility with constitutional protections. Central to the Court’s critical observation was whether Section 66A’s broad scope, targeting communication deemed to cause insult, inconvenience, or annoyance, fell within the permissible restrictions outlined in Article 19(2) of the Constitution. The Court agreed with the petitioners that the law’s language lacked clarity and specificity in defining important terms like “annoyance” and “inconvenience,”.

Making use of established legal principles and previous rulings from around the world, the Court highlighted that laws criminalizing speech must provide specific standards to guide both citizens and law enforcement agencies, thereby preventing arbitrary application and safeguarding against the chilling effect on free expression. The judgement underscored that Section 66A failed to distinguish between mere disagreement and provocation to public disorder, thereby risking the fundamental principles of democratic discourse and civic engagement online.

By nullifying Section 66A, the Supreme Court strengthened the primacy of fundamental rights in the digital age, stating that legislative measures that focuses on regulating online speech must adhere to strict constitutional scrutiny.  This landmark decision underscored the role of judiciary in upholding constitutional freedom while tackling the complexities of technological advancements and digital communication platforms. 

RELEVANT  CASE LAWS
RAVI SRINIVASAN V. KARTI CHIDAMBARAM (2012)

Ravi, a businessman based in Puducherry was arrested by local police following a complaint from the former Finance Minister P. Chidambaram’s son, Karti, for posting a critical tweet. Few days later, Srinivasan was arrested and was charged under Section 66A.

MARATHE V. THE STATE OF MAHARASHTRA (2012)

In 2012, Assem Trivedi, an Indian Political Cartoonist, faced sedition charges under Section 124A of the Indian Penal Code for cartoons critical of Parliament and the government. The High Court made it clear that mere criticism without provocation to violence or public disorder does not constitute sedition. The guidelines stipulated that for sedition charges to be applicable, expressions must impel hatred or disloyalty and have the potential to cause public disorder, thus safeguarding robust criticisms under free expression.

AMBIKESH MAHAPATRA & ANO. PETITIONAERS V. THE STATE OF WEST BENGAL & ORS. S

In April 2012, Ambikesh Mahapatra, a Jadhavpur University professor, and his neighbour Subrata Sengupta were arrested under Section 66A for spreading a sarcastic cartoon via email that mocked Chief Minister Mamata Banerjee. The arrests ignited controversy and highlighted concerns over freedom of expression, contributing to the eventual revocation of Section 66A in 2015.

SUGGESTION AND CONCLUSION

As the dynamic digital landscape continues to evolve, protecting legal entities from cyber threats remains supreme. To mitigate the risk brought by cyber attack, legal professionals and policy makers should move along with the evolution in the nature of threats by continuous education and training in cybersecurity measures. In order to enhance collaboration between law enforcement agencies, cybersecurity experts and legal practitioners is crucial for developing inclusive strategies and frameworks that address emerging threats effectively. Moreover, ongoing review and adaptation of existing cyber laws, such as the Information Technology Act, 2000, are vital to ensure that they remain robust and relevant in protecting from revolving cyber threats.

In conclusion, while cyber attacks bring significant challenges to the legal panorama, pragmatic measures in education, collaboration, and legal reform can increase resilience and sustain the integrity of legal systems. Strengthening cyber security infrastructure, enhancing legal vigilance and promoting awareness about cyber risks are vital steps to protect the integrity and confidentiality of legal systems from evolving technological challenges.

AUTHOR: Ashwin R Nair, Student of Lloyd School of Law, Greater Noida.