September 27, 2011

T'DB'TS - Privileged Information in Hong Kong

Article 35 of The Basic Law of the Hong Kong Special Administrative Region of the People's Republic of China ("Basic Law") guarantees right to confidential "legal advice". The law enables the Client to repose full trust in his Attorney and disclose all information that he think will assist his Attorney in the trial while making representaion on his behalf. Public policy mandates that the Attorney so trusted with confidential information cannot break the privilege on his own accord and always use the information in the best interest of the Client. The said law shall apply to all cases where (a) legal advice is sought or given and (b) actual or contemplated representaion in a litigation is made. The documents covered could be anything under the sun. Even oral information is confidential and cannot be disclosed. This applies to lawyers and his staffs and Clients and his representatives. Parties can waive the right to privileged information. Having said that, this privilege cannot be exercised in cases of fraud or conspiracy to commit a crime in the future.

Importance cases - Lehman Brothers & CITIC

September 23, 2011

Bribery law in UK, US; position in India


Very recently in July 2011, the UK passed the Bribery Act to criminalize inter alia bribes offered to foreign public officials for the purpose of ‘obtaining’ or ‘retaining’ business or an “advantage in the conduct of business”. The sweeping extent and applicability of the law is based on a “close connection” test i.e. a person can be subject to the law irrespective of whether the act or omission at issue took place in the UK. The provisions of the law largely resemble that of the Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, which the UK had signed and ratified years ago.
Readers may recall that the U.S. way back in 1977 passed a similar anti-corruption law (FCPA) with the object to prevent nationals from bribing foreign government officials with the purpose to “obtain” or “retain” business. Since the passage of the law, the world has witnessed several instances where corrupt businessmen have been exposed and brought to books. In fact, until the UK Bribery Act, U.S. was the only signatory to the Anti-bribery Convention to have an aggressive enforcement mechanism in place under the supervision of the Department of Justice.
However, and very unfortunately, India at present does not have any such legislation in place. A recent comment on Indian Express highlighted the payment of bribery by U.S. companies to Indian government officials. Despite the fact that the bribers have admitted to the payment of bribery with ‘corrupt’ intent, Indian government is not willing to cooperate with the U.S. Department of Justice thereby impeding the potential prosecution of those guilty. Not to forget, India is also not a party to the Anti-bribery Convention.
Stated below are the significant differences between the UK & U.S. anti-bribery laws;
1.      U.S. law is broader in terms of its application since it does not follow the “close connection” test.
2.      UK law states the purpose of bribe as follows – “obtaining or retaining business or an advantage in the conduct of business”. The U.S. law stops at “obtaining or retaining business”.
3.      Unlike the U.S., the UK law does not require a ‘corrupt mind’ and is based on a strict liability rule.
4.      Unlike the U.S., there is no exception for ‘facilitation payments’ under the UK law. Facilitation payments are essentially payments made to expedite a commercial process and may not involve ‘bribe’ as such.
5.      Commercial bribery is punishable under the UK law.

September 20, 2011

Cyber crime in India

Professor Kavita Singh discusses laws on cyber crimes in India (this is the second of the two posts).


1. STATISTICS ON CYBER CRIMES - Evolution of computers has lessened the workload of human beings and Internet has served as a tool for gaining knowledge in other words Internet has created information boom. More and more people are becoming computer and internet friendly. Like common everyday crimes, online activities are also vulnerable to crime and can compromise personal safety.[1] One needs to know how to remain protected from such crimes as none knows how, when, and where one can become prey to cyber crime. Lawmakers, law enforcement agencies, and individuals need to know how to protect themselves and the persons, for whose safety they are responsible. According to the latest Consumer Reports National Research Center “State of the Net” survey, one in five online consumers have been victims of cybercrime in the last two years to the tune of an estimated $8 billion dollars. The overall rate of the crime has remained consistent over the five years says Consumer Reports. Report also notes that the problem stands to get worse as rising unemployment and foreclosures fuel a wave of recession-orientated Internet scams, and as the popularity of social networking services grow, creating more openings for identity thieves.[2] The General Assembly of the United Nations adopted “the Declaration of Basic Principles of Justice for Victims of Crime and Abuse of Power” known as United Nations Declaration on November 29, 1985. This Declaration was constituted to recognise the need to set norms and minimum standards in international law for the protection of victims of crimes.

2. INTERNET USERS IN INDIA - Number of Internet users in Asia is approximate 5, 29, 701, 704. Asia has only 16% of populations of the world, 37.6% of total internet users are Asian. Out of them around 60 million are from India. India is 3rd in Asia (1st is China (220 million) and 2nd is Japan (87.5 million)) and India is fourth in world first is China (220 million), second is USA (216 million) and third is Japan (87.5 million)) as per as internet users are concerned. India has 13% of internet users in Asia and 7.36% that of the world. But the sorrowful fact is only 5.3% of people in India use internet.[3]

3. OBSCENITY[5] and pornography determined that the standards we have written interfere with constitutionally protected materials: “Society's attempts to legislate for adults in the area of obscenity have not been successful. Present laws prohibiting the consensual sale or distribution of explicit sexual materials to adults are extremely unsatisfactory in their practical application. The Constitution permits material to be deemed ‘obscene’ for adults only if, as a whole, it appeals to the ‘prurient’ interest of the average person, is ‘patently offensive’ in light of ‘community standards,’ and lacks ‘redeeming social value.’ These vague and highly subjective aesthetic, psychological and moral tests do not provide meaningful guidance for law enforcement officials, juries or courts. As a result, law is inconsistently and sometimes erroneously applied and the distinctions made by courts between prohibited and permissible materials often appear indefensible. Errors in the application of the law and uncertainty about its scope also cause interference with the communication of constitutionally protected materials.”[6] Children are victims of pornography.[7] It is a dirty business carried out to earn million dollars.

4. UNAUTHORISED CONTROL/ACCESS TO COMPUTER SYSTEM - Cyber theft means using a computer to steal. This includes activities related to breaking and entering DNS cache poisoning, embezzlement and unlawful appropriation, espionage, identity theft fraud, malicious hacking, plagiarism and piracy. Examples include advertising or soliciting prostitution through the internet. It is against the law to access prostitution through the internet because the process of accessing the Internet crosses state and sometimes national borders. [8]

5. EMAIL SPOOFING - Drug sales, both illegal and prescribed, through the internet are illegal except as a customer through a state licensed pharmacy. Computer based fraud is different from theft because the victim voluntarily gives the money or property to the criminals.[9] Deliberately putting malicious code (viruses, Torjans) into a computer network to monitor ,follow, disturbed stop, perform any other without the permission of the owner of the network.[10]  

6. CHEATING & FRAUD - Online gambling through the internet is a violation of law because the gambling service provider requires electronic payment through the use of credit card, Debit card, or other electronic fund transfer which is illegal. Individual are victims of cyber vandalism that is damaging or destroying data rather than stealing misusing them is called cyber vandalism. This can be included a situation where network service are disturbed or stopped. By the invention of Phishing Technique[11] in 1987, where in a fake website individual is asked to feed data such as user name, password, ATM card holder or credit card holder while doing so he becomes victim of phishing.[12]

7. CYBER CRIME AGAINST PROPERTY OWNERS - Companies are the main victims of cyber crimes but neither company nor individuals are insured against cyber criminals.[13] In cyber trespass, someone accesses computer network recourse without their authorization or permission of the owner but does not alert disturb, misuse, or damage the data or system.[14] This is hacking for the purpose of entering into electronic network without permission. Example, using a wireless internet connection at a hotel in which you are staying and accessing the hotel privet files without disturbing them. This is also called snooping. Companies and firms become victims of cyber vandalism when their computer data are damaged or destroyed rather than stealing misusing them is called cyber vandalism.[15] This can be included a situation where network service are disturbed or stopped deliberately putting malicious code (viruses, Torjans) into a computer network to monitor, follow, disturbed stop, perform any other without the permission of the owner of the network.[16] This may cause huge loss of money and work. Data lost may not be recovered at all. Cyber Contrabands is transferring illegal item through the internet that are banned in some location. In cases of drugs trafficking, those drugs sold only for limited purpose.

8. CYBER CRIME AGAINST GOVERNMENT - Cyber Laundering is electronic transfer of illegally obtained money with the intention of hiding its source and possible and destination by this government loose huge amount of revenue. Intellectual Property crimes and distribution of pirated software, the owner becomes victim of cyber crime as he is deprived of his right by common IPR violations.[17] Cyber terrorism[18] against the government organization victim is the government and hampers the development of the nation as a whole.[19] Trafficking [20] in human beings, drugs and arms are to name a few where the State becomes victim by loosing revenue plus the security threat. Fraud and Cheating[21] are the most common cyber crimes by which along with government, the common people of the State become victims of cyber crime.

The nature and scope of cyber crime needs to be researched extensively. The scientific invention of computers is no doubt a need of the hour and so is the internet. We must not forget that for every good thing we need to sacrifice some thing or the other. The typology of cyber crime is very wide and keeping in mind the same, the author has tried to analyse it in different headings but it is very difficult to draw distinction between them as there are very thin line of differences.

[1] Security is one of the major concerns for both internet users as well as the system administrators in this technically strong wireless world.
[4] The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking   involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.
[5] Pornography on the net may take various forms. It may include the hosting of web site containing these prohibited materials. Two known cases of pornography are the Delhi Bal Bharati case and the Bombay case wherein two Swiss couple used to force the slum children for obscene photographs. The Mumbai police later arrested them.
[6] Report of the Commission on Obscenity and Pornography 53 (1970).
[7] According to the National center for Missing and Exploited Children (NCMEC), USA approximately one fifth of all internet pornography is child pornography .According to research conducted by at MIT, 89%of porn is created in the USA.
[8] This activity is commonly referred to as hacking. The Indian law has however give a different connotation to the term hacking, so we will not use the term "unauthorized access" interchangeably with the term "hacking" to prevent confusion as the term used in the Act of 2000 is much wider than hacking.
[9] Vandalism means deliberately destroying or damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person.
[10] A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's origin to be different from which actually it originates.
[11] Phishing technique was described in details in 1987 and first recorded use of the term “Phishing” was made in 1996 the term is variant of fishing probably influenced by phreaking, and alludes to baits used to catch financial information & password.
[12] Once a victim visits the Phishing website deception is not over. Some Phishing scam use java scripts commands in order to alter the address bar.
[13] A survey, what was carried out among companies in the USA, showed that 85% of companies at least once incurred network attack.
[14] The important and foremost scenario that needs to focused while speaking about the internet is the protection of Online data security i.e. Internet data and corporate security systems.
[15] The internet age is quickly revolutionizing and day-to-day there is an increase in the use of computers which are now being connected via wireless network.
[16] To name a few of the internet security measures to prevent such kind of vulnerable systems would be to have a proper access control.
[17] Intellectual property consists of a bundle of right.
[18] Cyber terrorism may be defined to be “ the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.”
[19] Cyber terrorism and cyber crime are criminal acts. The recent example may be cited of-Osama Bin Laden attack on America’s army deployment system during Iraq war.
[20]Trafficking may assume different forms. It may be trafficking in drugs, human beings, arms weapons etc.
[21] Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. It may assume different forms. Some of the cases of online fraud and cheating that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc.

Cyber Crime in India

Professor Kavita Singh discusses the laws on cyber crime in India (this is the first of the two posts).

The term ‘cyber crime’ is a misnomer. This term has nowhere been defined in any Statute /Act enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include some conduct, whether an act or omission, which causes breach of rules of law and counterbalanced by the sanction of the state.

Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is “a legal wrong that can be followed by criminal proceedings which may result into punishment.” The hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin “the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences”. A crime may be said to be any conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences. Cyber crime is the latest and perhaps the most complicated problem in the cyber world. “Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime”.Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime”.

2. GENERALISED DEFINITION - A cyber crime may be “unlawful acts wherein the computer is either a tool or target or both”. The  computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.

3. DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME - There is apparently no distinction between cyber crime and conventional crime. However on a deep introspection we may say that there exists a fine line of demarcation between the two, which is appreciable. The demarcation lies in the involvement of the medium in cases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium. Cyber crime criminals include, among others, children and adolescents between the age group of 6 – 18 years, organised hackers, professional hackers / crackers  and discontented employees.

4. CYBER PORNOGRAPHY - The literal meaning of the term 'Pornography' is “describing or showing sexual acts in order to cause sexual excitement through books, films, etc.” This would include pornographic websites; pornographic material produced using computers and use of internet to download and transmit pornographic videos, pictures, photos, writings etc. Adult entertainment is one of the largest industries on internet. There are more than 420 million individual pornographic web pages today. Research shows that 50% of the web-sites containing potentially illegal contents relating to child abuse were ‘Pay-Per-View’. This indicates that abusive images of children over Internet have been highly commercialized. Pornography delivered over mobile phones is now a burgeoning business, “driven by the increase in sophisticated services that deliver video clips and streaming video, in addition to text and images.”

5. FORGERY BY USE OF COMPUTERS - Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners.  Also impersonating another person is considered forgery.

6. IPR VIOLATIONS - These include software piracy, copyright infringement, trademarks violations, theft of computer source code, patent violations. etc.

7. CYBER SQUATTING - Domain names are also trademarks and protected by ICANN’s domain dispute resolution policy and also under trademark laws. Cyber Squatters registers domain name identical to popular service provider’s domain so as to attract their users and get benefit from it.

8. CYBER TERRORISM - Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets. Others like police, medical, fire and rescue systems etc. Cyber terrorism is an attractive option for modern terrorists for several reasons -
     1. It is cheaper than traditional terrorist methods.
     2. Cyberterrorism is more anonymous than traditional terrorist methods.
     3. The variety and number of targets are enormous.
     4. Cyberterrorism can be conducted remotely, a feature that is especially appealing to terrorists.
     5. Cyberterrorism has the potential to affect directly a larger number of people.

9. BANKING/CREDIT CARD RELATED CRIMES - In the corporate world, Internet hackers are continually looking for opportunities to compromise a company’s security in order to gain access to confidential banking and financial information.  Use of stolen card information or fake credit and debit cards are common. Bank employee can grab money using programs to deduce small amount of money from all customer accounts and adding it to own account also called as salami.

10. E-COMMERCE/INVESTMENT FUNDS - An offering that uses false or fraudulent claims to solicit investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit securities. Merchandise or services that were purchased or contracted by individuals online are never delivered. The fraud attributable to the misrepresentation of a product advertised for sale through an Internet auction site or the non-delivery of products purchased through an Internet auction site. Investors are enticed to invest in this fraudulent scheme by the promises of abnormally high profits.

11. SALE OF ILLEGAL ARTICLES - This would include trade of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication. Research shows that number of people employed in this criminal area. Daily, people keep receiving so many emails with offer of banned or illegal products for sale.

12. ONLINE GAMBLING - There are millions of websites hosted on servers abroad, which offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering.

13. DEFAMATION - Defamation can be understood as the intentional infringement of another person's right to his good name and reputation. Cyber Defamation occurs when defamation takes place with the help of computers and the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person's friends. Information posted to a bulletin board can be accessed by anyone. Cyber defamation is also called as Cyber smearing.

14. CYBER STALKING - Cyber stalking involves following a person’s movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc. In general, the harasser intends to cause emotional distress and has no legitimate purpose to his communications.

15. PEDOPHILES - Also, there are persons who intentionally prey upon children. Specially, with a teen they will let the teen fully understand the feelings towards adult and in particular teen parents. They earn teen's trust and gradually seduce them into sexual or indecent acts. Pedophiles lure the children by distributing pornographic material, then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions.

16. IDENTITY THEFT - Identity theft is one of the fastest growing crimes in different countries. Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud. Identity theft is a vehicle for perpetrating other types of fraud schemes.

17. BREACH OF PRIVACY AND CONFIDENTIALITY - Privacy refers to the right of an individual to determine when, how, and to what extent his personal data will be shared with others. Breach of privacy means unauthorized use or distribution or disclosure of personal information like medical records, sexual preferences, financial status etc. Confidentiality means non disclosure of information to unauthorized or unwanted persons. In addition to personal information some other typse of information which are useful for business and leakage of such information to other persons may cause damage to business or person, such information should be protected. Generally for protecting secrecy of such information, parties while sharing information, form an agreement about the procedure of handling of information and to not to disclose such information to third parties or use it in such a way that it will be disclosed to third parties. Many times, party or their employees leak such valuable information for monitory gains and causes breach of contract of confidentiality. Special techniques such as Social Engineering are commonly used to obtain confidential information.

                1. Section 66E of Information Technology Act, 2000, provides for punishment for violation of privacy. Anyone intentionally or knowingly captures, publishes or transmits images of private area of any person without consent under circumstances violating their privacy of the person, shall be punished with imprisonment upto three years or fine up to two lakhs.
                2. Section 66 D of the same Act provides punishment for cheating by personation. Whoever by means any communication device or computer resource cheats by personating shall be punished with imprisonment upto three years and liable for fine upto one lakhs.
                3. Section 66 C of the same act provides for punishment of Identity Theft. Whoever fraudulently or dishonestly make use of electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment up to three years and fine up to one lakh.
                4. Section 67  of the same act provides for punishment for publishing of information which is obscene in electronic form. Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious, or appeals to prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances to read, see or hear the matter contained or embodied in it shall be punished for a term upto 3 years or fine upto 5 lakhs.
                5. Section 79 of the same act provides for punishment of intermediary’s liability. Person not liable for any third party information it only intermediary to provide access and not to initiate, not to select receiver, not to modify observes due diligence.
                6. Section 66 A of the same act provides for punishment for sending offensive message through communication service. Any person who sends by means of computer resource any information which he knows to be false or electronic mail  to deceive or to mislead the addressee shall be punished with imprisonment for a term upto 3 years and fine.
                7. Section 66 of the same act provides for punishment for Computer related offence – any person dishonestly or fraudulently does any act referred u/s 43 shall be punished with imprisonment up to 3 years or fine up to 5 lakhs or both.
                8. Section 65 of the same act provides for punishment of tampering of computer source code – whosoever knowingly or intentionally conceals, destroys or alters computer source code when it is required to be kept by law shall be punished with imprisonment  up to 3 years or fine up to 2 lakhs or both.
                9. Section 66 E of the same act provides for punishment for punishment for cyber terrorism – whoever with the intention to strike terror introduces computer contaminant  and thereby cause death or destruction of property which will adversely affect critical information infrastructure shall be punished with imprisonment upto life.  
               10. Section 70 of the same act provides for punishment of any person who secures access or attempts to secure access a protected system shall be punished with imprisonment upto 10 years and fine.
               11. Section 72 A of the Act provide for punishment for disclosure of information in breach of lawful contract – any person offering service under lawful contract secures access to personal information, discloses that without consent of the person and with the intention to cause wrongful loss shall be punished with imprisonment upto 3 years or fine upto 5 lakhs or both.
               12. Abetment of offence is provided in Section 84 B and the same punishment is same. Attempt to commit offence – Sec 84 C – half of longest term of imprisonment Offences punishable with imprisonment of three years are bailable offence –provided in Section 77B.
               13. Inspector and above have power to investigate is in Section 78. Inspector and above have power to arrest in Section 80.  Inspector and above may enter public place, search and arrest without warrant any person who is reasonably suspected of being committed, committing or about to commit any offence.

Information Technology Act needs regular updating to incorporate newer types of crime. The nature and scope of cyber crime needs to be researched extensively. The scientific invention of computers is no doubt a need of the hour and also internet. We must not forget that for every good cause we need to sacrifice something or the other. The typology of cyber crime victims are very wide and keeping in mind the same the researcher has tried to analysis them in different headings but it is very difficult to draw distinction between them as there are very thin line of differences.