Is Spyware Recognized as an offence in ITA-2000 ?
We often wonder if ITA-2000 is strong enough to address the
emerging issues in Cyber Crimes. There are frequent demands that the ITA-2000
needs to be amended since it cannot recognize some of the offences that are
becoming serious issues now.
One such doubt being raised is the incidence of
"Spyware" and "Adware" which reside in the computer of an user and send
out information to an outside destination. Some times the information sent out
may be a "Tracking" information which is not designed to be harmful. In the
extreme the spyware may be a "Key Logger" which steals the passwords.
It is stated that many companies in USA have started using
Spyware as a means of advertising.
In this connection it is necessary for us to examine
critically the two relevant sections of ITA-2000 namely Section 43 and Section
66 which are reproduced here for ready reference.
Section 43 of ITA-2000:
If any person without
permission of the owner or any other person who is in charge of a computer,
computer system or computer network -
|
(a) |
accesses or secures access to such computer, computer
system or computer network. |
|
(b) |
downloads, copies or extracts any data, computer data
base or information from such computer, computer system or computer network
including information or data held or stored in any removable storage
medium; |
|
(c) |
introduces or causes to be introduced any
computer
contaminant or computer virus into any computer, computer system or
computer network; |
|
(d) |
damages or causes to be damaged any computer, computer
system or computer network, data, computer data base or any other
programmes residing in such computer, computer system or computer network; |
|
(e) |
disrupts or causes disruption of any computer, computer
system or computer network; |
|
(f) |
denies or causes the denial of access to any person
authorised to access any computer, computer system or computer network by
any means; |
|
(g) |
provides any assistance to any person to facilitate
access to a computer, computer system or computer network in contravention
of the provisions of this Act, rules or regulations made thereunder, |
|
(h) |
charges the services availed of by a person to the
account of another person by tampering with or manipulating any computer,
computer system, or computer network, |
|
he shall be liable to pay damages by way of compensation
not exceeding one crore rupees to the person so affected. |
|
|
Explanation - for the purposes of this section -
|
(i) |
"Computer Contaminant" means
any set of computer
instructions that are designed - |
|
|
|
(a) |
to modify, destroy, record,
transmit data or programme residing within a computer, computer system or computer
network; or |
|
(b) |
by any means to usurp the normal operation of the
computer, computer system, or computer network; |
|
|
(ii) |
"Computer Database" means a representation of
information, knowledge, facts, concepts or instructions in text,
image, audio, video that are being prepared or have been prepared in a
formalised manner or have been produced by a computer, computer system
or computer network and are intended for use in a computer, computer
system or computer network; |
|
(iii) |
"Computer Virus" means any computer instruction,
information, data or programme that destroys, damages, degrades or
adversely affects the performance of a computer resource or attaches
itself to another computer resource and operates when a programme,
data or instruction is executed or some other event takes place in
that computer resource; |
|
(iv) |
"Damage" means to destroy, alter, delete, add, modify
or re-arrange any computer resource by any means. |
|
Section 66 of ITA 2000:
| |
|
(1) |
|
Whoever with the intent to cause or
knowing that he is
likely to cause wrongful loss or damage to the public or any person,
destroys or deletes or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by any
means, commits hacking. |
|
| |
|
(2) |
|
Whoever commits hacking shall be punished with
imprisonment up to three years, or with fine which may extend up to two lakh
rupees, or with both.
|
For whatever reasons these sections have been drafted with a
certain amount of vagueness which is coming in handy now when new types of
crimes are being observed.
From the above sections it is clear that a "Spyware" is a
"Computer Contaminant" and the spyware owner "access" the system resource
whether or not he creates any damage.
Similarly, "Affecting any information residing inside a computer
resource injuriously" is an offence recognized in Section 66.
Hence Spyware is recognized as an offence for criminal liability
and as a contravention for civil liability.
Additionally, because of Section 75, the offence will be
recognized even against a foreign company or individual involved in introducing
the spyware or benefiting from the spyware in the form of product advertising.
In those countries where the definition of crimes are too
specific, there may be difficulty in fitting a new offence under the existing
provisions. But ITA-2000 is flexible enough to permit inclusion of such
offences.
This is one of the resilient features of ITA-2000.
It is strongly advised that Indian Companies should refrain
from using Spyware advertising. Only those programmes which take specific
permission or a call from the owner of the computer before accessing the
computer resource are legal and can be used for any advertising purpose.
Naavi
May 06, 2005
