Embed Size (px)
Citation preview
ISSUE OF JURISDICTION UNDER THE INFORMATION TECHNOLOGY ACT’ 2000
Dissertation submitted in partial fulfilment of the requirements of the Award of degree of Bachelor of Laws
SUBMITTED BY-
A3208305084
UNDER THE SUPERVISION OF
DR. J.S. Nair
AMITY LAW SCHOOL, NOIDA
BLOCK-I-2, SEC-125’, AMITY CAMPUSES
AMITY UNIVERSITY, UTTAR PRADESH
i
AMITY LAW SCHOOL
CERTIFICATE
I have the pleasure to certify that A3208305084, a student of Amity Law School,
Noida has pursued her research work and prepared the present dissertation entitled
“Issue of jurisdiction under the Information Technology Act’2000” under my
supervision and guidance. To the best of my knowledge, the dissertation is the result
of her own research.
This is being submitted to Amity University for the Degree of Bachelors of Law in
Partial fulfillment of the requirements of the said Degree.
Maj.Gen Nilendra Kumar Dr. J.S. Nair
Director Lecturer
Amity Law School, AUUP Amity Law School, AUUP
Block I-2, Sec-125 Block I-2, Sec-125
Amity Campus Amity Campus
Amity University Amity University
Noida Noida
ACKNOWLEDGEMENT
ii
This Dissertation is an outcome of study by the author, any material written by
another person that has been used in this paper has been thoroughly acknowledged.
As my research for this dissertation has concluded, there are a number of people I
would like to thank for this successful attempt.
I sincerely thank the esteemed Director of the Institution, Maj. Gen, Nilendra Kumar
for inculcating the concept of preparing a Dissertation and allowing me to present my
viewpoints in a liberal manner. I would like to thank Dr. Kanwal D.P Singh for her
valuable suggestions in the way the draft proposal of the dissertation needs to be
framed. Also, for help and advice rendered to me during my study period.
I take this opportunity to convey my deep sense of gratitude and sincere thanks to my
teacher and guide Dr. J.S. Nair who with his vast knowledge and professional
expertise has provided able guidance and constant encouragement throughout the
course of my study. I consider myself extremely fortunate to have had a chance to
work under his supervision.
I also, thank Ravinder Verma, Inspector CBI, New Delhi for helping me with my
research. I also, thank Rishi Chawla, Dgm- Corporate Regulatory, Vodafone,
Mumbai. I sincerely thank Nidhish Mehrotra, Advocate for his guidance. I find this
opportunity to thank the library staff of Amity Law school, Noida and Indian Law
Institute , Delhi.
I wish to thank all the faculty members of Amity Law School, AUUP for the
invaluable knowledge they have imparted me in most exciting and pleasant way.
Lastly, it would never have been possible to complete this study without an untiring
support from my family and I am thankful to them for supporting me to do the best.
A3208205084
B.A.,LL.B, (Final Year)
iii
TABLE OF CASES
1-800 Flowers Inc v. Phone names..........................................................................42
A
1. Asahi Metal Indus. Co. v. Superior Ct, 480 U.S. 102, 107 S.Ct. 1026,
94 L.Ed.2d 92 (1987) .............................................................................................36,48
2. ABC Laminart Pvt. Ltd. v. A.P. Agencies, Salem; (1989) 2 SCC 163.........................67
3. Arab Monetary Fund v. Hashim; (1991) 2 AC 114: (1993) 1 Lloyd's Rep 543……..82
4. A.H. Wadia v. C.I.T., Bombay; AIR 1949 FC 18……………………………………84
5. Amitabh Bagchi v. Ena Bagchi, AIR 2005 Cal 11…………………………………...89
B
6. Burnham v. Superior Court, 495 U.S. 604, 110 S.Ct. 2105,
109 L.Ed.2d 631 (1990)……………………………………………………………...36
7. Burger King Corp v Rudzewicz, 471 U.S. 462 1985) ..................................................44
8. Banyan Tree Holding (P) Limited v A. Murali Krishna Reddy and Anr,
MANU/DE/3072/2009 …………………………………………………………...62,63
9. Bhagwan Shankar v Rajaram, AIR 1951 Bom 125…………………………….........67
10. British India Steam Navigation Co. Ltd. v. Shanmughavilas Cashew Industries,
(1990) 3 SCC 481: (1990) 2 UJ (SC) 47……………………………………………..81
11. Bihar v. Chaxusila Dasi, AIR 1959 SC 1002………………………………………..85
12. British Columbia Electric Railway Company Limited v. King, (1946) 2 AC 527…...86
13. Brussels v. Cando Armas, [2004] EWHC 2019…………………………………….102
C
14. Cybersell Inc v Cybersell, Inc, 130 F.3d 414 (9th Cir. 1997 (“Cybersell”)………….51
15. Calder v. Jones, 465 U.S. 783, 104 S.Ct. 1482,79 L.Ed.2d 804 (1984)……………..54
16. Casio India Co. Ltd v Ashita Tele Systems Pvt Ltd, (2003) 27 PTC 265 (Del)…...…60
D
17. Dhannalal v. Kalawatibai, (2002) 6 SCC 16………………………………………71
E
iv
18. Euromarket Designs Inc. v. Peters, [2001] FSR 20………………...………………..40
19. Electronic Corporation of India Limited v. Commissioner of Income Tax, 1989 Supp
(2) SCC 642………………………………………………………………………….85
G
20. Grace v. MacArthur, 170 F. Supp. 442, 447 (E.D. Ark. 1959)………………………36
21. Grupo Torras v. Fahad et al, (1996) 1 Lloyd's Rep 7(CA)…………………………..82
22. Governor-General v. Raleigh Investment Co, (1944) FCR 229………………….….84
H
23. Hess v. Pawloski, 274 U.S. 352, 47 S.Ct. 632, 71 L.Ed. 1091 (1927)……………….45
24. Hanson v Denckla, 357 U.S. 235 (1985)………………………………………….….44
25. Himalayan Drug Company v. Sumit, Suit no. 1719 of 2000(Delhi High Court)…….61
I
26. International Shoe Co. v. Washington, 326 U.S. 310, 316 (1945)……………….25, 36
27. Inset Systems, Inc v Instruction Set, Inc, Inset Sys,
937 F Supp 161 (D Conn 1996)……………………………………………………..49
28. India TV, Independent News Service Pvt Ltd v India Broadcast Live LLC,
(2007) 145 Dlt 521…………………………………………………………………..60
29. ISC Technologies Ltd. v. Guerin, (1992) 2 Lloyd's Rep 430………………………...83
K
30. Keeton v. Hustler Magazine, Inc, 465 U.S. 770, 104 S.Ct. 1473,
79 L.Ed.2d 790 (1984)…………………………..…………………………………..55
31. Konkan Railway Corporation Lid. v. Ram Constructions (P.) Ltd, ,
(2002) 2 SCC 368……………………………………………………………………89
L
32. Lalji Raja and Sons v Firm Hansraj Nathuram, AIR 1971 SC 974…………………64
M
33. Mink v. AAAA Devel. LLC, 1909 F.3d 333 (5th Cir 1999)…………………………..52
N
34. Narhari v Pannalal, AIR 1977 SC 164……………………………………………….64
O
v
35. OP Verma v Gehrilal, AIR 1958 Ker 203……………………………………………64
P
36. Pennoyer v. Neff, 95 U.S. 714, 24 L. Ed. 565 (1877)
………………………………...44
R
37. Republic of Haiti v. Duvalier, (1990) 1 QB 202……………………………………..82
38. Rajasthan High Court Advocates Association v Union of India,
(2001) 2 SCC 294……………………………………………………………………59
39. R. Vishwanathan v. Abdul Wajid, AIR 1963 SC 1 : 1963 (1) Cr. LJ 7 :
1964 (2) SCR 336……………………………………………………………………80
40. R.A. Dickie and Co. (Agencies) Ltd. v. Municipal Board, AIR 1956 Cal 216……….87
41. Ramanathan Chettiar v. K.M.O.L.M. ram Chettiar, AIR 1964 Mad 527: ILR (19164)
1 Mad 611…………………………………………………………………................87
S
42. Shaffer v Heitner, 433 U.S. 186 (1977)………………………………………………45
43. S.A. v. Hall, 466 US 408……………………………………………………………..50
44. SARL v. Viewfinder Inc, 406 F Supp 2d 274 (SDNY 2005)…………………………53
45. State of Madhya Pradesh v. Suresh Kaushal, (2001) 4 SCAPE 233………………...71
46. SMC. Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra, Suit No. 1279/2001……........72
47. Sirdar Gurdyal Singh v. Rajah of Faridkote, 1894 AC 670…………………………81
48. Sumitomo Bank Ltd. v. Kaitika Ratna Tahir, (1993) 1 SLR 735…………………….82
49. State of Punjab vs. Amritsar Beverages Ltd, {2006} 7 BCC 607…………………..112
T
50. Tata Sons v Ghassan Yacoub and Others, Suit No. 1672/99(Delhi High Court)……61
51. Tata Iron & Steel Co. Ltd. v. Bihar, AIR 1958 SC 452:1958 (9) STC 267:
1958 SCR 1355:1958 S 818…………………………………………………………85
U
52. United States v. Romano…………………………………………………………………...37
53. United States v Gorshkov, 2001 WL 1024026 (WD Wash 2001),,,,,,,,,,,,,,,,,,,.92,94,100
W
vi
54. World-Wide Volkswagen Corp. v. Woodson, 444 U.S. 286, 100 S.Ct. 559…………48
62 L.Ed.2d 490 (1980)
55. Walbace Brothers v. C.I.T., Bombay, (1948) FCR 1…………………………………84
Y
56. Yahoo! Inc., v La Ligue Contre Le Racisme EL'Antisemitisme
169 F.Supp 2d 1181, 2001.........................................................................................38
57. Yarimaka v Governor of HM Prison Brixton,[2002] EWHC 589 (Admin)………...100
Z
58. Zippo Manufacturing Company v. Zippo Dot Com, Inc.,
952 F. Supp. 1119, 1124 (W.D. Pa. 1997)…………………………………25,50-52
59. Zeiev v Government of the United States of America, 20021 EWHC 589 (Admin)
………………………………………………………………………..100
vii
LIST OF FIGURES & IMAGES
Figure 1.1 Asia top ten internet countries 2009 Q2 ......................................................8
Image 1.2 Internet- Explained …………………….....................................................12
Figure 1.3 Divisions of cyber crimes ………………………………………………..14
Image 1.4 The Emerging Cyber Threats Report for 2009……………………………20
Figure 4.1 Incidence response………………………………………………………110
Image 4.2 Digital investigation process…………………………………………….112
Figure 4.3 The criminal prosecution process……………………………………….118
8
TABLE OF CONTENTS
S.NO.
PARTICULARS PAGE.NO.
1. Certificate I
2. Acknowledgement II
3. Table of cases III-VI
4. List of figures & Images VII
Introduction 1-12
6. Chapter 1-
WORKING OF THE CYBER WORLD-THE
TECHNICAL SIDE AND CHANGING
CONTOURS OF JURISDICTION
1.1 1.1 Cyber world
1.2 1.2 Functioning of the cyber world
1.3 1.3 Changing contours of jurisdiction
1.4 1.4 E-Commerce
1.5 1.5 Challenges to the conventional judicial
administration system
13-32
7. Chapter 2-
REGULATING THE CYBER SPACE
2.1 International Law
2.2Applicable Laws In India
33-78
8. Chapter 3- 79-104
9
IN CASES OF CONFLICT OF LAW SITUATION
- HOW THE CHOICE OF LAW IS MADE IN
LIEU OF JURISDICTION?
9. Chapter 4-
EFFECTIVE JUDICIAL PROCEDURAL
MECHANISM FOR EFFECTIVE TRIAL
4.1 Investigation
4.2 Prosecution
4.3 Who are the relevant law enforcers of cyber
crimes? / Ways to shield a computer related crime
105-119
10. Conclusion and suggestion
1. Conclusion
2. Survey: the process
3. Recommendations for Jurisdictional Rules in
India
120-125
11. Bibliography 126-131
12 Appendix I 132-134
10
This is just the beginning; the beginning of understanding that cyberspace has no
limits, no boundaries. ……….Nicholas Negroponte
INTRODUCTION
Scope
Jurisdiction is an important aspect in determining the authority of the court. It
is the presence of the jurisdiction that ensures the power of enforcement to a court-
and without such power, the verdict of a court, is, to say least, of little or no use.
Moreover, only generally accepted principles of jurisdiction would ensure the courts
abroad also ensure the orders of other judicial bodies1. Thus for the efficient
administration of justice jurisdiction is sine qua non.
Now the question is how issue of jurisdiction in cyber space is different from
traditional requirements of jurisdiction. Under the traditional requirements two areas
are involved-firstly, the place where the defendant resides and secondly, where the
cause of action arises2. Conversely, the internet does not tend to make geographical
and jurisdictional Boundaries clear, but the internet user remain in physical
jurisdictions and subject to laws independent of their presence on the internet. As
such, a single transaction may involve the law of at least of three jurisdictions: 1) the
laws of the state/Nation in which the user resides, 2) the laws of the state/nation that
apply where the server hosting the transaction is located and 3) the laws of the
state/nation which apply to person or business with whom the transaction takes
place3.In other words the developing law of jurisdiction must address whether a
particular event in cyber space is controlled by the laws of the state or country where
the website is located, by the laws of the state or country where the internet service
provider is located, by the laws of the state or country where the user is located, or
perhaps by all these laws.
The following are the key issues which need considerable attention to bring a
useful study.
1. Where an internet activity has a cross border element, on what principles can we
decide which country’s law applies and which court has jurisdiction?
1 Nandan Kamath., “Law relating to computers internet & e-commerce”, Universal Publishing Co.Pvt.Ltd, 2009, p.202 Ibid 3 Anupa P Kumar, “Cyber Laws”, Mr.Anupa Kumar Patri, 2009, p.15
11
2. On what basis can a national government claim to apply its laws and regulations to
internet activities which originate in a different jurisdiction.4?
Moreover, the internet alters the power balance between the distributor and
consumer, because it gives consumers instant access to enormous amounts of
information and highly sophisticated analytical tools. This affects the basis on which
the courts have analyzed the ability of parties – and particularly consumers – to make
enforceable choices of law5.
. From the user’s perspective state and national borders are essentially
transparent but for courts determining jurisdiction, it is somewhat challenging. The
issue is that when the disputes among the parties under the online transactions arise in
the same jurisdiction, the notions of traditional methods of jurisdiction are easily
applicable but where the parties are falling under jurisdiction of different countries the
problem arises as to the determination of applicable laws to the disputes.
Research Methodology
The sources for the completion of this paper are both Doctrinal and Empirical.
Empirical/ Primary to the extent that questionnaire was filled and additional
information was sought from professionals in field. Doctrinal/Secondary to the extent
that various statutes, books have been referred in great depth. Secondary sources such
as the World Wide Web and articles published therein have also been made use of.
Judicial decisions have been one of the major sources of information along with
commentaries and articles of eminent jurists, and various journal, treaties,
conventions etc. To comprehend the issues of jurisdiction it is important to study it in
the following ways:
60. Issues of jurisdiction in civil cases: The minimum contract test
61. Issues of jurisdiction in criminal matters
62. Issues of jurisdiction in the international sphere
Purpose, Objective and Organization of the Paper
4 Chris Reed, “Internet Law test & Materials”, Universal Publishing Co.Pvt.Ltd, 2005, p.2175 Dennis T Rice, “Jurisdiction and E- commerce Disputes in United States and Europe”, Presentation by Committee on cyberspace Law and Business Law Section at the Annual Meeting of the California State Bar, Monterey 12, October, 2002.
12
In view of the above, I have advanced my study around the four corners of
these issues to bring the productive outcome. Based on these issues my hypothesis for
the dissertation is “The provision in the Indian Information Technology Act for
effectuating the jurisdictional powers in the court appear to be vague and
ascertainment of the jurisdiction requires further clarification”.
The purpose of this paper is to demonstrate that the ever-changing information
technology is making it intricate to analyze the future perspectives of Internet
Jurisdiction. However, it is not impossible to explore the Vicissitudes of jurisdiction.
It is envisaged that the traditional notions of jurisdiction may make a relatively
smooth transition into cyberspace. As jurisdictional models are inadequate for the
significant changes it calls for re-examination of the traditional tests. Therefore, it
suggests that the ado about the hue and cry of jurisdiction over cyberspace can be
confronted by bringing coherence between independent judicial bodies to establish
standard forms of jurisdiction. Law-making and law enforcement in cyberspace face
new challenges. The jurisdictional aspects of cyberspace require conceptualization
and definition because it is a concept that has changed the facets of the judicial system
throughout the world. The interpretation of relationship between the physical location
and legally defined online information calls for an in-depth conceptual understanding
of jurisdiction in cyberspace.
With this research paper, I aim to establish coherent reasoning as to the
complexities for law enforcement due to the difficulty of detection. Specifically,
information was gathered concerning the nature and extent of computer crime cases
investigated by them, as well as unique problems faced by investigators. The specific
objectives of the paper are as follows.
1. I have critically examined the role, importance and contributions of
international conventions as to the development of the jurisdictional
aspects in cyber space.
2. I have determined to what extent this role is considered in India.
3. I have evaluated how far this aspect is dealt with under the Information
Technology Act’2000
4. I have discovered the other applicable laws.
13
5. Based on the above find information from the prosecutors, advocates
and other legal luminaries to substantiate the challenges faced by them
in dealing with the issue of jurisdiction.
6. To draw effective conclusions and remedies to resolve the issue.
This paper is divided into four main chapters:
First chapter - Working of the Cyber world-The Technical side and changing
contours of jurisdiction.
The purpose of this section is to give clear perceptive about the fundamentals
of the cyber world like what is an internet, how does it function, how online
transactions take place and various other concepts? The second aspect of chapter one
will examine the changing contours of jurisdiction, which will cover broadly the new
breed of cyber crime, e-commerce, challenges to the conventional judicial
administration system, what is the legal response to the technological regime and
involvement of foreign elements?
Second chapter- Regulating the Cyber Space
2.1 International Law
2.1 Applicable Laws on the Criminal and the civil side
In the first place, as the result of the strongly unitary model of government
prevalent in India, interstate disputes never assume the level of private international
law. Hence, there has been previous little by way of growth of private International
roles in India. In addition, there have been few cases in the Indian courts where the
need for assuming jurisdiction over a foreign subject has arisen. However, such a
jurisprudential development would become essential in the future, as the Internet and
e commerce will shrink borders and merge geographical and territorial Restrictions on
jurisdiction. This section will majorly focus on the methods and notions of regulating
the cyber space. The chapter two will examine the international laws/conventions
such as UK’s Computer Misuse Act 1990, UNCITRAL Model Law, Computer
14
Misuse Act 1986, Hague Convention on “Jurisdiction and Recognition and
Enforcement of Foreign Judgments in Civil and Commercial Matters”, etc. Also, the
applicable laws within the nation. In theory, there is no limit on the circumstances in
which a national government might claim to apply its laws and regulation to internet
activities which originate in a different jurisdiction, although practical enforcement of
those laws against a foreign enterprise is a different matter6. In practice, however,
Governments attempt to limit the extra-territorial effect of their laws by applying the
principle of a comity7. In real sense comity requires that a state should not claim to
apply its legislation to persons within another state unless it is reasonable to do so,
which normally means that legislation should be undertaken by the state which has
the greater interest in doing8.
Third chapter- In cases of Conflict of Law situation - How the choice of law is made
in lieu of Jurisdiction?
Though over period of time court precedents and various theories have been
formulated to ascertain a choice of laws in cases of conflict of law situation but
application of substantive law to cyber acts leads to question of conflicts of law. It is
implied that sovereigns in different geological boundaries will have diverse policy
preferences involving its citizens and territory. However, under the realm of cyber
activities the application of laws is generally contradictory to laws of other countries
and, which involves persons and computer networks. The transnational aspect of
internet is not a new aspect since the courts in the past has given developed view of
conflict of laws but internet is a new observable fact. It has been rightly said that in
the geographical fluid environment of cyberspace. However, the place of the wrong
often is not obvious.9 Consequently, this chapter will focus on private international
law or conflict of law in cyberspace.
6 Supra 4.7 The US Supreme court has defined comity as ‘the recognition which one nation allows within its territory to the legislative,executive,or judicial acts of another nation, having due regard both to international duty and convenience, and to the rights of its own citizens or of other persons who are under the protections of its law’: Hilton v Guyot 115 US 113 at 163-164(1995)8 See e.g. Restateme nt (third) of Foreign Relations Law of the United States , 403(1) (1987)9 Michael Silverman, “jurisdiction”, Berkman Centre for Internet & Society, available at ; <http: //cyber.law.harvard.edu/property00/nonframe_current.html.>
15
The following issues arise in the context of private international law:
1. Jurisdiction to adjudicate a dispute at a particular location (i.e. the forum and the
situs);
2. Applicable law to the dispute; and
3. Enforcement of judgments in courts in foreign jurisdictions.
Due to international nature of internet the questions of jurisdiction arise and the study
of private international law is important and indispensable part of the cyber space.
Fourth chapter - Effective Judicial Procedural mechanism for effective trial
Chapter 1 which is broadly based on the working of the cyber world and the
changing contours of cyber jurisdiction is the study of the challenges in the
cyberspace. This chapter discusses the challenges of law enforcement and the internet,
prevention and detection of the cyber crimes. This chapter will give instances where
an effective judicial mechanism has been observed by the courts and various other
ways in which the effective trial can take place. It exhibits the approach by which the
courts have responded to the challenge to resolve disputes in the absence of any
explicit and universally established international rules on the internet jurisdiction by
probing into various case laws from India and from various other nations.
16
CHAPTER-1
WORKING OF THE CYBER WORLD-THE TECHNICAL SIDE AND
CHANGING CONTOURS OF JURISDICTION
1.1 CYBER WORLD
History and the evolution of the cyber world
The early origins of the internet can be traced from the 1960’s. In 1969, the
U.S Department of defense developed an experimental network called Arpanet to link
four supercomputing centers for military research. This network had the many and
difficult design requirements that it had to be fast, reliable, and capable of
withstanding a nuclear bomb destroying any one computer center on the network.
From those original four computers, this network evolved into the sprawling network
of millions of computers we know today as the internet10. ‘‘Cyberspace’’ first appears
in print, but author William Gibson popularized the word and concept of cyberspace
with his 1984 book Neuromancer11. The evolution of the internet/cyber world can be
traced back from 1992 when the World Wide Web came into existence. Subsequently,
in 1993 Marc Andreessen and his team invented Mosaic (archive), the first popular
Web browser, which greatly helped spread use and knowledge of the web across the
world12. The word cyber world is interchangeably used for the term internet such as
web, etc. Therefore, it is essential to understand the word “internet”. Internet is a vast
computer network linking smaller computer networks worldwide. Over the period of
time internet which had started for research resulted in commerce. The growth in
internet users is enormous.
10 “History and the evolution of the internet”. at; <http://www.bizymoms.com/computers-and-
technology/evolution-of-the-internet.html>
11See Encyclopedia of cyber crimes at;< http://www.scribd.com/doc/20262442/Encyclopedia-of-Cyber-Crime>12 Andreessen, Marc; NCSA Mosaic Technical Summary; National Center for Supercomputing Applications; February 20, 1993, at; <http://www.livinginternet.com/w/wi_mosaic.htm>
17
Statistics
The internet users in the world by geographic regions are the highest in Asia and the
lowest in Oceania/Australia. The number of internet users in Asia is 738.3 million and
in Oceania/ Australia is 21 million. The following are the top ten internet users in
Asia and under which India has ranked number third.
Figure 1.1
The Concepts: Meaning and Implications
World Wide Web
The terms Internet and World Wide Web are often used in every-day speech
without much distinction. However, the Internet and the World Wide Web are not one
and the same. The Internet is a global system of interconnected computer networks. In
contrast, the Web is one of the services that run on the Internet. It is a collection of
interconnected documents and other resources, linked by hyperlinks and URLs. In
short, the Web is an application running on the Internet13. In the simpler expression-
The World Wide Web is a set of electronic documents that are connected together.
13" The W3C Technology Stack " . World Wide Web Consortium ,Retrieved April 21, 2009. <http://www.w3.org/Consortium/technology>
18
The servers14 which help in storing these documents on computers are located
worldwide. Today the web is not narrow in terms of its purpose to prepare only
electronic documents it has moved to the age of electronic commerce where business
transactions are online. Now the important question is how the web works – following
are the step by step method. Web pages are stored on web servers located around the
globe. Entering the (Uniform Resource Locator) URL15 of a web page in your web
browser or clicking a link sends a request to the server which hosts the page. The
server sends the web page16 to your computer and your web browser displays it on
your screen.
Web sites
A website is one or more web pages that relate to a common theme, such as a
person, business, organization, or a subject, such as sports. The first page is called the
home page, which acts like an index, indicating the content on the site. From the
home page, you can click hyperlinks to access other web pages.
Web Browsers
A web browser is a software program used to access the World Wide Web. A
browser (also known as client software) retrieves data from remote web servers and
displays a web page. Two most popular browsers come from Netscape and Microsoft.
Browsers basically work the same way. Once you know one, you can easily learn the
other.
14 A computer or device on a network that manages network resources. For example, a file server is a computer and storage device dedicated to storing files. Any user on the network can store files on the server. Aprint server is a computer that manages one or more printers, and a network server is a computer that manages network traffic. A database server is a computer system that processes database queries. Servers are often dedicated, meaning that they perform no other tasks besides their server tasks. On multiprocessing operating systems, however, a single computer can execute several programs at once. A server in this case could refer to the program that is managing resources rather than the entire computer. See at; <http://www.webopedia.com/TERM/S/server.html>
15 URL (Uniform Resource Locator) indicates where the web page is stored on the Internet. The location box or address field on your browser indicates the URL of the page you arrived at after clicking a link.16 An electronic document written in a computer language called HTML (Hypertext Markup Language). Web pages can contain text, graphics, video, animation, and sound, as well as interactive features, such as data entry forms. Each page has a unique address known as a URL (Uniform Resource Locator), which identifies its location on the server.
19
Transmission Control Protocol/Internet Protocol (TCP/IP)
Primary protocols necessary for transmission on the internet throughout the
world. TCP/IP protocols were originally developed by the U.S Department of
Defense’s Advance Research Projects Agency to link multi-vendor computers across
networks. Today TCP/IP protocols are also implemented over networks including
Ethernet, local area network, minicomputers and mainframes17. Ip is a type of numeric
address the internet needs to send the streams of packets that carry email and other
data between computers18.
Internet Service Providers
An ISP is a company that provides individuals and other company’s access to
the internet and other related services such as Web site building and virtual
hosting.19In other words it’s a cable company or a telephone company, which supplies
connections to internet for monthly fee. Some of the national ISPs examples are
EarthLink and AT&T. A wireless Internet Service Provider (WISP) provides wireless
Internet access to computers and mobile devices such as smart phones and PDAs20
1.2. FUNCTIONING OF THE CYBER WORLD
In literal terms internet is like a net in which hundreds of thousands of separate
operators of computers and computer networks use common data transfer protocol to
exchange information with other computers. It is this series of linked networks each
linking computers and computer networks commonly known today as “Internet”. It
has quality of rapidly transmitting communication with an automatic facility to
change the route where transmission is not possible due to damage or non- availability
of links. Internet uses a language (common communication protocol) called Internet
Protocol (IP)21 . The information available at any link means information available to
17 Parag Diwan et al., “It Encyclopaedia.Com”, Pentagon Press New Delhi, 2000, Vol. IV, p.37418 Ibid 19 Dr. R.K.Chaubey , “An introduction to cyber crime and cyber law”, Kamal Law house,Kolkata, 2009, p.141820 Gary B. Shelly et al, “Microsoft Office 2007: Introductory Concepts and Techniques, Premium Video Edition”, 2009 , p.2121 Internet Protocol is used for communicating data across a packet- switched internetwork. IP is a network layer protocol in internet protocol suite IP provides the service of communicable unique global addressing amongst computers
20
all connected with that link as there is no control unit or central storage location and it
is not in the hands of any individual to control all the information available at
internet22.
The internet mechanism includes a technical design and a management
structure. The management structure consists of a generally democratic collection of
loosely-coupled organizations and working groups with mostly non-overlapping
responsibilities. The technical design founded on a complex ,interlocking set of
hierarchical tree-like structures like internet protocol address and domain names23,
mixed with networked structures like packet switching and routing protocols, all tied
together with millions of lines of sophisticated software that continues to get better all
the time. So far this combination of management and technical structures has worked
well, providing reliable, powerful communication platform on which the rest of the
complexity of the internet is built.
Accessing the internet
1. The ways of connecting with the internet
2. Connected from home, school or business
3. It requires an Internet Service provider (ISP) –They provide ways of accessing
the internet and they support through modem dial-up to DSL and cable modem
broadband service to dedicated T1/T3 lines. They also provide various
services like email, web hosting and access to software tools.
4. \Communications software
5. Web browser.
22 Siyan,Karanjit, “Inside TCP/IP”, New Riders Publishing, 199723 The domain name system lets internet users refer to host computers by names; it is usually dotted-decimal notation to specify an internet or IP address.
21
Image 1.2
The Rationale behind internet is networking. All the computers connected to
the internet are through the Internet service providers which are in turn connected to
the bigger router i.e. the backbone of the internet. The backbone is a large server
where the data is exchanged or transferred through. It is a computer network of
government organizations, academics, commercial organizations etc. They are allied
to each other through fiber optical cables. The ISPs are connected to these backbones
through fiber optic cables in order to minimize the transmission loss. The users are
connected to ISPs through these cables or wireless routers. There is an authority
called The Internet Corporation for Assigned Names and Numbers (ICANN) which
coordinates the assignment of unique identifiers on the Internet, like the IP Addresses
and the Domain Name so that you can analyze what is being done from where to
conserve the security throughout24.
Some of the functions of internet
1. Blog or Web log
2. Chat rooms
3. Instant messaging
4. Mailing lists
24 Atif, “The Internet – Misconceptions Explained” Posted on August 13, 2008 at;<http://www.mygeekpal.com/23/the-internet-misconceptions-explained/>
22
5. Newsgroups and bulletin boards
6. Online conferencing
7. File Transfer Protocol/file sharing and file transfer
8. Search engine
9. Blogging
10. Social networking/online friendship websites
11. Banking and Investing
12. Accessing a wealth of information, news, and research findings
Today the IT era has transformed the lives of the people to a large extent. This
is evident from the way it has been utilized to accelerate the social and economic
growth of the nation. Due to these changing contours of jurisdiction in the cyberspace
there has been new breed of cyber crime, formation of e-contracts, e-commerce, etc.
The following factors have produced diverse form of cyber crimes:
1. Capacity to store data in relatively small space
2. Effortless access to internet
3. Multifarious
4. Negligence
5. Loss of evidence
23
1.4 CHANGING CONTOURS OF JURISDICTION
Cyber Crimes
Cyber crimes are basically divided into following categories and they are:
Figure 1.3
The Internet which started with the sole aim to do research has today evolved as a
powerful instrument that governs lives of million people. With the dawn of cyber age
the threats amplified and resulted in number of heterogeneous cyber crimes. Though
in books, news and on web Cyber crimes are broadly classified into the following
categories:-
1. Unauthorized access,
2. Hacking,
3. Cracking,
4. Cyber Fraud,
5. Cyber theft,
6. Flowing of viruses, Trojan horses, logic bombs etc.,
7. Cyber pornography, defamation,
8. Cyber stalking,
9. However, apart from the aforementioned cyber crimes there are other new
breeds of cyber crimes and they are:-
10. Spamming
11. Cyber terrorism
12. Phishing
13. Malware
14. MMS scams
15. Botnets
16. Data Theft
24
Computer related offences such as Fraud, Forgery and
misappropriation of information
Content related offence such as child pornography,
infringement of intellectual property
rights etc.
Offences related to the integrity
Such as illegal access, illegal interception, etc.
Researchers at the University of Brighton at London proclaimed India as fast
emerging as a major hub of cybercrime as recession is driving computer-literate
criminals to electronic scams. Although cybercriminal activity remained low in India
compared with other emerging economies, the report says that “there has been a leap
in cybercrime in recent years”. Reported cases of spam, hacking and fraud have
multiplied 50-fold from 2004 to 200725. Also, India ranks fifth among countries
reporting the maximum number of cyber crimes, the latest report released by Internet
Crime Complaint Centre of the United States26.
Some of the emerging threats in the cyber world are:-
Cyber terrorism- The most widely cited paper on the issue of Cyber terrorism is
Denning’s Testimony before the Special Oversight Panel on Terrorism (Denning,
2000). Here, she makes the following statement:
Cyber terrorism is the convergence of terrorism and cyberspace. It is generally
understood to mean unlawful attacks and threats of attack against computers,
networks, and the information stored therein when done to intimidate or coerce a
government or its people in furtherance of political or social objectives. Further, to
qualify as cyber terrorism, an attack should result in violence against persons or
property, or at least cause enough harm to generate fear. Attacks that lead to death or
bodily injury, explosions, plane crashes, water contamination, or severe economic
loss would be examples. Serious attacks against critical infrastructures could be acts
of cyber terrorism, depending on their impact. Attacks that disrupt nonessential
services or that are mainly a costly nuisance would not.27
Some of the cases of cyber terrorism are-
1. 9/11 attacks: September 11 aircraft hijacking terrorist attacks against World
Trade Center and Pentagon kill 3,000 people and result in United States ‘‘war
25 See at; <http://www.livemint.com/2009/08/20000730/India-emerging-as-centre-for-c.html>
26 “India Fifth in Reporting Cyber Crime Cases: US Report”, New Delhi , Mar 31, 2009; at; <http://news.outlookindia.com/item.aspx?657123>
27 For details see at; < http://www.symantec.com/avcenter/reference/cyberterrorism.pdf>
25
on terrorism’’ and unprecedented monitoring of cyberspace for possible illegal
activities, released the Code Red virus into the wild. This virus infected
millions of computers around the world and then used these computers to
launch denial of service attacks on US web sites, prominently the web site of
the White House. In 2001, hackers broke into the U.S. Justice Department's
web site and replaced the department's seal with a swastika, dubbed the
agency the "United States Department of Injustice" and filled the page with
obscene pictures28.
2. In the first six months of 2002 the hacker group GFORCE-Pakistan has
conducted more than 150 reported cyber attacks against Indian targets to
further its ideas on the Kashmir issue. In 2002, numerous prominent Indian
web sites were defaced. Messages relating to the Kashmir issue were pasted
on the home pages of these web sites. The Pakistani Hackerz Club, led by
“Doctor Neukar” is believed to be behind this attack.
3. Cyber terrorism case in India Mumbai: The police have registered a case of
‘cyber terrorism’—the first in the state since an amendment to the Information
Technology Act—where a threat emails was sent to the BSE and NSE on
Monday. The maximum punishment for cyber terrorism is life imprisonment.
The IT Act was amended on February 5 this year when the law on cyber
terrorism was introduced. Prior to that, offenders were booked only for
hacking. The MRA Marg police and the Cyber Crime Investigation Cell are
jointly probing the case. The suspect has been detained in this case. The police
said an email challenging the security agencies to prevent a terror attack was
sent by one Shahab Md with an ID [email protected] to BSE’s
administrative email ID [email protected] at around 10.44 am on
Monday. The IP address of the sender has been traced to Patna in Bihar. The
ISP is Sify. The email ID was created just four minutes before the email was
sent. “The sender had, while creating the new ID, given two mobile numbers
in the personal details column. Both the numbers belong to a photo frame-
maker in Patna,’’ said an officer. The email was written in English. The MRA
28Rohas Nagpal, “ Cyber Terrorism In The Context Of Globalization” –Paper presented by, President,Asian School of Cyber Laws, at; <http://www.ieid.org/congreso/ponencias/Nagpal,%20Rohas.pdf>
26
Marg police have registered forgery for purpose of cheating, criminal
intimidation cases under the IPC and a cyber-terrorism case under the IT Act29.
4. Al-Qaeda laptop found in Afghanistan contained: Hits on web sites that
contained “Sabotage Handbook” Handbook – Internet tools, planning hit, anti-
surveillance methods, and “cracking” tools. Al-Qaeda actively researched
publicly available information concerning critical infrastructures posted on
web sites30. Bombing, hijacking airplanes, haphazardly shooting innocent
people, 9/11, and many others are phrases and expressions associated with
terrorism. Nowadays, terrorism has been attached to the cyberspace. Never
before has anybody thought that terrorism would have a digital form. Indeed,
the Internet is a double-edged sword, one edge is assisting humanity develop
and advance rapidly, and the other is adversely affecting it. Regardless of the
hype cyber-terrorism is a real threat in this global and open-minded era. It will
lead to global conflicts if not confronted head-on by government’s worldwide
working in unison31.
The wordings of Section 66 F suggests that the use of the internet in an
ancillary role in furtherance of terrorism. For example; A terrorist use of information
technology to formulate plans, spread propaganda, support terrorist recruiting, raise
funds, and communicate is not regarded as cyber terrorism. It is only when the
destructive nature of the act itself is carried out via computers or other
cyber/electronic means through techniques such as infected e-mail attachments.
Delivery of the terrorist message via the Internet does not constitute cyber terrorism.
Thus, the IT Act needs to be made more stringent to incorporate even ancillary cyber
activities to further terrorism as an act of cyber terrorism and thus, the wordings of
Section 66F be suitably drafted32.
2929 Threat email: Police slap cyber-terrorism charges, Wednesday, May 6, 2009, at; <http://mateenhafeez.blogspot.com/2009/05/threat-email-police-slap-cyber.html>30SSA Robert Flaim , “Cyber attacks the next frontier” presentation by Federal bureau of investigation, cyber division, FBIHQ, at; <http://www.authorstream.com/Presentation/Riccard-57527-cyber-attacks-Discussion-Critical-Infrastructures-Using-Systems-Against-Us-a-Education-ppt-powerpoint/>31Shuaib Zahda., “Cyber-Terrorism: Hype or Hazard?”, January 2010, at; <http://www.scribd.com/doc/26121255/Cyber-Terrorism-Hype-or-Hazard>32 Neeraj Aarora, “Cyber terrorism – a broader concept”,2009, at; <http://www.neerajaarora.com/“cyber-terrorism”-a-broader-concept/>
27
1. Phishing
Phishing is a type of social engineering that cybercriminals use when
attempting to deceive potential victims into revealing private information about
themselves or their computer accounts, such as usernames, passwords, and financial
or bank account numbers. Information acquired through phishing is commonly used
to carry out various types of cybercrimes. Gathering confidential data to carry out
identity theft is among the most common goals of cybercriminals who employ
phishing as an attack vector. Sometimes individuals or groups of people are
specifically targeted for phishing attacks, perhaps on the basis of their online
purchasing profiles or on the basis of their having been duped in a previous phishing
attack33.
Phishing and its variants like Smishing (SMS phishing), Vishing (VOIP
phishing), Pharming (traffic redirection) and Chat-in-the-Middle are all ways to
acquire confidential data such as usernames, passwords and credit card details, by
masquerading as a trustworthy entity. This data is then sold in the underground online
forums (such as DarkMarket which has now been shutdown) where criminals bought
and sold personal data from as little as Rs 30 to as much as Rs 50,000 per credential.
Attackers who buy this data then use these credentials to logon to the online
application (like internet banking) and transfer funds to other "money mules". Money
mules are accomplices of the attackers who receive money transfers and resend them
to the criminal in return for a commission.34
Criminal and legal side of Phishing
It covers -offence of cheating punishable u/s 420 IPC because hacker use false
and fraudulent websites, URL Links to deceive people into disclosing valuable
personal data, phishing schemes which is used later to swindle money from victim
account. Even section 120-B IPC is applicable because there is also criminal
conspiracy between various persons perpetrating the crime, like the persons who open
the beneficiary account or who receive the funds in their account in conspiracy with
the fraudster. Further, the forgery of website which is in the nature of electronic 33 Supra.1134 Cyber Crime: Gaining New Threat Vectors, Info Security Nov 2009 at; <http://fanaticmedia.com/infosecurity/archive/Nov09/Cyber%20Crime%20-%20Gaining%20New%20Threat%20Vectors.htm>
28
record to cheat the gullible bank customers is punishable u/s 468IPC. Further
fraudulently or dishonestly use as genuine, the fake website in the nature of electronic
record is punishable u/s 471 IPC. Apart from attracting the provisions of Indian Penal
Code, when the hacker use false and fraudulent websites to lure the victim to disclose
his personal information and take control of the internet account with the intention to
cheat him by deleting or altering any information/data residing in bank server
electronically (for example; changing the mobile phone number of victim with his
own) the offender commits the offence of hacking which is punishable u/s 66 IT Act,
2000. The Section 66 of the IT Act defines hacking activity; it takes hacking activity
exclusively associated with the computer resource.35 The essentials of hacking are:-
(a) Whoever
(b) With Intention or knowledge
(c) Causing wrongful loss or damage to the public or any person
(d) Destroying or altering any information residing in a computer resource
Or diminishes its value or utility or affects it injuriously by any means.
. Thus, this act is squarely covered and punishable u/s 66 IT Act.
According to The Emerging Cyber Threats Report for 2009, by the Georgia
Tech Information Security Center (GTISC) following are the cyber threats
35 Neeraj Aarora, “Phishing – The Internet Age”,2009”, at; <www.neerajaarora.com/phishing-the-internet-age-crime/>
29
Image 1.4
2. Malware
Malware is a general term covering any type of malicious unwanted software
including worms, Trojans, spyware, adware, etc and denotes the sophistication of
cyber crime attacks. Some malware are inadvertently downloaded by users visiting
illegitimate sites but recent research shows that upwards of 70% of Web sites serving
malware are actually legitimate sites that have been compromised! An antivirus
vendor recently detected over 250 malware masquerading as security software
programs that was downloaded 43 million times between July 2008 and June
2009.Some types of malware (for example "Zeus") allow the attackers to change the
display of a bank's login page as a victim is entering their credentials.
As reported by Georgia Tech Information Security Centre (GTISC), some of the key
trends in Malware practice:
Social networking sites like MySpace, Facebook and others will likely be used as
delivery mechanisms to get unsuspecting users to a malicious Web site link in order to
deliver malware.
Criminal senders to use better social engineering techniques to cloak malcode in what
appears to be legitimate email with acceptable Web links.
3. Botnets
30
Malware
Botnets
Threats to VoIP and mobile devices
The evolving cyber crime economy
Collection of compromised computers and having centralized control. ‘‘Bot
networks,’’ or botnets, are collections of computers that have traditionally been under
the control of a single entity, usually without the knowledge or consent of the owners
or users of those computers. Individually affected computers are running software
known as a ‘‘bot’’ (from ‘‘robot’’), and these infected computers are often referred to
as ‘‘bots’’ or ‘‘zombies.’’ Botnets are used by the controlling entity, sometimes
known as a ‘‘botherd’’ or ‘‘botherder,’’ to perform one or more functions on
computers owned or used by other people. Expert botherds are able to distribute
functions across individual computers running a bot (such as cracking passwords) or
have them work in concert (e.g., engaging in a denial of service attack).
As reported by Georgia Tech Information Security Centre (GTISC), some of the key
trends in Botnets practice:
1. Prompted to act in unison, bots become bot armies that harness considerable
computing power to engage in a variety of malicious activities, including:
2. Data theft (social security numbers, credit card Information, trade secrets, etc.)
3. Denial of service attacks
4. Spam delivery
5. DNS server spoofing
4. Cyber Warfare
Cyber war simply entails waging war through digital, technological means. As
with war itself, this includes disabling infrastructure, collecting intelligence, as well as
distributing propaganda. Cyber warfare raises issues of growing national interest and
concern. Cyber warfare can be used to describe various aspects of defending and
attacking information and computer networks in cyberspace, as well as denying an
adversary’s ability to do the same. Some major problems encountered with cyber
attacks, in particular, are the difficulty in determining the origin and nature of the
attack and in assessing the damage incurred. A number of nations are incorporating
cyber warfare as a new part of their military doctrine. Some that have discussed the
subject more openly include the United Kingdom, France, Germany, Russia, and
China. Many of these are developing views toward the use of cyber warfare that differ
from those of the United States, and in some cases might represent national security
31
threats36. “In this cyberspace world, the distinction between “crime” and “warfare” in
cyberspace also blurs the distinction between police responsibilities, to protect
societal interests from criminal acts in cyberspace, and military responsibilities, to
protect societal interests from acts of war in cyberspace”37.
Jon Ramsey, chief technology officer for Secure Works attributes increasing cyber
warfare activity to the following:
• The low cost to launch cyber attacks compared with physical attacks
• The lack of cyber defenses
• The “plausible deniability” the Internet affords
• The lack of “cyber rules of engagement” in conflicts between nation states
As reported by Georgia Tech Information Security Centre (GTISC), some of the key
trends in Cyber warfare practice:
Our critical infrastructure systems are fundamentally dependent on the Internet and
IP-based technology, and there are interdependencies between them that our enemies
will seek to exploit. “Cyber warfare completely evens the playing field as developing
nations and large nations with a formidable military presence can both launch equally
damaging attacks over the Web.”
5. Threats to VoIP and Mobile Convergence
VoIP stands for Voice over Internet Protocol. It is also referred to as IP
Telephony or Internet Telephony. It is another way of making phone calls, with the
difference of making the calls cheaper or completely free. The ‘phone’ part is not
always present anymore, as you can communicate without a telephone set.38 As
reported by Georgia Tech Information Security Centre (GTISC), some of the key
trends of Threats to VoIP and Mobile Convergence:
36 Steven A. Hildreth., “CRS Report for Congress” at; <http://www.law.umaryland.edu/marshall/crsreports/crsdocuments/RL30735_06192001.pdf>37 Richard O. Hundley and Robert H, “ Emerging Challenge: Security And Safety In Cyberspace”. Anderson in IEEE Technology and Society, (Winter 1995/1996), p. 19–28.
38 Nadeem Unuth , “VoIP - What is VoIP?”
at;<http://voip.about.com/od/voipbasics/a/whatisvoip.htm>
32
When voice is digitized, encoded, compressed into packets and exchanged over IP
networks, it is susceptible to misuse. Cyber criminals will be drawn to the VoIP
medium to engage in voice fraud, data theft and other scams—similar to the problems
email has experienced. Denial of service, remote code execution and botnets all apply
to VoIP networks, and will become more problematic for mobile devices as well.
Criminals know that VoIP can be used in scams to steal personal and financial data so
voice spam and voice phishing
:
6. The evolving cyber crime economy
Ollmann divides the cyber criminal industry into three tiers:
• Low-level criminals who use kits to create the specific malware required for their
targeted crimes.
• Skilled developers and collectives of technical experts creating new components to
embed within their commercial malware creation kits.
• Top-tier managed service providers that wrap new services around malware kits to
increase propagation and enable organized fraud on a global scale, feeding gains back
into existing money laundering chains.
E-COMMERCE
Electronic transactions separate e-business from traditional types of
businesses. When a transaction takes place, which has jurisdiction? Who has the
authority to apply law over the transaction? For example, if you buy a laptop in your
local computer store, you know your legal rights. If the computer does not work when
you take it home, and the store refuses to settle up, then you can probably take the
dispute to your local small claims court. But if you buy the same computer online,
from a vendor on the other side of the world, perhaps through a dealer based in yet a
third country, then your rights is a lot less clear. Which country's protection laws
apply: yours, those in the vendor's home country, or those of the intermediary?
Without knowing which particular set of laws apply, it's impossible to know whom to
sue. "Small claims courts don't work in cyberspace," according to Ron Presser of the
33
American Bar Association.39A little legislation can go a long way toward helping
parties to establish better boundaries to work within. When a transaction that takes
place between two different parties located in two different countries goes wrong then
a number of complex questions arise.
This is not the first time the question of extra-territorial jurisdiction over Web
content has been raised. In November of last year, Felix Somm, ex-manager of
CompuServe Deutschland, was cleared on appeal of pornography charges brought
against him in Germany after newsgroups carried on parent company CompuServe's
US servers were found to contain pornographic material. The judge determined that it
was technically impossible for Somm to close the illegal newsgroups in question.
Following in the footsteps of the CompuServe's case, Yahoo is arguing that it would
be technically impossible to block only French citizens from access to its online
auctions if should the auctions contain objectionable items.
E-Business and Legal Issues
The technological basis of e-commerce is basically Web client/server
middleware, or what is called three-tier architectures. The client tier is the Web
browser involving some type of form processing. The middle tier is the Web server,
often with transaction processing. The Web server in turn links to the third tier, a
database processing the order information. Some of the issues are strictly Internet-
related, such as domain names and trademarks, linking and framing, clickware (and
shrinkware), and metatag use. Others are traditional issues applied to the Internet,
such as copyright, contracts, consumer protection, privacy, taxation, regulated
industries and jurisdiction40.
Jonathan D. Frieden41-states the following issues in e-commerce Common Issues
Facing E-Commerce Businesses
The Potential for Universal Jurisdiction
One of the primary advantages of Internet marketing and sales is the ability to
reach potential customers anywhere in the world. Unfortunately for e-commerce
businesses, this reach often works in both directions, so that a customer in a distant
jurisdiction may be able to sue the retailer far from its base of operations. The defence
39 Sayer, Peter and Deveaux, Sarah., "Jurisdiction in Cyberspace" IDG News Service Friday, July 28, 2000. See also <http://www.pcworld.com>40M Ali Nasir., “Legal Issues Involved in E-Commerce”, at; <http://www.acm.org/ubiquity/views/v4i49_nasir.html>41< http://ecommercelaw.typepad.com/ecommerce_law/2006/05/issue_4_the_pot.html>
34
of such a suit generally begins with the e-commerce business’s challenge to personal
jurisdiction.
Generally, a court’s resolution of such a challenge involves a two-step inquiry:
(1) a determination of whether the particular facts and circumstances of the case fall
within the reach of the forum state’s long-arm statute and (2) a determination of
whether the exercise of personal jurisdiction over the e-commerce business would be
consistent with the Due Process Clause of the United States Constitution. In many
jurisdictions, the analysis of these two issues flows together, such that the Due
Process consideration becomes determinative.
The Due Process Clause prohibits a court from exercising personal jurisdiction
over a defendant unless the defendant has "certain minimum contacts" with the forum
state "such that the maintenance of the suit does not offend traditional notions of fair
play and substantial justice." International Shoe Co. v. Washington42. In addressing
the exercise of personal jurisdiction over a defendant whose contact with the forum
state occurs primarily over the Internet, many jurisdictions have adopted the "sliding
scale" approached formulated in Zippo Manufacturing Company v. Zippo Dot Com,
Inc.43
In Zippo, the district court concluded that jurisdiction certainly should be
exercised when one proactively enters a jurisdiction via the Internet but that
jurisdiction should be exercised when one merely posts information on the Internet
which may or may not be viewed by residents of a particular jurisdiction. As to the
great mass of cases resting in the "middle ground," the court held that "the exercise of
jurisdiction is determined by examining the level of interactivity and commercial
nature of the exchange of information that occurs on the Web site." Thus some sort of
practice, purposeful availment must occur on the part of the e-commerce business in
order to be subject to personal jurisdiction in a distant jurisdiction. However, some
states are "single act" states, in which even a single transaction completed over the
Internet may subject the e-commerce business to personal jurisdiction in that state.
The potential for universal jurisdiction attendant to Internet sales is a very real
threat to e-commerce businesses, especially small businesses who would not
otherwise reach a customer base inconveniently distant from their primary place of
business. An e-commerce business who wishes to limit this risk is best served by
42 326 U.S. 310, 316 (1945)43 952 F. Supp. 1119, 1124 (W.D. Pa. 1997)
35
seeking the advice of a competent and properly-licensed attorney who can help ensure
that the business is not purposely availing itself of the privilege of conducting
business activities in an inconveniently distant jurisdiction. An attorney may counsel
the e-commerce business to avoid offering products or services directed to or useable
only by, customers in an inconveniently distant jurisdiction and to limit the
geographic scope of its customer base via a well-communicated policy of not filling
orders for customers in distant jurisdictions. The risk may also be reduced by well-
written terms of use.
Challenges for e commerce44:
Internet based e-commerce has besides, great advantages, posed many threats
because of its being what is popularly called faceless and borderless. All of the
following examples are both ethical issues and issues that are uniquely related to
electronic commerce.
Ethical issues:
Jackie Gilbert Bette Ann Stead (2001) reported the following ethical issues related to
e-commerce.
1) Privacy
Privacy has been and continues to be a significant issue of concern for both current
and prospective electronic commerce customers. With regard to web interactions and
e- commerce the following dimensions are most salient:
(1) Privacy consists of not being interfered with, having the power to exclude;
individual privacy is a moral right.
(2) Privacy is "a desirable condition with respect to possession of information by
other persons about him/herself on the observation/perceiving of him/herself by other
persons"
2) Security concerns
In addition to privacy concerns, other ethical issues are involved with electronic
commerce. The Internet offers unprecedented ease of access to a vast array of goods
and services. The rapidly expanding arena of "click and mortar" and the largely
44 Bijal N. Zaveri .,“E-Commerce: Challenges and Opportunities”, at; <http://ecommercelaw.typepad.com/ecommerce_law/2006/05/issue_4_the_pot.html>
36
unregulated cyberspace medium have however prompted concerns about both privacy
and data security.
3) Other ethical issues
Manufacturers Competing with Intermediaries Online
"Disintermediation," a means eliminating the intermediary such as retailers,
wholesalers, outside sales reps by setting up a Website to sell directly to customers.
Disintermediation includes (1) music being downloaded directly from producers (2)
authors distributing their work from their own Web sites or through writer co-
operatives. Dinosaurs – "Dinosaurs" is a term that refers to executives and college
professors who refuse to recognize that technology has changed our lives. When an
executive speaks in terms of the Internet being the "wave of the future," it is a sure
sign of "dinosaur.
Perceptions of risk in e-service encounters
Mauricio S. Featherman, Joseph S. Valacich & John D. Wells(2006) reported
that as companies race to digitize physical-based service processes repackaging them
as online e-services, it becomes increasingly important to understand how consumers
perceive the digitized e-service alternative. E-service replacements may seem
unfamiliar, artificial and non-authentic in comparison to traditional service processing
methods. Consumers may believe that new internet-based processing methods expose
them to new potential risks the dangers of online fraud , identity theft and phishing
swindles means schemes to steal confidential information using spoofed web sites,
have become commonplace, and are likely to cause alarm and fear within consumers.
E-commerce Integration
Beside many an advantages offered by the education a no. of challenges have been
posed to the recent education system.
Zabihollah Rezaee, Kenneth R. Lambert and W. Ken Harmon (2006) reported
that E-commerce Integration assures coverage of all critical aspects of e-commerce,
but it also has several obstacles. First, adding e-commerce materials to existing
business courses can overburden faculty and students alike trying to cope with
additional subject matter in courses already saturated with required information.
Second, many business faculty members may not wish to add e-commerce topics to
37
their courses primarily because of their own lack of comfort with technology-related
subjects. Third and finally, this approach requires a great deal of coordination among
faculty and disciplines in business schools to ensure proper coverage of e-commerce
education.
It act 2000 and legal system
Beside many an advantages offered by the IT a no. of challenges have been
posed to the legal system. The information transferred by electronic means which
culminates into a contract raises many legal issues which cannot be answered within
the existing provisions of the contract act. The IT act does not form a complete code
for the electronic contracts.
Farooq Ahmed (2001) reported that some of the multifaceted issues raised are
summarized in following manner.
1. Formation of e-contracts
a) Contracts by e-data interchange
b) Cyber contracts
2. Validity of e-transactions.
3. Dichotomy of offer and invitation to treat.
4. Communication of offer and acceptance
5. Mistake in e-commerce
a) Mutual mistake
b) unilateral mistake
6. Jurisdiction: cyber space transactions know no national and international
boundaries and are not analogous to 3- dimensional world in which common law
principles involved.
7. Identity of parties
The issues of jurisdiction, applicable law and enforcement of the judgments are not
confined to only national boundaries. The problems raised are global in nature and
need global resolution.
Human skills required for E-Commerce:
38
It's not just about E-commerce; it's about redefining business models, reinventing
business processes, changing corporate cultures, and raising relationships with
customers and suppliers to unprecedented levels of intimacy.
Internet-enabled Electronic Commerce:
Web site development
Web Server technologies
Security
Integration with existing applications and processes
Developing Electronic Commerce solutions successfully across the Organization
means building reliable, scalable systems for
1) Security,
2) E- commerce payments
3) Supply- chain management
4) Sales force, data warehousing, customer relations
5) Integrating all of this existing back-end operation.45
The popular view of the Internet as an unregulated medium is not true. The laws of
the world's jurisdiction still apply when you surf the Net: the only difference is that
the way they might apply. The colonization of cyberspace is both technology and
opportunity driven. Indeed technology is at the same time both a threat as well as a
solution, because on the one hand it challenges existing legal and regulatory
infrastructures and yet offers the solution to many of those threats, including security,
integrity and authenticity.
CHALLENGES TO THE CONVENTIONAL JUDICIAL ADMINISTRATION
SYSTEM
A sound judicial system: A sound judicial system is the backbone for
preserving the law and order in a society. It is commonly misunderstood that it is the
“sole” responsibility of the “Bench” alone to maintain law and order. That is a
misleading notion and the “Bar” is equally responsible for maintaining it. This
essentially means a rigorous training of the members of both the Bar and the Bench.
The fact is that the cyber law is in its infancy stage in India hence not much Judges
and Lawyers are aware of it. Thus, a sound cyber law training of the Judges and 45< www.wto.org>
39
Lawyers is the need of the hour. In short, the dream for an “Ideal Cyber Law in India”
requires a “considerable” amount of time, money and resources. In the present state of
things, it may take five more years to appreciate its application. The good news is that
Government has sanctioned a considerable amount as a grant to bring e-governance
within the judicial functioning. The need of the hour is to appreciate the difference
between mere “computerization” and “cyber law literacy”. The judges and lawyers
must be trained in the contemporary legal issues like cyber law so that their
enforcement in India is effective. With all the challenges that India is facing in
education and training, e-learning has a lot of answers and needs to be addressed
seriously by the countries planners and private industry alike. E-learning can provide
education to a large population not having access to it.46
Cyber space is a world of virtual reality. It is a brand new world. And a brand
new world requires brand new laws. Do such laws exist? Or are we seeing rehash of
old laws in the new realm? The result is confusion and a sense of betrayal.
Cyberspace requires cyber laws. Physical laws have limitations in the sense that they
are one-dimensional in application. They are meant for the physical world which is
static, defined and incremental; whereas cyberspace is dynamic, undefined and
exponential. It needs dynamic laws, keeping pace with the technological
advancement. Cyberspace is a place where the entry is not bound by geographic
boundaries. Any person who lives in this cyberspace is part of the community. He is
an unknown entity. He has no fixed geographic coordinates. He traverses cyberspace
from one set of coordinates to another. The most powerful invention of the 20th
Century is the information and communication technology for the society and its
application for the society development such as administration of Information and
Communication technology in judicial system will play an integral role for the society
to trust on its judicial process, due to its inherent advantage of fast processing, Trivial
retrieval, less human intervention, relatively low cost of development and in some
criminal cases where physical presence is an issue this solution is the best one.
Jurisdictional questions are governed by the Convention on Jurisdiction and
the Enforcement of Judgments in Civil and Commercial matters of 1968, the Brussels
46 About Cyber Law at; <http://www.cyberlawsindia.net/requires.html>
40
Convention. Its basic rules determine that, in principle, persons domiciled in a
Member State may be sued in the courts of that state, regardless to their nationality
(Art.2 of the Convention). In matters relating to a contract, a person domiciled in a
Member State may be sued in the courts for the place of performance or the obligation
in question. (Art.5 para.1 of the Convention.) Specific provisions apply to consumer
contracts. Therefore, Art.14 Para 1 of the Convention stipulates that the consumer has
the choice to sue the contracting party in the courts of the Member State where either
that party or he himself is domiciled. (Art.14 para.1 of the Convention). In the reverse
case, the other party can only sue the consumer in his country (Art.14 Para 2 of the
Convention). These rules, however, do solely apply to consumers in the cases that are
listed in Art. 13 of the Convention. The term “Consumer” has to be understood as a
person who concludes contracts for a purpose which can be regarded as being outside
his trade or profession (Art.13 para.1 of the Convention). Important to E-Commerce is
especially Art.13 para.3 fig.3 of the Convention, which refers to contracts on services
or goods. To establish a specific relation to the consumer’s country of residence the
consumer must have been the subject to a specific invitation addressed to him or
advertising in his state of domicile, and in that state he must have performed a legal
act required for the conclusion of the contract. It is not necessary to render the service
in the consumer’s country of residence.47
Jurisdiction is the highly debatable issue as to the maintainability of any
suits which has been filed. Today with the growing arms of cyberspace the
growing arms of cyberspace the territorial boundaries seems to vanish thus the
concept of territorial jurisdiction as envisaged under S.16 of C.P.C. and S.2.of the
I.P.C. will have to give way to alternative method of dispute resolution.48
47 Justice Rajesh Tandon , “International Conference of Jurists for Judicial Reforms at LONDON”, by the Lecture in 2nd working Session 1300-1430 (Hall1) on 13th June 2009 in by at; <http://www.cyberlawindia.com/JusticeTandon_LondonSpeech.pdf>48Parthsarathy Pati., “Cyber-Crime Hardships To Curb It”, at ; <http://www.legalserviceindia.com/articles/article+4.htm>
41
CHAPTER -2
REGULATING THE CYBER SPACE
2.1 International Law
It should not have been astonishing that with its expansion the Net became
relevant to the "real" world. Legal reality intruded upon the world of Internet. When
CompuServe, Inc. blocked access by its subscribers in the United States and around
the world to two hundred discussion groups after a federal prosecutor in Germany had
42
indicated that they might violate German pornography laws,49 users realized that
"cyberspace doesn't belong to a single country,"50 but to a whole range of countries
with diverse legal concepts.
The “statutory rudiments” of both the state and the international laws are
applicable in deciding the application of international law by courts .Under
international law, a State is subject to limitations on its authority to exercise
jurisdiction in cases that involve foreign interests or activities.51 International law,
however, does not impose hard and fast rules on States delimiting spheres of national
jurisdiction. Rather, it leaves States wide discretion in the matter. Nevertheless, the
existence of limits is undisputed. Every State has an obligation to exercise moderation
and restraint in invoking jurisdiction over cases that have a foreign element, and they
should avoid undue encroachment on the jurisdiction of other States52. A State that
exercises jurisdiction in an overly self-centered way not only contravenes
international law, but it can also "disturb the international order and produce political,
legal, and economic reprisals.”53 In R v. Bow Street Metropolitan Stipendary
Magistrate, ex parte Pinochet Ugarte54
Principles of Jurisdiction in Cyberspace
Traditionally, three kinds of jurisdiction are distinguished: jurisdiction to
prescribe, or legislative jurisdiction; jurisdiction to adjudicate, or judicial jurisdiction;
49 The incident is best described by the German journalist Michael Kunze who writes for the major German news magazines, Der Spiegel and Der Spiegel Online. Message from Michael Kunze to Cyber-Rights (Jan. 6, 1996) (available at Cyber-Rights Library) <http://snyside.sunntside.com/cpsr/lists/listserv_archives/cyberrights/960111.cr_CIS_censorship%3a_The_whole_St>
50 Peter H. Lewis., “Limiting A Medium Without Boundaries”, N.Y. Times, Jan. 15, 1996, at D1; see also Seth Faison, Chinese Tiptoe Into Internet, Wary of Watchdogs, N.Y. Times, Feb. 5, 1996, at A3; Mesher, 51 Message from Patrick Brennan to Cyber-Rights (Jan. 7, 1996) (available at Cyber-Rights Library) <http://www.cpsr.org/cpsr/lists/lis. . .cr_1289_%3a_Compuserve_caves_I>; see also Noam, supra note 15. But see The Internet Will Become Increasingly Multilingual, Netacross the World (Jan. 8, 1996), abstracted from Hong Kong Standard, Jan. 4, 1996. (On file with author).
52 George Cole, Censorship in Cyberspace, The Fin. Times, March 21, 1996, at 20, available in 1996 WL 6151123.
53 Dato V. L. Kandan & Chuah Jern Ern, Malaysia Prepares "Cyberlaws", Intell. Prop. Worldwide (July/Aug. 1997) <http://www.ipww.com/jul97/pllmalaysia.html>.
54 (1999) 2 WLR 827 House of Lords
43
and jurisdiction to enforce, or executive jurisdiction55. Jurisdiction to prescribe is the
first step in many analyses. Jurisdiction to adjudicate does not apply in the absence of
jurisdiction to prescribe unless the Forum State is willing to apply the law of a foreign
State. For jurisdiction to enforce, States also regularly need jurisdiction to prescribe.
These distinctions can be important in determining the limits of a country's
jurisdiction under international law. Depending on the nature of the jurisdiction being
exercised, the requisite contacts with a State necessary to support the exercise of
jurisdiction differ56 the three types of jurisdiction however, are often interdependent,
and their scope and limitations are shaped by similar considerations.
Prescriptive jurisdiction
Jurisdiction to prescribe means a State's authority to make its substantive laws
applicable to particular persons and circumstances. International law has long
recognized limitations on the authority of States to exercise jurisdiction to prescribe in
circumstances affecting the interests of other States. In principle, it was accepted that
a State had legislative jurisdiction to regulate activities within its territory, as well as
the conduct of its nationals abroad. Yet, there is wide international consensus that not
even the links of territoriality or nationality suffice in all instances for the exercise of
jurisdiction to prescribe. For instance, according to Article 34 of the Vienna
Convention on Diplomatic Relations, diplomats are exempted from most dues and
taxes.57 The country has jurisdiction to prescribe in the following ways
1. Conduct that wholly or in substantial part, takes place within its territory;
2. the status of persons, or interests in things, present within its territory;
3. conduct outside its territory that has or is intended to have substantial effect
within its terroritry;
4. the activities ,interests, status, or relations of its nationals outside as well as
within its territory; and
55 Singapore Laws Will Apply in Cyberspace, Netacross the World (Feb. 26, 1996), abstracted from The Straits (Singapore), Feb. 24, 1996 (on file with author). The government is requiring the registration of operators and owners of Web sites containing political or religious information. 56 Bernard H. Oxman, “Jurisdiction of States”, in Encyclopedia of Public International Law 277
57 Vienna Convention on Diplomatic Relations, Apr. 18, 1961, art. 34, 500 U.N.T.S. 95.
44
5. Certain conduct outside its territory by persons who are not its nationals that is
directed against the security of the country or against a limited class of other
national interests.58
Jurisdiction to adjudicate
Jurisdiction to adjudicate is defined as a State's authority to subject persons or
things to the process of its courts or administrative tribunals, whether in civil or in
criminal proceedings, whether or not the State is a party to the proceedings. It requires
a sufficient or reasonable relation with the Forum State. A state may exercise
jurisdiction through its courts to adjudicate with respect to a person or thing if the
relationship of the state to the person or thing is such as to make the exercise of
jurisdiction reasonable.
The fact that an exercise of jurisdiction to adjudicate is reasonable does not
mean that the Forum State has jurisdiction to prescribe in respect to the subject matter
of the action. "Conversely, there may be circumstances in which a State has
jurisdiction to prescribe but jurisdiction to adjudicate is absent or doubtful."
Especially in criminal cases, jurisdiction to adjudicate is rarely exercised in the
absence of jurisdiction to prescribe by the same State, because courts rarely apply the
criminal laws of other States.
In international criminal cases, jurisdiction to adjudicate depends almost
exclusively on presence of the accused. In international civil cases, the principle of
"actor sequitur forum rei" [Plaintiff follows defendant to the latter's forum] can be
regarded as a principle accepted virtually everywhere.59 It is important to note that the
international law standard for civil cases—reasonableness—differs significantly from
the U.S. "minimum contacts" standard, which was crafted in International Shoe v.
Washington and serves as the basis for deciding jurisdictional questions in the U.S.60
Transitory presence, for example, is not a sufficient basis for the exercise of
jurisdiction to adjudicate under international law61 even though "tag" jurisdiction is in
58 These principles are known as the territoriality principle, the nationality principle, the effects principle and the protective principle.59 Andreas Lowenfeld, “International Litigation and the Quest for Reasonableness” Oxford University,(1996).60 International Shoe, 326 U.S. 310, 316 (1945)61 Convention on Accession to the Convention on Jurisdiction and the Enforcement of Judgments in Civil and Commercial Matters, Oct. 9, 1978, 18 I.L.M. 8, 21 (excluding "tag" service as an acceptable basis on jurisdiction); cf. Born
45
accordance with U.S. law.62 One federal court even held that the temporary presence
of a person within the airspace of a state while on board a commercial aircraft
established jurisdiction.63 As a matter of principle, international law requires closer
pre-litigation contacts between the defendant and the Forum State than would be
necessary in domestic cases. This is due to the fact that a foreign nation presents a
higher sovereignty barrier than another state within the United States. U.S. courts
generally agree upon this concern for other nations' sovereignty.64
Jurisdiction to enforce
Jurisdiction to enforce deals with a State's authority to induce or compel
compliance or to punish noncompliance with its laws or regulations, whether through
the courts or by use of executive, administrative, police, or other nonjudicial action.
The U.S. enforcement agencies, in particular, are starting to enforce national laws on
the Internet.65 It is widely assumed that a state may not enforce its rules unless it has
jurisdiction to prescribe those rules. The mere existence of jurisdiction to prescribe,
however, is insufficient to justify the state to exercise enforcement jurisdiction in
another state's territory. Especially concerning measures in aid of enforcement of
criminal law, a state's law enforcement officers may exercise their functions in the
territory of another state only with the consent of the state, given by duly authorized
officials of that state.
Enforcement measures requiring consent include not only the physical arrest
of a person, but also, for example, service of subpoena, orders for production of
documents, and police inquiries. Police investigations may therefore not be mounted
on the territory of another State without its consent. The consequences may seem odd
for anyone not familiar with the eagerness of States to protect their national
sovereignty. Millions of foreign tourists take pictures of the San Marco Place in
Venice and talk to guides. If the San Marco Place, however, is the scene of a crime,
62 Burnham v. Superior Ct. of Cal., 495 U.S. 604, 615 (1990) (Scalia, J.) ("We do not know of a single state or federal statute, or a single judicial decision resting upon state law that has abandoned in-state service as a basis of jurisdiction. Many recent cases reaffirm it.").63 Grace v. MacArthur, 170 F. Supp. 442, 447 (E.D. Ark. 1959)64 Asahi Metal Indus. Co. v. Superior Ct., 480 U.S. 102, 115 (1987)
65 FTC Halts Internet Pyramid Scheme, FTC Press Release, May 29, 1997 <http://www.ftc.gov/opa/9605/fortuna.htm>; DOT Assesses Penalty for Advertising Violations on the Internet, DOT Press Release, Nov. 21, 1995 <http://www.dot.gov/cgi-bin/AT-serversearch.cgi>.
46
and the FBI wants to take pictures or talk to witnesses, permission is required.
Enforcement jurisdiction is linked quite closely to the territory. Its limits are much
more strictly observed than is the case with jurisdiction to prescribe.
An interesting question arises when the investigation is accomplished without
entering another State's territory, by running, for instance, a computer program which
searches databases installed in another country. At least two different scenarios are
imaginable. Police could send "dog sniffs" via network to hard drives to check their
contents. Or, law enforcement agencies could try to filter the streams of e-mail
communication by searching for certain keywords, evaluating the communication in
certain news groups, or checking suspicious Web sites. The first scenario is
distinguished from the second insofar as the objects of supervision—hard drives—
have a certain territorial location. Even though they can be easily moved, they are like
all tangibles always physically located, either within or outside the borders of a
certain jurisdiction. It is much more difficult to locate Web sites or public bulletin
boards.
Even when the location of a hard drive, a Web site, or a bulletin board is
known, the question is whether the activity of a foreign law enforcement agency
might be allowed because the territory was not physically entered by any agent. The
Swiss Federal Tribunal, Lausanne, decided in 1982 that a violation of sovereignty did
not necessarily require that the violating person acted on the territory of the violated
State. A German undercover agent had contacted a Belgian suspect by telephone,
inducing him to come for a business deal to Switzerland. When the suspect arrived in
Switzerland, Germany requested his extradition. The Swiss Federal Tribunal refused
the extradition, arguing that to give effect to the German request would have made
Switzerland a party to the violation of which Germany was considered guilty. This
strict attitude was not shared by the Court of Appeals for the Second Circuit in United
States v. Romano. The appellants, domiciled in Italy, were induced by U.S. agents to
come to the United States to complete a transaction which had been negotiated and
arranged by telephone conversations. Confronted with the complaint of violation of
foreign sovereignty, the court followed a narrow approach. "It must be stated at the
outset that in this case no peace officer or officer of the United States ever entered
Italian territory. Therefore, there was no violation of territorial sovereignty or offense
to any State."
47
The Yahoo! case
The recent lawsuit by the International League Against Racism and Anti-
Semitism and the Union of French Law Students against Yahoo!, (Yahoo! Inc., v La
Ligue Contre Le Racisme EL'Antisemitisme, 169 F.Supp 2d 1181, 2001) (Yahoo!),
which has received a lot of attention in the popular press summarizes the difficulties
that remain in resolving both the prescriptive and enforcement jurisdictional issues in
cyberspace. Two French groups, namely the Union of French Law Students and the
International League against Racism and Anti-Semitism filed suit against Yahoo! for
hosting auctions that displayed and sold Nazi propaganda. The memorabilia auctions
were accessible only via the English language site, Yahoo.com. Direct access through
Yahoo.fr was not possible. Yahoo! argued in French Court that the French Court did
not have jurisdiction over Yahoo! That plea was denied, and in November of 2000, a
French court ruled that Yahoo! must put filtering systems in place to block users in
France from access to the Nazi related goods area, or pay fines o f approximately
$13,000 per day. Only a watered down version of the effects test could be seen to
apply to the French court's decision in this case and since Yahoo! was not targeting
France which is a key element in the effects test the assertion of jurisdiction arguably
violates the due process requirement of U.S. law (Rice, 2002).
Yahoo! chose not to appeal the French court's judgment but rather it
challenged the enforcement of the order in the United States. In December of 2000,
Yahoo! filed a lawsuit in the United States District Court of Northern California
seeking a declaratory judgment that any final judgment of a French court would be
enforceable in the United States. Before the California court could address the merits
of thecae, in a bit of an ironic twist, the French defendants motioned the California
court to dismiss the declaratory judgment suit due to lack of jurisdiction. The U.S.
court denied the motion to dismiss, finding jurisdiction based upon the effects theory.
The court ruled that the defendant knowingly engaged in the activities and intended to
have an effect on the United States citizens, for example, the use of U.S. Marshals to
serve Yahoo! officers in California. Clearly, the French citizens purposely availed
themselves of the benefits of the United States.
A state can only enforce its laws against a defendant in a forum where the
defendant can be found or where there are assets belonging to the defendant.
48
Enforcement of a judgment rendered by another forum requires its recognition by
another court to enforce it. If it is the judgment of a court in a state in the United
States, the Full Faith and Credit Clause of the Constitution requires that it be
recognized by another state. When recognition of a judgment of a foreign court is
sought in the United States it depends upon the principle of “comity.” Comity is not a
matter of absolute obligation but it is the recognition which one nation allows within
its territory to the legislative, executive or judicial acts of another nation. National
procedures required for recognition and enforcement of judgments vary widely
around the globe. In the United States, comity is upheld unless to do so would violate
due process, personal jurisdiction or some public policy.
Fundamentals of jurisdiction in different states
Council of Europe
In European countries it is based on statute or regulation, instead of
constitutional due process applied in case law, as in the U.S. nonetheless, the results
under both systems have a good deal in common. The Brussels convention is the
controlling document on jurisdictional issues within European Union (E.U).66The
principles laid down are a person who is domiciled in an E.U. member country may
be sued in that country.
In contract matters, a person may be sued in the place of performance of the
obligation in question. A person may be sued in tort matters in place where the event
causing harm occurred. A consumer may elect to bring an action in either his
domicile, or in the other party’s domicile, so long as the consumer was subject to a
specific solicitation or advertising in the consumer’s domiciled.
In entering into contracts not involving a consumer, the parties can agree on a forum
for disputes.67
Since jurisdiction in European countries is not limited by constitutional due
process as it is in the U.S., the Brussels Convention does not require “minimum
contacts” between the forum and the defendant. The Convention permits assertion of
jurisdiction over a defendant if conduct wholly outside the forum resulted in a tort
injury to the plaintiff within the forum. In certain instances, at least, E.U. members
66 Convention on jurisdiction and the enforcement of judgments in civil and commercial matters(Sep. 30, 1998 official j. c027,0001-0027)67 Supra.66
49
construe their jurisdiction to extend to conduct on the Internet that offends policies
within the member state, regardless whether there was intent to cause an effect within
that forum.68
In Euromarket Designs Inc. v. Peters69 -this looked at the question of whether
an Irish company traded in the UK because it had a website available here. It was an
application for summary judgement, so the judge was only considering whether the
defence had any chance of success, rather than actually trying the issue in full. The
Claimant runs a series of shops in the USA under the name "Crate and Barrel", and
had a UK trade mark on that name, but did not trade in the UK. The Defendant had a
shop in Dublin under that name, but had no shops in the UK. It was observed that in
practice the goods sold (furniture) were not generally for sale by mail order and "This
is an advertisement for an Irish shop in a magazine which has an Irish and UK
circulation." He went on to say: "The right question, I think, is to ask whether a
reasonable trader would regard the use concerned as 'in the course of trade in
relation toods' within the member state [of the EU] concerned. Thus if a trader from
State X is trying to sell goods or services into State Y, most people would regard that
as having a sufficient link with State Y to be 'in the course of trade' there. But if the
trader is merely carrying on business in X, and an advertisement slips over the border
into Y, no businessman would regard that fact as meaning that he was trading in Y.
This would especially be so if the advertisement were for a local business such as a
shope or local service rather than for goods."
Justice Jacob therefore found that the advertisement was not trade mark
infringement. He described the situation with the website as "even clearer". Again,
reference was made to 800-Flowers and Justice Jacob's opinion in that case. Again,
Justice Jacob took the view that users of the internet expect irrelevant and foreign hits
during searches, and that in this case the domain name included 'i.e.' (for Ireland) and
the website itself was clearly for a shop. He did not accept that this website was
therefore selling to the world - it was clearly aimed at a specific market.
There was also an argument about the right to use your own name in business.
This is protected to some degree by the EC rules on trade mark law (although there
are exceptions, which we will not go into). There was discussion as to whether this
68 For details see at; <http://informingscience.org/proceedings/IS2003Proceedings/docs/029Glads.pdf>69 [2001] FSR 20
50
right also applied to companies, which over time gain goodwill in their name and may
also find it difficult to change. In this case, where there was no evidence of dishonesty
or copying when choosing the name, the judge felt that the own-name defense
applied. There was then the question of whether Euromarket had actually used the
'Crate and Barrel' trade mark in the UK themselves, as registered trademarks can be
revoked if not used. Most of the evidence from Euromarket consisted of sales in the
US shops to UK (and Irish) customers, or wedding list services where a UK customer
bought something for transit within the USA, or goods outside the specification of the
trade mark, or sales made too long ago. The judge therefore regarded there as being
little evidence of use of the mark - a point reinforced by other evidence from
Euromarket. The judge therefore signalled that, if this was a full trial, the trade mark
might well be invalid - a clear hint to the Claimant not to proceed. The judge also
cruised the handling of the case, the decision to continue at all and signalled that at a
full trial (quite apart from the trade mark being invalid) the case might well have to go
to the European Court of Justice to decide the 'own name' and 'genuine use' points.
Not surprisingly, the case went no further.
United Kingdom
Whether existing laws deal adequately with cyber crime or new laws are created, the
law courts play a crucial role in locating extra – territorial elements inherent in cyber
crime.
Where the language of a statute clearly identifies the extra – territorial reach of a
cyber crime, full faith and effect is given to it. An example is the Computer Misuse
Act 1990, which provides for “significant link” concept for assertion of jurisdiction.
In effect, an offence of unauthorized access is committed within UK where the
accused was in UK when he did the unauthorized access or if the computer accessed
without authorization was at the time of accessing same within UK. Either of this
presence is therefore link significant enough to make UK forum assert jurisdiction.
Following strongly after the UK Act, the Australian Cyber Crime Act 2001, (S. 476.3)
confers jurisdiction on her forum, for computer offences, where the conduct
constituting the offence occurs wholly or partly in Australia, or on board an
Australian ship or aircraft, or where the result of the conduct constituting the offence
occurs wholly or partly in Australia………. or the person committing the offence is
an Australian citizen or company. It follows that an Australian citizen operating in a
51
country where computer hacking is not an offence, who hacks into a computer system
in a third country would face potential criminal liability under the Act.70
Where computer-related offences have been committed, such Fraud or forgery, part I
of the Criminal justice Act 1993 provides for jurisdiction on the basis of a ‘relevant
event’ occurring in England and Wales(S 2(3)). A ‘relevant event’ means ‘any act or
omission or other event (including any result of one or more acts or omission) proof
of which is required for conviction of the offences’( s.2(1) ).71In cases of child
pornography, sexual offender’s act 1997 bestows domestic jurisdiction if the act is
also an offence in the jurisdiction where the act has been committed and the defendant
is a British citizen (s.7).72
In 1-800 Flowers Inc v. Phone names (2002) FSR 12 CA, the Defendant was a
UK based phonebook company and the Plaintiff was engaged in the business of
delivery of flowers. Customers across the world could access the Plaintiffs website to
place orders for flowers. There was, however, no evidence to show that UK residents
had placed orders on its website. It was argued that because the website was
accessible from the UK and the UK residents could place orders online, the use by the
Defendant of the mark 1-800 on its website amounted to use in the UK. It was held in
the first appeal by the Bench that "mere fact that websites could be accessed
anywhere in the world did not mean, for trade mark purposes, that the law should
regard them as being used everywhere in the world". The intention of the website
owner and what the reader will understand if he accesses the website was held to be
relevant. The Court of Appeals also rejected the argument. Justice Buxton, in a
concurring opinion pointed out as under:
“I would wish to approach these arguments, and particularly the last of them,
with caution. There is something inherently unrealistic in saying that A "uses" his
mark in the United Kingdom when all that he does is to place the mark on the internet,
from a location outside the United Kingdom, and simply wait in the hope that
someone from the United Kingdom will download it and thereby create use on the
part of A. By contrast, I can see that it might be more easily arguable that if A places
on the internet a mark that is confusingly similar to a mark protected in
70Concept Of Location In The Context Of Substantive Rules Governing Computer Crime, see at; <www.jumbolaw.com/concept.doc>
71 These provisions came into force on 1 June 199972 See also the Sexual offender (conspiracy and incitement )Act 1996, where citizenship is irrelevant
52
another jurisdiction, he may do so at his peril that someone from that
other jurisdiction may download it; though that approach conjured up in argument
before us the potentially disturbing prospect that a shop in Arizona or Brazil that
happens to bear the same name as a trademarked store in England or Australia will
have to act with caution in answering telephone calls from those latter jurisdictions”.
However that may be, the very idea of "use" within a certain area would seem
to require some active step in that area on the part of the user that goes beyond
providing facilities that enable others to bring the mark into the area. Of course, if
persons in the United Kingdom seek the mark on the internet in response to direct
encouragement or advertisement by the owner of the mark, the position may be
different; but in such a case the advertisement or encouragement in itself is likely to
suffice to establish the necessary use.
United States
Personal Jurisdiction in Cyberspace: Brief Summary of Personal Jurisdiction
Law Jay Kesan University of Illinois at Urbana-Champaign, College of Law73
Personal jurisdiction concerns the power of a court to decide a case between the
parties. In order for a court to exercise jurisdiction there must be a statutory or
common law source of jurisdiction, which does not surpass the limitations imposed by
constitutional due process.
The U.S. Supreme Court later reformulated this approach to allow jurisdiction over
non-resident individuals and entities based on the "minimum contacts" of the out-of-
state party.
In the U.S., states exercise jurisdiction over non-residents under their
respective long-arm statutes, the exercise of which must meet constitutional due
process. In brief, to exercise personal jurisdiction over a defendant, a U.S. court must
undertake a two-step inquiry. First, the court must apply the relevant state long-arm
statute to see if it permits the exercise of personal jurisdiction. Next, the court must
apply the precepts of the Due Process Clause of the U.S. Constitution. In order for
specific jurisdiction to be properly exercised under the Due Process Clause, the
plaintiff must satisfy a two-part test. It was held that in such instance the Plaintiff had
to show that the defendant has sufficient "minimum contacts" in the forum state. In
73 <http://www.cyberspacelaw.org/kesan/kesan1.html >
53
other words, the defendant must have purposefully directed its activities towards the
forum state or otherwise "purposefully availed" of the privilege of conducting
activities in the forum state. Further, the forum court had to be satisfied that
exercising jurisdiction would comport with the traditional notions of fair play and
substantial justice. International Shoe Co. v. Washington74. This law was further
developed in later cases.
Personal jurisdiction under the Due Process Clause depends upon “the
relationship among the defendant, the forum, and the litigation,” Shaffer v Heitner75,
Physical presence within the forum is not required to establish personal jurisdiction
over a non resident defendant, Burger King Corp v Rudzewicz76, Instead, the plaintiff
must show that the defendant has purposefully directed its activities toward the
residents of the forum state, or otherwise “purposefully availed itself of the privilege
of conducting activities within the forum State, thus invoking the benefits and
protections of its laws," Hanson v Denckla77. Where a plaintiff’s claim is related to or
arises out of the defendant’s contacts with the forum, the court is said to exercise
“specific jurisdiction.”
Personal jurisdiction under the Due Process Clause depends upon the
relationship among the defendant, the forum, and the litigation.
1. Restricted Extra- Territoriality
To exercise jurisdiction over people within the territory of the nation is the basis of
personal jurisdiction. As it was observed in Pennoyer v. Neff78, states were permitted
to exercise jurisdiction of people and property within their territorial borders. The
Supreme Court has upheld physical presence in a forum state as the basis for personal
jurisdiction, even when an out-of-state individual enters the forum state for a brief
time. Also, in Burnham v. Superior Court79, Physical presence in the forum state also
satisfies the requirement of constitutional due process.
2. Non-Resident Motorist Statues
74 326 U.S. 310 (1945)75 433 U.S. 186 (1977)76 471 U.S. 462 1985)77 357 U.S. 235 (1985)78 95 U.S. 714, 24 L. Ed. 565 (1877)79 495 U.S. 604, 110 S.Ct. 2105, 109 L.Ed.2d 631 (1990).
54
Non-resident motorist statutes allowed states to have personal jurisdiction over out of
state residents. In Hess v. Pawloski80, the Supreme Court upheld a Massachusetts
statute which permitted jurisdiction over any non-resident who was operating a motor
vehicle within the state and was involved in an accident. After the court upheld these
statutes, many states began passing statutes that allowed jurisdiction over out-of-state
defendants for a variety of causes of actions.
3. Jurisdiction over Out of State Defendants
There are two requirements for a court to exercise personal jurisdiction over an out of
state defendant. The first is that the state must have statutory authority that grants the
court jurisdiction over the out of state defendant. The second requirement is the Due
Process Clause of the Constitution must be satisfied. The Supreme Court in a number
of cases has limited the reach of state statutory authority because of violations of
constitutional due process.
a. Long Arm Statutes
Today almost all states have "long-arm" statutes which allow the state to exercise
jurisdiction over an out-of-state defendant. The name "long-arm" comes from the
purpose of these statutes, which is to reach into another state and exercise jurisdiction
over a non-resident defendant. This was in response to Pennoyer v. Neff case under
which the jurisdiction was limited over persons physically located within the
territorial boundaries of the nation. Due to this state’s enacted long arm statutes
allowing jurisdiction over non residents in conformity with the fourteenth amendment
of the United States Constitution.
One of the first long arm statutes was enacted in Illinois. This statute states in part:
(a) Any person, whether or not a citizen or resident of this State, who in person or
through an agent does any of the acts hereinafter enumerated, thereby submits such
person, and, if an individual, his or her personal representative, to the jurisdiction of
the courts of this State as to any cause of action arising from the doing of any of such
acts:
(1) The transaction of any business within this State;
(2) The commission of a tortuous act within this State;
80 274 U.S. 352, 47 S.Ct. 632, 71 L.Ed. 1091 (1927)
55
(3) The ownership, use, or possession of any real estate situated in this State; . . . .
[The act goes on to list other causes of action that would allow Illinois jurisdiction
over the out-of-state resident.]
(c) A court may also exercise jurisdiction on any other basis now or hereafter
permitted by the Illinois Constitution and the Constitution of the United States. [735
ILCS 5/2-209 (West 1999).]
The Uniform Interstate and International Procedure Act (UIIPA), which is a model
long arm statute that several states have enacted states:
§ 1.02. [Personal Jurisdiction Based upon Enduring Relationship].
A court may exercise personal jurisdiction over a person domiciled in, organized
under the laws of, or maintaining his or its principal place of business in, this state as
to any [cause of action] [claim for relief].
§ 1.03. [Personal Jurisdiction Based on Conduct].
(a) A court may exercise personal jurisdiction over a person, who acts directly or by
an agent, as to a [cause of action] [claim for relief] arising from the person's
(1) Transacting any business in this state;
(2) Contracting to supply services or things in this state;
(3) Causing tortuous injury by an act or omission in this state;
(4) causing tortuous injury in this state by an act or omission outside this state if he
regularly does or solicits business, or engages in any other persistent course of
conduct, or derives substantial revenue from goods used or consumed or services
rendered, in this state; [or]
(5) Having an interest in, using, or possessing real property in this state; [or]
(6) Contracting to insure any person, property, or risk located within this state at the
time of contracting].
(b) When jurisdiction over a person is based solely upon this section, only a [cause of
action] [claim for relief] arising from acts enumerated in this section may be asserted
against him.
Uniform Interstate and International Procedure Act, 13 U.L.A. 355 (1986 Ed.)
Section (c) of the Illinois long arm statute is often termed the "catchall" phrase. It
allows the state to assert the maximum possible jurisdiction allowed by constitutional
due process requirements. The Uniform Interstate and International Procedure Act
56
(UIIPA) do not contain such a catchall phrase. The UIIPA only allows jurisdiction
over claims enumerated by the statute.
b. Constitutional Due Process Requirements
1. Minimum Contacts
The Supreme Court in International Shoe v. Washington81 first adopted a new
standard for jurisdiction over out-of-state non resident defendants. The case involved
a Washington court attempting to assert jurisdiction over a corporation that was
incorporated in Delaware and had a principal place of business in Missouri. The court
allowed jurisdiction because there was sufficient "minimum contacts" with
Washington. The court explained, Due process requires only that in order to subject a
defendant to a judgement in personam [personal jurisdiction], if he be not present
within the territory of the forum, he have certain minimum contacts with it such that
the maintenance of the suit does not offend 'traditional notions of fair play and
substantial justice'.
The court also explained that the minimum contacts standard was not a
mechanical test, but one that depended on the "quality and nature of the activity in
relation to the fair and orderly administration of laws." If the nature and quality of the
activities is continuous and systematic, a court will have general jurisdiction over the
entity. General jurisdiction allows a court to decide any cause of action over the
defendant, even if the activity occurred out of state. If the nature of the activity is of
an isolated nature, a court would only have specific jurisdiction. Specific jurisdiction
only allows a court to exercise jurisdiction for a cause of action which arises from the
defendant's activities within the forum state.
2. Limited Application of the Minimum Contracts Test
In World-Wide Volkswagen Corp. v. Woodson82, the Supreme Court stated
the defendants contact with the forum state should also be foreseeable to satisfy the
due process requirements for personal jurisdiction. The Court ruled that an Oklahoma
State court did not have jurisdiction over out-of-state defendants in a car accident that
occurred in Oklahoma. The defendants, a New York car dealer and a New England
regional distributor, sold the plaintiffs, then residents of New York, a car in New
York. The plaintiffs subsequently moved to Arizona, and while travelling through
Oklahoma got into an accident caused by the allegedly defective car.
81 326 U.S. 310, 66 S.Ct. 154, 90 L.Ed. 95 (1945)82 444 U.S. 286, 100 S.Ct. 559, 62 L.Ed.2d 490 (1980)
57
The Supreme Court held that Oklahoma did not have jurisdiction over the
distributor or dealer of the car, both of which did not ever sell cars in Oklahoma or
conduct any business in Oklahoma. Here, the court found that the distributor and
dealership had not "purposefully availed" themselves of the privilege of conducting
business in Oklahoma. The court stated the "the foresee ability that is critical to due
process analysis is not the mere likelihood that a product will find its way into the
forum State. Rather, it is that the defendant's conduct and connection with the forum
state are such that he should reasonably anticipate being hailed into court there.". The
court did distinguish this case from a situation when a product is sold because of the
"efforts of the manufacturer or distributor to serve, directly, or indirectly, the market
for its product in other States".
3. Resolutely Directed Activities
In a fractured decision, the Supreme Court in Asahi Metal Indus. Co v. Superior
Court83 held that "mere awareness" is not sufficient to satisfy the minimum contacts
test. A Japanese company sold assemblies manufactured by it to a company in Taiwan
which in turn incorporated them into the finished tyres and sold them worldwide
including the US where 20 per cent of its sales took place in California. A product
liability suit was brought in the Superior Court in California against the Taiwanese
company arising from a motorcycle accident caused as a result of a defect in the tyres.
The Taiwanese company in turn filed a counter claim against the Japanese company.
The order of the Superior Court declining to quash the summons issued to the
Japanese company was reversed by the State Court of Appeal. However, the Supreme
Court of California in an appeal by the Taiwanese company reversed and restored the
order of the Superior Court. The U.S. Supreme Court reversed the State Supreme
Court and held that exercise of personal jurisdiction over the Japanese company
would be "unreasonable and unfair, in violation of the Due Process Clause." Further it
was held that "the mere placement of a product into the stream of commerce" was not
an act "purposefully directed towards the Forum State" and would not result in a
"substantial connection" between the defendant and the forum state necessary for a
finding of minimum contacts. Examples of these actions may include advertising in
the forum state or providing regular advice to customers in the forum state.
Sliding Scale Test
83 480 U.S. 102, 107 S.Ct. 1026, 94 L.Ed.2d 92 (1987)
58
Inset Systems, Inc v Instruction Set, Inc84
As regards cases involving torts committed in relation to the internet, the early
decisions on the point handed down by the District courts in the U.S.A. appeared to
permit a forum state to exercise jurisdiction even where the website was a passive
one. In Inset Systems Inc. v. Instruction Set Inc. 937 F. Supp. 161 (D.Conn.1996), the
Defendant had displayed on its website used for advertising its goods and services, a
toll-free telephone number "1-800-US-INSET." The Plaintiff, a company in
Connecticut brought an infringement action against the Defendant in a court in
Connecticut, which in any event had a long arm statute. The District court held that
the Defendant had "purposefully availed itself of doing business in Connecticut
because it directed its advertising activities via the Internet sites and toll-free number
toward the State of Connecticut (and all states); Internet sites and toll-free numbers
are designed to communicate with people and their businesses in every state; an
Internet advertisement could reach as many as 10,000 Internet users within
Connecticut alone; and once posted on the Internet, an advertisement is continuously
available to any Internet user".
Here, Inset Systems claimed that Instruction Set's website made an infringing
use of Inset's registered trademark. The Connecticut long arm statute allows for out of
state corporations to be sued by residents of Connecticut as long as the out of state
corporation has conducted repeated solicitation for business in Connecticut "by mail
or otherwise." The court held that this standard was met by Instruction Set's Internet
presence, which it found to be at least as much of a case of solicitation as advertising
through hard copy mailers and catalogs. The court also found there to be sufficient
minimum contacts because Instruction Set should have realized that their nationally
available phone number and Internet site could reach potential customers in
Connecticut. Holding: solicitation by advertising through an Internet website is
enough to establish minimum contacts anywhere. However, other courts have
distanced themselves from this concept.85
Analytical framework for testing specific personal jurisdiction based on the
level of Internet activity was observed in Zippo Mfg. Co. v. Zippo Dot Com. Inc 86.
(“Zippo”). The "sliding scale" test for determining the level of interactivity of the
84 Inset Sys 937 F Supp 161 (D Conn 1996)85 For details see <http://en.wikipedia.org/wiki/Personal_jurisdiction_in_internet_cases_in_the_United_States>86 952 F Supp 1119 (DCWD Pa 1997)
59
website, for the purposes of ascertaining jurisdiction of the forum state, was laid down
in Zippo Mfg. Co. v. Zippo Dot Com, Inc. 952 F.Supp. 1119 (W.D.Pa.1997). The
Plaintiff Zippo Manufacturing was a Pennsylvania corporation making cigarette
lighters. The Defendant was a California corporation operating an internet website
and an internet news service. It had its offices only in California. Viewers who were
resident of other states had to go on the website to subscribe for the Defendants news
service by filling out an on-line application. Payment was made by credit card over
the internet or telephone. Around 3,000 of the Defendants subscribers were residents
of Pennsylvania who had contracted to receive the Defendants service by visiting its
website and filling out the on-line application. Additionally the Defendant entered
into agreements with seven internet access providers in Pennsylvania to permit their
subscribers to access the Defendants news service. The Defendant was sued in a
Pennsylvania court for trademark dilution, infringement and false designation. After
discussing the development of the law till then, the District Court first observed:
The Constitutional limitations on the exercise of personal jurisdiction differ
depending upon whether a court seeks to exercise general or specific jurisdiction over
a non-resident defendant. Mellon, 960 F.2d at 1221. General jurisdiction permits a
court to exercise personal jurisdiction over a nonresident defendant for non-forum
related activities when the defendant has engage3d in "systematic and continuous"
activities in the forum state Helicopteos Nacionales de Colombia, S.A. v. Hall 466 US
408. In the absence of general jurisdiction, specific jurisdiction permits a court to
exercise personal jurisdiction over a non-resident defendant for forum-related
activities where the "relationship between the defendant and the forum falls within the
"minimum contacts framework" of International Shoe Co. v. Washington 326 US 310
and its progeny Mellon, 960 F.2d at 1221.
The Zippo court then noted that "a three pronged test has emerged for
determining whether the exercise of specific personal jurisdiction over a non-resident
defendant is appropriate: (1) the defendant must have sufficient "minimum contacts"
with the forum state, (2) the claim asserted against the defendant must arise out of
those contacts, and (3) the exercise of jurisdiction must be reasonable." The court in
Zippo classified websites as (i) passive, (ii) interactive and (iii) integral to the
defendants business. On facts it was found that the Defendants website was an
interactive one. Accordingly it was held that the court had jurisdiction to try the suit.
60
The Zippo courts observation that "the likelihood that personal jurisdiction can be
constitutionally exercised is directly proportionate to the nature and quality of
commercial activity that an entity conducts over the internet" has been compared by
that court to a "sliding scale".
In Cybersell Inc v Cybersell, Inc-87Passive Website as Jurisdictional Basis.
Generally, if a Website is not interactive, but merely informational in nature, the
courts have been unwilling to support long-arm jurisdiction in foreign fora. In this
case an Arizona Internet commercial firm was denied jurisdiction over a Florida
Webpage construction company.88
“Cybersell FL did nothing to encourage people in Arizona to access its site,
and there is no evidence that any part of its business (let alone a continuous part of its
business) was sought or achieved in Arizona. To the contrary, it appears to be an
operation where business was primarily generated by the personal contacts of one of
its founders. While those contacts are not entirely local, they aren’t in Arizona either.
No Arizonan except for Cybersell AZ ‘hit’ Cybersell FL’s website. There is no
evidence that any Arizona resident signed up for Cybersell FL’s web construction
services. It entered into no contracts in Arizona, made no sales in Arizona, received
no telephone calls from Arizona, earned no income from Arizona, and sent no
messages over the Internet to Arizona. The only message it received over the Internet
from Arizona was from Cybersell AZ. Cybersell FL did not have a ‘800' number, let
alone a toll-free number that also used the ‘Cybersell’ name. The interactivity of its
web page is limited to receiving the browser’s name and address and an indication of
interest - signing up for the service is not an option, nor did anyone from Arizona do
so. No money changed hands on the Internet from (or through) Arizona. In short,
Cybersell FL has done no act and has consummated no transaction, nor has it
performed any act by which it purposefully availed itself of the privilege of
conducting activities, in Arizona, thereby invoking the benefits and protections of
Arizona law.”
After Zippo and Cybersell, courts became increasingly reluctant to grant
jurisdiction merely on the basis of the number of people in the forum jurisdiction who
can access a passive website, even where accessibility is accompanied by other means
87 130 F.3d 414 (9th Cir. 1997 (“Cybersell”)88 David Williams Russell, “ Internet Jurisdiction - A Pragmatic Approach” , See at; <www.harrisonmoberly.com/.../INTERNET%20JURISDICTION%20%20A%20PRAGMATIC%20APPROACH.d>
61
of communicating with the site operator or by a small amount of other contacts with
the forum. Indeed, the Connecticut Superior Court, without even a reference to the
Connecticut federal court’s opinion in Inset, ruled in 2000 that specific jurisdiction
could not be based on the mere accessibility within Connecticut of a website operated
from Georgia. When the Connecticut federal district again considered jurisdiction
based on a website in 2001, it wholly disregarded its own opinion in Inset, stating that
“most courts follow the lead of . . . Zippo,” On-Line Technologies v Perkin Elmer
Corp89. After the Ninth Circuit’s implied endorsement of the Zippo model in
Cybersell, five other federal circuits elected to recognize or adopt that model. The
Fifth Circuit did so in Mink v. AAAA Devel. LLC90, finding that a printable mail-in
form, a toll- free call- in number and a posted e- mail address were not enough to
impose specific jurisdiction in Texas over a Vermont website operator. Because
orders were not taken through the website, it was deemed to be nothing more than a
“passive advertisement.” In the same year, the Tenth Circuit used the Zippo analysis
in holding that a “passive” website was insufficient for exercise of jurisdiction in Utah
over a British bank.
The Effect Cases in United States
The difficulty experienced with the application of the Zippo sliding scale test,
has paved way for the application of the 'effects' test. The courts have thus moved
from a 'subjective' territoriality test (that a court will regulate an activity only if it is
shown having originated in its territory - exemplified by the decision in Louis Feraud
Int'l SARL v. Viewfinder Inc 406 F Supp 2d 274 (SDNY 2005)] to an 'objective
territoriality' or "effects test in which the forum court will exercise jurisdiction if it is
shown that effects of the Defendants website are felt in the forum state. In other words
it must have resulted in some harm or injury to the Plaintiff within the territory of the
forum state. Since some effect of a website is bound to be felt in several jurisdictions
given the nature of the internet, courts have adopted a 'tighter' version of the 'effects' 89 141 F.Supp. 2d 246 (D.Conn. 2001)90 1909 F.3d 333 (5th Cir 1999)
62
test, which is intentional targeting. Thomas Schultz in his illuminative piece "Carving
up the Internet: Jurisdiction, Legal Orders, and the Private/Public International Law
Interface" EJIL 2008 19 (779) points out that the dynamics of jurisdiction is
reasonableness and fairness. Schultz concludes that both the subjective territoriality
and objective territoriality or the 'effects' test, if construed too broadly, is bound to be
unfair and unreasonable. According to Schultz, a middle path had to be chosen
between the too narrow ("subjective territoriality") and too broad ("effects")
jurisdictional bases for better managing trans-border externalities. This middle path
was "targeting. Schultz defines targeting to mean "in essence that the activity must be
intended to have effects within the territory of the state asserting jurisdiction."
According to another scholar, Professor Michael Geist ("Is There a There There"
Towards Greater Certainty for Internet Jurisdiction" 16 Berkeley Tech UJ (2001)
1345 at 1357) the principle of targeting is to "identify the intentions of the parties and
to assess the steps taken to either enter or avoid a particular jurisdiction." Targeting is
described as "something more than effects, but less than physical presence." We now
examine the decisions in which the above tests were evolved.
In the "effects" cases, the Supreme Court based jurisdiction on the principle
that the defendant knew that her action would be injurious to the plaintiff; therefore
she must reasonably anticipate being haled into court where the injury occurred. The
"effects" cases are of particular importance in cyberspace because conduct in
cyberspace often has effects in various jurisdictions.
In Calder v. Jones91, the actress Shirley Jones who worked and lived in
California brought a libel suit in California against a reporter and executive for the
National Enquirer. The defendant had only been to California twice, and neither of
these visits was connected in any manner with the Jones claim of libel. However, the
court held that because Jones caused the story to the published which he knew would
have a "potentially devastating impact the brunt of that injury would be felt by
[plaintiff] in the state in which she lives and work and in which the National Enquirer
has its largest circulation," the defendant must "reasonably anticipate being haled into
court there.". The court in Calder emphasized was this was a case of an intentional
tort that was highly foreseeable to cause damage in California. The court also found
significant that the effects of the article were centered in California, both in the
content of the story as well as where the harm would be suffered. Thus the Calder 91 465 U.S. 783, 104 S.Ct. 1482, 79 L.Ed.2d 804 (1984)
63
case is considered a classic effects case, because jurisdiction was based on the effects
of the defendants conduct.
The "effects" test propounded in Calder has been applied with mixed results.
One of the most discussed decisions of a French court where the "effects" doctrine
was applied is the Yahoo! Case (UJEF et LICRA v. Yahoo! Inc. et Yahoo France,
Tribunal de Grande Instance de Paris, No RG: 00/0538, May 22, 2000 and November
22, 2000). The French court essentially applied the "effects test to assert jurisdiction.
It held that by "permitting visualization in France of nazi objects and eventual
participation of a surfer established in France in the exposition/sale of such objects"
Yahoo! Had committed a wrong within the territory of France. Although the website
was capable of being viewed from anywhere in the world, the French court concluded
that it had caused harm to the two claimants located in France. The mere download
ability of the objectionable information/material did not alone determine the question
of jurisdiction. The French court also considered the effect it would have on the
public at large in France who could access Yahoo!'s website and who were targeted.
This the Court concluded from the fact that Yahoo! Inc. U.S.A displayed
advertisements in French to visitors at the US based server and Yahoo! France
provided a link to the U.S. based Yahoo! Server that Yahoo! Inc. did intend its
services to reach persons in France and intended to profit for the visitors from France
to its U.S. based website. (There was a second phase of this litigation in the courts in
California where Yahoo! sued LICRA and UJEF on the ground that the order of the
French court was unenforceable in the U.S.A.
In another effects case, Keeton v. Hustler Magazine, Inc.92 concerned
allegedly libellous statements made in Hustler magazine. The plaintiff brought the
action in New Hampshire, despite not being a resident of New Hampshire. Hustler
magazine's only contacts with the forum were the 10,000 to 15,000 copies of its
magazine it sold every month. This lead the court to the conclusion that Hustler's
contacts with New Hampshire could not "by any stretch of the imagination be
characterized as random, isolated or fortuitous.” The court then continued its analysis
by looking at the additional factors that bore on the fundamental fairness of Hustler
Magazine being sued in a distant forum. An important element in the court's analysis
was that New Hampshire had a legitimate interest in the controversy, despite the fact
92 465 U.S. 770, 104 S.Ct. 1473, 79 L.Ed.2d 790 (1984)
64
that the suit was brought by a non resident. The basis for the legitimate interest was
the injury to the state's residents by being misled by the defendant’s statements.
The position in the US, in order to establish the jurisdiction of the forum court, even
when a long arm statute exists, the Plaintiff would have to show that the Defendant
"purposefully availed" of jurisdiction of the forum state by "specifically targeting"
customers within the forum state. A mere hosting of an interactive web-page without
any commercial activity being shown as having been conducted within the forum
state, would not enable the forum court to assume jurisdiction. Even if one were to
apply the "effects" test, it would have to be shown that the Defendant specifically
directed its activities towards the forum state and intended to produce the injurious
effects on the Plaintiff within the forum state. We now take a brief look at the
decisions in other common law jurisdictions.
Apart from the multi jurisdictional aspect of the cyber world, the additional
problem is to formulate a procedural law to support the information technology law.
The IT Act is only is the substantive law, the need of the hour is to construct a
convention based on criminal law procedures of the nation and as well as for the
international criminal law matters.
Convention on cyber crime
The first ever international treaty on criminal offences committed in the cyberspace
To deter action directed against the confidentiality, integrity and availability of
computer systems, networks and computer data as well as the misuse of such systems,
networks and data by providing for the criminalisation of such conduct, as described
in this convention, and the adoption of powers sufficient for effectively combating
such criminal offences, by facilitating their detection, investigation and prosecution at
both the domestic and international levels and providing arrangements for fast and
reliable international co-operation.93
Section 3 and Article 22 of the convention talks about the jurisdiction.
Jurisdiction.
93 Preamble of convention of cyber crime, Budapest, 23.XI.2001
65
1. Each Party shall adopt such legislative and other measures as may be necessary
to establish jurisdiction over any offence established in accordance with Articles
2 through 11 of this Convention, when the offence is committed:
a in its territory; or
b on board a ship flying the flag of that Party; or
c on board an aircraft registered under the laws of that Party; or
d by one of its nationals, if the offence is punishable under criminal law
where it was committed or if the offence is committed outside the
territorial jurisdiction of any State.
2. Each Party may reserve the right not to apply or to apply only in specific cases or
conditions the jurisdiction rules laid down in paragraphs 1.b through 1.d of this
article or any part thereof.
3. Each Party shall adopt such measures as may be necessary to establish
jurisdiction over the offences referred to in Article 24, paragraph 1, of this
Convention, in cases where an alleged offender is present in its territory and it
does not extradite him or her to another Party, solely on the basis of his or her
nationality, after a request for extradition.
4 This Convention does not exclude any criminal jurisdiction exercised by a Party
in accordance with its domestic law.
When more than one Party claims jurisdiction over an alleged offence established in
accordance with this Convention, the Parties involved shall, where appropriate,
consult with a view to determining the most appropriate jurisdiction for prosecution.
Principles relating to extradition
Article 24 – Extradition
1 a. This article applies to extradition between Parties for the criminal offences
established in accordance with Articles 2 through 11 of this Convention, provided that
they are punishable under the laws of both Parties concerned by deprivation of liberty
for a maximum period of at least one year, or by a more severe penalty.
b. Where a different minimum penalty is to be applied under an arrangement
agreed on the basis of uniform or reciprocal legislation or an extradition treaty,
including the European Convention on Extradition (ETS No. 24), applicable between
66
two or more parties, the minimum penalty provided for under such arrangement or
treaty shall apply.
2 The criminal offences described in paragraph 1 of this article shall be deemed to
be included as extraditable offences in any extradition treaty existing between or
among the Parties. The Parties undertake to include such offences as extraditable
offences in any extradition treaty to be concluded between or among them.
3 If a Party that makes extradition conditional on the existence of a treaty receives a
request for extradition from another Party with which it does not have an extradition
treaty, it may consider this Convention as the legal basis for extradition with respect
to any criminal offence referred to in paragraph 1 of this article.
4 Parties that do not make extradition conditional on the existence of a treaty shall
recognize the criminal offences referred to in paragraph 1 of this article as
extraditable offences between themselves.
5 Extradition shall be subject to the conditions provided for by the law of the
requested Party or by applicable extradition treaties, including the grounds on which
the requested Party may refuse extradition.
6 If extradition for a criminal offence referred to in paragraph 1 of this article is
refused solely on the basis of the nationality of the person sought, or because the
requested Party deems that it has jurisdiction over the offence, the requested Party
shall submit the case at the request of the requesting Party to its competent authorities
for the purpose of prosecution and shall report the final outcome to the requesting
Party in due course. Those authorities shall take their decision and conduct their
investigations and proceedings in the same manner as for any other offence of a
comparable nature under the law of that Party.
7 a. Each Party shall, at the time of signature or when depositing its instrument of
ratification, acceptance, approval or accession, communicate to the Secretary General
of the Council of Europe the name and address of each authority responsible for
making or receiving requests for extradition or provisional arrest in the absence of a
treaty.
b. The Secretary General of the Council of Europe shall set up and keep updated
a register of authorities so designated by the Parties. Each Party shall ensure that the
details held on the register are correct at all times.
67
The extradition treaty or international agreements are signed by many countries to
regulate extradition. It lays down rules that a criminal who commits cyber crime in
one country, when flees to another country to avoid prosecution; the country to which
he has fled can extradite that criminal, where the offence was committed. Cyber crime
is an extraditable offence under Article 24(2).
Applicable Laws in India
The present law of jurisdiction has been challenged by the IT and legal communities
at the global level on mainly the following two grounds.
The risk of websites facing litigation in foreign lands thereby causing them extreme
hardships. Inconsistent and harsh decisions of courts on the applicability of the law of
jurisdiction to the cyber world;
Civil law of jurisdiction in India
Unlike, criminal jurisdiction in cyber space the jurisdiction of the courts over
civil matters is capable of different interpretations.94 Under civil cases the problem
arises -Civil Procedure Court, is open to interpretation, under section 20 the trouble
in relation to cyber contracts arises where the parties are located in different
jurisdictions (i.e., different countries or in places where different set of laws and
regulations apply) and the medium of communication (website or mail server) is
located in another jurisdiction. The problem is aggravated where more than one
jurisdiction seeks to exercise its rights to impose taxes and levies (taxes include all
direct and indirect taxes and levies include municipal cess, stamp duty, registration
costs, etc) on an Internet-enabled transaction. The trouble also arises when under the
laws of one jurisdiction a certain act is an offence, while where the person is located,
the same act is allowed. For example, soft pornography is allowed in the US and most
EU countries because of their liberal environment, but it is strictly prohibited in any
form in India.95
Under civil law jurisdiction is based on the following grounds
94 Rahul Matthan, “The law relating to Computers and the Internet” , Butterworths India, 200095 In this context see Jasmeet Singh Wadehra , “Where do you Sue?”, Monday, December 31, 2001,at <http://pcquest.ciol.com/content/features/101123102.asp>
68
Pecuniary jurisdiction (S.6)
Subject matter jurisdiction (S.16)
Where suit is compensation of wrong done to the person or to a moveable
property(S.19)
Where the defendant resides or cause of action arises(S.20)
In Rajasthan High Court Advocates Association v Union of India96 The
Supreme court elucidated the meaning of ‘Cause of action’ as every fact which would
be necessary for plaintiff to prove, if traversed, in order to support his right to the
judgement of the court. Every fact, which is necessary to prove, as distinguished from
every piece of evidence, which is necessary to prove each fact, comprises in ‘cause of
action’.97Based on the principles of cause of action, the courts in India also have
jurisdiction over foreigners. For instance, where in a transaction the cause of action
has arisen in India, say at Delhi, wholly or partly, the courts would have jurisdiction
whether the defendant is a resident of India or anywhere in the world.
In Casio India Co. Ltd v Ashita Tele Systems Pvt Ltd,98 the Delhi High Court
held that once the website can be accessed from Delhi, it is enough to invoke the
territorial jurisdiction of the court. The court held that since the plaintiff does not need
to prove actual sale or a particular deception in a passing off case it was not required
that actual deception should take place in Delhi99.Looking from the contractual
perspective, the law is contained in the code of civil procedure, which says that the
jurisdiction lies where the cause of action, whether wholly or partly, arises. This
principle would mean even if a part of cause of action has arisen within the precincts
or the jurisdiction of an Indian court, the Indian court could exercise jurisdiction.
Section 20 of CPC does not talk about due process or minimum contract principles.
So, under this theory mere website access could suffice for a court to assume
jurisdiction. The moment a plaintiff show that the website is accessible from India
viewers are likely to view the website. Both the copyright Act and the Trademark Act
96 (2001) 2 SCC 29497 Seth, Karnika, “Cyber Laws in the Information Technology Age”, LexisNexis Butterworths,200998 (2003) 27 PTC 265 (Del)99 Supra Note.69
69
say plaintiff can file a suit where he is located; he doesn’t need to bother about where
the defendant is located. This means Indian Courts have a very wide jurisdiction as far
as internet is concerned.100
In India TV, Independent News Service Pvt Ltd v India Broadcast Live
LLC,101 the court took the view that mere fact that a website is accessible in particular
place may not itself be sufficient for the courts to that place to exercise personal
jurisdiction over the owners of the website. However, where the website is not merely
passive but interactive permitting the browsers to not only access the contents thereof
but also subscribe to the services provided by owners /operators, the position would
be different. The court observed that even where a consideration and limited
interactivity may not be sufficient for a court to exercise jurisdiction. This rationale is
fully reasonable and justified and reinforces the reasoning adopted by US courts in
cases such as Cybersell Inc and CompuServe’s case.102
In Tata Sons v Ghassan Yacoub and Others103, where the defendant, Ghassan
Yacoub, was based in the USA and had registered the domain name Tatagroup.com.
The defendants had registered the domain name with network solutions Incorporated,
which is a registrar based in USA. The Delhi High Court did not go extensively into
the question of jurisdiction but made a statement to effect that internet has
transactional ramifications, which means it potentially impacts almost every
jurisdiction where it is accessible and we have to look where the impact is felt.104 The
Indian courts have granted orders restraining defendants residing overseas where the
infringing activity takes place through a website (e.g., domain name infringement or
the online sale of counterfeit goods). In Tata Sons v Ghassan Yacoub an injunction
was granted against the registration of the domain name ‘tatagroup.com’ where the
defendant was located in New York.105
100 Mittal,Raman, Dispute Resolution in cyberspace : Determining jurisdiction and applicable law in verma S.K,Mittal, Legal Dimension of Cyberspace, Indian Law Institute, New Delhi,2004 101 (2007) 145 DLT 521102 Supra Note.72103 Unreported exparte interim injunction order; Suit No. 1672/99(Delhi High Court); see presentation of P.anand, Partner, Anand & Anand, WIPO International Conference on Electronic Commerce and Intellectual Property(September 1999), available at; <http://econimerce.wipo.int/meetings/1999/index.html>104 Supra Note 72105Pravin Anand, “ Anti-counterfeiting 2009 – A Global Guide”, at; <http://www.worldtrademarkreview.com/issues/Article.ashx?g=9e61914b-441a-4756-b153-
70
In, Himalayan Drug Company v. Sumit106, the plaintiff, had on their website a
huge database on Ayurvedic concepts and the whole range of products and herbs’
Sanskrit and Latin names, their properties, the medicines it was used in, with
graphical and pictorial presentation. The whole database was exactly copied by the
defendant who was based in Italy and pasted on a website called
‘Ayurveda.sumit.net’. The only contact with the plaintiff’s was the one stated on the
website in the form of an email address ‘[email protected]’. So, the plaintiff sued
the defendant along with the Internet Service Provider, also an Italian entity,
virtualace.net, who had actually subleased the domain name and the web space the
infringer. The court exercised jurisdiction in this case because it was a case of
copyright Act, 1957, a suit can be filed at a place where the plaintiff in based.
Moreover the website could be opened in Delhi and the damage could also be said to
have occurred there. The fact that the defendants belonged to Italy did not desist the
court from exercising jurisdiction.107
In, Banyan Tree Holding (P) Limited v A. Murali Krishna Reddy and
Anr.108The Court holds that jurisdiction of the forum court does not get attracted
merely on the basis of interactivity of the website which is accessible in the forum
state. The degree of the interactivity apart, the nature of the activity permissible and
whether it results in a commercial transaction has to be examined. For the "effects"
test to apply, the Plaintiff must necessarily plead and show prima facie that the
specific targeting of the forum state by the Defendant resulted in an injury or harm to
the Plaintiff within the forum state. For the purposes of a passing off or an
infringement action (where the plaintiff is not located within the jurisdiction of the
court), the injurious effect on the Plaintiffs business, goodwill or reputation within the
forum state as a result of the Defendants website being accessed in the forum state
would have to be shown. Naturally therefore, this would require the presence of the
Plaintiff in the forum state and not merely the possibility of such presence in the
future. Secondly, to show that an injurious effect has been felt by the Plaintiff it
would have to be shown that viewers in the forum state were specifically targeted.
c2279d70882b>106 Suit no. 1719 of 2000(Delhi High Court)107 Supra Note.69108MANU/DE/3072/2009
71
Therefore the "effects" test would have to be applied in conjunction with the "sliding
scale" test to determine if the forum court has jurisdiction to try a suit concerning
internet based disputes.
The question No. (i) Is accordingly answered.
Question (ii): In a passing off or infringement action, where the defendant is sought to
be sued on the basis that its website is accessible in the forum state, what is the extent
of the burden on the Plaintiff to prima facie establish that the forum court
has jurisdiction to entertain the suit?
This brings us to the question as to the extent of burden of proof on the Plaintiff to
prima facie show that the Defendant has purposefully availed of the jurisdiction of
this Court. In the present case, it is argued that by enabling customers to go on the
website and get a copy of its brochure and make enquiries, the Defendant must be
held to have purposefully availed of the jurisdiction of this Court. The question that
arises is for the purposes of Section 20(c) CPC, in such circumstances, is what is the
extent of the burden on the Plaintiff to show prima facie that a part of the cause of
action arose within the jurisdiction of the forum court. This Court holds that in order
to prima facie establish that the Defendant purposefully availed of the jurisdiction of
this Court, the Plaintiff would have to show that the Defendant engaged in some
commercial activity in the Forum State by targeting its website specifically at
customers within that State. This is consistent with the law laid down in Cybersell and
reiterated later in Toys R Us. It is also consistent with the application of the "tighter"
version of the "effects" test which is "targeting". In any action for passing off or
infringement, it would have to be shown that the Defendant by using its mark
intended to pass off its goods as that of the Plaintiffs. A mere hosting of a website
which can be accessible from anyone from within the jurisdiction of the court is not
sufficient for this purpose. Also a mere posting of an advertisement by the Defendant
depicting its mark on a passive website which does not enable the Defendant to enter
into any commercial transaction with the viewer in the forum state cannot satisfy the
requirement of giving rise to a cause of action in the forum state. Even an interactive
website, which is not shown to be specifically targeted at viewers in the forum state
for commercial transactions, will not result in the court of the forum state
having jurisdiction. In sum, for the purposes of Section 20(c) CPC, in order to show
that some part of the cause of action has arisen in the forum state by the use of the
72
internet by the Defendant, the Plaintiff will have to show prima facie that the said
website, whether euphemistically termed as "passive plus" or "interactive", was
specifically targeted at viewers in the forum state for commercial transactions. The
Plaintiff would have to plead this and produce material to prima facie show that some
commercial transaction using the website was entered into by the Defendant with a
user of its website within the forum state and that the specific targeting of the forum
state by the Defendant resulted in an injury or harm to the Plaintiff within the forum
state. Question No. (ii) Is answered accordingly. Orders" or "trap transactions"?
Question (iii) is it permissible for the Plaintiff to establish such prima facie case
through "trap orders" or "trap transactions"?
It may be recalled that the Plaintiff has to show that a part of the cause of
action in a suit for passing off or infringement has arisen within the jurisdiction of the
forum court. Relevant to this, it would have to be shown by the Plaintiff that the
Defendant "availed" of the jurisdiction of the forum court by commercially
transacting with a viewer located in the forum state through the internet. The question
is whether this transaction can be a 'trap transaction' that is engineered by the Plaintiff
itself, particularly when it is not otherwise shown that the Defendant intended to
specifically target customers in the forum state.
The Effects of Foreign Judgments
A foreign judgment shall be conclusive as to any matter thereby directly adjudicated
upon between the same parties or between parties under whom they or any of them
claim litigating under the same title except-
(a) where it has not been pronounced by a Court of competent jurisdiction;
(b) where it has not been given on the merits of the case;
(c) where it appears on the face of the proceedings to be founded on an incorrect view
of international law or a refusal to recognise the law of India in cases in which such
law is applicable;
(d) where the proceedings in which the judgment was obtained are opposed to natural
justice;
(e) where it has been obtained by fraud;
(f) where it sustains a claim founded on a breach of any law in force in India.
If the foreign court did not have jurisdiction over the matter, as far as an Indian court
is concerned. In various cases, the court has stated that where there has been voluntary
73
consent to submit to the jurisdiction of the court, the court would be recognized
internationally to have competent jurisdiction over the matter and such jurisdiction
would be binding. 109
In OP Verma v Gehrilal110, This principle is grounded on the foundation that a
party having taken a chance of a judgment in his favour by submitting to the
jurisdiction of the court, should not be allowed to turn round when the jurisdiction
goes against him, to say that court had no jurisdiction.The courts in India are not
averse to upholding the decree of a foreign court and can, in fact, only hold the decree
of a foreign court to be non- conclusive, if such a decree does not fulfil the criteria out
in s.13 of Civil Procedure. Thus, in the event a decree is passed against an Indian
citizen in respect of any perceived breach of the laws of another state, the decree will
be upheld in India, against the Indian citizen, provided it does not suffer from any of
the infirmities listed under s.13111. Indian citizens who establish a presence on the
internet would therefore need to careful to follow the principles of law, set out in
international jurisdictions to avoid prosecution under those laws. It is therefore not
enough to be mindful of local laws alone. Any venture on the internet appears to be
open to challenge from virtually any jurisdiction and from any country that has
internet access. This is a situation that is perhaps uncomfortable from the point of
view of carrying out a business on the internet. Commercial entities that are looking
to use the internet as a medium through which to conduct their business would be
constantly looking over their shoulders, as it were, for the first sign of litigation. As a
lawyer, it is difficult to advice clients as to strategy to be adopted in situation such as
these. While on the one hand, the promise of the internet is extremely attractive to
commerce, on the other hand, the potential risks are virtually impossible to calculate.
It is difficult to categorically state that a particular brand name the businessman
chooses to use on the internet is an original mark and such use would not be
tantamount to the violation of intellectual property rights of someone, somewhere on
the net. In such circumstances, businessman should proceed to take a commercial risk
to get out on the internet and to tackle any potential litigation as and when it arises.
There is no mechanism at present to conclusively state that a given act of an entity on
109 Narhari v Pannalal AIR 1977 SC 164, Lalji Raja and Sons v Firm Hansraj Nathuram AIR 1971 SC 974
110 AIR 1958 Ker 203 111Supra Note.68
74
the internet violates the rights of another person the internet and waiting to find one,
currently means unacceptable commercial delay.112
The jurisdiction of Indian courts over foreign citizens or residents
The subject matter jurisdiction has been explicitly stated under section 16 of the code
of civil procedure. Which reads as following:-
Suits to be instituted where subject-matter situate? Subject to the pecuniary or other
limitations prescribed by any law, suits?
(a) For the recovery of immovable property with or without rent or profits,
(b) For the partition of immovable property,
(c) For foreclosure, sale or redemption in the case of a mortgage of or charge upon
immovable property,
(d) For the determination of any other right to or interest in immovable property,
(e) For compensation for wrong to immovable property,
(f) For the recovery of movable property actually under distrait or attachment,
Shall be instituted in the Court within the local limits of whose jurisdiction the
property is situate.
Under the aforesaid section property means property situated in India .Therefore, the
Indian courts cannot assume jurisdiction over immovable property situated within the
jurisdiction of a foreign state. However, cyber related dispute seldom come within the
ambit of immovable property.
Under section 19 of the code - Suits for compensation for wrongs to person or
movable? Where a suit is for compensation for wrong done to the person or to
movable property, if the wrong was done within the local limits of the jurisdiction of
one Court and the defendant resides, or carries on business, or personally works for
gain, within the local limits of the jurisdiction of another Court, the suit may be
instituted at the option of the plaintiff in either of the said Courts.
Under section 20 of the code - . Other suits to be instituted where defendants
reside or cause of action arises? Subject to the limitations aforesaid, every suit shall
be instituted in Court within the local limits of whose jurisdiction?
112 Supra Note.68
75
(a) the defendant, or each of the defendants where there are more than one, at the time
of the commencement of the suit, actually and voluntarily resides, or carries on
business, or personally works for gain; or
(b) any of the defendants, where there are more than one, at the time of the
commencement of the suit actually and voluntarily resides, or carries on business, or
personally works for gain, provided that in such case either the leave of the Court is
given, or the defendants who do not reside, or carry on business, or personally work
for gain, as aforesaid, acquiesce in such institution; or
(c) The cause of action, wholly or in part, arises.
Explanation] .A Corporation shall be deemed to carry on business at its sole or
principal office in India or, in respect of any cause of action arising at any place
where it has also a subordinate office, at such place.
The applicability of Indian case laws in the transactions on the internet, held
that ‘a court in this country has jurisdiction over a non-resident foreigner, although he
has not submitted to its jurisdiction, provided the cause of action had arisen wholly or
in part within its jurisdiction’.113It is thus clear that the Indian courts will assume
jurisdiction over a matter if, even a part of the cause of action of the dispute arose
within the jurisdiction of the specified court. The US courts have held that the mere
fact that an individual can access a given site on the internet from within the
jurisdiction of the court, before which the suit was preferred, is justification enough
for the court to assume jurisdiction over the dispute.
Contractual disputes
The court has to examine the following issues in order to determine the applicable
laws and jurisdiction over contractual matters
1. Where the defendant resides or carries business
2. Where the contract was made
3. Where the contract was to be performed
4. Where the cause of action arose
A commercial contract normally has a jurisdictional clause in the agreement.
Under this clause the parties mutually settle the jurisdiction of a particular court.
113 Bhagwan Shankar v Rajaram AIR 1951 Bom 125
76
When there are multi- jurisdictions the courts will normally accept agreement
between the parties to submit to the jurisdiction of the other court.
In ABC Laminar Pvt. Ltd. v. A.P. Agencies, Salem114. In the matter of a
contract there may arise causes of action of various kinds. In a suit for damages for
breach of contract the cause of action consists of the making of t he contract, and of
its breach, so that the suit may be filed either at the place where the contract was made
or at t he place where it should have been performed and the breach occurred. The
making of the contract is part of the cause of action. A suit on a contract, therefore,
can be filed at t he place where it was made. The determination of the place where the
contract was made is part of the Law of Contract. But making of an offer on a
particular place does not form cause of action in a suit for damages for breach of co n-
tract. Ordinarily, acceptance of an offer and its intimation result in a contract and
hence a suit can be filed in a court within whose jurisdiction the acceptance was
communicated. The performance of a contract is part of cause of action and a suit in
respect of the breach can always be filed at the place where the contract should have
performed or its performance completed. If the contract is to be performed at the
place where it is made, the suit on t he contract is to be filed there and nowhere else.
In suits f or agency actions the cause of action arises at the place where the contract of
agency was made or the place where actions are to be rendered and payment is to be
made by the agent. Part of cause of action arises where money is expressly or
impliedly payable under a contract. In cases of repudiation of a contract, the place
where repudiation is received is the place where the suit would lie. If a contract is
pleaded as part of the cause of action giving jurisdiction to t he Court where the suit is
filed and that contract is found to be invalid, such part of cause of the action
disappears T he above are some of the connecting factors.
Law That Governs the Enforcement of Foreign Judgments in India
A foreign judgment can be enforced in India in one of two ways:
1. Judgments from Courts in "reciprocating territories" can be enforced directly by
filing before an Indian Court an Execution Decree.
A "reciprocating territory" is defined in explanation 1 to Section 44A of India's Civil
Procedure Code as: "Any country or territory outside India which the Central
114 (1989) 2 SCC 163
77
Government may, by notification in the Official Gazette, declare as a reciprocating
territory."The United Kingdom and Canada are among the list of countries which has
been declared as "reciprocating territories." Presently, the United States of America is
not declared as a "reciprocating territory” by the Government of India.
2. Judgments from "non-reciprocating territories," such as the United States, can be
enforced only by filing a law suit in an Indian Court for a Judgment based on the
foreign judgment. The foreign judgment is considered evidentiary.
The time limit to file such a law suit in India is within three years of the
foreign judgment The Indian Code of Civil Procedure, 1908 (CPC) governs the
execution of decrees, whether foreign or domestic, in India. There are two ways of
getting a foreign judgment enforced. Firstly by filing an Execution Petition under
Section 44A of the CPC (in case the conditions specified therein are fulfilled).
Secondly by filing a suit upon the foreign judgment/decree. Under Section 44A of the
CPC, a decree of any of the Superior Courts of any reciprocating territory is
executable as a decree passed by the domestic Court. Therefore in case the decree
does not pertain to a reciprocating territory or a superior Court of a reciprocating
territory, as notified by the Central Government in the Official Gazette, the decree is
not directly executable in India. In case the decree pertains to a country which is not a
reciprocating territory then a fresh suit will have to be filed in India on the basis of
such a decree or judgment, which may be construed as a cause of action for the said
suit. In the fresh suit, the said decree will be treated as another piece of evidence
against the defendant.115
Under section 45 of CPC- Execution of decrees outside India So much of the
foregoing sections of this Part as empowers a Court to send a decree for execution to
another Court shall be construed as empowering a Court in any State to send a decree
for execution to any Court established by the authority of the Central Government
outside India to which the State Government has by notification in the Official
Gazette declared this section to apply. It is under this section that central government
has declared by notification under this section. In addition, there are certain countries
which entered into reciprocal agreements with the government of India, in respect of
the enforcement of their decrees in Indian courts.
115 See at; < http://74.125.153.132/search?q=cache:http://madaan.com/enforcingjudgment.html>
78
Jurisdiction in criminal matters
The Indian Penal Code, 1860
Certain provisions of the IPC also suggest applicability of its provisions to
illegal actions committed outside India. Section 3 of the IPC reads “Punishment of
offences committed beyond, but which by law may be tried within India. Any person
liable, by any Indian law, to be tried for an offence committed beyond India shall be
dealt with according to the provisions of this Code for any act committed beyond
India in the same manner as if such act had been committed within India.” Section 4
of the IPC applies the nationality doctrine: “Extension of Code to extra-territorial This
section deals with acts and omissions of Indian citizens abroad and regulates the
action of any person irrespective of his/her nationality, if such person happens to be
on a ship or aircraft registered in India.
Code of Criminal Procedure Code, 1973
Section 188 of the CrPC provides that even if a citizen of India outside the
country commits the offence, the same is subject to the jurisdiction of courts in India.
In India, jurisdiction in cyberspace is similar to jurisdiction as that relating to
traditional crimes and the concept of subjective territoriality will prevail. Chapter XIII
of CrPC relates to jurisdiction of courts with regard to criminal matters. The primary
theory of territoriality is embodied in section 177 of the CrPC which provides that
“Every offence shall ordinarily be inquired into and tried by a Court within whose
local jurisdiction it was committed.” Section 178 of the CrPC provides that even if a
part of the offence is committed in India, it can be the place of inquiry:
“178- Place of inquiry or trial-
(a) When it is uncertain in which of several local areas an offence was committed, or
(b) Where an offence is committed partly in one local area and partly in another, or
79
(c)Where an offence is a continuing one, and continues to be committed in more local
areas than one, or
(d) Where it consists of several acts done in different local areas, it may be inquired
into or tried by a Court having jurisdiction over any of such local areas.”
Though the subjective territoriality116 provides jurisdiction beyond boundaries
to a certain extent, the objective territoriality117 assumes greater significance when
offenders involved in cross-border crimes are required to be put on trial in India.
Additionally, the “consequence” principle clarifies that where an act is done abroad
and the criminal effect is produced in India, the crime is taken to be committed in
India. With www giving a much wider and global scope of committing crimes (the
consequences of which can be almost anywhere in the world), providing for a global
jurisdiction to tackle with the crime can well be justified by acceptance of the
principle of “jurisdiction by effects.”
Effects doctrine
Section 179 of CrPC embodies the effects doctrine, which reads as under:
“179. Offence triable, where act is done or consequence ensues: When an act is an
offence by reason of anything which has been done and of a consequence which has
ensued, the offence may be inquired into or tried by a court within whose local
jurisdiction such thing has been done or such consequence has ensued.” The Supreme
Court in State of Madhya Pradesh v. Suresh Kaushal118, while discussing the import of
this section inferred that section 179 of CrPC contemplates two courts having
jurisdiction and the trial is permitted to take place in any one of those two courts. One
is the court within whose local jurisdiction the act has been done and the other is the
court within whose local jurisdiction the consequence has ensued. The application of
this principle in cyberspace has to be espoused owing to the peculiarity of www,
which indubitably permits initiation of the crime from any part of the world with its
consequences in any other part of the world without any territorial boundaries.
116 This refers to the situation when an act has been initiated in a territory but consummated abroad.117 This refers to the situation when an act has been initiated abroad but consummated within a territory.118 (2001) 4 SCAPE 233.
80
The Supreme Court in Dhannalal v. Kalawatibai119 held that “there is no
wrong without a remedy (ubi jus ibi remedium). Where there is a right there is a
forum for its enforcement. The plaintiff is dominus litis, i.e., master of, or having
dominion over the case. In case of conflict of jurisdiction the choice ought to lie with
the plaintiff to choose the forum best suited to him unless there is a rule of law
excluding access to a forum of the plaintiff’s choice or permitting recourse to a forum
will be opposed to public policy or will be an abuse of law.” With so many
outsourcing activities in India and the popularity of networking websites, a fresh
continuum of cases related to “Personal Victimization” and “Economic Offences” in
the nature of data protection, cyber defamation, security, etc have evolved. Hacking
initiated at one place adversely affects any other place/institution and brings them to
limbo. These can only be contained by the effective widening of the reach of law. The
concept of consequence and cause of action extends jurisdiction but a conflicting
situation arises where there is no defined regulation at one of the places. For example,
the Act does not provide any provision to catch the internet pornography on foreign
websites but only for sites in India120. The effect is caused in India as well.
In SMC. Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra,121 India’s first case of
cyber defamation, High Court of Delhi assumed jurisdiction over a matter where a
corporates’ reputation was being defamed through e-mails and passed an important
ex-parte injunction. In Sony.Sambandh.com case, a complaint was filed by Sony India
Private Ltd, which runs a website called www.sony-sambandh.com, targeting Non-
Resident Indians. The website enables them to send Sony products to their friends and
relatives in India after they pay for it online. In May 2002, someone logged onto the
website under the identity of Barbara Campa and ordered certain products, gave her
credit card number for payment and requested that the products be delivered to Arif
Azim in Noida. After following the relevant procedures of due diligence and
checking, the company delivered the items to Arif Azim. At the time of delivery, the
company took digital photographs showing the delivery being accepted by Arif Azim.
After one and a half months the credit card agency informed the company that this
119 (2002) 6 SCC 16.120 Section 67 of the Act.121 Suit No. 1279/2001.
81
was an unauthorized transaction as the real owner had denied having made the
purchase. The court convicted Arif Azim under section 418, 419 and 420 of the
IPC122, this being the first time that a cybercrime has been convicted. The effect of the
crime was generated in some other country which was actually committed online in
India.
Jurisdiction under the Information Technology Act
The need for regulation of cyberspace
Internet by its very nature is global and beyond the territorial boundaries of the
nation. In the 1990’s the internet was fast moving to transform the long-established
methods of commercial and communication society. Nobody owns the internet and
thus, no single legislation of a state can regulate the cyber world. Therefore, the
government should not apply its traditional mechanisms of regulating the internet.
Consequently, many nations formulated cyber laws to regulate the cyber space.
Though, India formulated its first cyber law in 2000 but it did clearly manifest the
need. The reasons why there was need for cyber legislation was mainly due to
challenges faced by the government to cope with cyberspace by the conventional
methods. Even our Law minister Dr. M Veerappa Moily has opined that he would like
to see more Acts to deal with the increasing volume and variety of cyber crimes. He
said "Last year the Government of India amended IT Act 2000, which was mainly
intended to give legal recognition to e-commerce, including electronic filing of
documents. It is only chapter 11 of the said Act that covers a few offences relating to
use and abuse of computer system which invites penalty of fine or imprisonment or
both," "On other hand, the United States has several Acts including the Computer
Fraud and Abuse Act, Computer Misuse Act, Electronic Fund Transfer Act and Child
Online Protection Act. Volumes of cyber crime in our country in course of time will
demand a variety of law. Present Indian Penal Codes are quite helpful in tackling IT
related offences, but that may not be enough," he observed.123
122 Section 418 deals with cheating with knowledge that wrongful loss may ensue to person whose interest offender is bound to protect; section 419 deals with the punishment for cheating by personation and section 420 deals with cheating and dishonestly inducing delivery of property.123 Law Minister calls for strengthening Cyber Law, Tuesday, 28 July 2009 00:00 at; <http://www.egovonline.net/news-list/34-news/7376-law-minister-calls-for-strengthening-cyber-
82
Laws involved on geographical basis have no application to cyberspace which is
Borderless, Cyberspace transactions occur simultaneously in all jurisdictions
assumption of jurisdiction by multiple states will lead to jurisdictional mayhem and
Architecture of Cyberspace precludes previous notice of applicable laws.124
The reasons for need for regulation are:-
Cyberspace is an intangible dimension that is impossible to govern and regulate using
conventional law.
Cyberspace has complete disrespect for jurisdictional boundaries. A person in India
could break into a bank’s electronic vault hosted on a computer in USA and transfer
millions of Rupees to another bank in Switzerland, all within minutes. All he would
need is a laptop computer and a cell phone.
Cyberspace handles gigantic traffic volumes every second. Billions of emails are
crisscrossing the globe even as we read this, millions of websites are being accessed
every minute and billions of dollars are electronically transferred around the world by
banks every day.
Cyberspace is absolutely open to participation by all. A ten year- old in Bhutan can
have a live chat session with an eight year- old in Bali without any regard for the
distance or the anonymity between them.
Cyberspace offers enormous potential for anonymity to its members. Readily v cc
available encryption software and steganographic tools that seamlessly hide
information within image and sound files ensure the confidentiality of information
exchanged between cyber-citizens.
Cyberspace offers never-seen-before economic efficiency. Billions of dollars worth of
software can be traded over the Internet without the need for any government licenses,
shipping and handling charges and without paying any customs duty.
Electronic information has become the main object of cyber crime. It is characterized
by extreme mobility, which exceeds by far the mobility of persons, goods or other
law.pdf>124 Information Technology Act 2000 and Amendments therein, Department of Information Technology presentation at; < http://www.assocham.org/events/recent/event_314/Dept_IT.pdf>
83
services. International computer networks can transfer huge amounts of data around
the globe in a matter of seconds.
A software source code worth crores of rupees or a movie can be pirated across the
globe within hours of their release.
Theft of corporeal information (e.g. books, papers, CD ROMs, floppy disks) is easily
covered by traditional penal provisions. However, the problem begins when electronic
records are copied quickly, inconspicuously and often via telecommunication
facilities. Here the “original” information, so to say, remains in the “possession” of
the “owner” and yet information gets stolen.125
Physical location (Lex situs) – its significance
Cyberspace radically undermines the relationship between legally significant (online)
phenomena and physical location. The rise of the global computer network is
destroying the link between geographical location and: (1) the power of local
governments to assert control over online behaviour; (2) the effects of online
behaviour on individuals or things; (3) the legitimacy of the efforts of a local
sovereign to enforce rules applicable to global phenomena; and (4) the ability of
physical location to give notice of which sets of rules apply. The Net thus radically
subverts a system of rule-making based on borders between physical spaces, at least
with respect to the claim that cyberspace should naturally be governed by territorially
defined rules. Cyberspace has no territorially-based boundaries, because the cost and
speed of message transmission on the Net is almost entirely independent of physical
location: Messages can be transmitted from any physical location to any other
location without degradation, decay, or substantial delay, and without any physical
cues or barriers that might otherwise keep certain geographically remote places and
people separate from one another. The Net enables transactions between people who
do not know, and in many cases cannot know, the physical location of the other party.
Location remains vitally important, but only location within a virtual space consisting
of the "addresses" of the machines between which messages and information are
routed. The system is indifferent to the physical location of those machines, and there
is no necessary connection between an Internet address and a physical jurisdiction.
Although a domain name, when initially assigned to a given machine, may be
125 Introduction to Indian Cyber Law authored by Rohas Nagpal<http://www.corecentre.co.in/Database/Docs/DocFiles/india_cyber.pdf>
84
associated with a particular Internet Protocol address corresponding to the territory
within which the machine is physically located (e.g., a "U.K" domain name
extension), the machine may move in physical space without any movement in the
logical domain name space of the Net. Or, alternatively, the owner of the domain
name might request that the name become associated with an entirely different
machine, in a different physical location. Thus, a server with a "U.K" domain name
may not necessarily be located in the United Kingdom, a server with a ".com" domain
name may be anywhere, and users, generally speaking, are not even aware of the
location of the server that stores the content that they read. Physical borders no longer
can function as signposts informing individuals of the obligations assumed by
entering into a new, legally significant, place, because individuals are unaware of the
existence of those borders as they move through virtual space. The power to control
activity in Cyberspace has only the most tenuous connections to physical location.126
Establishing jurisdiction in cyberspace
The Information technology law of India deal with range of fundamental legal
problems that emerges in the cyberspace, which has made transmit of intense volume
of information trouble-free and lucrative. Consequently, this has raised severe
jurisdictional issues and world over cyber laws of various countries are persistently
trying to harmonize the existing laws. Since, the rise of internet is the outcome of
technological development, where the world is borderless and electronically
accessible. The conventional legal system of ascertaining jurisdiction has fallen flat in
the cyber world.
The IT Act was formulated to give transactions carried out by electronic
means a legal recognition and also, regulating them. However, the most resolute piece
of cyber legislation implies a unification of criminal and civil laws to shape computer
regulatory laws. But the IT law does not. Even in the recent amendment of 2008, the
IT laws with respect to Jurisdictional issue is unspoken and needs more transparency.
The recent IT Act passed in India is illustrative of the prevailing perplexity in the area
of jurisdiction in the context of the internet. Furthermore, even if Indian courts are to
claim jurisdiction and pass judgments on the basis of the principle expostulated by the
IT Act, it is unlikely that foreign courts will enforce these judgments since they would
126 Law And Borders--The Rise of Law in Cyberspace , By DAVID R. JOHNSON and DAVID POST at; <http://131.193.153.231/www/issues/issue1/law/top.html>
85
not accept the principles utilized by the act as adequate to grant Indian court’s
jurisdiction. This would also render the act ineffective.127
The information technology Act 2000, under section 1(2) The Act brings within the
jurisdiction of Indian court any act which is an offence under the Act and committed
either within or outside India.
“It shall extend to the whole of India and, save as otherwise provided in this Act it
applies also to any offence or contravention there under committed outside India by
any person.”
Also, Section 75 of the Act also extends jurisdiction to any offence or contravention
committed outside India by any person. This section stipulates that the nationality of a
person is not a relevant consideration. However, the provision specifies that an
offence or contravention which was committed outside India by any person if the act
or conduct constituting the offence or contravention involves a computer, computer
system or computer network which is located in India.
“75. Act to apply for offence or contravention committed outside India. (1)
Subject to the provisions of sub-section (2), the provisions of this Act shall apply also
to any offence or Contravention committed outside India by any person irrespective of
his nationality. (2) For the purposes of sub-section (1), this Act shall apply to an
offence or contravention committed outside India by any person if the act or conduct
constituting the offence or contravention involved a computer, computer system or
computer network located in India.”
Under this principles of extradition and international law will be applicable.
This confers too much wide powers on Indian courts as what may be offensive
in India may be perfectly legal in the country where the website is hosted.
Furthermore, assuming Indian court prosecutes the offender and passes a judgment,
there are bound to be difficulties in enforcing the same as the foreign court may not
recognize the order/judgment and decline Indian courts any jurisdiction. It is pertinent
therefore in this context to draw principles that are reasonable and define
127 Supra.1
86
circumstances in which India may hold jurisdiction in cross border disputes as
American courts have propounded.128
The Information Technology (Amendment) Act, 2008 has been signed by the
President of India on February 5, 2009. A review of the amendments indicates that
there are several provisions relating to data protection and privacy as well as
provisions to curb terrorism using the electronic and digital medium that have been
introduced into the new Act. Even then the amendments to the IT Act do not address
jurisdictional issues. At a time when internet has made geography history, it was
hoped that the new amendments would throw light on complicated issues pertaining
to jurisdiction. This is because numerous activities on internet take place in different
jurisdictions. There is a need to enable Indian authorities to get jurisdiction over data
and information impacting India in a more comprehensive manner.129
Praveen Dalal practices law at the Delhi High Court and the Supreme Court of
India in matters relating to hi-tech crime and cyber forensics Internet is boundary less
and no country can exercise “sovereignty” over it. A person sitting in one part of the
World can create havoc in another part of the World. In the absence of
“harmonisation of laws” and “common standards” it becomes very difficult to tackle
cyber crimes and contraventions. An activity may be an offence in one jurisdiction
whereas it may not in another jurisdiction. Further, in the absence of constructive
“extradition arrangements” between two countries it becomes very difficult to
extradite the offender to the concerned jurisdiction. The issues of Cyber Law, Cyber
Security, Data Protection, etc are common to all the jurisdictions and Nations and we
must enact an International Cyber Law Treaty to effectively deal with the same.130
“Arrangements” between two countries it becomes very difficult to extradite the
offender to the concerned jurisdiction. The issues of Cyber Law, Cyber Security, Data
Protection, etc are common to all the jurisdictions and Nations and we must enact an
International Cyber Law Treaty to effectively deal with the same.131
128 Supra Note.71
129 "We're Not Keeping Pace"-By Pavan Duggal at; <http://www.cyberlaws.net/itamendments/TOI1.html>
130 Cyber forensics in India, at; < http://www.blogbharti.com/sudipta/india/cyber-forensics-in-india/>131 Cyber forensics in India, at; < http://www.blogbharti.com/sudipta/india/cyber-forensics-in-india/>
87
CHAPTER – 3
IN CASES OF CONFLICT OF LAW SITUATION - HOW THE CHOICE OF
LAW IS MADE IN LIEU OF JURISDICTION
"Traditional" rules of jurisdiction:—India follows what are today known in England
as the "traditional rules" of jurisdiction:
The rules have now become "traditional" in England because today England
like most of Europe is largely governed by rules of jurisdiction laid down by the
Convention on Jurisdiction and the Enforcement of Judgments in Civil and
Commercial matters (the Brussels Convention) signed in 1968 by the six original
members of the European Economic Community which came into force in 1973,
followed by various Accession Conventions by new members, U.K. having joined in
1978, followed by its amended version the Lugano Convention of 1988.
Jurisdiction in "personam" and in "rem":—Traditional Jurisdiction is of two
kinds—Jurisdiction 'in personam' and Jurisdiction 'in rem':—(i) Jurisdiction is "in
88
personam" when the action is to compel a person to do or not to do a particular thing,
for determining the rights and interests of the parties among themselves and the
judgment is binding on the parties to the action e.g., an action to pay a debt, specific
performance for damages of breach of contract, an action for injunction in a tort case
or for possession of tangible property.
Procedural character of personal jurisdiction:—for historical reasons, the
striking feature of rule of jurisdiction at common law in such matters is that it is
purely procedural in character. The rule is simply that the person should be served
with process. Service of process is the foundation of court's jurisdiction. Process or
writ or originating summons are now called "claim form" in England. In special cases,
English Courts exercise jurisdiction even on a person outside their jurisdiction
provided he is served the process. Nationality is no bar for the exercise of English
jurisdiction. A foreigner even in a temporary stay in England can be brought under
jurisdiction through service of a writ132.
Jurisdiction in rem - In Roman and later in English Common law is the power
to decide a "jus in rem" i.e., a right, like ownership, available against all persons,
against "the whole world" as traditionally expressed. Actions in rem are broadly of 3
kinds:—
Declarations of right or title to possession of property. Declarations of personal status.
Admiralty actions133, Actions for declaration of right and recovery of * property were
the only type of real actions or actions in rem. This was later extended to movables
and property of any kind: real or personal. The judgment of the court itself constitutes
good title against the entire world whatever defects may have previously existed in
the title to the property.
Rules of Jurisdiction in India
In R. Vishwanathan v. Abdul Wajid134, a case dealing with the distribute of a
deceased person's assets situated in different pre-independence Indian States and
Provinces, Vishwanathan being his eldest son and Abdul Wajid (a retired Revenue
Commissioner) the executor of his Will, various questions of Private International
132 See Cheshire and North's Private International Law, London, Butterworths, 13th Edn. 1999, pp. 179, 285 & 325; Halsbury's Laws of England, London, Butterworths, 2nd Edn. 1932, VoL 6, pp, 196 & 197; Dicey & Morris, The Conflict of Laws London, Sweet & Maxwell, 13th Edn., 2000, Vol. I, pp. 73,114 & 263; R.H. Graveson, The Conflict of Laws, London, Sweet & Maxwell Ltd., 6th Edn., 1969, pp. 108-110, 113.
133 R.H. Graveson, The Conflict of Laws, p. 109.134 AIR 1963 SC 1 : 1963 (1) Cr. LJ 7 : 1964 (2) SCR 336.
89
Law including extra-territorial jurisdiction arose. Besides defining and explaining
what Private International Law means (discussed in Chapters I and n) and interpreting
section 13 of Civil Procedure Code (discussed in Chapter IX), the rules of jurisdiction
in India' were concisely enunciated by Justice J.C. Shah (afterwards (C.J.I.) follows:
—
Jurisdiction in rem:—A foreign court has jurisdiction to deliver a judgment in rem
which will be enforced in India provided the property movable or immovable is
within the foreign country,
Jurisdiction over immovable’s:—it is also well settled that a foreign court has no
jurisdiction to deliver an enforceable judgment in respect of title to immovable
property situated outside its jurisdiction.
Jurisdiction in personam:—there is no general rule of Private International Law that a
Court can in no event exercise jurisdiction in relation to persons, matters or properties
outside jurisdiction. An action in personam lies normally where the Defendant is
personally within jurisdiction or submits to the jurisdiction or though outside
jurisdiction may be reached by an Order of the Court. In an action for movables, the
Court has jurisdiction where parties submit to the jurisdiction. A person who institutes
a suit in a foreign court and claims a decree in personam cannot after the judgment is
pronounced against him say that the court has no jurisdiction which he invoked. It
was held that an order for retransfer of shares of company registered outside
jurisdiction can be rendered effective by personal compliance since share certificates
must be deemed to be with the Defendants within jurisdiction.
Personal jurisdiction:—The implications of this important institute of Private
International Law again came up for consideration of the Supreme Court in British
India Steam Navigation Co. Ltd. v. Shanmughavilas Cashew Industries135, wherein the
Respondent purchased from East Africa raw cashew nuts which were shipped in a
vessel chartered by the Appellant company incorporated in England. Clause 3 of the
Bill of Lading stipulated English law and English jurisdiction or the option of the
carrier at the port of destination according to English law to the exclusion of
jurisdiction of courts of any other country. The supply delivered at Cochin was found
short and the Respondent sued the Appellant in the Court of Subordinate Judge,
Cochin. The suit and appeal to High Court were both dismissed for want of
135 (1990) 3 SCC 481: (1990) 2 UJ (SC) 47.
90
jurisdiction of the Court at Cochin allowing the appeal and remanding the case to the
trial court for disposal, the Supreme Court held that for the purpose of jurisdiction the
action of respondent 1 is an action in personam in Private International Law. An
action in personam is an action brought against a person to compel him to do a
particular thing. The old classic Indian case on International Jurisdiction was Sirdar
Gurdyal Singh v. Rajah of Faridkote136 wherein the Privy Council had decided that no
territorial legislation can give jurisdiction in a personal action which any foreign court
should recognize against absent foreigners owing no allegiance or obedience to the
power which so legislates. The Raja had obtained from the Court of Faridkote (then a
foreign court since it was a Princely State) a decree for Rs. 76,000 against the
Defendant who had not submitted to the Faridkote court's jurisdiction. Privy Council
dismissed the Raja's suit holding that in a personal action a decree passed "in
absentem" by a foreign court to the jurisdiction of which the Defendant had never
submitted is by international law an absolute nullity.
Choice of jurisdiction by agreement:—In A.B.C. Laminart Pvt. Ltd. v. A.P. Agencies,
Salem137, G.L. Oza and K.N. Saikia, JJ-/ for the purpose of interpreting an agreement
excluding the jurisdiction of a court, in the light of sections 28 & 23 of the Contract
Act, 1872, though the matter did not involve any foreign element relied on the settled
principles of Conflict of Laws/Private International Law regarding factors for
determination of situs of contract and held that, an agreement which purports to oust
the jurisdiction of the court absolutely is contrary to public policy and hence void.
Transnational Disclosures138
The features of modern commerce present huge opportunities for legitimate
and illegitimate business. Fraud and corruption know no frontiers. International fraud
is a growth business, claims Sir Peter Millet and the law reports would bear it out.
Some notorious cases are:—
(i) In Grupo Torras v. Fahad et al139, the Kuwait Investment Authority 1
claimed that it’s Spanish Investment Company was defrauded of hundreds of millions
136 1894 AC 670.
137 (1989) 2 SCC 163: 1989 (2) JT 38: 1989 (30) Guj LR 75: (1989) (2) APLJ (SC) 15.
138 Campbell McLachlan, “The Jurisdiction limits of Disclosure orders in Transnational Fraud,! Litigation”, (1998) 47 ICLQ 3.
139 (1996) 1 Lloyd's Rep 7(CA).
91
of pounds through a conspiracy of senior officers and that the proceeds were siphoned
through a web Panamian and other off shore companies with accounts in Switzerland
and the Channel islands.
(ii) In Arab Monetary Fund v. Hashim140, the AMF pursued a claim off
similar dimensions against its former Managing Director Dr. Hashim for alleged
corruption on a grand scale141,
(iii) In Republic of Haiti v. Duvalier142, even more sensational attempts
were made by the new government of the Republic of Haiti to recover assets allegedly
looted by "Baby Doc" Duvalier.
(iv) In Sumitomo Bank Ltd. v. Kaitika Ratna Tahir143, the fraud was by
corrupt government officials.
(v) ISC Technologies Ltd. v. Guerin144:—By Directors of public
companies. The annals of fraud are on.
In any case having foreign complexion or conflictual implications, the Court
seized of it, after deciding whether it will entertain the case at all (i.e. Choice of
jurisdiction) has to thereafter decide under "which law" the dispute ought to be
decided. This decision is called "Choice of law".
Any number of issues may arise in one case and each may be governed by a
rule taken from a different law.
Conflict of laws arises when at least one issue shows features or involves
factors connecting it with more than one system of law, in other words, when it has
several points of contact. Hence choice of law means choice of at that "connecting
factor" or "point of contact" which matters the most or is the most relevant.
Extra Territorial Operation of Indian Law
In 1689, the Dutch jurist Ulrich Huber (1636-1694) wrote the shortest treatise
ever written on the conflict of laws (only 5 quarto pages) known as "De Conflictu
Legum" which however influenced English and American law more than any other
140 (1991) 2 AC 114: (1993) 1 Lloyd's Rep 543.
141 Campbell McLachlan, Transnational Disclosure Orders, (1998) 47 ICLQ 6.
142 (1990) 1 QB 202.
143 (1993) 1 SLR 735.
144 (1992) 2 Lloyd's Rep 430.
92
foreign jurist. Here he laid down 3 rules to solve the difficulty of this particularly
intricate subject.
Rule of territorial operation of law. — Laws shall operate within the territorial
limits of the respective State and bind those who are subject to it.
Subjects of a State are all persons living permanently or temporarily within its limits.
Comity between Sovereigns shall be observed in that rights acquired within the limits
of a State shall retain their force everywhere.The Doctrine of Territorial operation is
balanced by the Doctrine of Comity which explains why laws still have extra-
territorial operations.145
Huber's approach can be seen to have been adopted by A.V. Dicey in
(English) Conflict of Laws and in the American Law Institute's restatements. In India
the Constitution, Article 245(2), Extent of laws made by Parliament and by the State
Legislatures lays down,
(1) That Parliament may make laws for the whole or any part of the
territory of India and the legislature of a State may make laws for the whole or any
part of the State.
(2) No law made by Parliament shall be deemed to be invalid on the
ground that it would have extra-territorial operation.
Article 245 lays down the principle of territoriality and Parliaments to
transcend it.
Article 245(1) actually enacts the Doctrine of Territoriality of Laws, from
Private International Law. Article 245(2) notwithstanding the rule, provides an
exception thereto in case of Parliament signifying that a municipal court cannot refuse
to give effect to a law made by Parliament because it has extra operation.146
It was held by the erstwhile Federal Court of India that legislation may offend
the rules of International Law, may not be recognized by foreign courts or there may
be practical difficulties in enforcing them, but these are questions of policy with
which domestic tribunals are not concerned.147
145 David Me Clean, Morris, “The Conflict of Laws”, London, Sweet & Maxwell Ltd., 5th Edn., 2000, p. 533.
146 H.M. Seervai, Constitutional Law of India, A Critical Commentary, Bombay, New Delhi, Universal Law Publishing Co. Pvt. Ltd., 3rd Edn., 1986, Vol. I, p. 1893.
147 Per Kania CJ. in A.H. Wadia v. C.I.T., Bombay, AIR 1949 FC 18.
93
Primarily all laws are territorial in their operation. The question has arisen
whether tax laws can operate on income derived from India by corporations or bodies
residing outside India. The theory of territorial nexus was applied by the Federal
Court.148
The Privy Council too held that the principle of sufficient territorial
connection not rule of residence giving effect to that principle is implicit in the power
conferred by Government of India Act, 1935.149
The Privy Council held that derivation from British India of the major part of
its income for a year, gave to a company sufficient territorial connection to justify its
being treated as at home in British India for all; purposes of tax on its income for that
year from whatever source that income may be derived. A company which in
substance lives on a country may; rationally be treated as living in it.
Although in the inter-State (not international) context, the principle of
territorial nexus was treated as well established and it was held that there was
sufficient territorial nexus between the respondents who conducted the prize
competition from Mysore and the State from which competitors sent entries
accompanied by entry fees which fees were taxed by the State.
The principle of territorial nexus was held to be applicable not only to income-
tax but also to sales tax legislation.150 It was held applicable to religious
endowments.151
The doctrine of territoriality of operations of law and the exception thereto in
Articles 245(1) and (2) respectively of the Constitution came up for consideration
before the Supreme Court in Electronic Corporation of India Limited v.
Commissioner of Income Tax152 regarding Income-tax Act, 1961, section 9(l)(vii)(b)
dealing with Income deemed to accrue or arise in India. The Extra-territorial
operation of the provision and its Constitutionality were in issue. The facts were that
services rendered by foreign company in the nature of training abroad to personnel of
148 In Governor-General v. Raleigh Investment Co., (1944) FCR 229.
149 Walbace Brothers v. C.I.T., Bombay, (1948) FCR 1.
150 Tata Iron & Steel Co. Ltd. v. Bihar, AIR 1958 SC 452:1958 (9) STC 267: 1958 SCR 1355:1958 S 818.
151 Bihar v. Chaxusila Dasi, AIR 1959 SC 1002.
152 1989 Supp (2) SCC 642.
94
Indian company and payment to the foreign company also affected abroad under
agreement. It was held that Parliament was competent to enact a law having extra-
territorial operation provided the object it seeks to subserve has nexus with anything
done in India. The further question was whether the provision indicates such a nexus
on facts of the case. Question was referred to a Constitution Bench of the court having
regard to its substantial importance as dealing with International Trade and
International Law.
After considering the Constitution of India, Article 245, Extra-territorial
operation of law, Constitutionality, Scope of its enforceability and Private
International Law, it was held by the Court that:—
Now it is perfectly clear that it is envisaged under our constitutional scheme
that Parliament in India may make laws which operate extra-territorially. Article
245(1) of the Constitution prescribes the extent of laws made by Parliament. They
may be made for the whole or any part of the territory of India. Article 245(2)
declares that no law made by the Parliament shall be deemed to be invalid on the
ground that it would have extraterritorial operation. Therefore, a Parliamentary statute
having extraterritorial operation cannot be ruled out from contemplation. The
operation of the law can extend to persons, things and acts outside the territory of
India. The general principle, flowing from the sovereignty of States, is that Jaws made
by one State can have no operation in another State. The apparent opposition between
the two positions is reconciled by the statement found in British Columbia Electric
Railway Company Limited v. King.153
"A legislature which passes a law having extra-territorial operation may find
that what it has enacted cannot be directly enforced, but the Act is not invalid on that
account, and the courts of its country must enforce the law with the machinery
available to them."
In other words, while the enforcement of the law cannot be contemplated in a
foreign State, it can, nonetheless, be enforced by the courts of the enacting State to the
degree that is permissible with the machinery available to them. They will not be
regarded by such courts as invalid on the ground of such extra-territoriality.
But the question is whether a nexus with something in India is necessary. It
seems to us that unless such nexus exists Parliament will have no Competence to
153 (1946) 2 AC 527.
95
make the law. It will be noted that Article 245(1) empowers Parliament to enact law
for the whole or any part of the territory of India. The provocation for the law must be
found within India itself. Such a law may have extra-territorial operation in order to
sub-serve the object, and that object must be related to something in India. It is
inconceivable that a law should be made by Parliament in India which has no
relationship with anything in India. The only question is then whether the ingredients
in terms of the impugned provision indicate a nexus. The question is one of
substantial importance, especially as it concerns collaboration agreements with
foreign companies and other such arrangements for the better development of industry
and commerce in India. In view of the great public importance of the question, we
think it desirable to refer these cases to a Constitution Bench, and we do so order.154
Limitation in Conflict Cases155
The question as to whether foreign law of limitation is to be applied in India in
case having foreign elements i.e., a Private International Law or a Conflict case came
up for decision in connection with section 11 of the (Old) Indian Limitation Act,
1908. It was settled that so much of the law as affects the remedy and the procedure
only is governed by the law of the country in which the action is brought and not by
foreign law. The Court will not apply a foreign law of limitation which affects the
remedy only and is therefore a matter of mere procedure. The foreign law of
limitation will be applied where it extinguishes the right or creates the title so that it
ceases to be a matter of mere procedure. Section 11, Limitation Act is a plain
recognition of this principle. Though the proper law of contract determines most
matters relating to the formation, validity and substance of the contract by virtue of
section 11 of the Limitation Act, no foreign law of limitation is a defense to a suit in
India unless that law has extinguished the contract and the parties were domiciled in
such country during the prescribed period. Section 11 of the Limitation Act is,
however, not exhaustive; R.A. Dickie and Co. (Agencies) Ltd. v. Municipal Board.156
The question whether a suit in this country on a foreign cause of action would
be within time or not has got to be decided by computing time from the date when the
154 1988 Supp (2) SCC 642.155 Dr. Ashok Soni, Digest of Cases on Law of Limitation, Universal Law Publishing Co. Pvt. Ltd.
2002 Edn., pp. 28-29.156 AIR 1956 Cal 216.
96
cause of action arose under the contract and not from the date of last
acknowledgement of liability. Ramanathan Chettiar v. K.M.O.L.M. ram Chettiar.157
Choice of Law - Its History and Development
Over history, courts and theorists have developed various models for
determination of choice of laws in a conflict of law situation. None of these can be
considered to be universally accepted or applied, but each serves to provide some
level of guidance. The US Restatement of Conflict of Laws, first in 1934, created a
series of simple, mechanical rules for choosing what law to apply in inter-
jurisdictional litigation. The substance of the claim — whether the case was based in
tort, contract, or property — determined the applicable rule. In tort cases, the First
Restatement applied a simple choice-of-law rule — lex loci delicti, or "the law of the
place of the wrong". Under this rule, a reviewing court would apply the law of the
place "where the last event necessary to make an actor liable for an alleged tort takes
place". For contracts, the First Restatement applied a similarly formal rule. The law of
the place where the contract was made would govern the validity of a contract. The
place of making was defined as the place where the "principal event necessary to
make a contract" had occurred.158 Under the First Restatement, real properly was
governed by the lex situs — the law of its physical location. These rules were
modified by the Second Restatement, in 19711 whereby a rule was laid down, namely
that "when faced with a choice between jurisdictions, courts should apply the law of
the jurisdiction with the most significant relationship to the litigation".159
This approach provides much less guidance to a court than the formal First
Restatement model160. To assist courts in weighing the importance of the contacts
between various jurisdictions and the dispute, the Restatement provided seven
157 AIR 1964 Mad 527: ILR (19164) 1 Mad 611.158 Supra, n. 1.159 In tort cases, the Second Restatement asked courts to consider: the place of injury, the place where
the conduct causing the injury occurred, the place of domicile or residence of the parties, and the place where the parties' relationship is centred. In contract cases, the intent of the parties was controlling; if the contract contained a forum-selection clause, the law of the chosen forum should govern. .In a contract matter without a forum-selection clause, the court, was to decide based on the following: the place of contracting; the place of negotiation; the place of performance; the location of the subject matter of the contract; and the domicile, residence, nationality, principal place of business and place of incorporation of the contracting parties.
160 What the Second Restatement added is flexibility. Of course, it lost in certainty and consistency. The test is generally administered on a case-by-case, ad hoc basis.
97
criteria161: (1) the needs of the interstate and international system, (2) the relevant
policies of the forum, (3) the relevant policies of the interested States, (4) the
protection of justified expectations, (5) the basic policies underlying the particular
field of law, (6) certainty and uniformity of result, and (7) ease in determining and
applying the law.
A number of other approaches have also been suggested. One of these is
"Interest Analysis", a creation of conflicts-scholar Brainerd Currie. Carrie argued that
courts should choose what law to apply by looking at the legislative purposes behind
each State's law. First, the reviewing court should identify false conflicts. If the choice
of one State's law would advance the policy interests of that State without impairing
the policy interests of the state whose law is not chosen, a false conflict exists, and the
court should apply the law of the interested State.162
If the law courts do not permit technology development in the court
proceedings, it would be lagging behind compared to other sectors. Technology is
definitely a tool.163
The UNCITRAL Model Law was in only taken into account in drafting of the
Arbitration and Conciliation Act, 1996 is patent from the statement of objects and
reasons of the Act. The Act and the Model Law are not identically drafted. The Model
Law and judgments and the literature thereon are, therefore, not a guide to the
interpretation of the Act.164
Conflict of Laws in Cyberspace
A second procedural issue with significant implications for the application of
substantive law to Cyber-acts is the question of Conflicts of Law. Different
geographic sovereigns commonly have different policy preferences, which are
implemented through law. Typically, each sovereign wants its law to govern disputes
involving its citizens or territory. However, Internet activity commonly involves
persons and computer networks located in many territories, whose laws may be
contradictory. Although the Internet is a recent phenomenon, transnational interaction
is not, and courts over several decades have developed the doctrine of Conflicts of
Law to resolve the question of which jurisdiction's law shall apply. Traditionally, U.S.
161 Supra, n. 1.162 Id.163 Amitabh Bagchi v. Ena Bagchi, AIR 2005 Cal 11.
164 Konkan Railway Corporation Lid. v. Ram Constructions (P.) Ltd., (2002) 2 SCC 368.
98
courts decided conflicts of law through deference to the principle of lex loci delicti,
"the law of the place of the wrong." In the geographically fluid environment of
Cyberspace, however, the place of the wrong often is not obvious.165
Modern courts and scholars have developed several other principles for the
resolution of conflicts of law, including the "most significant relationship" test, the
"center of gravity" approach, and the "interest" approach. None of these tests has been
universally accepted. In an attempt to minimize the inevitable conflict of law arising
from 'direct penetration', efforts have been made at an intergovernmental level to
address extra territorial searches under public international law.166 In a Council of
Europe report from 1989, consideration was given to the possibility of legalizing such
activities in certain circumstances and under certain conditions, giving the following
examples:that it would be used only for the taking of measures destined to preserve
the status quo, that is, so that the data cannot be tampered with;
that the data would not be used unless the involved State gives its consent;
that the nature or seriousness of the offence justifies the penetration;
that there is a strong presumption that the time needed for resorting to a traditional
procedure of letters rogatory would compromise the search for truth;
That the investigating authorities inform the authorities of the other State.167
However, it felt that the time was not yet ripe for such a proposal to be
pursued. In a subsequent Council of Europe Recommendation, it was noted that
search powers could extend to other connected computers, but only within the
jurisdiction.168 Extending that power to computers located in other jurisdictions should
only occur where 'immediate action is required' and only on a legal basis that avoids
'possible violations of State sovereignty and international law'.169 However, it was also
accepted that there was an urgent need for further international agreement on the
issue.
165 Supra.9
166 Walden lan, “Computer Crimes and Digital Investigations”, Oxford University Press, 2007.
167 CoE 1990 Report, at p 88.
168 Recommendation No R (95) 13, 'concerning problems of procedural law connected with information technology', at Principle 3..
169 Id, at Principle 17.
99
The first significant movement in the area was within the G8 forum. At a
meeting of Justice and Interior ministers in Moscow in October 1999, a document
entitled 'Principles on Trans-border Access to Stored Computer Data' was adopted.170
As well as calling upon States to enable the rapid preservation of data and expedited
mutual legal assistance procedures, there was also agreement that access could be
achieved without authorization from another State for the purpose of:
(a) Accessing publicly available (open source) data, regardless of where
the data is located geographically;
(b) accessing, searching, copying, or seizing data stored in a computer
system located in another State, if acting in accordance with the lawful and voluntary
consent of a person who has the lawful authority to disclose to it that data.171
Within the Council of Europe, the negotiators on the Cybercrime Convention
agreed two sets of provisions that addressed the obtaining of access to data stored in
another jurisdiction, without requiring authorization of the state in which the data
resides, First, a person in the territory of the Member State may be subject to a
production order that extends to data that is in that person's 'possession or control',
which would clearly include data held in another jurisdiction.172 The second situation
is where law enforcement needs to obtain direct access to the trans-border stored data.
In this situation, the two circumstances where such access may be obtained are
virtually identical to those contained in the G8 document.173
The former circumstance would presumably be applicable where information
was contained on a public website, and was first proposed by the G8 countries in
1997.174 The latter would extend, for example, to a person's e-mail stored in another
country by a service provider, such as Hotmail While the Convention provision could
be viewed as eroding traditional sovereign rights, it also represents an extra-territorial
extension of criminal procedure jurisdiction, which may strengthen sovereignty in a
transnational cyberspace environment. Article 32 details two circumstances all parties
170 Principles on Transborder Access to Stored Computer Data', adopted in Moscow in October 1999: available at ; <http://www.usdoj.gov/ag/events/g82004/99 transborderaccessprinciples.pdf>
171 Id, Para 6.
172 Cyber Crime Convention at Art 18.
173 Id at Art 32.
174 G8 'Principles and Action Plan to Combat High-tech Crimes', at Principle VII.
100
to the Convention could accept, but does not preclude other situations being
authorized under national law. Within the European Union, further harmonization of
rules governing transborder access has been advanced by the Commission under a
proposed Framework Decision on a 'European Evidence Warrant' (EEW'). Under Art
21, Member States must enable the execution of an EEW 'without further formality',
where the data is held in another Member State but is lawfully accessible to a legal or
natural person on the territory of the executing State by means of an electronic
communications network'. However, it is not clear that this provision will make it into
the final draft.
Other jurisdictions may take a more permissive approach to extra-territorially
obtained evidence than the UK. In 2000, as part of an investigation into the activities
of two Russian hackers, Vasiliy Gorshkov and Alexey Ivanovo, the FBI in the United
States accessed computers in Russia via the Internet, using surreptitiously obtained
passwords to download data from computers operated by the accused already under
arrest in the US.175 At an evidentiary hearing, Gorshkov first sought to have the
evidence suppressed on the grounds that it was obtained in violation of the Fourth
Amendment.176 The court held that the Fourth Amendment was not applicable to 'non-
resident aliens properly outside the territory of the United States.177 In addition, were
the Fourth Amendment to be applicable, the court considered the actions to be
reasonable in all the circumstances, therefore meeting the requirements of the Fourth
Amendment.178
Of critical relevance to our discussion in this section, the court in Gorshkov
also held that the FBI's, act of copying data was not a 'seizure under the Fourth
Amendment 'because it did not interfere with the Defendant's or anyone else's
possessory interest in the data'.179 While this may be true at a technical level, i.e. a 175 European Commission, 'Proposal for a Council Framework Decision on the European Evidence
warrant for obtaining objects, documents and data for use in proceedings in criminal matters', COM(2003) 688 final, 14 November 2003.
176 United States v Gorshkov, 2001 WL 1024026 (WD Wash 2001).
177 The Fourth Amendment states: ' The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
178 United States v Gorshkov, 2001 WL 1024026 (WD Wash 2001).
179 Gorshkov was eventually given a three year jail .sentence. See DOJ Press Release, 4 October 2002, available at; <http://www.usdoj.gov/criminal/cybercrime/ gorshkovSent.htmX>
101
copied document does not interfere with the source document180, one has to question
whether it is appropriate as a matter of legal principle to rely on such a distinction.
The issue has been addressed previously in a Council of Europe Recommendation on
criminal procedure181. The Recommendation states: The legal remedies that are
provided for in general against search and seizure should be equally applicable in case
of search in computer systems and in case of seizure of data therein.'182 This suggests
equality of treatment between physical and virtual seizures, which is not the position
adopted by the court in Gorshkov. Indeed, a further principle reiterates the need for
equality:
Where automatically processed data is functionally equivalent to a traditional
document provisions in the criminal procedural law relating to search and seizure of -
documents should apply equally to it183.
The Explanatory Report to the Recommendation notes that the different
purposes of 'seizure' are 'to safeguard evidence, or to safeguard the object in order to
possibly confiscate it or give it back to its lawful owner when it has been illegally
acquired'184. While the first purpose is clearly present in all investigations, whatever
the environment, the other purposes may only sometimes be necessary, e.g. where the
defendant has child pornographic images. To achieve confiscation in an electronic
environment, law, enforcement officers have two choices; physical seizure of the
equipment on which the data resides or render the data technically beyond use, either
through deletion or making inaccessible, such as the use or encryption. However, the
Report notes that in many situations the ability to copy data, rather than seize in the
traditional sense, confers a benefit to the person subject to the procedure.185 Clearly
180 United States v Gorshkov, 2001 WL 1024026 (WD Wash 2001).
181 This is true in terms of the document's content, but not in respect of the meta-data concerning the document's attributes or properties, which may record the fact that the original document was accessed at the time and date of copying.
182 Recommendation No R(95) 13. 'concerning problems of procedural law connected with information technology' and Explanatory Report.
183 Ibid, at Principle 2.
184 Ibid, at Principle 4.
185 Explanatory Report, at para 54.
102
any such benefits would be lost were the courts then to treat the procedure as
something other than seizure, with the associated legal protections.186
In other international instruments, we see divergent approaches to the issue.
The G8 principles expressly distinguish between acts of copying and seizing data,187
while the Commonwealth 'Model Computer and Computer-related Crimes Bill'
incorporates an expansive definition of 'seizure', which put the matter beyond
doubt: .....'Seize’ includes
(a) make- and retain a copy of computer data, including by using onsite
equipment; and
(b) Render inaccessible, or remove, computer data in the accessed
computer system; and
(c) Take a printout of output of computer data.188
A second argument raised by the defense in Gorshkov was that the actions of
the FBI agents were in breach of Russian law. On this, the court held that Russian law
was not applicable and even if it were, the agents had complied sufficiently.189
However, in retaliation for this breach of sovereignty, the Russian authorities charged
the FBI agent responsible for the intrusion with hacking, not with any anticipation of
success, but as a’ matter of principle'.190
Under Australian law, the issue of liability raised in Gorshkov would not seem
to arise, since specific statutory protection from any liability is granted to certain law
enforcement agencies 'for any computer-related act done outside Australia',191
although this would presumably not prevent a challenge being raised against the use
in court of any evidence so obtained.
186 Ibid, at para 57.
187 See also the Australian decision, Australian Securities and Investments Commission v Rich and Another [2005] NSWSC 62, which noted that the 'process of copying to storage devices brought to the premises, information stored in electronic form, involved the seizure of electronic things'.
188 Principles on Transborder Access to Stored Computer Data', adopted in Moscow in October 1999: available at; <http://www.usdoj.gov/ag/events/g82004/99 transborderaccessprinciples.pdf>.
189 Model Law at Art 11.
190 United States v Gorshkov, 2001 WL. 1024026 (WD Wash 2001).
191 Seitz, N, "Transborder search: A new perspective in law enforcement?', pp 23-50, Yale Journal of Law and Technology, hall 2004-05, at p 32. See also Brenner, S and Koops, B-J, 'Approaches to Cybercrime jurisdiction', 4 Journal of High Technology Law I (2004).
103
Need of Mutual Legal Assistance for Evidence Collection
Evidence residing abroad may be obtained through a range of mechanisms. In
the age of the Internet, it may be publicly accessible from a website. 192 Alternatively,
an investigating authority may use a search warrant to obtain material from a foreign
jurisdiction A third route would be to ask the potential witness to travel to the UK to
make a witness statement However, the investigation and prosecution of cross-border
computer crimes will often require mutual assistance between national law
enforcement agencies and prosecuting authorities, as well as commercial
organizations. In Levin, for example, assistance is required not only from the St
Petersburg police, but also the local telephone company obtaining such assistance in a
timely and efficient manner will often be critical to the success of a cybercrime
investigation. Historically, however, mutual legal assistance (MLA) procedures have
been notoriously slow and bureaucratic and therefore most mutual assistance occurs
through informal cooperation and liaison between authorities.193
As with other areas of criminal procedure, different rules and procedures exist
or are being established, for the movement of evidence between the UK and the other
EU Member States compared with the procedures governing the movement of such
evidence between the UK and non-EU States. Among European Union Member
States, mutual legal assistance-is primarily governed by the European Convention on
Mutual Assistance in Criminal Matters (1959), which has subsequently been
supplemented on a number of occasions most recently by the 2000 Convention.194
Parts of the 2000 Convention have been incorporated into English law through the
Crime (International Co-operation) Act 2003, which repeals and replaces parts of the
Criminal Justice (International Co-operation) Act 1990. In addition the Eurojust
initiative is designed to facilitate the exchange of information between authorities and
cross-border cooperation in the investigation and prosecution of serious and organized
crime.195
192 Criminal Code Act 1995, No 12(Cth), at 476.5, 'Liability for certain acts'. The relevant agencies are the Australian Secret Intelligence Service and the Defence Signals Directorate.
193 E.g. telephone account holder details. See Cyber Crime Convention at Art 32.
194 See Crown Prosecution Service Guidance: 'Evidence and Information from Abroad: Informal Enquiries and Letters of Request' (CPS Guidance), available at; <http://www.cps.govuk/legal/section2/chapter_e.html#_Toc44563266>.
195 OJ C 197, 12.7.2000, p 1. An Explanatory Report has been published at OJ C 379 29.12.2000, p 7. Between Commonwealth countries, MLA is governed by the 'Scheme Relating to mutual
104
Negotiations are also continuing on a proposal for a Council Framework
Decision establishing a 'European Evidence Warrant' that would replace existing
mutual assistance procedures. Under the proposal, which aims to create a similar
regime to that under the 'European Arrest Warrant', a request for evidence issued by a
judicial authority in one Member State would, under principles of mutual recognition,
be recognized and directly enforced by a judicial authority in the recipient Member
State. However, due to the political sensitivities involved in establishing such
procedures, the EEW will be set up in two stages. The first instrument will only cover
'evidence which exists and is readily available, while evidence that requires further
investigative activities to be carried out in the executing state, such as real-time
interception and covert surveillance, as well as access to data retained by CSPs, will
be addressed in a second instrument 'in due time'.196
An EEW request would take the form of a standard document, translated by
the issuing authority into the official language of the executing authority, which could
be treated by the executing authority in the same manner as a domestic request, with
the requested information being obtained in a manner considered most appropriate by
the executing authority, but as soon as possible and no later than 30 days after receipt
of the EEW. The proposal lists 32 categories of offence for which the 'double
criminality' principle may not be invoked as grounds for refusing a request, and for
which certain measures are available for executing the request, including powers of
search and seizure. The list of offences includes child pornography, fraud, computer-
related crime, racism and xenophobia, and counterfeiting and piracy of products, as
well as infringements of intellectual property rights and sabotage; all offences where
the available tariff is at least three years' imprisonment.197 Member States have
retained the right, in exceptional cases, to refuse to execute an HKW where the
offence has been committed wholly or partly in the executing state, which may result
in multi-State jurisdictional negotiations taking place at an evidential stage, rather
than when deciding where to prosecute.
Assistance in Criminal Matters' (the 'Harare Scheme'). With the US. The UK signed a bilateral treaty on Mutual Legal Assistance in Criminal Matters' in 1994 (TS 014/1997, Cm 3546).
196 Council Decision (2002/187/JHA) of 28 February setting up Eurojust with a view 10 reinforcing the fight against serious crime' OJ L 63/1 6.3.2002. See generally< http:// www.eurojust.eu.int>.
197 See Press Release from the Justice and Home Affairs Council Meeting. 9409/06 (Press 144) I-2 June 2006.
105
The 2003 Act details mechanisms for the mutual provision of evidence, either
obtaining evidence from abroad for use in the UK or assisting overseas authorities to
obtain evidence from the UK§ In the former situation, a judge, on the application of a
prosecuting authority (e.g. the CPS) or a person charged in the proceedings (i.e. the
defendant), may issue requests for evidence from abroad.198 Such a request,
historically known as a 'letter rogatory or 'commission rogatory', will only be made
where it appears that an offence has been committed and that proceedings have been
instituted or an investigation is underway199. The request may be sent to a court in the
relevant jurisdiction, to an authority designated in the jurisdiction for receipt of such
requests or, in cases of urgency, the International Criminal Police Organization
(INTERPOL).200 The evidence, once received, should then only be used for the
purpose specified in the request, known as the 'specialty principle':
Evidence obtained by virtue of a letter of request shall not without the consent of such
an authority ... he used for any purpose other than that specified in the letter: and
when any document or other article obtained pursuant to a letter of request is no
longer required for that purpose (or for any other purpose for which such consent has
been obtained), it shall be returned to such an authority unless that authority indicates
that the document or article need not be returned.201
Requests for UK-based evidence by overseas authorities must be sent to the
Secretary of State at the Home Office, referred to as the 'territorial authority'.202 The
Secretary of State may then nominate a court to receive the requested evidence. As
well as achieving the disclosure of particular evidence, the MLA procedure also
provides for the obtaining of evidence. The Secretary of State may direct that a
warrant be applied for from the courts in order that a search can be undertaken and
evidence seized. Law enforcement agencies may also obtain a warrant to intercept
communications, as discussed above. However, such coercive powers may only be
198 However, Germany has made a declaration reserving the right to make execution of a request subject to verification that double criminality exists in respect of certain offences, including computer-related crime: ibid, at p 11.
199 Crime (International Co-operation) Act 2003, Chapter 2, ss 7-12.
200 Ibid, s 7(1).
201 Ibid, s 9.
202 Ibid, s 3(7). This principle is also generally present in extradition treaties, requiring the requesting State only to prosecute the accused for the crimes detailed in the extradition request: sec Extradition Act 2003. s 95.
106
exercised where the conduct constitutes an appropriate offence in both the requesting
country and under the laws of England and Wales, the so-called 'double criminality
principle, as also required in extradition proceedings.203
In terms of informal mechanisms for obtaining evidence from abroad, as the
CTS notes, such assistance is 'dependent in many cases on their own domestic laws,
how good the relations are- generally between the country and the UK and, frankly,
the attitude and opinions of the people-on the ground to whom the request is made'204
While informal requests are the norm, often in the course of preparing a formal
request, they are less frequent in cybercrime cases, where the evidence required often
involves either the seizure of equipment (e.g. a server) or disclosure of information by
a foreign communication service provider, both of which generally require the use of
coercive powers, only available through the formal mechanisms referred to above.
However, in this scenario, an alternative informal approach may also exist where the
perpetrator's activities constitute an offence under foreign law, as well as the UK^As
such, the foreign authorities can choose to investigate without formal request even
though they have no real intention to pursue a domestic prosecution. Such an
approach can be viewed as a version of the 'double criminality' principle, where the
act is in actuality an offence in both jurisdictions rather than theoretically.205
The operation of mutual legal assistance procedures has inevitably become
considerably more complex in a cyberspace environment, where the location of
relevant resources may involve a variety of jurisdictions in respect of access to a
single forensic source. In October 2004, for example, a US-based managed hosting
company, Rackspace, received a subpoena, pursuant to an MLA Treaty, requesting
delivery up of certain log file information206 pertaining to an independent media
organization, Indymedia.207 The originating request came from a public prosecutor in
203 Crime (International Co-operation) Act 2003. ss 13 and 28(9). In practice, this is the UK Central Authority for Mutual Legal Assistance (UKCA) located in the Home Office. 179 See. ibid, ss 16-18.
204 See Crown Prosecution Service Guidance.
205 Such an approach has been adopted in the US, according to a statement made by Michael Sussman, Senior Counsel, US Department of Justice, Criminal Division, Computer Crime and Intellectual Property Section at an Academy of European Law conference in Trier, Germany, 20 February 2003.
206 Data concerning use of the resource.
207 See generally <http://www.eff.org/Censorship/Indymedia/>.
107
Italy. To comply with the request for the information, Rackspace shut down the
hosting server in London and delivered up drives to the FBI from that server. The
purported reason for providing the physical drives, rather than merely the information
requested, was described in the following terms:
Rackspace employees searched for the specific information requested in
the .subpoena but were unable to locate this information prior to the strict delivery
deadline imposed by the FBI. In order to comply with the mandated deadline,
Rackspace delivered copied drives to the FBI. Shortly thereafter, Rackspace
succeeded in isolating and extracting the relevant files responsive to the subpoena and
immediately asked that the drives be returned by the FBI. The FBI returned the drives,
and it was our understanding that at no time had they been reviewed by the FBI. The
relevant files were then delivered to the FBI.208
The case raises two particular issues of interest. First, execution of a legitimate
bilateral MLA request required implementation in a third country, the UK, with non
involvement from domestic law enforcement209 or seeming consideration of the
legality of such action under English law. This renders the process open to legal
challenge, as well as exposing Rackspace to potential liability. Second, the nature of
the timescales involved in compliance with the order meant that the intermediary,
Rackspace, felt the need to exceed the terms of the request. It can be seen as
illustrating an inevitable tension between the need for speed, with the corresponding
initiatives to reduce the procedural lag, and the ability of a requested party to
appropriately respond. While data retention is a relatively straightforward process,
accessing the requested data may be considerably more problematic.210
Although there are no special conditions governing the admissibility of
computer-derived material under English rules of evidence, prosecutors will often be
challenged to prove the reliability of any such evidence presented. Auditable
procedures will need to be adhered to, often supported by independent expert
208 According to an e-mail from Rackspace to CNet, quoted in 'Details on FBI's secret call for Indymedia Logs , 2 August 2005: available at <http://www.news..com>.
209 In response to parliamentary questions from MPs, Richard Allan and Jeremy Corbyn (20.10.04, Col 725W), John McDonnell MP (27.10.04 Col 1278W), and Lynne Jones (11.11.04, Col 895W"), to Home Office minister Caroline Flint, who replied: '1 can confirm that no UK law enforcement agencies were involved in the matter.
210 See further Sections of this chapter for details.
108
witnesses, to show the probative value of any evidence generated.211 Where such
evidence has been generated abroad, compliance with such procedures, and evidence
of such compliance, is much more complex and vulnerable 10 defense claims of
errors, technical malfunction, prejudicial interference or fabrication, especially where
the evidence was obtained through informal means, and is therefore more likely to be
subject to an application to exclude.212
Need of Mutual Legal Assistance for Extradition
We can take the example of UK, when a UK-based computer system is
‘hacked’; the perpetrator may be located anywhere in the world. Therefore, if a
prosecution is to be mounted, the accused has to be brought to the UK. The formal
procedure under which persons are transferred between States for prosecution is
known as 'extradition'. Either bilateral or multilateral treaties or agreements between
states generally govern extradition.213 In the absence of such a treaty, the state where
the perpetrator resides is ikv required under any rule of public international law to
surrender the person. In such situations, informal mechanisms may be used to bring
the perpetrator to justice. In the case of Levin, for example, the accused was enticed to
leave-Russia, with whom the US did not have an extradition treaty, to travel to
America. As soon as he landed in a country with which the US did have an extradition
arrangement, i.e. the UK, he was arrested.214 Similarly in Gorshkov, the suspects were
hired from Russia to Seat tie-in the United States.215
In an action for extradition, the applicant is generally required to show that the
actions of the accused constitute a criminal offence exceeding a minimum level of
seriousness in both jurisdictions, i.e. the country from which the accused is to be
extradited and the country to which the extradition will be made. This is referred to as
211 See generally the 'Good Practice Guide for Computer Based Evidence' published by the Association of Chief Police Officers: Appendix IV.
212 Supra.169
213 e.g. Agreement on Extradition between the European Union and the United States of America: OJ L181, 19.7.2003, p27.
214 See also Yarimaka v Governor ofHM Prison Brixton; Zeiev v Government of the United States of America [20021 EWHC 589 (Admin).
215 United States v Gorshkov, 2001 WL 1024026 * 1 (WD Wash 2001).
109
the 'double criminality' principle. In Levin, the defendant was accused of commit ting
wire and bank fraud in the United States. No direct equivalent offences exist in
English law, and therefore Levin was charged with sixty-six related offences,
including u/S 2 and 3 of the Computer Misuse Act. At that time, the s 1 unauthorized
access offence only attracted a maximum penalty of six months, which meant that it
was not an extraditable offence,216 although this was reformed when the Act was
amended in 2006.217 Conversely, in the cyber-espionage case, Haephrati, the
defendants were charged with some nine offences under Israeli law, including
infringement of privacy,218 which has no equivalent under English law. However, the
extradition hearing charge was conspiracy to defraud; winch was considered broad
enough to cover the defendants' activities.
Under the Extradition Act 1989, an extradition offence had to be punishable
by a minimum twelve-month imprisonment in both States.219 The Cybercrime
Convention also provides that the offences it details should be extraditable provided
that they are punishable under the laws of both parties 'by deprivation of liberty for a
maximum period of at least one year or by a more severe penalty’.220 It also provides
that the Convention itself may be the legal basis for extradition in the absence of a
treaty between the relevant States.221 However, the 1989 Act was repealed and
replaced by the Extradition Act 2003, under which 'double criminality' is no longer
required for offences listed in Schedule 2 (as specified in the European A rest Warrant
Scheme) in relation to 'Category 1' territories, which are part of the European Arrest
Warrant Scheme.222
216 Computer Misuse Act, s 1(3).
217 See 'Revision of the Computer Misuse Act', Report of an Inquiry by the All Parry Parliamentary Internet Group (June 2004), at para 95 et seq.
218 Protection of Privacy Law 5741 -1981. s 5.
219 Extradition Act 1989, s 2(1). See also R v Bow Street Magistrates' Court, ex pane Allison [1998] 3 WLR 1156, where the court held that ss 2 and 3 of the Computer Misuse Act 1990 were extradition crimes (confirmed by the House of Lords, at 625G).
220 Cyber Crime Convention, Art 24(1).
221 Cyber Crime Convention, Art 24(4).
222 Designated by the Secretary of State under Section 1(1), which could include non-EU States. As of October 2005, Category 1 territories are the 24 EU Member States: Extradition Act 2003 (Designation of Part 1 Territories) Order 2003 (SI No. 3333), as amended, at s 2.
110
Extradition is a complex and often lengthy process, involving, at least in
common law jurisdictions, both judicial and executive decision-taking. In Levin, for
example, the defendant was arrested in March 1995 and yet the judicial process was
not completed until June 1997. Therefore, in order to simplify the process, the EU
Member States have established the concept of a 'European Arrest Warrant' (EAW).223
The Council Decision abolished the formal extradition procedure in favour of a
simplified process in which a warrant issued by a Member State court will be granted
mutual recognition by other Member States and will result in the arrest and surrender
of the requested person. The surrender may be conditional upon the acts detailed in
the warrant being an offence in the executing state.224 However, certain offences,
including 'computer related crime',225 which are punishable in the issuing Member
State by a custodial sentence of a maximum of at least three years (e.g. Computer
Misuse Act 1990, u/S 2 and 3) will be subject to automatic execution of the warrant,
i.e. surrender, without consideration of the dual criminality requirement. Extradition
under such circumstances will also be available even though some element of the
conduct occurred in the UK.226
Part 1 of the Extradition Act 2003 implements the EAW, providing for a
maximum ten-day period from the date of the judicial order for completion of an
extradition to a Category 1 territory, i.e. a Member State of the EU, unless an appeal
has been lodged.227 Part II specifies that extradition to a non-EAW country, referred to
as a 'Category 2' territory, should take-place within 28 days from the date of the
Secretary of State's order,228 although the 'double-criminality' principle continues to be
applicable.229
223 Council Framework Decision (2002/584/JHA) of 13 June 2002 on the European arrest warrant and the surrender procedures between Member States; OJ L 190, 18.7,2002, p 1.
224 Ibid, at Article 2(4). .
225 Extradition Act 2003, Schedule 2, at 11.
226 See Office of the King's Prosecutor. Brussels v. Cando Armas [2004] EWHC 2019.
227 Extradition Act 2003, s 35.
228 Ibid, at s 117.
229 Ibid, at s 137(2)(b).
111
These provisions amend extradition procedures with the US, which are
reflected in a new extradition treaty between the UK and the US.230 This Treaty has
given rise to controversy regarding the different evidential standards that potentially
exist when persons are sent to the US, where prima facie evidence is required, i.e.
evidence sufficient to justify conviction unless challenged or contradicted by evidence
adduced by the defense, compared with obtaining suspects from the US, where
evidence 'as would provide a reasonable basis to believe that the person sought
committed the offence', or 'probable cause', must be shown. As a consequence, an
amendment was inserted during the passage of the Police and Justice-Bill in the
Lords, which would have removed the US from the list of designated Category 2
territories.231
It is also worth noting that the UK is one of the few countries which are
prepared to extradite their own nationals. As a consequence, both the Convention and
the Decision require a Member State to establish jurisdiction over its own nationals
and to prosecute them where, as a matter of national law, such persons may not be
extradited to a requesting State where the crime was committed.232
As with the obtaining of evidence, while there are formal procedures
governing extradition, there are also informal elements involved prior • to, or alternate
to, extradition. In a situation of cross-bonier hacking, for example, the perpetrator will
often have committed offences in more than one country. As such, a decision may
need to be made by the national authority where the perpetrator is located (e.g. the
CPS), whether to commence a domestic prosecution or comply with a request for
extradition. Where extradition is available, a process of negotiation should take place
between the relevant States about the most appropriate forum to prosecute.233
The Issue of Consensus on Cyber Law
230 United States No 1 (2003), Extradition Treaty between the Government of the United Kingdom of Great Britain and Northern Ireland and the Government of the United States, Washington, March 2003, Cm 5821. Not yet ratified by the US, as of September 2006.
231 Police and Criminal Justice Bill, as amended on Report (Lords), as at 11 October 2006, at s 48.
See also the Lords Hansard, 11 July 2006, at Col 625 et seq.
232 Cyber Crime Convention, Art 22(3) and 24(6): 2005 Framework Decision, Art 10(3). Also 2001 Framework Decision, Art 10 and 2004 Framework Decision, Art 8(3).
233 Supra.169
112
The creation of law in a democratic society requires a consensus of the people.
Many scholars believe that there can never be a consensus to support a common law
for cyberspace. Contrary to this position, rules are being created and enforced in the
digital communities. These common norms include social pressure where the offender
is reprimanded by the group or community as opposed to an outside force. Behavior is
also being controlled by contract between users and commercial services in which the
offender is punished by cancellation of services. Such corfimon standards have
historically formed the core of the law. While there may be consensus as to the
current methods of enforcement on the Internet, it has been found that there is no
consensus as whether new legislation should be imposed on network communities by
any nation State. Despite the lack of cohesive thought regarding the need for new law,
consensus building takes place regularly within online communities. This is apparent
from the informal creation of rules and enforcement of penalties. Such consensus
building within the network is the fundament of any future legal regime or regimes.234
However, there is a dichotomy between the community standards applied
within the network as opposed to the legal standards applied from outside the Internet
community. A network community standard may be accepted and followed by net
citizens, but external legal standards can be flagrantly violated despite the fact that
wrongdoers may be punished by the nation State.235 When there is no fear of
punishment from the authorities, the nation state no longer has power to control the
individual. Despite the wild reputation created by the media, the network
communities mostly consist of law-abiding people. Many of these individuals want to
work toward appropriate legal standards and within current political constraints.
Cyberspace is not a nation State. The community standards of the many
network communities are not a formal legal system. There is a lack of consensus as to
whether new laws should be created or if old laws can be applied to the digital realm.
However, rules are being created and enforced by individual communities. Although
community standards do not, alone, constitute a legal system, such standards create
the basis for formal legal systems. The existence of such norms is evidence of the
ability of the social system to create law.
234 Supra.9
235 Kerr, Orin S. The Problem of Perspective in Internet Law, Georgetown Law Journal, 91, 357-405, 2003.
113
114
CHAPTER – 4
EFFECTIVE JUDICIAL PROCEDURAL MECHANISM FOR EFFECTIVE
TRIAL
In cyberspace even simple transaction amounts to implausible issue of
jurisdiction on the Net. For the sake of brevity, I am not repeating the nature of the
internet and in the foregoing chapters it has been studied in depth the issue of
jurisdiction. The important question here is how far the Indian courts and court abroad
has addressed to resolve this issue to conclude effective trials. Due to multiple-parties
creating virtual nexus in cyber space, it has contributed to the absolute uncertainty and
contradictions that outbreak judicial decision in the area of cyber jurisdiction.
Pragmatically, due to absence of boundaries in cyberspace the parties can be
subjected to the jurisdiction of a different country. The subsequent aspects have been
dealt to understand the whole functioning of tracking cyber criminals and the way we
can deter them from doing such acts. Now how the judiciary respond to cyber acts
where there is foreign element and on which principle the Indian courts are guided.
The reason why the following are discussed is that the judiciary cannot function in
isolation from the law enforcers and to conclude successfully this chapter, it is vital
that we should study the following aspects first.
1. Investigation,
2. prosecution and
3. Ways to shield a computer related crime
The cyber crime complaint whether it is related through, Computer or Mobile
or such other electronic instrument in committing the wrong. There may be a case for
recognizing a Cyber Crime. The complainant should approach the nearest Police
Station designated as a "Cyber Crime cell or police station." Otherwise he/she should
contact a police station where a Dy.SP is available.
115
What information is required to lodge a complaint?236
If you are a victim of hacking
Bring the following information
Server Logs
Copy of defaced web page in soft copy as well as hard copy format, if
your website is defaced
If data is compromised on your server or computer or any other
network equipment, soft copy of original data and soft copy of
compromised data.
Access control mechanism details i.e.- who had what kind of the access to
the compromised system
List of suspects – if the victim is having any suspicion on anyone.
All relevant information leading to the answers to following questions
What? (What is compromised?)
Who? (Who might have compromised system?)
When? (When the system was compromised?)
Why? (Why the system might have been compromised?)
Where? (Where is the impact of attack-identifying the target system
from the network?)
How many? (How many systems have been compromised by the
attack?)
If you are a victim of e-mail abuse, vulgar e-mail etc.
Bring the following information-
Extract the extended headers of offending e-mail (If you do not know how
to extract header please refer to section 1 of this FAQ).
Bring soft copy as well hard copy of offending e-mail.
Please do not delete the offending e-mail from your e-mail box.
Please save the copy of offending e-mail on your computer’s hard drive.
The pre-requisite condition for filing a complaint is do not delete any information
that may be of use as evidence. The complaint letter should be written with a
236< http://www.cybercellmumbai.com/faq/information-required-for-complaint>
116
description of what appears to have happened and how the complaint is being
aggrieved by such act.
Jurisdictional aspect of the complaint
A complaint can be lodged in any Police Station. After registration of the FIR,
the Police Station registering the complaint can transfer the FIR to the jurisdictional
Police Station / AWPS for investigation. If the complaint indicates a cognizable
offence, an FIR should be registered by the officer-on-duty of the Police Station and
investigation taken up; if the facts do not prima facie indicate commission of a
cognizable offence, a complaint should be registered in the CSR (Community Service
Register) and an enquiry taken up.
Criminal Procedure Code – The provisions are
Sec.161 and 162 Cr.P.C. deal with recording of statements of witnesses by the Police.
The statements of the witnesses are not to be signed.
Sec.173 Cr.P.C. states that after completion of investigation, the investigation officer
shall forward a Police report to the jurisdictional magistrate giving the result of the
investigation and further action to be taken.
Police has been given powers to investigate cybercrime the regular trial courts try the
offences as per Cr.P.C. However there is a need to create specialists courts and
procedure for cybercrimes because of the highly technological nature of these crimes
4.1 Investigation237
Incident Response – an antecedent to Techniques of Cyber investigation &
forensic tools Incident response is an expedited reaction to an issue or occurrence.
Pertaining to information security, an example would be a security team's actions
against a hacker who has penetrated a firewall and is currently sniffing internal
network traffic. The incident is the breach of security. The response depends upon
how the security team reacts, what they do to minimize damages, and when they
237Brian D. Carrier, “Basic Digital Forensic Investigation Concepts” June 07, 2006 at; <
http://www.digital-evidence.org/di_basics.html>
117
restore resources, all while attempting to guarantee data integrity. Think of your
organization and how almost every aspect of it relies upon technology and computer
systems. If there is a compromise, imagine the potentially devastating results. Besides
the obvious system downtime and theft of data, there could be data corruption,
identity theft (from online personnel records), embarrassing publicity, or even
financially devastating results as customers and business partners learn of and react
negatively to news of a compromise.
RESOLUTION REPORTING
Figure 4.1
Goals of incident response238-
1. Confirms or disband whether an incident has occurred
238 Chris Prosise and Kevin Mandia, “Incident response & computer forensics”, Mc Graw-Hill,
U.S.A Ed: 2, 2003
118
detection of incidents
initial response
formulate response stratergy
investigate the incident
pre-incident response
data collection data anaylsis
2. Promotes accumulation of accurate information
3. Establishes control for proper recovery and handling of evidence
4. Minimizes exposure and compromise of proprietary data
5. Provides accurate response and useful recommendations
6. Educate senior management
7. Help in detection/prevention of such incidents in the future,
8. Provides rapid detection and containment
9. Minimize disruption to business and network operations
10. To facilitate for civil or criminal action against perpetrators
A digital investigation is a process to answer questions about digital states and
events. The basic digital investigation process frequently occurs by all computer users
when they, for example, search for a file on their computer. They are trying to answer
the question "what is the full address of the file named important.doc?” In general,
digital investigations may try to answer questions such as "does file X exist?", "was
program Y run?", or "was the user Z account compromised?” A digital forensic
investigation is a special case of a digital investigation where the procedures and
techniques that are used will allow the results to be entered into a court of law. For
example, an investigation may be started to answer a question about whether or not
contraband digital images exist on a computer. An average Microsoft Windows user
may be able to answer this question by booting the computer and using the Find Files
function, but these results may not be court admissible because steps were not taken
to preserve the state of the computer or use trusted tools.
The digital investigation process involves formulating and testing hypotheses
about the state of a computer. We must formulate hypotheses because we cannot
directly observe digital events and states and therefore we do not know facts. We
must use tools to observe the state of digital data, which makes them indirect
observations. This is similar to being told about something instead of seeing it for
yourself. The amount that you believe what you are told is based on how much you
trust the person. With digital investigations, the confidence is based on the trust of the
hardware and software used to collect and analyze the data. The methods used to
formulate and test the hypotheses can make the investigation process a scientific one.
119
Digital evidence is data that supports or refutes a hypothesis that was formulated
during the investigation. This is a general notion of evidence and may include data
that may not be court admissible because it was not properly or legally acquired.
General Process
There is no single procedure for conducting an investigation. I find that an intuitive
procedure is to apply the same basic phases that are used by police at a physical crime
scene, where we instead have a digital crime scene. Note that there are many details
that are ignored in the following paragraphs.
1. The first step is preservation, where we attempt to preserve the crime scene so
that the evidence is not lost. In the physical world, yellow tape is wrapped
around the scene. In a digital world, we make a copy of memory, power the
computer off, and make a copy of the hard disk. In some cases, the computer
cannot be powered off and instead suspicious processes are killed and steps
are taken to ensure that known evidence is copied and preserved.
2. The second step is to survey the crime scene for the obvious evidence. The
"obvious" evidence is the evidence that typically exists with investigations of
this type. For example, at a physical crime scene where a violent crime has
occurred, then the "obvious" evidence may have blood on it or be damaged. In
a digital crime scene, the obvious evidence may be found based on file types,
keywords, and other characteristics.
3. After the obvious evidence has been found, then more exhaustive searches are
conducted to start filling in the holes. With each piece of evidence that is
found, there could be questions about how it got there. Questions such as
"which application created it?" or "what user caused it to be created?” If so,
then event reconstruction techniques are needed to determine which
application-level event occurred. This is similar to reconstructing where a
bullet was shot from.
Digital Forensics vs. Digital Forensic Investigation
The term digital forensic investigation over digital forensics because the
process that is associated with "digital forensics" is much more similar to a physical
crime scene investigation than to physical forensics. The "physical forensics" is used
to answer a more limited set of questions than a general investigation. Physical
forensics is used to "identify" a substance, which determines the class of the
120
substance. For example, a red liquid could be identified as blood or fruit juice.
Physical forensics is also used to "individualize" an object, which determines the
unique source of an object. For example, blood from a crime scene could be compared
with a sample from a suspect to determine if the two blood samples are the same or
two bullets could be compared to determine if they were shot from the same gun. The
process to determine how someone compromised a computer and identify what they
had access to is much more involved than identification and individualization. It is a
process of searching for evidence and then analyzing it. Therefore, I think that digital
investigation and digital forensic investigation are more accurate terms.
IMAGE 4.2
Investigating Officer’s Inspection 239
1. Hardware is contraband or fruits of crimes-. (Stolen, misappropriated, illegal
hardware)
2. Hardware as instrumentality (hard ware designed specifically for crime.)
3. Hardware as evidence (CD writer being used for duplicating pornographic
CD)
239 “Detection And Protection Of Cyber Crime” Presentation By Assistant Commissioner Of Police, Crime Branch, Ahmedabad City
121
4. Information as contraband or fruits of crime pirated computer program, stolen
trade secret, passwords and any other information obtained by criminal means
Information as an instrumentality Program that will help gaining unauthorized
access to computer systems
5. Information as evidence- (threatening letter stored in a computer of a suspect,
e- mail message in the mail box or various documents, which support the
prosecution in presenting case.)
Detection /investigation is a team effort comprising of law enforcement
agencies, forensic scientist, Lawyers and Computer security professional
Detection – Prevention includes Setting Up A Cyber Crime Investigation Cell.
To prevent the various cyber crimes that take place every day it is essential to
establish a dedicated cell. .Need for a Cyber Forensic Cell , Basic Cyber
Crime Investigation Tool ,Forensic Software, Window GUI Technology base
Forensic Software for examination of File systems FAT12, FAT16, FAT32,
NTFS, LINUX, UNIX, MACINTOSH, CDROM and DVD-R.
Since policing is a matter of the state, and complaints have to be lodged with
the local police, it all depends under which law the police register a case; it so
happens that for the most part they prefer the age-hold penal code. Local police are
not conversant with the intricacies of the nationally legislated IT Act. But once a case
is filed under the penal code, the method of investigation must follow certain
guidelines that make it extremely difficult to prove most cyber crimes, experts say.
Even under the IT Act, investigations in India are not easy. This is mainly due
to the lack of what is called “cyber forensics.” We know that forensic evidence is
important in normal criminal investigations. But the collection and presentation of
electronic evidence to prove cyber crimes have posed a challenge to investigation and
prosecution agencies and the judiciary. Cyber-related techno-legal acumen and
knowledge are not well developed in India. These require a sound working and
practical knowledge of information technology as well as relevant legal knowledge.
Cyber laws, international telecommunications laws, cyber forensics, digital
evidencing and cyber security pose difficult and sometimes hard to understand legal
122
challenges to the courts. This explains why there are almost no convictions of cyber
criminals in India. Judges in India must fill in this legal gap.240
4.2 Prosecution
For preventing and punishing computer crimes and cyber criminals, a legal
structure which support detection and successful prosecution of offenders are
necessary. In India after the enactment of the I.T. Act along with amendments to
Indian Evidence Act and Indian Penal Code, electronic record is admissible evidence
and any wrongful act against electronic record is a punishable crime. There is
jurisdictional problem arises when the computer statute of one country recognizes one
act as a crime and another country’s laws do not. Further cyber crimes can be
committed from anywhere in the world which mandates unconditional cooperation
and legal assistance from other nations to bring the criminals before the law.241
The basic problem is law enforcement personnel/prosecutors who are well conversant
with criminal nature of the cases and knows the procedure of gathering evidence and
bringing offenders to justice lacks specialized knowledge in cyber matters. Therefore,
IT professionals who understand the language of the computers and its technicalities
are the ones – who can track down information from them. Thus, the IT professionals
and the law enforcement/prosecutors cannot work in isolation. They have to work to
State of Punjab vs. Amritsar Beverages Ltd242.
In this case, a raid was conducted in premises of the Amritsar Beverages Ltd.
and books, accounts, documents, computer disk were seized by the officers of the
Sales Tax Department of the State of Punjab. The company filed a writ petition before
the High Court for not returning the seized books, accounts, documents and computer
disk even after stipulated time. The Court allowed the prayer and also imposed costs
of Rs. 2,500/- on the officers responsible for withholding the books, accounts, etc.
personally from their pockets. While the case was in appeal before: the Supreme
240 Prakash Nanda., “ India's cyber crime challenge” , March 09, 2010, at; <http://www.upiasia.com/Security/2010/03/09/indias_cyber_crime_challenge/6678/>
241 cyber Forensics and Challenges for law enforcement, at; <http://www.cyberseminar.cdit.org/pdf/08_02_09/pg_19.pdf>.242 {2006} 7 BCC 607
123
Court, the Court referred to the difficu1ties of enforcement officers which may be
faced by them who may not have any scientific expertise or did not have the sufficient
insight to tackle the new digital evidence. The court noted that though Information
Technology Act, 2000 was amended to include various kinds of cyber crimes and the
punishments therefore, does not deal with all problems which are faced by the officers
enforcing the said Act. The court has also noted the amendments made to the Indian
Penal Code to include electronic documents within the definition of ‘documents’ and
to the Indian Evidence Act to include admissibility of computer outputs in the media,
paper, optical or magnetic form.
The criminal prosecution process
Figure 4.3
Quintessential for groundwork of prosecution in cyber cases243
Collect all evidence available & saving snapshots of evidence
243 Karnika Seth, “Investigation, prosecution and defending of a computer related crime presentation”, presented by New Age Cybercrime conference Novotel, Mumbai 29& 30th Oct 2009.
124
Conviction/acquittal
Trial
Contents of charge
Issue of process –summons, warrant
Examine the witnesses
Examine the complainant on oath
Initiation of criminal proceedings-cognizance of offences by magistrates
Seek a cyberlaw expert’s immediate assistance for advice on preparing for
prosecution
Prepare a background history of facts chronologically as per facts
Pen down names and addresses of suspected accused.
Form a draft of complaint and remedies a victim seeks
Cyber law expert & police could assist in gathering further evidence e.g.
tracing the IP in case of e-mails, search & seizure or arrest as appropriate to
the situation
A cyber forensic study of the hardware/equipment/ network server related to
the cybercrime is generally essential.
4.3 Who are the relevant law enforcers of cyber crimes? / Ways to shield a
computer related crime
Rishi Chawla, Dgm – Corporate Regulatory in Vodafone Essar Limited, Mumbai has
extensively contributed to understand this question
1. As per Section 46 of IT Act an Adjudicating officer(s) shall conduct and
enquiry and adjudicate whether a person has committed any contraventions as
mentioned under the Information Technology Act 2000. The appeals lie to
CRAT (Cyber Regulatory Appellate Tribunal) . CRAT as envisaged under
Section 48 of the Act has been recently formed by the Ministry of
Communications and Information Technology. Section 78 and Section 80 of
the Act provides powers to Police officer (not below DSP rank) to investigate,
search and make arrest regarding Offences mentioned under the Act. Giving
powers to the Police imply that offences will be tried by the regular trial courts
under the Cr. P. C and no separate courts have been established for this.
2. State Police and CBI have separate cells to investigate cybercrimes. Eg. The
Cyber cell under the Economic Offences Wing of Delhi Police is responsible
to investigate the cybercrimes in Delhi
3. The Central Bureau of Investigation (C.B.I) in India set up a ‘Cyber Crime
Investigation Cell’ and "Cyber Crime Research &Development Unit"
(CCRDU) to collect and collate information on cyber crimes reported from
different parts of the country.
125
4. The function of this is to liaise with State Police and other enforcement
agencies and to collect information on cases of Cyber Crime reported to them
for investigation and also find out about the follow-up action taken in each
case. The Unit liaises with software experts to identify areas that require
attention of State Police for prevention &detection of such crimes with a view
to train them for the task. It collects information on the latest cases reported in
other countries and the innovations employed by Police Forces in those
countries to handle such cases.
Some suggestions for strengthening the cybercrime investigations and prosecution
1. Mumbai Cyber lab is a joint initiative of Mumbai police and NASSCOM –
more such partnerships between industry and Law enforcement agencies
(LEAs) should be formed so that LEAs become more conversant in
investigating and prosecuting cybercrimes.
2. More Public awareness campaigns
3. Training of police officers to effectively combat cyber crimes
4. More Cyber crime police cells set up across the country
5. Effective E-surveillance
6. Websites aid in creating awareness and encouraging reporting of cyber crime
cases.
7. Specialised Training of forensic investigators and experts
8. Active coordination between police and other law enforcement agencies and
authorities is required.
4.4 Judicial procedural mechanism
International front
For jurisdiction purposes, web sites are split into two groups: passive and
interactive. Passive sites provide information in a "read only" format, Interactive sites
encourage the browser to enter information identifying the browser and/or providing
background on the browser's interests or buying habits. It is no surprise that courts are
more willing to find that a web publisher who solicits information about the forum's
residents is purposefully availing itself of the forum's benefits than a publisher who
simply provides information about the publisher, its products and services.
126
In a trademark infringement case similar to Zippo, American Network, Inc. v. Access
American/contents Atlanta Inc, a Georgia defendant was hauled into a New York
court. A New York plaintiff sued the Georgia defendant for trademark infringement
and unfair competition in the U.S. District Court for the Southern District of New
York- The plaintiff, a provider of similar consulting services to those provided by the
defendant, claimed the mark used by the defendant, ," infringed the plaintiff's mark .
New York's long-arm statute includes a provision for jurisdiction over an out of slate
tortfeasor when harm is felt within the state if the defendant has reason to expect in
stale consequences and the defendant derived substantial revenue from interstate or
international commerce. Since the plaintiff's business was located in New York, and
the defendant was aware of such, it was reasonable for the defendant to expect that the
publication of the offending mark on the Internet would' result in harm suffered in
New York, The court, looking further to due process, stated that the web page alone
would not necessarily have been enough, but that additional contacts with six New
York subscribers to the advertised services established purposeful availment.
Additionally, the court held that those subscribers evidenced the defendant's efforts to
market his services in New York, making a New York court appearance a reasonable
expectation. Since marketing was the basis for the cause of action, the defendant's on-
line actions were found to be directly related to the complaint.
Passive activity is considered a "posting" of information, lacking interaction and is
typically an advertisement on the Web. As mentioned earlier, one of the first federal
cases deciding whether an advertisement posted on a web site is sufficient to confer
jurisdiction over an out-of-state defendant was Inset Systems, Inc. v. Instruction Set,
Inc- Held that the defendant was subject to jurisdiction in Connecticut because its
advertising activities were purposefully directed to Connecticut. Taken one step
further, this would suggest that advertising over the Internet confers jurisdiction in
any state or country where it could be accessed. The Court concluded that since the
defendant "purposefully directed its advertising activities toward this state on a
continuing basis ......" it could reasonably anticipate the possibility of being hauled
into court here. To avoid such an untenable result, one should keep in mind the
particular facts of the Inset case, namely that jurisdiction was established in
Connecticut over a Massachusetts corporation, implying that the reasonableness prong
played an important role.
127
The Compuserve v. Patterson properly declined the question of whether the
jurisdiction would be proper wherever the defendant's software happened to land, yet
this question is relatively simple in the context of a proprietary system where the
subscribers are known to the system owner. By contrast, the Internet is owned by no
one, there are no subscription fees, and no reliable records of who is using the
network, or of where they may be located. This poses severe problems for a due
process analysis based on territorial contacts; anomalous results may be expected
because the network's structural indifference to geographic position is incongruous
with the fundamental assumptions underlying the International Shoe test.
Thus, personal jurisdiction over an Internet user will most frequently be
premised on the user's contacts with the forum. Given the nature of on-line
transactions, those contacts will in many cases be solely Internet-based contacts. As
described above, the "minimum contacts" test requires the tribunal to inquire whether
the defendant cybernaut has purposefully availed herself of the benefits of the forum
state, such that she might reasonably foresee being haled into court there. In
particular, pecuniary gain from the forum is assumed to signal that the defendant has
"benefited" in a concrete way from the laws and public services of the forum244.
Indian front
With the ever-growing arms of cyber space the territorial concept seems to
vanish. New methods of dispute resolution should give way to the conventional
methods. Though S.75 provides for extra-territorial operations of this law, but they
could be meaningful only when backed with provisions recognizing orders and
warrants for Information issued by competent authorities outside their jurisdiction and
measure for cooperation for exchange of material and evidence of computer crimes
between law enforcement agencies.The court often faces challenges to resolve
disputes involving foreign elements in cyberspace. Let us discuss the cases laws in
support of the above. In, Independent News Service Pvt Limited v India Broadcast
Live Llc and Ors245.
“45. …… there is no „long arm‟ statute as such which deals with jurisdiction
as regards non-resident defendants. Thus, it would have to be seen whether the
244S J Tubrazy (Advocate) “ Jurisdiction In Cyber Space”, at; <ttp://www.articlecompilation.com/profile/s-j-tubrazy/9867>245 Supra.101
128
defendant‟s activities have a sufficient connection with the forum state (India);
whether the cause of action arises out of the defendant‟s activities within the forum
and whether the exercise of jurisdiction would be reasonable.
46. I am in agreement with the proposition that the mere fact that a website is
accessible in a particular place may not itself be sufficient for the Courts of that
place to exercise personal jurisdiction over the owners of the website. However,
where the website is not merely „passive‟ but is interactive permitting the browsers
to not only access the contents thereof but also subscribe to the services provided by
the owners/operators, the position would be different…….. even where a website is
interactive, the level of interactivity would be relevant and limited interactivity may
also not be sufficient for a Court to exercise jurisdiction……….”
Therefore, due to absence of uniformity in regulating such disputes there has
been ambiguity and what India requires is a greater means of “accessing” extra-
territoriality. Indian laws have so far dealt with two sets of reasoning
Recently last year, in Banyan Tree Holding Private Limited v A Murali
Krishna Reddy and Others examined these aspects and categorically held that merely
examined these aspects and categorically held that merely accessing a website in
Delhi would not satisfy the exercise of jurisdiction by Delhi High Court. The high
court held that jurisdiction of the forum court (the court where a suit is filed) is not
satisfied merely on the basis of “interactivity” of the website which is accessible in
the forum state. It is also necessary to examine the nature of the activity in order to
determine if it is permissible and whether it results in a commercial transaction. It has
to be necessarily shown that the website was specifically targeted at viewers in the
forum state for commercial transactions which resulted in injury or harm to BTH
within the forum state. Since BTH is not located within the jurisdiction of the court,
any harm to its business, goodwill or reputation within the forum state as a result of
the developer’s website accessibility in that state would have to be shown. Naturally,
this would require the presence of BTH in the forum state, not merely the possibility
of such a presence in the future. This judgment is a promising start to the speedy
settlement of other web-related disputes in India246.Though it has still to achieve that
and lot needs to be done to effectively conclude trials in other peculiar cyber matters.
246 Priti Suri and Neeraj Dubey “Judgment clarifies key issues in web-related disputes”; < http://www.psalegal.com/pdf/PSA-Feb-201002112010032551PM.pdf>
129
CONCLUSION & SUGGESTIONS
Under the Introduction few questions were set to critically analyze the study.
Therefore, it will be unpardonable if they are not discussed over here. So, over here I
have tried to answer these questions through the data collected for research.
Where an internet activity has a cross border element, on what principles can we
decide which country’s law applies and which court has jurisdiction?
The governing factor under cross border element in cyberspace is primarily,
Private International Law. Like Europe, England governed by rules laid down under
the Convention on Jurisdiction and the Enforcement of Judgments in Civil and
Commercial matters (the Brussels Convention) which was signed in 1968. According
to that the principles of jurisdiction are simplified and it lay down that in absence of
contractual clause, the jurisdiction will fall in courts where the defendant is domiciled.
India not a party to such international treaty had to face challenge of
determining jurisdiction. It lacks statutory provisions in order to assume jurisdiction
under private international law and handful of court precedents had made this task
challenging. In National Thermal Power Corporation v. The singer Company247, the
Hon’ble Supreme Court answered the above question and held in absence of
governing law relating to commercial contract between the parties falling under
different countries; manifestation of the intention of the parties to submit to a
particular jurisdiction is taken into consideration. However, nonexistence of that
should be governed by by discovering “sound ideas of business, convenience and
sense to the language of a contract”. Where the parties have not expressly or
impliedly selected the proper law, the court applies the objective test i.e., the judge
has to determine the proper law for the parties in such circumstances by putting
himself in the place of a “reasonable man”.
247 AIR 1993 SC 998
130
2. On what basis can a national government claim to apply its laws and regulations to
internet activities which originate in a different jurisdiction?
The government of various countries limit the scope of exercising extra-
territorial effect of their laws by applying the principle of comity. This means that the
reasonability of applying national laws to different countries should be observed.
Normally, implementation of national laws is simple based on the territorial border of
the nation. This means to apply national laws to activities undertaken within the state.
However, applying national laws to internet activities is quite different and not as easy
as applying it in the physical world. Therefore, there is need to unite the country of
origin regulation with an appropriate degree of convergence of national laws.
The jurisdiction of Indian courts over foreign citizens or residents is
mentioned under various sections of CPC. U/s 16 OF CPC -It deals with subject
matter jurisdiction i.e., Suits to be instituted where subject-matter situate? Subject to
the pecuniary or other limitations prescribed by any law, suits? It talks about suit in
respect of immovable property and movable property. However in this section
property means property situated in India .Therefore, the Indian courts cannot assume
jurisdiction over immovable property situated within the jurisdiction of a foreign state
and cyber related dispute seldom come within the ambit of immovable property.
U/s 20 of CPC -It is clear that the Indian courts will assume jurisdiction over a
matter if, even a part of the cause of action of the dispute arose within the jurisdiction
of the specified court. However, with respect to internet activities what constitute a
part of the cause of action. Unlike, U.S , India has not drafted principles governing
interpretation of proper law of the contract. Instead the courts in India applies
objective test as mentioned in National Thermal Power Corporation v. The singer
Company.
The information technology Act 2000, under section 1(2) The Act brings
within the jurisdiction of Indian court any act which is an offence under the Act and
committed either within or outside India This section is read with Section – 75 of
131
Information Technology Act’2000 - Act to apply for offence or contravention
committed outside India
Also, Section 75 of the Act also extends jurisdiction to any offence or
contravention committed outside India by any person. This section stipulates that the
nationality of a person is not a relevant consideration. However, the provision
specifies that an offence or contravention which was committed outside India by any
person if the act or conduct constituting the offence or contravention involves a
computer, computer system or computer network which is located in India. As
mentioned in the foregoing chapter that, it is pertinent therefore in this context to
draw principles that are reasonable and define circumstances in which India may hold
jurisdiction in cross border disputes as American courts have propounded. Even then
the 2008 amendments to the IT Act do not address jurisdictional issues.
In the absence of “harmonisation of laws” and “common standards” it becomes very
difficult to tackle cyber crimes and contraventions. An activity may be an offence in
one jurisdiction whereas it may not in another jurisdiction. Further, in the absence of
constructive “extradition arrangements” between two countries it becomes very
difficult to extradite the offender to the concerned jurisdiction.
Let’s analyze the questionnaire filled by people having considerable knowledge in the
field.
Survey: the process
Following is the outcome of the questionnaire filled. Below are the questions
answered by them.
1. Do you think ascertaining jurisdiction is the main problem/challenge in
cyber cases in India?
Yes No
Two people answered yes and thus, ascertaining jurisdiction is the main problem
in cyber cases in India.
132
2. Have you ever sought or received a request for international legal
assistance in a cyber crime case? What mechanisms were used to provide
assistance and how quickly the assistance provided?
Three of them said they never received such request.
3. What according to you is the biggest threat to the cyberspace?
some of them are cyber terrorism, inadequacy of cyber forensics, Hacking, Virus,
Online Credit card frauds, Phishing, IPR Infringements, theft of propriety
information, SPAM, Denial of Service etc. are the biggest threats to Cyberspace/
identity theft.
However majority says Data theft is the biggest threat.
4. Have you ever faced any difficulty in ascertaining the jurisdiction of the
cyber crime?
Yes No
Majority of them says yes and therefore, there is a difficulty in ascertaining the
jurisdiction in cyberspace.
5. Are we able to point out the crime and the place where the contracts are
made electronically? Also, on what basis it is determined, which court will
have jurisdiction.
Majority of them says yes under the provisions of IT ACT.2000. Based - where
the contracts have been executed have the jurisdiction (unless specifically agreed
between the parties in the contract).
6. Who are the relevant law enforcers of cyber crimes?
133
Majority says, Cyber Crime Investigation Cell’ and "Cyber Crime Research
&Development Unit" (CCRDU), Police officer (not below DSP rank) ,State
Police and CBI have separate cells to investigate cybercrimes.
7. How far the criminal code of procedure is applicable to investigate
matters of cybercrime?
a. The regular trial courts try the offences as per Cr.P.C.
8. When the disclaimer on the website of some country abroad, stating that
any dispute arising shall fall under the jurisdiction of that country; but if the
crime took place in India how the national laws apply to such cases and
procedure accordingly?
Majority says that the Indian courts have inherent powers to exercise. However,
in respect of civil contracts they may not work.
9. Do you think the INFORMATION TECHNOLOGY ACT’ 2000 is vague
in ascertaining the jurisdiction in cyberspace in India?
Yes No
Majority says yes it is a problem.
10. If yes what according to you are the suggestive ways to cope up with the
above mentioned situation?
Majority says, amendment should be made in the present IT laws to incorporate
jurisdictional aspect unequivocally.
11. Do you think Indian legislators should formulate a separate procedural
law/code for Information Technology Act’2000 to resolve jurisdictional
issues? For example Cr.p.c for Indian Penal Code.
134
Yes No
Majority says no but they say Special legislation and courts are required to be
made because of the highly technical nature of the crimes.
Hence, the hypothesis is proved that “ The provision in the Indian Information
Technology Act for effectuating the jurisdictional powers in the court appear to
be vague and ascertainment of the jurisdiction requires further clarification”.
Recommendations for Jurisdictional Rules in India
(a) International Co-Operation At Level Should Be Developed In This
Respect.
(b) Reforms in Indian law to tackle jurisdictional issues in cyberspace.
(c) A number of jurists have opted for the notion that cyberspace should
be treated as a separate jurisdiction. However, in practice this view is
not supported by the Courts or addressed by the lawmakers. Though
this can be an important consideration
(d) Different amendments in the above legislations may assist the Indian
Courts in dealing with the jurisdictional issues in criminal cases
(e) The rules for choice of jurisdiction in Private International Law matters
in India are scattered in a few cases but even they are incomplete and
insufficient. The Indian courts should comprehend judgments passed in
U.S courts as their laws in this respect are well settled. However, the
Indian courts should in no way isolate will the fundamental principles
settled by the Indian courts.
135
BIBLIOGRAPHY
PRIMARY SOURCE
LEGISLATION (STATUTES) ___________________________________________
1. Information Technology Act’2000
2. Indian penal code
3. Criminal procedure code
4. Civil code of procedure
5. Restatement (third) of Foreign Relations Law of the United States
6. Vienna Convention on Diplomatic Relations
7. Convention on Accession to the Convention on Jurisdiction and the Enforcement of
Judgments in Civil and Commercial Matters
8. convention of cyber crime, Budapest, 23.XI.2001
9. G8 'Principles and Action Plan to Combat High-tech Crimes
10. Crime (International Co-operation) Act 2003
11. Agreement on Extradition between the European Union and the United States of
America: OJ L181
12. UK’s Computer Misuse Act 1990
13. Hague Convention on “Jurisdiction and Recognition and Enforcement of Foreign
Judgments in Civil and Commercial Matters
14. Extradition Act 2003
15. Police and Criminal Justice Bill, as amended on Report (Lords), as at 11 October
2006, at s 48. See also the Lords Hansard, 11 July 2006, at Col 625 et seq.
SECONDARY SOURCES
136
BOOK_______________________________________________________________
1. Kumar ,Anupa P, “Cyber Laws”, Mr. Anupa Kumar Patri, 2009
2. Kamath, Nandan., “Law relating to computers internet & e-commerce”, Universal
Publishing Co.Pvt.Ltd, 2009
3. Reed ,Chris, “Internet Law test & Materials”, Universal Publishing Co.Pvt.Ltd , 2005
4. Diwan, Parag et al., “It Encyclopaedia.Com”, Pentagon Press New Delhi, 2000, Vol.
IV
5. Chaubey, Dr. R.K, “An introduction to cyber crime and cyber law”, Kamal Law
house,Kolkata , 2009
6. Shelly , Gary B. et al, “Microsoft Office 2007: Introductory Concepts and Techniques,
Premium Video Edition”, 2009
7. Karanjit, Siyan, “Inside TCP/IP”, New Riders Publishing, 1997
8. Hundley, Richard O and Robert H, “Emerging Challenge: Security and Safety in
Cyberspace”. Anderson in IEEE Technology and Society, (Winter 1995/1996)
9. Seth, Karnika, “Cyber Laws in the Information Technology Age”, LexisNexis
Butterworths,2009
10. Mittal, Raman and S.K,Mittal, “Legal Dimension of Cyberspace”, Indian Law
Institute, New Delhi,2004
11. Ian, Walden, “Computer Crimes and Digital Investigations”, Oxford University Press,
2007
12. Prosise , Chris and Kevin Mandia, “Incident response & computer forensics”, Mc
Graw-Hill, U.S.A Ed: 2, 2003
13. Matthan, Rahul, “The law relating to Computers and the Internet” , Butterworths
India, 2000
14. Lowenfeld, Andreas, “International Litigation and the Quest for Reasonableness”
Oxford University,(1996).
15. Noronha ,Dr. F.E, “ Private International Law in India”, Universal Publishing Co. Pvt.
Ltd , 2010
16. Vakul Sharma, “Information technology law and practice”, Universal Publishing Co.
Pvt. Ltd , 2007
137
JOURNAL ARTICLE __________________________________________________
1. Seitz, N, "Transborder search: A new perspective in law enforcement?', pp 23-
50, Yale Journal of Law and Technology, hall 2004-05, at p 32. See also
Brenner, S and Koops, B-J, 'Approaches to Cybercrime jurisdiction', 4 Journal
of High Technology Law I (2004).
2. Kerr, Orin S. The Problem of Perspective in Internet Law, Georgetown Law
Journal, 91, 357-405, 2003
REPORT (WEB) _____________________________________________________
1. Steven A. Hildreth., “CRS Report for Congress” at;
<
http://www.law.umaryland.edu/marshall/crsreports/crsdocuments/RL30735_0
6192001.pdf>
WEBSITE_____________________________________________________________
1. http: //cyber.law.harvard.edu/property00/nonframe_current.html.
2. http://www.bizymoms.com/computers-and-technology/evolution-of-the-
internet.html
3. http://www.scribd.com/doc/20262442/Encyclopedia-of-Cyber-Crime
4. http://www.livinginternet.com/w/wi_mosaic.htm
5. http://www.w3.org/Consortium/technology
6. http://www.webopedia.com/TERM/S/server.html
7. http://www.mygeekpal.com/23/the-internet-misconceptions-explained/
8. http://www.livemint.com/2009/08/20000730/India-emerging-as-centre-forc.html
9. http://news.outlookindia.com/item.aspx?657123
138
10. http://www.symantec.com/avcenter/reference/cyberterrorism.pdf
11. http://www.ieid.org/congreso/ponencias/Nagpal,%20Rohas.pdf
12. http://mateenhafeez.blogspot.com/2009/05/threat-email-police-slap-cyber.html
13. http://www.authorstream.com/Presentation/Riccard-57527-cyber-attacks-
Discussion-Critical-Infrastructures-Using-Systems-Against-Us-a-Education-ppt-
powerpoint/
14. http://www.scribd.com/doc/26121255/Cyber-Terrorism-Hype-or-Hazard
15. http://www.neerajaarora.com/“cyber-terrorism”-a-broader-concept/
16. http://fanaticmedia.com/infosecurity/archive/Nov09/Cyber%20Crime%20-
%20Gaining%20New%20Threat%20Vectors.htm
17. http://www.law.umaryland.edu/marshall/crsreports/crsdocuments/
RL30735_06192001.pdf
18. http://voip.about.com/od/voipbasics/a/whatisvoip.htm
19. http://www.pcworld.com
20. http://www.acm.org/ubiquity/views/v4i49_nasir.html
21. http://ecommercelaw.typepad.com/ecommerce_law/2006/05/issue_4_the_pot.htl
22. http://ecommercelaw.typepad.com/ecommerce_law/2006/05/issue_4_the_pot.htl
23. www.wto.org
24. http://www.cyberlawsindia.net/requires.html
25. http://www.cyberlawindia.com/JusticeTandon_LondonSpeech.pdf
26. http://www.legalserviceindia.com/articles/article+4.htm
27. http://snyside.sunntside.com/cpsr/lists/listserv_archives/cyberrights/
960111.cr_CIS_censorship%3a_The_whole_St
28. http://www.ipww.com/jul97/pllmalaysia.html
29. http://www.dot.gov/cgi-bin/AT-serversearch.cgi
30. http://www.ftc.gov/opa/9605/fortuna.htm
31. http://informingscience.org/proceedings/IS2003Proceedings/docs/029Glads.pdf
32. www.jumbolaw.com/concept.doc
33. http://en.wikipedia.org/wiki/
Personal_jurisdiction_in_internet_cases_in_the_United_States
34. www.harrisonmoberly.com/.../INTERNET%20JURISDICTION%20%20A
%20PRAGMATIC%20APPROACH.d
139
35. http://pcquest.ciol.com/content/features/101123102.asp
36. http://www.usdoj.gov/ag/events/g82004/99 transborderaccessprinciples.pdf
37. http: //cyber.law.harvard.edu/property00/nonframe_current.html.
38. http://www.bizymoms.com/computers-and-technology/evolution-of-the-
internet.html
39. http://www.scribd.com/doc/20262442/Encyclopedia-of-Cyber-Crime
40. http://www.livinginternet.com/w/wi_mosaic.htm
41. http://www.w3.org/Consortium/technology
42. http://www.webopedia.com/TERM/S/server.html
43. http://www.mygeekpal.com/23/the-internet-misconceptions-explained/
44. http://www.livemint.com/2009/08/20000730/India-emerging-as-centre-for-c.html
45. http://news.outlookindia.com/item.aspx?657123
46. http://www.symantec.com/avcenter/reference/cyberterrorism.pdf
47. http://www.ieid.org/congreso/ponencias/Nagpal,%20Rohas.pdf
48. http://mateenhafeez.blogspot.com/2009/05/threat-email-police-slap-cyber.html
49. http://www.authorstream.com/Presentation/Riccard-57527-cyber-attacks-
Discussion-Critical-Infrastructures-Using-Systems-Against-Us-a-Education-ppt-
powerpoint/
50. http://www.scribd.com/doc/26121255/Cyber-Terrorism-Hype-or-Hazard
51. http://www.neerajaarora.com/“cyber-terrorism”-a-broader-concept/
52. http://fanaticmedia.com/infosecurity/archive/Nov09/Cyber%20Crime%20-
%20Gaining%20New%20Threat%20Vectors.htm
53. http://www.law.umaryland.edu/marshall/crsreports/crsdocuments/
RL30735_06192001.pdf
54. http://voip.about.com/od/voipbasics/a/whatisvoip.htm
55. http://www.pcworld.com
56. http://www.acm.org/ubiquity/views/v4i49_nasir.html
57. http://ecommercelaw.typepad.com/ecommerce_law/2006/05/issue_4_the_pot.html
58. http://ecommercelaw.typepad.com/ecommerce_law/2006/05/issue_4_the_pot.html
59. www.wto.org
60. http://www.cyberlawsindia.net/requires.html
61. http://www.cyberlawindia.com/JusticeTandon_LondonSpeech.pdf
140
62. http://www.legalserviceindia.com/articles/article+4.htm
63. http://snyside.sunntside.com/cpsr/lists/listserv_archives/cyberrights/
960111.cr_CIS_censorship%3a_The_whole_St
64. http://www.ipww.com/jul97/pllmalaysia.html
65. http://www.dot.gov/cgi-bin/AT-serversearch.cgi
66. http://www.ftc.gov/opa/9605/fortuna.htm
67. http://informingscience.org/proceedings/IS2003Proceedings/docs/029Glads.pdf
68. http;//www.jumbolaw.com/concept.doc
69. http://en.wikipedia.org/wiki/
Personal_jurisdiction_in_internet_cases_in_the_Unite_States
70. www.harrisonmoberly.com/.../INTERNET%20JURISDICTION%20%20A
%20PRAGMATIC%20APPROACH.d
71. http://pcquest.ciol.com/content/features/101123102.asp
72. http://www.worldtrademarkreview.com/issues/Article.ashx?g=9e61914b-441a-
4756-b153-c2279d70882b
73. http://econimerce.wipo.int/meetings/1999/index.html
74. http://cyber.law.harvard.edu/propertyOO/nonframe_current.html
75. http://www.usdoj.gov/ag/events/g82004/99 transborderaccessprinciples.pdf
76. http://www.usdoj.gov/criminal/cybercrime/ gorshkovSent.htmX
77. http://www.usdoj.gov/ag/events/g82004/99 transborderaccessprinciples.pdf
78. http://www.cps.govuk/legal/section2/chapter_e.html#_Toc44563266
79. http:// www.eurojust.eu.int
80. http://www.news.com
81. http://www.eff.org/Censorship/Indymedia/
82. http://www.cybercellmumbai.com/faq/information-required-for-complaint
83. http://www.digital-evidence.org/di_basics.html
84. http://74.125.153.132/search?q=cache:http://www.redhat.com/docs/manuals/linux
/RHL-9-Manual/security-guide/ch-response.html
85. http://www.upiasia.com/Security/2010/03/09/indias_cyber_crime_challenge/6678/
86. http://www.cyberseminar.cdit.org/pdf/08_02_09/pg_19.pdf
87. http://www.neerajaarora.com/ phishing-the-internet - age -crime/
88. http://www.cyberspacelaw.org/kesan/kesan1.html
141
APPENDIX
QUESTIONNAIRE
Related to
ISSUES OF JURISDICTION UNDER THE INFORMATION
TECHNOLOGY ACT’ 2000
Profile of the Respondent
Direction: Kindly fill up the following with the correct details about yourself.
(These details are required for communication purposes only and will not be
disclosed)
a. Name__________________
b. Age _______
c. Gender
To pick write “x”
Male ( ) Female ( )
d. Name of the place where currently working
_________________________________
e. Current Position in the
company_________________________________
INSTRUCTIONS FOR COMPLETING THE QUESTIONNAIRE
This questionnaire is in electronic format to facilitate its completion and
to enable the responses to be automatically prepared for analysis.
142
1. In open ended questions you can write according to your knowledge
and experience. Therefore, the space is expandable.
2. In close ended questions just “x” your choice. Such as for yes write X
and otherwise leave it blank.
3. Please submit the completed questionnaire by [2.03.2010].
1. Do you think ascertaining jurisdiction is the main problem/challenge in
cyber cases in India?
Yes No
2. Have you ever sought or received a request for international legal
assistance in a cyber crime case? What mechanisms were used to provide
assistance and how quickly the assistance provided?
3. What according to you is the biggest threat to the cyberspace?
4. Have you ever faced any difficulty in ascertaining the jurisdiction of the
cyber crime?
Yes No
5. Are we able to point out the crime and the place where the contracts are
made electronically? Also, on what basis it is determined, which court will
have jurisdiction.
143
6. Who are the relevant law enforcers of cyber crimes?
7. How far the criminal code of procedure is applicable to investigate
matters of cybercrime?
8. When the disclaimer on the website is of some country abroad, stating
that any dispute arising shall fall under the jurisdiction of that country;
but if the crime took place in India how the national laws apply to such
cases and procedure accordingly?
9. Do you think the INFORMATION TECHNOLOGY ACT’ 2000 is vague
in ascertaining the jurisdiction in cyberspace in India?
Yes No
10. If yes what according to you are the suggestive ways to cope up with the
above mentioned situation?
11. Do you think Indian legislators should formulate a separate procedural
law/code for Information Technology Act’2000 to resolve jurisdictional
issues? For example Cr.p.c for Indian Penal Code.
Yes No
144
THANK YOU FOR YOUR TIME
145
![THE INFORMATION TECHNOLOGY ACT, 2000 ––––––––– … · 5 THE INFORMATION TECHNOLOGY ACT, 2000 ACT NO. 21 OF 2000 [9th June, 2000.] An Act to provide legal recognition](https://img.dokumen.tips/doc/110x75/5f0f1e2e7e708231d442940c/the-information-technology-act-2000-aaaaaaaaa-5-the-information.jpg)
