Embed Size (px)
Citation preview
Workshop on “Cyber Crime”
Wednesday, 18th June 2010 - Hotel Bristol, M.G. Road, Gurgaon
Session I- Introduction to Cyberlaw & IT Act,2000By Karnika SethManaging Partner, SETH ASSOCIATES
Introduction Seth Associates is a leading full service Indian law
firm that is internationally networked to provide spectrum of legal services to its domestic and international clients
Network of 2000 associate offices of Association of European lawyers (AEA alliance) as foreign associates
We maintain one of the strongest Cyberlaws practice in India today. With more than a decade's experience in Cyberlaws Practice, Seth Associates recently established the World's first integrated 'Cyberlaws Consulting Centre' at Seth Associates
CCC- Cyberlaws Consulting Centre CCC renders cyber legal consultancy, cyber law
analytics and forensic services to its clients world wide.
Work experience of handling cybercrime matters with Delhi Police
Delivered training workshops to Delhi police on dealing with cybercrime investigation cases
Recently authored a book titled ‘Cyberlaws in the Information Technology age’ published by Lexis Nexis Butterworths that elucidates the key developments in the field of Cyberlaws across many important jurisdictions—India, United States and European nations
‘Cyberlaws in the Information Technology Age’ by Karnika Seth
Presentation plan
This session will introduce the subject of cyberlaws and describe key features of the cyberspace and challenges in the online world.
Characteristics of cyberspace Key Challenges in cyberspace Reasons for rising index of cybercrimes Introduction to the IT Act,2000
What is the Cyberspace?
William Gibson in 1980s wrote a science fiction named Neuromancer wherein computer hackers waged war against secure data.
The setting had no physical existence and was named ‘Cyberspace’ by Gibson.
Unique features - dynamic, borderless space, anonymity, speed, cost effective, marked with rapid technological advances
Regulating the Internet.. Proponents of Cyberlaws believe
that one’s activities on the Internet need regulation by framing laws and rules that govern our activities in the cyberspace. This branch of law is termed as “Cyberlaws”
European Union, USA, UNCITAL framed important laws to govern cyberspace
UNCITRAL Model law of e-commerce 1996
EU data protection Directive DMCA Act 1998 in USA WIPO domain name dispute
Resolution policy
Critics who advocate ‘no regulation’ or ‘self regulation’ in the Virtual space believe that government should have minimum interference in regulating the cyberspace and its use of surveillance or censorship measures.
John Perry Barlow’s “Declaration of the Independence of the cyberspace” and David G. Post, The “Unsettled Paradox”: The Internet, the State, and the Consent of the Governed, 5 IND. J. GLOBAL LEGAL STUD. 521, 539 (1998)
Inherent challenges in framing Cyberlaws Some early adopters in the US and the West drafted their own legislations by
either adapting their existing laws in the context of cyberspace or creating new laws in respect thereof.
Determining jurisdiction and formation the e-contracts are two key issues on which traditional legal principles have been largely applied by Courts worldwide . For e.g . Longarm Statutes enacted in US and Minimum Contacts test.
General consensus that in the e-world, electronic signatures and electronic documents are equally legally valid as the hand-written signatures or hard copy paper documents. Model law on Electronic Commerce in 1996 promotes application of principle of ‘ functional equivalence’
India enacted its first law of IT through the IT Act, 2000 based on the principles elucidated in the UNCITRAL Model law of e-commerce. Extends to whole of India and also applies to any offence or contravention thereunder committed outside India by any person {section 1 (2)} read with Section 75
No Homogenous Cyberlaw Nature of the internet- anonymity
element coupled with no territorial borders and absence of uniform law poses a challenge to legislators and enforcement authorities
A global consensus with respect to legal enforcement and internet censorship against certain offences
such as-Child pornography, Cyberwarfare, threat to national security and cyberterrorism
Different countries differ in treatment of certain other serious issues such as Gambling, hatespeech, political propaganda, defamatory matter, pornography on internet
These inturn may be protected by the Right to freedom of speech and expression
Tests to Determine Jurisdiction in Cyberspace
Zippo sliding scale test (1) ( based on interactivity of a website), Effects test (2) based on where effects of an illegal act are felt), Targeting approach principles (3)( based on whether accused
solicited business in a particular jurisdiction). (1) Zippo Manufacturer v Zippo Dot com 952 F. Supp. 1119 (D.C.W.D. Pa. 1997)
(2) Calder v. Jones465 U.S. 783 (1984). (3) People v. World Interactive Gaming714 N.Y.S. 2d 844 (N.Y.Sup.
1999), 1999 N.Y. Misc. LEXIS 425 (S.C. N.Y.1999)
What is a cyber threat?
From the information security perspective, a ‘threat ‘ is defined as the potential to cause an unwanted incident in which an asset, system or organisation may be harmed.
‘Cyber threat ‘ is a threat that percolates or infiltrates through the use of computers , internet or interconnected communication devices and could comprise of information stealth, cyber warfare, virus attacks, cyber terrorism, hacking
attempts , phising,sabotage, singly or in combination.
Computer vulnerability Computers store huge amounts of data in small spaces Ease of access Complexity of technology Human error One of the key elements that keeps most members of any society honest is fear of being
caught — the deterrence factor. Cyberspace changes two of those rules. First, it offers the criminal an opportunity of attacking his victims from the remoteness of a different continent and secondly, the results of the crime are not immediately apparent.
Need new laws and upgraded technology to combat cyber crimes
Introduction to Cyber Crime
Computer Crime, E-Crime, Hi-Tech Crime or Electronic Crime is where a computer is the target of a crime or is the means adopted to commit a crime.
Most of these crimes are not new. Criminals simply devise different ways to undertake standard criminal activities such as fraud, theft, blackmail, forgery, and embezzlement using the new medium, often involving the Internet
Different Types of Cybercrimes
Cyber crimes
Hacking Information
TheftE-mail
bombingSalami attacks
Denial of Service attacks
Trojan attacks
Web jacking
Types of Cyber crimes
Credit card frauds Cyber pornography Sale of illegal articles-narcotics, weapons,
wildlife Online gambling Intellectual Property crimes- software
piracy, copyright infringement, trademarks violations, theft of computer source code
Email spoofing Forgery Defamation Cyber stalking (section 509 IPC) Phising Cyber terrorism
Crime against persons
Crime against Government
Crime against property
Categories of IP rights
Categories of IP rights
Utility model/Designs
Plant Breeder’s rights
Geographical Indications
Trade secrets
Trademark & domain names Copyright
Patent
IPR
Patents
Industrial Design
Trademarks
Works of Art
Literature
Music
Broadcasting
Dramatics Works
Sound Recording
Computer Programs Geographical Indications
Classification of IPR
Intellectual Property
Cop
yri
gh
t
Different Acts governing IP assets
Trade Marks
The Patents Act, 19 70Patents
The Copyright Act, 1957Copyright
Designs
The Protection of plant varieties and Farmers’ Right Act, 2001
Geographical Indications
Plant Varieties
Semi conductor IC layout design Act,2000
The Designs Act, 2000
The Geographical IndicationsOf Goods Act, 1999
The Trade Marks Act, 1999
Semi conductor IC layout
IP- Duration of Term of Protection
Patents (20 years) Trademarks (10 years + renewals) Copyrights in published literary, dramatic, musical, and
artistic works (Lifetime of author +60 years). Copyright in photographs ,cinematographic film, sound
recordings –(60 years from year in which it was published) Broadcast reproduction right-(25 years from the beginning
of the calendar year next following the year in which the broadcast is made.)
Performers right-(25 years from the beginning of the calendar year next following the year in which the performance is made)
Industrial designs (10 years+ renewal permitted once for 5 years )
Trade-secrets and know how collectively “proprietary technology” (contract period-protected by contract provisions, doctrine of breach of trust)
There are multiple perspectives about intellectual property rights on the Internet
Nature of internet- Borderless space, ease of flow of information, promptness, anonymity, easy to share, distribute and copy information at very less cost.
These multiple perspectives to IPR include: "Information Wants to be Free." These people believe there should
be no copyrights or other protections of intellectual property; everything made publicly available should be public domain.
"Right of Attribution." These people believe that the only rights owed to authors and creators is the right of attribution; otherwise, all information is free.
"Limited Use Rights." These people believe that copyright has validity but minor infringing behavior, whether "fair use" or not, should be legal.
"Strong IP Regimes." These people adhere strictly to intellectual property protections.
(Note that there is also the moral rights perspective, which existson a different scale but is most closely aligned with the Strong IPRegimes category.)
The question of new, sui generis form of protection was seriously considered in the 1970s, but copyright protection became the norm. the TRIPS Agreement requires that ‘Computer program, whether in source or in object code, shall be protected as literary works under the Berne Convention’. Case on point-Ibcos computers v Barclays FinanceLtd(1994)FSR 275,Apple computer inc vsFranklin ComputerCorpn714F2d1240(3rd Cir 1983).
India party to Berne convention, Paris convention and UCC1952.
India-Copyright Act-Section 2(o)-computer programme is literary work.section 2(ffc) defines computer programme.,section 2(ffb) defines computer-copyright –tangible –storage in any medium
Protecting Copyright in the digital millennium
Digital downloads and reproduction & display rights
Kelly v Arriba Soft Corp 280 F3d 934(9th Cir2002)
Plaintiff leslie kelly had copyrighted many images of American west. Some were located on her website. Defendant produced thumbnail pictures in its search engine’s search results and by clicking on them, larger version could be viewed within Arriba’s page.
Circuit court held, use of thumbnails is fair use but display of larger image within its webpages is violation of author’s exclusive right to publicly display his works.
Passing off, Trademark infringement and dilution
Passing off “No body has any right to represent his goods as the goods of
somebody else”
Lord HalsburyPassing off action allows trader A to prevent trader B from passing their goods off as if they were A’s.
Passing off is available where there is a prospect of confusion of identity through the unauthorized use of similar marks or get up, and such use damages, or is likely to damage the goodwill and reputation of a business. Passing off can apply to virtually any name, mark, logo or get-up which distinguishes a company, business, product or service from the other. Passing off attracts doctrine of strict liability: the intention of the person passing itself off as another trader is irrelevant.
Attributes of Passing Off
Lord diplock in Erven Warnink v J Townend 1979 (2)AllER 927-To Succeed in an action for passing off, a claimant should establish that:
The claimant has a goodwill
The misrepresentation damages or is likely to damage the goodwill of the claimant.
Passing off is made in the course of trade.
The defendant made a misrepresentation that is likely to deceive the public.
Example of passing off action
Domain name similar to that of known companies are used by persons in order to promote their products or services.
A company creates a website to promote his business of soft drinks and deliberately gives it the domain name www.cocacola.com , now this domain name is bound to confuse and mislead the customers as that of the well known Coca-Cola and encourage them to buy the product which infact is of another company. This can be termed as passing off.
Cases on Passing off
Yahoo! Inc. vs Akash Arora(1999)
FACTS: The defendant installed a website Yahooindia.com nearly identical to plaintiff’s renowned yahoo.com and provided services similar to those of the plaintiff.
DECISION: The Delhi High Court granted an injunction restraining defendant from using yahoo either as a part of his domain name or as a trade mark .It held that trade mark law applies with equal force on the internet as it does in the physical world.
Cases on Passing off
Yahoo! Inc. vs Akash Arora(1999)
FACTS: The defendant installed a website Yahooindia.com nearly identical to plaintiff’s renowned yahoo.com and provided services similar to those of the plaintiff.
DECISION: The Delhi High Court granted an injunction restraining defendant from using yahoo either as a part of his domain name or as a trade mark .It held that trade mark law applies with equal force on the internet as it does in the physical world.
Precedents on Passing off
In the case of Marks & Spencer Plc and others v. One in a Million Ltd. and others, the deputy judge of the English Court held that:
"Any person who deliberately registers a domain name on account of its similarity to the name, brand name or trade mark of an unconnected commercial organization must expect to find himself on the receiving end of an injunction to restrain the threat of passing off, and the injunction will be in terms which will make the name commercially useless to the dealer.“
In the case of Rediff Communication Limited v. Cyberbooth and Ramesh Nahata of Mumbai (1999), the Bombay High Court supported an action of passing off when the Defendants used the term ‘RADIFF’ (similar to the name ‘REDIFF’ of the Plaintiff) to carry on business on the Internet.
Passing off action under the Trade Marks Act, 1999
A registered Trademark has the backing of infringement and passing off remedies under the TMA act.
The Act does not provide for infringement action in respect of unregistered Trademarks.
Only Passing off remedy is available in case of unregistered Trademarks.
(Section 27 of TMA Act, 1999).
Section 29 of the Trademark Act states that when a registered trade mark is used by a person who is not entitled to use such a trade mark under the law, it constitutes infringement. A registered trade mark is infringed ,if:-
1. The mark is identical and is used in respect of similar goods or services or
2. The mark is similar to the registered trade mark and there is an identity or similarity of the goods or services covered by the trade mark
3. And Such use is likely to cause confusion on the part of the public or is likely to be taken to have association with the registered trade mark.
For example, if you are not the Nike® company or authorized by it, it is an infringement to sell sports clothes called "Nikestuff “Legal remedies under Indian Trademarks Act-Injunction ,damages, delivery up of infringing goods, destroying infringing
goods and material, etc.For cases see heading cybersquattingSatyam infoway vs Sifynet solutions 2004 (6)SCC 145..
Trademark infringement
Dilution is a trademark law concept forbidding the use of a famous trademark in a way that would lessen its uniqueness. In most cases, trademark dilution involves an unauthorized use of another's trademark on products that do not compete with, and have little connection with, those of the trademark owner. For example, a famous trademark used by one company to refer to hair care products, might be diluted if another company began using a similar mark to refer to breakfast cereals or spark plugs.
A trademark is diluted when the use of similar or identical trademarks in other non-competing markets means that the trademark in and of itself will lose its capacity to signify a single source. In other words, unlike ordinary trademark law, dilution protection extends to trademark uses that do not confuse consumers regarding who has made a product. Instead, dilution protection law aims to protect sufficiently strong trademarks from losing their singular association in the public mind with a particular product, perhaps imagined if the trademark were to be encountered independently of any product (i.e., just the word Pepsi spoken, or on a billboard).
Dilution
Case law on DilutionAvery Dennison Corporation
Vs. Jerry Sumpton, et al.
Facts: Jerry Sumpton and his company Freeview registered thousands of domain names - primarily typical surnames - and used these domain names to offer "vanity" email addresses to people who want an address incorporating their name. Two of the names registered included avery.net and dennison.net. Avery Dennison brought suit against Sumpton claiming trademark dilution.
Decision: The Ninth Circuit held that Avery Dennison failed to meet the required of elements of dilution. The court concluded that the Avery and Dennison trademarks were not famous. Although the court acknowledged that the trademarks had reached a level of distinctiveness, dilution requires that a mark be both distinctive and famous. According to the court for a mark to meet the "famousness" element of dilution it must be truly prominent and renowned. Additionally, the court held that Avery Dennison failed to meet a second requirement for dilution: commercial use. Commercial use under the dilution statute requires that the defendant use the trademark as a trademark, capitalizing on its trademark status.
Cases on Dilution
Teletech Customer Care Management, Inc. vs
Tele-Tech Company, Inc
Facts: The plaintiff, a large provider of telephone and Internet customer care services, had been continuously using the mark for approximately fifteen years and had waged an extensive promotion and advertising campaign for its services. The defendant, a contractor providing engineering and installation services to the telecommunications industry, registered the domain name teletech.com.
Decision: The court held that there was no likelihood of confusion, because the parties’ businesses were so dissimilar. However, the court found dilution, ruling that TELETECH was a famous mark, and ordered the defendant to transfer the domain name to the plaintiff.
CASES ON FRAMING The Washington Post Company et al.
vs. Total News, Inc.
Facts: As a one-stop news site, TotalNews.com linked to many news sites, but kept a frame, or border around them, which the news sites argued made it look like the content was from TotalNews.com, changed the ad layout on the page, and kept totalnews.com as the address for book marking purposes.
In the complaint the news companies claimed that TotalNews misappropriated their trademarked and copyrighted material, thereby engaging in a host of crimes including unfair competition, federal trademark dilution, and trademark and copyright infringement. The news organizations said that their websites, as they appeared within the Totalnews frames, were substantially altered from the form in which they intended them to appear to users and that it was done solely for Totalnews' profit.
TotalNews argued that the case was in essence about its freedom to link, which it claimed was a fundamental right on the Internet.
Status: The court never decided the TotalNews case because the parties settled. Totalnews agreed to remove the frame.
Cybersquatting
Panavision International vs.
ToeppenFacts: Toeppen engaged in dilution by cyber squatting in
registering the domain panavision.com offered to sell the domain to the plaintiff for $13,000. Mr. Toeppen put a map of Pana, Illinois up on his panavision.com website.
Decision: The Ninth Circuit upheld the lower court’s conclusion that Mr. Toeppen was engaged in extortive efforts and was diluting the famous PANAVISION mark. Mr. Toeppen’s cause was not helped by the fact that he had registered many domains containing known brands, such as deltaairlines.com, neimanmarcus.com, eddiebauer.com and lufthansa.com.
Database Protection
Copyright protection to tables, compilations and computer databases does not extend to any data itself, but only to the way in which it is organized. This fundamental copyright principle is expressed in Article 10.2 of the TRIPS Agreement: Compilations of data or other material, whether in machine readable or other form, which by reason of the selection or arrangement of their contents constitute intellectual creations shall be protected as such. Such protection, which shall not extend to the data or material itself, shall be without prejudice to any copyright subsisting in the data or material itself.’
UK Database Protection Act, EU Directive on Data base protection India has no separate legislation on database protection. Provisions of
copyright Act, IT Act, IPC prevail.
The WIPO Copyright Treaty (WCT), although not binding on WTO members that have not joined the WCT, similarly provides in Article 4: "Computer programs are protected as literary works within the
meaning of Article 2 of the Berne Convention. Such protection applies to computer programs, whatever may be the mode or form of their expression."
Domain name dispute resolution policy
Judicial dispute resolution under Federal Trademark dilution Act-Comp examiner agency vs juris inc
Judicial Dispute Resolution under Anti cybersquatting Consumer Prevention Act,
Dispute resolution under UDRP-ICANN approved domain name dispute resolution service providers.3 elements identical/deceptively similar mark,no legitimate use, bad faith registration
ADNDRC,CPR institute for dispute resolution, National arbitration forum, WIPO example Tata sons ltd case,Bennett coleman and co case, Asian paints.com case
IT Act, 2000
Enacted on 17th May 2000- India is 12th nation in the world to adopt cyber laws
IT Act is based on Model law on e-commerce adopted by UNCITRAL
Objectives of the IT Act
To provide legal recognition for transactions:- Carried out by means of electronic data
interchange, and other means of electronic communication, commonly referred to as "electronic commerce“
To facilitate electronic filing of documents with Government agencies and E-Payments
To amend the Indian Penal Code, Indian Evidence Act,1872, the Banker’s Books Evidence Act 1891,Reserve Bank of India Act ,1934
Extent of application
Extends to whole of India and also applies to any offence or contravention there under committed outside India by any person {section 1 (2)} read with Section 75- Act applies to offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India
Section 2 (1) (a) –”Access” means gaining entry into ,instructing or communicating with the logical, arithmetic or memory function resources of a computer, computer resource or network
Main Features of IT Act,2000
Conferred legal validity and recognition to electronic documents & digital signatures
Legal recognition to e-contracts Set up Regulatory regime to supervise
Certifying Authorities Laid down civil and criminal liabilities for
contravention of provisions of IT Act,2000 Created the office of Adjudicating
Authority to adjudge contraventions
Need for amendments
Diversifying nature of cybercrimes –all were not dealt with under IT Act,2000-cyber terrorism, spamming, MMS attacks,etc
Use of wireless technology had no mention in definition of “computer network” in S2(j)
Digital signatures only for authentication . Definition of ‘intermediary’ and their liability required
clarification. Grey areas-Power of execution- Adjudicating authority No appointed statutorily authority for supervising cyber
security of protected systems Power to investigate offences –only DSP and above Power to intercept & decrypt information limited under
Section 69
Important definitions added in amended Act
Section 2 (ha)- communication device-includes cell phones, PDA,etc
Section 2 (j) computer network –interconnection through wireless added
Section 2 (na) cybercafe Section 2(w)- intermediary- includes
search engines, web hosting service providers, online auction sites,telecom service providers etc
IT Act ,2000 v 2008- Electronic Signatures
