cyber law case study topics

• --> Login or Sign Up

Shop by Author

• Sabrineh Ardalan
• Robert Bordone
• Robert Clark
• John Coates
• Susan Crawford
• Alonzo Emery
• Heidi Gardner
• Philip B. Heymann
• Howell E. Jackson
• Wendy Jacobs
• Adriaan Lanni
• Jeremy McClane
• Naz Modirzadeh
• Catherine Mondell
• Ashish Nanda
• Charles R. Nesson
• John Palfrey
• Bruce Patton
• Todd D. Rakoff
• Lisa Rohrer
• Jeswald W. Salacuse
• James Sebenius
• Joseph William Singer
• Holger Spamann
• Carol Steiker
• Guhan Subramanian
• Lawrence Susskind
• David B. Wilkins
• Jonathan Zittrain

Shop by Brand

• Howell Jackson
• Ashish Nanda and Nicholas Semi Haas
• Chad M. Carr
• John Coates, Clayton Rose, and David Lane
• Ashish Nanda and Lauren Prusiner
• Ashish Nanda and Lisa Rohrer
• Ashish Nanda and Monet Brewerton
• View all Brands
• $0.00 - $0.00
• $0.00 - $1.00
• $1.00 - $1.00
• Published Old-New
• Published New-Old

The Snowden Effect

Anastasia Tolu, under supervision of Charles R. Nesson

Algorithmic Allegories (version 1.0)

Marcus Comiter, Ben Sobel, and Jonathan Zittrain

Prosecutorial Discretion in Charging and Plea Bargaining: The Aaron Swartz Case (B)

Elizabeth Moroney, under the supervision of Adriaan Lanni and Carol Steiker

Prosecutorial Discretion in Charging and Plea Bargaining: The Aaron Swartz Case (A)

Elizabeth Moroney, under supervision of Adriaan Lanni and Carol Steiker

Game Changers: Mobile Gaming Apps and Data Privacy

Susan Crawford, Jonathan Zittrain and Lisa Brem

The Smart Grid

Sonia McNeil, with Paul Kominers, J. Palfrey and J. Zittrain

The WikiLeaks Incident: Background, Details, and Resources

Alan Ezekiel, under supervision of John Palfrey and Jonathan Zittrain

The Case of the Federal Defender's Advice

David Abrams

• Faculty & Research
• Life at Duke Law
• Faculty & Staff Directory
• Event Calendar
• Goodson Law Library
• Consumer Information (ABA Required Disclosures)
• Follow Duke Law Duke Law on Youtube Duke Law on Twitter Duke Law on Facebook Duke Law on Instagram
• Return to start of menu
• Juris Doctor
• International LLM
• Master of Judicial Studies
• Dual Degrees
• Areas of Focus
• Public Interest & Pro Bono
• Summer Institutes
• PreLaw Fellowship Program
• Admissions Contact
• Academic Advising
• Academic Calendar
• Course Browser
• Degree Requirements
• Clinics and Externships
• Legal Writing
• Wintersession
• Study Abroad
• Registration Portal
• Faculty Profiles
• Scholarship
• Visiting Assistant Professor Program
• Faculty Workshops
• Teaching & Learning
• Student Resources
• Student Organizations
• Diversity, Equity, and Inclusion
• Student Events
• Prospective Students
• JD Students
• International LLMs
• Employment Data
• Administration
• A History of Duke Law School
• Durham: The Bull City
• Visiting Duke Law
• Rules & Policies
• News & Events
• Alumni Benefits
• Update Your Address
• Event Refund Policy

210 Science Drive | Durham, NC 27708 | 919-613-7006

316 Intro to Cyber Law and Policy

This course will provide an introduction to the dynamic and evolving field of cyber law and policy.  The course will be team-taught by multiple instructors with expertise in various government and industry sectors. The goal is to introduce students to the legal and policy frameworks that guide lawyers and decision-makers in a world of rapid technological change, with a primary emphasis on cybersecurity and privacy. We will discuss today’s threat landscape and approaches to data breaches, cybercrime by state and non-state actors, and cyberwarfare. We will also consider the legal and policy issues surrounding the collection and use of personal data, with a focus on both domestic and international data privacy protections. Other topics will also be explored, such as the impact of emerging technologies and markets (e.g., machine learning, digital currencies, platform media) and the ethical responsibilities of lawyers. Real-world case studies will be employed to allow students to weigh in on some of the most pressing issues of our time.   This course is introductory in nature and no technical background is necessary.

Note: Students who have taken Law 609, Readings in Cyber Law with Stansbury, may not take Law 316, Intro to Cyber Law. 

In this section

• Legal Writing Resources
• Student Scholarship
• Bar Application

*Please note that this information is for planning purposes only, and should not be relied upon for the schedule for a given semester. Faculty leaves and sabbaticals, as well as other curriculum considerations, will sometimes affect when a course may be offered.

Trending News

Related Practices & Jurisdictions

• Communications Media Internet
• Corporate Business Organizations
• Litigation Trial Practice
• All Federal

2021 was another year of high activity in the realm of data event and cybersecurity litigations with several noteworthy developments.  CPW has been tracking these cases throughout the year.  Read on for key trends and what to expect going into the 2022.

Recap of Data Breach and Cybersecurity Litigations in 2020

2021 heralded several developments in data breach and cybersecurity litigations that may reshape the privacy landscape in the years to come.  However, in many ways 2021 litigation trends were congruent with the year prior.  Before delving into where we may be headed for this important area of data privacy litigation in 2022, let’s do a short recap of where we were at the end of 2020.

Recall that the number of data events in 2020 was more than  double  that of 2019, with industries that were frequent targets of cyberattacks including government, healthcare, retail and technology.  In this instance, correlation equaled causation—as more entities experienced crippling security breaches, the number of data breach litigations filed also increased.  There were three trends that marked the cybersecurity landscape that we covered in CPW’s 2020 Year in Review:

First , in 2020 plaintiffs bringing data breach litigations continued to rely on common law causes of action (negligence and fraud, among others) in addition to asserting new statutory claims ( although of course there were exceptions ).  Challenges to a plaintiff’s Article III standing in the wake of a data event were pervasive, with defendants arguing that allegations of future speculative harm were inadequate to establish federal subject matter jurisdiction.

Second , in spring 2020, a federal court ordered production of a forensic report prepared by a cybersecurity firm in the wake of a data breach.  The report was found  not  protected as attorney work product  despite having been prepared at the direction of outside counsel .  Commentators at the time wondered if this was a harbinger of future rulings regarding privilege in the context of privacy litigations.

And  third , there were several warning signs that the legal fallout from a data breach can extend to company executives and the board.  As just one instance, in 2020 a company’s former Chief Security Officer (CSO) was charged with obstruction of justice and misprision of felony for allegedly trying to conceal from federal investigators a cyberattack that occurred in 2016, exposing the data of 57 million individuals.

Perhaps unsurprisingly, these earlier trends signaled in part what was on the horizon in 2021 as discussed in greater detail below.

Article III Standing in Cybersecurity Class Action Litigations

The past several years have seen a not-so-quiet revolution in standing jurisprudence, and 2021 was no different.  Standing under Article III of the U.S. Constitution, in the Supreme Court’s oft-repeated phrasing, is an “irreducible constitutional minimum” requiring that a party be able to demonstrate: (1) an injury in fact; (2) that the injury was caused by defendant’s conduct; and (3) that the injury can likely be redressed by a favorable judicial decision.

The standing issue that defined 2021 was “speculative future harm.”  In February, the Eleventh Circuit highlighted a long-running circuit split regarding whether plaintiffs had standing to assert claims based solely on the disclosure of their information couples with an increased risk of future harm.  In  Tsao v. Captiva MVP Rest. Partners, LLC , 986 F.3d 1332 (11th Cir. 2021) , the court found that standing required a concrete and particularized injury that was actual or imminent.  The  Tsao  plaintiff based his injuries on fear of future harm, as well as preemptive steps taken to ward off potential identity theft.  In line with the majority of circuits to have addressed the issue, the court found that none of these potential injuries conferred standing.

Other courts likewise joined in this skepticism of standing based on speculative future harm.  The Central District of Illinois expressed doubt in  McGlenn v. Driveline Retail Merch., Inc. , 2021 U.S. Dist. LEXIS 9532 (C.D. Ill. Jan. 19, 2021)  whether speculative future harm could confer standing at all.  The Middle District of Florida, following  Tsao , recommended in  Hymes v. Earl Enters. Holdings , 2021 U.S. Dist. LEXIS 26534, (M.D. Fla. Feb. 10, 2021)  that approval for a settlement be withheld based on a lack of standing based on injuries similar to those alleged in  Tsao .  In March, the Eastern District of Pennsylvania likewise weighed in via  Clemens v. Execupharm, Inc ., No. 20-cv-3383, 2021 U.S. Dist. LEXIS 35178 (E.D. Pa. Feb. 25, 2021) , reaching the same conclusions regarding speculative future harm.  In April, the Ninth Circuit joined the party, again finding in  Pruchnicki v. Envision Healthcare Corp. , 845 F. App’x 613, 614 (9th Cir. 2021)  speculative future injury, coupled with lost time, worry, and purported loss of value of her information, was insufficient to confer standing.  Even some state courts got in on the fun: the Superior Court of Delaware, applying that state’s similar standing principles, found in  Abernathy v. Brandywine Urology Consultants, P.A. , No. N20C-05-057 MMJ CCLD, 2021 Del. Super. LEXIS 46 (Del. Super. Ct. Jan. 21, 2021)  that the mere notice of a data breach coupled with speculative future harm was insufficient to confer standing.

In the midst of this growing chorus of cases rejecting speculative future harm as a basis for standing came the Second Circuit, which issued a massive opinion trying to harmonize years of precedent both finding and rejecting standing.   McMorris v. Carlos Lopez & Assocs., LLC , 995 F.3d 295, 297 (2d Cir. 2021)  held that, in the abstract, a plaintiff  could  establish standing based on a substantial risk of identity theft or fraud, but that such an argument would be fact and case-specific.

Then came June’s  Ramirez v. Transunion , 141 S. Ct. 2190 , in which the Supreme Court revisited the question of what constitutes an “injury in fact” in the data breach context.  The  Ramirez  class consisted of affected individuals who, in the main, alleged only that inaccurate information existed on their credit files, with no corresponding dissemination to a third party or any harm resulting from that dissemination.  The Supreme Court determined that where the vast majority of a putative class suffered no actual injury, let alone the type of injury suffered by a class representative, no standing existed.  The Supreme Court also determined that “the mere risk of future harm, without more, cannot qualify as a concrete harm in a suit for damages.”

On a related note, while commentators worried that  Ramirez  would preclude data breach litigations from being brought in federal courts, such concerns have not yet materialized.  The courts in  Blackbaud  and  Cotter v. Checkers Drive-In Restaurants, Inc. , 2021 U.S. Dist. LEXIS 160592 (M.D. Fla. Aug. 25, 2021), distinguished  Ramirez  on procedural grounds.  Meanwhile, some courts have indicated that an impending injury or substantial risk could suffice for injury in fact in data breach litigation.  The court in  Griffey v. Magellan Health Inc. , 20210 U.S. Dist. LEXIS 184591 (D. Az. Sep. 27, 2021), found that plaintiffs alleged risks of future harm that were “certainly impending” and thus had standing.  All in all, however, pleading a data incident without something more probably does not survive a motion to dismiss.  That’s what happened in  Legg v. Leaders Life Ins. Co. , 2021 U.S. Dist. LEXIS 232833 (W.D. Okla. Dec. 6, 2021), where plaintiffs’ allegations of  general  risks of harm did not suffice.

Ramirez  has also led to consideration of timing and cause-and-effect in data privacy litigation, with courts focusing not only on the existence of concrete harm, but whether the harm could have actually been caused by the breach itself.  The Eastern District of Missouri determined in  Mackey v. Belden, Inc. , 2021 U.S. Dist. LEXIS 145000 (E.D. Mo. Aug. 3, 2021)  that the theft of a Social Security number, coupled with the filing of a false tax return after the theft occurred, was sufficient to confer standing, while the Central District of California determined in  Burns v. Mammoth Media, Inc ., 2021 U.S. Dist. LEXIS 149190 (C.D. Cal. Aug. 6, 2021)  that standing requires a plaintiff show an actual connection between his or her damages and the breach, rather than simply speculating that any purported harm that occurred must have been the result of the breach.

Discovery Disputes Over Work Product and Attorney Client Privilege

2021 has also seen a continuation and cementing of 2020’s developments in how courts treat the attorney-client privilege and work product doctrines in connection with data breach litigation.  Specifically, courts have continued to scrutinize closely whether and how clients may protect post-breach forensic reports from production in subsequent litigation.  Two decisions this year –  Wengui v. Clark Hill , 2021 U.S. Dist. LEXIS 5395 (D.D.C. Jan. 12, 2021)  and  In re Rutter’s Data Sec. Breach Litig ., No. 1:20-CV-382, 2021 U.S. Dist. LEXIS 136220 (E.D. Pa. July 22, 2021)  – have addressed these issues.

As a reminder, 2020 brought us the  Capital One  decision,  In re Capital One Consumer Data Security Breach Litigation  (Capital One), 2020 U.S. Dist. LEXIS 91736 (E.D. Va. May 26, 2020), aff’d, 2020 U.S. Dist. LEXIS 112177 (E.D. Va. June 25, 2020).  Capital One, though it logically followed from a number of attorney-client privilege and work product doctrine [1]  cases, shook up how counsel had to approach privilege in data breach remediation and subsequent litigation.

If you recall, the  Capitol One  decision involved a motion to compel a report on a data breach prepared by Capital One’s pre-established security consultant.   Capital One , 2020 U.S. Dist. LEXIS 91736, at *12.  This was probably Capitol One’s biggest mistake: This “long-standing” business relationship became the key dispositive liability for keeping that report protected under the work product doctrine.   Id .  The court in  Capital One  scrutinized that business relationship as well as prior reports prepared for cybersecurity purposes and, as a result, ascertained that the consultant’s report would have been prepared in a similar form regardless of the litigation.  Thus, the report did not meet the “because of” litigation standard for work product protection.  Presumably because of the preexisting relationship, that decision did not need to address the narrow  Kovel  test for whether the report would be protected under the attorney-client privilege as work essentially prepared by the litigation counsel’s expert or paralegal.

Relying on the  Capitol One  decision, a D.C. district court decided  Clark Hill  earlier this year.   Clark Hill  involved a cybersecurity attack directed at a law firm.  In attempting to avoid production of the breach report, Clark Hill sought to rely on the work product doctrine arguing that the report they sought to withhold was created “because of” anticipated litigation.   Clark Hill, PLC , 338 F.R.D. at 10.  Rather than simply assert that, given that case law exists noting that incident response reports serve business functions as well, Clark Hill attempted to make a more nuanced argument.  Specifically, Clark Hill argued, relying on a concept first introduced by  In re Target , that two reports existed; one which was prepared for litigation and the other of which was to be used to address security concerns.  That distinction, while accepted by the Court, failed Clark Hill because their other report was nowhere near as substantive, was not described in the interrogatory responses as a basis for their response, and the report Plaintiff sought had been circulated outside of the circle of employees and lawyers who needed to know about it for the litigation.   Id . at 12.  Clark Hill similarly lost on the attorney-client privilege because, in attempting to invoke the Kovel Doctrine.  Clark Hill failed to meet the criteria of this test because the numerous security improvement recommendations in the breach report at issue demonstrated that the report was not prepared by an expert advising litigators on how to provide legal advice but was rather the result of independent vendors working to cure a business issue – Clark Hill’s cybersecurity deficiencies.   Clark Hill, PLC , 338 F.R.D. at 11.

Issued this summer,  In Re Rutter  is the third federal court decision addressing these issues.  While  Clark Hill  cited  Capitol One  in its analysis,  In Re Rutter’s  presents an independent analysis and arrives at the same conclusion.  The potential data breach at issue in  In re Rutter’s  concerned payment card information at the point-of-sale (POS) devices used by defendants.  Rutter’s received two alerts on May 29, 2019, which “detail[ed] the execution of suspicious scripts and indications of the use of potentially compromised credentials.”  In response, Rutter’s hired outside counsel, BakerHostetler, “to advise Rutter’s on any potential notification obligations.”  BakerHostetler in turn hired a third party security firm “to conduct forensic analyses on Rutter’s card environment and determine the character and scope of the incident.”     In re Rutter’s Data Sec. Breach Litig ., 2021 U.S. Dist. LEXIS 136220, at *3.

Plaintiffs in  In re Rutter’s  learned about the defendant’s investigation and resulting report during the Fed. R. Civ. P. 30(b)(6) deposition of Rutter’s ill-prepared Vice President of Technology.  Following that deposition and as a result of the deponents framing of the process underlying the report, Plaintiffs sought production of the security firm’s written report and related communications.  Rutter’s objected, citing the work product doctrine and attorney-client privilege.  Applying the general work product doctrine precedent described above, the court held that the work product doctrine did not protect the security firm’s report and related communications from disclosure in discovery largely because of how that report was characterized at deposition as indistinct from a factual report prepared without involvement of counsel.

Thus, both  Clark Hill  and  In re Rutter’s  serve as sobering reminders that while reports prepared for and at the request of counsel in anticipation of litigation can be privileged, compliance officers and counsel must scrupulously avoid blurring the lines between “ordinary course” factual reports and reports genuinely prepared for assisting trial counsel.   In re Rutter’s  also serves as a reminder that preparing 30(b)(6) witnesses can be critical as their testimony can be highly significant, if not dispositive, for a court when assessing assertions of privilege.

These two new cases further cement the widespread implications from  Capitol One  for both data privacy litigation strategy.   All three cases pose lessons for litigators and incident response counsel on the appropriate framing of incident response efforts before and during litigation.   For more a more in depth analysis of the facts underlying these cases and the take-away lessons from them, see our earlier publication here .

  Plaintiff-Side Developments

Data breach litigations continued to be filed at a brisk pace in 2021 in industries ranging from ecommerce, finance, mortgage providers, technology, and software cloud companies to healthcare, wellness, retail, and fast-food, among others.

Many of these litigations were dismissed at the pleadings stage, either for lack of Article III standing (discussed above) or for failure to plead a cognizable claim.   These cases reiterate that merely alleging that a data event or cyberattack occurred, without more, does not mean that plaintiffs automatically can go forward with a case.  Conclusory, ipse dixit allegations are not sufficient .  Plaintiffs are taking note of these decisions and increasingly relying on a blunderbuss pleading strategy (by raising multiple statutory and common law claims in a single complaint) in an effort to have their claims survive a motion to dismiss.

However, because plaintiffs (particularly those that allege merely speculative future harm as a result of a data event) have difficulty establishing the core elements of causation and damages, these efforts have met with mixed success.   Mere alleged misappropriation of personal information may not suffice for purposes of establishing a plaintiff’s damages .

Of course, it goes without saying that class action plaintiffs have also taken an expansive pleading strategy in the hopes that they will be able to cobble together a claim under one of the state or federal privacy statutes that provides for liquidated statutory damages upon establishment of a violation (the California Consumer Privacy Act (“CCPA”) and  federal Driver’s Privacy Protection Act  were two frequent targets).

Other Trends: Emergence of the Data Breach Consumer Pricing Dispute and a Decline in MDLs

Additionally, 2021 also saw the first instance in which a data event litigation was framed as a quintessential consumer pricing dispute—perhaps signaling that such cases may become more common.  In the wake of a ransomware attack involving the Colonial Pipeline, two groups of Plaintiffs filed suit alleging that the owners of the Colonial Pipeline failed “to properly secure the Colonial Pipeline’s critical infrastructure – leaving it subjected to potential ransomware attacks like the one that took place on May 7, 2021.”   See  Dickerson v. CDCP Colonial Partners , L.P., Case No. 1:21-cv-02098 (N.D. Ga.) ;  EZ Mart 1, LLC v. Colonial Pipeline Company , Case No. 1:21-cv-02522 (N.D. Ga.) .  This included the assertion that Defendants “failed to implement and maintain reasonable security measures, procedures, and practices appropriate to the nature and scope of [Defendants’ business operations].”  Plaintiffs sought to the Complaint seek to certify a nationwide class consisting of  “[a]ll entities and natural persons  who purchased gasoline from May 7, 2021 through Present and  who paid higher prices for gasoline as a result of the Defendant’s conduct alleged herein  (hereinafter the “Class”).”  Will we see more of this going forward?  Time will tell.

Finally, although  the Judicial Panel on Multidistrict Litigation (“JPML”) recently transferred and centralized over 40 data event and cybersecurity class actions brought against T-Mobile in the Western District of Missouri , data breach multidistrict litigations (“MDLs”) declined over prior years.  There were several instances in which the JPML declined requests to consolidate and coordinate pretrial proceedings in the wake of a data event.  Justifications given by the JPML in declining consolidation this year included that “centralization under Section 1407 should be the last solution after considered review of all other options,” which include “agreeing to proceed in a single forum via Section 1404 transfer of the cases and voluntary cooperation and coordination among the parties and the involved courts to avoid duplicative discovery or inconsistent rulings.”  When cybersecurity litigations have been primarily filed in the same forum or the parties are already coordinating, the JPML especially was disinclined to order MDL formation in 2021.

Looking Forward

In many regards, 2021 demonstrated the axiom “the more things change, the more they stay the same.”  Cybersecurity litigation trends in 2021 were a continuation of 2020.  Article III standing, privilege considerations and novel pleading strategies used by plaintiffs to survive a well-crafted motion to dismiss are expected to remain key issues in data event litigations in 2022.  Additionally, a larger development on the horizon remains the specter of liability to corporate officers and the board in the wake of a widespread cyberattack.  While the majority of cybersecurity litigations filed continue to be brought on behalf of plaintiffs whose personal information was purportedly disclosed, shareholders will increasingly look to hold executives responsible for failing to adopt reasonable security measures to prevent cyberattacks in the first instance.

Needless to say, 2022 should be another interesting year for data event litigations and for data privacy litigations more broadly.  Not to worry, CPW will be there to keep you in the loop.  Stay tuned.

Current Public Notices

Current legal analysis, more from squire patton boggs (us) llp, upcoming legal education events.

Sign Up for e-NewsBulletins

Artificial Intelligence and the Law

Legal scholars on the potential for innovation and upheaval.

• December 5, 2023
• Tomas Weber
• Illustrations by Joan Wong | Photography by Timothy Archibald
• Fall 2023 – Issue 109
• Cover Story
• Share on Twitter
• Share on Facebook
• Share by Email

Earlier this year, in Belgium, a young father of two ended his life after a conversation with an AI-powered chatbot. He had, apparently, been talking to the large language model regularly and had become emotionally dependent on it. When the system encouraged him to commit suicide, he did. “Without these conversations with the chatbot,” his widow told a Brussels newspaper, “my husband would still be here.”

A devastating tragedy, but one that experts predict could become a lot more common.

As the use of generative AI expands, so does the capacity of large language models to cause serious harm. Mark Lemley (BA ’88), the William H. Neukom Professor of Law, worries about a future in which AI provides advice on committing acts of terrorism, recipes for poisons or explosives, or disinformation that can ruin reputations or incite violence.

The question is who, if anybody, will be held accountable for these harms?

“We don’t have case law yet,” Lemley says. “The company that runs the AI is not doing anything deliberate. They don’t necessarily know what the AI is going to say in response to any given prompt.” So, who’s liable? “The correct answer, right now, might be nobody. And that’s something we will probably want to change.”

Generative AI is developing at a stunning speed, creating new and thorny problems in well-established legal areas, disrupting long-standing regimes of civil liability—and outpacing the necessary frameworks, both legal and regulatory, that can ensure the risks are anticipated and accounted for.

To keep up with the flood of new,  large language models like ChatGPT, judges and lawmakers will need to grapple, for the first time, with a host of complex questions. For starters, how should the law govern harmful speech that is not created by human beings with rights under the First Amendment? How must criminal statutes and prosecutions change to address the role of bots in the commission of crimes? As growing numbers of people seek legal advice from chatbots, what does that mean for the regulation of legal services? With large language models capable of authoring novels and AI video generators churning out movies, how can existing copyright law be made current?

Hanging over this urgent list of questions is yet another: Are politicians, administrators, judges, and lawyers ready for the upheaval AI has triggered?

ARTIFICIAL AGENTS, CRIMINAL INTENT

Did ChatGPT defame Professor Lemley?

In 2023, when Lemley asked the chatbot GPT-4 to provide information about himself, it said he had been accused of a crime: namely, the misappropriation of trade secrets. Director of the Stanford Program in Law, Science and Technology , Lemley had done no such thing. His area of research, it seems, had caused the chatbot to hallucinate criminal offenses.

More recently, while researching a paper on AI and liability, Lemley and his team asked Google for information on how to prevent seizures. The search engine responded with a link titled “Had a seizure, now what?” and Lemley clicked. Among the answers: “put something in someone’s mouth” and “hold the person down.” Something was very wrong. Google’s algorithm, it turned out, had sourced content from a webpage explaining precisely what not to do. The error could have caused serious injury. (This advice is no longer included in search results.)

Lemley says it is not clear AI companies will be held liable for errors like these. The law, he says, needs to evolve to plug the gaps. But Lemley is also concerned about an even broader problem: how to deal with AI models that cause harm but that have impenetrable technical details locked inside a black box.

Take defamation. Establishing liability, Lemley explains, requires a plaintiff to prove mens rea: an intent to deceive. When the author of an allegedly defamatory statement is a chatbot, though, the question of intent becomes murky and will likely turn on the model’s technical details: how exactly it was trained and optimized.

To guard against possible exposure, Lemley fears, developers will make their models less transparent. Turning an AI into a black box, after all, makes it harder for plaintiffs to argue that it had the requisite “intent.” At the same time, it makes models more difficult to regulate.

How, then, should we change the law? What’s needed, says Lemley, is a legal framework that incentivizes developers to focus less on avoiding liability and more on encouraging companies to create systems that reflect our preferences. We’d like systems to be open and comprehensible, he says. We’d prefer AIs that do not lie and do not cause harm. But that doesn’t mean they should only say nice things about people simply to avoid liability. We expect them to be genuinely informative.

In light of these competing interests, judges and policymakers should take a fine-grained approach to AI cases, asking what, exactly, we should be seeking to incentivize. As a starting point, suggests Lemley, we should dump the mens rea requirement in AI defamation cases now that we’ve entered an era when dangerous content can so easily be generated by machines that lack intent.

Lemley’s point extends to AI speech that contributes to criminal conduct. Imagine, he says, a chatbot generating a list of instructions for becoming a hit man or making a deadly toxin. There is precedent for finding human beings liable for these things. But when it comes to AI, once again accountability is made difficult by the machine’s lack of intent.

“We want AI to avoid persuading people to hurt themselves, facilitating crimes, and telling falsehoods about people,” Lemley writes in “Where’s the Liability in Harmful AI Speech?” So instead of liability resting on intent, which AIs lack, Lemley suggests an AI company should be held liable for harms in cases where it was designed without taking standard actions to mitigate risk.

“It is deploying AI to help prosecutors make decisions that are not conditioned on race. Because that’s what the law requires.”

Julian Nyarko, associate professor of law, on the algorithm he developed

At the same time, Lemley worries that holding AI companies liable when ordinary humans wouldn’t be, may inappropriately discourage development of the technology. He and his co-authors argue that we need a set of best practices for safe AI. Companies that follow the best practices would be immune from suit for harms that result from their technology while companies that ignore best practices would be held responsible when their AIs are found to have contributed to a resulting harm.

HELPING TO CLOSE THE ACCESS TO JUSTICE GAP 

As AI threatens to disrupt criminal law, lawyers themselves are facing major disruptions. The technology has empowered individuals who cannot find or pay an attorney to turn to AI-powered legal help. In a civil justice system awash in unmet legal need, that could be a game changer.

“It’s hard to believe,” says David Freeman Engstrom , JD ’02, Stanford’s LSVF Professor in Law and co-director of the Deborah L. Rhode Center on the Legal Profession , “but the majority of civil cases in the American legal system—that’s millions of cases each year—are debt collections, evictions, or family law matters.” Most pit a represented institutional plaintiff (a bank, landlord, or government agency) against an unrepresented individual. AI-powered legal help could profoundly shift the legal services marketplace while opening courthouse doors wider for all.

“Up until now,” says Engstrom, “my view was that AI wasn’t powerful enough to move the dial on access to justice.” That view was front and center in a book Engstrom published earlier this year, Legal Tech and the Future of Civil Justice . Then ChatGPT roared onto the scene—a “lightning-bolt moment,” as he puts it. The technology has advanced so fast that Engstrom now sees rich potential for large language models to translate back and forth between plain language and legalese, parsing an individual’s description of a problem and responding with clear legal options and actions.

“We need to make more room for new tools to serve people who currently don’t have lawyers,” says Engstrom, whose Rhode Center has worked with multiple state supreme courts on how to responsibly relax their unauthorized practice of law and related rules. As part of that work, a groundbreaking Rhode Center study offered the first rigorous evidence on legal innovation in Utah and Arizona, the first two states to implement significant reforms.

But there are signs of trouble on the horizon. This summer, a New York judge sanctioned an attorney for filing a motion that cited phantom precedents. The lawyer, it turns out, relied on ChatGPT for legal research, never imagining the chatbot might hallucinate fake law.

How worried should we be about AI-powered legal tech leading lay people—or even attorneys—astray? Margaret Hagan , JD ’13, lecturer in law, is trying to walk a fine line between techno-optimism and pessimism.

“I can see the point of view of both camps,” says Hagan, who is also the executive director of the Legal Design Lab , which is researching how AI can increase access to justice, as well as designing and evaluating new tools. “The lab tries to steer between those two viewpoints and not be guided by either optimistic anecdotes or scary stories.”

To that end, Hagan is studying how individuals are using AI tools to solve legal problems. Beginning in June, she gave volunteers fictional legal scenarios, such as receiving an eviction notice, and watched as they consulted Google Bard. “People were asking, ‘Do I have any rights if my landlord sends me a notice?’ and ‘Can I really be evicted if I pay my rent on time?’” says Hagan.

Bard “provided them with very clear and seemingly authoritative information,” she says, including correct statutes and ordinances. It also offered up imaginary case law and phone numbers of nonexistent legal aid groups.

In her policy lab class, AI for Legal Help , which began last autumn, Hagan’s students are continuing that work by interviewing members of the public about how they might use AI to help them with legal problems. As a future lawyer, Jessica Shin, JD ’25, a participant in Hagan’s class, is concerned about vulnerable people placing too much faith in these tools.

“I’m worried that if a chatbot isn’t dotting the i’s and crossing the t’s, key things can and will be missed—like  statute of limitation deadlines or other procedural steps that will make or break their cases,” she says.

“Government cannot govern AI, if government doesn’t understand AI.”

Daniel Ho, William Benjamin Scott and Luna M. Scott Professor of Law

Given all this promise and peril, courts need guidance, and SLS is providing it. Engstrom was just tapped by the American Law Institute to lead a multiyear project to advise courts on “high-volume” dockets, including debt, eviction, and family cases. Technology will be a pivotal part, as will examining how courts can leverage AI. Two years ago, Engstrom and Hagan teamed up with Mark Chandler, JD ’81, former Cisco chief legal officer now at the Rhode Center, to launch the Filing Fairness Project . They’ve partnered with courts in seven states, from Alaska to Texas, to make it easier for tech providers to serve litigants using AI-based tools. Their latest collaboration will work with the Los Angeles Superior Court, the nation’s largest, to design new digital pathways that better serve court users.

CAN MACHINES PROMOTE COMPLIANCE WITH THE LAW?

The hope that AI can be harnessed to help foster fairness and efficiency extends to the work of government too. Take criminal justice. It’s supposed to be blind, but the system all too often can be discriminatory—especially when it comes to race. When deciding whether to charge or dismiss a case, a prosecutor is prohibited by the Constitution from taking a suspect’s race into account. There is real concern, though, that these decisions might be shaped by racial bias—whether implicit or explicit.

Enter AI. Julian Nyarko , associate professor of law, has developed an algorithm to mask race-related information from felony reports. He then implemented the algorithm in a district attorney’s office, erasing racially identifying details before the reports reached the prosecutor’s desk. Nyarko believes his algorithm will help ensure lawful prosecutorial decisions.

“The work uses AI tools to increase compliance with the law,” he says. “It is deploying AI to help prosecutors make decisions that are not conditioned on race. Because that’s what the law requires.”

GOVERNING AI

While the legal profession evaluates how it might integrate this new technology, the government has been catching up on how to grapple with the AI revolution. According to Daniel Ho , the William Benjamin Scott and Luna M. Scott Professor of Law and a senior fellow at Stanford’s Institute for Human-Centered AI, one of the core challenges for the public sector is a dearth of expertise.

Very few specialists in AI choose to work in the public sector. According to a recent survey, less than 1 percent of recent AI PhD graduates took positions in government—compared with some 60 percent who chose industry jobs. A lack of the right people, and an ailing government digital infrastructure, means the public sector is missing the expertise to craft law and policy and effectively use these tools to improve governance. “Government cannot govern AI,” says Ho, “if government doesn’t understand AI.”

Ho, who also advises the White House as an appointed member of the National AI Advisory Committee (NAIAC), is concerned policymakers and administrators lack sufficient knowledge to separate speculative from concrete risks posed by the technology.

Evelyn Douek , a Stanford Law assistant professor, agrees. There is a lack of available information about how commonly used AI tools work—information the government could use to guide its regulatory approach, she says. The outcome? An epidemic of what Douek calls “magical thinking” on the part of the public sector about what is possible.

The information gap between the public and private sectors motivated a large research team from Stanford Law School’s Regulation, Evaluation, and Governance Lab (RegLab) to assess the feasibility of recent proposals for AI regulation. The team, which included Tino Cuéllar (MA ’96, PhD ’00), former SLS professor and president of the Carnegie Endowment for International Peace; Colleen Honigsberg , professor of law; and Ho, concluded that one important step is for the government to collect and investigate events in which AI systems seriously malfunction or cause harm, such as with bioweapons risk.

“If you look at other complex products, like cars and pharmaceuticals, the government has a database of information that details the factors that led to accidents and harms,” says Neel Guha, JD/PhD ’24 (BA ’18), a PhD student in computer science and co-author of a forthcoming paper that explores this topic. The NAIAC formally adopted this recommendation for such a reporting system in November.

“Our full understanding of how these systems are being used and where they might fail is still in flux,” says Guha. “An adverse-event-reporting system is a necessary prerequisite for more effective governance.”

MODERNIZING GOVERNMENT

While the latest AI models demand new regulatory tools and frameworks, they also require that we rethink existing ones—a challenge when the various stakeholders often operate in separate silos.

“Policymakers might propose something that is technically impossible. Engineers might propose a technical solution that is flatly illegal.” Ho says. “What you need are people with an understanding of both dimensions.”

Last year, Ho, Christie Lawrence, JD ’24, and Isaac Cui, JD ’25, documented extensive challenges the federal government faced in implementing AI legal requirements in an article. This led Ho to testify before the U.S. Senate on a range of reforms. And this work is driving change. The landmark White House executive order on AI adopted these recommendations, and the proposed AI Leadership to Enable Accountable Deployment (AI LEAD) Act would further codify recommendations, such as the creation of a chief AI officer, agency AI governance boards, and agency strategic planning. These requirements would help ensure the government is able to properly use and govern the technology.

“If generative AI technologies continue on their present trajectory, it seems likely that they will upend many of our assumptions about a copyright system.”

Paul Goldstein, Stella W. and Ira S. Lillick Professor of Law

Ho, as faculty director of RegLab, is also building bridges with local and federal agencies to develop high-impact demonstration projects of machine learning and data science in the public sector.

The RegLab is working with the Internal Revenue Service to modernize the tax-collection system with AI. It is collaborating with the Environmental Protection Agency to develop machine-learning technology to improve environmental compliance. And during the pandemic, it partnered with Santa Clara County to improve the public health department’s wide range of pandemic response programs.

“AI has real potential to transform parts of the public sector,” says Ho. “Our demonstration projects with government agencies help to envision an affirmative view of responsible technology to serve Americans.”

In a sign of an encouraging shift, Ho has observed an increasing number of computer scientists gravitating toward public policy, eager to participate in shaping laws and policy to respond to rapidly advancing AI, as well as law students with deep interests in technology. Alumni of the RegLab have been snapped up to serve in the IRS and the U.S. Digital Service, the technical arm of the executive branch. Ho himself serves as senior advisor on responsible AI to the U.S. Department of Labor. And the law school and the RegLab are front and center in training a new generation of lawyers and technologists to shape this future.

AI GOES TO HOLLYWOOD 

Swaths of books and movies have been made about humans threatened by artificial intelligence, but what happens when the technology becomes a menace to the entertainment industry itself? It’s still early days for generative AI-created novels, films, and other content, but it’s beginning to look like Hollywood has been cast in its own science fiction tale—and the law has a role to play.

“If generative AI technologies continue on their present trajectory,” says the Stella W. and Ira S. Lillick Professor of Law Paul Goldstein , “it seems likely that they will upend many of our assumptions about a copyright system.”

There are two main assumptions behind intellectual property law that AI is on track to disrupt. From feature films and video games with multimillion-dollar budgets to a book whose author took five years to complete, the presumption has been that copyright law is necessary to incentivize costly investments. Now AI has upended that logic.

“When a video game that today requires a $100 million investment can be produced by generative AI at a cost that is one or two orders of magnitude lower,” says Goldstein, “the argument for copyright as an incentive to investment will weaken significantly across popular culture.”

The second assumption, resting on the consumer side of the equation, is no more stable. Copyright, a system designed in part to protect the creators of original works, has also long been justified as maximizing consumer choice. However, in an era of AI-powered recommendation engines, individual choice becomes less and less important, and the argument will only weaken as streaming services “get a lot better at figuring out what suits your tastes and making decisions for you,” says Goldstein.

If these bedrock assumptions behind copyright are both going to be rendered “increasingly irrelevant” by AI, what then is the necessary response? Goldstein says we need to find legal frameworks that will better safeguard human authors.

“I believe that authorship and autonomy are independent values that deserve to be protected,” he says. Goldstein foresees a framework in which AI-produced works are clearly labeled as such to guarantee consumers have accurate information.

The labeling approach may have the advantage of simplicity, but on its own it is not enough. At a moment of unprecedented disruption, Goldstein argues, lawmakers should be looking for additional ways to support human creators who will find themselves competing with AIs that can generate works faster and for a fraction of the cost. The solution, he suggests, might involve looking to practices in countries that have traditionally given greater thought to supporting artists, such as those in Europe.

“There will always be an appetite for authenticity, a taste for the real thing,” Goldstein says. “How else do you explain why someone will pay $2,000 to watch Taylor Swift from a distant balcony, when they could stream the same songs in their living room for pennies?” In the case of intellectual property law, catching up with the technology may mean heeding our human impulse—and taking the necessary steps to facilitate the deeply rooted urge to make and share authentic works of art.  SL

Internet Regulation vs. Freedom of Speech: A Cyberlaw Case Study of Section 230

20 Pages Posted: 18 Jun 2021

Justin Raynor

Northeastern University

Seyed Ali Akhavani

Alseny d. bah, tucker brouillard.

Independent

Brittany Gaston

Christopher o'keefe.

Date Written: May 20, 2021

Hailed as a savior of free speech while concurrently facing harsh criticism as an immunity shield for scandalous behavior and big tech, there is no denying the notoriety of Section 230. Big tech companies claim the statute is an essential building block of progress and allows for a free internet. Contrarily, both democrats and republicans want it reformed or revoked altogether yet disagree about why or how. Referencing Twitter tagging his tweets as misinformation, former President Donald Trump tweeted on various occasions about the need to repeal or revoke Section 230 — at one point claiming Twitter was “out of control.” Meanwhile, on the other side of the presidential trail, Joe Biden also called for the revocation of Section 230. Biden’s reasoning contrasted directly with Trump’s, he argued that social media ought to be held responsible when it assists users in spreading things that are not true. Trump essentially argued social media companies ought not regulate user content, whereas Biden argued they ought to regulate content more. But in both cases Section 230 was to blame. Arguments against 230 often fail to consider how they depend on the very protections also offered by the clause. This understandably spurs confusion around the topic. Yet, in a polarized society, this kind of dichotomy is all too familiar. Nonetheless, the peculiarity and prevalence of the rhetoric regarding Section 230 warrants analysis. We must not let the essential protections of the statute be victim to the whims and chaos of current political discourse. Effective and meaningful reform of Section 230, if necessary, would require clarity over misconceptions and half-truths.

Keywords: Cyberlaw, Section 230, Social Media

Suggested Citation: Suggested Citation

Justin Raynor (Contact Author)

Northeastern university ( email ).

220 B RP Boston, MA 02115 United States

Independent ( email )

Do you have a job opening that you would like to promote on ssrn, paper statistics, related ejournals, cybersecurity, privacy, & networks ejournal.

Subscribe to this fee journal for more curated articles on this topic

Innovation Law & Policy eJournal

Electrical engineering ejournal, industrial & manufacturing engineering ejournal, communication law & policy ejournal.

Cyber Law Notes and Study Materials

• Cyber Law Blogs Subject-wise Law Notes
• Aishwarya Agrawal
• August 11, 2024

Hello Readers!

This article provides comprehensive Cyber Law notes with case laws.

These Cyber Law notes can be used as a free, online, and self-paced course for learners , a perfect resource for Judicial Service Exams and UPSC CSE Law Optional aspirants , and a sufficient reference for readers who want to learn or research about Cyber Law.

For books on Cyber Law, click here .

We understand it’s difficult to find complete Cyber Law Notes in one place, hence we attempted to provide them all in one place.

We hope these Cyber Law Notes will suffice the purpose. If you think we missed anything or you just want to thank us,  fill this form.

Introduction

Jurisdictional Aspects in Cyber Law

Cyber Crimes & Legal Framework

Appropriate Bodies for Redressing Civil and Criminal Offence

Right to Privacy and Data Protection on Internet

Electronic Signature and E Contracting

E-Governance and E Commerce

Intellectual Property Issues in Cyber Space

Important Points of Information Technology Act, 2000

Related Articles

For notes on other subjects,  click here .

For case briefs and analysis,  click here .

We hope you found Cyber Law notes’ on every topic related to Cyber Law. If you think we missed anything, help us by mentioning the details in  this form.

Disclaimer:

We have done our best to provide the right information. However, we don’t claim the content to be genuine. We suggest readers to do check it.

You might like

International Law Notes, Case Laws and Reading Materials

No Fault Liability under the Motor Vehicles Act, 1988

Non-Joinder and Misjoinder of Parties

Leave a reply cancel reply.

Your email address will not be published. Required fields are marked *

Name  *

Email  *

Add Comment  *

Post Comment

Cyber Law - Notes, Case Laws And Study Material

Cyber law is fundamentally the branch of law that deals with legal issues related to the use of information technology..

Cyber law is fundamentally the branch of law that deals with legal issues related to the use of information technology. It essentially encompasses laws relating to electronic and digital signatures, cybercrime, cybersecurity, intellectual property, data protection and privacy. The governing mechanisms and legal structures that oversee electronic commerce in India also fall within the domain of cyber law.

As the number of internet users is on the rise, the need for cyber laws and their application has also gathered great momentum.

Legal Bites brings you the best study material to understand the fundamentals of cyber law. The course has been designed keeping in mind the requirements of budding cyber lawyers and cybersecurity experts. The three modules of this course will help readers master the technicalities of cyber and information technology laws. The study material also focuses on the key aspects of Intellectual Property Rights, e-contracts and e-governance.

Important Articles and Study Material on Cyber And Information Technology Law – Click on the links to Read:

Module i: introduction to cyber space and cyber law.

• Cyber Space: Meaning, Regulation and Scope
• Distinction Between Conventional Crime And Cyber Crime
• Cyber Law: The Information Technology Law and its Application
• The Information Technology Law: Important Definitions
• Jurisdictional Issues in Cyber Space

Module II: Electronic Contracts

• E-Commerce and E-Contracts: Overview And Analysis
• Technical and Legal issues in electronic contracts
• Electronic Contracts: Enforceability, Security and Privacy Issues
• Digital Signature: Concept, Object and Usage
• A General Overview of Data Privacy in India

Module III: Intellectual Property Rights in Cyber Space

• Trademark issues in Cyber Space
• Copyright Issues in Cyberspace
• Right to be Forgotten: Case Study: Google Spain v. AEPD and Mario Costeja Gonzalez
• Copyright and its Subject Matter
• Copyright Infringement
• Doctrine of Fair Dealing: Meaning, importance and Case Laws
• Copyright Protection in the Cyberspace within the IT Act, 2000

Module IV: Cyber Crime

• Cyber Crimes and their types
• International Legal Regime relating to Cyber Crimes
• Cyberbullying Laws in India
• Cyber Activism: An Infoxication
• Child Pornography – A Menace
• Plagiarism in the Cyberspace

Other Articles

Strengthening Cyber Security and Data Protection in India: An Analysis of Legal Frameworks and Case Studies

• Information Technology Act, 2000 (with Amendments)
• Digital Signature and Electronic Signature
• E-Governance
• Technology and Cyber Legal Challenges

Your valuable feedback in the form of comments or any desired inputs are encouraged and always welcome. Every contribution toward a goal is valuable, regardless of how small it may be.

Admin Legal Bites

Legal Bites Study Materials correspond to what is taught in law schools and what is tested in competitive exams. It pledges to offer a competitive advantage, prepare for tests, and save a lot of money.

Related News

Library electronic resources outage May 29th and 30th

Between 9:00 PM EST on Saturday, May 29th and 9:00 PM EST on Sunday, May 30th users will not be able to access resources through the Law Library’s Catalog, the Law Library’s Database List, the Law Library’s Frequently Used Databases List, or the Law Library’s Research Guides. Users can still access databases that require an individual user account (ex. Westlaw, LexisNexis, and Bloomberg Law), or databases listed on the Main Library’s A-Z Database List.

• Georgetown Law Library
• Foreign & International Law

International and Foreign Cyberspace Law Research Guide

Introduction.

• Secondary Sources
• Technical Standards & Domain Names
• IGO & NGO Resources
• UNCITRAL Treaty & Model Laws
• WIPO Resources on Intellectual Property & E-Commerce
• National Law
• EU Digital Single Market & Strategy
• Treaties & International Agreements
• European Union
• IGO, NGO, & U.S. Government Resources
• Tallinn Manual & Primary Law Applicable to Cyber Conflicts
• News & Current Awareness
• Additional Resources

Key to Icons

• Georgetown only
• On Bloomberg
• More Info (hover)
• Preeminent Treatise

This research guide focuses on laws that regulate information technology at the international level and in jurisdictions outside the United States. It also covers legal issues that arise in connection with the use of information technology across national boundaries. In addition to identifying resources that provide an introduction to this wide-ranging subject matter, the guide also covers five narrower, but interrelated topics: 

• Internet Governance
• Electronic Commerce
• Data Protection & Privacy
• Cyber Crime
• Cyber Warfare & Terrorism

Use the Table of Contents menu on the left to access sections of this guide which address these narrower topics.  

Key Resources for International Cyberspace Research

• Bloomberg Law: Privacy & Data Security Practice Center Includes primary law from 65 national and sub-national jurisdictions, including some in English translation; summaries of primary law by subject; treatises and other secondary sources; and news and current awareness tools.
• VitalLaw: Cybersecurity & Privacy Includes primary law from the U.S. and the E.U.; practice guides, treatises, and other secondary sources; and news and current awareness tools.
• International Encyclopaedia of Laws: Cyber Law Online Provides detailed summaries of national laws governing information technology, e-commerce, online privacy, and computer-related crime in 38 jurisdictions, with citations to primary law.
• PLI Plus: Cybersecurity and Data Protection This from the Practising Law Institute shows treatises, guidebooks, forms, checklists, and CLE programming on cybersecurity, data protection, and related information technology issues. The focus is primarily on U.S. law, with more limited coverage of the law in other jurisdictions.

Int’l Cyberspace Law

Update History

Revised 02/2023 (dei) Updated 08/2022 (chb) Updated 08/2019 (chb) Revised 07/2017 (chb) Revised 05/2010 (ras) Updated 08/2008 (ras) Revised 03/2007 (aeb)

• Next: Secondary Sources >>
• © Georgetown University Law Library. These guides may be used for educational purposes, as long as proper credit is given. These guides may not be sold. Any comments, suggestions, or requests to republish or adapt a guide should be submitted using the Research Guides Comments form . Proper credit includes the statement: Written by, or adapted from, Georgetown Law Library (current as of .....).
• Last Updated: Mar 25, 2024 8:22 PM
• URL: https://guides.ll.georgetown.edu/cyberspace

Landmark Cyber Law cases in India

• Post author By ashwin
• Post date March 1, 2021

By:-Muskan Sharma

Introduction

Cyber Law, as the name suggests, deals with statutory provisions that regulate Cyberspace. With the advent of digitalization and AI (Artificial Intelligence), there is a significant rise in Cyber Crimes being registered. Around 44, 546 cases were registered under the Cyber Crime head in 2019 as compared to 27, 248 cases in 2018. Therefore, a spike of 63.5% was observed in Cyber Crimes [1] .

The legislative framework concerning Cyber Law in India comprises the Information Technology Act, 2000 (hereinafter referred to as the “ IT Act ”) and the Rules made thereunder. The IT Act is the parent legislation that provides for various forms of Cyber Crimes, punishments to be inflicted thereby, compliances for intermediaries, and so on.

Learn more about  Cyber Laws Courses with Enhelion’s Online Law Course ! 

However, the IT Act is not exhaustive of the Cyber Law regime that exists in India. There are some judgments that have evolved the Cyber Law regime in India to a great extent. To fully understand the scope of the Cyber Law regime, it is pertinent to refer to the following landmark Cyber Law cases in India:

• Shreya Singhal v. UOI [2]

In the instant case, the validity of Section 66A of the IT Act was challenged before the Supreme Court.

Facts: Two women were arrested under Section 66A of the IT Act after they posted allegedly offensive and objectionable comments on Facebook concerning the complete shutdown of Mumbai after the demise of a political leader. Section 66A of the IT Act provides punishment if any person using a computer resource or communication, such information which is offensive, false, or causes annoyance, inconvenience, danger, insult, hatred, injury, or ill will.

The women, in response to the arrest, filed a petition challenging the constitutionality of Section 66A of the IT Act on the ground that it is violative of the freedom of speech and expression.

Decision: The Supreme Court based its decision on three concepts namely: discussion, advocacy, and incitement. It observed that mere discussion or even advocacy of a cause, no matter how unpopular, is at the heart of the freedom of speech and expression. It was found that Section 66A was capable of restricting all forms of communication and it contained no distinction between mere advocacy or discussion on a particular cause which is offensive to some and incitement by such words leading to a causal connection to public disorder, security, health, and so on.

Learn more about  Cyber Laws with Enhelion’s Online Law firm certified Course! 

In response to the question of whether Section 66A attempts to protect individuals from defamation, the Court said that Section 66A condemns offensive statements that may be annoying to an individual but not affecting his reputation.

However, the Court also noted that Section 66A of the IT Act is not violative of Article 14 of the Indian Constitution because there existed an intelligible difference between information communicated through the internet and through other forms of speech. Also, the Apex Court did not even address the challenge of procedural unreasonableness because it is unconstitutional on substantive grounds.

• Shamsher Singh Verma v. State of Haryana [3]

In this case, the accused preferred an appeal before the Supreme Court after the High Court rejected the application of the accused to exhibit the Compact Disc filed in defence and to get it proved from the Forensic Science Laboratory.

The Supreme Court held that a Compact Disc is also a document. It further observed that it is not necessary to obtain admission or denial concerning a document under Section 294 (1) of CrPC personally from the accused, the complainant, or the witness.

• Syed Asifuddin and Ors. v. State of Andhra Pradesh and Anr. [4]

Facts: The subscriber purchased a Reliance handset and Reliance mobile services together under the Dhirubhai Ambani Pioneer Scheme. The subscriber was attracted by better tariff plans of other service providers and hence, wanted to shift to other service providers. The petitioners (staff members of TATA Indicom) hacked the Electronic Serial Number (hereinafter referred to as “ESN”). The Mobile Identification Number (MIN) of Reliance handsets were irreversibly integrated with ESN, the reprogramming of ESN made the device would be validated by Petitioner’s service provider and not by Reliance Infocomm.

Questions before the Court: i) Whether a telephone handset is a “Computer” under Section 2(1)(i) of the IT Act?

• ii) Whether manipulation of ESN programmed into a mobile handset amounts to an alteration of source code under Section 65 of the IT Act?

Decision: (i) Section 2(1)(i) of the IT Act provides that a “computer” means any electronic, magnetic, optical, or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic, or optical impulses, and includes all input, output, processing, storage, computer software or communication facilities which are connected or related to the computer in a computer system or computer network. Hence, a telephone handset is covered under the ambit of “computer” as defined under Section 2(1)(i) of the IT Act.

(ii)  Alteration of ESN makes exclusively used handsets usable by other service providers like TATA Indicomm. Therefore, alteration of ESN is an offence under Section 65 of the IT Act because every service provider has to maintain its own SID code and give its customers a specific number to each instrument used to avail the services provided. Therefore, the offence registered against the petitioners cannot be quashed with regard to Section 65 of the IT Act.

• Shankar v. State Rep [5]

Facts: The petitioner approached the Court under Section 482, CrPC to quash the charge sheet filed against him. The petitioner secured unauthorized access to the protected system of the Legal Advisor of Directorate of Vigilance and Anti-Corruption (DVAC) and was charged under Sections 66, 70, and 72 of the IT Act.

Decision: The Court observed that the charge sheet filed against the petitioner cannot be quashed with respect to the law concerning non-granting of sanction of prosecution under Section 72 of the IT Act.

• Christian Louboutin SAS v. Nakul Bajaj & Ors . [6]

Facts: The Complainant, a Luxury shoes manufacturer filed a suit seeking an injunction against an e-commerce portal www.darveys.com for indulging in a Trademark violation with the seller of spurious goods.

The question before the Court was whether the defendant’s use of the plaintiff’s mark, logos, and image are protected under Section 79 of the IT Act.

Decision: The Court observed that the defendant is more than an intermediary on the ground that the website has full control over the products being sold via its platform. It first identifies and then promotes third parties to sell their products. The Court further said that active participation by an e-commerce platform would exempt it from the rights provided to intermediaries under Section 79 of the IT Act.

• Avnish Bajaj v. State (NCT) of Delhi [7]

Facts: Avnish Bajaj, the CEO of Bazee.com was arrested under Section 67 of the IT Act for the broadcasting of cyber pornography. Someone else had sold copies of a CD containing pornographic material through the bazee.com website.

Decision: The Court noted that Mr. Bajaj was nowhere involved in the broadcasting of pornographic material. Also, the pornographic material could not be viewed on the Bazee.com website. But Bazee.com receives a commission from the sales and earns revenue for advertisements carried on via its web pages.

The Court further observed that the evidence collected indicates that the offence of cyber pornography cannot be attributed to Bazee.com but to some other person. The Court granted bail to Mr. Bajaj subject to the furnishing of 2 sureties Rs. 1 lakh each. However, the burden lies on the accused that he was merely the service provider and does not provide content.

• State of Tamil Nadu v. Suhas Katti [8]

The instant case is a landmark case in the Cyber Law regime for its efficient handling made the conviction possible within 7 months from the date of filing the FIR.

Facts: The accused was a family friend of the victim and wanted to marry her but she married another man which resulted in a Divorce. After her divorce, the accused persuaded her again and on her reluctance to marrying him, he took the course of harassment through the Internet. The accused opened a false e-mail account in the name of the victim and posted defamatory, obscene, and annoying information about the victim.

A charge-sheet was filed against the accused person under Section 67 of the IT Act and Section 469 and 509 of the Indian Penal Code, 1860.

Decision: The Additional Chief Metropolitan Magistrate, Egmore convicted the accused person under Section 469 and 509 of the Indian Penal Code, 1860 and Section 67 of the IT Act. The accused was subjected to the Rigorous Imprisonment of 2 years along with a fine of Rs. 500 under Section 469 of the IPC, Simple Imprisonment of 1 year along with a fine of Rs. 500 under Section 509 of the IPC, and Rigorous Imprisonment of 2 years along with a fine of Rs. 4,000 under Section 67 of the IT Act.

• CBI v. Arif Azim (Sony Sambandh case)

A website called www.sony-sambandh.com enabled NRIs to send Sony products to their Indian friends and relatives after online payment for the same.

In May 2002, someone logged into the website under the name of Barbara Campa and ordered a Sony Colour TV set along with a cordless telephone for one Arif Azim in Noida. She paid through her credit card and the said order was delivered to Arif Azim. However, the credit card agency informed the company that it was an unauthorized payment as the real owner denied any such purchase.

A complaint was therefore lodged with CBI and further, a case under Sections 418, 419, and 420 of the Indian Penal Code, 1860 was registered. The investigations concluded that Arif Azim while working at a call center in Noida, got access to the credit card details of Barbara Campa which he misused.

The Court convicted Arif Azim but being a young boy and a first-time convict, the Court’s approach was lenient towards him. The Court released the convicted person on probation for 1 year. This was one among the landmark cases of Cyber Law because it displayed that the Indian Penal Code, 1860 can be an effective legislation to rely on when the IT Act is not exhaustive.

• Pune Citibank Mphasis Call Center Fraud

Facts: In 2005, US $ 3,50,000 were dishonestly transferred from the Citibank accounts of four US customers through the internet to few bogus accounts. The employees gained the confidence of the customer and obtained their PINs under the impression that they would be a helping hand to those customers to deal with difficult situations. They were not decoding encrypted software or breathing through firewalls, instead, they identified loopholes in the MphasiS system.

Decision: The Court observed that the accused in this case are the ex-employees of the MphasiS call center. The employees there are checked whenever they enter or exit. Therefore, it is clear that the employees must have memorized the numbers. The service that was used to transfer the funds was SWIFT i.e. society for worldwide interbank financial telecommunication. The crime was committed using unauthorized access to the electronic accounts of the customers. Therefore this case falls within the domain of ‘cyber crimes”. The IT Act is broad enough to accommodate these aspects of crimes and any offense under the IPC with the use of electronic documents can be put at the same level as the crimes with written documents.

The court held that section 43(a) of the IT Act, 2000 is applicable because of the presence of the nature of unauthorized access that is involved to commit transactions. The accused were also charged under section 66 of the IT Act, 2000 and section 420 i.e. cheating, 465,467 and 471 of The Indian Penal Code, 1860.

• SMC Pneumatics (India) Pvt. Ltd. vs. Jogesh Kwatra [9]

Facts: In this case, Defendant Jogesh Kwatra was an employee of the plaintiff’s company. He started sending derogatory, defamatory, vulgar, abusive, and filthy emails to his employers and to different subsidiaries of the said company all over the world to defame the company and its Managing Director Mr. R K Malhotra. In the investigations, it was found that the email originated from a Cyber Cafe in New Delhi. The Cybercafé attendant identified the defendant during the enquiry. On 11 May 2011, Defendant was terminated of the services by the plaintiff.

Decision: The plaintiffs are not entitled to relief of perpetual injunction as prayed because the court did not qualify as certified evidence under section 65B of the Indian Evidence Act. Due to the absence of direct evidence that it was the defendant who was sending these emails, the court was not in a position to accept even the strongest evidence. The court also restrained the defendant from publishing, transmitting any information in the Cyberspace which is derogatory or abusive of the plaintiffs.

The Cyber Law regime is governed by the IT Act and the Rules made thereunder. Also, one may take recourse to the provisions of the Indian Penal Code, 1860 when the IT Act is unable to provide for any specific type of offence or if it does not contain exhaustive provisions with respect to an offence.

However, the Cyber Law regime is still not competent enough to deal with all sorts of Cyber Crimes that exist at this moment. With the country moving towards the ‘Digital India’ movement, the Cyber Crimes are evolving constantly and new kinds of Cyber Crimes enter the Cyber Law regime each day. The Cyber Law regime in India is weaker than what exists in other nations.

Hence, the Cyber Law regime in India needs extensive reforms to deal with the huge spike of Cyber Crimes each year.

[1] “Crime in India – 2019” Snapshots (States/UTs), NCRB, available at: https://ncrb.gov.in/sites/default/files/CII%202019%20SNAPSHOTS%20STATES.pdf (Last visited on 25 th Feb; 2021)

[2] (2013) 12 SCC 73

[3] 2015 SCC OnLine SC 1242

[4] 2005 CriLJ 4314

[5] Crl. O.P. No. 6628 of 2010

[6] (2018) 253 DLT 728

[7] (2008) 150 DLT 769

[8] CC No. 4680 of 2004

[9] CM APPL. No. 33474 of 2016

• Tags artificial intelligence courses online , aviation law courses india , best online law courses , business law course , civil courts , civil law law courses online , civil system in india , competition law , corporate law courses online , covaxin , covid vaccine , diploma courses , diploma in criminal law , drafting , fashion law online course , how to study law at home , indian law institute online courses , innovation , Intellectual Property , international law courses , international law degree online , international law schools , introduction to law course , invention , knowledge , labour law course distance learning , law , law certificate courses , law certificate programs online , law classes , law classes online , law college courses , law courses in india , law firms , law schools , lawyers , learn at home , legal aid , legal courses , online law courses , online law courses in india , pfizer , pleading , space law courses , sports law , sports law courses , study criminal law online , study later , study law at home , study law by correspondence , study law degree online , study law degree online australia , study law distance education , study law distance learning , study law online , study law online free , study law online uk , study legal studies online , teach law online , technology law courses , trademark

Unpacking Cyber Crime: In-depth Analysis and Case Studies

• By Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3

In an era characterized by unprecedented digital connectivity, our reliance on the Internet and other digital technologies has grown exponentially. However, this dependence has also opened gates to a nefarious world of crimes committed in cyberspace, known as cyber crimes. Ranging from the theft of an individual’s personal data to crippling nations’ infrastructures, these digital felonies have evolved to become one of the most sophisticated challenges to law enforcement agencies and national security. This in-depth exploration of cybercrime provides an illumination into its diverse forms, historical progression, notorious instances, societal impact, and viable prevention strategies. This discourse aims to furnish the reader with a lucid understanding of the complex web interweaved by cybercriminals, the extensive damage they perpetrate, and, most importantly, how to arm and protect ourselves in this ongoing battle in the digital world.

Types of Cyber Crime

Unmasking the multifaceted threat of cybercrime in our digital society.

As the digital era takes firm root, transcending almost all facets of our daily lives, it unveils an ever-evolving landscape of vulnerability to various types of cyber crimes. Understanding the nuanced complexities of these threats is indispensable in guiding our collective response to safeguard the inviolability of our virtual dwellings.

Imperative for discussion is the specter of identity theft, which involves the unlawful acquisition and utilization of another individual’s personal information for illegitimate financial gains. Cybercriminals exploit various avenues, such as phishing schemes and data breaches, to execute this violation, leading to disastrous personal and financial consequences for the victim.

Malware , a portmanteau of malicious software, lingers as another notable threat. Ruthlessly subtle, this category of cybercrime extends to ransomware , which locks users out of their systems or data, holding it hostage until a ransom is paid. Spyware follows closely, covertly monitoring and transmitting the user’s activities to a third party. Both breed a pervasive sense of violation and create vast economic downstream effects.

Cyberstalking and cyberbullying, while demarcated less by economic impacts, remain potent narcotics in the cocktail of cybersecurity threats. These crimes are characterized by intentional intimidation, harassment, or threat to another individual, utilizing digital mediums. The psychological trauma imparted by these infringements reflects the wider societal repercussions that transcend the digital sphere.

Notably, the list would be incomplete without recognizing cyber-terrorism and cyber-warfare. These acts, striking at the intersection of technology and geopolitical maneuvering, involve the use of Internet-based attacks in terrorist activities and warfare, often targeting critical infrastructures and national security or causing a state of panic and fear.

The rapidly evolving universe of financial technology is not untouched by cybercrime. Crypto-jacking emerges as a salient threat where hackers hijack a computer’s resources to mine for cryptocurrency without the owner’s knowledge or consent— a subtle and yet potent symbol of how technology’s greatest strengths can morph into its most haunting vulnerabilities.

Lastly, the advent of Deepfakes and AI-generated content birthed a new realm of cybercrime. These acts involve the use of artificial intelligence to create or alter video, audio, or image content to depict scenes or convey messages that were never captured or intended, potentially causing severe personal, political, and societal unrest.

In navigating through the labyrinth of cybercrime, it becomes clear that our informational infrastructure functions as a double-edged sword. Heightened awareness and understanding of the multiple types of cyber crimes, corrective measures, and prevention strategies are critical to ensure the security of our accelerated journey into the digital age. As we teeter on the brink of this new epoch, let it be fortified by knowledge, caution, and, above all, a shared responsibility toward a safe and secure online world.

Historical Perspective of Cyber Crime

The evolutionary trajectories of cybercriminal strategies: a deeper dive.

While initial aspects of cybercrime, including identity theft, malware, cyberstalking, and cyber-terrorism, remain relevant, the ingenious adaptability of cybercriminals continues to morph these original paradigms into more complex constructs. Deepfakes and AI-generated content, crypto-jacking, and even cyber warfare itself continue to evolve. More recently, however, these forms of cybercrime are being joined, and in some cases superseded, by other more sophisticated threats.

Spear phishing, a targeted version of phishing, has emerged as one of the most insidious cybercrimes. Cybercriminals no longer toss out a wide net in the hopes of ensnaring an unsuspecting fish but have now shifted to crafting precise, personalized lures to hook specific individuals or organizations. This modality, premised on thorough research and social engineering , typifies today’s cunning adversary, who forgoes brute force for psychological manipulation.

Next in this progression of cybercrime sophistication is the advent of Advanced Persistent Threat s (APTs). Unlike the blitzkrieg assault-style adopted by most traditional cyberattack s, APTs are slow and methodical infiltrations designed to remain undetected for prolonged periods. By leveraging backdoor techniques and a patient, stealthy approach, these threat actors compromise systems to exfiltrate data or create systemic disruption in a silent, protracted manner.

Further underscoring the evolutionary trends, cybercriminals now employ Botnets, networks of compromised devices commanded by a central operator. The damages that can be inflicted range from devastating Distributed Denial-of-Service attacks to enormous volumes of spam mail. Cybercriminals disregard the sanctity of individual autonomy and readily surrender to the collective might of these enslaved devices.

Reflecting a leap from dexterity to craftiness, supply chain attack s represent another ingenious cybercriminal innovation. These comprise a systemic, strategic violation entailing the compromise of trusted software or hardware suppliers. By infiltrating these sources, cybercriminals can lurk undetected, poised to pounce on end-users who implicitly trust their providers and, by extension, become unsuspecting victims.

Lastly, while already touched upon in the subject of deepfakes, weaponized AI and Machine Learning take the potential for harm to unprecedented heights. As these technologies advance, they become double-edged swords, providing enormous potential benefits but also harboring potential hazards. They can be manipulated to carry out highly sophisticated attacks that adapt, learn, and emulate human behaviors, making them harder to detect and counter.

In conclusion, the cybercriminal landscape remains perpetually fluid. It continues to evolve, harboring devastating potential and emphasizing the critical need for robust countermeasures and vigilance. As much as we are captivated by technology’s spell, we must also remain equally committed to fathoming its dark possibilities and approach this evolving challenge with the same unyielding determination.

Depicting Major Cyber Crime Case Studies

When regarding the multifaceted arena of cybercrimes, a few notorious examples have made all the difference in shaping both legislative processes and public perception. These archetypical scenarios paint a stark picture of the danger posed by cybercriminals and the significant, often devastating, consequences for victims.

The infamous Yahoo data breach, which revealed itself from 2013 to 2014, can never be forgotten. It compromised approximately three billion user accounts, rendering it the most prodigious data compromise in history. Personal data, including names, email addresses, and passwords, fell into malevolent hands, leading to a leap in fraudulent activities globally. The ensuing turbulence resulted in the resignation of Yahoo’s CEO, loss of consumer trust, and a $50 million settlement.

Adobe Systems witnessed a devastating blow in October 2013—a data violation exposing approximately 38 million active user accounts. The compromised data included encrypted debit and credit card data paired with user login credentials, creating a substantial identity theft concern. Adobe had to face huge economic losses and significant reputation damage, which took years to recover from.

The Heartland Payment Systems breach in 2008 was another significant incident that stirred the digital world. Dating back to when companies scarcely understood the imminent threat of cybercrime, this attack led to a loss of over 130 million credit and debit card details. Heartland witnessed a significant financial loss of around $140 million in remediation.

In terms of affecting global infrastructure, the WannaCry ransomware attack in May 2017 was a stark example. The ransomware targeted computers running Microsoft Windows, encrypting data and demanding ransom in Bitcoin. Over 200,000 systems across 150 countries, including significant healthcare organizations, were taken hostage. The immense global disruption prompted a surge in infrastructure investment to improve cyber defense capabilities.

While most attacks impact a specific corporation or sector, the Mirai botnet attack of 2016 introduced a broader systemic threat. The malware transformed networked devices such as IP cameras, printers, and routers into a botnet to conduct distributed denial-of-service attacks. With millions of IoT devices compromised, the Mirai botnet was capable of unparalleled distributed destruction, showcasing how vulnerable global digital infrastructure can be.

Cyber espionage provides another multifaceted concern. An example was Operation Aurora in 2009, aiming to steal sensitive information from top companies, including Google and Adobe. This incident underscored the threat toward intellectual property and corporate competitive advantage, galvanizing a reevaluation of digital security measures in businesses across the world.

On the more sinister end of the spectrum, the Stuxnet worm attack showcased how cybercrime could transform into cyber warfare. In 2010, the Stuxnet worm damaged approximately one-fifth of Iran’s nuclear centrifuges, epitomizing how cyber-attacks can transgress the digital realm and enact substantial real-world damage.

Through these examples and more, it becomes perceptibly clear how multifarious the landscape of cybercrimes truly is. It underscores the imperative need for stringent cybersecurity measures, vigorous legislative action, and individual awareness of the perils that lurk in the depths of the digital world. As we further immerse ourselves in an overwhelmingly interconnected society, it is incumbent upon us to study and learn from these sobering lessons of history.

Impact of Cyber Crime on Individuals and Society

Beyond the directly visible forms of cybercrime, such as identity theft, malware, cyberbullying, deepfakes, cyberterrorism, and crypto-jacking, there lies a plethora of repercussions affecting individual victims and wider societal structures. These implications come as a direct result of cybercrime, which infiltrates various sectors, from personal privacy to economic stability, manifesting differently across each strata of society.

When confronted with the repercussions of cybercrime, it is essential to explore the psychological impact on victims. According to research conducted by the American Psychological Association, individuals who have been victims of cyber crimes often suffer from feelings of violation, loss of trust, and feelings of powerlessness. These outcomes equip cybercriminals with a powerful psychological tool – fear, which they can deploy to extort more information or inflict further harm on their victims.

The financial implications of cybercrime are also critical. On an individual level, victims may incur substantial costs to recover from identity theft or ransomware attacks. On a larger scale, businesses are also impacted—with losses in the billions annually due to cyber theft of intellectual property and sensitive corporate information.

Cyber crimes also pose a severe threat to critical infrastructure. A targeted attack, like the Stuxnet worm or the Mirai botnet attack, can disrupt entire networks or systems. This endangerment of critical infrastructures exposes vulnerabilities in sectors such as energy, telecommunications, transportation, and healthcare, upon which our societies heavily rely.

Furthermore, cybercrime disrupts social order by exploiting our increasing reliance on digital platforms. The damage caused by malicious activities in cyberspace can instigate societal tension or even panic. For instance, the spread of false information through deepfakes or AI-generated content can destabilize communities, alter public opinion, and incite fear or chaos within the public domain.

Moreover, the infiltration of educational institutions and exploitation of data breaches, such as those experienced by Adobe Systems and Yahoo, incite concern for the security of personal and academic data, impacting trust in these institutions.

Finally, the global aspect of cyber crime complicates the enforcement of laws and the attribution of criminals. Differing legislation across jurisdictions, coupled with the abstract nature of cyberspace, often leads to perpetrators evading justice, which again amplifies public fear and mistrust.

The increasing sophistication of cyber criminal activities demands a comprehensive, multi-faceted approach to cybersecurity involving not only technological solutions but also legislative measures, international cooperation, and public awareness initiatives. Vigilance remains paramount – for both the individual and the broader social structures at risk.

In conclusion, while the repercussions of cybercrime are manifold and persistently evolving, the driving force behind combating this modern plague remains undeterred – a relentless commitment to understanding, outwitting, and ultimately neutralizing this digital threat. The continuous enhancement of cybersecurity measures, active legislative action on cybercrimes, and individual awareness of cybercrime risks are just several in the legion of dedicated efforts aimed to equip society with the tools necessary to tackle this complex issue.

Prevention and Mitigation Strategies

Effectively addressing the potential risks and outcomes of cybercrimes necessitates a multi-pronged approach that leans heavily on collaboration, education, and the implementation of cutting-edge cybersecurity strategies. this measure rings especially pertinent against the backdrop of a progressively interconnected world, teetering on the precipice of the much-heralded fourth industrial revolution..

Collaborating across sectors and agencies is a vital strategy for tackling cybercrimes. Internationally, creating a shared understanding of cyber threats and fostering cooperation to deal with them can significantly bolster collective security measures. This includes forming partnerships with international police forces, such as INTERPOL and Europol, to expedite the identification, tracking, and prosecution of cybercriminals regardless of their geographical location.

An educated populace is arguably the first line of defense against cybercrime. The general public must be armed with the knowledge necessary to safeguard sensitive information and thwart the attempts of cybercriminals. Robust security awareness programs must be incorporated into our educational institutions, corporations, and public services, acquainting people with the modus operandi of cybercriminals and how best to respond. This includes increased awareness of the intricacies of social engineering attacks to mitigate risks like whaling and pretexting that have not been previously covered in this article.

Implementing progressive cybersecurity protocols plays a pivotal role in curbing cybercrimes. Organizations should strive for a dynamic, proactive approach as opposed to a static, reactive one. Frequent system audits, vulnerability assessments, and penetration testing can unveil potential security loopholes before cybercriminals can exploit them. A zero-trust architecture that presumes no user or process is intrinsically trustworthy, coupled with behavioral-based threat detection, could significantly bolster an organization’s defense.

Moreover, using encrypted communication channels and urging employees to regularly update their passwords and employ two-factor authentication systems can mitigate unauthorized access risks. Leveraging advanced technologies, like quantum cryptography, can offer foolproof data security, rendering any eavesdropping attempts futile.

Lastly, while strengthening legislative measures against cybercrimes, nations must also create an environment conducive to the reporting of such incidents. Victims often shy away from reporting due to fear of reputational damage or lack of faith in the justice system. Ensuring confidentiality and demonstrating stringent punishment against perpetrators could effectively deter the commission of these crimes.

As we tiptoe into an era dominated by Big Data, 5G, and Artificial Intelligence, our strategies against cybercrime must evolve at a concordant, if not more rapid, pace. A synergized effort spanning individuals, organizations, and countries, buttressed by relentless vigilance, is our best hope in the grand scheme of cybersecurity. Striking that balance between advancing technologically and maintaining cyber hygiene will be the perpetual litmus test for our digitized world.

As we continue to tread through this digital age, understanding the insidious nature of cyber crimes not only informs but empowers us as individuals, organizations, and as a society. We have explored in detail the varied forms of these crimes, their evolution through the years, their devastating impacts exemplified through notable case studies, and the undeniably lasting mark they leave on individuals and societies alike. Furthermore, we have offered a glimpse into the strategies that can be employed to fortify our defenses against these invisible aggressors. The key lies in continual awareness, constant vigilance, and strategic preparedness so that we may navigate this intricate digital universe safely. As we move forward, remember the fight against cybercrime isn’t just for those in the corridors of power but for every Internet user who plays a vital role in this digital ecosystem.

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3

• Hackers and cybercrime prevention

zephyr_p - stock.adobe.com

Top 10 cyber crime stories of 2021

Cyber crime hit new heights and drew more attention than ever in 2021. we look back at the biggest stories of the year.

• Alex Scroxton, Security Editor

The past 12 months have seen no shortage of cyber crime incidents as ransomware gangs ran amok, with security teams seemingly powerless to do much more than watch on in shock.

Some of the bigger cyber attacks of the year even had damaging real-world implications, which served to bring cyber crime mainstream attention, and to the top of national security agendas, particularly in the US and UK.

Meanwhile, the impact of the Covid-19 pandemic continued to loom large, with cyber criminals showing no shame as they attempted to disrupt organisations in the healthcare sector.

Here are Computer Weekly’s top 10 cyber crime stories of 2021:

1. Colonial Pipeline ransomware attack has grave consequences

Though it did not trouble the fuel supply at petrol stations in the UK, the DarkSide ransomware attack against Colonial Pipeline – the operator of the largest fuel pipeline in the US – in May 2021 was one of the most impactful cyber incidents of recent years. Indeed, it may have prompted concerted action against ransomware gangs at long last – time will tell.

As we reported in the immediate aftermath of the attack, the US government was forced to declare an emergency and the Department of Transportation temporarily relaxed regulations across most of the Mid-Atlantic and southern US, and Texas, that governed how long truckers were permitted to remain behind the wheel, to improve flexibility in the fuel supply chain.

2. REvil crew wants $70m in Kaseya ransomware heist

It was a 4 July summer blockbuster as  the REvil ransomware crew demanded a cumulative $70m ransom payment from over 1,000 businesses whose IT systems were locked after the gang compromised services provider Kaseya in a classic example of a supply chain hack. Such was the scale of the incident that the REvil group was forced to go into hiding for a time, subsequently emerging only to find that their infrastructure had been hacked back by law enforcement. One gang member is now facing extradition to the US to answer for his crimes; others are on the run.

3. BlackMatter gang ramps up attacks on multiple victims

Ransomware gangs come and go for many reasons, but one thing is certain, whether a rebrand of an existing group or a new player in the game, there will always be someone else ready to take their place. One of 2021’s more impactful emergent ransom crews is known as BlackMatter , and in September, we reported on a spate of attacks against multiple targets that prompted warnings from around the security community.

4. Irish health service hit by major ransomware attack

On the morning of 14 May, the Conti ransomware gang hit the headlines after they encrypted the systems of the Irish Health Service Executive in a callous and truly heartless cyber attack. The incident caused significant disruption to patient services across Ireland and prompted a large-scale response that even saw the army drafted in. Mercifully, there were no recorded fatalities as a direct result of the incident, but over six months on, the service has not fully recovered.

5. Stolen Pfizer/BioNTech Covid-19 vaccine data leaked

Cyber criminals also tried their best to disrupt the roll-out of the Covid-19 vaccine programme in Europe, when data relating to the Pfizer/BioNTech Covid-19 vaccine, which was stolen in December 2020 following a cyber attack against the European Medicines Agency, was leaked on the internet in January 2021 . The data dump included screenshots of emails, peer review information, and other documents including PDFs and PowerPoint presentations.

6. Police raids around world after investigators crack An0m cryptophone app in major hacking operation

In June, police in 16 countries launched multiple raids after intercepting the communications of organised criminal groups. The gangs had been sending messages on an encrypted communications network, unaware that it was being run by the FBI . This was only one of several similar raids in 2021, which, while successful at disrupting organised and cyber crime, have at the same time surfaced legitimate concerns over the ability of law enforcement to conduct surveillance, and the admissibility of the evidence they collected.

7. Retailer FatFace pays $2m ransom to Conti cyber criminals

In March, Computer Weekly broke the news that fashion retailer  FatFace had paid a $2m ransom to the Conti ransomware gang following a successful cyber attack on its systems that took place in January. The ransomware operators had initially demanded a ransom of $8m, approximately 213 bitcoin at the prevailing rate, but were successfully talked down during a protracted negotiation process.

8. Scammers accidentally reveal fake Amazon review data

Over the years, Computer Weekly has often covered data loss incidents at organisations that failed to secure their databases correctly, so it was gratifying in May to find that cyber criminals and fraudsters are bad at operational security too. This unfortunate scammer accidentally exposed more than 13 million records in an open ElasticSearch database and in doing so blew the lid on a massive fake review scam implicating hundreds of third-party Amazon sellers in unethical and illegal behaviour.

9. $50m ransomware demand on Acer is highest ever

Roy Castle and Cheryl Baker taught a generation of British schoolchildren that records are made to be broken, so perhaps members of the REvil ransomware gang also watched BBC1 after school when they were younger. Either way, the $50m ransom demand made against PC company Acer was – for a time – the highest ever made. Details of the record-breaking double-extortion attack emerged in March when the gang published Acer’s data to its leak site, but investigations by Computer Weekly’s sister titles LeMagIT and SearchSecurity were instrumental in uncovering and highlighting the ransomware demand.

10. Ransomware gangs seek people skills for negotiations.

Finally, in July 2021, we reported on how the increasing sophistication of the cyber criminal underground was being reflected in how ransomware operations put together their operations , seeking out specialist talent and skillsets. Indeed, researchers from Kela found that some gangs are coming to resemble corporations, with diversified roles and even outsourced negotiations with victims. Naturally, people skills are in high demand as gangs try to sweet-talk their victims into coughing up.

Read more on Hackers and cybercrime prevention

Analysts confirm return of REvil ransomware gang

What’s up with Conti and REvil, and should we be worrying?

Cyber pros: Don’t revel in REvil’s downfall just yet

Us seeks to extradite revil affiliate who attacked kaseya.

The debate around California's AI bill, SB 1047, centers on potential harm to startups and stifling innovation. However, some ...

While California advances AI legislation targeting safety testing, the U.S. Senate will also have on its plate several AI bills ...

The next U.S. president will set the tone on tech issues such as AI regulation, data privacy and climate tech. This guide breaks ...

While APIs play an essential role in most modern business strategies, they can also introduce serious security threats. Learn ...

Threat hunting's proactive approach plays a vital role in defending against cyberattacks. Learn about the frameworks, ...

Ransomware remained a highly disruptive threat last month, as notable attacks claimed victims in healthcare, technology, ...

Test scripts are the heart of any job in pyATS. Best practices for test scripts include proper structure, API integration and the...

Cloud and on-premises subnets use IP ranges, subnet masks or prefixes, and security policies. But cloud subnets are simpler to ...

Satellite connectivity lets Broadcom offer the VeloCloud SD-WAN as an option for linking IoT devices to the global network from ...

Rocky Linux and AlmaLinux are new distributions created after Red Hat announced the discontinuation of CentOS. These ...

The Broadcom CEO says public cloud migration trauma can be cured by private cloud services like those from VMware, but VMware ...

New capabilities for VMware VCF can import and manage existing VMware services through a single console interface for a private ...

Microsoft Copilot raises security concerns around unauthorized or unintentional data access. Prevent leaks with vigilant ...

Don't wait until you have a metadata management problem to address the issue. Put a metadata management framework in place to ...

The time series database specialist's update addresses performance to better handle complex real-time workloads and includes a ...

International Internet Law

• Traditional Sources of International Law

Commercial Law on the Internet

Intellectual property, human rights and free speech.

• Current Awareness
• Additional Resources

Privacy is an increasingly important issue on the internet. Questions concerning anonymity on social networks have taken a back seat to concerns of whether private information stored in secured databases is really private. Scandals such as  Wikileaks  and the  Panama Papers  are becoming more common. As companies store information all over the world, information often travels through many jurisdictions before reaching an end user. Whose responsibility is it to monitor this traffic? Governments are putting pressure on ISPs to police the data that travels along their networks while ISPs and privacy organizations are pushing back. These are but some of the topics that international internet privacy legislation is attempting to regulate.

General Data Protection Regulation  replacing  EC No. 95/46 Directive on Data Protection  in 2016

OECD Transborder Flow of Data (1980)

European Convention on Human Rights (ECHR)

Notable Cases

Case C‑131/12 Right to Be Forgotten

Pro tip: securely browsing the internet and protecting your data is becoming more difficult as websites track our movements across the web via cookies, http referrers, and agents. You can arrest some of this tracking by using extensions like  HTTPS Everywhere ,  Privacy Badger , and  Disconnect . Even better, you can use a high quality VPN. If you think Google knows enough about you, you can use privacy oriented search engines like  Duck Duck Go .

Center for Democracy & Technology

BNA's Privacy Law Watch

Thomson Reuters Intellectual Property and Global Guides

Privacy Exchange -  Not Current (Last news post: 2004)

This important aspect of the international internet law may be the most sparse. Countries are hesitant to define criminal activities on the web in part because it is still unclear what a cybercrime is, but also in part because states cannot agree on uniform traditional crimes. This uncertainty means there are very few internet wide treaties addressing cybercrimes or procedural aspects of policing cybercrime.

The issue of how to define a cybercrime is complicated by the variations of the form of the crime and who the intended target is. The term "cybercrime" may be broad enough to encompass sub-crimes of personal cybercrime (crimes committed against a person), cyber terrorism (crimes committed against a state), and cyberwar (an attack by a nation-state against another nation-state for the purpose of causing disruption or damage). However, other proposed definitions to "cybercrime" state that it is a crime against computers and networks alone. This portion of the research guide will take the stance that most attacks on the internet are cybercrimes and list sources that may include personal attacks as well as attacks on nation-states.

For research purposes, try to maintain and follow one meaning of cybercrime. The lines can often be blurry as scholars and legislators use the term in many ways.

Convention on Cybercrime

• enact legislation criminalizing certain conduct related to computer systems;
• create investigative procedures and ensure their availability to domestic law enforcement authorities to investigate cybercrime offenses, including procedures to obtain electronic evidence in all of its forms; and,
• create a regime of broad international cooperation, including assistance in extradition of fugitives sought for crimes identified under the Convention

NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)

United Nations Office for Disarmament Affairs (UNODA)

Community Framework for Electronic Signatures 1999/93/EC

United Nations Convention on the Use of Electronic Communications in International Contracts

OECD Committee on Consumer Policy (CCP)

Bloomberg’s Electronic Commerce & Law Report

ICC Commission on the Digital Economy

Berne Convention for the Protection of Literary and Artistic Works

Uniform Domain Name Resolution Policy

Madrid Agreement  and  Protocol

Universal Music Australia v. Sharman License Holdings

Vereniging Buma and Stichting Stemra v. Kazaa B.V.

World Intellectual Property Organization (WIPO)

Electronic Information System for International Law (EISIL)

Under Article 19 of the  Universal Declaration of Human Rights , everyone has the right to "receive and impart information and ideas through any media and regardless of frontiers." The internet is a newer media that promotes freedom of information and expression of free speech. The idea that the internet is a fundamental human right is only beginning to be developed.

International Covenant on Civil and Political Rights

• Article 17 mandates the right of privacy.
• Article 19 mandates freedom of expression.

Universal Declaration of Human Rights

One of the more notable instances of this discussion was the debate over  LOI n° 2009-1311 du 28 Octobre 2009 relative à la protection pénale de la propriété littéraire et artistique sur internet . Commonly referred to as the HADOPI law, the most controversial of the many deterrents to prevent the illegally sharing copyrighted material, was the suspension of internet services. This part was revoked in on 8 July 2013 by the French Government because that  penalty was considered to be disproportionate and a breach of fundamental civil rights .

• the auctions of Nazi memorabilia were open to bidders from any country, including France;
• the display of such objects, and the viewing of such objects in France, caused a public nuisance and was forbidden under French criminal law;
• Yahoo! Inc. was aware that French residents used its auction site, as it displayed French-language advertisements on its pages when they were accessed from computers in France.

Council of Europe's Human Rights for Internet Users

Open Net Initiative

Privacy and Human Rights

Human Rights Research Guide

• << Previous: Traditional Sources of International Law
• Next: Current Awareness >>
• Last Updated: Sep 12, 2022 10:34 AM
• URL: https://guides.law.columbia.edu/c.php?g=1135532

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber Services #protect2024 Secure Our World Shields Up Report A Cyber Issue

State Cybersecurity Governance Case Studies

In recognition of the importance of governance in addressing cyber risks, the Cybersecurity and Infrastructure Security Agency's (CISA) Cybersecurity Division and the National Association of State Chief Information Officers (NASCIO) partnered to develop a State Cybersecurity Governance Report and series of State Cybersecurity Governance Case Studies exploring how states govern cybersecurity. The Homeland Security Systems Engineering and Development Institute (HSSEDI), a DHS owned Federally Funded Research and Development Center (FFRDC), developed the case studies. The report and case studies identify how states have used laws, policies, structures, and processes to help better govern cybersecurity as an enterprise-wide strategic issue across state governments and other public and private sector stakeholders. The report and case studies explore cross-enterprise governance mechanisms used by states across a range of common cybersecurity areas and offer insight on trends and concepts useful to other states and organizations that face similar challenges.

State Cybersecurity Governance Cross Site Report

Georgia Case Study

Michigan Case Study

New Jersey Case Study

Virginia Case Study

Washington Case Study

INTRODUCTION TO CYBERSECURITY LAWS OF INDIA: PROVISION, PROCEDURE & CASES

• Post author: Team LawFoyer
• Post published: 6 September 2024
• Post category: Articles / IT Law & Cyber Law
• Reading time: 14 mins read

Author: KRUTTIKA KARALE, DES SHRI NAVALMAL FIRODIA LAW COLLEGE

Edited By: Ritesh Singh Shekhawat, MJRPU, Jaipur

INTRODUCTION

With the fast pacing and advancing technology, the usage of the internet is increasing rapidly and so is the rate of cybercrime. The rise of cybercrime, often known as e-crimes (electronic crimes), is a major challenge confronting today’s society and poses a threat to nations, companies, and individuals all across the world. As a result, the need for cyber laws is increasing to govern the new virtual world. The cyber laws aim to protect people from cybercrime like hacking, phishing, data breaches, etc. With such increasing cases of cybercrime, it has become necessary that each individual has the knowledge about the cyber security majors to protect themselves against such crimes.

Cybercrime, Cyberlaw, IT acts, Data protection, Hacking, BNS laws

MEANING DEFINITION AND EXPLANATION

Cyber Crime: Cybercrime is an illegal activity involving computers, the internet, or network devices. These crimes can target individuals, businesses, government, etc. Cybercriminals commit identity theft, initiate phishing scams, spread malware, and instigate other digital attacks like hacking.

Cyber Security: Cyber security involves protecting computer systems, networks, and data from cyber-attacks. It aims to safeguard against unauthorized access, data breaches, and other cyber threats.

HISTORICAL BACKGROUND AND EVOLUTION

• It all started in France in 1834 where the attackers accessed the French telegraph system and stole important financial market
• In 1962 , Allen Scherr made a new history in cyber-crime by executing a cyber-attack on the
• MIT computer networks by stealing passwords from their punch card
• In 1971 , Bob Thomas created the first Computer Virus known as The Creeper Virus . It was a self-replicating program that spread through the ARPANET network.
• In 1981 , Ian Murphy was the first person who was officially found guilty of committing a crime by hacking into AT&T’s internal system and changing the computer clocks which caused
• The first major cyber-attack on the internet took place in 1988 , by Robert Morris with the help of Morris Worm . It infected computer systems at prestigious institutions, demonstrating the vulnerability of interconnected networks.
• In the 1990s , a significant increase in cybercrime was observed, and the infamous Melissa virus was a notable cyber incident during this period which infected over 100,000 computers from all over the world.
• Further advancement in cybercriminal advancement was observed in the early 2000s and cyber criminals started launching denial-of-service (DDOS) attacks and spamming

TYPES OF CYBERCRIME

Hacking: Without permission taking access to someone else’s computer systems or networks to steal or gain information or modify data.

Web Hijacking: Web hacking means taking control of another person’s website, with the consent of the owner, and eventually the owner loses control.

Malware: In malware, harmful software has been made to sneak around on someone else’s computer systems. This includes viruses, spyware, worms, etc. It can be used to gain bank details, sensitive business data, or information to conduct social engineering attacks.

Identity Theft: To act like some other individual by Stealing their information such as their name, social security number, or financial details, for financial gain to commit fraud or crimes.

Cyber Stalking And Harassment: Cyber Stalking means repeating the acts of harassing, threatening, or intimidating individuals by sending repeated or unwanted messages or distributing the personal information of the individual without the consent of the person by using the internet. Both kinds of Stalkers i.e., Online & Offline – have the desire to control the victim’s life.

Online Scams And Fraud: Many Fraudulent schemes were conducted over the internet time such as investment scams, scams of lottery, fee fraud of advance rupees, fake websites, romance scams, credit card frauds, etc. to take money or valuable information.

Data Breaches: People get the information without the permission of the owner of the website and get access to sensitive data stored by the person or institution such as personal information, financial records, or corporate secrets, resulting in the exposure of personal or financial information.

Phishing: Phishing is the sending of fraudulent messages that appear as real entities in emails and messages. That email directs the user to visit that website where they have to update certain sensitive information such as passwords, credit card numbers, or social security numbers which will be used for identity theft.

Child Pornography: The usage of the Internet for Child exploitation became a common practice. Child pornography and engaging minors in sexual activities and provided on the internet on various platforms.

PREVENTIVE MEASURES FOR CYBERCRIME

Use Encryption: In this method, the plain text (readable) can be converted to cipher text (coded language) by this method and the recipient of the data can decrypt it by converting it into plain text again by using the private key.

Search using a Firewall: It creates a wall between the system and possible intruders to protect the classified documents from being leaked or accessed. It only permits access to the system to ones already registered with the computer.

• Keep software and operating system
• Use any anti-virus software and keep it updated from time to
• Never open attachments in spam
• Do not click on links in spam mail or untrusted
• Be mindful of which website URLs you
• Keep an eye on bank

CYBER LAWS OF INDIA

Legal Provisions

The Information Technology Act, of 2000 is the most significant; as it directs all Indian legislation to strictly regulate cybercrime:

• Section 43 [Penalty and compensation] for damage to the computer, computer system, etc.–If any person without the permission of the owner or any other person who is in charge of a computer, computer system, or computer
• Section 66 Computer-related offenses – If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with a fine which may extend to five lakh rupees or with
• Section 66(B) Punishment for dishonestly receiving stolen computer resource or communication device – Whoever dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.
• Section 66C Punishment for identity theft– Whoever, fraudulently or dishonestly makes use of the electronic signature, password, or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.
• Section 66D Punishment for cheating by personation by using computer resource-Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees .
• Section 66E Privacy violation Whoever, intentionally or knowingly captures, publishes, or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with
• Section 66F Cyber terrorism – Intent to threaten the unity, integrity, security, or sovereignty of the nation and contradicting access to any person’s lawful access to the computer resource or attempting to breach or access a computer resource without endorsement. Such acts of causing compute contaminants that are likely to cause death or harm to other persons. Punishment is life
• Section 67 Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.
• The Bharatiya Nyaya Sanhita, 2023 also punishes the acts of identity theft and cyber The sections under BNS are as follows:
• Section 335 Making a false document or false electronic record.
• Section 336(2) Punishment for
• Section 336(3) Forgery (electronic record) for the purpose of cheating.
• Section 336(4) Forgery (of an electronic record) for the purpose of harming
• Section 340(2) Forged document or electronic

LEGAL CASES

• Avnish Balaji vs State (N.C.T) of Delhi, 2004:

The Bazee.com case. The chief executive of Bazee.com was arrested because a CD with offensive material was sold on his website. It was also sold in the markets of Delhi. The Mumbai and the Delhi Police took action against it. The accused was charged under section 67 of the IT Act, and section 292 of the IPC, but later he was released on bail. This gave rise to a query about the difference between Internet Service Providers and Content Providers. The burden was on the accused, he was the Service Provider and not the Content Provider. It also advances a lot of issues regarding how the police should handle cybercrime cases.

• Shreya Singhal vs Union of India [1]

In this case, the validity of section 66A of the Information Technology Act was challenged before the Supreme Court. The Supreme Court held that section 66A of the Information Technology Act is unconstitutional and violates article 19(1)(a) of the Indian constitution and the court upheld the importance of freedom of speech and expression. It also held the need for clearly defined laws to prevent misuse and guarantee the protection of citizen’s rights in the digital era. This judgment set a significant precedent for online freedom of expression in India.

Shreekanth C. Nair against Licensee/ Developer [3]

In this case, the problem involved an ASCL student who came across a website called ‘ www.incometaxpune.com,’ which redirected him to a pornographic site. Therefore, the plaintiff requested a court injunction to prevent access to the offensive site and that the site was clearly pornographic and should be closed down in the public’s best interest. This site was also violating section 67 of the IT Act. The court ruled that websites with inappropriate content should be banned. This ruling indicates that the court aims to ensure the safety of the internet for all users, particularly in regard to dangerous material. The owner was also instructed to monitor their website content and linked pages. This situation is significant as it demonstrates the role of laws in safeguarding individuals on the Internet.

Procedure for filing cybercrime complaint: offline cyber-crime cell

The victim of a cybercrime can file a written complaint in the nearest cybercrime cell or in any cybercrime cell established in India. The written complaint shall be addressed to the Head of the Cybercrime Cell and shall be accompanied by the following information about the victim or person registering the complaint:

• Contact details
• Mailing address

Other documents which are required to be attached to the complaint depend upon the type of cybercrime committed against the victim. It is necessary to attach these documents with the offline as well as with the online complaint.

PROCEDURE FOR FILING CYBERCRIME COMPLAINT ONLINE: NATIONAL CYBERCRIME REPORTING PORTAL

Cybercrime complaints can be registered on the National Cyber Crime Reporting Portal   which is the initiative of the Government of India to facilitate nationwide cybercrime complaints and to make it feasible for the victims/complainants to have access to the cybercrime cells and to all the information related to cybercrimes at their fingertips. It deals with all types of cybercrimes. There are two types of complaints that can be registered on the portal:

Report Crime related to Women or Children

• Child Pornography (CP)
• Child Sexual Abuse Material (CSAM)- Material containing sexually explicit images (in any form) of a child who is abused or exploited
• Sexually explicit content (such as Rape/Gang rape)

Report Other Cybercrimes

• Mobile crimes
• Social Media crimes
• Online financial fraud
• Cyber trafficking

Cybercrimes exist in almost all countries, and the respective governments are taking measures to safeguard against cybercrimes. There has been a rapid increase seen since 2020, due to the Covid-19 pandemic, everyone from children to elders all started using the internet almost daily and got connected with this digital world. And there has been a rapid rise in cybercrimes during this period. The issues like cyberbullying, defamation, cyber fraud, etc., have become the most common crimes nowadays.

The reason that these cybercrimes take place is because of the easy access of the devices, and sometimes the negligence of the users. In India, many people are not aware of such crimes, and when they are hacked, they suffer huge losses and don’t even know how it happened. So first it’s very important to be aware of such crimes and their rights in digital space.

The Indian government has taken various measures and initiatives to prevent such cybercrimes and made it easy for citizens to report such crimes with the help of E-portals which can be easily accessed sitting at home. The government is also making sure that the victims are compensated or provided justice.

• https://theredteamlabs.com/a-brief-history-of-cybercrime /
• https://shodhganga.inflibnet.ac.in/
• https://lawfoyer.in/cyber-crime-meaning-history-types-security-measures-and-important- cases/
• https://bprd.nic.in/
• https://www.indiacode.nic.in/
• https://indiankanoon.org/

Cases Referred

• Shreekanth Nair against Licensee/ Developer [3]

Statutes Referred

• The Information Technology Act, 2000
• The Bharatiya Nyaya Sanhita, 2023

You Might Also Like

Litigation: the court room and trial system.

Quasi Judicial Functions and Administrative Law

Marital and adoption rights of lgbtq+ community and applicability of family law.

• Journal Website
• Call For Papers
• Volume 1 Issue 2
• Submit Assignment
• Join our team
• Write for us
• Case Analysis
• Legal Drafts
• 20th Edition Harvard Blue Book
• Submit Event
• Quiz Competitions
• Call for Papers
• Courses & Workshops
• Essay Competitions
• MUNs, Youth Parliament & Other Competitions
• Apply For Internship
• Internship Reviews
• Verify Internship Certificate
• About LawFoyer