7 Aug 2008

Exploring the nuances of Cyber Law

I – Why and what of cyber law?

Cyber law, or the law dealing with cyber-space, popularly called ‘internet’ or ‘net’, is the buzz word today in law school curriculums and across the generation of old lawyers across the world. Why? Because this is more to do with technology rather than law alone. Imagine a law providing definition of ‘meta tag’, something which any computing geek can tell you. Then the law defining an ISP. Sounds hilarious and then absurd. Why should the law attempt to define these terms when they are well known and understood in the same manner across the globe? Why purpose would be served even if the law were to define the same? The slow and steady moving law can never compete with the level of technology existing at any point of time and the speed with which it grows. So what is the point of making a law, which by the time is come to govern, it is already outdated. These and other oddities of cyber law make it an interesting subject indeed.

Well, it seems there is a purpose. The purpose is ‘regulation’, something which the law exists for. The purpose is to identify the course of events, as they take place on the cyber space, and then provide a mechanism to determine rules affixing responsibilities and liabilities on the participating actors in the transactions. Take for example a simple and every day case of a cyber-café. A goes in Xena Computings and used the café for an hour. In this time, he views Z government’s site and tries to interfere with the site-coding. He is unable to change the things and so he leaves. Now should the government whose site has been fiddled with do something? Let us say that Xena Computings is situated in Z country only but A is of Y country. Can anything be done?

Well here comes the role of cyber law. It firstly defines unacceptable code of conduct on the cyber-space (something like cyber offences) and then prescribes a mechanism or procedure to deal with the situations in which this prescribed code of conduct is breached. So in this case, unless the law of Z provides against or prohibits interference with governmental websites, Z’s government will not be able to do anything, even if A had been successful in hacking the site or otherwise. Now once this is made a cyber offence, what next? The law of Z must provide a mechanism whereby Z government could affix the liability on A or Xena Computings, as the case may be, and allow the law to take its course.

So the law needs to define technical terms like hacking, cracking, ISP, subscriber, etc. and then only any action can be taken. So the premises (or the what) or cyber of law is based upon technology or for comprehensible terms, the cyber space where the why, as we have already noted, is the regulation of cyber space. Thus cyber law comes to occupy a place as a distinct and specialised branch of law.

II – The fundamentals of Cyber law

Cyber law or cyber-space law, as the name suggests, deals with cyber space. So the core of the matter is a technology driven segment while the external paraphernalia i.e. the law itself, is static and starts with where the technological elements end. To simply, technology brings a concept, say the simple concept of ‘linking’ web-pages and website etc., and then the law follows to deal with it. Like in this case, whether linking can lead to any legal liability. For example, there may copyright violation or trade mark violations in deep-linking etc.

Therefore the fundamentals of cyber law start from where the fundamentals of cyber-space end. Cyber-space defines the area or rather the spectrum where the cyber law would operate and therefore, for example, jurisdictional issues in cyber law are a concomitant of jurisdictional issues of cyber-space. To illustrate, no country has a right over cyber-space for technically cyber-space does not fall within the jurisdiction of any particular country. There may be a case that a server hosting a website may be located within the territorial confines of a particular country but the point is that once is has hosted the site, it has fallen into public domain, an artificial spectrum (which cyber space really is) and therefore no country has jurisdiction over it.

Conversely, however, cyber space is not Eiffel Tower that you can see it only by going to Paris. From any where in the world you can have access to cyber space (provided of course you have a phone line and a modem and yes, a computer). Therefore, speaking from this reverse angle, any and all countries have jurisdiction over the activities committed in the cyber-space, so long as the starting or the ending point was in their country. Thus, if Mr. G-space (operating from New York) copies a copy-right-protected video from the site of Ms. YTB (hosted from Sydney), and then publishes a morphed version of the video on his site (hosted in Brussels), the only countries which (legally speaking) would have the jurisdiction to deal with the matter would be of those three cities and none else, unless an over-enthusiastic court decides to poke its nose into the matter, not being situated within these three countries.

So this way cyber law is intrinsically connected with the manner in which cyber-space operates but for the qualification that this is only as regards the facts of the matter. The situation remains just like an ordinary law for questions of law. This is to say, that in our above example, while cyber space rules would only be illustrative in the decision as to which court has jurisdiction, the actually liability in any case would be defined by reference to the principles of intellectual property law alone.

To conclude, therefore, while cyber law is invariably and irrefutably related to cyber-space, its fundamentally actually being to operate from where the fundamentals of cyber-space lead them to. To paraphrase, they have a converging point but do not overlap. They being and end with the same objectives, but operate on different areas, one purely technological and concept based, the other purely convenience and policy based and operating on a conceptual framework provided by the other.

III – Legal framework of Cyber law

Cyber law is a very intricate subject to have a legal framework upon, not because of the fact that there is too much of technology involved but also due to the fact that cyber law does not fit under any specific branch of law and rather permeates into various and almost all different branches of all. For example, we have law of contracts, law of crimes, etc. as separate branches of law. However cyber law does not fit in any of these as it involves almost all branches of law to some extent or the other like electronic contracts, cyber offences etc., which are quiet capable of fitting themselves in other branches of law but then as a matter of practical perspective, are better dealt separately as a specific branch of law involving technology, i.e. cyber law.

So we have a legal framework for this branch of law which is intricate and varied. We have a law which deals with cyber offences as a part and parcel of criminal law or rather as a separate penal code in itself. We have a law which deals with electronic transactions of commercial sense or put simply, electronic contracts, which may either be incorporated in the contract law or be kept separate as a distinct subject. Then we have separate legal codes for those areas which do not strictly fall within the ambit of the generally invoked branches of law. Therefore we have law relating to liability of the ISP, liability of the e-auctions host, etc.

But why do we need to discuss this under the legal framework of cyber law. Because, the legal framework of cyber law does not exist as one. It instead exists as a varied and assorted group of separate legal codes which are united only through the underlying theme of technology. So while technically speaking the Information Technology Act, 2000 is the sole framework of cyber law in India, it is not so legally. Legally a portion of Indian Evidence Act, 1872 (when even the T.V. was not born, forget the World Wide Web) which deals with electronic evidence, a portion of tort law (dealing with cyber torts), etc. form the actual legal framework of cyber law in India. And this is not a case with India alone. It is the same across the world.

In fact it is not worthwhile to have an exhaustive code dealing with the legal aspects of cyber transactions. The reason is simple. Law cannot expect to match the pace of technology nor its participants. It should remain content with playing the second-fiddle, unless it wants to dwell into an unknown area where not principles but the need of the markets determines the next generation’s phase and outlook. Therefore law-makers across the world are content framing legislations on the areas which are quiet settled as far as cyber-transactions are concerned and once this is done, patch-up the existing legal codes with these developments. So we have an addendum to the existing legal codes for cyber transactions.

IV – Regulation of cyber-space

When ever the term regulations comes up, there always is a sense of an external entity watch the movements of ‘the regulated’ and always ready to pound up and play its part of imposing sanctions in order to bring the deviant behaviour in line with the standard notions of the regulated regime, in line with the principles of fair-play and mutual co-existence. Initially when the World Wide Web gripped nations and there were participants across the borders, there was a fear amongst the legal scholars as to how this new arena would be regulated. No single nation could work out a way to deal with the transactions even if they took place within their territorial regime as a multitude of mitigating or aggregating factors remained outside their boundaries.

Thus a need was felt for an international consensus on the issue. But then even that one was not forthcoming. Why? Because not all countries were involved in the ‘cyber-menace’ (as it was understood at that point of time from a regulatory perspective) nor were all technologically sound and willing to support an international consensus on the issue. So the idea of an international agreement/treaty or organization was done off. The world was amateur enough not to able to support one. So independent nations took the lead and started pressing the players in the cyber arena to come out with proposals such that the online traffic could be regulated.

This is how the various regulatory agencies were born, like ICANN for web domains, etc. But then these were private entities, made quasi-governmental by the manner and nature of functions they performed. This particular entity, ICANN was so engrossed in the regulation of web domains that it even came out with a dispute settlement mechanism and thus pioneered the idea of online-dispute-resolution, which was quickly adopted by e-bay and other online platforms providing for interaction of web-participants on a commercial scale. So the regulatory agencies of cyber space can be enumerated as; government; international agencies involved in regular interactions with the cyber-space; web-hosts, and you yourself (as you have agreed to regulate your conduct in the manner as prescribed by the host though whom you operate).

But then again, the question remains, what is the link amidst these various participants which allows the cyber space to work as a regulated regime. The answer to this intriguing question is equally intriguing. It seems the cyber-space is working out to balance itself. The participants conduct themselves in order and when there is a zealous actor crossing the limits, there is always a higher and stronger participant to kick the transgressor from the offending limits, may be by legal sanctions or simply by suspending the access. So we have regulators who are also regulated and then this probably seems never to end, just like a vicious circle with just the government may be at the top of affairs.

The above erratic description may not be sensed out to be regulation in true sense but then regulation it is; just that this is a different ball-game. This is obviously because the arena is complex and it is not in the interests of anyone to have it heavy guarded and face the risk that the entire structure may crumble under the weight of itself.