Module 5

Perhaps to give teeth to this provision, the IT Bill further empowers a police
officer not below the rank of Deputy Superintendent of Police (DSP) to
investigate such an offence, who has the powers to enter in any "public
place" and conduct a search and arrest without a warrant if he/she suspects
that a computer crime is being committed. This provision has faced a lot of
criticisms from Human Rights activists who suspect that this provision may
be abused to violate the fundamental rights of the Indian citizens20.

5.20.7 Adjudication And Cyber Appellate Tribunal

An Adjudicator shall adjudicate Cyber crime. The decision of Adjudication
may be appealed before the Cyber Appellate Tribunal. A further appeal may
be preferred before the High Court. The following are the drawbacks of such
an elaborate adjudicatory process:

The Adjudicator and the officers of the Cyber Appellate Tribunal are not
required to have any technical or Internet related qualifications. In the

20 Not every police officer enjoys such extensive powers under the Act. Only officers above the position of a DSP
may exercise these powers. Furthermore, such powers cannot be delegated and will come under a judicial scrutiny.
Cyber crime happens at Internet speed and since very little infrastructure is needed for conducting such a crime,
evidence can easily be concealed or destroyed. In such a situation, an investigating officer might not find time to
obtain search warrant and such a provision is necessary. This provision ousts the Code of Criminal Procedure,
wherein ordinary police officials may enter into the premises and conduct a search or make arrests in case of
cognizable offences. It is infinitely better to have a senior and trained official exercise discretion in conducting
such searches or raids, rather than have a police sub-inspector or a head constable investigate such an offence.

eventuality of a cyber crime or cyber dispute relevant knowledge of
technology is of critical importance.

The abovementioned appellate framework ensures that there is no finality
to such a dispute and such dispute may continue ad nauseum. In the Internet
world, speedy and timely dispute resolution is of critical importance. The
prescribed dispute resolution mechanism suffers from all the infirmity of
present day dispute resolution in India. This means that in the Internet age
such disputes could continue for years, which would cripple the eBusiness.

5.20.8 Spamming And Privacy

The modern day e-consumer is flooded by innumerable junk mails. Also in
any eBusiness, employers or other third parties may monitor e-mails
depriving the users of their right to privacy. The present IT Bill does not
prevent spamming and anti privacy issues by making them punishable.

5.20.9 Technology Specific

The IT Bill is technology specific and the entire legislation is based on
digital signatures based on "double key encryption". Further, many "techies"
argue that soon double key encryption may be replaced by more
sophisticated third generation of bio-metric technology. Under this
technology encryption is based on biological inputs of the user e.g. thumb
impression, retina scan, DNA finger printing etc. In such a situation, the IT
Bill will need to be replaced with another law as the current law is

technology specific. However, it is recommended that the 'technology
neutral' legislation be formulated, where the change in technology will not
require a change in legislation. Under such a legal framework despite
whatever technology is used for encryption certain standards will have to be
maintained for digital signature to receive legal recognition.

5.20.10 The Anatomy Of Fraud Under Indian Law: The Question
Of Mens Rea

The term ‘fraud’s has not been defined in the Indian Penal Code.
Nevertheless, Section 25 of Indian Penal Code does attempt to define the
word ‘fraudulently’ by saying that there can be no fraud unless there is an
intention to defraud. The word fraud is clearly defined in Section 16 of the
Indian Contract Act, 1872. However, this definition cannot be made
applicable in criminal law.

In general, fraud is committed in three different ways

• To deprive a man of his right, either by obtaining something by
deception or by taking something wrong fully without the knowledge
or consent of the owner;

• To withhold wrongfully from another what is due to him, or to
wrongfully prevent one from obtaining what he may firstly claim; and

• To defeat or frustrate wrongfully another’s right to property.

Whenever the words fraud, intent to defraud have fraudulently occur in the
definition of a crime under the IPC, two elements, at least, are essential to
the commission of that crime:

• Deceit or an intention to deceive; and

• Either actual injury or possible injury or intent to expose some person
to actual or possible injury.

The main intent and principal object of the fraudulent person is in nearly
every case, his own advantage. A practically conclusive test as to the
fraudulent character of a deception for criminal purpose is whether the
author of the deceit derived any advantage from it, which he would not have
had if the truth had been known. It so, that advantage would generally have
an equivalent is was or risk of loss of someone else; and if so, there is fraud.

It is submitted that his definition of fraud encompasses within its fold, scams
on the Internet. Both the essential requisites of fraud, i.e. deceit or intention
to deceive and actual or possible injury to an individual or a group of
individuals are present in such scams. All such scams, whatever their modus
operandi are intended to gain advantage for some almost always at the risk
of loss to others. Sections 415 to 420, IPC details the law rating to cheating.
The grounds for these provisions to be attracted are the same as that of fraud,
i.e. dishonestly, deceit etc. In the case of internet of internet scams, relevant
sections relating to the crime of cheating such as cheating by impersonation
(Section 416) cheating with knowledge that wrongful loss may ensue to the

person whose interest the offender is bound to protect (Section 418), etc,
may be applied according to the facts of the case.

5.20.11 Perspective On Possible Solutions

Even an example that might otherwise be thought to favour the assertion of
jurisdiction by a local sovereign—protection of local citizens from fraud
and antitrust violations—shows the beneficial effects of a Cyberspace legal
regime. How should wee analyse “markets” for fraud and consumer
protection purposes when the companies at issue do business only through
the World Wide Web?

Cyberspace could be treated as a distinct marketplace for purposes of
assessing concentration and market power. Concentration in geographic
markets would only be relevant in the rare cases in which such market power
could be inappropriately leveraged to obtain power in online markets—for
example by conditioning access to the net by local citizens on their buying
services from the same company (such as a phone company) online. Claims
regarding a right to access to particular online services, as distinct from
claims to access particular physical pipelines would remain tenuous as long
as it is possible to create a new online service instantly in any corner of an
expanding online space.

Consumer protection doctrines could also develop differently online—to
take into account the fact that anyone reading an online ad is only a mouse
click away from guidance from consumer protection agencies and
discussions with other consumers. Nevertheless, that does not mean that
fraud might not be made “illegal” in at least large areas of Cyberspace.

Those who establish and use online systems have an interest in preserving
the safety of their electronic territory and preventing crime. They are more
likely to be able to enforce their own rules. A consensually based “law of
the Net” needs to obtain respect and deference from local sovereigns; new
Net-based law-making institutions have an incentive to avoid fostering
activities that threaten the vital interests of territorial governments.

5.21 E-BUSINESS REGULATION: NOTES ON COMPLIANCE
ISSUES IN THE “BORDERLESS ECONOMY”

Achieving legal and business order in cyberspace, forms but another step in
the quest for knowledge that is perhaps the special legacy of the new
millennium21. For commercial interests eager to gain ground in the new
order, ironically, the Internet is at the same time intimidating and
indispensable, essential for business success. The issue of regulation is
replete with unanswered e-business issues that desperately need to be
clarified as companies operate electronically across the globe. Some of the
regulatory issues are:

• Whose law governs contracts that are formed online? Are contracts
valid without a physical signature? Do the same laws apply to both
consumers and businesses?

21 Report of the American Bar Association (“ABA”) Jurisdiction in Cyberspace Project empanelled in 1998 under
the title, “Transnational Issues in Cyberspace: A Project on the Law relating to Jurisdiction”.

• Can the actual electronic transmission between countries be subject to
taxes or tariffs? Are product and service sales treated the same under
local law? Who decides?

• What are acceptable forms of online promotion? Are firms with
websites that link to other sites using questionable tactics, putting
themselves at risk?

• When the buyer sends his address and phone number to the seller,
whose laws determine the restrictions on the use of that data? How is
the seller’s credit card number protected? Who is empowered to
address disagreements that might arise?

• What tariffs and taxes are due? How are they accounted for and paid?

• What transaction crosses a border, what consumer protection is
available? What additional risks do sellers assume?

• What happens if the seller does not get paid? Where do consumers
return damaged goods purchased online? Does business-to-business
commerce operate predictably across all trading jurisdictions?

• How can buyers and sellers enforce their rights in foreign countries?
What international treaties apply? Does enforcement differ
geographically? By product or service type?

• Many laws applicable to global e-business are not yet clear. Does it
make sense to move aggressively to gain first mover advantage? Or
wait? How can an individual company protect its interests?

Questions, questions with not so obvious answers? Business in the new
economy will mean that traditional business approaches don’t necessarily
apply when viewed through the lens of the digital environmental. E-business
is a completely different way to transact ordinary business. Since new,
unfamiliar business practices are routinely scrutinised by governments and
regulatory organisations, one can expect continued regulatory review,
especially where consumer protection and economic welfare are at stake.

E-business shrinks the optimal regulatory action. New business
arrangements with industry-wrenching impacts can take effect in months,
not years. This rapid change means that regulatory issues must be addressed
early on to avoid overly “reactive” responses that can be counterproductive.

E-business effectiveness depends on a regulatory environment that is both
supportive and predictable. While onerous rules can be stifling to business
interests, regulatory indecision can be similarly disruptive. In order for e-
business to work best, business must accept equal responsibility with
governments to point the way.

5.21.1 Companies, Industry ‘Vigilance’ And Audits

Companies must remain vigilant both to protect their business interests and
ensure that they can proceed securely in uncharted territory. While some
maintain it is unrealistic to have no restriction whatsoever on e-business, yet
others shudder at the burden various bureaucracies might place upon the
Internet. Most are hopeful that industry, driven by market forces, will
ultimately regulate itself. If that fails, however, a wide range of regulators
can be expected to step in forcefully.

Perhaps industry groups could identify potential and real ‘hurdles’ and
attempt a solution. The vast majority of regulatory hurdles facing Internet
businesses today relate to traditional considerations whose scope and
application are transformed by the global character of the electronic market.
This industry alongwith CII should examine key international issues and
identify major international institutions that are addressing them. The issues
include:

• International trade and tariffs

• Data Security

• Encryption

• Infrastructure and Access

• Intellectual Property Rights

• Liability: Choice of Law and Jurisdiction

• Content

• Competition Law

• Self-Regulation

• Privacy

5.21.2 Web Audits And Commercial Strategy: An Advantage

According to Internet surveys, the fastest growing Web Sites are those,
which provide a place for personal expression, such, as chat rooms, message
boards, email and personal web pages22. In addition, "e-tailing," or retail
sales over the Web has exceeded industry expectations. Online sales tripled
from $3 billion in 1997 to $9 billion in 1998. By the year 2000, commerce
on the Internet is expected to generate $30 billion23. Not surprisingly, many
companies are launching Web sites to establish their presence on the
Internet and to introduce themselves to the emerging online consumer
market.

In doing so, many of these companies enter into new businesses, and some
may enter into regulated industries. Each of these Web site owners--whether
they are software vendors, search engines, banks or auction houses--
becomes a publisher, in addition to their original core business. And,
because of the thick competition to offer more and better services on the
Web, Internet companies frequently move from their core business to
entirely new ventures as sales agents, financial information providers, mail

22 Media Metrix, "The Media Metrix Web in Review: Top 50 Fastest Growing Web Sites in Audience Reach,"
(Aug. 10, 1998), http://www.relevantknowledge.com/PressRoom.
23 U.S. Dept. of Commerce, "Remarks of Sec. of Commerce William M. Daley," (Feb. 5, 1999),
http://204.193.243.2/public.nsf/docs/commerce-ftc-online-shopping-briefing.

providers, and more. This article outlines some of the issues arising from
operating a Web site in India and offers some suggestions to minimise legal
risk.

For a variety of reasons, initial and periodic legal audits for content liability
issues on a Web site play an important role in managing a company’s risk
on the Internet. First, for Web site operators located in the India, there are a
number of constitutional and statutory protections for these "New Media"
publishers, similar to the protections long enjoyed by traditional publishers,
such as newspapers, magazines and TV. or radio broadcasters. The same
probably for “new media” laws world-wide. Indeed, the U.S. Supreme Court
determined that online "speech," or content, should enjoy the highest level
of constitutional protection24. As part of the audit, Web sites also should be
reviewed for compliance with legislation regulating Internet content,
commerce and conduct.

Second, Web sites generally contain a mixture of content--some of which
may be generated by the site owner, but often, is not. An audit identifies the
different types of content and the different risk associated with each type,
and creates risk management strategies to protect the company.

Finally, the most successful Web sites are highly dynamic; that is, the
content is not only interactive but constantly growing, and therefore
changing. A good audit identifies "hot spots" on a site that are more likely
to draw complaints or have greater exposure. Given the uncertainty of the
law in the Internet space, a primary objective of risk management is to

24 Reno v. American Civil Liberties Union, U.S., 117 S. Ct. 2329 (1997) (the Internet receives full First
Amendment protection).

"marginalize" the potential plaintiff's success. An audit may provide
guidelines for dealing with particularly complex areas, such as chat rooms
or message boards, e-commerce transactions and user privacy. A great deal
of thought and practical judgment are necessary to conduct a legal audit of
Web site content.

5.21.3 Where To Begin: The First Steps

A Web site audit begins with a survey of the site--identifying the types of
content and services provided on the site, the types of terms of service or
legal disclaimers needed the intellectual property rights, and the potential
hot spots that are likely to give rise to liability. Typically, this phase of the
audit requires discussions with the staff responsible for the site's content to
determine how content is generated, which areas are the subject of
complaints and what policies exist to handle complaints.

Depending upon the company, Web sites fulfil different and often multiple
functions. Some sites are essentially advertisements that bolster brand
identity, describe the company's product or services and provide investors
or shareholders with information. Others fulfil traditional media functions
of providing news, entertainment or other content (such as financial
information or classified ads). Many of the largest sites have moved toward
building online communities--sites that draw users back again and again.
These sites offer a variety of services, including search engines, e-mail, chat,
message boards, and commercial services--such as travel, brokerage and
retail. The breadth of an audit depends in large part on the complexity of the
site.

5.21.4 Content And Control: A Guide For Businesses

5.21.4.1 Original Content

Web site content which is entirely or mostly generated by the Web site
owner often presents the least complex liability issues. These issues are
substantially similar to liability issues that a newspaper publisher has when
publishing its daily paper or that a company has when publishing its
prospectus or retail catalogue. Like their traditional media counterparts,
Web site owners in India enjoy the significant legal protections available to
publishers. Generally, Web site owners should review their content for
accuracy, fair advertising practices, intellectual property rights and
Securities Exchange Commission and other regulatory related issues.

5.21.4.2 Licensed Content

Many Web sites license content rather than create their own. An audit
therefore may also include review of the licensing agreements to ensure that
the Web site owner has the rights it needs to distribute, alter, republish or
otherwise use the licensed content. In addition, the audit should review all
representations and warranties for the content and any appropriate
indemnifications by the licensor.

5.21.4.3 Third Party Content

As interactivity becomes a primary draw for bringing back Internet users,
more sites are including chat, message boards, e-commerce and e-mail at
their site. As a result, much of the content in these areas is created by users

of the site and cannot as a practical matter be reviewed or edited by the Web
site owner. Not surprisingly, while user-created content draws the most
interest, it also draws the most complaints.

In the United States, the Congress enacted Section 230 of the
Communications Decency Act of 1996, which largely immunises online
service providers from liability arising from the statements of third parties25.
Recent legal decisions have held that under Section 230 a Web site owner
cannot be held responsible for the defamatory or otherwise tortious
statements of individuals who post on its message boards26. Nonetheless,
because users occasionally make offensive, inflammatory or otherwise
objectionable statements, Web site owners should have clear and reasonable
policies to handle complaints that arise in these areas and all appropriate
disclaimers and indemnifications.

In 1998, the U.S. Congress also passed the Digital Millennium Copyright
Act, which provides limited safe harbours for online service providers that
unknowingly or inadvertently transmit, link to, or host infringing material
provided or posted by third parties. Under this new legislation, each Web
site must register with the Copyright Office and put in place a policy for
reporting possible copyright infringement on their site.

25 47 U.S.C. 230. Other provisions of the Act related to "obscene" material were struck down as unconstitutional
in Reno v. American Civil Liberties Union.
26 See, e.g., Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997); Blumenthal v. Drudge, 992 F. Supp. 44
(D.D.C. 1998).

5.21.4.4 Linking And Framing

The practice of linking to or framing other Web sites raises liability issues
unique to the Internet. A Web site owner may be found liable for
contributory infringement or vicarious liability for knowingly linking to
another site that contains copyright infringing material or otherwise engages
in infringing activity. In an interesting claim arising from allegedly
improper linking, Ticketmaster sued Microsoft for its use of hypertext links
to bypass Ticketmaster's homepage and advertising.27.

A Web site owner also may be found liable for trademark infringement or
unfair competition for framing another site on its site. For example, in
Washington Post, et al. v. TotalNEWS28, a number of news media sued
TotalNEWS, a Web site which aggregated the other news sites and "framed"
those sites with their own ads, thus effectively deriving ad revenues based
on others' content without their permission. Although that case settled out
of court, the practice of framing should be carefully reviewed in an audit.

5.22 CONTENT LIABILITY ISSUES: A CHECKLIST FOR WEB
PUBLISHERS

5.22.1 Copyright & Trademark

A content audit should include a review of the third-party content, and the
corresponding license agreements, to ensure that the Web site owner has
acquired the appropriate rights for use on its site. This includes graphics,

27 Ticketmaster Corp. v. Microsoft Corp., No. 97-3055 DDP (C.D. Cal., filed Apr. 29, 1997).
28 97 Civ. 1190 (PKL) (S.D.N.Y., filed Feb. 28, 1997)

images, logos and text. Indeed, use of another's trademark as a link may give
rise to liability if the manner in which one uses a trademark creates the false
impression that the trademark owner is somehow affiliated with the Web
site owner. In addition, the audit should review the owner's copyright and
trademark notices to ensure that they are accurate and current.

5.22.2 Defamation

Under U.S. law, a Web site owner may be held liable for false statements of
fact which are defamatory and published with fault. While the owner may
not be liable for statements by third parties because of the statutory
protections of the Communications Decency Act, statements originating
with the owner may give rise to liability. Traditional publishers frequently
have an attorney review sensitive articles prior to publication to identify
troublesome statements and to set up the best possible legal defences for
publication of the article. A similar practice may be appropriate for articles
published on the Internet which are written by the Web site owner.

5.22.3 Invasion Of Privacy

There are three types of privacy torts that may arise from statements made
on Web sites: the public disclosure of private facts, statements which place
the subject in a false and defamatory light, and the commercial use of
another's image or likeness without their permission. As in defamation,
while the Web site owner in the United States may not be liable for state law

invasion of privacy claims arising from third party statements, the owner
should carefully review original content.

5.22.4 User Privacy

An audit should include a review of the Web site's collection of user
information. This usually is done at the registration page, and may include
name, address, email address, telephone number and credit card number. In
addition, most sites now monitor the pages viewed and services utilised by
a user via "cookie" technology. Thus, sites may maintain and use personally
identifiable information about its users for a wide range of purposes such as
targeting banner advertisements, tailoring services to individual users and
sending direct advertisements to individual users based on their
demonstrated interests. What information is collected, how it is used and to
whom it is disclosed should be carefully reviewed to ensure that the Web
site owner is in compliance with applicable privacy statutes, Competition
and MRTP regulations and the site's privacy policy.

5.22.5 Advertising & Promotions

As a growing number of Web sites move toward the advertising business
model, a content audit should include review of the site's guidelines for
accepting advertising on its site, particularly banner ads which hyperlink to
the advertiser's site. The guidelines should adhere to state and federal fair

advertising laws, particularly in regard to minors. In addition, the audit
should review the ad insertion orders to ensure that they include appropriate
indemnifications and representations and warranties. Some Web sites also
sponsor interactive contests or sweepstakes and an audit may include review
for compliance with sweepstake and contest laws.

5.22.6 Sales

If the site includes commercial transactions, the audit should include a
review of the online contracts and also the Web site owner's account
procedures for creating and maintaining records of the transactions. In some
cases, the owner also may need to obtain accounting, security or other
professional advice.

5.22.7 Regulatory Compliance

If the business hosting the Web site is publicly traded or involved in a
regulated industry, such as banking, real estate, utilities, pharmaceuticals,
or alcoholic beverages, the audit should include a review of SEC compliance
and the specific advertising, shipping or other regulations for such
industries.

5.23 THE SPHERE OF AUDIT

Specific components of a Web site are worth particular attention.

5.23.1 Disclaimers & Terms Of Service

The disclaimers and Terms of Service are important in establishing the
relationship between the Web site owner and its users. Generally, the
comprehensiveness of a user agreement is determined by balancing the
potential exposure created by site content and activities against the
potentially intimidating impression a long agreement will make on the user.
For example, relatively straightforward sites that provide information about
a company, but have little user interactivity, may only require a short
disclaimer. On the other hand, sites which host e-commerce, chat, email, or
message boards or provide sensitive information, such as financial
information and services, will likely require a more extensive user
agreement.

5.23.2 Message Boards & Chat

Many Web sites now provide areas for users to interact with both the Web
site owner and other users. These areas take the form of message boards
(where users can post a message that can be read and responded to by other
users) and chat rooms (where users can send each other messages, or "chat,"
in real time).

In my experience, user interaction is fun and free-wheeling, but it can also
be highly inflammatory. Frequently, a user may make defamatory or
otherwise objectionable statements about another. Users then tend to turn to
the Web site owner to remedy the problem by removing the statements,
correcting the statements or somehow punishing the author of the
statements. An audit should include a review of how the owner responds to
such demands and set up a policy for when, if ever, it is appropriate to either
remove a post or provide information about the author.

5.23.3 User Information

The privacy and security of personal information on the Internet has become
an increasing concern. A Web site audit should include review of the site's
policies for disclosing user information and, in particular, policies for
responding to subpoenas for user information. In the United States,
responding to requests for either the content of communications (i.e., email
messages) or user information is strictly limited by the [federal] Electronic
Communications Privacy Act. Any policy should take into consideration
privacy or procedural requirements and other duties arising from common
law or the site's Terms of Service.

Finally, an audit should include a review of the site's privacy policy. In
general, the policy should provide notice to users about the types of
information collected, how such information is used and to whom it is
disclosed. In addition, Web sites should provide their users with reasonable
access to their personal information and the ability to update or remove such
data as appropriate.

The legal audit provides some guidance for Web site owners by identifying
areas of potential liability before litigation arises. In addition, further content
liability counselling can be done to place the Web site owner in the best
possible legal position--by posting proper disclaimers, establishing sensible
complaint policies, etc.--should a legal demand be made.