2. Basics of it law & jurisdictionBasics of it law & jurisdiction
• Meaning of the term computer
• No hard and fast rule of defining it
• That is, there is no universal acceptable definition of this
term
• What is regarded as a computer in one industry or
sector might not necessarily mean the same in another
• The Oxford Dictionary:
• “An electronic device which is capable of receiving
information (data) and performing a sequence of logical
operations in accordance with a predetermined but
variable set of procedural instructions (program) to
produce a result in the form of information or signals”
By I. MGETA 2
3. ContinueContinue
S.3 of The Electronic and Postal Communications
Act, 2010 (Act no.3 of 2010);
“Computer “means an electronic device used to input,
process store and output data
In short, there are disparities in defining the term
Computer.
The common aspects/elements of definition are;
Electronic device, used for
Keeping data-input (data storage)
Processing data
Producing data-output
By I. MGETA 3
4. The link-Law & ComputerThe link-Law & Computer
Development of Computer technology
has not only affected the field of science
and technology rather affected also other
disciplines, e.g law
Areas of interest in law:
Privacy and security
Freedom of expression and information sharing
Business operation and transactions interchange
Terms and conditions of use of software programs,
etc
By I. MGETA 4
5. Meaning of Computer/Internet LawMeaning of Computer/Internet Law
They are not synonymous but inter-related
◦ IT Law deals with all issues related to the use of
IT including privacy.
◦ Computer Law:
Law regulating the use and application of computer
related technology and the control of computer related
crimes and abuse of electronic services
◦ Internet Law:
The law that regulates internet services, usage,
electronic communication, rights and obligations of ISPs
and Internet users, control of online abuse, etc
6. Jurisprudential foundationJurisprudential foundation
An area of the law which has developed
because of technical legal issues that
arose with the emergence of computer
technology
Legal Issues which gave rise to IT law
Electronic commerce and contract formation
Admissibility of electronic evidence and computer
print-outs
Privacy online and data protection
Computer and ICT crimes
IPR and computer technology, etc
7. ContinueContinue
Sources of IT law
International conventions-e.g UNCITRAL
Model Law on E-Commerce
The Constitution-basic human rights, eg right
to privacy and freedom of expression
Statutes
Case laws
Legal opinions from prominent lawyers and IT
8. IntroductionIntroduction
Development in ICT has paved a new era in
communication technology
With this development, new challenges have
emerged:
How to deal with threats to electronic
communications
How to harmonize traditional laws to cover new
sophisticated offences
Redefinition of some of the offences, etc
Electronic privacy is also another issue not only
on individual data but even on governmental
information
All these are challenges to a new digital/cyber-era
8
9. Computer Crime/ICT CrimeComputer Crime/ICT Crime
Scholars have distinguished computer
crime/ICT crime from Cyber crime
Computer crime is defined as;
Any criminal activities that are committed
against a computer or similar device, and data
or program therein.
In computer crimes, the computer is the
target of criminal activities.
9
10. ContinueContinue
The “computer” in this context refers to the
hardware, but the crimes, …, more often
than not relate to the software and the data
or program contained within it.
The criminal activities often relate to the
functions of the computer; in particular, they
are often facilitated by communications
systems that are available and operated
through the computer, thereby contributing
to a less secure computing environment.
10
11. ContinueContinue
It is also defined as;
Computer crime encompasses the use of a
computer as a tool in the perpetration of a
crime, as well as situations in which there has
been unauthorised access to the victim’s
computer, or data.
Computer crime also extends to physical attacks
on the computer and/or related equipment as
well as illegal use of credit cards and violations of
automated teller machines, including electronic
fund transfer thefts and the counterfeit of
hardware and software.
11
12. ContinueContinue
Further that;
“Computer crime covers all sets of
circumstances where electronic data
processing forms the means for the
commission and/or the object of an offence
and represents the basis for the suspicion that
an offence has been committed.”
12
13. ContinueContinue
A distinction between Computer crime
and cyber crime is explained as:
“Computer Crime” encompasses crimes
committed against the computer, the materials
contained therein such as software and data, and its
uses as a processing tool. These include hacking,
denial of service attacks, unauthorized use of
services and cyber vandalism.
13
14. ContinueContinue
“Cyber Crime” describes criminal activities
committed through the use of electronic
communications media.
One of the greatest concerns is with regard to cyber-
fraud and identity theft through such methods as
phishing, pharming, spoofing and through the abuse of
online surveillance technology.
There are also many other forms of criminal
behaviour perpetrated through the use of information
technology such as harassment, defamation,
pornography, cyber terrorism, industrial espionage
and some regulatory offences”.
14
15. ContinueContinue
So one may gather from all those definitions that:
Cyber crime is a computer enabled crime
Computer crime is a crime where by the computer is a
target
Cyber crime is a criminal activity that involves a
computer and network that links computers.
These crimes can be categorized into two:
Crimes that can only be committed which were previously
not possible before the advent of the computer such as
hacking, cracking, sniffing and the production and
decimation of malicious code.
The other category of crimes are much wider and have
been in existence for centuries but are now committed in
the cyber environment such as internet fraud, possession
and distribution of child pornography etc
15
16. ContinueContinue
UK author Ian Walden, distinguishes these crimes
in the following categories;
“computer-related crimes” (such as fraudulent
activity involving the use of computers)
“content-related offences” (such as the distribution
of pornographic material involving children by means
of computers and cellphones),
“computer integrity offences” (in which the
computer itself is the object of an attack).
Suffices to say that, there is no universal accepted
classification of computer crimes/cyber crimes
Much will depend on what a particular scholar has
intended to say or local legislations.
16
17. Types of Cyber crimesTypes of Cyber crimes
According to Mumbai Police department;
Hacking
Phishing
Denial of service attack
Spoofing
Cyber-stalking
Virus dissemination
17
19. ContinueContinue
According to the Australian Institute of
Criminology;
Theft of telecommunication services
Communications in furtherance of criminal
conspiracies
Telecommunication piracy
Dissemination of offensive materials
Electronic money laundering and tax evasion
Electronic vandalism
Terrorism and extortion
Sales and investment fraud
Illegal interception of telecommunications and
Electronic funds transfer fraud.
19
20. ContinueContinue
Therefore, even in classification of cyber
crimes scholars do differ in their
classification and even authorities
responsible in controlling such kinds of
crimes differ in the way they classify them
For the purpose of this lecture, the two
terms computer crime and cyber crime
will be used interchangeably
20
21. ContinueContinue
The discussion will cover the following types of
cyber crimes:
Computer fraud
Simply means any dishonest misrepresentation of fact by
using any electronic device intending to induce another
to do or refrain from doing something which causes loss
or any psychological suffering.
Computer fraud include some forms like;
Concealing unathorised transactions
Electronic funds transfer fraud
Identity theft
Entering unauthorised instructions or processes in a
computer, etc
21
22. ContinueContinue
Hacking
This simply means unathorised access to a computer
system. In telecommunication services, this practice is
called ‘phone phreaking’.
It is an illegal intrusion into a computer system without
the permission of the computer owner/user
Unathorised modification of data
Data need to be set in a systemic form so that the
system can function effectively.
Any unauthorized alteration or modification of such
information or data may render the entire system to be
ineffective or produce undesired outcomes.
22
23. ContinueContinue
A person may gain access to the computer
system and without permission may modify
the data kept in a computer and rendering
the whole or part of the system to stop
functioning
This can also be done through sending of
malicious code which may render the
computer system ineffective.
23
24. ContinueContinue
Dissemination of malicious code-use of viruses and
other nasty computer programs
Computer virus simply means a malicious software
which is capable of replicating itself
Not all computer viruses are harmful-some are
essential in the programming processes, e.g
Computer bugs
This crime can be committed through dissemination
of malicious code or virus dissemination which
attaches itself to other software and renders
alteration in its functioning system.
24
25. ContinueContinue
This kind of dissemination may include;
Virus-These infect computers or other
electronic devices and are passed on by user
activity, for example by opening an email
attachment or opening any document or
device that contains them
Worms-These are self-propagate malware
using an internet connection to access
vulnerabilities on other computers and to
install copies of them. They are often used as
a conduit to grant attackers to the computer.
Masquerade
25
26. ContinueContinue
Trojan horse-These are malware
masquerading (impersonating) as something
the user may want to download or install,
that may then perform hidden or unexpected
actions, such as allowing external access to
the computer.
Other forms of malicious software like time
bomb, logic bomb, etc
Malicious software can be transmitted from
one computer to another through network
sharing, sharing of hard drives, flash disks, etc.
26
27. ContinueContinue
◦ Denial of service attack
This is an act by the criminal who floods the
bandwidth of the victim’s network or fills his e-
mail box with spam mail depriving him of the
services he is entitled to access or provide.
The main purpose is to create such a surge in
the volume of email traffic in order to degrade
network performance
27
28. ContinueContinue
It is often aimed at businesses engaging in e-
commerce the aim being to generate such a
volume of spurious messages that the victim
site becomes clogged up and is unable to
accept messages from genuine users wishing to
place orders for goods or services.
Denial of service attack may cause both
financial loss and loss in goodwill
Customers who are unable to access services
may lose confidence in a certain service
provider or businessman
28
29. ContinueContinue
For example, on February 2000 denial of
service attacks was initiated by a single man
(teenager!) in Canada, who slowed down
dramatically the most famous e-commerce
servers like amazon.com, ebay, yahoo.
These servers could not sell their products any
more for some few days. They claimed to have
globally endured more than $1 billion in
damages
29
30. ContinueContinue
◦ Unauthorised interception
Development in telecommunications provides new
opportunities for electronic eavesdropping.
Interception of communications has not been used
only for surveillance of an unfaithful spouse, but it
has developed to be used against politicians and for
industrial espionage.
The electromagnetic signals emitted by a computer
may be intercepted.
Cyber criminals often obtain valuable information
by intercepting and monitoring communications
sent via the internet or other information
networks.
30
31. ContinueContinue
Electronic mail messages can easily be
intercepted by third parties, thereby enabling
them to obtain bank account numbers,
password, access codes and various other forms
of data.
While interception of communication may be
legal if permitted by the law, unlawful
interception is illegal and is one of the cyber
crimes.
The challenges that exist in regulating
interception of electronic communication is the
need to balance unathorised interception and
the question of freedom of expression.
31
32. ContinueContinue
◦ Extortion
Extortion is a process from which criminal
intruders disrupt the information system in order
to execute any bad motive behind such disruption.
Such intrusion in a computer system may cause
damage in storage system and loss of some
important data.
The act also can be used to disrupt the security
system so as to facilitate the commission of other
crimes.
32
33. ContinueContinue
◦ Pornography, cyber-obscenity and cyber-
stalking
Pornography is the first consistently successful
e-commerce product
By using deceptive marketing tactics and mouse
trapping technologies pornography has been a
tool for encouraging customers to access
certain websites.
The access of this kind of materials is open to
both children and adults who uses the Internet
33
34. ContinueContinue
One of the impacts of pornography is a
crime known as paedophilia.
Paedophilia is criminal activity involving
sexual offences against children by adults,
including the production and distribution of
child pornography.
A paedophile is a person who is sexually
attracted to children
Most of the countries now have criminalized
child pornography
34
35. ContinueContinue
◦ Cyber stalking is a technologically-based
“attack” on one person who has been
targeted specifically for that attack for
reasons of anger, revenge or control.
Using this technique a criminal follows a
victim by harassing or persecuting him/her
with unwanted and obsessive attention
through sending emails, forum chat, etc
35
36. ContinueContinue
Cyber stalking may take forms of;
harassment, embarrassment and
humiliation of the victim,
emptying bank accounts or other
economic control such as ruining the
victim's credit score, harassing family,
friends and employers to isolate the
victim,
scare tactics to instill fear, etc.
36
38. ContinueContinue
◦ Cyber obscenity is closely associated with
cyber stalking.
In this techniques, a criminal causes a
transmission of distasteful, obscene or
offensive materials through the Internet to
another person
Distribution of indecent/obscene materials
is largely criminalized by most of the
countries-such prohibition extends on the
Internet
38
39. ContinueContinue
Publication of offensive materials is an
offence and may also be defamatory
However what is offensive in one country
may not be the same in another country.
This causes a great disparity in laws
regulating offensive materials on the
Internet
39
40. ContinueContinue
◦ Software piracy
This encompasses a range of forms of conduct like;
Unlawful Multiple installation
End-User Piracy
Client/Server Piracy
Online Piracy
Software piracy infringes IPR and mostly raises civil
liability other than criminal liability
However, IPR has also criminal sanctions which
may also relate to software piracy
40
41. ContinueContinue
◦ Use of unlawful devices and unlawful
programs
Because of various threats posed by electronic
technology, companies and governments have
developed some security measures to help in
preventing unauthorised access or use of
certain information
Criminals frequently use sophisticated
technology to intrude in these protected
systems so as to commit crimes
41
42. ContinueContinue
More often, criminals use some devices or
programs which can disrupt the security
system or any protected material
E.g, Criminals may use skimming devices to
capture all the data contained on the
magnetic strip and thereafter, with
assistance of a computer terminal,
download such data and use them for any
unlawful activity including credit card fraud
acts
42
44. ContinueContinue
◦ Spoofing and phishing
Phishing is a pulling out of confidential information
from the bank/financial institutional account holders
by deceptive means.
Phishing is a general term for e-mails, text
messages and websites fabricated and sent by
criminals and designed to look like they come
from well-known and trusted businesses,
financial institutions and government agencies
in an attempt to collect personal, financial and
sensitive information. It’s also known as brand
spoofing.
44
45. ContinueContinue
E.g, A Criminal may send scams, which may be in
form of an email, to a victim informing him that
his email has won a certain sum of money and
that the email has been randomly selected from
several emails following the draw conducted on a
certain date.
Characteristics
◦ The content of a phishing e-mail or text message
is intended to trigger a quick reaction from you.
It can use upsetting or exciting information,
demand an urgent response or employ a false
pretense or statement.
45
46. ContinueContinue
◦ Typically, phishing messages will ask you to
"update," "validate," or "confirm" your
account information or face dire
consequences. They might even ask you to
make a phone call.
◦ Often, the message or website includes
official-looking logos and other identifying
information taken directly from legitimate
websites.
46
47. ContinueContinue
The criminal may ask the victim to verify his
email details (pretending that it is for security
purposes) and send back all his full details
including bank account details and that the
money will be deposited to that account as
soon as all correct details are received.
Sometimes the criminal may link a victim to a
certain website pretending that it is for security
reasons
47
48. ContinueContinue
Brand Spoofing is a technique of getting one
computer on a network to pretend to have
the identity of another computer, usually one
which has special access privileges, so as to
obtain access to other computers on the
network
Government, financial institutions and online
payment services are common targets of
brand spoofing.
48
50. Legislative MeasuresLegislative Measures
Before 2010 there was no specific law
that was enacted to regulate cyber crimes
◦ The Law Reform Commission-prepared a Bill
Computer and Computer-related Crimes Bill:
That was aimed at regulating;
Illegal access and interfering with computer
systems
Use of illegal devices
Interfering with data and computer system
50
51. ContinueContinue
Publication of immoral materials (eg.
obscenity, inciting hatred, harmful to
children, etc.)
Production of computer viruses, worms,
logic bombs, etc.
Powers of authorised officers to search &
seize computer systems/e-devices and
access data
Powers of authorised officers to prosecute
cyber-crimes
51
52. ContinueContinue
The response of the Government was the enactment
and passing by the parliament of the Electronic and
Postal Communications Act, 2010 (Act no.3 of 2010)
Part VI of the Act establishes offences and penalties
in relation to;
◦ Electronic communications-ss 116-124
◦ SIM Cards-ss125-137
◦ Postal Communications-ss 138-150
◦ Additional offences and penalties-ss 151-160
The new law has made a number of amendments to
the TCRA Act and the Fair Competition Act
52
53. ContinueContinue
It is significant to note that, some of
commonly known cyber-crimes have been
criminalized under the new law;
These include;
◦ Offences relating to interception of electronic
communication-s.120
◦ Offences relating to interference of electronic
communication-s.123
◦ Fraudulent use of electronic services-s.122
◦ Unauthorised access or use of computer system-
s.124
◦ Transmission of obscene materials-s.118
53
54. ContinueContinue
S.124(1) of the Act establishes a National
Computer Emergency Response Team (CERT)
whose role is;
◦ To coordinate response to cyber security incidents at
the national level
◦ Cooperate with regional and international entities
involved with the management of cyber security
incidents.
The enactment of this Law has not effectively
succeeded to address challenges related to
ICT/Cyber Crimes.
There is initiative of coming with the Cyber-crimes
Act.
54
55. ContinueContinue
Other Jurisdiction
The Council of Europe’s Convention on
Cybercrime
◦ In the absence of a more International instrument to
regulate and criminalize cyber crimes, this Regional
instrument has proved to be a leading international
instrument in this field
55
56. ContinueContinue
◦ The Convention criminalizes cyber crimes in four
categories
Offences against the confidentiality, integrity
and availability of computer data and systems;
Illegal access
Illegal interception
Data and system interference
Computer-related offences
Computer-related forgery
Computer-related fraud
56
57. ContinueContinue
Content-related offences
Computer pornography and other obscene
materials
Offences related to infringements of copyright
and related rights
Software piracy, etc
Other countries have molded their laws
largely from this Convention, e.g;
◦ The Computer Misuse Act (UK)
◦ The Electronic Communications and
Transactions Act (SA)
57
58. Case law analysisCase law analysis
Unauthorised access to computer
systems (hacking)
McKinnon v Government of the USA and another
[2008] UKHL 59
Accessed 97 US Navy, Army, Nasa and
Pentagon computers
Read para 11-16 of the case to see the facts
of this case.
The order for his extradition from UK to US
was granted and the appellant was challenging
that order
The House of Lord dismissed his appeal
against extradition.
58
59. ContinueContinue
Unauthorised access/use by authorized user
S v Douvenga (2003)
A Secretary tried to e-mail certain information
obtained from a database and give it to a
competitor
The Secretary had authorisation to access data
(password)
The issue was whether a person who is
authorized to access certain information can be
liable for unauthorised access if he accesses
information for unlawful purpose.
The Court found that to be unauthorised
access.
59
60. ContinueContinue
DPP v Bignall (1998) 1 Cr App R 1
Police officers obtained access to data held on
the police national computer for private
purposes
No crime – was entitled to authorised use to
gain access to data
R v Bow Street Magistrates’ Court, ex p Allison
[1999] 4 All ER 1
Authorised access to certain data but this
enabled access to other data
The Court held that Authorisation does not
only relate to type of data but also to type of
access (i.e. purpose of access)-hence a crime 60
61. ContinueContinue
◦ Denial of service (DoS) attacks
Flood servers with multiple requests or
congest communication links
DPP v Lennon [2006] EWHC 1201 (Admin)
The accused downloaded mail-bombing
program and used it to bombard his former
employer with e-mails
The Court held-A person does not consent
to receive e-mails which are sent to disrupt
the proper operation and use of the system
61
62. ContinueContinue
◦ Extortion and Malicious damage to property
◦ In S v Howard (Unreported case no.
41/258/02), Johannesburg regional
magistrates’ court
One of the issues in this case was whether
the erasure of digital data in a computer
system amounts to malicious damage to
property.
62
63. ContinueContinue
The court answered this issue in affirmative
because of the fact that the hard drive of a
network server was damaged after it had
attempted to reboot 256 times and the file
loadtrm.exe had been altered, both as a
result of interference with the system by
the hacker.
The court found that because the point of
sale systems were rendered unusable for a
sometime, temporary damage had been
done to corporeal property
63
64. ConclusionConclusion
The main challenge facing states in
regulating ICT related crimes is lack of
universal guidelines on legislative
measures which can be used to combat
such crimes.
It remains to be within domestic and
regional initiatives to deal with these
modern threats.
Thus, until when there will be uniform
standards, these threats will live with us.
64