HISTORICAL DEVELOPMENT OF CYBER LAW IN BANGLADESH:
The rapid expansion of the computer networks and the
increasing abilities to access systems through regular telephone lines
increases the vulnerability of these systems and the opportunity for their
misuse for criminal activity. The user of cyberspace grows increasingly
diverse and the range of online interaction expands. So dispute of every type may
be expected to occur, which breach in online contracts, perpetration of online
torts and crimes etc. The consequences of computer crime are enormous in terms
of both the economic cost as well as human security.
Information Technology has spread throughout the world. It
has opened up many opportunities for each sector. Even network information
systems are being adopted by the governments world Wide, that's why the
governments across the world are recognizing the need to secure and
regulating 1 e cyber world. Cybercrime is a new class of crime in Bangladesh.
It is rapidly expanding due to the extensive use of the Internet.
Cyber law, it is a term that summarizes the legal issues
related to use of communicative, transactional, technologies, and distributive
aspects of networked information devices and technologies. It is less a
distinct field of law than property or contract law, as it is a domain covering
many areas of law and regulation. IT law is a set of recent legal enactments,
currently in existence in several countries. Which governs the process and dissemination
of information digitally. These legal enactments cover a broad gamut o different
aspects relating to computer software, protection of computer software, across and
control of digital information, privacy, security, internet access and usage,
and electronic commerce. These laws have been described as "paper
laws" for "Paperless Environments".
In Bangladesh, a number of cyber-related laws are existing,
The main among these are:
- · Information & Communication Technology Act-2006
- · Right to Information Act-2009
- · Information & Communication Technology (Amendment) Act-20 13
- · Digital Security Act-2018
CRYPTOGRAPHY & TYPES OF CRYPTOGRAPHY:
Cryptography is a technique of securing information and
communications through use of Codes so that only those persons for whom the
information is intended can understand and process it. thus preventing
unauthorized access to information. The prefix ‘crypt’ means "hidden” and the suffix “graphy" means “writing". In Cryptography the techniques which
are use to protect information are obtained from mathematical concepts and a
Set of rules based on calculations known as algorithms to convert messages in
ways that make it hard to decode them. These algorithms are used for
cryptographic key generation, digital Signing, and Verification to protect data
privacy, web browsing on the internet, and to protect confidential transactions such
as credit card and debit card transactions.
Techniques used For Cryptography:
In today's age of computers, cryptography is often associated
with the process where an ordinary plain text is converted to cipher text which
is the text made such that the intended receiver of the text can only decode it and
hence this process is known as encryption. The process of conversion of cipher
text to plain text this is known as decryption.
Features of Cryptography are as follows:
- 1. Confidentiality: Information can only be accessed by the person for whom it is intended and no other person except him can access it.
- 2. Integrity: Information cannot be modified in storage or transition between sender and intended receiver without any addition to information being detected.
- 3. Non-repudiation: The creator/sender of information cannot deny his or her intention to send information at later stage.
- 4. Authentication: The identities of sender and receiver are confirmed. As well as destination/origin of information is confirmed.
Types of Cryptography:
- A) Secret key (symmetric) cryptography. SKC uses a single key for both encryption and decryption.
- B) Public key (asymmetric) cryptography. PKC uses two keys, one for encryption and the other for decryption.
- C) Hash function (one-way cryptography). Hash functions have no key since the plaintext is not recoverable from the ciphertext.
In general there are three types of cryptography:
- 1. Symmetric Key Cryptography: It is an encryption system where the sender and receiver of message use a single common key to encrypt and decrypt messages. Symmetric Key Systems are faster and simpler but the problem is that sender and receiver have to somehow exchange keys in a secure manner. The most popular symmetric-key cryptography system is Data Encryption System (DES)
- 2. Hash Functions: There is no usage of any key in this algorithm. A hash value with a fixed length is calculated as per the plain text which makes it impossible for the contents of plain text to be recovered. Many operating systems use hash functions to encrypt passwords.
- 3. Asymmetric Key Cryptography: Under this system a pair of keys is used to encrypt and decrypt information. A public key is used for encryption and a private key is used for decryption. Public Key and Private Key are different. Even if the public key is known by everyone the Intended receiver can only decode it because he alone knows the private key.
ELECTRONIC RECORD:
What are electronic records?
An electronic record is information recorded by a computer
that is produced: or received the initiation, conduct, or completion of an agency
or individual activity. Examples of electronic records include e-mail messages,
word-processed documents, electronic Spreadsheets, digital images and
databases. Many electronic records are maintained as part of an electronic
recordkeeping system, such as geographic information systems (GIS), digital
image storage systems, computer-aided design (CAD) systems, etc.
Legal Recognition of Electronic Records
In countries like USA, European Union, electronic records have
legal significance. "ICT ACT-2006* has given recognition to electronic
Records and Digital Signatures. Using them in by the government and its agencies.
Electronic Information, paper & Ink based information has given equal legal
force to treat electronic signatures at par with paper and ink-based
signatures. The business doing on the web, in order to bring non-repudiation, and authenticity in transactions on the Internet, the IT Act provides for the deployment
of digital signatures. These allow and encourage individuals and organizations
in doing business with greater commerce potential through the web.
Section 6 of the ICT Act-2006 gives legal recognition to
electronic records in Bangladesh. The law provides that information or any
other matter shall be in writing or in the typewritten or printed form, the
requirement of law shall be deemed to have been satisfied if such information
or matter is made available in an electronic form. But the information or
matter is accessible and usable for subsequent reference.
CERTIFYING AUTHORITY (CA):
A certificate authority (CA), also sometimes referred to as
a certification authority, 1S a company or organization that acts to validate
the identities of entities (such as websites, email addresses, companies, or
individual persons) and bind them to cryptographic keys through the issuance of
electronic documents known as digital certificates. A digital certificate
provides:
- # Authentication: by serving as a credential to validate the identity of the entity that it is issued to.
- # Encryption, for secure communication over insecure networks such as the Internet.
- # Integrity of documents signed with the certificate So that they cannot be altered by a third party in transit.
Purpose of Certifying Authority:
In cryptography, a certificate authority or certification
authority (CA) is an entity that issues digital certificates. A digital
certificate certifies the ownership of a public key by the named subject of the
certificate. This allows others (relying parties) to rely upon signatures or on
assertions made about the private key that corresponds to the certified public
key. A CA acts as a trusted third party-trusted both by the subject (owner) of
the certificate and by the party relying upon the certificate. The format of these
certificates is specified by the X.509 standard.
CYBER CRIME & OFFENCES:
Chapter VII on Penalties and Adjudication and Chapter [X on
Offences includes some cybercrime provisions that prohibits attacks or unauthorized
access to computers & computer system.
Chapter [X: Section 66. Punishment for tampering with computer
source documents
Whoever intentionally or knowingly conceals, destroys or
alters, or intentionally or knowingly causes any other person to conceal,
destroy or alter any computer source code used for a computer, computer
programs, computer system, or computer network, when the computer source code is
required to be kept or maintained by any law for the time being in force, shall
be punishable with imprisonment of either description for a term which may
extend to three years, or with fine which may extend to Taka two lakhs, or with
both. Explanation. For the purpose of this section, “computer source code''
means the listing of programs, computer commands, design and layout, and
program analysis of computer resources in any form.
Section 67. Hacking with computer system
Whoever, with the intent to cause or knowing that he is
likely to cause wrongful loss or damages to the public or any other person,
does any act and thereby destroys, deletes or alters any information residing
in a computer resource or diminishes its value or utility or affects it
injuriously by any means, commits the offense of "hacking".
Section 68. Punishment for hacking
Whoever commits hacking shall be punished with imprisonment
of either description for a term which may extend to three years, or with a fine
which may extend to Taka two lakhs, or with both.
NETWORK SERVICES PROVIDER'S LIABILITIES:
This section discusses potential sources of liability for
Internet service providers. Internet service providers (or "ISPS")
provide Internet access service to customers in exchange for a fee. ISPS also
store data for their customers' use, such as on a Usenet newsgroup server or a
world wide web server. In general, as the following discussion reveals, ISP
liability can be summed up in three words: "ignorance is bliss." ISP
liability for the activities of its customers is generally based on a knowledge
of the customer's activity. If the ISP is unaware of the behavior of its customer,
most courts seem reluctant to hold the ISP liable for that behavior. However,
once the ISP becomes aware of the customer's activity, or should have become
aware of the activity with reasonable diligence, courts are much more likely to
hold the ISP liable for its customer's actions. In addition to ISP liability,
most of the following discussion is equally applicable to service providers who
do not connect directly to the Internet, such as bulletin board operators and
proprietary information providers.
Discussion of Internet service provider liability is continued
subparts:
- · Copyright liability--cases
- · Trademark liability
- · Contract law and fraud
- · Defamation
CYBER APPELLATE TRIBUNAL (CAT):
The ICT Act 2006 provides provision for establishing the
cyber Appellate Tribunal tor Bangladesh. Section 82 started that:
- #The Government shall, by notification in the official gazette, establish one or more appellate tribunals to be known as the Cyber Appellate Tribunal.
- # The CAT will be comprised of a chairman and two members appointed by the government.
- # The chairman will be such a person, who was a justice of the supreme court or is Continuing his post or capable to be appointed as such and one of the members will be judicial executive as a district judge or he may be retired and Other members will be a person having the knowledge and experience in ICT that is prescribed.
- # The Chairman & members will be in their post minimum of 3 years and maximum of 5 years and the conditions of their service will be decided by the government.
The ICT Act 2006 provides provisions Tribunal. Section 83
stated that: regarding procedure & power of Cyber Appellate
- # The CAT shall have the power to here and settle the appeal made against the judgment of the cyber tribunal & session Court.
- # In Case of hearing the settling any appeal the cyber appeal tribunal will follow the rules made there under and if the procedure is not fixed by making rules, those with proper adoption will be followed which the high court division follow in case of criminal justice by the appeal tribunal.
- # The appeal tribunal will have the authority of supporting, Cancelling, changing or editing the judgment of the cyber tribunal.
Discussion on Power & Function of CAT:
It is essential for the tribunal to understand the technical
aspects pertaining to digital signatures, Cryptography, etc. the latest
development in the field of information technology. I the legal aspects of the
presiding officer, as adequate safeguards are Contained in the enactment to
ensure the requisite legal qualifications.
It is still doubtful whether such a presiding officer would
possess the technological expertise and knowledge which is to be harmonized with
the legal knowledge for resolving ICT related disputes. It would have been
ideal for the CAT to comprise of at least one judicial member and one technical
member (ICT professionals/experts) to effectively hear and resolve disputes
before it.
The omission of a technical member is all the more glaring
since several tribunal/ quasi-Judicial bodies like the Income Tax Appellate Tribunal,
Sales Tax Tribunal, Central Administrative Tribunal, and Company Law board. Board
for Industrial and Financial Reconstruction etc. have a departmental member who
assists the Presiding Officer or the Judicial member is resolving the disputes.
In this respect, the case laws with respect to information and Communication
Technology are not available in Bangladesh. The decisions of the cyber
Appellate Tribunal are going to be trend setting. The Government to consider
amending the ICT Act and providing that the CAT may comprise of one technical
member. This would be a long way in ensuring that the correct concepts of Information
Technology are applied while resolving ICT disputes in the legal field.
){kind=link}
0 Comments