Data Theft/Unauthorized Copying of Data - Legal Remedy

Data Theft/Unauthorized Copying of Data - Legal Remedy

What is data theft/Unauthorized Copying of Data ?

Data theft/Unauthorized copying of data in simple term means accessing and stealing/copying computer based confidential information with intention to cause wrongful loss to the owner of the confidential information and wrongful gain to the perpetrator.

Data theft is an increasing problem for Individual computer users as well as big corporate firms.

What are the common modes of data theft/Unauthorized Copying of Data?

1. USB (Pen) Drives & Memory cards - These are the easiest and cheapest option according to these perpetrators and are very easy to hide. The memory cards are now coming in 256GB and 512 GB variants, so it has become even more easy to move large amount of data.
2. Portable Hard Drives - These are also one of the popular mediums for the obvious reasons 'Large Storage Capacity'.
3. CD/DVD - This medium was popular back in the days but has become obsolete now.
4. Email - Some perpetrators simply use email to transfer files from their official account to personal account or home computer, they move the data slowly over the period of time to avoid detection by IT department for sending large amount of data. These perpetrators send these emails to their private accounts on the pretext of 'working from home'.
5. Web-Mail - Some web-mail interfaces provide larger file attachments than the conventional email service providers.
6. Printing - Some perpetrator would not leave any electronic evidence behind, they simply take prints of the key documents and steal the same in hard copies.
7. Remote Access - This can either be used in the way of unauthorized access (Hacking) or authorized access, as some organisation provide remote access to their employees so that they can work from their home computers, this also makes tracing the data difficult for law enforcement agencies or private investigators.

What can be stolen/copied?

Everything stored in an organisation has some potential value, some of the targets for data thieves are as follows:

1. Customer contact & Financial data such as credit card and debit card information;
2. source codes & Algorithms;
3. marketing information such as Plans, Contact list & media files;
4. network credentials such as passwords & Certificates;
5. proprietary process descriptions and operating methodologies;
6. personnel records and private employee data;
7. legal data concerning ongoing or planned litigation or contract actions;
8. other user’s private documents stored on company computers; and
9. company strategic data, including the communications of managerial and executive staff.

What is the legal remedy for data theft/Unauthorized Copying of Data?

In India the first technology legislation came into being in the year 2000, that is 'Information Technology Act'. The Act did not provide for sufficient protection or solutions in data theft/unauthorized copying of data scenarios in those days, as the compensation bracket was limited, only in the year 2008 the amended Information Technology Act came into force with one of the important amendments as far as Section 43 and compensation awarded under the section is concerned, the compensation limit was removed.

Section 43 - Penalty and Compensation for damage to computer, computer system, etc.

Now the Complainant can approach the Adjudicating officer (Who is an IT Secretary of each state) appointed under Section 46 of the Information Technology Act, 2000 (As amended in the year 2008). The respective Adjudicating officer is competent to handle the claim up to Rs. 5 Crore and if the claim amount is exceeding Rs. 5 Crore the Complainant will have to approach the Competent Court.

The Adjudicating Officer is the quickest remedy available to the Complainant, as according to Information Technology Act the Adjudicating Officer has to pass the final order within the period of 6 months from the date of filing of the Complaint.

Website - www.netlawgic.com

LinkedIn - in.linkedin.com/in/rajaspingle/

Facebook - https://www.facebook.com/pages/Cyber-Crime-Awareness/246665595391183?sk=timeline

Adv. Rajas C Pingle

(Cyber Law & Cyber Security Expert)

Disclaimer: This does not constitute a legal opinion and would not create Attorney-Client relationship. This article is only for information and awareness purpose and merely a possible interpretation of the law.

Image - http://www.tradesecretslaw.com/articles/unfair-competition/

Image copyrights are with the respective owner.

Privacy Wars 2.0

Privacy Wars 2.0

As we enter the new era of mobile technology innovations, the key players (Apple & Google Inc.) have decided to take their user's privacy to a completely different level altogether.

Apple and Google are trying to implement new privacy policies, which will make the data stored on the users phones inaccessible by others (Including these tech giants) except the user itself. The issue is part of a long-running debate over whether tech gadgets should have privacy-protecting encryption which makes it difficult/nearly impossible for law enforcement to access in time-sensitive investigations.

What concerns me here is, while the law enforcement agencies investigate a particular offence which involves these respective mobile phones, it is going to be extremely difficult to decrypt the information in time which will help to solve the time sensitive crime and not to mention the hassles while fulfilling the conditions and proving the evidence under section 65(b) of the Indian Evidence Act.

The companies here will be putting law enforcement agencies in a very tight spot as in any case where the mobile phone plays an important part, but at the same time the perpetrator will enjoy the power to store and exploit the data beyond the reach of Law 

Website - www.netlawgic.com

LinkedIn - in.linkedin.com/in/rajaspingle/

Facebook - https://www.facebook.com/pages/Cyber-Crime-Awareness/246665595391183?sk=timeline

Adv. Rajas C Pingle 

(Cyber Law & Cyber Security Expert)

Disclaimer: This does not constitute a legal opinion and would not create Attorney-Client relationship. This article is only for information and awareness purpose and merely a possible interpretation of the law. Image copyrights are with the respective owner.

Sextortion - The new internet devil

'Sextortion' - The new internet devil

• What is sextortion?

A form of sexual exploitation that employs non-physical forms of coercion by threatening to release sexual images or information to extort monetary or sexual favors from the victim.

• Modus Operandi

1) The scammers persuade the dater to send sexually explicit photos. Once they get the photos, the scammers identify themselves as law enforcement, telling the dater they sent the pictures to a minor.

They then tell the person to pay up in order to avoid arrest.

The scammers are not only identifying themselves as law enforcement, they are also using actual names of officers.

“These people are being contacted by Detective Don Peterson and it isn’t me,” Peterson told the paper.

More than 100 people have paid between $500 to $1,500 to try to avoid arrest.

2) The groups is to create online accounts of females and post pictures of attractive ladies to draw clients. They would then post pornographic images and entice their victims to have video chats with them, usually with lewd content and conversation.

Once they obtain the incriminating videos, the groups would threaten to send the video chats to the victim's friends or relatives unless they send money.

The victims are allegedly forced to send $500 to $2,000 – or P20,000 to P90,000 – through Western Union in exchange for the removal of the online video chat.

How to prevent sextortion?

• Talk about sextortion

Sextortion thrives on silence; spread knowledge. Talk to two people and ask them to spread the word to two more. Keep the chain going.

• Spread the word

Without a name – SEXTORTION – it is difficult to lift an abuse out of the realm of bad things we know happen and passively accept as the way of the world, and into the realm of things we will no longer tolerate and actively seek to change.

• Learn more about sextortion

Once you become aware of sextortion, you see how pervasive it is. Gather and share information about sextortion.

• Examine your existing legal framework

Assess the adequacy of your country’s legal framework for prosecuting sextortion.

1) Section 66E of Information Technology Act

• Violation of Privacy - Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person

2) Section 67 of Information Technology Act

• Punishment for publishing or transmitting obscene material in electronic form

3) Section 67A of Information Technology Act

• Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form

Interpol investigation

An INTERPOL-coordinated operation targeting organized crime networks behind ‘sextortion’ cases around the world has resulted in the arrest of 58 individuals, including three men linked to the group which harassed Scottish teenager Daniel Perry.

Perry, a 17-year-old victim of an online blackmail attempt, died after jumping off the Forth Road Bridge near Edinburgh in July last year.

In the first operation of its kind, information shared between the INTERPOL Digital Crime Centre (IDCC), Hong Kong Police Force, Singapore Police Force and the Philippines National Police (PNP) Anti-Cybercrime Group led to the identification of between 190 and 195 individuals working for organized crime groups operating out of the Philippines.

Website - www.netlawgic.com

LinkedIn - in.linkedin.com/in/rajaspingle/

Facebook - https://www.facebook.com/pages/Cyber-Crime-Awareness/246665595391183?sk=timeline

Disclaimer: This does not constitute a legal opinion and would not create Attorney-Client relationship. This article is only for information and awareness purpose and merely a possible interpretation of the law. Image copyrights are with the respective owner.

The bad side of information

The bad side of information

• 
  Views
• 
  Likes
• 
  
  Comments

• Share on LinkedIn
• Share on Facebook
• Share on Google Pluse
• Share on Twitter

        We hear much conflicting information about what we should and shouldn’t be posting online. It’s confusing and unnerving not to know what we can do to protect ourselves.

Individual responsibility is important, but we are at a stage where it is not sufficient. The problem is much larger than any one individual’s ability to control their personal information, because there are so many new ways every week or every month in which we can be tracked or things can be inferred about us. It’s absolutely unreasonable to expect consumers and citizens, who are all engaged in so many other activities, to also have the ability to continuously update their knowledge about what new tracking method the industry has discovered and to be able to fend it off.

Right now in India it’s essentially the case that when you post information online, you give up control of it. So there are terms of service which are mandatory under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 that regulate the sites you use, like on Facebook and Twitter and Pinterest — though those can change — but even within those, you’re essentially handing control of your data over to the companies and implementation of those rules are far fetched. And they can kind of do what they want with it, within reason. You don’t have the legal right to request that data be deleted, to change it, to refuse to allow companies to use it. Some companies may give you that right, but you don’t have a natural, legal right to control your personal data. So if a company decides they want to sell it or market it or release it or change your privacy settings, they can do that.

According to the rules mentioned above, Sensitive personal data or information of a person means such personal information which consists of information relating to;—

1. (i) password;

2. (ii) financial information such as Bank account or credit card or debit card or

   other payment instrument details ;

3. (iii) physical, physiological and mental health condition;

4. (iv) sexual orientation;

5. (v) medical records and history;

6. (vi) Biometric information;

7. (vii) any detail relating to the above clauses as provided to body corporate for

   providing service; and

(viii) any of the information received under above clauses by body corporate for

processing, stored or processed under lawful contract or otherwise:

In Europe, users have more of a right to their data, and recently there was a decision in Spain where a man had sued Google because when people searched for him, it was coming up with information about financial problems that he had had a long time ago.

So in Europe users have legal right over their data in a certain way, but its not the scenario in many of the countries. There should be more stringent rules regulating this thin line where companies are using user data for their profit.

People should be made more aware about the kind of information they share and the information which is going to form part of the database by the companies for their profits. Now a days one just cannot foresee that who, when and where his information is going to be used and for what purpose. It is advisable to think 10 times before putting out any information on the internet, because once it is there it is beyond your control.

This information we give out is going to get into the hands of companies, governments, and could potentially be used in evil ways. I don’t think not using the services provided by the intermediaries (Body Corporates) is the solution to that. The only solution is a legal one where people have control over how their data is used and there are limitations and real regulation on data brokers and other companies that have this data, we need the amendment which regulates every minute aspect of information and we need it fast.

If an intermediary fails to protect your Sensitive personal data/information then you have a remedy in the form of a Complaint before the Hon'ble Adjudicating Officer of the respective state.

Website - www.netlawgic.com

LinkedIn - in.linkedin.com/in/rajaspingle/

Facebook - https://www.facebook.com/pages/Cyber-Crime-Awareness/246665595391183?sk=timeline

Disclaimer: This does not constitute a legal opinion and would not create Attorney-Client relationship. This article is only for education and awareness purpose and merely a possible interpretation of the law. Image copyrights are with the respective owner.