Society is facing the unprecedented challenges of cyber crimes which are assuming alarming proportion with each passing day. The allegations of rigging in Trump Election, hacking of Ukraine Power Grid & NASA Research Centre have established that hacker can reach anywhere and there is no concept of absolute Security. The hacking, DOS, DDos attacks, Ramsomware, Theft of personal data, misappropriation of money from the accounts have now become a routine. The recent attacks of ransomware and Bitcoin thefts has acknowledged that meeting such challenging may not be easy in view of fast changing technology and establishing necessary cyber security framework is necessary to meet the challenges. Now, all the criminals , whether a small thief, cheater or a Terrorist organization , are moving to cyber using it as a tool to commit crime or targeting the computer to making money from cyber crime.
The countries throughout the World has created so many laws, cyber security frameworks, cyber security standards, policies and formed their own cyber security forces and still the ultimate outcome is:
- Cyber crime is increasing exponentially
- It has become more complex and advance technology is being used by cyber criminals to commit the crimes.
- For some of the crimes/technologies, the investigating agencies do not have any solution like ransomware, darknet etc.
The society is struggling to find the mechanism to curb these crimes but finding it nowhere to control it by any of the method being used. On the other hand, cyber criminal are using more and more advance technology to commit the crime and to be anonymous so as to prevent the detection. The main question is ‘Whether these crimes can be controlled by the state laws which are subject to the national boundaries while the cyber space is borderless.’ Can the cyberspace be regulated through law or code or the combination of two is required?
In 1990s, John Perry Barlow, a cyber-libertarian, propounded a theory stating that ‘cyberspace’ cannot be regulated. He said Cyberspace does not have borders and compliance cannot be done in accordance to whims of the government. He states that identities in the cyberspace has been distributed across many jurisdictions and rejected all the restrictions that the government puts on the Internet, as they are not competent enough on the subject to legislate. His theory stated that cyber identities have no bodies and hence, cannot be physically coerced and therefore cyber Governance will arise from ethics, enlightened self interest and common welfare.
Here, I would like to refer to the one quote of John Perry Barlow:
“Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.”
This is practically what is happening in the cyber space now. Laws created by various nations across the World failed to yield any result due to global nature of internet. Take the example of the ransomware- the malware is inserted through one country, ransom is bargained by another group from another country and money goes through darknet where it is routed through different accounts to create anonymity and then cash is withdrawn from another country having no laws to punish the criminals. Not only across borders, even the laws are not sufficient to regulate the crime within a country. Cyber crime are increasing at a fast speed and we need to ascertain what are the gaps so that these gaps can be plugged and technology can be used in the interest of society without any fear and threat.
What is Our Cyberspace?
The structural design of cyberspace is made up of code and nothing else. It only understand the language of the code and no other language. It does not understand the law then how the law can control it. Codes need to be regulated because it decide the character of cyberspace and only code can regulate the code as now evident in blockchain technology. The rule of code can be enforced across boundaries beyond national laws as it could implement its own system of rules based on topological construct at global level.
Here I would like to refer to the theory of Cyber Jurisprudence propounded by Prof Lawrence Lessig in 1999, “Code is law”. He stated that the code is the building block and architecture of all internet protocols. If you want to control the cyberspace, you can control is by controlling the code. In the time to come, the governments would try to control the cyber space by controlling the code.
This is the area where we are making the mistake as we are trying to control the cyberspace through law while it can be done only by techno-legal methods. In fact, in all the areas where techno-legal methods have used to regulate the cyberspace, the results are quite encouraging. The blocking of the website through code implemented by ISP is quite effective and similarly, the framework of ICANN in regulating the internet domain rendered prolific results. Similarly, the code in the form of digital signature is being used to protect the integrity, encryption to protect confidentiality, digital certificate to protect from phishing etc. and these code when integrated with law and regulatory framework are providing effective and measurable outcome.
However, the code is ever evolving and it makes the character of the cyberspace dynamic and with the change of code, it would continue to change. Changes in code can alter how technology interacts with users and requires new control to put in place. As the blocking of websites through ISP has been rendered ineffective by the new technical scheme of virtual private network or proxy websites. The new control which have been put in place are techno-legal comprising of law to ban the VPN/ proxy websites which again is implemented through codes by ISP in a particular country as done by Rusia & China.
Cryptography is being used to protect the data while on rest, while in use or while in motion. We use the algorithm to hash the data or encrypt the data and over a period of time , due to increase in processing speed , the algorithm becomes outdated as it can be compromised and again we move to more strong algorithm to put the control in place. In computer forensics, the hash values were being used to prove the integrity of the data, and now with the new technology of Solid State Drive, the concept of hash value does not work. It has make all the provision of the hash value in the law has become redundant and computer forensic community is facing the big challenge to find its alternative and again the change in technology has outdated law.
The law and the code, thus, act as two regulatory mechanism in the cyberspace and each of them comes with its own benefits and limitations. The major shortcomings of the law are its failure to pace with technology, ambiguity and uncertainty as per as cyberspace is consent while its strength are legal and contractual rules with enforceability through state authority. The code on the other hand provides automation, guaranteed execution and autonomy of controls while it provides excessive rigidity and inflexible to handle changing circumstances and lacks adjudication compensating new victims.
Thus, regulating the cyberspace required techno-legal method as its architecture made up of codes does not understands law or national boundaries but only the boundaries created by the code. As the code is continuously changing, the mechanism to control has to be continuously dynamic. No law on cyber is going to survive for a long period and has to be amended from time to time with the transformation in technology. The emergence of blockchain technology has created the gaps in the cyber laws throughout the word as these laws lacks rules to support the blockchain technology. Cyberspace has created a fundamental divergence between the rule of law which is based on geographical boundaries and the rule of code which is based on topological construct. The regulation of cyberspace dwell at the junction between these two normative structure- which can be embedded into each other depending upon the control to be put in place to regulate.