Cybercrime without cyber-rulesEven as the frequency of cybercrimes continues to rise, Nepal’s legal protection is incomplete and ineffective
In a welfare state, citizens have access to electricity, water, roads, education and health. Since citizens pay for these amenities through taxes, they expect services from the state in times of need. Increasingly, with the ubiquity of the internet, access to the web is also being considered a right. Although this scenario does not exist in the Nepali context, considering the potential of the internet to bring changes to societies and economies, the question of internet access as a basic right could bear merit. As per a World Bank report, there were 499,000 internet users in Nepal in 2008. These numbers have certainly increased. According to the Nepal Telecom authority, internet penetration had reached 28.92 percent in Nepal as of November 2013.
However, along with the spread of the internet, a new avenue for crime has also evolved. A worldwide nuisance already, cybercrimes in Nepal are rising as the Internet becomes more commonplace. The Nepal Police’s Crime Investigation Department (CID) reports a monumental rise in the number of cybercrimes nationally. In 2012, just nine cybercrime offences were reported. In 2013, the number increased to 19. This year, the number has already reached 22 and is expected to rise.
This data, however, does not fully capture the story of cybercrime in Nepal. Most cybercrimes are never reported. In a majority of cases, victims themselves are unaware that they have become victims. Those who realise what has happened are often reluctant to lodge a complaint, largely due to ignorance of existing cybercrime laws and regulations. Worse, when some individuals fall victim, ignorance, shame, or even the law stand in their way
New cybercrime offences materialise daily but the legal system lags behind in offering protection. Prior to 2004, cybercrimes were dealt with under the Public Offence Act with minimal success. Later, the Electronic Transaction and Digital Signature Act 2004 was passed. The 2004 Act declared hacking, stealing data, pirating software and posting defamatory information online as criminal and civil offences. Under this law, the government can punish cyber-offenders with up to five years of imprisonment and/or a fine of up to Rs 50,000, contingent upon the crime’s severity.
The Electronic Transaction and Digital Signature Act was enacted to encourage the IT industry in Nepal. Nepal’s last five-year plan aimed to increase access to information technology to the public, which would help promote good governance, better opportunities and a more informed society. Similarly, the IT Policy 2010 was enacted to use IT as a tool for social and financial development, which would ultimately help in reducing poverty. Though the policy is promising on paper, not much has been implemented. For example, the IT policy emphasises the protection of intellectual property rights in the context of online environments. However, the Intellectual Property Bill, which was drafted before the IT policy, hasn’t been passed yet.
The existing legislation is inadequate in a number of ways. Some of the most common forms of cybercrime are not covered by the law. For example, no punishment exists for sending offensive messages. We cannot ignore that this offence as it is very common in Nepal. Whereas, in India, in the State of Tamil Nadu v Suhas Katti case, obscene, defamatory messages about a divorced woman were posted in a Yahoo message group and were also forwarded through a false e-mail account. The posting resulted in harassment to the woman in question. The accused was prosecuted under Indian cybercrime and ancillary laws and jailed for a period of five years.
Second, ‘cyber-squatting’, or purchasing domain names to benefit from another’s trademark or brand, does not come under Nepal’s cyber-laws. Similarly, phishing, or the act of electronically obtaining private information for financial or personal benefit, lacks legal coverage. This endangers every Nepali, as internet fraud can take the form of deceptive messages for personal and financial benefit. Such messages often wreak terrible financial loss on unsuspecting individuals. When embarrassment sets in, they are unlikely to report the crime altogether. Last year, the police’s Central Investigation Bureau arrested four people, including two foreign nationals from Nigeria and Sierra Leone, for operating a fraud racket via SMS. Since no provision covers phishing, these men were prosecuted under theft laws in the general legal code.
The present legal framework also does not cover cybercrimes like cyber-stalking, cyber-terrorism and child pornography. Child pornography, given its propensity to proliferate through the internet, must be specially addressed through specific provisions in regards to Nepal’s commitment to international conventions on child rights.
Except for a few directives at the policy level, the government has been ignoring cyber-law. After the first Constituent Assembly election, many vented their anger through social networking sites like Facebook, resulting in the government warning of legal action against those involved in uploading and sharing defamatory images and messages of political leaders and other public figures under Section 47 of the Electronic Transaction Act, which prohibits such expression on the grounds of public morality and decency. However, nothing was done to follow-up.
Similarly, aiming to control cybercrimes, in 2010, the government introduced a directive making it compulsory for all cyber café to seek permission from the District Administrative Offices. The directive also made it mandatory for cyber cafés to keep records of user logins and logouts. Nevertheless, there are numerous cyber café which are unregulated.
Finally, the biggest hindrance to cybercrime prosecution is weak law enforcement. Even with the media reporting on a rise in the number of cybercrimes, the official response has been slow and lackluster. Although the present Act does touch on a few important issues, the enforcement part is minimal because of several reasons. First, both the police and judiciary have not developed sophisticated tools to investigate cybercrimes. At present, there are only two units that deal with cybercrimes—the Cybercrime Investigation Cell at Hanuman Dhoka and the Central Investigation Bureau. But even when cybercrime cell discovers a fake Facebook account, it can only block the account because Nepali law does not allow access to a user’s IP address.
Legal enforcement has also largely failed because police officers are unaware of cybercrimes. Collecting evidence is, thus, challenging. Until Nepal invests more in training its human resource and developing anti-cybercrime infrastructure, the pace of investigation will remain sluggish. Increased judicial sensitivity and police awareness would also quicken the investigation process while broad legal cybercrime coverage would enhance internet safety for all Nepalis.
Upreti is an advocate