Bad hair day
I must have done something bad these days. I have just finished my IT law assignment on Wednesday. It’s on Cyber attack prevention through counter-hacking as a form of self-helpremedy. In the spirit of rule of law, I argued that self-help of this kind has no place in the law of cybercrimes. *pious thoughts*
The next day, I got malware infection on my computer with not one, but FOUR different kinds of malware/trojan horse combo. (fine.. i didn’t install anti-virus nor did the due-diligence over internet downloads these days) Not only does these pesky things send my info to someone else on the internet every five min (blocked by Norton + Spyware Doc now), they disabled my task manager, registry editor, programme menu, control panel… bla bla bla. Basically, it just made my attempt to restore my computer a hell lot more troublesome.
Now, a nice legal letter to those bastards who send these things will just be in order. The only problem is that I already knew that there’s nothing i can do with all those jurisdictional and evidentiary legal gaps in the way. To think that I have argued for the ban on aggressive self-help?! I would be the first one to send a virus the other way now if it were legal. (unfortunately not.. reproduced a part of my assignment below) In any case, I won’t be so lenient on those guys in my research papers this time. *fume*
Extract:
“
… While the laws on cyber-crimes allow most forms of self-remedy, they do not sanction active self-remedies. Any form of self-help that countenance a form of active counter-measure will mostly likely fall foul to the present legal regime governing cyberspace. This applies to both the Singapore jurisdiction as well other major foreign jurisdictions.
In Singapore, the primary legislation regulating cyberspace activities is the Computer Misuse Act [CMA]. Section 3 to 7 of the CMA criminalize various kind of computer misuses. Given the wide definitions of operative terms such as “access”, “data” and “Computer”, the CMA determines the criminality of a particular act primarily based availability of “authority” from the owner of the computer system. An active self-help defence that attempts to “attack” the intruding computer system would thus breach CMA because there will obviously be no “authority” by the intruders for the counter-attack.
For example, section 7 of the CMA makes it a crime for “Any person who, knowingly and without authority or lawful excuse.. (a) interferes with , or interrupts or obstructs the lawful use of, a computer;”. In a scenario where the “attacking” computer launched a denial-of-service attack on the “attacked” computer, the later may employ an active self-help remedy by reflecting the incoming data back to its source. Here, not only does the act of the hackers constitutes a crime under section 7 of the CMA, the person responsible for the act of the “attacked” computer will also be caught under the same section. Any such counter-measure will fall foul of CMA because of the lack of “authorization” from the attackers.
Arguably, a computer intrusion into the host computer system may be characterized as a criminal trespass upon the host computer. By entering the host computer system without authorization, the intruder has trespassed upon the “virtual space” of the computer owner. Thus, the act may constitute criminal trespass under section 441 of the Penal Code. Given that such computer intrusion are by nature sudden and unexpected, there will be probably no time to have recourse to the protection of the public authorities. As such, the owner of the host computer may claim to have a right of private defence under section 97 of the Penal Code. It is then not an offence for him to employ active self-help measures (provided that it is proportionate) to defend his computer system against attacks.
However, the better view is that the computer intrusion would not fall within the ambit of Criminal Trespass. When the CMA was enacted, the Parliament intended the Act to deal with the difficulties arising from applying the 200-years-old Penal Code to computer crimes. The existing criminal rules were largely unchanged. This suggests that the Parliament does not intend “property” under s. 441 to include “virtual property” in the Cyberworld. Such offences should fall under the ambit of CMA instead.
The availability of active self-help as a legal justification is similarly absent in foreign jurisdictions.
The common thread that ties the foreign legislations together is their common reliance on “authorization” as a determinant for the offences. In India, the primary governing legislation is the Indian Information Technology Act 2000. Section 66 of the Act addresses the issue of unauthorized access and hacking. In Australia, Cybercrime Act 2001 (Cth) supplemented the Criminal Code Act 1995 (Cth) with offences governing computer crimes. Section 477.1 of the Act prohibits unauthorized access, modification or impairment with intent to commit a serious offence. In UK, the primary legislation is the UK Misuse of Computers Act 1990. The UK Misuse of Computer Act is comparable to the Singapore CMA in its reliance on “authorization” as the operative term. In fact, over 40 countries, including all the U.S. States and the U.S. federal government, have enacted computer crime laws that prohibited “unauthorized access” to computers in the last 30 years.
The commonality in these statutes is the absence of an active self-remedy defence to the offences. Hence, any active counter measures would potentially fall into the same legal trap as the case with CMA…
“
A man only has a limited lifespan.
(note: this would imply that there are limits to the sphere of operation of any belief system, which should be followed up next time).
