The Information Technology Act

The Information Technology Act, 2000 is the primary law in India dealing with cybercrime and electronic commerce.Many provisions of this Act are similar to CCA, but CCA of 2007 does not include provisions for offences mentioned under section 66A and 67.Section 66A mentions Punishment for sending offensive messages through communication service.Offender shall be punishable with imprisonment for a term which may extend to three years and with fine. Section 67 mentions Punishment for publishing or transmitting obscene material in electronic form. The offender shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.CCA must include provisions for these.

Sri Lanka does not have any specific acts on Internet privacy and with current Sri Lankan laws it is hard to take an action on the offender. So, introducing more laws, more specific acts on Internet privacy will facilitate to combat against these computer crimes, Especially, sections like 66E, 67, 67A, 67B in Information Technology Act, 2008 of India, since the rapid growth of fake accounts and social media crimes in Sri Lanka. Compared to the Indian laws, Sri Lanka laws provide less severe punishments for the offender. So, increasing the fine amount and imprisonment period given to each crime is a better approach of reducing crimes happening.

Unlike in Sri Lanka, the UK legal framework has not specifically recognised each and every computer crime under the Computer Misuse Act 1990. But they have adopted the general principles of substantive law in force in matters of the offences committed with the use of computer.Computer Crimes recognized under the Computer Misuse Act The Act recognises three types of computer crimes; Unauthorised access to computer material, Unauthorised access with intent to commit or facilitate commission of further offences and Unauthorised modification of computer materials.Many statutes similar to that in CCA gives severe punishment to offender. In contrast to the Sri Lankan Legal Framework, the UK legal framework is fullfledged with distinctive case law.

The current legal provisions for hacking and the punishments must be stricted. Systems should be developed to catch the hackers and protect the confidential information on the information systems. In UK, punishment for hacking carries a different potential prison sentence with offence 1 and having a potential sentence of 2 years imprisonment, offence 2 is five years imprisonment, 3 is ten years, however offence 3 is the most serious crime covered by this act and has a maximum sentence of life. United States computer crimes tend to vary from class B misdemeanors, which carry a punishment of up to six months in prison in addition to the possibility of a $1000 fine, to class B felonies, which carry a punishment of up to 20 years in prison and/or a fine of up to $15,000.

Provisions dealing with spam are absent from the Computer Crimes Act 2007. Therefore, it is advised that a new provision be included to specifically deal with Spam related offences. The legislature may take a look at the anti-SPAM statutes enacted by the State of California that were among the strongest in USA. Section 17529.2 of the California anti-spam law expresses that no person could send, or advertise in, an unsolicited commercial email sent from California or sent to a California email address.

CCA failed to include provisions for illegal gambling. Gambling Act 2005 of U.K ensures that gambling is conducted in a fair and open manner in online,So that children and other vulnerable people are protected from being harmed or exploited by gambling websites.The Unlawful Internet Gambling Enforcement Act of 2006 is United States legislation regulating online gambling. It was added as Title VIII to the SAFE Port Act which otherwise regulated port security. The UIGEA ‘prohibits gambling businesses from knowingly accepting payments in connection with the participation of another person in a bet or wager that involves the use of the Internet and that is unlawful under any federal or state law’. Eventhough online gambling is not much recognised in Sri lanka , considering future, CCA must include provisions related to illegal gambling.

A perusal of the CCA reveals that in most instances an offender should have had unauthorised access to a computer for liability to arise under the CCA . However, in the modern context, there can be many situations where information collected lawfully may be misused. For example, information lawfully gathered using Cookies are capable of being abused. Since, cookies are enabled by the computer user himself, no question of unauthorized access arises.

USA enacted Children’s Internet Protection Act, Child Online Protection Act, Communications Decency Act attempt to regulate children’s access to sexually explicit material on the Internet. Sri Lanka must consider implementing specific and strict laws on this area.

Some criminals access internet or use the computers of the public terminals when commiting computer crimes. Therefore it would be an effective measure to require the identification of the users accessing the internet and computers through public terminals, which might increase the convenience of the people handling the investigations.