Computer is the instrument of our age. Internet is deeply integrated into our lifestyle. With globalization defying geographical boundaries, the notion of interconnectedness is coming to the fore as a guiding thought in today’s technologically fast-changing societies, putting unprecedented pressure on law enforcements worldwide to keep pace and control the emerging threat of cybercrime.
Statistics show there are more than two billion active users of internet worldwide. A latest Nepal Telecommunication Authority (NTA) report puts the number of internet users in the country at over five million. And the number is rapidly growing each day. Technology is a boon. But it comes at a cost. With the swelling populace of internet users and aggressively expanding networks, a flurry of new threats in forms of cybercrimes are appearing in Nepal’s cyberspace, leaving Nepal Police, the country’s law enforcement agency, struggling to tackle the new situation. Nepal Police’s Cyber Cell at Metropolitan Police Crime Division (MPCD), Hanumandhoka and Central Investigation Bureau (CIB) are two chief central level entities dealing with cybercrime. The MPCD Cyber Cell basically looks into individual cases, whereas the CIB probes major, organized crimes. The Computer Directorate at the police headquarters lends IT support for investigation.
CYBERCRIMESUNIT.COM
The typology of cybercrime is hard to determine. Generally, all web and computer-related offences, including fraud, forgery, phishing, hacking, spoofing, impersonation, email and SMS threats, indecency, breach of privacy, copyright violations etc come under cybercrime. According to the MPCD Cyber Cell, there is an increasing trend of cybercrime, with complaints received climbing from seven to 16 to 48 in the past three years. This however does not necessarily depict the full picture of cybercrime in Nepal since many more cases go unreported as taking legal recourse brings undesired hassles and exposure.
Recent IT developments have brought sophisticated tools and techniques for investigation but also resulted in new crime methods. Characteristic of the virtual world, anonymity has remained a tricky proposition in investigation of cybercrime. The use of encryption technique that converts plain texts into an obscured format using an algorithm obscuring has further added to the difficulty in web policing. Investigation of cybercrime needs internet specific tools and instruments. One thing typical in cyberspace is that there is always a digital imprint whenever crime happens. But again, digital data are highly fragile and can easily be deleted, destroyed or modified. The collection of digital evidences calls for the use of computer forensics which is the key to analyzing the hardware and software used in the crime to obtain evidence, recover deleted files, decrypt files and identify traffic date. But Nepal Police lacks IT resources for this. Not having even a cyber forensics lab has immensely impacted its ability to carry out effective investigation of cybercrimes.
The Electronic Transaction and Digital Signature Act 2006, lauded as landmark legislation for the development of Nepal’s IT industry, is known as the country’s cyber law. It provides a legal framework for electronic transactions and digital signature, with provisions of the Controller of Certification Authority and a separate judicial mechanism to look into cybercrime. The law defines a number of computer and internet-related offenses under cybercrime and stipulates punishments in the range of Rs 50,000 (minimum) to Rs 3, 00,000 (maximum) in fine and six months to three years imprisonment. However, the new law has been criticized as having certain inherent inadequacies and contradictions. Its wordings and vague terminologies on regulation of electronic media, particularly, have raised skepticism about the state’s commitment to freedom of expression, a recurrent theme that often comes in the way of enforcement of cyber laws.
Another major challenge facing cyber law enforcement in Nepal is the lack of reliable information on the extent of problem as well as arrests and prosecutions. The Kathmandu District Court and Patan Appellate Court, also the IT Tribunal and the Appellate IT Tribunal respectively as envisioned in the 2006 cyber law, and Nepal Police lack the archiving of the data and information under the specific cybercrime category. There are two other laws separately operating, namely Copyrights Act 2002 and Telecommunication Act 1997, whose certain aspects technically fall under the purview of the cyber law, but whose criminal and judicial proceedings are handled by the regular police apparatus and court system. This has not only muddled action and approach to law enforcement, but also hindered quantifying the overall impacts of cybercrime on society and in formulating right strategies to deal with cybercrime in a more concerted, cohesive manner.
Cybercrime is a transnational phenomenon. Criminals could be operating from any part of the globe. Hosting of malicious contents on the web with its server outside the country can make law enforcement increasingly difficult as there immediately comes into play the principle of national sovereignty and sometimes dual criminality under international law. Automation, especially in cases such as phishing and malware spread, can have major consequences, increasing the speed of the process and magnifies its scale and impact, attacking thousands of global computer systems in hours. Clearly, tackling these threats demands swift, coordinated actions, which are not possible without new mutual legal assistance treaties (MLATs).
In the absence of such instruments, police cannot effectively work with law enforcement agencies of foreign governments and international organizations such as Interpol. Harmonization of national laws with international practices is another area that is crucial to international legal cooperation. For example, when approached for certain information in course of cybercrime investigation, mega-operators such as Google, Yahoo! and Facebook refuse to respond to correspondence by Nepal Police, and instead ask for a court sanction before giving out requested information, whereas in Nepal no court issues any such dispatch unless the suspect is produced before competent legal authority.
Nepal is still in the early phase of digitization. Besides IT infrastructure development, cyber security could have ramifications for the country’s national security and economic well being. Just preaching deterrent measures on the web, especially the social networking sites, is certainly not going to help in the long run as engaging ourselves less with cyber world will only further widen the digital divide. Given our limited military prowess, critical IT infrastructure and slim prospect of cyber terrorism, it might be easy for Nepal to rule out major cyber attacks. Still, infiltration into the country’s banking and finance sectors, telecommunications, aviation and electric power system can have very debilitating impacts. Without first changing people’s sense of precaution and duties towards a secured cyberspace and educating them about the new legislation, effective enforcement of cyber law is highly unlikely in Nepal.
At the institutional level, capacity building of Nepal Police should be made a precondition, whereas at national level, cyber security should be a shared responsibility, with Nepal Police required to forge coordinated actions with law implementation agencies, other stakeholders including banks and financial institutions (BFIs), Internet Services Providers (ISPs) and other online operators, and existing initiatives such the Information Security Guidelines for security audit. With these, cooperation and coordination with various international actors and adoption of appropriate cyber legislation are vital to successful policing of cybercrime in the country in today’s interconnected world.
The writer is online coordinator, Republica
Related story
Nepal shines at BITE 2025 in Beijing, wins “Best Popularity Awa...
_20191122185459.jpeg)
