Chapter 1 INTRODUCTION
1.1 Definition of Cyber Crime The internet in Bangladesh is growing rapidly. It has given rise to new opportunities in every field we can think of – be it entertainment, business, sports or education. There are two sides to a coin. Internet also has its own disadvantages. One of the major disadvantages is Cyber crime – illegal activity committed on the internet. The internet, along with its advantages, has also exposed us to security risks that come with connecting to a large network. Computers today are being misused for illegal activities like e-mail espionage, credit card fraud, spams, and software piracy and so on, which invade our privacy and offend our senses. “The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb”. The term ‘cyber crime’ has been evolved from two words ‘cyber’ and ‘crime’. ‘Crime’ is more or less known to each individual on his own stand point, while ‘cyber’ is almost vague in meaning to the same. So if any time anybody uses the prefix ‘cyber’, we simply mean, he is talking about something is doing online or there has certain networking system. Actually anything related to Internet falls under the cyber category. Computer crime or cyber crime is a form of crime where the Internet or computers are used as a medium to commit crime. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement Child pornography, and child grooming. Cyber crime is criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cyber crime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet. Cyber crime is a broadly used term to describe criminal activity committed on computers or the Internet. Some of it is punishable by the laws of various countries, whereas others have a debatable legal status. The term cyber crime is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Bangladesh Parliament. Cyber crime is an evil having its origin in the growing dependence on computers in modern life. In a day and age when everything from microwave ovens and refrigerators to nuclear power plants is being run on computers, cyber crime has assumed rather sinister implications. Life is about a mix of good and evil. So is the Internet. For all the good it does us, cyberspace has its dark sides too. Unlike conventional communities though, there are no policemen patrolling the information superhighway, leaving, it open to everything from Trojan horses and viruses to cyber stalking, trademark counterfeiting and cyber terrorism.
1.2 History and Background of Cyber Crime The internet has revolutionized how individuals interact with each other. After four years of the Internet, fifty million people are connected to this global network. It took the radio thirty-eight years to reach fifty million users, and a mere sixteen years for the computer to reach fifty million users. The popularity of the Internet is growing exponentially. The first recorded cyber crime took place in the year 1820. That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China. The era of modern computers, however, began with the analytical engine of Charles Babbage. In 1820, Joseph-Marie Jacquard, a textile manufacture in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard’s employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of their new technology. This is the first recorded cyber crime. Interpol was the first international organization dealing with computer crime and penal legislation. In conjunction with an Interpol Conference in 1981, a survey of Interpol member countries on computer crime and penal legislation identified several problems in the application of existing penal legislation. The OECD in Paris appointed in 1983 an expert committee to discuss computer-related crime and the need for changes in the penal Codes. This committee made a proposal that could constitute as a common denominator between the different approaches taken by the member countries. The Council of Europe appointed in 1985 another expert committees in order to discuss the legal issues of computer-related crime. A summary of the guidelines for national legislatures with liability for international acts only, was presented in the Recommendation of 1989. The UN adopted a resolution on computer crime legislation at 8th U.N. Congress on the Prevention of Crime and the Treatment of Offenders in Havana, Cuba, in 1990. The United Nations Manual on the Prevention and Control of Computer-related Crime was published in 1994. The last part of this historic presentation is the Wurzburg conferences organized by the University of Wurzburg in 1992. These conferences led to 29 national reports, and recommendations for the development of computer crime legislations. Most countries in Europe adopted new penal laws according to the recommendation in the 1980s and 90s. Similar development occurred in the U.S.A. Canada and Mexico. Also in Asia, where Japan, Singapore, Korea and Malaysia were the leading countries. In Australia, the Commonwealth added computer crime laws to the Crimes Act in 1989. Today computers have come a long way, with neutral networks and nano-computing promising to turn every atom in a glass of water into a computer capable of performing a Billion operations per second.
1.3 Nature of Cyber Crime A cyber criminal can destroy websites and portals by hacking and planting viruses, carry out online frauds by transferring funds from one corner of the globe to another, gain access to highly confidential and sensitive information, cause harassment by e-mail threats or obscene material, play tax frauds, indulge in cyber pornography involving children and commit innumerable other crimes on the Internet. It is said that none is secure in the cyber world. The security is only for the present moment when we are actually secure. With the growing use of the Internet, cyber crime would affect us all, either directly or indirectly.
1.4 Classification of Cyber Crime Cyber Crimes can be mainly classified as: Traditional crimes committed on or through the new medium of the Internet. For example, cheating, fraud, misrepresentation, defamation, pornography thefts etc. committed on or through or with the help of the internet would fall under this category. New crimes created with the Internet itself, such as hacking and spreading viruses etc. New crimes used for commission of old crimes. For example, where hacking is committed to carry out cyber frauds.
1.5 Characteristics of Cyber Crime After the classification of cyber crime and before examining the legal strategies to check cyber crime, it is necessary to examine the peculiar characteristics of cyber crime. The weapon with which cyber crime are committed is technology. Cyber crimes are the work of technology and thus cyber criminals are technocrats who have deep understanding of the Internet and computers. Cyber crime is extremely efficient, i.e. it takes place in real time. It may take seconds or a few minutes to hack websites or do cyber frauds. Cyber crime knows no geographical limitations, boundaries or distances. A cyber criminal in the one corner of the world can commit hacking on a system in the other corner of the world for example a hacker in the US can in real time hack in the system placed in Japan. The act of cyber crime takes place in cyberspace which makes the cyber criminal being physically outside cyberspace. All the components of cyber criminality from preparation to execution, take place in the cyberspace. Cyber crime has the potential of causing harm and injury which is of an unimaginable magnitude. It can easily destroy websites created and maintained with huge investments or hack into website of Banks and the defense department’s websites. The amount of loss which may cause is easy to be imagined. It is extremely difficult to collect evidence of cyber crime and prove the same in the Court of law, due to the anonymity and invisibility of cyber criminal and its potential to affect in several countries at the same time, which are different from the place of operation of the cyber criminal.

Chapter 2 KINDS OF CYBER CRIME
2.1 Kinds of Cyber Crime We are living in a digital world where computers are not just an ordinary thing anymore but a “necessity” to our everyday lives. Most of us only knew a little about computer security threats, the most common were “virus” and “worm”. Let us examine the acts wherein the computer is a tool for an unlawful act. This kind of activity usually involves a modification of a conventional crime by using computers. Here is the list of the prevalent Cyber Crimes, some of which are more widely spread and harmful.
2.1.1 Hacking ‘Hacking’ means unauthorized access to a computer system. It is the most common type of Cyber crime being committed across the world. The word ‘hacking’ has been defined in section 56 of the Information & Communication Technology Act 2006, as follows: “Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person, does any Act and thereby destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects in injuriously by any means commits hacking.”
2.1.2 Virus, Trojans and Worms A computer virus is a programme designed to replicate and spread, generally with the victim being oblivious to its existence. Computer viruses spread by attaching themselves to programmes like word processor or spreadsheets or they attach themselves to the boot sector of a disk. When an infected file is activated or when the computer is started from an infected file is activated or when the computer is started from an infected disk, the virus itself is also executed. Just as a virus can infect the human immunity system there exist programs, which, can destroy or hamper computer system. Trojan horse is defined as a “malicious, security-breaking program that is disguised as something benign” such as a directory lister, archiver, game, or a program to find and destroy viruses. A computer worm is a self-contained program that is able to spread functional copies of itself or its segments to other computer systems. Unlike viruses, worms do not need to attach themselves to a host program.
2.1.3 Cyber Pornography The growth of technology has flip side to it causing multiple problems in everyday life. Internet has provided a medium for the facilitation of crimes like pornography. Cyber porn as it is popularly called is widespread. Almost 50% of the web sites exhibit pornographic material on the Internet today. Pornographic materials can be reproduced more quickly and cheaply on new media like hard disks, floppy discs and CD-ROMs. The new technology is not merely an extension of the existing forms like text, photographs and images. Apart from still pictures and images, full motion video clips and complete movies are also available. Another great disadvantage with a media like this is its easy availability and accessibility to children who can now log on to pornographic websites from their own houses in relative anonymity and the social and legal deterrents associated with physically purchasing an adult magazine from the stand are no longer present. Furthermore, there are more serious offences which have universal disapproval like child pornography and far easier for offenders to hide and propagate through the medium of the Internet.
2.1.4 Cyber Stalking Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, vandalizing victim’s property, leaving written messages or objects. Stalking may be followed by serious violent acts such as physical harm to the victim and the same has to be treated and viewed seriously. It all depends on the course of conduct of the stalker. Stalking is a problem that many people especially women is familiar with real life. These problems occur on the Internet as well, in what has become known as cyber stalking or on line harassment.
2.1.5 Cyber Terrorism Cyber terrorism may be defined to be “the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.” The role of computer with respect to terrorism is that of modern thief who can steal more with a computer than with a gun. The terrorist may be able to do more damage with a keyboard than with a bomb. Computer and information technology has exploded in recent times. No doubt, the great fears are combined in terrorism; the fear of random, violent, victimization segues well with the distrust and out-rights fear of computer technology.
2.1.6 Cyber Crime Related to Finance There are various types of Cyber Crimes which are directly related to financial or monetary gains by illegal means, to achieve this end, the persons in the cyber world who could be suitably called as fraudsters uses different techniques and schemes to be fooled other peoples on the internet. Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. It may assume different forms. Some of the cases of online fraud and cheating that have come to light are those pertaining to credit card crimes, contractual crimes, online auction frauds, online investment schemes, offering jobs, etc.
2.1.7 Cyber Crime with Mobile & Wireless Technology At present the mobile is so developed that its becomes somewhat equivalent to personal computer, as we can do a lot of work on our mobile phones which were earlier possible on the computers only, such as surfing, sending e-mails etc. There is also increase in the services which were available on the mobile phones such as Mobile Banking which is also prone to cyber crimes on the mobile as it is on the Internet. Due to the development in the mobile and wireless technology day by day, the day is not far away when the commission of cyber crimes on the mobile will become a major threat along with other cyber crimes on the net.
2.1.8 Phishing In computing, phishing is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e-mail or an instant message. The term phishing arises from the use of increasingly sophisticated lures to fish for users, financial information and passwords. He act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information. By spamming large groups of people, the phisher counted on the e-mail being ready by a percentage of people who actually had listed credit card numbers with legitimately. Phishing, also referred to as brand spoofing or carding, is a variation on fishing, the idea being that bait is thrown out with the hopes that while most will ignore the bail, some will be tempted into bitting. The damage caused by phishing ranges from loss of access to e-mail to substantial financial loss. This style of identity theft is becoming more popular, because of ease with which unsuspecting people often divulge personal information to phishers, including credit card numbers and social security numbers. Once this information is acquired, the phishers may use a person’s details to create fake accounts in a victim’s name, ruin a victim’s credit, or even prevent victims from accessing their own accounts. It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing/totaling approximately $929 million US Dollar. U.S. businesses lose an estimated $2 billion USD a year as their clients become victims, The United Kingdom also suffers from the immense increase in phishing. In March 2005, the amount of money lost in the UK was approximately £12 million Pound Sterling.
2.1.9 Denial of Service Attack (Dos Attack) This is an act by the criminal, who floods the bandwidth of the victim’s network or fills his e-mail box with spam mail depriving him of the services he is entitled to access or provide short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. May Dos attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known Dos attacks are constantly being dreamed up by hacker. This involves flooding a computer resource with more requests than it can handle. This involves flooding a computer resource with more requests than it can handle. This causes the resource (e.g.a web server) to crash thereby denying authorized users the service offered by the resource. Another variation to a typical denial of service attack is known as a Distributed Denial of service (DDoS) attack wherein the perpetrators are many and are geographically widespread. It is very difficult to control such attacks. The attack is initiated by sending excessive demands to the victim’s computer’s, exceeding the limit that the victim’s servers can support and making the server’s crash. Denial-of-service attacks have had an impressive history having, in the past, brought down websites like Amazon, CNN, Yahoo and eBay.
2.1.10 E-mail Bombing In Internet usage, all e-mail bombs is a form of net abuse consisting of sending huge volumes of e-mail to an address in an attempt to overflow the mailbox or overwhelm the server. Mailbombing is the act of sending an e-mail bomb, a term shared with the act of sending actual exploding devices (see mailbomb). Mailbombing is sometimes accomplished by giving the victim's e-mail address to multiple spammers. In the Russian internet community, there is another sense for mailbomb. There, mailbomb is a form of denial of service attack against a computer system (mail server). After most of the servers began checking mail with antivirus software, the Trojan viruses tried to send themselves compressed into archives, such as ZIP or RAR.Then mailservers began to unpack archives and check their contents too. That gave black hats the idea to make a huge text file, containing, for example, only the letter z repeated millions of times. Such a file compresses into a relatively small archive, but being unpacked by early versions of mail servers might waste the free space on its disks and cause denial of service. Also known as a Zip bomb.
2.1.11 E-mail Spoofing E-mail spoofing is a term used to describe fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. E-mail spoofing is a technique commonly used for span e-mail and phishing to hide the origin of an e-mail message. By changing certain properties, of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. It is often associated with website spoofing which mimic an, actual, well-known website but are run by another party either with fraudulent intentions or as a means of criticism of the organization’s activities. It is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. Spoofing can be used legitimately. Classic examples of senders who might prefer to disguise the source of the e-mail include a sender reporting mistreatment by a spouse to a welfare agency or a "whistle-blower" who fears retaliation. However, spoofing anyone other than yourself is illegal ill some jurisdictions. E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include in authentication mechanism. Although an SMTP service extension allows an SMTP client to negotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge call connects to the server and use it to send messages. To send spoofed e-mail, senders insert commands in headers that will alter message information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you with a message that you didn't write. Although most spoofed e-mail falls into the "nuisance" category and requires little action other than deletion, the more malicious varieties can cause serious problems and security risks. For example, spoofed email may purport to be from someone in a position of authority, asking for sensitive data, such as passwords, credit card numbers, or other personal information — any of which can be used for a variety of criminal Purpose. The Bank of America, eBay, and Wells Fargo are among the companies recently spoofed in mass spam mailings. One type of e-mail spoofing, self-sending spam, involves messages that appear to be both to and from the recipient.

2.1.12 Data Diddling Data diddling involves changing data prior or during input into a computer. In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the databases or application, or anyone else involved in the process of having information stored in a computer file. The culprit can be anyone involved in the process of creating, recording, encoding, examining, checking, converting, or transmitting data. This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the after the processing is completed. Electricity Boards in India have been victims to data diddling programs inserted when private parties were computerizing their systems. This is one of the simplest methods of committing a computer-related crime, because it requires almost no computer skills whatsoever. Despite the ease of committing the crime, the cost can be considerable. For example, a person entering accounting may change data to show their account, or a person entering accounting may change data to sho9w their account, or that or a friend or family member, is paid in full. By changing or failing to enter the information, they are able to steal from the company. To deal with this type of crime, a company must implement policies and internal controls. This may include performing regular audits, using software with built-in features to combat such problems, and supervising employees.

2.1.13 Salami Attacks A salami attack is a series of minor data-security attacks that together results in a larger attack. For example, a fraud activity in a bank where an employee steals a small amount of funds from several accounts, can be considered a salami attack. Crimes involving salami attacks typically are difficult to detect and trace. These attacks are used for the commission of financial crimes. They key here is to make the alteration so insignificant that in a single case it would go completely unnoticed, e.g. a bank employee inserts a program, into the bank’s servers, that deducts a small amount of money (say Rs. 5 a month) form the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizable amount of money every month. To cite an example; an employee of a bank in USA was dismissed from his job. Disgruntled at having been supposedly mistreated by his employers the man first introduced a logic bomb into the bank’s systems. Logic bombs are programmes, which are activated on the occurrence of a particular predefined event. The logic bomb was programmed to take ten cents from all the accounts in the bank and put them into the account of the person whose amen was alphabetically the last in the bank’s rosters. Then he went and opened an account in the name of Ziegler. The amount being withdrawn from each of the accounts in the bank was so insignificant that neither any of the account holders nor the bank officials noticed the fault. It was brought to their notice when a person by name of Zygler opened his account in that bank. He was surprised to find a sizable amount of money being transferred into his account every Saturday. In January 1993, four executives of a rental-car franchise in Florida were charged with defrauding at least 47, 000 customers using a salami technique. The federal grand jury in Fort Lauderdale claimed that the defendants modified a computer billing program to add five extra gallons to the actual gas tank capacity of their vehicles. From 1988 through 1991, every customer who returned a care without topping it off ended up paying inflated rates for an inflated total of gasoline. The thefts ranged from $ 15 per customer-rather thick slices of salami but nonetheless difficult for the victims to detect. In Los Angeles in October 1998, the district attorneys charged four men with fraud for allegedly installing computer chips in gasoline pumps that cheated consumers by oversetting the amounts pumped. The problem came to light when an increasing number of consumers charged that they had been sold more gasoline than the capacity of their gas tanks. However, the fraud was difficult to prove initially because the perpetrators programmed the chips to deliver exactly the right amount of gasoline when asked for five-and 10-gallon amounts-precisely the amounts typically used by inspectors. Unfortunately, salami attacks are designed to be difficult to detect. The only hope is that random audits, especially of financial data, will pick up a pattern of discrepancies and lead to discovery. As any accountant will warn, even a tiny error must be tracked down, since it may indicate a much larger problem. If we pay more attention to anomalies, we’d be in better shape to fight the salami rogues. Computer systems are deterministic machines-at least where application programs are concerned. Any error has a cause. Looking for the causes of discrepancies will seriously hamper the perpetrators of salami attacks. From a systems developments standpoint, such scams reinforce the critical importance of sound quality assurance throughout the software development life cycle.

2.1.14 Logic Bombs In a computer program, a logic bomb is a programming code, inserted surreptitiously or intentionally, that is designed to execute (or “explode”) under circumstances such as the lapse of a certain amount of time or the failure of a program user to respond to a program command. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a viruses or worm to gain momentum and spread before being noticed. Many viruses attack their host systems on specific date, such as Friday the 13th or April Fool’s Day. The Trojans activate on certain dates are often called “time bombs”. It is in effect a delayed-action commuter virus or Trojan horse. A logic bomb, when “exploded,” may be designed to display or print spurious message, delete or corrupt data, or have other undesirable effects. Some logic bombs can be detected and detected and eliminated before they execute through a periodic scan of all computer files, including compressed files, with an up-to-date anti-virus program. For best results, the auto-protect and e-mail screening functions of the anti-virus program should be activated by the computer user whenever the machine is online. In a network, each computer should be individually protected, in addition to whatever protection is provided by the network administrator. Unfortunately, even this precaution does not guarantee 100 percent system immunity. The most common activator for a logic bomb is a date. The logic bomb checks the system date and does nothing until a pre-programmed date and time is reached. At that point, the logic bomb activates and executes its code. A logic bomb could also be programmed to wait for a certain message form the programmer. The logic bomb could for example, check a web site once a week for a certain message. When the logic bomb sees that message, or when the logic bomb stops seeing that message, it activates and executes its code. A logic bomb can also be programmed to activate on a wide variety of other variables, such as when a database grows past a certain size or a user’s home directory is deleted. The most dangerous form of the logic bomb is a logic bomb that activates when something doesn’t happen. These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs, e.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).

2.1.14.1 Some Famous Logical Bombs Attack. In June 1992, a defense contractor General Dynamics employee, Michael Laufenberg, was arrested for inserting a logic bomb that would delete vital rocket project data. It was alleged that his plan was to return as a highly paid consultant to fix the problem once it triggered. Another employee of the company stumbled upon the bomb before it was triggered. Lauffenbuger was charged with computer tampering and attempted fraud and faced potential fines of $500,000 and jail time, but was ultimately fined $ 5,000. In February 2000, Tony Xiaotong, indicted before a grand jury, was accused of planting a logic bomb during his employment as a programmer and securities trader at Detached Morgan Grenfell. The bomb had a trigger date of 20 July 2000, and was discovered by other programmers in the company. Removing and cleaning up after the bomb allegedly took several months. In June Roger Duronio, a disgruntled systems administrator for UBS was charged with suing a “logic bomb” to damage the company’s computer network, and with securities fraud for his failed plan to drive down the company’s stock with activation of the logic bomb Duronio was later convicted and sentenced to 8 years and 1 month in prison, as well as a $ 3.1 million restitution to UBS.

Chapter 3 INTERNATIONAL COOPERATION IN FIGHTING CYBER CRIME
The global world network, which united millions of computers located in different countries and opened broad opportunities to obtain and exchange information, is used with criminal purposes more and more often. The introduction of electronic money and virtual banks, exchanges and shops became one of the factors of the appearance of a new kind of crime- transnational computer crimes. Today law enforcement face tasks of counteraction and investigation of crimes in the sphere of computer technologies, cyber crimes. Still the definition of cyber crime remains unclear to law enforcement, though criminal actions on the Internet pose great social danger. Transnational character of these crimes gives the grounds to say that development of a mutual policy to regulate main problem should be a part of every strategy to fight cyber crime. Anonymity and absence of frontiers makes the Internet an efficient weapon in hands of criminals. Investigation and prevention of computer crimes turns into a “headache” of law enforcement officer. In the virtual space criminals usually act form sites in other countries. In such cases it is necessary to cooperate with foreign law enforcement agencies, and that is possible not always. Taking into consideration that globalization of such crime, it is more and more obvious that so State is able to cope with such threats independently. During investigation of transnational cyber crimes law enforcement of a concrete State, authorities of which extend only on its territory exclusively, should cooperate with each other in accordance with international legal documents accepted by these countries. Depending on relations between interested countries and corresponding information or other facts, a necessary to develop additional authorities and procedures on investigating of such crimes may appear. One of the most serious steps taken on regulate this problem was the adoption of Cyber Crime Convention by European Council on 23 November 2001, the first investigating agreement on judicial and procedural aspects of investigating and prosecuting on judicial and prosecuting cyber crimes. It specifies efforts coordinated at the national and international level and directed at preventing illegal intervention into the work of computer systems. The Convention stipulates actions targeted at national and intergovernmental level directed to prevent unlawful infringement of computer system functions. The Convention divides forbidden content (racist websites and child porn content) and breaking copyright laws. There are various initiatives taken by the Organizations worldwide from time to control the growing of cyber crime. Some of the initiatives taken by various organizations are:
3.1 The United Nation A Resolution on combating the criminal misuse of information technologies was adopted by the General Assembly on December 4, 2000 including as followings: (a) States should ensure that their laws and practice eliminate safe havens for the those who criminally misuse information technologies. (b) Legal systems should protect the confidentiality integrity and availability of data and computer systems from unauthorized impairment and ensure the criminal abuse is penalized.
3.2 The Council of Europe Convention on Cyber Crime of 2001 is a historic milestone in the combat against cyber crime. Member States should complete the ratification, and other States should consider the possibility of acceding to the Convention or evaluate the advisability of implementing the principles of the Convention. With the Council of Europe Convention on Cyber Crime and the recommendations from, G8, OAS, and APEC, we may reach our goal of a global legal framework against cyber crime. By ratifying or acceding to the Council of Europe Convention of Cyber Crime or implementing the principles States agree to ensure that their domestic laws criminalize conducts described in the substantive criminal law section and establish the procedural tools necessary to investigation and prosecute such crimes. This is the harmonizing of national legal approaches on cyber crime. The council of Europe established a Committee of Experts on Crime in Cyber-Space in 1997. The committee prepared a proposal for a Convention on Cyber Crime, and the Council of Europe Convention on Cyber Crime was adopted and opened for signatures at a Conference in Budapest, Hungry, 2001, The convention entered into force on July 1, 2004. As of February 2007, the total numbers of signatures not followed by ratifications are 22 countries. The total number of ratifications/accessions at present is 21.
3.3 The European Union In the European Union, the Commission of the European Communities presented on April 19, 2002 a proposal for a Council Framework Decision on attacks against information systems. The proposal was adopted by the Council in 2005 and includes Article 2: Illegal access to Information System, Article 3: Illegal System Interference and Article 4: Illegal Date Interference. Article 2: Illegal access to Information systems. 1. Each Member State shall take the necessary measures to ensure that the intentional access without right to the whole or any part of an information system is punishable as a criminal offence, at least for cases which are not minor. 2. Each Member State may decide that the conduct referred to in paragraph I is incriminated only where the offence is committed by infringing a security measure. Article 3: Illegal system interference. Each Member State shall take the necessary measures to ensure that the intentional serious hindering or interruption of the functioning of an information system by inputting, transmitting, damaging, deleting, deteriorating, altering, suppressing or rendering inaccessible computer data is punishable as a criminal when committed without right at least for cases which are not minor. Article 4: Illegal data interference. Each Member State shall take the necessary measures to ensure that the intentional deletion, damaging, deterioration, alteration, suppression or rendering inaccessible of computer date on an information system is punishable as a criminal offence when committed without right, at least for cases which are not minor.
3.4 ASEAN The Association of Southeast Asian Nations (ASEAN) has established high level Ministerial Meeting on Transnational Crime (AMMTC). At the Meeting in Bangkok, January 8, 2004, a statement included cyber crime was recognized and the need for an effective legal cooperation to enhance the fight against transnational crime. A plan of Action to Implement the Joint Declaration on ASEAN China Strategic partnership for paces and prosperity was signed on October 8, 2003, in Bali, Indonesia. ASEAN and China will purses the following joint actions and measures. Formulate Cooperative and emergency response procedures for purposes of maintaining and enhancing cyber security and preventing and combating cyber crime. In a statement from ASEAN Regional Forum (ARF) on July 2006 it was emphasized that: “Believing that an effective fight against cyber tacks and terrorist misuse of cyberspace requires increased rapid and well functioning legal and other forms of cooperation.”
3.5 APEC The Ministers and leaders of the Asia Pacific Economic Cooperation (APEC) have at a meeting in 2002 made a commitment to: “Endeavor to enact a comprehensive set of laws relation to cyber security and cyber crime that are consistent with the provision of international legal instruments, including United Nations General Assembly Resolution 55/63 (2000) and Convention on Cyber crime (2001) by October 2003.”In a Ministerial Meeting in Santiago, Chile, November 2004, it was agreed to strengthen the respective economies ability to combat cyber crime by enacting domestic legislation consistent with the provisions of international legal instruments including the Convention on Cyber Crime (2001) and relevant United General Assembly Resolutions.
3.6 G-8 States The G-8 States established in 1997 the Subgroup of High-Tech Crime. At a meeting in Washington DC in 1997 the G8 countries adopted Ten Principles in the combat crime. The goal was to ensure that no criminal receives safe havens anywhere in the world. At the last Meeting of G8 Justice and Home Affairs Ministers in Washington DC, on May, 2004, a joint communiqué was including as follows: “Continuing to Strengthen Domestic Laws. To truly build globe capacities to combat terrorist and criminal uses of the Internet, all countries must continue to improve laws that criminalize misuses of computer network and that allow for faster cooperation on Internet related investigations, with the council of Europe’s Convention on Cyber crime coming into force on July 1, 2004 we should take steps to encourage the adoption of the legal standards it contains on a broad basis.” In a statement from the G8 Meeting in 2002 a goal was emphasized: “To ensure that law enforcement agencies can quickly respond to serious cyber threats and incidents.” At the Moscow Meeting in 2006 in for the G8 Justice and Home Affairs Ministers discussed cyber crime and issues of cyberspace. In a statement it was emphasized: “We also discussed issue related to shoring accumulated international experience in combating terrorism as well as comparative analysis of relevant pieces of legislation on that score. We discussed the necessity of improving effective countermeasures that will prevent IT terrorism and terrorist acts in this sphere of high technologies. For that it is necessary to device a set of measures to prevent such possible criminal acts including in the sphere of telecommunication. That includes and application of viruses and other harmful computer program. We will instruct our experts to generate unified approaches to fighting cyber criminality and we will need an international legal base for this particular work, and we will apply all of that to prevent terrorist from using computer and Internet sites to prevent terrorists and the recruitment of other illegal actors.”
3.7 Organization of American States The Ministers of Justice or Ministers or Attorneys General of the Americas in the Organization of American States (OAS) recommended in Peru in 1999 the establishment of a group of government experts on cyber crime. At a meeting in Trinidad and Tobago in 2002 recommendations were adopted giving the Group of experts the following mandate: “To consider the Preparation of pertinent inter-American legal instruments and model legislation for the purpose of strengthening hemispheric cooperation in combating cyber crime. Considering standards relating to privacy, the protection of information procedural aspects and crime prevention.” Consideration of recommendation was discussed at a meeting in Washington DC June 2003. The Fifth Meeting of Ministers of Justice or of Ministers or Attorneys General of the Americas in Washington DC on April 2004, approved conclusions and recommendation to the General Assemble of the OAS including as follows: “That Member States evaluate the advisability of implementing the principles of the Council of Europe Convention on Cyber crime (2001) and consider the possibility of acceding to the convention.” The General Assembly of the Organization of American States requested at the Meeting on June 7, 2005, the Permanent Council to convene the meeting of the Group of Government Experts on Cyber crime. The organization of American States in cooperation with the council of Europe and Spain, organized a conference in Madrid on December 2005. This conference was titled Cyber Crime a Global Challenge a Global response. Among the conclusion was adopted: “Acknowledge the importance of the only international treaty in this field: the convention on Cyber crime which is open to all states as well as the importance of strengthening the international legal framework; Strongly encourage States to consider the possibility of becoming Parties to this Convention in order to make use of effective and compatible laws and tools to fight cyber crime at domestic level and on behalf of international cooperation Recognize the need of pursuing cooperation providing technical assistance and organizing similar events in other regions of the world.” The permanent council of the Organization of American States resolves on December 15, 2005. That the Group of Government experts on cyber crime should meet on February 27-28, 2006. For the purpose of carrying out the mandates referred to in the conclusions and recommendations of the fifth Meeting of Ministers of Justice on April 28-30, 2004. The Group of Governmental Experts on cyber crime me in Washington DC February 27-28, 2006. The Agenda included also: Challenges on accessing drafting and amending legislation consistent with the principles, substantive and procedural law of the council of Europe convention on cyber crime (2001). At the Sixth Meeting of Ministers of Justice in June 2006 it was made a statement as follows: “…continue to strengthen cooperation with the council of Europe so that the OAS member states can give consideration to applying the principles of the council of Europe’s Convention on Cyber Crime and to acceding thereto, and to adoption the legal and other measures required for its implementation. Similarly that efforts continue to strengthen mechanisms for the exchange of information and cooperation with other international organizations and agencies in the area of cyber crime, such as the United Nation, the European Union, the Asia Pacific Economic co-operation and Development, the G-8, the commonwealth and Interpol in order for the OAS member states to take advantage of progress in those forums.”
3.8 The Problems In spite the variety issues related to different aspects of prevention of transnational computer crime the following basic problem could be defined which should be immediately addressed within the framework of international cooperation: Imperfection of the legislation in the sphere of combating transnational computer crime. Criminal sanctions on national and international level do not ensure good protection from computer crime because of absence of precise clarifications of computer crime in the laws or because difficult of interpretation and application of these laws restrict the law enforcement activity. Therefore, policy and law makers should perform consequent activities on development of the new legal norms and relevant sanctions creating necessary mechanism for law enforcement judge and prosecution activity which could prosecute and punish the guilt in computer crime. Weak specialized professional training for officers of law enforcement agencies related to prevention and investigation of transnational computer crime. Conducting the investigation measures related to search, seizure and arresting the computer machinery has certain peculiarities. First, specially trained personal able to duly conduct these actions are required. Second, upon the arrest of information the possibility of its modification and termination should be excluded. These actions should be conducted within minimum period of time, taking into account the speed of receiving the information. Third, careful analysis of the records about connections to Internet of tech computer system should be made prior to arrest of this system. This is necessary for full procedure of conducting the measures on arrest and seizure of evidences. Therefore, conducting investigation and operative search measures upon investigation of computer crime has certain range of peculiarities and requires special background. These are no specialized response teams similar to Computer Emergency Response Team (CERT) in every country. The creation of special response teams on the lines of CERT is a very important task. If it is not solved in the nearest future both the individual country and other countries may suffer. Non-availability the coordinated criminalization of computer hacking and hacking devices illegal interception of data and interference in to the work of computer systems. The growth of cyber crimes parallel with the weak legal control over them turn into a certain vicious which could only be broken by the proper unity of criminal law strategies of struggle with crimes of this kind. And international cooperation should become an important constituent part of such strategy as it is obvious that it is practically impossible to control of transnational computer crimes at a level of separate States. These are problems to be urgently solved by international community in the sphere of struggle with cyber crimes on the threshold of the 21st century.
3.9 Prevention of Cyber Crime Nowadays, the one place that people thought they were secure could be one of the most dangerous areas in society. Computer use is increasingly spreading and more and more users are connecting to the Internet. The Internet is a source for almost anybody to access manipulates and destroys others’ information. These “criminal directly related to the use of computers, specifically illegal trespass into the computer system or database of another, manipulation or theft of stored on line data, or sabotage of equipment and data” are defined as computer crimes according to the American heritage dictionary. Even through companies strive hard to prevent these criminal activities companies are still fighting a losing war against computer invasions. Although computer “hacking” has become a growing concern, much is being done to address this problem. To better understand the situation users and companies must be aware of the indicators that problems with computer crime exist. One of these indicators is that many companies are involved in computer crimes. Eighty five percent of computer reported security breaches in their systems, and 94% detected viruses in their systems in 2001. Furthermore, the U.S. Defense Department was also hacked many times. It alone was hit by about 250,000 hacks in 1995. These hacks aren’t minor; hacks cost a lot of money in damage. Hacking resulted in a cost of about 377 million dollars. This problem is also rising and needs to be quelled. Break-ins are rising rapidly and double every year. Each of the aforesaid characteristics of cyber crime ought to be considered while devising effective measures of checking preventing and punishing cyber cries which threaten the global community. Besides deterrent laws the following are the strategies which are required to be adopted simultaneously to deal with the menace of cyber crime. Since cyber crime are crimes of technology, the law enforcement agencies ought to be trained in the intricacies of technology so as to properly and effectively conduct investigations, A cyber cop has to be at least a half IT engineer to be a competent cyber crime investigator. Since the criminal has the tendency of jumping geographical borders also called jurisdictional jumping, there has to be co-operation between law enforcement agencies of different countries. Effective laws of extradition and their implementation are necessary to bring to trial cyber criminals across borders. These existing extradition treaties ought to be strengthened by co-operation in the International community. The most effective weapon to counter cyber crime is the use of encryption and other security technologies. It has been said that we need better locks on computers and not on jails to prevent cyber crime. The IT industry must assume responsibility of protecting its own computer systems and networks by using security technologies and should be not depend upon the law enforcement agencies to track cyber criminals which are extremely difficult given the anonymity provided by the Internet. The Government should encourage the use of security technology’ and should work in close partnership with the private sector. It must facilitate and encourage research and developing of new security technologies. Govt. should fund and support research and development and facilities education about the measure to counter cyber crime. Since most cyber crime is not reported by victims in the IT Industry, it gives protection to cyber criminals. Cyber crimes are not reported by victims for fear of eroding the confidence of customers and the consequent loss of business. It needs to be understood that to suppress information about cyber crime having been victimized by cyber crime amounts to protection of and encouraging cyber crime. The private sector must share information about cyber crime so as to understand its various forms and ways to deal with them more effectively. Last but not least suggestion is that identification of citizens. Anonymity facilities cyber crime and thus must yield to the large interest of the society. It is not being advocate that all contents and interactions on the Internet should be censored. Technological modes of easy identification of netizens in their interaction should be used only when necessary while investigation into allegations of cyber crime thought privacy concerns arc important it has to be realized that identification of netizens in certain areas such as cyber crime is equally necessary. Criminal justice system all over the world, must also remember that because of certain inherent difficulties in the real cyber criminal, criminal laws must be applied so as distinguish between the innocent and the deviant. A restrain must be exercised on the general tendency to apply the principle of deterrence as a response to rising cyber crime, without being sensitive to the right of the accused. Our law makers and the criminal laws system must not forget the basic difference between an accused and a convict. A delicate difference between the need to ensure that no innocent is punished and the need to punish the cyber criminal.
3.10 Legal Position Around the Globe Problem of cyber crime induced many states to reconsider their own legislation. Nowadays more than 100 countries (including 60% Interpol members) have no laws regulating fighting cyber crime. The problem in regulation fighting cyber crime is that there are no uniform laws. Some countries such as the UK have cyber crime laws like the Computer Misuse Act (1990), that are well implemented. Other territories have laws that have yet to be fully implemented, while some countries and yet to make provision for cyber crime within their judicial system at all.
3.10.1 Position in UK The Computer Misuse Act, 1990 is an Act of the UK Parliament. The Act’s introduction followed the decision in R v Gold, with the bill’s critics charging that it was introduced hastily and was poorly throughout. Intention they said was often difficult to prove, and that the bill inadequately differenced “joyriding” crackers like Gold and Schifreen from serious computer criminals. The Act has nonetheless become a model upon which several other countries including Canada and the Republic of Ireland, have drawn inspiration when subsequently drafting their own information security laws. The Computer Misuse Act became effective in August1990. Under the Act hacking and the introduction of viruses are criminal offences. Universities and colleges need to co-operate to take action under the Act as the offences are likely to be committed by members of universities and colleges, students in particular, and are often perpetrated on machines or network within the sector. For offences committed within the higher education sector institutions may wish to use the speedier process of internal disciplinary measures rather than resort to the law. The aim of this Guidance is to ensure that universities recognize the seriousness of these offences and to encourage a greater degree of common practice in dealing with the people who carry out these actions, whether action is taken under the criminal law or thought the use of disciplinary procedures. The Act identifies three specific offences: Unauthorized access to computer material (that is a program or data). Unauthorized access to a computer system with inters to commit or facilitate the commission of a serious crime. Unauthorized modification of computer material. The Act defines (1) (the basic offence) as a summary offence punishable on conviction with a maximum prison sentence of six months or both. The Act goes on to describe offences (2) and (3) as triable either summarily or on indictment, and punishable with imprisonment for a term not exceeding five years or fine or both. These sentences clearly reflect the perceived gravity of the offence and would imply that universities should take an equally serious view of hacking or virus proliferation.
3.10.2. Position in US There are two ways, conceptually, to address the growing compute crime problem. The first would be to comb thought the entire United States Code, identifying and amending every statute potentially affected by the implementation of new computer and telecommunications technologies. The second would be to focus substantive amendments on the Computer Fraud and Abuse Act, 1984 to specifically address new abuses that spring form the misuse of new technologies. The new legislation adopts the later approach for a host of reason: The United States, in a single statute, continues to address the core issues driving computer and information security at both domestic and international levels; that is, protecting the confidentiality, integrity, and availability of data and systems. By patterning the amended Computer Fraud and Abuse Act on the OECD guidelines, the U.S. is at the forefront of rethinking how information technology crimes must be addressed-simultaneously protecting the confidentiality, integrity, and availability of data and systems. In most cases, a single point of reference-The Computer Fraud and Abuse Act, 18 U.S.C § 1030 is provided for investigators, prosecutors, and legislators as they attempt to determine whether a particular abuse of new technology is covered under federal criminal law. As new technologies are introduced and the criminal law requires reconsideration, fine-tuning § 1030 may well be adequate, and it will not be necessary to continually parse thought the entire United Sates Code. This statutory scheme will give us a better understanding of the scope of the computer crime problem by enabling more reliable statistics to be generated regarding computer abuse. Under current law, computer crimes can be charged under a host of criminal statutes. Last, 18 § 1030 (f) specifically provides that certain government officials, if engaging in lawfully authorized investigative, protective, or intelligence activities, are not restricted by § 1030. By amending only 18 U.C.C. § 1030 to address new high-tech offenses, this exception clearly continues to apply to any newly defined criminal conduct.

Chapter 4 CYBER LAW IN BANGLADESH
4.1 Need for Cyber Law in Bangladesh Computer have become integral parts of the modern day homes and workplaces. Countries around the world continue to exhibit an encouraging trend of computer usage. Most academic institution has invested in the best technology to keep their students equipped and informed. As for the workplace, there is a gradual trend towards a possible future brimming with ‘paperless and selfless offices’. The dependence on computer is increasing by the day as we are faced with better and faster machines geared up to fulfill operations that were not even imagined a few years back. The usage of computers have opened up newer possibilities for commerce and given fresh lease of life to several industries. The flexibility and economic feasibility of the Internet has transformed the cyberspace into a colossal market abundant with opportunities. The cyberspace knows no boundaries, no parameters and no precincts as it connects people around the world. The cyber world has rendered our physical tangible world a much smaller place with distance and time being no longer constraints of the modern day human. Computer and their influences have traveled into almost every sector. Business, travel, education, entertainment or any other industry cannot comprehend progress without the help of these machines, which look innocuous enough to be underestimated of their potential. Students, professional and organizations around the world need to understand the inescapable truth that computer are here to stay and in definite future, it might be difficult to even move an inch without it having an effect on us. Considering the present trend, it has become almost obligatory for everyone to understand the jurisprudence that countries worldwide have framed to regulate and control the use of computers. For the past several years, many countries have been concentrating on the awareness on questions of about the governance of cyberspace. The question of who controls the Internet is directly related to the question who wants to control the Internet. From the moment that the Internet was opened up to commercial activity many different groups wanted to dominate, such as user, communication companies, ISPs, and the government. Of them all, the most objected was the government intervention, yet it is governments that have managed to exert the most control. However as Internet has grown in our country, the need has been felt to enact the appropriate cyber laws, which are indispensable to legalize and regulate Internet in Bangladesh. The need for cyber laws was propelled by numerous factors. The arrival of Internet signaled the commencement of the rise of new and intricate legal issues. Despite the brilliant acumen of our master draftsman, the requirement of cyberspace could hardly ever be anticipated. As such, the coming of the internet led to the emergence of numerous ticklish legal issues and problem which necessitated the enactment of cyber laws. The existing laws of Bangladesh, even with the most generous and moderate interpretation, could not be interpreted in the light of the promising cyberspace, to consist of all aspect relating to different activities in cyberspace. There are no existing laws that assigned any legal validity or sanction to the activities in cyberspace, as such, before passing Cyber Law, email was not “legal” in our country and courts and judiciary in our country had been reluctant to grant judicial recognition to the legality of email in the absence of any specific law having been enacted by the parliament. The Government of Bangladesh responded by coming up with the first cyber law of Bangladesh – The Information and Communication Technology Act (ICT), 2006. The Cabinet of Minister of Bangladesh has approved the Information and Communication Technology bill (ICT), 2006 on February 2005 and it has been enacted on 8th October, 2006. The ICT Act defines various terms, which are innovative in the legal lexicon in Bangladesh. The law consists of a preamble, 97 sections and four schedules. Cyber Laws are contained in the ICT Act, 2006. This Act aims to provide the legal infrastructure for e-commerce in Bangladesh. And the cyber laws have a major impact for e-businesses and the new economy in Bangladesh. So, it is important to understand what are the various perspectives of the ICT Act, 2006 and what it offers.
4.2 Historical Background of the Information and Communication Technology Law or Cyber Law Bangladesh Government has recently enacted The Information and Communication Technology (ICT) Act, 2006 on 8th October, 2006. The law has been made in the shape of the United Nations Commission on International Trade Law (UNCITRAL) of 1996, which is called UNCITRAL Model Law on economic commerce. The Model Law does not have any force but merely serves as a model to countries for the evaluation and modernization of certain aspects of their laws and practices in the field of communication involving the use of computerized or other modern techniques, and for the establishment of relevant legislation where none exists. The law is sometimes called cyber law and sometimes the law of “Internet” or “Computer”. Bangladesh is the 32nd nations in the world that has cyber legislation apart from countries like India, Singapore, France, Malaysia and Japan.
4.3 Sides of Cyber Law or ICT Act of Bangladesh Cyber laws are meant to set the definite pattern, some rules and guidelines that defined certain business activities going through internet legal and certain illegal and hence punishable. The ICT Act 2006, the cyber law of Bangladesh, gives the legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic record. One cannot regard government as complete failure shielding numerous e-commerce activities on the firm basis of which this industry has got to its skies, but then the law cannot be regarded as free ambiguities. The Information and Communication Technology Act (ICT), 2006 also aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same have legal validity and enforceability. Some highlights of the Act has been given below: Chapter I of the ICT Act 2006 specifically defines some term which are used in ICT sector and cyber legislation for clearing the concept. This chapter also stipulates the jurisdiction and superiority of the Act. Extra regional effect of the Act has been discussed in the chapter. Chapter II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber. The said chapter also details the legal recognition of Digital Signature and electronic records. Chapter II of the ICT Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed from, then, notwithstanding anything contained in such law, such requires shall be deemed to have been satisfied if such information or matter is rendered or made available in an electronic from; and accessible so as to be usable for a subsequent reference. Chapter III of the ICT Act details for application to the attribution, acknowledgement and dispatch of electronic records among parties. Chapter IV of the ICT Act provides rules for secure electronic records & secure digital signature. Chapter V of the said Act gives a scheme for regulation of Certifying Authorities. The Act envisage a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The Act recognizes the need for foreign Certifying Authorities and it further details the various provisions for the issue of license to issue Digital Signature Certificates. Chapter VI of this Act details about applying the security procedure, acceptance of Digital Signature Certificate, obtaining Digital Signature Certificate and Control of Private Key. The duties of subscribers are enriched in this said Act. Chapter VII & VIII of the ICT Act talks about penalties, adjudication, investigation, judgment and punishment for various offences. The penalties for damage to computer, computer systems etc. has been fixed as damages by way of compensation not exceeding Tk. 1,00,00,000 to affected persons. The Act talks of appointment of any officer not below the rank of a Director to the Government of Bangladesh or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provision of the said Act or rules framed there under. The said Adjudicating Officer has been given the power of a civil court. Chapter VIII of the Act also talks of the establishing of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the order passed by the Adjudicating Officer, shall be preferred. Chapter – VIII of the Act talks about various offences and the said offences shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of police. Chapter IX of the Act details about police servant, protection of action taken in good faith. The said Act also proposes to amend the Penal Code, 1860, the Evidence Act, 1872, the Bankers’ Books Evidence Act, 1891 to make them in tune with the provision of the ICT ACT.
4.4 Objective of the ICT Act, 2006 The preamble of the ICT Act, 2006 declares that, an Act to provide legal recognition for transaction carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternative to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Penal Code, 1860, the Evidence Act, 1872 and the Bankers’ Books Evidence Act, 1891 and for matters connected therewith or incidental thereto. The object of the ICT Act, 2006, have been illustrated by the Law Commission’s Final Report to give effect to the following purposes: (a) to facilitated electronic communications by means of reliable electronic records; (b) to facilitate electronic commerce, eliminate barriers to electronic commerce resulting from uncertainties over writing and signature requirements, and to promote the development of the legal and business infrastructure necessary to implement secure electronic commerce; (c) to facilitate electronic filing of documents with government agencies and statutory corporation, and to promote efficient delivery of government services by means of reliable electronic records; (d) to minimize the incidence of forged electronic records, intentional and unintentional alteration of records, and fraud in electronic commerce and other electronic transaction; (e) to help to establish uniformity of rules, regulations and standards regarding the authentication and integrity of electronic records; and (f) to promote public confidence in the integrity and reliability of electronic records and electronic commerce, and to faster the development of electronic commerce through the use of electronic signatures to lend authenticity and integrity to correspondence in any electronic medium.
4.5 Establishment & Jurisdiction of Cyber Tribunal in Bangladesh Government of Bangladesh by gazette notification, for the purpose of quick and effective trial of crimes committed under the Act, may establish one or more cyber tribunal, sometimes which is stated later as tribunal under section 68(1) of the ICT Act. The cyber tribunal that is stated in section (1) of the section will comprise of a session judge or an assistant session judge appointed by the government with consulting with the Supreme Court; and such a judge appointed will be introduced “judge, cyber tribunal”. The cyber tribunal under the section may be given jurisdiction of whole Bangladesh or one or more session jurisdiction; and the tribunal will only judge the cases of crimes under the Act. The special tribunal may sit and continue its procedure on a place at a certain time and government will dictate all this by its order.
4.5 Establishment & Jurisdiction of Cyber Appellate Tribunal in Bangladesh The ICT Act envisages the establishment of the Cyber Appellate Tribunal at one or more places as the government may deem fit. Section 82(1) of the ICT Act provides that the government shall, by notification in the Official Gazette, establish one or more appellate tribunals to be known as the Cyber Appellate Tribunal. The cyber appellate tribunal will be comprised of a chairman and two members appointed by the government. The chairman will be such a person, who was a justice of the Supreme Court or is continuing his post or capable to be appointed as such and one of the member will be as an appointed judicial executive as a district judge or he may be retired and the other will be a person having the knowledge and experience in information and technology that is prescribed.The chairman and the members will be in their post minimum 3 years and maximum 5 years and the conditions of their service will be decided by the government. The Cyber Appellate Tribunal shall have the power to hear and settle the appeal made against the judgment of cyber tribunal and session court. The appeal tribunal will have authority of supporting, canceling, changing, or editing the judgment of the cyber tribunal. The decision of the appellate tribunal will be final. The Cyber Appellate Tribunal does not seem to be vested with any original jurisdiction; it has been vested with the powers of a Civil Court in respect of, interalia, a. Summoning and examining of witnesses b. Requiring production of document c. Receiving evidence d. Issuing commissions and e. Reviewing its decisions.

Chapter 5

CRITICISMS AND WEAKNESSES OF THE CYBER LAW OF BANGLADESH & NECESSARY RECOMMENDATIONS
5.1 Criticisms of the Cyber Law of Bangladesh The ICT Act has identified some critical situation, which is not clear to our archaic legal provisions. The law does something regulate the social norm and then control of information technology. Ever since the passing of the Information and Communication Technology Act by parliament, a lot has been said both for and against the Act. Although the newly enacted Cyber Law has some weakness, something is better than nothing. The criticism of the Cyber Law of Bangladesh is given below: Internet is a borderless medium; it spread to every corner of the world where life is possible and hence is the cyber criminal. Then how come is it possible to feel relaxed and secure once law is enforced in the nation? The Act initially was supposed to apply to crimes committed all over the world, but nobody knows how can this be achieved in practice, how to enforce it all over the world at the same time? Can we track down the Emil Indian Hacker who recently hacked our 17 district web portal? The Act empowers the Deputy Superintendent of Police to look up into the investigations and filling of charge sheet when any case related to cyber law is called. This approach is likely to result in misuse in the context of Corporate Bangladesh as companies have public offices which would come within the ambit “public place” under the Act. As a result, companies will not be able to escape potential harassment at the hand of the Deputy Superintendent of Police. Cyber Offences Investigation Police Officer must have relevant expertise: Under section 80 of the ICT Act, 2006 that a police officer not below the rank of an Inspector of Police shall investigate any offences under this Act. This section should be modified that Inspector of Police and above, must have appropriate ICT knowledge (i.e. Diploma/Bachelor’s degree in ICT related subject proper training in this area). The draconian power have been given to police officers that a police officer not below the rank of an Inspector of Police (IP), or any other officer of the Government authorized by the Government in this behalf for purpose of investigating and preventing the commission of a cyber crime under section of the ICT Act, 2006. The unrestricted power given by the ICT Act to the said IP includes the power ‘to enter any public place and search and arrest without warrant any person found therein who is reasonably suspected of having committed or of committing or being about to commit any offences under this Act’. It is very much possible that the given power may be misused and abused by the said police officers. This law has given more power to police officer in case of arresting cyber criminals, albeit cyber crime detection is very difficult. So, this is similar to section 54 of the Criminal Procedure Code in case of harassment to public. Spamming is not an offence under the ICT Act, 2006 in Bangladesh. But Spamming has become a peril in USA, UK and other developed nations and anti-spamming provision need to be included. Implementation of Global Cyber Law: Implementation of the law is a big question mark for any nations’ law enforcing agency. The implementation of the global cyber law is a big challenge without any law enforcing agencies. But countries can take the lead in implementation the law within their national boundaries. Like the US, this has cyber squatting laws that make cyber squatting is a punishable offence. But other countries are very confused and Bangladesh is one of those countries. In fact, the ICT Act 2006 has a provision wherein the law is not only applicable to Bangladeshi’s netizens but also to any contravention or any violation done by anybody anywhere in the world is also liable to the penalties under section 84, which is very impractical unless cyber law related global agreement is in existence. The provision in section 84 is not clearly defined as to how and what particular manner, this ICT Act shall apply to any offence or contravention there-under committed outside of Bangladesh by any person. The ICT Act does not provide extra-territorial jurisdiction or multi-territorial jurisdiction to law enforcement agencies, but such powers are basically ineffective. This is because Bangladesh does not have reciprocity like EU countries and extradition treaties with a large number of countries. “Domain Name” is the major issue, which related to Internet thoroughly. But the ICT Act, 2006 does not define “domain Name” and the rights and liabilities. “Domain Name” owners do not find any mention in the ICT Act. There is no provision about the Intellectual Property Rights of “domain Name” owners. These need proper attention. Section 56 of the ICT Act, 2006, that the order of the Government appointing any person as the Presiding officer of a Cyber Appellate Tribunal shall be final and shall not be called in question in any manner and no Act or proceeding before a Cyber Appellate Tribunal shall be called in question in any manner on the ground merely of any defect in the constitution of a Cyber Appellate Tribunal. The said provisions is a violative of the Fundamental rights of the citizens as are enshrined in Chapter III of the Constitution of Bangladesh and the said provision is not convenient and is likely to be struck down by the courts. The Government cannot claim immunity in appointment to Cyber Appellate Tribunal, as the same is contrary to the spirit of the Constitution of Bangladesh. So, under the Constitution of Bangladesh, all proceeding and Act of the Cyber Appellate Tribunal are null and void-ab-initio.
5.2 Necessary Recommendations The ICT Act, 2006 demands amendments of certain Acts for the first step for incorporation of the Internet into Bangladesh’s legal framework. There is still a long way to go before the Bangladeshi legal system incorporates and accepts the internet fully. The Evidence Act, 1872, the Bankers’ books Evidence Act, 1891 and the Bangladesh Bank order, 1972 shall be amended in the manner specified in the Second Schedule, Third Schedule and Fourth Schedule of this Act. And we need to amendment some provisions of the ICT Act, 2006. In Bangladesh, cyber crime has to be voluntary and willful, an act or omission that adversely affects a person property. The ICT Act, 2006 provides the backbone for e-commerce and Bangladesh’s approach has been to look at e-governance and e-commerce primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects. In the present global situation where cyber control mechanisms are important we need to push cyber laws. Cyber Crimes are a new class of crimes to Bangladesh rapidly expanding due to extensive use of internet. Getting the right lead and making the right interpretation are very important in solving a cyber crime. The pace of the investigation however can be faster; judicial sensitivity and knowledge need to improve. Focus needs to be on educating the police and district judiciary. IT Institutions can also play a role in this area. We need to sensitize our investigators and judges to the nuances of the system. Most cyber criminals have a counter part in the real world. A lengthy and intensive process of learning is required. This is an area where learning takes place every day as we are all beginners in this area. We are looking for solutions faster than the problems can get invented. We need to move faster than the criminals. The real issue is how to prevent cyber crime. For this, there is need to raise the probability of apprehension and conviction. Bangladesh has a law on evidence that considers admissibility, authenticity, accuracy, and completeness to convince the judiciary. The challenge in cyber crime cases includes getting evidence that will stand scrutiny in a foreign court. For this Bangladesh needs total international cooperation with specialized agencies of different countries. Police has to ensure that they have seized exactly what was there at the scene of crime, is the same that has been analyzed and report presented in court is based on this evidence. It has to maintain the chain of custody. The treat is not form the intelligence of criminals but form our ignorance and the will to fight it.

Chapter 6 CONCLUSION
As we move forward into the 21st century, technological innovations have paved the way for us to experience new and wonderful conveniences in the how we are educated, the way we shop, how were entertained and the manner in which we do business. Capacity of human minds is immeasurable. It is not possible to eliminate cyber crime form the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties and further making the application of the laws more stringent to check crime. Undoubtedly the ICT Act is a historical step in the cyber world. Further it cannot be denied that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime law are not made so stringent that it may retard the growth of the industry and prove to be counter-productive. The Penal Code, 1860 was found insufficient to cater to the needs of new crimes emerging from Internet expansion. Even some of the traditional crimes such as conspiracy, solicitation, securities, fraud, espionage etc. are now being committed through Internet which necessitates a new law to curb them. It was in the background that the ICT Act, 2006 was enacted in Bangladesh for prevention and control of cyber crimes. Prior to the enactment of this Act, the law applicable to cyber offences was the Penal code, 1860 which was enacted long back in 1860 when no one even thought of computer technology or cyber criminality. With the coming into force of ICT Act, 2006, it become necessary to introduce certain consequential change in certain provisions of the Penal Code, 1860 as also in the Evidence Act, 1872, in order to meet the new requirements of the cyber space crimes. However, the conception of cyber crime is relating to the age of information super highway of the contemporary world. Now-a-days crimes are spreading at an alarming rate in the field of online communication system by the intellectual criminals. Through the development of technology crimes have been developing in different ways and means. So laws should be developed in such a way that crimes in the field of technological arena can be controlled in an iron hand. But no such effective legal provisions exist at home and abroad. Though there are some laws and convention, they cannot be implemented due to some technical difficulties like procedural complexities and lack of proper executing system. Taking these advantages, the criminals are occurring heinous crimes like Hacking, Sending malicious mails, spreading vulgar pictures, cyber terrorism & and illegal using of intellectual properties. It causes harm to the privacy of individuals as well as creates threat to the international peace and solidarity. Now it is the demand of time to prevent such type of crimes for keeping individual privacy as well as international peace and security. Every country of the world can enact effective legal provisions within the purview of their national boundary to protect cyber crimes. United Nations can also take necessary steps to prevent cyber crimes from the cyber space.

REFERENCES
BOOKS 1. Abdul Halim& N. E. Siddiki, The Legal System of Bangladesh after Separation, 1st ed., (Dhaka: University Publications, 2008).

2. N. V. Paranjape, Criminology and Penology, 13th ed., (Allahabad: Central Law Publications, 2008-09).

3. R. K. Chaubey, An Introduction to Cyber Crime and Cyber Laws, 1sted., (Kolkata: Kamal Law House, 2009).

4. Zulfiquar Ahmed, A Text Book on Cyber Law in Bangladesh, 1st ed., (Dhaka: National Law Book Company, 2009).

STATUTES
1. The Constitution of the People’s Republic of Bangladesh.
2. The Computer Misuse Act (1990).
3. The Computer Fraud and Abuse Act, 1984.
4. The Information and Communication Technology Act (ICT), 2006.
5. The United Nations Commission on International Trade Law (UNCITRAL), 1996. 6. The Penal Code, 1860.
7. The Evidence Act, 1872.
8. The Bankers’ Books Evidence Act, 1891.
9. The Criminal Procedure Code, 1898.
10. The Bangladesh Bank order, 1972.
11. The Lunatic Act, 1912.
12. The Convention on Cyber Crime, 2001.

JOURNAL
1. M. Abul Hasanat, ‘Cyber Crime: An Ill-going Techno - Culture’, Journal of Law, Vol. i, no.1 (June 2003).

NEWSPAPER 1. The Prothom Alo (21 March 2010).

ELECTRONIC DATA
1. Maya Babu, ‘What is cybercrime’ (Mysore GrahakaraParishat), 11 October 2004, [http://www.crime-research.org/analytics/702/, Last visited 25 March 2010].

2. [http://en.wikipedia.org/wiki/Cyber_crime, Last visited 25 March 2010].

3. [http://www.techterms.com/definition/cybercrime, Last visited 25 March 2010].

4. Joe Thomas, ‘Cybercrime: A revolution in terrorism and criminal behavior creates change in the criminal justice system’, 21 July 2006, [http://www.associatedcontent.com/article/44605/cybercrime_a_revolution_in_terrorism.html?cat=37., Last visited 25 March 2010].

5. M. E. Kabay, ‘Salami fraud’ (Network World Security Newsletter), 24 July 2002, [http://www.networkworld.com/newsletters/sec/2002/01467137.html, Last visited 25 March 2010].

6. DaBoss ..., ‘Logic Bombs’ (VTutor Introduction), 3 May 2006 [http://www.cknow.com/cms/vtutor/logic-bombs.html, Last visited 20 March 2010].

--------------------------------------------
[ 2 ]. Maya Babu, ‘What is cybercrime’ (Mysore GrahakaraParishat), 11 October 2004, [http://www.crime-research.org/analytics/702/, Last visited 25 March 2010].
[ 3 ]. M. Abul Hasanat, ‘Cyber Crime: An Ill-going Techno - Culture’, Journal of Law, Vol. i, no.1 (June 2003), p.15.
[ 4 ]. [http://en.wikipedia.org/wiki/Cyber_crime, Last visited 25 March 2010].
[ 5 ]. [http://www.techterms.com/definition/cybercrime, Last visited 25 March 2010].
[ 6 ]. R. K. Chaubey, An Introduction to Cyber Crime and Cyber Laws, 1st ed., (Kolkata: Kamal Law House, 2009), p.135.
[ 7 ]. Ibid, p.136.
[ 8 ]. Joe Thomas, ‘Cybercrime: A revolution in terrorism and criminal behavior creates change in the criminal justice system’, 21 July 2006, [http://www.associatedcontent.com/article/44605/cybercrime_a_revolution_in_terrorism.html?cat=37., Last visited 25 March 2010].
[ 9 ]. R. K. Chaubey, ibid, p.137.
[ 10 ]. Ibid, pp.139-40.
[ 11 ]. Ibid, p.141.
[ 12 ]. Ibid, pp.141-42.
[ 13 ]. Zulfiquar Ahmed, A Text Book on Cyber Law in Bangladesh, 1st ed., (Dhaka: National Law Book Company, 2009), pp.63 – 64.
[ 14 ]. R. K. Chaubey, ibid, p.143.
[ 15 ]. Ibid, p.144.
[ 16 ]. Ibid, p.144.
[ 17 ]. Ibid, p.145.
[ 18 ]. Ibid, p.145.
[ 19 ]. Ibid, p.145.
[ 20 ]. Ibid, p.146.
[ 21 ]. Ibid, p.148.
[ 22 ]. Ibid, pp.149-150.
[ 23 ]. Ibid, p.152.
[ 24 ]. Ibid, p.154.
[ 25 ]. Ibid, pp.154-55.
[ 26 ]. Ibid, p.155.
[ 27 ]. Ibid, pp.155-56.
[ 28 ]. Ibid, p.156.
[ 29 ]. Ibid, p.156.
[ 30 ]. Ibid, pp.156-57.
[ 31 ]. Ibid, p.157.
[ 32 ]. Ibid, pp.158-159.
[ 33 ]. M. E. Kabay, ‘Salami fraud’ (Network World Security Newsletter), 24 July 2002, [http://www.networkworld.com/newsletters/sec/2002/01467137.html, Last visited 25 March 2010]
[ 34 ]. R. K. Chaubey, ibid, p.159.
[ 35 ]. Ibid, pp.159-60.
[ 36 ]. Ibid, p.160.
[ 37 ]. Ibid, p.160.
[ 38 ]. Ibid, p.161.
[ 39 ]. DaBoss ..., ‘Logic Bombs’ (VTutor Introduction), 3 May 2006 [http://www.cknow.com/cms/vtutor/logic-bombs.html, Last visited 20 March 2010].
[ 40 ]. Ibid.
[ 41 ]. Ibid.
[ 42 ]. R. K. Chaubey, ibid, p.167.
[ 43 ]. Ibid, pp.167-168.
[ 44 ]. Ibid, p.168.
[ 45 ]. Ibid, p.169.
[ 46 ]. Ibid, p.169.
[ 47 ]. Ibid, pp.169-70.
[ 48 ]. Ibid, p.170.
[ 49 ]. Ibid, pp.170-71.
[ 50 ]. Ibid, p.171.
[ 51 ]. Ibid, p.171.
[ 52 ]. Ibid, p.171-72.
[ 53 ]. Ibid, p.172.
[ 54 ]. Ibid, pp.172-73.
[ 55 ]. Ibid, p.173.
[ 56 ]. Ibid, p.174.
[ 57 ]. Ibid, p.174.
[ 58 ]. Ibid, p.174.
[ 59 ]. Ibid, pp.174-75.
[ 60 ]. Ibid, pp.175-76.
[ 61 ]. Ibid, pp.176-77.
[ 62 ]. Ibid, p.177.
[ 63 ]. Ibid, pp.178-79.
[ 64 ]. (1988) 1 AC 1063.
[ 65 ]. Ibid, p.180.
[ 66 ]. Ibid, pp.180-81.
[ 67 ]. Ibid, p.181.
[ 68 ]. Ibid, pp.185-88.
[ 69 ]. Zulfiquar Ahmed, ibid, pp.39 – 52.
[ 70 ]. Ibid, p.52.
[ 71 ]. Ibid, p.53.
[ 72 ]. Ibid, pp.53-55.
[ 73 ]. Ibid, p.57.
[ 74 ]. The Information and Communication Technology Act, 2006, s. 68(2).
[ 75 ]. Ibid, s. 68(3).
[ 76 ]. Ibid, s. 68(4).
[ 77 ]. Ibid, s. 82(2).
[ 78 ]. Ibid, s. 82(3).
[ 79 ]. Ibid, s. 82(4).
[ 80 ]. Ibid, s. 83(1).
[ 81 ]. Ibid, s. 83(2).
[ 82 ]. Zulfiquar Ahmed, ibid, pp.150-52.
[ 83 ]. The Prothom Alo (21 March 2010), p.24.
[ 84 ]. The Information and Communication Technology Act, 2006, s. 79.
[ 85 ]. Ibid, pp.61-69.
[ 86 ]. Ibid, p.61.
[ 87 ]. N. V.Paranjape, Criminology and Penology, 13th ed., (Allahabad: Central Law Publications,2008-09), p.141.
[ 88 ]. Abdul Halim& N. E. Siddiki, The Legal System of Bangladesh after Separation, 1st ed., (Dhaka: University Publications, 2008), p.387.