With Nepal hastily moving towards digitalization, it is high time that a strong legislation is adopted that would amply cover all aspects of cybercrime. Although Nepal has not moved into a comprehensive digitalized system as compared to countries such as USA or China, there is still a need for robust cyberlaws, also known as information technology law.
Currently, the major law governing information technology, cybercrime and similar matters is the Electronic Transaction Act (ETA), 2063 (2008). Currently, cybercrime is felt to be one of the widely committed crimes in Nepal from minor crimes such as cyber-bullying to serious ones such as online child pornography or online fraud. There are two main reasons for this, easy access to computers and the internet and lack of proper laws.
The ETA was enacted in 2008. However, the use and scope of internet as well as other digitalization mechanisms has grown exponentially. Since it was enacted, the ETA has seen very little changes and these changes still do not exactly cover all the aspects of cybercrime. Some of these include phishing which is an act of obtainingimportant information such as usernames, passwords, and credit card details, often for malicious reasons by masquerading as trustworthy entities through electronic medium. The Act somewhat contains an essence of law against phishing in Section 52 which contains provisions for the prevention of computer fraud. However, this Section was not exactly incorporated to tackle phishing and attempts to prevent all forms of computer related fraud in general.
The problem with the current ETA is that it attempts to cover cybercrimes in general and does not have a complex legal structure as other law that would deal with these crimes in depth. This can be seen in other kinds of cybercrimes as well; these include fake profile marketing which is very widely seen in social media. Fake profile marketing can be considered as one of the most widely committed crimes, yet the number keeps rising every year. Cyber terrorism is another such crime that has not been explicitly dealt by the ETA. Nepal has however, not been a victim of cyber terrorism on a massive level, whether domestic or international. Nevertheless, this is not a reason as to why Nepal should not have a strong law for the prevention of cyber terrorism.
Another major problem that can be seen with the cyber laws of Nepal is lack of awareness. Nepal has seen a massive change in the digitalization system since the enactment of the ETA. One of these rapid developments in the digitalization process includes online payment. Although Section 52 of the Act prohibits computer fraud, which also includes - to some extent - fraud in online payment structure, people are still reluctant to use this system. Minor frauds do occur every now and then, however, people are not aware that there is a law which would protect them during online payment frauds. Online scams also go undealt with. Websites such as Hamrobazaar allow people to sell used products for which the website will not be responsible. There is a high probability that these used products will be sold using misleading information through unauthorized sellers. This is to some extent, dealt by Section 52 (computer fraud) of the Act, yet people do not realize that legal actions could be taken against such online fraudulent activities.
Nepal does not a have strong legal background in this matter to begin with. Before 2004 A.D., matters relating to cybercrime were dealt by the Public Offence Act. First of all, the Act was not made to address issues regarding cybercrimes and secondly, the police personnel that dealt with such crimes did not possess enough expertise in this field in order to deal with the same.
The Electronic Transaction and Digital Signature Act (Ordinance on Electronic Transaction) was enacted in 2004 which also included similar provisions as the current ETA. Some of these were prohibition of electronic publication of illegal materials, unauthorized access in computer materials, damage to computer or information system and others.
If we look at the two laws, not much has changed and the provisions that actually deal with different aspects of cybercrime fairly remain the same. Other countries have had a long time to develop their own cyberlaws, way earlier than Nepal did; see for example, the Computer Misuse Act enacted by Great Britain in 1990 and the Electronic Communication Privacy Act, 1986 of the United States.
Another major problem is that information technology law or cyber law is not exactly a separate and independent law on its own. Rather, it’s a complex assortment of various other laws such as privacy law, intellectual property law, internet law and similar other concepts. This however, cannot be seen in Nepal’s current ETA. A single law either has to incorporate all aspects of cyber law or there has to be other laws in addition to the current ETA for these purposes. The US alone has more than a few laws that fall together to make its entire cyber law system. These laws cover aspects of cyber law from privacy law such as the Privacy Act, 1974 and the Homeland Security Act, 2002 to cyber terrorism such as theIntelligence Reform and Terrorism Prevention Act which was enacted in 2004.
If Nepal is to develop a concrete cyber law capable of tackling all forms of cybercrimes, it would need to take into consideration all these problems that the current law faces as well as those it could face in the future. As the world of digitalization is growing, new forms of cybercrimes are bound to emerge which the Nepali legal system should be prepared for.
Shikhar Pandit is a managing associate at Gandhi and Associates currently focused on the management of the corporate team. Shahrukh Rai is an associate at G&A currently taking a leading role in developing the research department in the team.