Home | Feedback | Contact Us
Legal Articles  


Corporate Espionage and the Information Technology (Amendment) Act, 2008

As already mentioned, Corporate Espionage is the practice of gaining information regarding one’s competitors using unethical or illicit means, without the knowledge of that competitor writes Harsh Sinha.

In order to understand the concept of Corporate Espionage, we must first understand the etymology of the words used therein. The word ‘Corporate’ has been derived from the Latin word corporatus or corpus which means body. The Oxford Dictionary defines the word ‘Corporate’ as relating to a business corporation, of or shared by all members of a group. ‘Espionage’, according to the Oxford Dictionary, is the practice of spying or of using spies. Thus, ‘Corporate Espionage’ basically refers to a practice wherein a corporate system or structure is impregnated with the help of spies or systems so as to facilitate the leakage of information which could mar the general growth of the victim organization.

It covers within itself illegal activities such as theft of trade secrets, business plans, customers’ lists, pricing data, bribery, blackmail, technological surveillance etc. resulting in breach of security of an organization and gaining access to its confidential and sensitive information. The information thieves use many intrusive methods in order to gain such sensitive information for instance eavesdropping by bugging offices, wiretapping, recording telephone conversations, penetrating computer networks etc. In today’s world where it is truly the survival of the fittest, knowing one’s own competition has become very important for most corporations/organizations. There is a very thin line of difference between Corporate Espionage and Competitive Intelligence.

Where Competitive Intelligence is ethical and legal, Corporate Espionage is the exact opposite. The internet has now become a ‘highway of information’ when it comes to gathering and processing information and data in relation to anything and anyone. The means of spying have also undergone substantial transformations with the advent of technology. Spies no longer need to physically break into offices or homes to acquire sensitive information. Spying involves the use of almost the same technology as the one used for Competitive Intelligence i.e. business intelligence procedures. The basic difference between both is that while indulging in Corporate Espionage, the internet and connections used are equipped with a more advanced ‘attacking’ mode. Cyber attacks are becoming increasingly common in both public and private sectors. Thus there is an urgent need to enact and enforce stringent laws pertaining to cyber offences.

India has in place the Information Technology Act, 2000 (‘Act’) which provides legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication. Very recently, the Information Technology (Amendment) Act, 2008 was enacted which introduced several new provisions relating to data protection, privacy, cyber terrorism etc. This Amendment was the need of the hour as India does not have a separate statute pertaining to data protection or cyber crimes per se. Chapter IX of the Act refers to provisions relating to penalties, compensation and adjudication and Section 43 covers a wide range of cyber contraventions related to unauthorized access to computer, computer system, computer network or resources.

The damages of Rs. one crore (approx. USD 200,000) prescribed under this Section before the Amendment has been deleted and now the defaulter is made liable to pay damages by way of compensation to the person so affected. A new Section 43 A has been inserted to protect sensitive personal data or information possessed, dealt or handled by a body corporate in a computer resource which such body owns, controls or operates. If such a body corporate is negligent in implementing reasonable security practices and it causes wrongful loss or wrongful gain to any person, it shall be liable to pay damages by way of compensation to the person so affected. It must be noted here that the phrase ‘sensitive personal data or information’ has not been defined by the Act.

Chapter XI of the Act deals with the offences and Section 66 lays down the penalty for contravention of Section 43 which amounts to an imprisonment of upto three years or fine upto five lakh rupees or both. A host of new Sections have been added to Section 66 by the Amendment Act as Sections A to F prescribing punishment for offences such as sending of offensive through communication service etc. (66A ), dishonestly receiving stolen computer resource or communication device (66B ), identity theft (66C ), cheating by personation by using computer resource (66 D ), violation of privacy (66E ), cyber terrorism (66F ). For the offence of cyber terrorism, the Act now prescribes life imprisonment. Section 69 of the Act gives power to the state to issue directions for interception or monitoring of decryption of any information through any computer resource. Sections 69 A and B grant powers to the State to issue directions for blocking certain websites for public access if its content is believed to threaten the security and integrity of the State and to monitor and collect traffic data or information. Also, Sections 72 and 72 A lay down provisions relating to the penalty for breach of confidentiality and privacy and the punishment for disclosure of information in breach of lawful contract. The newly inserted Section 84 B and C lay down punishments in case of abetment of offences under the Act and also for attempt to commit such offences.

The Information Technology (Amendment) Act, 2008 seems to be a step forward in the direction of reducing instances of data theft, identity theft, cyber crimes etc. and thereby Corporate Espionage. In order to cope with the multifarious challenges that technological advancement may bring, it is essential to have in place more efficacious and stricter laws relating to cyber security. There is a need to bring harmony in the laws relating to data protection, copyright, cyber crimes throughout the world because it is this disparity between the laws and rules of various countries that makes it easy for spies to break into the computer networks and resources and carrying on their spying practices. Therefore, the only factor that can impede the growth of this illegal practice is the ethical conduct of businesses. At the same time, countermeasures must be taken by corporations in order to ensure that they are not spied.

In conclusion, it can be said that all organizations need to re-assess their security policies and take appropriate steps in order to protect themselves from becoming a victim of Corporate Espionage. They must identify their sensitive information. Information such as R & D processes, new market strategies, pricing structures, customer lists must be identified as sensitive and adequately protected. Risk assessment must be done and vulnerabilities identified and accordingly addressed. Adequate training should be provided to employees, users, managers etc. so that they can protect the sensitive information of the organization. At the end of the day, the more knowledge organizations have about such malpractices, the better they will be equipped to fight against it.

_________________________________________________________________
HARSH SINHA is a Partner & Advocate at Kaden Boriss Legal LLP at its Gurgaon office. He may be reached at harsh.sinha@kadenboriss.com..

 
© 2007 India Law Journal   Permission and Rights | Disclaimer