Journal of Positive School Psychology http://journalppw.

com
2023, Vol. 7, No. 1, 782-800

International Legislative Framework Of Cybercrimes- A

Comparative Study Of India, Israel, And Usa
Nuruddin Khan1, Dr. Shobha Gulati2

Abstract:

The following research paper will be discussing the legislative framework of cybercrimes in India,
Israel, and USA. As India being a developing country and Israel, USA are having next level of
technology in order to combat cyber-crimes in their relevant countries. The paper will be discussing the
laws present in USA and Israel and on that note how India can develop their cyber-crimes laws and
develop and excellent cyber security infrastructure to combat cyber criminals. The critical infrastructure
of India is vulnerable at the instant of cyber criminals a through study of cyber laws of one USA and
Israel will help in determining the basis for a strong cyber security infrastructure in India.

Keywords: cybercrime, cyberlaws, Information Technology, cyber security, critical infrastructure.

I. INTRODUCTION of the modus operandi of the offence is in

another territory," raising issues of
Information societies rely heavily on "sovereignty, jurisdiction, transnational
information technology availability, which is investigations, and extraterritorial evidence,"
proportional to cyberspace security3.The necessitating international cooperation4. The
availability of information technology is effectiveness of multinational efforts to combat
constantly threatened by a variety of state and cybercrime will be examined in this chapter.
non-state entities.
International cybercrime frequently puts
The cyber-attack on the available information domestic and international law, as well as law
technology straddles the border between enforcement, to the test. Because many
cybercrime and cyberwar, both of which have countries' present laws are not designed to cope
disastrous consequences in the physical world. with cybercrime, criminals are increasingly
The recent revelation of 'cyber-attack vectors' turning to the Internet to avoid harsher
such as Stuxnet, Duqu, Flame, Careto, Heart sanctions or the difficulty of being tracked.
Bleed, and others only emphasizes the Governments and industry in both emerging
vulnerability of information technology and developed countries have increasingly
resources' confidentiality, integrity, and grasped the enormous hazards that cybercrime
availability. poses to economic and political security and
public interests. However, the variety of types
The issue is complicated further by the nature and forms of cybercrime makes it more difficult
of cyberspace, which manifests itself in to combat. In this regard, combating cybercrime
anonymity in space and time, quickness of necessitates international collaboration. On a
actions resulting in unequal results regional and international basis, various
disproportionate to the resources used, non- organizations and governments have previously
attribution of activities, and the lack of collaborated to establish global standards of
international borders. Because of these laws and law enforcement. Because they are the
characteristics, "the transnational dimension of top two source countries of cybercrime,
cybercrime offence arises when an element or collaboration between China and the United
substantial effect of the offence, or where part
783 Journal of Positive School Psychology

States has been one of the most notable recent commercial law reform for over 40
developments. years. The mission of UNCITRAL is to
modernize and harmonise international
Information and communication technology business rules.
(ICT) plays a critical role in ensuring
worldwide standards-based interoperability and In 1996, the UNCITRAL issued a
security. In order to combat cybercrime, general Model Law on Electronic Commerce in
countermeasures have been implemented, such response to the expanding use of
as legal measures to improve legislation and electronic commerce and advanced
technical measures to track down crimes over communications technologies in
the network, Internet content control, the use of international trade. This was based on a
public or private proxy servers, computer resolution passed by the United
forensics, encryption, and plausible deniability, Nations General Assembly in 19851
among others. Because different countries' law encouraging nations and international
enforcement and technical countermeasures organizations to take steps to safeguard
differ, this article will mostly focus on legal security in the context of the
international cooperation legislative and widespread use of automated data
regulatory activities5. processing in international trade.

II. ROLE OF INTERNATIONAL • A World Summit on the Information

TREATIES, CONVENTIONS Society (WSIS) was conducted in two
AND PROTOCOLS phases, one in Geneva from December
CONCERNING CYBERSPACE 1 to 12, 2003, and the other in Tunis
from November 16 to 18, 2005, under
The role of international treaties, conventions the auspices of the United Nations,
and protocols concerning the cybercrime which with the International
is a part of the cyber space is immense as it Telecommunication Union playing a
provides for a regulatory framework for the prominent role. Realizing the
relevant countries who are part of the treaty or enormous potential of information and
conventions. This will bind the countries to communication technologies in human
cater with the rules and regulations of the development, world leaders declared
treaties, conventions, and protocols. The their "common desire and commitment
following are the some of the treaties, to build a people-centered, inclusive,
conventions and protocols that is worldwide and development-oriented information
accepted by majority of the countries. The society, where everyone can create,
following treaties, conventions set a backdrop access, utilize, and share information
for the comparative study of the legislative and knowledge, enabling individuals,
framework for this chapter. communities, and peoples to achieve
their full potential in promoting their
• The United Nations is the most well- sustainable development" at the
known of all international summit in Geneva in 2003. One of the
organizations. The United Nations goals of the WSIS was to alleviate the
Commission on International Trade digital divide, or the unequal
Law (UNCITRAL) is the organisation distribution of the advantages of the
in charge of harmonizing and unifying information technology revolution
international trade law. UNCITRAL, between developed and poor countries
based in Vienna, is a global legal and within societies.
organisation that has specialised on
Nuruddin Khan 784

• The United Nations Commission on currently set with challenges and

Trade and Development (UNCTAD) is discontent. The legal framework
the primary trade and development consists of the following elements:
agency of the United Nations General
Assembly. UNCTAD has been The Information Technology Act of
engaged in advocating for the role and 2000 (IT Act) comprises legislation
importance of information and relating to cyber and IT-related laws in
communication technologies in India (for example, sections 43A and
development since 1998, when the 72A).
General Assembly allocated it a special
Compensation for data breaches under
grant to pursue and promote electronic
Section 43A.
commerce initiatives.
Section 72A: Any knowingly and
• Cybercrime Convention in Europe
intentionally disclosing of information
The European Convention on without the consent of the person
Cybercrime, held in Budapest on concerned is punishable by
November 23, 2001, took the most imprisonment for up to three years.
major approach to cybercrime and
However, these provisions do not, on
international cyber law. It is one of the
the one hand, protect against data
most important international
breaches and, on the other, do not
conventions addressing cybercrime and
impose a privacy framework based on
electronic evidence. The Council of
rights6.
Europe, Canada, Japan, South Africa,
and the United States of America
• Around 67 countries have signed the
collaborated on the document. This
Convention, and ten international
Convention is divided into four
organizations (the Commonwealth
chapters with a total of 48 articles. This
Secretariat, European Union,
Convention is a global treaty on
INTERPOL, International
criminal justice that provides States
Telecommunication Union,
with Computer and internet-based
Organization of American States, UN
criminalization of specific behaviors;
Office on Drugs and Crime, and others)
procedural law for investigating
participate in the Cybercrime
cybercrime and admitting electronic
Convention Committee as members or
evidence in any criminal case; and
observers. The Signatories'
international collaboration between
implementation of the Convention is
law enforcement and judicial
the responsibility of the Committee.
authorities in the areas of cybercrime
However, because India is not a
and electronic evidence. India’s stand
signatory to the Convention on
on the convention its status as
Cybercrime, it is not compelled to
nonmember of the convention but India
change or execute its domestic laws in
voted for a separate convention.
line with the Convention.
Similarly, data sharing with foreign
bodies is against the national sovereign • Computer and Computer-Related
of the country as termed by the Crimes Model Law
Intelligence Bureau. Due to a lack of a
strong legislative framework, India's The Commonwealth Secretariat drafted
data protection regulations are a "Model Law on Computer and
785 Journal of Positive School Psychology

Computer-Related Crime" for the • The Okinawa Charter on Global

Commonwealth's 53 member countries Information Society, adopted at the
in October 2002. The Model Law Okinawa Summit in 2000, adopted the
expanded the scope of criminal concepts of international collaboration
culpability for offenses involving the and harmonization for cybercrime. The
internet and computer systems, as well Group of Eight agreed on the
as the use of unauthorized computer- importance and principles of privacy
related devices and practices. protection, free flow of information,
and transaction security.
In the context of cybercrime, the Model
Law also introduced the idea of dual • WIPO, the World Intellectual Property
criminality. It indicates that if a person Organization, is situated in Geneva and
commits an infraction outside of his has 179 member states. WIPO's
nation, the offence is punishable if the mission is to "advance the protection of
person's acts would be punishable intellectual property around the world
under any law of the country where the through international collaboration."
offence was done. This idea of dual (WIPO Convention, Article 3) WIPO is
criminality could lead to charges or the custodian of 23 international
extradition. The Model Law has been treaties and serves as a platform for
used to draft domestic cyber laws in worldwide IP policy development and
some Commonwealth member administration. The migration of
countries. intellectual property to the digital realm
is the order of the day, as IP is well-
• Members of the World Trade suited to digitalization. Because an
Organization (WTO) adopted a infinite number of perfect copies may
declaration on global electronic be generated and readily distributed
commerce on May 20, 1998, during across digital networks around the
their Second Ministerial Conference in world, IP on the internet is insecure. As
Geneva, Switzerland, due to the a result, it's understandable that online
growing importance of internet content, such as information, music,
commerce in global trade. The WTO software, films, business procedures,
General Council was directed to databases, and so on, needs to be
prepare a thorough work programme to protected8.
evaluate all trade-related concerns
arising from electronic commerce, and • The United Nations Convention
to deliver a progress report to the Against Transnational Organized
WTO's Third Ministerial Conference, Crime (UNCTOC) was adopted by the
according to the Declaration. United Nations in 2000. The Palermo
Convention requires state parties to
• The Group of Eight consists of eight create domestic criminal charges that
countries (G8) target organized criminal groups, as
well as new procedures for extradition,
The Group of Eight (G8) was primarily
mutual legal assistance, and law
focused on prosecuting high-tech
enforcement cooperation. Even though
criminals and supporting technical and
the treaty does not specifically mention
legislative improvements to combat
cybercrime, its provisions are
worldwide computer crimes at the
extremely pertinent.
Denver Summit in 19977.
Nuruddin Khan 786

• Article 34 of the 1989 Convention on incorporated into the IT Law, which is in line
the Rights of the Child mandates that with the UNICITRAL Model Law.
states protect children from all forms of
sexual exploitation and abuse, Crimes have also made their way into the digital
including prostitution and sphere as a result of the advancement of
pornography. information technology. Hacking, voyeurism,
identity theft, and other cybercrimes and e-
• Protocol to the Convention on the commerce frauds are becoming an increasing
Rights of the Child (Optional Protocol) concern around the world. The IT Act identifies
(2001) – The sale of children, child these offences and imposes appropriate
prostitution, and child pornography are penalties in order to deter them.
all addressed in this protocol, which is
based on the CRC Convention. The The Act also includes provisions that allow
production, distribution, dissemination, service providers to set up, maintain, and
sale, and possession of child improve computerised facilities while also
pornography are all prohibited under allowing them to collect and retain adequate
Article 3(1)(c). The Internet is service costs if the State and Central
mentioned in the Preamble as a source Governments give them permission10.
of child pornography distribution.
It encompasses a wide range of topics,
Article 2(3) contains a definition of
including data protection, data security, digital
child pornography that is wide enough
transactions, electronic communication,
to include virtual images of minors9.
freedom of expression, and online privacy, to
III. LEGISLATIVE FRAMEWORK name a few. Regulation Of Information
OF CYBERCRIME IN INDIA Technology Regulation Of Information
Technology
India's Cyber Laws Statute
The Information and Technology Act. It is
The Information Technology Act, 2000 ("IT based on the United Nations Model Law on
ACT") governs cyber laws in India. The act's Electronic Commerce (UNCITRAL Model),
principal goal is Protection of private data and which was recommended by the United Nations
personal information of persons has become General Assembly in a resolution dated January
increasingly important in today's digital world 30, 1997." In India, the legislation establishes a
as the number of IT-enabled services grows. In legal foundation for e-commerce. It focuses on
a broader sense, sensitive and vital information and addresses digital crimes, sometimes known
that is critical to national security need as cybercrime, as well as electronic trade. The
protection as well. The IT Act provides the legislation was passed in order to update some
infrastructure required to set up a secure system outdated laws and to give cybercrime
and limit access to confidential information. jurisdiction. These laws have addressed issues
such as electronic authentication, digital
The United Nations Commission on (electronic) signatures, cybercrime, and
International Trade Law (UNCITRAL) adopted network service provider liability. In addition,
the Model Law on Electronic Signatures in the Information Technology Amendment Bill
2001. The general assembly's recommendations of 2008 amended the statute. The Indian Penal
urged all states to integrate the Model Law on Code of 1860 and the Indian Evidence Act of
Electronic Signatures into their own state laws. 1872 were amended by the IT Act of 2000 to
The provisions on digital signatures are take into account the fast-changing
technological landscape11.
787 Journal of Positive School Psychology

On October 17, 2000, the Cyber Law IT Act ❖ There is also a provision for the
2000 was enacted in India to address e- Controller of Certifying Authorities to
commerce and cybercrime. After the Indian be established, which will license and
Constitution was drafted, cyber legislation was regulate the Certifying Authorities'
enacted. As a result, it is a residuary topic operations. In this situation, the
managed by the Central Government that is not Controller stores all of the digital
included in the three lists: Union, State, and signatures.
Concurrent. The following is a list of
characteristics of Cyber Law as defined by the Areas where cyber law is not applicable
act12:
❖ The Central Government has started a
❖ All electronic contracts entered into number of initiatives and papers.
through secure electronic channels are
legally binding. ❖ Financial and legal acts performed by a
person who has been lawfully
❖ E-records and digital signatures are designated as a Power of Attorney.
protected by security mechanisms.
❖ Contract for the sale or transfer of real
❖ The Cyber Law Act establishes a estate
procedure for appointing an
adjudicating officer to conduct Some of the most important sections under
investigations. Information Technology act 2000

❖ Digital signatures are legally Section 3 - Authentication of electronic records

recognized under the IT legislation act.
Section 4 - Legal recognition of electronic
The employment of an asymmetric
records
cryptosystem and a hash function is
also required for digital signatures. Section 5 - Legal recognition of Digital
signature
❖ Without a warrant, top police officers
and other officials are able to search Section 6 - Use of electronic records and digital
any public case signature in Government and its agencies

❖ The act includes a provision to create a Section 17 - Appointment of controller of

Cyber Regulation Appellate Tribunal. certifying authorities and other officials
This tribunal hears appeals from the
Adjudicating Officer's or the Section 18 - Functions of controller of
Controller's final orders. However, the certifying authorities
only way to challenge the tribunal's
decision is to go to the High Court. Section 43 - Penalty for damages to Computer,
Computer systems, unauthorized access,
❖ The act also establishes a Cyber download of data, infecting with virus, denial of
Regulations Advisory Committee, access etc
which will advise the Controller and
the Central Government. Section 44 - Penalty for failure to furnish
information returns etc to the certifying
❖ The Cyber Law Act's nature also authority
applies to online crimes or offenses
committed outside of India.
Nuruddin Khan 788

Section 48 - Establishment of Cyber appellate platform. The government has also stated that
tribunal they will not support anything that could pose a
threat to national security.
Section 65 - Penalty for tampering with
Computer source documents The requirement for social media and Over-the-
Top (OTT) directions14
Section 66 - Penalty for hacking of computer
system ❖ Hate speech and defamation- Due to
the unexpected surge in visibility on
Section 66B - Penalty for receiving stolen social media, it is critical to prevent
computer or communication devices hate speech and defamation, which can
have serious consequences for the
Section 66C - Penalty for identity theft public.
Section 66D - Punishment for cheating by ❖ Misuse of content and misinformation-
personation by using computer resources Misuse of personal content, including
obscene content, on the same platforms
Section 66E - Penalty for capture, transmit of
is another important issue.
publish images of a person without consent
❖ Online Protection- There is a pressing
Section 66F - Penalty for cyber terrorism
need to safeguard women and men
Section 67 - Punishment for publishing from sexual assaults that take place on
information which is obscene in electronic form online platforms.

Section 67A - Penalty for publishing images There were no effective controls in place earlier
containing sexual act or conduct to ensure that content on OTT Platforms was
being watched by an appropriate age group.
Section 67B - Penalty for child pornography However, with the new rules and strong
parental controls in place, content will now be
Section 70 - Penalty for securing access or sent to the appropriate audience.
attempting to secure access to a protected
system As amendments where it had some drawbacks
also
Section 71 - Penalty for misrepresentations
❖ Concerns about privacy- Any
Recent development in the cyber law in information can be exploited, and
the year 202113 propaganda of any kind can harm
digital publishers.
The government of India has introduced new
guidelines to regulate social media and OTT ❖ Infringing on the Right to Freedom of
(over-the-top) platforms, as social media has Expression and Speech- This right,
become a newfound arena for everyone to according to Article 19(a), empowers
communicate and express their ideas. It was set citizens to express any opinion through
up to prevent hate speech from being used and any means of communication,
spread. Another important motivation is to including speech and writing. Curbing
address people's grievances. They'll also track and regulating social media is
down the original sender of offensive remarks essentially depriving citizens of their
and tweets. This will be done either by the First Amendment right to free speech
government or by a court order directed at that and expression.
789 Journal of Positive School Psychology

❖ Tracking problems- Personal data, such certificates, and licenses, be delivered

as WhatsApp communications, is electronically under the Information
essential for the government to trace Technology (Electronic Service
17
hate speech and original originators of Delivery) Rules , which allow the
tweets. However, given WhatsApp's government to specify that certain
encryption, it's unclear how they'll be services, such as applications,
able to extract such information. certificates, and licenses, be delivered
electronically.
The government periodically publishes sets of
Information Technology Rules (the IT Rules) And the most important one the compliance
under various parts of the IT Act to widen its regulators which look after the compliance part
scope. These IT Rules are focused on and
regulate specific areas of data collection, CERT-In
transfer, and processing, and include the
following, most recently: The government established CERT-In under
Section 70B of the IT (Amendment) Act 2008,
❖ The Information Technology which the Ministry of Electronics and
(Reasonable Security Practices and Information Technology refers to as the "Indian
Procedures and Sensitive Personal Computer Emergency Response Team."
Data or Information) Rules15, which CERT-In is a national nodal agency that
mandate that companies holding handles computer security events as they
sensitive personal data or information happen. The following are the functions of the
of users adhere to particular security agency as defined by the Ministry of
requirements; Electronics and Information Technology:

❖ 2021 Information Technology • Information about cybersecurity

(Guidelines for Intermediaries and incidents is collected, analyzed, and
Digital Media Ethics Code) Rules, disseminated.
which ban content of a particular sort
on the internet and restrict the role of • Cybersecurity incident forecasting and
intermediates, particularly social media notifications;
intermediaries, in keeping their
customers' personal data safe online; • actions should be taken in the event of
a cyber-attack;
❖ The Information Technology
(Guidelines for Cyber Cafe) Rules16, • actions for cybersecurity incident
which require cybercafés to register response cooperation; and
with a registration agency and keep a
• issuing guidelines, advisories,
log of users' identities and internet
vulnerability notes, and white papers
usage; and the Information Technology
on information security practices,
(Guidelines for Cyber Cafe) Rules,
processes, cybersecurity incident
which require cybercafés to register
prevention, response, and reporting18.
with a registration agency and keep a
log of users' identities and internet
Appellate Tribunal for Cyber
usage.
Regulations (CRAT)
❖ The government can specify that
In October 2006, the Ministry of Electronics
certain services, such as applications,
and Information Technology formed CRAT
Nuruddin Khan 790

under Section 48(1) of the IT Act 2000. The Section 6 – computer virus- “(a) A
Cyber Appellate Tribunal was renamed as a person who composes a software
result of the IT (Amendment) Act 2008. program in a manner that enables it to
(CRAT). Any individual who is aggrieved by cause damage to or disruption of a non-
an order made by the Controller of Certifying specific computer or computer
Authorities or an adjudicating officer under this material, in order to unlawfully cause
Act may file an appeal with the CAT under the damage to or disruption of a computer
IT Act. According to Section 49 of the IT Act or computer material, whether specific
2000, the CRAT is led by a chairperson who is or non-specific, shall be liable to
selected by the central government by imprisonment for a period of three
notification. years. (b) A person who transfers
software program to another, or who
The chairperson was previously known as the infiltrates another's computer with, a
presiding officer until the IT (Amendment) Act software program that is capable of
2008. The modified Act specifies that the causing damage or disruption as
CRAT will consist of a chairperson and as aforesaid in Subsection (a), in order to
many other members as the federal government unlawfully cause the aforesaid damage
may notify or appoint19. or disruption, shall be liable to
imprisonment for a period of five
Legislative framework of cybercrime In years”
Israel
• The Privacy Protection
The key statutory and regulatory provisions that
Regulations (Data Security),
address cyber issues under Israeli law are:
2017 (based on the 1981 Privacy
Protection Law)21;
• The Computer Law, 199520;
The regulations apply to both the
The main law that deals with
private and public sectors, and they
cybercrimes is the Computer Law
provide organizational procedures to
(1995). This Law forbids the illegal
ensure that data security is integrated
access to computer material (Article 4),
into the management processes of all
data and system interference (Article 2)
businesses that process personal data.
and the misuse of devices (Article 6)
alongside other offences. The rules are the result of a thorough
examination of relevant legislation,
Some of the important sections in
standards, and related Israeli and
Computer Law 1995.
international recommendations. The
Section 4 – unlawful penetration into laws were put in place following
computer material -,” A person who thorough consultation with the Israeli
unlawfully penetrates computer people, particularly those who might be
material located in a computer, shall be affected by them.
liable to imprisonment for a period of
The regulations are projected to
three years; for this purpose,
significantly improve Israel's data
“penetration into computer material” -
security since they are both flexible,
penetration by means of
concrete, and particular to the point
communication or connection with a
where they provide enterprises with
computer”
regulatory certainty and practical
791 Journal of Positive School Psychology

instruments that are easy to execute. The law acknowledges copyright as being
With the legislation' implementation in applicable to original productions – literary,
May 2018, we anticipate a new age in artistic, dramatic, or musical – as well as
which Israel's privacy protection will recordings, as long as they have a connection to
be greater than ever. Israel or are protected by a decree issued by the
Minister of Justice in compliance with an
• The Emergency Regulations, international convention.
2020 on the and processing of
‘technological information' on The law broadens the range of uses that are
Israeli citizens to stop the spread either permitted or considered fair use. Use of a
of COVID-1922; creation in legal or administrative proceedings;
copying of a creation that is deposited by law
On March 15 and 17, 2020, Israel’s for public review; indirect use of a creation by
transitional government headed by inclusion in another creation such as a
Prime Minister Binyamin Netanyahu photograph, a film, or a record; copying of
approved two separate emergency computer software for backup or maintenance;
regulations that allow, among other and use of a creation for broadcast; as part of an
things, the use of digital surveillance by educational activity; in libraries, and so on are
the General Security Service (GSS) and among them. The law extends copyright
provide expanded search authority to protection to the creator's lifetime or, in the case
the Israel Police to combat the spread of a joint creation, the last remaining creator's
of the coronavirus. The GSS is lifetime, to 70 years after his death. Anonymous
responsible for “safeguarding state creations are protected for 70 years, while
security … and promoting other vital records and creations owned by the state are
state interests for the national security protected for 50 years. The law also
of the state, all as prescribed by the acknowledges moral rights, which include the
government and subject to law. creators' rights to name their creation and to be
safeguarded from any change or action that
The Cyber Defence and National Cyber could jeopardize the creator's dignity or
Directorate Bill, which is under negotiation in reputation.
the Israeli Knesset (Parliament)23; and
The 2017 Privacy Protection Regulations (Data
The Israel National Cyber Directorate is Protection) outline the levels of security
responsible for all aspects of cyber defense in required for several types of information, based
the civilian sphere, from formulating policy and on the sensitivity of the data as specified by the
building technological power to operational regulations. They are divided into the following
defense in cyberspace. We provide incident categories:
handling services and guidance for all civilian
entities as well as all critical infrastructures in • databases that are subject to a basic
the Israeli economy, and works towards level of security;
increasing the resilience of the civilian cyber
space. • databases with a medium level of
security; and databases with a low level
The Copyright Law, 2007 – Amendment 5 of security.
(2019) on the procedure for the disclosure of the
identity of internet users under certain • databases that require a high level of
circumstances24. security
Nuruddin Khan 792

Outsourcing is addressed in paragraph 15 of the Anyone who alters software in such a way that
Privacy Protection Regulations (Data Security) it is capable of causing harm or disruption to a
2017, which stipulates the responsibility of the computer or content stored on a computer,
outsourced service provider in terms of whether stated or unspecified, is subject to
cybersecurity. The regulations govern the paragraph 6 of the law. will be sentenced to
agreement between an Israeli business and its three years in prison; and anyone who transfers
outsourced service provider (which could be a or instals software capable of causing damage
non-Israeli entity) for databases that must be or disruption on another's computer in order to
kept secure. cause unlawful damage or disruption will be
sentenced to five years in jail.
Enforcement and penalties under the
cyber laws in Isreal25 The Israeli Privacy Protection Authority is in
charge of cyber-related civil matters including
The following criminal consequences for personal information and data security breaches
cybercrime are set out in the Israeli Computer (PPA). Any personal data breach must be
Law of 1995. (Eg, hacking, theft of trade reported to the PPA under the Privacy
secrets). Protection Regulations (Data Security) of 2017.
The PPA is empowered by law to enforce and
Paragraph 3 stipulates a five-year prison supervise any organisation that is required by
sentence for anyone who: law to register its databases in Israel. Under the
Privacy Protection Law and its regulations, the
write software, transfer software to or store
PPA has the legal authority and reason to apply
software on a computer in such a way that its
administrative fines and entry and search
use will result in false information or false
orders, which it does in select situations. The
output, or operate a computer using such
PPA ensures that any database must be
software; or transmit or store false information
registered in accordance with the legislation.
or act on information in a way that results in
The applicant must provide all of the following
false information or false output; or write
information on the database registration
software, transfer software to or store software
application form:
on a computer in such a way that its use will
result in false information or false output.
• the data owner (equivalent to a data
controller); and
In this context, 'false information' and 'false
output' refer to data and output that, depending
• the registered database manager's
on their application, may be misleading.
personal information, who bears legal
personal liability.
Except if the unlawful entry of a computer or
the illegal infiltration of material found on a
If the management fails to supervise the
computer is based on the Wiretap Act of 1979,
organization's data control, he or she is legally
illegal intrusion of a computer or illegal
liable.
infiltration of material found on a computer is
punishable by three years in prison under Through the Israeli Cyber Emergency
paragraph 4. Response Team, the Israel National Cyber
Directorate monitors national civil cyber threats
Anyone who undertakes an act banned by
in order to improve Israel's defence and build a
Section 4 in order to commit an offence under
shared basis of civil knowledge on data
any legislation would be punished to five years
protection. The National Cyber Directorate is
in prison, according to paragraph 5.
not authorised to enforce any laws.
793 Journal of Positive School Psychology

The Cyber Authority and other government 18 U.S.C. 1030(a)(3); computer trespassing
entities are aggressively addressing and (e.g., hacking) in a federal computer;
enforcing national and international
cybersecurity issues. These organisations have 18 U.S.C. 1030(a)(2); computer trespassing
unrestricted ability to take whatever actions are (e.g., hacking) resulting in exposure to certain
necessary to avoid national or international governmental, credit, financial, or computer-
security threats. stored information;

The Israeli police force has developed a 18 U.S.C. 1030(a)(5): destroying a government
cybercrime central section to combat crimes computer, a bank computer, or a computer used
such as paedophilia, drug trafficking, credit in, or influencing, interstate or foreign
card fraud, and identity theft that occur on commerce (e.g., a worm, computer virus,
virtual platforms. The cybercrime unit is Trojan horse, time bomb, denial of service
authorised to investigate and prosecute. attack, and other kinds of cyber-attack,
cybercrime, or cyber terrorism);
Cyber-related guidelines and processes have
been implemented by other government- 18 U.S.C. 1030(a)(4), perpetrating fraud that
supervised businesses, such as banks and includes unauthorised access to a government
insurers, to meet worldwide requirements. computer, a bank computer, or a computer
utilised in, or affecting, interstate or foreign
With the exception of homeland security commerce;
problems, none of the aforementioned
authorities or government entities have 18 U.S.C. 1030(a)(7); threatening to harm a
extraterritorial authority over firms that are not government computer, a bank computer, or a
based in Israel and do not have a local presence computer utilised in or affecting interstate or
(including subsidiaries and related companies). foreign commerce;

Legislative framework of cybercrime in 18 U.S.C. 1030(a)(6), for trafficking in

USA26 passwords for a government computer or when
the trafficking affects interstate or foreign
Computer fraud and abuse are prohibited under commerce; and 18 U.S.C. 1030(a)(7), for
the Computer Fraud and Abuse Act (CFAA), 18 trafficking in passwords for a government
U.S.C. 1030. It's a piece of cyber-security computer or when the trafficking affects
legislation. It safeguards federal computers, interstate or overseas business.
bank computers, and Internet-connected
systems. It protects them from trespassing, 18 U.S.C. 1030(a): Using a computer to commit
threats, vandalism, spying, and being exploited espionage (1).
as fraud instruments by the corrupt. It is not a
comprehensive provision; rather, it fills in the Attempting or conspiring to commit any of
fractures and holes left by other federal criminal these actions is illegal under Section 1030(b).
laws. This is a quick rundown of the CFAA and Subsection 1030(c) lists the penalty for
some of its federal statutory partners, including committing crimes, which vary from a year in
the Identity Theft Enforcement and Restitution jail for ordinary cyberspace trespassing to a
Act, P.L. 110-326, 122 Stat. 3560, and its maximum of life in prison for intentional
revisions (2008). computer damage that results in death.

The seven provisions of subsection 1030(a) in The Secret Service's investigation jurisdiction
their current form prohibit is preserved by Section 1030(d). Common
definitions are provided in section 1030(e).
Nuruddin Khan 794

Section 1030(f) does not apply to law benefit eligibility inquiries, referral
enforcement efforts that are otherwise legal. authorization requests, and other transactions
Victims of these offences have a civil cause of for which HHS has defined criteria under the
action under Section 1030(g). The forfeiture of HIPAA Transactions Rule are examples of
tainted property is allowed under Sections these transactions.
1030(i) and (j).
Health plans are organizations that offer or pay
Critical Infrastructure Information Act for medical treatment. Health insurers, dental,
vision, and prescription drug insurers; health
The Critical Infrastructure Information Act of maintenance organizations (HMOs); Medicare,
2002 (CII Act) seeks to facilitate greater Medicaid, Medicare+Choice, and Medicare
sharing of critical infrastructure information supplement insurers; and long-term care
among the owners and operators of the critical insurers are all examples of health plans
infrastructures and government entities with (excluding nursing home fixed-indemnity
infrastructure protection responsibilities, policies). Employer-sponsored group health
thereby reducing the nation’s vulnerability to plans, government- and church-sponsored
terrorism. The Homeland Security Act of 2002 health plans, and multi-employer health plans
established a framework that allows individuals are all examples of health plans.
of the private sector and others to voluntarily
submit sensitive information about the Nation's A covered entity is not a group health plan with
Critical information to Department of less than 50 participants that is solely
Homeland security with the certainty that the administered by the employer who established
information will be shielded from public and maintains the plan.
exposure if it meets specific criteria27.
Entities that convert nonstandard information
Health Insurance Portability and received from another entity into a standard
Accountability Act of 1996 (HIPAA)28 (i.e., standard format or data content), or vice
versa. Individually identifiable health
The Health Insurance Portability and information is often only received by healthcare
Accountability Act of 1996 (HIPAA) is a clearinghouses when they are acting as a
federal law that mandated the adoption of business associate for a health plan or a
national standards to prevent sensitive patient healthcare provider.
health information from being revealed without
the consent or knowledge of the patient. The Individually identifiable health information is
HIPAA Privacy Rule was developed by the US used or disclosed by business associates (other
Department of Health and Human Services than members of a covered entity's workforce)
(HHS) to implement HIPAA's provisions. A to perform or provide operations, activities, or
subset of information covered by the Privacy services for a covered entity. Claims
Rule is protected under the HIPAA Security processing, data analysis, usage review, and
Rule. billing are examples of these functions,
activities, or services.
Individuals and organizations that fall under the
following categories are considered covered Gramm-Leach-Bliley Act29
entities under the Privacy Rule:
The Gramm-Leach-Bliley Act requires
Every healthcare professional, regardless of financial institutions – companies that offer
practice size, who electronically communicates consumers financial products or services like
health information in connection with specific loans, financial or investment advice, or
transactions is a healthcare provider. Claims, insurance – to explain their information-sharing
795 Journal of Positive School Psychology

practices to their customers and to safeguard • Review the security controls in their
sensitive data. systems on a regular basis.

FISMA30 • Authorize system processing before

beginning operations and on a regular
In December 2002, the Federal Information basis thereafter.
Security Management Act (FISMA) [FISMA
2002], which was enacted as part of the E- FISMA applies to Federal agencies,
Government Act (Public Law 107-347) was contractors, or other sources that provide
signed into law. FISMA 2002 mandates that information security for the information and
each federal agency creates, document, and information systems that support the operations
implement an agency-wide information and assets of the agency.
security program for all information and
systems that support the agency's operations Electronic Communications Privacy Act
and assets, including those provided or of 1986 (ECPA)31
maintained by another agency, contractor, or
other sources. The Electronic Communications Privacy Act
(ECPA) of 1986 combines the Electronic
The Federal Information Security Communications Privacy Act and the Stored
Modernization Act of 2014 modifies FISMA Wire Electronic Communications Act. The
2002 by making a number of changes to ECPA revised the Federal Wiretap Act of 1968,
improve federal security practices in response which covered interception of conversations
to emerging security issues. These over "hard" telephone lines but not computer
improvements result in less overall reporting, a and other digital and electronic
stronger use of continuous monitoring in communications. Several following pieces of
systems, a greater focus on agencies for legislation, such as the USA PATRIOT Act,
compliance, and reporting that is more focused explain and update the ECPA in order to keep
on security incident issues. FISMA 2014 also up with the growth of new communications
mandated that the Office of Management and technology and methods, including loosening
Budget (OMB) amend/revise OMB Circular A- restrictions on law enforcement access to stored
130 to minimize inefficient and unnecessary communications in some situations.
reporting, as well as to reflect changes in the
law and technological advancements. General Provisions

FISMA, like the Paperwork Reduction Act of The ECPA, as modified, safeguards wire, oral,
1995 and the Information Technology and electronic communications while they are
Management Reform Act of 1996 (Clinger- in use, in transit, and when they are stored on
Cohen Act), places a strong emphasis on risk- computers. Email, phone chats, and data saved
based security. The Office of Management and electronically are all covered by the Act.
Budget (OMB), in support of and to reinforce
Civil Liberties and Civil Rights
FISMA, has issued Circular A-130, "Managing
Federal Information as a Strategic Resource,"
"The SCA's structure incorporates a number of
which requires executive agencies within the
classifications that reflect the drafters'
federal government to:
assessments of which types of information pose
higher or lesser privacy risks. The drafters, for
• Make a security plan.
example, identified a higher level of privacy
• Assign security duty to the relevant concern in the content of retained emails than in
officials. subscriber account information. Similarly, the
Nuruddin Khan 796

drafters considered that computing services that information requires a special court order; and
were 'open to the public' required more still more information requires a search
stringent [sic] regulation than services that were warrant. Furthermore, some legal processes
not... The [Act] provides varied degrees of legal need the subscriber to be notified, while others
protection based on the perceived relevance of do not."
the privacy interest at hand, in order to preserve
the wide range of privacy interests outlined by The Act follows a general policy of providing
its drafters. A subpoena can be used to collect more privacy protection for content with higher
some information from providers; other privacy concerns.

IV. COMPARATIVE STUDY OF INDIA, USA, AND ISRAEL

INDIA ISRAEL USA

1.The Information Technology The main law that deals with Computer fraud and abuse are
Act, 2000 ("IT ACT") governs cybercrimes is the Computer prohibited under the Computer
cyber laws in India. The act's Law (1995). This Law forbids Fraud and Abuse Act (CFAA),
principal goal is to give the illegal access to computer 18 U.S.C. 1030. It's a piece of
electronic trade legal material (Article 4), data and cyber-security legislation. It
legitimacy and to make filing system interference (Article 2) safeguards federal computers,
electronic records with the and the misuse of devices bank computers, and Internet-
government easier (Article 6) alongside other connected systems. It protects
offences them from trespassing, threats,
vandalism, spying, and being
exploited as fraud instruments
by the corrupt

2. The Information Technology The Privacy Protection Critical Infrastructure

(Reasonable Security Practices Regulations (Data Security), Information Act
and Procedures and Sensitive 2017 (based on the 1981
Personal Data or Information) Privacy Protection Law) The Critical Infrastructure
Rules32, which mandate that Information Act of 2002 (CII
companies holding sensitive The regulations apply to both Act) seeks to facilitate greater
personal data or information of the private and public sectors, sharing of critical
users adhere to particular and they provide infrastructure information
security requirements. organizational procedures to among the owners and
ensure that data security is operators of the critical
integrated into the management infrastructures and government
processes of all businesses that entities with infrastructure
process personal data. protection responsibilities,
thereby reducing the nation’s
vulnerability to terrorism
797 Journal of Positive School Psychology

3. Information Technology The Emergency Regulations, Health Insurance Portability

(Guidelines for Intermediaries 2020 on the and processing of and Accountability Act of 1996
and Digital Media Ethics ‘technological information' on (HIPAA)
Code) 2021 Israeli citizens
The Health Insurance
Portability and Accountability
Act of 1996 (HIPAA) is a
federal law that mandated the
adoption of national standards
to prevent sensitive patient
health information from being
revealed without the consent or
knowledge of the patient

4. The Information Technology The Cyber Defence and Gramm-Leach-Bliley Act

(Guidelines for Cyber Cafe) National Cyber Directorate
Rules33, which require Bill, which is under negotiation The Gramm-Leach-Bliley Act
cybercafés to register with a in the Israeli Knesset requires financial institutions –
registration agency and keep a (Parliament) companies that offer
log of users' identities and consumers financial products
internet usage; and the or services like loans, financial
Information Technology or investment advice, or
(Guidelines for Cyber Cafe) insurance – to explain their
Rules, which require information-sharing practices
cybercafés to register with a to their customers and to
registration agency and keep a safeguard sensitive data.
log of users' identities and
internet usage.

5. The government can specify The Copyright Law, 2007 – FISMA

that certain services, such as Amendment 5 (2019) on the
applications, certificates, and procedure for the disclosure of In December 2002, the Federal
licenses, be delivered the identity of internet users Information Security
electronically under the under certain circumstances Management Act (FISMA)
Information Technology [FISMA 2002], which was
(Electronic Service Delivery) enacted as part of the E-
Rules34, which allow the Government Act (Public Law
government to specify that 107-347) was signed into law.
certain services, such as FISMA 2002 mandates that
applications, certificates, and each federal agency create,
document, and implement an
agency-wide information
Nuruddin Khan 798

licenses, be delivered security program for all

electronically. information and systems that
support the agency's operations
and assets, including those
provided or maintained by
another agency, contractor, or
other sources

5.The 2017 Privacy Protection Electronic Communications

Regulations (Data Protection) Privacy Act of 1986 (ECPA)
outline the levels of security
required for several types of The Electronic
information, based on the Communications Privacy Act
sensitivity of the data as (ECPA) of 1986 combines the
specified by the regulations. Electronic Communications
They are divided into the Privacy Act and the Stored
following categories: Wire Electronic
Communications Act. The
ECPA revised the Federal
Wiretap Act of 1968, which
databases that are subject to a covered interception of
basic level of security; conversations over "hard"
telephone lines but not
computer and other digital and
electronic communications.
databases with a medium level
of security; and

databases with a low level of

security.

databases that require a high

level of security

As we compare the legislative framework of the The most important is the critical infrastructure
all the three countries it gives a clear picture that Israel and USA have their own legislations on
India is lacking way behind in relation to cyber the critical infrastructure of on the other hand
legislation specially in relation to the Data India is lacking a legislation as the critical
protection as Israel and USA have separate infrastructure is the most important of all. Any
legislation on the following topic. A strong kind on the nuclear power plants or the grid
legislative action is required from the makers of lines of the nation or on the stock exchanges can
law in India. cripple the economy for many months.
799 Journal of Positive School Psychology

Privacy related laws are missing in India as V. CONCLUSION & SUGGESTIONS

compared to Israel and Usa as they have their
own legislation on the privacy related issues in The worldwide idea of digital violations has
their respective country. begun a battle against them both broadly and
universally. Global collaboration is
Cyber-crime related model that should exceptionally required in these seasons of
be adopted by India to become one of steady logical improvements in PC and
the best countries to combat organization innovation and the dangers forced
cybercrime by digital crooks. All the previously mentioned
worldwide systems are pointed towards
The model prevailing in Israel and USA makes accomplishing that collaboration among
them one of the best countries in relation to different nations to battle digital wrongdoings
cybercrime. Similar model could be adopted by and direct digital law.
India to strengthen the cybercrime rin the
country. They are as follows: India, despite the fact that not a signatory to the
Convention on Cyber Crimes, is additionally
1. Advanced technology parks should be making an honest effort to battle digital
established in relation to crime related wrongdoings. With the establishment of the IT
to internet and development of public Act, 2000, and the IT (Amendment) Act, 2008
authorities in digital production. different advancements identified with digital
law have happened in India. In any case,
2. Digital production and network safety legitimate execution of digital law is as yet
instruction should be imparted to the required as numerous individuals don't know
students from the school level. about the dangers the web can present.
Specialization in Graduation should be
brought in relation to cyber security/ To make India a super power in relation to
web security in the curriculum of the cybercrime like USA and Israel we have to
students at college level. adopt the approach and methods adopted by
them which is mentioned in the chapter for
3. Research organizations should be set development of cyber security and protection
up, if research organization come from cybercrimes at national level.
together, it can make India super power
in digital protection. REFERENCES

1 6
Research Scholar, Lovely Professional https://www.drishtiias.com/daily-
University, Punjab, India updates/daily-news-analysis/convention-on-
2
Associate Professor, Lovely Professional global-cybercrime
7
University, Punjab, India https://blog.ipleaders.in/regulatory-
3
M. Gercke, "Understanding cybercrime: a framework-for-cyber-crimes/
8
guide for developing countries," International Apoorva Bhangla and Jahanvi Tuli , A Study
Telecommunication Union (Draft), vol. 89, p. on Cyber Crime and its Legal Framework in
93, 2011. India, 4 (2) IJLMH Page 493 - 504 (2021),
4
O.-e. I. E. G. o. Cybercrime, "Comprehensive DOI: http://doi.one/10.1732/IJLMH.26089
9
Study on Cyber Crime," UNODC2013. https://netlawgic.com/cyber-crime-
5
Apoorva Bhangla and Jahanvi Tuli , A Study conventions 07 Feb 2022 10am
10
on Cyber Crime and its Legal Framework in https://www.lawyered.in/legal-
India, 4 (2) IJLMH Page 493 - 504 (2021), disrupt/articles/diving-information-
DOI: http://doi.one/10.1732/IJLMH.26089 technology-act-2000-salient-features-and-
2008-amendments-rashi-suri
Nuruddin Khan 800

regulations-authorize-digital-surveillance-of-
11 coronavirus-patients-and-persons-subjected-to-
https://learn.lawdocs.in/analysis-of-indian-
legal-framework-for-cyber-crimes home-isolation/
12 23
https://www.mondaq.com/india/it-and-
internet/891738/cyber-crimes-under-the-ipc- https://www.gov.il/en/departments/israel_natio
and-it-act--an-uneasy-co-existence nal_cyber_directorate/govil-landing-page
13 24
https://www.loc.gov/item/global-legal-
https://www.jigsawacademy.com/blogs/cyber- monitor/2007-12-02/israel-new-copyright-law
25
security/what-is-cyber-law/
14 https://www.mondaq.com/technology/1070854
https://www.livelaw.in/law-firms/law-firm-
articles-/it-rules-2021-digital-media-ott- /cybersecurity-comparative-guide
26
platforms-186065 https://www.everycrsreport.com/reports
15 27

meity.gov.in/sites/upload_files/dit/files/GSR31 https://itlaw.fandom.com/wiki/Critical_Infrastr
3E_10511(1).pdf ucture_Information_Act_of_2002
16 28

meity.gov.in/sites/upload_files/dit/files/GSR31 https://www.cdc.gov/phlp/publications/topic/hi
5E_10511(1).pdf. paa.html
17 29
https://www.ftc.gov/tips-advice/business-
meity.gov.in/sites/upload_files/dit/files/GSR31 center/privacy-and-security/gramm-leach-
6E_10511(1).pdf bliley-act
18 30
www.cert-in.org.in. https://csrc.nist.gov/projects/risk-
19 management/fisma-background
https://www.meity.gov.in/writereaddata/files/
31
The%20Cyber%20Appellate%20Tribunal%28 https://bja.ojp.gov/program/it/privacy-civil-
Chairperson_Members%29%20Rules%2C%2 liberties/authorities/statutes/1285
32
02009.pdf.
20 meity.gov.in/sites/upload_files/dit/files/GSR31
https://www.coe.int/en/web/octopus/country- 3E_10511(1).pdf
33
wiki-ap/-
/asset_publisher/CmDb7M4RGb4Z/content/isr meity.gov.in/sites/upload_files/dit/files/GSR31
ael/ 5E_10511(1).pdf.
21 34

https://www.gov.il/en/Departments/General/da meity.gov.in/sites/upload_files/dit/files/GSR31
ta_security 6E_10511(1).pdf
22
https://www.loc.gov/item/global-legal-
monitor/2020-03-18/israel-emergency-