Security threats Toolkit

In association with Network Liberation Movement

Story: Phishers get smarter

Posted by: PRAVEEN DALAL (PERRY) (Tuesday 7 June 2005, 4:50 PM)

SELF HELP MEASURES AND CYBERSPACE

The problems associated with the use of malware used for phising purposes are not peculiar to any particular country as the menace is global in nature. The countries all over the world are facing this problem and are trying their level best to eliminate this problem. The problem, however, cannot be effectively curbed unless popular public support and a vigilant judiciary back it. The legislature cannot enact a law against the general public opinion of the nation at large. Thus, first a public support has to be obtained not only at the national level but at the international level as well. The people all over the world are not against the enactment of statutes curbing the use of malware, but they are conscious about their legitimate rights. Thus, the law to be enacted by the legislature must take care of public interest on a priority basis. This can be achieved if a suitable technology is supported by an apt legislation, which can exclusively take care of the menace created by the computers sending the malware and phising threats. Thus, the self-help measures recognised by the legislature should not be disproportionate and excessive than the threat received by the malware and phising attacks. Further, while using such self-help measures the property and rights of the general public should not be affected. It would also not be unreasonable to demand that such self-help measures should not themselves commit any illegal act or omission. Thus, a self-help measure should not be such as may destroy or steal the data or secret information stored in the computer of the person sending the malware or phising attack. It must be noted that two wrongs cannot make a thing right. Thus, a demarcating line between self-help and taking law in one’s own hand must be drawn. In the ultimate analysis we must not forget that self-help measures are “watchdogs and not blood-hounds”, and their purpose should be restricted to legitimate and proportionate defensive actions only. It will be sufficient to mention that only a computer can react fast enough to take care of the menace of malware or phising attacks and the traditional methods of law enforcement are helpless in this regard. The problems of lack of harmonisation, doubt regarding jurisdiction, lack of a uniform extradition law between various countries of the world, etc can be solved only by using a legitimate, proportionate and reasonable mechanism of self-help, which is not only instant but also free from technicalities and formalities.

Kindly see http://perry4law.blogspot.com/2005/06/private-defence-in-cyberspace_03.html for more details and Indian position.