Judicial Responses

Judicial Responses

5.1 : National Judicial Responses

There has been little litigation or judicial response to cybercrimes so far

in India and this will be a challenge for judicial decisions on cybercrime in
near future. There has been a landmark judgement on domain dispute in the
case of Rediff Communication Ltd. v. Cyberbooth and another: Similarly in
Yahoo! Inc. v. Akash Arora and another also the issue of domain name is
entitled to equal protection as trademark. There are a number of issues
involved in handling Cyber crime. The first problem is that India does not
have a comprehensive legal and regulatory framework for regulating all kinds
of cybercrimes. The Indian Cyber Law viz., The Information Technology Act,
2000 has introduced a chapter entitled Offences and in this chapter, only a
limited number of cyber crimes have been covered. These include damage to
computer source code, hacking, and publishing obscene electronic
information, breach of protected systems, publishing false Digital Signature
Certificates in certain particulars or for fraudulent purposes. Barring these
offences, no other cybercrimes are covered under the IT Act. In addition, the
IT Act 2000 has amended the Indian Penal Code, 1860. However, the
amendments have been made in such a manner so as to make the ambit of
documents stipulated in various criminal provisions to include therein,
electronic records .. Consequently, a number of cyber crimes are not at all
covered under the Indian Penal Code. These include cyber-stalking, cyber
harassment, cyber nuisance, identity theft, cyber terrorism etc.

Asif Azim Case

Main development has been India's first successful cybercrime

conviction in February. On February 5, Asif Azim, 24, was found guilty by
Delhi Metropolitan Magistrate Gulshan Kumar of cheating Sony India of a
29-inch colour television and a cordless headphone worth Rs 27,570. As it
was a first offence, the sentence was a one-year probation and a personal
surety bond of Rs 20,000. Azim, who had been working in I-Energizer, a call
centre in Noida, happened upon the credit card details of one of his clients,

117
 Judicial Responses

Barbara Campa. He then decided to do some shopping, free of charge. He

created an e-mail address in Campa's name and through it placed an order on
Sony India's website using Barbara Campa's credit card details. Sony India's
credit card company, Citibank, found it a valid transaction and the products
were delivered to Azim's residence the very next week. A mail was sent to
Campa with the photographs of Azim receiving the products.

Things went into panic mode when Campa realised she had been
charged for something she had not bought and informed the bank. Citibank,
after cross-checking with her, reported that the transaction was fraudulent
and, hence, invalid. This meant that Sony had to pay for the transaction. Then
matter was reported to the CBI. The CBI team found that the Internet
Protocol address from where the messages came was not in the US but In
Noida. They then tracked down the source computer. Azim was using it.
Azim confessed to everything when the CBI confronted him. He said he had
done it just for the sake of getting something free. Azim was convicted under
sections 418, 419 and 420 of the Indian Penal Code.

Yahoo Case: The case of Yahoo, Inc v. Akash Arora1 was the first case
where an Indian Court delivered its judgment relating to domain names. The
plaintiff Yahoo Inc. instituted a suit in the Delhi High Court against the
defendants seeking inter alia a decree of permanent injunction restraining the
defendants, their partners, servants and agents from operating any business
and/or selling, offering for sale, advertising and in any manner dealing in any
services or goods on the internet or otherwise under the trademark/domain
name 'Yahooindia.com' or any other mark/domain name which is identical
with or deceptively similar to the plaintiffs trademark 'Yahoo!'. The plaintiff
also moved an application seeking temporary injunction against the
defendants, during the pendency of the suit.

In this case, instituted by Yahoo!, Inc., the Delhi High Court granted
an ad interim injunction restraining the defendants from operating any
business or selling, offering for sale, advertising and/or in any manner

1
1999 PTC(19)210(Delhi)

118
 Judicial Responses

dealing in services or goods on the internet or otherwise under the

trademark/domain name "Yahooindia.com" or any other trademark/domain
name which is identical with or deceptively similar to the plaintiffs trademark
"Yahoo!".

Rediff Communication Ltd case: Subsequently, in another matter Rediff

Communications Ltd. v. Cyberbooth2 the Yahoo judgment was once again
reiterated. In this case, the plaintiff filed a suit for permanent injunction - for
inter alia restraining the defendants from using the mark/domain name
'RADIFF' or any other word or mark or name which is deceptively similar to
the plaintiffs mark/name 'REDIFF'. Bombay High Court granted an
injunction against the defendants. The Special Leave Petition filed by
Cyberbooth in the Supreme Court was also dismissed.

Though the Cyber Law was passed under the Information Technology
Act in 2000, but the corporate houses have been shy of reporting cyber
crimes fearing adverse publicity which results into less judicial
pronouncements. Only conviction reinforces the confidence of the people in
the capability of the-law enforcement agencies to crack cybercrime and in the
Indian judicial system's resilience in dealing with new challenges in the cyber
age.

Avnish Bajaj vs. State (N.C.T.) of Delhi

(2005)3CompLJ364(Del), 116(2005)DLT427, 2005(79)DRJ576

IN THE HIGH COURT OF DELHI

Bail Appl. No. 2284 of 2004

Decided On: 21.12.2004

Appellants: Avnish Bajaj Vs. Respondent: State (N.C.T.) of Delhi

Summary of the case

2
AIR 2000 Bom 27

119
 Judicial Responses

Avnish Bajaj, CEO of Baazee.com, an online auction website, was arrested for
distributing cyber pornography. The charges stemmed from the fact that someone had
sold copies of a pornographic CD through the Baazee.com website.

The court granted him bail in the case.

The major factors considered by the court were:

1. There was no prima facie evidence that Mr. Bajaj directly or indirectly published
the pornography,

2. The actual obscene recording/clip could not be viewed on Baazee.com,

3. Mr. Bajaj was of Indian origin and had family ties in India.

Background

Avnish Bajaj is the CEO of Baazee.com, a customer-to-customer website,

which facilitates the online sale of property. Baazee.com receives commission
from such sales and also generates revenue from advertisements carried on its web
pages.

An obscene MMS clipping was listed for sale on Baazee.com on 27th

November, 2004 in the name of “DPS Girl having fun". Some copies of the clipping
were sold through Baazee.com and the seller received the money for the sale.

Avnish Bajaj was arrested under section 67 of the Information

Technology Act, 2000 and his bail application was rejected by the trial court. He then
approached the Delhi High Court for bail.

Issues raised by the Prosecution

1. The accused did not stop payment through banking channels after learning of the
illegal nature of the transaction.

2. The item description "DPS Girl having fun" should have raised an alarm.

120
 Judicial Responses

Issues raised by the Defence

1. Section 67 of the Information Technology Act relates to publication of obscene

material. It does not relate to transmission of such material.

2. On coming to learn of the illegal character of the sale, remedial steps were taken
within 38 hours, since the intervening period was a weekend.

Findings of the court

1. It has not been established from the evidence that any publication took place by the
accused, directly or indirectly.

2. The actual obscene recording/clip could not be viewed on the portal of Baazee.com.

3. The sale consideration was not routed through the accused.

4. Prima facie Baazee.com had endeavored to plug the loophole.

5. The accused had actively participated in the investigations.

6. The nature of the alleged offence is such that the evidence has already crystallized
and may even be tamper proof.

7. Even though the accused is a foreign citizen, he is of Indian origin with family
roots in India.

8. The evidence that has been collected indicates only that the obscene material may
have been unwittingly offered for sale on the website.

9. The evidence that has been collected indicates that the heinous nature of the
alleged crime may be attributable to some other person.

Decision of the court

1. The court granted bail to Mr. Bajaj subject to furnishing two sureties of Rs. 1 lakh
each.

121
 Judicial Responses

2. The court ordered Mr. Bajaj to surrender his passport and not to leave India
without the permission of the Court.

3. The court also ordered Mr. Bajaj to participate and assist in the investigation.

Firos vs. State of Kerala

AIR2006Ker279, 2006(3)KLT 210, 2007(34)PTC98(Ker)

IN THE HIGH COURT OF KERALA W.A. No. 685 of 2004

Decided On: 24.05.2006

Appellants: Firos Vs. Respondent: State of Kerala

Summary of the case

The Government of Kerala issued a notification u/s 70 of the Information

Technology Act declaring the FRIENDS application software as a protected system.

The author of the application software filed a petition in the High Court
against the said notification. He also challenged the constitutional validity of section
70 of the IT Act.

The Court upheld the validity of both, section 70 of the IT Act, as well as the
notification issued by the Kerala Government.

Background of the case

Government of Kerala, as part of IT implementation in Government

departments, conceived a project idea of "FRIENDS" (Fast, Reliable, Instant,
Efficient Network for Disbursement of Services).

The project envisaged development of a software for single window collection

of bills payable to government, local authorities, various statutory agencies,
Government corporations etc. towards tax, fees, charges for electricity, water, etc. A
person by making a consolidated payment in a computer counter served through
"FRIENDS" system can discharge all his liabilities due to the government, local
authorities and various agencies.

122
 Judicial Responses

The work of developing the "FRIENDS" software was entrusted to Firos. The
application-software "FRIENDS" was first established at Thiruvananthapuram, free of
cost, and since the project was successful, the government decided to set up the
same in all other 13 district centres.

The Government of Kerala entered into a contract with Firos for setting up and
commissioning "FRIENDS" software system in 13 centres all over Kerala for
providing integrated services to the customers through a single window for a total
consideration of Rs. 13 lakh. Firos set up FRIENDS service centres in all the 13
centres and they were paid the agreed remuneration.

A dispute arose between Firos and the Government with regard to

Intellectual Property Rights (IPR) in the FRIENDS software.

The Government arranged to modify the FRIENDS software to suit its further
requirements through another agency. Firos alleged violation of copyright and filed a
criminal complaint against the government. A counter case was filed by the
government against Firos.

The Government of Kerala issued a notification under Section 70 of the

Information Technology Act declaring the FRIENDS software installed in the
computer system and computer network established in all centres in Kerala as a
protected system. Firos filed a writ petition challenging section 70 of the IT Act.

Issues raised by the Petitioner

1. The Government of Kerala notification under section 70 of the IT Act is arbitrary,

discriminatory and violates Article 19(1)(g) of the Constitution of India.

2. The Government of Kerala notification under section 70 of the IT Act is and was
against the statutory right conferred under Section 17 of the Copyright Act.

3. Section 70 of the IT Act which confers the unfettered powers on the State
Government to declare any computer system as a protected system is arbitrary and
unconstitutional and inconsistent with Copyright Act.

4. Section 70 of the IT Act has to be declared as illegal.

123
 Judicial Responses

5. There is direct conflict between the provisions of Section 17 of the Copyright Act
and Section 70 of the Information Technology Act. When there is conflict
between two Acts, a harmonious construction has to be adopted.

Conclusions of the court

1. There is no conflict between the provisions of Copyright Act and Section

70 of IT Act.

2. Section 70 of the IT Act is not unconstitutional.

3. While interpreting section 70 of the IT Act, a harmonious construction with

Copyright Act is needed.

4. Section 70 of the IT Act is not against but subject to the provisions of the
Copyright Act.

5. Government cannot unilaterally declare any system as "protected" other than

"Government work" falling under section 2(k) of the Copyright Act on which
Govt.'s copyright is recognized under Section 17(d) of the said Act.

Section 2(k) of the Copyright Act

(k) ‘Government work’ means a work which is made or published by or under the
direction or control of -

(i) the Government or any department of the Government;

(ii) any Legislature in India;

(iii) any Court, Tribunal or other judicial authority in India;

Section 17(d) of the Copyright Act

17. First owner of copyright; Subject to the provisions of this Act, the author of a
work shall be the owner of the copyright therein;

(d) in the case of a Government work, Government shall, in the absence of any
agreement to the contrary, be the first owner of the copyright therein;

124
 Judicial Responses

Syed Asifuddin and Ors. Vs. The State of Andhra Pradesh & Anr.

2005CriLJ4314 IN THE HIGH COURT OF ANDHRA PRADESH

Cri. Petn. Nos. 2601 and 2602 of 2003

Decided On: 29.07.2005

Appellants: Syed Asifuddin and Ors. Vs. Respondent: The State of Andhra
Pradesh and Anr.

Summary of the case

Tata Indicom employees were arrested for manipulation of the electronic 32-
bit number (ESN) programmed into cell phones that were exclusively franchised to
Reliance Infocomm.

The ourt held that such manipulation amounted to tampering with computer
source code as envisaged by section 65 of the Information Technology Act, 2000.

Background of the case

Reliance Infocomm launched a scheme under which a cell phone subscriber

was given a digital handset worth Rs. 10,500 as well as service bundle for 3 years
with an initial payment of Rs. 3350 and monthly outflow of Rs. 600. The subscriber
was also provided a 1 year warranty and 3 year insurance on the handset.

The condition was that the handset was technologically locked so that it would
only work with the Reliance Infocomm services. If the customer wanted to leave
Reliance services, he would have to pay some charges including the true price of the
handset. Since the handset was of a high quality, the market response to the scheme
was phenomenal.

Unidentified persons contacted Reliance customers with an offer to change to

a lower priced Tata Indicom scheme. As part of the deal, their phone would be
technologically “unlocked” so that the exclusive Reliance handsets could be used for
the Tata Indicom service.

125
 Judicial Responses

Reliance officials came to know about this “unlocking” by Tata employees

and lodged a First Information Report (FIR) under various provisions of the Indian
Penal Code, Information Technology Act and the Copyright Act.

The police then raided some offices of Tata Indicom in Andhra Pradesh and
arrested a few Tata Tele Services Limited officials for re- programming the Reliance
handsets. These arrested persons approached the High Court requesting the court to
quash the FIR on the grounds that their acts did not violate the said legal provisions.

Issues raised by the Defense

1. It is always open for the subscriber to change from one service provider to the
other service provider.

2. The subscriber who wants to change from Tata Indicom always takes his
handset, to other service providers to get service connected and to give up Tata
services.

3. The handsets brought to Tata by Reliance subscribers are capable of

accommodating two separate lines and can be activated on principal assignment
mobile (NAM1 or NAM 2). The mere activation of NAM 1 or NAM 2 by Tata in
relation to a handset brought to it by a Reliance subscriber does not amount to any
crime.

4. A telephone handset is neither a computer nor a computer system containing a

computer programme.

5. There is no law in force which requires the maintenance of "computer

source code". Hence section 65 of the Information Technology Act does not
apply.

Findings of the court

1. As per section 2 of the Information Technology Act, any electronic, magnetic or

optical device used for storage of information received through satellite,
microwave or other communication media and the devices which are
programmable and capable of retrieving any information by manipulations

126
 Judicial Responses

of electronic, magnetic or optical impulses is a computer which can be used as

computer system in a computer network.

2. The instructions or programme given to computer in a language known to the

computer are not seen by the user of the computer/consumers of computer
functions. This is known as source code in computer parlance.

3. A city can be divided into several cells. A person using a phone in one cell will
be plugged to the central transmitter of the telecom provider. This central
transmitter will receive the signals and then divert them to the relevant
phones.

4. When the person moves from one cell to another cell in the same city, the system
i.e., Mobile Telephone Switching Office (MTSO) automatically transfers signals
from tower to tower.

5. All cell phone service providers have special codes dedicated to them and these
are intended to identify the phone, the phone's owner and the service provider.

6. System Identification Code (SID) is a unique 5-digit number that is assigned to

each carrier by the licensor. Every cell phone operator is required to obtain SID
from the Government of India. SID is programmed into a phone when one
purchases a service plan and has the phone activated.

7. Electronic Serial Number (ESN) is a unique 32-bit number programmed into the
phone when it is manufactured by the instrument manufacturer. ESN is a
permanent part of the phone.

8. Mobile Identification Number (MIN) is a 10-digit number derived from cell phone
number given to a subscriber. MIN is programmed into a phone when one
purchases a service plan.

9. When the cell phone is switched on, it listens for a SID on the control channel,
which is a special frequency used by the phone and base station to talk to one
another about things like call set-up and channel changing.

127
 Judicial Responses

10. If the phone cannot find any control channels to listen to, the cell phone displays
"no service" message as it is out of range.

11. When cell phone receives SID, it compares it to the SID programmed into the
phone and if these code numbers match, cell knows that it is communicating with
its home system. Along with the SID, the phone also transmits registration
request and MTSO which keeps track of the phone's location in a database,
knows which cell phone you are using and gives a ring.

12. So as to match with the system of the cell phone provider, every cell phone
contains a circuit board, which is the brain of the phone. It is a combination of
several computer chips programmed to convert analog to digital and digital to
analog conversion and translation of the outgoing audio signals and incoming
signals.

13. This is a micro processor similar to the one generally used in the compact disk of
a desktop computer. Without the circuit board, cell phone instrument cannot
function.

14. When a Reliance customer opts for its services, the MIN and SID are
programmed into the handset. If some one manipulates and alters ESN,
handsets which are exclusively used by them become usable by other service
providers like TATA Indicom.

Conclusions of the court

1. A cell phone is a computer as envisaged under the Information Technology

Act,2000.

2. ESN and SID come within the definition of “computer source code” under section
65 of the Information Technology Act.

3. When ESN is altered, the offence under Section 65 of Information Technology Act
is attracted because every service provider has to maintain its own SID code and
also give a customer specific number to each instrument used to avail the services
provided.

128
 Judicial Responses

4. Whether a cell phone operator is maintaining computer source code, is a

matter of evidence.

5. In Section 65 of Information Technology Act the disjunctive word "or" is used in

between the two phrases –

a. "when the computer source code is required to be kept"

b. "maintained by law for the time being in force"

State Bank of India vs. Rizvi Exports Ltd

II(2003)BC96

DEBT RECOVERY APPELLATE TRIBUNAL, ALLAHABAD

T.A. No. 1593 of 2000

Decided On: 01.10.2002

Appellants: State Bank of India Vs. Respondent: Rizvi Exports Ltd.

State Bank of India (SBI) had filed a case to recover money from some
persons who had taken various loans from it. As part of the evidence, SBI submitted
printouts of statement of accounts maintained in SBI’s computer systems.

The relevant certificates as mandated by the Bankers Books of Evidence Act

(as amended by Information Technology Act) had not been attached to these
printouts.

The Court held that these documents were not admissible as evidence.

Admissibility of electronic records

Section 65B of the Indian Evidence Act relates to admissibility of electronic

records as evidence in a Court of law.

The computer holding the original evidence does not need to be

produced in court. A printout of the record, or a copy on a CD ROM, hard disk,

129
 Judicial Responses

floppy etc. can be produced in court. However some conditions need to be met and a
certificate needs to be provided. These conditions and the certificate are best
explained using a detailed illustration.

Note: This certificate is for illustration purposes only

Illustration

Noodle Ltd is an Internet Service Provider. The police are investigating a

cyber crime and need details about the user of a particular IP address. They have
requested Noodle for these details.

What Noodle is going to provide the police is a printout of records stored in its
computer systems. The following authenticated certificate has to be attached to this
printout.

Certificate u/s 65B of Indian Evidence Act issued in relation to the printout
titled “Information relating to IP address 10.232.211.84”

I, the undersigned, state to the best of my knowledge and belief that:

1. The printout titled “Information relating to IP address 10.232.211.84” issued

on 1st January2008 contains information stored in the ABC server being used by
Noodle Ltd to provide Internet connection services to its customers in India.

2. The said printout was produced by the ABC server during the period over which
the ABC server was used regularly to store and process information for the
purposes of activities regularly carried on over that period by lawfully authorized
persons.

3. During the said period, information of the kind contained in the electronic record
was regularly fed into the ABC server in the ordinary course of the said activities.

4. Throughout the material part of the said period, the computer was operating
properly.

5. The information contained in the electronic record reproduces such information

fed into the computer in the ordinary course of the said activities.

130
 Judicial Responses

6. I am in a responsible official position in relation to the operation of the ABC

server. Signed on this 1st day of January 2008.

Pooja Singh

System Administrator, Noodle Ltd

State vs. Mohd. Afzal and others

2003VIIAD(Delhi)1, 107(2003)DLT385, 2003(71)DRJ178,

2003(3)JCC1669 IN THE HIGH COURT OF DELHI

Reference No. 1/2003 and Crl. A. No. 43/2003

Decided On: 29.10.2003

Appellants: State

Vs.

Respondent: Mohd. Afzal and Ors. [Alongwith Crl. A. Nos. 59 and 80/2003]
AND

Appellants: Mohd. Afzal Vs. Respondent: State

[Along with Crl. A. Nos. 12, 19 and 36/2003]

Summary of the case

Several terrorists had attacked the Parliament House on 13th December, 2001. Digital
evidence played an important role during their prosecution. The accused had argued
that computers and digital evidence can easily be tampered and hence should not be
relied upon.

The Court dismissed these arguments. It said that challenges to the accuracy of
computer evidence on the ground of misuse of system or operating failure or
interpolation, should be established by the challenger. Mere theoretical and generic
doubts can not be cast on the evidence.

131
 Judicial Responses

Background of the case

Several terrorists had attacked the Parliament House on 13th December, 2001
intending to take as hostage or kill the Prime Minister, Central Ministers, Vice-
President of India and Members of Parliament. Several terrorists were killed by the
police in the encounter and several persons were arrested in connection with the
attack.

The Designated Judge of the Special Court constituted under Section 23 of the
Prevention of Terrorist Activities Act, 2002 (POTA) had convicted several accused
persons. They filed an appeal in the Delhi High Court challenging the legality and
validity of the trial and the sustainability of the judgment.

Digital evidence played an important role in this case. Computerized cell phone call
logs were heavily relied upon in this case. A laptop, several smart media storage disks
and devices were recovered from a truck intercepted at Srinagar pursuant to
information given by two of the suspects. These articles were deposited in the police
“malkhana” on 16th December, 2001. Although the laptop was deposited in the
“malkhana” on 16th December, some files were written onto the laptop on 21st
December.

The laptops were forensically examined by a private computer engineer and the
Assistant Government Examiner of Questioned Documents, Bureau of Police
Research, Hyderabad.

The laptop contained files relating to identity cards and stickers that were used by the
terrorists to enter the Parliament premises. Cyber forensic examination showed that
the laptop was used for creating, editing and viewing image files (mostly identity
cards).

Evidence found on the laptop included:

1. fake identity cards,

2. video files containing clippings of political leaders with Parliament in background

shot from TV news channels,

132
 Judicial Responses

3. scanned images of front and rear of a genuine identity card,

4. image file of design of Ministry of Home Affairs car sticker,

5. the game 'wolf pack' with the user name 'Ashiq'. Ashiq was the name in one of the
fake identity cards used by the terrorists.

Issues raised by the Prosecution

1. Analysis of the Windows registry files of the suspect laptop showed that its hard
disk had not been changed.

2. If internet has been accessed through a computer then the actual date of such
access would be reflected. Additionally, if any change is made to the date setting
of the computer, it would be reflected in the history i.e. in the REG file.

3. A hard disc cannot be changed without it being reflected in the history maintained
in the REG file.

4. It was not possible to alter the date of any particular file unless the system date had
been altered.

5. The files written on the laptop on 21st December were “self generating and self
written” system files. These were created automatically by the laptop’s operating
system when the laptop was accessed by law enforcement agencies at the “malkhana”.

Issues raised by the Defense

1. Although the laptop was deposited in the Government “malkhana” on 16th

December, some files were written on the laptop on 21st December.

2. The date setting on a computer can be edited.

3. In the absence of verified time setting and reliable information about the hard disc
being original, there is no certainty that the material found on a later date, was
exactly the material, which may have existed on a previous date.

133
 Judicial Responses

4. Hard disc is a replaceable component and could be formatted. If a hard disc was
replaced, it would not contain the data which was stored earlier unless it was re-
fed.

5. The Windows registry files can be edited.

6. The back up of complete suspect hard disc was not taken by the law enforcement
agencies.

7. The date setting on a file is related to the date setting on the computer. It is
possible to modify this date.

8. Information stored in a computer is on a magnetic medium which can easily be

polarized. Therefore, any data in a computer can be changed by a
knowledgeable person.

9. The date of last access to a file is treated differently by different software. The time
of last access was meaningless in the absence of knowledge as to what software is
used to process the file.

10. Software which was installed in a computer could be modified and un-installed
without leaving any trace.

Points considered by the court

1. In effect, substantially, Section 65B of the Indian Evidence Act and Section 69 of
the Act in England have same effect.

2. Section 69 of The Police & Criminal Evidence Act,1984 of England 280 reads as
under:

In any proceedings, a statement in a document produced by a computer shall not be

admissible as evidence of any fact stated therein unless it is shown

(a) that there are no reasonable grounds for believing that the statement is
inaccurate because of improper use of the computer.

134
 Judicial Responses

(b) that at all material times the computer was operating properly, or if not, that any
respect in which it was not operating properly or was out of operation was not
such as to affect the production of the document or the accuracy of it’s contents;....

3. It was held by Lord Griffiths In R.V. Shepherd, 1993 A.C. 380., that computers
vary immensely in their complexity and in the operations they perform. The
nature of the evidence to discharge the burden of showing that there has been
no improper use of the computer and that it was operating properly will inevitably
vary from case to case. He further stated that “I suspect that it will very rarely be
necessary to call an expert and that in the vast majority of cases it will be possible
to discharge the burden by calling a witness who is familiar with the operation of
the computer in the sense of knowing what the computer is required to do and
who can say that it is doing it properly."

4. In DPP v. Me. Kewon, (1997) 1 Criminal Appeal 155, Lord Hoffman discussed
this section 69. He said that it cannot be argued that “any malfunction is sufficient
to cast doubt upon the capacity of the computer to process information correctly.
A malfunction is relevant if it affects the way in which the computer processes,
stores or retrieves the information used to generate the statement tendered in
evidence. Other malfunctions do not matter”.

5. The Law Commission in England held that “Realistically, therefore, computers

must be regarded as imperfect devices.” The Law Commission recommended the
deletion of this section 69 and subsequently it was deleted.

6. The Law Commission report in England said that “The complexity of modern
systems makes it relatively easy to establish a reasonable doubt in a juror's mind
as to whether the computer was operating properly.... We are concerned about
smoke-screens being raised by cross-examination which focuses in general terms
on the fallibility of computers rather than the reliability of the particular evidence.
The absence of a presumption that the computer is working means that it is
relatively easy to raise a smoke-screen."

135
 Judicial Responses

7. In England, the common law presumption that "in the absence of evidence to the
contrary the courts will presume that mechanical instruments were in order at the
material time", operates with full force.

8. Development in computer networking, access, control, monitoring and systems

security are increasingly making it difficult for computer errors to go undetected.
Most computer errors are immediately detected or the resultant error in the date is
immediately recorded.

Conclusion of the court

If someone challenges the accuracy of computer evidence on the ground of

misuse of system or operating failure or interpolation, then the challenger has to
establish the challenge.Mere

Diebold Systems Pvt Ltd vs. The Commissioner of Commercial Taxes

ILR2005KAR2210, [2006]144STC59(Kar)

IN THE HIGH COURT OF KARNATAKA

Sales Tax Appeal No. 2/2004

Decided On: 31.01.2005

Appellants: Diebold Systems Pvt. Ltd.

Vs.

Respondent: The Commissioner of Commercial Taxes

Section 2 of Information Technology Act, 2000

Background

Diebold Systems Pvt Ltd manufactures and supplies Automated Teller Machines
(ATM).

136
 Judicial Responses

Diebold sought a clarification from the Advance Ruling Authority (ARA) in

Karnataka on the rate of tax applicable under the Karnataka Sales Tax Act, 1957 on
sale of Automated Teller Machines.

The majority view of the ARA was to classify ATMs as "computer terminals"
liable for 4% basic tax as they would fall under Entry 20(ii)(b) of Part 'C' of Second
Schedule to the Karnataka Sales Tax Act.

The Chairman of the ARA dissented from the majority view. In his opinion,
ATMs would fit into the description of electronic goods, parts and accessories thereof.
They would thus attract basic rate of tax of 12% and would fall under Entry 4 of Part
'E' of the Second Schedule to the KST Act.

The Commissioner of Commercial Taxes was of the view that the ARA ruling
was erroneous and passed an order that ATMs cannot be classified as computer
terminals.

Findings of the court

1. The enlarged definition of "computers" in the Information Technology Act

cannot be made use of interpreting an Entry under fiscal legislation.

2. An Automatic Teller Machine is an electronic device, which allows a bank's

customer to make cash withdrawals, and check their account balances at any time
without the need of human teller.

3. ATM is not a computer by itself and it is connected to a computer that performs

the tasks requested by the person using ATM's. The computer is connected
electronically to many ATM's that may be located from some distance from the
computer.

Decision of the court

ATMs are not computers, but are electronic devices under the Karnataka Sales Tax
Act, 1957

P.R. Transport Agency vs. Union of India & others

137
 Judicial Responses

AIR2006All23, 2006(1)AWC504 IN THE HIGH COURT OF ALLAHABAD

Civil Misc. Writ Petition No. 58468 of 2005

Decided On: 24.09.2005

Appellants: P.R. Transport Agency through its partner

Sri Prabhakar Singh Vs. Respondent: Union of India (UOI) through Secretary,
Ministry of Coal, Bharat Coking Coal Ltd. through its Chairman, Chief Sales
Manager Road Sales, Bharat Coking Coal Ltd. and Metal and Scrap Trading
Corporation Ltd. (MSTC Ltd.) through its Chairman cum Managing Director

Background of the case

Bharat Coking Coal Ltd (BCC) held an e-auction for coal in different lots.
P.R. Transport Agency’s (PRTA) bid was accepted for 4000 metric tons of coal from
Dobari Colliery. The acceptance letter was issued on 19th July 2005 by e-mail to
PRTA’s e-mail address. Acting upon this acceptance, PRTA deposited the full
amount of Rs. 81.12 lakh through a cheque in favour of BCC. This cheque was
accepted and encashed by BCC. BCC did not deliver the coal to PRTA. Instead it e-
mailed PRTA saying that the sale as well as the e-auction in favour of PRTA stood
cancelled "due to some technical and unavoidable reasons".

The only reason for this cancellation was that there was some other person
whose bid for the same coal was slightly higher than that of PRTA. Due to some flaw
in the computer or its programme or feeding of data the higher bid had not been
considered earlier.

This communication was challenged by PRTA in the High Court of

Allahabad. BCC objected to the “territorial jurisdiction” of the Court on the grounds
that no part of the cause of action had arisen within U.P.

Issue raised by BCC

The High Court at Allahabad (U.P.) had no jurisdiction as no part of the cause of
action had arisen within U.P.

138
 Judicial Responses

Issues raised by PRTA

1. The communication of the acceptance of the tender was received by the petitioner
by e-mail at Chandauli (U.P.). Hence the contract (from which the dispute arose)
was completed at Chandauli (U.P). The completion of the contract is a part of the
"cause of action'.

2. The place where the contract was completed by receipt of communication of

acceptance is a place where 'part of cause of action' arises.

Points considered by the court

1. In reference to contracts made by telephone, telex or fax, the contract is complete

when and where the acceptance is received. However, this principle can apply
only where the transmitting terminal and the receiving terminal are at fixed
points.

2. In case of e-mail, the data (in this case acceptance) can be transmitted from any
where by the e-mail account holder. It goes to the memory of a 'server' which may
be located anywhere and can be retrieved by the addressee account holder from
anywhere in the world. Therefore, there is no fixed point either of transmission or
of receipt.

3. Section 13(3) of the Information Technology Act has covered this difficulty of “no
fixed point either of transmission or of receipt”. According to this section “...an
electronic record is deemed to be received at the place where the addressee has his
place of business."

4. The acceptance of the tender will be deemed to be received by PRTA at the places
where it has place of business. In this case it is Varanasi and Chandauli (both in
U.P.)

139
 Judicial Responses

Decision of the court

1. The acceptance was received by PRTA at Chandauli / Varanasi. The contract

became complete by receipt of such acceptance.

2. Both these places are within the territorial jurisdiction of the High Court of
Allahabad. Therefore, a part of the cause of action has arisen in U.P. and the court
has territorial jurisdiction.

PARLIAMENT ATTACK CASE

Bureau of Police Research and Development at Hyderabad had handled some

of the top cyber cases, including analysing and retrieving information from the laptop
recovered from terrorist, who attacked Parliament. The laptop which was seized
from the two terrorists, who were gunned down when Parliament was under siege
on December 13 2001, was sent to Computer Forensics Division of BPRD after
computer experts at Delhi failed to trace much out of its contents.

The laptop contained several evidences that confirmed of the two terrorists’
motives, namely the sticker of the Ministry of Home that they had made on the
laptop and pasted on their ambassador car to gain entry into Parliament House and
the fake ID card that one of the two terrorists was carrying with a Government of
India emblem and seal.

The emblems (of the three lions) were carefully scanned and the seal was also craftly
made along with residential address of Jammu and Kashmir. But careful detection
proved that it was all forged and made on the laptop.

State of Tamil Nadu Vs Suhas Katti

The Case of Suhas Katti is notable for the fact that the conviction was achieved
successfully within a relatively quick time of 7 months from the filing of the
FIR. Considering that similar cases have been pending in other states for a
much longer time, the efficient handling of the case which happened to be the first
case of the Chennai Cyber Crime Cell going to trial deserves a special mention.

The case related to posting of obscene, defamatory and annoying message about a

140
 Judicial Responses

divorcee woman in the yahoo message group. E-Mails were also forwarded to
the victim for information by the accused through a false e-mail account opened by
him in the name of the victim. The posting of the message resulted in annoying
phone calls to the lady in the belief that she was soliciting.

Based on a complaint made by the victim in February 2004, the Police traced the
accused to Mumbai and arrested him within the next few days. The accused was a
known family friend of the victim and was reportedly interested in marrying her.
She however married another person. This marriage later ended in divorce and the
accused started contacting her once again. On her reluctance to marry him, the
accused took up the harassment through the Internet.

On 24-3-2004 Charge sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC before
The Hon’ble Addl. CMM Egmore by citing 18 witnesses and 34 documents and
material objects. The same was taken on file in C.C.NO.4680/2004. On the
prosecution side 12 witnesses were examined and entire documents were marked as
Exhibits.

The Defence argued that the offending mails would have been given either by ex-
husband of the complainant or the complainant her self to implicate the accused as
accused alleged to have turned down the request of the complainant to marry her.

Further the Defence counsel argued that some of the documentary evidence was not
sustainable under Section 65 B of the Indian Evidence Act. However, the court
relied upon the expert witnesses and other evidence produced before it, including the
witnesses of the

Cyber Cafe owners and came to the conclusion that the crime was conclusively
proved.

Ld. Additional Chief Metropolitan Magistrate, Egmore, delivered the judgement on

5-11-04 as follows:

“The accused is found guilty of offences under section 469, 509 IPC and 67 of
IT Act 2000 and the accused is convicted and is sentenced for the offence to
undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/-and for the

141
 Judicial Responses

offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to
pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo
RI for 2 years and to pay fine of Rs.4000/- All sentences to run
concurrently.”

The accused paid fine amount and he was lodged at Central Prison, Chennai. This is
considered as the first case convicted under section 67 of Information Technology
Act 2000 in India.

SMC Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra

In India's first case of cyber defamation, a Court of Delhi assumed jurisdiction over a
matter where a corporate reputation was being defamed through e-mails and passed
an important ex-parte injunction.

In this case, the defendant Jogesh Kwatra being an employee of the plaintiff
company started sending derogatory, defamatory, obscene, vulgar, filthy and abusive
e-mails to his employers as also to different subsidiaries of the said company all over
the world with the aim to defame the company and its Managing Director Mr. R K
Malhotra. The plaintiff filed a suit for permanent injunction restraining the defendant
from doing his illegal acts of sending derogatory e-mails to the plaintiff.

On behalf of the plaintiffs it was contended that the e-mails sent by the defendant
were distinctly obscene, vulgar, abusive, intimidating, humiliating and defamatory
in nature. Counsel further argued that the aim of sending the said e-mails was to
malign the high reputation of the plaintiffs all over India and the world. He further
contended that the acts of the defendant in sending the e-mails had resulted in
invasion of legal rights of the plaintiffs. Further the defendant is under a duty not to
send the aforesaid e-mails. It is pertinent to note that after the plaintiff company
discovered the said employee could be indulging in the matter of sending abusive e-
mails, the plaintiff terminated the services of the defendant.

After hearing detailed arguments of Counsel for Plaintiff, Hon'ble Judge of the Delhi
High Court passed an ex-parte ad interim injunction observing that a prima facie
case had been made out by the plaintiff. Consequently, the Delhi High Court
restrained the defendant from sending derogatory, defamatory, obscene, vulgar,

142
 Judicial Responses

humiliating and abusive e-mails either to the plaintiffs or to its sister subsidiaries
all over the world including their Managing Directors and their Sales and
Marketing departments. Further, Hon'ble Judge also restrained the defendant from
publishing, transmitting or causing to be published any information in the actual
world as also in cyberspace which is derogatory or defamatory or abusive of the
plaintiffs.

This order of Delhi High Court assumes tremendous significance as this is for the first
time that an Indian Court assumes jurisdiction in a matter concerning cyber
defamation and grants an ex-parte injunction restraining the defendant from defaming
the plaintiffs by sending derogatory, defamatory, abusive and obscene e-mails either
to the plaintiffs or their subsidiaries.

SONY.SAMBANDH.COM CASE

India saw its first cybercrime conviction recently. It all began after a complaint was
filed by Sony India Private Ltd, which runs a website called www.sony-
sambandh.com, targeting Non Resident Indians. The website enables NRIs to send
Sony products to their friends and relatives in India after they pay for it online.The
company undertakes to deliver the products to the concerned recipients. In May
2002, someone logged onto the website under the identity of Barbara Campa and
ordered a Sony Colour Television set and a cordless head phone.

She gave her credit card number for payment and requested that the products be
delivered to Arif Azim in Noida. The payment was duly cleared by the credit card
agency and the transaction processed. After following the relevant procedures of due
diligence and checking, the company delivered the items to Arif Azim. At the time of
delivery, the company took digital photographs showing the delivery being accepted
by Arif Azim.

The transaction closed at that, but after one and a half months the credit card agency
informed the company that this was an unauthorized transaction as the real
owner had denied having made the purchase.

The company lodged a complaint for online cheating at the Central Bureau of
Investigation which registered a case under Section 418, 419 and 420 of the Indian

143
 Judicial Responses

Penal Code.

The matter was investigated into and Arif Azim was arrested. Investigations revealed
that Arif Azim, while working at a call centre in Noida gained access to the credit
card number of an American national which he misused on the company’s site. The
CBI recovered the colour television and the cordless head phone.In this matter, the
CBI had evidence to prove their case and so the accused admitted his guilt. The
court convicted Arif Azim under Section 418, 419 and 420 of the Indian Penal Code
- this being the first time that a cyber crime has been convicted.

The court, however, felt that as the accused was a young boy of 24 years and a first-
time convict, a lenient view needed to be taken. The court therefore released the
accused on probation for one year.

The judgment is of immense significance for the entire nation. Besides being the first
conviction in a cyber crime matter, it has shown that the the Indian Penal Code can
be effectively applied to certain categories of cyber crimes which are not covered
under the Information Technology Act 2000. Secondly, a judgment of this sort sends
out a clear message to all that the law cannot be taken for a ride.

Nasscom vs. Ajay Sood & Others

In a landmark judgment in the case of National Association of Software and

Service Companies vs Ajay Sood & Others, delivered in March, 2005, the Delhi
High Court declared `phishing’ on the internet to be an illegal act, entailing an
injunction and recovery of damages. Elaborating on the concept of ‘phishing’, in
order to lay down a precedent misrepresentation made in the course of trade leading
to confusion as to the source and in India, the court stated that it is a form of internet
fraud where a person pretends to be a legitimate association, such as a bank or an
insurance company in order to extract personal data from a customer such as
access codes, passwords, etc. Personal data so collected by misrepresenting
the identity of the legitimate party is commonly used for the collecting party’s
advantage. The court also stated, by way of an example, that typical phishing scams
involve persons who pretend to represent online banks and siphon cash from e-
banking accounts into handing over confidential banking details.

144
 Judicial Responses

The Delhi HC stated that even though there is no specific legislation in India to
penalize phishing, it held phishing to be an illegal act by defining it under
Indian law as “a origin of the e-mail causing immense harm not only to the
consumer but even to the person whose name, identity or password is misused.” The
court held the act of phishing as passing off and tarnishing the plaintiff’s image.The
plaintiff in this case was the National Association of Software and Service
Companies (Nasscom), India’s premier software association.

The defendants were operating a placement agency involved in head-hunting and

recruitment. In order to obtain personal data, which they could use for purposes of
head- hunting, the defendants composed and sent e-mails to third parties in the name
of Nasscom. The high court recognised the trademark rights of the plaintiff and
passed an ex-parte ad- interim injunction restraining the defendants from using the
trade name or any other name deceptively similar to Nasscom. The court further
restrained the defendants from holding themselves out as being associates or a part of
Nasscom.

The court appointed a commission to conduct a search at the defendants’

premises. Two hard disks of the computers from which the fraudulent e-mails were
sent by the defendants to various parties were taken into custody by the local
commissioner appointed by the court. The offending e-mails were then downloaded
from the hard disks and presented as evidence in court.

During the progress of the case, it became clear that the defendants in whose names
the offending e-mails were sent were fictitious identities created by an employee on
defendants’ instructions, to avoid recognition and legal action. On discovery of this
fraudulent act, the fictitious names were deleted from the array of parties as
defendants in the case. Subsequently, the defendants admitted their illegal acts and
the parties settled the matter through the recording of a compromise in the suit
proceedings. According to the terms of compromise, the defendants agreed to pay
a sum of Rs1.6 million to the plaintiff as damages for violation of the plaintiff’s
trademark rights. The court also ordered the hard disks seized from the defendants’
premises to be handed over to the plaintiff who would be the owner of the hard disks.

This case achieves clear milestones: It brings the act of “phishing” into the ambit of

145
 Judicial Responses

Indian laws even in the absence of specific legislation; It clears the misconception
that there is no “damages culture” in India for violation of IP rights; This case
reaffirms IP owners’ faith in the Indian judicial system’s ability and willingness to
protect intangible property rights and send a strong message to IP owners that they
can do business in India without sacrificing their IP rights.

5.2 International Judicial Responses

1. Unauthorized access

United States v. Czubinski:3 The Boston office of the Taxpayer

Services Division of the IRS employed Richard Czubinski. To perform his
official duties, Czubinski routinely accessed information from one of the
IRS's computer systems. Using his valid password and certain search codes,
he was able to retrieve income tax information regarding virtually any
taxpayer in the United States. IRS

Rules plainly state that employees with passwords and access codes are not
permitted to access files on its systems outside of the course of their official
duties.

The court held that "We have never before addressed section
1030(a)(4). Czubinski unquestionably exceeded authorized access to a
Federal interest computer. On appeal he argues that he did not obtain
"anything of value." We agree, finding that his searches of taxpayer return
information did not satisfy the statutory requirement that he obtain "anything
of value." The value of information is relative to one's needs and objectives;
here the government had to show that the information was valuable to
Czubinski in light of a fraudulent scheme. The government failed, however,
to prove that Czubinski intended anything more than to satisfy idle curiosity.

The plain language of section 1030(a) (4) emphasizes that more than
mere unauthorized use is required: the 'thing obtained' may not merely be the
unauthorized use. It is the showing of some additional end to which the

3
106 F.301 1069 (Cir, 1977)

146
 Judicial Responses

unauthorized access is a means that is lacking here. The evidence did not
show that Czubinski's end was anything more than to satisfy his curiosity by
viewing information about friends, acquaintances, and political rivals. No
evidence suggests that he printed out, recorded, or used the information he
browsed. No rational jury could conclude beyond a reasonable doubt that
Czubinski intended to use or disclose that information, and merely viewing
information cannot be deemed the same as obtaining something of value for
the purposes of this statute.

The legislative history further supports our reading of the term

anything of value." Accordingly we find that Czubinski has not obtained
valuable information in furtherance of a fraudulent scheme for the
purposes of section 1030(a) (4). The defendant's conviction is thus
reversed on all counts.

Briggs v. State of Maryland4: The Court held that the statute of

the state of Maryland that criminalizes unauthorized access to computers
"was intended to prohibit use of computers by those not authorized to do
so in the first place, and may not be used to criminalize the activities of
employees who use employers' computer systems beyond the scope of
their authority to do so”.

Scott Moulton and Network Installation Computer

5
Services, Inc. v. VC3 : The Court held that the plaintiffs’ act of
conducting an unauthorized port scan and throughput test of defendant's
servers does not constitute a violation of either the Georgia Computer
Systems Protection Act or the Computer Fraud and Abuse Act.

Regan Gerard Gilmour v. Director of Public Prosecutions6:

The accused was a public servant employed as an Administrative
Services Officer Grade 3 within the Debt Management Section of the
Australian Taxation Office in its Relief Section. The Relief Section

4
348 Md 470 (1988) USA
5
(Common Wealth) No. 60488/95 In the Supreme Court of New South Wales (Australia)
6
Civ. Act No. 1:00-CV-434-TWT (N.D. Ga November 6, 2000)(USA)

147
 Judicial Responses

considers written applications by taxpayers for relief from payment of

income tax. The Court was required to determine whether the accused
had "authority" to insert data in a Commonwealth computer for the
purpose of section 76C of the Crimes Act 1914 when the computer would
physically accept his insertion of data, but the accused was not permitted
by his employer to insert the relevant data, relief code "43", in the
computer without specific permission given by the employer prior to the
insertion and such permission was not given in these cases".

As per section 76C of the Crimes Act 1914, "A person who
intentionally and without authority or lawful excuse: (a) destroys, erases or
alters data (Data is defined by section 76A as including information, a
computer program or part of a computer program) stored in, or inserts data
into, a Commonwealth computer is guilty of an offence". The Court held
that a person commits an offence under this section if he lacks the authority
to insert the particular information into a computer, notwithstanding that he
has general authority to insert other information into such computer. The
Court further held that an entry intentionally made without lawful excuse
and known to be false is made without lawful authority.

Director of Public Prosecutions v. Murdoch7: In this case, the court

held that section 76 C of the Crimes Act 1914 does not distinguish between
what are colloquially known as "hackers" and persons who have some
authority of some kind to enter the computer system. Rather the section
invites attention to whether the particular entry or gaining access to the
computer system was with or without lawful authority. The Court held that
where the question is whether the entry was with permission, it would be
important to identify the entry and to determine whether that entry was
within the scope of the permission that had been given. If the permission
was not subject to some express or implied limitation,which excluded the
entry from its scope, then the entry will be with lawful justification but if
the permission was subject to an actual express or implied limitation, which
excluded the actual entry, made, then the entry will be "without lawful

7
(1993) 1 VR 406 (Australia)

148
 Judicial Responses

authority to do so". The Court also held that in the case of an employee the
question would be whether that employee had authority to affect the entry
with which he stands charged. If he has a general and unlimited permission
to enter the system then no offence is proved. If however there are limits
upon the permission given to him to enter that system, it will be necessary
to ask, was the entry within the scope of that permission? If it was, then no
offence was committed; if it was not, then he has entered the system
without lawful authority to do so.

2. Email Related Crime

United States v. Kammersell8: The Court found that federal inter-

state jurisdiction was proper where defendant sent a threatening e-mail via
AOL, an interstate service, even though the message was sent from and
received in the same state. The Court held that federal laws prohibiting
transmission in interstate commerce of communications containing threats
applied, because the e-mail was sent via a commercial online service and
routed outside the state before reaching its final destination within the state.
The 10th Circuit Court of Appeals affirmed this decision (196 F.3d 1137
(10th Cir. Utah 1999) (USA)).

State of Washington v. Townsend9: A Washington Appellate

Court affirmed a conviction for second-degree rape, of a child. The
defendant appealed the lower court's decision to admit into evidence copies
of e-mail messages between himself and a police officer posing as a 13 year
old girl. The defendant argued that the e-mail messages were copied in
violation of the Washington Privacy Act, which prohibits the "copying of
private communications transmitted by telephone, telegraph, radio, or other
device….” The court held that e-mail by its nature must be recorded, and an
e-mail user impliedly consents to the copying by the act of using e-mail.
Accordingly, the court affirmed the lower court's decision to admit the e-
mail messages.

8
1998 US Dist LEXIS 8719 (D.Utah 1998) (USA)
9
No. 19304-7-III (Wash Ct.App 2001) (USA)

149
 Judicial Responses

America Online Inc. v. National Health Care Discount,

10
Inc : The court denied plaintiff AOL's motion for summary judgment
seeking to hold defendant liable for violations, inter alia, of the Computer
Fraud and Abuse Act, the Virginia Computer Crimes Act, and common law
trespass to chattels, as result of the transmission of unsolicited bulk e-mail
advertising defendant's products to AOL users. The court reached this
conclusion because, based on the record before it, it could not determine
whether the parties who sent the e-mail in question were defendant's agents,
acting under its control, or independent contractors.

3. Defamation

Firth v. State of New York11: The plaintiff claimed that

publication of an alleged libel on the internet was "continuous publication",
which would extend the statute of limitations.

The court held that the statute would run from the date the material
was first posted, rather than continuously. On October 29, 2001, the New
York Appellate Division Court affirmed the decision.

Anderson v. New York Telephone Co12: The plaintiff was a

bishop. A person by the name of Jackson broadcast a programme on radio
urging the listeners to call up two telephone numbers. 'A person calling
these numbers would hear accusations against plaintiff involving him in all
sorts of scurrilous activities not the least of which was illegitimately
fathering children by women and girls in the church. Jackson's telephones
were attached to equipment leased to Jackson by defendant. This equipment
contained the recorded messages which would automatically play upon
activation of the telephone by a caller.'

The Court held that "... the telephone company's role is merely
passive and no different from any company which leases equipment to
another for the latter's use ... In order to be deemed to have published a libel

10
2000 U.S. Dist. Lexis 17055 (N.D. Iowa, September 29, 2000) (USA)
11
N.Y. Court of Claims, March 2000 (USA)
12
(1974) 35 NY2d 746 (USA)

150
 Judicial Responses

a defendant must have had a direct hand in disseminating the material

whether authored by another, or not ... It could not be said, for example, that
International Business Machines, Inc., even if it had notice, would be liable
were one of its leased typewriters used to publish a libel. Neither would it
be said that the Xerox Corporation, even if it had notice, could be held
responsible were one of its leased photocopy machines used to multiply a
libel many times."

Norway v. Tvedt13: The accused was the founder of a far right

group in Norway. He was convicted for posting racist material that mixed
neo- Nazism, racial hatred, and religion, on a web site. He was held
responsible for the material despite the fact that it was posted on a server that
was based in the United States.

4. Computer Fraud

FTC v. Craig Lee Hare14: In this case the action was for deceptive
trade practices arising from on-line "auction" offering sale of computer
products that were never delivered. The Defendant pleaded guilty to wire
fraud and was sentenced to six months home detention, three years probation
and ordered to pay restitution of over $22,000. He was also barred for life
from conducting internet commerce.

United States v. Middleton15: The court held that the term

"individual" as used in the Computer Fraud and Abuse Act, is not confined to
natural persons, but extends to business entities, and hence damage to an ISP-
victim was encompassed under the statute.

United States v. Hoke16: A suit was filed against Gary Hoke for
disseminating misinformation on a counterfeit Bloomberg News Service Web
page regarding an alleged merger- between his 'employer Pair Gain
Technology, Inc. and ECI Telecom, Ltd. Initial investigation by the FBI

13
Asker and Baerum District Court (Norway, 2000) (Norway)
14
S.D. Fla 4/*/98 (USA)
15
35 F. Supp. 2d 1189 (N.D. Cal, 1999) (USA)
16
Magistrate No. 99-889 M (C.D. Cal 4/14/99) (USA)

151
 Judicial Responses

revealed that Hoke might have used services of Angelfire.com to host the
page and Hotmail e-mail service. Hoke was traced by IP addresses from these
services. Hoke, pled guilty and was sentenced to five months' of home
detention, five years probation, and restitution of $93,086.77.

United States v. Pirello17: The Ninth Circuit ruled on the

application of the US Sentencing Commission Guidelines (USSG) about a
defendant fraudulently selling computers online. The defendant Pirello placed
four advertisements on internet classified-ads websites, soliciting buyers for
computers. Pirello received three orders, deposited the money in his personal
bank account, and never delivered computers. The court determined that
USSG 2F1.l(b)(3), which instructs courts to enhance a sentence by two levels
if the offense was committed through "mass-marketing," applied to Pirello's
fraudulent internet advertisements. The court held that the use of the internet
website to solicit orders for non-existent computers violated the USSG and
affirmed the lower court's enhancement of Pirello's sentence.

Kennison v. Daire18: In this case, the accused held an automatic

teller machine (ATM) card which enabled him to withdraw funds from his
account from a certain bank by inserting the card and keying in his personal
identification number; but it was a condition of his use of the card that the
customer's account could be drawn against to the extent of the funds available
in that account.

The accused closed the account but subsequently used the card to
withdraw funds. It was held that it was not sufficient that the bank had
programmed the computer to permit the withdrawal, as the bank consented
to the withdrawal by the cardholder who presented his personal
identification number only if the cardholder had an account, which was
current, and accordingly the appellant was guilty of larceny.

The Court further held that "The fact that the Bank programmed the
machine in a way that facilitated the commission of a fraud by a person

17
255 F. 3d 728 (9th Cir 2001) (USA)
18
(1986) 160 CLR 129 – (Australia)

152
 Judicial Responses

holding a card did not mean that the Bank consented to the withdrawal of
money by a person who had no account with the Bank. It is not suggested
that any person, having the authority of the Bank to consent to the particular
transaction, did so. The machine could not give the Bank's consent in fact
and there is no principle of law that requires it to be treated as though it
were a person with authority to decide and consent".

5. Cyberstalking

R v. Vose19: In an Australian case, an older male stalked a young boy,

following him with a camera and placing updates of his activities on his
personal website, including descriptions of his paedophilia and of his
potential dangerousness to those who threatened him. The offender was
charged with stalking.

6. Pornography

Davis v. Gracey20: After the accused, Davis, sold obscene CD-

ROMs to an undercover officer, a warrant was obtained to search his
business premises; police officers determined pornographic CD-ROM files
could be accessed through the bulletin board and seized the computer
equipment used to operate it. Following his criminal conviction and civil
forfeiture of the computer equipment in state court proceedings, Davis, his
related businesses, and several users of e-mail on his bulletin board brought
action against the officers who executed the search, alleging that the seizure
of the computer equipment and e-mail and software stored on the system
violated constitutional and statutory provisions.

Affirming, the 10th Circuit held that the original warrant was not
unconstitutionally overbroad, and that the incidental temporary seizure of
bulletin board e-mail users' files did not invalidate the seizure of the
computer within which they were stored. "The computer equipment was
more than merely a 'container' for the files; it was an instrumentality of the

19
(1999) VSCA 200
20
III F 3d 1472 (10thh Cir 1977) (USA)

153
 Judicial Responses

crime."

United States v. Hilton21: In 1997, a federal grand jury indicted

David Hilton for criminal possession of computer disks containing three or
more images of child pornography in violation of 18 U.S.C. § 2252A
(a)(5)(B). Hilton did not deny the charges, but rather challenged the statute
itself. He moved to dismiss the charges on grounds that the act was on its
face unconstitutional under the First Amendment in that it was vague and
overbroad, and thus unenforceable. The U.S. district court agreed with Hilton
-that the definition of child pornography was both vague and overbroad. It
found the statutory language of "appears to be a minor" overly subjective
because it is difficult to distinguish between teenagers and young adults. And
so the court held this portion of the CPPAs, definition of child pornography
unconstitutional. The government appealed from this ruling.

The court held that in 1996, Congress enacted the CPPA to attack the
rise of computerized or "virtual" child pornography. These images may take
many forms-a photograph of a real child may be scanned and replicated, an
innocent picture of a child may be manipulated by computer to create a
sexually-oriented photo, or a fake child can be generated wholly by computer
graphics. The law prohibits, inter alia, knowing possession of visual images
depicting minors or those who "appear to be" minors engaging in sexually
explicit conduct. We assess the constitutionality of the CPPA de novo.

The First Amendment declares that "Congress shall make no law

abridging freedom of speech." The CPPA expressly aims to curb a particular
category of expression (child pornography) by singling out that type of
expression based on its content and banning it. This is by its very nature a
content-discriminating act. But to say that the CPPA is content-based does
not end the matter, for it is well-settled that child pornography may be freely
regulated.

The key question, then, is whether the CPPA poses substantial

problems of over breadth sufficient to justify overturning the judgment of the
21
167 F 3d (1” Gr), Cert. denied, 120 S.Ct. 115 (1999)

154
 Judicial Responses

lawmaking branches. To the extent the CPPA criminalizes representations of

an actual minor engaged in sexual conduct the statute can prevail. Whether or
not the prohibition of material that "appears to be" a minor comports with the
First Amendment is more troublesome. At first blush, potential problems
threaten to doom the law. First and foremost, "appears" to whom?

We take our cue from the legislative record, which makes plain that
the new language was intended to target visual depictions "which are
virtually indistinguishable from unreduced photographs of actual children
engaging in identical sexual conduct." S. Rep. 104-358. It follows that
drawings, cartoons, sculptures, and paintings depicting youthful persons in
sexually explicit poses plainly lies beyond the reach of the Act.

We think that it is a logical and permissible extension of current law to

allow the regulation of sexual materials that appear to be of children, but did
not, in fact, involve the use of live children in their production. Once the
phrase "appears to be a minor" is properly understood, the constitutional
barriers fall away. The fear of a chilling effect on protected speech subsides.
We conclude, therefore, that the CPPA is not unconstitutionally overbroad.
The judgment of the district court is reversed.

Germany v. CompuServe Deutschland et. al.22: German District

Court Judge Wilhelm Hubbert convicted Felix Somm, the former head of
CompuServe Germany, of child pornography for failing to block third
parties’ postings of pornographic pictures using CompuServe's services.

Somm received two years probation and was fined DM 100, 000,
despite the fact that under current German law ISPs are not held responsible
for banned information on the internet if they are unaware of the existence of
the material. The conviction was overturned on appeal.

Fedeemer v. Haun23: Plaintiff challenged Utah's sex offender

notification statute, which would make sex offender registry information

22
Bavaria 5/28/98 (Germany)
23
35 F. Supp 852 (D. Utah 1999) (USA)

155
 Judicial Responses

available to the general public without restriction on the internet.

The court held that the registry information posted on the Web site
and available to a global audience that will have no risk of encountering the
offender was not reasonably related to the non-punitive goal of preventing
additional sex offences and therefore violated the Double Jeopardy and Ex
Post Facto Clauses. The court held that the statute did not violate the Equal
Protection Clause because it was rationally related to the goal of guarding
against sexual offenses. The Court also held that the Due Process Clause was
not violated because the information to be posted is considered "non private"
and therefore there is no cognizable injury to the plaintiffs’ reputation. The
defendant, the Utah Department of Corrections, stipulated it would
administer the statute in accordance with the court's decision, and therefore
no order was issued.

People v. Foley24: The court found that the state law against
knowingly transmitting sexually explicit communications to minors with
intent to lure them into sexual activity was constitutional and did not violate
the Commerce Clause. The court noted that the statute is no broader than
necessary to achieve the purpose of preventing the sexual abuse of children.

John Robin Sharpe v. B.C.25: The Supreme Court of Canada

upheld a law that makes it a crime to possess child pornography. In 1999 a
trial court had struck down the law and dismissed charges against John
Robin Sharpe who had been charged under the law. In a 9-0 decision the
court upheld the law, but created two exceptions. One was to protect private
works of the imagination or photographic depictions of oneself, and another
for those that create sexually explicit depictions of children for their own
personal pleasure.

Regina v. Vernon Boyd Logan26: The accused had pleaded guilty

to possession of child pornography, contrary to 'section 163.1(4) of the

24
No.17 (N.Y. ct App. 11,2000) (USA)
25
2001 SCC 2 File No. : 27376 (Canada,2001) (Canada)
26
No. 9317 Post Hardy Registry (Canada)

156
 Judicial Responses

Criminal Code. The police had seized a variety of child pornography, mostly
magazines containing photographs of physically mature teenaged boys
performing sexual acts with each other, from the home of the accused. Some
pictures were of pubescent boys and girls involved in sexual activities
together, and a few depicted pubescent girls engaging in similar behavior. It
was not alleged that the accused had created, published, imported,
distributed, or sold child pornography, or had it in his possession for any of
those purposes. Moreover, there was no suggestion that the defendant has
been sexually involved with children, or that the pornography had been
inspired any deviant behavior by him.

The accused was given an absolute discharge. The Court held that the
act of merely possessing child pornography was "entirely passive". The
Court held that the accused did not pose any threat to the public, as the
extent of his culpability was that he had prohibited material in his possession
and, presumably, read it.

7. Online Gambling

Olivier v. Ministry of Safety and Security, Province of

Gauteng27: On application of owner for return of certain computer
equipment seized in a search, a South African court held the impoundment
lawful on the grounds that it was used for online gambling in contravention
of South African law.

Reference Re Earth Future Lottery28: The Prince Edward Island

Supreme Court ruled that a charitable lottery was illegal under the Canadian
criminal code Earth Future Lottery had been granted a license to operate an
internet lottery from its headquarters on Prince Edward Island. The Canadian
Criminal Code generally prohibits lotteries, but allows charitable lotteries
conducted within their own provinces. The court ruled that although the
internet lottery would operate from Prince Edward Island, it would also
reach other provinces and thus it violated the Canadian Criminal Code.

27
High Court of South Africa, Witwater sr and Div., 10/97 (South Africa)
28
P.E.I., 2002 PES CAD 8 (Canada 2002) (Canada)

157
 Judicial Responses

United States v. Cohen29: The Court of Appeals affirmed a

decision by a lower court convicting Jay Cohen of operating an illegal
offshore internet sports gambling operation. Cohen operated a bookmaking
organization located in Antigua. Customers were required to maintain
accounts with the business, and would contact the organization by telephone
or internet to request particular bets. The organization would issue an
acceptance and confirmation of each bet. The Court of Appeals held that the
safe harbor provision of 18 U.S.C.S. § IO84(b), which shield an individual
from criminal liability under certain circumstances, did not apply. The court
noted that betting is illegal in New York, and that Cohen's customers were
placing bets by requesting the bets and having them accepted. In addition, the
court found that Cohen had the requisite mens rea, as it was not necessary
that he intended to violate the statute so long as he knowingly committed the
criminal acts.

8. Miscellaneous

Register.com, Inc. v. Verio, Inc30: Court issued a preliminary

injunction enjoining Verio, Inc. from either utilizing a search robot to obtain
information from Register. com's Whois database, or utilizing information
derived from that database for mass unsolicited advertising by telephone
direct mail or electronic mail.

Court held that Verio's actions would likely constitute a breach of

plaintiffs’ Terms of Use, as well as a violation of both the Computer Fraud
and Abuse Act and the Lanham Act and a trespass to chattels. In reaching this
conclusion, the court held that Register.com's Terms of Use are likely to
create a contract between Register.com and the users of its Whois database,
notwithstanding the fact that these users are not required to click an "I Agree"
button indicating their agreement to be so bound.

29
260 F. 3d 68 (2d Cir 2001) (USA)
30
126 F. Supp. 2d 238 (S.D.N.Y., December 12, 2000) (USA)

158
 Judicial Responses

State of Utah v. Amoroso31: The state of Utah may criminally

prosecute an Illinois corporation for liquor sales to Utah residents over the
internet, through the use of a telephone ‘800’ number, and by mail. Although
the Utah appellate court held that it was improper to apply the civil
"minimum contacts" analysis, the court held that there was criminal personal
jurisdiction in Utah over the defendants based upon the theory that the
conduct committed in Illinois caused an unlawful result in Utah. The court
also held that the prosecution was valid under the Twenty-First Amendment
and did not violate the Commerce Clause.

State of Pennsylvania v. Murgalis32: The Pennsylvania Superior

Court held that the internet falls under the definition of a "computer system"
and the use of e-mail is "accessing a computer" under a Pennsylvania criminal
statute.

The defendant was convicted of unlawful use of a computer, arising

from his failure to deliver items purchased online by customers, and his
passing of bad cheques to suppliers. The Pennsylvania statute prohibits the
use of a computer system with the intent to defraud. The court rejected the
defendant's argument that the internet is not a "computer system".

United States v. Sills33: A police officer was charged with using· software
and a radio scanner to intercept alphanumeric pager messages in violation of
the Electronic Communications Privacy Act. The judge denied the officer's
motion to dismiss, holding that the interception did not fall within the Act's
exemption for tone-only pagers, and rejecting a claim of selective prosecution.

St. Joseph Man Charged in District’s First Computer Hacking Indictment

KANSAS CITY, Mo. Todd P. Graves, United States Attorney for the Western
District of Missouri, announced today that a St. Joseph man has been indicted for
unauthorized computer intrusion. Graves noted that this is the first case of computer
hacking ever prosecuted in the Western District of Missouri, which recently launched

31
364 Utah Adv Rep. 3 (Utah Ct. App. 1999) (USA)
32
No 189 MDA 1999 (Pa Super. Ct., June 2, 2000) (USa)
33
S.D.N.Y. April 2000 (USA)

159
 Judicial Responses

a new Cyber Crimes and Child Exploitation Unit. Richard W. Gerhardt, 43, of St.
Joseph, Mo., was charged in an indictment returned under seal by a federal grand jury
on December 19, 2002. That indictment was unsealed and made public today upon
Gerhardt’s arrest and initial court appearance before U.S. Magistrate Judge Sarah W.
Hays. The indictment alleges that Gerhardt gained unauthorized access to the network
computer system of Nestle USA while employed as an information systems
consultant, working primarily at the Friskies Petcare plant in St. Joseph. Friskies
Petcare is a corporate subsidiary of Nestle USA, which in turn is a subsidiary of
Nestle S.A. of Vevey, Switzerland. On five separate occasions between August 12,
2001, and June 10, 2002, the indictment alleges, Gerhardt gained access to the Nestle
network computer system without authorization and in excess of his authorized
access. Gerhardt allegedly downloaded approximately 5,000 user account passwords
from Nestle’s system, costing the firm more than $5,000 to conduct a damage
assessment of, verify the security of, and restore the integrity of its computer system.
The various offices and facilities of Nestle USA and Nestle S.A. throughout the
United States and the world, including the Friskies Petcare plant in St. Joseph, are
linked together by a network computer system. Any computer or server connected to
that system, Graves explained, is thus a protected computer under federal law.
Gerhardt allegedly used a password-cracking software called L0phtCrack to retrieve
the passwords for user accounts on the system. Gerhardt then created a database
containing the user account passwords, the indictment alleges, and stored the database
in a file on a computer server connected to the system and in a file located on a laptop
computer issued to him by Nestle. While on the system, Gerhardt allegedly ran at
least one password recovery utility program and then stored the results in at least one
.zip file, creating a file which contained passwords he had obtained. Without
authorization, the indictment alleges, Gerhardt loaded and installed a program called
pwdump.exe on the Nestle network computer system and on the laptop computer
issued to him by Nestle. According to the indictment, the pwdump.exe program is
associated with an automated command that, at a preset time each day, communicated
to other computers on the Nestle network computer system and downloaded active
accounts and passwords. On June 3, 2002, Gerhardt allegedly caused the output from
the pwdump.exe program to be stored on a computer server connected to the Nestle
computer network system. Approximately 5,000 passwords associated with users of

160
 Judicial Responses

the Nestle computer network system were allegedly accessed and stored by Gerhardt.
The indictment alleges that on June 4, 2002, Gerhardt used a dial-up connection to log
onto the Nestle network computer system from a remote location. While on the
system, Gerhardt allegedly created a new and unauthorized administrator account.
Graves cautioned that the charge contained in the indictment is simply an accusation,
and is not evidence of guilt. Evidence supporting the charges must be presented to a
federal trial jury, whose duty is to determine guilt or innocence. The case is being
prosecuted by Assistant U.S. Attorney Gene Porter. The case was investigated by the
Federal Bureau of Investigation. (December 17, 2002) U.S. Department of Justice,
United States Attorney, District of New Jersey

Former Vancouver, Washington, Resident Pleads Guilty To Theft Of Trade

Secrets From Microsoft Corporation

John McKay, United States Attorney for the Western District of Washington,
and Charles Mandigo, Special Agent in Charge, Federal Bureau of Investigation,
announced that former Vancouver, Washington, resident ROBERT R. KEPPEL,
entered a guilty plea today to Theft of Trade Secrets, in violation of Title 18, United
States Code, Section 1832(a)(2). According to the plea agreement and other court
records in the case, beginning sometime in 1999, ROBERT R. KEPPEL began selling
Microsoft Certified System Engineer (MCSE) and Microsoft Certified Solution
Developer (MCSD) exams and answers via the Internet websites www.cheet-
sheets.com and www.cheetsheets.com.

Microsoft Corporation has certification programs for network engineers,

called Microsoft Certified Systems Engineer (MCSE), and Microsoft Certified
Solution Developer (MCSD), which involve passing approximately 28 exams that test
expertise in different MS software areas. Many of these areas include MS operating
systems, data bases, and networking issues. MS has this certification program so that
when a third-party user of their software hires an individual who is certified as a
MCSE or MCSD, that individual will have a known level of expertise in order to
properly administer the MS system. The MCSE and MCSD certifications are difficult
to acquire, but once an individual has the certification, that individual is highly
marketable to companies that use MS products, and just having the MCSE or MCSD

161
 Judicial Responses

certification usually raises salaries substantially. These exams are administered on

Microsoft’s behalf world-wide. When the tests are administered, there are two
separate “banner” pages that the test-taker encounters before the test starts. These
“banner” pages require the test-taker to agree to certain terms regarding the test
material including an agreement not to copy or release the test material. By the terms
of its contracts with the testing sites, MS does not allow the test material outside of
the testing locations for any reason. Consequently, the sale and distribution of
KEPPEL’s cheat-sheets” violated Microsoft copyright and constituted a conversion of
Microsoft proprietary information for personal gain. Microsoft’s development costs
for each test is approximately $100,000.00. In addition, when companies hire people
who have obtained MCSE and MCSD certificates by cheating, but who, in fact,
cannot install and maintain the systems correctly because they have neither
experience nor expertise in the Microsoft products commensurate with the
certificates, those companies tend to blame the Microsoft product, and become
reluctant to buy further products. Beginning sometime in January 2001, ROBERT R.
KEPPEL began to purchase, from an individual in Pakistan, actual copies of the
Microsoft MCSE and MCSD exams and answers, which that individual obtained by
photographing and/or videotaping the actual tests at a site in Pakistan. ROBERT R.
KEPPEL marketed those exams and answers via www.cheet-sheets.com, fully
realizing that they were copies of the actual exams and answers developed by
Microsoft Corporation. Between July 2000 and October 17, 2001, ROBERT R.
KEPPEL marketed numerous copies of MCSE and MCSD exams and answers via his
website www.cheet-sheets.com, selling them to persons throughout the United States,
including persons residing in the Western District of Washington. U.S. Bankcorp
bank records reflect that there were three bank accounts and one credit card listed for
ROBERT KEPPEL and Keen Interactive, including a personal checking account and
a money market account, both in the name of ROBERT KEPPEL; and a merchant
account listed in the name of KEEN INTERACTIVE.U.S. Bank records reflect that
among the Internet billing companies that were disbursing funds into the merchant
account was NOVA, a company that does billing for VISA and MASTERCARD.
NOVA records reflect that an account was opened by ROBERT KEPPEL, as owner
of Keen Interactive, on or about July 6, 2000. Since the NOVA account was opened,
there was a total of approximately $756,633.03 deposited into the merchant

162
 Judicial Responses

account. All of those funds constitute proceeds from the sale of MCSE and MCSD
exams and answers, as well as other exams that were proprietary information
belonging to Microsoft Corporation, Cisco, and other businesses, in violation of Title
18, United States Code, Section 1832(a) (2), and Section 2. In addition, during the
time period covered by the Information, ROBERT R. KEPPEL caused numerous
transfers of monies from the merchant bank account to KEPPEL’s personal checking
account, and savings (money market) account. In total, KEPPEL transferred
$200,200.00 to his personal checking account and $167,000.00 to his money market
account. U.S. Bank documents also reveal that, on September 14, 2001, KEPPEL
opened a new merchant account number in the name of CHEET SHEETS. The
ensuing deposits into this account were from credit card receipts constituting proceeds
from the sale of MCSE and MCSD exams and answers, as well as other exams that
were proprietary information belonging to Microsoft Corporation, Cisco, and other
businesses, in violation of Title 18, United States Code, Section 1832(a)(2), and
Section 2. On February 26, 2001, KEPPEL wrote a check number drawn on his
Money Market account, to Lexus of Portland, in the amount of $38,703.40, for a new,
white, Lexus RX300. This vehicle was purchased with proceeds from KEPPEL’s sale
of trade secrets, in violation of Title 18, United States Code, Section 1832(a)(2) and
Section 2.

On or about July 27, 2001, KEPPEL caused a wire transfer in the amount of
$112,000.00, to be made from his US Bank Money Market Account to the credit of
Premier Financial Services, in payment for a 1997 Ferrari 355 Spider. This vehicle
was purchased with proceeds from KEPPEL’s sale of trade secrets, in violation of
Title 18, United States Code, Section 1832(a)(2) and Section 2. As part of his plea
agreement with the United States, ROBERT R. KEPPEL has agreed to forfeit his
interest in the 2001 Lexus RX300 and the 1997 Ferrari 355 Spider referenced above
and over $56,000 seized from the various bank accounts referenced above. Sentencing
of ROBERT R. KEPPEL is scheduled for November 1, 2002, at 9:30 a.m., before
U.S. District Court Judge Robert J. Bryan. The maximum penalties for Theft of Trade
Secrets include imprisonment for up to ten years, a fine of up to $250,000.00, and a
period of supervision following release from prison of up to five years. This case was
investigated by the Federal Bureau of Investigation’s Computer Crimes Squad, and
was prosecuted by Assistant U.S. Attorney Annette L. Hayes.
163
 Judicial Responses

November 17, 2005, WWW.USDOJ.GOV, Department Of Justice CRM (202) 514-

2007
TDD (202) 514-1888

Six Defendants Plead Guilty in Internet Identity Theft and Credit Card Fraud
Conspiracy; Shadowcrew Organization Was Called 'One-Stop Online
Marketplace For Identity Theft'

WASHINGTON, D.C.-Six men who administered and operated the

“Shadowcrew. com” website one of the largest online centers for trafficking in stolen
credit and bank card numbers and identity information pleaded guilty today in federal
court, the Department of Justice and U.S. Attorney’s office for the District of New
Jersey announced today.

The one-stop online marketplace operated by the defendants was taken down
in October 2004 by the U.S. Secret Service, closing an illicit business that trafficked
in at least 1.5 million stolen credit and bank card numbers that resulted in losses in
excess of $4 million.

Andrew Mantovani, 23, of Scottsdale, Ariz.; Kim Taylor, 47, of Arcadia,

Calif.; Jeremy Stephens, 31, of Charlotte, N.C.; Brandon Monchamp, 22, of
Scottsdale, Ariz.; Omar Dhanani, 22, of Fountain Valley, Calif.; and Jeremy Zielinski,
22, of Longwood, Fla., entered guilty pleas to the lead count of conspiracy before
U.S. District Judge William J. Martini. Judge Martini scheduled sentencing in late
February and early March.

The defendants admitted their respective roles in the online conspiracy to

commit credit and bank card fraud, as well as identification document fraud.
Mantovani also pleaded guilty to a second count of unlawful transfer of identification
to facilitate criminal conduct. Mantovani admitted his role in illegally obtaining
approximately 18 million e-mail accounts with associated personal identifying
information.

Both the conspiracy and unlawful transfer counts carry maximum prison
sentences of five years and a maximum fine of $250,000. On Wednesday, Wesley

164
 Judicial Responses

Lanning, 22, of Grove City, Ohio, also pleaded guilty before Judge Martini to the
conspiracy count, as did Rogerio Rodrigues 22, of Chicago, on Sept. 22.

“These individuals proved in a big way that the Internet can be a dangerous
place where consumers can be victimized without warning,” said U.S. Attorney
Christopher J. Christie. “But as this case also shows, criminals operating in the virtual
world of the Internet are not ultimately anonymous. Their crimes can be traced and
documented, and they can be tracked down, arrested, prosecuted and sent to prison.”

“These guilty pleas illustrate the continued success of investigations such as

Operation Firewall in disrupting cyber criminal networks,” said David O’ Connor,
Special Agent in Charge of the Secret Service’s Newark Field Office. “Through the
joint efforts of the Secret Service and our partners at the state, local and federal levels,
we continue to aggressively investigate and successfully prosecute criminal activity
that threatens our country’s financial infrastructure.”

The Shadowcrew organization and its associated website, www.Shadowcrew.

com, was a hub of online identity theft activity, facilitating online trafficking in stolen
identity information and documents, as well as stolen credit and debit card numbers.
A year-long investigation by the Secret Service led to the arrests of 21 individuals in
the United States in October 2004. To date, 12 have pleaded guilty. Additionally,
several individuals were arrested in foreign countries.

The indictment charged that the administrators, moderators, vendors and

others involved with Shadowcrew conspired to provide stolen credit and bank card
numbers and identity documents through the Shadowcrew marketplace. The account
numbers and other items were sold by approved vendors who had been granted
permission to sell by administrators and moderators of the Shadowcrew site after
completing a review process.

During his guilty plea, Mantovani acknowledged his role as co-founder and
administrator of the Shadowcrew website. As such, Mantovani had the power to
control the direction of the organization as well as the day-to-day management of the
website. He admitted using techniques such as phishing and spamming to illegally
obtain credit and bank card information, which he then used to make purchases of

165
 Judicial Responses

merchandise online. The illegally obtained goods were then sent to a “drop” or
mailing address specifically set up to receive the stolen goods.

Stephens, Taylor, Mantovani, Zielinski, Monchamp and Lanning all

acknowledged that Shadowcrew members sent and received payment for illicit
merchandise and services via Western Union money transfers and digital currencies
such as E-Gold and Web Money. In addition, Mantovani admitted that in September
2004, he illegally acquired via computer, approximately 18 million e-mail accounts
with associated usernames, passwords, dates of birth, and other personally identifying
information approximately 60,000 of which included first and last name, gender,
address, city, state, country and telephone number.

U.S. Attorney Christie credited Special Agents of the Secret Service in

Newark, under the direction of Special Agent in Charge David O’Connor, in
Morristown, for their work in developing the case.

The government was represented by Assistant U.S. Attorney Kevin M.

O’Dowd of the U.S. Attorney's Office Criminal Division, and Kimberly Kiefer Peretti
from the Computer Crime and Intellectual Property Section of the Department of
Justice. February 11, 2005,Department Of Justice,Western District of Washington
United States Attorney

Juvenile Sentenced for Releasing Worm That Attacked Microsoft Web Site

A second person, a juvenile, has been sentenced in connection with the release
of a computer worm in August 2003 that attacked the same vulnerability in computer
software as the Blaster worm did. The worm of ten referred to as the RPCSDBOT
worm directed infected computers to log in on a computer (i.e. an Internet Relay Chat
channel) that the juvenile controlled. On August 14, 2003, the juvenile directed the
infected computers to launch a distributed denial of service attack against Microsoft's
main web site causing the site to shutdown and thus became inaccessible to the public
for approximately four hours. The juvenile was 14 years old when the activity
occurred.

The juvenile pleaded guilty in November 2004, to an act of juvenile

delinquency, under the Federal Juvenile Delinquency Act, Title 18, United States

166
 Judicial Responses

Code, Section 5032, because he intentionally caused damage and attempted to cause
damage to protected computers, in violation of Title 18, United States Code, Sections
1030(a)(5)(A)(i), 1030(a)(5)(B)(i), 1030(b), and 1030(c)(4)(A), and Section 2.

Today, Chief Judge Robert S. Lasnik sentenced the juvenile to three years of
probation with a number of restrictions including mental health counseling, and
computer monitoring. The Judge also ordered that the juvenile perform three hundred
hours of community service that involves work with the homeless or other less
fortunate members of the community. The juvenile told Judge Lasnik, "Seventeen
months ago, I made the worst mistake I ever made in my life. I did it out of curiosity
and did not think I would cause any damage. I am sorry, I created problems for
people, I did not even know." In sentencing the juvenile, Judge Lasnik said: "I hear
what you have said. You know what you did was wrong, and you aren't going to do it
again." The Judge also said he wanted to remain involved in the juvenile's
rehabilitation and thus required the juvenile to write him a letter every six months
describing the juvenile's activities and community service, and how this experience is
shaping the juvenile's life.

Judge Lasnik handed down the sentence today in a courtroom that was closed
to the public as required under the Federal Juvenile Delinquency Act. Pursuant to
federal statute, Title 18, United States Code, Section 5038, neither the identity of the
juvenile nor certain details of the investigation can be disclosed to the public. Still,
this prosecution and that of JEFFREY PARSON, sentenced to 18 months in prison
two weeks ago, send a strong message: "Computer hackers need to understand that
they will be pursued and held accountable for malicious activity, whether they be
adults or juveniles," stated John McKay, United States Attorney for the Western
District of Washington. "More importantly, parents must educate young people about
the risks and responsibilities inherent in using the Internet. Kids need just as much
guidance and supervision as when they first get behind the wheel of a car."

Even after two convictions in the investigation of the Blaster worm, it remains
an on-going investigation. According to Mr. McKay, "Law enforcement is continuing
its investigation into any additional persons who were involved in that activity. We
encourage anyone with information concerning this matter to contact the Federal

167
 Judicial Responses

Bureau of Investigation (FBI) and/or the United States Secret Service (USSS)." This
case was investigated by the Northwest Cyber Crime Task Force, which includes
local law enforcement in the Western District of Washington, the Seattle Division of
the FBI, and the Seattle Division of the USSS. Other divisions of the FBI and USSS
also provided assistance in the investigation.

Assistant United States Attorneys Annette L. Hayes prosecuted the case.

Due to the Juvenile Justice and Delinquency Prevention Act, Title 18, United
States Code, Sections 5031 et seq., no further comment or information can be
provided to the public at this time.

Press Releases

Former Standard Mortgage Corporation Clerk Pleads Guilty to Computer

Fraud Involving over one Million Dollar Theft

September 15, 2009

JODIE HOANG, age 34, a resident of Houston, Texas, pled guilty to a one-
count bill of information for computer fraud, announced U.S. Attorney Jim Letten.
Sentencing is set for December 10, 2009 before United States District Judge Carl J.
Barbier. According to the bill of information, HOANG was an accounting clerk at
Standard Mortgage Corporation located in New Orleans. Standard Mortgage
Corporation originates and services residential loans. The company had a computer
system in place which contained accounting software used in the production and
maintenance of mortgages. Part of the defendant’s duties as an accounting clerk was
to process funds received by Standard Mortgage Corporation at loan closings. Using
the computer system, HOANG changed the deposit code for payments made by
customers at mortgage closings. HOANG then created checks payable to herself or
her credit card providers from funds which she had previously fraudulently changed
the accounting codes. As the individual responsible for reconciling Standard’s general
operating account HOANG separated and concealed all cancelled checks which had
been made payable to her or her credit card providers.

168
 Judicial Responses

HOANG faces a maximum term of imprisonment of five (5) years, a $250,000

fine, a $100 special assessment, and be placed on a term of supervised release after
imprisonment for a period of up to three (3) years. She could also be ordered to pay
restitution to Standard Mortgage Corporation.

The case was investigated by agents of the Federal Bureau of Investigation

and is being prosecuted by Assistant U. S. Attorney Carter K. D. Guice, Jr. of the
Financial and Computer Crime Unit.

Alhambra Woman Found Guilty of Federal Charges for Trafficking in More

Than 30,000 DVDs with Counterfeit Dolby Trademarks January 13, 2012

LOS ANGELES : A federal jury today convicted an Alhambra woman on federal

charges related to the trafficking of more than 30,000 DVDs with the counterfeit
trademarks of Dolby Laboratory Licensing Corporation, a company responsible for
sound quality for DVDs and movies.

Dong Qun Lin, who also used the name ‘Melissa’(42) was found guilty
following a three-day trial of three counts of selling movies with counterfeit Dolby
trademarks, as well as conspiring with the owner of Tema Media, Inc., a Monterey
Park retail store where Lin was employed.

Tema Media sold counterfeit movies from China, some of which were
compilation disks featuring the Chinese and American movies of actors such as Jet Li
and Jackie Chan.

The case began in the fall of 2010, when U.S. Customs and Border Protection
seized three shipments destined for Tema Media that contained nearly 5,000 DVDs
with counterfeit Dolby trademarks. After the third seizure and after two notices by
CBP had failed to stop the unlawful conduct, U.S. Immigration and Customs
Enforcement obtained a search warrant for Tema Media.

During the execution of that warrant in January 2011, ICE agents seized
nearly 25,000 DVDs with counterfeit Dolby trademarks. Despite the search and the
warnings about the counterfeit Dolby trademarks, Lin and the store owner re-stocked

169
 Judicial Responses

store shelves and continued to sell the same DVDs with the same counterfeit Dolby
trademarks.

In May 2011, ICE agents executed another search warrant at Tema Media and
seized another 3,000 DVDs with counterfeit Dolby trademarks. Lin and the owner of
Tema Media, Jackie Weisheng Chen, were arrested on the same day of this search
warrant. Chen previously pleaded guilty to trafficking in counterfeit goods and is
scheduled to be sentenced later this year.

“The Department of Justice is committed to enforcing our nation’s intellectual

property rights,” said United States Attorney André Birotte Jr. “This case sends a
message to would be pirates and counterfeiters that my office can and will prosecute
them for their crimes.”

As a result of today’s guilty verdicts, Lin faces up to five years in prison on

the conspiracy charge and up to 10 years in prison on each of the three counts of
trafficking in goods with counterfeit Dolby trademarks. Therefore, Lin faces a
statutory maximum sentence of 35 years in federal prison.

United States District Judge Gary A. Feess is scheduled to sentence Lin on

April 30. Release No. 12-011.

170