TransWikia.com

What is the definition of computer virus by law?The definition seems to be broad

Law Asked on January 22, 2021

According to the Indian IT Act we cannot place computer virus(which includes cookies) without user permission but does that mean we need to take permission even for placing nessecary cookies?

According to the IT Act the definition of computer virus as given here says that it is any information that executes itself as soon as another program is started. Now many apps are set to autostart with windows.

(iii) "computer virus" means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource;

Also, several websites deploy cookies and they too fall under this definition as provided here. Now the definition made there makes it seem many websites accessible in India are illegal. How is it possible? Is it really the definition made. (This is not legal advice)

My question here is according to the definition many things including cookies and other daily b software become illegal which is not the case in India. How am I misinterpreting the definition?

It is true that by taking permission this can be avoided but some cookies are necessary for the function of the website without consent so do we have to take permission for even necessary cookies?

2 Answers

It's possibe to cover auto-starting apps and cookies under the definition. I'm not convinced and could argue against that but I don't think it matters.

The tiny extract you linked isn't a law. It is a definition. It does not say "these things are illegal". For that, we have to zoom out a little. Section 43 includes the offense in question (emphasis mine):

If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network... introduces or causes to be introduced any computer contaminant or computer virus...

So back to the question. Could Steam be considered a virus? Maybe. Is it illegal? No.

On the other hand, if I were to gain access to your computer and download Steam, yes that could be an example of breaking that law.

Correct answer by Studoku on January 22, 2021

The definition is very problematical. It looks like it was drafted by someone who had talked to a programmer but not really understood what they heard.

  1. It tries to cover all malware under the heading of "virus". This isn't much of a problem because most laymen confuse the two anyway, but its not a good thing.

  2. It is ambiguous due to the collection of "and" and "or" clauses. The computer world has conventions for disambiguating this stuff (akin to the rules for "3+4*5"), but I don't believe English does.

Trying to read it in the most sensible way, it seems to say that a "virus" is something that

  • Damages performance of a computer resource, OR
  • Attaches itself to another resource AND operates when some event takes place in that resource.

If this reading is correct then cookies are not viruses under this definition, as they neither damage performance or "operate" in any sense. They are merely read and written.

A program that sets itself to autostart is arguably falling under the second part of the definition; it attaches itself to another resource (the Windows list of autostart programs) and operates when some event takes place in that resource (Windows executes that list of programs).

However a bigger problem is the definition of "computer contaminant":

  • (i) ―computer contaminant means any set of computer instructions that are designed–
    • (a) to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or
    • (b) by any means to usurp the normal operation of the computer, computer system, or computer network

Paragraph (a) clearly covers any program at all, with the possible exception of programs that never write any data (its not clear what "record" might mean in this context).

As @Studoku's answer says, the question of whether this is illegal depends on the permission of the owner. So it seems that this law says that amost all programs are "viruses" or "contaminants", but that only some of these are illegal. This is the Humpty-Dumpty school of legal drafting.

"Permission" is a very grey area in much of computer law because it depends on the intent of the owner, but so much of what a computer program does happens out of sight of the owner that they may not have an identifiable intent regarding any particular action performed by the program. If an otherwise honest program adds itself to the start-up list without asking first, does that make it illegal? If the owner only forms an opinion after the fact then its unclear, to say the least. This is similar to the "authorisation" issues in the US Computer Fraud and Abuse Act.

Answered by Paul Johnson on January 22, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP