Tribhuvan University

Institute of Science and Technology

Case Study on
Cyber Law in Nepal

Submitted to
Department of Computer Science
AMRIT SCIENCE CAMPUS

In fulfillment of the requirements for the BSC.CSIT Sixth semester

E-Governance practical work.

Submitted By
Hemant Khatiwada(20144)
Bharat Jung Chaudhary
Baivab Bidari
Uttam Tiwari

Acknowledgement
This research is an experience in itself. We worked hard to gather information regarding Cyber law in the
context of Nepal and prepare this document to this stage. We are also equally grateful to “Amrit Science
Campus” for providing us this opportunity to have the new experience.
 TABLE OF CONTENT
Abstract……….……….……….………. 1
Introduction……….……….……….……….2
Literature Review……….……….……….……….2
• Cyber Crime……….……….……….……….2
• Cyber Threat……….……….……….……….3
• Cyber security……….……….……….……….3
• Cyber Security Strategies……….……….……….4
• Cyber Law……….……….……….……….4

Objective……….……….……….……….……….4
Findings……….……….……….……….5
• Present Context of Cyber Laws in Nepal. ……….……….5
• Problems……….……….……….……….7

Solutions……….……….……….……….8
Recommendations……….……….……….8
Conclusion……….……….……….……….9
References……….……….……….……….9

1. Abstract
Human life is depending on online services which are making daily life easy and smart but
facing various challenges of cyber attack, threat and security. Huge numbers of criminal
activities are increasing day by day using ICT tools and applications. Government organizations,
citizens and businesses are being victims of cyber crime and threats. The risks of cyber attract
and threat is very high. The cyber security strategies, policies, plan and law, help to protect e-
government systems against threat and attack; and detect abnormal activities. The aim of this
paper is to explore cyber crime and cyber threat and security strategies and law. The content
analysis and survey methods are used for this research. The study concluded that the government
must conduct a professional analysis of cyber crime, cyber threat, cyber security, and cyber
strategies. This article has discussed about the legal requirements of cyber security.

1
 2. Introduction

The illegal actions are also growing as a result of the rapid growth of information technology, thus
the Cyber Law was created to prevent these crimes and safeguard digital communication and data.
Cyber Law is related to the legal informatics and supervises the digital circulation of information,
software information security and ecommerce. The Government of Nepal passed “The Electronic
Transaction and Digital Signature Act- Ordinance” Or Cyber Law on 30 Bhadra 2061 BS ( 2005
th

A.D. ). It was introduced to control the increasing cybercrimes i9n Nepal. Hacking and other forms
of cybercrime are on the rise in Nepal as well. Every industry is affected by corruption. Large
government agencies and certain businesses make use of pirated software. Even some of the
security agencies in charge of stopping this crime are thought to be breaking the law. Cracked
software can be easily found all over the internet in Nepal.
Cyber law covers a broad range of legal matters associated with the use of communications
technology. Internet usage and the use of any other kind of computer or digital processing device
are also included. Intellectual property, personal privacy, freedom of expression, and jurisdiction
are all included. Virtual Persons and Virtual Property are topics covered by cyber law. It addresses
Netizens' rights as citizens of cyberspace and cyberspace legislation for their peaceful and
harmonious existence. The incorporation of Cyber Law into the existing legal framework
governing the physical world is the largest obstacle. When the rights of Netizens are regarded
through the perspective of Citizens of a physical place, various difficulties arise since Cyber Space
has no geographical limits and neither do Netizens have physical attributes such as Sex, Age, etc.
The discrepancy between the system of domain names and the laws governing trademarks
effectively illustrates this. There are a number of nations that have passed specific legislation to
control citizen cyberspace transactions inside their physical jurisdiction, and these laws are known
as the cyber laws of the physical jurisdiction.
Unprecedented opportunities for communication and education are made possible by the
ubiquitous use of computers and Internet connections. Unfortunately, even while the majority of
people use the Internet as a potent and useful instrument for communication and education, some
people abuse its power for nefarious or terroristic objectives. By learning how to use the Internet
securely and responsibly oneself and as adults, we can reduce the harm that these people cause.

3. Literature review
3.1 Cyber crime
The term cybercrime refers to a variety of crimes carried out online, using the internet through
computers, laptops, tablets, internet-enabled televisions, games consoles and smartphones. It is
also defined as technology enabled crime, IT crime, digital crime, electronic crime, virtual crime,
net crime, and high technology crime. According to Halder & Jaishankar defined Cybercrimes as:
"Offences that are committed against individuals or groups of individuals with a criminal motive
to intentionally harm the reputation of the victim or cause physical or mental hurt, or loss, to the
victim directly or indirectly, victimization trendy telecommunication networks like Internet”. It is
the crime that involves a computer, a network, new technology and devices and the computer may

2
have been used as a weapon of a crime, or it may be the target as well as technology and system.
Some forms of cyber crimes, natures and models became high profile, significantly those
encompassing hacking, infringement of copyright, unwarranted masssurveillance, erotica,
software package piracy, material possession outlaw, cyber flower, false mail, defamation, and kid
grooming.

3.2 Cyber threat

Cyber attacks and cyber terrorism are the new looming threats on the horizon and the country needs to focus
on specific areas to guarantee cybersecurity. The threat to the security of ICT system may be from many
sources and in different forms. Some of the internal sources of threat are the employees of private or public
agencies, customers or end users of the programs. The external sources of threat may hackers,
criminal/terrorist groups or organizations, intelligence and investigating agencies. Cybercrime not only
threat a person or a nation's security and financial health of an organization but also victimize the social
reputation too. Threats to the assets may be of different types and varying intensities and impact values .
Threats to cyber security are often nearly divided into 2 general categories: actions geared toward and
supposed to break or destroy cyber systems and actions that ask for to take advantage of the cyber
infrastructure for unlawful. If you use e-mails connected to the Internet, it’s being scanned, probed, and
attacked constantly with the production of free hacking tools and cheap electronic devices. Cyber
fundamentals help us to guard against the most common cyber threats and demonstrate our commitment to
cyber-security. Threat actors will operate with substantial freedom from just about anyplace. Many
malicious tools and methodologies originate within the efforts of criminals and hackers. Public key
infrastructure providing the required level of authentication. The integrity and to have a continuous
awareness as well as training program to ensure citizens understand security threats know how to identify
potential issues and behave accordingly to maintain secure Government services in the different parts of
the country.

3.3 Cyber Security

Cybercrime encompasses any criminal act handling computers and networks; and includes ancient crimes
conducted through the web. The activity of protective information and knowledge systems like networks,
computers database, data centers and applications with appropriate procedural and technological security
measures is referred to as cyber-security. Firewalls, antivirus computer code, and other technological
solutions for safeguarding personal data and computer networks are essential but not sufficient to ensure
security. Cyber-security has emerged as a longtime discipline for pc systems. Security helps to ensure the
confidentiality, availability, and integrity of information systems by preventing Cyber security attacks.
Cyber-security covers physical protection each hardware and computer code of private data and technology
resources from unauthorized access gained via technological means that is a challenging issue in the country
public-private partnership may be a key element of cyber security. The public-private engagement may take
a variety of forms and may address awareness, training, technological improvements, vulnerability
remediation and recovery operations.

3
3.4. Cyber Security Strategies:
The inclusion of nasty hidden functions within the IT will undermine confidence in merchandise and
services, and have an effect on national security. Making the common subject of the country a lot of tuned
in to the threats. The prime concern of every nation is cyber-security today. The security situation of a
country is affected by country’s own strategy to maintain security and execution of the strategy, increasing
globalization trends and use and misuse of ICT practices of the country and global world. Safety and
security have become the principal prerequisites and obligations of a sovereign nation. Scientific invention
and innovation have altered the world and Nepal too. The strategy’s objectives included the reduction of
cyber threats, the establishment of international support, capacity building, and public private cooperation.
There are competing paradigms for viewing the cyber security problems. The motivations of nations
developing national cyber security strategies. The designation of responsibility for cybersecurity within
government is varies. The strategy focused on the three objectives:
(a) raise awareness among individuals and small business,
(b) improve government cybersecurity, and
(c) build strategic relationship to secure critical infrastructure.
The United States published an international strategy for cyberspace security. The United States divided
responsibility between defense and homeland security. Panama focused on six pillars in its strategy:
protecting privacy and human rights, prevention and punishment of cybercrime, fortifying national critical
infrastructure, building a national cybersecurity, industrial foundation, developing an ethnicity of
cybersecurity, and improving the security and response capability of public entities.

3.5. Cyber Law:

Cyber law is the law that has a spread of problems associated with the web and different communication
technology, as well as belongings and jurisdiction which control the cyber space. In Nepal cyber law is
called as Electronic Transaction Act (ETA) 2063, which were passed in 2004. Cyber law is the law
governing the facts that happen in the intangible digital world such as giving legal status to the intangible
information in the cyberspace. The cyber laws area unit vital and valid for control cyber matters. The
Government needs to be transparent in its function and for the same. It is the accountability of the State to
bring in sufficiently strong legislation to discourage cyber crime, threat, attract and put down the abuse of
the Internet and other cyber media for any illegal activities. Security is mainly about safeguarding the ICT
tools of any organization. The assets could be internal or external such as data, information, knowledge
resources, programs, hardware, and networks and so on. Cyber warfare poses a large threat to highly
computerized societies and culture. No country has been able to develop a safety policy that guarantee full
security in the communication practices within the context of globe. Regulatory changes are required for a
host of activities from procurement to service delivery. Different countries have completely different cyber
laws and cyber laws control bodies. In Nepal, cyber law is termed as Electronic dealing Act (ETA) 2063
which is available at: http://www.lawcommission.gov.np. Due to lack of proper mechanism to rule, monitor
and policies. The technology may threats the nation by criminal activities. Cyber laws are very important.
They provide security not only to the intellectual property of IT companies but also help to maintain the
privacy of internet users. It helps to keep us safe and to boost the IT economy in the world.

4. Objectives
Our study was primarily concerned to study the present context of Cyber Laws in Nepal. In order
to achieve an effectively resulting case study, we had designed some outlines as objectives to do
online as well as interactive research. The objectives that we designed for the purpose are:
4
 • To study the present status of cyber laws in Nepal in term of its effectiveness.
• To explore the extent of field of Cyber Laws.
• To study the provision made, and evaluate the result considering benefits provided.
• To extract various problem currently being faced in implementing Cyber Laws.
• To evaluate the problems, and determine the root cause.
• To provide appropriate solution for the corresponding problem.
• To understand the reliability of Laws and Acts currently being implemented.
• To realize if any of the Laws and Acts need to be amended or revised.
• To generate a proper case study document after completion of study and submit the
managed report to concerned authority.

5. Findings
After the collaborative effort of all our team members, based on pre-determined objectives, we
made some informative findings in term of Cyber Laws in present context of Nepal. Primarily, we
researched about Cyber Laws in official platform of Nepal Government regarding electronic data
exchange in nta.gov.np. Then we went through different websites, brochures, public review pages
for secondary information.
Huge numbers of criminal activities are increasing day by day using ICT tools, infrastructure and
applications. Government organizations, citizens, business are being victims by cyber crime and
threats. Government employees know about cybercrimes, cyber threat, cyber security and cyber
law. It is revealed in Table 1. 85.7% of respondents responded that they are aware of cybercrime,
threat, security and law.
How have respondents understood the meaning of cybercrime? An inquiry was made on it. The
following result was found. Taking or giving information by unauthentic use of other person's
computer (76.4%), unauthentic use of other person's computer, mobile, telephone, ATM card
(73.69) etc. is found to be taken by the respondent as cybercrime. Similarly, other definitions as
understood by respondents include leakage of personal as well as official information (74.3) and
unauthentic upload of video, audio and photo in the social media site (72.1%) Offense against the
nation using IT (73.6%) Threatening and harassing someone through telephone, mobile, internet,
email and other electronic media (72.1 %) and Hacking passwords, Wi-Fi, websites in order to
hamper the dignity of a person, family, society, unions, organization and nation (71.4) are the
major cyber crime activities.
We have managed our findings separately as actual study on Present context of Cyber Laws in
Nepal, Problems with the present Cyber Laws in Nepal and Solutions.

5.1 Present Context of Cyber Laws in Nepal

The Government Nepal issued electronic transaction ordinance 2061 in September 2004 as
ordinance. The house of representatives of the government of Nepal approve the Electronic
Transaction Act-2063 on December 4, 2006 and ministry of science. For the legal validity of
electronic records and digital signature, there is provision of controller of certification authority
(CCA). The act is divided into 12 sections and 80 clauses with detailed information on role and
rights of regulator, certification authority, customer, government and all the concerned

5
stakeholders.
The computer and cyber-crimes such as hacking, piracy, copyright violation, fraudulent and all
other deceitful activities have been clearly defined and punishment are set accordingly.

Table 1: Punishment for different cyber crimes

In following section of this dissertation, major cases reported and data provided by authorized
agency has been discussed for examining the present scenario of cybercrime and its threat in Nepal.

CASES
In this part, certain reported cases are discussed which exemplifies the existing pattern of
cybercrime in Nepal. These cases are collected from the national daily newspaper where media
constantly has been reporting commission of various instances of cybercrime in Nepal. Although
there are many cases reported by newspaper, the author has attempted to take few similar cases for
exemplification of the tendency and pattern of cybercrime.

i. Defamation online or Internet harassment

Nepal Police have caught a 27 -year-old man, who allegedly impersonated a girl in a Facebook
account. Acting on behalf of the girl, perpetrator posted vulgar comments and nude photographs
to different men including her friends.

6
Similarly,a victim lodged a complaint with police on August 1, 2011, demanding an action, after
he was tagged to nude photographs and online porn links. Likewise, police arrested perpetrator in
a case where the mobile number of a girl was publicly displayed on a fake account created in her
name, soliciting sexual relationships. She made complaint to police, when she started getting
telephone calls from strangers, asking about “rates per night".

ii. Unauthorized Access / Hacking

On March 18, 2013, Nepal Police arrested Naresh Lamgade of Anarmani, Jhapa for allegedly
hacking into the accounts of Nabil Bank’s customers by creating a fake website of the bank.The
perpetrator first sent email messages to Nabil’s e-banking customers asking them to change their
security codes and providing links to do so. Whoever clicked on the link was taken to the fake e-
banking website of Bank. When its account holders entered their identity and password, they
unsuspectingly revealed their private login details to Lamgade. Similar cases were reported to
Police as crime committed for e-banking of Nepal Investment Bank, Bank of Asia in Nepal

5.2 Problems with the present Cyber Laws in Nepal

• Lack of telecommunication and devices
Nepal is currently lagging far behind in proper availability of electronic devices for the security
purpose of electronic data exchange of individual or governing system. The available devices and
infrastructures are being unable to control the Cyber related crime and data misuse.
• Lack of financial resources.
Cyber related issues and electronic transactions are directly associated with electricity and
infrastructures costs high. The financial investment done should perform tangible benefit in
development country like Nepal. Due to the lack of certainty in outcome, financial resources is
facing lack of investment.
• Lack of general awareness to public.
Proper awareness should be provided to public regarding Cyber Laws and ethics. They should be
well known about the different nine provisions made under Electronic Transaction Act 2063 BS,
ethics they should follow while making electronic transactions and support they would get while
facing problems in electronic transactions.
• Lack of proper human resources.
Proper human resources should be made available whenever unexpected circumstances like
hacking, phishing, pirates occur. Even though there is availability, government is unable to manage
those human resources within nation.
• Ambitious laws and policies.

7
The current Laws and Policies do not properly include different level of general public
participating in electronic transaction. The laws seem to be ambitious which considers high profile
crimes.
• Lack of proper planning before implementing policies.
Various actions are taken without proper planning and homework. Currently, 5Gfacilities and
MDMS services has raised uneven proportion between general public.

6. Solutions for the Present Problems.

• Development of electronic infrastructures
Necessary infrastructures including appliances and financial resources should be properly
managed, proper laws should be implemented for import from foreign countries. Distribution and
use should be done under surveillance.
• Proper planning and research.
Governmental plan and policies should be inclusive and suitable to implement among various
range of general public. Before introducing new law, citizen, long term impact and current
recognition should be well understood.
• Public awareness
Public should be made aware properly about the Cyber Laws because the laws are made for welfare
of citizen and country. Similarly, they should be aware about the ethics they should follow while
using electronic transactions. They should be assured about the protection of their confidentiality,
their right by the current Act.

7. Recommendations
Department of Information and Technology of Nepal (DoIT) has provided suggestions regarding
Cyber security:
• Use strong Passwords and use different user ID. Make the password more complicated by
combining letters, numbers, and special characters and change them regularly.
• Don’t share it with anyone. Avoid replying unknown emails and do not open emails from
unknown sources. Do not respond to emails asking for personal information, credit card number,
pin-code, password etc.
• Keeping word/ PIN codes safe and memorize. Read privacy and policy statements before any
transaction.
• Surf only through a secure website. Log out immediately after completed online job.
• Check account statement to ensure that unauthorized transaction has taken place or not. Safe
online banking and online shopping and safely access Social networking websites.
• Be careful whereas communication with persons met online
• Make friends only known friends. Remove inappropriate information from profile. Do not post
personal information on social media. While using the internet at public place remember that
internet browsers like IE, Mozilla Firefox, Gmail, Hotmail etc. will save password on that
browser and account may be hacked.

8
• Firewalls monitor open connections including attachments in an email, block unauthorized
inbound and outbound internet traffic and disable internet add-ons such as cookies, pop-ups etc.

8. Conclusion
The biggest challenge before the cyber law is its integration with the legacy system of laws
applicable to the physical world. The unique structure of the internet has raised several legal
concerns. While grounded in physical computers and other electronic devices, the internet is
independent of any geographic location. While real individuals connect to the Internet and interact
with others, it is possible for them to withhold personal information and make their real identities
anonymous. If these are laws that could govern the internet, then it appears that such laws would
be fundamentally different from laws that geographic nations use today. Since the internet defies
geographic nations use today. Since the internet defies geographical boundaries, national laws will
be created to address concerns like intellectual property and individual rights. In effect, the Internet
will exist as its own sovereign nation.

9. References:
• Klimberg (ed). National cybersecurity framework manual. Trailing, Estonia: NATO CCD COE
Publication, (2012).
• A.M. Dario SGOBBI and Marco PAGGIO. Intrusion in a Mission Critical Network: A Tutorial
on Intrusion Detection Systems and Intrusion Prevention Systems. Modelling Cyber Security:
Approaches, Methodology, Strategies U. Gori (Ed.), (2009) IOS Press, doi:10.3233/978-1-60750-
074-2-68.
• A.VIDALI. Striking the Balance: Security vs. Utility. IOS Press BV Nieuwe Hemweg 6B 1013
BG Amsterdam Netherlands, (2009).
• Administration Reform Implementation Report (ARIR). High level administrative reform
implementation and monitoring committee, Singhadarbar, Nepal, (2014).
• Asian Development Bank Report, (2007).
• Subramanian. Cyber Security. International Journal of Recent Scientific Research, (2012). 3(3)
pp 197-200. Available online at: http://www.recentscientific.com.
• Cabinet Office. Cyber security strategy of the United Kingdom: safety, security and resilience in
cyber space, (2009). Available at: www.cabinetoffice.gov.uk/media/216620/css0906.pdf,
retrieved at 3 February, 2019.
• Lewis, James (February 2018). "Economic Impact of Cybercrime -No Slowing Down" (PDF).
• Cybercrime— what are the costs to victims - North Denver News". North Denver News. 2015-
01- 17. Retrieved 15 January 2019.
• Halder and K. Jaishankar. Cyber crime and the Victimization of Women: Laws, Rights, and
Regulations, (2011). Hershey, PA, USA: IGI Global. ISBN 978-1-60960-830-9.
• Electronic Act 2063.Government of Nepal. Available at: www.lawcommission.gov.np Retrieved
at 5 February, 2019.
• https://www.doit.gov.np/en/page/cyber-security-awareness. Accessed at 23 February 2019.