Digital Privacy and Security in Nepal

by

Digital privacy is when you can use the internet and connected devices without jeopardizing your information. Different people have different succor levels when it comes to digital privacy. We all hear about it in the news, in talks and on the internet. But what exactly is it? How can we be secure on the internet if our whole lives are on the web in this information age? Undoubtedly, for protection on the internet, what can we do? Well, in this article, we will provide useful information surrounding digital privacy and security in Nepal.

Firstly, what is digital privacy? Digital Privacy embraces a lot of things. But, in a nutshell, digital privacy is the assurance of one’s information as a result of making use of a computer-enabled device. When a user uploads data to a computer or the internet, there is a rational expectation that his information will remain shared between elite users that a person fancies sharing. This expectation is the case for people on the internet but principally social media users.

One person may be comfortable sharing their name, employer, home address and more on the web, while another may be uncomfortable with any of their information on the web. Digital privacy then is when the information accessible online about a given person is within his or her comfort zone.

There are three principal forms of digital privacy. These are Individual privacy, Communication privacy, and Information privacy. The term digital privacy is convenient due to its use in the context of consumer’s rights to glassiness and privacy on the internet. Typically, this term comes up in various forms of espousal associated with security in the digital age.

  • Individual Privacy

In the context of digital privacy, individual privacy is the opinion that individuals have a right to exist freely on the internet, in that they can choose what types of information they are exposed to, and more importantly that undesired information should not hinder them.  An example of a digital violation of individual privacy would be an internet user receiving undesired ads and emails/spam, or a computer virus that forces the user to take actions they otherwise wouldn’t. In such cases the individual, during that moment, doesn’t exist digitally without interruption from undesired information; thus their privacy has been encroached upon.

  • Communication Privacy

In the context of digital privacy, communication privacy is the thought that individuals should have the freedom, or right, to deliver information digitally with the expectation that their communications are secure; meaning that messages and communications will only be accessible to the sender’s original proposed recipient. However, communications can be hindered or delivered to other recipients without the sender’s knowledge, in an abundance of ways. Communications can be blocked directly through various hacking methods, this is expanded upon further below. Communications can also be delivered to recipients unbeknownst to the sender due to false hypotheses made regarding the platform or tool which was used to send information. An example of this is the failure to read a company’s privacy policy regarding communications on its platform could direct one to consider their communication is protected when it is not. Additionally, companies often have been known to lack glassiness in how they use information, this can be both deliberate and involuntary. Discussion of communication privacy necessarily requires the notion of technological methods of protecting information/communication in digital mediums, the effectiveness and ineffectiveness of such methods/systems, and the development/advancement of new and contemporary technologies.

  • Information Privacy

In the context of digital privacy, information privacy is the thought that selves should have the freedom or right, to ascertain how their digital information, chiefly that about personally identifiable information, is obtained and used.  For example, some legislation, or lack of, allows companies to self-regulate their collection and dissemination practices of consumer information.

 

Law on Digital Privacy and Security in Nepal

In Nepal, Electronic transaction and Digital Signature Act, 2063 deals with cyber-related issues. Under this Act, Hacking, deleting data, stealing e-documents, software piracy and posting defamatory information are incorporated as the punishable offenses.

  • Section 44 of the Act states, Pirating destroying or modifying computer source code or making other to do so, with a malicious intention using a computer, computer program, computer system or network can make him/her liable to the punishment with imprisonment not exceeding 3 years or fine not exceeding 2 lakhs or with both.
  • Section 45, of the same Act, states that unauthorized access in computer materials shall hold the liability with the same intensity of punishment as in chapter 44.
  • Section 46, states that Damage made to any Computer and Information System knowingly or with a malicious intention to cause wrongful loss or damage to any institution destroys, damages, deletes, alters, disrupts any information of any computer source shall be liable to the punishment set above.
  • Section 47, states that any Publication of Illegal materials in an electronic form that are prohibited to publish or display by the prevailing law which contrary to public morality or decent behavior or any types of materials which may spread hate of jealousy against anyone or may jeopardize the harmony between castes, tribes and communities shall be liable to punishment with the fine not exceeding 1 lakh or imprisonment not exceeding 5 years or with both. Where, if any person repeatedly commits the same crime may be liable to the punishment of one and one and a half percent of the sentence previously received.
  • Section 48, of the same Act, protects the Confidentiality to Divulge by making any unauthorized access to any book, record, register, correspondence, data, documents or any other material may be liable to excellent not exceeding 10,000 rupees or imprisonment not exceeding 2 years or with both, depending on the degree of the offense
  • Section 49, states the provision related to Information of False Statement to acquire any digital signature shall be liable to the punishment with fine not exceeding 1 lakh or with imprisonment not exceeding two years or with both.
  • Section 52, states that, if any person, intending to commit computer fraud or any other illegal act, creates, publishes or otherwise provides digital signature certificate or acquires benefit from the payment of any bill, balance from others account, any inventory or ATM card or otherwise by committing any fraud, the amount to the financial benefit so acquired shall be recovered from the offender and shall be liable to the punishment with a fine not exceeding 1 lakh rupees or with an imprisonment not exceeding 2 years or with both.
  • Section 53, of the Act, states that, If any person Encourages to commit computer-related offense or involves in conspiracy shall be liable to the punishment with fine not exceeding 50,000 rupees or with imprisonment not exceeding 6 months or with both, depending on the degree of the offense.
  • Section 54, Punishment to the accomplice, a person who assists others in committing any offense under this Act or acts as the accomplice, by any means shall be liable to one half of the punishment for which the principal is liable. Section 55, if any person commits an offense under this Act and which involves the computer, computer system or computer network system located in Nepal, even though such action is undertaken while residing outside Nepal, a case may be filed against such a person and shall be punished accordingly.
  • Section 57, in case of Offences Committed by a corporate body, the Chief for the operation shall be responsible for such act, but if the person responsible as a chief of the process of such corporate body proves that an offense was committed without his/her knowledge or even after he/she exercised reasonable efforts to prevent such an offense, he/she shall not be liable to the guilt and such person who committed such act shall be liable to the punishment.
  • Section 58, states that, if any violation of this Act or Rule framed hereunder has been committed, for which no penalty has been separately provided, such a violator shall be liable to the punishment with fine not exceeding 50,000 rupees or with imprisonment not exceeding six months or with both. In this technological world, Cybercrime has been a growing threat to a person, property, and government at large. Day after day the number of crimes related to cybersecurity has been increasing with the growth of computer literacy, the government agencies such as tax offices, banks, and other private companies store valuable details in the electronic forms to preserve them.

How to protect Information?

In order not to share too much personal information, emails must have encryption. Surfing of web pages, as well as other online acts, is ideally done in a way that is not detectable via “anonymizers”. In case these aren’t reliable, by open-source distributed anonymizers, also referred to as mix nets, together with I2P or Tor – The Onion Router.

Virtual Private Networks (VPNs) are some other “anonymizers” that may be used to present some extra safety online. This method includes obstructing and encrypting web site traffic for different groups or individuals not to see or mine it.

Email is also another source of internet content that has a wide range of privacy issues. In an age where our information is online, social networking web sites pose additional hurdles in privacy. Sometimes, people tagged in photos results in the exposure of valuable information on them. Additionally, accidental publication on data about the location may happen.

For example, when someone posts an image with a recognizable background. People should also exercise caution on the information they post because social networks are inconsistent in what they allow as private and what may remain public in reality.

If there are no strong guidelines for the security of information, coupled with attention for what remains public, then a person may be subject to profiling. This profiling is a catalyst for issues like cyberstalking or damaging a reputation.

Conclusion:

In conclusion, the Internet has been a pleasing technological invention but with this invention comes issues such as privacy when using the Internet.  The benefits to the Internet and privacy are that it does allow people to communicate with one another as well as share information about numerous topics.  Some limitations of privacy and the Internet include intrusion of privacy, sites using personal information from their users to benefit themselves and sell the information to merchants, and spamming.

Overall, privacy and the Internet is a major concern for most people.  More action should be taken by the law to try and protect more people and keep them safe from the invasion of privacy when using the Internet.  However, with the lack of legislation in controlling privacy on the Internet, people need to be aware of the risks of putting personal information out on the Internet.  They also need to realize that just because a site or social network says that they protect the privacy of that individual, this usually isn’t the case.  With awareness by Internet users and restricting themselves from putting certain information online, privacy can be better protected.