Computer resource

From Justice Definitions Project


1.What is a Computer Resource?

Computer resources encompass all elements that facilitate the execution of tasks and the achievement of goals in a computing environment. These resources include system elements such as CPU power, memory allocation, hard drive storage, network bandwidth, and battery life.[1]In simple terms, “Every device connected to a computer system is a resource”.[2]We find differing definitions of a computer resource. One instance of this is the following definition from a business school's guidebook:

Computer Resources means all computer hardware, software, communications devices, facilities, equipment, networks, passwords, licensing and attendant policies, manuals and guides.[3]

In a broader sense, computer resources comprise the information technology infrastructure and tools required to operate and support mission-critical systems. They can be both physical—such as servers in an on-premises data center—and virtual—as desktops that are spun up on demand.[4]This includes not only hardware and software but also manpower, personnel, and associated documentation, such as licenses and support services.[5]

Not all technological elements qualify as computer resources. For instance, a firewall, although critical for network protection, is not considered a computer resource. Similarly, attributes like the physical weight of a book are irrelevant to the scope of computer resources.

2. Official Definition of the Term

2.1 Term as defined in Legislation

The primary legislative source for the definition of a computer resource in India is the Information Technology Act, 2000. As per Section 2(k) of the Information Technology Act of 2000, Computer resource includes a computer, computer system, computer network, data, computer database, or software.[6] Section 2(k) provides an exhaustive definition of a computer resource.

2.2 Term as defined in case law

In the case of Swami Ramdev v. Facebook, Inc. (2019), The Delhi High Court expanded the interpretation of "computer resource" to address defamatory online content, advocating for global takedown orders.

2.3 Legal Provisions related to the term

  • Section 2(1)(i): Defines a "computer" as any electronic, magnetic, optical, or other high-speed data processing device or system that performs logical, arithmetic, and memory functions through electronic impulses. It also includes components like input/output devices and communication facilities connected to the system.
  • Section 2(1)(l): A "computer system" refers to a device or collection of devices, excluding non-programmable calculators, which operate with external files and execute logical, arithmetic, and data storage functions.
  • Section 2(1)(j): A "computer network" describes the interconnection of computers, systems, or devices via satellite, microwave, terrestrial lines, wire, or wireless communication media.

2.4 International Frameworks

The Budapest Convention on Cybercrime, although specifically doesn’t mention the term ‘computer resource’, defines another closely related term ‘computer system’ as follows: "computer system" means any device or a group of interconnected or related devices, one or more of which, pursuant to a program, performs automatic processing of data.[7]

In the Commonwealth Model Law on Computer and Computer Related Crimes Bill, “computer system” means a device or a group of inter-connected or related devices, including the internet, one or more of which, pursuant to a program, performs automatic processing of data or any other function.[8]

3. Specific Sectoral Frameworks in India for Computer Resource

The Clinical Establishments (Registration and Regulation) Act, 2010, applicable in states that have adopted it, regulates clinical establishments. While it does not explicitly define "computer resources," Section 12(3) states that every clinical establishment shall maintain electronic records of patients and exchange information between health care providers as prescribed.[9]

Similarly, the Digital Information Security in Healthcare Act (DISHA), 2018 (Draft) aims to regulate the generation, collection, storage, and transmission of digital health data.[10]

The Electronic Health Record (EHR) Standards, 2016, provide guidelines for managing digital health records, emphasizing IT infrastructure in healthcare settings. These standards, issued by the Ministry of Health and Family Welfare, underscore the growing role of computer resources in healthcare.[11]

The Reserve Bank of India's Cyber Security Framework in Banks, 2016, provided guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds with an intention of pushing banks to pro-actively create/fine-tune/modify their policies, procedures and technologies based on new developments and emerging concerns around computer resources and their related uses.[12]

The RBI, in furtherance of promoting awareness around cyber- security and use of computer technology, issued guidelines providing a comprehensive framework for NBFCs to enhance their cyber security measures. These guidelines empower NBFCs to enhance their cyber defenses, protect customer data, and ensure business continuity.[13][14]

The Payment and Settlement Systems Act, 2007 provides for regulation of payment gateways and electronic, computer based payments. It even covers oversight of computer-based payment networks. Although the act doesn't cover the entire gamut of computer resources, it does deal with a significant and central function of computer and digital payments which have risen over the years.[15]

Another extremely significant legislation which regulates a very crucial function of data creation and management by fiduciaries and intermediaries is the Digital Personal Data Protection Act, 2023. The act achieves multiple ends including placing obligations on Data Fiduciaries using computer resources, security safeguards, and breach reporting.[16]

  • Crime Records Database: Maintained by NCRB, stores data on computer resource-related crimes under the head "Cyber Crimes against Computer Systems/Networks".[17][17]
  • Cyber Crime Reporting Portal: Categorizes offenses related to computer resources as defined under the IT Act. Cyber Crimes can be reported on this platform.[18]

4.Legal Provisions Related to Computer Resources

The IT Act, 2000, lays out penalties and regulations for unauthorised or harmful activities involving computer resources, such as -

  • Section 43: Penalises unauthorised access or disruption of computer resources.
  • Section 43A: Compensation to the affected party when data gets leaked due to negligent security practices
  • Section 65: Criminalises unfair interference with the computer system, computer programme or computer network
  • Section 66: Criminalises the offences listed down in Section 43
  • Section 66B: Punishment for dishonestly receiving stolen computer system, computer programming code, etc.
  • Section 66D: Imposes punishment for impersonation through a computer resource
  • Section 66F(1)(A): Criminalises denial of access to computer resource for spreading cyber terrorism
  • Section 66F(1)(B): Criminalises unauthorised access to a computer resource to obtain information which can cause injury to national security, or which can harm sovereignty and integrity of the state, public order, decency or morality, or foreign relations of the state
  • Section 67B(c): Punishment for obscene materials depicting children that may offend a reasonable adult on the computer resource
  • Sections 69, 69A, and 69B: Empower the government to intercept, monitor, decrypt, or block public access to information hosted on computer resources for security or public interest purposes.
  • Section 70: Declaration of any computer resource that affects the national security, economy, public health or safety to be a protected system
  • Section 75: Application of the Act to those offences committed outside India which involve a computer resource
  • Section 79(2)(b): Establishes the intermediary's duty to remove the material on the computer resource being controlled by it, which is being used to commit an unlawful act

Further, the following are some of the sections that relate to computer resources in India:

Section 1, Bharatiya Nyaya Sanhita, 2023: Application of Bharatiya Nyaya Sanhita, 2023 to an extra-territorial offence being committed on a computer resource located in India

Section 2, Protection of Children from Sexual Offences Act, 2013: Includes a computer-generated picture in the definition of "child pornography"

Section 37, Digital Personal Data Protection Act, 2023: Authorises the Central Government to obstruct access to data stored in a computer resource in the larger public interest

3. Specific Sectoral Frameworks in India for Computer Resource

The Clinical Establishments (Registration and Regulation) Act, 2010, applicable in states that have adopted it, regulates clinical establishments. While it does not explicitly define "computer resources," Section 12(3) states that every clinical establishment shall maintain electronic records of patients and exchange information between health care providers as prescribed.[9]

Similarly, the Digital Information Security in Healthcare Act (DISHA), 2018 (Draft) aims to regulate the generation, collection, storage, and transmission of digital health data.[10]

The Electronic Health Record (EHR) Standards, 2016, provide guidelines for managing digital health records, emphasizing IT infrastructure in healthcare settings. These standards, issued by the Ministry of Health and Family Welfare, underscore the growing role of computer resources in healthcare.[11]

The Reserve Bank of India's Cyber Security Framework in Banks, 2016, provided guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds with an intention of pushing banks to pro-actively create/fine-tune/modify their policies, procedures and technologies based on new developments and emerging concerns around computer resources and their related uses.[12]

The RBI, in furtherance of promoting awareness around cyber- security and use of computer technology, issued guidelines providing a comprehensive framework for NBFCs to enhance their cyber security measures. These guidelines empower NBFCs to enhance their cyber defenses, protect customer data, and ensure business continuity.[13][14]

The Payment and Settlement Systems Act, 2007 provides for regulation of payment gateways and electronic, computer based payments. It even covers oversight of computer-based payment networks. Although the act doesn't cover the entire gamut of computer resources, it does deal with a significant and central function of computer and digital payments which have risen over the years.[15]

Another extremely significant legislation which regulates a very crucial function of data creation and management by fiduciaries and intermediaries is the Digital Personal Data Protection Act, 2023. The act achieves multiple ends including placing obligations on Data Fiduciaries using computer resources, security safeguards, and breach reporting.[16]

  • Crime Records Database: Maintained by NCRB, stores data on computer resource-related crimes under the head "Cyber Crimes against Computer Systems/Networks".[17][17]
  • Cyber Crime Reporting Portal: Categorizes offenses related to computer resources as defined under the IT Act. Cyber Crimes can be reported on this platform.[18]

4. International Experience

4.1 Domestic Laws of foreign countries

A. United States of America:

The U.S. Computer Fraud and Abuse Act (CFAA) defines a ‘computer’ as follows in its national legislation:

As used in this section (1) the term "computer" means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device.[19]

The Federal Acquisition Legislation (FAR) of the United States describes a computer resource as a broad category encompassing hardware, software, and data required for technical and operational activities in Part 23, Sub-part 7, and Section 1.

The Florida Statutes define a computer system as a device or a collection of devices, including those with programs, instructions, and data processing capabilities, excluding non-programmable calculators.[20]

B. Singapore:

A very comprehensive and exhaustive definition of a computer is provided by Singapore's 'Computer Misuse Act' of 1993 wherein a “computer” means an electronic, magnetic, optical, electrochemical, or other data processing device, or a group of such interconnected or related devices, performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device or group of such interconnected or related devices.[21]

Cyber Security Act, 2018 of Singapore, defines the computer and computer system. “Computer” means an electronic, magnetic, optical, electrochemical, or other data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but does not include such device as the Minister may, by notification in the Gazette, prescribe; and computer system” means an arrangement of interconnected computers that are designed to perform one or more specific functions, and includes — (a) an information technology system; and (b) an operational technology system such as an industrial control system, a programmable logic controller, a supervisory control and data acquisition system, or a distributed control system.[22]

C. European Union

Article 2(1) of Commission Regulation EU No. 617/2013 defines a computer as a device that performs logical operations, processes data, and incorporates a CPU for performing operations. It further stipulates that devices lacking a CPU must function as servers to qualify as computers.[23]

5. Research that engages with term

Justice B.N. Srikrishna Committee, in its recommendations for the Digital Personal Data Protection Law, emphasized in Clause 23C of Subclause 1(3)(C) that the central government should authorize officers of a rank equivalent to or higher than a Gazetted Officer to access any computer resource or device containing or suspected to contain data.[24] This provision aligns with Section 37(1) of the Digital Personal Data Protection Act, 2023, which enables the Central Government to block public access to information hosted on computer resources when deemed necessary for public interest.[25]

Pavan Duggal's Cyber Law: The Indian Perspective provides detailed commentary on Section 2(1)(k) of the IT Act (“computer resource”), including coverage of mobile phones, cloud systems, and IoT.[26]

Mr Saurabh Bobade and Lowlesh Nandkishor Yadav's research paper Cyber Security and and Threats analyses computer resource as inclusive of system and networks and not just standalone PCs but servers, networks, connected devices, and by extension, data-processing infrastructure.[27]

Multiple other sources also provide similar definitions of computer systems or resources. Some of them include ISO/IEC standards that use the term “information system” or “IT assets” rather than “computer resource.”[28]

6. Challenges

  1. Evolving Technologies - Laws must adapt to encompass advancements like IoT and cloud computing. Two prominent emerging technologies causing a hurdle include: Quantum computing which represents the next frontier in computing power, with the potential to solve problems that are currently intractable for classical computers. Edge computing which involves processing data closer to the source, reducing latency and bandwidth usage, and enabling real-time processing for IoT and other applications.[29]
  2. Skill Gaps - A shortage of digital forensics expertise among law enforcement hampers effective investigations.
  3. Outdated Legislation - The IT Act, 2000, requires modernization to address contemporary technologies
  4. Energy Efficiency- There are two components under this hurdle which are:

a. Importance of reducing power consumption: As compute resource demand grows, so does the need for energy-efficient solutions to reduce operational costs and environmental impact.

b. Emerging technologies and practices: Technologies like low-power processors, liquid cooling, energy-efficient data centers, and green computing practices are being developed to address energy efficiency concerns.[29]

5. Security

a. Protecting compute resources from threats: Securing compute resources involves protecting them from cyber threats, ensuring data integrity, and preventing unauthorized access.

b. Role of encryption, access management: Encryption and access management are critical components of compute resource security, safeguarding data and controlling user access.[29]

7.Way Forward

  1. Update Legal Definitions - Regularly revise the IT Act to include emerging technologies.[30]
  2. Capacity Building - Train law enforcement and judicial officers in technical skills like log analysis and data recovery.
  3. Enhanced Collaboration - Foster partnerships among private sectors, academia, and international agencies to tackle cybersecurity challenges.

8. Related Terminologies

  1. Computing Infrastructure - Encompasses hardware, software, and networks enabling IT services.[31]
  2. Cyber Resources - Broadly includes virtual tools, services, and data.[32]
  3. Computing Facilities - Represents combined resources like hardware, software, and networks.[33]
  1. https://brave.com/glossary/resource/
  2. https://itlaw.fandom.com/wiki/System_resource
  3. Employee Handbook JMS 2024-2025
  4. https://www.hpe.com/emea_europe/en/what-is/compute-resources.html
  5. https://webarchive.library.unt.edu/web/20161117201112/https://acc.dau.mil/CommunityBrowser.aspx?id=661807&lang=en-US
  6. https://www.indiacode.nic.in/bitstream/123456789/13116/1/it_act_2000_updated.pdf
  7. Council of Europe - Convention on Cybercrime (ETS No. 185)
  8. https://production-new-commonwealth-files.s3.eu-west-2.amazonaws.com/migrated/key_reform_pdfs/P15370_11_ROL_Model_Law_Computer_Related_Crime.pdf
  9. 9.0 9.1 https://clinicalestablishments.gov.in/cms/home.aspx
  10. 10.0 10.1 http://www.clinicalestablishments.gov.in/cms/Home.aspx
  11. 11.0 11.1 https://vikaspedia.in/health/nrhm/national-health-policies/electronic-health-record-standards-for-india#:~:text=The%20Ministry%20of%20Health%20and,%2Doperability%20in%20capture%2C%20storage%2C
  12. 12.0 12.1 https://www.rbi.org.in/commonman/English/scripts/Notification.aspx?Id=1721
  13. 13.0 13.1 DNBS.PPD.No.04/66.15.001/2016-17
  14. 14.0 14.1 https://wesecureapp.com/compliance/rbi-guidelines-for-cyber-security-in-the-nbfc-sector
  15. 15.0 15.1 The Payment and Settlement Systems Act, 2007, ACT NO. 51 OF 2007
  16. 16.0 16.1 THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023 (NO. 22 OF 2023)
  17. 17.0 17.1 17.2 17.3 https://www.ncrb.gov.in/uploads/files/2CrimeinIndia2023PartII2.pdf
  18. 18.0 18.1 https://cybercrime.gov.in/
  19. Computer Fraud and Abuse Act (18 USC 1030)
  20. http://www.leg.state.fl.us/statutes/index.cfm?App_mode=Display_Statute&URL=0800-0899/0815/0815.html
  21. Computer Misuse Act 1993, Act 16 of 2023 wef 08/02/2024
  22. https://sso.agc.gov.sg/Acts-Supp/9-2018/#pr2-
  23. https://eur-lex.europa.eu/eli/reg/2013/617/oj/eng
  24. https://www.meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf
  25. https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf
  26. https://www.pavanduggal.com/
  27. https://www.researchgate.net/publication/388868785_CYBER_SECURITY_AND_THREATS
  28. https://www.iso.org/home.html
  29. 29.0 29.1 29.2 https://www.hpe.com/emea_europe/en/what-is/compute-resources.html
  30. INFORMATION TECHNOLOGY LAWS SECTION. (n.d.). Available at: https://www.cio.gov/assets/files/Handbook-Laws.pdf
  31. Building Cyberinfrastructure for the 21st Century, National Science Foundation, 2007
  32. "Towards an Ecosystemic Paradigm in Cybersecurity" (2020)
  33. Guidelines for IT Security Management, DSCI & FDCC, 2003
Retrieved from "https://jdc-definitions.wikibase.wiki/w/index.php?title=Computer_resource&oldid=10250"