Prof. SVK

Cyber Law Prof. Shrinivas VK

Prof. SVK

Need of Cyber Law

"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb".

National Research Council, U S A "Computers at Risk”.1991

Prof. SVK

Cyber Law ?

Cyber Law is the law governing cyber space.

Cyber space includes computers, networks, software's, data storage devices (such as hard disks, USB disks etc), the Internet, websites, emails and even electronic devices such as cell phones, ATM machines etc.

Prof. SVK

Cyber Law Deals with

Cyber Crimes

Electronic or Digital Signatures

Intellectual Property

Data Protection and Privacy

Prof. SVK

IT Act, 2000

• Enacted on 17th May 2000- India is 12th nation in the world to adopt cyber laws

• IT Act is based on Model law on e-commerce adopted by UNCITRAL

Prof. SVK

Objectives of the IT ActTo provide legal recognition for transactions:-• Carried out by means of electronic data interchange, and

other means of electronic communication, commonly referred to as "electronic commerce“

• To facilitate electronic filing of documents with Government agencies and E-Payments

• To amend the Indian Penal Code, Indian Evidence Act,1872, the Banker’s Books Evidence Act 1891,Reserve Bank of India Act ,1934

Prof. SVK

Extent of application• Extends to whole of India and also applies to any offence or

contravention there under committed outside India by any person {section 1 (2)} read with Section 75- Act applies to offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India

• Section 2 (1) (a) –”Access” means gaining entry into ,instructing or communicating with the logical, arithmetic or memory function resources of a computer, computer resource or network

Prof. SVK

Definitions ( section 2)• "computer" means electronic, magnetic, optical or other high-speed data

processing device or system which performs logical, arithmetic and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software or communication facilities which are connected or relates to the computer in a computer system or computer network;

• "computer network" means the inter-connection of one or more computers through-

• (i) the use of satellite, microwave, terrestrial lime or other communication media; and

• (ii) terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained;

Prof. SVK

Definitions ( section 2)• "computer system" means a device or collection of devices, including

input and output support devices and excluding calculators which are not programmable and capable being used in conjunction with external files which contain computer programmes, electronic instructions, input data and output data that performs logic, arithmetic, data storage and retrieval, communication control and other functions;

• "data" means a representation of information, knowledge, facts, concepts or instruction which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

Prof. SVK

Definitions ( section 2)• "electronic record" means data, record or data generated, image or sound

stored, received or sent in an electronic form or micro film or computer generated micro fiche;

• “secure system” means computer hardware, software, and procedure that- (a)    are reasonably secure from unauthorized access and misuse;(b)   provide a reasonable level of reliability and correct operation;(c)    are reasonably suited to performing the intended function; and(d) adhere to generally accepted security procedures

• “security procedure” means the security procedure prescribed by the Central Government under the IT Act, 2000.

• secure electronic record – where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification

Prof. SVK

Act is in applicable to…

• (a) a negotiable instrument (Other than a cheque) as defined in section 13 of the Negotiable Instruments Act, 1881;

• (b) a power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;

• (c) a trust as defined in section 3 of the Indian Trusts Act, 1882;

Prof. SVK

Act is in applicable to…

• (d) a will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition

• (e) any contract for the sale or conveyance of immovable property or any interest in such property;

• (f) any such class of documents or transactions as may be notified by the Central Government

Prof. SVK

OBJECTIVES OF IT ACT1. It is objective of I.T. Act 2000 to give legal recognition to any

transaction which is done by electronic way or use of internet.

2. To give legal recognition to digital signature for accepting any agreement via computer.

3. To provide facility of filling document online relating to school admission or registration in employment exchange.

4. According to I.T. Act 2000, any company can store their data in electronic storage.

Prof. SVK

OBJECTIVES OF IT ACT..5. To stop computer crime and protect privacy of internet users.

6. To give legal recognition for keeping books of accounts by bankers and other companies in electronic form.

7. To make more power to RBI and Indian Evidence act for restricting electronic crime.

Prof. SVK

SCOPE OF IT ACT

1. Information technology act 2000 is not applicable on the attestation for creating trust via electronic way. Physical attestation is must.

2. I.T. Act 2000 is not applicable on the attestation for making will of any body. Physical attestation by two witnesses is must.

3. A contract of sale of any immovable property.

4. Attestation for giving power of attorney of property is not possible via electronic record.

Prof. SVK

Advantages of Cyber Laws

• Helpful to promote e-commerce• Enhance the corporate business• Filing online forms• High penalty for cyber crime• Digital signatures have been given legal

validity and sanction in the Act.

Prof. SVK

Digital signature

• Digital signature means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3. Section 3 deals with the conditions subject to which an electronic record may be authenticated by means of affixing digital signature which is created in two definite steps.

Prof. SVK

First, the electronic record is converted into a message digest by using a mathematical function known as 'Hash function' which digitally freezes the electronic record thus ensuring the integrity of the content of the intended communication contained in the electronic record. Any tampering with the contents of the electronic record will immediately invalidate the digital signature.

Secondly, the identity of the person affixing the digital signature is authenticated through the use of a private key which attaches itself to the message digest and which can be verified by anybody who has the public key corresponding to such private key. This will enable anybody to verify whether the electronic record is retained intact or has been tampered with since it was so fixed with the digital signature. It will also enable a person who has a public key to identify the originator of the message.

Prof. SVK

Attribution of electronic records.

An electronic record shall be attributed to the originator -

• if it was sent by the originator himself.• by a person who had the authority to act on

behalf of the originator in respect of that electronic record, or

• by an information system programmed by or on behalf of the originator to operate automatically.

Prof. SVK

Acknowledgment of receipt

Where the originator has not agreed with the addressee that the acknowledgment of receipt of electronic record be given in a particular form or by a particular method, an acknowledgment may be given by –

• any communication by the addressee, automated or otherwise, or

• any conduct of the addressee, sufficient to indicate to the originator that the electronic record has been received.

• unless acknowledgment has been so received, the electronic record shall be deemed to have been never sent by the originator.

Prof. SVK

despatch and receipt of electronic record

• if the addressee has designated a computer resource for the purpose of receiving electronic records -– receipt occurs at the time when the electronic, record enters the

designated computer resource, or– if the electronic record is sent to a computer resource of the

addressee that is not the designated computer resource, receipt occurs at the time when the electronic record is retrieved by the addressee.

• if the addressee has not designated a computer resource along with specified timings, if any, receipt occurs when the electronic record enters the computer resource of the addressee.

Prof. SVK

Digital Signature Certificates • (DSC) are the digital equivalent (that is electronic format)

of physical or paper certificates. • Examples of physical certificates are drivers' licenses,

passports or membership cards. • Certificates serve as proof of identity of an individual for a

certain purpose; for example, a driver's license identifies someone who can legally drive in a particular country. Likewise, a digital certificate can be presented electronically to prove your identity, to access information or services on the Internet or to sign certain documents digitally.

Prof. SVK

Who issues the Digital Signature Certificate

• A licensed Certifying Authority (CA) issues the digital signature. Certifying Authority (CA) means a person who has been granted a license to issue a digital signature certificate under Section 24 of the Indian IT-Act 2000.

Tata Consultancy Services (TCS)National Informatics Center (NIC)IDRBT(Institute for Development & Research in Banking Technology)

Certifying AuthoritySafeScrypt CA Services, Sify Communications Ltd.(n) Code Solutions CAMTNL Trust Line*Customs & Central ExciseE-MUDHRA

Prof. SVK

Regulation of Certifying Authorities

Appointment of Controller and other officers.• The Central Government may, by notification in the Official

Gazette, appoint a Controller of Certifying Authorities for the purposes of this Act and may also by the same or subsequent notification appoint such number of Deputy Controllers and Assistant Controllers as it deems fit.

• The Controller shall discharge his functions under this Act subject to the general control and directions of the Central Government.

• The Deputy Controllers and Assistant Controllers shall perform the functions assigned to them by the Controller under the general superintendence and control of the Controller.

Prof. SVK

Appointment of Controller and other officers.

• The qualifications, experience and terms and conditions of service of Controller, Deputy Controllers and Assistant Controllers shall be such as may be prescribed by the Central Government.

• The Head Office and Branch Office of the office of the Controller shall be at such places as the Central Government may specify, and these may be established at such places as the Central Government may think fit.

• There shall be a seal of the Office of the Controller.

Prof. SVK

Functions of ControllerThe Controller may perform all or any of the following functions, namely: -• exercising supervision over the activities of the Certifying Authorities.• certifying public keys of the Certifying Authorities.• laying down the standards to be maintained by the Certifying Authorities.

• specifying the qualifications and experience which employees of the Certifying Authorities should possess.

• specifying the conditions subject to which the Certifying Authorities shall conduct their business.

• specifying the contents of written, printed or visual materials and advertisements that may be distributed or used in respect of a Digital Signature Certificate and the public key.

Prof. SVK

Functions of Controller• specifying the form and content of a Digital Signature

Certificate and the key.• specifying the form and manner in which accounts shall be

maintained by the Certifying Authorities.• specifying the terms and conditions subject to which auditors

may be appointed and the remuneration to be paid to them.• facilitating the establishment of any electronic system by a

Certifying Authority either solely or jointly with other Certifying Authorities and regulation of such systems.

• specifying the manner in which the Certifying Authorities shall conduct their dealings with the subscribers.

Prof. SVK

Functions of Controller

• resolving any conflict of interests between the Certifying Authorities and the subscribers.

• laying down the duties of the Certifying Authorities.

• maintaining a data base containing the disclosure record of every Certifying Authority containing such particulars as may be specified by regulations, which shall be accessible to public.

Prof. SVK

Offences & Penalties under the Information Technology Act, 2000

• Offences:Cyber offences are the unlawful acts which are carried in a very sophisticated manner in which either the computer is the tool or target or both. Cyber crime usually includes:(a) Unauthorized access of the computers(b) Data diddling(c) Virus/worms attack(d) Theft of computer system(e) Hacking(f) Denial of attacks(g) Logic bombs(h) Trojan attacks(i) Internet time theft(j) Web jacking(k) Email bombing (l) Salami attacks(m) Physically damaging computer system.

Prof. SVK

Section 65. Tampering with computer source documents:

• Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer Programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the being time in force, shall be punishable withPenalties: Imprisonment up to 3 years and / or Fine: Two lakh rupees.

Prof. SVK

Section66. Hacking with the computer system

Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.Penalties: Punishment: Imprisoned up to three years and Fine: which may extend up to two lakh rupees Or with both.

Prof. SVK

Section 67. Publishing of obscene information in electronic form:

• Publishing or transmitting, or causing to be published, pornographic material in electronic form

• Penalties: Punishment: On first conviction -Imprisonment which may extend up to five years.Fine: up to on first conviction which may extend to one lakh rupees.

• On second conviction ---- imprisonment up to which may extend to ten years and Fine which may extend up to two lakh rupees.Case Laws:1. The State of Tamil Nadu v/s Suhas Katti.

Prof. SVK

Section 68. Power of controller to give directions:

(1) The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, rules or any regulations made there under.

(2) Any person who fails to comply with any order under sub-section (1) shall be guilty of an offence and shall be liable on conviction to imprisonment for a term not exceeding three years or to a fine not exceeding two lakh rupees or to both.Penalties: Punishment: imprisonment up to a term not exceeding three yearsFine: not exceeding two lakh rupees.

Prof. SVK

Section 69. Directions of Controller to a subscriber to extend facilities to decrypt

information:If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence; for reasons to be recorded in writing, by order, direct any agency of the Government to intercept any information transmitted through any computer resource.

The subscriber or any person in charge of the computer resource shall, when called upon by any agency which has been directed under sub-section (1), extend all facilities and technical assistance to decrypt the information.

Penalties: imprisonment for a term which may extend to seven years.http://www.legalservicesindia.com/article/article/offences-&-penalties-under-the-it-act-2000-439-1.html

Prof. SVK

Section 70. Protected System(1) The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system.

(2) The appropriate Government may, by order in writing, authorize the persons who are authorized to access protected systems notified under sub-section (1).

(3) Any person who secures access or attempts to secure access to a protected system in contravention of the provision of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.

Explanation: This section grants the power to the appropriate government to declare any computer, computer system or computer network, to be a protected system. Only authorized person has the right to access to protected system.Penalties: Punishment: the imprisonment which may extend to ten years and fine.

Prof. SVK

Section 71. Penalty for misrepresentation

(1) Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate, as the case may be, shall be punished with imprisonment for a term which may extend to two years, or which fine which may extend to one lakh rupees, or with both.

Penalties: Punishment: imprisonment which may extend to two yearsFine: may extend to one lakh rupees or with both.

Prof. SVK

Section 72. Penalty for breach of confidentiality and privacy

This section relates to any to nay person who in pursuance of any of the powers conferred by the Act or it allied rules and regulations has secured access to any: Electronic record, books, register, correspondence, information, document, or other material.

If such person discloses such information, he will be punished with penalty. It would not apply to disclosure of personal information of a person by a website, by his email service provider.

Penalties: Punishment: term which may extend to two years.Fine: one lakh rupees or with both.

Prof. SVK

Section 73. Penalty for publishing Digital Signature Certificate false in certain particulars

(1) No person shall publish a Digital Signature Certificate or otherwise make it available to any other person with the knowledge that-(a) The Certifying Authority listed in the certificate has not issued it; or(b) The subscriber listed in the certificate has not accepted it; or(c) The certificate has been revoked or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation.

(2) Penalties: Punishment imprisonment of a term of which may extend to two years.Fine: fine may extend to 1 lakh rupees or with both.

Prof. SVK

Section 74. Publication for fraudulent purpose

Explanation: This section prescribes punishment for the following acts:

Knowingly creating a digital signature certificate for any i. fraudulent purpose or,ii. unlawful purpose.

Knowingly publishing a digital signature certificate for any i. fraudulent purpose or ii. unlawful purposeKnowingly making available a digital signature certificate for any i. fraudulent purpose orii. unlawful purpose.

Penalties: Punishment: imprisonment for a term up to two years.Fine: up to one lakh or both.

Prof. SVK

Section 75. Act to apply for offence or contravention committed outside India

(1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality.

(2) For the purposes of sub-section (1), this Act shall apply to an offence or Contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.Explanation: This section has broader perspective including cyber crime, committed by cyber criminals, of any nationality, any territoriality.

Prof. SVK

Section 76. Confiscation

The aforesaid section highlights that all devices whether computer, computer system, floppies, compact disks, tape drives or any other storage, communication, input or output device which helped in the contravention of any provision of this Act, rules, orders, or regulations made under there under liable to be confiscated.

Prof. SVK

77. Penalties or confiscation not to interfere with other punishments

No penalty imposed or confiscation made under this Act shall prevent the imposition of any other punishment to which the person affected thereby is liable under any other law for the time being in force.

Explanation: The aforesaid section lays down a mandatory condition, which states the Penalties or confiscation not to interfere with other punishments to which the person affected thereby is liable under any other law for the time being in force.

Prof. SVK

78. Power to investigate offences

Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police officer not below the rank of Deputy Superintendent of Police shall investigate any offence under this Act.

Explanation: The police officer not below the rank of Deputy Superintendent of police shall investigate the offence.

Prof. SVK

India stands 11th in the ranking for Cyber Crime in the World, constituting 3% of the Global Cyber Crime.

Prof. SVK

Conclusion…

“Indian Laws are well drafted and are capable of handling all kinds of challenges as posed by cyber criminals. However, the enforcement agencies are required to be well versed with the changing technologies and Laws.”

"As internet technology advances so does the threat of cyber crime. In times like these we must protect ourselves from cyber crime. Anti-virus software, firewalls and security patches are just the beginning. Never open suspicious e-mails and only navigate to trusted sites.”

Prof. SVK

Thank you.....