information technology act - final

Upload: saiky99

Post on 02-Jun-2018

219 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/11/2019 Information Technology Act - Final

    1/56

    INFORMATION TECHNOLOGY

    ACT & CYBER LAWS

    INFORMATION TECHNOLOGY ACT 2000

    INDEX

    1. Introduction1.1. Overview1.2. Purpose of the Act1.3. Things covered in the Act

    2. Amendment Act 20082.1. Need for Amendment2.2. Structure of the Act2.3. Appic!"iit#

    3. Terminoogies4. $#"er $rimes % T#pes

    5. $#"er $rime St!tistics in Indi!6. $#"er $!fe &!ws

  • 8/11/2019 Information Technology Act - Final

    2/56

    7. Sections incuded under IT Act8. 'oe of IT in (!n)ing Sector. NASS$O*10. $omp!rison "etween Indi!n $#"er &!ws !nd Phiippines $#"er &!ws11. $!se studies

    11.1. N*I*S11.2. (A+,,.$O*11.3. T'-,$A&&,' 11.. /',, A$,'S11.. APP&,

    12.News Artices13. Surve# on $#"er !ws !nd $#"er Thre!ts14. $oncerns of $#"er !ws15. (i"iogr!ph#

    I!"#$%'"($!

    O)*#)(*+

    New communic!tions s#stems !nd digit! technoog# h!ve m!de dr!m!tic ch!nges in w!# of

    tr!ns!cting "usiness. *id 04s s!w !n impetus in go"!i5!tion !nd computeris!tion6 with

    more !nd more n!tions computeri5ing their govern!nce6 !nd e7commerce seeing !n enormous

    growth. -se of computers to cre!te6 tr!nsmit6 !nd store inform!tion is incre!sing. $omputers

    h!ve m!n# !dv!nt!ges in e7commerce. It is difficut to shift "usiness from p!per to eectronic

    form due to 2 eg! hurdes

    19 'e:uirements !s to writing629 Sign!ture for eg! recognition.

    The -nited N!tions $ommission on Intern!tion! Tr!de &!w ;-N$IT'A&9 !dopted the

    *ode &!w on e7commerce in 1

  • 8/11/2019 Information Technology Act - Final

    3/56

    !mend the Indi!n Pen! $ode6 the Indi!n ,vidence Act6 18>26 the (!n)ers@ (oo)s ,vidence

    Act6 181 !nd the 'eserve (!n) of Indi! Act6 13 !nd for m!tters connected therewith or

    incident! thereto. The Inform!tion Technoog# Act6 20006 w!s thus p!ssed !s the Act No.21

    of 20006 got President Assent.

    As per the pre!m"e to the !ct6 the purpose of the !ct is

    To gr!nt eg! recognitions for tr!ns!ctions c!rried out "# me!ns of eectronic d!t!6

    interch!nge !nd other me!ns of eectronic communic!tion common# referred to !s

    Beectronic commerce in p!ce of p!per "!sed communic!tion methods.

    To give eg! recognition to Cigit! Sign!ture for !uthentic!tion of !n# inform!tion or

    m!tter th!t re:uires !uthentic!tion under !n# !w.

    To f!ciit!te eectronic fiing of documents with /overnment dep!rtments. To f!ciit!te eectronic stor!ge of d!t!.

    To f!ciit!te !nd give eg! s!nction to eectronic fund tr!nsfers "etween "!n)s !nd

    fin!nci! institutions.

    To give eg! recognition for )eeping "oo)s of !ccount "# (!n)ers in eectronic form.

    The !ct does not !pp# to

    19 A negoti!"e instrument eDcept $he:ue29 A power of !ttorne#39 A trust9 A wi9 An# contr!ct for the s!e or conve#!nce of immov!"e propert# or !n# interest in such

    propert#

  • 8/11/2019 Information Technology Act - Final

    4/56

    A*!%*!" A'" 2008

    N**% /$# A*!%*!"

    Eith proifer!tion of inform!tion technoog# en!"ed services such !s e7govern!nce6 e7

    commerce !nd e7tr!ns!ctionsF d!t! securit#6 d!t! priv!c# !nd impement!tion of securit#

    pr!ctices !nd procedures re!ting to these !ppic!tions of eectronic communic!tions h!ve

    !ssumed gre!ter import!nce !nd the# re:uired h!rmoni5!tion with the provisions of the

    Inform!tion Technoog# Act. Gurther6 protection of $ritic! Inform!tion Infr!structure is

    pivot! to n!tion! securit#6 econom#6 pu"ic he!th !nd s!fet#6 thus it h!d "ecome necess!r#to dec!re such infr!structure !s protected s#stem6 so !s to restrict un!uthorised !ccess.

    Gurther6 ! r!pid incre!se in the use of computer !nd Internet h!s given rise to new forms of

    crimes i)e6 sending offensive em!is !nd mutimedi! mess!ges6 chid pornogr!ph#6 c#"er

    terrorism6 pu"ishing seDu!# eDpicit m!teri!s in eectronic form6 video vo#eurism6 "re!ch

    of confidenti!it# !nd e!)!ge of d!t! "# intermedi!r#6 e7commerce fr!uds i)e che!ting "#

    person!tion 7 common# )nown !s phishing6 identit# theft6 fr!uds on onine !uction sites6 etc.

    So6 pen! provisions were re:uired to "e incuded in the Inform!tion Technoog# Act6 2000.

    Aso6 the Act needed to "e technoog#7neutr! to provide for !tern!tive technoog# of

    eectronic sign!ture for "ringing h!rmoni5!tion with *ode &!w on ,ectronic Sign!tures

    !dopted "# -nited N!tions $ommission on Intern!tion! Tr!de &!w ;-N$IT'A&9

    eeping in view the !"ove6 /overnment h!d introduced the Inform!tion Technoog#

    ;Amendment9 (i6 200< in the &o) S!"h! on 1th Cecem"er 200

  • 8/11/2019 Information Technology Act - Final

    5/56

    P!ri!ment p!ssed the (i on 23rd Cecem"er 2008. Su"se:uent# the Inform!tion

    Technoog# ;Amendment9 Act6 2008 received the !ssent of President on th Ge"ru!r# 200

    !nd w!s notified in the /!5ette of Indi!.

    Some of the not!"e fe!tures of the ITAA !re !s foows

    Gocussing on d!t! priv!c#

    Gocussing on Inform!tion Securit#

    Cefining c#"er c!fe

    *!)ing digit! sign!ture technoog# neutr!

    Cefining re!son!"e securit# pr!ctices to "e foowed "# corpor!te

    'edefining the roe of intermedi!ries

    'ecognising the roe of Indi!n $omputer ,mergenc# 'esponse Te!m

    Incusion of some !ddition! c#"er crimes i)e chid pornogr!ph# !nd c#"er terrorism

    Authori5ing !n Inspector to investig!te c#"er offences ;!s !g!inst the CSP e!rier9

  • 8/11/2019 Information Technology Act - Final

    6/56

    S"#'"#* $/ "* A'"

    The Act "egins with preimin!r# !nd definitions !nd from there on the ch!pters th!t foow

    de! with !uthentic!tion of eectronic records6 digit! sign!tures6 eectronic sign!tures etc.

    ,!"or!te procedures for certif#ing !uthorities ;for digit! certific!tes !s per IT Act 72000 !nd

    since rep!ced "# eectronic sign!tures in the ITAA 720089 h!ve "een spet out. The civi

    offence of d!t! theft !nd the process of !d?udic!tion !nd !ppe!te procedures h!ve "een

    descri"ed. Then the Act goes on to define !nd descri"e some of the we7)nown c#"er crimes

    !nd !#s down the punishments therefore.

    Then the concept of due diigence6 roe of intermedi!ries !nd some misce!neous provisions

    h!ve "een descri"ed. 'ues !nd procedures mentioned in the Act h!ve !so "een !id down in

    ! ph!sed m!nner6 with the !test one on the definition of priv!te !nd sensitive person! d!t!

    !nd the roe of intermedi!ries6 due diigence etc.6 "eing defined !s recent# !s Apri 2011. Ee

    wi "e discussing some of the import!nt.

    A--('(("

    The Act eDtends to the whoe of Indi! !nd eDcept !s otherwise provided6 it !ppies to !so

    !n# offence or contr!vention there under committed outside Indi! "# !n# person. There is

    some specific eDcusion to the Act ;i.e. where it is not !ppic!"e9 which is s!me !s

    Inform!tion Technoog# Act 2000.

  • 8/11/2019 Information Technology Act - Final

    7/56

    T*#(!$$(*

    C$-"*# It me!ns !n# eectronic m!gnetic6 optic! or other high7speed d!t!

    processing device or s#stem which performs ogic!6 !rithmetic6 !nd memor#

    functions "# m!nipu!tions of eectronic6 m!gnetic or optic! impuses6 !nd incudes

    ! input6 output6 processing6 stor!ge6 computer softw!re6 or communic!tion f!ciities

    which !re connected or re!ted to the computer in ! computer s#stem or computer

    networ).

    C$-"*# S"* The word Hcomputer s#stem4 me!ns ! device or ! coection of

    devices with input6 output !nd stor!ge c!p!"iities. Interesting#6 the word Hcomputer4

    !nd Hcomputer s#stem4 h!ve "een so wide# defined to me!n !n# eectronic device

    with d!t! processing c!p!"iit#6 performing computer functions i)e ogic!6

    !rithmetic !nd memor# functions with input6 stor!ge !nd output c!p!"iities. A

    c!refu re!ding of the words wi m!)e one underst!nd th!t ! high7end progr!mm!"e

    g!dgets i)e even ! w!shing m!chine or switches !nd routers used in ! networ) c!n

    ! "e "rought under the definition.

    C$!('"($! D*)('*Simi!r# the word Hcommunic!tion devices4 inserted in

    the ITAA72008 h!s "een given !n incusive definition6 t!)ing into its cover!ge ce

    phones6 person! digit! !ssist!nce or such other devices used to tr!nsmit !n# teDt6

    video etc i)e wh!t w!s !ter "eing m!r)eted !s iP!d or other simi!r devices on Ei7fi

    !nd ceu!r modes.

    D" It me!ns ! represent!tion of inform!tion6 )nowedge6 f!cts6 concepts or

    instructions which !re "eing prep!red or h!ve "een prep!red in ! form!ised m!nner6

    !nd is intended to "e processed6 is "eing processed or h!s "een processed in !

    computer s#stem or computer networ)6 !nd m!# "e in !n# form ;incuding computer

    printouts m!gnetic or optic! stor!ge medi!6 punched c!rds6 punched t!pes9 or stored

    intern!# in the memor# of the computer.

    Cefinitions for some words i)e Hc#"er c!f4 were !so !ter incorpor!ted in the ITAA2008 when HIndi!n $omputer response ,mergenc# Te!m4 w!s incuded

  • 8/11/2019 Information Technology Act - Final

    8/56

    D((" S(!"#* A digit! sign!ture is "!sic!# ! w!# to ensure th!t !n eectronic

    document ;e7m!i6 spre!dsheet6 teDt fie6 etc.9 is !uthentic. Authentic me!ns th!t #ou

    )now who cre!ted the document !nd #ou )now th!t it h!s not "een !tered in !n# w!#since th!t person cre!ted it. Cigit! sign!tures re# on cert!in t#pes of encr#ption to

    ensure !uthentic!tion. ,ncr#ption is the process of t!)ing ! the d!t! th!t one

    computer is sending to !nother !nd encoding it into ! form th!t on# the other

    computer wi "e !"e to decode. Authentic!tion is the process of verif#ing th!t

    inform!tion is coming from ! trusted source. These two processes wor) h!nd in h!nd

    for digit! sign!tures. There !re sever! w!#s to !uthentic!te ! person or inform!tion

    on ! computer

    E*'"#$!(' S(!"#* An eectronic sign!ture c!n "e !s "!sic !s ! t#ped n!me or !

    digiti5ed im!ge of ! h!ndwritten sign!ture. $onse:uent#6 e7sign!tures !re ver#

    pro"em!tic with reg!rds to m!int!ining integrit# !nd securit#6 !s nothing prevents

    one individu! from t#ping !nother individu!@s n!me. Cue to this re!it#6 !n eectronic

    sign!ture th!t does not incorpor!te !ddition! me!sures of securit# ;the w!# digit!

    sign!tures do6 !s descri"ed !"ove9 is considered !n insecure w!# of signing

    document!tion.In ITAA 7 2008 thus introducing technoogic! neutr!it# "# !doption

    of eectronic sign!tures !s ! eg!# v!id mode of eDecuting sign!tures. This incudes

    digit! sign!tures !s one of the modes of sign!tures !nd is f!r "ro!der in !m"it

    covering "iometrics !nd other new forms of cre!ting eectronic sign!tures not

    confining the recognition to digit! sign!ture process !one. Ehie *Js. T$S6 *Js.

    S!fescript !nd *Js. *TN& !re some of the digit! sign!ture certif#ing !uthorities in

    Indi!6 IC'(T ;Institute for Ceveopment of 'ese!rch in (!n)ing Technoog# K the

    rese!rch wing of '(I9 is the $ertif#ing Authorities ;$A9 for the Indi!n (!n)ing !nd

    fin!nci! sector icensed "# the $ontroer of $ertif#ing Authorities6 /overnment of

    Indi!.

    * $/ E*'"#$!(' S(!"#* "$ "* C$-!(*

    It is estim!ted th!t ever# #e!r6 30 "iion p!per documents !re copied or printed "# -S

    comp!nies. Ehen f!ctoring the costs of cop#ing6 sc!nning6 !rchiving6 routing6 !nd retrieving

  • 8/11/2019 Information Technology Act - Final

    9/56

    ost documents6 e!ch p!per7"!sed sign!ture is estim!ted to cost L

  • 8/11/2019 Information Technology Act - Final

    10/56

    E*'"#$!(' : G$)*#!!'* The term ,ectronic /overn!nce refers to the !ppic!tion

    of inform!tion technoog# to the processes of /overnment functioning in order to

    "ring !"out Simpe6 *or!6 Account!"e6 'esponsive !nd Tr!nsp!rent ;S*A'T9.The!ct provides for eg! recognitions of eectronic records !nd digit! sign!tures in

    /overnment !nd its !gencies. ,ectronic /overn!nce is recognition "# /overnment to

    !ccept communic!tion6 stor!ge of inform!tion6 !ccept!nce of digit! sign!ture in

    eectronic form !nd retention of eectronic records !nd giving it ! eg! s!nctit#. ,7

    /overn!nce is the future m!n# countries !re oo)ing forw!rd to for ! corruption free

    government. ,7government is one7w!# communic!tion protoco where!s ,7

    govern!nce is two7w!# communic!tion protoco. The essence of ,7govern!nce is to

    re!ch the "enefici!r# !nd ensure th!t the services intended to re!ch the desired

    individu! h!s "een met with. There shoud "e !n !uto7response s#stem to support the

    essence of ,7govern!nce6 where"# the /overnment re!i5es the effic!c# of its

    govern!nce. ,7govern!nce is "# the governed6 for the governed !nd of the governed.

    ,st!"ishing the identit# of the end "enefici!r# is ! true ch!enge in ! citi5en7centric

    services. St!tistic! inform!tion pu"ished "# governments !nd word "odies do not

    !w!#s reve! the f!cts. (est form of ,7govern!nce cuts down on unw!nted

    interference of too m!n# !#ers whie deivering government! services. It depends on

    good infr!structur! setup with the support of oc! processes !nd p!r!meters for

    governments to re!ch their citi5ens or end "enefici!ries. (udget for p!nning6

    deveopment !nd growth c!n "e derived from we !id out ,7govern!nce s#stems.

    The word Beectronic in the term e7/overn!nce impies technoog# driven

    govern!nce. ,7/overn!nce is the !ppic!tion of Inform!tion !nd $ommunic!tion

    Technoog# ;I$T9 for deivering government services6 eDch!nge of inform!tion

    communic!tion tr!ns!ctions6 integr!tion of v!rious st!nd7!one s#stems !nd services

    "etween /overnment7to7$iti5ens ;/2$96 /overnment7to7

    (usiness;/2(96/overnment7to7/overnment; /2/9 !s we !s "!c) office processes

    !nd inter!ctions within the entire government fr!me wor). Through the e7/overn!nce6

    the government services wi "e m!de !v!i!"e to the citi5ens in ! convenient6

    efficient !nd tr!nsp!rent m!nner. The three m!in t!rget groups th!t c!n "e

    distinguished in govern!nce concepts !re /overnment6 citi5ens !nd

    "usinessesJinterest groups. In e/overn!nce there !re no distinct "ound!ries.

  • 8/11/2019 Information Technology Act - Final

    11/56

    /ener!# four "!sic modes !re !v!i!"e7/overnment to $ustomer ;$iti5en96

    /overnment to ,mpo#ees6 /overnment to /overnment !nd /overnment to (usinessF

    G$)*#!!'* I! IT /#*+$#;

    ,Dp!nsion of Internet !nd eectronic commerce6 is redefining re!tionships !mong

    v!rious st!)e hoders in the process of /overn!nce.

    A new mode of govern!nce woud "e "!sed upon the tr!ns!ctions in virtu! sp!ce6

    digit! econom# !nd de!ing with )nowedge oriented societies.

    ,ectronic /overn!nce is !n emerging trend to re7invent the w!# the /overnment

    wor)s.

    CYBER CRIMES

    Cefining c#"er crimes6 !s M!cts th!t !re punish!"e "# the Inform!tion Technoog#

    ActM woud "e unsuit!"e !s the Indi!n Pen! $ode !so covers m!n# c#"er crimes6 such !s

    em!i spoofing !nd c#"er def!m!tion6 sending thre!tening em!is etc. A simpe #et sturd#

    definition of c#"er crime woud "e Mun!wfu !cts wherein the computer is either ! too or !

    t!rget or "othM.

    $#"ercrime6 especi!# invoving the Internet6 represents !n eDtension of eDisting crimin!

    "eh!viour !ongside some nove ieg! !ctivities.

    *ost c#"ercrime is !n !tt!c) on inform!tion !"out individu!s6 corpor!tions6 or governments.

    Athough the !tt!c)s do not t!)e p!ce on ! ph#sic! "od#6 the# do t!)e p!ce on the person!

    or corpor!te virtu! "od#6 which is the set of inform!tion! !ttri"utes th!t define peope !nd

    institutions on the Internet.

    An import!nt !spect of c#"ercrime is its nonoc! ch!r!cter !ctions c!n occur in ?urisdictions

    sep!r!ted "# v!st dist!nces. This poses severe pro"ems for !w enforcement since previous#

    oc! or even n!tion! crimes now re:uire intern!tion! cooper!tion. Gor eD!mpe6 if ! person

    !ccesses chid pornogr!ph# oc!ted on ! computer in ! countr# th!t does not "!n chid

    pornogr!ph#6 is th!t individu! committing ! crime in ! n!tion where such m!teri!s !reieg! Ehere eD!ct# does c#"ercrime t!)e p!ce $#"ersp!ce is simp# ! richer version of

  • 8/11/2019 Information Technology Act - Final

    12/56

    the sp!ce where ! teephone convers!tion t!)es p!ce6 somewhere "etween the two peope

    h!ving the convers!tion. As ! p!net7sp!nning networ)6 the Internet offers crimin!s mutipe

    hiding p!ces in the re! word !s we !s in the networ) itsef. owever6 ?ust !s individu!s

    w!)ing on the ground e!ve m!r)s th!t ! s)ied tr!c)er c!n foow6 c#"ercrimin!s e!ve

    cues !s to their identit# !nd oc!tion6 despite their "est efforts to cover their tr!c)s.

    T-* $/ C*# C#(*

    1. C$-"*# I!"#($!

    The !ct of intruding or g!ining un!uthori5ed !ccess to ! s#stem t#pic!# e!ves tr!ces th!t

    c!n "e discovered "# intrusion detection s#stems. One of the go!s of intruders is to rem!in

    undetected for !s ong !s possi"e so th!t the# c!n continue with their m!icious !ctivit#

    undistur"ed.

    H';(!is ! t#pe of computer intrusion. It is the !ct of g!ining un!uthori5ed !ccess to !

    computer s#stem or networ) !nd in some c!ses m!)ing un!uthori5ed use of this !ccess.

    !c)ing is !so the !ct "# which other forms of c#"er7crime ;e.g.6 fr!ud6 terrorism6 etc.9 !re

    committed. An# person who tresp!sses !n# computer6 computer s#stem6 computer networ) or

    !n# p!rt thereof6 )nowing#6 with m!icious intentions to g!in !ccess or use or m!)es !n

    !ttempt to !ccess or use6 is s!id to commit ! computer crime.

    *!icious purpose m!# incude

    *one# !undering6 o"t!ining mone#6 theft.

    Gr!uduent pretences or represent!tions

    Gormu!ting !nd eDecuting !n# fr!uduent scheme

    E

  • 8/11/2019 Information Technology Act - Final

    13/56

    2. I!"*#!*"/#%

    In this !ctivit#6 !n individu! receives !n e7m!i !sserting th!t the sender re:uires hep intr!nsferring ! !rge sum of mone# out of one countr# or !nother dist!nt countr#. -su!#6 this

    mone# is in the form of !n !sset th!t is going to "e sod6 such !s oi6 or ! !rge !mount of c!sh

    th!t re:uires B!undering to conce! its sourceF the v!ri!tions !re endess6 !nd new specifics

    !re const!nt# "eing deveoped. The mess!ge !s)s the recipient to cover some cost of moving

    the funds out of the countr# in return for receiving ! much !rger sum of mone# in the ne!r

    future. Shoud the recipient respond with ! chec) or mone# order6 he is tod th!t

    compic!tions h!ve deveopedF more mone# is re:uired. Over time6 victims c!n ose

    thous!nds of do!rs th!t !re utter# unrecover!"e.

    In m!n# c!ses6 individu!s put products up for s!e on Internet !uction sites6 dem!nd mone#

    "efore deiver#6 !nd never fufi their o"ig!tions to the consumer. Such sc!ms !ccount for

    !"out h!f of the fr!ud c!ses e!ch #e!r. -ni)e identit# theft6 where the theft occurs without

    the victim4s )nowedge6 these more tr!dition! forms of fr!ud occur in p!in sight. The victim

    wiing# provides priv!te inform!tion th!t en!"es the crimeF hence6 these !re tr!ns!ction!

    crimes. Cespite ! v!st !mount of consumer educ!tion6 Internet fr!ud rem!ins ! growth

    industr# for crimin!s !nd prosecutors. ,urope !nd the -nited St!tes !re f!r from the on#

    sites of c#"ercrime. South ore! is !mong the most wired countries in the word6 !nd its

    c#"ercrime fr!ud st!tistics !re growing !t !n !!rming r!te. =!p!n h!s !so eDperienced !

    r!pid growth in simi!r crimes.

    3. ATM F#%

    Autom!ted teer m!chine ;AT*9 through which m!n# peope now gets c!sh. In order to

    !ccess !n !ccount6 ! user suppies ! c!rd !nd person! identific!tion num"er ;PIN9. $rimin!s

    h!ve deveoped me!ns to intercept "oth the d!t! on the c!rd4s m!gnetic strip !s we !s the

    user4s PIN. In turn6 the inform!tion is used to cre!te f!)e c!rds th!t !re then used to withdr!w

    funds from the unsuspecting individu!4s !ccount.

    Gor eD!mpe6 in 2002 theNew York Times reported th!t more th!n 216000 Americ!n "!n)

    !ccounts h!d "een s)immed "# ! singe group eng!ged in !c:uiring AT* inform!tion

    ieg!#. A p!rticu!r# effective form of fr!ud h!s invoved the use of AT*s in shopping

    http://www.britannica.com/EBchecked/topic/291494/Internethttp://www.britannica.com/EBchecked/topic/291494/Internet
  • 8/11/2019 Information Technology Act - Final

    14/56

    centres !nd convenience stores. These m!chines !re free7st!nding !nd not ph#sic!# p!rt of !

    "!n). $rimin!s c!n e!si# set up ! m!chine th!t oo)s i)e ! egitim!te m!chineF inste!d of

    dispensing mone#6 however6 the m!chine g!thers inform!tion on users !nd on# tes them

    th!t the m!chine is out of order !fter the# h!ve t#ped in their PINs. /iven th!t AT*s !re the

    preferred method for dispensing currenc# ! over the word6 AT* fr!ud h!s "ecome !n

    intern!tion! pro"em.

    4. I!"**'" ,#$-*#" F#%

    These incude softw!re pir!c#6 cop#right infringement6 tr!dem!r)s vio!tions6 theft of

    computer source code etc.

    5. , ,*# C('; F#%

    $ic) fr!ud ;!so )nown !s p!# per cic) fr!ud9 is ! t#pe of fr!ud th!t occurs on the Internet

    in p!# per cic) onine !dvertising when ! person6 !utom!ted script or computer progr!m

    imit!tes ! egitim!te user of ! we" "rowser cic)ing on !n !d6 for the purpose of gener!ting !

    ch!rge per cic) without h!ving !ctu! interest in the t!rget of the !d@s in). $ic) fr!ud is the

    su"?ect of some controvers# !nd incre!sing itig!tion due to the !dvertising networ)s "eing !

    )e# "enefici!r# of the fr!ud.

    P!# per cic) !dvertising6 or PP$ !dvertising6 is !n !rr!ngement in which we"m!sters

    ;oper!tors of Ee" sites96 !cting !s pu"ishers6 disp!# cic)!"e in)s from !dvertisers in

    eDch!nge for ! ch!rge per cic). ,!ch time ! ;"eieved to "e9 v!id Ee" user cic)s on !n !d6

    the !dvertiser p!#s the !dvertising networ)6 who in turn p!#s the pu"isher ! sh!re of this

    mone#. This revenue7sh!ring s#stem is seen !s !n incentive for cic) fr!ud.

    E

  • 8/11/2019 Information Technology Act - Final

    15/56

    Cisputes over the issue h!ve resuted in ! num"er of !wsuits. In one c!se6 /ooge ;!cting !s

    "oth !n !dvertiser !nd !dvertising networ)9 won ! !wsuit !g!inst ! TeD!s comp!n# c!ed

    Auction ,Dperts ;!cting !s ! pu"isher96 which /ooge !ccused of p!#ing peope to cic) on

    !ds th!t !ppe!red on Auction ,Dperts@ site6 costing !dvertisers L06000. Cespite networ)s@

    efforts to stop it6 pu"ishers !re suspicious of the motives of the !dvertising networ)s6

    "ec!use the !dvertising networ) receives mone# for e!ch cic)6 even if it is fr!uduent.

    6. ,((!=C#%(! !% M$!* L!%*#(!

    In computing6 phishing ;!so )nown !s c!rding !nd spoofing9 is ! form of soci! engineering6

    ch!r!cteri5ed "# !ttempts to fr!uduent# !c:uire sensitive inform!tion6 such !s p!sswords

    !nd credit c!rd det!is6 "# m!s:uer!ding !s ! trustworth# person or "usiness in !n !pp!rent#

    offici! eectronic communic!tion6 such !s !n em!i spoofing or !n inst!nt mess!ge. The term

    phishing !rises from the use of incre!sing# sophistic!ted ures to MfishM for users@ fin!nci!

    inform!tion !nd p!sswords. It often directs users to enter det!is !t ! f!)e we"site whose oo)

    !nd fee !re !most identic! to the egitim!te one. /ener!#6 the# !so cre!te ! Moo)7!7i)eM

    we"site th!t is designed to cose# resem"e the t!rget comp!n#@s offici! site.

    This f!)e we"site m!# present ! form which m!# re:uest the user to fi in priv!te

    inform!tion such !s credit c!rd det!is !nd "!n)ing det!is. These det!is !re then misused "#

    the sc!mmers.

    ,D!mpe In 20117126 em!is were received on "eh!f of &!rsen !nd Tou"ro reg!rding

    recruitments which !s)ed the receiver to su"mit credit c!rd det!is !nd tr!nsfer ! cert!in

    !mount to ! "!n) !ccount to !pp# for the process. This w!s ! ce!r c!se of phishing sc!m.

    C* $/ ,((!

    One fin!nci! Institute registered ! crime st!ting th!t some persons ;Bperpetr!tors9 h!ve

    perpetr!ted cert!in !cts through mise!ding em!is ostensi"# em!n!ting from I$I$I (!n)4s

    em!i IC. Such !cts h!ve "een perpetr!ted with !n intent to defr!ud the $ustomers.

    The Investig!tion w!s c!rried out with hep of those em!is received "# the customers of th!t

    fin!nci! Institute !nd !rrested the !ccused 6 the p!ce of offence !t Qi?!#w!d! w!s se!rched

    for the evidence . There one &!p Top !nd *o"ie Phone w!s sei5ed which w!s used for the

    commission of the crime

  • 8/11/2019 Information Technology Act - Final

    16/56

    The !rrested !ccused h!d used open source code em!i !ppic!tion softw!re for sending sp!m

    em!is. e h!s down o!ded the s!me softw!re from net !nd then used it !s it is.

    e used on# QSN& em!is to sp!m the em!i to customers of fin!nci! Institute "ec!use

    QSN& em!i service provider do not h!ve sp!m "oD to "oc) the unsoicited em!is.

    After sp!mming em!is to fin!nci! Institute customers he got the response from !round 120

    customers of which 80 !re genuine !nd others !re not correct "ec!use it do not h!ve de"it

    c!rd det!is !s re:uired for e7"!n)ing.

    The fin!nci! Institute customers those who h!ve received his em!i fet th!t the em!i w!s

    origin!ted from the fin!nci! Institute "!n). Ehen the# fied the confidenti! inform!tion !nd

    su"mitted th!t time s!id inform!tion w!s directed to !ccused. This w!s possi"e "ec!use the

    d#n!mic in) w!s given in the first p!ge ;ome p!ge9 of the f!)e we" site. The d#n!mic in)

    me!ns when peope cic) on the in) provided in sp!mming em!i th!t time on# the in) wi

    "e !ctiv!ted. The d#n!mic in) w!s coded "# h!nding the Internet ,Dporer oncic);9 event

    !nd the inform!tion of the form wi "e su"mitted to the we" server ;Ehere the f!)e we" site

    is hosted9. Then server wi send he d!t! to configured em!i !ddress !nd in this c!se em!i

    configured w!s to the !ccused em!i . So on su"mission of the confidenti! inform!tion the

    inform!tion w!s directed to em!i IC !ccused em!i .The ! the inform!tion !fter fishing

    ;user n!me6 p!ssword6 Tr!ns!ction p!ssword6 Ce"it c!rd Num"er !nd PIN6 mothers m!iden

    n!me9 which he h!d received through Ei7Gi internet connectivit# of 'ei!nce.com which w!s

    !v!i!"e on his Acer &!p Top. This crime !ttr!cts punishment of 3 #e!rs imprisonment !nd

    fine up to 2 !cs rupees.

  • 8/11/2019 Information Technology Act - Final

    17/56

    C*# C#(* S""("('

  • 8/11/2019 Information Technology Act - Final

    18/56

    C* #*("*#*% !%*# "* I.T A'"

  • 8/11/2019 Information Technology Act - Final

    19/56

    S""* +(* C#(* R*'$#%*%

    C"*$#(* $/ C#(*

  • 8/11/2019 Information Technology Act - Final

    20/56

    C*# C/* L+

    These rues !re c!ed the Inform!tion Technoog# ;/uideines for $#"er $!fe9 'ues6 2011.

  • 8/11/2019 Information Technology Act - Final

    21/56

    The Act defines ! '*# '/*!s me!ning B!n# f!ciit# from where !ccess to the internet is

    offered "# !n# person in the ordin!r# course of "usiness to the mem"ers of the pu"ic. This

    woud incude internet !ccess provided in !irports6 in rest!ur!nts6 !nd in m!n# other p!ces

    where the provisions of these rues ;such !s those !"out height of p!rtitions6 etc.9 ?ust wi not

    "e pr!ctic!"e. Thus6 this provision wi h!ve unintended conse:uences.

    B'egistr!tion Agenc# me!ns !n !genc# design!ted "# the Appropri!te /overnment to

    register c#"er c!f for their oper!tionF

    B&og 'egister me!ns ! register m!int!ined "# the $#"er $!f for !ccess !nd use of

    computer resourceF

    B-ser me!ns ! person who !v!is or !ccess the computer resource !nd incudes other

    persons ?oint# p!rticip!ting in !v!iing or !ccessing the computer resource in ! c#"er c!f.

    A c#"er c!fes sh! "e registered with ! uni:ue registr!tion num"er with !n !genc# c!ed !s

    registr!tion !genc# !s notified "# the Appropri!te /overnment in this reg!rd.

    I%*!"(/('"($! $/ *#

    ;19 The $#"er $!f sh! not !ow !n# user to use its computer resource without the identit#

    of the user "eing est!"ished. The intending user m!# est!"ish his identif# "# producing !

    document which sh! identif# the users to the s!tisf!ction of the $#"er $!f.

    ;29 The $#"er $!fe sh! )eep ! record of the user identific!tion document "# either storing !

    photocop# or ! sc!nned cop# of the document du# !uthentic!ted "# the user !nd !uthorised

    represent!tive of c#"er c!fe. Such record sh! "e secure# m!int!ined for ! period of !t e!st

    one #e!r.

    ;39 In !ddition to the identit# est!"ished "# ! user6 he m!# "e photogr!phed "# the $#"er

    $!fe using ! we" c!mer! inst!ed on one of the computers in the $#"er $!fe for est!"ishing

    the identit# of the user. Such we" c!mer! photogr!phs6 du# !uthentic!ted "# the user !nd

    !uthorised represent!tive of c#"er c!fe6 sh! "e p!rt of the og register which m!# "e

    m!int!ined in ph#sic! or eectronic form.

  • 8/11/2019 Information Technology Act - Final

    22/56

    ;9 A minor without photo Identit# c!rd sh! "e !ccomp!nied "# !n !dut with !n# of the

    documents !s re:uired under su"7rue ;19.

    ;9 A person !ccomp!n#ing ! user sh! "e !owed to enter c#"er c!f !fter he h!s est!"ished

    his identit# "# producing ! document isted in su"7rue ;19 !nd record of s!me sh! "e )ept in

    !ccord!nce with su"7rue ;29.

    ;A ?C$-*!"($! /$# /(#* "$ -#$"*'" %"@

  • 8/11/2019 Information Technology Act - Final

    23/56

    New Section 37de!ing with compens!tion for f!iure to protect d!t! w!s introduced in the

    ITAA 72008. This is !nother w!tershed in the !re! of d!t! protection especi!# !t the

    corpor!te eve.

    As per this Section6 where ! "od# corpor!te is negigent in impementing re!son!"e securit#

    pr!ctices !nd there"# c!uses wrongfu oss or g!in to !n# person6 such "od# corpor!te sh!

    "e i!"e to p!# d!m!ges "# w!# of compens!tion to the person so !ffected.

    The Section further eDp!ins the phr!se H"od# corpor!te4 !nd :uite signific!nt# the phr!ses

    Hre!son!"e securit# pr!ctices !nd procedures4 !nd Hsensitive person! d!t! or inform!tion4.

    ;need eDp!n!tion of the !"ove phr!ses9

    Thus the corpor!te responsi"iit# for d!t! protection is gre!t# emph!si5ed "# inserting

    Section 3A where"# corpor!tes !re under !n o"ig!tion to ensure !doption of re!son!"e

    securit# pr!ctices. Gurther wh!t is sensitive person! d!t! h!s since "een c!rified "# the

    centr! government vide its Notific!tion d!ted 11 Apri 2011 giving the ist of ! such d!t!

    which incudes p!ssword6 det!is of "!n) !ccounts or c!rd det!is6 medic! records etc. After

    this notific!tion6 the IT industr# in the n!tion incuding techs!vv# !nd wide# technoog#7

    "!sed "!n)ing !nd other sectors "ec!me sudden# !w!re of the responsi"iit# of d!t!

    protection !nd ! gener! !w!reness incre!sed on wh!t is d!t! priv!c# !nd wh!t is

    the roe of top m!n!gement !nd the Inform!tion Securit# Cep!rtment in org!nis!tions in

    ensuring d!t! protection6 especi!# whie h!nding the customers4 !nd other third p!rt# d!t!.

    'e!son!"e Securit# Pr!ctices

    Site certific!tion

    Securit# initi!tives

    Aw!reness Tr!ining

    $onform!nce to St!nd!rds6 certific!tion

    Poicies !nd !dherence to poicies

    Poicies i)e p!ssword poic#6 Access $ontro6 em!i Poic# etc

    Periodic monitoring !nd review.

    The Inform!tion Technoog# ;'e!son!"e securit# pr!ctices !nd procedures !nd sensitive

    person! d!t! or inform!tion9 'ues h!ve since "een notified "# the /overnment of Indi!6

    Cept of I.T. on 11 Apri 2011. An#"od# corpor!te or ! person on its "eh!f sh! "e

    considered to h!ve compied with re!son!"e securit# pr!ctices !nd procedures6 if the# h!ve

  • 8/11/2019 Information Technology Act - Final

    24/56

    impemented such securit# pr!ctices !nd st!nd!rds !nd h!ve ! comprehensive documented

    inform!tion securit# progr!mme !nd inform!tion securit# poicies cont!ining m!n!geri!6

    technic!6 oper!tion! !nd ph#sic! securit# contro me!sures commensur!te with the

    inform!tion !ssets "eing protected with the n!ture of "usiness.

    In the event of !n inform!tion securit# "re!ch6 the "od# corpor!te or ! person on its "eh!f

    sh! "e re:uired to demonstr!te6 !s !nd when c!ed upon to do so "# the !genc# m!nd!ted

    under the !w6 th!t the# h!ve impemented securit# contro me!sures !s per their documented

    inform!tion securit# progr!mme !nd inform!tion securit# poicies.

    In view of the foregoing6 it h!s now "ecome ! m!?or compi!nce issue on the p!rt of not on#

    IT comp!nies "ut !so those in the (!n)ing !nd Gin!nci! Sector especi!# those "!n)s with

    huge computerised oper!tions de!ing with pu"ic d!t! !nd depending he!vi# on technoog#.

    In times of ! itig!tion or !n# securit# "re!ch resuting in ! c!im of compens!tion of

    fin!nci! oss !mount or d!m!ges6 it woud "e the huge responsi"iit# on the p!rt of those

    "od# corpor!te to prove th!t th!t s!id B'e!son!"e Securit# Pr!ctices !nd Procedures were

    !ctu!# in p!ce !nd ! the steps mentioned in the 'ues p!ssed in Apri 2011 st!ted !"ove6

    h!ve "een t!)en.

    In the ne!r future6 this is one of the sections th!t is going to cre!te much noise !nd "e the

    su"?ect of much de"!tes in the event of itig!tions6 i)e in re7defining the roe of !n empo#ee6

    the responsi"iit# of !n empo#er or the top m!n!gement in d!t! protection !nd issues i)e the

    !ctu! !nd vic!rious responsi"iit#6 the !ctu! !nd contri"utor# negigence of ! st!)e hoders

    invoved etc.

    The issue h!s wider r!mific!tions especi!# in the c!se of ! coud computing scen!rio. $oud

    $omputing is the pr!ctice of using ! networ) of remote servers hosted on the Internet to

    store6 m!n!ge6 !nd process d!t!6 r!ther th!n ! oc! server6 with the services m!n!ged "# the

    provider sod on dem!nd6 for the !mount of time used. In coud computing where more !nd

    more org!nis!tions h!nde the d!t! of others !nd the inform!tion is stored esewhere !nd not

    in the owners4 s#stem. Possi"#6 more de"!tes wi em!n!te on the :uestion of inform!tion

    owners vis ! vis the inform!tion cont!iner !nd the inform!tion custodi!ns !nd the Service

    &eve Agreements of ! p!rties invoved wi !ssume ! gre!ter signific!nce.

  • 8/11/2019 Information Technology Act - Final

    25/56

    ,*!"(*

    !ving de!t with civi offences6 the Act then goes on to descri"e civi remed# to such

    offences. Ad?udic!tion powers !nd procedures h!ve "een e!"or!te# !id down in Sections 0F or

    ;(9 )nowing# or intention!# penetr!tes or !ccesses ! computer resource without

    !uthoris!tion or eDceeding !uthorised !ccess6 !nd "# me!ns of such conduct o"t!ins !ccess to

    inform!tion6 d!t! or computer d!t!"!se th!t is restricted for re!sons of the securit# of the

    St!te or foreign re!tionsF or !n# restricted inform!tion6 d!t! or computer d!t!"!se6 with

    re!sons to "eieve th!t such inform!tion6 d!t! or computer d!t!"!se so o"t!ined m!# "e used

    to c!use or i)e# to c!use in?ur# to the interests of the sovereignt# !nd integrit# of Indi!6 the

    securit# of the St!te6 friend# re!tions with foreign St!tes6 pu"ic order6 decenc# or mor!it#6

    or in re!tion to contempt of court6 def!m!tion or incitement to !n offence6 or to the

    !dv!nt!ge of !n# foreign n!tion6 group of individu!s or otherwise6 commits

    the offence of c#"er terrorism.

    ;29 Ehoever commits or conspires to commit c#"er terrorism sh! "e punish!"e with

    imprisonment which m!# eDtend to imprisonment for ife.

  • 8/11/2019 Information Technology Act - Final

    29/56

    S*'"($! 67

    Section de!s with pu"ishing or tr!nsmitting o"scene m!teri! in eectronic form. The

    e!rier Section in ITA w!s !ter widened !s per ITAA 2008 in which chid pornogr!ph# !nd

    retention of records "# intermedi!ries were ! incuded.

    Pu"ishing or tr!nsmitting o"scene m!teri! in eectronic form is de!t with here. Ehoever

    pu"ishes or tr!nsmits !n# m!teri! which is !scivious or !ppe!s to the prurient interest or if

    its effect is such !s to tend to depr!ve !nd corrupt persons who !re i)e# to re!d the m!tter

    cont!ined in it6 sh! "e punished with first conviction for ! term upto three #e!rs !nd fine of

    five !)h rupees !nd in second conviction for ! term of five #e!rs !nd fine of ten !)h rupees

    or "oth.

    ,$#!$#- !% $'*!* (!/$#"($! An !ddition to the $#"er $!fe rues is th!t !

    computers h!ve to "e e:uipped with the Bcommerci!# !v!i!"e s!fet# or fitering softw!re

    so !s to the !void6 !s f!r !s possi"e6 !ccess to the we"sites re!ting to pornogr!ph# incuding

    chid pornogr!ph# or o"scene inform!tion.

    The other p!rt is th!t B$#"er $!fe4s !re m!nd!ted to disp!# ! "o!rd6 ce!r# visi"e to the

    users6 prohi"iting them from viewing pornogr!phic sites !s we !s cop#ing or downo!ding

    inform!tion which is prohi"ited under the !w. Ehich rest!ur!nt which gives users Internet

    !ccess wi w!nt to do this

    One positive ch!nge in the rues is th!t of inspection. In the e!rier rues6 !n office not "eow

    the r!n) of Poice Officer w!s !uthori5ed to inspect the $#"er $!fe !nd networ)F in the

    ch!nged rues6 !n officer of the registr!tion !genc# wi "e !uthori5ed. This me!ns th!t the

    h!r!ssment of $#"er $!fe ownersJm!n!gers woud pro"!"# not "e done "# ! poice officer.

    Im!gine ! rest!ur!nt with EiGi6 s!#6 the *!r)et $!fe in h!n *!r)et6 Cehi6 h!ving to

    conform to these rues. Or im!gine us w!nting to give EiGi !ccess !t ! conference K wi we

    need to register !s ! $#"er $!fe It ?ust won4t h!ppen. As with most other rues6 these rues

    wi pro"!"# not "e enforced6 "ut the pro"em is in the eDception! c!ses6 when the# !re used

    in order to h!r!ss est!"ishments. *ost of us re!ding this thin) th!t it c!n4t h!ppen to us6 "ut

    the f!ct is th!t it c!n. I4ve he!rd ! c!se of "i5!rre re:uests "eing m!de of ! we"site owner

    "ec!use of something he pu"ished !nd !ter retr!cted6 !s ong !s four #e!rs !fter the

  • 8/11/2019 Information Technology Act - Final

    30/56

    retr!ction.

    The provisions in the !w need to "e more i"er! in order to prevent its misuse "# !wm!)ers6

    !nd in our opinion6 these $#"er$!fe guideines h!ve cre!ted the found!tion for further

    h!r!ssment.

    R*$! /$# ,$#!$#- *(! !$" (*

    P!w!n Cugg!6 ! !w#er who speci!i5es in IT !ws6 s!id the new guideines were !r"itr!r#.

    ME!tching pornogr!ph# is not ieg! in Indi!6M he s!id. MIt@s !"surd to !s) c#"er c!fe owners

    to te their customers not to !ccess pornogr!phic m!teri! even !s !w !ows individu!s to

    !ccess !dut we"sites uness it@s not chid pornogr!ph#. The new rues re:uire ! second oo).M

    The new rues suggest c!fe owners inst! fitering softw!re !nd )eep ! og of ! we"sites

    !ccessed "# customers for !t e!st one #e!r. $!fe owners h!ve !so "een !s)ed not to "uid !

    c!"inJcu"ice with ! height of more th!n four !nd h!f feet. In ! c#"er c!fe where there !re no

    cu"ices6 Mowners wi h!ve to p!ce computers with the screens f!cing outw!rdM or tow!rds

    open sp!ce. The move is !imed !t reducing priv!c# ! c#"er c!fe user c!n get.

    Cugg! s!id if impemented e!rnest#6 the new rues wi put most of c#"er c!fe owners out of

    "usiness.

    Internet !ctivists termed the guideines Munconstitution!M. Pr!nesh Pr!)!sh6 ! progr!mme

    m!n!ger with $entre of Internet !nd Societ#6 s!id the rues wi vio!te priv!c# !nd wi

    h!mper internet users@ !"iit# to free# eDpress themseves.

    The new rues m!)e it m!nd!tor# for user to c!rr# !n identit# c!rd. $#"er c!fe owners h!ve"een !s)ed to give user ogs to the Mregistr!tion !genc#M ever# month !s we )eep these

    records !ong with the og of we"sites !ccessed !t the c#"er c!fe s!fe for ! period of one #e!r.

    A few c!fe owners s!id th!t technic!#6 it woud "e ! d!unting t!s) to )eep ! record of ever#

    we"site !ccessed using their computers for ! #e!r.

    Ehie minors6 if c!rr#ing identit# c!rds h!ve "een permitted to use computers in ! c#"er c!fe6

    the# won@t "e !owed inside cu"ices if not !ccomp!nied "# gu!rdi!ns or p!rents. There is

    !so provision of photogr!phing c#"er c!fe users using ! we"c!m or other device. The

    http://timesofindia.indiatimes.com/topic/Indiahttp://timesofindia.indiatimes.com/topic/India
  • 8/11/2019 Information Technology Act - Final

    31/56

    photogr!phs wi h!ve to "e !uthentic!ted "# the user. Pr!)!sh s!id th!t photogr!phing users

    r!ises serious priv!c# :uestions6 especi!# in the c!se of chidren.

    S*'"($! 6

    This section empowers the /overnment or !gencies !s stipu!ted in the Section6 to intercept6

    monitor or decr#pt !n# inform!tion gener!ted6 tr!nsmitted6 received or stored in !n#

    computer resource6 su"?ect to compi!nce of procedure !s !id down here.

    This power c!n "e eDercised if the $entr! /overnment or the St!te /overnment6 !s the c!se

    m!# "e6 is s!tisfied th!t it is necess!r# or eDpedient in the interest of sovereignt# or integrit#

    of Indi!6 defence of Indi!6 securit# of the St!te6 friend# re!tions with foreign St!tes or pu"ic

    order or for preventing incitement to the commission of !n# cogni5!"e offence re!ting to

    !"ove or for investig!tion of !n# offence.

    ROLE OF IT IN BAN9ING SECTOR

    ;19 Adv!ncement in technoog# h!s ventured new products6 new services6 new m!r)ets

    !nd h!s ch!nged the entire deiver# ch!nne for the "!n)ing industr#.;29 Inform!tion Technoog# h!s !so provided "!n)ing industr# new me!ns to de! with

    the ch!enges posed "# the ch!nging econom#. Inform!tion technoog# h!s !imed !t

  • 8/11/2019 Information Technology Act - Final

    32/56

    the incre!sing the speed !nd rei!"iit# of fin!nci! oper!tions !nd h!s further

    strengthen the "!n)ing sector.;39 The progress of technoog# !nd the deveopment of wordwide networ) h!ve

    signific!nt# reduced the cost of go"! fund tr!nsfer.

    ;9 IT h!s en!"ed "!n)s to s!tisf# the ever incre!sing dem!nds of the customers who !re

    techno7s!vv#.;9 IT h!s "een providing soutions to "!n)s for the !ccounting !nd "!n) office

    re:uirements.; e7*onies ,ectronic Gund Tr!nsfer J e$he:ues

    8 Onine P!#ment of ,Dcise % Service T!D

    (i P!#ments

    10 $!rd to $!rd Gunds Tr!nsfer

    11 (!n)ome ;i9 ,Dpress Ceiver#

    12 $!sh on T!p ;ii9 Norm! Ceiver#

    13 Sm!rt *one# Order

    Some products c!n "e eDp!ined !s foows

    1. A"$"(' T**# M'(!* ?ATM@

    An AT* is ! computeri5ed teecommunic!tions device th!t provides ! customers ! secure

    method of performing fin!nci! tr!ns!ctions in ! pu"ic sp!ce without the need for ! hum!n

    cer) or "!n) teer. AT*s !re in)ed to "!n)4s centr! computer !nd identif# the customer

  • 8/11/2019 Information Technology Act - Final

    33/56

    through m!gnetic coding on the c!rd provided to customer !nd Person! Identific!tion

    Num"er ;PIN96 )e#ed in "# the customer. It upd!tes the !ccount of the customer !fter the

    competion of the tr!ns!ction. This !so proves to "e !n !dvertising !gent for the comp!n#.

    The tr!ns!ction using AT* c!n r!nge from simpe tr!ns!ctions invoving c!sh withdr!w!s

    !nd deposits to m!)ing hote reserv!tions etc.

    2. E*'"#$!(' F!% T#!/*# ?EFT@

    To tr!nsfer funds inst!nt# !mong v!rious "r!nches !t v!rious oc!tions in the countr#F "#

    connecting these "r!nches through ! networ) using the !test communic!tion technoog#

    which incudes s!teite6 e!sed ines6 di!7up ines etc.

    3. SMS B!;(!

    It is ! technoog#7en!"ed service offering from "!n)s to its customers6 permitting them to

    oper!te seected "!n)ing services over their mo"ie phones using S*S mess!ging.S*S

    (!n)ing services !re oper!ted using "oth Push !nd Pu *ess!ges

    Push mess!ges !re those th!t the "!n) chooses to send out to ! customer4s mo"ie phone6

    without the customer initi!ting ! re:uest for the inform!tion6 these !re either *o"ie

    *!r)eting mess!ges or mess!ges !erting !n event which h!ppens in the customer4s "!n)

    !ccount6 such !s ! !rge p!#ment using the customer4s credit c!rd6 etc.

    Pu mess!ges !re those th!t !re initi!ted "# the customer6 using ! mo"ie phone6 for o"t!ining

    inform!tion or performing ! tr!ns!ction in the "!n) !ccount.Pu mess!ges incude !n !ccount

    "!!nce en:uir#6 or re:uests for current inform!tion i)e deposit interest r!tes6 !s pu"ished

    !nd upd!ted "# the "!n).

    4. I!"*#!*" B!;(!

    (!n)s !nd fin!nci! services firms !re now w!)ing up to the tremendous potenti! of

    internet. Internet "!n)ing m!# "e done through ! "!n)4s we"site where "!n) !so h!s !

    ph#sic! structure or user c!n choose ! Bvirtu! "!n) or fin!nci! institution th!t h!s no

    pu"ic "uiding !nd eDists on# onine. Internet "!n)ing is usu!# conducted through !

    person! computer ;P$9 th!t connects to ! "!n)ing we" site vi! the Internet. Internet "!n)ing

    !so c!n "e conducted vi! wireess technoog# through "oth Person! Cigit! Assist!nts

    ;PCAs9 !nd $eu!r Phones. Internet "!n)ing6 !p!rt from providing gener! "!n)ing

    f!ciities to customers6 provides foowing !ddition! services 7

  • 8/11/2019 Information Technology Act - Final

    34/56

    . *TAX

    (!n)s i)e IC(I h!ve e!sed the process of t!D p!#ment "# impementing the eTA

    pro?ect. P!#ment of eDcise !nd customs dut# over the Internet is !so possi"e.S(I e7

    t!D is !n onine p!#ment f!ciit#. This f!ciit# s!ves time6 is convenient6 h!sse free

    !nd p!peress. It is !v!i!"e on ! 2 D > "!sis !nd en!"es user to p!# t!Des onine6

    with e!se !nd simpicit#.

    . O!(!* R*(""!'*

    Another eD!mpe of how we IT h!s "een !igned with "!n)ing6 !nd is providing

    v!ue to customers6 is "etter onine remitt!nces from !round the word. (enefici!ries

    in Indi! !re credited with remitt!nce mone# within hours.

    '. O!(!* B!'#!'*

    It is ! p!c)!ge of fin!nci! services invoving distri"ution of insur!nce products

    through "!n)4s "r!nch networ). Onine (!nc!ssur!nce f!ciit!tes customer to p!#

    insur!nce premium6 !t ! ow cost6 "# visiting the concerned "!n)4s we"site. This h!s6

    ed to the migr!tion of customers from high cost "r!nch tr!ns!ction to ow7cost onine

    interf!ces6 "ringing down the tot! cost per tr!ns!ction.

    %. B( ,*!"

    ,ectronic "i p!#ment is ! fe!ture of onine "!n)ing6 !owing ! depositor to send

    mone# from his dem!nd !ccount to ! creditor or vendor such !s ! pu"ic utiit# or !

    dep!rtment store to "e credited !g!inst ! specific !ccount.The p!#ment is optim!#

    eDecuted eectronic!# in re! time6 though some fin!nci! institutions or p!#ment

    services wi w!it unti the neDt "usiness d!# to send out the p!#ment.

    *. O"*# * A%%*% S*#)('*

    Some "!n)s !so offer v!ue !dded services in the !re!s of '!iw!# reserv!tion. The f!ciit#

    h!s "een !unched w.e.f. Septem"er 16 2003 in !ssoci!tion with I'$T$. The scheme

    f!ciit!tes (oo)ing of '!iw!#s Tic)et Onine. Thus6 customer doesn4t h!ve to their entr# into

    the soci! networ)ing sites. Athough the# h!ve not "een entire# successfu !s of now6 there

    is ! good ch!nce th!t the# coud wrec) h!voc on th!t sp!ce.

  • 8/11/2019 Information Technology Act - Final

    35/56

    NASSCOM

    I!"#$%'"($!

    The N!tion! Associ!tion of Softw!re !nd Services $omp!nies ;NASS$O*9 is ! tr!de!ssoci!tion of Indi!n Inform!tion Technoog# ;IT9 !nd (usiness Process Outsourcing ;(PO9industr#. ,st!"ished in 1886 NASS$O* is ! non7profit org!ni5!tion.It is the go"! tr!de "od# with over 1200 mem"ers6 of which 20 !re go"! comp!nies6form -S6 -6 ,-6 =!p!n !nd $hin!. The mem"ers !re "!sic!# in the "usiness of softw!redeveopment6 softw!re services6 softw!re products6 IT7en!"edJ(PO services !nd e7commerce. NASS$O* w!s set up in 188 to f!ciit!te "usiness !nd tr!de in softw!re !ndservices !nd to encour!ge !dv!ncement of rese!rch in softw!re technoog#.It is the strongest proponent of go"! free tr!de6 !nd is committed to wor) pro!ctive# toencour!ge its mem"ers to !dopt word c!ss m!n!gement pr!ctices6 "uid !nd uphod highestst!nd!rds in :u!it#6 securit# !nd innov!tion !nd rem!in competitive in tod!#4s r!pid#ch!nging technoog# !ndsc!pe. It is the most rei!"e source of d!t! !nd inform!tion in theIndi! Softw!re Industr#.In Indi! !nd !round the word6 NASS$O* mem"ers !re p!rticip!nts in the new go"!econom# !nd !re reputed for their cutting7edge "usiness pr!ctices !nd soci! initi!tives.

    N'$ (($!

    NASS$O*@s vision is to est!"ish Indi! !s the 21st centur#@s softw!re powerhouse !nd

    position the countr# !s the go"! sourcing hu" for softw!re !nd services.*em"ers en?o# sever! "enefits incuding inform!tion on ch!nges in poicies of the/overnment of Indi! with reg!rds to computer softw!re !nd IT services.

    A( !% O*'"()*

    The prim!r# o"?ective of NASS$O* is to !ct !s ! c!t!#st for the growth of the softw!redriven IT industr# in Indi!. Other go!s incude f!ciit!tion of tr!de !nd "usiness in softw!re!nd services6 encour!gement !nd !dv!ncement of rese!rch6 prop!g!tion of educ!tion !ndempo#ment6 en!"ing the growth of the Indi!n econom# !nd provide compeing "usiness

    "enefits to go"! economies "# go"! sourcing.

    NASS$O* !so ende!vors to ever!ge IT !nd n!rrow the digit! divide in Indi! !nd en!"eher citi5ens to en?o# the "enefits of IT. It !so "oosts the process of Innov!tionF IT wor)forcedeveopment !nd enh!nce c#"er securit#.

    ,#"!*#(- +(" "* G$)*#!*!"

    NASS$O* !cts !s !n !dvisor6 consut!nt !nd coordin!ting "od# for the softw!re !ndservices industr# in Indi!.

    NASS$O* h!s p!#ed ! )e# roe in en!"ing the government in Indi! to deveop industr#friend# poicies. It h!s "een ! proponent of free tr!de6 !rguing for 5ero t!riff protection6

    strong inteectu! propert# !nd d!t! protection !ws6 deregu!tion of the teecom m!r)et !nd

  • 8/11/2019 Information Technology Act - Final

    36/56

    the cre!tion of softw!re technoog# p!r)s !nd priv!te sector p!rticip!tion in the educ!tions#stem 7 me!sures which h!ve resuted in signific!nt growth of the industr#.

    NASS$O* !so p!#s ! roe in eng!ging with go"! !i!nces on softw!re :u!it# st!nd!rds6immigr!tion poicies6 ETO !nd free tr!de in services6 !nd neDt7gener!tion "est pr!ctices ingo"! sourcing of services.

    R**#'

    NASS$O* undert!)es rese!rch on the I$T industr# in Indi! !nd the word in order tocontinuous# educ!te its mem"ers of new "usiness opportunities6 "usiness pr!ctices in go"!m!r)ets6 potenti! thre!ts to industr# growth !nd !ttr!ct !ddition! investments in Indi!.

    (" $/ ,#$%'" !% S*#)('*

    NASS$O* strong# "eieves in encour!ging its mem"ers to provide go"! :u!it# products!nd services. The !ssoci!tion provides !ssist!nce to its mem"ers in !chieving intern!tion!:u!it# certific!tions "# org!ni5ing semin!rs !nd re!ted progr!ms on :u!it# st!nd!rds !nddissemin!ting reev!nt inform!tion.

    I!"**'" ,#$-*#" R("

    NASS$O* is !n !rdent supporter of strong inteectu! propert# !ws in Indi!.NASS$O* !so !unched the countr#@s first !nti7pir!c# hotine !nd Indi!@s first !nti7pir!c#to7free hotine. NASS$O* h!s !so successfu# f!ciit!ted enforcement !ws !g!instsoftw!re pir!c# in Indi! !nd heped introduce $#"er &!ws.

    ,#"!*#(- +(" M**#

    The org!ni5!tion provides v!rious services to its mem"ers such !s the foowing

    $re!ting "usiness opportunities !nd sh!ring of "est pr!ctices )nowedge through

    forums6 semin!rs !nd conferences Pu"ishing rese!rch reports th!t provide the mem"ers counse from e!ding industr#

    !n!#sts. The org!ni5!tion !so m!int!ins ! d!t!"!se of mem"er comp!nies specif#ingtheir !re!s of eDpertise.

    Providing inform!tion on go"! "usiness norms on t!D!tion6 regu!tions6 recruitment6

    etc.

    NASSCOM INITIATIES INCLDE

    The Comestic *!r)et Initi!tive6 cre!ted to integr!te the IT !nd non7IT sectors !nd to

    p!n for continued IT industr# growth.

    The Innov!tion Initi!tive6 cre!ted to foster !n environment th!t meets the specific

    needs of Indi!n "usinesses of ! si5es.

    The ,duc!tion Initi!tive6 cre!ted to provide !ddition! tr!ining !nd s)i enh!ncement

    to improve gr!du!te empo#!"iit#. This initi!tive !so interf!ces "etween industr#6

    !c!demi! !nd government.

  • 8/11/2019 Information Technology Act - Final

    37/56

    The Eomen in &e!dership7IT Initi!tive6 cre!ted to incre!se the num"er of women

    entering the IT7(PO industr# !nd enh!nce the c!reer prospects for those women in the

    industr#.

    The Securit# Initi!tive6 cre!ted to promote inform!tion securit# !nd compi!nce

    through pu"ic educ!tion !nd cre!tion of ! securit#7!w!re environment.

    THE CRIME AND CRIMINAL TRAC9ING NETWOR9 AND SYSTEMS ?CCTNS@

    I!("("()* NASSCOM & N"($! C#(* R*'$#% B#* M(!("# $/ H$* A//(#

    Eith the $$TNS in p!ce6 ! inform!tion wi "e !v!i!"e onine. Inform!tion reg!rdingfingerprints6 unidentified "odies6 missing persons6 stoen vehices6 stoen !rms6 etc.6 wi "e

    ?ust ! cic) !w!#.

    G!ciit!te coection6 stor!ge6 retriev!6 !n!#sis6 tr!nsfer !nd sh!ring of d!t! !nd Inform!tion!mong Poice St!tions6 Cistrict6 St!te he!d:u!rters !nd other org!ni5!tionJ!gencies6 incudingthose !t /overnment of Indi! eve.

    ep in en!"ing !nd !ssisting the senior Poice Officers in "etter m!n!gement of

    Poice Gorce

    eeping tr!c) of the progress of the crime !nd crimin! investig!tion !nd prosecution

    c!ses6 incuding progress of c!ses in the court

    ep in reducing the m!nu! !nd redund!nt record )eeping.

    C$-#($! *"+**! I!%(! C*# + & ,((--(!* C*# L+

    INDIAN CYBER LAWS ,HILI,INNES CYBER LAWS

    $iti5ens c!n !v!i wider freedom of Greedom of eDpression is restricted due to

  • 8/11/2019 Information Technology Act - Final

    38/56

    eDpression sternness of the !w

    The punishments under this !w !re ess

    severe

    The punishments !re h!rsh. Onine crimes !re

    punished more severe# th!n the re! crime

    which incudes fine of miion "uc)s or up to

    12 #e!rs in ?!i.

    $hid pornogr!ph# % c#"er s:u!tting is

    punish!"e under this !w.

    The !mendment under this !w on 3 rdOcto"er

    2012 proposed to remove chid pornogr!ph#

    % c#"er s:u!tting.

    There is no such provision under this !w. This !w m!nd!tes N!tion! (ure!u of

    investig!tion % Phiippine n!tion! poice to

    org!ni5e c#"er crime units st!ffed "# speci!

    investig!tors who !re soe# responsi"e to

    h!nde c#"ercrime c!ses.

    Person! d!t! of citi5ens is e!si# !ccessi"e. Person! d!t! of citi5ens is )ept high#

    confidenti!

    CASE STDIES

    NMIMS

    In ! m!?or educ!tion7re!ted r!c)et "ust6 siD persons h!ve "een identified for h!ving

    imperson!ted 8> c!ndid!tes in the N!rsee *on?ee *!n!gement Aptitude Test ;N*AT9 which

    w!s hed from Octo"er 11 to Cecem"er 16 2012. A ?oint te!m of the c#"er7crime poice !nd

    -nit 86 $rime (r!nch6 *um"!i h!s !rrested one of these imperson!tors whie the rem!ining

    five !re #et to "e c!ught6 c!imed the *um"!i7"!sed N!rsee *on?ee Institute of *!n!gement

  • 8/11/2019 Information Technology Act - Final

    39/56

    Studies ;N*I*S9 -niversit#6 which conducts the N*AT for !dmissiSons to its *(A

    progr!ms.

    The !eged imperson!tor c!ught unti now is n!med Ao) um!r. In !ddition6 the poice

    c!imed to h!ve !rrested five other peope who were org!nising the

    m!pr!ctice. (r!?endr!pr!t!p Singh6 one of these !ccused6 h!d promised one student of

    securing him p!ssing m!r)s in the N*AT through m!n!gement :uot! for 's 1 !)h.

    There!fter6 the !ccused too) 's >. !)h !s !dv!nce from the student !nd empo#ed ! dumm#

    c!ndid!te to t!)e the test in p!ce of the student. The !ccused then informed the student th!t

    he h!d p!ssed the N*AT eD!m !nd h!d "een shortisted for the group discussion !nd

    interview. The student woud then "e !s)ed to p!# up the rem!ining 's >. !)h.

    The other !ccused h!ve "een tr!ced !nd !rrested from Cehi6 -tt!r Pr!desh !nd

    Pune. !num!nt Singh /u?!r@s credit c!rd w!s used to p!# the !dmission fees for some of the

    students whie his "rother Sugriv Singh /u?!r used to medi!te "etween the students !nd

    dumm# test t!)ers. P!v!n um!r !nd im!nshu She)h!r were "oth !so middemen who

    used to ure N*I*S !spir!nts into p!#ing mone# on the preteDt of !dmission through

    m!n!gement :uot! !nd then p!ss them on to consut!nts. Such w!s the efficienc# of the

    ieg! service th!t most of these students scored 220 m!r)s or !"ove in N*AT6 ! ver# high

    score for the test.

    Ehie the imperson!tors m!n!ged to get p!st the N*AT verific!tion s#stems using forged

    prim!r# !nd second!r# identit# proofs6 the students "enefitting from the m!pr!ctice were

    n!ied "# N*I*S during the group discussion !nd interview st!ge !fter their photogr!phs

    were found to "e not m!tching those given !t the time of the test. Among the 8> students who

    !eged# !v!ied of this m!pr!ctice6 on#

  • 8/11/2019 Information Technology Act - Final

    40/56

    profiing6 used to prevent imperson!tion6 during the test chec)7in process. Cespite !rgu!"#

    we!)er securit# me!sures6 the N*AT costs 's 16 students !cross the countr#. The# shunted cities6 time sots !nd test

    st!ges to c!rr# out the !eged su"terfuge. *ore th!n 's 13 crore ch!nged h!nds in the

    process. Aso6 this might on# "e the tip of the ice"erg !s preimin!r# investig!tions reve!ed

    th!t this g!ng might "e invoved in simi!r m!pr!ctices !t other m!n!gement entr!nce eD!ms

    !s we.

    BAEE.COM CASE

    Avnish (!?!? Qs. St!te ;N.$.T.9 of Cehi

    Avnish (!?!? K $,O of (!!5ee.com6 ! customer7to7customer we"site6 which f!ciit!tes theonine s!e of propert#. (!!5ee.com receives commission from such s!es !nd !so gener!tes

    revenue from !dvertisements c!rried on its we" p!ges.

    An o"scene **S cipping w!s isted for s!e on (!!5ee.com on 2>th Novem"er6 200 in then!me of BCPS /ir h!ving fun. Some copies of the cipping were sod through (!!5ee.com!nd the seer received the mone# for the s!e.

    Avnish (!?!? w!s !rrested under section of the Inform!tion Technoog# Act6 2000 !nd his"!i !ppic!tion w!s re?ected "# the tri! court. e then !ppro!ched the Cehi igh $ourt for"!i.

    A#*!" "* -#$*'"($! :

    1. The !ccused did not stop p!#ment through "!n)ing ch!nnes !fter e!rning of the

    ieg! n!ture of the tr!ns!ction.2. The item description BCPS /ir h!ving fun shoud h!ve r!ised !n !!rm.

    A#*!" "* %*/*!%!" :

    1. Section of the Inform!tion Technoog# Act re!tes to pu"ic!tion of o"scene

    m!teri!. It does not re!te to tr!nsmission of such m!teri!.

    2. On coming to e!rn of the ieg! ch!r!cter of the s!e6 remedi! steps were t!)en

    within 38 hours6 since the intervening period w!s ! wee)end.

    F(!%(! $/ "* '$#"

    1. It h!s not "een est!"ished from the evidence th!t !n# pu"ic!tion too) p!ce "# the

    !ccused6 direct# or indirect#.2. The !ctu! o"scene recordingJcip coud not "e viewed on the port! of (!!5ee.com.

  • 8/11/2019 Information Technology Act - Final

    41/56

    3. The s!e consider!tion w!s not routed through the !ccused.

    . Prim! f!cie (!!5ee.com h!d ende!vored to pug the oophoe.

    . The !ccused h!d !ctive# p!rticip!ted in the investig!tions.

    d!t!"!ses of 0/( in si5e from

    Truec!er servers. At the time of writing this !rtice it4s not ce!r whether the entire d!t!"!se

    h!s "een stoen or on# p!rti!. The d!t!"!se !so !pp!rent# cont!ins !ccess codes to user4s

    G!ce"oo)6 Twitter6 /m!i6 !nd &in)edIn !ccounts6 !owing h!c)ers to su"mit !n upd!te from

    Truec!er users !ccount who h!ve connected these networ)s to their !ccount6 !s per the

    report. Ee !dvise users to immedi!te# remove Truec!er from giving !ccess to Truec!er

    service.

    (esides ste!ing the d!t!"!se6 the h!c)ers !so posted !dmin ogin credenti!s to Truec!er4s

    d!t!"!se on Twitter. At the time of writing this !rtice the d!t!"!se w!s not !ccessi"e6

    however6 we c!n4t rue out the possi"iit# of d!t!"!se re!ching in wrong h!nds.

    True$!er !ows users to oo) up for !non#mous mo"ie !nd !ndine num"ers on the we"

    or on their Internet7en!"ed mo"ie phone !nd "rowse through cont!ct inform!tion of the

    owner of th!t mo"ie or !ndine num"er. (esides this6 it !so !ows users to view c!er IC

    http://www.truecaller.com/http://www.truecaller.com/
  • 8/11/2019 Information Technology Act - Final

    42/56

    inform!tion of the current c!er6 "oc) unw!nted c!s !nd connect their G!ce"oo) or

    &in)edIn !ccount to view the !test mess!ges from their connections.

    The issue with the !pp is th!t -*#$! ( !$" (! '$!"#$ (/ "*(# !*# ( *(! #*% $!

    "* *#)('* $!* $/ "*(# '$!"'". Ehie the service doesoffer!n option to unist !

    num"er6 we !re not sure how m!n# peope !re !w!re th!t their num"er is !re!d# sh!red on

    the service !nd then go !"out unisting their num"er on the service. (esides th!t6 it4s !so

    unce!r whether Truec!er !ctu!# deetes ! records from their d!t!"!se !fter one deists

    their num"ers. Grom their GAU

    BGor the respect of #our securit#6 #our num"er wi "e immedi!te# !nd perm!nent# removed

    from !n# se!rch resut. ou c!nnot su"mit #our num"er !g!in. Pe!se go

    tohttpJJwww.truec!er.comJunistto unist #our num"er perm!nent#.

    Ehie it st!tes th!t it removes one4s num"er from se!rch resuts it4s not !pp!rent th!t the

    records !re perm!nent# deeted. So even if one h!s unisted their num"er6 we !re not :uite

    sure whether their d!t! h!s "een compromised !s it might sti "e stored in Truec!er4s

    servers.

    &!st month6 Truec!er h!dc!imedto h!ve coc)ed 20 miion users go"!# !st month6 up

    from10 miion usersin =!nu!r# 2013. Truec!er h!d previous# c!imed th!t m!?orit# of its

    users !re from Indi!6 !though it h!dn4t discosed !n# specific inform!tion on its Indi!n user

    "!se. An ,T reportsuggests th!t the comp!n# h!d 1.< miion users in Indi! !s of =une 2012

    !nd !ccounted for h!f of the comp!n#4s user"!se. Aso note th!t6 these 1.< miion users th!t

    the report suggests !re the ones th!t use the !ppic!tion6 which me!ns th!t "* '" !*#

    $/ -$!* $$; #*'$#% /#$ I!%( $! T#*'*# *#)*# '$% * ' (*#.

    G#**; ';*# "* R 13 ; /#$ A

  • 8/11/2019 Information Technology Act - Final

    43/56

    Poor# secured c!rds from Indi!n "!n)s!nd crimin! eements eDpoiting unprofession! w!#

    of using de"it !nd credit c!rds!re r!ising the num"er of fin!nci! crimes "oth oc!# !nd

    !"ro!d. At e!st 's 30 crore worth of tr!ns!ctions were done !st Cecem"er !nd =!nu!r#

    using stoen credit c!rd identit#. MEe h!ve reversed the imp!ct in ! such customers@ !ccounts

    with immedi!te effect6 to ensure the# !re not inconvenienced6@@ s!id !n ADis (!n) spo)esm!n.

    The intern!tion! s#ndic!te of crimin!s w!s !ccessing inform!tion !"out c!rd hoders !t

    ret!i est!"ishments. These were done most# "# coning c!rds during intern!tion! tr!ve.

    Some of the countries such !s South Afric! !nd Th!i!nd !re notorious for th!t.

    (!n)s !re enh!ncing the securit# to prevent misuse of eectronic p!#ments6 which h!s now

    "ecome the preferred mode of tr!ns!ction for customers. MIf the# profie customers !nd

    determine vectors correct# then !n !"norm! us!ge woud cre!te ! red f!g 7 i)e the oc!tion

    where the mone# is withdr!wn6M S!?!n P!u6 director7 s#stems engineering 7 Indi! % SAA'$

    for =uniper Networ)s tod ,T.

    In Cecem"er6 Pune7"!sed p!#ment processor ,ectr!$!rd Services w!s h!c)ed "# ! go"!

    c#"er7crime ring6 which !so "ro)e into the s#stems of (!ng!ore7"!sed ,nSt!ge Inc.

    compens!ted the victims.

    A--* /( softw!re upd!te6 which is s!ted for

    this f!.

    http://economictimes.indiatimes.com/topic/Indian%20bankshttp://economictimes.indiatimes.com/topic/Indian%20bankshttp://economictimes.indiatimes.com/topic/credit%20cardshttp://economictimes.indiatimes.com/topic/electronic%20paymentshttp://economictimes.indiatimes.com/topic/EnStage%20Inc.http://economictimes.indiatimes.com/topic/iOShttp://economictimes.indiatimes.com/topic/Indian%20bankshttp://economictimes.indiatimes.com/topic/credit%20cardshttp://economictimes.indiatimes.com/topic/electronic%20paymentshttp://economictimes.indiatimes.com/topic/EnStage%20Inc.http://economictimes.indiatimes.com/topic/iOS
  • 8/11/2019 Information Technology Act - Final

    44/56

    Three computer scientists6 who !erted Appe to the pro"em e!rier this #e!r6 demonstr!ted

    the securit# vuner!"iit# !t the (!c) !t h!c)ing convention in &!s Qeg!s on Eednesd!#

    where some >6000 securit# profession!s !re e!rning !"out the !test thre!ts posed "#

    computer h!c)ing.

    Appe s!id the issue h!d "een fiDed in the !test "et! of iOS >6 which h!s !re!d# "een

    ree!sed to softw!re deveopers.

    MEe woud i)e to th!n) the rese!rchers for their v!u!"e input6M Appe spo)esm!n Tom

    Neum!#rs!id.

    The wor) w!s done "# (i# &!u6! rese!rch scientist !t the/eorgi! Institute of Technoog#6

    !nd gr!du!te students eong?in =!ng!nd $heng#u Song.

    In ! demonstr!tion !t the h!c)ing conference6 the# pugged !n iPhone into ! custom7"uit

    ch!rger the# e:uipped with ! tin# &inuD computer th!t w!s progr!mmed to !tt!c) iOS

    devices. The# s!id it cost !"out L to "u# !nd ! wee) to design.

    It infected the phone with ! computer virus designed to di! the phone of one of the

    rese!rchers6 which it did.

    The# s!id th!t re!7word c#"er crimin!s might "uid viruses th!t woud give them remote

    contro of the devices. Th!t woud en!"e them to t!)e screen shots for ste!ing "!n)ing

    p!sswords !nd credit c!rd num"ers. The# coud !so !ccess em!is6 teDts !nd cont!ct

    inform!tion or tr!c) the oc!tion of the phone@s owner6 &!u s!id.MIt c!n "ecome ! sp#ing

    too6M s!id &!u.

    &!u s!id the# were pu"ici5ing the issue in the spirit of Mwhite h!tM h!c)ing6 which is finding

    securit# "ugs so th!t m!nuf!cturers c!n fiD them "efore crimin!s eDpoit them.

    MSecurit# doesn@t wor) if #ou "ur# pro"ems6M he tod 'euters on the sideines of the press

    conference.

    &!u s!id th!t devices running /ooge Inc@s Androidoper!ting s#stem !re not vuner!"e to

    the s!me t#pes of !tt!c) "ec!use the# w!rn users if the# pug devices into ! computer6 even

    one posing !s ! ch!rging st!tion.After Appe@s iOS > softw!re upd!te6 ! mess!ge wi pop up

    http://economictimes.indiatimes.com/topic/Tom%20Neumayrhttp://economictimes.indiatimes.com/topic/Tom%20Neumayrhttp://economictimes.indiatimes.com/topic/Billy%20Lauhttp://economictimes.indiatimes.com/topic/Billy%20Lauhttp://economictimes.indiatimes.com/topic/Georgia%20Institute%20of%20Technologyhttp://economictimes.indiatimes.com/topic/Georgia%20Institute%20of%20Technologyhttp://economictimes.indiatimes.com/topic/Georgia%20Institute%20of%20Technologyhttp://economictimes.indiatimes.com/topic/Yeongjin%20Janghttp://economictimes.indiatimes.com/topic/iPhonehttp://economictimes.indiatimes.com/topic/Linuxhttp://economictimes.indiatimes.com/topic/Androidhttp://economictimes.indiatimes.com/topic/Tom%20Neumayrhttp://economictimes.indiatimes.com/topic/Tom%20Neumayrhttp://economictimes.indiatimes.com/topic/Billy%20Lauhttp://economictimes.indiatimes.com/topic/Georgia%20Institute%20of%20Technologyhttp://economictimes.indiatimes.com/topic/Yeongjin%20Janghttp://economictimes.indiatimes.com/topic/iPhonehttp://economictimes.indiatimes.com/topic/Linuxhttp://economictimes.indiatimes.com/topic/Android
  • 8/11/2019 Information Technology Act - Final

    45/56

    to !ert the user th!t the# !re connecting to ! computer6 not !n ordin!r# ch!rger6 he s!id.

    NEWS ARTICLES

    M$" "$'; *'#(* "*(' #(;

    N,E C,&I A m!?orit# of stoc) eDch!nges wordwide c!me under c#"er !tt!c)s!st #e!r

    !nd !most 0 per cent of them perceive such !ctivities to "e ! potenti! s#stemic ris)6

    !ccording to ! surve#.

    Gor the "ourses6 c#"er7crimes 77 whose n!ture is "ecoming more compeD 77 coud resut in

    Mm!ssive fin!nci! !nd reput!tion! imp!ct6M !mong other !dverse f!outs.

    The findings !re p!rt of the 2012713 $#"er7$rime Surve# ?oint# conducted "# the IOS$O

    'ese!rch Cep!rtment !nd the Eord Geder!tion of ,Dch!nges. It covered v!rious eDch!nges

    !nd centr! counterp!rt# ce!ring houses !cross the word.

    The Intern!tion! Org!nis!tion of Securities $ommissions ;IOS$O9 is ! grouping of c!pit!

    m!r)etregu!tors6 incuding the Securities !nd ,Dch!nge (o!rd of Indi!; Se"i9.

    MA m!?orit# of eDch!nges ;8 per cent9 view c#"er7crime in securities m!r)ets !s ! potenti!

    s#stemic ris)6M the report s!id.

    *ore th!n h!f of the eDch!nges surve#ed s!id the# h!d suffered ! c#"er !tt!c) in 2012.

    M,Dch!nges from the Americ!s were more i)e# to report h!ving suffered !n !tt!c) ; per

    cent96M it !dded.

    $#"er7crimes in the securities m!r)ets !re gener!# disruptive in n!ture !nd coud neg!tive#

    imp!ct m!r)et integrit# !nd efficienc#.

    Gurther6 the surve# showed th!t eDch!nges empo# sever! prevent!tive !nd detection

    mech!nisms to t!c)e c#"er7crimes.

    http://economictimes.indiatimes.com/topic/cyber%20attackshttp://economictimes.indiatimes.com/topic/cyber%20attackshttp://economictimes.indiatimes.com/topic/IOSCOhttp://economictimes.indiatimes.com/topic/capital%20markethttp://economictimes.indiatimes.com/topic/capital%20markethttp://economictimes.indiatimes.com/topic/capital%20markethttp://economictimes.indiatimes.com/topic/Sebihttp://economictimes.indiatimes.com/topic/cyber%20attackshttp://economictimes.indiatimes.com/topic/IOSCOhttp://economictimes.indiatimes.com/topic/capital%20markethttp://economictimes.indiatimes.com/topic/capital%20markethttp://economictimes.indiatimes.com/topic/Sebi
  • 8/11/2019 Information Technology Act - Final

    46/56

    M...Ne!r# ! ; per cent9 of eDch!nges surve#ed report th!t dis!ster7recover# protocos !re

    in p!ce in their org!nis!tion6M it !dded.

    owever6 !"out ! :u!rter of the p!rticip!ting "ourses s!id th!t current prevent!tive !nd

    recover# mech!nisms m!# not "e sufficient in the f!ce of ! !rge7sc!e6 coordin!ted c#"er7

    !tt!c).

    *e!nwhie6 ! st!ff wor)ing p!per pu"ished on =u# 1< "# IOS$O s!id inst!nces of !tt!c)s

    !g!inst eDch!nges me!ns th!t c#"er7crime is !re!d# t!rgeting securities m!r)ets@ core

    infr!structures !nd providers of essenti! ;!nd non7su"stitut!"e services9.

    MAt this st!ge6 these c#"er7!tt!c)s h!ve not imp!cted core s#stems or m!r)et integrit# !nd

    efficienc#. owever6 some eDch!nges surve#ed suggest th!t ! !rge7sc!e6 successfu !tt!c)

    m!# h!ve the potenti! to do so6M the p!per s!id.

    C*# '#(* E $!* '; $/ %*"*##*!" (% $+ $ #;*" #* I!%(! (!"$

    ';(! *#)('*

    *-*(AI Indi! is f!st emerging !s ! t!ent hotspot for the go"! c#"er7crime industr# !mid

    sow hiring in the tr!dition! softw!re industr#6 the ure of e!s# mone#6 !nd !c) of !w

    enforcement6 !ccording to computer securit# eDperts.

    Eor) such !s h!c)ing into computer networ)s !nd cre!tion of m!w!re is "eing outsourced to

    c#"er7mercen!ries in Indi! through underground m!r)etp!ces. It is possi"e to rent "otnets 7

    computers controed "# ! h!c)er 7 to !unch dis!"ing !tt!c)s to "ring down we"sites for !s

    itte !s MIncre!sing#6 Indi! is "ecoming not ?ust the victim "ut the host countr# with reg!rd

    to c#"er !tt!c)s6M =!gdish *!h!p!tr!6 m!n!ging director for Indi! !nd SAA'$ !t !nti7virus

    m!)er *cAfee6 tod ,T. The process h!s "ecome so org!nised th!t some of these h!c)ing

    services come with &ive $h!t customer support6 !ccording to *cAfee.

    In 20126 *cAfee &!"s identified !t e!st 80 sep!r!te "its of re!d#7to7downo!d m!w!re

    hosted on computers in Indi!. In the first :u!rter of 20136 the num"er h!d ?umped to 16100.

    Indi! is r!n)ed eighth in the word in terms of num"er of !tt!c)s origin!ting here6 ! report "#A)!m!i Technoogies in *!# s!id.

  • 8/11/2019 Information Technology Act - Final

    47/56

    M(!c)h!ts c!n m!)e ! ot of mone#6 so I@m not surprised th!t we@re "eginning to see c#"er7

    crime m!r)ets emerge in Indi!6M s!id OD"ood 'uffin6 ! $!n!di!n h!c)tivist "!sed in

    (!ng!ore. In Internet securit# !ngu!ge6 ! "!c)h!t refers to someone who eDpoits

    vuner!"iities in computers with m!icious intent or person! g!in. In *!rch6 Norwegi!n

    teecommunic!tions services provider Teenor reported !n intrusion into its computer

    networ)s. $#"er7securit# comp!n# Norm!n Sh!r) tr!ced th!t !tt!c) to Indi! !nd documented

    it in ! whitep!per tited @-nveiing !n Indi!n $#"er7!tt!c) Infr!structure@.

    I!%( H "* S;(

    Mou h!ve underground h!c)er forums where peope post their h!c)ing re:uirement !nd #ou

    c!n "id for them !nd h!ve the mone# tr!nsferred to ! P!#P! !ccount vi! ! service c!ed

    Perfect *one#6M S!rv!i#! s!id. Ehie ethic! h!c)ers coud e!rn 306000 ! mon7th eg!#6

    c#"er crime fetches mo7re th!n L26000 ; 163060009 ! month.

    Perfect *one# functions !s !n e7currenc#. The currenc# units c!n "e tr!nsferred "etween

    customers6 whose identities c!n "e hidden. The units c!n "e redeemed for c!sh 7 in do!rs or

    euros 7 or god "# third7p!rt# eDch!nge services.

    The h!c)er forums c!nnot "e !ccessed vi! st!nd!rd we" "rowsers 7 wh!t is re:uired is !

    speci! "rowser c!ed ! Tor (rowser th!t !ows !ccess to the @hidden we"@ where these

    "!c)h!t h!c)ers oper!te.

    The forums oo) i)e ! soci! networ)ing site designed "# de!th7met! f!ns. Attempts "# ,T

    to cont!ct h!c)ers on these forums were not successfu. Some of the tr!its th!t m!de Indi! the

    hu" for sourcing technoog# services !re !so contri"uting to the rise of this new du"ious

    tr!de. Mou need softw!re s)isF the countr# h!s th!t c!p!"iit#. Then #ou need motiv!tion6

    which is the mone#6 !nd the )nowedge th!t the Indi!n eg! s#stem is i)e# to not "e !"e to

    prosecute #ou. These !re cross7"order computer crimes6 our !ws h!ve not re!ched th!t

    point6M s!id Cinesh Pi!i6 $,O of *!hindr! Speci! Services /roup.

    There is no estim!te of the num"er of Indi!n h!c)ers for hire. And securit# industr#

    profession!s s!id whie the# )new the num"er of !tt!c)s from Indi! w!s rising6 the# coud

  • 8/11/2019 Information Technology Act - Final

    48/56

    not pinpoint individu! !tt!c)s th!t coud "e !ttri"uted to Indi!n h!c)ers L2 ; 129 per hour.

    I!%( I!' $% +;* - "$ "* '*# "#*"

    The recent incident of c#"er theft !t ADis (!n)shoud serve !s ! w!)e7up c! for Indi!n

    industr#. Ee !re vuner!"e.

    Cem!teri!ised sh!res hed in eectronic !ccounts6 "!n)s !nd pension funds6 power

    tr!nsmission !nd distri"ution s#stems6 tr!in sign!ing s#stems6 he!th c!re s#stems !nd

    records6 w!ter distri"ution s#stems6 the A!dh!!r d!t!"!se6 pr!ctic!# ever#thing is tod!#

    controed in c#"er sp!ce.

    If th!t contro does not wor) !s it is supposed to6 or gets hi?!c)ed "# crimin!s or hostie st!te

    !gencies6 ch!os wi resut. Indi! needs to put in p!ce s#stems to gu!rd !g!inst !rge7sc!e

    disruption !nd oss !s ! resut of c#"er !tt!c)s. And this goes "e#ond form! !dherence to

    ISO st!nd!rds.

    The government is re!d#ing ! c#"er securit# fr!mewor)6 ! c#"er securit# poic# !nd !

    N!tion! $#"er $oordin!tion $entre;N$$$9 th!t wi monitor met!d!t! on c#"er tr!ffic

    fows. owever6 it is "e#ond the government@s prowess to ensure securit# on its own.

    On# strong pu"ic7priv!te p!rtnership c!n secure the n!tion !nd its vit! functions. This c!s

    for coordin!ted !ction on mutipe fronts. One is poic# !nd egis!tion6 to ensure integrit#

    !nd !ccount!"iit# to c#"er monitoring.

    The government proceeds !s if one c!use in the Inform!tion Technoog# Act is enough to

    protect Indi!ns@ priv!c#. Ee need ! sep!r!te !nd we7thought7out !w on the su"?ect.

    Procedures for "re!ching it when necess!r# must "e rigorous6 tr!nsp!rent !nd !men!"e to

    !udit. A second front is technoogic! c!p!"iit#. Grom setting st!nd!rds !nd testing of

    e:uipment to !dv!nces in cr#ptogr!ph#6 !rge !re!s c! for institutions to "e set up !nd

    hum!n c!p!"iit# "uit up.

    A strong domestic m!nuf!cturing "!se woud "e ! gre!t hep. Pu"ic !w!reness !nd

    invovement is the third !re! of !ction. Grom p!ssive securing of individu! phones !nd

    http://economictimes.indiatimes.com/axis-bank-ltd/stocks/companyid-9175.cmshttp://economictimes.indiatimes.com/topic/pensionhttp://economictimes.indiatimes.com/topic/cyber%20security%20policyhttp://economictimes.indiatimes.com/topic/National%20Cyber%20Coordination%20Centrehttp://economictimes.indiatimes.com/topic/Information%20Technology%20Acthttp://economictimes.indiatimes.com/axis-bank-ltd/stocks/companyid-9175.cmshttp://economictimes.indiatimes.com/topic/pensionhttp://economictimes.indiatimes.com/topic/cyber%20security%20policyhttp://economictimes.indiatimes.com/topic/National%20Cyber%20Coordination%20Centrehttp://economictimes.indiatimes.com/topic/Information%20Technology%20Act
  • 8/11/2019 Information Technology Act - Final

    49/56

    computers to !ctive rese!rch in com"!ting c#"er !tt!c)s !nd snooping6 ! r!nge of !ctivit#

    c!s for vigorous p!rticip!tion "# Indi!@s #outh. The# must "e enthused !nd motiv!ted. The

    c#"er !gend! is !rge !nd urgent.

    9*# "$ *" - 1 '*# '* "$ "';* '*# '#(*

    TI'-QANANTAP-'A* The er!! government wi set up 1 c#"er ces to t!c)e the

    growing incidence of c#"er7re!ted crimes in the st!te6 $hief *inister Oommen $h!nd#s!id

    here tod!#.

    Spe!)ing to reporters !fter ! c!"inet meeting6 he s!id the c#"er ces woud "e set up in poice

    district he!d:u!rters6 for which seven new posts h!ve "een s!nctioned.

    S#)* $! '*# + & '*# "#*"

    ECONOMICS TIME ANALYSIS ?12" SE,TEMBER 2012@

    In the p!st 12 months6 c#"er crime cost ever# Indi!n net worth victim 's. 106 on !n!ver!ge. Indi! is emerging !s the go"! hot spot of c#"er croo)s.

    http://economictimes.indiatimes.com/topic/Oommen%20Chandyhttp://economictimes.indiatimes.com/topic/Oommen%20Chandy
  • 8/11/2019 Information Technology Act - Final

    50/56

    S#)* A!( INDIA GLOBAL

    AERAGE

    N*# $/ '*# '#(* )('"( 2 miion 23 miion

    T$* %*/#%*% $!'* (! "*(# (/*"(*

  • 8/11/2019 Information Technology Act - Final

    51/56

    2. !ve #ou ever tried the foowing !ctivities

  • 8/11/2019 Information Technology Act - Final

    52/56

    3. Co #ou )now how !nd where to report c#"er7crime re!ted !ctivities

    . An eectronic sign!ture is used for !uthentic!ting !n onine document. ow s!fe do

    #ou thin) it is '!te on ! sc!e of 17. ;17ver# uns!fe6 7 ver# s!fe9

  • 8/11/2019 Information Technology Act - Final

    53/56

    . Eh!t do #ou thin) the IT Act is for

    CONCERNS OF CYBER LAWS

    L$$-$*

    !ving discussed in det!i ! the provisions of ITA !nd ITAA6 et us now oo) !t some of the

    "ro!der !re!s of omissions !nd commissions in the Act !nd the gener! criticism the Acts

    h!ve f!ced over the #e!rs.

    A@ A+#*!*There is no serious provision for cre!ting !w!reness !nd putting such

    initi!tives in p!ce in the Act. The government or the investig!ting !gencies i)e the

    Poice dep!rtment ;whose ?o" h!s "een m!de comp!r!tive# e!sier !nd focused6

    th!n)s to the p!ssing of the IT Act96 h!ve t!)en !n# serious step to cre!te pu"ic

    !w!reness !"out the provisions in these egis!tions6 which is !"soute# essenti!

    considering the f!ct th!t this is ! new !re! !nd technoog# h!s to "e e!rnt "# ! the

    st!)e7hoders i)e the ?udici! officers6 eg! profession!s6 itig!nt pu"ic !nd the

    pu"ic or users !t !rge. ,speci!# provisions i)e scope for !d?udic!tion process isnever )nown to m!n# incuding those in the investig!ting !gencies.

  • 8/11/2019 Information Technology Act - Final

    54/56

    B@ #(%('"($!This is ! m!?or issue which is not s!tisf!ctori# !ddressed in the ITA or

    ITAA.

    =urisdiction h!s "een mentioned in Sections !nd

  • 8/11/2019 Information Technology Act - Final

    55/56

    it is :uite n!tur! th!t m!n# issues on c#"er crimes !nd m!n# crimes per se !re eft

    uncovered. *!n# c#"er crimes i)e c#"er s:u!tting with !n evi !ttention to eDtort

    mone#. Sp!m m!is6 ISP4s i!"iit# in cop#right infringement6 d!t! priv!c# issues h!ve

    not "een given !de:u!te cover!ge.

    (esides6 most of the Indi!n corpor!te incuding some Pu"ic Sector undert!)ings use

    Oper!ting S#stems th!t !re from the Eest especi!# the -S !nd m!n# softw!re

    utiities !nd h!rdw!re items !nd sometimes firmw!re !re from !"ro!d. In such c!ses6

    the !ctu! re!ch !nd import of IT Act Sections de!ing with ! utiit# softw!re or !

    s#stem softw!re or !n Oper!ting S#stem upgr!de or upd!te used for downo!ding the

    softw!re utiit#6 is to "e specific!# !ddressed6 !s otherwise ! pecui!r situ!tion m!#

    come6 when the user m!# not )now whether the upgr!de or the p!tch is getting

    downo!ded or !n# sp#w!re getting inst!ed. The Act does not !ddress the

    government4s poic# on )eeping the "!c)up of corpor!tes incuding the PS-s !nd

    PS(s in our count# or !"ro!d !nd if )ept !"ro!d6 the su"?ective eg! ?urisprudence on

    such softw!re "!c)ups. *ost of the c#"er crimes in the n!tion !re sti "rought under

    the reev!nt sections of IP$ re!d with the comp!r!tive sections of ITA or the ITAA

    which gives ! comfort f!ctor to the investig!ting !gencies th!t even if the ITA p!rt of

    the c!se is ost6 the !ccused c!nnot esc!pe from the IP$ p!rt.

    To :uote the noted c#"er !w eDpert in the n!tion !nd Supreme $ourt !dvoc!te Shri

    P!v!n Cugg!6 BEhie the !wm!)ers h!ve to "e compemented for their !dmir!"e

    wor) removing v!rious deficiencies in the Indi!n $#"er!w !nd m!)ing it

    technoogic!# neutr!6 #et it !ppe!rs th!t there h!s "een ! m!?or mism!tch "etween

    the eDpect!tion of the n!tion !nd the resut!nt effect of the !mended egis!tion. The

    most "i5!rre !nd st!rting !spect of the new !mendments is th!t these !mendments

    see) to m!)e the Indi!n c#"er!w ! c#"er crime friend# egis!tion th!t chooses to

    encour!ge c#"er crimin!s "# essening the :u!ntum of punishment !ccorded to them

    under the eDisting !wF W.. ! egis!tion which m!)es ! m!?orit# of c#"ercrimes

    stipu!ted under the IT Act !s "!i!"e offencesF ! egis!tion th!t is i)e# to p!ve w!#

    for Indi! to "ecome the potenti! c#"er crime c!pit! of the wordWW

  • 8/11/2019 Information Technology Act - Final

    56/56