CyberLaw™ is the domain at the intersection of technology, risk, and law

UNIT I:

CYBER LAW

INTRODUCTION:

Cyber Law is the domain at the intersection of technology, risk, and law.

Legal aspects of computing are related to various areas of law. Cyber law is a term that encapsulates the legal issues related to use of communicative, transactional, and distributive aspects of networked information devices and technologies. It is less a distinct field of law than property or contract law, as it is a domain covering many areas of law and regulation. Some leading topics include intellectual property, privacy, freedom of expression, and jurisdiction. Information Technology Law is a set of recent legal enactments, currently in existence in several countries, which governs the process and dissemination of information digitally. These legal enactments cover a broad gamut of different aspects relating to computer software, protection of computer software, access and control of digital information, privacy, security, internet access and usage, and electronic commerce. These laws have been described as "paper laws" for "paperless environment".

Cyberspace:

Cyberspace is the electronic medium of computer networks, in which online communication takes place.[1] It is the domain of electromagnetic readily identified with the interconnected information technology required to achieve the wide range of system capabilities associated with the transport of communication and control products and services. Current technology integrates a number of capabilities (sensors, signals, connections, transmissions, processors, and controllers) sufficient to generate a virtual interactive experience accessible regardless of a geographic location.

Cyberspace is the dynamic realization of electromagnetic energy through the application of communication and control technology. In pragmatic terms, operations within this global domain allow an interdependent network of information technology infrastructures (ITI), telecommunications networks, and computer processing systems, integrated sensors, system control networks, embedded processors and controllers common to global control and communications across the electro-magnetic environment. As a social experience, individuals can interact, exchange ideas, share information, provide social support, conduct business, direct actions, create artistic media, play games, engage in political discussion, and so on. The term is rooted in the science of cybernetics from the Greek, steersman, governor, pilot, or rudder) and Norbert Wiener’s pioneering work in electronic communication and control science, a forerunner to current information theory and computer science.

The term “cyberspace” was first used by the cyberpunk science fiction author William Gibson.[2] Which he would later describe as an "evocative and essentially meaningless" buzzword that could serve as a cipher for all of his cybernetic musings (see origins of the term below). Now ubiquitous, the term has become a conventional means to describe anything associated with computers, information technology, the internet and the diverse internet culture. The United States government recognizes the interconnected information technology and the interdependent network of information technology infrastructures operating across this medium as part of the US National Critical Infrastructure.[3]

According to Chip Morningstar and F. Randall Farmer, cyberspace is defined more by the social interactions involved rather than its technical implementation. The core characteristic is that must be an environment which consists of many participants with the ability to affect and influence each other. They derive this concept from the observation that people seek richness, complexity, and depth within a virtual world. Hence in cyberspace, the computational medium is an augmentation of the communication channel between real people

The Concept of Cyberspace:

The concept of cyberspace has been associated with a kind of distinct geographical entity including information technology, e-commerce, copyright, and high-tech products. For the past 20 years, the Internet has become a place separate from and superior to general life andphysicalreality. The idea to compare Internet with a place comes from science fiction and video games. The metaphor has developed into the notion and Internet has become a separate world with its own rules and regulations, for example, speech and commerce. Due to social and psychological experience of using Internet going online now means going out of the real world.

The concept of cyberspace has been thought about as something distinct from physical reality. Immersive computing means that the users live in the same ‘space’ as their data rather than data inhabits users’ space. Everything has changed with the development of pervasive computing. Cyberspace is still considered to be a place but it is closely connected with physical reality and Pervasive computing technologies such as flexible displays, smart dust, sensors do not suppose immersion. These devices were designed to be unobtrusive and to take as little of users’ attention as possible. They can be operated anywhere and now the experience of being online will be absolutely different. The ability to access internet anywhere will help us to discover "real space" information. It is information about the place that you are, and it will compliment "real time" information. The users will be able to apply simultaneously 1990s it was a common knowledge that the development of virtual reality technologies would distract people from real space and plunge into virtual space. It was considered that virtual space would become a separate world. The technologies have developed at a high speed but the predictions do not come true.  Instead we get ‘augmented reality’ that adds digital media to the physical world and it turned out to be. Similarly should not be thought about as something distant from reality. Geographically it’s a new layer of our everyday world but not  a separate world.  We live in cyberspace and physical space at the same time.

E-Commerce in India:

In the heady days of Amazon.com, chairman and founder Jeff Bozos had said, “What's dangerous is not to evolve”. Years later with the second wave of e-commerce in India surging, Indian internet-driven companies seem to have learnt from their experiences and have evolved in their approach to online business models. Not many old companies of the 1999 era remain in 2010, but those who exist have set high standards and benchmarks for the new crop of startups.

It is from the learning and experiences of those old companies that the industry today appears mature in overcoming serious infrastructural challenges in India. Although many differ on whether the current trends in online businesses indicate a significant turning point in the industry, nevertheless the panel on E-commerce in India: Are we at an inflection point? Proved to be an insightful analysis on the challenges and opportunities in the sector.In one of the most illuminating presentations of the forum, Mahesh Murthy set the backdrop for the panel discussion.

Speaking on the Path to eCommerce Success in India: From Amazon to 15 years of e-commerce he made the following noteworthy points:

1 . It is not about technology – it is about consumer delight. Technology for the sake of technology is meaningless.

2. Lowest price opens the category and commits hara-kiri in the process. Fair price wins not the lowest price.

3. The best shopping sites dispel loneliness. Does yours?

4. Be the category killer

5. Not having just one key vendor can stymie you deeply.

6. Online flight booking is slowing down; hotels and packages taking off. But these are hard to sell online. 90% are sold over phone.

7. The secret technology to travel e-commerce is the phone. Cash on delivery models work.

8. If you need to be here, you need to die. If you need to advertise you have to die. You have to fork out your hard money to Google ads. The customers have to be bought.

9. Portals are dying or are dead. The new sources for business are social networks. Portals grew at only about 4% last year.

10. Everything depends on your reputation. Invest in smart people not call centers.

11.  it’s not the number of fans that you have on Face book that matters – but their engagements.

12 .Only bits will get transacted here at current exorbitant merchant fees. Learning from i-tunes like model is necessary.

13 .Get off the deck if you want to make real money.

14. Don’t ignore the non-resident Indian population which is significant. More than 65% of ecommerce on some large sites comprises of gifting by Norris to resident Indians.

15. Solving the customer problems is itself a big business opportunity.

16 .Setting up just to win the ‘clonazon.com’ battle is risky. If all you aim for is an exit then chances are that you might not find an exit.

17. Eeeeeeecom will win over echo in some categories. Watch out group buying. My sense is that it will probably not do well.

18 Many categories are wide open - auto accessories, spices, apparels, electronics, adult and others. Beware of global competition.

19. Take advantage of low costs. Example: Services like Dabbawalas in India.

20. There is still a long way to go. Get in and enjoy.

One of the most valuable companies in the ecommerce space in India is CC Avenue, a payment gateway provider for ecommerce portals. Speaking of the business growth, CC Avenue COO said, it manages payments for over 85% of sites in ecommerce. It started off in 2001 with a mandate to encourage ecommerce in India and start providing value to customers.

While he agreed that e-commerce was growing in India, it had only touched a few sections. The reason for the numbers not being as large as the businesses wish it to be is the lack of certain key elements in the existing business models. These customer propositions are: Convenience and Value.

Every airline has a presence online. The convenience of buying tickets online is very high. This happens because it provides value. In contrast this may not be true for a category like gifting or buying rachis. It is much more convenient to buy it from a store: touch, feel and buy.

Another challenge that he points out is to find a suitable web development company to build applications. Most of the companies in this space have been bought over by MNCs. And some have just made cyber coolies of independent entrepreneurs. If an idea has value, go for it, he says.

On online payments, CCAvenues finds that credit card has a good penetration but debit cards are doing good too, as it provides a choice of payment. For Indians the idea of credit isn’t a very comfortable one.

The other part is the perception that exists with most customers is that, “it is unsafe to transact with my credit card.” The reality is that it’s much safer. Processes with additional layers of security are available which protect customers from being defrauded. The actual issue is that credit card use is unsafe offline. One needs to be a little careful as a customer. Over the past four or five years, the core banking system has put in place applications to allow merchants to connect to CCavenue. These are safe and the customer puts his data on the bank’s page not on a third party’s site. Alternatively cash cards and payments via mobile phones have come out. As we see it the transactions will grow and for this more merchants need to come online. E-commerce in India is about 8,000-10,000 websites. It needs to grow at least a million in the years ahead. There are 1,500-1,600 government owned sites which are going online which is a significant area of growth.

Manic Arora of IDG Ventures finds that the following fall in the ambit of ecommerce:

--Business to Customer model

--Business to Business model

--Transaction service providing sites.

He chronicles the two distinct phases of VC industry (pertaining to this space) in India. 1999-2000 saw a lot of VCs coming and shutting down as well. The second bout came in 2006 when a lot of them came back. The growth trajectory has picked up since then. For entrepreneurs it’s a great time to build an internet company, he added.

Critical to rising an ecommerce company is capital. Infrastructure forms a major part of the business and building this is very capital intensive. Propositions like within 24 hr delivery etc costs money. These are the aspects that the VCs are thinking about.  

Murugavel Janakiraman of Consim (which operates the Matrimonial site BharatMatrimony) held a contrarian view on the growth of ecommerce sector in India. He does not think that the industry is at an inflection point and neither does he feel that there have been any changes in the business environment over the past few years. He finds that the customers in India essentially belong to three categories:

1. Similar to those in the West: Those who need the service use the service and transact themselves. These are typical Class A users and they use credit cards.

2 Those that need the service use it but transact offline. These do not use credit cards. (For Bart Matrimony, significant revenue comes from this mode.)

3. Those who need the service but use and transact through third party. 

How are these needs served is the question. Among the challenges that he lists on the Indian market include:

The Privacy Factors in E-Commerce:

At the close of the 19th Century, concerns about privacy captivated the general public, and led to the 1890 publication of Samuel Warren and Louis Brandeis: "The Right to Privacy The vitality of this article can be seen today, when examining the USSC decision, 533 U.S. 27 (2001) where it is cited by the majority, those in concurrence, and even those in dissent.

The motivation of both authors to write such an article is heavily debated amongst scholars; however, two developments during this time give some insight to the reasons behind it. First, the sensationalistic press and the concurrent rise and use of "yellow journalism" to promote the sale of newspapers in the time following the Civil War brought privacy to the forefront of the public eye. The other reason that brought privacy to the forefront of public concern was the technological development of "instant photography". This article set the stage for all privacy legislation to follow during the 20 and 21st Centuries.

Reasonable Expectation of Privacy Test and emerging technology

In 1967, the United States Supreme Court decision in Katz v United States, 389 U.S. 347 (1967) established what is known as the Reasonable Expectation of Privacy Test to determine the applicability of the Fourth Amendment in a given situation. It should be noted that the majority did not note the test, but instead it was articulated by the concurring opinion of Justice Harlan. Under this test, 1) a person must exhibit an "actual (subjective) expectation of privacy" and 2) "the expectation [must] be one that society is prepared to recognize as 'reasonable.'" [12]

Privacy Act of 1974 : Inspired by the Watergate scandal, the United States Congress enacted the Privacy Act of 1974 just four months after the resignation of then President Richard Nixon. In passing this Act, Congress found that "the privacy of an individual is directly affected by the collection, maintenance, use, and dissemination of personal information by Federal agencies" and that "the increasing use of computers and sophisticated information technology, while essential to the efficient operations of the Government, has greatly magnified the harm to individual privacy that can occur from any collection, maintenance, use, or dissemination of personal information." [12] For More Information See: Privacy Act of 1974

Foreign Intelligence Surveillance Act of 1978 : Codified at 50 U.S.C. §§ 1801-1811, this act establishes standards and procedures for use of electronic surveillance to collect "foreign intelligence" within the United States. §1804(a)(7)(B). FISA overrides the Electronic Communications Privacy Act during investigations when foreign intelligence is "a significant purpose" of said investigation. 50 U.S.C. § 1804(a)(7)(B) and §1823(a)(7)(B). Another interesting result of FISA is the creation of the Foreign Intelligence Surveillance Court (FISC). This special court of federal district judges reviews all FISA orders. The FISC meets in secret, with all proceedings usually also held from both the public eye and those targets of the desired surveillance.[12] For more information see: Foreign Intelligence Act.

(1986) Electronic Communication Privacy Act : The ECPA represents an effort by the United States Congress to modernize federal wiretap law. The ECPA amended Title III and included two new acts in response to developing computer technology and communication networks. Thus the ECPA in the domestic venue into three parts: 1) Wiretap Act, 2) Stored Communications Act, and 3) The Pen Register Act.

(1994) Driver's Privacy Protection Act : The DPPA was passed in response to states selling motor vehicle records to private industry. These records contained personal information such as name, address, phone number, SSN, medical information, height, weight, gender, eye color, photograph and date of birth. In 1994, Congress passed the Driver's Privacy Protection (DPPA), 18 U.S.C. §§ 2721-2725, to cease this activity For More Information See:

(1999) Gram-Leach-Billy Act : This act authorizes widespread sharing of personal information by financial institutions such as banks, insurers, and investment companies. The GLBA permits sharing of personal information between companies joined together or affiliated as well as those companies unaffiliated. To protect privacy, the act requires a variety of agencies such as the SEC, FTC, etc. to establish "appropriate standards for the financial institutions subject to their jurisdiction" to "insure security and confidentiality of customer records and information" and "protect against unauthorized access" to this information

(2002) Homeland Security Act : Passed by Congress in 2002, the Homeland Security Act consolidated 22 federal agencies into what is commonly known today as the Department of Homeland Security (DHS). The HSA also created a Privacy Office under the Dons. The Secretary of Homeland Security must "appoint a senior official to assume primary responsibility for privacy policy." This privacy official's responsibilities include but are not limited to: ensuring compliance with the Privacy Act of 1974, evaluating "legislative and regulatory proposals involving the collection, use, and disclosure of personal information by the Federal Government", while also preparing an annual report to Congres.

(2004) Intelligence Reform and Terrorism Prevention Act : This Act mandates that intelligence be "provided in its most shareable form" that the heads of intelligence agencies and federal departments "promote a culture of information sharing." The IRTPA also sought to establish protection of privacy and civil liberties by setting up a five-member Privacy and Civil Liberties Oversight Board. This Board offers advice to both the President of the United States and the entire executive branch of the Federal Government concerning its actions to ensure that the branch's information sharing policies are adequately protecting privacy and civil libertiesFor More Information See: Intelligence Reform and Terrorism Prevention Act.

CyberLaw in E-commerce:

In May 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received the assent of the President in August 2000 and came to be known as the Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000.

This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws have a major impact for e-businesses and the new economy in India. So, it is important to understand what are the various perspectives of the IT Act, 2000 and what it offers.

The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. Some highlights of the Act are listed below:

Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber. Chapter-III of the Act details about Electronic Governance and provides inter alias amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such  Advantagesof CyberLawsThe. IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied enforceability,In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature.

Contract Aspect:

Indian Contract Act of 1872 defines a CONTRACT as an agreement enforceable by law under Sec 2 (h). Both the legal and economics school of thought studies the concept of “Efficient Breach” of such a legally enforceable contract lately. It refers to a breach of contract, which is voluntary, and the party, which commits this breach, does so because the performance of the said contract would incur greater economic loss. Thus such party pays damages to the party who is willing to perform their part of the contract.

Black's Law Dictionary has defined Efficient Breach theory as "the view that a party should be allowed to breach a contract and pay damages, if doing so would be more economically efficient than performing under the contract". While the Economic theory describes it as, when the benefits of breaching an agreement exceeds the cost of complying with an agreement, then the system governing the agreement should allow a party to breach that agreement. Whereas, sometimes the cost of breaching will exceed the benefit of the same; in this scenario there should be an incentive for the party to keep its part of the agreement.

This theory for the first time appeared in an article "Breach of Contract, Damage Measures and Economic Efficiency" by Robert Birmingham. It basically said that there should be encouragement of repudiation of legal obligations if the party is benefiting from this and is able to put the other party in as good a position as it would be, had the breaching party fulfilled its part. Thus it will not be wrong to predict that if one party can make an extra buck by breaching a contract, rationally speaking he will do so." Breach of contract can be called efficient if it leaves no one worse off and at least one party better off"2. Now we know that in case a party breaches a contract in India,

He has to pay compensation for any loss or damage caused by him thereby, which naturally arose in the usual course of the things from such breach, or which the parties knew, when they made the contract, to be likely to result from the breach of it3.

If a sum is named in the contract as the amount to be paid in case of breach, or any other stipulation by way of penalty, the aggrieved party becomes entitled whether or not actual damage or loss is proved to have been caused.

In both the cases the damages are almost always ascertained especially in the second case where the contract itself holds the figure. Thus the breaching party is anyways aware of the costs of breach, which may act as an incentive to keep the part of its promise or in other circumstances where the opportunity cost exceeds the benefits, easily get out of the agreement by satisfying the other party. This creates a win-win situation for both sides, if the sanctity of promise is kept aside. Not to forget that stipulating the quantum of damage is a very complexes task in itself with various restraints and hence it is more appropriate to leave it to the parties to decide how to allocate the advantages and penalties of the bargain. There can be various reasons for opting for such a form of contract, which deals with the possibility of breach by one party as in cases:

a) Uncertainty over production costs b) Uncertainty over the value of performance to the buyer c) Uncertainty of offers made by alternative buyers

 An ideal example will be a situation where a second buyer approaches the seller to the original contract offering a higher price. And if this second buyer is ready to pay an amount, which can compensate the first buyer completely and still allow the seller to make a profit more than in the original contract, efficient breach should be good for all the parties involved. At the core of this theory is the common law principle of the so-called expectation damages which actually gives an incentive to both parties to perform a contract when it is efficient in economic terms, but not otherwise. So it falls upon the parties to honor the contracts, which are valuable and discard those, which are merely wasteful. This also saves the lengthy and expensive post breach remedies. Also there is another aspect to the whole thing, its called negative damages. Whereas only the party who breaches is considered in the wrong even if his breach may have led to no real damage but some actual benefit to the other party. There was a case called Bush v. Canfield5 where the defendant had breached the contract and was pleading for reduction in restitution damages. The plaintiff had contracted the defendant to supply barrels of flour at the rate of 7 $ each and the defendant did not complete his part. The rate of flour barrel had come down to around 5$ by this time. So the seller pleaded on the ground that his failure enabled the buyer to obtain the flour at a much cheaper rate. Court did not hold such ground valid. Hence the doctrine seems to be pretty straight that the party who breaches will have to pay damages. Hume has described the material benefits of contracts but added, "a sentiment of morals concurs with interest, and becomes a new obligation upon mankind". Charles Fried has also said about the matter "there is a convention that defines the practice of promising and its entailments. This convention provides a way that a person may create expectations in others. By virtue of the basic Kantian principles of trust and respect, it is wrong to invoke that convention in order to make a promise and then to break it." Under common law, the duty to keep a contract means that if one does not, he will have to pay damages and nothing further. This implying that no moral or ethical dilemma is involved in such a breach. The initial promise itself can be read as one involving not one but two promises;

1] Promise to perform his part of the contract or

2] In case of default, the promise to pay damages

This means that breach is not the breaking of one promise but rather just selecting to fulfill the second option instead of exercising the first one. In words of Justice Scalier, “Virtually every contract operates, not as a guarantee of particular future conduct, but as an assumption of liability in the event of non performance"6. In economics parties to a contract are both entitled to maximize their welfare? So the concept of negative damages becomes an obvious question. But the truth of the matter is such relief is sparse and is hardly ever given scope

He has given an illustration to explain the majority ruling, in” Economic Analysis of Law" stating "Suppose I sign a contract to deliver 100,000 custom-ground widgets at $.10 apiece to A, for use in his boiler factory. After I have delivered 10,000, B comes to me, explains that he desperately needs 25,000 custom-ground widgets at once since otherwise he will be forced to close his Panola factory at great cost, and offers me $.15 apiece for 25,000 widgets. I sell him the widgets and as a result do not complete timely delivery to A, who sustains $1000 in damages from my breach. Having obtained an additional profit of $1250 on the sale to B, I am better off even after reimbursing A for his loss. Society is also better off. Since B was willing to pay me $.15 per widget, it must mean that each widget was worth at least $.15 to him. But it was worth only $.14 to A -- $.10, what he paid, plus $.04 ($1000 divided by 25,000), his expected profit. Thus the breach result in transfer of the 26,000 widgets from a lower valued to a higher valued use." Apart from all the advantages suggested and explained by various proponents of this theory, it has never been able to free itself of the criticism that overshadows it. Economists have been the strongest supporters of the theory and have begged and pleaded the legal and social critics to treat contracts as a pure economic transaction. But honestly it cannot do away with the taboos that surround its very core principle. A contract is based on a promise which has its own moral dimension perpetually attached to its meaning. A promise means a party gives its word to follow what has been decided and to honor its part of the promise. To break it for another more favorable economic situation seems blatantly wrong in spirit. There is a duty and an obligation more above the economics of the transaction. In an efficient breach the other party may be financially compensated to an extent but can cause other economic losses like loss of goodwill, and worse it can hinder the creation of well deserved reputation in future to the victimized party. Not forgetting that he breaching party itself loses on the trust in its business community if it jumps every opportunity to make an extra buck. The theory of economics representing a rational man, as a wealth maxi miser is too narrow minded a concept for it to become accepted as a legal theory. Law has to deal with too many complexes dimensions of society and cannot constrict itself to the monetary angle alone.

Efficient Breach advocates that there should be no penalty damages but only expectation damages for efficiency sake. They would like to facilitate efficient termination of binding contracts. But the truth is that penalty and expectation are subjective words. In considering expectations, one cannot ignore the mental, social and moral aspects of it. Man has his own needs specific to him and it's too complex to get into it. That is why a reasonable law has to allow one party to defend itself from breach by the other party by creating a heavy deterrent in form of penalty clauses. A large figure on the contract, will allow both parties to weigh its decision whether to get into such an agreement in the first place or not. And once they do, only in an extreme situation will they pay such a penalty to breach the contract. 

There is no doubt to the fact that economic consideration is extremely important but it cannot be forgotten that there are other equally important values that cannot be done away with under any circumstance. The sanctity of promise and moral standards required under any agreement weighs very heavily and ought not to be compromised for these are not just the basis of society but also a foundation for economics. And law, a tool of social justice cannot become a mock spectator who facilitates opportunism.

UNIT –II

SECURITY ASPECT:

INTRODUCTION:

The postwar world began in 1919, with the signing of the Versailles peace treaty. Nobody could tell then how stable the new structure of peace would be, or even what the structure meant in different regions of the world. With the U.S. Senate refusing to ratify the treaty, some were already writing off the just begun postwar period as but a brief interlude in otherwise conflict-ridden international affairs and many were pessimistic about the future of the League of Nations as well as other arrangements the powers had worked out in Paris.

The world during 1919–20 did, indeed, seem very precarious, little different from the situation on the eve of the Great War. Not only did the United States not participate in the League, thus apparently reverting to prewar isolationism, but the peace treaty was proving extremely unpopular in many countries: Germany, Italy, China, and others. In these countries movements were already developing to denounce the peace treaty and what it signified. The Germans condemned the punitive aspects of the peace, the Italians thought they should have gotten more out of it, and the Chinese were dissatisfied because the treaty had not forced the Japanese to withdraw from Shantung.

The situation was still unstable in the Soviet Union, and Poland seized the opportunity to invade the revolutionary nation. In Hungary, in the meantime, a radical government established itself, giving rise to fears elsewhere that Bolshevism was spreading. The creation, in 1919, of the Communist International, to coordinate Communist activities throughout the world, conjured up the spectacle of a global movement to challenge the peace.

TECHNICAL ASPECT OF ENCRYPTION:

The application of cryptographic techniques to achieve privacy and authenticity of communication has a long history, including experiences both good and bad.This long collection of experiences has produced a gradual sophistication in the understanding of the design considerations involved. Recently, with the addition of the techniques of public key encryption and key distribution protocols it appears that the basic ideas of cryptography can be extended to multipoint data communication networks. Less experience with these ideas has been obtained, so the relevant design considerations are not yet so clear. Nevertheless, the multipoint communications application is similar enough to the point-to-point experience that one expects most of that experience to carry over. On the other hand, new applications of cryptography are being explored, including encryption of stored files [6,7,8]. Unfortunately, blind transfer of a successful technique to a domain for which it was not originally designed can yield surprises. There are several hazards in file encryption that are not present in the same form or with the same priority in communication systems; these hazards must be recognized by proposes or implementers of file encryption systems. This paper points out several of those hazards, and offers some suggestions for avoiding or coping with them.

Before looking at the hazards, let us review what benefit one might hope to achieve by applying encryption to stored files. The chief benefit seems to arise from an extremely powerful system modularizing effect: if one encrypts the data, its privacy is secured without question of how the physical storage is later managed. All aspects of storage management are then relieved of the need to consider privacy in their actions. Management of detachable storage media may be especially simplified. Thus, for example, no-longer-needed backup tapes containing file copies can be recycled without special steps to erase them. A misbehaving disk drive can be turned over to a customer engineer for repair without worrying about whether its contents are sensitive. A disk pack can be sent to an outside service for cleaning. Inside the operating system, the size of the trusted "kernel," that is the collection of supervisor procedures that are in a position to compromise privacy, can be smaller, since the storage management programs do not need to be included. In the extreme, if encrypting and decrypting of files are done outside, rather than inside the computer system, one can make a reasonable argument that privacy can be had in a multi-user computer system that provides no privacy-achieving mechanisms of its own. Of course this last approach also prevents the shared computer system from doing any processing of the data. However, there are sensible applications for such non-processing data storage systems, such as shared storage repositories in a network of personal desktop computers. Data may be enciphered by the desktop computer in a private environment, before being sent to the shared storage repository where it is expected that storage costs are lower, and long-term reliability is higher. Exactly such strategies for privacy have been recently proposed for distributed storage systems

With this appreciation of the possible benefit, what then are the new and unusual hazards of file encryption that might require a different set of design considerations as compared with an encrypted communication system? They can be broadly categorized according to three ways that a stored file system differs from a communication system.

1. The storage of a file system is intended to be persistent, while the presence of information in a communication system is evanescent.

2. At the time decryption occurs in a file system, the original, unencrypted source text may not be available anywhere for comparison. In a communication system the originator usually holds the original message text until after the recipient has acknowledged that decryption was successful.

3. In a file one often wants random access to interior parts of the file (e.g., records). In a communication system, data departs and arrives in a stream, allowing sequential encryption and decryption.

These three differences between file storage and communication can strongly affect the details of design of the cryptographic system. Each of the three differences is the source of several hazards, as discussed in the following three sections.

Persistence:

File storage is normally used for data that will be left in place for some length of time. This persistence produces three effects that are somewhat different from the corresponding situation in a communication system where data is encrypted, transmitted, and immediately decrypted.

The first effect we might name the "sitting duck" effect, thinking of the relative ease of shooting a duck sitting in a pond compared with one flying overhead. To attack a specific conversation in a communication system, one must first intercept the conversation, which requires being in the right place at the right time. The individual messages are evanescent, so an attacker must capture a copy as it flies by, accurately, perhaps without being certain of what he has captured. In contrast, an encrypted file may sit for days, weeks, or months in one place, allowing the attacker to choose his time and weapons, and try again if the first attempt produced a copy of the wrong file or had errors in it. Although evanescence of messages is not usually explicitly acknowledged as increasing the work factor in communication systems (it has been mentioned in connection with packet switching networks with dynamic routing[9]) it nevertheless is part of the accumulated experience with successful communication systems and protocols, and it is difficult to judge how much extra strength is needed elsewhere (for example in the cryptographic transformation itself) to compensate for persistence in the file storage system. Conservatively, though, one would expect that a stronger cryptographic transformation ought to be specified for file storage.

A second effect, similarly difficult to evaluate, relates to the time value of the information being protected, A standard criterion for cryptographic systems used for communications is the length of time that the transmitted information needs to be protected as compared with the minimum time a well-equipped attacker needs to crypt analyze it. For example, a message that needs to be private for only a day or so could be adequately protected by a cryptographic system that can be systematically penetrated with a week of effort. If one looks at the distribution of time values of a set of messages on the one hand and a set of files on the other hand, one might expect to find some important differences. Messages probably have predominantly short time values, measured in days or weeks, while files may need to be kept private for relatively long times, perhaps months or years. These time values of messages should be assumed to have been factored in to the experience of communication cryptographic system designers. Thus, again, it may be necessary to insist that cryptographic transformations for use in file storage have higher work factors than transformations intended for use in communications.

Neither of these effects, the "sitting duck" and the time value, are absolute, but rather are subtle differences of emphasis between file storage and communication, and their biggest impact must come in understanding the meaning of a "certification" of a cryptographic system as adequate for a particular application. Since the average application user is unlikely to have the diligence or mathematical expertise to analyze a cryptographic system himself, he must rely on the experience of others, in the form of a certification. The point here is that that experience is extensive in the area of communications, where evanescence and short time values are part of the environment, and almost non-existent in storage, with persistence and long time values. So certification based on communication experience may be less significant than it appears on the surface.

The third and last effect of persistent storage is that one normally assumes in the design of a cryptographic system that cryptographic keys will eventually be compromised, through human blunders and miscalculation. In a communications system, one plans to change keys whenever a compromise is suspected, as well as periodically with a frequency determined by experience. Put another way, key management, which involves human operations, must be sufficiently disciplined to match the time value of the information. For the case of tong term file storage, it is difficult to imagine how to assure long-term lack of compromise of keys. Unfortunately, the alternatives are not very enticing either. If a key is accidentally compromised, (or compromise is suspected) re-encipherment of affected files seems to be required, presumably a costly operation. In addition, re-encipherment of a file gives a cryptanalyst two enciphered versions of the same plain text, which may lower the work factor. This area has apparently not yet been carefully explored, and some opportunities may exist for ingenuity.

Time of decryption:

In a file storage system, the time scenarios are very different from those of a communications system, and these scenario differences lead to profound differences in the effects of various kinds of failures. A communication system is usually designed under the assumption that decryption happens shortly after encryption. That is, the recipient normally decrypts the message, establishes that the transmission went well, and acknowledges it, all while the originator maintains his copy of the message. Only after acknowledgement of successful transmission does the originator consider destroying his copy of the message. (Even then the unencrypted plain text may be logged.) If trouble is detected, the original text is available for retransmission, and recovery from errors is designed with this option in mind.

In the file storage system, a whole different scenario is usually envisioned. The data is encrypted and stored, and then the original is destroyed. During the term of storage, the unenciphered data does not exist. Later, perhaps much later, decryption must be accomplished without the possibility of going back to the original for help. If errors never happen, this difference in scenario would be of little concern. Unfortunately, errors do happen. Some possible errors include:

· the enciphering engine may have a hardware error,

· the storage system may drop some bits during storage,

· the key may not have been correctly recorded,

· the human user may have made some mistake, such as encrypting the file twice or using the wrong key.

If the corresponding error occurs in a communication system, recovery can be quick and easy, because the original data is available for retransmission as soon as the problem is discovered and repaired. In the file system no such appeal to the original data is available. In recovery terms, "backward" error recovery, in which one goes back to an earlier state and tries again, is not feasible, so one must invent a whole new collection of "forward" error recovery techniques, in which the original encryption of data and key management are done so carefully that there is little chance of a problem occurring at decryption time.

Such forward error recovery techniques can certainly be invented. For example, one might encrypt using two parallel encryption devices, comparing their output. After writing the data on the disk one might read it back and decrypt it to verify its correctness, before destroying the original. In doing so, one should be certain to obtain the decryption key from the exact physical place it will be obtained in the future, rather than from some cache that might not properly be written into backup storage. Keys might be stored redundantly (with some concern as to whether or not this redundant storage represents excessive exposure.) The human factors of the system must in any case be designed to tolerate all imaginable (and unimaginable) blunders and missteps on the part of the user. All these things are possible, perhaps even straightforward. But they represent differences with the communication system design, and experience must be gained to learn how to provide forward error recovery that is effective at the same time that it is inexpensive and unobtrusive.

Random access

The third major way in which a communication system and a file storage system differ is that data in a communication system is almost always received in a sequential stream, so the encryption system is designed assuming that property. In contrast, in a file system there is often a requirement for rapid access to randomly chosen records in the middle of the file. This random access requirement leads to a need to redesign the basic encryption protocol. (This consideration therefore takes us temporarily into some of the more technical aspects of encryption.)

The reason for incompatibility between sequential encryption and random access becomes apparent in considering what happens if one applies sequential encryption to a file. In sequential encryption of a stream of data, the transformation applied to the next part of the stream depends not only on the key in use, but also on the preceding data in the stream. (This interdependence of one part of the stream with the next increases privacy substantially in the common case that data values repeat; if done carefully, interdependence can destroy any opportunity for attack by frequency analysis.) But the corresponding decryption must also be done sequentially, starting with the first bit of the stream. If one encrypted a file as though it were a stream of data, access to a record in the middle would require reading and decrypting the file from the beginning; a change to the file would require re-encrypting and rewriting the file from the point of change all the way to the end.

One could instead use a block-encryption scheme for files, for example applying the U.S. Data Encryption Standard (which transforms a 64-bit block into another 64-bit block) to each block of the file independently. With this approach, one could read any random block of the file and decrypt it directly, and change, encrypt, and rewrite random blocks. But this approach makes frequency analysis a possibly productive activity for an attacker, and comparison of a block-encrypted file before and after update almost perfectly exhibits the pattern of changes made by the update. An intermediate approach might be to divide the file into regions that are each to be enciphered sequentially but independently of one another. The region would be large enough not to be repetitive but small enough that it is not too painful to read an entire region to obtain access to an item stored therein The trouble with this approach is that the choice of the best region size tradeoff between privacy and accessibility probably depends on the application, yet the application designer may not be technically equipped to judge the privacy impact.

More sophisticated techniques might be proposed to salvage the random access capability that comes with enciphering small blocks. For example, one might perform an "exclusive or" of the data in a block with its own address before enciphering it. Later, after decipherment, the "exclusive or" can be easily undone to recover the data, and enciphered repeated data stored in different locations will not look repetitive. But one should analyze that kind of technique in light of the particular encipherment algorithm to be used (and with some suspicion) because some other common data pattern may suddenly look repetitive, or the sequential nature of the addresses may still be apparent even after encryption, and in any case an attacker can still easily discover the pattern of changes made in updating a file. Random access is still a subject for research

This set of considerations leads one into reconsideration of the basic encryption strategy itself, unfortunately opening up a world of esoteric mathematics and related cryptology. That reconsideration may turn out to be productive, but one must realize in doing it he has departed from the well-tested, high-confidence world of communication cryptography, and regaining of confidence will require new, long experience. So, once again we have identified an area in which the file storage application and the communication application differ enough that one cannot automatically assume that the communication cryptography techniques can be directly applied.

We should also note, however, that there are storage applications, such as the remote, low-cost storage of files in a distributed system with a high-speed communications network, where reading and rewriting the entire file may be quite an acceptable operation; when random access is not a requirement this third hazard seems to vanish from the scene.

Digital signature:

A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that a known sender created the message, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.

Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures. In some countries, including the United States, India, and members of the European Union, electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear whether they are digital cryptographic signatures in the sense used here, leaving the legal definition, and so their importance, somewhat confused.

Digital signatures employ a type of asymmetric cryptography. For messages sent through a no secure channel, a properly implemented digital signature gives the receiver reason to believe the claimed sender sent the message. Digital signatures are equivalent to traditional handwritten signatures in many respects; properly implemented digital signatures are more difficult to forge than the handwritten type. Digital signature schemes in the sense used here are cryptographically based, and must be implemented properly to be effective. Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid nonetheless.

Digitally signed messages may be anything represent able as a bit string: examples include electronic mail, contracts, or a message sent via some other cryptographic protocol.

A digital signature scheme typically consists of three algorithms: A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key.

A signing algorithm that, given a message and a private key, produces a signature. Two main properties are required. First, a signature generated from a fixed message and fixed private key should verify the authenticity of that message by using the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for a party who does not possess the private key.

Data Security:

Enterprise businesses and government agencies around the world face the certainty of losing sensitive data from a lost laptop, removable media or other plug-and-play storage device. This drives the need for a complete data protection solution that secures data on all common platforms, deploys easily, scales to any size organization and meets strict compliance requirements related to privacy laws and regulations.

Check Point Endpoint Security solutions provide data protection for laptops, PCs, removable media and mobile devices. Our independently certified data security products ensure that our enterprise, government and law enforcement customers remain in compliance with regulatory standards. By leveraging a strong and efficient blend of full disk encryption, access control, removable media encryption and port management, Check Point Endpoint Security solutions deliver comprehensive data security.

INTELLECTUAL PROPERTY ASPECTS:1) OBJECTIVE:To ensure effective and appropriate protection for trade-related intellectual property rights, taking into account differences in national legal systems. To draw up a multilateral Council Decision of 22 December 1994 concerning the conclusion on behalf of the European Community, as regards matters within its competence, of the agreements reached in the Uruguay Round multilateral negotiations (1986-1994) [Official Journal L 336 of 23.12.1994].2) SUMMARY:General provisions and basic principles

The principles are those of national treatment and most-favored-nation treatment. Thus, members of the WTO must accord the nationals of other members treatment no less favorable than that they accord to their own nationals. Moreover, any advantage granted by a member to nationals of another member must be accorded immediately and unconditionally to the nationals of all other members even if this treatment is more favorable than that accorded to its own nationals.

Standards concerning the availability, scope and use of intellectual property rights

The Agreement aims to ensure that adequate rules on the protection of intellectual property are applied in all member countries, on the basis of the basic obligations laid down by the WIPO (World Intellectual Property Organization) in the various conventions on intellectual property rights (the Paris Convention for the Protection of Industrial Property, the Berne Convention for the Protection of Literary and Artistic Works, the Rome Convention for the Protection of Performers, Producers of Phonograms and Broadcasting Organizations, and the Washington Treaty in Respect of Integrated Circuits). Numerous new rules or stricter rules are introduced in fields not covered by the existing conventions or where the existing conventions are inadequate.

With regard to copyright, the members of the WTO must comply with the basic provisions of the Berne Convention for the Protection of Literary and Artistic Works. Computer programs will from now on be protected as literary works. As regards rental rights, authors of computer programmers and producers of sound recordings may authorize or prohibit the commercial rental of their works to the public. A similar exclusive right applies to cinematographic works.

With regard to trademarks, the Agreement specifies the types of signs that may benefit from protection as trademarks as well as the minimum rights conferred on their owner. It also lays down the requirements relating to the use of trademarks, the duration of protection, licensing and the assignment of trademarks.

As far as geographical indications are concerned, members of the WTO must provide the means to prevent the use of any indications, which mislead the public as to the origin of a product, and any use, which would constitute an act of unfair competition. The Agreement also made provision for additional protection for geographical indications for wines and spirits, even where there is no risk of consumers being misled.

Industrial designs are protected under the Agreement for ten years. Their owners have the right to prevent third parties from making, selling or importing articles embodying a design, which is a copy of the protected design.

With regard to patents, members of the WTO have the general obligation to comply with the basic provisions of the 1967 Paris Convention. In addition, the TRIPS Agreement stipulates that it must be possible for all inventions to be protected by a patent for 20 years. Certain inventions may be excluded from patentability if their exploitation is prohibited for reasons of public order or morality. Other authorized exclusions relate to diagnostic, therapeutic and surgical methods for the treatment of humans or animals, as well as plants and animals (other than micro-organisms) and essentially biological processes for the production of plants or animals (other than non-biological and microbiological processes). However, members must provide for the protection of plant varieties either by patents or by a suit generic system.

As regards layout-designs of integrated circuits, WTO members must provide for their protection in accordance with the provisions of the Washington Treaty on Intellectual Property in Respect of Integrated Circuits. The TRIPS Agreement also sets out a number of other provisions, relating in particular to the term of protection.

According to the Agreement, trade secrets and technical knowledge that have commercial value must be protected against breaches of confidence and any act contrary to honest commercial practices. Furthermore, anti-competitive practices in contractual licenses may be subject to measures on the part of members to prevent and/or control such practices.

Enforcement of intellectual property rights

The laws of the member countries of the WTO must include procedures to ensure that intellectual property rights are respected both by foreign right holders and by their own nationals. These procedures must permit effective action against any act of infringement of these rights. They must be fair and equitable, they must not be unnecessarily complicated or costly, and they must not entail unreasonable time limits. A judicial authority may review final administrative decisions.

The Agreement provides details concerning evidence, injunctions, damages, provisional measures and other remedies.

Transition period

With regard to the application of the Agreement, developed countries have a period of one year to bring their legislation and practices into line with the Agreement. This period is extended to five years for developing countries and countries in the process of transformation from a centrally-planned economy to a market economy, and to eleven years for the least-developed countries.

Institutional framework

The Agreement created a Council for Trade-Related Aspects of Intellectual Property Rights. It is responsible for monitoring the operation of the Agreement, ensuring that members comply with their obligations and affording opportunities for consultations

World Intellectual Property Organization (WIPO):

The World Intellectual Property Organization (WIPO) is one of the 16 specialized agencies of the. WIPO was created in 1967 "to encourage creative activity, to promote the protection of intellectual property throughout the world.

WIPO currently has 184 member states administers 24 international and is headquartered in. The current Director-General of WIPO is who took office on October 1, 2008 183 as well as the are Members of WIPO.

The predecessor to WIPO was the BIRPI, French acronym for United International Bureaux for the Protection of Intellectual Property), which had been established in 1893 to administer the Berne Convention for the Protection of Literary and Artistic Works and the Paris Convention for the Protection of Industrial Property which entered into force on April 26, 1970. Under Article 3 of this Convention, WIPO seeks to "promote the protection of intellectual property throughout the world." WIPO became a specialized agency of the UN in 1974. The Agreement between the United Nations and the World Intellectual Property Organization notes in Article 2 that WIPO is responsible promoting creative intellectual activity and for facilitating the transfer of technology related to industrial property to the developing countries in order to accelerate economic, social and cultural development, subject to the competence and responsibilities of the United Nations and its organs, particularly the United Nations Conference on Trade and Development, the United Nations Development Programmed and the United Nations Industrial Development Organization, as well as of the United Nations Educational, Scientific and Cultural Organization and of other agencies within the United Nations system."

The Agreement marked a transition for WIPO from the mandate it inherited in 1967 from BIRPI, to promote the protection of intellectual property, to one that involved the more complex task of promoting technology transfer and economic development

Unlike other branches of the United Nations, WIPO has significant financial resources independent of the contributions from its Member States. In 2006, over 90% of its income of just over 250 million] was expected to be generated from the collection of fees by the International Bureau under the intellectual property application and registration systems which it administers).

Copyright:

Copyright is a right given by the law to creators of literary, dramatic, musical and artistic works and producers of cinematograph films and sound recordings. In fact, it is a bundle of rights including, inter alias, rights of reproduction, communication to the public, adaptation and translation of the work. There could be slight variations in the composition of the rights depending on the work.

"Indian work" means a literary, dramatic or musical work,

· The author of which is a citizen of India; or

· Which is first published in India; or

· The author of which, in the case of an unpublished work is, at the time of the making of the work, a citizen of India.

Descriptions of work

· Artistic work - An artistic work means

· A painting, a sculpture, a drawing (including a diagram, map, chart or plan), an engraving or a photograph, whether or not any such work possesses artistic quality;

· A work of architecture; and

· Any other work of artistic craftsmanship.

· Musical work

· "Musical work" means a work consisting of music and includes any graphical notation of such work but does not include any words or any action intended to be sung, spoken or performed with the music. A musical work need not be written down to enjoy copyright protection.

· Sound recording

· "Sound recording" means a recording of sounds from which sounds may be produced regardless of the medium on which such recording is made or the method by which the sounds are produced. A phonogram and a CD-ROM are sound recordings.

· Government work - "Government work" means a work which is made or published by or under the direction or control of the government or any department of the government Any legislature in India, and Any court, tribunal or other judicial authority in India.

GLOBAL INFORMATION INFRASTRUCTURE(GII)

IEEE GIIS 2009 follows the success of The scope of GIIS consists of interrelated set of technical, policy, and social issues implicit in the development of national and international (global) information infrastructures. GIIS aims at identifying and promoting the exchange of knowledge on these interrelated issues and provides liaison to bodies in the global society, technical for and international standards. IEEE GIIS 2009 will stimulate interdisciplinary conference sessions and workshops to discuss, built and further the use of national and internationalinformationinfrastructures. The conference also aims at providing a forum for the participants to broaden professional contacts and for technical discussions and interactions on specific information infrastructure topics. Information infrastructure brings together information processing applications, communications networks and services, physical and software elements in networks, and end systems. The program of IEEE GIIS 2009 will include invited talks, paper presentations, workshops, tutorials, panel technical issues addressed by the conference include Interoperability at various levels, standard services and user interfaces, world wide naming and addressing, and the international mobility of persons and services. The policy issues addressed by the conference are those with a large technical element, including protection of intellectual property, privacy and security, international use of encryption technology, commercial protocols, and standards vs. proprietary technologies. The conference is specifically interested in ubiquity, open source/equal access, ease of use, cost effectiveness, standards.

Electronic Copyright Management System (ECMS)

CNRI and the Library of Congress are developing the tasted for registration of copyright material in a computer network environment. This will permit electronic submission of copyright registration and notification of registration in an interactive network.

Currently, an applicant uses postal mail to submit a copyright registration application; along with deposit copy (is) of the copyrighted works and the application fee to the Copyright Office. Once an application has been received, the Copyright Office IN-process System (COINS) is used to electronically track the process of the application as it progresses from one unit to another. The majority of the processing of the copyright registration application is still done manually. This entire process may take several months to complete.

The information technology components (personal computers, computer networks and peripheral equipment) have become sufficiently powerful and cost effective to allow users to create and manage copyrightable objects electronically. The Electronic Copyright Management System (ECMS) will allow users to electronically submit a copyright registration application and its associated object with the Copyright Office. The system consists of the major subsystems.

INDIAN COPYRIGHT ACT ON SOFT PROPRIETY WORKS:

"Computer Programmed" has been included in "Literary Works". The definition reads as follows:

· "Literary Work" includes computer programmers, tables and compilations including computer databases.

· "Computer Programmed" means a set of instructions expressed in words, codes, and schemes or in any other form, including a machine-readable medium, capable of causing a computer to perform a particular task or achieve a particular result.

· "Author" means in relation to any literary, dramatic, musical or artistic work, which is computer, generated the person who causes the work to be created.

· "Computer includes any electronic or similar device having information processing capabilities".

Indian Patents Act on Soft Propriety Works:

Patent Law of a jurisdiction (the geographical extent/territory of a State to which the legal system/Jurisprudence applies) is the law governing the grant of exclusive rights to make, use, sell, offer to sell or import a new and useful invention (any new product or process that involves a technical advance over the existing technology/state-of-the-art and is capable of industrial application/commercial exploitation), i.e., the rights allow the grantee to exclude all others from doing the aforementioned acts. These rights are granted by a State to the inventor or any person authorized by the inventor to own the invention. The Patent law also provides that the grantee shall practice the invention within the territory of the State and make it available to the public at a reasonable cost. This situation provides a kind of a monopoly to the grantee to practice the invention and to exclude all others to practice the same without authorization. These rights are territorial (since they are granted by a State subject to national laws, and therefore, may vary from one country to another) and temporary, i.e., they are granted for a limited period of 20 years (which may extend to 21 years under certain cases). These rights granted by the State do not provide a monopoly in the true sense as they are subject to certain provisions of the State Government and therefore have limitations. We will talk more about these limitations in our subsequent posts.

The Indian Patent Law is administered by the Indian Intellectual Property Office (IPO), officially called as the Office of the Controller General of Patents, Designs and Trademarks (CGPDTM), which is a body of the Ministry of Commerce and Industry under the Department of Industrial Policy and Promotion. The patent law consists of the Indian Patents Act and the Indian Patents Rules and is supplemented by the Manual of Patent Practice and Procedures published by the IPO. A copy of each of these is available at http://ipindia.nic.in/ipr/patent/patents.htm

Patents Act: The Indian Patents Act refers to the Patents Act, 1970 (39 of 1970) which is also known as the Principal Act (as it is the first of the modern Patents Acts in India). It is an act to amend and consolidate the law relating to patents. It was notified on the 19th day of September, 1970 (as the 39th Act passed by the Parliament in that year) in the Gazette of India by the Ministry of Law and Justice, and was enacted by the Parliament in the 21st year of the Republic of India i.e. the 20th day of April 1972. Since then, it has been amended thrice by the Patents (Amendment) Acts 1999, 2002 and 2005, respectively. The Patents Act (as amended) consists of 23 Chapters, 163 Sections, and one Schedule on amendments Patents Rules: The Indian Patents Rules refer to the Patents Rules 2003, which have been made by the Central government in accordance with the provisions of section 159 of the Principal Act for implementing the act and regulating patent administration in India. The Patents Rules were originally made in 1972 (and enforced on the 20th day of April, 1972), which underwent several amendments until 2003. In 2003 fresh rules were made that repealed the earlier ones. The Patents Rules 2003 were notified in the official gazette on the 5th day of May 2003 and enforced on the 20th day of May 2003. Since then, these have been amended twice by the Patents (Amendment) Rules 2005 and 2006, respectively. The latest amendment was enforced on 5th day of May 2006. The Patents Rules, 2003 (as Schedules Manual of Patent Practice and Procedures: This Manual was drafted in order to provide detailed information to the public and users of Patent System on the practices and procedures followed by the Patent Office for processing of patent applications. It incorporates the provisions of the Patents Act, 1970 (as amended) and the Patents Rules, 2003 (as amended).

I have some doubts about your use of word Repeal as in the quoted statement "This is one of the earlier patent laws in India and has been repealed by the Patents Act, 1970". The point is the word Repeal when used as a verb it means 'to make (a law etc) no longer valid' or cancel officially and as noun means the act of repealing a law etc.

UNIT III

EVIDENCE ASPCET:

Digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial. Before accepting digital evidence a court will determine if the evidence is relevant, whether it is authentic, if it is hearsay and whether a copy is acceptable or the original is required

The use of digital evidence has increased in the past few decades as courts have allowed the use of e-mails, digital photographs, ATM transaction logs, word processing documents, instant message histories, files saved from accounting programs, spreadsheets, internet browser histories, databases, the contents of computer memory, computer backups, computer printouts, Global Positioning System tracks, logs from a hotel’s electronic door locks, and digital video or audio files

Many courts in the United States have applied the Federal Rules of Evidence to digital evidence in a similar way to traditional documents, although some have noted important [differences. For example, that digital evidence tends to be more voluminous, more difficult to destroy, easily modified, easily duplicated, potentially more expressive, and more readily available. As such, some courts have sometimes treated digital evidence differently for purposes of authentication, hearsay, the best evidence rule, and privilege. In December 2006, strict new rules were enacted within the Federal Rules of Civil Procedure requiring the preservation and disclosure of electronically stored evidence. Digital evidence is often attacked for its authenticity due to the ease with which it can be modified, although courts are beginning to reject this argument without proof of tampering.

Authentication

As with any evidence, the proponent of digital evidence must lay the proper foundation. Courts largely concerned themselves with the reliability of such digital evidence. As such, early court decisions required that authentication called "for a more comprehensive foundations courts became more familiar with digital documents, they backed away from the higher standard and have since held that "computer data compilations… should be treated as any other record." A common attack on digital evidence is that digital media can be easily altered. However, in 2002 a US court ruled that "the fact that it is possible to alter data contained in a computer is plainly insufficient to establish untrustworthiness

Nevertheless, the "more comprehensive" foundation required by Scholl remains good practice. The American Law Reports lists a number ways to establish the comprehensive foundation

EVIDENCE AS PART OF THE LAW OF PROCEDURES:

Legal scholars of the Anglo-American tradition, but not only that tradition, have long regarded evidence as being of central importance to the law.

In every jurisdiction based on the English common law tradition, evidence must conform to a number of rules and restrictions to be admissible. Evidence must be relevant – that is, it must be directed at proving or disproving a legal element.

However, the relevance of evidence is ordinarily a necessary condition but not a sufficient condition for the admissibility of evidence. For example, relevant evidence may be excluded if it is unfairly prejudicial, confusing, or cumulative. Furthermore, a variety of social policies operate to exclude relevant evidence. Thus, there are limitations on the use of evidence of liability insurance, subsequent remedial measures, settlement offers, and plea negotiations, mainly because it is thought that the use of such evidence discourages parties from carrying insurance, fixing hazardous conditions, offering to settle, and pleading guilty to crimes, respectively.

The question of how the relevance or irrelevance of evidence is to be determined has been the subject of a vast amount of discussion in the last 100 to 200 years. There is now a consensus among legal scholars and judges in the U.S. that the relevance or irrelevance of evidence cannot be determined by syllogistic reasoning – if/then logic – alone. There is also general agreement that assessment of relevance or irrelevance involves or requires judgments about probabilities or uncertainties. Beyond that, there is little agreement. Many legal scholars and judges agree that ordinary reasoning, or common sense reasoning, plays an important role. There is less agreement about whether or not judgments of relevance or irrelevance are defensible only if the reasoning that supports such judgments is made fully explicit. However, most trial judges would reject any such requirement and would say that some judgments can and must rest partly on unarticulated and unarticulable hunches and intuitions. However, there is general (though implicit) agreement that the relevance of at least some types of expert evidence – particularly evidence from the hard sciences – requires particularly rigorous or in any event more arcane reasoning than is usually needed or expected. There is a general agreement that judgments of relevance are largely within the discretion of the trial court – although relevance rulings that lead to the exclusion of evidence are more likely to be reversed on appeal than are relevance rulings that lead to the admission of evidence.

Per the Federal Rules of Evidence (FRE) Rule 401, relevant evidence has the "tendency to make the existence of any fact that is of consequence to the determination of the action more probable or less probable than it would be without the evidence."

Federal Rule 403 allows relevant evidence to be excluded "if its value is substantially outweighed by the danger of unfair prejudice", if it leads to a confusion of the issues, if it is misleading to the jury or if it is a waste of the court's time. California Evidence Code section 352 also allows for exclusion to avoid "substantial danger of undue prejudice." For example, evidence that the victim of a car accident was apparently a "liar, cheater, womanizer, and a man of low morals" was unduly prejudicial and irrelevant to whether he had a valid claim against the manufacturer of the tires on his van (which had rolled over resulting in severe brain damage).

Exclusion of evidence

Under English and Welsh law, evidence that would otherwise be admissible at trial may be excluded at the discretion of the trial judge if it would be unfair to the defendant to admit it.

Evidence of a confession may be excluded because it was obtained by oppression or because the confession was made in consequence of anything said or done to the defendant that would be likely to make the confession unreliable. In these circumstances, it would be open to the trial judge to exclude the evidence of the confession under Section 78(1) of the Police and Criminal Evidence Act 1984 (PACE), or under Section 73 PACE, or under common law, although in practice the confession would be excluded under section 76 PACE.

Other admissible evidence may be excluded, at the discretion of the trial judge under 78 PACE, or at common law, if the judge can be persuaded that having regard to all the circumstances including how the evidence was obtained "admission of the evidence would have such an adverse effect on the fairness of the proceedings that the court ought not to admit it.

Applicability of the Law of Evidence on Electronic Records:1. INTRODUCTION

The capacity of the judicial system to receive particular information as evidence of the existence of certain facts in issue is governed by rules of evidence. For the most part, these rules do not distinguish between information stored, or contained, in different media, although the application of these rules does depend on the purpose for which the information is being tendered as evidence.

The rules of evidence are complex and do not lend themselves to easy explanation. A very general summary is provided by Forbes:

Courts of law are not so free to gather information as other decision makers. Generally they depend on the parties to inform them and may not conduct their own inquiries. Sometimes they are bound to disregard relevant material in deference to interests, which compete with the ‘best evidence’ ideal. Thus the hearsay rule excludes some relevant information as untested and unreliable and the rules of privilege protect confidence and candor between lawyer and client. Ultimately the principle of relevance, modified by these and other rules of exclusion, constitutes the law of evidence.

[Admissibility is made up of] …the classes of information, which may be considered, as distinct from that which ought to be accepted.

Some of the concepts referred to in this quote is discussed briefly below.

The law of evidence has not been codified in any Australian jurisdiction. State, Territory and Federal evidence law consists of the common law (law that develops through the decisions made by judges in particular cases), which is supplemented by different legislation in each jurisdiction.

2. THE MANNER IN WHICH EVIDENCE IS RECEIVED BY THE COURT

The manner in which evidence is received by the court depends on the type of evidence in question. If a witness is giving evidence or oral testimony in court, the witness will take an oath or an affirmation and then give his or her testimony. However, much of the evidence received by courts is not given by witnesses in the traditional sense. It is common for ‘documents’ to be tendered during the course of a trial. The process by which a document that has been tendered becomes an exhibit can be described as follows:

The physical process whereby a document is placed before a court for consideration is through the document being tendered. That is, it is simply handed up to the judge after counsel has indicated his or her intention to tender it, and after it has been shown to opposing counsel for any objections to its tender to be raised. If the tender is accepted, either without objection or where objections are rejected, the document is in evidence for relevant purposes, and becomes an exhibit in the trial. If the tender is rejected, the document is not in evidence

In the great majority of cases, objection is not taken to the admissibility of documentary evidence, except on the grounds of relevance, or with a view to attempting to ensure that a document is received into evidence for a limited purpose only—for example, in the case of a letter, as evidence of the fact that it was written, sent and received, but not as evidence of the truth of the assertions contained in it. In the case of documents in a paper form, it is rare for an objection to be taken to the tender of a copy rather than the original in reliance on the secondary evidence rule. Such objections normally arise from an attempt by the objector to gain a forensic advantage by, for example, causing the party seeking to tender the document to call, as a witness to explain the absence of the original, a person who will then be exposed to cross-examination.

As a matter of practice, the rules of evidence discussed in this paper will be applicable if raised by a party in an objection to the admissibility of certain evidence, or if raised by the court itself.

3. RELEVANCE

The primary rule of admissibility for all evidence is that:

· Evidence that is relevant to the issues in a proceeding is admissible unless there is another rule to exclude it; and

· Evidence that is not relevant is not admissible.

One aspect of the relevance rule, at least in relation to documentary evidence, is that a document must be authenticated by an extrinsic source before it is admissible. A document cannot authenticate itself. This means that the party seeking to rely on a document must adduce evidence that confirms that the document is what it purports to be or what the party claims it to be.

The evidence required to authenticate a document will be determined in part by the nature of the document in issue. For example, a paper document might be authenticated by the testimony of the document’s author or the testimony of a person who saw the author sign the document. It may include evidence that confirms that, where a device has been used to produce the evidence, the device used was reliable and accurate.

There appears to be some confusion at common law in relation to authentication requirements for some evidence. For example, if evidence is presented that goes to establishing the accuracy of a type of instrument, it is unclear whether a presumption thereby arises that the instrument was working accurately on the occasion in question or whether more evidence is required.

In relation to the standard of proof required for authenticating evidence, the Australian Law Reform Commission has also noted some obscurity in the common law:

This issue does not appear to have been discussed to any great extent in the authorities. In practice the trial judge will admit evidence of objects and other evidence on being given an assurance that evidence capable of demonstrating its connection to the issues will be led. In practice, writings are admitted into evidence on the giving of evidence-in-chief as to their authenticity—that is, the court proceeds on the basis that it assumes that the evidence will be accepted. With evidence produced by devices or systems, however, the courts appear to have required that the trial judge be satisfied—presumably, on the balance of probabilities—as to the accuracy of the technique and of the particular application of it.

The Evidence Act 1977 contains a number of provisions to facilitate the task of authenticating certain types of evidence. Relevant provisions are discussed in subsequent chapters of this Issues Paper.

The Indian Evidence Act 1872: Importance

The enactment and adoption of the Indian Evidence Act was a path-breaking judicial measure introduced in India, which changed the entire system of concepts pertaining to admissibility of evidences in the Indian courts of law. Up to that point of time, the rules of evidences were based on the traditional legal systems of different social groups and communities of India and were different for different persons depending on his or her caste, religious faith and social position. The Indian Evidence Act removed this anomaly and differentiation, and introduced a standard set of law applicable to all Indians.

The Indian Evidence act of 1872 is mainly based upon the firm work by, who could be called the founding father of this comprehensive piece of legislation.

The Act

The Indian Evidence Act, identified as Act no. 1 of 1872, and called the Indian Evidence Act, 1872, has eleven chapters and 167 sections, and came into force 1st September 1872. At that time, India was a part of the British Empire. Over a period of more than 125 years since its enactment, the Indian Evidence Act has basically retained its original form except certain amendments from time to time.

Applicability

When India gained independence on 15th August 1947, the Act continued to be in force throughout the Republic of India and Pakistan, except the state of Jammu and Kashmir. The Act continues in force in India, however it was repealed in Pakistan in 1984 by the Evidence Order 1984 It also applies to all judicial proceedings in the court, including the court martial as well. However, it does not apply on affidavits and arbitration proceedings.

Criminal aspect:

It is important that the police of the place of the child’s habitual residence be informed immediately of the abduction (missing persons report) so that ste