2. Need of Cyber Law
"The modern thief can steal more with a computer than
with a gun. Tomorrow's terrorist may be able to do more
damage with a keyboard than with a bomb".
National Research Council, U S A "Computers at
Risk”.1991
Prof. SVK
3. Cyber Law ?
Cyber Law is the law governing cyber space.
Cyber space includes computers, networks, software's, data
storage devices (such as hard disks, USB disks etc), the
Internet, websites, emails and even electronic devices such as
cell phones, ATM machines etc.
Prof. SVK
4. Cyber Law Deals with
Cyber Crimes
Electronic or Digital Signatures
Intellectual Property
Data Protection and Privacy
Prof. SVK
5. IT Act, 2000
• Enacted on 17th May
2000- India is 12th
nation in the world to
adopt cyber laws
• IT Act is based on
Model law on e-
commerce adopted by
UNCITRAL
Prof. SVK
6. Objectives of the IT Act
To provide legal recognition for transactions:-
• Carried out by means of electronic data interchange, and
other means of electronic communication, commonly
referred to as "electronic commerce“
• To facilitate electronic filing of documents with Government
agencies and E-Payments
• To amend the Indian Penal Code, Indian Evidence Act,1872,
the Banker’s Books Evidence Act 1891,Reserve Bank of India
Act ,1934
Prof. SVK
7. Extent of application
• Extends to whole of India and also applies to any offence or
contravention there under committed outside India by any
person {section 1 (2)} read with Section 75- Act applies to
offence or contravention committed outside India by any
person irrespective of his nationality, if such act involves a
computer, computer system or network located in India
• Section 2 (1) (a) –”Access” means gaining entry into
,instructing or communicating with the logical, arithmetic or
memory function resources of a computer, computer
resource or network
Prof. SVK
8. Definitions ( section 2)
• "computer" means electronic, magnetic, optical or other high-speed data
processing device or system which performs logical, arithmetic and
memory functions by manipulations of electronic, magnetic or optical
impulses, and includes all input, output, processing, storage, computer
software or communication facilities which are connected or relates to the
computer in a computer system or computer network;
• "computer network" means the inter-connection of one or more
computers through-
• (i) the use of satellite, microwave, terrestrial lime or other communication
media; and
• (ii) terminals or a complex consisting of two or more interconnected
computers whether or not the interconnection is continuously
maintained;
Prof. SVK
9. Definitions ( section 2)
• "computer system" means a device or collection of devices, including
input and output support devices and excluding calculators which are not
programmable and capable being used in conjunction with external files
which contain computer programmes, electronic instructions, input data
and output data that performs logic, arithmetic, data storage and
retrieval, communication control and other functions;
• "data" means a representation of information, knowledge, facts, concepts
or instruction which are being prepared or have been prepared in a
formalised manner, and is intended to be processed, is being processed or
has been processed in a computer system or computer network, and may
be in any form (including computer printouts magnetic or optical storage
media, punched cards, punched tapes) or stored internally in the memory
of the computer.
Prof. SVK
10. Definitions ( section 2)
• "electronic record" means data, record or data generated, image or sound
stored, received or sent in an electronic form or micro film or computer
generated micro fiche;
• “secure system” means computer hardware, software, and procedure
that-
(a) are reasonably secure from unauthorized access and misuse;
(b) provide a reasonable level of reliability and correct operation;
(c) are reasonably suited to performing the intended function; and
(d) adhere to generally accepted security procedures
• “security procedure” means the security procedure prescribed by the
Central Government under the IT Act, 2000.
• secure electronic record – where any security procedure has been applied
to an electronic record at a specific point of time, then such record shall
be deemed to be a secure electronic record from such point of time to the
time of verification
Prof. SVK
11. Act is in applicable to…
• (a) a negotiable instrument (Other than a
cheque) as defined in section 13 of the
Negotiable Instruments Act, 1881;
• (b) a power-of-attorney as defined in section
1A of the Powers-of-Attorney Act, 1882;
• (c) a trust as defined in section 3 of the Indian
Trusts Act, 1882;
Prof. SVK
12. Act is in applicable to…
• (d) a will as defined in clause (h) of section 2 of
the Indian Succession Act, 1925 including any
other testamentary disposition
• (e) any contract for the sale or conveyance of
immovable property or any interest in such
property;
• (f) any such class of documents or transactions
as may be notified by the Central Government
Prof. SVK
13. OBJECTIVES OF IT ACT
1. It is objective of I.T. Act 2000 to give legal recognition to any
transaction which is done by electronic way or use of
internet.
2. To give legal recognition to digital signature for accepting any
agreement via computer.
3. To provide facility of filling document online relating to school
admission or registration in employment exchange.
4. According to I.T. Act 2000, any company can store their data in
electronic storage. Prof. SVK
14. OBJECTIVES OF IT ACT..
5. To stop computer crime and protect privacy of internet users.
6. To give legal recognition for keeping books of accounts by
bankers and other companies in electronic form.
7. To make more power to RBI and Indian Evidence act for
restricting electronic crime.
Prof. SVK
15. SCOPE OF IT ACT
1. Information technology act 2000 is not applicable on the
attestation for creating trust via electronic way. Physical
attestation is must.
2. I.T. Act 2000 is not applicable on the attestation for making
will of any body. Physical attestation by two witnesses is must.
3. A contract of sale of any immovable property.
4. Attestation for giving power of attorney of property is not
possible via electronic record.Prof. SVK
16. Advantages of Cyber Laws
• Helpful to promote e-commerce
• Enhance the corporate business
• Filing online forms
• High penalty for cyber crime
• Digital signatures have been given legal
validity and sanction in the Act.
Prof. SVK
17. Digital signature
• Digital signature means authentication of any
electronic record by a subscriber by means of
an electronic method or procedure in
accordance with the provisions of section 3.
Section 3 deals with the conditions subject to
which an electronic record may be
authenticated by means of affixing digital
signature which is created in two definite
steps.
Prof. SVK
18. First, the electronic record is converted into a message
digest by using a mathematical function known as 'Hash
function' which digitally freezes the electronic record thus
ensuring the integrity of the content of the intended
communication contained in the electronic record. Any
tampering with the contents of the electronic record will
immediately invalidate the digital signature.
Secondly, the identity of the person affixing the digital
signature is authenticated through the use of a private key
which attaches itself to the message digest and which can
be verified by anybody who has the public key
corresponding to such private key. This will enable anybody
to verify whether the electronic record is retained intact or
has been tampered with since it was so fixed with the digital
signature. It will also enable a person who has a public key
to identify the originator of the message.
Prof. SVK
19. Attribution of electronic records.
An electronic record shall be attributed to the
originator -
• if it was sent by the originator himself.
• by a person who had the authority to act on
behalf of the originator in respect of that
electronic record, or
• by an information system programmed by or
on behalf of the originator to operate
automatically.
Prof. SVK
20. Acknowledgment of receipt
Where the originator has not agreed with the addressee
that the acknowledgment of receipt of electronic
record be given in a particular form or by a particular
method, an acknowledgment may be given by –
• any communication by the addressee, automated or
otherwise, or
• any conduct of the addressee, sufficient to indicate to
the originator that the electronic record has been
received.
• unless acknowledgment has been so received, the
electronic record shall be deemed to have been never
sent by the originator.
Prof. SVK
21. despatch and receipt of electronic
record
• if the addressee has designated a computer resource
for the purpose of receiving electronic records -
– receipt occurs at the time when the electronic, record
enters the designated computer resource, or
– if the electronic record is sent to a computer resource of
the addressee that is not the designated computer
resource, receipt occurs at the time when the electronic
record is retrieved by the addressee.
• if the addressee has not designated a computer
resource along with specified timings, if any, receipt
occurs when the electronic record enters the computer
resource of the addressee.
Prof. SVK
22. Digital Signature Certificates
• (DSC) are the digital equivalent (that is electronic
format) of physical or paper certificates.
• Examples of physical certificates are drivers' licenses,
passports or membership cards.
• Certificates serve as proof of identity of an individual
for a certain purpose; for example, a driver's license
identifies someone who can legally drive in a particular
country. Likewise, a digital certificate can be presented
electronically to prove your identity, to access
information or services on the Internet or to sign
certain documents digitally.
Prof. SVK
23. Who issues the Digital Signature
Certificate
• A licensed Certifying Authority (CA) issues the digital signature.
Certifying Authority (CA) means a person who has been granted a
license to issue a digital signature certificate under Section 24 of
the Indian IT-Act 2000.
Tata Consultancy Services (TCS)
National Informatics Center (NIC)
IDRBT(Institute for Development & Research in Banking
Technology)Certifying Authority
SafeScrypt CA Services, Sify Communications Ltd.
(n) Code Solutions CAMTNL
Trust Line*
Customs & Central Excise
E-MUDHRA
Prof. SVK
24. Regulation of Certifying Authorities
Appointment of Controller and other officers.
• The Central Government may, by notification in the Official
Gazette, appoint a Controller of Certifying Authorities for
the purposes of this Act and may also by the same or
subsequent notification appoint such number of Deputy
Controllers and Assistant Controllers as it deems fit.
• The Controller shall discharge his functions under this Act
subject to the general control and directions of the Central
Government.
• The Deputy Controllers and Assistant Controllers shall
perform the functions assigned to them by the Controller
under the general superintendence and control of the
Controller.
Prof. SVK
25. Appointment of Controller and other
officers.
• The qualifications, experience and terms and
conditions of service of Controller, Deputy
Controllers and Assistant Controllers shall be such
as may be prescribed by the Central Government.
• The Head Office and Branch Office of the office of
the Controller shall be at such places as the
Central Government may specify, and these may
be established at such places as the Central
Government may think fit.
• There shall be a seal of the Office of the
Controller.
Prof. SVK
26. Functions of Controller
The Controller may perform all or any of the following functions,
namely: -
• exercising supervision over the activities of the Certifying
Authorities.
• certifying public keys of the Certifying Authorities.
• laying down the standards to be maintained by the Certifying
Authorities.
• specifying the qualifications and experience which employees of
the Certifying Authorities should possess.
• specifying the conditions subject to which the Certifying Authorities
shall conduct their business.
• specifying the contents of written, printed or visual materials and
advertisements that may be distributed or used in respect of a
Digital Signature Certificate and the public key.
Prof. SVK
27. Functions of Controller
• specifying the form and content of a Digital Signature
Certificate and the key.
• specifying the form and manner in which accounts shall be
maintained by the Certifying Authorities.
• specifying the terms and conditions subject to which
auditors may be appointed and the remuneration to be
paid to them.
• facilitating the establishment of any electronic system by a
Certifying Authority either solely or jointly with other
Certifying Authorities and regulation of such systems.
• specifying the manner in which the Certifying Authorities
shall conduct their dealings with the subscribers.
Prof. SVK
28. Functions of Controller
• resolving any conflict of interests between the
Certifying Authorities and the subscribers.
• laying down the duties of the Certifying
Authorities.
• maintaining a data base containing the
disclosure record of every Certifying Authority
containing such particulars as may be
specified by regulations, which shall be
accessible to public.
Prof. SVK
29. Offences & Penalties under the
Information Technology Act, 2000
• Offences:
Cyber offences are the unlawful acts which are carried in a very
sophisticated manner in which either the computer is the tool or target or
both. Cyber crime usually includes:
(a) Unauthorized access of the computers
(b) Data diddling
(c) Virus/worms attack
(d) Theft of computer system
(e) Hacking
(f) Denial of attacks
(g) Logic bombs
(h) Trojan attacks
(i) Internet time theft
(j) Web jacking
(k) Email bombing
(l) Salami attacks
(m) Physically damaging computer system.
Prof. SVK
30. Section 65. Tampering with computer
source documents:
• Whoever knowingly or intentionally conceals,
destroys or alters or intentionally or knowingly
causes another to conceal, destroy or alter any
computer source code used for a computer,
computer Programme, computer system or
computer network, when the computer source code
is required to be kept or maintained by law for the
being time in force, shall be punishable with
Penalties: Imprisonment up to 3 years and / or
Fine: Two lakh rupees.
Prof. SVK
31. Section66. Hacking with the computer
system
Whoever with the intent to cause or knowing
that he is likely to cause wrongful loss or damage
to the public or any person destroys or deletes or
alters any information residing in a computer
resource or diminishes its value or utility or
affects it injuriously by any means, commits
hacking.
Penalties: Punishment: Imprisoned up to three
years and
Fine: which may extend up to two lakh rupees Or
with both.
Prof. SVK
32. Section 67. Publishing of obscene
information in electronic form:
• Publishing or transmitting, or causing to be published,
pornographic material in electronic form
• Penalties: Punishment: On first conviction -
Imprisonment which may extend up to five years.
Fine: up to on first conviction which may extend to one
lakh rupees.
• On second conviction ---- imprisonment up to which
may extend to ten years and Fine which may extend up
to two lakh rupees.
Case Laws:
1. The State of Tamil Nadu v/s Suhas Katti.
Prof. SVK
33. Section 68. Power of controller to give
directions:
(1) The Controller may, by order, direct a Certifying Authority or any
employee of such Authority to take such measures or cease
carrying on such activities as specified in the order if those are
necessary to ensure compliance with the provisions of this Act,
rules or any regulations made there under.
(2) Any person who fails to comply with any order under sub-
section (1) shall be guilty of an offence and shall be liable on
conviction to imprisonment for a term not exceeding three years or
to a fine not exceeding two lakh rupees or to both.
Penalties: Punishment: imprisonment up to a term not exceeding
three years
Fine: not exceeding two lakh rupees.
Prof. SVK
34. Section 69. Directions of Controller to a
subscriber to extend facilities to decrypt
information:
If the Controller is satisfied that it is necessary or expedient so to
do in the interest of the sovereignty or integrity of India, the
security of the State, friendly relations with foreign States or
public order or for preventing incitement to the commission of
any cognizable offence; for reasons to be recorded in writing, by
order, direct any agency of the Government to intercept any
information transmitted through any computer resource.
The subscriber or any person in charge of the computer resource
shall, when called upon by any agency which has been directed
under sub-section (1), extend all facilities and technical assistance
to decrypt the information.
Penalties: imprisonment for a term which may extend to seven years.
http://www.legalservicesindia.com/article/article/offences-&-
penalties-under-the-it-act-2000-439-1.html
Prof. SVK
35. Section 70. Protected System
(1) The appropriate Government may, by notification in the Official
Gazette, declare that any computer, computer system or computer
network to be a protected system.
(2) The appropriate Government may, by order in writing, authorize the
persons who are authorized to access protected systems notified under
sub-section (1).
(3) Any person who secures access or attempts to secure access to a
protected system in contravention of the provision of this section shall be
punished with imprisonment of either description for a term which may
extend to ten years and shall also be liable to fine.
Explanation: This section grants the power to the appropriate government
to declare any computer, computer system or computer network, to be a
protected system. Only authorized person has the right to access to
protected system.
Penalties: Punishment: the imprisonment which may extend to ten years
and fine.
Prof. SVK
36. Section 71. Penalty for
misrepresentation
(1) Whoever makes any misrepresentation to, or
suppresses any material fact from, the Controller or the
Certifying Authority for obtaining any license or Digital
Signature Certificate, as the case may be, shall be
punished with imprisonment for a term which may
extend to two years, or which fine which may extend to
one lakh rupees, or with both.
Penalties: Punishment: imprisonment which may
extend to two years
Fine: may extend to one lakh rupees or with both.
Prof. SVK
37. Section 72. Penalty for breach of
confidentiality and privacy
This section relates to any to nay person who in pursuance
of any of the powers conferred by the Act or it allied rules
and regulations has secured access to any: Electronic
record, books, register, correspondence, information,
document, or other material.
If such person discloses such information, he will be
punished with penalty. It would not apply to disclosure of
personal information of a person by a website, by his email
service provider.
Penalties: Punishment: term which may extend to two
years.
Fine: one lakh rupees or with both.
Prof. SVK
38. Section 73. Penalty for publishing Digital Signature
Certificate false in certain particulars
(1) No person shall publish a Digital Signature Certificate or
otherwise make it available to any other person with the
knowledge that-
(a) The Certifying Authority listed in the certificate has not
issued it; or
(b) The subscriber listed in the certificate has not
accepted it; or
(c) The certificate has been revoked or suspended, unless
such publication is for the purpose of verifying a digital
signature created prior to such suspension or revocation.
(2) Penalties: Punishment imprisonment of a term of which
may extend to two years.
Fine: fine may extend to 1 lakh rupees or with both.
Prof. SVK
39. Section 74. Publication for fraudulent
purpose
Explanation: This section prescribes punishment for the following
acts:
Knowingly creating a digital signature certificate for any
i. fraudulent purpose or,
ii. unlawful purpose.
Knowingly publishing a digital signature certificate for any
i. fraudulent purpose or
ii. unlawful purpose
Knowingly making available a digital signature certificate for any
i. fraudulent purpose or
ii. unlawful purpose.
Penalties: Punishment: imprisonment for a term up to two years.
Fine: up to one lakh or both.
Prof. SVK
40. Section 75. Act to apply for offence or contravention
committed outside India
(1) Subject to the provisions of sub-section (2), the provisions
of this Act shall apply also to any offence or contravention
committed outside India by any person irrespective of his
nationality.
(2) For the purposes of sub-section (1), this Act shall apply to an
offence or Contravention committed outside India by any
person if the act or conduct constituting the offence or
contravention involves a computer, computer system or
computer network located in India.
Explanation: This section has broader perspective including
cyber crime, committed by cyber criminals, of any nationality,
any territoriality.
Prof. SVK
41. Section 76. Confiscation
The aforesaid section highlights that all devices
whether computer, computer system,
floppies, compact disks, tape drives or any
other storage, communication, input or
output device which helped in the
contravention of any provision of this Act,
rules, orders, or regulations made under there
under liable to be confiscated.
Prof. SVK
42. 77. Penalties or confiscation not to
interfere with other punishments
No penalty imposed or confiscation made under
this Act shall prevent the imposition of any other
punishment to which the person affected thereby
is liable under any other law for the time being in
force.
Explanation: The aforesaid section lays down a
mandatory condition, which states the Penalties
or confiscation not to interfere with other
punishments to which the person affected
thereby is liable under any other law for the time
being in force.
Prof. SVK
43. 78. Power to investigate offences
Notwithstanding anything contained in the
Code of Criminal Procedure, 1973, a police
officer not below the rank of Deputy
Superintendent of Police shall investigate any
offence under this Act.
Explanation: The police officer not below the
rank of Deputy Superintendent of police shall
investigate the offence.
Prof. SVK
45. Conclusion…
“Indian Laws are well drafted and are capable of
handling all kinds of challenges as posed by cyber
criminals. However, the enforcement agencies are
required to be well versed with the changing technologies
and Laws.”
"As internet technology advances so does the threat of
cyber crime. In times like these we must protect ourselves
from cyber crime. Anti-virus software, firewalls and
security patches are just the beginning. Never open
suspicious e-mails and only navigate to trusted sites.”
Prof. SVK