Lehar AjwaniLehar Ajwani

Mehul JainMehul Jain

Shweta SinghShweta Singh

Puneet VyasPuneet Vyas

Subodh MallyaSubodh Mallya

BackgroundBackground

Drew inspiration from Model Law on Electronic

Commerce adopted by the United Nations

Commission of International Trade Law (UNCITRAL).

The said resolution recommends inter alia that all

states give favorable consideration to to the said

Model Law when they enact or revise their laws.

This is in view of need of uniformity

ObjectiveObjective

Seeks to address two different aspects of technological revolution.Providing legal recognition to electronic

transactions and use of alternatives to paper-based methods of communications and storage etc.

Regulation and control of Cyber Crime and other offences.

Seeks to define various offences arising out of use of Digital Signatures

Lays guidelines for regulating these offences.

Structure of the ActStructure of the ActConsists of 13 Chapters.

Chapter 1: Describes the scope and applicability of the act and the definitions clause.

Chapter 2: Authentication using digital signatures and asymmetric cryptosystem

Chapter 3: Legal recognition of electronic records and digital signatures.

Chapter 4: Contractual aspects of use of electronic records such as attribution, acknowledgement, time and place of dispatch and receipt.

Chapter 5: presumptions available to secure electronic records

Chapter 6,7,& 8: legal frame work within which DS can be issued and used.

Structure Of The Act (contd’…)Structure Of The Act (contd’…)

Chapter 9,10 & 11: contraventions offences and penalties

Chapter 12: single provision directed towards issue of network service provider liability

Chapter 13: miscellaneous provisions

TransactionsTransactions

Transaction: “An action or a set of actions occurring

between two or more persons relating to the conduct of the

business, commercial or governmental affairs.”

Automated Transactions: “A transaction conducted or

performed, in whole or in part, by electronic means or

electronic records in which the acts of one or both the

parties are not reviewed by an individual in the ordinary

course of forming a contract, performing under existing

contract or fulfilling an obligation required by the

transaction.”

Paperless ContractPaperless Contract

IT Act read in conjunction with the Contract Act.

There has to be an offer.

There has to be an acceptance of the said offer.

There has to be some consideration for the

contract.

Legal issues in e-commerceLegal issues in e-commerce

Though the Internet is a goldmine, without adequate legal

protection it could become a landmine

E-commerce is the mode of conducting business through

electronic means.

All business activity conducted using a combination of electronic

communications and information processing technology.

Total transaction volume of e-commerce in India is expected to

grow rapidly to Rs. 1,950 crore by 2008

CORE LEGAL ISSUESCORE LEGAL ISSUES

A. Offer and Acceptance

B. Click wrap contracts

C. Online Identity

D. Security : Security over the Internet is of immense importance

to promote e-commerce.

E. Authentication :Though the Internet eliminates the need for

physical contact, it does not do away with the fact that any

form of contract or transaction would have to be authenticated

•Dissemination of sensitive and confidential medical, financial and personal records of individuals and organisations;

• Sending spam (unsolicited) e-mails;

• Tracking activities of consumers by using web cookies

• Unreasonable check and scrutiny on an employee’s activities, including their email correspondence.

PRIVACY & DATA PROTECTIONPRIVACY & DATA PROTECTIONNo legislation in India that upholds the privacy rights of an individual

Intellectual Property RightsIntellectual Property Rights

The Internet is a boundless and unregulated medium

("IPRs") is a challenge and a growing concern amongst most e-businesses

Ascertaining novelty I originality:

.

ISSUES IN E-COMMERCE TRANSACTIONSISSUES IN E-COMMERCE TRANSACTIONS

Preventing unauthorised hyper linking and meta tagging

Protection against unfair competition

1. Interactive marketing practices

2. Spamming

3. Immersive marketing

Domain Names :If the company chooses a domain name that is

similar to some domain name or some existing trademark of a third

party, the company could be held liable for cybersquatting.

Electronic payment issuesElectronic payment issues

Secure Credit Card Transactions

Recognition of digital currencies

Determining the relevant jurisdiction

Risk of Regulatory Change

Transaction risks

Consumer-oriented risks

For example, XYZ, a company in London, having its server in USA, may sell its products to customers in India or other countries.

If you receive defective goods or if you regret having made the purchase, the question would arise as to which jurisdiction can you sue the company or claim damages or withdrawal respectively.

The company, onthe other hand, might find itself confronted with foreign laws

JURISDICTIONJURISDICTION

REGULATORY MEASURESREGULATORY MEASURES

1. ECMS - Electronic Copyright Management System

2. WIPO - World Intellectual Property Organisation

E-commerce Taxation

Realising the potential of earning tax revenue from such sources, tax

authorities world over are examining the tax implications of e-

commerce transactions and resolving mechanisms to tax such

transactions.

Concept of KeysConcept of Keys A ‘key’ comprises of a series of binary digits

Locking / Unlocking of Keys

“Key Pairs” consist of two keys

Public Key

Private Key

What is Cryptography?

Hashing Algorithm ‘RSA” used for encryption/decryption

Where does my computer store my private key?

Who needs a key pair?

For how long does a key stay valid?

What happens when a key expires?

Message TransferMessage Transfer

I

N

T

E

R

N

E

T

REGULATION OF CERTIFYING AUTHORITIES

Exercising supervision over the activities of the Certifying Authorities

Certifying public keys

Laying down the standards

Facilitating the establishment of any electronic system by a Certifying Authority / Certifying Authorities

Resolving any conflict of interests between the Certifying Authorities and the subscribers

Laying down the duties of the Certifying Authorities

Maintaining a data base containing the disclosure record of every

Certifying Authority containing such particulars as may be specified

by regulations, which shall be accessible to public.

Act as repository

Recognition of foreign Certifying Authorities.

Recognition of foreign Certifying Authorities.

Power to delegate

Power to investigate contraventions.

Access to data and computer systems

CERTIFYING AUTHORITY FUNCTIONS

Make use of hardware, software and procedures that are secure from intrusion and misuse

Provide a reasonable level of reliability in its services

To ensure compliance of the Act

Disclosure

Demonstration of Use of DSC

Demonstration of Use of DSC

Digital Digital Signature Signature

Certificate To Certificate To Be Attached Be Attached

herehere

Details for Registering a DSC

Cyber CrimeCyber Crime

Offences Under IT Act 2000Offences Under IT Act 2000

The offence Offence Not an Offence Conditions

Computer network break-ins      

Industrial espionage    Only if a computer is involved

Copyright piracy   χ   

Software Piracy   χ   

Child Pornography      

E-mail bombings   χ   

Password ‘sniffers    Only after the password is Actually used to hack

Spoofing   χ   

Credit card fraud      

Cyber squatting   χ 

Misleading search words   χ   

Using an imaginary password and gaining access to a software

     

Changing the information in a file by a regular operator

     

Copying data and selling or giving free to any third party

     

While playing games, a virus enters the system      

Taking a bribe to permit an offender to gain entry to the office

     

Offences Under IT Act 2000Offences Under IT Act 2000

Penal ProvisionsPenal Provisions

43. Penalty of damage of computer, computer system, etc.

If any person without permission of the owner or any other person who is in

charge of a computer, computer or computer network,-

a)accesses or secures access to such computer, computer system or

computer network;

b)downloads, copies or extracts any data, computer data base or information

from such computer, computer system or computer network including

information or data held or stored in any removable storage medium;

c)introduces or causes to be introduced any computer contaminant or

computer virus into any computer, computer system or computer network;

d)damages or causes to be damaged any computer, computer system or

computer network, data, computer data base or other programmes residing in

such computer, computer system or computer network;

Penal ProvisionsPenal Provisions43. Penalty of damage of computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of

a computer, computer or computer network,-

e)disrupts or causes disruption of any computer, computer system or computer

network;

f)denies or causes the denial of access to any person authorised to access any

computer, or computer network by any means;

g)provides any assistance to any person to facilitate access to a computer, computer

system or computer network in contravention of the provisions of this Act, rules or

regulations made there under;

h)charges the services availed of by a person to the account of another person by

tampering with or manipulating any computer, computer system, or computer

network,

i)he shall be liable to pay damages by way of compensation not exceeding one crore

rupees to the person so affected

Cyber Appellate TribunalCyber Appellate Tribunal

Sections 48 – 64 Deals with

the Cyber Appellate Tribunal

Cyber Appellate TribunalCyber Appellate Tribunal

Appeal to Cyber Appellate Tribunal

(1) Save as provided in sub-section (2), any person aggrieved by an order made by

Controller or an adjudicating officer under this Act may prefer an appeal to a Cyber

Appellate Tribunal jurisdiction in the matter.

(2) No appeal shall lie to the Cyber Appellate Tribunal from an order made by an

adjudicating officer with the consent of the parties.

(3) Every appeal under sub-section (1) shall be filed within a period of forty-five days

from the date on which a copy of the order made by the Controller or the

adjudicating officer is received by the person aggrieved and it shall be in such form

and be accompanied by such fee as may be prescribed:

Provided that the Cyber Appellate Tribunal may entertain an appeal after the expiry

of the said period of forty-five days if it is satisfied that there was sufficient cause for

not filing it within that period.

Cyber Appellate TribunalCyber Appellate Tribunal

Appeal to Cyber Appellate Tribunal

(4) On receipt of an appeal under sub-section (1), the Cyber Appellate

Tribunal may, after giving the parties to the appeal, an opportunity of being

heard, pass such orders thereon as it thinks fit, confirming, modifying or

setting aside the order appealed against.

(5) The Cyber Appellate Tribunal shall send a copy or every order made by

it to the parties to the appeal and to the concerned Controller or

adjudicating officer.

(6) The appeal filed before the Cyber Appellate Tribunal under sub-section

(1) shall be dealt with by it as expeditiously as possible and endeavour

shall be made by it to dispose of the appeal finally within six months from

the date of receipt of the appeal.

Cyber Appellate TribunalCyber Appellate Tribunal

ConclusionConclusion

WHERE WE AREFastest growing sectorContributes more than $30 Billion to India’s G.D.PWorld leader in outsourcing

DIFFICULTIESSlow response from govt.Less support from foreign law enforcement

agenciesSlow in adaptability of technology used by

criminals

SuggestionsSuggestionsFUTURE COURSE OF ACTION

Need international co-operation

Mutual co-operation between countries

Transfer of technology between countries

Deportation of criminals

Educate the masses

Spreading awareness about cyber crimes

Training and educating policemen

More and more stringent norms

THANKSTHANKS

QUESTIONSQUESTIONS