Embed Size (px)
Citation preview
LOVELY SCHOOL OF MANAGEMENT
SUBMITTED TO: - SUBMITTED BY:-
MR. Vaneet Kashyap GYAN PRAKASH
ROLL NO:-B46
SEC:-S1007
REG.ID:-11011236
Introduction
Cyber law India is an organization that is dedicated to the passing of relevant and dynamic Cyber laws in India. Considering India is one of the biggest economies impacting electronic commerce and the biggest markets to target, it is but natural to accept that India should have in place appropriate enabling legal provisions for effective and secure cyber transactions. Cyber law India as an organization has been active since late 1990’s in India. Cyber law India was responsible for conducting various programmers directing at creating more awareness about the needs for Cyber law in India. The Information Technology Bill 1999 when presented in Parliament was appropriately analyzed at Cyber law India. Mr. Pavan Duggal , President, Cyber law India, was responsible for demonstrating various draw backs and lacuna of the said legislation. After the passage of the Indian Information Technology Act 2000 , Cyber law India was engaged in initiatives, programmes and events that were targeting at creating more awareness amongst the relevant stake holders about the Indian Cyber law namely the Information Technology Act 2000, its salient features and how the said law impacts their day to day operation. Cyber law India has been in the forefront of creating more awareness about effectively strengthening the law impacting Internet and computers within India. The Government of India had tabled the Information Technology Amendment Bill of 2006 before Parliament. The Parliament referred the said Bill to the Parliamentary Standing Committee for its comments. Cyber law India was once again responsible for creating awareness about the new proposed amendments to the Information Technology Act 2000 in India. The Government of India passed the Information Technology Amendment Act of 2008 in December 2008. The said legislation has become law with effect from 5th of February 2009. Cyber law India has been in the forefront of creating more awareness about the new amendments to the Information Technology Act 2000 and their ramifications and impact upon all relevant stake holders and corporate world. Cyber law India believes that India must have the best cyber legal regime in the world. Cyber law Association aims to contribute to the ever evolving cyber legal jurisprudence and emerging legal issues pertaining to Cyberspace, Internet and the World Wide Web. Cyber law Association is a not for profit association that was found more than a decade ago to encourage the growth of Cyber law in
different jurisdictions. It was also initially devised to be meeting point of all related similar thinking individuals and legal entities who had an interest in the evolution, growth and development of Cyber Law, and Cyber Law legal jurisprudence. Cyber Law Association is the common meeting point of legal professionals, scholars, jurists and other stakeholders who all are committed to the growth of cyber law and cyber legal jurisprudence.
What is the importance of Cyber law? Cyber law is important because it touches almost all aspects of transactions and activities on and concerning the Internet, the World Wide Web and Cyberspace. Initially it may seem that Cyber laws are a very technical field and that it does not have any bearing to most activities in Cyberspace. But the actual truth is that nothing could be further than the truth. Whether we realize it or not, every action and every reaction in Cyberspace has some legal and Cyber legal perspectives.
Need for Cyber Law There are various reasons why it is extremely difficult for conventional law to cope with cyberspace. Some of these are discussed below.1. Cyberspace is an intangible dimension that is impossible to govern and regulate using conventional law.2. Cyberspace has complete disrespect for jurisdictional boundaries. A person in India could break into a bank’s electronic vault hosted on a computer in USA and transfer millions of Rupees to another bank in Switzerland, all within minutes. All he would need is a laptop computer and a cell phone.3. Cyberspace handles gigantic traffic volumes every second.Billions of emails are crisscrossing the globe even as we read this, millions of websites are being accessed every minute and billions of dollars are electronically transferred around the world by banks every day.4. Cyberspace is absolutely open to participation by all. A ten year- old in Bhutan can have a live chat session with an eight year- old in Bali without any regard for the distance or the anonymity between them.5. Cyberspace offers enormous potential for anonymity to its members. Readily available encryption software and steganography tools that seamlessly hide information within image and sound files ensure the confidentiality of information exchanged between cyber-citizens.6. Cyberspace offers never-seen-before economic efficiency.Billions of dollars’ worth of software can be traded over the
Internet without the need for any government licenses, shipping and handling charges and without paying any customs duty.7. Electronic information has become the main object of cybercrime. It is characterized by extreme mobility, which exceeds by far the mobility of persons, goods or other services. International computer networks can transfer huge amounts of data around the globe in a matter of seconds.8. A software source code worth crores of rupees or a movie can be pirated across the globe within hours of their release.9. Theft of corporeal information (e.g. books, papers, CD ROMs, floppy disks) is easily covered by traditional penal provisions.However, the problem begins when electronic records are copied quickly, inconspicuously and often via telecommunication facilities. Here the “original” information, so to say, remains in the “possession” of the “owner” and yet information gets stolen.
Advantages of Cyber Laws:-
The IT Act 2000 attempts to change outdated laws and provides ways to deal with cybercrimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. The Act has also proposed a legal framework for the authentication and origin of electronic records communications through digital signature.
* Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act.* The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates.* The Act now allows Government to issue notification on the web thus heralding e-governance.
* Digital signatures have been given legal validity and sanction in the Act.
* From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these
provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law.* The Act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government.* The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date.* Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore.
*Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act.
Impact of Indian Cyber Laws Offshore outsourcing to India is especially buoyant. Only last month Norwich Union, Britain's biggest insurance company joined a host of other firms including HSBC, Barclays, Marks & Spencer and Tesco, by deciding to ship jobs to Asia. But some, including the Royal Bank of Scotland and Alliance & Leicester, have pledged to keep jobs in Britain, partly in response to the backlash that turned offshoring into a political hot potato.With the growing fashion of the world’s biggest organizations to offshore outsource their business processes, India has emerged as the world’s leader in outsourcing industry. Let’s have a look at the reasons that have forced companies to pack their bags and return to their homes by compromising over their profits.1. Even though India is through with its first cyber law, the IT Act 2000, the service providers have been unable to provide satisfactory standard security solutions because regulations, legislation, and consequently risk vary vastly between industries and geographies.
2. Apart from this the companies bear a distrust feeling due to the lack of regulatory protection in areas such as security and privacy. It is because the IT Act 2000 does not include any clause similar to the Data Protection Act of United Kingdoms. This naturally has lead companies to decide for their home than to outsource.3. India till date has not been able to achieve the recognition from European Commission, which has framed certain standards covering data protection compliance in contracts with offshore suppliers. It is because India has not been able to rise up to the laid standards. But this not the end, the country is working hard to frame up a data protection act and privacy regime that will be scrutinized by the EC in due course.4. The extremely slow India’s legal process in checking digital piracy which includes both, software and movies, is also one of the reasons why companies hesitate to outsource their business processes to India.Developed nations like Hong-Kong and Singapore, on the other hand, have stringent laws for the similar crimes.
The year saw high profile visits of CEOs of Microsoft and Intel, who have high stakes in India. Microsoft CEO Steve Ballmer inaugurated a new campus facility of the company in Hyderabad and said the firm would hire hundreds in India and bring out MS Window in 14 Indian languages.1. To hold their clients, most of the Indian Service providers agree to be subjected by global acts and ready to be litigated in the court of the user’s country.2. Also, to stay in the competition and ensure security and integrity of the data, most of the leading business process outsourcing companies has implemented international standards for information security management like the BS7799 and the ISO17799. 3. The outsourcing environment is becoming increasingly control-oriented and the need for stronger cyber laws has been increasingly felt. The government too realizes this and therefore promises to have a tighter data protection and privacy regime in place later this year. It is conducting a security audit of its 860 members and has proposed to amend the existing cyber laws of India, the IT Act 2000 so as to cover up the issues of data security and cybercrime.
What is Cybercrime?
When Internet was developed, the founding fathers of Internet hardly had any inclination that Internet could also be misused for criminal activities. Today, there are many disturbing things happening in cyberspace. Cybercrime refers to all the activities done with criminal intent in cyberspace. These could be either the criminal activities in the conventional sense or could be activities, newly evolved with the growth of the new medium. Because of the anonymous nature of the Internet, it is possible to engage into a variety of criminal activities with impunity and people with intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal activities in cyberspace. The field of Cybercrime is just emerging and new forms of criminal activities in cyberspace are coming to the forefront with the passing of each new day.
What are the various categories of Cybercrimes? Cybercrimes can be basically divided into 3 major categories being Cybercrimes against persons, property and Government.
Cybercrimes against persons?Cybercrimes committed against persons include various crimes like transmission of child-pornography, harassment of any one with the use of a computer such as e-mail, and cyber-stalking.The trafficking, distribution, posting, and dissemination of obscene material including pornography, indecent exposure, and child pornography, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime to humanity can hardly be overstated. This is one Cybercrime which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation, if not controlled. Cybercrimes against property?The second category of Cybercrimes is that of Cybercrimes against all forms of property. These crimes include unauthorized computer trespassing through cyberspace, computer vandalism, transmission of harmful programs, and unauthorized possession of computerized information.
Cybercrime against Government?The third category of Cybercrimes relate to Cybercrimes against Government. Cyber Terrorism is one distinct kind of crime in this category. The growth of
Internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorize the citizens of a country. This crime manifests itself into terrorism when an individual "cracks" into a government or military maintained website.
Why Cyber laws In India
India became independent on 15th August, 1947. In the 49th year of Indian independence, Internet was commercially introduced in our country. The beginnings of Internet were extremely small and the growth of subscribers painfully slows. However as Internet has grown in our country, the need has been felt to enact the relevant Cyber laws which are necessary to regulate Internet in India. This need for cyber laws was propelled by numerous factors. Firstly, India has an extremely detailed and well-defined legal system in place. Numerous laws have been enacted and implemented and the foremost amongst them is The Constitution of India. We have interlaid, amongst others, the Indian Penal Code, the Indian Evidence Act 1872, the Banker's Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934, the Companies Act, and so on. However the arrival of Internet signaled the beginning of the rise of new and complex legal issues. It may be pertinent to mention that all the existing laws in place in India were enacted way back keeping in mind the relevant political, social, economic, and cultural scenario of that relevant time. Nobody then could really visualize about the Internet. Despite the brilliant acumen of our master draftsmen, the requirements of cyberspace could hardly ever be anticipated. As such, the coming of the Internet led to the emergence of numerous ticklish legal issues and problems which necessitated the enactment of Cyber laws. Secondly, the existing laws of India, even with the most benevolent and liberal interpretation, could not be interpreted in the light of the emerging cyberspace, to include all aspects relating to different activities in cyberspace. In fact, the practical experience and the wisdom of judgment found that it shall not be without major perils and pitfalls, if the existing laws were to be interpreted in the scenario of emerging cyberspace, without enacting new cyber laws. For example, the Net is used by a large majority of users for email. Yet till today, email is not "legal" in our country.
There is no law in the country, which gives legal validity, and sanction to email. Courts and judiciary in our country have been reluctant to grant judicial recognition to the legality of email in the absence of any specific law having been enacted by the Parliament. Fourthly, Internet requires an enabling and supportive legal infrastructure in tune with the times. This legal infrastructure can only be given by the enactment of the relevant Cyber laws as the traditional laws have failed to grant the same. The Government of India responded by coming up with the draft of the first Cyber law of India - The Information Technology Bill, 1999.
Some Indian Case Studies:
(1)Pune Citibank Emphasis Call Center
Fraud US $ 3, 50,000 from accounts of four US customers was dishonestly transferred to bogus accounts. This will give a lot of ammunition to those lobbying against outsourcing in US. Such cases happen all over the world but when it happens in India it are a serious matter and we cannot ignore it. It is a case of sourcing engineering. Some employees gained the confidence of the customer and obtained their PIN numbers to commit fraud. They got these under the guise of helping the customers out of difficult situations. Highest security prevails in the call centers in India as they know that they will lose their business. There was not as much of breach of security but of sourcing engineering. The call center employees are checked when they go in and out so they cannot copy down numbers and therefore they could not have noted these down. They must have remembered these numbers, gone out immediately to a cyber café and accessed the Citibank accounts of the customers. All accounts were opened in Pune and the customers complained that the money from their accounts was transferred to Pune accounts and that’s how the criminals were traced. Police has been able to prove the honesty of the call center and has frozen the accounts where the money was transferred. There is need for a strict background check of the call center executives. However, best of background checks cannot eliminate the bad elements from coming in and breaching security. We must still ensure such checks when a person is hired. There is need for a national ID and a national
data base where a name can be referred to. In this case preliminary investigations do not reveal that the criminals had any crime history. Customer education is very important so customers do not get taken for a ride. Most banks are guilt of not doing this.
(2) Baazee.com caseCEO of Baazee.com was arrested in December 2004 because a CD with objectionable material was being sold on the website. The CD was also being sold in the markets in Delhi. The Mumbai city police and the Delhi Police got into action. The CEO was later released on bail. This opened up the question as to what kind of distinction do we draw between Internet Service Provider and Content Provider. The burden rests on the accused that he was the Service Provider and not the Content Provider. It also raises a lot of issues regarding how the police should handle the cybercrime cases and a lot of education is required e.
(3)PARLIAMENT ATTACK CASEBureau of Police Research and Development at Hyderabad had handled some of the top cyber cases, including analyzing and retrieving information from the laptop recovered from terrorist, who attacked Parliament. The laptop which was seized from the two terrorists, who were gunned down when Parliament was under siege on December 13 2001, was sent to Computer Forensics Division of BPRD after computer experts at Delhi failed to trace much out of its contents. The laptop contained several evidences that confirmed of the two terrorists’ motives, namely the sticker of the Ministry of Home that they had made on the laptop and pasted on their ambassador car to gain entry into Parliament House and the fake ID card that one of the two terrorists was carrying with a Government of India emblem and seal. The emblems (of the three lions) were carefully scanned and the seal was also craftily made along with residential address of Jammu and Kashmir. But careful detection proved that it was all forged and made on the laptop.
(4) Ritu Kohli Case:-
Ritu Kohli Case, being India's first case of cyber stalking, was indeed an important revelation into the mind of the Indian cyber stalker. A young Indian girl being cyber stalked by a former colleague of her husband, Ritu Kohl i’s case took the imagination of India by storm. The case which got cracked however predated the passing of the Indian Cyber law and hence it was just registered as minor offences under the Indian Penal Code. The Delhi Police has recently registered India’s First Case of Cyber stalking. One Mrs. Ritu Kohli complained to the police against the person who was using her identity to chat over the Internet at the website www.mirc.com, mostly in the Delhi channel for four consecutive days. Mrs. Kohli further complained that the person was chatting on the Net, using her name and giving her address and was talking obscene language. The same person was also deliberately giving her telephone number to other chatters encouraging them to call Ritu Kohli at odd hours. Consequently, Mrs. Kohli received almost 40 calls in three days mostly at odd hours from as far away as Kuwait, Cochin, Bombay and Ahmedabad. The said calls created havoc in the personal life and mental peace of Ritu Kohli who decided to report the matter. Consequently, the IP addresses were traced and the police investigated the entire matter and ultimately arrested Manish Kathuria on the said complaint. Manish apparently pleaded guilty and was arrested. A case was registered under section 509, of the Indian Penal Code (IPC). And thereafter he was released on bail. This is the first time when a case of cyber stalking has been reported. Cyber stalking does not have any one definition but it can be defined to mean threatening, unwarranted behavior or advances directed by one net user to another user using the medium of Internet and other forms of online communication. Cyber stalking is a recent phenomenon and women generally are the main targets of this cybercrime.
(5)State of Maharashtra v/s Anand Ashok KhareThis case related to the activities of the 23-year-old Telecom engineer Anand Ashok Khare from Mumbai who posed as the famous hacker Dr Necker and made several attempts to hack the Mumbai police Cyber Cell website.
(6)State of Uttar Pradesh v/s Sacket SanghaniaThis case which was registered under Section 65 of the IT Act, related to theft of computer source code. Sacket Singhania an engineer was sent by his employer to America to develop a software program for the company. Singhania, instead of working for the company, allegedly sold the source code of the program me to an American client of his employer person to which his employer suffered loss:
(7)State v/s Amit PrasadState v/s Amit Prasad, was India's first case of hacking registered under Section 66 of the Information Technology Act 2000. A case with unique facts, this case demonstrated how the provisions of the Indian Cyber law could be interpreted in any manner, depending on which side of the offence you were on.
(8)State of Chhattisgarh v/s Prakash Yadav and Manoj Singhaniathis was a case registered on the complaint of State Bank of India Raigarh branch. Clearly a case of Spyware and Malware, this case demonstrated in early days how the IT Act could be applicable to constantly different scenarios.
(9)MYSPACE CATCHES A MURDERER MySpace has played an important role in helping Oakland police apprehend a 19-year old man accused of shooting a San Leandro High School football player Greg "Doody" Ballard, Jr. Oakland police had a street name of a suspect and were able to identify Dwayne Stencil, 19 of Oakland from a picture they found on a gang's MySpace page. Police brought the suspect to their headquarters where detectives say he confessed. What was most troubling to investigators was the lack of motive for the killing.
(10)Three people held guilty in on line credit card scam
Customer’s credit card details were misused through online means for booking air-tickets. These culprits were caught by the city Cyber Crime Investigation Cell in pune. It is found that details misused were belonging to 100 people. Mr. Parvesh Chauhan, ICICI Prudential Life Insurance officer had complained on behalf of one of his customer. In this regard Mr. Sanjeet Mahavir Singh Lukkad, Dharmendra Bhika Kale and Ahmead Sikandar Shaikh
were arrested. Lukkad being employed at a private institution, Kale was his friend. Shaiklh was employed in one of the branches of State Bank of India.
According to the information provided by the police, one of the customers received a SMS based alert for purchasing of the ticket even when the credit card was being held by him. Customer was alert and came to know something was fishy; he enquired and came to know about the misuse. He contacted the Bank in this regards. Police observed involvement of many Banks in this reference. The tickets were book through online means. Police requested for the log details and got the information of the Private Institution. Investigation revealed that the details were obtained from State Bank of India. Shaikh was working in the credit card department; due to this he had access to credit card details of some customers. He gave that information to Kale. Kale in return passed this information to his friend Lukkad. Using the information obtained from Kale Lukkad booked tickets. He used to sell these tickets to customers and get money for the same. He had given few tickets to various other institutions.
Cyber Cell head DCP Sunil Pulhari and PI Mohan Mohadikar A.P.I Kate were involved in eight days of investigation and finally caught the culprits.
In this regards various Banks have been contacted; also four air-line industries were contacted.DCP Sunil Pulhari has requested customers who have fallen in to this trap to inform police authorities on 2612-4452 or 2612-3346 if they have any problems.
References:-
http://www.cyberlawsindia.net/cases.htmlhttp://www.cyberlawindia.com/casestudies.phphttp://www.cyberlawsindia.net/http://www.cyberlawsindia.net/cyber-india.htmlhttp://www.cyberlawindia.com/http://infosecawareness.in/cyber-laws/cyber-law-in-indiahttp://dit.mp.gov.in/cyberlawt.htm
