Embed Size (px)
Prof. SVK
Cyber Law Prof. Shrinivas VK
Prof. SVK
Need of Cyber Law
"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb".
National Research Council, U S A "Computers at Risk”.1991
Prof. SVK
Cyber Law ?
Cyber Law is the law governing cyber space.
Cyber space includes computers, networks, software's, data storage devices (such as hard disks, USB disks etc), the Internet, websites, emails and even electronic devices such as cell phones, ATM machines etc.
Prof. SVK
Cyber Law Deals with
Cyber Crimes
Electronic or Digital Signatures
Intellectual Property
Data Protection and Privacy
Prof. SVK
IT Act, 2000
• Enacted on 17th May 2000- India is 12th nation in the world to adopt cyber laws
• IT Act is based on Model law on e-commerce adopted by UNCITRAL
Prof. SVK
Objectives of the IT ActTo provide legal recognition for transactions:-• Carried out by means of electronic data interchange, and
other means of electronic communication, commonly referred to as "electronic commerce“
• To facilitate electronic filing of documents with Government agencies and E-Payments
• To amend the Indian Penal Code, Indian Evidence Act,1872, the Banker’s Books Evidence Act 1891,Reserve Bank of India Act ,1934
Prof. SVK
Extent of application• Extends to whole of India and also applies to any offence or
contravention there under committed outside India by any person {section 1 (2)} read with Section 75- Act applies to offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India
• Section 2 (1) (a) –”Access” means gaining entry into ,instructing or communicating with the logical, arithmetic or memory function resources of a computer, computer resource or network
Prof. SVK
Definitions ( section 2)• "computer" means electronic, magnetic, optical or other high-speed data
processing device or system which performs logical, arithmetic and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software or communication facilities which are connected or relates to the computer in a computer system or computer network;
• "computer network" means the inter-connection of one or more computers through-
• (i) the use of satellite, microwave, terrestrial lime or other communication media; and
• (ii) terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained;
Prof. SVK
Definitions ( section 2)• "computer system" means a device or collection of devices, including
input and output support devices and excluding calculators which are not programmable and capable being used in conjunction with external files which contain computer programmes, electronic instructions, input data and output data that performs logic, arithmetic, data storage and retrieval, communication control and other functions;
• "data" means a representation of information, knowledge, facts, concepts or instruction which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.
Prof. SVK
Definitions ( section 2)• "electronic record" means data, record or data generated, image or sound
stored, received or sent in an electronic form or micro film or computer generated micro fiche;
• “secure system” means computer hardware, software, and procedure that- (a) are reasonably secure from unauthorized access and misuse;(b) provide a reasonable level of reliability and correct operation;(c) are reasonably suited to performing the intended function; and(d) adhere to generally accepted security procedures
• “security procedure” means the security procedure prescribed by the Central Government under the IT Act, 2000.
• secure electronic record – where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification
Prof. SVK
Act is in applicable to…
• (a) a negotiable instrument (Other than a cheque) as defined in section 13 of the Negotiable Instruments Act, 1881;
• (b) a power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
• (c) a trust as defined in section 3 of the Indian Trusts Act, 1882;
Prof. SVK
Act is in applicable to…
• (d) a will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition
• (e) any contract for the sale or conveyance of immovable property or any interest in such property;
• (f) any such class of documents or transactions as may be notified by the Central Government
Prof. SVK
OBJECTIVES OF IT ACT1. It is objective of I.T. Act 2000 to give legal recognition to any
transaction which is done by electronic way or use of internet.
2. To give legal recognition to digital signature for accepting any agreement via computer.
3. To provide facility of filling document online relating to school admission or registration in employment exchange.
4. According to I.T. Act 2000, any company can store their data in electronic storage.
Prof. SVK
OBJECTIVES OF IT ACT..5. To stop computer crime and protect privacy of internet users.
6. To give legal recognition for keeping books of accounts by bankers and other companies in electronic form.
7. To make more power to RBI and Indian Evidence act for restricting electronic crime.
Prof. SVK
SCOPE OF IT ACT
1. Information technology act 2000 is not applicable on the attestation for creating trust via electronic way. Physical attestation is must.
2. I.T. Act 2000 is not applicable on the attestation for making will of any body. Physical attestation by two witnesses is must.
3. A contract of sale of any immovable property.
4. Attestation for giving power of attorney of property is not possible via electronic record.
Prof. SVK
Advantages of Cyber Laws
• Helpful to promote e-commerce• Enhance the corporate business• Filing online forms• High penalty for cyber crime• Digital signatures have been given legal
validity and sanction in the Act.
Prof. SVK
Digital signature
• Digital signature means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3. Section 3 deals with the conditions subject to which an electronic record may be authenticated by means of affixing digital signature which is created in two definite steps.
Prof. SVK
First, the electronic record is converted into a message digest by using a mathematical function known as 'Hash function' which digitally freezes the electronic record thus ensuring the integrity of the content of the intended communication contained in the electronic record. Any tampering with the contents of the electronic record will immediately invalidate the digital signature.
Secondly, the identity of the person affixing the digital signature is authenticated through the use of a private key which attaches itself to the message digest and which can be verified by anybody who has the public key corresponding to such private key. This will enable anybody to verify whether the electronic record is retained intact or has been tampered with since it was so fixed with the digital signature. It will also enable a person who has a public key to identify the originator of the message.
Prof. SVK
Attribution of electronic records.
An electronic record shall be attributed to the originator -
• if it was sent by the originator himself.• by a person who had the authority to act on
behalf of the originator in respect of that electronic record, or
• by an information system programmed by or on behalf of the originator to operate automatically.
Prof. SVK
Acknowledgment of receipt
Where the originator has not agreed with the addressee that the acknowledgment of receipt of electronic record be given in a particular form or by a particular method, an acknowledgment may be given by –
• any communication by the addressee, automated or otherwise, or
• any conduct of the addressee, sufficient to indicate to the originator that the electronic record has been received.
• unless acknowledgment has been so received, the electronic record shall be deemed to have been never sent by the originator.
Prof. SVK
despatch and receipt of electronic record
• if the addressee has designated a computer resource for the purpose of receiving electronic records -– receipt occurs at the time when the electronic, record enters the
designated computer resource, or– if the electronic record is sent to a computer resource of the
addressee that is not the designated computer resource, receipt occurs at the time when the electronic record is retrieved by the addressee.
• if the addressee has not designated a computer resource along with specified timings, if any, receipt occurs when the electronic record enters the computer resource of the addressee.
Prof. SVK
Digital Signature Certificates • (DSC) are the digital equivalent (that is electronic format)
of physical or paper certificates. • Examples of physical certificates are drivers' licenses,
passports or membership cards. • Certificates serve as proof of identity of an individual for a
certain purpose; for example, a driver's license identifies someone who can legally drive in a particular country. Likewise, a digital certificate can be presented electronically to prove your identity, to access information or services on the Internet or to sign certain documents digitally.
Prof. SVK
Who issues the Digital Signature Certificate
• A licensed Certifying Authority (CA) issues the digital signature. Certifying Authority (CA) means a person who has been granted a license to issue a digital signature certificate under Section 24 of the Indian IT-Act 2000.
Tata Consultancy Services (TCS)National Informatics Center (NIC)IDRBT(Institute for Development & Research in Banking Technology)
Certifying AuthoritySafeScrypt CA Services, Sify Communications Ltd.(n) Code Solutions CAMTNL Trust Line*Customs & Central ExciseE-MUDHRA
Prof. SVK
Regulation of Certifying Authorities
Appointment of Controller and other officers.• The Central Government may, by notification in the Official
Gazette, appoint a Controller of Certifying Authorities for the purposes of this Act and may also by the same or subsequent notification appoint such number of Deputy Controllers and Assistant Controllers as it deems fit.
• The Controller shall discharge his functions under this Act subject to the general control and directions of the Central Government.
• The Deputy Controllers and Assistant Controllers shall perform the functions assigned to them by the Controller under the general superintendence and control of the Controller.
Prof. SVK
Appointment of Controller and other officers.
• The qualifications, experience and terms and conditions of service of Controller, Deputy Controllers and Assistant Controllers shall be such as may be prescribed by the Central Government.
• The Head Office and Branch Office of the office of the Controller shall be at such places as the Central Government may specify, and these may be established at such places as the Central Government may think fit.
• There shall be a seal of the Office of the Controller.
Prof. SVK
Functions of ControllerThe Controller may perform all or any of the following functions, namely: -• exercising supervision over the activities of the Certifying Authorities.• certifying public keys of the Certifying Authorities.• laying down the standards to be maintained by the Certifying Authorities.
• specifying the qualifications and experience which employees of the Certifying Authorities should possess.
• specifying the conditions subject to which the Certifying Authorities shall conduct their business.
• specifying the contents of written, printed or visual materials and advertisements that may be distributed or used in respect of a Digital Signature Certificate and the public key.
Prof. SVK
Functions of Controller• specifying the form and content of a Digital Signature
Certificate and the key.• specifying the form and manner in which accounts shall be
maintained by the Certifying Authorities.• specifying the terms and conditions subject to which auditors
may be appointed and the remuneration to be paid to them.• facilitating the establishment of any electronic system by a
Certifying Authority either solely or jointly with other Certifying Authorities and regulation of such systems.
• specifying the manner in which the Certifying Authorities shall conduct their dealings with the subscribers.
Prof. SVK
Functions of Controller
• resolving any conflict of interests between the Certifying Authorities and the subscribers.
• laying down the duties of the Certifying Authorities.
• maintaining a data base containing the disclosure record of every Certifying Authority containing such particulars as may be specified by regulations, which shall be accessible to public.
Prof. SVK
Offences & Penalties under the Information Technology Act, 2000
• Offences:Cyber offences are the unlawful acts which are carried in a very sophisticated manner in which either the computer is the tool or target or both. Cyber crime usually includes:(a) Unauthorized access of the computers(b) Data diddling(c) Virus/worms attack(d) Theft of computer system(e) Hacking(f) Denial of attacks(g) Logic bombs(h) Trojan attacks(i) Internet time theft(j) Web jacking(k) Email bombing (l) Salami attacks(m) Physically damaging computer system.
Prof. SVK
Section 65. Tampering with computer source documents:
• Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer Programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the being time in force, shall be punishable withPenalties: Imprisonment up to 3 years and / or Fine: Two lakh rupees.
Prof. SVK
Section66. Hacking with the computer system
Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.Penalties: Punishment: Imprisoned up to three years and Fine: which may extend up to two lakh rupees Or with both.
Prof. SVK
Section 67. Publishing of obscene information in electronic form:
• Publishing or transmitting, or causing to be published, pornographic material in electronic form
• Penalties: Punishment: On first conviction -Imprisonment which may extend up to five years.Fine: up to on first conviction which may extend to one lakh rupees.
• On second conviction ---- imprisonment up to which may extend to ten years and Fine which may extend up to two lakh rupees.Case Laws:1. The State of Tamil Nadu v/s Suhas Katti.
Prof. SVK
Section 68. Power of controller to give directions:
(1) The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, rules or any regulations made there under.
(2) Any person who fails to comply with any order under sub-section (1) shall be guilty of an offence and shall be liable on conviction to imprisonment for a term not exceeding three years or to a fine not exceeding two lakh rupees or to both.Penalties: Punishment: imprisonment up to a term not exceeding three yearsFine: not exceeding two lakh rupees.
Prof. SVK
Section 69. Directions of Controller to a subscriber to extend facilities to decrypt
information:If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence; for reasons to be recorded in writing, by order, direct any agency of the Government to intercept any information transmitted through any computer resource.
The subscriber or any person in charge of the computer resource shall, when called upon by any agency which has been directed under sub-section (1), extend all facilities and technical assistance to decrypt the information.
Penalties: imprisonment for a term which may extend to seven years.http://www.legalservicesindia.com/article/article/offences-&-penalties-under-the-it-act-2000-439-1.html
Prof. SVK
Section 70. Protected System(1) The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system.
(2) The appropriate Government may, by order in writing, authorize the persons who are authorized to access protected systems notified under sub-section (1).
(3) Any person who secures access or attempts to secure access to a protected system in contravention of the provision of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.
Explanation: This section grants the power to the appropriate government to declare any computer, computer system or computer network, to be a protected system. Only authorized person has the right to access to protected system.Penalties: Punishment: the imprisonment which may extend to ten years and fine.
Prof. SVK
Section 71. Penalty for misrepresentation
(1) Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate, as the case may be, shall be punished with imprisonment for a term which may extend to two years, or which fine which may extend to one lakh rupees, or with both.
Penalties: Punishment: imprisonment which may extend to two yearsFine: may extend to one lakh rupees or with both.
Prof. SVK
Section 72. Penalty for breach of confidentiality and privacy
This section relates to any to nay person who in pursuance of any of the powers conferred by the Act or it allied rules and regulations has secured access to any: Electronic record, books, register, correspondence, information, document, or other material.
If such person discloses such information, he will be punished with penalty. It would not apply to disclosure of personal information of a person by a website, by his email service provider.
Penalties: Punishment: term which may extend to two years.Fine: one lakh rupees or with both.
Prof. SVK
Section 73. Penalty for publishing Digital Signature Certificate false in certain particulars
(1) No person shall publish a Digital Signature Certificate or otherwise make it available to any other person with the knowledge that-(a) The Certifying Authority listed in the certificate has not issued it; or(b) The subscriber listed in the certificate has not accepted it; or(c) The certificate has been revoked or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation.
(2) Penalties: Punishment imprisonment of a term of which may extend to two years.Fine: fine may extend to 1 lakh rupees or with both.
Prof. SVK
Section 74. Publication for fraudulent purpose
Explanation: This section prescribes punishment for the following acts:
Knowingly creating a digital signature certificate for any i. fraudulent purpose or,ii. unlawful purpose.
Knowingly publishing a digital signature certificate for any i. fraudulent purpose or ii. unlawful purposeKnowingly making available a digital signature certificate for any i. fraudulent purpose orii. unlawful purpose.
Penalties: Punishment: imprisonment for a term up to two years.Fine: up to one lakh or both.
Prof. SVK
Section 75. Act to apply for offence or contravention committed outside India
(1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality.
(2) For the purposes of sub-section (1), this Act shall apply to an offence or Contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.Explanation: This section has broader perspective including cyber crime, committed by cyber criminals, of any nationality, any territoriality.
Prof. SVK
Section 76. Confiscation
The aforesaid section highlights that all devices whether computer, computer system, floppies, compact disks, tape drives or any other storage, communication, input or output device which helped in the contravention of any provision of this Act, rules, orders, or regulations made under there under liable to be confiscated.
Prof. SVK
77. Penalties or confiscation not to interfere with other punishments
No penalty imposed or confiscation made under this Act shall prevent the imposition of any other punishment to which the person affected thereby is liable under any other law for the time being in force.
Explanation: The aforesaid section lays down a mandatory condition, which states the Penalties or confiscation not to interfere with other punishments to which the person affected thereby is liable under any other law for the time being in force.
Prof. SVK
78. Power to investigate offences
Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police officer not below the rank of Deputy Superintendent of Police shall investigate any offence under this Act.
Explanation: The police officer not below the rank of Deputy Superintendent of police shall investigate the offence.
Prof. SVK
India stands 11th in the ranking for Cyber Crime in the World, constituting 3% of the Global Cyber Crime.
Prof. SVK
Conclusion…
“Indian Laws are well drafted and are capable of handling all kinds of challenges as posed by cyber criminals. However, the enforcement agencies are required to be well versed with the changing technologies and Laws.”
"As internet technology advances so does the threat of cyber crime. In times like these we must protect ourselves from cyber crime. Anti-virus software, firewalls and security patches are just the beginning. Never open suspicious e-mails and only navigate to trusted sites.”
Prof. SVK
Thank you.....
