It Act2000

INFORMATION TECHNOLOGY ACT-2000
Information technology act 2000
MET COLL MMS 1 B
Executive summary
The Internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of be it entertainment, business, sports or education. There are two sides to a coin. Internet also has its own disadvantages. ne of the ma!or disadvantages is "ybercrime illegal activity committed on the Internet. The Internet, along with its advantages, has also exposed us to security risks that come with connecting to a large network. "omputers today are being misused for illegal activities like e#mail espionage, credit card fraud, spams, software piracy and so on, which invade our privacy and offend our senses. "riminal activities in the cyberspace are on the rise. $The modern thief can steal more with a computer than with a gun. Tomorrow%s terrorist may be able to do more damage with a keyboard than with a bomb$. &ational 'esearch "ouncil, $"omputers at 'isk$, 1((1. The pro!ect explains the above issues and the IT )"T with the help of "ases and recent developments. *o read on to find more+++++
MET COLL MMS 1 B
INTRODUCTION
-e are living in very turbulent times. The world is changing, and changing fast. *ome of these changes are social and political. others are ecological. *ome are evolutionary, others revolutionary. &o matter where you plan to live or how you plan to make a living, you can expect that constant and rapid change will be a normal part of your life. Technology, especially information technology, is playing a large part in these changes. n the one hand, the drive for innovation in fields as diverse as military operations and medicine has fueled a demand for continual advances in Information technology. n the other hand, the constant advances in information technology have resulted in profound influences on most organi/ations and industries. &ew products and services have been developed. new companies and industries have failed. )dvances in Information technology and communication technologies also have altered our concepts of time and distance. 0usiness negotiations may be conducted in a 1face#to#face2 environment, even if one face is in 3apan and the other in 4ermany. *imilarly, information systems allow ,5#hour trading on financial markets around the world. The continually expanding capabilities of information technology have many implications for the management of organi/ations, as well as for broader societal issues. Information technology, when used as part of an information system 6I7*8 enables an organi/ation to monitor changes in customer preferences immediately, allowing it to react 9uickly, and increasing its flexibility. Internet use is on the increase in India. Internet : specially e#mail has revolutioni/ed the communication so much so that the postal : courier industry face a threat from this new medium. ;owever the rapid evolution of Internet also raised numerous legal issues and 9uestions, which were re9uired to be looked into. <irst was the necessity of a law that gave legal validity and sanction to this new mode of communication without which even an e#mail is illegal. <urther with the increase in Internet proliferation crime in cyberspace increased many folds. "yber crime is a new form of crime, which has emerged largely because of computeri/ation of various activities in a networked environment. "yberspace, as we know, is a virtual reality, which consists of all users connected through each other. To tackle all this, the government finally got into the act and notified India=s first "yber >aw. The law is on the lines of ?The @nited &ations "ommission on International Trade >aw= 6@&"IT'>8. 0y means of a notification on ctober 1A, ,BBB, the Indian government appointed this date as the date on which the provisions of the Information Technology )ct, ,BBB came into force. The parliament had passed the IT )ct, ,BBB on Cay 1A, ,BBB and the said legislation received the assent of the Dresident of India on ( th 3une ,BBB. ;owever the act did not succeed in achieving its actual motive which is rather the point of discussion for us.
MET COLL MMS 1 B
Information Technology Act, 2000

"onnectivity via the Internet has greatly abridged geographical distances and made communication even more rapid. -hile activities in this limitless new universe are increasing incessantly, laws must be formulated to monitor these activities. *ome countries have been rather vigilant and formed some laws governing the net. In order to keep pace with the changing generation, the Indian Darliament passed the much#awaited Information Technology 6IT8 )ct, ,BBB 6hereinafter referred to as the )ct8. )s they say, $Its better late than never$. ;owever, even after it has been passed, a debate over certain controversial issues continues. ) large portion of the industrial community seems to be dissatisfied with certain aspects of the )ct. 0ut on the whole, it is a step in the right direction for India. HISTORY The Fepartment of Electronics 6FoE8 in 3uly 1((G drafted the bill. ;owever, it could only be introduced in the ;ouse on Fecember 1H, 1((( 6after a gap of almost one and a half years8 when the new IT Cinistry was formed. It underwent substantial alteration, with the "ommerce Cinistry making suggestions related to e#commerce and matters pertaining to -orld Trade rgani/ation 6-T 8 obligations. The Cinistry of >aw and "ompany )ffairs then vetted this !oint draft. )fter its introduction in the ;ouse, the bill was referred to the 5,#member Darliamentary *tanding "ommittee following demands from the Cembers. The *tanding "ommittee made several suggestions to be incorporated into the bill. ;owever, only those suggestions that were approved by the Cinistry of Information Technology were incorporated. ne of the suggestions that were highly debated upon was that a cyber cafI owner must maintain a register to record the names and addresses of all people visiting his cafI and also a list of the websites that they surfed. This suggestion was made as an attempt to curb cyber crime and to facilitate speedy locating of a cyber criminal. ;owever, at the same time it was ridiculed, as it would invade upon a net surfer=s privacy and would not be economically viable. )s Cr. Fewang Cehta, Executive Firector of the &ational )ssociation of *oftware and *ervice 6&)**" C8 said, $It would only result in closing down of all cyber cafIs and ultimately deprive people of these facilities.$ <inally, the IT Cinistry in its final draft dropped this suggestion. The @nion "abinet approved the bill on Cay 1E, ,BBB and both the houses of Darliament finally passed it by Cay 1A, ,BBB. The Dresidential )ssent was finally received in the third week of 3une ,BBB.
MET COLL MMS 1 B
-hat are cyber crimesJ

) simple yet sturdy definition of cyber crime would be $unlawful acts wherein the computer is either a tool or a target or both$. "yber crimes are crimes that occur in the digital space, which is the aggregation of the transaction space within each of the connected computers and the virtual space arising out of the connection ;owever, in practice, a 1"rime2 is associated with a deviant behavior in relation to the established 1>aw2 in the society. In this framework therefore, a 1"yber "rime2 is an 1 ffence2 declared in some statute. In India, the 1Information Technology )ct ,BBB2 6IT)#,BBB8 was the specific law enacted to address the issues concerning the "yber *ociety. This therefore is the reference for us to call any offence a 1"yber "rime2 or not. ne restricted meaning of $cyber crimes$ in India could therefore be that it refers to 1 ffences mentioned in IT)#,BBB2. The @* Fepartment of 3ustice defines $cyber crime$ broadly as $any violations of criminal law that involve knowledge of computer technology for their perpetration, investigation or prosecution.$ In 1(A(, the @* Fepartment of 3ustice publication partitioned computer crime into three categoriesK computer abuse, 1the broad range of international acts involving a computer where one or more perpetrators made or could have made gain and one or more victims suffered or could have suffered a loss.2 computer crime, 1illegal computer abuse LthatM implies direct involvement of computers in committing a crime.2 and computer#related crime, 1any illegal act for which a knowledge of computer technology is essential for successful prosecution.2 <0I=s definition is that 1crimes where the computer is a ma!or factor in committing the criminal offence2.
MET COLL MMS 1 B
>et us examine the acts wherein the computer is a tool for an unlawful act. This kind of activity usually involves a modification of a conventional crime by using computers. *ome examples are PHISHING
In computing, phishing 6also known as carding and spoofing8 is a form of social engineering, characteri/ed by attempts to fraudulently ac9uire sensitive information, such as passwords and credit card details, by mas9uerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. The term phishing arises from the use of increasingly sophisticated lures to $fish$ for users% financial information and passwords. CASE - NASSCO !S" A#AY SOO$ % OTHER
In a landmark !udgment in the case of &ational )ssociation of *oftware and *ervice "ompanies vs )!ay *ood : thers, delivered in Carch, ?BN, the Felhi ;igh "ourt declared Ophishing= on the internet to be an illegal act, entailing an in!unction and recovery of damages. Elaborating on the concept of ?phishing=, in order to lay down a precedent in India, the court stated that it is a form of internet fraud where a person pretends to be a legitimate association, such as a bank or an insurance company in order to extract personal data from a customer such as access codes, passwords, etc. The Felhi ;" stated that even though there is no specific legislation in India to penalise phishing, it held phishing to be an illegal act by defining it under Indian law as 1a misrepresentation made in the course of trade leading to confusion as to the source and origin of the e#mail causing immense harm not only to the consumer but even to the person whose name, identity or password is misused.2 The court held the act of phishing as passing off and tarnishing the plaintiff=s image.
MET COLL MMS 1 B
The plaintiff in this case was the &ational )ssociation of *oftware and *ervice "ompanies 6&asscom8, India=s premier software association. The defendants were operating a placement agency. In order to obtain personal data, which they could use for purposes of headhunting, the defendants composed and sent e#mails to third parties in the name of &asscom. The high court recognised the trademark rights of the plaintiff and passed an e&-'arte a(interim in!unction restraining the defendants from using the trade name or any other name deceptively similar to &asscom. The court further restrained the defendants from holding themselves out as being associates or a part of &asscom. The court appointed a commission to conduct a search at the defendants= premises. Two hard disks of the computers from which the fraudulent e#mails were sent by the defendants to various parties were taken into custody by the local commissioner appointed by the court. Furing the progress of the case, it became clear that the defendants in whose names the offending e#mails were sent were fictitious identities created by an employee on defendants= instructions, to avoid recognition and legal action. n discovery of this fraudulent act, the fictitious names were deleted from the array of parties as defendants in the case. *ubse9uently, the defendants admitted their illegal acts and the parties settled the matter through the recording of a compromise in the suit proceedings. )ccording to the terms of compromise, the defendants agreed to pay a sum of 's1.H million to the plaintiff as damages for violation of the plaintiff=s trademark rights. The court also ordered the hard disks sei/ed from the defendants= premises to be handed over to the plaintiff who would be the owner of the hard disks. CY)ER PORNOGRAPHY This would include pornographic websites. pornographic maga/ines produced using computers 6to publish and print the material8 and the Internet 6to download and transmit pornographic pictures, photos, writings etc8. SA*E O+ I**EGA* ARTIC*ES This would include sale of pornography, narcotics, weapons and wildlife products etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication. E.g. many of the auction sites even in India are believed to be selling cocaine in the name of %honey%.
MET COLL MMS 1 B
+INANCIA* CRI ES This would include cheating, credit card frauds, money laundering etc. In an interesting example a website offered to sell )lphonso %mangoes at a throwaway price. <ew people responded to or supplied the website with their credit card numbers. These people were actually sent the )lphonso mangoes. 0elieving the scheme to be genuine thousands of people from all over the country responded and ordered mangoes by providing their credit card numbers. The owners of what was later proven to be a bogus website then fled taking the numerous credit card numbers and proceeded to spend huge amounts of money. INTE**ECT,A* PROPERTY CRI ES These include software piracy, copyright infringement, trademarks violations, theft of computer source code etc. "yber s9uatting can be said to be an example of this kind .<or example )ctress *ushmita *en recently filed a case against a person who had registered *ushmitasen.com and was successful in evicting him from the said site. Even Caruti @dyog successfully filed a case against a cyber s9uatter. E AI* SPOO+ING ) spoofed email is one that appears to originate from one source but actually has been sent from another source. Email spoofing can also cause monetary damage. In an )merican case, a teenager made millions of dollars by spreading false information about certain companies whose shares he had short sold. This misinformation was spread by sending spoofed emails, purportedly from news agencies like 'euters, to share brokers and investors who were informed that the companies were doing very badly. Even after the truth came out the values of the shares did not go back to the earlier levels and thousands of investors lost money. +ORGERY "ounterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. In a relevant )ndhra Dradesh Tax "ase, dubious tactics of a prominent businessman from )ndhra Dradesh was exposed after officials of the department got hold of computers used by the accused person. The owner of a plastics firm was arrested and 's ,, crore cash was recovered from his house by sleuths of the Pigilance Fepartment. They sought an explanation from him regarding the unaccounted cash within 1B days. The accused person submitted H,BBB vouchers to prove the legitimacy of trade and thought this offence would go undetected but after careful scrutiny of vouchers and contents of his computers it revealed that all of them were made after the raids were conducted.
MET COLL MMS 1 B
It later revealed that the accused was running five businesses under the guise of one company and used fake and computeri/ed vouchers to show sales records and save tax. $E+A ATION This occurs when defamation takes place with the help of computers and 7 or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e#mails containing defamatory information to all of that person%s friends )n unidentified person had used a computer from a "handigarh cyber cafe, morphed a girl=s face on nude photos and e#mailed her the same. ;e had also forwarded an e#mail containing the girl=s details to some other persons. )s a result, the girl was flooded with telephone calls from people and was forced to inform senior police officials about the case. Though the @D Dolice "rime 0ranch has managed to track the cyber cafe from where the e#mail was sent, they have been unable to trace the culprit. )ccording to the police officials, though they 9uestioned the people who run the cyber cafe about the particulars of the person who had used the computer the day the e#mail was sent, they could not /ero in on his identity. -hile 9uestioning the cyber cafe owners, it was found out that they had not maintained records of those who used the computers at their cafe. CY)ER STA*-ING The xford dictionary defines stalking as $pursuing stealthily$. "yber stalking involves following a person%s movements across the Internet by posting messages 6sometimes threatening8 on the bulletin boards fre9uented by the victim, entering the chat#rooms fre9uented by the victim, constantly bombarding the victim with emails etc. E AI* )O )ING Email bombing refers to sending a large number of emails to the victim resulting in the victim%s email account 6in case of an individual8 or mail servers 6in case of a company or an email service provider8 crashing. In one case, a foreigner who had been residing in *imla, India for almost thirty years wanted to avail of a scheme introduced by the *imla ;ousing 0oard to buy land at lower rates. 0ut his application was re!ected on the grounds that he was a foreigner. To take revenge he sent thousands of emails to the *himla ;ousing 0oard website until the time the website crashed.
MET COLL MMS 1 B
SA*A I ATTAC-S These attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed. E.g. a bank employee inserts a program, into the bank%s servers, that deducts a small amount of money say N 's from the account of every customer. &o account holder will probably notice this unauthori/ed debit, but the bank employee will make a si/able amount of money every month. $ENIA*O+SER!ICEATTAC-. This involves flooding a computer resource with more re9uests than it can handle. This causes the resource 6e.g. a web server8 to crash thereby denying authori/ed users the service offered by the resource. )nother variation to a typical denial of service attack is known as a Fistributed Fenial of *ervice 6FFo*8 attack wherein the perpetrators are many and are geographically widespread. It is very difficult to control such attacks. The attack is initiated by sending excessive demands to the victim%s computers8, exceeding the limit that the victim%s servers can support and making the servers crash. Fenial#of#service attacks have had an impressive history $having, in the past, brought down websites like )ma/on, "&&, Qahoo and e0ayR !IR,S/0OR ATTAC-S
Piruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. -orms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer%s memory. $ATA $I$$*ING This kind of an attack involves altering raw data !ust before it is processed by a computer and then changing it back after the processing is completed Electricity 0oards in India have been victims of data diddling programs inserted when private parties were computeri/ing their systems. TRO#AN ATTAC-S ) Tro!an as this program is aptly called, is an unauthori/ed program which functions from inside what seems to be an authori/ed program, thereby concealing what it is actually doing.)s soon as the unsuspecting victim executes the program ,it takes over the computer. INTERNET TI E THE+TS This connotes the usage by an unauthori/ed person of the Internet hours paid for by another person. In an example a Felhi "ourt granted bail to 3oseph 3ose, who was accused of the offence of stealing Internet hours and sending a hoax e#mail relating to placing of bombs in "onnaught Dlace, a prime shopping area of Felhi. The "ourt of *mt. Camta *ehgal,
MET COLL MMS 1 B
1B
)ddl. *essions 3udge, &ew Felhi granted bail to the accused in the first case of its kind in the country. &o case of either hacking or tampering was made out against the 3oseph 3ose. There was no nexus between his client, 3oseph 3ose and the alleged anonymous e#mail, warning of bombs placed in "onnaught Dlace. n Hth of 3une, a leading national daily received an anonymous e#mail that six bombs had been placed in Felhi%s premier shopping area. The newspaper immediately alerted the police, who undertook a massive search for the culprit. The police investigation found that the e#mail had been sent from an e#mail account of C7s -ave International. The police allegedly also traced the number from which Internet was accessed and from which the e#mail was sent and on that basis, the police made the arrest. The police registered a case under *ection EA(, Indian Denal "ode read with *ection HH of the Information Technology )ct ,BBB and *ection ,N of the Indian Telegraph )ct 1GGN. There was no direct evidence collected by the police linking 3oseph 3ose to the crime and in any case *ection HH of the IT )ct was not applicable. The court heard arguments of the counsel for the accused and the prosecution and thereafter passed the order for bail. In its order, the court considered the totality of the facts and circumstances of the case and admitted 3oseph 3ose on bail sub!ect to his furnishing bail bond of 's. 1N,BBBA# and two sureties of the like amount sub!ect to the satisfaction of the concerned Cetropolitan Cagistrate. This is India%s first case of an anonymous e#mail bomb hoax. 0E) #AC-ING This occurs when someone forcefully takes control of a website 6by cracking the password and later changing it8. The actual owner of the website does not control the ma!or portion of what appears on the website. In a recent incident reported in the @*) the owner of a hobby website for children received an e#mail informing her that a group of hackers had gained control over her website. They demanded a ransom of 1 million dollars from her. The owner, a schoolteacher, did not take the threat seriously. *he felt that it was !ust a scare tactic and ignored the e#mail. It was three days later that she came to know, following many telephone calls from all over the country, that the hackers had web !acked her website. *ubse9uently, they had altered a portion of the website which was entitled %;ow to have fun with goldfish%. In all the places where it had been mentioned, they had replaced the word %goldfish% with the word %piranhas%. Diranhas are tiny but extremely dangerous flesh#eating fish. Cany children had visited the popular website and had believed what the contents of the website suggested. These unfortunate children followed the instructions, tried to play with piranhas, which they bought from pet shops, and were very seriously in!uredR
MET COLL MMS 1 B
11
*ogic 1om12 These are event dependent programs. This implies that these programs are created to do something only when a certain event 6known as a trigger event8 occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date 6like the "hernobyl virus8.
MET COLL MMS 1 B
1,
I PORTANT PRO!ISIONS
Pream1le
A$E IN ITA 2000
The Dreamble to the )ct states that it aims at providing legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as $electronic commerce$, which involve the use of alternatives to paper#based methods of communication and storage of information and aims at facilitating electronic filing of documents with the 4overnment agencies. The 4eneral )ssembly of the @nited &ations had adopted the Codel >aw on Electronic "ommerce adopted by the @nited &ations "ommission on International Trade >aw 6@&"IT')>8 in its 4eneral )ssembly 'esolution )7'E*7N171H, dated 3anuary EB, 1((A. The Indian )ct is in keeping with this resolution that recommended that member nations of the @& enact and modify their laws according to the Codel >aw. Thus with the enactment of this )ct, Internet transactions will now be recogni/ed, on#line contracts will be enforceable and e#mails will be legally acknowledged. It will tremendously augment domestic as well as international trade and commerce. *egitimacy an( ,2e of $igital Signat3re2 The )ct has adopted the Dublic Sey Infrastructure 6DSI8 for securing electronic transactions. )s per *ection ,618 6p8 of the )ct, a digital signature means an authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the other provisions of the )ct. Thus a subscriber can authenticate an electronic record by affixing his digital signature. ) private key is used to create a digital signature whereas a public key is used to verify the digital signature and electronic record. They both are uni9ue for each subscriber and together form a functioning key pair. *ection N provides that when any information or other matter needs to be authenticated by the signature of a person, the same can be authenticated by means of the digital signature affixed in a manner prescribed by the "entral 4overnment. @nder *ection 1B, the "entral 4overnment has powers to make rules prescribing the type of digital signature, the manner in which it shall be affixed, the procedure to identify the person affixing the signature, the maintenance of integrity, security and confidentiality of electronic records or payments and rules regarding any other appropriate matters.
MET COLL MMS 1 B
1E
<urthermore, these digital signatures are to be authenticated by "ertifying )uthorities 6")=s8 appointed under the )ct. These authorities would inter alias. have the license to issue Figital *ignature "ertificates 6F*"=s8. The applicant must have a private key that can create a digital signature. This private key and the public key listed on the F*" must form the functioning key pair. nce the subscriber has accepted the F*", he shall generate the key pair by applying the security procedure. Every subscriber is under an obligation to exercise reasonable care and caution to retain control of the private key corresponding to the public key listed in his F*". The subscriber must take all precautions not to disclose the private key to any third party. If however, the private key is compromised, he must communicate the same to the "ertifying )uthority 6")8 without any delay. 0riting re43irement2 *ection 5 of the )ct states that when under any particular law, if any information is to be provided in writing or typewritten or printed form, then notwithstanding that law, the same information can be provided in electronic form, which can also be accessed for any future reference. This non#obstinate provision will make it possible to enter into legally binding contracts on#lineR Attri13tion5 Ac6no7le(gement an( $i2'atch of Electronic Recor(2 "hapter IP of the )ct explicates the manner in which electronic records are to be attributed, acknowledged and dispatched. These provisions play a vital role while entering into agreements electronically. *ection 11 states that an electronic record shall be attributed to the originator as if it was sent by him or by a person authori/ed on his behalf or by an information system programmed to operate on behalf of the originator. )s per *ection 1,, the addressee may acknowledge the receipt of the electronic record either in a particular manner or form as desired by the originator and in the absence of such re9uirement, by communication of the acknowledgement to the addresses or by any conduct that would sufficiently constitute acknowledgement. &ormally if the originator has stated that the electronic record will be binding only on receipt of the acknowledgement, then unless such acknowledgement is received, the record is not binding. ;owever, if the acknowledgement is not received within the stipulated time period or in the absence of the time period, within a reasonable time, the originator may notify the addressee to send the acknowledgement, failing which the electronic record will be treated as never been sent. *ection 1E specifies that an electronic record is said to have been dispatched the moment it leaves the computer resource of the originator and said to be received the moment it enters the computer resource of the addressee.
MET COLL MMS 1 B
15
,tility of electronic recor(2 an( (igital 2ignat3re2 in Go8ernment A3(it2 Agencie2 )ccording to the provisions of the )ct, any forms or applications that have to be filed with the appropriated 4overnment office or authorities can be filed or any license, permit or sanction can be issued by the 4overnment in an electronic form. *imilarly, the receipt or payment of money can also take place electronically. Coreover, any documents or records that need to be retained for a specific period may be retained in an electronic form provided the document or record is easily accessible in the same format as it was generated, sent or received or in another format that accurately represents the same information that was originally generated, sent or received. The details of the origin, destination, date and time of the dispatch or receipt of the record must also be available in the electronic record. <urthermore, when any law, rule, regulation or byelaw has to be published in the fficial 4a/ette of the 4overnment, the same can be published in electronic form. If the same are published in printed and electronic form, the date of such publication will be the date on which it is first published. ;owever, the above#mentioned provisions do not give a right to anybody to compel any Cinistry or Fepartment of the 4overnment to use electronic means to accept issue, create, retain and preserve any document or execute any monetary transaction. &evertheless, if these electronic methods are utili/ed, the 4overnment will definitely save a lot of money on paperR Reg3lation of Certifying A3thoritie2 9CA2: ) ") is a person who has been granted a license to issue digital signature certificates. These ")s are to be supervised by the "ontroller of ")s appointed by the "entral 4overnment. Feputy or )ssistant "ontrollers may also assist the "ontroller. The "ontroller will normally regulate and monitor the activities of the ")s and lay down the procedure of their conduct. The "ontroller has the power to grant and renew licenses to applicants to issue F*"s and at the same time has the power to even suspend such a license if the terms of the license or the provisions of the )ct are breached. The ")s has to follow certain prescribed rules and procedures and must comply with the provisions of the )ct. I223ance5 S32'en2ion an( Re8ocation of $igital Signat3re Certificate2 9$SC2: )s per *ection EN, any interested person shall make an application to the ") for a F*". The application shall be accompanied by filing fees not exceeding 's. ,N,BBB and a certification practice statement or in the absence of such statement. any other statement containing such particulars as may be prescribed by the regulations. )fter scrutinising the application, the ") may either grant the F*" or re!ect the application furnishing reasons in writing for the same.
MET COLL MMS 1 B
1N
-hile issuing the F*", the ") must inter alias, ensure that the applicant holds a private key which is capable of creating a digital signature and corresponds to the public key to be listed on the F*". 0oth of them together should form a functioning key pair. The ") also has the power to suspend the F*" in public interest on the re9uest of the subscriber listed in the F*" or any person authorised on behalf of the subscriber. ;owever, the subscriber must be given an opportunity to be heard if the F*" is to be suspended for a period exceeding fifteen days. The ") shall communicate the suspension to the subscriber. There are two cases in which the F*" can be revoked. <irstly, as per *ection EG 618, it may be revoked either on the re9uest or death of the subscriber or when the subscriber is a firm or company, on the dissolution of the firm or winding up of the company. *econdly, according to *ection EG6,8, the ") may sue moto revoke it if some material fact in the F*" is false or has been concealed by the subscriber or the re9uirements for issue of the F*" are not fulfilled or the subscriber has been declared insolvent or dead et al. ) notice of suspension or revocation of the F*" must be published by the ") in a repository specified in the F*". Penaltie2 for Com'3ter Crime2 )s per the )ct, civil liability and stringent criminal penalties may be imposed on any person who causes damage to a computer or computer system. The offender would be liable to pay compensation not exceeding 's. 1 "rore 61B million8 for gaining unauthori/ed access to a computer or computer system, damaging it, introducing a virus in the system, denying access to an authori/ed person or assisting any person in any of the above activities. <urthermore, the )ct also defines specific penalties for violation of its provisions or of any rules or regulations made there under. ;owever, if any person contravenes any rules or regulations framed under the )ct for which no specific penalty is prescribed, he will be liable to pay compensation not exceeding 's. ,N,BBB. Coreover, any person who intentionally or knowingly tampers with computer source documents would be penali/ed with imprisonment up to three years or a fine of up to 's. , lakhs or both. In simpler terminology, hacking is made punishable. The )ct also disallows the publishing and dissemination of obscene information and material. The introduction of this provision should curtail pornography over the net. )ny person who disobeys this provision will be punishable with imprisonment of two years and a fine of 's. ,N,BBB for the first conviction. In the event of a subse9uent conviction, the imprisonment is five years and the fine doubles to 's. NB,BBB.
MET COLL MMS 1 B
1H
The "ontroller has the power to issue directions for complying with the provisions of the )ct. <ailure to comply with his directions is punishable. Coreover, the interference with protected systems or the reluctance to assist a 4overnment )gency to intercept information in order to protect state sovereignty and security is also made punishable. The ad!udicating court also has the powers to confiscate any computer, computer system, floppies, compact disks, tape drives or any accessories in relation to which any provisions of the )ct are being violated. &o penalty or confiscation made under this )ct will affect the imposition of any other punishment under any other law in force. If penalties that are imposed under the )ct are not paid, they will be recovered, as arrears of land revenue and the licence or F*" shall be suspended till the penalty is paid. A(;3(icating Officer2 The "entral 4overnment shall appoint an officer not below the rank of Firector to the 4overnment of India or e9uivalent officer of the *tate 4overnment as an ad!udicating officer to ad!udicate upon any in9uiry in connection with the contravention of the )ct. *uch officer must have the legal and !udicial experience as may be prescribed by the "entral 4overnment in that behalf. The )d!udicating fficer must give the accused person an opportunity to be heard and after being satisfied that he has violated the law, penalise him according to the provisions of the )ct. -hile ad!udicating, he shall have certain powers of a "ivil "ourt. Cy1er Reg3lation2 A''ellate Tri13nal 9CRAT: ) "yber 'egulations )ppellate Tribunal 6"')T8 is to be set up for appeals from the order of any ad!udicating officer. Every appeal must be filed within a period of forty#five days from the date on which the person aggrieved receives a copy of the order made by the ad!udicating officer. The appeal must be the appropriate form and accompanied by the prescribed fee. )n appeal may be allowed after the expiry of forty#five days if sufficient cause is shown. The appeal filed before the "yber )ppellate Tribunal shall be dealt with by it as expeditiously as possible and endeavor shall be made by it to dispose of the appeal finally within six months from the date of receipt of the appeal. The "')T shall also have certain powers of a civil court. )s per *ection H1, no court shall have the !urisdiction to entertain any matter that can be decided by the ad!udicating officer or the "')T. ;owever, a provision has been made to appeal from the decision of the "')T to the ;igh "ourt within sixty days of the date of communication of the order or decision of the "')T. The stipulated period may be extended if sufficient cause is shown. The appeal may be made on either any 9uestion of law or 9uestion of fact arising from the order.
MET COLL MMS 1 B
1A
Police Po7er2 ) police officer not below the rank of deputy superintendent of police has the power to enter any public place and arrest any person without a warrant if he believes that a cyber crime has been or is about to be committed. This provision may not turn to be very effective for the simple reason that most of the cyber crimes are committed from private places such as ones own home or office. "yber#cafIs and public places are rarely used for cyber crimes. ;owever, if the )ct did give the police department powers to enter people=s houses without search warrants, it would amount to an invasion of the right to privacy and create pandemonium. Seeping this in mind, the >egislature has tried to balance this provision so as to serve the ends of !ustice and at the same time, avoid any chaos. n being arrested, the accused person must, without any unnecessary delay, be taken or sent to the magistrate having !urisdiction or to the officer#in#charge of a police station. The provisions of the "ode of "riminal Drocedure, 1(AE shall apply in relation to any entry, search or arrest made by the police officer. Net7or6 Ser8ice Pro8i(er2 not lia1le in certain ca2e2 To 9uote *ection AG, it statesK $<or the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this )ct, rules or regulations made there under for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.$ $Explanation. <or the purposes of this section, 6a8 &etwork service provider means an intermediary. 6b8 Third party information means any information dealt with by a network service provider in his capacity as an intermediary.$ Thus a plain reading of the section indicates that if the network service provider is unable to prove its innocence or ignorance, it will be held liable for the crime. Cy1er Reg3lation2 A(8i2ory Committee 9CRAC: The )ct also provides that as soon as it is enacted and it comes into force, the "entral 4overnment shall constitute the "')". The "')" will assist the "entral 4overnment as well as the "ontroller of ")s to form rules and regulations consistent with the provisions of the )ct. The "ontroller will notify these regulations in the fficial 4a/ette after consultation with the "')" and the "entral 4overnment.
MET COLL MMS 1 B
1G
Electronic go8ernance The -orld 0ank defines e#governance as the use of information and communication technologies by government agencies to transform relations with citi/ens, business world and other arms of the government. Ever since the creation of Cinistry of Information Technology in the @nion 4overnment, *tate and union Territories expressed commitment for providing effective, responsive and transparent citi/en governance through the use of Information Technology. E#governance is used as a synonym for an Information Technology driven system of governance that works better, costs less and is capable of servicing people%s needs. It is also broadly defined as the use of Information Technology for efficient delivery of 4overnment services to the people, business world and industry. The term e#governance involves the computeri/ation and networking of all government departments and linking each district and taluka, with the *tate head9uarters. The ob!ective of e#governance in India goes beyond mere computeri/ation of government offices. It fundamentally means changing the way the government operates and implies a new set of responsibilities for civil servants, business world and the public. Dlans such as online services will give an average citi/en access to 4overnment services, with faster responses at more convenient hours. These services include providing information, collecting taxes, granting licenses, administering regulations and paying grants and benefits. The aim of e#governance is to eliminate middlemen and corruption. nce people know that information could not be monopoli/ed, they would demand access to it. 0ith re2'ect to electronic go8ernance5 the Act 'ro8i(e2 for the follo7ing. )ny information or other matter, which the law re9uires to be in writing or in printed form, may be rendered or made available in electronic form, in a manner so as to be accessible and usable for subse9uent reference. *uch information or matter can be authenticated by means of a digital signature affixed in a manner prescribed by the central government <iling of any form, application or other documents with any office, agency or authority of the government or for the issue or grant of any license or permit by means of such electronic form, as may be prescribed 'etention of documents, records or information in electronic form, if 6i8 the information contained therein remains accessible so as to be usable for a subse9uent reference 6ii8 the electronic record is retained in its originally generated, sent or received format or in a format which can be demonstrated to represent, accurately, that format, 6iii8 the record bears details which will facilitate the identification of the origin, destination, date, time of dispatch or receipt of such record )ll rules, regulations, notifications issued by the government may be issued in electronic form
MET COLL MMS 1 B
1(
Po22i1le ,2e2 of E-Go8ernance# The future of e#governance is very bright. -ith the help of information technology, the daily matters can be effectively taken care of irrespective of the field covered by it. <or instance, the Felhi Dolice ;ead9uarter has launched a website, which can be used for lodging a <irst Information 'eport. *imilarly, the Datna ;igh "ourt has taken a bold step of granting bail on the basis of an online bail application. The educational institutions, including universities, are issuing admission forms electronically, which can be downloaded from their respective websites. The results of examinations of various educational institutions, both school level and university level, are available online, which can be obtained without any trouble. These are but some of the instances of the use of technology for a better e#governance. The beneficial concept of e#governance can be utili/ed for the following purposesK To have access to public documents. <or making online payments of various bills and dues. To file statutory documents online. To file the complaints, grievances and suggestions of citi/ens online. The online facility can be used to enter into a partnership the appropriate in cases of government contracts. The citi/ens can use the online facility to file their income tax returns. The citi/ens will en!oy the facility of online services. $igital Signat3re $igital Signat3re means authentication of any electronic record by a subscriber by means of an electronic method or procedure 'apid developments in e#business pose a growing need for online security and authentication. Cany emerging technologies are being developed to provide online authentication. The ma!or concern in e#business transactions is the need for the replacement of the hand#written signature with an online= signature. The traditional e# mail system, which has problems of message integrity and non#repudiation, does not fulfil the basic re9uirements for an online signature. <urther, since the Internet communication system is prone to various types of security breaches, the discussion of government
MET COLL MMS 1 B
,B
robust and authenticated e#business transactions is incomplete without consideration of ?security= as a prominent aspect of ?online signatures=.
ne may consider an e#signature as a type of electronic a3thentication. *uch authentication can be achieved by means of different types of technologies. ) $igital Signat3re 6F*8 can be considered as a type of e#signature, which uses a particular kind of technology that is F* technology. F* technology involves encrypting messages in such a way that only legitimate parties are able to decrypt the message. Two separate but interrelated ?keys= carry out this process of encryption and decryption. ne party in the transactions holds the secret key, or the private key, and the other party holds the public key or the key with wide access. The selection and use of an encryption techni9ue plays a crucial role in the design and development of keys. In short, a F* satisfies all the functions, such as authenticity, non#repudiation, and security, of a hand# written signature. *uch a ?signature= can be viewed as a means of authentication and can be owned by an individual. -hile using this technology, there must be third party involvement order to handle the liability issues that may be raised by bilateral transactions. -ith this existing legal infrastructure and the rapid emergence of software security products, it is important to understand the role of emerging technologies like F* in e#business. ne of the ma!or indicators of technological improvements is the market development and commerciali/ation of that technology. )iometric A3thentication % $igital Signat3re2 for the Pharmace3tical In(32try Dharmaceutical companies are commonly driven by getting new drugs to market as 9uickly as possible making the manufacturing process as efficient as possible Caintaining high levels of 9uality control improving customer satisfaction. )s pharma is a tightly regulated industry, there is a need to properly authenticate people so as to control access to systems and provide audit trail. There is also a need to authenticate people to allow them to electronically sign off on processes. The need for authentication exists throughout the value chain from molecule to mouth. ) limited number of pharma companies have incorporated new technology to streamline ':F. The bulk of industry players, however, have yet to progress beyond paper and ink. 'egulators have passed guidelines that allow for electronic submission of data in order to add velocity to the approval process and increase the accuracy of study data. Dharma giants such as )straTeneca Dharmaceuticals >D, "hiron "orporation and '- 3ohnson Dharmaceutical 'esearch Institute use Intra>inks digital workspaces to create similar efficiencies throughout the clinical trial process, licensing, C:) and contracts administration. This collaboration solution allows sponsors, co#development partners,
MET COLL MMS 1 B
,1
"' s, investigators and other clinical trail participants to use internet#based technology without infrastructure investments. Figital workspaces can be accessed from any internet ready computer via a web browser. Interlinks has developed an online interactive solution that can be used by investigative sites, study pro!ect managers and regulatory authorities.
$igital Signat3re2 % Health In(32try -ith the promise of better patient care, improved efficiencies, and lower costs, ,1st"entury health care is moving onto the Internet. In this increasingly virtual business milieu, market forces and government regulations are demanding that health care organi/ations 6;" s8 protect the privacy and integrity of patient information. ) primary driver of this dramatic electronic transformation is the )dministrative simplification provisions of the ;ealth Insurance Dortability and )ccountability )ct 6;ID))8, which mandated the Fepartment of ;ealth and ;uman *ervices 6F;;*8 to establish national standards for electronic transactions and rules for privacy and security in the health care industry. The goal was to improve the efficiency and effectiveness of the country=s health care system by encouraging the widespread use of electronic data inter# change while at the same time protecting patient privacy and ensuring data security. The rules define what information is to be protected and who is authori/ed to access that information, and upholds the rights of individuals to keep information about themselves from being disclosed. @nder the privacy rule, patients must be informed of these rights and receive notice of privacy practices. ;" s are charged with protecting patient data from any misuse, whether intentional or accidental, and from any unauthori/ed disclosure and any damage or alteration to the information. The privacy rule covers the policies and procedures that must be in place to ensure that health information is protected, and patient rights are upheld. Datient data must remain confidential, whether it is being transmitted or stored. ;" s are now moving mission#critical business processes onto the web and expecting faster turnaround and much lower costs. ne example is claims processingK Dreliminary studies al#ready shows a NU to 1BU decrease in administrative costs. <urther time and staff savings are expected to come from eliminating manual procedures for document filing and retrieving, form completion and delivery, and check writing. *ome analysts predict a decimation of transaction costs from VE to V.1B per claim.
MET COLL MMS 1 B
,,
The +ir2t In(ian I"T" Act ca2e The "ase of The *tate of Tamil &adu Ps *uhas *hetty is notable for the fact that the conviction was achieved successfully within a relatively 9uick time of A months from the filing of the <I'. The efficient handling of the case, which happened to be the first case of the "hennai "yber "rime "ell going to trial, deserves a special mention. This case will be considered as a landmark case in the history of "yber "rime Canagement in India. The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. E#Cails were also forwarded to the victim for information by the accused through a false e#mail account opened by him in the name of the victim. The posting of the message resulted in annoying phone calls to the lady in the belief that she was soliciting. 0ased on a complaint made by the victim in <ebruary ,BB5, the Dolice traced the accused to Cumbai and arrested him within the next few days. The accused was a known family friend of the victim and was reportedly interested in marrying her. *he however married another person. This marriage later ended in divorce and the accused started contacting her once again. n her reluctance to marry him, the accused took up the harassment through the Internet. On 2<-=-200< Charge Sheet 7a2 file( 3/2 >? of IT Act 20005 <>@ an( A0@ IPC before The ;on=ble )ddl. "CC Egmore by citing 1G witnesses and E5 documents and material ob!ects. The same was taken on file in ".".& .5HGB7,BB5. n the prosecution side 1, witnesses were examined and entire documents were marked. <urther the Fefence counsel argued that some of the documentary evidence was not sustainable under *ection HN 0 of the Indian Evidence )ct. ;owever, the court based on the expert witness of &aavi and other evidence produced including the witness of the "yber "afe owners came to the conclusion that the crime was conclusively proved. The court has also held that because of the meticulous investigation carried on by the I , the origination of the obscene message was traced out and the real culprit has been brought before the court of law. In this case *ri *. Sothandaraman, *pecial Dublic Drosecutor appointed by the 4overnment conducted the case.
MET COLL MMS 1 B
,E
;onourable *ri.)rulra!, )dditional "hief Cetropolitan Cagistrate, Egmore, delivered the !udgement on N#11#B5 as followsK B The acc32e( i2 fo3n( g3ilty of offence2 3n(er 2ection <>@5 A0@ IPC an( >? of IT Act 2000 an( the acc32e( i2 con8icte( an( i2 2entence( for the offence to 3n(ergo RI for 2 year2 3n(er <>@ IPC an( to 'ay fine of R2"A00/-an( for the offence 3/2 A0@ IPC 2entence( to 3n(ergo C year Sim'le im'ri2onment an( to 'ay fine of R2"A00/- an( for the offence 3/2 >? of IT Act 2000 to 3n(ergo RI for 2 year2 an( to 'ay fine of R2"<000/- All 2entence2 to r3n conc3rrently"D The accused paid fine amount and he was lodged at "entral Drison, "hennai.
MET COLL MMS 1 B
,5
Im'act of IT Act on )an6ing Sector 0anks and <inancial Institutions are the backbone of the economy of the country. Implementation of information technology and communication networking has brought revolution in the functioning of the banks and the financial institutions. <or the sound implementation of information technology and communication networking in banks and financial institutions, necessary legal support is a must. >egal issues relating to electronic transactions processing at banks are very many and there was a need to address them by amending some of the existing acts and introduction of new act. &ecessary legislative support is essential to protect the interests as much of the customers as of the banks 7 branches in several areas relating to electronic banking and payment systems. This is specially re9uired to establish the credibility of Electronic "learing *ystem and Electronic <unds Transfer schemes based on the electronic message transfer. *ince the 'eserve 0ank is embarking on large electronic schemes such as the nation wide 'eal Time 4ross *ettlement 6'T4*8, it is time that efforts are made to bring about necessary legislative framework that synchroni/es and synthesi/es with the initiatives taken by the 4overnment of India, Cinistry of Information Technology for implementation of the Information Technology )ct, ,BBB. Role of Re2er8e )an6 of In(ia 'eserve 0ank of India has played an important role in implementation of information technology in banking sector. The 4overnor, 'eserve 0ank of India had appointed a "ommittee on technology issues under chairmanship of *hri -.*.*araf, Executive Firector to look into inter alia, technological issues relating to payment system and to make recommendations for widening the use of modern technology in the banking industry. The *araf "ommittee recommended institution of Electronic +3n(2 Tran2fer Sy2tem2 in India. It also reviewed the telecommunication system like use of )AN-NET and optimum utili/ation of S0I+T by the banks in India. 'eserve 0ank of India in 1((N constituted a committee under the chairmanship of *mt. S.*.*here, to study all aspects relating to Electronic <unds Transfer and propose appropriate legislation. The Shere Committee ha( recommen(e( framing of '0I 6E<T *ystem8 'egulations under *ection NG of the 'eserve 0ank of India )ct 1(E5 6'0I )ct8, amen(ment2 to the R)I Act an( to the )an6er2E )oo62 E8i(ence Act5 CF@C a2 2hort term mea23re2 and enacting of a few new )cts such as the Electronic <unds Transfer )ct, the "omputer Cisuse and Fata Drotection )ct etc. as long as long term measures.
MET COLL MMS 1 B
,N
The "ommittee also suggested implementation of necessary legislative changes keeping in view the recommendations of *here "ommittee. The need for addressing the following issues was also emphasisedK Encryption on Dublic *witching Telephone &etwork 6D*T&8 lines )dmission of electronic files as evidence Treating electronic funds transfers on par with crossed che9ues7drafts for purposes of income tax, etc. and 'ecord keeping Expectations of the banking Industry The common thread amongst the recommendations made by various committees was need for >egislative support. <ollowing is the gist of the expectations of the banking sector had from the IT )ct, ,BBB. *ince banks are increasingly becoming paperless it has necessitated change in the 0ankers 0ooks Evidence )ct as well as 'eserve 0ank of India )ct. The 'eserve 0ank of India )ct amendment merely provides for regulation of funds transfer through electronic forms and does not as such ordinarily affect cyber business. n the other hand, amendments to 0ankers 0ooks Evidence )ct relate to the manner of providing banking transactions and records in the course of law. Information Technology Act5 2000 )n )ct to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as $electronic commerce$, which involve the use of alternatives to paper#based methods of communication and storage of information, to facilitate electronic filing of documents with the 4overnment agencies and further to amend the Indian Denal "ode, the Indian Evidence )ct, 1GA,, the 0ankers% 0ooks Evidence )ct, 1G(1 and the 'eserve 0ank of India )ct, 1(E5 and for matters connected therewith or incidental thereto. Information Technology )ct provides solutions to some of the aforesaid demands of banking industry Amen(ment to the Re2er8e )an6 of In(ia Act5 C@=< 92 of C@=<8 In the 'eserve 0ank of India )ct, 1(E5, in section NG, in sub#section 6,8, after clause 6p8, the following clause shall be inserted, namelyK W $6pp8 the regulation of fund transfer through electronic means between the banks or between the banks and other financial institutions referred to in clause 6c8 of section 5N#1,
MET COLL MMS 1 B
,H
including the laying down of the conditions sub!ect to which banks and other financial institutions shall participate in such fund transfers, the manner of such fund transfers )lthough the regulatory bodies like '0I and *E0I have responded to the re9uirements of the banking and financial services sector through guidelines and work group recommendations, following areas still remain the matter of concern. 3urisdiction in case of -)D and Cobile#commerce Issue of Intellectual Droperty 'ights as they apply to cyberspace and electronic information Reg3lation of the electronic 'ayment2 gate7ay Parious issues pertaining to electronic funds transfer vi/. <inality of payment, liability for loss in case of fraud, technical failure, errors of insolvency and data protection -hile virtual banks, still at infancy, need regulation, issues such as the regulator%s !urisdiction and prere9uisites of virtual banks have still to be thought through. Fifferent authentication procedures have been adopted by banks such as pin code, passwords, account numbers and encryption, but *ection E of the I#T )ct, ,BBB, recogni/es $asymmetric#crypto system$ as the only authentication method for e#banking. Issues of online banking security include transmission of customer information, and the potential unauthori/ed access and usage of that information by bank employees. ther ma!or risks in Internet banking include third party access to account information due to theft or misplacement, loss of personal identification number by customer or illegal accessing of accounts by hackers and inadvertent finders.
MET COLL MMS 1 B
,A
Im'act of IT Act on )POG2 )32ine22 Proce22 O3t2o3rcing 9)PO: is a bu//word among the corporates in the world today. >ooking to the growth and government%s support to it, 0D is being recogni/ed as a speciali/ed sector in India. )s per estimates, India is set to become the most popular destination for 0D operations. ) large number of multinational companies are outsourcing their business processes offshore to Indian 0D companies. -hile the @* backlash is a serious issue, the Indian 0usiness Drocess utsourcing sector faces a far tougher challenge. The absence of data protection laws in the country is preventing Indian companies from gaining lucrative contracts in key segments. Till India plugs these loopholes, contracts at the higher end of the value chain might continue to elude Indian 0D firms. The European @nion=s tough position on personal data protection has also contributed to lower outsourcing to India as compared to outsourcing from the @*. This absence of data protection laws in India is proving an obstacle to Indian 0D firms who seek to move up the value chain, especially in domains such as healthcare. -hile the absence of data protection laws in India is a serious deterrent, Indian 0D outfits are trying to deal with the issue by attempting to adhere to ma!or @* and European regulations like the Sar1ane2 O&ley Act Safe Har1or Act G*)A for +inancial Ser8ice2 +$CPA 9+air $e1t Collection Practice2 Act: HIPAA for healthcare ,- $ata Protection 9$PA: Act
SAR)ANES OH*EY ACT The *arbanes xley )ct of ,BB,, sometimes referred to as * X, was a legislative response to the accounting scandal caused by the recent fall of some publicly held companies and the perceived excesses of the management of some other companies. *arbanes# xley re9uires compliance with a comprehensive reform of accounting procedures for publicly held corporations to promote and improve the 9uality and transparency of financial reporting by both internal and external independent auditors.
MET COLL MMS 1 B
,G
SA+E HAR)O,R ACT The European @nion%s comprehensive privacy legislation, the Firective on Fata Drotection, re9uires that transfers of personal data take place only to non#E@ countries that provide an ade9uate level of privacy protection. -hile the @nited *tates and the European @nion share the goal of enhancing privacy protection for their citi/ens, the @nited *tates takes a different approach to privacy from that taken by the European "ommunity, as such. the @.*. Fepartment of "ommerce developed a $safe harbour$ framework to streamline the process for @* companies to comply with the E@ Firective. G*)A 9Gramm-*each-)liley Act: The <inancial *ervices Coderni/ation )ct of 1(((, more commonly known for its authors, 4>0) )ct, includes provisions to protect consumers personal financial information held by financial institutions. 'epealing the Fepression#era barriers that separated banking, insurance and securities, the )ct allows @* financial services providers 6including banks, securities firms, and insurance companies8 to affiliate with each other and enter each other%s markets. The legislation is intended to ensure financial institutions protect sensitive customer information that may be accessible to hackers through web#enabled environments, including Internet connectivity and hosting arrangements. The *afeguard 'ule went into effect in ,BBE, re9uiring proactive steps to ensure free security of customer information. The 4>0)%s privacy protections only regulate financial institutions##businesses that are engaged in banking, insuring, stocks and bonds, financial advice, and investing. +AIR $E)T CO**ECTION PRACTICES ACT The <F"D), which became law in 1(AA, protects consumers from the unfair collection practices of third#party bill collectors. The <F"D) applies only to debt collectors attempting to collect consumer debts ## debts which were incurred for personal, family or household purposes. 0usiness or agricultural debts are not covered by the <F"D) and, even if the debt is a consumer debt, the entity which actually extended the credit is not covered by the <F"D). Health In23rance Porta1ility an( Acco3nta1ility Act 9HIPAA: The goal of this legislation is to enable the movement of health information among health#related organi/ations in a protected manner. It includes various stringent privacy and security protections including limits on sharing and use of encryption. ;ID)) applies to @* healthcare providers 7 health insurers and their business associates. The )dministrative *implification section of ;ID)) mandates a new security policy to protect an individual%s health information, while permitting the appropriate access and use of that information by healthcare providers, clearinghouses and health plans.
MET COLL MMS 1 B
,(
$ATA PROTECTION ACT The Fata Drotection )ct 1((G received 'oyal )ssent on 1H 3uly of this year. Its primary purpose is to implement the European @nion Fata Drotection Firective. It creates many important new rights and obligations. ne of the most attention#catching changes is the extension of data protection law to manual data in %relevant filing systems. -hile individual companies may be e9uipped with certifications, what matters is whether India is viewed as a business environment where data protection is the norm rather than the exception In the a12ence of (ata 'rotection la725 the 6in( of 7or6 that 7o3l( 1e o3t2o3rce( to In(ia in the f3t3re 7o3l( 1e limite(" The Indian government is already working on revising India=s Information Technology )ct of ,BBB. The rules in the revised act will most likely be enforced by a special appellate court established under India=s Information Technology )ct of ,BBB. India is also planning to set up a ?"ommon "riterion >ab=, backed by the Information *ecurity Technical Fevelopment "ouncil 6I*TF"8, where intensive research in cryptography and product security would be undertaken. Increasingly, clients believe India will uphold the highest standards of security 60* AA((, I* 1AA((8 and sort out issues related to data protection, privacy and ID protection -e believe that the impact of this issue will be significant moving forward than it has been in the past, because in the start#up years of the 0D industry the nature and si/e of the 0D business outsourced rendered this manageable. 0ut as the industry grows and the nature of work becomes more complex 6financial accounting and tax preparation8 and deal si/es become more significant, the lack of effective data protection and piracy laws can be very significant
MET COLL MMS 1 B
EB
Pro'o2e( Amen(ment2 to Information Technology Act 2000 The )mendments to the Information Technology )ct, ,BBB have been shown in revision mode with footnotes explaining the amendments. )s the technologies and applications in IT sector change very rapidly, some of the provisions related to parameters that may change from time to time have been amended to provide for the new developments to be incorporated by changes in rules7govt. notifications. This would enable the law to be amended and approved much faster and would keep our laws in line with the changing technological environment. *ub#section 5 of *ection 1 relates to 1Exclusion2. In view of changing needs, operation of this section has been made more flexible through prescription of such exception by rules rather than being part of the main )ct. The )ct is being made technology neutral with minimum change in the existing IT )ct ,BBB. This has been made by amendment of *ection 5 of the )ct to provide for electronic signature with digital signature as one of the types of electronic signature and by enabling the details of other forms of electronic signature to be provided in the 'ules to be issued by the "entral 4overnment from time to time. This is an ena1ling 'ro8i2ion for the "entral 4overnment to exercise as and when the technology other than digital signature matures. Then there will be no need to amend the )ct and the issue of rules will be sufficient. "onse9uently the term digital is changed to electronic in other sections. In *ection 5, the main aspect of electronic signature for legal recognition, namely, its reliability has been provided consistent with the @&"IT')> Codel on Electronic "ommerce. *ection H6,86b8 has been amended to allow public#private partnership in e#governance delivery of services. ) new *ection 1B has been added for 1<ormulation and Palidity of Electronic "ontracts2. 'elationship between ""), ") and *ubscribers 6*ections 1A to 5,8 have been revisited on the basis of the recent operational experiences and certain amendments proposed.
MET COLL MMS 1 B
E1
In view recent concerns about the operating provisions in IT )ct related to 1Fata Drotection and Drivacy2 in addition to contractual agreements between the parties, the existing *ections 6vi/. 5E, HN, HH and A,8 have been revisited and some amendments7more stringent provisions have been provided for. &otably amongst these areK Droposal at *ec. 5E6,8 related to handling of sensitive personal data or information with reasonable security practices and procedures thereto 4radation of severity of computer related offences under *ection HH, committed dishonestly or fradulently and punishment thereof Droposed additional *ection A, 6,8 for breach of confidentiality with intent to cause in!ury to a subscriber. >anguage of *ection HH related to computer related offences has been revised to be in lines with *ection 5E related to penalty for damage to computer resource. These have been graded with the degree of severity of offence when done by any person, dishonestly or fraudulently without the permission of the owner. *ometimes because of lack of knowledge or for curiosity, new learners7&eti/ens unintentionally or without knowing that it is not correct to do so end up doing certain undesirable act on the &et. <or a country like India where we are trying to enhance the positive use of Internet and working towards reducing the digital divide, it need to be ensured that new users do not get scared away because of publicity of computer related offences. *ection 5E acts as a reassuring *ection to a common &eti/en. IT )ct in order to ensure that it promotes the use of e#commerce, e#governance and other online uses has been cautious not to use the word cyber crime in the text. *ection HA related to bscenity in electronic form has been revised to bring in line with ID" and other laws but fine has been increased because of ease of such operation in electronic form. link#up with *ection A( w.r.t. liability of intermediary in certain cases has been provided. ) new section on *ection HA 6,8 has been added to address child pornography with higher punishment, a globally accepted offense. ) new phenomenon of video voyeurism has emerged in recent times where images of private area of an individual are captured without his knowledge and then transmitted widely without his consent thus violating privacy rights. This has been specifically addressed in a new proposed sub#section A,6E8. ) new *ection HG6)8 has been proposed for providing modes and methods for encryption for secure use of the electronic medium, as recommended by earlier Inter Cinisterial -orking 4roup on "yber >aws : "yber <orensics 6IC-48. *ection H( related to power to issue directions for interception or monitoring or decryption of any information through any computer resource has been amended to take care of the concern of C;) and also on lines with the recommendations of IC-4.
MET COLL MMS 1 B
E,
) new section AG ) 6Examiners of Electronic Evidence8 has been added to notify the examiners of electronic evidence by the "entral 4overnment. This will help the 3udiciary7)d!udicating officers in handling technical issues. *ection A( has been revised to bring#out explicitly the extent of liability of intermediary in certain cases. E@ Firective on E#"ommerce ,BBB7E17E" issued on 3une G th ,BBB has been used as guiding principles. Dower to make rules w.r.t the functioning of the 1Intermediary2 including 1"yber "afes2 has been provided for under *ection GA. In order to use IT as a tool for socio#economic development, as explained in para 1B above, particularly to promote e#commerce, e#governance, its uses in health, learning, creating more opportunities for employment, reducing digital divide amongst others, it is necessary to encourage society to go through the learning experience. In order to enable this to happen, it has been made clear that the normal provisions of "rD" will apply, except that only F*D=s and above will be authori/ed to investigate the offences. The amendment to the 1st *chedule 6Indian Denal "ode8 and ,nd *chedule 6Indian Evidence )ct8 around the recommendations of earlier IC-4 has been incorporated. ;owever, the term digital signature would be replaced by electronic signature at suitable places.
MET COLL MMS 1 B
EE
"yber "rime Investigation "ell 6""I"8

"rime 0ranch, "riminal investigation Fepartment, Cumbai The "yber "rime Investigation "ell of Cumbai Dolice was inaugurated on 1Gth Fecember ,BBB and it is functioning under the overall guidance of 3t. "ommissioner of Dolice 6"rime8, )ddl. "ommissioner of Dolice 6"rime8 and Fy. "ommissioner of Dolice 6Enforcement8 E8ent2. Cumbai Dolice organi/es a ma!or educative and awareness program, a 1"yber *afety -eek2 every year. Furing this week ""I" organi/es awareness seminars to educate people about the "yber -orld and safe practices in the "yber -orld. Cy1er Safety 0ee6 200= ;on. Cr. "hagan 0hu!bal inaugurated the "yber *afety -eek. Danel discussions were held at IC" 6Indian Cerchant "hamber8 : <I""I 6<ederation of Indian "hamber of "ommerce and Industries8 "onference 'ooms, while interactive seminars were conducted in different colleges and schools in Cumbai. Cr. ;arish Cehta of nward &ovell *oftware 6I8 >td., Cr. )shank Fesai of Castek >imited, Cr. )tul &isar of ;exaware Technology, Cr. 'a! *araf of Tenith "omputers >imited and Cr. )!it 0alkrishnan of 'ediff were the sponsors for this event. Cy1er Safety 0ee6 200< Cumbai police in association with eminent business organi/ations like )I)I 6)ll India )ssociation of Industries8, "*I 6"omputer *ociety of India8, <I""I 6<ederation of Indian "hamber of "ommerce and Industries8, IC" 6Indian Cerchant "hamber8, I@"I 6Internet @sers "lub of India8, &)**" C 6&ational )ssociation of *oftware and *ervice "ompany8 and TIE 6the Indus entrepreneurs8 had organi/ed this event The speakers were the officers of the Cumbai Dolice and eminent person from the above# mentioned organi/ations. Cy1er Safety 0ee6 200A *eminars will be conducted in association with &)**" C 6&ational )ssociation of *oftware and *ervice "ompany8, "*I 6"omputer *ociety of India8, and other experts in this field, during the month of &ovember#Fecember ,BBN. )ny *chool and "olleges, who wish to have such types of seminars for their students, can be arranged by ""I". They need to approach The Feputy "ommissioner f Dolice 6Enforcement8, "rime 0ranch, Cumbai.
MET COLL MMS 1 B
E5
#oint Initiati8e of
3m1ai Police an( NASSCO
3m1ai Cy1er *a1 9 C*:.Vision To create a multi# disciplinary "entre of Excellence for enhancing cyber safety.
Mission Dromote collaboration among Cumbai Dolice, Information Technology industry, academia and concerned citi/ens to address cyber crime and its related issues. "reate Information *ecurity infrastructure with the help of the above stakeholders, based on the %;ub and *pokes% model. Fevelop pro#active strategies for anticipating trends in cyber crime and formulating technical and legal responses on various fronts. <acilitate cyber crime investigation training among police officers. Fevelop cyber crime technology tools for criminal investigation. Improve awareness of cyber crime among the people and enhance Information *ecurity in Cumbai city in general. )ct as 'esource "entre for other police organi/ations in the country.
Cases
A T - The Net afia ) company, which we shall call %"% runs a payment gateway on their website. It deals with online credit card processing and provides services to merchants who accept online credit card payments. ) person, who we call ) T executes an agreement with " for online payments through his website. ) T receives a payment of 's. E,11,NBG7# from " between &ovember ,BB, to <ebruary ,BBE. " receives charge backs for all the credit cards used on ) T%s website. ) T vanishes from all his contact addresses.
MET COLL MMS 1 B
EN
)nother person called * F executes an agreement with " for online transactions on his website. " makes the payments 6's. (,NE,HN17#8 to * F in his 0ank account in Dune. " receives charge backs for all the transactions done from this website, after which * F is untraceable. ) third person called 3 D executes an agreement with " on ,Nth Cay ,BBE. 3 D has a website. 3 D has an account in a bank in ;yderabad. " processes a number of transactions for 3 D and credits an amount of 's. 5,,,,(AG7# to his account. )ll credit card numbers are used on $Pirtual Terminal$ services provided by ". 3 D withdraws amount using debit card. In an another instance, * * executes an agreement with " for online credit card processing. * * has a website too. >ike 3 D, he has an account in ;yderabad. ;e receives payments through " to the tune of 's. 1,51,E5,. Net +ra3(2ter in the Police Net " becomes suspicious about * *%s account. They call him to their office to receive a check of 's. 5B,BBB7#. n ,1st )ugust ,BBE, a teenager identifying himself as * * comes to the office of ". ;e is detained and 9uestioned by Dolice when he admits having posed as # *F 3D ** ;e turns out to be ) T, ,nd year engineering student from Dune L0.Tech6IT8M *ac3nae in Payment Gate7ay -hen the police investigate the case, turns out there are many loopholes in "%s system. Qet another crime is committed due to the lack of awareness of cybersafety and a bit of carelessness. Cases An NRI (3'e( for R2"C Crore on Net ) &'I 6) non resident Indian based in )bu Fhabi8 receives an exciting email from a woman supposedly named '0. *he uses a fake email id to communicate with this person. )fter a while a liaison develops between the two and the &'I sends the woman a laptop and some mobile phones via a mediator. 0oth have never seen each other. )fter a while '0 begins to threaten the &'I. ;e convinces her to meet him for a %co/y% meeting at a hotel. The man waits and waits but the lady never turns up. )fter a while the man stops sending her email. 0ut the lady has not had enough of this affair. *he threatens that she will commit suicide if she doesn%t hear from him. )fter a while, another lady
MET COLL MMS 1 B
EH
comes into the picture and sends the &'I a mail re9uesting him to dissuade '0 from committing suicide. ;e gets yet another mail from this second lady 6who we shall call C&8 informing him that '0 has indeed committed suicide and that the police are investigating his role in the matter. *he also informs him that it is likely he will be arrested. The &'I is petrified and asks the lady to help him out of the sticky situation. C& agrees and informs him that she will need some money from the &'I if he has to evade arrest. *he also tells him that she is seeking the help of an advocate called Cr. )C in the matter. The &'I, out of sheer desperation transfers some money to )dvocate )C%s account in a bank in Cumbai. )fter the first installment, C& starts demanding more and more money from the &'I under some pretext or the other. *he uses forge police and court documents to convince the man that she is indeed helping him out in the matter. The complainant receives a court order through an e#mail attachment of "alcutta ;igh court and once again the duo i.e. C& and )dvocate )C get a chance to mooch some money from the poor &'I. ) third lady called Fr. * comes into the picture. *he is supposedly based in @*). *he strikes a friendship with the &'I who once again commits the same mistake of inviting this woman to meet him. Through her e#mail IF she agrees to meet him in Fubai. )s the story goes, she leaves from her apartment in &ew Qork and goes missing on the way to Fubai. )fter that the &'I gets a mail from the &ew Qork Dolice informing him that they are investigating a case in association with the Solkata Dolice as regards the missing woman. The &'I once again turns to C& and )dvocate )C for help. They inform him that the missing Fr. * is a close relative of a Cember of Darliament. 0y now the &'I is really really scared. ;e transfers some 's. ,B lakhs to the account of )dvocate )C to settle the matter. )fter that, it doesn%t take long for the &'I to reali/e that he is being duped. In a fit of desperation, he reports the matter to the police. 0y now, he has paid up approximately 's. 1 "rore and ,N lakhs to the advocate and C&. @pon investigation the police reali/e that this is the handiwork of someone within India itself. Thankfully, the &'I has saved all the emails, which he has so far received, from the strangers he has been communicating with. The I.D. )ddress embedded in all e#mails received by complainant reveals that the origin of the emails is from 1. X "ompany ,. ) residential address near Cumbai.
MET COLL MMS 1 B
EA
They also track a bank account at "hembur. )*AC- AI*ER I$ENTI+IE$ Dolice raids a flat, which has corresponds to the originating I.D. )ddress in the e#mails. Two laptops are recovered at place and they contain most of the e#mail communication made under the various identities such as C&, )dvocate )C, &ew Qork Dolice, Solkata Dolice etc. The man assuming these various identities is a single person and he is identified as one Cr. DC who is the 4C of a large corporation. The computer found in his cabin contains critical evidence about the case. The man is eventually arrested and put behind bars. 0OR- IHO E SCHA STER ARRESTE$ )Y CY)ER CE** "yber "rime "ell of "rime 0ranch, ".I.F., Cumbai Dolice have arrested a person by name *ripathi 4uruprasanna 'a!, aged N, yrs who is the "hairman and Canaging Firector of *ohonet India Drivate >td., a company based in "hennai. Cany complainants based in Cumbai had complained to the "yber "rime Investigation "ell, that the said company has duped them each for 's. 5,BBB7# and 's. H,BBB7# by promising them with monthly income of 's. 1N,BBB7#. The said company through its website having @'> www.sohonetindia.com and through various attractive advertisements in the news papers as well as by holding seminars in five star hotels, in various metropolitan cities like Cumbai, Felhi, Solkata, 0angalore etc. had lured the various computer literate people with attractive schemes named Instant Treasure Dack 6ITD8 and 4reen "hannel. The company then asked the interested people to register with their company for which they charged the registration fess 's. 5,BBB7# which was later increased to 's. H,BBB7#. The company "CF, Cr. 'a! promised the people so registered that they would be provided with the data conversion !ob, which would enable them to earn 's. 1N,BBB7# per month. The company then collected huge amount from the gullible computer users. *ome of the users were provided with the !ob work whereas others were not even provided the !ob work 6data conversion !ob8 assured to them. The people, who were provided with the !ob work, did work day and night on their computers to complete the !ob work within the stipulated time period and submitted the !ob work to the said company. 0ut even after repeated correspondence with the company, they were not paid. The total number of persons who have been duped by the *ohonet is about 1G,BBB and are located at various places in the country, whereas the company has paid only to about 1,BB people for the work they have done for the company whereas others were either not provided with the work or were not paid for the work. 0y this way *ohonet amassed a huge amount, which may run into couple of crores. ) complaint was filed at Salachowky Dolice *tation vide ".'. &o. 1N17,BBE u7sec 5BH, 5,B r7w 1,B6b8 ID" and office of *ohonet India Dvt. >td. located at Fr. 'adhakrishnan
MET COLL MMS 1 B
EG
*alai, Caylapore, "hennai was raided. The accused *ripathi 4uruprasanna 'a!, who is the "CF of the company, was arrested by the team of officers. Hac6er hac62 into a financial 7e12ite Cumbai poilce have arrested a hacker by name Salpesh *harma for hacking into a financial website. )lthough the hacker couldn%t break into the main server of the financial institution, which was well secured by the financial institution. The accused person could make some addition to the home page of the financial website and has added a string of text to the news module of the home page of the website. Dolice were able to crack the case by following the trace left by the hacker on the web server of the financial institution. The financial institution has maintained a separate server for financial online transactions, for which the fianancial institution has taken utmost security. The website was hosted on a different server which comparatively had lesser security. The hacker Salpesh *harma is a 1Bth Dass youngster of ,E years old. ;e has done computer courses like ""&), C"*E etc. 0ut he is a computer addict. ;e sits before the computer for almost 1H to ,B ;ours each day. ;e has mostly used the readymade hacking tools, to hack into any website. ;e goes to a particular website on the web, which facilitates him to see the entire directory structure of that website. Then using various techni9ues, such as obtaining a password file, he gets into the administrator%s shoes and hacks the website. ) case has been registered against the hacker under section HA of Information Technology )ct # ,BBB and under various sections of Indian Denal "ode. Teenager cheat2 a Payment Gate7ay for R2" @ *a6h2 Cumbai police have arrested a student of *econd Qear Engineering "ollege at Dune for duping a Dayment 4ateway. The student )mit Tiwari was arrested on various counts of cheating and forgery. The accused initially opened a website supposedly to carry out business of web designing. ;e opened an account with a payment gateway situated in Cumbai under false credentials. ;e then started browsing the web, especially various chat rooms and &ewsgroups to obtain the credit card numbers. ;e then became his own client and started making payments to his own account using the credit card card numbers he obtained from the net of foreign nationals. Dayment gateway couldn%t get suspicion. Ho7 to file a com'laint. <or any cyber related complaint a person can visit the ""I" on the address given below or can register the complaint online on 777"cy1ercellm3m1ai"com 7e12ite"
MET COLL MMS 1 B
E(
ffice )ddress "yber "rime Investigation cell, )nnex III, 1st floor, ffice of the "ommissioner of Dolice, F.&.'oad, Cumbai 5BBB1 E -mail # officerYcybercellmumbai.com Tele'hone no2 K# 6Z(1 8 # B,,# ,,HEBG,( 6Z(18 # B,, # ,,H51,H1
*ate2t article2 an( Recent $e8elo'ment2

)PO2 may not 1e hel( lia1le for (ata theft Ga3rie i2hra / Ne7 $elhi Octo1er 2@5 200A )n amended IT )ct will give a breather to 0D s. If the government has its way, the Indian business process outsourcing 60D 8 industry will not be held liable for any leakage of confidential client data. 1The proposed amendments to the Information Technology )ct seek to exclude 0D s from being a network service provider. This will mean that they will not be held liable for any data theft or other such offences,2 said an official in the Information Technology department. The department is drafting a new IT law and hopes to table the 0ill during the winter session of Darliament, scheduled to start on &ovember ,1. -ith no data protection laws in the country, the move raised serious accountability issues in the industry, said cyber law expert Davan Fuggal. 0ut &)**" C refused to comment on the matter when contacted. &)**" C had earlier supported a separate data protection law but did not comment on whether or not 0D s should be brought within the scope of network service providers. *ome countries are pushing India to put in place data protection laws covering the entire gamut of services, from 0D s to pharmaceuticals. Experts said the exclusion of 0D s from the ambit of network service providers would mean that they would not be held responsible for the theft of any confidential information of foreign clients, like credit card or bank account details. 1The decision will spell disaster for the sunrise industry as dilution of the law will not provide any safeguard to foreign clients against data theft or other such violations,2 Fuggal said.
MET COLL MMS 1 B
5B
The proposals will be finali/ed in a week. They will make the Indian 0D industry, which is facing competition from other low#cost destinations, unattractive for outsourcing. fficials said the draft 0ill sought to hold cyber cafes and search engines liable for data theft. Go8t 'lan2 amen(ment2 to IT Act TI ES NE0S NET0OR- JT,ES$AY5 OCTO)ER CF5 200A C2.AC.AC A K NE0 $E*HI 0usiness process outsourcing units in the country can relax. Pague and umbrella provisions under the existing Information Technology )ct, =BB, are to be replaced by clear and periodic security procedures to be spelt out by the department of information technology 6FIT8. *imultaneously, other government departments like the finance ministry and the health ministry are coming out with specific laws that will govern credit cards and health records. It may be recalled that most security breaches revolve around credit card information being leaked out. Drecautions are being taken to guard against similar seepage of vital health#related information. The amended IT )ct will, however, make room for a statutory framework to protect critical information infrastructure of the country. 0ri!esh Sumar, secretary, FIT, told ET that the proposed amendments to the IT )ct will be finali/ed soon and sent to the "abinet for approval. ;e said the government will frame reasonable security procedures to be followed by the 0D s in consultation with self# regulatory bodies of the industry and experts. These procedural norms will be notified as and when changes are called for and will be as good as law, provided there=s no specific law under which the breach can be dealt with. Cr Sumar revealed that the government was framing some standalone legislations to deal with crime and security breaches involving credit cards. 1;ealth information systems in hospitals, labs and outsourcing centers are also cause for concern and a separate law is being worked out by the related ministry to monitor them,2 he added. Cr Sumar said the IT )ct will be amended to facilitate IT usage and encourage e# commerce. -hile *ection A( of the )ct is being amended to provide immunity to intermediaries like 0D s, telecom service providers, internet service providers and cyber cafes, it will also guard against meddling of evidence. Thus, while transmission over a network cannot be blamed on the intermediary, unless it is proved that the intermediary was aware of what was happening and deliberately did not take action W there will be provisions to deter destruction of evidence. nline payment sites, which are not specifically included under the ambit of the )ct, will be added in with dos and don=ts. )ttempts to engage in any form of cyber crime or abet
MET COLL MMS 1 B
51
the same would also be recogni/ed under the )ct. The amended )ct will also spell out the police=s role and the manner in which investigations can be carried out.
Cy1er crime 2tat2. C/= i2 'orn IN$IATI ES NE0S NET0OR- JTH,RS$AY5 SEPTE )ER 225 200A 0@.A>.=< A K &E- FE>;IK The recent incident involving the circulation of an CC* featuring 0ollywood actress Callika *herawat=s %look#alike% in Cumbai and last year=s scandalous CC* showing a FD* girl in Felhi were not odd blips on the cybe rcrime scene in India. &early one#third of all cyber crime cases reported in the country are related to publication and transmission of obscene material. "ases related to hacking of computer systems, tampering source documents, breach of confidentiality7privacy and digital signature fraud come only next to cyber pornography cases. <igures revealing the trend of cyber crime cases in India were shared with Interpol member#countries at the ongoing general assembly session of the international police body at 0erlin on Tuesday. )ccording to the statistics revealed at the world forum by the "0I director @ * Cisra, EEU of all the cyber crime cases are related to publication and transmission of obscene material, followed by hacking which accounts for EBU. ) huge G1U of the offenders are in the age group of 1G#5N while the rest are in the 5N#HB age group. -hile asking developed countries to impart effective operational training, particularly in cyber forensics, Cisra in his capacity as the head of &ational "entral 0ureau 6Interpol, &ew Felhi8 revealed that cyber crime in India was reported from developed states and metropolises. The latest report from the &ational "rime 'ecords 0ureau 6&"'08 too has indicated a similar trend as far as cyber crime cases are concerned. The report indicates that even the ma!ority of the people arrested under the Information Technology )ct ,BBB fall under the category of using technology for 1transmission of obscene pictures2 in electronic form. )lthough the &"'0=s 1"rime in India2 report dealt with the figures of ,BB,, it gives a clear insight into the types of cyber crimes being reported in the country ever since the IT )ct ,BBB came into force.
Cy1er Crime. International gang 132te( in Noi(a
MET COLL MMS 1 B
5,
&oidaK )n international gang involved in a cyber racket to defraud customers via the e# mail was busted by the &oida police with the help of a bank manager here today. <our persons involved in the racket have been arrested, including three &igerian citi/ens, police said. The modus operandi of the gang involved sending a series of e#mails to customers asking them to deposit money in a particular account with an offer to get back double the cash or gifts within a short period, said Cr Trivedi *ingh, the cyber crimes in# charge. The I"I"I bank manager from *ector 1G informed the &oida police that a man from Canipur named Fhang Shan Cung, resident of ) EE *ector E5 had opened an account in the bank and was asking customers to deposit money in the account through the Internet, *enior *uperintendent of Dolice 6**D8 Diyush Cordia said. The bank manager further said he had received complaints from one *udhir 'ana from "hennai in this regard, the **D said. The gang, ostensibly, had trapped do/ens of customers through this modus operandi and so far 's 15 lakh have been deposited in the account, the **D said. The police are investigating the matter. Ra;a2than 'olice 1egin 'ro1e in cy1er 'orn ca2e 3aipurK 'a!asthan police <riday started a probe into a case in which a Felhi#based married couple was secretly filmed at a hotel and the clip found its way to the Internet. )ccording to official sources, police have constituted a team led by an additional superintendent of police of the special crime branch to investigate the matter. Dolice swung into action after the husband, an engineer, lodged a police complaint. Earlier in the day, a Felhi police team arrived in the city and along with their counterparts from 'a!asthan drove to the resort, EB km from here on the 3aipur#Felhi national highway, where the couple had checked in. Dolice have 9uestioned the resort%s staff and management. The couple, who had stayed in the resort last Fecember, were shocked to find themselves the sub!ect of a porn video clip beamed on the Internet. They were apparently shot in the hotel%s bathroom by a hidden camera and the clip was later sold to a foreign website.
Tata2 7in t7o ca2e2 of cy1er 243atting PTI J T,ES$AY5 OCTO)ER 2A5 200A 0F.20.C2 P K
MET COLL MMS 1 B
5E
&E- FE>;IK Tata 4roup has beaten attempts by two @*#based cyber s9uatters, who hi!acked two of its domain names. In the first case, the &ational )rbitration <orum of @* has ordered the transfer of Indian corporate giant%s domain name tata.us, stolen by a @* citi/en of Indian origin * Dulickal, back to the company after it filed a complaint. Dulickal had registered the domain name %tata.us% with @* domain name registry. The second cyber s9uatter had targeted the company%s Firect to ;ome venture%s domain name. )fter the group announced change in corpoate name of its FT; venture, a regular cyber s9uatter *ayed ;ussein registered the domain name %tatasky.com%. The Tata group filed a complaint with -orld Intellectual Droperty rganisation at 4eneva and as soon as the complaint was communicated to ;ussein he transferred the domain name to Tata *ky International "orporation, 0rooklyn, @*). Eventually on *eptember -ID placed an order for transfer of the name to the Tata group. -ID has been increasingly taking a stand against cyber s9uatters, who steal popular domain names with the intention of selling them back to the companies. $anger2 of 'hi2hing an( 'harming )lokananda 4hosh : "handralekha Tulal show what to look out for while shopping online There=s a new breed on the &et W the cyber window shopper. *hopping online offers lots of benefits that you won=t find shopping in a store or by mail. The Internet is always open W seven days a week, ,5 hours a day W and it=s crawling with super bargains. The success of e#commerce in the country can be easily gauged from the fact that the ,G# million#strong online population contributes to 's NAB crore of transactions. It is estimated that a fourfold growth in the online population in the next two years will result in a EBB per cent growth in e#commerce, taking revenue from online transactions to 's ,,EBB crore. <or the consumer, shopping online means speed, convenience and savings. <or the retailer, the Internet offers a bigger audience and reduced infrastructure costs, which can be passed on to the consumer. &eti/ens between 1G and ,N years form the largest segment of window shoppers on the &et. They are mostly young professionals. ;owever, it is interesting to note that while 5N per cent of these people surfed the &et for information, price and availability of products to make informed decisions, NN per cent had made an online transaction at least once. The biggest worry is credit card misuse or the fear of allowing unauthorised access to bank accounts in case of debit cards. 0eing flooded with spam also worries an online member.
MET COLL MMS 1 B
55
1The most common fear among shoppers is that their financial information will be misused, which is not totally un!ustified,2 says Davan Fuggal, advocate, *upreme "ourt of India and cyber law expert. )grees Dreeti Fesai, president, Internet and Cobile )ssociation of India 6I)C)8, 1There are a lot of fears associated with using a credit or debit card online. "onsumers feel they are not protected on the &et and are liable to pay once online. The fear of fraud is also another ma!or impediment.2 >et=s take a look at some of the frauds that can happen online. Dhishing is the type of online attack, whereby scammers copy the ?look and feel= of a reputed establishment=s website as accurately as possible, building a replica site as a bait to reel in the targeted company=s customers. ne has to recognise this con !ob. >ittle details may be changed W like the missing ?i= in httpK77www.citbank.com shown on your address bar. ) more sophisticated version involves redirecting victims through a masked address with some cleverly concealed coding to redirect traffic from a genuine link. <or example, one might use httpK77www.citibank.com, which is the genuine "itibank site. 0ut the information can be actually redirected to another site by using the ?mask=. <or example, httpK77www.citibank.com7track7 dyredir.!spJrFirl[ httpK77EBB.HN1.,NB.1B7 will redirect you to an entirely different site, which looks exactly the same as the original. In such cases, the name displayed on your address bar is indeed genuine, and you=d have to explore the entire link to realise that it=s a fraud. ;ow often will you take this troubleJ Internet users who are unaware of phishing often !ust follow the instructions they see onscreen, and get into a serious financial mess. ther than this, there are innumerable cases of bogus online charities. The modus operandi is almost the same W !ust click on the link provided to make an online donation that will never reach the orphaned kid or tsunami victim it was intended for. Qou, on the other hand, have not only given the frauds money, but have also offered your credit card details. )n even more sophisticated and difficult#to#detect online fraud is pharming, which involves hi!acking the targeted site altogether. In a typical case of pharming, either the victim=s system or the F&* server may be compromised to redirect traffic to a malicious site. Through ?F&* poisoning= or ?@'> hi!acking= even correctly entered @'>s can be diverted to a malicious site somewhere else in an attempt to extract sensitive personal data. ther scams that play on the Internet user=s greed include those related to online lotteries that re9uire you to furnish your personal details in order to claim a pri/e you=ll never receive, online auctions, and postal forwarding7redirecting frauds.
MET COLL MMS 1 B
5N
1Fespite such instances of cyber frauds, one must not forget that online crimes can also be committed by securing financial information offline,$ cautions Fuggal. <or example, in ,BBE, )rif )/im, a call centre employee, was convicted for stealing and misusing a credit card number by smooth talking and convincing a bank customer, 0arbara "ampa, to reveal her credit card number and other details on the pretext of correcting her billing records. <urthermore, one should abstain from shopping pornographic and obscene material from the Internet as under the Information Technology )ct, ,BBB, such actions have been made punishable with five years imprisonment and 's 1 lakh fine, says Fuggal. Drecaution is still the best cure, advises Fuggal. 1*o be on your alert and trust your instincts while transacting online,2 he adds.
-hat if you are hitJ If you notice a transaction on your credit card not authorised by you, immediately call the company and reverse the transaction, urges Fesai. 1In a scenario, where your re9uest is denied by the company, you should report the matter to the deputy superintendent of police, as under the IT act, no officer below such a designation is authorised to handle a cyber crime,2 clarifies Fuggal.
MET COLL MMS 1 B
5H
LOOPHOLES AND IMPROVEMENTS

>oopholes &o clear provision for handling of domain name issues. They are presently covered by legal norms applicable to intellectual properties such as trademarks 3urisdiction problems are likely to arise as the act applies to both Indians and foreign citi/ens The law is now covered under civil procedure, making the enforcement process If the law is covered under criminal slow. This deters companies from procedure, the process could be faster approaching the cyber crime cell *ome definitions in the act are vague and can cause problems to the plaintiff Fefinitions, prescriptions of punishment and certain provisions 6such as that dealing with hacking8 need specific amendment Improvements needed The act needs amendment for handling domain name issues and related concerns such as cyber s9uatting There should be clear briefs on how the act will apply to any offence, and how action will be taken against any person who has committed the crime outside India
MET COLL MMS 1 B
5A
The act does not lay down parameters for >aw enforcement officials need to be trained its implementation for effective enforcement
MET COLL MMS 1 B
5G
" &">@*I &

"yber crime is a ma!or concern for the global community. The introduction, growth, and utili/ation of information and communication technologies have been accompanied by an increase in criminal activities. -ith respect to cyberspace, the Internet is increasingly used as a tool and medium by transactional organi/ed crime. "yber crime is obvious form of international crime that has been affected by the global revolution in I"Ts. )s a recent study noted, cyber crime differ from terrestrial crimes in four waysK 1 They are easy to learn how to commit. they re9uire few resources relative to the potential damage caused. they can be committed in a !urisdiction without being physically present in it. and they are often not illegal2. n the basis of this, the new forms of cybercrime present new challenges to lawmakers, law enforcement agencies, and international institution. This necessitates the existence of an effective supra national as well as domestic mechanisms that monitor the utili/ation of I"Ts for criminal activities in cyberspace. )s the cases of cyber crime grow, there is a growing need to prevent them. "yberspace belongs to everyone. There should be electronic surveillance which means investigators tracking down hackers often want to monitor a cracker as he breaks into a victim%s computer system. The two basic laws governing real#time electronic surveillance in other criminal investigations also apply in this context, search warrants which means that search warrants may be obtained to gain access to the premises where the cracker is believed to have evidence of the crime. *uch evidence would include the computer used to commit the crime, as well as the software used to gain unauthori/ed access and other evidence of the crime. There should also be analy/ing evidence from a cracker%s computer by the officials investigating the crime. ) sei/ed computer may be examined by a forensic computer examiner to determine what evidence of the crime exists on the computer. 'esearchers must explore the problems in greater detail to learn the origins, methods, and motivations of this growing criminal group. Fecision#makers in business, government, and law enforcement must react to this emerging body of knowledge. They must develop policies, methods, and regulations to detect incursions, investigate and prosecute the perpetrators, and prevent future crimes. In addition, Dolice Fepartments should immediately take steps to protect their own information systems from intrusions. "omputer crime is a multi#billion dollar problem. >aw enforcement must seek ways to keep the drawbacks from overshadowing the great promise of the computer age. "yber crime is a menace that has to be tackled effectively not only by the official but also by the users by co#operating with the law. The founding fathers of internet wanted it to be a boon to the whole world and it is upon us to keep this tool of moderni/ation as a boon and not make it a bane to the world.
MET COLL MMS 1 B
5(
Information Technology )ct ,BBB 6IT)#,BBB8 has now been in existence for the last N years. The )ct had for the first time in India attempted a legal regime for the "yber space transactions. It had many drawbacks but it was a small step in the right direction. The following are our 'ecommendations to improve the )ct#. ESTA)*ISH ORE CY)ER PO*ICE STATIONS
The first cyber police station opened in 0angalore. There are tremendous re9uirements for more cyber police stations in India. This is so as the number of cyber crimes is constantly increasing and there are not enough response infrastructures available. ;aving more cyber police stations in the country would ensure that appropriate regions and areas are covered in a effective manner. The police and other law enforcement agencies in various states like Sarnataka, 4oa, Caharashtra, 4u!arat, -est 0engal, Felhi, Tamil &adu, and )ndhra Dradesh etc have already displayed their skill in nabbing high technology criminals. In cities such as 0angalore, &ew Felhi and Cumbai, where cyber crime cells do exist, there is potential for improvement. The police needs to have immense skills in order to trace an accused. There is a necessity of familiarity with technical concepts, They need to be familiar with and using cyber forensic and other investigative tools which enable them to track down ID addresses and other technical details which are extremely critical for reaching up to the accused person. The police needs to be absolutely proficient in the working of the computers, computer systems and computer networks. They also need to be up to date and aware of latest techni9ues, technologies and methodologies that have emerged. <urther, they need to have an appropriate bent of mind while investigating cyber crime, as cyber crimes are the completely distinct in their nature and inherent characteristics as compared to crimes in the actual world. If such force has to work efficiently, it has to have an all India !urisdiction and work parallel to the "0I. It can have officers deputed from the *tate police so that the *tate cooperates in such a venture without the suspicions normally associated with transferring cases in their !urisdiction to "0I. HA!E TREATIES 0ITH OTHER CO,NTRIES K *ince cyber crimes can be international in nature, India must sign extradition treaties with more countries and take the lead for international legislation to curb cyber crimes and for better enforcement of existing internet related laws 4overnment should press other nations for a legislation conforming to international standards for internet crimes besides signing extradition treaties with more countries as enforcing !udicial orders and pinpointing !urisdiction have become very difficult in cases of cyber law violation. India has some of the best IT brains in the world. It has also strategic advantage of having some of the best#in#the#world and economical infrastructure backbones,
MET COLL MMS 1 B
NB
services and human resources potential. -ith backing from proper legislation India can play a big role in development of the Internet and "omputer technology not !ust in the country but all over the world.
MET COLL MMS 1 B
N1
)I)*IOGRAPHY
)OO-S RE+ERRE$. >aw of Information Technology # F.D. Cittal "yber laws I"<)I <ebruary, Cay and &ovember Editions
SITES. 777"naa8i"org 777"a2ianla72"com 777"in(iainfoline"com 777"cy1ercrime2"com 777"cnetne72"com 777"la7<in(ia"com
MET COLL MMS 1 B
N,

It Act2000

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

It Act2000

Enviado por

Direitos autorais:

Formatos disponíveis

INFORMATION TECHNOLOGY ACT-2000

Information technology act 2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

Information Technology Act, 2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

-hat are cyber crimesJ

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

A$E IN ITA 2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000

MET COLL MMS 1 B

INFORMATION TECHNOLOGY ACT-2000