Report On

Cyber law
LEGAL ASPECTS OF MANAGEMENT

Submitted to:
Mr. Maneesh Yadav

Submitted by:
Ankita Bhatnagar (JL12PGDM030)

Introduction:
Computers and their use is a day to day activity of all the students, professionals, teachers, Universities, banks, Supermarkets, in the entertainment field, in medical profession and also in higher education. The use of this Weapon is spreading very widely in all parts of our society. As every weapon has two ways of operation. One is good and essential and the other are bad and not essential. Many times, whenever a new weapon is invented, many people use it unknowingly for the wrong purpose. So to aware them and to make the proper use of the Power of the newly invented weapon, laws is to be formulated and should be implemented. This chapter introduces the cyber law and many terms involved in it. There are two basic definitions of cyber crime. (a) One definition says that ‘cyber crime’ consists of only those offences provided in the Information technology Act, 2000. As per this definition, cyber crimes would mainly be restricted to tampering with the computer source code, hacking and cyber pornography. Cyber fraud, defamation, harassment, e – mail abuse and IPR thefts, would not classify as cyber crimes. (b) In second definition, ‘cyber crime’ is said to be an act of commission or omission with the internet, committed on the internet or through the internet or with the help of the internet or connected with the internet, whether directly or indirectly, which is prohibited by the law and for which punishment, momentary and / or corporal is provided. According to these definitions, the IT Act, 2000 provides punishments for only certain cyber offences and is not applicable to all the cyber crimes. For example, suppose a person threatens any other person with causing death or serious hurt. Then he will be liable for the offence of criminal intimidation under section 506 of the Indian Penal Code, 1860. But he will not be liable for the offence under the IT Act, 2000. But this act would be classified as the cyber crime. Another example which can be seen is that, suppose a person cheats another person using the Internet. Then he shall be liable for cheating under section 420 of IPC but not under the IT Act, 2000. But his act would be commonly called as a cyber fraud but it can not be classified as the cyber crime. Cyber crimes can be classified as follows.

(a) Old crimes, committed on or through the new medium of the Internet. For example, cheating, fraud, misappropriation, defamation, pornography, threats, etc. committed on the Internet or through the Internet or with the help of internet, would fall under this category. These crimes are old but their place of operation is new, i.e. the Internet. The Internet with its speed and global access has made these crimes much easier, efficient, risk free, cheap and profitable to commit. These can be called as crimes “on” the Internet. (b) New crimes created with the Internet itself, such as hacking, planting viruses and IPR thefts. These can be called as the crimes “of” the Internet. (c) New crimes used for commission of old crimes. For instance, where hacking is committed to carry out cyber frauds. Computer crimes have also been classified by the nature of the usage of the computer. (a) Proper computer crimes such as hacking where a computer and network are essential for the commission of the offence. (b) Computer assisted crimes such as cyber pornography where the medium of the internet is used. (c) Crimes where the computer is only incidental for commission such as cyber fraud.

Though the IT Act, 2000 specifically defines and punishes only a few cyber crimes, it recognizes that there are other cyber crimes of cyberspace which are provided in the Indian Penal Code, 1860. It was perceived by out legislators that many of the offences in IPC ceased to apply cyberspace because the definition of “document” did not include within its domain “electronic records”. Hence it was found necessary by our law makers to modify the various provisions of IPC by specifically making “electronic records”.

Cyber Law
Cyber law refers to all the legal and regulatory aspects of internet and the World Wide Web. Cyber space is governed by a system of law and regulations called cyber law. Cyber law is needed because of the following reasons

(a) Today millions of people are using the internet all over the world. Because of global communications, internet is misused for criminal activities which require regulation. Today many disturbing and unethical things are happening in the cyber space which are known as cyber crimes. People with intelligence and having bad intensions are misusing the aspect of internet.

Software Piracy
Software piracy is unauthorized duplication, distribution and use of computer software. Copying of the software without purchasing it is known as pirating the software and such a copy of software is known as pirated software. The use of pirated software is the violation of the IT act 2000 as well as it is unethical. Software pirates have known to manipulate internet auction sites to reach hundreds of unwitting consumers everyday at little cost. With the growth of the internet, however, software pirates rapidly understood to take advantage of the wide audience available on global networks. For making more copies of the software than the license copy. Or installing licensed software for one computer and copied that software on other machines. To prevent the software piracy some companies set up software locks and limits the number of installations while some use hardware locks so that the software can not be used by unauthorized person illegally. Ethics for computer users

All computer users have the responsibility to use computer system with an effective, efficient, ethical and lawful manner. Computer users must be responsible towards the profession, organization and society. They should prevent an unauthorized duplication, distribution and use of computer software. Many people, when not authorized, try to access information and will be held responsible for unauthorized access. In information technology, everyone has right to access the data but up to a limited extent and form authentic source only Law encompasses the rules of conduct: 1. that have been approved by the government, and 2. which are in force over a certain territory, and

3. which must be obeyed by all persons on that territory. Violation of these rules could lead to government action such as imprisonment or fine or an order to pay compensation. Cyber law encompasses laws relating to: 1. Cyber Crimes 2. Electronic and Digital Signatures 3. Intellectual Property 4. Data Protection and Privacy Cyber crimes are unlawful acts where the computer is used either as a tool or a target or both. The enormous growth in electronic commerce (e-commerce) and online share trading has led to a phenomenal spurt in incidents of cyber crime. These crimes are discussed in detail further in this chapter. A comprehensive discussion on the Indian law relating to cyber crimes and digital evidence is provided in the ASCL publication titled “Cyber Crimes & Digital Evidence – Indian Perspective”. Electronic signatures are used to authenticate electronic records. Digital signatures are one type of electronic signature. Digital signatures satisfy three major legal requirements – signer authentication, message authentication and message integrity. The technology and efficiency of digital signatures makes them more trustworthy than hand written signatures. These issues are discussed in detail in the ASCL publication titled “Ecommerce – Legal Issues”. Intellectual property is refers to creations of the human mind e.g. a story, a song, a painting, a design etc. The facets of intellectual property that relate to cyber space are covered by cyber law. Fundamentals of Cyber Law These include: • Copyright law in relation to computer software, computer source code, websites, cell phone content etc, • Software and source code licenses • Trademark law with relation to domain names, meta tags, mirroring, framing, linking etc • Semiconductor law which relates to the protection of semiconductor integrated circuits design and layouts, • Patent law in relation to computer hardware and software. These issues are discussed in detail in the ASCL publication titled “IPR & Cyberspace - the Indian Perspective”. Data protection and privacy laws aim to achieve a fair balance between the privacy rights of the individual and the interests of data controllers such as banks, hospitals, email service providers etc. These laws seek to address the challenges to privacy caused by collecting, storing and transmitting data using new technologies.

Need for Cyber Law
There are various reasons why it is extremely difficult for conventional law to cope with cyberspace. Some of these are discussed below.

1. Cyberspace is an intangible dimension that is impossible to govern and regulate using conventional law. 2. Cyberspace has complete disrespect for jurisdictional boundaries. A person in India could break into a bank’s Electronic vault hosted on a computer in USA and transfer millions of Rupees to another bank in Switzerland, all within minutes. All he would need is a laptop computer and a cell phone. 3. Cyberspace handles gigantic traffic volumes every second. Billions of emails are crisscrossing the globe even as we read this, millions of websites are being accessed every minute and billions of dollars are electronically transferred around the world by banks every day. 4. Cyberspace is absolutely open to participation by all. A ten-year-old in Bhutan can have a live chat session with an eight year-old in Bali without any regard for the distance or the anonymity between them. 5. Cyberspace offers enormous potential for anonymity to its members. Readily available encryption software and steganographic tools that seamlessly hide information within image and sound files ensure the confidentiality of information exchanged between cyber-citizens. 6. Cyberspace offers never-seen-before economic efficiency. Billions of dollars worth of software can be traded over the Internet without the need for any government licenses, shipping and handling charges and without paying any customs duty. 7. Electronic information has become the main object of cyber crime. It is characterized by extreme mobility, which exceeds by far the mobility of persons, goods or other services. International computer networks can transfer huge amounts of data around the globe in a matter of seconds. 8. A software source code worth crores of rupees or a movie can be pirated across the globe within hours of their release. 9. Theft of corporeal information (e.g. books, papers, CD ROMs, floppy disks) is easily covered by traditional penal provisions. However, the problem begins when electronic records are copied quickly, inconspicuously and often via telecommunication facilities. Here the “original” information, so to say, remains in the “possession” of the “owner” and yet information gets stolen

Jurisprudence of Indian Cyber Law
The primary source of cyber law in India is the Information Technology
Act, 2000 (IT Act) which came into force on 17 October 2000. The primary purpose of the Act is to provide legal recognition to electronic commerce and to facilitate filing of electronic records with the Government. The IT Act also penalizes various cyber crimes and provides strict punishments (imprisonment terms up to 10years and compensation up to Rs 1 crore). An Executive Order dated 12 September 2002 contained instructions relating provisions of the Act with regard to protected systems and application for the issue of a Digital Signature Certificate. Minor errors in the Act were rectified by the Information Technology (Removal of Difficulties)

Order, 2002 which was passed on 19 September 2002. The IT Act was amended by the Negotiable Instruments (Amendments and Miscellaneous Provisions) Act, 2002. This introduced the concept of electronic cheques and truncated cheques. Information Technology (Use of Electronic Records and Digital Signatures) Rules, 2004 has provided the necessary legal framework for filing of documents with the Government as well as issue of licenses by the Government. It also provides for payment and receipt of fees in relation to the Government bodies. On the same day, the Information Technology (Certifying Authorities) Rules, 2000 also came into force. These rules prescribe the eligibility, appointment and working of Certifying Authorities (CA). These rules also lay down the technical standards, procedures and security methods to be used by a CA. These rules were amended in 2003, 2004 and 2006.Fundamentals of Cyber Law Information Technology (Certifying Authority) Regulations, 2001 came into force on 9 July 2001. They provide further technical standards and procedures to be used by a CA. Two important guidelines relating to CAs were issued. The first are the Guidelines for submission of application for license to operate as a Certifying Authority under the IT Act. These guidelines were issued on 9th July 2001. Next were the Guidelines for submission of certificates and certification revocation lists to the Controller of Certifying Authorities for publishing in National Repository of Digital Certificates. These were issued on 16thDecember 2002. The Cyber Regulations Appellate Tribunal (Procedure) Rules, 2000 also came into force on 17th October 2000. These rules prescribe the appointment and working of the Cyber Regulations Appellate Tribunal (CRAT) whose primary role is to hear appeals against orders of the Adjudicating Officers. The Cyber Regulations Appellate Tribunal (Salary, Allowances and other terms and conditions of service of Presiding Officer) Rules, 2003 prescribe the salary, allowances and other terms for the Presiding Officer of the CRAT. Information Technology (Other powers of Civil Court vested in Cyber Appellate Tribunal) Rules 2003 provided some additional powers to the CRAT. On 17th March 2003, the Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003 were passed. These rules prescribe the qualifications required for Adjudicating Officers. Their chief responsibility under the IT Act is to adjudicate on cases such as unauthorized access, unauthorized copying of data, spread of viruses, denial of service attacks, disruption of computers, computer manipulation etc. These rules also prescribe the manner and mode of inquiry and adjudication by these officers. The appointment of adjudicating officers to decide the fate of multi-crore cyber crime cases in India was the result of the public interest litigation filed by students of Asian School of Cyber Laws (ASCL). The Government had not appointed the Adjudicating Officers or the Cyber Regulations Appellate Tribunal for almost 2 years after the passage of the IT Act. This prompted ASCL students to file a Public Interest Litigation (PIL) in the Bombay High Court asking for a speedy appointment of Adjudicating officers. The Bombay High Court, in its order dated 9thOctober 2002, directed the Central Government to announce the appointment of adjudicating officers in the public media to make people aware of the appointments. The division bench of the Mumbai High Court consisting of Hon’ble Justice A.P. Shah and Hon’ble Justice Ranjana Desai also ordered that the Cyber Regulations Appellate Tribunal be constituted within a reasonable time frame. Following this the Central Government passed an order dated 23rd March 2003 appointing the “Secretary of Department of Information Technology of each of the States or of Union Territories” of India as the adjudicating officers. The Information Technology (Security Procedure) Rules, 2004 came into force on 29th October 2004. They prescribe provisions relating to secure digital signatures and secure electronic records. Also relevant are the

Information Technology (Other Standards) Rules, 2003. An important order relating to blocking of websites was passed on 27thFebruary, 2003. Computer Emergency Response Team (CERT-IND) can instruct Department of Telecommunications (DOT) to block a website. The Indian Penal Code (as amended by the IT Act) penalizes several cyber crimes. These include forgery of electronic records, cyber frauds, destroying electronic evidence etc. Digital Evidence is to be collected and proven in court as per the provisions of the Indian Evidence Act (as amended by the IT Act). In case of bank records, the provisions of the Bankers’ Book Evidence Act (as amended by the IT Act) are relevant. Investigation and adjudication of cyber crimes is done in accordance with the provisions of the Code of Criminal Procedure and the IT Act. The Reserve Bank of India Act was also amended by the IT Act. Important contents of IT act of India. Or Information Technology Act 2000. Information Technology Act 2000 is an act to provide legal recognition for internet and ecommerce. It contains the following chapters. (1) Preliminary: With the rapid pace, internet usage in India is increasing. So the rule of government is to provide a legal framework for internet and e-commerce. (2) Electronic Governance: The filling up of a form, issue of a license or payment of fee may be in an electronic form. Secured digital signatures enables the growth of e-commerce. (3) Attribution, Acknowledgement and Dispatch of Electronic Records: This chapter of the Act specifies the time of dispatch and receipt ot electronic record. An electronic record with a secure digital signature will automatically be considered as a secure electronic record. It will also be considered as a secure if security procedures have been applied to it. Such security may be in the form of encryption. (4) Regulation of certifying Authorities: “Certifying Authority” means a person who has been granted a license to issue a Digital Signature Certificate under section24. (5) Digital Signature Certificate: It means a certificate issued under sub-section (4) of section 35 (6) Duties of Subscribers: Subscriber checks any electronic record by means of an electronic method or procedure. (7) Penalties and Adjudication:

The penalty for tampering source code is imprisonment for a term not exceeding 3 years and/or a fine not exceeding Rs. 200000. In order to enforce the punishments, central government will appoint an Adjucating Officer who will have powers of civil court. (8) The Cyber Regulations Appellate Tribunal: The Act contemplates the constitution of the Cyber regulation Appellate Tribunal, having a Presiding Officer. Tribunal will hear appeals from orders passed by Adjucating Officer. The party may appeal to High Court of any state within 60 days, if unsatisfied with the order of Tribunal. (9) Definitions.: In these Rules, unless the context otherwise requires (a) “Act” means the Information Technology Act, 2000 (21 of 2000); (b) “Applicant” means Certifying Authority applicant; (c) “Auditor” means any internationally accredited computer security professional or agency appointed by the Certifying Authority and recognized by the Controller for conducting technical audit of operation of Certifying Authority; (d) “Controller” means Controller of Certifying Authorities appointed under sub-section (1) of Section 17 of the Act; (e) “Information asset” means all information resources utilized in the course of any business and includes all information, applications (software developed or purchased), and technology (hardware, system software and networks); (f) “Licensee” means a license granted to Certifying Authorities for the issue of Digital Signature Certificates under these rules; (g) “Licensed Certifying Authority” means Certifying Authority who has been granted a license to issue Digital Signature Certificates; (h) “Person” shall include an individual; or a company or association or body of Individuals; whether incorporated or not; or Central Government or a State Government or any of the Ministries or Departments, Agencies or Authorities of such Governments; (i) “Schedule” means a schedule annexed to these rules; (j) “Subscriber identity verification method” means the method used to verify and authenticate the identity of a subscriber; (k) “Trusted person” means any person who has:

(i) direct responsibilities for the day-today operations, security and performance of those business activities that are regulated under the Act or these Rules in respect of a Certifying Authority; or (ii) duties directly involving the issuance, renewal, suspension, revocation of Digital Signature Certificates (including the identification of any person requesting a Digital Signature Certificate from a licensed Certifying Authority), creation of private keys or administration of a Certifying Authority's computing facilities. (10) The manner in which information be authenticated by means of Digital Signature

Some cyber crime cases
ONLINE CREDIT CARD FRAUD ON E-BAY Bhubaneswar: Rourkela police busted a racket involving an online fraud worth Rs 12.5 lakh. The modus operandi of the accused was to hack into the eBay India website and make purchases in the names of credit cardholders. Two persons, including alleged mastermind Debasis Pandit, a BCA student, were arrested and forwarded to the court of the sub divisional judicial magistrate, Rourkela. The other arrested person is Rabi Narayan Sahu. Superintendent of police D.S. Kutty said the duo was later remanded in judicial custody but four other persons allegedly involved in the racket were untraceable. A case has been registered against the accused under Sections 420 and 34 of the Indian Penal Code and Section 66 of the IT Act and further investigation is on, he said. While Pandit, son of a retired employee of Rourkela Steel Plant, was arrested from his Sector VII residence last night, Sahu, his associate and a constable, was nabbed at his house in Uditnagar. Pandit allegedly hacked into the eBay India site and gathered the details of around 700 credit cardholders. He then made purchases by using their passwords. The fraud came to the notice of eBay officials when it was detected that several purchases were made from Rourkela while the customers were based in cities such as Bangalore, Baroda and Jaipur and even London, said V. Naini, deputy manager of eBay. The company brought the matter to the notice of Rourkela police after some customers lodged complaints. Pandit used the address of Sahu for delivery of the purchased goods, said police. The gang was involved in train, flight and hotel reservations. The hand of one Satya Samal, recently arrested in Bangalore, is suspected in the crime. Samal had booked a room in a Bangalore hotel for three months. The hotel and transport bills rose to Rs 5 lakh, which he did not pay. Samal was arrested for non-payment of bills, following which Pandit rushed to Bangalore and stood guarantor for his release on bail, police sources said.

PARLIAMENT ATTACK CASE Bureau of Police Research and Development at Hyderabad had handled some of the top cyber cases, including analyzing and retrieving information from the laptop recovered from terrorist, who attacked Parliament. The laptop which was seized from the two terrorists, who were gunned down when Parliament was under siege on December 13 2001, was sent to Computer Forensics Division of BPRD after computer experts at Delhi failed to trace much out of its contents. The laptop contained several evidences that confirmed of the two terrorists’ motives, namely the sticker of the Ministry of Home that they had made on the laptop and pasted on their ambassador car to gain entry into Parliament House and the the fake ID card that one of the two terrorists was carrying with a Government of India emblem and seal. The emblems (of the three lions) were carefully scanned and the seal was also crafty made along with residential address of Jammu and Kashmir. But careful detection proved that it was all forged and made on the laptop. Baazee.com case CEO of Baazee.com was arrested in December 2004 because a CD with objectionable material was being sold on the website. The CD was also being sold in the markets in Delhi. The Mumbai city police and the Delhi Police got into action. The CEO was later released on bail. This opened up the question as to what kind of distinction do we draw between Internet Service Provider and Content Provider. The burden rests on the accused that he was the Service Provider and not the Content Provider. It also raises a lot of issues regarding how the police should handle the cyber crime cases and a lot of education is required.

References

http://www.corecentre.co.in/database/docs/docfiles/india_cyber.pdf http://www.ict.msbshse.ac.in/Ch20.pdf http://www.legalindia.in/cyber-crimes-and-the-law http://www.cyberlawsindia.net/cases.html http://www.cyberlawclinic.org/casestudy.asp