Impact of cyber laws on various stakeholders

IMPACT OF CYBER LAWS ON VARIOUS

STAKEHOLDERS

Adv. Sagar RahurkarTechno-Legal Consultant

© Adv. Sagar Rahurkar 2012

INDEX Development of cyber law in India Various authorities under the IT Act Legal issues related to digital evidence Who is an

expert witness in case of digital evidence? Some of the important issues covered by the IT Act Powers of government/law enforcement under IT Act Landmark cases decided by Indian courts Shortcomings in the current system Who is expecting what from the cyber laws?


CYBER LAWS


RECENT RULES UNDER IT ACT


AIMS BEHIND ENACTMENT


JURISDICTION


AUTHORITIES UNDER THE IT ACT & THEIR POWERS

NTRO Sec. 70A

CERT-IN Sec. 70B

Military CERT’S (Military laws)

Intelligence Agencies (Special pawers)

CID/CBI (Special cases)

Forensics labs (For computer forensics)

Police/Cyber Cell (First responders)


WHAT IS DIGITAL EVIDENCE ?

Digital evidence is information and data of value to an

investigation that is stored on, received, or transmitted

by an electronic device.

This evidence is acquired when data or electronic

devices are seized and secured for examination.


DIGITAL EVIDENCE AND CYBER TRAILS CAN RELATE TO..

Online banking frauds

Online share trading fraud

Source code theft

Credit card fraud

Tax evasion

Virus attacksCyber sabotage

Phishing attacks

Email hijacking

Denial of service

Hacking

Divorce cases

Murder cases

Organized crime

Terrorist operations

Defamation

Pornography

Extortion

Smuggling etc..

Office Setup

Cyber Cafe

Home PC

Scene of Acquisition

What do you look for ????

Lapto

p ?

Desktop ?

CD / DVD ?

Pen Driv

e ?

Memory

Card

?

POTENTIAL DEVICES OF EVIDENCE

Storage Devices

Handheld Devices

Peripheral Devices

Network Devices

Other potential source of digital evidence


DIGITAL EVIDENCE ANALYSIS AS A PROCESS

First Responder

Forensic Analyst

DIGITAL EVIDENCE – LEGAL ISSUES


INDIAN EVIDENCE ACT

Sec. 3 (a) – Scope of definition of evidence

expanded to include electronic records

Sec. 65B - Admissibility of electronic

records

The person owning or in-charge of the

computer from which the evidence is taken

has to give certificate as to the genuineness

of electronic record.


admin

Electronic records – Sec. 2(1)(t) - "electronic record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.

Sec. 88A - Presumption as to electronic

messages

The Court may presume that an electronic

message forwarded by the originator through an

electronic mail server to the addressee to whom

the message purports to be addressed

corresponds with the message as fed into his

computer for transmission; but the Court shall

not make any presumption as to the person by

whom such message was sent.

INDIAN EVIDENCE ACT

THE IT ACT

Sec. 79A - Central Government to notify Examiner of Electronic Evidence

The Central Government may, for the purposes of providing expert opinion on electronic evidence before any court or other authority specify, by notification in the Official Gazette, any Department, body or agency of the Central Government or a State Government as an Examiner of Electronic Evidence


WHO IS AN EXPERT?

WHO IS AN EXPERT?

Daubert principle is a very famous for cases in which scientific methods and knowledge is involved and is still referred in courts while determining the test for the admission of scientific expert’s testimony.

In Frye v United States, 54 App. D.C. 46, 47, 293 F.1013, 1014, for the rule that expert opinion based on a scientific technique is inadmissible unless the technique is “generally accepted” as reliable in the relevant scientific community.

WHO IS AN EXPERT? THE COURT MUST ASK

Does this person possess enough specialized or

skilled knowledge about the subject matter in

question, to enable him or her to assist the trier of

fact?

But again here the question arises, though the expert

witness possesses the knowledge, whether the judge

has understood the technology involved in the case?

Without understanding the technology involved, how

can a judge deny expert’s testimony?

WHO IS AN EXPERT? DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS

1. While carrying out the investigation, whether the

expert working on that case has used scientific method

i.e. discovery technique.?

This will help court in determining the approach of the

expert and the method used to arrive at the conclusion

is proper or not. The court will see in the testimony of

the expert is able to explain proper justification of each

and every step performed to arrive at the conclusion.

WHO IS AN EXPERT? DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS –

2. The court shall also try to analyze whether the

method used by the expert in the present case

has ever been used by any other expert or same

expert in any other case.

The court may also look at the impact in the light

of facts of both cases. The court may also see the

justification of each and every step.


3. The court may also look at what kind of discovery

methods used and may ask for the justification.

Court may also go into the inquiry of tools used by the

expert and chances of getting error in computer

forensics.

Court may go for the comparison for the same discovery

technique used in present case with the technique used

in the other cases. It becomes the responsibility of the

computer forensics expert to satisfy judge.


4. If the computer forensics expert is relying on

someone’s opinion, then the expert should

produce such document or such opinion

before the court of law to justify his

statement.


Other factors to be considered when evaluating

the admissibility of expert testimony –

Testing method;

Peer review;

Error rates;

Acceptability within the relevant professional

community.


Minimum Standard to be called as an

“Computer Forensics Expert” may include –

Technical knowledge and Qualification

Experience

Evidence Analysis

Discovery technique


Court may reject the Computer Forensics

Expert in the following circumstances –

Unable to answer

Unable to preserve the evidence

Does not find the evidence for the same issue

Vague Conclusion

Judge’s discretion

OVERVIEW OF CYBER LAWS

CRIMINAL OFFENCES – CHAPT. XI

SECTION 66

Removal of definition of “hacking”

Section renamed as Computer related offences

All the acts referred under Section 43, are

covered u/Sec. 66 if they are done

“dishonestly” or “fraudulently”

SOURCE CODE THEFT

Section 65 and 43 (j)

• Punishment (U/Sec. 65) – Imprisonment – Upto 3 years orFine – Upto Rs. 2 Lakh orBoth

• Additionally provisions of Copyright Act will also apply

SECTION 66A

• Sending of offensive or false messages

• Covers following sent by sms / email:-

grossly offensive messages menacing messages false information sent for causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will.. phishing, email spoofing, Spam mails, Threat mails

• Punishment – imprisonment upto 3 years and fine

SECTION 66B

• Dishonestly receiving stolen

computer

resource or communication device

• Covers use of stolen Computers,

mobile phones, SIM Cards, etc

• Also covers “data theft”

• Punishment – imprisonment upto 3

years and fine

Section 66 C

• Identity theft

• Fraudulently or dishonestly using

someone else’s electronic

signature, password or any other

unique identification feature

• Punishment - imprisonment

upto 3 years and fine

Section 66 D

• Cheating by Personation

• Cheating by pretending to be some

other person

• To create an e-mail account, Social

networking a/c on someone else's name

• Punishment – imprisonment upto 3

years and fine

Section 66F - Cyber Terrorism

Use of Cyberspace to –

Threaten the unity, integrity, security

or sovereignty of India or

To strike terror amongst people or

Attack on Critical Information

Infrastructure of India with terror

intentions

Punishment - Life imprisonment (Max.)

Sec. 66 E

• Violation of Personal Privacy

• Popularly known as Voyeurism

• Covers acts like hiding cameras in changing

rooms, hotel rooms, etc.

• Punishment –imprisonment upto 3 years

or fine upto Rs. 2 lakh or both

Section 67

Cyber Pornography

Publishing or transmitting obscene

material in the electronic form

Punishment –

First instance - imprisonment upto 3

years and fine upto Rs. 5 lakh

Subsequent - imprisonment upto 5

years

and fine upto Rs. 10 lakh

Section 67(B)

Child Pornography

Creating, collecting, browsing, downloading, etc of a

material relating to Child Pornography

Punishment –

• First instance - imprisonment upto 5 years

• Subsequent - imprisonment upto 7 years

Fine upto Rs. 10 lakh

POWERS OF GOVERNMENT AND LAW ENFORCEMENT AGENCIES

PRESERVATION OF INFORMATION BY INTERMEDIARIES

• Section 67(C)

• Intermediary shall preserve and retain information as may be specified for such duration and in such manner and format as the Central Government may

prescribe • Maintaining MAC address????

SEC 69- POWER TO INTERCEPT OR MONITOR OR DECRYPT

Central or State Government or any of its officer

specially authorised have powers to issue directions

for interception or monitoring or decryption of any

information through any computer resource under

special circumstances*

Failure to co-operate with the aforementioned

agencies shall be punishable with imprisonment for 7

years + fine

SEC 69(A)- BLOCKING FOR PUBLIC ACCESS

Central Government or any of its officer specially

authorised have powers to issue directions for

blocking for public access of any information

through any computer resource under special

circumstances*

Intermediary failing to comply with the directions

shall be punishable with imprisonment for 7 years

+ fine

LANDMARK CASES DECIDED BY THE INDIAN COURTS

AVNISH BAJAJ VS. STATE (N.C.T.) OF DELHI

Avnish Bajaj, CEO of Baazee.com, (former

Indian subsidiary of eBay) was arrested for

distributing pornographic clip by using its

website.

The charges stemmed from the fact that

someone had sold copies of a pornographic

CD through the Baazee.com website.

GOOGLE INDIA PVT. LTD., VS. M/S. VISAKA INDUSTRIES LIMITED

The petitioner cannot claim any exemption

u/s 79 of the IT Act and as petitioner had

failed to act expeditiously and diligently

despite of the fact that the respondent issued

notice about dissemination of the defamatory

material and unlawful activities.

Case decided by – the Adjudicating officer, Government of Tamilnadu

Petitioner suffered a loss of Rs. 1,62,800/- as a result of the phishing attack

Amount was supposed to have been transferred on the account of another customer of ICICI Bank

Petitioner claimed that he had suffered a loss due to unauthorised access to his account

Petitioner further claimed that he had suffered a loss as bank has failed to establish a due diligence and in providing adequate checks and safeguards to prevent unauthorised access into his account. Bank had also not adhered to the KYC norms given by the RBI.

48

SHRI. THOMAS RAJU VS ICICI BANK

STATE VS. MOHD. AFZAL AND OTHERS

Several terrorists had attacked the Parliament of India on 13th December, 2001. During their prosecution, evidence produced was in a Digital form.

The accused had argued that computers and digital evidence can easily be tampered and hence should not be relied upon. The court dismissed these arguments and held that challenges as to the accuracy of digital evidence on any ground should be proved by the challenger. Mere theoretical and generic doubts cannot be cast on the evidence.

SHORTCOMINGS IN THE CURRENT SYSTEM

FUNDAMENTALS OF INVESTIGATION

ISSUES

Initiate efforts to achieve international co-operation in investigation (Eu Conv.)

Laws relating to expert witness should be clear

Establish guidelines for search and seizure (Increasing capacity of 1st responders)

Correct application of law

Establishment of cyber forensics cells

Awareness, sensitization and training

POSSIBLE SOLUTIONS

WHO IS EXPECTING WHAT FROM CYBER LAWS?

[email protected]

Impact of cyber laws on various stakeholders

Technology

Transcript of Impact of cyber laws on various stakeholders