Impact of cyber laws on various stakeholders
-
Upload
sagar-rahurkar -
Category
Technology
-
view
912 -
download
1
Transcript of Impact of cyber laws on various stakeholders
IMPACT OF CYBER LAWS ON VARIOUS
STAKEHOLDERS
Adv. Sagar RahurkarTechno-Legal Consultant
© Adv. Sagar Rahurkar 2012
INDEX Development of cyber law in India Various authorities under the IT Act Legal issues related to digital evidence Who is an
expert witness in case of digital evidence? Some of the important issues covered by the IT Act Powers of government/law enforcement under IT Act Landmark cases decided by Indian courts Shortcomings in the current system Who is expecting what from the cyber laws?
© Adv. Sagar Rahurkar 2012
CYBER LAWS
© Adv. Sagar Rahurkar 2012
RECENT RULES UNDER IT ACT
© Adv. Sagar Rahurkar 2012
AIMS BEHIND ENACTMENT
© Adv. Sagar Rahurkar 2012
JURISDICTION
© Adv. Sagar Rahurkar 2012
AUTHORITIES UNDER THE IT ACT & THEIR POWERS
NTRO Sec. 70A
CERT-IN Sec. 70B
Military CERT’S (Military laws)
Intelligence Agencies (Special pawers)
CID/CBI (Special cases)
Forensics labs (For computer forensics)
Police/Cyber Cell (First responders)
© Adv. Sagar Rahurkar 2012
WHAT IS DIGITAL EVIDENCE ?
Digital evidence is information and data of value to an
investigation that is stored on, received, or transmitted
by an electronic device.
This evidence is acquired when data or electronic
devices are seized and secured for examination.
© Adv. Sagar Rahurkar 2012
DIGITAL EVIDENCE AND CYBER TRAILS CAN RELATE TO..
Online banking frauds
Online share trading fraud
Source code theft
Credit card fraud
Tax evasion
Virus attacksCyber sabotage
Phishing attacks
Email hijacking
Denial of service
Hacking
Divorce cases
Murder cases
Organized crime
Terrorist operations
Defamation
Pornography
Extortion
Smuggling etc..
Office Setup
Cyber Cafe
Home PC
Scene of Acquisition
What do you look for ????
Lapto
p ?
Desktop ?
CD / DVD ?
Pen Driv
e ?
Memory
Card
?
POTENTIAL DEVICES OF EVIDENCE
Storage Devices
Handheld Devices
Peripheral Devices
Network Devices
Other potential source of digital evidence
© Adv. Sagar Rahurkar 2012
DIGITAL EVIDENCE ANALYSIS AS A PROCESS
First Responder
Forensic Analyst
DIGITAL EVIDENCE – LEGAL ISSUES
© Adv. Sagar Rahurkar 2012
INDIAN EVIDENCE ACT
Sec. 3 (a) – Scope of definition of evidence
expanded to include electronic records
Sec. 65B - Admissibility of electronic
records
The person owning or in-charge of the
computer from which the evidence is taken
has to give certificate as to the genuineness
of electronic record.
© Adv. Sagar Rahurkar 2012
Sec. 88A - Presumption as to electronic
messages
The Court may presume that an electronic
message forwarded by the originator through an
electronic mail server to the addressee to whom
the message purports to be addressed
corresponds with the message as fed into his
computer for transmission; but the Court shall
not make any presumption as to the person by
whom such message was sent.
INDIAN EVIDENCE ACT
THE IT ACT
Sec. 79A - Central Government to notify Examiner of Electronic Evidence
The Central Government may, for the purposes of providing expert opinion on electronic evidence before any court or other authority specify, by notification in the Official Gazette, any Department, body or agency of the Central Government or a State Government as an Examiner of Electronic Evidence
© Adv. Sagar Rahurkar 2012
WHO IS AN EXPERT?
WHO IS AN EXPERT?
Daubert principle is a very famous for cases in which scientific methods and knowledge is involved and is still referred in courts while determining the test for the admission of scientific expert’s testimony.
In Frye v United States, 54 App. D.C. 46, 47, 293 F.1013, 1014, for the rule that expert opinion based on a scientific technique is inadmissible unless the technique is “generally accepted” as reliable in the relevant scientific community.
WHO IS AN EXPERT? THE COURT MUST ASK
Does this person possess enough specialized or
skilled knowledge about the subject matter in
question, to enable him or her to assist the trier of
fact?
But again here the question arises, though the expert
witness possesses the knowledge, whether the judge
has understood the technology involved in the case?
Without understanding the technology involved, how
can a judge deny expert’s testimony?
WHO IS AN EXPERT? DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS
1. While carrying out the investigation, whether the
expert working on that case has used scientific method
i.e. discovery technique.?
This will help court in determining the approach of the
expert and the method used to arrive at the conclusion
is proper or not. The court will see in the testimony of
the expert is able to explain proper justification of each
and every step performed to arrive at the conclusion.
WHO IS AN EXPERT? DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS –
2. The court shall also try to analyze whether the
method used by the expert in the present case
has ever been used by any other expert or same
expert in any other case.
The court may also look at the impact in the light
of facts of both cases. The court may also see the
justification of each and every step.
WHO IS AN EXPERT? DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS –
3. The court may also look at what kind of discovery
methods used and may ask for the justification.
Court may also go into the inquiry of tools used by the
expert and chances of getting error in computer
forensics.
Court may go for the comparison for the same discovery
technique used in present case with the technique used
in the other cases. It becomes the responsibility of the
computer forensics expert to satisfy judge.
WHO IS AN EXPERT? DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS –
4. If the computer forensics expert is relying on
someone’s opinion, then the expert should
produce such document or such opinion
before the court of law to justify his
statement.
WHO IS AN EXPERT? DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS –
Other factors to be considered when evaluating
the admissibility of expert testimony –
Testing method;
Peer review;
Error rates;
Acceptability within the relevant professional
community.
WHO IS AN EXPERT? DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS –
Minimum Standard to be called as an
“Computer Forensics Expert” may include –
Technical knowledge and Qualification
Experience
Evidence Analysis
Discovery technique
WHO IS AN EXPERT? DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS –
Court may reject the Computer Forensics
Expert in the following circumstances –
Unable to answer
Unable to preserve the evidence
Does not find the evidence for the same issue
Vague Conclusion
Judge’s discretion
OVERVIEW OF CYBER LAWS
CRIMINAL OFFENCES – CHAPT. XI
SECTION 66
Removal of definition of “hacking”
Section renamed as Computer related offences
All the acts referred under Section 43, are
covered u/Sec. 66 if they are done
“dishonestly” or “fraudulently”
SOURCE CODE THEFT
Section 65 and 43 (j)
• Punishment (U/Sec. 65) – Imprisonment – Upto 3 years orFine – Upto Rs. 2 Lakh orBoth
• Additionally provisions of Copyright Act will also apply
SECTION 66A
• Sending of offensive or false messages
• Covers following sent by sms / email:-
grossly offensive messages menacing messages false information sent for causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will.. phishing, email spoofing, Spam mails, Threat mails
• Punishment – imprisonment upto 3 years and fine
SECTION 66B
• Dishonestly receiving stolen
computer
resource or communication device
• Covers use of stolen Computers,
mobile phones, SIM Cards, etc
• Also covers “data theft”
• Punishment – imprisonment upto 3
years and fine
Section 66 C
• Identity theft
• Fraudulently or dishonestly using
someone else’s electronic
signature, password or any other
unique identification feature
• Punishment - imprisonment
upto 3 years and fine
Section 66 D
• Cheating by Personation
• Cheating by pretending to be some
other person
• To create an e-mail account, Social
networking a/c on someone else's name
• Punishment – imprisonment upto 3
years and fine
Section 66F - Cyber Terrorism
Use of Cyberspace to –
Threaten the unity, integrity, security
or sovereignty of India or
To strike terror amongst people or
Attack on Critical Information
Infrastructure of India with terror
intentions
Punishment - Life imprisonment (Max.)
Sec. 66 E
• Violation of Personal Privacy
• Popularly known as Voyeurism
• Covers acts like hiding cameras in changing
rooms, hotel rooms, etc.
• Punishment –imprisonment upto 3 years
or fine upto Rs. 2 lakh or both
Section 67
Cyber Pornography
Publishing or transmitting obscene
material in the electronic form
Punishment –
First instance - imprisonment upto 3
years and fine upto Rs. 5 lakh
Subsequent - imprisonment upto 5
years
and fine upto Rs. 10 lakh
Section 67(B)
Child Pornography
Creating, collecting, browsing, downloading, etc of a
material relating to Child Pornography
Punishment –
• First instance - imprisonment upto 5 years
• Subsequent - imprisonment upto 7 years
Fine upto Rs. 10 lakh
POWERS OF GOVERNMENT AND LAW ENFORCEMENT AGENCIES
PRESERVATION OF INFORMATION BY INTERMEDIARIES
• Section 67(C)
• Intermediary shall preserve and retain information as may be specified for such duration and in such manner and format as the Central Government may
prescribe • Maintaining MAC address????
SEC 69- POWER TO INTERCEPT OR MONITOR OR DECRYPT
Central or State Government or any of its officer
specially authorised have powers to issue directions
for interception or monitoring or decryption of any
information through any computer resource under
special circumstances*
Failure to co-operate with the aforementioned
agencies shall be punishable with imprisonment for 7
years + fine
SEC 69(A)- BLOCKING FOR PUBLIC ACCESS
Central Government or any of its officer specially
authorised have powers to issue directions for
blocking for public access of any information
through any computer resource under special
circumstances*
Intermediary failing to comply with the directions
shall be punishable with imprisonment for 7 years
+ fine
LANDMARK CASES DECIDED BY THE INDIAN COURTS
AVNISH BAJAJ VS. STATE (N.C.T.) OF DELHI
Avnish Bajaj, CEO of Baazee.com, (former
Indian subsidiary of eBay) was arrested for
distributing pornographic clip by using its
website.
The charges stemmed from the fact that
someone had sold copies of a pornographic
CD through the Baazee.com website.
GOOGLE INDIA PVT. LTD., VS. M/S. VISAKA INDUSTRIES LIMITED
The petitioner cannot claim any exemption
u/s 79 of the IT Act and as petitioner had
failed to act expeditiously and diligently
despite of the fact that the respondent issued
notice about dissemination of the defamatory
material and unlawful activities.
Case decided by – the Adjudicating officer, Government of Tamilnadu
Petitioner suffered a loss of Rs. 1,62,800/- as a result of the phishing attack
Amount was supposed to have been transferred on the account of another customer of ICICI Bank
Petitioner claimed that he had suffered a loss due to unauthorised access to his account
Petitioner further claimed that he had suffered a loss as bank has failed to establish a due diligence and in providing adequate checks and safeguards to prevent unauthorised access into his account. Bank had also not adhered to the KYC norms given by the RBI.
48
SHRI. THOMAS RAJU VS ICICI BANK
STATE VS. MOHD. AFZAL AND OTHERS
Several terrorists had attacked the Parliament of India on 13th December, 2001. During their prosecution, evidence produced was in a Digital form.
The accused had argued that computers and digital evidence can easily be tampered and hence should not be relied upon. The court dismissed these arguments and held that challenges as to the accuracy of digital evidence on any ground should be proved by the challenger. Mere theoretical and generic doubts cannot be cast on the evidence.
SHORTCOMINGS IN THE CURRENT SYSTEM
FUNDAMENTALS OF INVESTIGATION
FUNDAMENTALS OF INVESTIGATION
ISSUES
Initiate efforts to achieve international co-operation in investigation (Eu Conv.)
Laws relating to expert witness should be clear
Establish guidelines for search and seizure (Increasing capacity of 1st responders)
Correct application of law
Establishment of cyber forensics cells
Awareness, sensitization and training
POSSIBLE SOLUTIONS
WHO IS EXPECTING WHAT FROM CYBER LAWS?