1

Information Technology Act

SUYASH JAIN(C016)APOORVA JAJOO(C017)SHREYA KHARE(C018) AKSHAY KHATRI(C019)TEJASV KUMAR(C020)(GROUP – 9) DIV-B

2 India is one of the few countries other than U.S.A, Singapore, Malaysia in the

world that have Information Technology Act to promote E-Commerce and electronic transactions.

Indian parliament has already passed the legislation known as Information Technology Act 2000 drafted by the Ministry of Communications and Information Technology. The Act is based on the "United Nations Commission on International Trade Law" (UNCITRAL) model Law on Electronic Commerce.

3Need of I.T. Act 2000

National Reasons Increasing use of ICTs - business

transactions and entering into contracts

No legal protection Signatory to UNCITRAL

International Reasons

International trade through electronic means.

UNCITRAL had adopted a Model Law on Electronic Commerce in 1996.

The General Assembly of the United Nations- 31st January, 1997

World Trade Organization (WTO)- Electronic medium for transactions.

Crime is no longer limited to space, time or a group of people. Cyber space creates moral, civil and criminal wrongs.

4Objectives

1. To suitably amend existing laws in India to facilitate e-commerce. 2. To provide legal recognition of electronic records and digital signatures. 3. To provide legal recognition to the transactions carried out by means of Electronic Data Interchange (EDI) and other means of electronic communication. 4. To provide legal recognition to business contacts and creation of rights and obligations through electronic media. 5. To establish a regulatory body to supervise the certifying authorities issuing digital signature certificates. 6. To create civil and criminal liabilities for contravention of the provisions of the Act and to prevent misuse of the e-business transactions. 7. To facilitate e-governance and to encourage the use and acceptance of electronic records and digital signatures in government offices and agencies.

5Components of the Act Legal Recognition to Digital Signatures Electronic Governance Mode of Attribution, Acknowledgement and Despatch of Electronic Records. Secure Electronic Records. Regulation of Certification Authorities. Digital Certificates.

6DefinitionsComputer system

Communication Device

Data

Asymmetric crypto system

Certification practice

Electronic form

Secure System

7IT ACT, 2000 –MAJOR PROVISIONS

Extends to the whole of India(Section 1(2))

Electronic contracts will be legally valid (Section 10A )

Legal recognition of digital signatures (Section 3 )

Security procedure for electronic records and digital signature(Section 16 )

Appointment of Controller of Certifying Authorities to license and regulate the working of Certifying Authorities

(Section 17 of the Act for purposes of the IT Act )

8IT ACT, 2000 –MAJOR PROVISIONS (Contd..)

Certifying Authorities to get License from the Controller to issue digital signature certificates

(Section 2) Various types of computer crimes defined and stringent penalties

provided under the Act

Appointment of Adjudicating Officer for holding inquiries under the Act

(Section 46)

Establishment of Cyber Regulatory Appellate Tribunal under the Act (Section 48 )

9IT ACT, 2000 –MAJOR PROVISIONS

Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court

(Section 57)

Appeal from order of Cyber Appellate Tribunal to High Court (Section 62) Act to apply for offences or contraventions committed outside India (Section 75 (1) and (2)) Network service providers not to be liable in certain cases

Power of police officers and other officers to enter into any public place and search and arrest without warrant

(Section 80)

Constitution of Cyber Regulations Advisory Committee to advise the Central Government and the Controller

(Section 88)

Digital Signatures

If a message should be readable but not modifiable, a digital signature is used to authenticate the sender

Parameter Paper Electronic

Authenticity May be forged Cannot be copied

Integrity Signature independent of the document

Signature depends on the contents of the document

Non-repudiation a.Handwriting expert neededb.Error prone

a.Any computer userb.Error free

10

11Civil Offences under the IT Act 2000 (Section 43 )

Unauthorised copying, extracting and downloading of any data, database

Unauthorised access to computer, computer system or computer network

Introduction of virus

Damage to computer System and Computer Network

Disruption of Computer, computer network

12Civil Offences under the IT Act 2000 (Section 43 )

Denial of access to authorised person to computer

Providing assistance to any person to facilitate unauthorised access to a computer

Charging the service availed by a person to an account of another person by tampering and manipulation of other computer shall be liable to pay damages by way of

compensation not exceeding one crore rupees to the person so affected.

13Criminal Offences under the IT Act 2000 (Sections 65 to 75)

Tampering with computer source documents

Hacking with computer system "Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking."

…shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

14Criminal Offences under the IT Act 2000

Electronic forgery I.e. affixing of false digital signature, making false electronic record

Electronic forgery for the purpose of cheating

Electronic forgery for the purpose of harming reputation Using a forged electronic record

Publication of digital signature certificate for fraudulent purpose

Offences and contravention by companies

15Criminal Offences under the IT Act 2000 Electronic forgery I.e. affixing of false digital signature,

making false electronic record

Electronic forgery for the purpose of cheating

Electronic forgery for the purpose of harming reputation Using a forged electronic record

Publication of digital signature certificate for fraudulent purpose

Offences and contravention by companies

Unauthorised access to protected system

16Criminal Offences under the IT Act 2000

Confiscation of computer, network, etc.

Unauthorised access to protected system (Sec. 70)

Misrepresentation or suppressing of material facts for obtaining Digital Signature Certificates

Directions of Controller to a subscriber to extend facilities to decrypt information (Sec. 69)

Breach of confidentiality and Privacy (Sec. 72)

17Cases Famous Baazee (now eBay India) CEO arrest case

Two school kids record a pornographic clip on their mobile phone, and share it as an MMS

An IIT student receives the clip and posts it on Baazee.com (the Indian arm of Ebay) for auction

When this is discovered, the Delhi Cyber Crime Cell arrests: Mr. Avnish Bajaj, Director of Bazee The IIT student who posted the clip The juvenile who was in the clip

Section 67 “Publishing of information which is obscene in electronic form” is invoked

18Cases

The Cybercime Cell’s website was hacked A hoax email about a bomb planted in Parliament was sent to all

the MP’s In both cases, the police arrested the owners of the cyber cafes

from where the crimes were committed Sections 65 (tampering with computer source documents) and 66

(hacking with computer system) were invoked Conclusions

info@niiconsulting.com

19

Major Amendments

20

1) Electronic signatures introduced- With the passage of the IT ( Amendment) Act,2008 India has become technologically neutral due to adoption of electronic signatures as a legally valid mode of executing signatures . This includes digital signatures as one of the modes of signatures and is far broader in ambit covering biometrics and other new forms of creating electronic signatures

21

(2) Corporate responsibility introduced in S. 43A The corporate responsibility for data protection is incorporated in S 43A in the amended IT Act, 2000 whereby corporate bodies handling sensitive personal information or data in a computer resource are under an obligation to ensure adoption of ‘reasonable security practices‟ to maintain its secrecy, failing which they may be liable to pay damages. Also, there is no limit to the amount of compensation that may be awarded by virtue of this section.

22

(3) Legal validity of electronic documents re-emphasized- Two new sections Section 7A and 10A in the amended Act reinforce the equivalence of paper based documents to electronic documents. Section 7A in the amended Act makes audit of electronic documents also necessary wherever paper based documents are required to be audited by law. Section 10A confers legal validity & enforceability on contracts formed through electronic means.

23

(4) New cybercrimes as offences under amended Act- Many cybercrimes for which no express provisions existed in the IT Act,2000 now stand included by the IT (Amendment) Act, 2008. Sending of offensive or false messages (s 66A), receiving stolen computer resource (s 66B), identity theft (s 66C), cheating by personation (s 66D), violation of privacy (s 66E). A new offence of Cyber terrorism is added in Section 66 F which prescribes punishment that may extend to imprisonment for life .

24(5) Section 69- Power of the controller to intercept amended It deals with power of Controller to intercept information being transmitted through a computer resource when necessary in national interest is amended by Section 69.In fact the power vests now with the Central Government or State Government that empowers it to appoint for reasons in writing, any agency to intercept, monitor or decrypt any information generated , transmitted , received or stored in any computer resource .

25

(6) Power to block unlawful websites should be exercised with caution-

Section 69A has been inserted in the IT Act by the amendments in 2008 and gives power to Central government or any authorized officer to direct any agency or intermediary(for reasons recorded in writing ) to block websites in special circumstances as applicable in Section 69

Section 69B added to confer Power to collect, monitor traffic data

26

(7)Liability of Intermediary amendedThe amended Section 79 states that the intermediary shall not be liable for any third party information if it is only providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted or the intermediary does not initiate the transmission, select the receiver and select or modify the information contained in transmission.

27Cyber crime• Cybercrimes are Offences that are committed against individuals or groups of

individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)”.

• India is the third most affected nation by online banking malware and cyber crime

28

• Credit card frauds• Cyber pornography • Sale of illegal articles-narcotics, weapons,

wildlife• Online gambling• Intellectual Property crimes- software

piracy, copyright infringement, trademarks violations, theft of computer source code

• Email spoofing• Forgery• Defamation• Cyber stalking (section 509 IPC)• Phishing • Cyber terrorism

Cybercrime is one of the fastest-growing criminal activities on the planet. It covers a huge range of illegal activity including

29Types of cyber crimeTarget group of

computer devices

Target personal computer devices

Against Individual

Against Property

Against Govt.

Denial of service

Malware

Computer Viruses

Transmission of indecent materialHarassment (sexual, racial, religious etc.)

Computer Vandalism Transmission of harmful programs

Terrorize internationalGovt.Cracking into military maintained website

30Modes and manner of committing crimes

Unauthorized accessUnauthorized access means any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network.

HackingEvery act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer.

Trojan AttackThe program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans.

Virus and Worm attack:- A program that has capability to infect other programs and make copies of itself and spread into other programs is called virus. Programs that multiply like viruses but spread from computer to computer are called as worms.

31Script-kiddiesCrackers do more than just spoiling websites. Novices, who are called "script-kiddies" in their circles, gain "root" access to a computer system, giving them the same power over a system as an administrator – such as the power to modify features. They cause damage by planting viruses.

Email spoofing

Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source.

Phishing scams and fraudA ‘phisher’ may use spoof emails to direct a computer user to fraudulent websites to elicit a transfer of money, or sensitive information such as passwords or credit card details, from the user.

32 Cyber crimes in India is likely to cross 3,00,000 by 2015 The majority of cybercrimes are centered on fraud and Phishing, India is the third-most targeted country for Phishing attacks after the US and the

UK, Social networks as well as ecommerce sites are major targets, India is the 16th most bot-infected country worldwide A total number of 22,060, 71,780, 1,30,338, and 49,504 cyber-security incidents

including phishing, scanning, spam, malicious code, website intrusion etc were reported during the year 2012, 2013, 2014 and 2015 (up to May).

In 2015 32,323 websites were hacked by various hacker groups. India is the number 1 country in the world for generating spam.

Cyber crime in India

42 million people fell victim to cybercrime, $8 billion in direct financial losses (2013) 4 in 5 online adults (80%) have been a victim of Cybercrime, 17% of adults online have experienced cybercrime on their mobile phone

Cost of cyber crime

33National Association of Software and ServicesCompanies (NASSCOM):

Premier trade body and the chamber of commerce of the IT-BPO industries in India Not-for-profit organization, registered under the Indian Societies Act, 1860 NASSCOM is the global trade body with over 1200 members, of which over 250 areGlobal companies from the US, UK, EU, Japan and ChinaNASSCOM's Vision is to maintain India leadership position in the global offshore IT-BPO industry, to grow the market by enabling industry to tap into emerging opportunity areas and to strengthen the domestic market in IndiaNASSCOM's Aim to drive the overall growth of the technology and services market and maintain India's leadership position, by taking up the role of a strategic advisor to the industry.NASSCOM'S Objective include accelerating trade development efforts, improving talent supply, strengthening local infrastructure, building partnerships and driving operational excellence. NASSCOM is also helping catalyse the process of innovation, IT workforce development and enhancing data security.

34NASSCOM Initiative

Diversity and Inclusivity Initiative: The initiative focuses on mentoring and empowering diversity within the workplace with respect to gender, ifferently-abledand multi-cultural workforce.Domestic IT Market Initiative: The focus is to promote and grow the domestic IT market by driving IT adoption in newer industry verticals and small and medium businesses.eGovernance Initiative: This initiative aims to be catalyst in eGovernance initiatives and harness ICT for inclusive growth by facilitating collaboration between the industry and government.Education Initiative: The initiative aims to improve the interface between the IT-BPO industry and academia to ensure availability of globally employable IT-BPO professionals. Specific programmes on enhancing capacity and employment of the workforce are being undertaken.Green IT Initiative: This initiative is focused on enabling the IT-BPO industry in India to contribute to the environment through technology and adoption of environmentally-friendly infrastructure.

35Conclusion New forms of cyber crimes Internet Banking, E-fund transfer and e-payments laws. Cyber Taxation issues:-

Jurisdictional problems PE- issues whether a website a PE Problem of jurisdiction and extraterritorial jurisdiction Privacy concernsBut

Suggested amendments to the IT Act,2000-new provisions for child pornography, etc.