IT ACT2000.doc

8/14/2019 IT ACT2000.doc

1/52

INFORMATION TECHNOLOGY ACT-2000

Information technology act 2000

MET COLL MMS 1 B 1

8/14/2019 IT ACT2000.doc

2/52


Executive summary

The Internet in India is growing rapidly. It has given rise to new opportunities in everyfield we can think of be it entertainment, business, sports or education. There are twosides to a coin. Internet also has its own disadvantages. ne of the ma!or disadvantages is

"ybercrime illegal activity committed on the Internet. The Internet, along with itsadvantages, has also exposed us to security risks that come with connecting to a largenetwork. "omputers today are being misused for illegal activities like e#mail espionage,credit card fraud, spams, software piracy and so on, which invade our privacy and offendour senses. "riminal activities in the cyberspace are on the rise.

$The modern thief can steal more with a computer than with a gun. Tomorrow%s terroristmay be able to do more damage with a keyboard than with a bomb$.

&ational 'esearch "ouncil, $"omputers at 'isk$, 1((1.

The pro!ect explains the above issues and the IT )"T with the help of "ases and recentdevelopments. *o read on to find more+++++

MET COLL MMS 1 B

8/14/2019 IT ACT2000.doc

3/52


INTRODUCTION

-e are living in very turbulent times. The world is changing, and changing fast. *ome ofthese changes are social and political others are ecological. *ome are evolutionary,others revolutionary. &o matter where you plan to live or how you plan to make a living,you can expect that constant and rapid change will be a normal part of your life.Technology, especially information technology, is playing a large part in these changes.n the one hand, the drive for innovation in fields as diverse as military operations andmedicine has fueled a demand for continual advances in Information technology. n theother hand, the constant advances in information technology have resulted in profoundinfluences on most organi/ations and industries. &ew products and services have beendeveloped new companies and industries have failed. )dvances in Informationtechnology and communication technologies also have altered our concepts of time anddistance. 0usiness negotiations may be conducted in a face#to#face2 environment, evenif one face is in 3apan and the other in 4ermany. *imilarly, information systems allow5#hour trading on financial markets around the world. The continually expandingcapabilities of information technology have many implications for the management oforgani/ations, as well as for broader societal issues. Information technology, when usedas part of an information system 6I7*8 enables an organi/ation to monitor changes incustomer preferences immediately, allowing it to react 9uickly, and increasing itsflexibility.

Internet use is on the increase in India. Internet : specially e#mail has revolutioni/ed thecommunication so much so that the postal : courier industry face a threat from this newmedium. ;owever the rapid evolution of Internet also raised numerous legal issues and9uestions, which were re9uired to be looked into.

aw= 6@&"IT'>8. 0y means of a notification on ctober 1A, BBB, the Indiangovernment appointed this date as the date on which the provisions of the InformationTechnology )ct, BBB came into force. The parliament had passed the IT )ct, BBB onCay 1A, BBB and the said legislation received the assent of the Dresident of India on ( th

3une BBB. ;owever the act did not succeed in achieving its actual motive which is ratherthe point of discussion for us.

MET COLL MMS 1 B

8/14/2019 IT ACT2000.doc

4/52


Information Technology Act, 2000

"onnectivity via the Internet has greatly abridged geographical distances and madecommunication even more rapid. -hile activities in this limitless new universe areincreasing incessantly, laws must be formulated to monitor these activities. *ome

countries have been rather vigilant and formed some laws governing the net. In order tokeep pace with the changing generation, the Indian Darliament passed the much#awaitedInformation Technology 6IT8 )ct, BBB 6hereinafter referred to as the )ct8. )s they say,$Its better late than never$.

;owever, even after it has been passed, a debate over certain controversial issuescontinues. ) large portion of the industrial community seems to be dissatisfied withcertain aspects of the )ct. 0ut on the whole, it is a step in the right direction for India.

HISTORY

The Fepartment of Electronics 6FoE8 in 3uly 1((G drafted the bill. ;owever, it couldonly be introduced in the ;ouse on Fecember 1H, 1((( 6after a gap of almost one and ahalf years8 when the new IT Cinistry was formed. It underwent substantial alteration,with the "ommerce Cinistry making suggestions related to e#commerce and matterspertaining to -orld Trade rgani/ation 6-T8 obligations. The Cinistry of >aw and"ompany )ffairs then vetted this !oint draft.

)fter its introduction in the ;ouse, the bill was referred to the 5#member Darliamentary*tanding "ommittee following demands from the Cembers. The *tanding "ommitteemade several suggestions to be incorporated into the bill. ;owever, only thosesuggestions that were approved by the Cinistry of Information Technology were

incorporated. ne of the suggestions that were highly debated upon was that a cyber cafowner must maintain a register to record the names and addresses of all people visitinghis caf and also a list of the websites that they surfed. This suggestion was made as anattempt to curb cyber crime and to facilitate speedy locating of a cyber criminal.;owever, at the same time it was ridiculed, as it would invade upon a net surfer=s privacyand would not be economically viable. )s Cr. Fewang Cehta, Executive Firector of the&ational )ssociation of *oftware and *ervice 6&)**"C8 said, $It would only result inclosing down of all cyber cafs and ultimately deprive people of these facilities.$

8/14/2019 IT ACT2000.doc

5/52


-hat are cyber crimesJ

) simple yet sturdy definition of cyber crime would be $unlawful acts wherein thecomputer is either a tool or a target or both$. "yber crimes are crimes that occur inthe digital space, which is the aggregation of the transaction space within each ofthe connected computers and the virtual space arising out of the connection

;owever, in practice, a "rime2 is associated with a deviant behavior in relation to theestablished >aw2 in the society. In this framework therefore, a "yber "rime2 is anffence2 declared in some statute.

In India, the Information Technology )ct BBB2 6IT)#BBB8 was the specific lawenacted to address the issues concerning the "yber *ociety. This therefore is thereference for us to call any offence a "yber "rime2 or not.

ne restricted meaning of $cyber crimes$ in India could therefore be that it refers to

ffences mentioned in IT)#BBB2.

The @* Fepartment of 3ustice defines $cyber crime$ broadly as $any violations ofcriminal law that involve knowledge of computer technology for their perpetration,investigation or prosecution.$ In 1(A(, the @* Fepartment of 3ustice publicationpartitioned computer crime into three categoriesK computer abuse, the broad range ofinternational acts involving a computer where one or more perpetrators made or couldhave made gain and one or more victims suffered or could have suffered a loss2computer crime, illegal computer abuse LthatM implies direct involvement of computersin committing a crime2 and computer#related crime, any illegal act for which aknowledge of computer technology is essential for successful prosecution.2

8/14/2019 IT ACT2000.doc

6/52


>et us examine the acts wherein the computer is a tool for an unlawful act. This kind ofactivity usually involves a modification of a conventional crime by using computers. *omeexamples are

PHISHING

In computing, phishing 6also known as carding and spoofing8 is a form of socialengineering, characteri/ed by attempts tofraudulentlyac9uire sensitive information, suchaspasswordsand credit card details, by mas9uerading as a trustworthy person or businessin an apparently official electronic communication, such as an email or an instantmessage. The term phishing arises from the use of increasingly sophisticated lures to$fish$ for users% financial information and passwords.

CASE - NASSCO !S" A#AY SOO$ % OTHER

In a landmark !udgment in the case of &ational )ssociation of *oftware and *ervice"ompanies vs )!ay *ood : thers, delivered in Carch, ?BN, the Felhi ;igh "ourtdeclared Ophishing= on the internet to be an illegal act, entailing an in!unction andrecovery of damages.

Elaborating on the concept of ?phishing=, in order to lay down a precedent in India, thecourt stated that it is a form of internet fraud where a person pretends to be a legitimateassociation, such as a bank or an insurance company in order to extract personal datafrom a customer such as access codes, passwords, etc.

The Felhi ;" stated that even though there is no specific legislation in India to penalise

phishing, it held phishing to be an illegal act by defining it under Indian law as amisrepresentation made in the course of trade leading to confusion as to the source andorigin of the e#mail causing immense harm not only to the consumer but even to theperson whose name, identity or password is misused.2 The court held the act of phishingas passing off and tarnishing the plaintiff=s image.

MET COLL MMS 1 B H
http://wiki/Computinghttp://wiki/Computinghttp://wiki/Social_engineering_(computer_security)http://wiki/Social_engineering_(computer_security)http://wiki/Fraudhttp://wiki/Fraudhttp://wiki/Fraudhttp://wiki/Passwordhttp://wiki/Emailhttp://wiki/Emailhttp://wiki/Instant_messaginghttp://wiki/Instant_messaginghttp://wiki/Social_engineering_(computer_security)http://wiki/Social_engineering_(computer_security)http://wiki/Fraudhttp://wiki/Passwordhttp://wiki/Emailhttp://wiki/Instant_messaginghttp://wiki/Instant_messaginghttp://wiki/Computing

8/14/2019 IT ACT2000.doc

7/52


The plaintiff in this case was the &ational )ssociation of *oftware and *ervice"ompanies 6&asscom8, India=s premier software association. The defendants wereoperating a placement agency. In order to obtain personal data, which they could use forpurposes of headhunting, the defendants composed and sent e#mails to third parties in thename of &asscom.

The high court recognised the trademark rights of the plaintiff and passed an e&-'artea(interimin!unction restraining the defendants from using the trade name or any othername deceptively similar to &asscom. The court further restrained the defendants fromholding themselves out as being associates or a part of &asscom.

The court appointed a commission to conduct a search at the defendants= premises. Twohard disks of the computers from which the fraudulent e#mails were sent by thedefendants to various parties were taken into custody by the local commissionerappointed by the court.

Furing the progress of the case, it became clear that the defendants in whose names theoffending e#mails were sent were fictitious identities created by an employee ondefendants= instructions, to avoid recognition and legal action. n discovery of thisfraudulent act, the fictitious names were deleted from the array of parties as defendants inthe case. *ubse9uently, the defendants admitted their illegal acts and the parties settledthe matter through the recording of a compromise in the suit proceedings. )ccording tothe terms of compromise, the defendants agreed to pay a sum of 's1.H million to theplaintiff as damages for violation of the plaintiff=s trademark rights. The court alsoordered the hard disks sei/ed from the defendants= premises to be handed over to theplaintiff who would be the owner of the hard disks.

CY)ER PORNOGRAPHY

This would include pornographic websites pornographic maga/inesproduced using computers 6to publish and print the material8 and theInternet 6to download and transmit pornographic pictures, photos, writingsetc8.

SA*E O+ I**EGA* ARTIC*ES

This would include sale of pornography, narcotics, weapons and wildlife products etc., byposting information on websites, auction websites, and bulletin boards or simply by using

email communication.

E.g. many of the auction sites even in India are believed to be selling cocaine in the nameof %honey%.

MET COLL MMS 1 B A

8/14/2019 IT ACT2000.doc

8/52


+INANCIA* CRIES

This would include cheating, credit card frauds, money laundering etc. In an interestingexample a website offered to sell )lphonso %mangoes at athrowaway price.

8/14/2019 IT ACT2000.doc

9/52


It later revealed that the accused was running five businesses under the guise of onecompany and used fake and computeri/ed vouchers to show sales records and save tax.

$E+AATION

This occurs when defamation takes place with the help of computers and 7 or the Internet.E.g. someone publishes defamatory matter about someone on a website or sends e#mailscontaining defamatory information to all of that person%s friends

)n unidentified person had used a computer from a "handigarh cyber cafe, morphed agirl=s face on nude photos and e#mailed her the same. ;e had also forwarded an e#mailcontaining the girl=s details to some other persons.

)s a result, the girl was flooded with telephone calls from people and was forced toinform senior police officials about the case. Though the @D Dolice "rime 0ranch hasmanaged to track the cyber cafe from where the e#mail was sent, they have been unable

to trace the culprit.

)ccording to the police officials, though they 9uestioned the people who run the cybercafe about the particulars of the person who had used the computer the day the e#mailwas sent, they could not /ero in on his identity.

-hile 9uestioning the cyber cafe owners, it was found out that they had not maintainedrecords of those who used the computers at their cafe.

CY)ER STA*ING

The xford dictionary defines stalking as $pursuing stealthily$. "yber stalking involvesfollowing a person%s movements across the Internet by posting messages 6sometimesthreatening8 on the bulletin boards fre9uented by the victim, entering the chat#roomsfre9uented by the victim, constantly bombarding the victim with emails etc.

EAI* )O)ING

Email bombing refers to sending a large number of emails to the victim resulting in thevictim%s email account 6in case of an individual8 or mail servers 6in case of a company oran email service provider8 crashing.

In one case, a foreigner who had been residing in *imla, India for almostthirty years wanted to avail of a scheme introduced by the *imla ;ousing0oard to buy land at lower rates. 0ut his application was re!ected on the grounds that hewas a foreigner. To take revenge he sent thousands of emails to the *himla ;ousing0oard website until the time the website crashed.

MET COLL MMS 1 B (

8/14/2019 IT ACT2000.doc

10/52


SA*AI ATTACS

These attacks are used for the commission of financial crimes. The key here is to make thealteration so insignificant that in a single case it would go completely unnoticed. E.g. a bankemployee inserts a program, into the bank%s servers, that deducts a small amount of money

say N 's from the account of every customer. &o account holder will probably notice thisunauthori/ed debit, but the bank employee will make a si/able amount of money every month.

$ENIA*O+SER!ICEATTAC .

This involves flooding a computer resource with more re9uests than it can handle. This causesthe resource 6e.g. a web server8 to crash thereby denying authori/ed users the serviceoffered by the resource. )nother variation to a typical denial of service attack is known asa Fistributed Fenial of *ervice 6FFo*8 attack wherein the perpetrators are many and aregeographically widespread. It is very difficult to control such attacks. The attack is initiated bysending excessive demands to the victim%s computers8, exceeding the limit that the victim%sservers can support and making the servers crash. Fenial#of#service attacks have had an

impressive history $having, in the past, brought down websites like )ma/on, "&&, Qahooand e0ayR

!IR,S/OR ATTACS

Piruses are programs that attach themselves to a computer or a file and then circulate themselvesto other files and to other computers on a network. They usually affect the data on acomputer, either by altering or deleting it. -orms, unlike viruses do not need the host to attachthemselves to. They merely make functional copies of themselves and do this repeatedly tillthey eat up all the available space on a computer%s memory.

$ATA $I$$*ING

This kind of an attack involves altering raw data !ust before it is processed by a computerand then changing it back after the processing is completed Electricity 0oards in India havebeen victims of data diddling programs inserted when private parties were computeri/ingtheir systems.

TRO#AN ATTACS

) Tro!an as this program is aptly called, is an unauthori/ed program which functions frominside what seems to be an authori/ed program, thereby concealing what it is actually doing.)s

soon as the unsuspecting victim executes the program ,it takes over the computer.

INTERNET TIE THE+TS

This connotes the usage by an unauthori/ed person of the Internet hours paid for by anotherperson. In an example a Felhi "ourt granted bail to 3oseph 3ose, who was accused of theoffence of stealing Internet hours and sending a hoax e#mail relating to placing of bombs in"onnaught Dlace, a prime shopping area of Felhi. The "ourt of *mt. Camta *ehgal,

MET COLL MMS 1 B 1B

8/14/2019 IT ACT2000.doc

11/52


)ddl. *essions 3udge, &ew Felhi granted bail to the accused in the first case of its kind in thecountry. &o case of either hacking or tampering was made out against the 3oseph3ose. There was no nexus between his client, 3oseph 3ose and the alleged anonymous e#mail,warning of bombs placed in "onnaught Dlace.

n Hth of 3une, a leading national daily received an anonymous e#mail that six bombs hadbeen placed in Felhi%s premier shopping area. The newspaper immediately alerted thepolice, who undertook a massive search for the culprit. The police investigation found thatthe e#mail had been sent from an e#mail account of C7s -ave International. The policeallegedly also traced the number from which Internet was accessed and from which the e#mailwas sent and on that basis, the police made the arrest.

The police registered a case under *ection A(, Indian Denal "ode read with *ection HH ofthe Information Technology )ct BBB and *ection N of the Indian Telegraph )ct 1GGN. Therewas no direct evidence collected by the police linking 3oseph 3ose to the crime and in anycase *ection HH of the IT )ct was not applicable.

The court heard arguments of the counsel for the accused and the prosecution and thereafterpassed the order for bail. In its order, the court considered the totality of the facts andcircumstances of the case and admitted 3oseph 3ose on bail sub!ect to his furnishing bail bond of's. 1N,BBBA# and two sureties of the like amount sub!ect to the satisfaction of the concernedCetropolitan Cagistrate. This is India%s first case of an anonymous e#mail bomb hoax.

E) #ACING

This occurs when someone forcefully takes control of a website 6by cracking thepassword and lat er changing it8. The actual owner of the website does not control the ma!or

portion of what appears on the website.

In a recent inciden t reported in the @*) the owner of a hobby website for children receivedan e#mail informing her that a group of hackers had gained control over her website. Theydemanded a ransom of 1 million dollars from her. The owner, a schoolteacher, did nottake the threat seriously. *he felt that it was !ust a scare tactic and ignored the e#mail. It wasthree days later that she came to know, following many telephone calls from all over thecountry, that the hackers had web !acked her website. *ubse9uently, they had altered aportion of the website which was enti tled %;ow to have fun with goldfish%.

In all the places where it had been mentioned, they had replaced the word %goldfish% with

the word %piranhas%. Diranhas are tiny but extremely dangerous flesh#eating fish. Canychildren had visited the popular website and had believed what the contents of the websitesuggested. These unfortunate children followed the instructions, tried to play withpiranhas, which they bought from pet shops, and were very seriously in!uredR

MET COLL MMS 1 B 11

8/14/2019 IT ACT2000.doc

12/52


*ogic 1om1

These are event dependent programs. This implies that these programs are created to dosomething only when a certain event 6known as a trigger event8 occurs. E.g. even someviruses may be termed logic bombs because they lie dormant all through the year and become

active only on a particular date 6like the "hernobyl virus8.

MET COLL MMS 1 B 1

8/14/2019 IT ACT2000.doc

13/52


IPORTANT PRO!ISIONS A$E IN ITA 2000

Pream1le

The Dreamble to the )ct states that it aims at providing legal recognition for transactionscarried out by means of electronic data interchange and other means of electroniccommunication, commonly referred to as $electronic commerce$, which involve the useof alternatives to paper#based methods of communication and storage of information andaims at facilitating electronic filing of documents with the 4overnment agencies.

The 4eneral )ssembly of the @nited &ations had adopted the Codel >aw on Electronic"ommerce adopted by the @nited &ations "ommission on International Trade >aw6@&"IT')>8 in its 4eneral )ssembly 'esolution )7'E*7N171H dated 3anuary B,1((A. The Indian )ct is in keeping with this resolution that recommended that member

nations of the @& enact and modify their laws according to the Codel >aw.

Thus with the enactment of this )ct, Internet transactions will now be recogni/ed, on#linecontracts will be enforceable and e#mails will be legally acknowledged. It willtremendously augment domestic as well as international trade and commerce.

*egitimacy an( ,e of $igital Signat3re

The )ct has adopted the Dublic Sey Infrastructure 6DSI8 for securing electronictransactions. )s per *ection 618 6p8 of the )ct, a digital signature means anauthentication of any electronic record by a subscriber by means of an electronic method

or procedure in accordance with the other provisions of the )ct. Thus a subscriber canauthenticate an electronic record by affixing his digital signature. ) private key is used tocreate a digital signature whereas a public key is used to verify the digital signature andelectronic record. They both are uni9ue for each subscriber and together form afunctioning key pair.

*ection N provides that when any information or other matter needs to be authenticatedby the signature of a person, the same can be authenticated by means of the digitalsignature affixed in a manner prescribed by the "entral 4overnment.

@nder *ection 1B, the "entral 4overnment has powers to make rules prescribing the type

of digital signature, the manner in which it shall be affixed, the procedure to identify theperson affixing the signature, the maintenance of integrity, security and confidentiality ofelectronic records or payments and rules regarding any other appropriate matters.

MET COLL MMS 1 B 1

8/14/2019 IT ACT2000.doc

14/52


8/14/2019 IT ACT2000.doc

15/52


,tility of electronic recor( an( (igital ignat3re in Go8ernment A3(it Agencie

)ccording to the provisions of the )ct, any forms or applications that have to be filedwith the appropriated 4overnment office or authorities can be filed or any license, permitor sanction can be issued by the 4overnment in an electronic form. *imilarly, the receipt

or payment of money can also take place electronically.

Coreover, any documents or records that need to be retained for a specific period may beretained in an electronic form provided the document or record is easily accessible in thesame format as it was generated, sent or received or in another format that accuratelyrepresents the same information that was originally generated, sent or received. Thedetails of the origin, destination, date and time of the dispatch or receipt of the recordmust also be available in the electronic record.

8/14/2019 IT ACT2000.doc

16/52


-hile issuing the F*", the ") must inter alias, ensure that the applicant holds a privatekey which is capable of creating a digital signature and corresponds to the public key tobe listed on the F*". 0oth of them together should form a functioning key pair.

The ") also has the power to suspend the F*" in public interest on the re9uest of thesubscriber listed in the F*" or any person authorised on behalf of the subscriber.;owever, the subscriber must be given an opportunity to be heard if the F*" is to besuspended for a period exceeding fifteen days. The ") shall communicate the suspensionto the subscriber.

There are two cases in which the F*" can be revoked.

8/14/2019 IT ACT2000.doc

17/52


The "ontroller has the power to issue directions for complying with the provisions of the)ct.

8/14/2019 IT ACT2000.doc

18/52


Police Po7er

) police officer not below the rank of deputy superintendent of police has the power toenter any public place and arrest any person without a warrant if he believes that a cybercrime has been or is about to be committed. This provision may not turn to be very

effective for the simple reason that most of the cyber crimes are committed from privateplaces such as ones own home or office. "yber#cafs and public places are rarely used forcyber crimes. ;owever, if the )ct did give the police department powers to enterpeople=s houses without search warrants, it would amount to an invasion of the right toprivacy and create pandemonium. Seeping this in mind, the >egislature has tried tobalance this provision so as to serve the ends of !ustice and at the same time, avoid anychaos.

n being arrested, the accused person must, without any unnecessary delay, be taken orsent to the magistrate having !urisdiction or to the officer#in#charge of a police station.The provisions of the "ode of "riminal Drocedure, 1(A shall apply in relation to any

entry, search or arrest made by the police officer.

Net7or6 Ser8ice Pro8i(er not lia1le in certain cae

To 9uote *ection AG, it statesK

$

8/14/2019 IT ACT2000.doc

19/52


Electronic go8ernance

The -orld 0ank defines e#governance as the use of information and communicationtechnologies by government agencies to transform relations with citi/ens, business worldand other arms of the government. Ever since the creation of Cinistry of Information

Technology in the @nion 4overnment, *tate and union Territories expressed commitmentfor providing effective, responsive and transparent citi/en governance through the use ofInformation Technology. E#governance is used as a synonym for an InformationTechnology driven system of governance that works better, costs less and is capable ofservicing people%s needs. It is also broadly defined as the use of Information Technologyfor efficient delivery of 4overnment services to the people, business world and industry.The term e#governance involves the computeri/ation and networking of all governmentdepartments and linking each district and taluka, with the *tate head9uarters. Theob!ective of e#governance in India goes beyond mere computeri/ation of governmentoffices. It fundamentally means changing the way the government operates and implies anew set of responsibilities for civil servants, business world and the public. Dlans such as

online services will give an average citi/en access to 4overnment services, with fasterresponses at more convenient hours. These services include providing information,collecting taxes, granting licenses, administering regulations and paying grants andbenefits. The aim of e#governance is to eliminate middlemen and corruption. nce peopleknow that information could not be monopoli/ed, they would demand access to it.

ith re'ect to electronic go8ernance5 the Act 'ro8i(e for the follo7ing.

)ny information or other matter, which the law re9uires to be in writing or in printedform, may be rendered or made available in electronic form, in a manner so as to beaccessible and usable for subse9uent reference.

*uch information or matter can be authenticated by means of a digital signature affixed ina manner prescribed by the central government

8/14/2019 IT ACT2000.doc

20/52


Poi1le ,e of E-Go8ernance#

The future of e#governance is very bright. -ith the help of information technology, thedaily matters can be effectively taken care of irrespective of the field covered by it.

8/14/2019 IT ACT2000.doc

21/52


robust and authenticated e#business transactions is incomplete without consideration of?security= as a prominent aspect of ?online signatures=.

ne may consider an e#signature as a type of electronic a3thentication. *uchauthentication can be achieved by means of different types of technologies. ) $igitalSignat3re6F*8 can be considered as a type of e#signature, which uses a particular kindof technology that is F* technology. F* technology involves encrypting messages insuch a way that only legitimate parties are able to decrypt the message. Two separate butinterrelated ?keys= carry out this process of encryption and decryption.

ne party in the transactions holds the secret key, or the private key, and the other partyholds the public key or the key with wide access. The selection and use of an encryptiontechni9ue plays a crucial role in the design and development of keys. In short, a F*satisfies all the functions, such as authenticity, non#repudiation, and security, of a hand#written signature. *uch a ?signature= can be viewed as a means of authentication and canbe owned by an individual. -hile using this technology, there must be third partyinvolvement order to handle the liability issues that may be raised by bilateraltransactions. -ith this existing legal infrastructure and the rapid emergence of softwaresecurity products, it is important to understand the role of emerging technologies like F*in e#business. ne of the ma!or indicators of technological improvements is the marketdevelopment and commerciali/ation of that technology.

)iometric A3thentication % $igital Signat3re for the Pharmace3tical In(3try

Dharmaceutical companies are commonly driven by getting new drugs to market as9uickly as possible making the manufacturing process as efficient as possibleCaintaining high levels of 9uality control improving customer satisfaction. )s pharma isa tightly regulated industry, there is a need to properly authenticate people so as tocontrol access to systems and provide audit trail. There is also a need to authenticatepeople to allow them to electronically sign off on processes. The need for authenticationexists throughout the value chain from molecule to mouth.) limited number of pharma companies have incorporated new technology to streamline':F. The bulk of industryplayers, however, have yet to progress beyond paper and ink.'egulators have passed guidelines that allow for electronic submission of data in order toadd velocity to the approval process and increase the accuracy of study data. Dharmagiants such as )straeneca Dharmaceuticals >D, "hiron "orporation and '- 3ohnsonDharmaceutical 'esearch Institute use Intra>inks digital workspaces to create similarefficiencies throughout the clinical trial process, licensing, C:) and contractsadministration. This collaboration solution allows sponsors, co#development partners,

MET COLL MMS 1 B 1

8/14/2019 IT ACT2000.doc

22/52


"'s, investigators and other clinical trail participants to use internet#based technologywithout infrastructure investments. Figital workspaces can be accessed from any internetready computer via a web browser. Interlinks has developed an online interactive solutionthat can be used by investigative sites, study pro!ect managers and regulatory authorities.

$igital Signat3re % Health In(3try

-ith the promise of better patient care, improved efficiencies, and lower costs,1st"entury health care is moving onto the Internet. In this increasingly virtual businessmilieu, market forces and government regulations are demanding that health care

organi/ations 6;"s8 protect the privacy and integrity of patient information. ) primarydriver of this dramatic electronic transformation is the )dministrative simplificationprovisions of the ;ealth Insurance Dortability and )ccountability )ct 6;ID))8, whichmandated the Fepartment of ;ealth and ;uman *ervices 6F;;*8 to establish nationalstandards for electronic transactions and rules for privacy and security in the health careindustry. The goal was to improve the efficiency and effectiveness of the country=s healthcare system by encouraging the widespread use of electronic data inter# change while atthe same time protecting patient privacy and ensuring data security.

The rules define what information is to be protected and who is authori/ed to access thatinformation, and upholds the rights of individuals to keep information about themselves

from being disclosed. @nder the privacy rule, patients must be informed of these rightsand receive notice of privacy practices. ;"s are charged with protecting patient datafrom any misuse, whether intentional or accidental, and from any unauthori/ed disclosureand any damage or alteration to the information. The privacy rule covers the policies andprocedures that must be in place to ensure that health information is protected, andpatient rights are upheld. Datient data must remain confidential, whether it is beingtransmitted or stored.

;"s are now moving mission#critical business processes onto the web and expectingfaster turnaround and much lower costs. ne example is claims processingK Dreliminarystudies al#ready shows a NU to 1BU decrease in administrative costs.

8/14/2019 IT ACT2000.doc

23/52


The +irt In(ian I"T" Act cae

The "ase of The *tate of Tamil &adu Ps *uhas *hetty is notable for the fact that the

conviction was achieved successfully within a relatively 9uick time of A months from thefiling of the

8/14/2019 IT ACT2000.doc

24/52


;onourable *ri.)rulra!, )dditional "hief Cetropolitan Cagistrate, Egmore, delivered the!udgement on N#11#B5 as followsK

B The acc3e( i fo3n( g3ilty of offence 3n(er ection @5 0@ IPC an( >? of IT

Act 2000 an( the acc3e( i con8icte( an( i entence( for the offence to 3n(ergo RIfor 2 year 3n(er @ IPC an( to 'ay fine of R"00/-an( for the offence 3/ 0@ IPC

entence( to 3n(ergo year Sim'le im'rionment an( to 'ay fine of R"00/- an(

for the offence 3/ >? of IT Act 2000 to 3n(ergo RI for 2 year an( to 'ay fine of

R"

8/14/2019 IT ACT2000.doc

25/52


Im'act of IT Act on )an6ing Sector

0anks and

8/14/2019 IT ACT2000.doc

26/52


The "ommittee also suggested implementation of necessary legislative changes keepingin view the recommendations of *here "ommittee. The need for addressing the followingissues was also emphasisedK

Encryption on Dublic *witching Telephone &etwork 6D*T&8 lines

)dmission of electronic files as evidence

Treating electronic funds transfers on par with crossed che9ues7drafts for purposes ofincome tax, etc. and

'ecord keeping

Expectations of the banking Industry

The common thread amongst the recommendations made by various committees was

need for >egislative support.

8/14/2019 IT ACT2000.doc

27/52


including the laying down of the conditions sub!ect to which banks and other financialinstitutions shall participate in such fund transfers, the manner of such fund transfers

)lthough the regulatory bodies like '0I and *E0I have responded to the re9uirements ofthe banking and financial services sector through guidelines and work group

recommendations, following areas still remain the matter of concern.

3urisdiction in case of -)D and Cobile#commerce

Issue of Intellectual Droperty 'ights as they apply to cyberspace and electronicinformation

Reg3lation of the electronic 'ayment gate7ay

Parious issues pertaining to electronic funds transfer vi/.

8/14/2019 IT ACT2000.doc

28/52


Im'act of IT Act on )PO

)3ine Proce O3to3rcing 9)PO:is a bu//word among the corporates in the worldtoday. >ooking to the growth and government%s support to it, 0D is being recogni/ed as

a speciali/ed sector in India.

)s per estimates, India is set to become the most popular destination for 0D operations.) large number of multinational companies are outsourcing their business processesoffshore to Indian 0D companies. -hile the @* backlash is a serious issue, the Indian0usiness Drocess utsourcing sector faces a far tougher challenge. The absence of dataprotection laws in the country is preventing Indian companies from gaining lucrativecontracts in key segments. Till India plugs these loopholes, contracts at the higher end ofthe value chain might continue to elude Indian 0D firms.

The European @nion=s tough position on personal data protection has also contributed to

lower outsourcing to India as compared to outsourcing from the @*. This absence of dataprotection laws in India is proving an obstacle to Indian 0D firms who seek to move upthe value chain, especially in domains such as healthcare.

-hile the absence of data protection laws in India is a serious deterrent, Indian 0Doutfits are trying to deal with the issue by attempting to adhere to ma!or @* and Europeanregulations like the

Sar1ane O&ley Act

Safe Har1or Act

G*)A for +inancial Ser8ice

+$CPA 9+air $e1t Collection Practice Act:

HIPAA for healthcare

, $ata Protection 9$PA: Act

SAR)ANES O*EY ACT

The *arbanes xley )ct of BB, sometimes referred to as *X, was a legislativeresponse to the accounting scandal caused by the recent fall of some publicly heldcompanies and the perceived excesses of the management of some other companies.*arbanes#xley re9uires compliance with a comprehensive reform of accountingprocedures for publicly held corporations to promote and improve the 9uality andtransparency of financial reporting by both internal and external independent auditors.

MET COLL MMS 1 B G

8/14/2019 IT ACT2000.doc

29/52


SA+E HAR)O,R ACT

The European @nion%s comprehensive privacy legislation, the Firective on Fata

Drotection, re9uires that transfers of personal data take place only to non#E@ countriesthat provide an ade9uate level of privacy protection. -hile the @nited *tates and theEuropean @nion share the goal of enhancing privacy protection for their citi/ens, the@nited *tates takes a different approach to privacy from that taken by the European"ommunity, as such the @.*. Fepartment of "ommerce developed a $safe harbour$framework to streamline the process for @* companies to comply with the E@ Firective.

G*)A 9Gramm-*each-)liley Act:

The 0) )ct, includes provisions to protect consumers personal financial

information held by financial institutions. 'epealing the Fepression#era barriers thatseparated banking, insurance and securities, the )ct allows @* financial servicesproviders 6including banks, securities firms, and insurance companies8 to affiliate witheach other and enter each other%s markets. The legislation is intended to ensure financialinstitutions protect sensitive customer information that may be accessible to hackersthrough web#enabled environments, including Internet connectivity and hostingarrangements. The *afeguard 'ule went into effect in BB, re9uiring proactive steps toensure free security of customer information. The 4>0)%s privacy protections onlyregulate financial institutions##businesses that are engaged in banking, insuring, stocksand bonds, financial advice, and investing.

+AIR $E)T CO**ECTION PRACTICES ACT

The

8/14/2019 IT ACT2000.doc

30/52


$ATA PROTECTION ACT

The Fata Drotection )ct 1((G received 'oyal )ssent on 1H 3uly of this year. Its primarypurpose is to implement the European @nion Fata Drotection Firective. It creates manyimportant new rights and obligations. ne of the most attention#catching changes is the

extension of data protection law to manual data in %relevant filing systems.

-hile individual companies may be e9uipped with certifications, what matters is whetherIndia is viewed as a business environment where data protection is the norm rather thanthe exception

In the a1ence of (ata 'rotection la75 the 6in( of 7or6 that 7o3l( 1e o3to3rce( to

In(ia in the f3t3re 7o3l( 1e limite("

The Indian government is already working on revising India=s Information Technology)ct of BBB.

The rules in the revised act will most likely be enforced by a special appellate courtestablished under India=s Information Technology )ct of BBB. India is also planning toset up a ?"ommon "riterion >ab=, backed by the Information *ecurity TechnicalFevelopment "ouncil 6I*TF"8, where intensive research in cryptography and productsecurity would be undertaken. Increasingly, clients believe India will uphold the higheststandards of security 60* AA((, I* 1AA((8 and sort out issues related to data protection,privacy and ID protection

-e believe that the impact of this issue will be significant moving forward than it hasbeen in the past, because in the start#up years of the 0D industry the nature and si/e of

the 0D business outsourced rendered this manageable. 0ut as the industry grows andthe nature of work becomes more complex 6financial accounting and tax preparation8 anddeal si/es become more significant, the lack of effective data protection and piracy lawscan be very significant

MET COLL MMS 1 B B

8/14/2019 IT ACT2000.doc

31/52


Pro'oe( Amen(ment to Information Technology Act 2000

The )mendments to the Information Technology )ct, BBB have been shown in revisionmode with footnotes explaining the amendments.)s the technologies and applications in IT sector change very rapidly, some of theprovisions related to parameters that may change from time to time have been amendedto provide for the new developments to be incorporated by changes in rules7govt.

notifications. This would enable the law to be amended and approved much faster andwould keep our laws in line with the changing technological environment.

*ub#section 5 of *ection 1 relates to Exclusion2. In view of changing needs, operation ofthis section has been made more flexible through prescription of such exception by rulesrather than being part of the main )ct.

The )ct is being made technology neutral with minimum change in the existing IT )ctBBB. This has been made by amendment of *ection 5 of the )ct to provide forelectronic signature with digital signature as one of the types of electronic signature andby enabling the details of other forms of electronic signature to be provided in the 'ulesto be issued by the "entral 4overnment from time to time. This is an ena1ling 'ro8iionfor the "entral 4overnment to exercise as and when the technology other than digitalsignature matures. Then there will be no need to amend the )ct and the issue of ruleswill be sufficient. "onse9uently the term digital is changed to electronic in othersections.

In *ection 5, the main aspect of electronic signature for legal recognition, namely, itsreliability has been provided consistent with the @&"IT')> Codel on Electronic"ommerce.

*ection H686b8 has been amended to allow public#private partnership in e#governancedelivery of services.

) new *ection 1B has been added for

8/14/2019 IT ACT2000.doc

32/52


In view recent concerns about the operating provisions in IT )ct related to FataDrotection and Drivacy2 in addition to contractual agreements between the parties, theexisting *ections 6vi/. 5, HN, HH and A8 have been revisited and someamendments7more stringent provisions have been provided for. &otably amongst theseareK

Droposal at *ec. 568 related to handling of sensitive personal data or information withreasonable security practices and procedures thereto4radation of severity of computer related offences under *ection HH, committeddishonestly or fradulently and punishment thereofDroposed additional *ection A 68 for breach of confidentiality with intent to causein!ury to a subscriber.

>anguage of *ection HH related to computer related offences has been revised to be inlines with *ection 5 related to penalty for damage to computer resource. These havebeen graded with the degree of severity of offence when done by any person, dishonestly

or fraudulently without the permission of the owner. *ometimes because of lack ofknowledge or for curiosity, new learners7&eti/ens unintentionally or without knowingthat it is not correct to do so end up doing certain undesirable act on the &et. aws : "yber

8/14/2019 IT ACT2000.doc

33/52


) new section AG ) 6Examiners of Electronic Evidence8 has been added to notify theexaminers of electronic evidence by the "entral 4overnment. This will help the3udiciary7)d!udicating officers in handling technical issues.

*ection A( has been revised to bring#out explicitly the extent of liability of intermediaryin certain cases. E@ Firective on E#"ommerce BBB717E" issued on 3une G thBBB hasbeen used as guiding principles. Dower to make rules w.r.t the functioning of theIntermediary2 including "yber "afes2 has been provided for under *ection GA.

In order to use IT as a tool for socio#economic development, as explained in para 1Babove, particularly to promote e#commerce, e#governance, its uses in health, learning,creating more opportunities for employment, reducing digital divide amongst others, it isnecessary to encourage society to go through the learning experience. In order to enablethis to happen, it has been made clear that the normal provisions of "rD" will apply,except that only F*D=s and above will be authori/ed to investigate the offences.

The amendment to the 1st *chedule 6Indian Denal "ode8 and nd *chedule 6IndianEvidence )ct8 around the recommendations of earlier IC-4 has been incorporated.;owever, the term digital signature would be replaced by electronic signature at suitableplaces.

MET COLL MMS 1 B

8/14/2019 IT ACT2000.doc

34/52


"yber "rime Investigation "ell 6""I"8

"rime 0ranch, "riminal investigation Fepartment, Cumbai

The "yber "rime Investigation "ell of Cumbai Dolice was inaugurated on 1GthFecember BBB and it is functioning under the overall guidance of 3t. "ommissioner ofDolice 6"rime8, )ddl. "ommissioner of Dolice 6"rime8 and Fy. "ommissioner of Dolice6Enforcement8

E8ent.

Cumbai Dolice organi/es a ma!or educative and awareness program, a"yber *afety -eek2 every year. Furing this week ""I" organi/es awareness seminarsto educate people about the "yber -orld and safe practices in the "yber -orld.

Cy1er Safety ee6 200=

;on. Cr. "hagan 0hu!bal inaugurated the "yber *afety -eek. Danel discussions wereheld at IC" 6Indian Cerchant "hamber8 : imited and Cr. )!it0alkrishnan of 'ediff were the sponsors for this event.

Cy1er Safety ee6 200ike 3 D, he has an account in ;yderabad. ;e receivespayments through " to the tune of 's. 1,51,5.

Net +ra3(ter in the Police Net

" becomes suspicious about * *%s account. They call him to their office to receive acheck of 's. 5B,BBB7#. n 1st )ugust BB, a teenager identifying himself as * * comesto the office of ". ;e is detained and 9uestioned by Dolice when he admits having posedas #

* F3 D

* *

;e turns out to be ) T, nd year engineering student from Dune L0.Tech6IT8M

*ac3nae in Payment Gate7ay

-hen the police investigate the case, turns out there are many loopholes in "%s system.Qet another crime is committed due to the lack of awareness of cybersafety and a bit ofcarelessness.

Cases

An NRI (3'e( for R" Crore on Net

) &'I 6) non resident Indian based in )bu Fhabi8 receives an exciting email from a

woman supposedly named '0. *he uses a fake email id to communicate with this person.)fter a while a liaison develops between the two and the &'I sends the woman a laptopand some mobile phones via a mediator. 0oth have never seen each other.

)fter a while '0 begins to threaten the &'I. ;e convinces her to meet him for a %co/y%meeting at a hotel. The man waits and waits but the lady never turns up. )fter a while theman stops sending her email. 0ut the lady has not had enough of this affair. *he threatensthat she will commit suicide if she doesn%t hear from him. )fter a while, another lady

MET COLL MMS 1 B H

8/14/2019 IT ACT2000.doc

37/52


comes into the picture and sends the &'I a mail re9uesting him to dissuade '0 fromcommitting suicide. ;e gets yet another mail from this second lady 6who we shall callC&8 informing him that '0 has indeed committed suicide and that the police areinvestigating his role in the matter. *he also informs him that it is likely he will bearrested.

The &'I is petrified and asks the lady to help him out of the sticky situation. C& agreesand informs him that she will need some money from the &'I if he has to evade arrest.*he also tells him that she is seeking the help of an advocate called Cr. )C in the matter.

The &'I, out of sheer desperation transfers some money to )dvocate )C%s account in abank in Cumbai. )fter the first installment, C& starts demanding more and more moneyfrom the &'I under some pretext or the other. *he uses forge police and court documentsto convince the man that she is indeed helping him out in the matter.

The complainant receives a court order through an e#mail attachment of "alcutta ;ighcourt and once again the duo i.e. C& and )dvocate )C get a chance to mooch somemoney from the poor &'I.

) third lady called Fr. * comes into the picture. *he is supposedly based in @*). *hestrikes a friendship with the &'I who once again commits the same mistake of invitingthis woman to meet him. Through her e#mail IF she agrees to meet him in Fubai. )s thestory goes, she leaves from her apartment in &ew Qork and goes missing on the way toFubai.

)fter that the &'I gets a mail from the &ew Qork Dolice informing him that they areinvestigating a case in association with the Solkata Dolice as regards the missing woman.

The &'I once again turns to C& and )dvocate )C for help. They inform him that themissing Fr. * is a close relative of a Cember of Darliament. 0y now the &'I is reallyreally scared. ;e transfers some 's. B lakhs to the account of )dvocate )C to settle thematter.

)fter that, it doesn%t take long for the &'I to reali/e that he is being duped. In a fit ofdesperation, he reports the matter to the police. 0y now, he has paid up approximately's. 1 "rore and N lakhs to the advocate and C&. @pon investigation the police reali/ethat this is the handiwork of someone within India itself.

Thankfully, the &'I has saved all the emails, which he has so far received, from thestrangers he has been communicating with. The I.D. )ddress embedded in all e#mailsreceived by complainant reveals that the origin of the emails is from1. X "ompany. ) residential address near Cumbai.

MET COLL MMS 1 B A

8/14/2019 IT ACT2000.doc

38/52


They also track a bank account at "hembur.

)*ACAI*ER I$ENTI+IE$

Dolice raids a flat, which has corresponds to the originating I.D. )ddress in the e#mails.Two laptops are recovered at place and they contain most of the e#mail communication

made under the various identities such as C&, )dvocate )C, &ew Qork Dolice, SolkataDolice etc.

The man assuming these various identities is a single person and he is identified as oneCr. DC who is the 4C of a large corporation. The computer found in his cabin containscritical evidence about the case. The man is eventually arrested and put behind bars.

OR HOE SCHASTER ARRESTE$ )Y CY)ER CE**

"yber "rime "ell of "rime 0ranch, ".I.F., Cumbai Dolice have arrested a person byname *ripathi 4uruprasanna 'a!, aged N yrs who is the "hairman and Canaging

Firector of *ohonet India Drivate >td., a company based in "hennai. Cany complainantsbased in Cumbai had complained to the "yber "rime Investigation "ell, that the saidcompany has duped them each for 's. 5,BBB7# and 's. H,BBB7# by promising them withmonthly income of 's. 1N,BBB7#.

The said company through its website having @'> www.sohonetindia.com and throughvarious attractive advertisements in the news papers as well as by holding seminars infive star hotels, in various metropolitan cities like Cumbai, Felhi, Solkata, 0angaloreetc. had lured the various computer literate people with attractive schemes named InstantTreasure Dack 6ITD8 and 4reen "hannel. The company then asked the interested peopleto register with their company for which they charged the registration fess 's. 5,BBB7#

which was later increased to 's. H,BBB7#. The company "CF, Cr. 'a! promised thepeople so registered that they would be provided with the data conversion !ob, whichwould enable them to earn 's. 1N,BBB7# per month. The company then collected hugeamount from the gullible computer users. *ome of the users were provided with the !obwork whereas others were not even provided the !ob work 6data conversion !ob8 assuredto them. The people, who were provided with the !ob work, did work day and night ontheir computers to complete the !ob work within the stipulated time period and submittedthe !ob work to the said company. 0ut even after repeated correspondence with thecompany, they were not paid.

The total number of persons who have been duped by the *ohonet is about 1G,BBB andare located at various places in the country, whereas the company has paid only to about1BB people for the work they have done for the company whereas others were either notprovided with the work or were not paid for the work. 0y this way *ohonet amassed ahuge amount, which may run into couple of crores.

) complaint was filed at Salachowky Dolice *tation vide ".'. &o. 1N17BB u7sec 5BH,5B r7w 1B6b8 ID" and office of *ohonet India Dvt. >td. located at Fr. 'adhakrishnan

MET COLL MMS 1 B G

8/14/2019 IT ACT2000.doc

39/52


*alai, Caylapore, "hennai was raided. The accused *ripathi 4uruprasanna 'a!, who isthe "CF of the company, was arrested by the team of officers.

Hac6er hac6 into a financial 7e1ite

Cumbai poilce have arrested a hacker by name Salpesh *harma for hacking into afinancial website. )lthough the hacker couldn%t break into the main server of the financialinstitution, which was well secured by the financial institution. The accused person couldmake some addition to the home page of the financial website and has added a string oftext to the news module of the home page of the website. Dolice were able to crack thecase by following the trace left by the hacker on the web server of the financialinstitution. The financial institution has maintained a separate server for financial onlinetransactions, for which the fianancial institution has taken utmost security. The websitewas hosted on a different server which comparatively had lesser security.

The hacker Salpesh *harma is a 1Bth Dass youngster of years old. ;e has done

computer courses like ""&), C"*E etc. 0ut he is a computer addict. ;e sits before thecomputer for almost 1H to B ;ours each day. ;e has mostly used the readymade hackingtools, to hack into any website. ;e goes to a particular website on the web, whichfacilitates him to see the entire directory structure of that website. Then using varioustechni9ues, such as obtaining a password file, he gets into the administrator%s shoes andhacks the website.

) case has been registered against the hacker under section HA of InformationTechnology )ct # BBB and under various sections of Indian Denal "ode.

Teenager cheat a Payment Gate7ay for R" @ *a6h

Cumbai police have arrested a student of *econd Qear Engineering "ollege at Dune forduping a Dayment 4ateway. The student )mit Tiwari was arrested on various counts ofcheating and forgery.

The accused initially opened a website supposedly to carry out business of webdesigning. ;e opened an account with a payment gateway situated in Cumbai under falsecredentials. ;e then started browsing the web, especially various chat rooms and&ewsgroups to obtain the credit card numbers. ;e then became his own client and startedmaking payments to his own account using the credit card card numbers he obtained fromthe net of foreign nationals. Dayment gateway couldn%t get suspicion.

Ho7 to file a com'laint.

8/14/2019 IT ACT2000.doc

40/52


ffice )ddress"yber "rime Investigation cell,)nnex III, 1st floor, ffice of the "ommissioner of Dolice,F.&.'oad, Cumbai 5BBB1

E -mail# officerYcybercellmumbai.com

Tele'hone noK# 6Z(1 8 # B# HBG( 6Z(18 # B # H51H1

*atet article an( Recent $e8elo'ment

)PO may not 1e hel( lia1le for (ata theft

Ga3rie ihra / Ne7 $elhi Octo1er 2@5 200

)n amended IT )ct will give a breather to 0Ds.If the government has its way, the Indian business process outsourcing 60D8 industrywill not be held liable for any leakage of confidential client data.The proposed amendments to the Information Technology )ct seek to exclude 0Ds

from being a network service provider. This will mean that they will not be held liable forany data theft or other such offences,2 said an official in the Information Technologydepartment.The department is drafting a new IT law and hopes to table the 0ill during the wintersession of Darliament, scheduled to start on &ovember 1.-ith no data protection laws in the country, the move raised serious accountability issuesin the industry, said cyber law expert Davan Fuggal. 0ut &)**"C refused to commenton the matter when contacted.&)**"C had earlier supported a separate data protection law but did not comment onwhether or not 0Ds should be brought within the scope of network service providers.*ome countries are pushing India to put in place data protection laws covering the entire

gamut of services, from 0Ds to pharmaceuticals.Experts said the exclusion of 0Ds from the ambit of network service providers wouldmean that they would not be held responsible for the theft of any confidential informationof foreign clients, like credit card or bank account details.The decision will spell disaster for the sunrise industry as dilution of the law will notprovide any safeguard to foreign clients against data theft or other such violations,2Fuggal said.

MET COLL MMS 1 B 5B
mailto:[email protected]:[email protected]

8/14/2019 IT ACT2000.doc

41/52


The proposals will be finali/ed in a week. They will make the Indian 0D industry,which is facing competition from other low#cost destinations, unattractive foroutsourcing.fficials said the draft 0ill sought to hold cyber cafes and search engines liable for datatheft.

Go8t 'lan amen(ment to IT Act

TIES NES NETOR JT,ES$AY5 OCTO)ER F5 200 2.. AK

NE $E*HI

0usiness process outsourcing units in the country can relax. Pague and umbrellaprovisions under the existing Information Technology )ct, =BB, are to be replaced byclear and periodic security procedures to be spelt out by the department of informationtechnology 6FIT8. *imultaneously, other government departments like the financeministry and the health ministry are coming out with specific laws that will govern credit

cards and health records.

It may be recalled that most security breaches revolve around credit card informationbeing leaked out. Drecautions are being taken to guard against similar seepage of vitalhealth#related information. The amended IT )ct will, however, make room for a statutoryframework to protect critical information infrastructure of the country.

0ri!esh Sumar, secretary, FIT, told ET that the proposed amendments to the IT )ct willbe finali/ed soon and sent to the "abinet for approval. ;e said the government will framereasonable security procedures to be followed by the 0Ds in consultation with self#regulatory bodies of the industry and experts. These procedural norms will be notified as

and when changes are called for and will be as good as law, provided there=s no specificlaw under which the breach can be dealt with.

Cr Sumar revealed that the government was framing some standalone legislations to dealwith crime and security breaches involving credit cards. ;ealth information systems inhospitals, labs and outsourcing centers are also cause for concern and a separate law isbeing worked out by the related ministry to monitor them,2 he added.

Cr Sumar said the IT )ct will be amended to facilitate IT usage and encourage e#commerce. -hile *ection A( of the )ct is being amended to provide immunity tointermediaries like 0Ds, telecom service providers, internet service providers and cyber

cafes, it will also guard against meddling of evidence. Thus, while transmission over anetwork cannot be blamed on the intermediary, unless it is proved that the intermediarywas aware of what was happening and deliberately did not take action W there will beprovisions to deter destruction of evidence.

nline payment sites, which are not specifically included under the ambit of the )ct, willbe added in with dos and don=ts. )ttempts to engage in any form of cyber crime or abet

MET COLL MMS 1 B 51

8/14/2019 IT ACT2000.doc

42/52


the same would also be recogni/ed under the )ct. The amended )ct will also spell outthe police=s role and the manner in which investigations can be carried out.

Cy1er crime tat. /= i 'ornIN$IATIES NES NETOR JTH,RS$AY5 SEPTE)ER 225 200 0@.>.=;IK The recent incident involving the circulation of an CC* featuring0ollywood actress Callika *herawat=s %look#alike% in Cumbai and last year=s scandalousCC* showing a FD* girl in Felhi were not odd blips on the cybe rcrime scene in India.&early one#third of all cyber crime cases reported in the country are related to publicationand transmission of obscene material.

"ases related to hacking of computer systems, tampering source documents, breach of

confidentiality7privacy and digital signature fraud come only next to cyber pornographycases.

8/14/2019 IT ACT2000.doc

43/52


&oidaK )n international gang involved in a cyber racket to defraud customers via the e#mail was busted by the &oida police with the help of abankmanager here today.

8/14/2019 IT ACT2000.doc

44/52


&E- FE>;IK Tata 4roup has beaten attempts by two @*#based cyber s9uatters, whohi!acked two of its domain names.In the first case, the &ational )rbitration

8/14/2019 IT ACT2000.doc

45/52


The most common fear among shoppers is that their financial information will bemisused, which is not totally un!ustified,2 says Davan Fuggal, advocate, *upreme "ourtof India and cyber law expert.

)grees Dreeti Fesai, president, Internet and Cobile )ssociation of India 6I)C)8, There

are a lot of fears associated with using a credit or debit card online. "onsumers feel theyare not protected on the &et and are liable to pay once online. The fear of fraud is alsoanother ma!or impediment.2

>et=s take a look at some of the frauds that can happen online.

Dhishing is the type of online attack, whereby scammers copy the ?look and feel= of areputed establishment=s website as accurately as possible, building a replica site as a baitto reel in the targeted company=s customers.

ne has to recognise this con !ob. >ittle details may be changed W like the missing ?i= in

httpK77www.citbank.com shown on your address bar.

) more sophisticated version involves redirecting victims through a masked address withsome cleverly concealed coding to redirect traffic from a genuine link.

8/14/2019 IT ACT2000.doc

46/52


Fespite such instances of cyber frauds, one must not forget that online crimes can alsobe committed by securing financial information offline,$ cautions Fuggal.

8/14/2019 IT ACT2000.doc

47/52


LOOPHOLES AND IMPROVEMENTS

>oopholes Improvements needed

&o clear provision for handling of domain

name issues. They are presently covered by

legal norms applicable to intellectual

properties such as trademarks

The act needs amendment for handling

domain name issues and related concerns

such as cyber s9uatting

3urisdiction problems are likely to arise as

the act applies to both Indians and foreign

citi/ens

There should be clear briefs on how the act

will apply to any offence, and how action

will be taken against any person who has

committed the crime outside India

The law is now covered under civil

procedure, making the enforcement process

slow. This deters companies from

approaching the cyber crime cell

If the law is covered under criminal

procedure, the process could be faster

*ome definitions in the act are vague and

can cause problems to the plaintiff

Fefinitions, prescriptions of punishment and

certain provisions 6such as that dealing with

hacking8 need specific amendment

MET COLL MMS 1 B 5A

8/14/2019 IT ACT2000.doc

48/52


The act does not lay down parameters for

its implementation

>aw enforcement officials need to be trained

for effective enforcement

MET COLL MMS 1 B 5G

8/14/2019 IT ACT2000.doc

49/52


"&">@*I&

"yber crime is a ma!or concern for the global community. The introduction, growth, andutili/ation of information and communication technologies have been accompanied by anincrease in criminal activities. -ith respect to cyberspace, the Internet is increasingly

used as a tool and medium by transactional organi/ed crime. "yber crime is obvious formof international crime that has been affected by the global revolution in I"Ts. )s a recentstudy noted, cyber crime differ from terrestrial crimes in four waysK They are easy tolearn how to commit they re9uire few resources relative to the potential damage causedthey can be committed in a !urisdiction without being physically present in it and theyare often not illegal2. n the basis of this, the new forms of cybercrime present newchallenges to lawmakers, law enforcement agencies, and international institution. Thisnecessitates the existence of an effective supra national as well as domestic mechanismsthat monitor the utili/ation of I"Ts for criminal activities in cyberspace.

)s the cases of cyber crime grow, there is a growing need to prevent them. "yberspacebelongs to everyone. There should be electronic surveillance which means investigatorstracking down hackers often want to monitor a cracker as he breaks into a victim%scomputer system. The two basic laws governing real#time electronic surveillance in othercriminal investigations also apply in this context, search warrants which means thatsearch warrants may be obtained to gain access to the premises where the cracker isbelieved to have evidence of the crime. *uch evidence would include the computer usedto commit the crime, as well as the software used to gain unauthori/ed access and otherevidence of the crime.

There should also be analy/ing evidence from a cracker%s computer by the officials

investigating the crime. ) sei/ed computer may be examined by a forensic computerexaminer to determine what evidence of the crime exists on the computer.

'esearchers must explore the problems in greater detail to learn the origins, methods, andmotivations of this growing criminal group. Fecision#makers in business, government,and law enforcement must react to this emerging body of knowledge. They must developpolicies, methods, and regulations to detect incursions, investigate and prosecute theperpetrators, and prevent future crimes. In addition, Dolice Fepartments shouldimmediately take steps to protect their own information systems from intrusions.

"omputer crime is a multi#billion dollar problem. >aw enforcement must seek ways to

keep the drawbacks from overshadowing the great promise of the computer age. "ybercrime is a menace that has to be tackled effectively not only by the official but also by theusers by co#operating with the law. The founding fathers of internet wanted it to be aboon to the whole world and it is upon us to keep this tool of moderni/ation as a boonand not make it a bane to the world.

MET COLL MMS 1 B 5(

8/14/2019 IT ACT2000.doc

50/52


Information Technology )ct BBB 6IT)#BBB8 has now been in existence for the last Nyears. The )ct had for the first time in India attempted a legal regime for the "yber spacetransactions. It had many drawbacks but it was a small step in the right direction.

The following are our 'ecommendations to improve the )ct#

ESTA)*ISH ORE CY)ER PO*ICE STATIONS

The first cyber police station opened in 0angalore. There are tremendous re9uirementsfor more cyber police stations in India. This is so as the number of cyber crimes isconstantly increasing and there are not enough response infrastructures available.;aving more cyber police stations in the country would ensure that appropriate regionsand areas are covered in a effective manner. The police and other law enforcementagencies in various states like Sarnataka, 4oa, Caharashtra, 4u!arat, -est 0engal,Felhi, Tamil &adu, and )ndhra Dradesh etc have already displayed their skill innabbing high technology criminals.

In cities such as 0angalore, &ew Felhi and Cumbai, where cyber crime cells doexist, there is potential for improvement. The police needs to have immense skills inorder to trace an accused. There is a necessity of familiarity with technical concepts,

They need to be familiar with and us ing cyber forensic and other investigative toolswhich enable them to track down ID addresses and other technical details which areextremely critical for reaching up to the accused person. The police needs to beabsolutely proficient in the working of the computers, computer systems and computernetworks. They also need to be up to date and aware of latest techni9ues,technologies and methodologies that have emerged.

8/14/2019 IT ACT2000.doc

51/52


services and human resources potential. -ith backing from proper legislation Indiacan play a big role in development of the Internet and "omputer technology not !ustin the country but all over the world.

MET COLL MMS 1 B N1

8/14/2019 IT ACT2000.doc

52/52


)I)*IOGRAPHY

)OOS RE+ERRE$.

>aw of Information Technology # F.D. Cittal

"yber laws I"

IT ACT2000.doc

Documents

Transcript of IT ACT2000.doc