The current issue and full text archive of this journal is available at www.emeraldinsight.com/1754-243X.

htm

The state of e-commerce laws in India: a review of Information Technology Act

Dr Sumanjeet
Department of Commerce, Ramjas College, University of Delhi, Delhi, India
Abstract
Purpose The purpose of this paper is to critically examine the Indian IT Act 2000 and IT (Amendment) Act 2008 in the light of e-commerce perspective to identify the present status of e-commerce laws in India. Design/methodology/approach The paper presents a critical reflection on the current ecommerce laws in India. The paper is based on the Indian IT Act 2000 and IT (Amendment) Act 2008. The paper presents critical content analysis of various provisions of IT Act in e-commerce prespective. The paper also highlights legal issues arising from e-commerce. Findings There are many important issues which are critical for the success of e-commerce that have not been covered or properly addressed by IT Act. The paper reveals that the present IT Act is weak on various fronts and in the absence of sound legal framework e-commerce cannot create a success story in India. Indian Government must appreciate that for safe and secure business environment on cyberspace, a sound legal framework is needed. This paper suggests that there is strong need to introduce separate laws for e-commerce in India. Practical implications The paper identified various loopholes/problems/weakness of existing ecommerce laws in India. These issues should be addressed by Goverment of India to protect the interests of Indian software industries, BPO sector and other stakeholders. Originality/value The issue identified in the paper is somewhat new, timely and interesting, taking into consideration its importance to economic development in emerging economies such as India. Keywords India, Legislation, Electronic commerce Paper type Viewpoint

E-commerce laws in India 265

1. Introduction The emergence of e-commerce as a business technology[1] has fundamentally changed the structure (Pastor and Alessandro, 2004) and environment of business, offering businesses and customers a powerful channel and making it possible for these two parties to come together in more efficient ways by creating new marketplace (Sumanjeet, 2008a, b). E-commerce provides benefits in terms of providing information, enhancing image, improving the business processes and improving the customer services (Khatibi et al., 2003). Further, e-commerce significantly lowers purchase transactions cost by eliminating the middleman in the distribution channels (Gallaugher, 2002; Anderson et al., 1997; Bakos, 1991; Christersen et al., 1998; Benjamin and Wignad, 1995). In some categories such as information services and digital products, providers can decrease the financial cost of distribution to zero (Zhu et al., 2002; Poon, 2000). Low cost and ease of use (Timmers, 1999; Kuhn and Skuterud, 2000) has resulted the widespread adoption, high degree of interconnectivity between many parties (Shapiro and Varian, 1999). E-commerce allows businesses to target very
JEL classifications K2, K4, O33 While bearing full responsibility for any mistakes, the author wishes to thank Prof. L.N. Dahiya; for reading the earlier versions of this paper and making a number of helpful comments and constructive criticisms. However, the author is solely responsible for all remaining errors and inadequacy.
International Journal of Law and Management Vol. 52 No. 4, 2010 pp. 265-282 # Emerald Group Publishing Limited 1754-243X DOI 10.1108/17542431011059322

IJLMA 52,4

266

specific markets. Furthermore, by using monitoring softwares and customer relationship management techniques, e-service firms can track, analyze and cater to a specific customer needs (Sumanjeet, 2005; Nicholas and Jerry, 2002). Companies around the world are realizing the benefits of e-commerce and they are using e-commerce as a part of their business strategy. As a result, e-commerce has registered a very rapid growth across the globe (Table I). The impact of e-commerce over the global economy is well documented. Developed nations like USA, UK, Australia, Canada and European countries are main beneficiaries, with countries such as India and China with their huge pools of technologically skilled manpower, also hoping to benefit. Table I indicates that China is also much ahead from India. However, Indian companies are also using e-commerce technologies in much like the same manner as in the other parts of the world. But, the growth has been confined to few major cities and some industries usually multinationals. For developing countries such as India, e-commerce offers significant opportunities as e-commerce diminishes cost, paper work, improve communication and information, and may create huge new markets for indigenous products and services. While many companies and communities in India are beginning to take advantage of the potential of e-commerce, critical challenges remain to be overcome before its potential can be fully realized for the benefit of all citizens (Basu and Jones, 2002). Some of the challenges are: poor telecom infrastructure (Rastogi, 2002; CII, 2001; Verma, 2001), readiness of customers and vendors (Sumanjeet, 2008a, b), government policies, high cost of internet usage (Sumanjeet, 2010; Dutta, 2003) and education. But there is another factor, which is highly responsible for the poor implementation of e-commerce in India: poor legal regime for e-commerce (Sumanjeet, 2002). The present paper is focused on e-commerce laws in India as the main objective of the present paper is to critically examine the Indian Information Technology Act 2000 and Information Technology (Amendment) Act 2008 to identify the present status of e-commerce laws in India. To study the objective of paper in a systematic manner, the present paper has been divided into four sections. Section 2 deals with the legal issues arising from e-commerce. Section 3 makes an attempt study remarkable provisions of IT Act 2000 and also critically examine the various provisions of IT Act 2000. In Section 4, an attempt has been made to study to various amendments introduced in the existing IT Act 2000. This section also examines the IT (Amendment) Act 2008 in the light of e-commerce perspective. Section 5 present concluding remarks.

Countries Australia Chinaa India Japan South Korea Asia-Pacific

2006 9.5 2.4 0.8 36.8 9.6 59.1

2007 13.6 3.8 1.2 43.7 10.9 73.3

2008 20.4 6.4 1.9 56.6 12.4 97.7

2009 26.4 11.1 2.8 69.9 14.0 124.1

2010 28.7 16.9 4.1 80.0 15.9 145.5

2011 31.1 24.1 5.6 90.0 17.9 168.7

Table I. B2C e-commerce sales in the select countries (Asia Pacific region, 2006-2011)

Notes: Converted at average annual exchange rates (projected for future year): total B2C sales include all purchase made on a retail website, regardless of device used to complete the transaction (US Billion); online travel, event tickets and digital download sales; aexcludes Hong Kong

2. Legal issues in e-commerce With the proliferation of e-commerce, new issues are also emerging. These issues are more Herculean in the developing countries like India. The first issue is of privacy and security (Light, 2001; Mitnick and William, 2002). While shopping on the internet, most people typically do not think about what is happening in the background. Web shopping is generally very easy. Customer click on a related site, go into that site, buy the required merchandize by adding it to their cart, enter their credit card details and then expect delivery within a couple of days. This entire process looks very simple but a developer or businessmen knows exactly how many hurdles need to be jumped to complete the order. Customers information has to pass through several hands so security and privacy of the information are a major concern (Neuman and Genyady, 1998). The safety and security of a customers personal information lies within the hands of the business. Second, controversial issue is consumer protection. The consumer contracts are today (in the age of e-commerce) the meeting point of the contrast between the traditional sufficiency of the formal equality between the contractual parties and the necessity of a more comprehensive control over the real contractual balance. For this reason, the electronic negotiation highlights the need of consumer protection at the highest level. In brief, it can be recalled that the consumer position at the conclusion of the contract needs to be strengthened against the one of the supplier: the consumer agrees to a non-modifiable fixed contractual proposal by the supplier and very often especially when customer is negotiating from home, at a distance customer has no possibility to obtain the adequate information about the goods or services for which the contract was concluded, which would normally be necessary to create his full intention to enter into the contract (Kaur, 2005). Third, as there is no agreement within the internet community that would allow organizations that register domain names[2] to pre-screen the filing of potentially problematic names, domain name disputes are arising. Domain name disputes arise largely from the practice of cybersquatting, which involves the pre-emptive registration of trademarks by third parties as domain names. Cybersquatters exploit the first-come, first-served nature of the domain name registration system to register names of trademarks, famous people or businesses with which they have no connection. Since registration of domain names is relatively simple and inexpensive less than US$100 in most cases cybersquatters often register hundreds of such names as domain names. Fourth, the rise of e-commerce poses new questions for taxation policy[3] and administration. e-commerce makes it easier for business to be conducted without creating the permanent establishment that would otherwise subject a seller to tax on income. It blurs the distinctions between the sale of goods, the provision of services and the licensing of intangible assets, each of which is subject to some form of taxation. Fifth, the emergence of e-commerce has created new financial needs that in many cases cannot be effectively fulfilled by traditional payment systems. Purchasing online may seem to be quick and easy, but most consumers give little thought to the process that appears to work instantaneously. For it to work correctly, merchants must connect to a network of banks (both acquiring and issuing banks), processors, and other financial institutions so that payment information provided by the customer can be routed securely and reliably. Because the financial information is very sensitive, issues of trust and confidence are also emerging. Sixth, data theft[4] has become very sensitive issue in the age of e-commerce. Data theft is a growing problem primarily perpetrated by office workers with access to technology such as desktop computers and hand-held devices capable of storing digital information such as flash drives, iPods and even

E-commerce laws in India 267

IJLMA 52,4

268

digital cameras. Since employees often spend a considerable amount of time developing contacts and confidential and copyrighted information for the company they work for they often feel they have some right to the information and are inclined to copy and/or delete part of it when they leave the company, or misuse it while they are still in employment. Seventh, hacking is another crtitical issue. One of the ways that hacking the web raises security issues is that it can create dangerous software. Hackers[5] can easily insert malware into a computer. This consists of files that can be especially damaging to the computer. The reason for these damaging capabilities is that a hacker can easily look through and edit files that are inside a website or the computer of a user on a website. Hacking the web raises security issues because it not only affects the websites involves but it can also affect the users of the sites that have been affected. Added to these, there are several other issues like virus[6], cyberstalking[7], pronography which can damage the reputation and also create huge loss for the company. As far as issue of contract is concerned, in some cases, the legal issues governing the analysis of electronic commercial transactions are no different from those applied in a more traditional commercial setting. In other areas, however, the law has had to adapt to take into account the new and different realities created by e-commerce[8]. From the above issues it is clear that there are high chances of fraud in the age of e-commerce. Therefore, it is essential that all e-commerce parties know where they stand vis-a vis the law of land. This has created the need for vibrant and effective regulatory mechanism, which would strengthen the legal infrastructure that is crucial to success of e-commerce. Many countries and societies are in the process of putting in place e-commerce laws, a few have already laid down and India is proud to be one among them. Indias e-commerce laws[9] are contained in the Information Technology Act 2000 (IT Act 2000). Indian government passed[10] the Information Act 2000 to deal with the issues of e-commerce and became the 12th nation in the world[11] to adopt e-commerce laws during 2000. The IT Act 2000 is based on the Model Law on E-Commerce adopted by United Nations Commission on International Trade Law (UNCITRAL[12]). The IT Act 2000 aims to provide the legal infrastructure for e-commerce in India. 3. Information Technology Act 2000 The IT Act 2000 attempt to change outdated laws and provide ways to deal with the e-commerce transactions. The Act is divided into 13 chapters, has 94 Sections and has four Schedules. The Act offers much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records[13]. The IT Act 2000 provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as electronic commerce, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, 1860[14], the Indian Evidence Act, 1872[15], the Bankers Books Evidence Act, 1891[16] and the Reserve Bank of India Act, 1934[17] and for matters connected therewith or incidental thereto. The Act specifically stipulates that any subscriber may authenticate an electronic record (Section 4[18]) by affixing his digital signature (Section 5[19]). It further states that any person can verify an electronic record by use of a public key[20] of the subscriber. The Act details about

Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is: rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference. 3.1 Remarkable provisions of IT Act 2000 The Act provides for a Controller of Certifying Authorities (CCA) who shall perform the functions of supervising the activities of certifying authorities as well as setting standards and conditions governing the certifying authorities. The controller also specifies the various forms and the content of digital signature certificates. The Act acknowledges the need to recognize foreign certifying authorities (section 19) and it further details the various provisions for granting the license to issue digital signature certificates. As per Section 20 the Controller shall also keep a record of the public key (the part of digital signature in public domain). The duties of subscribers are also covered. The Act also covers penalties and adjudication for various types of offences and mentions the power and qualifications for the adjudicating officer. A provision foresees a Cyber-Regulations Appellate Tribunal where appeals against the orders passed by Adjudicating Officers could be referred. The tribunal would not be bound by the principles of the Code of Civil Procedure, but would follow the principles of natural justice and have the same powers as a civil court. Any appeal against an order or decision of the Cyber-Regulations Appellate Tribunal would be made to the High Court. It covers various offences and stipulates that the investigation must be done by a police officer only, and that officer should have the rank of deputy superintendent of police (DSP) or higher. These offences include tampering with computer source documents, publishing obscene information in electronic form, breach of confidentiality and privacy, misrepresentation, publishing a digital signature certificate that is false in certain particulars and publication for fraudulent purposes. Hacking and penalties if found guilty have been defined in Section 66. For the first time, punishment for hacking has been designated as a cyber crime. The Act also provides for constituting the Cyber-Regulations Advisory Committee, which would advise the government about any rules or other matter connected with the Act. To make the e-commerce transactions safe and secure, the IT Act 2000 provides for investigation, trial and punishment for certain offences (these offences are found in the Chapter XI of the Act) like source code attacks (section 65), hacking[21] (section 66), obscenity (section 67), failure to comply with controllers directions (section 68), subscribers failure to controllers requirement for decryption (section 69), accessing designated protected system (system 70), misrepresentation to CCA (section 71), breach of privacy/confidentiality[22] (section 72), publishing false digital signature certificate (section 73), making available digital signature for fraudulent purpose (section 74) and section 75 of the IT Act 2000 deals with the offences or contravention committed outside India which reads as: first, subject to the provision of sub-section (2), the provision of this Act shall apply also to any offences or contravention committed outside Indian by any person irrespective of his nationality; and second, for the purpose of sub-section (1) this Act shall apply to an offence or contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer networks located in India. The certifying authority can suspend/revoke digital signature issued by it as given in Section 37 and 38. Further, the

E-commerce laws in India 269

IJLMA 52,4

270

Act states that the Controller can open an electronic document if in his opinion the interests of the sovereignty and protection of the country or public interest are jeopardized. The Controller can do this only by submitting a written statement to any government agency, which in turn will take necessary steps to access the document. If any person does not help him in this regard or obstructs him then that person may be charged to a prison sentence of up to seven years (section 69). Section 61 makes it clear that no court shall have jurisdiction to entertain any suit or proceeding in respect of any matter which an adjudicating officer appointed under this Act or the Cyber Appellate Tribunals constitute under this Act is empowered by or under this Act to determine; no injunction shall be granted by any court or other authority in respect of any action taken or to be taken in pursuance of any power conferred by or under this Act. The judgment of the Tribunal can be challenged in the High Court. The act has conferred power to: The CCA (Section 17-18), the Deputy and Assistant CCA (Section 17 and 27), Licensed Certifying Authorities (Section, 31) and Auditors (Rule 312), the Adjudicating Officer (Section 46), the Presiding Officer of the Cyber Appellate Tribunals (Section 48-49), the Registrar of the Cyber Appellate Tribunals (Section 56 and rule 263), Network Service Providers (Section 79) and Deputy Superintendent of Police (Section 80). The Act shall apply to all circumstances and types of transactions and documents other than specifically excepted in the clause 4 of Section 1 of the IT Act 2000. Nothing in this Act shall apply to:
.

a negotiable instrument as defined in the Section 13 of the Negotiable Instrument Act, 1881; a power-of-attorney as defined in Section 1A of the Powers-of-Attorney Act, 1882; a trust as defined in the Section 3 of the Indian Trust Act, 1882; a will as defined in Clause (h) of Section 2 of the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called; any contract for the sale or conveyance of immovable property or any interest in such property; and any such class of documents or transactions as may be notified by the Central Government in the Official Gazette.

. .

3.2 Analysis of IT Act 2000 When the IT Act 2000 was passed, the people called it revolutionary. But, at the implementation front it was realized that the Act has many drawbacks. Many important issues, which are important for e-commerce, were not covered by the Act. Chief among them are:
.

cyber theft[23], cyber stalking, cyber harassment and cyber defamation are presently not covered under the Act[24]; jurisdiction problems are likely to arise as the act applies to both Indians and foreign citizens; the Act does not make any mention of payment mechanism for Indian companies who will have to pay foreign companies for services/goods rendered; the law is now covered under civil procedure, making the enforcement process slow. This deters companies from approaching the cyber crime cell;

. . .

some definitions in the Act are vague[25] and can cause problems to the plaintiff; the Act does not lay down parameters for its implementation; the Act is also silent about issues of protection of consumers, e-taxation and right to information; the construction of Section 79[26] leaves much scope harassment; section 75 of the Act is also problematic as it applies not to the Indian citizens but even to the foreigners who contravene the provision of the Act with reference to India; there is also no provision in the IT Act 2000 for blocking of websites[27]; and domain name[28] issues are presently covered by legal norms applicable to intellectual properties[29], including trademarks.

E-commerce laws in India 271

. .

. .

Abuse of chat rooms, cyber stalking, misappropriation and misuse of credit card numbers are just a few of the many other loopholes which are still not addressed by IT Act. Added to these, the provision relating to powers of the DSP, to search and seizure on the basis of reasonable doubt that an offence has been committed against this Act. The width of the powers given leaves it opens for misuse and corruption. The section is not only allowed for search but also provide the powers of arrest on the basis of suspicions. Such wide powers regarding cyber crime have not been given to officers of any other country in the world where Cyber Law is in place. The Act also makes only limited number of offences as cognizable but the field of cyber law is facing newer crimes and methods every day. From the above discussion it is clear that the IT Act 2000 is not the end but only a beginning to a plethora of legislation that still needs to be formed. It leaves various issues untouched, some of them relating to intellectual property rights, data protection, Consumer protection, taxation, etc. These issues are directly related with e-commerce. No concrete regulations have also been formulated for cross border issues. As these issues are of immense importance therefore the government decided to review the Information Technology Act 2000. The result was the Information Technology Amendment Bill 2006. 4. Amendment to the IT Act 2000 The Government of India proposed major amendments to IT Act 2000 in form of the Information Technology (Amendment) Bill 2006. The Bill has since been passed in the Parliament on December 23, 2008. The Bill has been renamed as Information Technology (Amendment) Bill 2008[30] as it is not the 2006 Bill that has been approved as it is but a totally different Bill has been approved by the Rajya Sabha and Lok Sabha. The Bill as passed has many changes from the earlier draft indicated in the previous paragraph and incorporates the recommendations made by the Parliamentary Standing Committee. IT (amendment) Bill was signed into an Act {IT (Amendment) Act 2008} by the President of India on February 5, 2009, through a Gazette Notification. Government of India is now in the process of framing the rules which are required under the amendments. On completion of this exercise, the date of effect of the amendments would be notified. The IT (Amendment) Act 2008 allows unrestricted monitoring of all electronic communication, even for non-congnizable offences. The Act even went further than

IJLMA 52,4

272

FISA, 1978[31] version of USA. It is alleged that e-surveillance in India is considered as a substitute for the computer forensics capabilties in India. The cell site data acquistion issues have also been raised through they are ahead of their time in India. The amendment adds several new provisions to the existing IT Act 2000 to deal with new forms of cyber cirmes like publicising sexually explicit material in electronic form, video voyeurism and breach of confidentiality and leakage of data by intermediary and e-commerce fraud. The Act also gives the central government power to issue directives for intercepting, monitoring or decryption of any information through computer. It enables government to intercept computer communication in any investigation. However, telephones and letters may be intrercepted only in national interest. 4.1 The Information Technology (Amendment) Act 2008 The IT (Amendment) Act 2008 adds eight offences, five of which are added to the IT Act 2000 and three to the IPC. The new offences are as follows:
.

section 66 introduces the pre condition of dishonesty and fraud to the current section 66; section 66 covers sending of offensive messages; section 66 B[32] is new section added in the IT Act 2008 and this section cover theft of computer, laptop, mobile phone and also information. It can also be extended to theft of digital signals of TV transmission; section 66 C is also added to the IT Act 2008 and this section covers password theft which was earlier being covered under the section 66 of IT Act 2000; section 66 D is again a new section which states that phishing[33] which was earlier being covered under section 66 of IT Act 2000, will now also cover some kinds of e-mail related offences including harassment; section 66E is new section to address voyeurism[34]; section 66F is also a new section to cover cyber terrorism offence; and section 67 covers child pornography, which was earlier covered under section 66 and provides some clarifications regarding Kamasautra type of literature.

. .

. . .

To support the development of the cyber security infrastructure, the amendment has been made by introducing section 2(nb)[35]. The term Cyber Security incorporates both the physical security devices as well as the information stored therein. It also covers protection from unauthorized access, use, disclose, disruption, modification and destruction. Section 43 A[36] has been introduced to compensate for failure to protect the data. The newly added section 43 (j) tries to expand the cases where compensation can be claimed to cases of a person without the permission of the owner of a computer, computer resource. Under section 67 C[37], a further responsibility has been cast on intermediaries. Section 72 A has been added to protect data handled under a contractual arrangement by the companies. This is an important provision that will pull internet service providers, and management service providers (MSPs)[38] and others who today think shirk from the responsibility of preserving information, which would serve as evidence in case of cyber offences. Section 78, now inspectors can undertake investigations of cyber crime under the Act. This means that it would not only DSPs who need to be trained in IT Act 2000 but all the inspector of the State. Privacy issue has been address by adding section 69 A[39] and 69 B[40]. Section 69

extended the scope to issue directions for interception or monitoring or decryption of any information through the computer resource. Under section 69 B, the government now will have. Powers to collect traffic data and also seek online access to information in the hands of an intermediary. Last but not the least, the IT Act 2008 has made many significant changes in the prevailing laws of cyber space applicable in India, one of which is regarded as cyber cafes[41]. Section 85, the company as well as its directors or officers in charge of the business shall be held guilty of the offence committed by the company. Thus, the vicarious liability[42] on the companies for data protection has been hardened. Additionally under section 84 B, abetment is punishable with the same punishment meant for the offence and under 84 C, attempt is punishable with half the imprisonment of the offence attempted. These are new provisions, which were not in the earlier version. At the same time 77 A provides that offences with three years imprisonment are compoundable and Section 77 B provides that such offences are cognizable and bailable. 4.2 Critical assessment of IT (Amendment) Act 2008 The IT (Amendment) Act 2008 clearly reflects the dominant political culture of India, like a lot of Act does. The amendments bill was passed in very hurry on December 22, 2008 along with eight other bills in just 17 min highlighting the lack of debate what should have been on controversial law. By contrast, in the USA, there is huge public outcry and media attention given to any laws that are being considered that might infringe upon the privacy of its citizens through mass surveillance as typified by the NSA warrant-less surveillance controversy[43]. The IT Act 2008 can be criticized at several points. First, currently, the IT Act 2000 has provided the punishment for various cyber offences ranging from three to ten years. These are non-bailable offences where the accused is not entitled to bail as a matter of right. But, the IT Act 2008 has reduced the quantum of punishment. For example, section 67 has reduced the quantum of punishment from existing five to three years. Similarly, the amount of punishment for the offence of failure to comply with the directions of the CCA is reduced from three to two years. Further, the offence of hacking as defined under section 66 of IT Act 2000 has been completely deleted. The cutting of certain elements of the effects of hacking under the existing section 66 and putting the same under the section 43 make no legal or pragmatic sense. Second, some provisions in the IT Act 2008 hold the IP address owner responsible for the actions performed in that computer. Even if someone else downloads adult content, prima facie the owner of the IP address will be responsible. Holding a person responsible for the things, which he/she has not done, would not justify. The amendment does not seem to be practically possible. Third, the IT Act 2008 does not address the jurisdictional issues. At a time when the internet has made geography history, it was expected that the new amendments would throw far more clarity on complicated issues pertaining to jurisdiction. This is because numerous activities on the internet take place in different jurisdictions and that there is need for enabling the Indian authorities to assume enabling jurisdiction over data and information impacting India, in a more comprehensive way than in manner as sketchily provided under the current law. Fourth, the IT Act 2008 does not really bring about much of a change with respect to encryption, except for expanding the scope of the governments power to order decryption. While earlier, under section 69, the Controller had powers to order decryption for certain purposes and order subscribers to aid in doing so (with a sentence of up to seven years upon non-compliance), now the

E-commerce laws in India 273

IJLMA 52,4

274

government may even call upon intermediaries to help it with decryption (Section.69 (3)). Additionally, section 118 of the Indian Penal Code has been amended to recognize the use of encryption[44] as a possible means of concealment of a design to commit [an] offence punishable with death or imprisonment for life. Fifth, cheating by personation is not defined, and it is not clear whether it refers to cheating as referred to under the Indian Penal Code as conducted by communication devices, or whether it is creating a new category of offence. In the latter case, it is not at all clear whether a restricted meaning will be given to those words by the court such that only cases of phishing are penalized, or whether other forms of anonymous communications or other kinds of disputes in virtual worlds (like Second Life) will be brought under the meaning of personation and cheating. Sixth, another problem is that the word transmit has only been defined for section 66E. The phrase causes to be transmitted is used in sections 67, 67A and 67B. That phrase, on the face of it, would include the recipient who initiates a transmission along with the person from whose server the data is sent. While in India, traditionally the person charged with obscenity is the person who produces and distributes the obscene material, and not the consumer of such material. This new amendment might prove to be a change in that position. Seventh, it is heartening to see that the section on child pornography (section 67B) has been drafted with some degree of care. It talks only of sexualized representations of actual children, and does not include fantasy play-acting by adults, etc. From a plain reading of the section, it is unclear whether drawings depicting children will also be deemed an offence under the section. Unfortunately, the section covers everyone who performs the conducts outlined in the section, including minors. A slight awkwardness is created by the age of children being defined in the explanation to section 67B as older than the age of sexual consent. So a person who is capable of having sex legally may not record such activity (even for private purposes) until he or she turns 18. It is also very strange about the IT Act 2008 that browsing or downloading pornography on the internet even accidentally/unknowingly/unintentionally may send anyone behind the bars for five years with a fine that may go up to Rs 10 lakhs, and the term raised to seven years on second conviction. One of the most alarming aspects of the Act is that it fails to put in place a safeguard mechanism that can prevent the state from misusing this Act. Because the Act states that safeguards would be stipulated at a later date, it would clamp down on civil liberties right away. The Act only says that safeguards will be stipulated at a later date, which is clearly insufficient. Last but not the least, IT Act 2008 is silent on the important issues like e-taxation, e-payment and consumer protection. 5. Concluding remarks Legal framework is necessary for the growth and development of new technologies like e-commerce. As e-commerce has raised several legal issues, it has become important for every nation to have e-commerce laws. In India, Information Technology Act deals with the various issues related to e-commerce. In fact, the Act was passed to regulate the activities related to e-commerce, e-governance and cyber offences. The Act has been amended in 2008. When the Indian government thought of amending the IT Act 2000, ecommerce players and Indian IT industries including BPO thought that they would get a improved version of IT Act 2008 that would address the problems of data theft, consumer protection, security and privacy, spam, e-taxation and e-payment mechanisms, etc. A Law that would prevent abuse by the Police as well as the executive. A Law that addresses the issues arising out of Cyber Terrorism, Cyber Squatting, etc if they had

been omitted to be included earlier. But, the government has come with a legislation that would reduced the punishment in most cases, reduces the power of police, providing compounding at executive level even for criminal offences without consent of the victim, makes it difficult to apply penal provisions, provides immunity from vicarious liabilities for intermediaries against any law in the country. Further, according to amended Act majority of the cyber crimes shall be bailable. Thus, the expectations of the nation for effectively tackling cyber crime and stringently punishing cyber criminals have all been let down by the extremely liberal amendments, given their soft corner and indulgence for cyber criminals. It is also clear that the Act is much to regulate the cyber offences and egovernance activities not e-commerce activities as various issues related to e-commerce has not been touched in the IT (Amendment) Act 2008. The Act does not create rebuttal presumptions of confidentiality of trade secrets and information. In the absence of strong protection of data theft and privacy nothing is left for Indian outsourcing industry. Absence of an effective remedy for corporations is likely to further erode the confidence of the Indian industries in the new e-commerce legal regime. Weak and outdate regulations and weak enforcement mechanisms for protecting networked information create an inhospitable environment in which to conduct ecommerce within a country and across the national boundaries. Inadequate legal protection of digital information can create barriers to its exchange and stunt the growth of e-commerce. As business expands globally, the need for strong and consistent means to protect networked information will grow. E-commerce cannot be implemented successfully within the present mental set up of government of India. Indian government must appreciate that for safe and secure business environment on the cyberspace, a sound legal framework is needed. The present IT Act is weak on various fronts and in the absence of sound legal framework e-commerce cannot create a success story in India. Therefore, there is strong need to introduce separate law for e-commerce in India as the existing laws are incapable to deal with the various issues and emerging problems in the age of e-commerce.
Notes 1. Electronic commerce (popularly know as e-commerce) is a subset of e-business, is the purchasing, selling, and exchanging of goods and services over computer networks (such as the internet) through which transactions or terms of sale are performed electronically. Contrary to popular belief, e-commerce is not just on the web. In fact, e-commerce was alive and well in business-to-business transactions before the web back in the 1970s via EDI (electronic data interchange) through VANs (value-added networks). E-commerce can be broken into four main categories: B2B, B2C, C2B and C2C. 2. India TV has won an internet domain case against a US-based firm with the Delhi High Court restraining the latter from using a web address to broadcast Indian TV programmes in its original form. In its petition, India TV had alleged that the internet domain, indiatvlive.com, used by the US-based India Broadcast Live, was similar to its trademark and that the plaintiffs had no legitimate right over the domain name. In an interim order delivered by Justice S.K. Kaul in January, the US-based firm was restrained from using any domain name containing the words India TV as also barred from transferring the rights to any other entity. Now, in the final order this month, even though the court has permitted the defendants to use the domain name, it has nevertheless required a disclaimer to be placed prominently next to the logo of Indiatvlive.com. The court said the disclaimer should read: The website has no connection, affiliation or association whatsoever with India TV, the Indian Hindi news and current affairs television channel. However, the defendants shifted to another

E-commerce laws in India 275

IJLMA 52,4

276

domain name indiabroadcastlive.com and the court has taken cognisance of the same. The court observed that when the impugned domain name is typed, a redirection notice says the website is not operational due to interim orders passed and visitors are automatically redirected to indiabroadcastlive.com. Thus, the respondents have rectified the position, Justice Kaul said in his order and added: In view of the aforesaid, I do not deem it appropriate to proceed further with the petition and the petition stands cancelled. The court also disallowed the defendants from proceeding against India TV with a suit filed in the district courts in Arizona. 3. Briefly, the following issues arise for consideration: . Traditional source concepts were based on a strong connection between economic activity and a specific location. Traditional residency concepts were based on parameters such as personal and economic relations, physical presence and place of effective control. These concepts were used as effective tools in allocating taxing rights between various countries. As technological changes weaken the physical nexus of business with a specific geographical point, what are the implications for this concept? With whom lies the jurisdiction to tax? . A related issue is the constitution of a permanent establishment (PE). Are the traditional principles of PE valid in the determination of the jurisdiction to tax? Can a server or a server space constitute a PE for tax purposes? . How can income from transfer of technology over the internet be characterized? Does it constitute business profits or royalties? Is there is an erosion of source taxation? . How can new technologies be used to improve the administration of taxes by checking problems of tax evasion, identifications and audit trails of the transactions and providing better services to taxpayers? . What would be the transfer pricing issues arising out of EC transactions? . What are the issues arising in relation to value added tax? 4. The Cyber Crime Investigation Cell (CCIC) of the Mumbai Police is currently conducting investigations in a case of possible corporate data theft, in which a former employee of a leading IT company illegally logged into the firms data network and stole sensitive information by sending data files to his personal e-mail address. The company, which provides market research, data collection, analytics and online marketing services to global clients, has approached the police with a complaint that the suspected data thief is about to join a rival company in Chennai, armed with sensitive information belonging to his former employers. 5. Indian hackers always thought they were too sophisticated to fall into the hands of the rough cops in this country, whom various human rights groups routinely accuse of brutality. But that feeling evaporated after one of the four people arrested recently in connection with a hacking incident accused Mumbai police of breaking his hand during interrogation. 6. India ranked first for viruses and worms and second for Trojans and back doors, which likely contributed to its high ranking in the Symantec metric that assesses the countries or regions in which the most malicious activity takes place or originates. China ranked first for aggregate malicious activity within the APJ region in 2008, as it did in 2007. India increased its proportion of activity in almost every category, though its rankings remained mostly constant. A factor that explains the prominence of India in this metric is that internet cafes are still the most popular venue for its citizens to access the internet, with 37 percent of the population using this method to go online. 7. The Delhi Police has recently registered Indias First Case of Cyberstalking. One Mrs. Ritu Kohli complained to the police against the person who was using her identity to chat over the internet at the website www.mirc.com, mostly in the Delhi channel for four consecutive days. Mrs Kohli further complained that the person was chatting on

8.

9. 10.

11.

12.

13.

14.

15.

the net, using her name and giving her address and was talking obscene language. The same person was also deliberately giving her telephone number to other chatters encouraging them to call Ritu Kohli at odd hours. Consequently, Mrs Kohli received almost 40 calls in three days mostly at odd hours from as far away as Kuwait, Cochin, Bombay and Ahmedabad. The said calls created havoc in the personal life and mental peace of Ritu Kohli who decided to report the matter. In a case, the Minnesota Attorney General brought suit under the state consumer protection statute alleging that the defendant, a Nevada resident, was liable for deceptive trade practices, false advertising and consumer fraud on the internet by advertising that gambling on the internet is legal even though the specific on-line gambling service associated with the defendant was not yet operational. While the decision is limited to the defendants unsuccessful argument that, as a Nevada resident, he was not subject to personal jurisdiction by the Minnesota courts, it illustrates the extent to which consumer protection laws are being used by the states to prosecute fraud even prospective fraud on the internet. On October 31, 1998 the Minnesota Supreme Court agreed to review the case. Minnesota vs Granite Gate Resorts, Inc., 569 N.W.2d 715(Mn. App. Ct. 1997). E-commerce laws apply not only to websites, which are used for buying and selling goods and services, but also to variety of information society services. The Ministry of Commerce Government of India created the first draft of the legislation following the UNO termed as E-Commerce Act, 1998. After the formation of a separate ministry of Information Technology, the draft was taken over by the new ministry which re-drafted the legislation as Information Technology Bill 1999. The draft was placed in the Parliament in December 1999. The Act came into effect following the clearance of the Information Technology Bill in May 2000 by both house of the Parliament. The bill received the assent of the President of India in August 2000. A lot of countries and organizations hurried to put into place a specific set of rules to govern the e-commerce transactions, like the UN (United Nations), WTO (World Trade Organisation) and the European Union, and individual countries. France issued its ecommerce law in 2000, the US issued its e-commerce law in 2001, Italy enacted its very abbreviated and general e-commerce law in 1999 and Luxemburg in 2000. In the Arab world, there are some countries which issued e-commerce laws in the past few years such as Tunisia, which was the first Arab country to issue an e-commerce law in 2000, and Jordan issued e-commerce law in 2001 and the Emirate of Dubai issued its code in 2002. The purpose of the Model Law is to offer national legislators a set of internationally acceptable rules to provide increased certainty as to the legal effect or validity of electronic messages, and to create a more secure legal environment for e-commerce. The Model Law also provides principles for parties engaged in e-commerce to follow in drafting contracts. Electronic records are defined in the ITAct U/s 2(1)(t) as electronic record means date, record or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer generated microfiche. The Act makes numerous amendments to the Indian Panel Code. By the virtue of section 91 of the IT Act, the amendments to the IPC, as described in the first schedule of the IT Act, take effect. Most of these amendments are in the nature of recognizing the validity of electronic documents and electronic signatures. The Act amends existing IPC offences such that these offices will also be punishable if committed with regard to the electronic counterparts. The key provision that are showed t be made in Indian Evidence Act relate to widening of the scope of term document to include electronic records. Most important, section 65 B recognizes admissibility of computer outputs in media, paper, and optical or magnetic form. There are detailed provisions related to admissibility of computer output as evidence. New Section 73 (A) prescribes procedures for verification of digital

E-commerce laws in India 277

IJLMA 52,4
16. 17.

278

18.

19.

20.

21.

22.

signatures. New sections 85 (A) and 85 (B) create presumption as regards electronic contracts, electronic records and digital signatures, digital signatures certificates and electronic messages. The Bankers Book Evidence Act has been amended in the manner specified in the third schedule of the Act (Section 93). The Reserve Bank of India Act has been amended in the manner specified in the fourth schedule of the Act (Section 94). Section 4 of the Act states that when under any particular law, if any information is to be provided in writing or typewritten or printed form, then notwithstanding that law, the same information can be provided in electronic form, which can also be accessed for any future reference. This non-obstante provision will make it possible to enter into legally binding contracts on-line. Section 5 provides that when any information or other matter needs to be authenticated by the signature of a person, the same can be authenticated by means of the digital signature affixed in a manner prescribed by the Central Government. Under Section 10, the Central Government has powers to make rules prescribing the type of digital signature, the manner in which it shall be affixed, the procedure to identify the person affixing the signature, the maintenance of integrity, security and confidentiality of electronic records or payments and rules regarding any other appropriate matters. The digital signature with the subscriber has two parts. The first part is the private key and the latter is the public key. A person can certify a document only by using a combination of the two parts. Any other person can view the document using the public key by any attempt to alter will result in it being rendered useless. The definition the provided in IT Act 2000 for the Section 66 offence, which is called hacking, is unique since it is distinct from definitions used in other International laws for defining an offence of somewhat similar nature. It also recognizes diminishing of value and injurious effect of the information residing inside a computer. Of course it also mentions the more obvious destruction, deletion and alteration. Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person, destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking. Whoever commits hacking shall be punished with imprisonment up to three years, or with fine, which may extend up to two lakh rupees, or with both. Save as otherwise provided in this Act or any other law for the time being in force, any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made there under, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both. The aforesaid section has a limited application only. It confines itself to the acts and omissions of those persons, who have been conferred powers under this Act, Rules or Regulation made there under Section 72 of the Act relates to any person who in pursuance of any of the powers conferred by the Act or its allied rules and regulations has secured access to any: first, electronic record; second, book; third, register; fourth, correspondence; fifth, information; sixth, document; or seventh, other material. If such person discloses such electronic record, book, register, correspondence, information, document or other material to any other person, he will be punished with imprisonment for a term, which may extend to two years, or with fine, which may extend to two years, or with fine, which may extend to one lakh rupees, or with both.

23. In 2002, a person was convicted for a credit card fraud. It was the nations first cyber conviction through the CBI (Central Bureau of Investigation), though the Act was not invoked, and the man was convicted under section 418, 419 and 420 of IPC. 24. In a recent case of a video of a Noida girl doing striptease that has been making rounds on the internet. The video was distributed widely through the net apparently after her estranged boyfriend released it. Both are B-school students and now the police has registered a case under section 506 and 507 (threat to murder) of the IPC since the victims family has not complained about the MMS scandal. Why was the case not registered under the IT Act? The police version is that no complaint was made about the MMS, another fact is that the police felt that the provisions of the Act are not strong enough. 25. For example the Act is unclear as to the qualifications of an adjudicating officer and the manner in which he shall adjudicate. Moreover, though the statute is supposedly a long arm statute, it does not indicate the powers of the adjudicating officers when a person commits a cyber crime or violates any provisions of the law from outside India. Several practical difficulties may also arise in importing the cyber criminal to India. The Act does not lay down any provisions whereby extradition treaties can be formed with countries where the cyber criminal is located. Therefore, the extra-territorial scope of the Act may be difficult to achieve. Furthermore, the powers to impose a penalty for a computer crime upto Rs 1 crore offers a large discretion to adjudicating officers and may turn out to be harmful. 26. Network service provider not to be liable in the certain cases: For the removal of doubts, it is hereby declared that no person providing any service as a (NSP) shall be liable under this Act, rules or regulations made there under for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention. 27. Section 69 of the Act empowers the Controller of Certifying Authority to order the interception of electronic information transmitted through any computer system in India. This explains the legal position of e-surveillance and website blocking powers of India as per the provisions of IT Act 2000. A logical question that arises is what will happen if the State exceeds it powers of blocking of web sites or e-surveillance. 28. A domain name is an identification label to define a realm of administrative autonomy, authority, or control in the internet, based on the domain name system (DNS). Domain names are used in various networking contexts and application-specific naming and addressing purposes. A prominent example are the top-level internet domains (TLDs) com, net and org. Below these top-level domains in the DNS hierarchy are the secondlevel and third-level domain names that are open for reservation and registration by endusers that wish to connect local area networks to the internet, run web sites, or create other publicly accessible internet resources. The registration of these domain names is usually administered by the domain name registrar, who sell their services to the public. 29. Regulation of intellectual property rights, particularly copyright on the internet is an ever-growing problem. The Act does not discuss the implications of any copyright violations over the net. It has no provisions to penalize copyright infringers, commonly known as pirates, for their activities over the net. Internet piracy is a major problem has not been tackled by this Act. No amendments have been proposed to the Copyright Act of India. 30. In the Indian context till a Bill is finally notified by the Executive, it remains a Bill only. Thus, till the government of India notifies it, the old Information Technology Act 2000 would govern the Indian cyber law. 31. The Foreign Intelligence Surveillance Act (FISA) was first enacted in 1978 (Public Law 95-511) and later amended by the Patriot Act. It is at the center of the controversy concerning domestic spying by the NSA. It was passed after revelations of massive

E-commerce laws in India 279

IJLMA 52,4
32.

280

33.

34.

35.

36.

37.

38.

39. 40. 41.

42.

domestic spying abuses by the FBI, CIA and NSA were documented in reports issued by the Church Committee in the 1970s. In 1972, the United States Supreme Court had reviewed some of those abuses and declared that warrantless wiretaps of domestic groups for national security reasons were a violation of the Fourth Amendment. United States vs United States District Court (Keith), 407 US 297 (1972). Under this section, receiving a stolen computer, or a mobile or even a CD, or an e-mail containing stolen information may be punishable with three years of imprisonment. Phishing means sending an e-mail that falsely claims to be a particular enterprise and asking for sensitive financial information. Phishing, thus, is an attempt to scam the user into surrendering private information that will then be used by the scammer for his own benefit. Phishing uses spoofed e-mails and fraudulent web sites that look very similar to the real ones, thus fooling the recipients into giving out their personal data. Most phishing attacks ask for credit card numbers, account usernames and passwords. According to statistics phishers are able to convince up to five percent of the recipients who respond to them. Voyeurism is a psychosexual disorder in which a person derives sexual pleasure and gratification from looking at the naked bodies and genital organs or observing the sexual acts of others. The voyeur is usually hidden from view of others. Voyeurism is a form of paraphilia. A variant form of voyeurism involves listening to erotic conversations. This is commonly referred to as telephone sex, although it is usually considered voyeurism primarily in the instance of listening to unsuspecting persons. Cyber security means protecting information, equipment, devices, computer, computer resources, communication from unauthorized access, use, disclosure, disruption, modification and destruction. Important to note that the limit for compensation which was Rs 1 crore under section 43 of IT Act 2000 has been removed. In other words, now there is no upper limit for damages that can be claimed. Intermediary shall preserve and retain such information as may be specified for such duration and in such manner and format as the Central Govt. prescribed. Further, any intermediary who intentionally or knowingly contravenes the provision of sub section (1) shall be punished with an imprisonment for a term, which may extend to three years and shall also be liable to fine. MSPs operate wireless networks on behalf of their clients usually large organizations that outsource key helpdesk or network operations functions to the MSP. The MSPs employees may work in a centralized Network Operations Center or onsite at the clients premises. In either case, the MSP needs a comprehensive, scalable and flexible management solution that can be used across multiple customer engagements. Power to issue directions for blocking for public access of any information through any computer resource. Power to authorize to monitor and collect traffic data or information through any computer resource for cyber security. According to Section 2 (na) of IT Act 2008, cyber cafe means any facility from where access to the internet is offered by any person in the ordinary course of business to the members of public. Vicarious liability is a form of strict, secondary liability that arises under the common law doctrine respondeat superior the responsibility of the superior for the acts of their subordinate, or, in a broader sense, the responsibility of any third party that had the right, ability or duty to control the activities of a violator. It can be distinguished from contributory liability, another form of secondary liability, which is rooted in the tort theory of enterprise liability.

43. The NSA warrantless surveillance controversy concerns surveillance of persons within the United States incident to the collection of foreign intelligence by the USA National Security Agency (NSA) allegedly as part of the war on terror. Under this program, referred to by the Bush administration as the terrorist surveillance program, the NSA is authorized by executive order to monitor, without warrants, phone calls, e-mails, internet activity, and text messaging, and other communication involving any party believed by the NSA to be outside the USA, even if the other end of the communication lies within the USA. The exact scope of the program is not known, but the NSA is or was provided total, unsupervised access to all fiber-optic communications going between some of the nations major telecommunication companies major interconnect locations, including phone conversations, email, web browsing and corporate private network traffic. 44. The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data are called plain text; encrypted data are referred to as cipher text. There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption. References Anderson, E., Day, G.S. and Rangan, V.K. (1997), Strategic channel design, Sloan Management Review, Vol. 38 No. 4, pp. 59-69. Bakos, J.Y. (1991), A strategic analysis of electronic marketplaces, MIS Quarterly, Vol. 15 No. 3, pp. 295-310. Basu, S. and Jones, R. (2002), Legal issues affecting e-commerce: a review of Indian Information Technology Act, 2000, paper presented at the 17th BILETA Annual Conference, 5-6 April, Free University, Amsterdam. Benjamin, R. and Wigand, R. (1995), Electronic markets and virtual value chains on the information superhighway, Sloan Management Review, Vol. 36 No. 2, pp. 62-72. Christersen, C.M., Suarez, F.F. and Utterback, J.M. (1998), Strategies for survival in fast-changing industries, Management Science, Vol. 44 No. 12, pp. S207-20. CII (2001), E-commerce in India: how to make it happen?, Report of the CII National Committee on e-commerce 2000-2001, Confederation of Indian Industry. Dutta, S. (2003), Impact of information communication technology on society, Yojana, Vol. 47 No. 2, p. 24. Gallaugher, J. (2002), E-commerce and the undulating distribution channel, Communications of the Association for Computing Machinery, Vol. 45 No. 7, pp. 89-95. Kaur, K. (2005), Consumer protection in e-commerce in Malaysia: an overview, UNEAC Asia Papers, No. 10. Khatibi, A., Thyagarajan, V. and Seetharaman (2003), E-commerce in Malaysia: perceived benefits and barriers, Vikalpa, Vol. 28 No. 3, pp. 77-81. Kuhn, P. and Skuterud, M. (2000), Internet and traditional job search methods, 1994-1999, paper presented to the IRPP and CERF Conference on Creating Canadas Advantages in an Information Age, May. Light, D.A. (2001), Sure, you can trust us, MIT Sloan Management Review, Vol. 43 No. 1, p. 17. Mitnick, K.D. and William, L.S. (2002), The Art of Deception: Controlling the Human Element of Security, John Wiley and Sons, New York, NY. Neuman, B.C. and Genyady, M. (1998), Internet payment services, in McKnight, L.W. and Bailey, J.P. (Eds), Internet Economics, MIT Press, Cambridge, MA, pp. 401-16. Nicholas, R. and Jerry, F. (2002), Electronic customer relationship management: an assessment of research, International Journal of Electronic Commerce, Vol. 6 No. 3, pp. 59-111.

E-commerce laws in India 281

IJLMA 52,4

282

Pastor, R.S. and Alessandro, V. (2004), Evolution and Structure of the Internet: A Statistical Physics Approach, Cambridge University Press, Cambridge. Poon, S. (2000), Business environment and internet commerce benefits: a small business perspective, Journal of Information System, Vol. 9, pp. 7-81. Rastogi, R. (2002), Country Report on E-Commerce Initiatives, available at: www.unescap.org/tid/ publication/part_three2261_ind.pdf (accessed 4 June 2008). Shapiro, C. and Varian, H. (1999), Information Rules: A Strategic Guide to the Networked Economy, Harvard Business School Press, Boston, MA. Sumanjeet (2002), Cyber laws in need of upgrade, Indian Business Law Journal, Vol. 1 No. 2, pp. 27-9. Sumanjeet (2005), E-CRM building the loyal customers in the age of electronic commerce, Pakistan Management Review, Vol. XLII No. 3, pp. 45-54. Sumanjeet (2008a), Electronic commerce in India: the evolution of revolution, E-Business, July. Sumanjeet (2008b), Impact of e-commerce on economic models: little to lose; more to gain, International Journal of Trade and Global Markets, Vol. 1 No. 3, pp. 319-37. Sumanjeet (2010), Digital divide in India: measurement, determinants and policy for addressing the challenges of digital divide, International Journal of Innovation and Digital Economy (accepted for publication, forthcoming issue). Timmers, P. (1999), Electronic Commerce: Strategy and Models for Business-to-Business Trading, John Wiley, Chichester. Verma, Y. (2001), Broadband: the brakes are on, Dataquest (India), 15 May. Zhu, K., Kenneth, L.K. and Xu, S. (2002), A cross-country study of electronic business adoption using the technology-organization-environment framework, paper presented at the ICIS Conference, Barcelona, 15-18 December. Corresponding author Dr Sumanjeet can be contacted at: sumanjeetsingh@gmail.com

To purchase reprints of this article please e-mail: reprints@emeraldinsight.com Or visit our web site for further details: www.emeraldinsight.com/reprints

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.