Documente Academic
Documente Profesional
Documente Cultură
Unit 1
Cyber world: an overview, internet and online resources, security of information, digital
signature, intellectual property (IP), historical background of IP, IPR governance,
National patent offices, the world intellectual property organization (WIPO)
Cyber world:
Some think cyber world is the world of online computers and communications which implies
today's fast-moving high-technology world online. That is one way to look at it if you are into
abstractions and distractions. We are interested in something more tangible and real; so we've
redefined the term to give it the power and meaning that it deserves.
The Cyber World 1. An online world where users have the mechanisms in place to transact any business or
personal activity as easily and freely as they can transact them in the physical world.
2. An environment for sophisticated online computing.
3. The futuristic online world of computing.
This obviously means the cyber world does not exist. Up to now weve been having a lot of
fun online using a web of documents and data. After 20 years of surfing, maybe it's time to
get serious. It seems we've gotten ourselves caught in a web and we dont know how to get
out.
The Cyber World is a digital extension of yourself interacting with a digital extension of our
real world in a Virtual environment. It should be obvious you cant build virtual extensions
on a web or web pages. We have to have something much more sophisticated.
These digital extensions will give the ordinary user extraordinary capabilities compared to
todays standards. The Cyber World will allow the internet to move to a more advanced level
of online computing. Things like voting, attending classes, purchasing homes and
automobiles, court proceedings, job interviews, grocery shopping, Medical care and
diagnostics, computer and home appliance maintenance and diagnostics, real time monitoring
and enforcement of cyber-crime, etc., will all be done online with ease. Many expected the
web to produce all these things, but the dot com meltdown was the first sign that web
technology was not up to the challenge. This is the simple part. Maybe not so simple for the
web but we are dealing with a super technology. The Cyber World's goals and capabilities
will reach much higher. The Cyber World has the ability to set the human race free. Free from
itself, business and government. If there is one thing we've learned from the web, is that
freedom will grow anything. It is like fertilizer. The Internet enhanced by the Web is the
purest expression of Freedom and Democracy the world has ever known. Yet, there are
people who want to limit this freedom in order to control it - in order to make money. This is
backwards. It's very simple, you only need a little imagination. Because we live in digital age,
it is no longer necessary to divide and conquer to profit. In a digital age, this will only lead to
failure. There is a new recipe for profiting in the digital age. Adding Freedom = Big Profits.
No one says no to freedom and yes to slavery. The Internet enhanced by the Cyber World
will give the human race true Freedom and Autonomy.
Internet and online resources:
Atul Chouhan
In general, Web pages and documents on the Internet that provide useful information. While
an online resource is typically data and educational in nature, any support software available
online can also be considered a resource.
We use the term "electronic resources" to refer to a variety of resources available online. This
includes our online collections of magazine and newspaper articles, encyclopaedias, financial
and investment resources, online language learning systems, business directories, practice
tests and study guides, and live, web-based, one-on-one tutoring.
These and many more are paid and some are free of charge. You just need to log in with your
computer. These resources are available 24 hours a day, seven days a week, from any
computer with an Internet connection.
Online sources are informational resources found on the Internet. They include the websites
of professional organizations, electronic versions of reference books, academic journals and
periodicals, and even blogs. Online sources are great for research, as long as you put in the
work to determine which sources are reliable! This is a multi-step process that involves
figuring out a particular sources publisher, author, bias, depth, accuracy, and timeliness.
Security of information:
Information Security is a multidisciplinary area of study and professional activity which is
concerned with the development and implementation of security mechanisms of all available
types (technical, organisational, human-oriented and legal) in order to keep information in all
its locations (within and outside the organisation's perimeter) and, consequently, information
systems, where information is created, processed, stored, transmitted and destroyed, free from
threats.
Security of information can be defined in following ways:
Integrity
In information security, data integrity means maintaining and assuring the accuracy and
consistency of data over its entire life-cycle. This means that data cannot be modified in an
unauthorized or undetected manner. This is not the same thing as referential integrity in
databases, although it can be viewed as a special case of consistency as understood in the
classic ACID model of transaction processing. Information security systems typically provide
message integrity in addition to data confidentiality.
Availability
For any information system to serve its purpose, the information must be available when it is
needed. This means that the computing systems used to store and process the information, the
security controls used to protect it, and the communication channels used to access it must be
functioning correctly. High availability systems aim to remain available at all times,
preventing service disruptions due to power outages, hardware failures, and system upgrades.
Atul Chouhan
Atul Chouhan
Although many of the legal principles governing IP and IPR have evolved over centuries, it
was not until the 19th century that the term intellectual property began to be used, and not
until the late 20th century that it became commonplace in the majority of the world. The
Statute of Monopolies (1624) and the British Statute of Anne (1710) are now seen as the
origins of patent law and copyright respectively, firmly establishing the concept of
intellectual property.
Atul Chouhan
multilateral agreements on IPR and examine whether the effects of IPR on innovation depend
on the countrys level of development, thus informing policies aimed at international
development. Research for this project began in 2012.
National patent offices:
A patent office is a governmental or intergovernmental organization which controls the issue
of patents. In other words, "patent offices are government bodies that may grant a patent or
reject the patent application based on whether or not the application fulfils the requirements
for patentability."
A patent office is a government body that is responsible for approving or denying any patent
applications submitted by applicants for inventions. Once an application has been approved
by the office, the applicant is granted the exclusive right to make, use, or sell the invention
for a set period of time. Typically, a patent office is staffed by people who have been formally
registered to practice before the office. These individuals are often also licensed attorneys.
Most offices grant patents that are effective only within the borders of their own countries. If
an applicant is granted a patent in one country, he or she must generally submit a separate
application to an office in each foreign country in order to get foreign patent rights. Most
countries have their own patent rules and charge filing fees. As a result, filing a patent with
multiple foreign offices can be an expensive undertaking.
Many patent offices have designated a specific process for the filing of patents. In general, an
applicant is first required to search a database of patent records in order to determine whether
another person has already patented his or her invention. If the invention hasnt been
patented, the applicant can submit an application to the office. The office will undertake a
patent prosecution, during which it determines whether the patent will be granted or denied.
If the patent is denied, the applicant usually has the right to appeal the decision to an appeals
board. The applicant is normally responsible for paying any fees associated with the
application process. The patent office may also charge fees for maintaining or renewing a
patent.
In addition to approving patents, a patent office publishes and distributes information relating
to patents, and it records instances in which a patent holder assigns his or her invention to
another person or entity. It also serves as an official record custodian. In this capacity, it may
retain a database of national and international records. Additionally, a patent office generally
provides the public with a facility to search and inspect patents already on file.
In some countries, patent offices are more generally referred to as intellectual property
offices. In addition to reviewing patent applications, they also handle issues relating to
trademarks and copyrights. A trademark is a type of protection offered for logos that
differentiate a particular product or service. Copyrights are granted to protect certain works,
such as a literary, artistic, or musical creation.
Atul Chouhan
WIPO:
The World Intellectual Property Organization (WIPO) is one of the 17 specialized
agencies of the United Nations.
WIPO was created in 1967 "to encourage creative activity, to promote the protection of
intellectual property throughout the world."
WIPO currently has 188 member states, administers 26 international treaties, and is
headquartered in Geneva, Switzerland. The current Director-General of WIPO is Francis
Gurry, who took office on October 1, 2008. 186 of the UN Members as well as the Holy See
and Niue are Members of WIPO. Non-members are the states of Marshall Islands, Federated
States of Micronesia, Nauru, Palau, Solomon Islands, South Sudan and Timor-Leste.
Palestine has observer status.
Established in 1967, the World Intellectual Property Organization (WIPO) is an international
organization dedicated to helping ensure that the rights of creators and owners of intellectual
property are protected worldwide, and that inventors and authors are therefore recognized and
rewarded for their ingenuity. This international protection acts as a spur to human creativity,
pushing back the limits of science and technology and enriching the world of literature and
the arts. By providing a stable environment for marketing products protected by intellectual
property, it also oils the wheels of international trade. WIPO works closely with its Member
States and other constituents to ensure the intellectual property system remains a supple and
adaptable tool for prosperity and well-being, crafted to help realize the full potential of
created works for present and future generations.
Promotion of IP
As part of the United Nations system of specialized agencies, WIPO serves as a forum for its
Member States to establish and harmonize rules and practices for the protection of
intellectual property rights. WIPO also services global registration systems for trademarks,
industrial designs and appellations of origin, and a global filing system for patents. These
systems are under regular review by WIPOs Member States and other stakeholders to
determine how they can be improved to better serve the needs of users and potential users.
Many industrialized nations have intellectual property protection systems that are centuries
old. Among newer or developing countries, however, many are in the process of building up
their patent, trademark and copyright legal frameworks and intellectual property systems.
With the increasing globalization of trade and rapid changes in technological innovation,
WIPO plays a key role in helping these systems to evolve through treaty negotiation; legal
and technical assistance; and training in various forms, including in the area of enforcement.
WIPO works with its Member States to make available information on intellectual property
and outreach tools for a range of audiences from the grassroots level through to the business
sector and policymakers to ensure its benefits are well recognized, properly understood and
accessible to all.
How is WIPO funded?
WIPO is a largely self-financed organization, generating more than 90 percent of its annual
budget through its widely used international registration and filing systems, as well as
through its publications and arbitration and mediation services. The remaining funds come
from contributions by Member States.
Atul Chouhan
UNIT-2
Introduction about the cyber space, cyber law, regulation of cyber space, scope of cyberlaws: ecommerce; online contracts; IPRs (copyright, trademarks and software
patenting), E-taxation; e-governance and cyber-crimes,
Cyber law in India with special reference to Information Technology Act, 2000.
Introduction about the cyber space:
Cyberspace is "the notional environment in which communication over computer networks
occurs." The word became popular in the 1990s when the uses of the internet, networking,
and digital communication were all growing dramatically and the term "cyberspace" was able
to represent the many new ideas and phenomena that were emerging. The parent term of
cyberspace is "cybernetics", derived from the Ancient Greek word which means steersman,
governor, pilot, or rudder, cyberspace is introduced by William Gibson a science fiction
writer.
As a social experience, individuals can interact, exchange ideas, share information, provide
social support, conduct business, direct actions, create artistic media, play games, engage in
political discussion, and so on, using this global network. They are sometimes referred to as
cybernauts.
Unlike most computer terms, "cyberspace" does not have a standard, objective definition.
Instead, it is used to describe the virtual world of computers. For example, an object in
cyberspace refers to a block of data floating around a computer system or network. With the
advent of the Internet, cyberspace now extends to the global network of computers. So, after
sending an e-mail to your friend, you could say you sent the message to her through
cyberspace. However, use this term sparingly, as it is a popular newbie term and is well
overused.
The term cyberspace has become a conventional means to describe anything associated with
the Internet and the diverse Internet culture. The United States government recognizes the
interconnected information technology and the interdependent network of information
technology infrastructures operating across this medium as part of the US national critical
infrastructure. Amongst individuals on cyberspace, there is believed to be a code of shared
rules and ethics mutually beneficial for all to follow, referred to as cyberethics.
A metaphor for describing the non-physical terrain created by computer systems. Online
systems, for example, create a cyberspace within which people can communicate with one
another (via e-mail), do research, or simply window shop. Like physical space, cyberspace
contains objects (files, mail messages, graphics, etc.) and different modes of transportation
and delivery. Unlike real space, though, exploring cyberspace does not require any physical
movement other than pressing keys on a keyboard or moving a mouse.
Some programs, particularly computer games, are designed to create a special cyberspace,
one that resembles physical reality in some ways but defies it in others. In its extreme form,
Atul Chouhan
called virtual reality, users are presented with visual, auditory, and even tactile feedback that
makes cyberspace feel real.
Cyber law:
Cyber law or Internet law is a term that encapsulates the legal issues related to use of the
Internet. It is less a distinct field of law than intellectual property or contract law, as it is a
domain covering many areas of law and regulation.
Cyber Law is the law governing cyber space. Cyber space is a very wide term and includes
computers, networks, software, data storage devices
(Such as hard disks, USB disks etc.), the Internet, websites, emails and even electronic
devices such as cell phones, ATM machines etc.
Law encompasses the rules of conduct:
1. That have been Approved by the government, and
2. Which are in Force over a certain territory, and
3. Which must be obeyed by all persons on that territory.
Violation of these rules could lead to government action such as imprisonment or fine or an
order to pay compensation.
Cyber law encompasses laws relating to:
1. Cyber Crimes
2. Electronic and Digital Signatures
3. Intellectual Property
4. Data Protection and Privacy
Cybercrimes are unlawful acts where the computer is used either as a tool or a target or both.
The enormous growth in electronic commerce (e-commerce) and online share trading has led
to a phenomenal spurt in incidents of cyber-crime. To prevent these crimes and to maintain
the fair usage of the internet cyber laws are designed.
Cyber law include some of the major laws:
1. Copyright law
In relation to computer software, computer Source code, websites, cell phone content etc.
2. Software and source code Licences
3. Trademark law
With relation to domain names, Meta tags, Mirroring, framing, linking etc.
4. Semiconductor law
Which relates to the protection of Semiconductor integrated circuits design and layouts,
5. Patent law
In relation to computer hardware and software.
Data protection and privacy laws aim to achieve a fair balance between the privacy rights of
the individual and the interests of data controllers such as banks, hospitals, email service
Atul Chouhan
providers etc. These laws seek to address the challenges to privacy caused by collecting,
storing and transmitting data using new technologies.
In early times, there was no statute in India for governing Cyber Laws involving privacy
issues, jurisdiction issues, intellectual property rights issues and a number of other legal
questions. With the tendency of misusing of technology, there arisen a need of strict statutory
laws to regulate the criminal activities in the cyber world and to protect the true sense of
technology "INFORMATION TECHNOLOGY ACT, 2000" [ITA- 2000] was enacted by
Parliament of India to protect the field of e-commerce, e-governance, e-banking as well as
penalties and punishments in the field of cyber-crimes. The above Act was further amended
in the form of IT Amendment Act, 2008 [ITAA-2008]
Need for Cyber Law
There are various reasons why it is extremely difficult for conventional law to cope with
cyberspace. Some of these are discussed below.
1. Cyberspace is an intangible dimension that is impossible to govern and regulate using
conventional law.
2. Cyberspace has complete disrespect for jurisdictional boundaries. A person in India could
break into a banks electronic vault hosted on a computer in USA and transfer millions of
Rupees to another bank in Switzerland, all within minutes. All he would need is a laptop
computer and a cell phone.
3. Cyberspace handles gigantic traffic volumes every second. Billions of emails are
crisscrossing the globe even as we read this, millions of websites are being accessed every
minute and billions of dollars are electronically transferred around the world by banks every
day.
4. Cyberspace is absolutely open to participation by all. A ten-year-old in Bhutan can have a
live chat session with an eight-year-old in Bali without any regard for the distance or the
anonymity between them.
5. Cyberspace offers enormous potential for anonymity to its members. Readily available
encryption software and stenographic tools that seamlessly hide information within image
and sound files ensure the confidentiality of information exchanged between cyber-citizens.
6. Cyberspace offers never-seen-before economic efficiency. Billions of dollars worth of
software can be traded over the Internet without the need for any government licenses,
shipping and handling charges and without paying any customs duty.
7. Electronic information has become the main object of cyber-crime. It is characterized by
extreme mobility, which exceeds by far the mobility of persons, goods or other services.
International computer networks can transfer huge amounts of data around the globe in a
matter of seconds.
8. A software source code worth crores of rupees or a movie can be pirated across the globe
within hours of their release.
Atul Chouhan
10
9. Theft of corporeal information (e.g. books, papers, CD ROMs, floppy disks) is easily
covered by traditional penal provisions. However, the problem begins when electronic
records are copied quickly, inconspicuously and often via telecommunication facilities. Here
the original information, so to say, remains in the possession of the owner and yet
information gets stolen.
Regulation of cyber space:
Four models for regulation in cyber space are:
Norms / Education
In order to function and be accepted in a society, a person will live by its norms. You believe
in the role of educating people so that new norms may develop as new technology is used.
As an example of the change of attitudes that result from education programs you might look
back on smoking ads that once portrayed cigarette smokers as beautiful, sophisticated, sexy
people with the ads of today, where a blackened sponge is wrung out to show the impact of
smoking on the lungs.
Once education creates a new norm, community behaviour it is regulated by peer and social
pressure. Norms can involve the adoption of rules for regulating behaviour. These rules
may not have the force of law but they create a level of behaviour that anyone wanting to be
accepted in that group ought to adopt.
People that breach norms may incur sanctions. These sanctions do not have the force that
penalties or custodial sentences might have in a legal setting. The sanction when imposed
may result in an infringer being placed outside a norm group. On showing contrition,
particularly where there contrition is matched by entry into a re-education program about the
norm, the infringer may be readmitted. Usually a body or entity that is a part of the group will
make findings about any infringements and the sanction that ought to apply.
The norms that come about as a result of education may need to be put into writing. In a
technological era this writing might take the form of Acceptable Use Policies, Terms of
Engagement and other polices that act as a norm but may not be legally enforceable like a
Contract. Over time norms, can be made into law through legislation or litigation (case law).
Law
You believe in parliaments capacity to make laws to regulate the behaviour of its citizens.
Where parliaments are silent, the courts will make precedents.
People who break the law suffer sanctions - these can be civil penalties of loss of money
when an infringing party is ordered to pay damages to another. There is also criminal law
through which you believe society establishes what constitutes acceptable and unacceptable
behaviour. Unacceptable behaviour is regulated through a sentencing regime lesser offences
might incur fines and bonds, more serious ones some form of custodial sentence. You are
satisfied that if parliament makes a law then it is made by the people. What is parliament if
nothing other than a representative body of the people as expressed at elections?
Once a matter becomes law the law itself ought to be black letter it ought to be clearly
understood, free from doubt and dispute. Breaches should result in similar punishments.
Architecture
You believe in the power of human to design systems that regulate behaviour. To control
speeding in a back street you would design and build speed humps. In a digital world you
believe in the power of software code to be able to create a form of regulation. For example,
you might design a technological protection measure in your software that prevents a
program with a licence of ten users from allowing an eleventh user to open it over a network.
Atul Chouhan
11
You find education / norms too slow to bring about change. You find law too expensive. You
can design the world you want and have people regulate their behaviour because such
restrictions in behaviour are inherent in what you have created. You consider yourself a geek
and technological master of non-technical people who use other forms of regulation.
You also realise that if you can regulate behaviour through design then your product will be
more valuable. You usually work in the private sector though increasing your skills might be
sought in publicly owned entities wanting to develop monitoring and surveillance systems.
Market Forces
You are convinced that market forces regulate behaviour. If a manufacturer creates an unsafe
product this will become known to the market and consumers will not purchase these
products. If a software designer wants to copyright and licence his or her work, then the
market will determine if the software is worth buying as compared with that of competitors.
Markets will determine what survives and what doesn't in the market place. Market forces
also use price as a form of regulation. It is said consumers regulate their behaviour based on a
cost/benefit analysis. For example, at least theoretically, as the price of petrol rises,
consumers will travel less in their cars and take public transport, or push for its installation. In
its purest form, you believe that free markets, rather than government, will best regulate
human activity.
Scope of cyber laws:
Cyber law is that stream of law where all the cyber-crimes such as theft, fraud, etc. all of
which are subject to the Indian Penal Code are addressed by the Information Technology Act,
2000. With advanced technology and changing times, almost all the processes are now going
on IT platform. This is giving rise to increase of cyber-crimes in India as well as abroad.
Cyber-crimes are broadly categorized in two different categories:
(1) Using a computer to target other computer for e.g. Virus attacks, hacking, etc.
(2) Using a computer to commit crimes for e.g. Credit card frauds, cyber terrorism, etc.
Cyber-crime is a criminal exploitation of the internet. A misconduct that is committed against
an individual or groups of individuals with an unlawful intention to hurt the position of the
victim or cause any mental or physical harm to the victim directly or indirectly by using
advanced IT and related sources such as Internet and mobile phones is termed as cyber-crime.
Such crimes may be harmful for a country.
All these activities leading to crimes have given rise to a relatively new field in law for
protecting the interests of an individual which is called cyber law. Cyber law is important
because it touches almost all aspects of transactions and activities on and concerning the
Internet, the World Wide Web and Cyberspace.
Cyber law is concerned with every individual these days. This is primarily because we all use
internet in some or the other form daily. Internet is used when we create any account online,
while performing e-commerce transactions, net banking, sending or receiving emails, surfing
the net to take out some important information, etc.
Atul Chouhan
12
There are several advantages of Cyber Law to protect the individuals from getting trapped in
any cyber violations. The IT Act 2000 provides several guidelines in this regard.
Organizations shall now be able to carry out e-commerce using the legal infrastructure
provided by the laws.
The laws throws open the doors for the entry of corporate companies in the business
of being Certifying Authorities for issuing Digital Signatures Certificates.
Under the IT Act, 2000, it shall now be possible for corporates to have a statutory
remedy in case if anyone breaks into their computer systems or network and cause
loss.
The laws now allows Government to issue notification on the web thus indicating egovernance.
These laws also addresses the important issues of security, which are so critical to the
success of electronic transactions.
It is to be noted that since cyber law cannot be restricted to a geographical area, therefore, a
single transaction may involve the laws of at least three authorities: (1) the laws of the
state/nation in which the user resides, (2) the laws of the state/nation that apply where the
server hosting the transaction is located, and 3) the laws of the state/nation which apply to the
person or business with whom the transaction takes place.
There is a tremendous scope of cyber law in India as the number of activities through internet
is on increase with the changing times, the requirement for cyber laws and their application is
gathering momentum and hence the career option as a cyber-lawyer seems very lucrative
option for students.
Ecommerce:
Electronic commerce, commonly known as e-commerce or ecommerce, is trading in
products or services using computer networks, such as the Internet.
E-commerce (electronic commerce or EC) is the buying and selling of goods and services, or
the transmitting of funds or data, over an electronic network, primarily the Internet. These
business transactions occur either business-to-business, business-to-consumer, consumer-toconsumer or consumer-to-business. The terms e-commerce and e-business are often used
interchangeably. The term e-tail is also sometimes used in reference to transactional
processes around online retail.
E-commerce is conducted using a variety of applications, such as email, fax, online
catalogues and shopping carts, Electronic Data Interchange (EDI), File Transfer Protocol, and
Web services. Most of this is business-to-business, with some companies attempting to use
email and fax for unsolicited ads (usually viewed as spam) to consumers and other business
prospects, as well as to send out e-newsletters to subscribers.
Atul Chouhan
13
The benefits of e-commerce include its around-the-clock availability, the speed of access, a
wider selection of goods and services, accessibility, and international reach. Its perceived
downsides include sometimes-limited customer service, not being able to see or touch a
product prior to purchase, and the necessitated wait time for product shipping.
To ensure the security, privacy and effectiveness of e-commerce, businesses should
authenticate business transactions, control access to resources such as webpages for
registered or selected users, encrypt communications and implement security technologies
such as the Secure Sockets Layer.
Online contracts:
An electronic contract is an agreement created and "signed" in electronic form -- in other
words, no paper or other hard copies are used. For example, you write a contract on your
computer and email it to a business associate, and the business associate emails it back with
an electronic signature indicating acceptance. An e-contract can also be in the form of a
"Click to Agree" contract, commonly used with downloaded software: The user clicks an "I
Agree" button on a page containing the terms of the software license before the transaction
can be completed.
Since a traditional ink signature isn't possible on an electronic contract, people use several
different ways to indicate their electronic signatures, including typing the signer's name into
the signature area, pasting in a scanned version of the signer's signature, clicking an "I
accept" button, or using cryptographic "scrambling" technology.
Though lots of people use the term "digital signature" for any of these methods, it's becoming
standard to reserve the term "digital signature" for cryptographic signature methods and to
use "electronic signature" for other paperless signature methods.
Online contracts have become common. E-signature laws have made the electronic contract
and signature as legally valid as a paper contract. It has been estimated that roughly 110
electronic contracts are signed every second. From a legal point of view, in India, E-contracts
are governed by the Indian contract act (1872), according to which certain conditions need to
be fulfilled while formulating a valid contact. Certain sections in information Technology Act
(2000) also provide for validity of online contract.
Opting Out of Electronic Contracts
While the federal e-signature law makes paper unnecessary in many situations, it also gives
consumers and businesses the right to continue to use paper where desired. The law provides
a means for consumers who prefer paper to opt out of using electronic contracts.
Prior to obtaining a consumer's consent for electronic contracts, a business must provide a
notice indicating whether paper contracts are available and informing consumers that if they
give their consent to use electronic documents, they can later change their mind and request a
paper agreement instead. The notice must also explain what fees or penalties might apply if
the company must use paper agreements for the transaction. And the notice must indicate
whether the consumer's consent applies only to the particular transaction at hand, or to a
Atul Chouhan
14
larger category of transactions between the business and the consumer -- in other words,
whether the business has to get consent to use e-contracts/signatures for each transaction.
A business must also provide a statement outlining the hardware and software requirements
to read and save the business's electronic documents. If the hardware or software
requirements change, the business must notify consumers of the change and give consumers
the option (penalty-free) to revoke their consent to using electronic documents.
Although the e-signature law doesn't force consumers to accept electronic documents from
businesses, it poses a potential disadvantage for low-tech citizens by allowing businesses to
collect additional fees from those who opt for paper.
Contracts That Must Be on Paper
To protect consumers from potential abuses, electronic versions of the following documents
are invalid and unenforceable:
court orders, notices, and other court documents such as pleadings or motions
Atul Chouhan
15
Intellectual property law deals with the rules for securing and enforcing legal rights to
inventions, designs, and artistic works. Just as the law protects ownership of personal
property and real estate, so too does it protect the exclusive control of intangible assets.
Intellectual property rights include patents, copyright, industrial design rights, trademarks,
trade dress, and in some jurisdictions trade secrets
Copyright:
This is a property right, which subsists in literary and artistic works that are original
intellectual creations. Works covered by copyright include, but are not limited to novels,
poems, plays, reference works, articles, computer programmes, databases, films, musical
compositions, paintings, drawings, photographs, sculpture, architecture, advertisements, maps
and technical drawings.
Copyright protects all literary and artistic works that we create whilst using our intelligence
and our imagination provided it is expressed in a tangible form. The people who are the
creators are usually called authors even if they are really painters, photographers, writers,
artists, composers etc. . Copyright laws grant authors, and other creators protection for their
literary and artistic creations, generally referred to as works.
A closely associated field is neighbouring rights or related rights, or rights that
encompass rights similar or identical to those of copyright, although sometimes these can be
limited and of shorter duration.
In Trinidad and Tobago works of mas are also protected by copyright. The term works of
mas involves a combination of tangible manifestation, such as a physical costume and
intangible manifestation such as a style of dance, a style of oratory, etc. This provision is
intended to protect producers of works of mas especially as it relates to Trinidad and Tobago
Carnival celebrations.
Trademarks:
A trademark is a sign capable of distinguishing the goods or services of one enterprise from
those of other enterprises. Trademarks date back to ancient times when craftsmen used to put
their signature or "mark" on their products.
In principle, a trademark registration will confer an exclusive right to the use of the registered
trademark. This implies that the trademark can be exclusively used by its owner, or licensed
to another party for use in return for payment. Registration provides legal certainty and
reinforces the position of the right holder, for example, in case of litigation.
The term of trademark registration can vary, but is usually ten years. It can be renewed
indefinitely on payment of additional fees. Trademark rights are private rights and protection
is enforced through court orders.
A word or a combination of words, letters, and numerals can perfectly constitute a trademark.
But trademarks may also consist of drawings, symbols, three-dimensional features such as the
shape and packaging of goods, non-visible signs such as sounds or fragrances, or colour
shades used as distinguishing features the possibilities are almost limitless.
Trademarks are registered at a national or territory level with an appointed government body
and may take anywhere between 6 and 18 months to be processed. At the national/regional
level, trademark protection can be obtained through registration, by filing an application for
registration with the national/regional trademark office and paying the required fees. At the
Atul Chouhan
16
international level, you have two options: either you can file a trademark application with the
trademark office of each country in which you are seeking protection, or you can use WIPOs
Madrid System.
Registered trademarks may be identified by the abbreviation TM, or the symbol. (It is
illegal to use the symbol or state that the trademark is registered until the trademark has in
fact been registered).
Software patenting:
Patents:Generally speaking, a patent provides the patent owner with the right to decide how - or
whether - the invention can be used by others. In exchange for this right, the patent owner
makes technical information about the invention publicly available in the published patent
document.
A Patent is an exclusive right granted for an invention, which is a product or a process that
either provides a new way of doing something, or offers a new technical solution to a
problem. It provides protection for the invention, preventing others from manufacturing,
using and trading it. The owner is required to disclose technical information to the public
sufficient for persons with average skill in the art to manufacture and use the technology.
Necessity and barriers are essential to human creativity. Inventors and organizations put much
time, effort and resources into their inventions. Patents give inventors incentives in the form
of recognition and the opportunity for fair economic rewards. They also provide a spur to
others, wishing to use a protected technology, to find other solutions to the problem solved by
a particular patent. Nearly 80% of all new patents are improvements upon older technologies.
An underlying consideration is that this is usually part of business strategy. They are taken to
generate some sort of benefit for the owner. The patent process is expensive.
What cannot be patented:Patents are open to most areas of science and technology but some areas are excluded from
patentability. These are:
Ideas, hypotheses, discoveries (of things already existing in nature), scientific theories
and mathematical methods.
Rules of games, lottery systems, methods for performing mental acts, teaching
methods and organizational procedures.
Diagnostic, therapeutic and surgical methods used on the human and animal body.
Atul Chouhan
17
The intellectual property protection of computer software has been highly debated at the
national and international level. For example, in the European Union (EU), a draft Directive
on the Patentability of Computer-implemented Inventions has been discussed in order to
harmonize the interpretation of the national patentability requirements for computer softwarerelated inventions, including the business methods carried out via the computer. These
discussions show divergent views among stakeholders in Europe. Furthermore, the Internet
raises complex issues regarding the enforcement of patents, as patent protection is provided
on a country-by-country basis, and the patent law of each country only takes effect within its
own borders.
In many countries, computer programs, whether in source or object code, are protected under
copyright. The major advantage of copyright protection lies in its simplicity. Copyright
protection does not depend on any formalities such as registration or the deposit of copies in
the 151 countries party to the Berne Convention for the Protection of Literary and Artistic
Works. This means that international copyright protection is automatic - it begins as soon as
a work is created. Also, a copyright owner enjoys a relatively long period of protection,
which lasts, in general, for the life of the author plus 50 or, in certain countries, 70 years after
the authors death.
In contrast, a patent must be applied for, in principle, in each country in which you seek
patent protection. In order to enjoy patent protection, an application for a patent shall comply
with both formal and substantive requirements, and a patented invention shall be disclosed to
the public. These requirements can be legally and technically complex, and their compliance
often requires a legal experts assistance.
E-taxation:
Electronic tax filing, or e-filing, is a system for submitting tax documents to a revenue
service electronically, often without the need to submit any paper documents.
E-Government consists of various fast moving fields, E Taxation being a very specific one of
them. E-Taxation means trans-organizational processes with data transfer (upload and
download) between the IT systems of the professionals and those of the tax authorities. These
processes imply organizational, semantic and technical interoperability, service-oriented
architecture etc. E-Taxation also has to support tax authority processes: workflow systems
and electronic record management on the one hand, knowledge management and automated
risk analysis to assess the credibility of tax returns on the other hand. Tax inspectors need
support for checking the accounting data of taxpayers, but also for fighting against illegal
employment, tax evasion and social security fraud at construction sites. Tax laws and
procedures differ from one country to another. Nevertheless, in order to exchange experiences
and good practices, it is necessary to bring together scientists, practitioners and users
operating in the field of E-Taxation. It is the aim of this publication to foster these exchange
processes, especially between academia and practice, but also between different European
and non-European countries.
Atul Chouhan
18
The Internet has changed many of the fundamental and long standing concepts of direct and
indirect taxation. Governments all over the World are grappling with the various issues of
taxation raised by e-commerce. This is because of lack of comprehensive understanding of:
The communication technologies
The complex nature of business offered through Internet business, etc.
The modus operandi of Internet business, etc. has made the operation of tax
legislations more difficult.
The Information Technology Act, 2000, which is the first legislation to deal with e-commerce
is quite silent about tax system. Substantial amount of state revenue which is generated
through direct and indirect taxes is lost when Internet transaction remain untaxed7. A way is
to be found to tackle this relevant problem.
For the development of rational tax policy one should understand the nature of industry.
Some of the peculiarities of Internet are"11.
It is a network of networks and it cannot be controlled or owned by one person.
This network of networks is capable of rapidly transmitting packets from one
computer to another.
No human involvement is necessary to transmit data from one computer to another.
The Internet can re-route itself if one computer is connected to the net. Content wise
the Internet is very rich.
The world-wide web environment provides a user friendly graphical interface.
A simple click is sufficient to obtain vast information anywhere in the World.
It encompasses all territorial and geographical limitations
Keeping these unique qualities of the Internet in mind one should try to visualise the issues
concerning the taxes on the net.
Atul Chouhan
19
Atul Chouhan
20
Cybercrimes:In Simple way we can say that cybercrime is unlawful acts wherein the computer is either a
tool or a target or both. Cyber-crimes can involve criminal activities that are traditional in
nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the
Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes
that are addressed by the Information Technology Act, 2000.
In cyber-crime, ICT devices are either the target or the means of the crime, or are incidental
to it. Most cyber-crimes are not new crimes. Often the only difference is that the evidences
are in electronic form or that the tools used to commit the crimes are ICT tools. Indeed most
of the crimes committed today involve some amount of evidence in the electronic form such
as phone calls, messages, emails, electronic files etc. Most cyber-crime cases are booked in
India under the provisions of the Indian Penal Code (IPC) and laws on economic offenses,
and only very few under the Information Technology Act 2000. However, the Information
Technology Act 2000 has enabling provisions for admissibility of electronic evidences in the
courts of law.
Indeed,
Information warfare is now a recognized national threat. Indeed, IT disaster is among is the
newest additions to the man-made disasters. This brings out the need of strong international
cooperation on real-time basis to tackle cyber-crimes. Many companies do not report to
authorities about attacks on their networks out of fear of adverse publicity and losing the
confidence of the clients. Companies also fear that authorities may seize their servers, and
that the servers will remain with government functionaries for long time, which will cause
them serious financial loss. However, such sweeping of the problem under the carpet will
only make the criminals more and more emboldened.
Cyber law in India with special reference to Information Technology Act, 2000:
In May 2000, both the houses of the Indian Parliament passed the Information Technology
Bill. The Bill received the assent of the President in August 2000 and came to be known as
the Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000.
This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws
have a major impact for e-businesses and the new economy in India. So, it is important to
understand what are the various perspectives of the IT Act, 2000 and what it offers.
The Information Technology Act, 2000 also aims to provide for the legal framework so that
legal sanctity is accorded to all electronic records and other activities carried out by electronic
means. The Act states that unless otherwise agreed, an acceptance of contract may be
expressed by electronic means of communication and the same shall have legal validity and
enforceability. Some highlights of the Act are listed below:
Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic
record by affixing his digital signature. It further states that any person can verify an
Atul Chouhan
21
Atul Chouhan
22
cybercrimes. We need such laws so that people can perform purchase transactions over the
Net through credit cards without fear of misuse. The Act offers the much-needed legal
framework so that information is not denied legal effect, validity or enforceability, solely on
the ground that it is in the form of electronic records.
In view of the growth in transactions and communications carried out through electronic
records, the Act seeks to empower government departments to accept filing, creating and
retention of official documents in the digital format. The Act has also proposed a legal
framework for the authentication and origin of electronic records / communications through
digital signature.
From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain
many positive aspects. Firstly, the implications of these provisions for the e-businesses would
be that email would now be a valid and legal form of communication in our country that can
be duly produced and approved in a court of law.
Companies shall now be able to carry out electronic commerce using the legal infrastructure
provided by the Act.
Digital signatures have been given legal validity and sanction in the Act.
The Act throws open the doors for the entry of corporate companies in the business of being
Certifying Authorities for issuing Digital Signatures Certificates.
The Act now allows Government to issue notification on the web thus heralding egovernance.
The Act enables the companies to file any form, application or any other document with any
office, authority, body or agency owned or controlled by the appropriate Government in
electronic form by means of such electronic form as may be prescribed by the appropriate
Government.
The IT Act also addresses the important issues of security, which are so critical to the success
of electronic transactions. The Act has given a legal definition to the concept of secure digital
signatures that would be required to have been passed through a system of a security
procedure, as stipulated by the Government at a later date.
Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in
case if anyone breaks into their computer systems or network and causes damages or copies
data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs.
1 crores.
Atul Chouhan
23
UNIT-3
Introduction to computer and cyber-crimes. Cyber-crimes and related concepts,
distinction between cyber-crimes and conventional crimes, Cyber criminals and their
objectives. Kinds of cyber-crimes cyber stalking; cyber pornography, forgery and fraud,
crime related to IPRs, cyber-terrorism; computer vandalism etc. Cyber forensics,
computer forensics and the law, forensic evidence, computer forensic tools.
Introduction to computer and cyber-crimes:
Cyber-crimes and related concepts:
Distinction between cybercrimes and conventional crimes:
Cyber criminals and their objectives:
Kinds of cybercrimes:
Cyber stalking:
Cyber pornography:
Forgery and fraud:
Crime related to IPRs:
Atul Chouhan
24
Cyber terrorism:
In Simple way we can say that cyber-crime is unlawful acts wherein the computer is either a
tool or a target or both
Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to
criminal activity where a computer or network is the source, tool, target, or place of a crime.
These categories are not exclusive and many activities can be characterized as falling in one
or more category. Additionally, although the terms computer crime or cybercrime are more
properly restricted to describing criminal activity in which the computer or network is a
necessary part of the crime, these terms are also sometimes used to include traditional crimes,
such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks
are used to facilitate the illicit activity.
Computer crime or cybercrime can broadly be defined as criminal activity involving an
information technology infrastructure, including illegal access (unauthorized access), illegal
interception (by technical means of non-public transmissions of computer data to, from or
within a computer system), data interference (unauthorized damaging, deletion, deterioration,
alteration or suppression of computer data), systems interference (interfering with the
functioning of a computer system by inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft),
and electronic fraud.
Cyber-crimes can involve criminal activities that are traditional in nature, such as theft, fraud,
forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The
abuse of computers has also given birth to a gamut of new age crimes that are addressed by
the Information Technology Act, 2000.
The subject of cyber-crime may be broadly classified under the following three groups. They
are1. Against Individuals
A. their person &
b. their property of an individual
2. against Organization
a. Government
c. Firm, Company, Group of Individuals.
3. Against Society at large
The following are the crimes, which can be committed against the followings group
Against Individuals:
Atul Chouhan
25
Atul Chouhan
26
Atul Chouhan
27
Programs that multiply like viruses but spread from computer to computer are called as
worms.
Viruses are programs that attach themselves to a computer or a file and then circulate
themselves to other files and to other computers on a network. They usually affect the data on
a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to
attach themselves to. They merely make functional copies of themselves and do this
repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus,
which affected at least 5 % of the computers of the globe. The losses were accounted to be $
10 million. The world's most famous worm was the Internet worm let loose on the Internet by
Robert Morris sometime in 1988. Almost brought development of Internet to a complete
halt.
d. E-mail & IRC related crimes:1. Email spoofing
Email spoofing refers to email that appears to have been originated from one source when it
was actually sent from another source.
2. Email Spamming
Email "spamming" refers to sending email to thousands and thousands of users - similar to a
chain letter.
3 Sending malicious codes through email
E-mails are used to send viruses, Trojans etc. through emails as an attachment or by sending a
link of website which on visiting downloads malicious code.
4. Email bombing
E-mail "bombing" is characterized by abusers repeatedly sending an identical email message
to a particular address.
This kind of activity refers to sending large numbers of mail to the victim, which may be an
individual or a company or even mail servers there by ultimately resulting into crashing.
5. Sending threatening emails
6. Defamatory emails
7. Email frauds
8. IRC related
Three main ways to attack IRC are: "verbal8218; #8220; attacks, clone attacks, and flood
attacks.
Atul Chouhan
28
e. Denial of Service attacks:Flooding a computer resource with more requests than it can handle. This causes the resource
to crash thereby denying access of service to authorized users.
Examples include
Attempts to "flood" a network, thereby preventing legitimate network traffic
Attempts to disrupt connections between two machines, thereby preventing access to a
service
Attempts to prevent a particular individual from accessing a service
Attempts to disrupt service to a specific system or person.
Distributed DOS
A distributed denial of service (DoS) attack is accomplished by using the Internet to break
into computers and using them to attack a network.
Hundreds or thousands of computer systems across the Internet can be turned into zombies
and used to attack another system or website.
Types of DOS
There are three basic types of attack:
a. Consumption of scarce, limited, or non-renewable resources like NW bandwidth,
RAM, CPU time. Even power, cool air, or water can affect.
b. Destruction or Alteration of Configuration Information
c. Physical Destruction or Alteration of Network Components
e. Pornography:The literal meaning of the term 'Pornography' is describing or showing sexual acts in order
to cause sexual excitement through books, films, etc.
This would include pornographic websites; pornographic material produced using computers
and use of internet to download and transmit pornographic videos, pictures, photos, writings
etc.
Adult entertainment is largest industry on internet. There are more than 420 million
individual pornographic webpages today.
Atul Chouhan
29
Research shows that 50% of the web-sites containing potentially illegal contents relating to
child abuse were Pay-Per-View. This indicates that abusive images of children over Internet
have been highly commercialized.
Pornography delivered over mobile phones is now a burgeoning business, driven by the
increase in sophisticated services that deliver video clips and streaming video, in addition to
text and images.
Effects of Pornography
Research has shown that pornography and its messages are involved in shaping attitudes and
encouraging behaviour that can harm individual users and their families.
Pornography is often viewed in secret, which creates deception within marriages that can lead
to divorce in some cases.
In addition, pornography promotes the allure of adultery, prostitution and unreal expectations
that can result in dangerous promiscuous behaviour.
Some of the common, but false messages sent by sexualized culture.
Sex with anyone, under any circumstances, any way it is desired, is beneficial and does not
have negative consequences.
Women have one value - to meet the sexual demands of men.
Marriage and children are obstacles to sexual fulfilment.
Everyone is involved in promiscuous sexual activity, infidelity and premarital sex.
Pornography Addiction
Dr. Victor Cline, an expert on Sexual Addiction, found that there is a four-step progression
among many who consume pornography.
1. Addiction: Pornography provides a powerful sexual stimulant or aphrodisiac effect,
followed by sexual release, most often through masturbation.
2. Escalation: Over time addicts require more explicit and deviant material to meet their
sexual "needs."
3. Desensitization: What was first perceived as gross, shocking and disturbing, in time
becomes common and acceptable.
4. Acting out sexually: There is an increasing tendency to act out behaviours viewed in
pornography.
g. Forgery:-
Atul Chouhan
30
Counterfeit currency notes, postage and revenue stamps, mark sheets etc. can be forged using
sophisticated computers, printers and scanners.
Also impersonate another person is considered forgery.
h. IPR Violations:Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is
deprived completely or partially of his rights is an offence. The common form of IPR
violation may be said to be software piracy, copyright infringement, trademark and service
mark violation, theft of computer source code, etc.
The Hyderabad Court has in a land mark judgement has convicted three people and
sentenced them to six months imprisonment and fine of 50,000 each for unauthorized
copying and sell of pirated software.
Violations of IPR can be classified as a form of white-collar crime, specifically a
white-collar theft or fraud. For example, the illegal reproduction of a movie for the purpose
of selling counterfeited copies to others for profit is a WCC under this definition because it
involves the acquisition of property through deception, or fraud, for business or personal
advantage. The sale of counterfeited drugs also involves deception about the manufacturer or
content for illegal financial gain, and the illegal use of a trade secret to develop a marketable
product involves deception concerning the true ownership an idea or information. In addition,
IPR violations can be used to facilitate other WCCs, such as
Investment fraud (e.g., using a trademark of a legitimate company to deceive
investors);
Money laundering (e.g., concealing funds acquired from counterfeit goods sales);
Fraudulent sales (e.g., creating a bogus Web site to deceive customers);
Identity theft (e.g., using personal information acquired from a misappropriated
database or solicited using a misappropriated trademark of a legitimate company);
Other online scams (e.g., fraudulently acquiring donations using the seal of the
American Red Cross);
Racketeering (e.g., organized efforts to misappropriate IP); and
Tax evasion (e.g., failing to report income acquired through IP violations).
One of the greatest public concerns about IPR violations (as a form of WCC) is the threat to
public health and safety, not only in foreign countries but also in the United States
Licensing violations are among the most prevalent examples of intellectual property rights
infringement. Other examples include plagiarism, software piracy, and corporate espionage.
Cyber Squatting- Domain names are also trademarks and protected by ICANNs domain
dispute resolution policy and also under trademark laws.
Cyber Squatters registers domain name identical to popular service providers domain so as
to attract their users and get benefit from it.
Ipr violations occurs if we violate any of the following rights
1. Copyright
Atul Chouhan
31
2. Trademark
3. Patents
4. Trade secrets
I. Cyber Terrorism:At this juncture a necessity may be felt that what is the need to distinguish between cyber
terrorism and cyber-crime. Both are criminal acts. However there is a compelling need to
distinguish between both these crimes. A cyber-crime is generally a domestic issue, which
may have international consequences, however cyber terrorism is a global concern, which has
domestic as well as international consequences. The common form of these terrorist attacks
on the Internet is by distributed denial of service attacks, hate websites and hate emails,
attacks on sensitive computer networks, etc. Technology savvy terrorists are using 512-bit
encryption, which is next to impossible to decrypt. The recent example may be cited of
Osama Bin Laden, the LTTE, attack on Americas army deployment system during Iraq war.
Cyber terrorism may be defined to be the premeditated use of disruptive activities,
or the threat thereof, in cyber space, with the intention to further social, ideological,
religious, political or similar objectives, or to intimidate any person in furtherance of
such objectives
Another definition may be attempted to cover within its ambit every act of cyber
terrorism.
A terrorist means a person who indulges in wanton killing of persons or in violence or
in disruption of services or means of communications essential to the community or in
damaging property with the view to
(1) Putting the public or any section of the public in fear; or
(2) Affecting adversely the harmony between different religious, racial, language or
regional groups or castes or communities; or
(3) Coercing or overawing the government established by law; or
(4) Endangering the sovereignty and integrity of the nation
And a cyber-terrorist is the person who uses the computer system as a means or ends to
achieve the above objectives. Every act done in pursuance thereof is an act of cyber
terrorism.
It is generally understood to mean unlawful attacks and threats of attack against computers,
networks, and the information stored therein when done to intimidate or coerce a government
or its people in furtherance of political or social objectives. 1 Examples include attacks that
lead to death or bodily injury, explosions, plane crashes, water contamination, or severe
economic loss.
Atul Chouhan
32
Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic
control, telecommunication networks are the most likely targets. Others like police, medical,
fire and rescue systems etc.
Cyber terrorism is an attractive option for modern terrorists for several reasons.
1. It is cheaper than traditional terrorist methods.
2. Cyber terrorism is more anonymous than traditional terrorist methods.
3. The variety and number of targets are enormous.
4. Cyber terrorism can be conducted remotely, a feature that is especially appealing to
terrorists.
5. Cyber terrorism has the potential to affect directly a larger number of people.
j. Banking/Credit card Related crimes:In the corporate world, Internet hackers are continually looking for opportunities to
compromise a companys security in order to gain access to confidential banking and
financial information.
Use of stolen card information or fake credit/debit cards are common.
Bank employee can grab money using programs to deduce small amount of money from all
customer accounts and adding it to own account also called as salami.
k. E-commerce/ Investment Frauds:Sales and Investment frauds. An offering that uses false or fraudulent claims to solicit
investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit
securities.
Merchandise or services that were purchased or contracted by individuals online are never
delivered.
The fraud attributable to the misrepresentation of a product advertised for sale through an
Internet auction site or the non-delivery of products purchased through an Internet auction
site.
Investors are enticed to invest in this fraudulent scheme by the promises of abnormally high
profits.
l. Sale of illegal articles:This would include trade of narcotics, weapons and wildlife etc., by posting information on
websites, auction websites, and bulletin boards or simply by using email communication.
Atul Chouhan
33
Research shows that number of people employed in this criminal area. Daily peoples
receiving so many emails with offer of banned or illegal products for sale.
m. Online gambling:There are millions of websites hosted on servers abroad that offer online gambling. In fact, it
is believed that many of these websites are actually fronts for money laundering.
n. Defamation: Defamation can be understood as the intentional infringement of another person's right to his
good name. It is an act of imputing any person with intent to lower the person in the
estimation of the right-thinking members of society generally or to cause him to be shunned
or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different
from conventional defamation except the involvement of a virtual medium. E.g. the mail
account of Rohit was hacked and some mails were sent from his account to some of his batch
mates regarding his affair with a girl with intent to defame him.
Cyber Stacking:Cyber stalking involves following a persons movements across the Internet by posting
messages (sometimes threatening) on the bulletin boards frequented by the victim, entering
the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.
In general, the harasser intends to cause emotional distress and has no legitimate purpose to
his communications.
p. Pedophiles:Also there are persons who intentionally prey upon children. Especially with a teen they will
let the teen know that fully understand the feelings towards adult and in particular teen
parents.
They earns teens trust and gradually seduce them into sexual or indecent acts.
Pedophiles lure the children by distributing pornographic material, then they try to meet them
for sex or to take their nude photographs including their engagement in sexual positions.
q. Identity Theft: Identity theft is the fastest growing crime in countries like America.
Identity theft occurs when someone appropriates another's personal information without their
knowledge to commit theft or fraud.
Identity theft is a vehicle for perpetrating other types of fraud schemes.
r. Data diddling:-
Atul Chouhan
34
Data diddling involves changing data prior or during input into a computer.
In other words, information is changed from the way it should be entered by a person typing
in the data, a virus that changes data, the programmer of the database or application, or
anyone else involved in the process of having information stored in a computer file.
It also include automatic changing the financial information for some time before processing
and then restoring original information.
s. Theft of Internet Hours:Unauthorized use of Internet hours paid for by another person.
By gaining access to an organisation's telephone switchboard (PBX) individuals or criminal
organizations can obtain access to dial-in/dial-out circuits and then make their own calls or
sell call time to third parties.
Additional forms of service theft include capturing 'calling card' details and on-selling calls
charged to the calling card account, and counterfeiting or illicit reprogramming of stored
value telephone cards.
t. Theft of computer system (Hardware):This type of offence involves the theft of a computer, some part(s) of a computer or a
peripheral attached to the computer.
u. Physically damaging a computer system:Physically damaging a computer or its peripherals either by shock, fire or excess electric
supply etc.
v. Breach of Privacy and Confidentiality
Privacy
Privacy refers to the right of an individual/s to determine when, how and to what extent his or
her personal data will be shared with others.
Breach of privacy means unauthorized use or distribution or disclosure of personal
information like medical records, sexual preferences, financial status etc.
Confidentiality
It means non-disclosure of information to unauthorized or unwanted persons.
In addition to Personal information some other type of information which useful for business
and leakage of such information to other persons may cause damage to business or person,
such information should be protected.
Atul Chouhan
35
Generally for protecting secrecy of such information, parties while sharing information forms
an agreement about the procedure of handling of information and to not to disclose such
information to third parties or use it in such a way that it will be disclosed to third parties.
Many times party or their employees leak such valuable information for monitory gains and
causes breach of contract of confidentiality.
Special techniques such as Social Engineering are commonly used to obtain confidential
information.
Computer Fraud
Computer fraud is any dishonest misrepresentation of fact intended to induce another to do or
refrain from doing something which causes loss. In this context, the fraud will result in
obtaining a benefit by:
* altering computer input in an unauthorized way. This requires little technical expertise and
is not an uncommon form of theft by employees altering the data before entry or entering
false data, or by entering unauthorized instructions or using unauthorized processes;
* altering, destroying, suppressing, or stealing output, usually to conceal unauthorized
transactions: this is difficult to detect;
* altering or deleting stored data; or
* altering or misusing existing system tools or software packages, or altering or writing code
for fraudulent purposes. This requires real programming skills and is not common
Manipulating banking systems to make unauthorized identity theft with reference to ATM
fraud
Internet fraud:
Internet fraud is committed in several ways. The FBI and police agencies worldwide have
people assigned to combat this type of fraud; according to figures from the FBI, U.S.
companies' losses due to Internet fraud in 2003 surpassed US$500 million. In some cases,
fictitious merchants advertise goods for very low prices and never deliver. However, that type
of fraud is minuscule compared to criminals using stolen credit card information to buy goods
and services.
The Internet serves as an excellent tool for investors, allowing them to easily and
inexpensively research investment opportunities. But the Internet is also an excellent tool for
fraudsters.
Computer vandalism:
Vandalism means deliberately destroying or damaging property of another. Thus computer
vandalism may include within its purview any kind of physical harm done to the computer of
any person. These acts may take the form of the theft of a computer, some part of a computer
or a peripheral attached to the computer or by physically damaging a computer or its
peripherals.
Atul Chouhan
36
They can get access to sensitive information within the computer system where they
execute, such as passwords and encryption keys.
They can cause loss or denial of service within the local computer system. For
example, they can flood the system with data so that it runs out of memory, or they
can slow down Internet connections.
The best way to protect yourself against a hostile applet is to know who you are downloading
a Web page from or who has sent you an HTML page as an e-mail attachment. Major
corporate Web sites or major Web publishers are unlikely to be the source of a vandal (but it
can happen). One recent scam in late 1997 involved a pornography site that invited the
downloading of a page whose ActiveX control reconnected the user to the Web through an
expensive international phone number. In another incident, a group of German crackers
demonstrated an ActiveX control that could transfer funds from one bank account to another
without having to enter a user identification number.
Cyber forensics:
Computer forensics, is the application of scientifically proven methods to gather, process,
interpret, and to use digital evidence to provide a conclusive description of cybercrime
activities. Cyber forensics also includes the act of making digital data suitable for inclusion
into a criminal investigation. Today cyber forensics is a term used in conjunction with law
enforcement, and is offered as courses at many colleges and universities worldwide.
Cyber Forensics provide the following services nationally to Police Forces, Legal Sector and
Corporate's
Corporate Investigations
Disciplinary Tribunals
Atul Chouhan
37
Personnel Issues
Contract Disputes
Fraud
Murder
Cyber Forensics provides highly regarded expert computer forensic investigation services and
unimpeachable expert witness testimony.
Customised services to suit any organisations needs.
Procedures developed for maximum forensic integrity, combined with expertise, to achieve
optimum results in litigation.
Cases include, Murder, Rape, Fraud, Blackmail, and Computer misuse, Libel-Malicious
Email, Internet Pornography and Intellectual Property Theft.
Forensics experts are trained to use a variety of forensic tools including, EnCase, X-Ways
Forensics and Cyber Examiner.
Reports contain precise, jargon-free language, supported by a glossary of terms. Where
appropriate, appendices covering technical material required by opposing experts are
included.
Integrity
Confidentiality
Security assured
Atul Chouhan
38
If you manage or administer information systems and networks, you should understand
computer forensics. Forensics is the process of using scientific knowledge for collecting,
analysing, and presenting evidence to the courts. (The word forensics means to bring to the
court.) Forensics deals primarily with the recovery and analysis of latent evidence. Latent
evidence can take many forms, from fingerprints left on a window to DNA evidence
recovered from blood stains to the files on a hard drive.
Because computer forensics is a new discipline, there is little standardization and consistency
across the courts and industry. As a result, it is not yet recognized as a formal scientific
discipline. We define computer forensics as the discipline that combines elements of law and
computer science to collect and analyse data from computer systems, networks, wireless
communications, and storage devices in a way that is admissible as evidence in a court of
law.
Why is Computer Forensics Important?
Adding the ability to practice sound computer forensics will help you ensure the overall
integrity and survivability of your network infrastructure. You can help your organization if
you consider computer forensics as a new basic element in what is known as a defence-indepth approach to network and computer security. For instance, understanding the legal and
technical aspects of computer forensics will help you capture vital information if your
network is compromised and will help you prosecute the case if the intruder is caught.
Computer forensics is also important because it can save your organization money. Many
managers are allocating a greater portion of their information technology budgets for
computer and network security. International Data Corporation (IDC) reported that the
market for intrusion-detection and vulnerability-assessment software will reach 1.45 billion
dollars in 2006. In increasing numbers, organizations are deploying network security devices
such as intrusion detection systems (IDS), firewalls, proxies, and the like, which all report on
the security status of networks.
Forensic evidence:
From a technical standpoint, the main goal of computer forensics is to identify, collect,
preserve, and analyse data in a way that preserves the integrity of the evidence collected so
it can be used effectively in a legal case.
What are some typical aspects of a computer forensics investigation? First, those who
investigate computers have to understand the kind of potential evidence they are looking for
in order to structure their search.
Crimes involving a computer can range across the spectrum of criminal activity, from child
pornography to theft of personal data to destruction of intellectual property. Second, the
investigator must pick the appropriate tools to use. Files may have been deleted, damaged,
or encrypted, and the investigator must be familiar with an array of methods and software to
prevent further damage in the recovery process.
System administrators and security personnel must also have a basic understanding of how
routine computer and network administrative tasks can affect both the forensic process (the
potential admissibility of evidence at court) and the subsequent ability to recover data that
may be critical to the identification and analysis of a security incident.
Atul Chouhan
39
Security professionals need to consider their policy decisions and technical actions in the
context of existing laws. For instance, you must have authorization before you monitor and
collect information related to a computer intrusion. There are also legal ramifications to using
security monitoring tools
Computer forensics is a relatively new discipline to the courts and many of the existing laws
used to prosecute computer-related crimes, legal precedents, and practices related to
computer forensics are in a state of flux. New court rulings are issued that affect how
computer forensics is applied. The best source of information in this area is the United States
Department of Justices Cyber Crime web site. The site lists recent court cases involving
computer forensics and computer crime, and it has guides about how to introduce computer
evidence in court and what standards apply. The important point for forensics investigators is
that evidence must be collected in a way that is legally admissible in a court case.
Increasingly, laws are being passed that require organizations to safeguard the privacy of
personal data. It is becoming necessary to prove that your organization is complying with
computer security best practices. If there is an incident that affects critical data, for instance,
the organization that has added a computer forensics capability to its arsenal will be able to
show that it followed a sound security policy and potentially avoid lawsuits or regulatory
audits.
Computer forensic tools:
These tools generally differ in functionality, complexity and cost. In terms of functionality,
some tools are designed to serve a single purpose [4] while others offer a suite of functions.
Therefore, the functionalities offered by a tool are exactly what lead to its complexities.
These complexities can either be related to design and algorithmic complexity or ease-of-use;
in some instances, a tool can offer great functionality but fall short because of a complex
interface. Cost is the final distinguishing factor. Some of the market-leading commercial
products cost thousands of dollars while other tools are completely free [4]. With these
limiting factors (functionality, complexity, and cost) in mind, the computer forensic expert
now needs to evaluate the criticality of the crime and choose an appropriate tool(s) to help
with his/her investigation.
Various tools are:
Disk Imaging:
Disk imaging is an important functionality since investigations should never be conducted on
original storage media. Hence, disk imaging is used to protect the integrity of any storage
media to be investigated. If a storage mediums integrity is not maintained, results of an
investigation could be rendered null and void in a court of law since defence attorneys are
then able to bring the investigative process under question. Hashing and hash functions then
become important since they offer a guarantee that an imaged device is actually the same as
the original.
Hashing functions:
Hash functions form the foundation of the internal verification mechanism used by forensic
tools to guarantee the integrity of the original media and the resulting image file. A hash
function H is a transformation that takes an input m and returns a fixed-size string, which is
called the hash value h. That is, h is the result of the hashing function being applied onto the
input m
Atul Chouhan
40
Atul Chouhan
41
or private data is taken during a digital crime, such as user names, passwords, social security
numbers, credit card numbers, account numbers, et cetera, and the crime goes unnoticed, this
information can be used to perpetrate further crimes.
With regard to the penalty phase of cybercrime versus physical crime, there appears to be an
apparent disparity. As in most white-collar crime, the judicial system is generally more
lenient during sentencing due to the lack of physical threat or harm. Normally, value is a
consideration during the penalty phase of white-collar crime, whereby the total value of
goods stolen impacts sentencing. If a person with a handgun steals a thousand dollars from a
store clerk and shoots the clerk in the shoulder, but an 18-year old hacker steals $10,000 from
a bank in Utah, would 15-year sentences for both crimes be sufficient for the public to
perceive that justice has been served? Ultimately, there will almost always be a disparity in
sentencing between violent and white-collar crime due to the threat of violence and harm to
the person versus the value of the theft. However, as cybercrimes become more transnational and values increase exponentially, the international community, judicial systems, and
public outcry will begin to change perceptions and more than likely adjust sentencing
parameters to align with local and international perceptions.
Perhaps one way of viewing cybercrimes is that they are digital versions of traditional
offenses. It appears that many cybercrimes could be considered traditional, or real world,
crimes if not for the incorporated element of virtual or cyberspace. Indeed, many of these socalled cybercrimes can be easily likened to traditional crimes. For instance, identity theft can
occur in both physical and cyber arenas. While these crimes may occur through differing
mechanisms, in both circumstances the criminal intent (profit) and outcome (stolen
personally identifiable information) are the same.
In the real world, a criminal can steal a victims wallet or mail including documents
containing personally identifiable information. In April 2011, two men were
sentenced for leading a criminal enterprise that stole credit and debit cards from
mailboxes in affluent neighbourhoods in South Florida. The thieves then used the
cards to make large purchases and cash withdrawals from the cards, costing victims
$786,000.17 in another case, from September 2010, the leaders of a mail theft and
identity theft ring were sentenced for stealing mail from mailboxes in more than 50
residences and law firms in Washington, DC. The thieves took checks and documents
containing personally identifiable information (PII) to cash forged checks at local
banks.
In the cyber world, a computer hacker can easily steal this same PIIelectronically
rather than physically. In September 2012, two Romanian nationals pleaded guilty to
participating in an international, multimillion-dollar scheme to remotely hack into
and steal payment card data from hundreds of U.S. merchants computers.
Defendants remotely hacked into POS systems and then, also remotely, installed
keystroke loggers. These devices illegally captured victims credit card information
when the cards were swiped by the merchants, and then this information was
transferred electronically to the fraudsters. The defendants stole information from
about 6,000 victims and sold this information for a profit. In another case, two
defendants were sentenced in July 2010 for using peer-to-peer (P2P) software to
search file sharing networks, stealing victims account information and passwords.
The defendants used this information to access victims bank accounts and transfer
funds to prepaid credit cards in the defendants names.
In some instances, it may seem that law enforcement struggles to keep up with developments
in the virtual world, which transform routine activities once driven by paper records in the
real world. As a result, criminals are often prosecuted using laws intended to combat crimes
Atul Chouhan
42
in the real world. As Department of Justice (DOJ) officials have pointed out, federal laws to
prosecute computer-related crimes are not necessarily as ample or broad as those used to
confront their traditional counterparts.
UNIT-4
Regulation of cyber-crimes, Issues relating to investigation, issues relating to
jurisdiction, issues relating to evidence, relevant provisions under Information
Technology Act 2000, Indian penal code, pornography Act and evidence Act etc.
Regulation of cybercrimes:
The ever increasing use of computers, networks and the Internet has led to the need for
regulation in the fields of cybercrime, cyber security and national security.
As the extent of commerce transacted over cyberspace continues to grow, along with
increasing reliance on information technology to derive cost-efficiencies, the risk exposures
to enterprises have increased.
Regulators from several countries in Asia have strengthened existing data privacy and
cybercrime laws or created new ones in response to the increasing frequency and severity of
cyber-attacks in the region. Companies with single or multinational operations in Asia must
keep pace with the changing regulatory landscape, as governments enhance existing laws,
create new laws, and step up enforcement, increasing risk exposures for companies who are
the subject of a cyber-attack, misuse or mishandle customer data.
As crime increasingly has a digital component, legislators in the United States have
responded by strengthening and broadening legislation to address the threats; the Computer
Fraud and Abuse act is a prime example. Center researchers examine the impact of this and
other laws and regulation on cybercrime, asking whether particular provisions achieve their
desired results and/or produce costly, unintended side effects. The goal of this work is to
arrive at generalizations about the types of laws and regulations that are effective at deterring
fraud and promoting security.
In India, The Information Technology Act of 2000 addresses a range of cybercrimes, such as
hacking, viruses, email scams, Dodos, forgery, cyber terrorism, identity theft, phishing, and ecommerce fraud.
In 2013, the government went one step further by announcing a National Cyber Security
Policy aimed at setting up an agency to protect the public and private infrastructures from
cyber-attacks and safeguarding the personal information of web users, financial and banking
information, and sovereign data. How this policy will be executed remains to be seen. India is
also working on a new piece of legislation on privacy, which provides for the protection of
data and personal privacy.
Relevant law:The Information Technology Act, 2000.
Information Technology Act Amendment (Reasonable Security Practices and Procedures
and Sensitive Personal Data or Information) Rules, 2011.
RBI Regulation: DBOD.COMP.BC.No. 130/07.03.23/2000-01
Issues relating to investigation:
The law enforcement agencies were bound by some ground rules before the evolution of
cybercrimes. There were established procedures for investigation and prosecution of all types
Atul Chouhan
43
Atul Chouhan
44
cases where the accused and victims are foreigners and the offence is committed outside the
territory of India.
For trail in India of any foreign national, he can be demanded from has parent country only
when the same facts also constitute an offence in that country. For example, pornography is
not illegal in Amsterdam (Holland), any person transmitting obscene material in India cannot
be brought to India and tried under the I.T. Act of 2000 despite the same being an offence
here,. Gambling and obscenity laws provide criminal sanctions of individual within their
jurisdiction. For example, if the person placing the bet and the bookie is in a country such as
the UK where gambling on cricket is legal, and if the bet is placed from a computer in India
how can get police department effectively act on this crime in India?
The extradition treaties are not generally there. Even when there is any such extradition
treaty, offender can be extradited to India only when the same facts also constituted an
offence in other legal system and too after the testing of facts and offence by the legal
systems of both the countries. It will be a protracted battle. A number of Kashmiri terrorists
are hacking Indian sites from Pakistan. Due to political differences least cooperation is
expectable from Pakistan. It has different definitions of crime. Any act of cyber terrorism will
be offence in Indian but they are categorized as freedom fighters by Pakistan. So they cannot
be brought to book.
A pertinent question arises whether a judgment passed by an Indian court in matter relating to
a person/company situated abroad but duly covered under the provisions of the I.T. Act of
2000 would be acceptable to foreign courts. If the judgments delivered by Indian Court
cannot be enforced then whole exercise of trial and punishments would turn out to be futile.
In case of India, the absence of internationally accepted jurisdiction treaty or convention, the
desire to bring the cyber-criminal book from any corner of the world is just a dream which is
far from reality. The problem will be more acute as India is still not the signatory of the
International Cyber Crime Treaty, It does not enjoy the privileges accorded to signatory
nations in the detection investigation and prosecution of cyber-crimes.
There is no universally accepted definition of cyber-crime. The cyber-crime in a country may
not be termed as a cyber-crime in another. There are only 13 countries that have cyber-crime
laws. This puts enormous pressure on the law enforcement agencies in obtaining international
co-operation. The absence of such laws is like shielding the criminals from the legal
provisions and providing them safe haven to continue with their evil deeds. Further, the rate
at which cyber-crimes are increasing in the world, it is necessary for the criminal justice to
demonstrate that quick and severe punishment would be awarded to those involved in such
criminal activities. What we need is the rule of law at an international level and a universal
legal framework which is equal to the worldwide reach of internet. It is therefore, necessary
to make appropriate dynamic laws pertaining to cyber-crime. It cannot take the usual snails
pace of law making since the technology changes at a very fast rate. The laws made today for
yesterday technology might become outdated by the time they are checked. It is submitted
that universally accepted definition of cybercrime shall be made and an international treaty
on cyber-crime shall be made and shall be signed by the entire countries of the world in order
to tackle menace of cyber crime
Issues relating to evidence:
To effectively combat the cyber-crime, it is not sufficient to successfully investigate the crime
and nab the criminal, but more important is to prosecute and administer justice, according to
the law of land. This requires an effective legal frame work, which fully supports the
Atul Chouhan
45
detection and prosecution of cyber criminals. The traditional techniques for investigation of
cyber-crime and the prosecution procedures are inadequate. The judiciary must also
appreciate the intricacies of the digital evidence that is collected and presented in the courts
of law, in spite of the technical and operational hurdles the investigator faces.
1. Victims and Witnesses Unawareness
The first impediment that is faced by investigators is of securing the co-operation of
complainants and witnesses. It is now well-documented that the victims of crimes of this
nature are reluctant to report them to the police. Ernst and Young found in its 8th Global
Survey of business fraud, that only one quarter of frauds were reported to the police and only
28% of these respondents were satisfied with the resultant investigation.
2. Identifying Suspects
Another problem faced by cyber-crime investigators is the identification of suspects.
Occasionally, this can lead to considerable problems when the wrong person is arrested.
Digital technologies enable people to disguise their identity in a wide range of ways making
it difficult to know with certainty as to who was using a computer from which illegal
communications came. This problem is more prevalent in business environment where
multiple people may have access to a personal computer and where passwords are known or
shared, than in private home where it can often be assumed who the person was and who was
using the computer because of circumstantial evidence.
This problem of identifying suspects may be resolved by traditional investigative techniques,
such as the use of video surveillance or gathering indirect circumstantial evidence that locates
accused at the terminal at a particular time and day.
This problem may be also solved by the use of biometric means of identification. At present
few computers have biometric user authentication systems such as fingerprint scanner when
logging on. When they become more widespread, problems of identification may be reduced.
DNA samples which can be gathered from keyboards may be used to identity an individual
with a particular computer in some cases.
3. Locating and Securing Relevant Material
Considerable difficulties arise in locating and securing electronic evidence as the mere act of
switching on or off a computer may alter critical evidence and associated time and date
records. It is also necessary to search through vast quantities of data in order to locate the
information being sought. Todays cyber investigators are faced with many problems because
digital evidence is highly fragile, bits are easier to temper than paper, can easily be altered,
manipulated and destroyed. So chain of custody of these needs is to be maintained and all
digital evidence need to be authenticated.
Difficult problems arise in obtaining digital evidence in cyber-crime cases, although in some
ways computers have made the process easier through the ability to conduct searches of hard
drives remotely via the Internet. Some of the main difficulties, however, relate to obtaining
permission to conduct such a search, securing the relevant access device such as a password,
decrypting data that have been encrypted, and imaging a hard drive without interfering with
the evidence.
There is also the practical problem of conducting searches quickly so that data cannot be
removed.
4. Problems of Encryption
A difficult problem faced by cyber-crime investigators is concerning the data that have been
encrypted by accused who refuse to provide the decryption key or password.
Atul Chouhan
46
Atul Chouhan
47
appointment of any officers not below the rank of a Director to the Government of India or an
equivalent officer of state government as an Adjudicating Officer who shall adjudicate
whether any person has made a contravention of any of the provisions of the said Act or rules
framed there under. The said Adjudicating Officer has been given the powers of a Civil Court.
Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal,
which shall be an appellate body where appeals against the orders passed by the Adjudicating
Officers, shall be preferred.
Chapter-XI of the Act talks about various offences and the said offences shall be investigated
only by a Police Officer not below the rank of the Deputy Superintendent of Police. These
offences include tampering with computer source documents, publishing of information,
which is obscene in electronic form, and hacking.
The Act also provides for the constitution of the Cyber Regulations Advisory Committee,
which shall advice the government as regards any rules, or for any other purpose connected
with the said act. The said Act also proposes to amend the Indian Penal Code, 1860, the
Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of
India Act, 1934 to make them in tune with the provisions of the IT Act.
Atul Chouhan
48
1940s. The Code has since been amended several times and is now supplemented by other
criminal provisions. Based on IPC, Jammu and Kashmir has enacted a separate code known
as Ranbir Penal Code (RPC).
After the departure of the British, the Indian Penal Code was inherited by Pakistan as well,
much of which was formerly part of British India, and there it is now called the Pakistan
Penal Code. Even after the independence of Bangladesh (Formerly known as East Pakistan)
from Pakistan (Formerly known as West Pakistan), it continued in force there. It, the Indian
Penal Code, was also adopted by the British colonial authorities in Burma, Ceylon (now Sri
Lanka), the Straits Settlements (now part of Malaysia), Singapore and Brunei, and remains
the basis of the criminal codes in those countries. The Ranbir Penal Code applicable in that
state of Jammu and Kashmir of India, is also based on this Code.
The draft of the Indian Penal Code was prepared by the First Law Commission, chaired by
Thomas Babington Macaulay in 1834 and was submitted to Governor-General of India
Council in 1837. Its basis is the law of England freed from superfluities, technicalities and
local peculiarities.
The Indian Penal Code of 1860, sub-divided into twenty three chapters, comprises five
hundred and eleven sections. The Code starts with an introduction, provides explanations and
exceptions used in it, and covers a wide range of offences.
There are sections related to Dowry Laws and jurisdictions in India, as well as there are
several sections that concern various types of criminal laws. The Indian Penal Code is thus
the most fundamental document of all the law enforcer as well as the entire judiciary in India.
Pornography Act:
Pornography or obscenity is very sensitive issue all over the world yet there is no settled
definition of the word under any law. What is nude art or sexually explicit thing for one
person may be obscene or porn for another. Hence, it is very difficult to define What is
porn?
There have been many attempts to limit the availability of pornographic content on the
Internet by governments and law enforcement bodies all around the world but with little
effect. Classic example is a website, www.incometaxpune.com, prima facie, it looks a
website of Income tax department of Pune City, but actually its a porn site. Though it was
blocked many times by law enforcement agencies in India, it is still available with obscene
contains.
Pornography on the Internet is available in different formats. These range from pictures and
short animated movies, to sound files and stories. The Internet also makes it possible to
discuss sex, see live sex acts, and arrange sexual activities from computer screens. Although
the Indian Constitution guarantees the fundamental right of freedom of speech and
expression; it has been held that a law against obscenity is constitutional. The Supreme Court
has defined obscene as offensive to modesty or decency; lewd, filthy, repulsive.
Atul Chouhan
49
Section 67 of the Information Technology Act, 2000 penalizes cyber pornography. Other
Indian laws that deal with pornography include the Indecent Representation of Women
(Prohibition) Act and the Indian Penal Code.
Section 67 reads as under:Whoever publishes or transmits or causes to be published or transmitted in the electronic
form, any material which is lascivious or appeals to the prurient interest or if its effect is such
as to tend to deprave and corrupt persons who are likely, having regard to all relevant
circumstances, to read, see or hear the matter contained or embodied in it, shall be punished
on first conviction with imprisonment of either description for a term which may extend to
three years and with fine which may extend to five lakh rupees and in the event of second or
subsequent conviction with imprisonment of either description for a term which may extend
to five years and also with fine which may extend to ten lakh rupees.
This section explains what is considered to be obscene and also lists the acts in relation to
such obscenity that are illegal.
Explanation
Any material in the context of this section would include video files, audio files, text files,
images, animations etc. These may be stored on CDs, websites, computers, cell phones etc.
To be considered obscene for the purpose of this section, the matter must satisfy at least one
of the following conditions:-
Atul Chouhan
50
The above conditions must be satisfied in respect of a person who is the likely target of the
material.
Illustration
Sameer launches a website that contains information on sex education. The website is
targeted at higher secondary school students. Pooja is one such student who is browsing the
said website. Her illiterate young maid servant happens to see some explicit photographs on
the website and is filled with lustful thoughts.
This website would not be considered obscene. This is because it is most likely to be seen by
educated youngsters who appreciate the knowledge sought to be imparted through the
photographs. It is under very rare circumstances that an illiterate person would see these
explicit images.
Acts those are punishable in respect of obscenity:Publishing means to make known to others. It is essential that at least one natural person
(man, woman or child) becomes aware or understands the information that is published.
Simply putting up a website that is never visited by any person does not amount to
publishing.
Transmitting means to pass along convey or spread. It is not necessary that the
transmitter actually understands the information being transmitted.
Information in the electronic form includes websites, songs on a CD, movies on a DVD,
jokes on a cell phone, photo sent as an email attachment etc.
The punishment provided under this section is as under:
Amendments of 2008 introduced new Section on Cyber pornography i.e. Section 67A.
The Section makes publishing or transmitting of sexually explicit act or conduct illegal with a
punishment of imprisonment up to five years and with fine which may extend to ten lakh
rupees for first offence and seven years for subsequent offences.
Hence, the Section makes publishing or transmission of blue films, audio sex clips, pictures,
magazines and any other material in the electronic form involving sexually explicit acts
illegal.
Evidence Act:
The Indian Evidence Act, originally passed by the Imperial Legislative Council in 1872,
during the British Raj, contains a set of rules and allied issues governing admissibility of
evidence in the Indian courts of law.
Atul Chouhan
51
The enactment and adoption of the Indian Evidence Act was a path-breaking judicial measure
introduced in India, which changed the entire system of concepts pertaining to admissibility
of evidences in the Indian courts of law. Until then, the rules of evidences were based on the
traditional legal systems of different social groups and communities of India and were
different for different people depending on caste, religious faith and social position. The
Indian Evidence Act introduced a standard set of law applicable to all Indians.
The law is mainly based upon the firm work by Sir James Fitzjames Stephen, who could be
called the founding father of this comprehensive piece of legislation.
The Indian Evidence Act, identified as Act no. 1 of 1872,[2] and called the Indian Evidence
Act, 1872, has eleven chapters and 167 sections, and came into force 1 September 1872. At
that time, India was a part of the British Empire. Over a period of more than 125 years since
its enactment, the Indian Evidence Act has basically retained its original form except certain
amendments from time to time.
When India gained independence on 15 August 1947, the Act continued to be in force
throughout the Republic of India and Pakistan, except the state of Jammu and Kashmir.[3]
Then, the Act continues in force in India, but it was repealed in Pakistan in 1984 by the
Evidence Order 1984 (also known as the "Qanun-e-Shahadat"). It also applies to all judicial
proceedings in the court, including the court martial. However, it does not apply on affidavits
and arbitration.
This Act is divided into three parts and there are 11 chapters in total under this Act.[2]
Part 1
Part 1 deals with relevancy of the facts. There are two chapters under this part: the first
chapter is a preliminary chapter which introduces to the Evidence Act and the second chapter
specifically deals with the relevancy of the facts.
Part 2
Part 2 consists of chapters from 3 to 6. Chapter 3 deals with facts which need not be proved,
chapter 4 deals with oral evidence, chapter 5 deals with documentary evidence and chapter 6
deals with circumstances when documentary evidence has been given preference over the
oral evidence.
Part 3
The last part, that is part 3, consists of chapter 7 to chapter 11. Chapter 7 talks about the
burden of proof. Chapter 8 talks about estoppel, chapter 9 talks about witnesses, chapter 10
talks about examination of witnesses, and last chapter which is chapter 11 talks about
improper admission and rejection of evidence.
Atul Chouhan
52
UNIT-V
Copyright issues in cyberspace: linking, framing, protection of content on web site,
International treaties, trademark issues in cyberspace: domain name dispute, cybersquatting, uniform dispute resolution policy, computer software and related IPR issues
Copyright issues in cyberspace:
Copyright laws protect original works, but not ideas or facts. The Copyright Act of 1976
grants exclusive rights to the copyright holder. A copyright protects original works such as:
literary works, musical works, dramatic works, pantomimes & choreographed works,
pictorial, graphic, and sculptural works, motion pictures and other audio-visual works, sound
recordings, architectural works, compilations (databases for example), written words on a
website, and software programs on a website. The copyright holder has exclusive rights such
as reproduction, derivative works (being allowed to alter it), distribution, performance, and
display, audio & video transmission.
Copyright is automatically created on original works. You do not need to file to create a
copyright. But it may be a good idea to file a copyright to establish a public record of it and if
you ever want to pursue an infringement suit, it will need to have been filed. You can visit
copyright.gov/forms to download a copyright form. A common-law copyright is created
automatically on publication, so registration is not required to use the symbol. The proper
way to state that something is copyrighted is to use the symbol, the copyright or
abbreviated version (Copr.), the year of first publication, and the name of the copyright
owner. For example: Copyright 2007 Off the Page Creations.
Copyrights that were created after January 1, 1978 have protection during the life of the
author plus 70 years. In the case of more than one author, the period of protection is the term
of 70 years after the death of the last surviving member. In a case of 'Work-Made-For-Hire',
the protection term is 95 years from first publication or 120 years from the year of creation
(whichever comes first). Once copyrights expire they become part of the public domain and
are free to use by anyone. But don't assume just because something doesn't have a copyright
symbol, that it is free to use.
In a 'Work-Made-For-Hire' the person that hires someone to create (design a logo for
example) something for them, the person hiring is the person who holds the copyright, not the
designer or author. If the work was prepared by an employee within his job duties as
requested by his/her boss and not for a customer, the employer holds the copyright because
the employee was hired to do it for the employer and it was part of his/her job duties.
An odd variation to the 'Work-Made-For-Hire' rule is websites (including the 'look & feel',
the software, scripts, graphics & the text). If someone hires a web designer to create their
website, the website designer holds the copyright, unless it is specified otherwise in the
contract. Most companies state that the hiring party holds the contract (as we state in our
contract), but it's a good idea to verify who will hold copyright to the website before signing
anything.
Atul Chouhan
53
Fair Use
'Fair Use' allows limited use of a copyrighted work. Some examples of what are considered
'fair use' are: teaching, criticism, comment, news reporting, and research. Only a court can
decide if a copyrighted works use was considered 'fair use'.
What You Can't Do
Copy pictures to use on your brochure or website that you found on the internet (even
if you put up the copyright line of who holds the copyright, this is considered
infringement)
Purchase a license to use a photo on your brochure, then continue to use it on your
website, flyers, and postcards unless it is stated in the license
Copy text out of a book or off from a website and use it verbatim
Purchase photos to use that are 'copyright free' and follow the license for the uses
Purchase 'copyright free' music and follow the license for the uses
Copyright infringers may face civil liability and also criminal liability for felony copyright
infringement if it is wilful, and for financial gain, or by reproducing and distributing a large
amount.
Linking:
Most often, a website will connect to another in the form of a link (also known as a
hypertext link), a specially coded word or image that when clicked upon, will take a Web
user to another Web page. A link can take the user to another page within the same site (an
internal link), or to another site altogether (an external link).
Atul Chouhan
54
You do not need permission for a regular word link to another websites home page. If there
is some concern over the link, most issues can be squared away by having the linked site sign
a linking agreement that gives permission for your link.
Linking is the practice of linking to the internal pages of a website, bypassing introductory
pages as well as other material that would normally precede the linked page. By deep linking
into a website, a person is able to navigate to the linked page without going through
introductory pages that normally include things like advertisements and banners that provide
the website with income. As a result of deep linking, many small businesses have suffered
because of this loss of advertisement income. In addition, when one website deep links into
another website, users could be confused into thinking that the two websites are related to
each other.
Framing:
Unlike linking, framing is a relatively recent phenomenon, introduced by Netscape in Version
2 of its Navigator product. A framing site, by virtue of certain commands in its HTML code,
links to another site, displaying that site within a window or frame. The frame itself is
comprised of content from the framing site. In contrast to generic hyperlinking, in the case of
framing, the user remains at the framing site and views content from both sites. The address
that the user's browser displays may continue to be that of the framing site. The user may be
unaware that the content in the frame comes from another site. This difference between
linking and framing may make trademark liability more likely for sites that frame rather than
merely hyperlink.
Sites are increasingly challenging those who frame them.
Protection of content on web site:
Websites are particularly open to abuse, especially theft of content and images. You should
assume that files will be accessed randomly, downloaded as individual chunks, and
distributed out of context. It is therefore important to include a copyright notice on as many
individually deliverable items as possible:
Every page should contain a notice in the visible text (text shown on screen), or at
least link to your notice in the body of the page.
Atul Chouhan
55
Watermarking may be worth considering if you have a lot of valuable images on your site.
Websites are one of the easiest things to copy, particularly any written content and images, so
registration is particularly important.
Copyscape is a useful tool that will compare your web pages to others indexed by Google and
return any it finds with matching text.
Here are four things you can do to protect your property from
thieves online:
1. Include the copyright symbol on all pages of your website and your content like ebooks and PDF downloads. This will deter those who innocently think its ok to copy
your stuff without realising its an infringement.
2. Use Copyscape a duplicate content checker to search the internet for copies of your
web or blog pages. You pop your page address in the search box and it will scan the
web for copies. Note that it searches each page individually not a whole website.
3. If you have a WordPress site try a plug in called WP-Copyprotect. This locks your
blog so text and images cant be highlighted, copy and pasted. This works on the
assumption that anyone wanting to steal your blog post or text from your website will
be too lazy to re-type it out for themselves.
4. Protect your online products, photos and images using a Creative Commons license.
You can get one set up in seconds for free to protect ebooks, images and other
materials for that extra bit of security.
International treaties:
The Convention on Cybercrime, also known as the Budapest Convention on Cybercrime
or the Budapest Convention, is the first international treaty seeking to address Internet and
computer crime by harmonizing national laws, improving investigative techniques, and
increasing cooperation among nations. It was drawn up by the Council of Europe in
Strasbourg, France, with the active participation of the Council of Europe's observer states
Canada and Japan.
The Convention is the first international treaty on crimes committed via the Internet and other
computer networks, dealing particularly with infringements of copyright, computer-related
fraud, child pornography, hate crimes, and violations of network security.[6] It also contains a
series of powers and procedures such as the search of computer networks and lawful
interception.
Its main objective, set out in the preamble, is to pursue a common criminal policy aimed at
the protection of society against cybercrime, especially by adopting appropriate legislation
and fostering international cooperation.
The Convention and its Explanatory Report was adopted by the Committee of Ministers of
the Council of Europe at its 109th Session on 8 November 2001. It was opened for signature
in Budapest, on 23 November 2001 and it entered into force on 1 July 2004.As of October
Atul Chouhan
56
2014, 44 states have ratified the convention, while a further nine states had signed the
convention but not ratified it.
On 1 March 2006 the Additional Protocol to the Convention on Cybercrime came into force.
Those States that have ratified the additional protocol are required to criminalize the
dissemination of racist and xenophobic material through computer systems, as well as threats
and insults motivated by racism or xenophobia.
Trademark issues in cyberspace:
A trademark is a word, name, symbol, device, or combination of, used by someone to identify
his product. Trademarks arise from 'use' and do not have to be registered to be considered
trademarked. There are good reasons to register a trademark though. One reason, like
copyrights, it establishes a public record. The second reason is that it needs to be registered in
order to file for trademark infringement. It also helps to establish trademark in other countries
and to stop imports of infringing foreign goods from entering the country. A trademark is
valid indefinitely, but if not maintained it can be lost and fall into public domain. For
instance, if a trademark becomes a common phrase, then it will be deemed lost and the
trademarked term considered common usage (Aspirin, Allen Wrench, Granola, and Yo-Yo are
just a few examples).
Trademark registration begins with the U.S. Patent and Trademark Office (P.T.O.).
Registering a trademark can take more than a year after the application is filed. There is an
extensive research involved to ensure that a similar trademark does not already exist.
Once the trademark goes through, the symbol identifies a trademark as registered with the
U.S. P.T.O. The proper way to write this is - " Registered in the U.S. Patent and Trademark
Office", or the abbreviation - "Reg. U.S. Pat. And Tm. Off." If it is not yet officially
registered with the P.T.O., the symbol should be used instead.
Trademarks are protected from infringement and also dilution. Infringement of a trademark
means that there is another that is too similar and it is confusing. Dilution of a mark would be
because the public has a strong association with the original trademark and the other would
take away from that association.
It is not considered infringement to make fun of a copyrighted or trademarked work as long
as it is apparent that it is not the original, but a parody. You cannot create a domain name
similar to another and make fun of it, because it would not be evident that it was a joke until
the user actually reached the website.
Trademarks should not be used in meta-tags (the hidden keyword tags on a web page), or in a
pay-per click ad campaign. There have been cases where this was considered infringement.
Domain name dispute:
Domain names are simply the addresses of the Internet. E-mail is sent and web pages are
found through the use of domain names. As an example, the web address for the Microsoft
web site is www.microsoft.com, while Bill Gates might have an e-mail address such as
bill@microsoft.com (both using the "microsoft.com" domain name). Without the domain
Atul Chouhan
57
name, a computer would have no idea where to look for a web page, and e-mail routers
would not be able to send e-mail. Of course, domain names are more than just addresses,
since they can be selected by the "addressee" and are usually closely associated with a
particular service or product.
Because of the increasing popularity of the Internet, companies have realized that having a
domain name that is the same as their company name or the name of one of their products can
be an extremely valuable part of establishing an Internet presence. As explained above, a
company wishing to acquire a domain name must file an application with the appropriate
agency. Before doing so, a search is done to see if their desired domain name is already taken.
A good site for doing such a search is provided by Network Solutions. When a company finds
that the domain name corresponding to their corporate name or product trademark is owned
by someone else, the company can either choose a different name or fight to get the domain
name back from its current owners.
Some well publicized examples of these types of domain names disputes are:
mcdonalds.com: This domain name was taken by an author from wired magazine who
was writing a story on the value of domain names. In his article, the author requested
that people contact him at ronald@mcdonalds.com with suggestions of what to do
with the domain name. In exchange for returning the domain name to McDonalds, the
author convinced the company to make a charitable contribution.
mtv.com: The MTV domain name was originally taken by MTV video jockey Adam
Curry. Although MTV originally showed little interest in the domain name or the
Internet, when Adam Curry left MTV the company wanted to control the domain
name. After a federal court action was brought, the dispute settled out of court.
Atul Chouhan
58
taiwan.com: The mainland China news organization Xinhua was allowed to register
the domain name taiwan.com, much to the disgust of the government of Taiwan.
Cyber-squatting:
Cybersquatting (also known as domain squatting), according to the United States federal
law known as the Anticybersquatting Consumer Protection Act, is registering, trafficking in,
or using an Internet domain name with bad faith intent to profit from the goodwill of a
trademark belonging to someone else. The cybersquatter then offers to sell the domain to the
person or company who owns a trademark contained within the name at an inflated price.
The term is derived from "squatting", which is the act of occupying an abandoned or
unoccupied space or building that the squatter does not own, rent, or otherwise have
permission to use. Cybersquatting, however, is a bit different in that the domain names that
are being "squatted" are (sometimes but not always) being paid for through the registration
process by the cybersquatters. Cybersquatters usually ask for prices far greater than that at
which they purchased it. Some cybersquatters put up derogatory remarks about the person or
company the domain is meant to represent in an effort to encourage the subject to buy the
domain from them. Others post-paid links via advertising networks to the actual site that the
user likely wanted, thus monetizing their squatting.
Cybersquatters sometimes register variants of popular trademarked names, a practice known
as typosquatting.
Another strategy is as follows: Internet domain name registrations are for a fixed period of
time. If the owner of a domain name doesn't re-register the name with an internet registrar
prior to the domain's expiration date, then the domain name can be purchased by anybody
else after it expires.[1] At this point the registration is considered lapsed. A cybersquatter may
use automated software tools to register the lapsed name the instant it is lapsed. This strategy
is also known as renewal snatching, extension exaggeration, and alert angling.
To control this UDRP is formed.
Uniform dispute resolution policy:
The Uniform Domain Name Dispute Resolution Policy (UDRP) is a cost-effective and faster
alternative to a lawsuit, when there is a domain name dispute that needs to be resolved. This
was set up by the Internet Corporation for Assigned Names and Numbers (ICANN), the
group responsible for domain name registration.
The UDRP currently applies to all generic top level domains (.aero, .asia, .nyc, etc...),[1] some
country code top-level domains, and some legacy top level domains (.com, .net, .org, etc...) in
specific circumstances.
The UDRP was launched on 1 December 1999, and the first case determined under it by
WIPO was World Wrestling Federation Entertainment, Inc v. Michael Bosman, involving the
domain name worldwrestlingfederation.com.
Atul Chouhan
59
When a registrant chooses a domain name, the registrant must "represent and warrant",
among other things, that registering the name "will not infringe upon or otherwise violate the
rights of any third party", and agree to participate in an arbitration-like proceeding should any
third party assert such a claim.
Critics claim that the UDRP process favours large corporations and that their decisions often
go beyond the rules and intent of the dispute resolution policy. A UDRP complaint may be
initiated at UDRP proceeding with an approved dispute resolution service provider. A victim
of cybersquatting may also file an InterNIC Registrar Problem Report regarding a
cybersquatter posing as a registrar.
Court systems can also be used to sort out claims of cybersquatting, but jurisdiction is often a
problem, as different courts have ruled that the proper location for a trial is that of the
plaintiff, the defendant, or the location of the server through which the name is registered.
Countries such as China and Russia do not view cybersquatting in the same way or degree
that US law does. People often choose the UDRP (Uniform Dispute Resolution Process)
created by ICANN because it is usually quicker and cheaper ($2,000 to $3,000 in costs and
fees vs. $10,000 or more) than going to court, but courts can and often do overrule UDRP
decisions.
Under UDRP policy, successful complainants can have the names deleted or transferred to
their ownership (which means paying regular renewal fees on all the names or risk their being
registered by someone else).
There is a great difference between the old NSI policy and the UDNDRP. The ICANN policy
forbids registration of the domain name if:
i. The domain name is identical or confusingly similar to another's mark.
ii. The entity registering the domain name has no legitimate right to it.
iii. The domain name was registered and used in bad faith.
Computer software and related IPR issues:
IPRs in the computer industry are affected by the following areas:
1. Contract/License
2. Copyright and Related Rights
3. Undisclosed Information (Trade Secret)
4. Patents
5. Trademarks
6. Layout - designs (Topographies) of Integrated Circuits
Atul Chouhan
60
The first four have an impact on computer software. The fifth one (trademarks) and the sixth
one (layout-designs) are more relevant to the Internet and to computer hardware rather than to
the computer software.
Atul Chouhan
61
Regards:Hard Rocker
LNCTe (Formerly GGITM)
IT BRANCH
Atul Chouhan