Sunteți pe pagina 1din 46

INFORMATION TECHNOLOGY

RATHER THAN GIVING INFORMATION AND

TECHNOLOGY

GIVES RISE TO CYBERCRIMES.

Presented by-

AADITYA RATHOD-01

AAYUSH CHAUDHARY-03

AKSHAY-05

ANISH SURVE-07

ANKUR JAIN-09

BHIMA GOLLAR-11

CHIRAG SOMAIYA-13

DEEPTI GODWANI-15

DHRUVI SONI-17

GARY RODRIGUES-19

1|Page
Index
Introduction - 03

Cyber crime - 07

Hackers - 12

Cases - 17

IT act 2000 - 22

IT act 2008 - 24

Penalties - 33

Offences - 36

Miscellaneous - 39

Conclusion - 40

2|Page
INFORMATION TECHNOLOGY rather than giving information and technology
gives rise to cyber crimes.
Internet in India is growing rapidly. It has given rise to new opportunities in every field we can
think of, be it entertainment, business, sports or education. Internet also has its own
disadvantages. One of the major disadvantages is Cybercrime – illegal activity committed on the
internet. The internet, along with its advantages, has also exposed citizens to security risks that
come with connecting to a large network. Computers today are being misused for illegal activities
like e-mail espionage, credit card fraud, spam’s, software piracy and so on; criminal activities in
the cyberspace are on the rise. As the cases of cybercrime grow, there is a growing need to
prevent them.

INTRODUCTION

What is information technology?

In the 1960s and 1970s, the term information technology (IT) was a little known phrase that was
used by those who worked in places like banks and hospitals to describe the processes they
used to store information. With the paradigm shift to computing technology and "paperless"
workplaces, information technology has come to be a household phrase. It defines an industry
that uses computers, networking, software programming, and other equipment and processes to
store, process, retrieve, transmit, and protect information.

In the early days of computer development, there was no such thing as a college degree in IT.
Software development and computer programming were best left to the computer scientists and
mathematical engineers, due to their complicated nature. As time passed and technology
advanced, such as with the advent of the personal computer in the 1980s and its everyday use in
the home and the workplace, the world moved into the information age.

By the early 21st century, nearly every child in the world, and many in other parts of the world,
knew how to use a personal computer. Businesses' information technology departments have

3|Page
gone from using storage tapes created by a single computer operator to interconnected networks
of employee workstations that store information in a server farm, often somewhere away from the
main business site. Communication has advanced, from physical postal mail, to telephone fax
transmissions, to nearly instantaneous digital communication through electronic mail (email).

Great technological advances have been made since the days when computers were huge
pieces of equipment that were stored in big, air conditioned rooms, getting their information from
punch cards. The information technology industry has turned out to be a huge employer of
people worldwide, as the focus shifts in some nations from manufacturing to service industries. It
is a field where the barrier to entry is generally much lower than that of manufacturing, for
example. In the current business environment, being proficient in computers is often a necessity
for those who want to compete in the workplace.

Jobs in information technology are widely varied, although many do require some level of higher
education. Positions as diverse as software designer, network engineer, and database
administrator are all usually considered IT jobs. Nearly any position that involves the intersection
of computers and information may be considered part of this field.

What does information technology include?


There are so many different fields in IT. But these are growing very fast.
1. Software Development
2. Web design
3. Web development,
4. Networking
5. Information security
6. Database administration
these all are very attractive on information technology.

Advantages
The advantages of information technology are many. True globalization has come about only via
this automated system. The creation of one interdependent system helps us to share information
and end linguistic barriers across the continents. The collapse of geographic boundaries has

4|Page
made the world a 'global village'. The technology has not only made communication cheaper, but
also possible much quicker and 24x7. The wonders of text messages, email and auto-response,
backed by computer security applications, have opened up scope for direct communication.
Computerized, internet business processes have made many businesses turn to the Internet for
increased productivity, greater profitability, clutter free working conditions and global clientèle. It
is mainly due to the IT industry that people from diverse cultures are able to personally
communicate and exchange valuable ideas. This has greatly reduced prejudice and increased
sensitivity. Businesses are able to operate 24x7, even from remote locations.

Information technology has rippled on in the form of a Communication Revolution. Specialists in


this field like programmers, analyzers and developers are able to further the applications and
improve business processes simultaneously. The management infrastructure thus generated
defies all boundaries. Among the many advantages of the industry are technical support post-
implementation, network and individual desktop management, dedicated business applications
and strategic planning for enhanced profitability and effective project management.

IT provides a number of low-cost business options to tap higher productivity with dedicated small
business and a special category for the larger operations. Regular upgrades have enabled many
businessmen to increase productivity and identify a market niche that would never have been
possible without the connectivity. With every subsequent increase in the ROI or Return On
Investment, businesses are able to remain buoyant even amidst the economic recession. Not
only do people connect faster with the help of information technology, but they are also able to
identify like-minded individuals and extend help, while strengthening ties.

This segment revolves around automated processes that require little or no human intervention at
all. This in turn has minimized job stress levels at the work place and eliminated repetition of
tasks, loss due to human error, risks involved due to negligence of timely upgrades and
extensive paper-intensive business applications that result in the accumulation of
unnecessary bulk. The sophistication of the modern work stations and general working
conditions is possible only due to the development of Information Technology.

5|Page
Disadvantages
Unemployment - While information technology may have streamlined the business process it
has also created job redundancies, downsizing and outsourcing. This means that a lot of lower
and middle level jobs have been done away with causing more people to become unemployed.

Privacy - Though information technology may have made communication quicker, easier and
more convenient, it has also bought along privacy issues. From cell phone signal interceptions to
email hacking, people are now worried about their once private information becoming public
knowledge.
Lack of job security - Industry experts believe that the internet has made job security a big
issue as since technology keeps on changing with each day. This means that one has to be in a
constant learning mode, if he or she wishes for their job to be secure.
Dominant culture - While information technology may have made the world a global village, it
has also contributed to one culture dominating another weaker one. For example it is now argued
that US influences how most young teenagers all over the world now act, dress and behave.
Languages too have become overshadowed, with English becoming the primary mode of
communication for business and everything else.

Vision:
Putting technology to use, where technology is useful.

6|Page
CYBER CRIME
Computer crime, or cybercrime, refers to any
crime that involves a computer and a network, where
the computers may or may not have played an
instrumental part in the commission of a crime.
Netcrime refers, more precisely, to criminal exploitation
of the Internet. Issues surrounding this type of crime
have become high-profile, particularly those
surrounding hacking, copyright infringement, child
pornography, and child grooming. There are also problems of privacy when confidential
information is lost or intercepted, lawfully or otherwise.

On the global level, both governments and non-state performers continue to grow in importance,
with the ability to engage in such activities as spying, financial theft, and other cross-border
crimes sometimes referred to as cyber warfare. The international legal system is attempting to
hold actors accountable for their actions, with the International Criminal Court among the few
addressing this threat.
With increased use of computers in homes and offices, there has been a proliferation of
computer-related crimes. These crimes include:

(i) Crimes committed by using computers as a means, including conventional crimes.


(ii) Crimes in which computers are targets. The Internet in India is growing rapidly.

It has given rise to new opportunities in every field we can think of – be it entertainment,
business, sports or education. There are two sides to a coin. Internet also has its own
disadvantages. One of the major disadvantages is Cybercrime – illegal activity committed on the
Internet. The Internet, along with its advantages, has also exposed us to security risks that come
with connecting to a large network. Computers today are being misused for illegal activities like e-

7|Page
mail espionage, credit card fraud, spams, and software piracy and so on, which invade our
privacy and offend our senses.

Criminal activities in the cyberspace are on the rise. Success in any field of human activity leads
to crime that needs mechanisms to control it. Legal provisions should provide assurance to
users, empowerment to law enforcement agencies and deterrence to criminals. The law is as
stringent as its enforcement. Crime is no longer limited to space, time or a group of people. Cyber
space creates moral, civil and criminal wrongs. It has now given a new way to express criminal
tendencies. Back in 1990, less than 100,000 people were able to log on to the Internet worldwide.
Now around 500 million people are hooked up to surf the net around the globe.

Examples of crimes that primarily target computer networks or devices would include:

 Computer viruses
 Denial-of-service attacks
 Malware (malicious code)

Examples of crimes that only use computer networks or devices would include:

 Cyber stalking
 Fraud and identity theft
 Information warfare
 Phishing scams

Child Pornography

The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide.
The internet is very fast becoming a household commodity in India . Its explosion has made the
children a viable victim to the cyber crime. As more homes have access to internet, more children
would be using the internet and more are the chances of falling victim to the aggression of
pedophiles.
The easy access to the pornographic contents readily and freely available over the internet lower
the inhibitions of the children. Pedophiles lure the children by distributing pornographic material,

8|Page
then they try to meet them for sex or to take their nude photographs including their engagement
in sexual positions. Sometimes Pedophiles contact children in the chat rooms posing as
teenagers or a child of similar age, then they start becoming friendlier with them and win their
confidence. Then slowly pedophiles start sexual chat to help children shed their inhibitions about
sex and then call them out for personal interaction. Then starts actual exploitation of the children
by offering them some money or falsely promising them good opportunities in life. The pedophiles
then sexually exploit the children either by using them as sexual objects or by taking their
pornographic pictures in order to sell those over the internet.

In physical world, parents know the face of dangers and they know how to avoid & face the
problems by following simple rules and accordingly they advice their children to keep away from
dangerous things and ways. But in case of cyber world, most of the parents do not themselves
know about the basics in internet and dangers posed by various services offered over the
internet. Hence the children are left unprotected in the cyber world. Pedophiles take advantage of
this situation and lure the children, who are not advised by their parents or by their teachers
about what is wrong and what is right for them while browsing the internet

How do they Operate

a. Pedophiles use false identity to trap the children/teenagers.


b. Pedophiles contact children/teens in various chat rooms which are used by children/teen to
interact with other children/teen.
c. Befriend the child/teen.
d. Extract personal information from the child/teen by winning his confidence.
e. Gets the e-mail address of the child/teen and starts making contacts on the victim e-mail
address as well.
f. Starts sending pornographic images/text to the victim including child pornographic images in
order to help child/teen shed his inhibitions so that a feeling is created in the mind of the
victim that what is being fed to him is normal and that everybody does it.
g. Extract personal information from child/teen
h. At the end of it, the pedophile set up a meeting with the child/teen out of the house and then
drag him into the net to further sexually assault him or to use him as a sex object.

9|Page
Net Extortion
Copying the company’s confidential data in order to extort said company for huge amount

Identity theft
Once a criminal accesses the information he can for example do the following:
1. Apply for a credit card in the victim’s name.
2. Apply for other financial services in the victim’s name.
3. Run up debts like using the credit/ debit card details to make purchase or obtain a loan in
the victim’s name.
4. Apply for a driving license in the victim’s name.
5. Apply for a passport in victim’s name.
6. Apply for a mobile phone contract in the victim’s name.

Identity theft may also be used as a means of blackmail, especially if medical privacy or
political privacy has been break and if revealing the activities undertaken by the thief under the
name of the victim may have serious consequences like loss of job or marriage. Although identity
theft appears to harbor all bad acts done while pretending to be someone else, assuming a false
identity with the knowledge and approval of the person being impersonated for example cheating
on an exam, is not considered being identity theft. Identity theft is such a broad concept that any
discussion of it should quickly narrow down to the specific case like credit card fraud. Similarly
any proposed remedy of identity theft is actually a remedy for a specific case of identity theft.
Techniques for obtaining identification information range from stealing mail or rummaging through
rubbish, stealing personal information in computer databases, to infiltration of organizations that
store large amounts of personal information.

Innocent people are being arrested every year because some other person is committing
crimes using their names. It has been estimated that more than 100,000 people in the UK are
affected by identity theft every year. Identity theft is also the fastest growing crime in America and
according to a Federal Trade Commission; 9.9 million victims were reported last year. According
to a survey by the Privacy Rights Clearinghouse, the average consumer victim spends 175 hours

10 | P a g e
and $800 resolving identity theft problems, and it takes two to four years for victims to clear up all
the resulting problems. So, the sooner you take action to clear your records, the better. It is
therefore important to order your credit reports regularly, at least once a year

Intellectual Property crimes


These include software piracy, copyright infringement, trademarks violations, theft of computer
source code etc.

Forgery
Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using
sophisticated computers, printers and scanners. Outside many colleges across India, one finds
touts soliciting the sale of fake mark sheets or even certificates. These are made using
computers, and high quality scanners and printers. In fact, this has becoming a booming
business involving thousands of Rupees being given to student gangs in exchange for these
bogus but authentic looking certificates.

Virus / worm attacks


Viruses are programs that attach themselves to a computer or a file and then circulate
themselves to other files and to other computers on a network. They usually affect the data on a
computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach
themselves to. They merely make functional copies of themselves and do this repeatedly till they
eat up all the available space on a computer's memory

11 | P a g e
Hackers
The term "hacker" has come to be associated exclusively with breaking security. First-generation
hackers would break security because it was in the way of doing something useful. Now a lot of
kids do it 'cause it's naughty. Though it is true that showing you can break security that's said to
be unbreakable is a nice hack, the original hackers did not break security just to be naughty.
They broke security if somebody had locked up a tool that you needed to use.

Who is a Hacker?
• Someone who's really good at what he does with computers is called a hacker.
• Someone that breaks into systems to damage it, or for the purpose of getting illegitimate
access to resources
• The term hacker is a generic term to describe attackers. .
• A person who enjoys exploring the details of programmable systems and how to stretch
their capabilities, as opposed to most users, who prefer to learn only the minimum
necessary.
• A person who enjoys programming rather than just theorizing about programming.
• A person capable of appreciating hack value.
• A person who is good at programming quickly.

There are various types of computer hackers that all have different malicious intent. It's important
to know these different types of hackers so you can properly defend your data.

White Hat
White hat has the skills to break into computer systems and do damage. However, they use their
skills to help organizations. For example a white hat might work for an organization to test for
security weaknesses and vulnerabilities in the network.

Black Hat

12 | P a g e
Black Hat also known as a cracker uses his skills to break into computer systems for unethical
reasons. For example, steal user data like, username and password, credit card numbers, bank
information.
Grey Hat
This type can be thought of as a white hat attacker who sometimes acts unethically. They could
be employed as a legit network security administrator. But, during this person's duties, he may
find an opportunity for gaining access to company data and stealing that data.

Phreaker
A phreaker is simply a hacker of telecommunications. An example of this is tricking the phone
system into letting you make free long distance calls.

Script Kiddy
A Script Kiddy is someone who lacks the skills of a typical hacker. They rely on downloading
hacking programs or utilities sometimes calls scripts to perform an attack.

Computer Security Hacker


This is someone who knows the technical aspects of computer networking and security. This
person could attack a network protected by a firewall or IPS by fragmenting packets.

Academic Hacker
This type is typically an employee or student at an institution of higher education. They would use
the institutions computing resources to write malicious programs.

ackeHacking broadly refers to attempts to gain access to computers to which one does not
possess authorization.
• The term "hackers" first came into use in the early 1960's when it was applied to a group
of pioneering computer aficionados at MIT (Levy, 1984).
• Through the 1970s, a hacker was viewed as someone obsessed with understanding and
mastering computer systems (Levy 1984).

13 | P a g e
• But, in the early 1980's, stimulated by the release of the movie "War Games" and the
much publicized arrest of a "hacker gang" known as "The 414s", hackers were seen as
young whiz-kids capable of breaking into corporate and government computer systems.
eo
Types of Hacking
There are three main types of hacking.
1. Local Hacking
2. Social Networking Hacking
3. Remote Hacking

Local Hacking
Local hacking is completed from local area where we have substantial access, like throughout
printer etc. We do this kind of hacking through viruses and Trojans with the aid of pen drive and
hard disk.

Social Engineering
Social engineering is the work of manipulating people into the stage actions or exposing private
information. While related to an assurance trick or simple scam, the term normally applies to
deception or trickery for the point of information congregation, fraud, or computer structure
access; in most cases the attacker not at all comes face-to-face.

Remote Hacking
Remote hacking is done remotely by winning benefit of the weakness of the target system. We
require following steps for remote hacking to penetrate on target system.

Real Hacking Steps of Remote Hacking:


v Information Gathering / Foot printing
v Port Scanning
v OS Fingerprinting
v Banner Grabbing
v Vulnerability Assessment

14 | P a g e
v Search & Build Exploit
v Attack
v Maintain Access with help of Root kits and Trojans.
v Covering Tracks

VIRUSES USED FOR HACKING


• viruses - most common form of attack
• denial of service attacks
• Trojans (or Trojan horses)
• brute-force and social engineering password attacks
• port scanning and spoofing
• phishing
• ransom ware

• Inside Jobs - Most security breeches originate inside the network that is under attack.
Inside jobs include stealing passwords (which hackers then use or sell.
• Rogue Access Points - Rogue access points (APs) are unsecured wireless access points
that outsiders can easily breech. (Local hackers often advertise rogue APs to each other.)
Rogue APs are most often connected by well-meaning but ignorant employees.
• Back Doors - Hackers can gain access to a network by exploiting back doors
administrative shortcuts, configuration errors, easily deciphered passwords, and
unsecured dial-ups.
• Viruses and Worms - Viruses and worms are self-replicating programs or code fragments
that attach themselves to other programs (viruses) or machines (worms). It attempts to
shut down networks by flooding them with bogus traffic, usually through e-mail.
• Trojan Horses - Trojan horses, which are attached to other programs, are the leading
cause of all break-ins. When a user downloads and activates a Trojan horse, the hacked
software (SW) kicks off a virus, password gobbler, or remote-control SW that gives the
hacker control of the PC.

15 | P a g e
• Denial of Service - DoS attacks give hackers a way to bring down a network without
gaining internal access.It attacks work by flooding the access routers with bogus traffic
(which can be e-mail or Transmission Control Protocol, TCP, packets). .
• Anarchists, Crackers, and Kiddies
• Anarchists are people who just like to break stuff. They usually exploit any target of
opportunity.
• Crackers are hobbyists or professionals who break passwords and develop Trojan horses
or other SW (called warez). They either use the SW themselves or sell it for profit.
• Kiddies have no real hacker skills, so they buy or download warez, which they launch.
.
• Sniffing and Spoofing –
Sniffing - It refers to the act of intercepting TCP packets.
Spoofing It- is the act of sending an illegitimate packet with an expected
acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping.

16 | P a g e
CASES

Pune Citibank MphasiS Call Center Fraud


US $ 3,50,000 from accounts of four US customers were dishonestly transferred to bogus
accounts. This will give a lot of ammunition to those lobbying against outsourcing in US. Such
cases happen all over the world but when it happens in India it is a serious matter and we can not
ignore it. It is a case of sourcing engineering. Some employees gained the confidence of the
customer and obtained their PIN numbers to commit fraud. They got these under the guise of
helping the customers out of difficult situations. Highest security prevails in the call centers in
India as they know that they will lose their business. There was not as much of breach of security
but of sourcing engineering.

The call center employees are checked when they go in and out so they can not copy down
numbers and therefore they could not have noted these down. They must have remembered
these numbers, gone out immediately to a cyber café and accessed the Citibank accounts of the
customers.

All accounts were opened in Pune and the customers complained that the money from their
accounts was transferred to Pune accounts and that’s how the criminals were traced. Police has
been able to prove the honesty of the call center and has frozen the accounts where the money
was transferred.

There is need for a strict background check of the call center executives. However, best of
background checks can not eliminate the bad elements from coming in and breaching security.
We must still ensure such checks when a person is hired. There is need for a national ID and a
national data base where a name can be referred to. In this case preliminary investigations do

17 | P a g e
not reveal that the criminals had any crime history. Customer education is very important so
customers do not get taken for a ride. Most banks are guilt of not doing this.

State of Tamil Nadu Vs Suhas Katti

The Case of Suhas Katti is notable for the fact that the conviction was achieved successfully
within a relatively quick time of 7 months from the filing of the FIR. Considering that similar cases
have been pending in other states for a much longer time, the efficient handling of the case which
happened to be the first case of the Chennai Cyber Crime Cell going to trial deserves a special
mention.

The case related to posting of obscene, defamatory and annoying message about a divorcee
woman in the yahoo message group. E-Mails were also forwarded to the victim for information by
the accused through a false e-mail account opened by him in the name of the victim. The posting
of the message resulted in annoying phone calls to the lady in the belief that she was soliciting.

Based on a complaint made by the victim in February 2004, the Police traced the accused to
Mumbai and arrested him within the next few days. The accused was a known family friend of the
victim and was reportedly interested in marrying her. She however married another person. This
marriage later ended in divorce and the accused started contacting her once again. On her
reluctance to marry him, the accused took up the harassment through the Internet.

On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC before The
Hon’ble Addl. CMM Egmore by citing 18 witnesses and 34 documents and material objects. The
same was taken on file in C.C.NO.4680/2004. On the prosecution side 12 witnesses were
examined and entire documents were marked as Exhibits.

18 | P a g e
The Defence argued that the offending mails would have been given either by ex-husband of the
complainant or the complainant her self to implicate the accused as accused alleged to have
turned down the request of the complainant to marry her.

Further the Defence counsel argued that some of the documentary evidence was not sustainable
under Section 65 B of the Indian Evidence Act. However, the court relied upon the expert
witnesses and other evidence produced before it, including the witnesses of the Cyber Cafe
owners and came to the conclusion that the crime was conclusively proved. Ld. Additional Chief
Metropolitan Magistrate, Egmore, delivered the judgement on 5-11-04 as follows:

" The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and
the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469
IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1 year
Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to
undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently."

The accused paid fine amount and he was lodged at Central Prison, Chennai. This is considered
as the first case convicted under section 67 of Information Technology Act 2000 in India.

Awareness about cyber crimes

Identity theft, also called identity fraud, occurs when scammers steal credit card numbers, Social
Security numbers or even mothers' maiden names. All the experts indicate the problem is
increasing. Law enforcement officials indict about 400,000 Americans are affected annually.
Unlike other types of fraud, identity theft can be extremely difficult to detect until the damage is
done. In addition, it can be accomplished over a period of months or even years, before the
unwary victim even realizes there's a problem.

The growth might be explained by the incentives to criminals: A savvy identity thief can run up to
$30,000 in bills on each individual victim, compared to the average bank robbery which nets just
$3000. In general, the bank robbery is more risky.

19 | P a g e
Identity thieves can work in several ways, but the basis is the same. They gather personal
information in order to steal from that individual. Called a "faceless" crime, the perpetrators
never see the person they are hurting.

These scammers particularly like Social Security numbers, which they can use as a means of
procuring other genuine identification documents.

They may open a new credit card account, using your name, date of birth and Social Security
number. When they use the card, and don't pay the bills, the delinquent account is reported on
your credit report. Once the credit is maxed out, the imposter disappears and moves onto
another victim. Repairing the damage can be especially difficult. One thief managed to do this to
an unsuspecting woman for a full eight years. You can imagine how tough it was for the victim to
convince the credit card company it wasn't her paying those monthly bills.

Some call the credit card company, pretending to be you, change the mailing address on your
account. They the imposter runs charges. Because the bills are being mailed to the new address,
you may not immediately realize there's a problem.

Two other ways are establishing cellular phone service in your name or open a bank account in
your name and write bad checks on the account.

What can you do to avoid identify fraud? Take prudent precautions.

* Get a report from the Social Security Administration to make sure no one else is using your
number.

* Request a complete credit report, once a year and check it closely.

* When you get unwanted pre-approved credit card offers, shred them up before tossing them.

* When in public, do not recite your social security number outloud to a bank teller or store
cashier.

* Use a secure mailbox that locks.

20 | P a g e
* When asked to give your mother's maiden name as a code access, use another key word
instead.

* Change the personal identification numbers on your accounts

regularly.

* If your social security number is on your timecard and the card is visible to your coworkers, ask
to have it removed.

* Pick up and keep printed receipts at bank machines or gas pumps.

If you think you may have been a victim of identity theft, call the Federal Trade Commission
hotline at 877- IDTheft. They also have an informative booklet about this problem which can be
ordered via the hotline.

What is Cyber Law

• Cyberlaw is a term that encapsulates the legal issues related to use of communicative,
transactional, and distributive aspects of networked information devices and
technologies. ..

21 | P a g e
INFORMATION TECHNOLOGY ACT-2000

The modal law on e-commerce was adopted by the general assembly of the UN by a resolution
dated 30th January 1997.The assembly recommended that each and every state should give
consideration to the law when they enact or revise their laws.

The main aim or purpose of the IT act is to promote proper and efficient delivery of government
services by way of electronic records that are reliable and accurate.

As per preamble to the act, the main aim of the act is:

1) Legal recognition of the transactions that are carried out by means of electronic
communication.
2) A second method or an alternative for paper-based methods of communication became
very much essential and necessary. E-commerce deals with storage of information by
means of electronic data interchange.

The act came into effect on 17-10-2000.

The act does not apply to the following:

22 | P a g e
1) A negotiable instrument, except cheque.
2) A power-of-attorney.
3) A trust as defined in section 3 of the Indian Trusts Act.
4) A will as defined in section 2(h) of the Indian Succession Act, including any other
testamentary disposition.
5) Any contract for the sale or conveyance of immovable property or any interest in such
property.

The act provides for the following aspects. That is,it covers the below mentioned
aspects.

1) Contracts that are electronic will be considered valid legally.


2) Digital signatures to be given legal recognition.
3) A proper and effective security procedure for digital signature and electronic
records.

4) Appointment of concerned officers for carrying out various inquiries under the act.

The IT act enables,

1) Documents to be stored in electronic form.


2) Legal recognition of the documents that are electronically stored.
3) Digital signatures fulfill the requirements of signatures in these type of documents

DIGITAL SIGNATURE

An electronic record can be authenticated by a “subscriber” by affixing his digital signature.

Subscriber is a person, in whose name a digital signature certificate is issued.

23 | P a g e
‘Affixing digital signature’ with its grammatical variations means adoption of a procedure or
method by a person with the aim of authenticating his electronic records with the help of
digital signatures.

Authentication of records

The proper use of asymmetric crypto system and hash function, helps to transform the
initial electronic record into another electronic record.

Verification of digital signature

Any person can verify or check the electronic records with the use of the public key of the
subscriber. A subscriber is given access with both the private and public key.

Any information that is available in written form or in printed form, shall be deemed to be
satisfied provided,

1) It is made available in electronic form,


2) Accessible so as to be useful for a subsequent reference.

According to section 8 of the act, it is clear that no Department or Ministry can be


compelled or forced to accept application, return or any communication in electronic
form.

24 | P a g e
Legal recognition of digital signatures

If any law provides that a piece of information or a content is authenticated by affixing a


signature or a document will be signed or has the signature of a person, this content
will be deemed to have been satisfied, if the signature is affixed as per the norms
prescribed by the central government.

Secure digital signature

A particular digital signature should be: unique to the subscriber affixing it, capable of
identifying such a subscriber

LEGAL ISSUES NOT COVERED UNDER INFORMATION TECHNOLOGY ACT


2000

1) Taxation issues that arise out of internet,m-commerce and e-commerce.


2) Patents,trademarks and digital copyright issues.
3) Cybersquatting, domain name registration policy and domain name disputes.
4) Privacy and data protection issues.
5) Spamming and junk mail.

Information Technology Act, 2000


After section 29, a section named 29 A is to be inserted: Electronic record. The words electronic
record will have the meaning assigned to them under clauses and sections of the IT ACT
2000.
In section 172, instead of the words “produce a document in a court of justice”, words “produce a
document or an electronic record in a court of justice” shall be used.
In section 175, for the word “document” at both the places where it is used, the words “document
or electronic record” shall be replaced or substituted.

25 | P a g e
Duties of subscribers

Generation of key pair: In the case of a digital signature certificate, the public key corresponds to
the private key of that subscriber, and after it has been accepted by the subscriber, he shall
generate the key pair by applying the security procedure.
Acceptance of digital signature certificates: A subscriber is deemed to have accepted a digital
signature certificate, if he publishes or gives the power of publication of the certificate:-To
one or more persons.In a repository, or demonstrates in any manner his approval of the
digital signature certificate.
Control of private key. Steps can be taken by every subscriber in order to retain control
of the private key corresponding to the public key listed in his digital signature
certificate and take the essential steps to prevent its disclosure to a person not given
the power to affix the digital signature of the subscriber.
Regulation of certifying authorities

By a notification, the central government may appoint a controller and can also appoint a
specified number of deputy and assistant controllers.

Functions of controller
He exercises supervision over the activities of the certifying authorities.
He certifies public keys of the certifying authorities.
The controller lays down the duties of the certifying authorities.
He resolves any conflict of interests between the subscribers and authorities.
The controller specifies the form and content of a digital signature certificate and the key.
He specifies the form and manner in which the certifying authorities would maintain the accounts.
The controller specifies the conditions subject to which the certifying authorities shall conduct
their business.
Secure electronic records and digital signatures

26 | P a g e
If a security procedure has been applied to a particular electronic record, then such a record is
said to be a secure electronic record till the point of time till its verification is made.

If a security procedure is applied by the parties concerned to a digital signature,at the time it was
affixed,It has to be unique to the subscriber.

Capable of identifying such subscriber.

The link between the digital signature and the electronic record should be perfect in such a way
that if a change is made in the record, the digital signature gets invalidated.

IT ACT 2008
PRELIMINARY
"Access" with its grammatical variations and cognate expressions means gaining entry into,
instructing or communicating with the logical, arithmetical, or memory function resources of a
computer, computer system or computer network;
"Affixing Electronic Signature" with its grammatical variations and cognate expressions means
adoption of any methodology or procedure by a person for the purpose of authenticating an
electronic record by means of Electronic Signature;
"Asymmetric Crypto System" means a system of a secure key pair consisting of a private key for
creating a digital signature and a public key to verify the digital signature;
"Electronic signature" means authentication of any electronic record by a subscriber by means of
the electronic technique specified in the second schedule and includes digital signature
"Private Key" means the key of a key pair used to create a digital signature;
"Public Key" means the key of a key pair used to verify a digital signature and listed in the Digital
Signature Certificate;

27 | P a g e
"Subscriber" means a person in whose name the Electronic Signature Certificate is issued
Attribution of Electronic Records
An electronic record shall be attributed to the originator
(a) if it was sent by the originator himself;
(b) by a person who had the authority to act on behalf of the originator in respect of that
electronic record; or
(c)by an information system programmed by or on behalf of the originator to operate
automatically.

Secure Electronic Signature (Substituted vide ITAA 2008)


An electronic signature shall be deemed to be a secure electronic signature if-
(i) The signature creation data, at the time of affixing signature, was under the exclusive control
of signatory and no other person; and
(ii) The signature creation data was stored and affixed in such exclusive manner as may be
prescribed

Explanation- In case of digital signature, the "signature creation data" means the private key of
the subscriber

The Controller may perform all or any of the following functions, namely
(c) laying down the standards to be maintained by the Certifying Authorities;
(d) specifying the qualifications and experience which employees of the Certifying Authorities
should possess;

Application for license

(1) Every application for issue of a license shall be in such form as may be prescribed by the
Central Government .

28 | P a g e
(2) Every application for issue of a license shall be accompanied by-
(a) a certification practice statement;
(b) a statement including the procedures with respect to identification of the applicant;
(c) payment of such fees, not exceeding twenty-five thousand rupees as may be prescribed by
the Central Government;
(d) such other documents, as may be prescribed by the Central Government.

Suspension of License
(a)made a statement in, or in relation to, the application for the issue or renewal of the license,
which is incorrect or false in material particulars;
(b) failed to comply with the terms and conditions subject to which the license was granted;
(c) failed to maintain the standards specified in Section 30 [Substituted for the words "under
clause (b) of sub-section (2) of section 20;" vide amendment dated September 19, 2002]
(d) contravened any provisions of this Act, rule, regulation or order made there under, revoke the
license:
Provided that
no license shall be revoked unless the Certifying Authority has been given a reasonable
opportunity of showing cause against the proposed revocation.
(2)The Controller may, if he has reasonable cause to believe that there is any ground for revoking
a license under sub-section
(1), by order suspend such license pending the completion of any enquiry ordered by him:
Provided that
no license shall be suspended for a period exceeding ten days unless the Certifying Authority
has been given a reasonable opportunity of showing cause against the proposed suspension.
(3)No Certifying Authority whose license has been suspended shall issue any Electronic
Signature Certificate during such suspension.

ELECTRONIC GOVERNANCE
Legal Recognition of Electronic Records
Where any law provides that information or any other matter shall be in writing or in the
typewritten or printed form, then, notwithstanding anything contained in such law, such

29 | P a g e
requirement shall be deemed to have been satisfied if such information or matter is

(a) rendered or made available in an electronic form; and


(b) accessible so as to be usable for a subsequent reference

Legal recognition of Electronic Signature


Where any law provides that information or any other matter shall be authenticated by affixing the
signature or any document should be signed or bear the signature of any person then,
notwithstanding anything contained in such law, such requirement shall be deemed to have been
satisfied, if such information or matter is authenticated by means of digital signature affixed in
such manner as may be prescribed by the Central Government.

Explanation -

For the purposes of this section, "Signed", with its grammatical variations and cognate
expressions, shall, with reference to a person, mean affixing of his hand written signature or any
mark on any document and the expression "Signature" shall be construed accordingly.

Use of Electronic Records and Electronic Signature in Government and its


agencies

(1) Where any law provides for


(a) the filing of any form, application or any other document with any office, authority, body
or agency owned or controlled by the appropriate Government in a particular manner;
(b) the issue or grant of any license, permit, sanction or approval by whatever name called
in a particular manner;
(c) the receipt or payment of money in a particular manner, then, notwithstanding anything
contained in any other law for the time being in force, such requirement shall be deemed
to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be,
is effected by means of such electronic form as may be prescribed by the appropriate
Government.
(2) The appropriate Government may, for the purposes of sub-section (1), by rules, prescribe

30 | P a g e
-
(a) the manner and format in which such electronic records shall be filed, created or issued;
(b) the manner or method of payment of any fee or charges for filing, creation or issue any
electronic record under clause (a).

Digital Signatures under ITA 2008-A Blunder Repeated


Information Technology Act 2000 (ITA 2000) had prescribed Digital Signatures based on
Asymmetric Crypto system and Hash system as the only acceptable form of authentication of
electronic documents recognized as equivalent to "Signatures" in paper form.

When ITA 2000 had been drafted, there was a major blunder in the drafting of Section 35
subsection (3) which made it mandatory for an applicant of a digital signature certificate to
enclose a "Certification Practice Statement" along with his application. Naavi.org had pointed out
this blunder immediately in the article "An Embarrassing Oversight? Or…?". It however took
several years to correct this by a notification by an executive order dated September 12, 2002.

Though there was a comprehensive amendment now, the subsections 35(3) and 35 (4) have not
been officially corrected and the need for submission of Certification Practice Statement by a
digital signature certificate applicant remains in the books.. indicating the gross negligence in the
drafting of the Bill.

Now this blunder has been accompanied by more avoidable confusions.


When the Information Technology Amendment Bill 2006 was drafted on the basis of the
recommendations of the so called "Expert Committee" the committee took into consideration a
demand from technical community that the PKI based system made the law dependent on a
single authentication technology and there was a need to make the law "Technology Neutral".

In response to this demand, the committee had tried to define an umbrella system of "Electronic
Signatures" of which "Digital Signature" was one of the kind. This required replacement of the
word "Digital" with the word "Electronic" at several places in the Act. Taking this into
consideration, in the Information Technology Amendment Bill 2006, clause 2, a list of

31 | P a g e
amendments were proposed to replace the word "Digital" with the word "Electronic" at several
places in the principal act where a reference to "Digital Signature" had been made.

However, some where along the line, there were some changes made which are now appearing
as anomalies in the legislation passed.

When the Bill needed further amendments based on the Standing Committee report, instead of
drafting a new amendment bill, the department drafted a bill called "Information Technology
Amendment Bill 2008" and introduced it in the parliament on December 15, 2008. This Bill
passed certain amendments to the then pending Information Technology Amendment Bill 2006
( Introduced on December 15, 2006) including the name clause of the resulting Act as in the Bill
introduced on December 15 2006 which was changed from Information Technology Amendment
Act 2006 to Information Technology Amendment Act 2008..

In this process of drafting an amendment bill for amending a pending bill which was to amend a
prevalent act, some serious mistakes have crept into the Act which is now a law.

Instead of the earlier proposal to call "Digital Signature" as one type of an umbrella kind
"Electronic Signature", the current draft introduced a new section 3A to define "Electronic
Signatures" and retained the earlier section 3 of "Digital Signatures".

This has made "Electronic Signature" a concurrent alternative proposed by law to "Digital
Signature" and both could be used for authentication of electronic documents.

As a result, the Certifying Authorities regulations also need to be accommodated for both Digital
Signature as well as Electronic Signature". Either the current Certifying Authorities need to be
licensed for "Electronic Signatures" also or there may be new Certifying Authorities who only
apply for being Certifying Authorities for "Electronic Signatures" and not opt for having any
"Digital Signature Products".

Public should also be able to "Affix digital signature" and also "Affix electronic signature" as the
case may be. They can acquire two different certificates one for digital signature and the other for
electronic signature and they may be from different Certifying authorities.

32 | P a g e
The law therefore needs to accommodate all these provisions. It appears that the drafting of the
bill has resulted in soem confusion where by in some places the digital signature and electronic
signatures are spoken of together and in some places differently. The treatment is inconsistent
and gives rise to avoidable anomalies.

The IT Amendment Bill 2008 has been passed by the Lok Sabha and the Rajya Sabha in the last
week of December, 2008. The said Bill aims to make sweeping changes in the existing Indian
cyberlaw, namely the Information Technology Act, 2000.

The Information Technology Act, 2000 is India’s mother legislation regulating the use of
computers, computer systems and computer networks as also data and information in the
electronic format. The said legislation has provided for the legality of the electronic format as well
as electronic contracts. This legislation has touched varied aspects pertaining to electronic
authentication, digital signatures, cybercrimes and liability of network service providers.

From 17th October, 2000 , when the IT Act, 2000 came into implementation till date, the said
legislation has seen some very interesting cases and challenges, being brought within its ambit.
As time passed by, the inadequacies of the said legislation came to the forefront. There were
various practical difficulties in the implementation of the said legislation. The inadequacy of the IT
Act, 2000 to address some of the emerging phenomena, challenges and cybercrimes, led to
voices clamouring for change in the Indian cyberlaw.

Consequently, the Government of India tabled the Information Technology Amendment Bill, 2006
before both the houses of Parliament in December, 2006, which referred the said amendment bill
to the Parliamentary Standing Committee on Information Technology. The Parliamentary
Standing Committee examined the proposed amendments in a comprehensive manner and
thereafter gave its report and recommendations thereon.

The Parliamentary Standing Committee on Information Technology headed by Shri Nikhil Kumar,
MP did an excellent job in terms of producing its exhaustive recommendations. These
recommendations were noteworthy for their fore vision and clarity of thought process. Way back

33 | P a g e
in 2007, the Standing Committee had recommended that the entire menace of cyber terrorism
needs to be addressed with a strong hand.

After examining the said recommendations, the Central Government brought the Information
Technology Amendment Bill, 2008 in Parliament, which got passed by both the houses of
Parliament.

Given the magnitude of the amendments, it is indeed strange and amazing that this Bill was
passed in an unprecedented hurry, without any discussion in both the houses of the Parliament in
the last week of December, 2008.

The IT Amendment Act 2008 brings about various sweeping changes in the existing Cyberlaw.
While the lawmakers have to be complemented for their appreciable work removing various
deficiencies in the Indian Cyberlaw and making it technologically neutral, yet it appears that there
has been a major mismatch between the expectation of the nation and the resultant effect of the
amended legislation. The most bizarre and startling aspect of the new amendments is that these
amendments seek to make the Indian cyberlaw a cyber crime friendly legislation; - a legislation
that goes extremely soft on cyber criminals, with a soft heart; a legislation that chooses to
encourage cyber criminals by lessening the quantum of punishment accorded to them under the
existing law; a legislation that chooses to give far more freedom to cyber criminals than the
existing legislation envisages; a legislation which actually paves the way for cyber criminals to
wipe out the electronic trails and electronic evidence by granting them bail as a matter of right; a
legislation which makes a majority of cybercrimes stipulated under the IT Act as bailable
offences; a legislation that is likely to pave way for India to become the potential cyber crime
capital of the world.

SECURE ELECTRONIC RECORDS AND SECURE ELECTRONIC SIGNATURES


Secure Electronic Record

Where any security procedure has been applied to an electronic record at a specific point of time,
then such record shall be deemed to be a secure electronic record from such point of time to the
time of verification.

34 | P a g e
Secure Electronic Signature

An electronic signature shall be deemed to be a secure electronic signature if-


(i) the signature creation data, at the time of affixing signature, was under the exclusive control of
signatory and no other person; and
(ii) the signature creation data was stored and affixed in such exclusive manner as may be
prescribed

Explanation- In case of digital signature, the "signature creation data" means the private key of
the subscriber

Security procedures and Practices


The Central Government may for the purposes of sections 14 and 15 prescribe the security
procedures and practices

Provided that in prescribing such security procedures and practices, the Central Government
shall have regard to the commercial circumstances, nature of transactions and such other related
factors as it may consider appropriate.

ELECTRONIC SIGNATURE CERTIFICATES


Certifying Authority to issue Electronic Signature Certificate
(1) Any person may make an application to the Certifying Authority for the issue of a Digital
Signature Certificate in such form as may be prescribed by the Central Government.

(2) Every such application shall be accompanied by such fee not exceeding twenty-five thousand
rupees as may be prescribed by the Central Government, to be paid to the Certifying Authority:

Provided that while prescribing fees under sub-section (2) different fees may be prescribed for
different classes of applicants.

35 | P a g e
(3) Every such application shall be accompanied by a certification practice statement or where
there is no such statement, a statement containing such particulars, as may be specified by
regulations.

(4) On receipt of an application under sub-section (1), the Certifying Authority may, after
consideration of the certification practice statement or the other statement under sub-
section (3) and after making such enquiries as it may deem fit, grant the Digital Signature
Certificate or for reasons to be recorded in writing, reject the application
Provided that no application shall be rejected unless the applicant has been given a reasonable
opportunity of showing cause against the proposed rejection.

Suspension of Digital Signature Certificate.

(1) Subject to the provisions of sub-section (2), the Certifying Authority which has issued a Digital
Signature Certificate may suspend such Digital Signature Certificate -

(a) on receipt of a request to that effect from -


(i) the subscriber listed in the Digital Signature Certificate; or
(ii) any person duly authorized to act on behalf of that subscriber;
(b) if it is of opinion that the Digital Signature Certificate should be suspended in public interest

(2) A Digital Signature Certificate shall not be suspended for a period exceeding fifteen days
unless the subscriber has been given an opportunity of being heard in the matter.

(3) On suspension of a Digital Signature Certificate under this section, the Certifying Authority
shall communicate the same to the subscriber.

Notice of suspension or revocation.

(1) Where a Digital Signature Certificate is suspended or revoked under section 37 or section 38,
the Certifying Authority shall publish a notice of such suspension or revocation, as the case
may be, in the repository specified in the Digital Signature Certificate for publication of such
notice.
(2) Where one or more repositories are specified, the Certifying Authority shall publish notices of

36 | P a g e
such suspension or revocation, as the case may be, in all such repositories.

PENALTIES , COMPENSATION AND ADJUDICATION


Penalty and Compensation for damage to computer, computer system, etc

If any person without permission of the owner or any other person who is incharge of a computer,
computer system or computer network -

(a) accesses or secures access to such computer, computer system or computer network or
computer resource (ITAA2008)

(b) downloads, copies or extracts any data, computer data base or information from such
computer, computer system or computer network including information or data held or stored in
any removable storage medium;

(c) introduces or causes to be introduced any computer contaminant or computer virus into any
computer, computer system or computer network;

(d) damages or causes to be damaged any computer, computer system or computer network,
data, computer data base or any other programmes residing in such computer, computer system
or computer network;

(e) disrupts or causes disruption of any computer, computer system or computer network;

(f) denies or causes the denial of access to any person authorised to access any computer,
computer system or computer network by any means;

(g) provides any assistance to any person to facilitate access to a computer, computer system or
computer network in contravention of the provisions of this Act, rules or regulations made
thereunder,

(h) charges the services availed of by a person to the account of another person by tampering
with or manipulating any computer, computer system, or computer network,

37 | P a g e
(i) destroys, deletes or alters any information residing in a computer resource or diminishes its
value or utility or affects it injuriously by any means .

(i) Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter
any computer source code used for a computer resource with an intention to cause damage,
(Inserted vide ITAA 2008)

he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the
person so affected. (change vide ITAA 2008)

Explanation - for the purposes of this section -

(i) "Computer Contaminant" means any set of computer instructions that are designed -

(a) to modify, destroy, record, transmit data or programme residing within a computer, computer
system or computer network; or

(b) by any means to usurp the normal operation of the computer, computer system, or computer
network;

(ii) "Computer Database" means a representation of information, knowledge, facts, concepts or


instructions in text, image, audio, video that are being prepared or have been prepared in a
formalised manner or have been produced by a computer, computer system or computer
network and are intended for use in a computer, computer system or computer network;

(iii) "Computer Virus" means any computer instruction, information, data or programme that
destroys, damages, degrades or adversely affects the performance of a computer resource or
attaches itself to another computer resource and operates when a programme, data or
instruction is executed or some other event takes place in that computer resource;

(iv) "Damage" means to destroy, alter, delete, add, modify or re-arrange any computer resource
by any means.

38 | P a g e
(v) "Computer Source code" means the listing of programmes, computer commands, design and
layout and programme analysis of computer resource in any form (Inserted vide ITAA 2008)

Factors to be taken into account by the adjudicating officer


While adjudging the quantum of compensation under this Chapter the adjudicating officer shall
have due regard to the following factors, namely -
(a)
the amount of gain of unfair advantage, wherever quantifiable, made as a result of the
default;

(b) the amount of loss caused to any person as a result of the default;
(c) the repetitive nature of the default

39 | P a g e
OFFENCES
Tampering with Computer Source Documents
Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly
causes another to conceal, destroy or alter any computer source code used for a computer,
computer programme, computer system or computer network, when the computer source code is
required to be kept or maintained by law for the time being in force, shall be punishable with
imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with
both.

Explanation -
For the purposes of this section, "Computer Source Code" means the listing of programmes,
Computer Commands, Design and layout and programme analysis of computer resource in any
form.

Punishment for cyber terrorism


(1) Whoever,-
(A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in
the people or any section of the people by –

(i) denying or cause the denial of access to any person authorized to access computer resource;
or

(ii) attempting to penetrate or access a computer resource without authorisation or exceeding


authorized access; or

(iii) introducing or causing to introduce any Computer Contaminant.

and by means of such conduct causes or is likely to cause death or injuries to persons or
damage to or destruction of property or disrupts or knowing that it is likely to cause damage or

40 | P a g e
disruption of supplies or services essential to the life of the community or adversely affect the
critical information infrastructure specified under section 70, or

(B) knowingly or intentionally penetrates or accesses a computer resource without authorisation


or exceeding authorized access, and by means of such conduct obtains access to information,
data or computer database that is restricted for reasons of the security of the State or foreign
relations; or any restricted information, data or computer database, with reasons to believe that
such information, data or computer database so obtained may be used to cause or likely to cause
injury to the interests of the sovereignty and integrity of India, the security of the State, friendly
relations with foreign States, public order, decency or morality, or in relation to contempt of court,
defamation or incitement to an offence, or to the advantage of any foreign nation, group of
individuals or otherwise, commits the offence of cyber terrorism.

(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with
imprisonment which may extend to imprisonment for life’.

Punishment for publishing or transmitting obscene material in electronic


form:-
Whoever publishes or transmits or causes to be published in the electronic form, any material
which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave
and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or
hear the matter contained or embodied in it, shall be punished on first conviction with
imprisonment of either description for a term which may extend to two three years and with fine
which may extend to five lakh rupees and in the event of a second or subsequent conviction with
imprisonment of either description for a term which may extend to five years and also with fine
which may extend to ten lakh rupees.

Penalty for misrepresentation-Whoever makes any misrepresentation to, or suppresses


any material fact from, the Controller or the Certifying Authority for obtaining any license or
Electronic Signature Certificate, as the case may be, shall be punished with imprisonment for a
term which may extend to two years, or with fine which may extend to one lakh rupees, or with
both.

41 | P a g e
Breach of confidentiality and privacy

Save as otherwise provided in this Act or any other law for the time being in force, any person
who, in pursuant of any of the powers conferred under this Act, rules or regulations made there
under, has secured access to any electronic record, book, register, correspondence, information,
document or other material without the consent of the person concerned discloses such
electronic record, book, register, correspondence, information, document or other material to any
other person shall be punished with imprisonment for a term which may extend to two years, or
with fine which may extend to one lakh rupees, or with both.

Punishment for Disclosure of information in breach of lawful contract

Save as otherwise provided in this Act or any other law for the time being in force, any person
including an intermediary who, while providing services under the terms of lawful contract, has
secured access to any material containing personal information about another person, with the
intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses,
without the consent of the person concerned, or in breach of a lawful contract, such material to
any other person shall be punished with imprisonment for a term which may extend to three
years, or with a fine which may extend to five lakh rupees, or with both.

42 | P a g e
MISCELLANEOUS

Power of Police Officer and Other Officers to Enter, Search, etc


Notwithstanding anything contained in the Code of Criminal Procedure, 1973, any police officer,
not below the rank of a Inspector or any other officer of the Central Government or a State
Government authorized by the Central Government in this behalf may enter any public place and
search and arrest without warrant any person found therein who is reasonably suspected of
having committed or of committing or of being about to commit any offence under this Act

Power to Give Direction

The Central Government may give directions to any State Government as to the carrying into
execution in the State of any of the provisions of this Act or of any rule, regulation or order made
there under.

Protection of Action taken in Good Faith

No suit, prosecution or other legal proceeding shall lie against the Central Government, the State
Government, the Controller or any person acting on behalf of him, the Chairperson, Members,
Adjudicating Officers and the staff of the Cyber Appellate Tribunal for anything which is in good
faith done or intended to be done in pursuance of this Act or any rule, regulation or order made
there under

43 | P a g e
Conclusion
Internet in India is growing rapidly. It has given rise to new opportunities in every field we can
think of, be it entertainment, business, sports or education. Internet also has its own
disadvantages. One of the major disadvantages is Cybercrime – illegal activity committed on the
internet. The internet, along with its advantages, has also exposed citizens to security risks that
come with connecting to a large network. Computers today are being misused for illegal activities
like e-mail espionage, credit card fraud, spam’s, software piracy and so on; criminal activities in
the cyberspace are on the rise. As the cases of cybercrime grow, there is a growing need to
prevent them.

 Be cautious about information you share on online communities, especially social sites like
myspace, facebook, and twitter. Online predators can use this information to steal your identity,
harass you, or stalk you.

 Create difficult to guess passwords for all online accounts and pin numbers. Vary your
passwords so that if one of your passwords is ever compromised you won't have to worry about
all of your accounts.

 Purchase a good antivirus software for your computer. Many programs now come with "total
protection" systems that will safeguard your online experience and the data stored on your
computer. This will keep your computer from being infected with viruses, malware or spyware.

 Be cautious about using photos for your online profiles. This is even more important if the
profile is for someone under age. Don't post photos that can be harmful to your reputation.

 Safe keep all of your personal information including your full name, address, phone number,
social security number, account numbers, and passwords. Do not place such personal
information on your multi-media devices such as computers, mp3 players, and cell phones.
Shred all paperwork with such personal information on it.

 Check your financial statements monthly to ensure there are no unusual transactions.

 Never go to see someone you've only met online unless you are with a group of people and
are in a public place. No matter how well you think you know someone it is best to have the
wisdom of friends and family around you to help guide you through the meeting.

44 | P a g e
 When you shop online make sure you are using a secure website, like ones with a url address
that begins with "https" and/or businesses that have had their website certificate verified by
companies like Verisign.

 Use your email provider's spam mail filters in order to block unwanted viruses on your
computer.

 Order your yearly free credit report from all three credit bureaus. If someone is illegally using
your social security number this is the easiest way to find out.

 Report any crime including harassment to the authorities right away. There may be laws in
your state that can protect you and your family.

Top 5 Ways to Keep Safe Online

• Don't leave the telecommunications cable physically connected to your home computer
when the internet is not in use. The only 100% safe computer is the one that is not
connected to the internet.

• Protect, watch, and supervise your children online just as you do with all their everyday
activities. Do not assume that your children are safe because they are in your home using
a computer.

• Never open an attachment from an unfamiliar sender and scan suspicious attachments
with a trusted virus scanner before opening.

• Use firewalls, anti-virus, and spyware detection software on a regular basis. Be sure to
download and install from the software manufacturer's website all available security
patches and updates for all installed programs on your computer on a regular basis.

• Protect your personal information and identity. Your life and the quality of your life depend
on criminals not impersonating you to gain credit, money, a reputation, or committing a

45 | P a g e
crime in your name.

Bibliography

http://www.cyberlawindia.com/

http://www.indlii.org/CyberLaw.aspx

http://www.cbi.gov.in/cybercrime/itbill2000.pdf

http://en.wikipedia.org/wiki/Information_Technology_Act

http://cybercrime.planetindia.net/

http://www.asianlaws.org/library/cyber-laws/real-world-cyber-crime-cases.pdf

http://www.hackershomepage.com/

http://en.wikipedia.org/wiki/Hacker

http://www.naavi.org/pati/pati_cybercrimes_dec03.htm

http://www.lawisgreek.com/cyber-laws-what-is-cyber-contravention-and-cyber-offences/

46 | P a g e

S-ar putea să vă placă și