You are on page 1of 31

Solutions to Chapter One Questions

1. Define computer ethics. Ans. The term computer ethics was coined in the mid 1970s by Walter Manor to refer to that field of applied professional ethics dealing with ethical problems aggravated, transformed, or created by human technology. Computer ethics is the analysis of the nature and social impact of computer technology, and the formulation and justification of the policies for the ethical use of such technology. Computer ethics examine the ethical issues surrounding computer usage and the connection between ethics and technology. It includes consideration of both personal and social policies for ethical use of computer technology. The goal is to understand the impact of computing technology upon human values, minimize the damage that technology can do to human values, and to identify ways to use computer technology to advance human values. 2. Explain the four classifications of ethical issues. Ans. Ethical issues can be classified into: Privacy issues: The privacy issues deal with the collection, storage, and dissemination of information about individuals. For example:

What information about oneself should an employer reveal to others? What kind of surveillance can an employer use on its employees? What things can people keep to themselves and not be forced to reveal to others?

What information about individuals should be kept in databases, and how secure is the information there? Accuracy issues: The accuracy issues deal with authenticity, fidelity, and accuracy of information collected and procured. The questions that need to be addressed in accuracy issues include:

Who is responsible for the accuracy, fidelity, and accuracy of information collected?

How can we ensure that information will be processed properly and presented accurately to the users? How can we ensure that errors in databases, data transmissions, and data processing are accidental and not intentional? Who is to be held responsible for errors in information, and how should the injured party be compensated? Property issues: The property issues deal with ownership and value of information (intellectual property). Examples of issues that need to be addressed as property issues are:

Who owns the information? What are the just and fair prices for its exchange? How should one handle software piracy? Under what circumstances can one use proprietary databases? Can corporate computers be used for private purposes?

How should experts who contribute their knowledge to create expert systems be compensated? How should access to information channels be allocated?

Accessibility issues: The accessibility issues concern with the right to access information and payment towards the same. These issues include:

Who is allowed to access information? How much should be charged for permitting accessibility to information? How can accessibility be provided for employees with disability? Who will be provided with the necessary equipments for accessing information?

There is a need to address these four types of issues so that the computer and information technology business operates in an ethical domain. We must ensure that information technology, and the information it handles, is used to enhance the dignity of mankind.

FAQs
1. What is cybernetics? Ans: Cybernetics is the science of communication and control within a biological, economic, or communication system. Cybernetics was developed by Professor Norbert Weiner during the 1940s and 1950s. The concepts of cybernetics led Weiner to draw some remarkable ethical conclusions about the technology that is now called information and communication technology. In his view, the integration of computer technology into society would eventually constitute the remaking of society, which he termed as the second industrial revolution. 2. What are the three levels of computer ethics? Ans: Computer ethics questions can be raised and studied at various levels. Each level is vital to the overall goal of protecting and advancing human values. 1. 2. 3. The first level tries to sensitize people to the fact that computer technology has social and ethical consequences. The second level consists of someone who takes interest in computer ethics cases, collects examples, clarifies them, looks for similarities and differences, reads related works, attends relevant events to make preliminary assessments, and after comparing them, suggests possible analyses. The third level of computer ethics referred to as theoretical computer ethics applies scholarly theories from philosophy, social science, and law to computer ethics cases and concepts in order to deepen the understanding of issues.

3. What is meant by policy vacuums? Ans: Policy vacuum means lack of a policy, code, or a law to govern a particular process or an act. Computer ethics is a field that is often concerned with policy vacuums. The law or the policy often fails to keep pace with the fast changing technology related to computers and the Internet. This results in a policy gap or policy vacuum as no policy or law exists to guide or govern a specific action.

Computer Crimes
(Reference: Dubey & Partners Advocates India: Cyber Crimes an unlawful act where in the computer is either a tool or a target or both - In Indian Legal Perspective) Some of the examples of computer crimes are: CyberStalking: Refers to repeated acts of harassment or threatening behavior of the cyber criminal towards the victim by using Internet services. Stalking often includes following the victim in chat rooms, making harassing phone (Web/computer) calls, etc.

Cybersquatting: Cybersquatting refers to obtaining a domain name in order to seek payment from the owner of the trademark, (including business name, trade name, or brand name), and may include typosquatting (where one letter is different). Data Diddling: This kind of an attack involves altering the raw data just before a computer processes it and then changing it back after the processing is completed. The New Delhi Municipal Corporation (NDMC) Electricity Billing Fraud Case that took place in 1996 is a typical example of data diddling. The computer network was used for receipt and accounting of electricity bills by NDMC, Delhi. Collection of money, computerized accounting, record maintenance, and remittance in the bank were exclusively left to a private contractor who was a computer professional. He misappropriated huge amount of funds by manipulating data files to show less receipts and bank remittances. Cyber Defamation: Cyber defamation occurs when defamation takes place with the help of computers and/or the Internet. Any derogatory statement that is designed to injure a person's business or reputation constitutes cyber defamation. Defamation can be accomplished as libel or slander. For example, someone publishes defamatory matter about a person or organization on a website or sends an e-mail message containing defamatory information to all of that persons friends. Trojan Attack: A Trojan is an unauthorized program that runs from the computer of a user. Though unauthorized, a Trojan appears to be an authorized program and the user remains unaware about the true nature of this program. Forgery: Counterfeit currency notes, postage and revenue stamps, and mark sheets, etc. can be forged by using sophisticated computers, printers, and scanners. It is very difficult to control such attacks. For example, some people make fake degrees of reputed universities and sell them to gullible students. Financial Crimes: This includes cheating, credit card frauds, and money laundering. Such crimes are punishable under the Indian Penal Code (IPC) and the Information Technology (IT) Act. A leading bank in India was cheated to the extent of 1.39 crores due to misappropriation of funds by manipulation of computer records regarding debit and credit accounts. Internet Time theft: This connotes the usage of Internet hours by an unauthorized person. This kind of cyber crime is unheard until the victim reports it. This offence is usually covered under IPC and the Indian Telegraph Act. Virus/worm Attack: A virus is a program that attaches itself to a computer or a file and then circulates to other files and to other computers on a network. Viruses usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses, do not need the software/file to attach themselves. They merely make functional copies of themselves and do this repeatedly until they eat up all the available space on a computer's memory. E-mail Spoofing: It is a kind of e-mail that appears to originate from one source although it has actually been sent from another source. This act is committed to defame a person or for monetary gain. For example, A sends an e-mail message to Bs friends containing ill about him by spoofing Bs e-mail address. This can result in the souring of relations between B and his friends. E-mail Bombing: E-mail bombing means sending large amount of mails to the victim as a result of which the victims account or mail server crashes. The victims can be individuals, organizations, or the e-mail service providers. Salami Attack: This is basically related to finance and, therefore, the main victims of this crime are the financial institutions. This attack has a unique quality that the alteration is so insignificant that in a single case it would go completely unnoticed. For example, a bank employee inserts a programme whereby a meager sum of Rupees 3 is deducted from customers account. Such a small amount will rarely be noticed. Web Jacking: This term has been taken from the word hijacking. After a website is web-jacked, the owner of the site looses all control over it. The person hacker responsible for this act may even alter or destroy any information on the site.

Cyber Crime
The Cambridge dictionary defines cyber crime as crimes committed with the use of computers or relating to computers, especially through the Internet. Universally, cyber crime is understood as "an unlawful act wherein the computer is either a tool or a target or both. Cyber crimes are different from

conventional crimes. Here, the crime is committed in an electronic medium and the element of mens rea (intention to cause harm) is that the offender must have been aware at the time of causing the computer to perform the function that the access, thus intended to be secured, was unauthorized. The IT Act of India labels the following acts as cyber crimes: Tampering with computer source documents Hacking with a computer system Publishing information that is obscene in the electronic form Child pornography Publishing information that is obscene in an electronic form (subsequent offence) Failure to assist in decryption of information Securing or attempting to secure access to a protected system Misrepresentation of facts or identity Breach of confidentiality and privacy Publishing false digital signature certificates Publishing digital signature certificates for fraudulent purposes

Employee Monitoring: A Social and Ethical Issue at Workplace


Employee monitoring refers to tracking the actions of an employee. How much of such monitoring should be considered ethical and what should be treated as private information is a major issue that needs to be addressed. For example, the employer can monitor the data entry process, indulge in phone tracking, and even track personal e-mail, web surfing, and voice mail. This can be done by keystroke records, which can be used to determine if quotas are met or employee is on task. The employer can also track phone calls and record voice mail data to determine customer satisfaction and proper use of phone resources. Many times, employees are given magnetic badges that track the movement of the employee in the organization. Even going to the restroom is tracked. The global positioning system, which is often used by transport companies, can track the vehicles and the employees driving speed and driving habits. Often, employee monitoring is useful to find crucial business information when the employee is not available. It is also used to protect proprietary information and to prevent or investigate possible criminal activities. Employee monitoring also help reduce personal use of employers facilities and checks for violations of company policy. It is also useful while investigating complaints of employee harassment, and checks for illegal software. However, keeping a strict monitoring creates lack of trust, reduces workforce productivity, and demotivates employees. What is important is to maintain an optimal balance as to how much and how far employee monitoring is ethical.

Data Mining
Data mining is the application of algorithmic methods for knowledge discovery in vast amounts of data. Many organizations track and capture information about their users, usage history, resources, and search patterns. Others may collect information about social status, capacity to spend, and educational qualification. These details may be sold to other organizations, which may analyze this data to strengthen marketing efforts of a third organization. Computer ethics dictate that these organizations must tell people how their information will be used when the data is obtained. For example, it may be ethical to use clinical profile data of patients undergoing treatment to diagnose and choose treatments for a medical problem. The data may be analyzed to see if a particular race or ethnicity is more prone to a specific medical problem. But analyzing the same data to decline medical insurance to the vulnerable race is unethical.

Whistle Blowing

There are situations, where the employee may feel the brunt of overt wrongdoing of the employer (that is, involving specific acts that are either illegal or immoral). Or there can be instances where the employee may suffer due to the negligence of the employer or any other employee. The employee may choose to disclose these actions or nonactions to the public. When the employee does so, it is termed as whistle blowing. Norman E Bowie, professor and philosopher, (1982) defines whistle-blowing as "the act of an employee informing the public on the immoral or illegal behavior of an employee or supervisor." Sissela Bok, writer and philosopher (1997) defines whistle blowing as an act in which one "makes revelations meant to call attention to negligence, abuses, or dangers that threaten the public interest." Is it right to blow the whistle, or does it destroy the employer-employee trust, what should be the right time to blow the whistle? All these are ethical and social questions that need to be addressed by computer ethics experts. For example, one could argue that failing to blow the whistle in the Enron case resulted in thousands of individuals losing their retirement savings.

Computers and Privacy: Issue of Matching


Computer data mining or computer matching can violate our informational privacy (control of information about ourselves) by serving as the means for the construction of databases about our income, purchasing habits, religious and political affiliations, and maybe even sexual preferences. This is often done through matching, in which apparently unrelated information from several sources is put in a single data bank. For example, your credit and employment records, criminal or traffic violations, and other records can be combined into a composite picture. Defenders of matching say that the merged or comprehensive files do not contain any new information. But those against it say that this is a case where the whole is greater than the sum of its parts. It is an invasion of privacy.

Privacy Versus Social Utility


James Rachels, a member of the philosophy faculty at UAB, argued that informational privacy is necessary in order to control the intimacy of our relationships with others. Computers can give relative strangers the kind of information you would want only your closest friends to have. The advocates of rights-based approach, our rights to be presumed innocent until proven guilty, should be respected. Many think computer matching or data mining violates this right. Matching identifies (among other things) people who might be guilty of wrongdoing before there is any evidence against them.

International Legal Instruments Governing Intellectual Property Rights


The importance of intellectual property in India is well established at all levels: statutory, administrative, and judicial. India ratified the agreement establishing the World Trade Organisation (WTO). This agreement contains an Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS), which came into force from 1st January 1995. It lays down minimum standards for protection and enforcement of intellectual property rights in member countries, which are required to promote effective and adequate protection of intellectual property rights with a view to reducing distortions and impediments to international trade. The obligations under the TRIPS Agreement relate to provisions of minimum standard of protection within the member countries legal systems and practices. Reference (http://patentoffice.nic.in/) The agreement provides for norms and standards in respect of the following areas of intellectual property: Copyrights and related rights Trademarks Geographical indications Industrial designs Lay out designs of integrated circuits Protection of undisclosed information (trade secrets) Patents Plant varieties

Solutions to Chapter Two Questions


1. Examine the social and ethical issues arising out of the presence of computers in the workplace. Ans. The social and ethical issues that can arise out of the presence of computers in the workplace are: Task Automation: At workplace, computers have become universal tools that can in principle perform any task and hence pose a threat to jobs. They are far more efficient than humans in performing many tasks. Therefore, economic incentives to replace humans with computerized devices are very high. In the industrialized world, many workers doing jobs as bank tellers, autoworkers, telephone operators, typists, and graphic artists, have already been replaced by computers. Even professionals like medical doctors, lawyers, teachers, accountants, and psychologists are finding that computers can perform many traditional duties performed by workers and professionals. On the other hand, the computer industry has generated a wide range of new jobs in the form of hardware engineers, software engineers, system analysts, webmasters, information technology teachers, and computer sales clerks. Even when a job is not eliminated by computers, the job profile could be radically altered. An airplane pilot may be assisted by computers to make choice about the best landing times and air corridor selection. So, job gains and losses are to be viewed in the context of the society we live in. Health and Safety: Another workplace issue concerns health and safety. Often radiation from machines, repetitive injuries, and posture related problems are common at computer dominated workplaces. Another concern is poisonous non biodegradable computer waste, which is causing a major threat to the environment. When information technology is introduced into the work place, it is important to consider the likely impact upon health and job satisfaction of workers who will use it. The advent of stress in the workplace due to the introduction of computers is becoming more and more evident. Employee Monitoring: Another major concern is the employee monitoring or surveillance by the organizations using sophisticated computer driven technology. Some amount of monitoring may be vital for protecting the interest of the employer and to increase productivity, but excess of such surveillance can becomes unethical.

2. Discuss the impact of globalization on computer ethics. Ans. The fast pace of globalization and creation of global and cyber markets, has given computing a new meaning. Bynum and Rogerson (1996) have suggested the use of the expression "Global Information Ethics" to describe the impact of globalization on computers ethics. Others (see van den Hoven, Introna, Johnson, and Nissenbaum, 1999) have used the expression "Information Communications Technology Ethics" or ICT Ethics to attempt to capture the convergence of information-related and communications-related ethical issues in a global context. Global networks like the Internet and especially the World Wide Web (WWW) are connecting people all over the globe. Efforts are on to develop mutually agreeable standards of conduct and efforts to advance and defend human values. Globalization has led to the discussion of the following issues: Global Laws: Over 200 countries are already interconnected by the Internet. Given this situation, what is the effect and impact of the law of one particular country on the rest of the world? Issues regarding freedom of speech, protection of intellectual property, invasion of privacy vary from country to country. The framing of common laws pertaining to such issues to ensure compliance by all the countries is one of the foremost questions being debated. Global Cyber Business: Technology is growing rapidly to enable electronic privacy and security on the Internet to safely conduct international business transactions. With such advanced technology in place, there will be a rapid expansion of global cyber business. Nations with a technological infrastructure already in place will enjoy rapid economic growth, while the rest of the world will lag behind. This disparity in levels of technology will fuel political and economic fallout, which could further widen the gap between the rich and the poor.

Global Education: Inexpensive access to the global information net for the rich and the poor alike is necessary for everyone. However the impact of this sudden and global education on different communities, cultures, and religious practices is likely to be profound. The impact on lesser known universities would be felt as older well-established universities begin offering degrees and knowledge modules over the Internet.

FAQs
1. What is the principal purpose of copyright laws? Ans: The basic purpose of the copyright law is to extend protection to the work of an author of original work against the unauthorized appropriation of that work by others. 2. How long does a copyright protection last? Ans: The copyright protection lasts for the period provided by national law of the country to which the owner of the copyright resides. However, according to the Berne convention, the minimum period for which the right vests with the owner of the work is 50 years. This term is calculated from the end of the years of the authors work. However, nowadays, most countries are prolonging this period and for countries of the European economic area and in the United States, the term has already been extended to 70 years from the end of the year in which the author died. 3. What is the basic purpose of granting patent rights? Ans: Patent rights provide a reward for the creation and development of an invention. Patent protection encourages creativity and promotes development of new and innovative products, which are useful for the public. 4. Are there things that cannot be patented? Ans: Things that are usually not patentable are things that exist in nature, which are discovered and not invented. For example, a new river or a new land discovered cannot be patented. 5. What is the name of the oldest international convention concerning copyright? Ans: The Berne Convention is the oldest international convention governing copyright. Berne convention was the first convention that defined the term 'literary and artistic works', and is still the basis of all copyright laws.

Mens Rea
Mens rea in Latin means defendants mind. It refers to a state of (guilty) mind of the accused at the time when the actus reas (or the act of the crime) is committed. To prove a person guilty of criminal offence (in most cases, except strict liability cases), it is essential that mens rea and actus reas (guilty act) must exist at the same time. For example, if dacoits loot a bank, they know that their act will deprive the rightful owner of the money stolen from the bank.

Digital Divide

Digital divide is an expression that was used by government advisor, Dr. Simon Moores, in a 1996, BBC television interview. The digital divide is the socio-economic difference between communities in their access to computers and the Internet. The term also refers to gaps between groups in their ability to use Information and Communications Technologies (ICT) effectively, due to differing literacy and technical skills, and the gap in availability of quality and useful digital content. The divide is seen as a social/political problem. It became an issue among concerned parties such as scholars, policy makers, and advocacy groups, in the late 1990s. Reference (Wikipedia en.wikipedia.org/wiki/Digital_divide.htm) The problem of digital divide is often discussed in an international context. It highlights how certain developed countries are far more equipped to reap the benefits of the Internet than other developing countries. It is said that today is the age of information. The person who has information is the most powerful. However, this digital divide, can potentially keep the societies and populations away from current and updated information. This can impact their livelihood options, keep them away from good jobs, and deprive them of the chance to participate and contribute in the affairs of the national and international society. For some sections of the population, technology brings the promise of inclusion, opportunity and wealth, for others, greater isolation and increased poverty. Some of the factors that can contribute to access (or lack thereof) to computers and information systems include whether the country is a developed, developing, or an underdeveloped country. The individual wealth, age, gender, ethnic background, and socio-political situation of the country are also important in defining the access to computers. The net activists stress the need to make the Internet and computer technology accessible to all. On the other hand, critics say there is no point spending huge money to make the Internet reach a population who has no significant potential use for it. In India, we believe that the Internet and computer technology should be accessible to all, even in rural and remote villages. India has been able to bring down this digital divide because of: User friendly polices, making Internet reach villages by setting up Internet kiosks Public-private partnerships to connect the entire country Easier to use technology Women entering the computer domain Schools and families allowing web access

Netiquettes
Professor Deborah G. Johnson of University of Virginia in 1997 suggested that there are three general ethical principles that promote acceptable behavior in the virtual society. These are: Know the rules of the online forums being used and adhere to them Respect the privacy and property rights of others Do not deceive, defame, or harass others

It is often helpful to clearly define and categorize the kinds of behavioral issues that parents and educators must deal with when their children or students go online. The following is a preliminary classification system of these issues: Respect for Property: Respect for property issues include system security issues, such as computer hacking, and respect for intellectual property rights, such as copyrights. Respect for Territory and Privacy: Respect for territory and privacy issues also include system security issues as well as the dissemination and/or gathering of private information. Respect for Others and Common Courtesy: Respect for others involves respectful communication and the avoidance of irresponsible speech. Irresponsible speech includes defamation, harassment, flaming /abusive language, and spamming. A related problem is the use of e-mail forgery to disguise the source of the irresponsible speech. Respect for Institution: If an organization takes an Internet account for a specific purpose, then the account should be used only for that defined purpose only. This builds up respect for the organizational values. The activities that are permitted through a particular Internet account may be

restricted due to the source or institution providing that account, such as limited purpose accounts provided by educational institutions and business or government employers. Respect for Self: Respect for self issues include those activities that generally do not have an impact on others but can be injurious to the self, such as addiction, personal safety, and "garbage" activities, such as unnecessarily spending time on online gaming or auction sites, or visiting websites that display adult material. Often addiction to such sites is a common phenomenon.

Reference (Moral Development in the Information Age by Nancy Willard, University of Oregon College of Education) Some simple guidelines to online civil behavior are as follows: In general, do not waste other people's time, be disruptive, or threaten. Do not take up network storage space with large, unnecessary files. These should be downloaded. Do not look at other people's files or use other systems without permission. When joining a bulletin board or discussion group, check the Frequently Asked Questions (FAQ) file before asking questions. Remember that online communications lack the nuances of tone, facial expression, and body language. Write clearly. Try to spell correctly and use good grammar. Add emoticons. Emoticons are online means to express gestures and emotions. Do not SHOUT needlessly. Capital letters are the online equivalent of shouting. Use asterisks to give emphasis, but do so *sparingly*. Sign messages and include an e-mail address when writing to strangers, just in case a message's header is lost. Personal attacks or complaints are called flaming. Be discriminate. Flaming can turn into flame wars and disrupt discussion groups. People who become too obnoxious can be banned from a system or simply ignored. A "kill file" will automatically erase messages sent from a person who has become intolerable.

Reference (Margaret Lynch, Department of Geography, University of Texas, Austin, 1994)

Deontological Ethics
The German philosopher Immanuel Kant formulated the famous deontological theory. He advocated that particular kinds of acts, which are inconsistent with the status of a person as a free and rational being, are morally wrong. These tasks should not be carried out under any circumstances whatsoever. Conversely, if any task furthers the status of people as free and rational beings, the task must be carried out, under any circumstances whatsoever. Deontological moral systems are characterized primarily by a focus upon adherence to independent moral rules or duties. Thus, in order to make the correct moral choices, we simply have to understand what our moral duties are, and what correct rules exist, which regulate those duties. When we follow our duty, we are behaving morally. When we fail to follow our duty, we are behaving immorally.

Teleological Ethics
The word teleology comes from the Greek word telos, which means end, and logos, which means science. Thus, teleology is the "science of ends." Teleological theory puts emphasis on the consequences of actions. Therefore, they are also referred to as consequentalist moral systems. To make correct moral choices, one has to imagine and understand the probable consequence of an action (or non action). The results of an action should dictate the choices of a person. When one makes choices, which result in the correct consequences, then the actions are moral actions. If the results bring about incorrect or inappropriate consequences, then one has acted immorally.

Types of Problematic Behavior


There are a number of problematic behaviors possible at the work place. These include mistakes (deliberate or honest mistakes), unethical behavior, noncompliance, and misconduct. Because the systems

for dealing with misconduct have become more formalized, increasing attention has been given to the definition of misconduct. Many times the categories overlap and several gray areas exist. It is often difficult to compartmentalize the problematic behaviors because of the increasing difficulty of differentiating between innocent mistakes, dubious professional behavior, and misconduct. (Reference: Scientific Ethics By Patricia A. Bolton) In general, we can classify problematic behavior into the following categories: Honest mistakes: Human beings can make inadvertent mistakes of various kinds during design, scripting, logging, data entry, and so forth. Errors in interpretation of information or data might also fall into the category of honest mistakes. Honest errors and errors resulting from the careless or causal execution of work can be corrected if the mistake is discovered by the relevant entities or the reviewers. However, it is desired that these mistakes are not replicated or repeated. Unethical behavior: Norms in the scientific community define acceptable and unacceptable practices. Teich and Frankel (1992:4) provide examples of behaviors that are not condoned but are in gray areas: Examples of such behavior include:

Improprieties of authorship, such as duplicate publication of a single set of research results or fractional publication Gift or honorary authorship Incomplete citation of previously published work Bias in peer review of proposals or manuscripts

Skewed selection of data or results to hide or disguise observations that do not fit the authors conclusions. Noncompliance with legal or contractual requirements: Noncompliance generally refers to failures to follow practices dictated by law. Noncompliance with such requirements may expose an employee/employer or an institution to legal sanctions. There are a number of regulatory requirements associated with information technology, scientific work, and research work. Professionals are accountable to institutional review committees on scientific or research topics and generally need approval for their work that can affect the public, nation, or the national security. In addition, the work may prove to be potentially dangerous and can affect the lives of many. For example, in case of scientific research, handling of dangerous materials is regulated. Research in recombinant DNA is also regulated. Data encryption is regulated in transfer of information by using the Internet. In addition, some research contracts may require the research institution to have stringent procedures for protecting data and information. This is particularly true for organizations involved in applied research and technology development or persons who conduct research in classified areas such as national security. Deliberate deceit (scientific misconduct): In general, deliberate deceit is the central defining criterion for scientific misconduct, with erroneous information resulting from a deliberate attempt to be dishonest. Dishonesty can occur in the form of forged or fabricated data, falsified or invented results, and plagiarism. Of course, only the outcome of such behavior, and not an individuals motives, can be observed in most instances. So a scientist or a professional being accused of such behavior may claim it was an innocent mistake rather than intentional dishonesty. Careful investigation of the record of research often provides the basis for distinguishing between deliberate deceit and other, less serious errors.

The National Academy of Sciences (NAS, NAE, and IOM 1992) classifies misconduct into three broad categories: Professional Misconduct (such as bad mentoring and authorship disputes), General Misconduct (such as embezzlement and sexual harassment), and Research Misconduct (such as creating a software loaded with intentional bugs or taking an inappropriate sample size). Sources of these problematic behaviors vary from carelessness to deliberate attempts to misleading the audience. Theoretically, many are correctable by self-regulation.

Solutions to Chapter Three Questions


1. Discuss the distinct features of the Internet. Ans.

The Internet has three distinct features: Global Scope: The Internet has a global reach. Internet technology has much broader scope and access than conventional modes of communications and data retrieval. With little effort, a user can reach hundreds and thousands of individuals around the globe. The ability to reach many people quickly and easily is not exactly new or unique compared to radio or television communication. But the significant difference between the Internet and television and radio is that in the case of radio and television, communication is in most cases one way whereas in the case of Internet it is interactive. It is this interactivity, which is the unique characteristic of the Internet. Not just interactivity, customizability, easy usability, and accessibility are also distinct features of Internet. Anonymity: The second important feature of the Internet is that it provides a certain kind of anonymity. On the Internet, individuals have the possibility of creating a different profile, ensuring that information about them cannot be traced while in communication with others on the Internet. It is a silent feature of Internet communication and people can deliberately avoid seeing or hearing one another directly. Anonymity makes accountability for ones action difficult to achieve and tends to diminish trust in the information that is being exchanged. The feature of anonymity has also facilitated the development of virtual information. The open and anonymous nature of communications on the web, has led to the development of software with stealth to gather information intelligently. An inference is made from information gathered without our knowledge or consent, which is termed as virtual information. This type of information adds information to a persons profile and tends to redefine a persons digital persona. This is an invasion of ones virtual privacy. Reproducibility: The third feature is not just a feature of the Internet, but of information technology in general. Electronic information exists in the form that makes it easy to copy without any loss of originality or value in the process of reproduction. Copied data or software is perfectly usable. Copied data or software leaves no evidence behind and the creator/owner of the data or software could remain unaware of their work being copied. Reproducibility facilitates anonymity.

2. What are the fundamental conceptions regarding the evaluation of individual actions? Ans. In the history of moral philosophy, two fundamentally different and mutually exclusive conceptions of the moral evaluation of individual actions are prevalent: One approach or school of thought believes that it is important to examine an issue under independently justified principles of what one considers being right. The idea here is to follow the principles that articulate what is morally right irrespective of the consequences. This is referred to as deontological approach. In this approach, one starts out with one or more moral principles and see how they apply to particular cases. The other school of thought believes that it is important to look for the course of action that maximizes the good. This approach involves determining which action yields the best consequences measured in some standard of the good or morality. This approach referred to as teleological approach involves deciding on what is good for population. It also spells out what is wrong with actions that interfere with attempts to get it.

FAQs
1. What is teleological theory? Ans: Teleological approach involves framing what is good for users, and spells out what is wrong with actions that interfere with attempts to get it. What is good could be conceived of in terms of happiness, basic needs, shares of primary goods, desires etc. 2. Do you know how many Indians use the Internet?

Ans: According to Internetworldstats.com, by December 31, 2005, the total Internet users in India were about 50,600,000. This is approximately 4.5 percent of the Indian population. India features fourth in the top 20 countries with highest number of Internet, coming next only to United States, China, and Japan. According to the Internet and Online Association of India, the Indian Internet population is expected to grow to 100 million by 2007. 3. When was the Internet launched in India? Ans: The state-owned Videsh Sanchar Nigam Limited (VSNL) launched Internet services in India in August 1995. For the first four years, VSNL was the sole provider of Internet services in the country. In November 1998, the Government ended VSNLs monopoly and allowed provisioning of Internet Services by Private Operators. Reference (Internet Service Providers Association of India) Chapter Four A Professionals Code of Ethics

Criticisms of Ethical Codes


It has been argued by Ladd (1995) that ethical codes rest on a series of confusions that are both "intellectual and moral." His argument has three main points: Ethics is basically an "open-ended, reflective, and critical intellectual activity. Codes introduce confusions with respect to micro-ethics versus macro-ethics. Giving codes a disciplinary function makes them more like legal than ethical rules.

Some Strengths and Weaknesses of Professional Codes


The strengths and weaknesses of professional codes are summarized in the table below. Strengths Codes inspire the members of a profession to behave ethically. Codes guide the members of a profession in ethical choices. Codes educate the members of a profession about their professional obligations. Codes discipline members when they violate one or more of the codes directives. Codes sensitize members of a profession to ethical issues and alert them to ethical aspects they otherwise might overlook. Codes inform the public about the nature and roles of the profession. Codes enhance the image of a profession in the eyes of the public. Weaknesses Directives included in many codes tend to be too general and too vague. Codes are not always helpful when two or more directives conflict. A professional codes directives are never complete or exhaustive. Codes are ineffective in disciplinary matters. Codes do not help us distinguish between micro-ethics issues and macro-ethics issues. Directives in codes are sometimes inconsistent with one another. Codes can be self-serving for the profession. The codes can be formulated to meet the needs of only the professionals but not the public.

Strengths and Weaknesses of Professional Codes

Case of Killer Robot


Richard G. Epstein, Westchester University of Pennsylvania, Westchester wrote a case of Killer Robot and discussed the question of computer and software ethics through a series of articles. This fictitious scenario is used widely by the academia to teach elements of software engineering and computer ethics. The scenario consists of nine such fictitious articles, each one of which touches a specific issue in software engineering and computer ethics. The articles begin with the indictment for manslaughter of a programmer who wrote faulty code that caused the death of a robot operator. Over a series of articles, other facts and actions that contributed to the accident are revealed. The idea is to tell students that software development and computer ethics are social processes. The articles also touch upon programmer psychology, team dynamics, user interfaces, software process models, software testing, nature of requirements, software theft, and privacy. The articles also try to initiate a discussion as to when should a software program be called as good enough for commercial or intended usage. This scenario is about 70 pages long and includes some tongue-in-cheek humor. Reference (http://onlineethics.org/cases/robot/robot.html)

Ethical Decisions Theories


The code of ethics is based on three theories. These are: Utilitarianism theory: This theory considers ethical issues and its relationship to individuals. It purports that the decision making process should be based on analysis in terms of maximizing the benefits to maximum number of people. In other words, make a decision based on what benefits the most number of people. The principle behind the theory is termed as "the greater good of the most people". Pluralism theory: This theory believes there are two options in an ethical issue, right and wrong. Pluralism theory emphasizes that everyone has a duty to make just decisions. One must make ethical decisions based on their duty, and never break away from the decision-making duty. Pluralism theory promotes that no one should ever lie. If you have a duty to speak the truth, you should. Rights-based theory: This theory supposes that everyone has rights and these rights must be respected. Individual and group decisions must be based on respecting individual rights. This is the most novel theory and is widely popular.

Ethical Guidelines for Computer Professionals


There are professional codes for computer professionals developed by professional bodies such as Association for Computing Machinery (ACM) and Electrical and Electronics Engineers Computer Society (IEEE CS). One such example is Software Engineering Code of Ethics and Professional Practice. Ethical behaviors expected of the computer professional include: Honesty and fairness Respect for confidentiality Maintaining professional competence Understanding relevant laws Respecting and protecting personal privacy Avoiding harm to others Respecting property rights

Some additional guidelines for computer professionals, as laid down by Sara Baase of San Diego State University, include: Understand Success: Understand what success meansdevelopers (especially) and users of computer systems must see beyond simply writing code to complete a task. Design for Real Users: To provide useful systems, real users must be included in the design stage. Thorough Planning and Scheduling: Pay attention to detailsdo a thorough and careful job when planning and scheduling a project and when writing bids.

Test With Real Users: To provide safe systems, real users must be included in the testing stage. Evaluate Re-use of Software: Do not assume that the existing software is safe and re-usable. Candidness: Be open and honest about capabilities, safety, and limitations of the software. Protect - Require a convincing case for safety.

(Source: A Gift of Fire: Social, Legal, and Ethical Issues for Computers and the Internet (2nd Edition) by Sara Baase, San Diego State University)

Solutions to Chapter Four Questions


1. How do professional codes address issues from the viewpoint of computing profession? Ans. The code of ethics provides a basis to address issues from the viewpoint of the computing profession. These codes address issues from the viewpoint of computing profession by imposing three levels of ethical obligations, which are to be followed by the professionals: The first level is a set of ethical values, such as integrity and justice, which professionals share with other human beings by virtue of their shared humanity. Code statements at this level are statements of aspiration that provide vision and objectives. The second level obliges professionals to more challenging obligations than those required at the first level. At the second level, by virtue of their role as professionals and their special skills, they owe a higher degree of care to those affected by their work. Every type of professional shares this second level of ethical obligation. Code statements at this level express the obligations of all professionals and professional attitudes. They do not describe specific behavior details, but they clearly indicate professional responsibilities. The third level comprises several obligations that derive directly from elements unique to the particular professional practice. Code elements at this level assert more specific behavioral responsibilities that are more closely related to the state of art within the particular profession. The range of statements is from more general aspirational statement to specific and measurable requirements. Professional code of ethics needs to address all three of these levels.

2. How is a professional code categorized? Ans. Professional code can be categorized into: Code of Ethics: Code of ethics is more aspirational. They are mission statements emphasizing the professional objectives and vision. Code of Conduct: Code of conduct is more oriented towards the professionals attitude. They do not describe in detail how to carry out a particular action, bur they make clear the issues at stake in different specialized fields. Code of Practice: Code of practice on the other hand fixes some accepted state of art (Berleur, 1996) and relate to current operational activities.

FAQs
1. What is Mom Test? Ans: Several informal guidelines have been devised to help computer professionals make ethical decisions. Mom Test is one such informal guideline or test. It helps quickly evaluate a situation in an attempt to resolve an ethical dilemma. Mom Test asks you to think if you would be able to tell your mother what you did? If yes, the decision may be ethical. If no, the decision is definitely unethical. For example, if one uploads pornographic material on the university website or writes a piece in vulgar language, will the person be comfortable telling his/her mother (or some other persons he/she respects) about the act or will hide it from her (them).

2. What is Other Persons Shoe Test? Ans: This is also an informal test, the answers of which can be answered by you, without disclosing them to any one. This test asks you to imagine the consequences of the actions, if the roles are reversed. It asks you to imagine that you are in the other persons shoe. Now would you be happy if the act were done to you? If you would not want the role reversal to happen or feel the brunt of consequences, then there is probably something wrong in your decision or act. 3. What is cyber-terrorism? Ans: Cyber-terrorism is the use of computing resources to intimidate or coerce others. An example of cyber-terrorism could be hacking into a hospital computer system and changing someone's medicine prescription to a lethal dosage as an act of revenge. 4. What is Denial of Service (DoS) attack? Ans: DoS attack is an act by the criminal, who floods the bandwidth of the victims network or fills his e-mail box with spam mail depriving him of the services he is entitled to access or provide. In short, DoS attack is a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like Virus, new DoS attacks are constantly being dreamed up by Hacker. Reference (Cyber Crime Investigation Cell, Mumbai http://www.cybercellmumbai.com/ cyber-crimes/denial-of-service-attack)

Solutions to Chapter Five Questions


1. E-Commerce is the new mantra of business. Explain. Ans. E-Commerce is the use of the Internet to buy and sell goods and services. E-Commerce is changing the way in which organizations do business, resulting in streamlined purchasing processes and lowering the cost of transacting business for both large and small companies. E-Business helps in improving the way the business is conducted with the government, customers, and other businesses. E-mail can be used in businesses to communicate with suppliers. It can also be used for responding and receiving the customer queries. For example, e-mail can be used to accept orders from the customers. The customers can also make the payments online and get the information regarding the products available along with their price. Internet can also be used by businesses for managing their records and they can make use of electronic bookkeeping. An on-line banking service is another area, which can be used by the businesses. These services can be used for funds transfer, payroll management, and electronic bill payment. 2. Describe the nature and features of the Internet. Ans. A network of networks is called as an Internet. In this the computers systems are connected with each other in a local area network. They are also connected to computers on a national and International scale. The fiber-optic cable, twisted - pair copper wire, microwave transmission, or other communication

medias are used for connecting each node, which is a part of the web. A set of rules is followed when the computers on the web communicate with each other. These rules are called as Internet Protocols. In this type of communication, the Internet acts as a packet switched network. The data that needs to be transmitted is broken down into smaller packets. The address of the final destination is attached with the packets. These packets may follow different route from computer to computer until their final destination. At the final destination the recipient machine reassembles the packets. The links available in the Internet can be used by the Internet users to retrieve various types of information. When the user sends a request, the request is forwarded to the remote server where the addressee is housed. In case the information supplied is right, a response is send back and the user is bale to retrieve the information that they can access. Different types of information such as graphics, sound and animated text can be retrieved with the use of Internet. 3. Discuss the impact of the information technology revolution on society. Ans. The amazing growth of information technology has implications for every aspect of society. So far there is little research that reveals how technology has and will continue to change the dynamics of society and the nonprofit sector. Following point elaborate how information technology affects various sections of society: The nonprofit sector is experiencing an organizational version of the "digital divide"-the technology gap between large and small nonprofits. Hardware, software, and technical assistance are not enough to close the divide; strategic planning and staff time are also essential. The true impact the Internet will have on society is in "building community," bringing together groups of citizens, who are united by shared values working for the public good, often spanning international lines. Organizations that use technology well are usually marked by strong support from the executive director, support from the board, and the presence of a "key user" staff person. The Internet enables an organization to strengthen relationships with its current audiences as it enables targeted, fast, and consistent communication. It can also enable nonprofits to reach out to new audiences through effective use of search engines and "viral marketing". Strategic use of technology is likely to require long-term collaborations with for-profit and nonprofit partners.

Technology can be used to mobilize people globally around a common cause to achieve world-changing results far beyond the promise of enabling nonprofit organizations to perform important functions, such as fundraising and recruiting volunteers more effectively. 4. There is no nexus between cyber space and real space. Comment. Ans. There is the difference between the business rules for online commerce and carrying business in the real space. Much of this difference comes from Internet's telepresence features. This feature renders the network technologically indifferent to physical location. The network is very insensitive to geography. It is not possible to determine the physical location of a user or a resource. In real space, locating a person or entity with which business is interacting is much easier. In the cyberspace to know the location of the partners with whom you are interacting is very difficult to know. In some instances, even an Internet address tells something only about the location of a given machine. There is no way to find the information about the actual user.

FAQs
1. How does the cyberspace impact the society? Ans:

Cyberspace has evolved as a place for leisure and educational activities and it is also the focal point for many new forms of social interaction. The greatest impact of cyberspace on the society relates to it being the site of a "new industrial revolution" in terms of commercial activity, work patterns and the development, manufacture and consumption of many new virtual products such as software, information and visual imagery etc. 2. Why is cyberspace looked upon as a legal nightmare? Ans: The characteristics of the internet that have enabled the "industrial revolution", for example, its instantaneity of the internet and its lack of respect for borders, also challenge traditional forms of legal regulation. In addition, as information technology rapidly shapes our private, public and commercial lives, it creates some interesting new challenges for the law and its enforcement. In short, cyberspace has the potential to be a legal nightmare.

Solutions to Chapter Six Questions


1. Explain the different sources of law. Ans. There are three main sources of law, namely, legislation, common law and custom. Legislation is the formal enactment of law by the legislature created or authorized by the Constitution. It constitutes the process of codification or legislative enactment. It consists of written laws, as contrasted with the judge made law or common law. Common law comprises the body of principles. It is a body of law that develops and derives through judicial decisions, as distinguished from legislative enactments. Judicial decisions become a source of law by reason of the practice of courts, of accepting "precedent" as a source of law, that is, the established judicial practice that a court must follow the law laid down by a decision of the higher judiciary in the country or state. Custom denotes a usage or practice of the people which by common adoption and acquiescence and by long and unvarying habit, has become compulsory and has acquired the force of law with respect to the place or subject matter to which it relates. Legislation and common law can operate in any sphere of human activity, while the operation of custom is generally restricted to a particular locality, group or family. 2. Discuss the significance of legislation. Ans. There are three main sources of law, namely, legislation, case law and custom. "Legislation" is the formal enactment of law by the legislature created or authorized by the Constitution. Significance of Legislation: Legislation is the foundation of democratic polity. The legislature provides the following functions: The legislature can legislate in advance. Judges cannot do so. The legislature can make a law on any subject within its competence. But judges can deal with a subject, only when the point arises before them. The legislature (both of parliament, state or even local self Government) can (subject to constitutional limitations) override the law laid down by the courts, on a particular point (though, because of the doctrine of separation of powers, the legislature cannot reverse or modify the actual decision rendered by the court in a particular case). Legislation is the most fertile source of law. Subject to limitations flowing from the constitutional doctrine, that matters of policy cannot be delegated, the legislature can vest a subordinate authority with power to make rules, orders, etc. A legislative enactment is not subject to appeal; and the law enacted by it cannot be reversed, by a higher authority (though it can be declared to be void, if it is unconstitutional).

3. Distinguish between the different branches of law. Ans. Branches of Law: The common law system could be categorized in various ways. At a fundamental level it could be categorized as substantive law and procedural law. Substantive law is one, which recognizes, defines and confers rights on the parties. Whereas procedural law focuses on procedure to be followed to give effect to the predetermined rights, duties and obligations both outside and inside the courts of law. Similarly, another categorization is civil and criminal laws. One more criterion for divisions could be connected with the impact and coverage of the particular rule of law. When it relates to public domain, it becomes "public law". E.g. laws like constitution law, administrative law and criminal law are construed as public laws. When it concerns individuals, it is labeled as "private law". E.g. the Indian Contract Act, 1872. 4. What is common law? How does it differ from codified law? Ans. Common law or uncodified law is the law flowing from judicial decisions. E.g. the process of dispute resolution or adjudication of liability by either village elders or people holding power through the process of issuing commands has received social acceptance. The uncodified law governs large segment of the legal regime. The judgment pronounced by an organ of the higher judiciary performs at least two important functions: For the immediate parties, the judgment becomes a source, rights and duties. For the world, it becomes a source of law, it happens to deal with a legal proposition - and to make a definite pronouncement on the subject.

It is different from codified law because codified laws are made formally by a law making body of people, where as common laws have their enunciations through decisions of courts. 5. Explain how 'custom' is a source of law. Ans. Custom (as a source of law) denotes a usage or practice of the people, which by common adoption and acquiescence and by long and unvarying habit, has become compulsory and has acquired the force of law with respect to the place or subject matter to which it relates. Legislation and common law can operate in any sphere of human activity, while the operation of custom is generally restricted to a particular locality, group or family.

FAQs
1. What procedure should be followed in order to ascertain the law on a particular subject? Ans: The principal sources of law in India, in the order of importance are: The Constitution The laws made by Parliament and the various state legislatures The rules made by the Central and the State Government and the notifications and Regulations by various other authorities like the SEBI, Municipal Committees etc The decisions of the courts especially that of the High Courts and the Supreme Court on the point

The search for a law on any topic should start by a search for the existence of a law on the subject e.g. to examine whether there exists a law on Copyright, one needs to see if there is a statute on the copyright. Once you have found the enactment, the next stage is to check whether a judicial decision clarifies the ambit of the statute in case of any problems in the interpretation or application of the statute in the fact situations of your case.

Cyber Law
Cyber law is a new phenomenon having emerged much after the onset of Internet. The evolution of the Internet did not happen in a much planned manner. The consequences of the Internet were also not predicted beforehand. As the numbers of the Internet users are increasing phenomenally, cyberspace has become very important. With the increasing popularity of cyberspace, taking care of various legal issues also became very important. Therefore, to take care of these legal issues, CYBERLAW was introduced. A highly specialized branch of law called CYBERLAWS-LAWS OF THE INTERNET AND THE WWW was developed with the growth of the Cyberspace. Cyber laws are the laws defined for taking care of the various legal and regulatory aspects of Internet and the WWW.

Solutions to Chapter Seven Questions


1. State and discuss the primary assumptions of a legal system. Ans. Following are the primary assumptions of a legal system: Sovereignty: Law making power is a matter of sovereign prerogative. As a result, the writ of sovereign authority runs throughout wherever sovereign power exercises authority. Beyond its authority, the sovereign cannot regulate a subject matter through legal intervention. Territorial Enforcement: Any law in real world context can only be subjected to predetermined territorial enforcements. There are some exceptions to this. The sovereign authority could join extra territorial jurisdiction in case of criminal law. This indicates that the sovereign authority can initiate prosecution, even if the crime is committed beyond the limits of the territory. The proceedings must comply with the principle of 'double criminality', that is in both the countries, the alleged act of commission must have been criminalized. Notion of property: The obtaining premise of the legal response considers 'property' as tangible and physical. In the cyber context, 'property' in the form of digitized services or goods poses serious challenges to this legal understanding. Also that the 'domain names' raise fundamental questions. Paper-based transaction: Obtaining legal response considers and encourages people to create and constitute legally binding relationships on the basis of paper- based transactions. Although the word document under law takes within its fold material other than paper also. Since in cyber context, digital or electronic record forms the basis of electronic transactions. Hence, the transactions are on the basis of electronic records. Real relationships: Legal response considers relationships quite often. In view of connectivity, pace and accuracy as to transmission, in the cyber context, these relationships acquire unique distinction of virtual character. In case of trade and commerce, commercial transaction in the form of contracts constitutes the foundation of legal relationship.

FAQs
1. Why are the Cyber laws required? Ans: Millions of people use the Internet every day to send and receive mails, access information, or conduct business. However, this includes thousands who log on to the Internet and misuse it in order to steal information, steal money, damage external networks or websites, or indulge in other illegal activities. Cyber laws are required to protect the genuine users of the Internet from those who use it to serve their malafide intentions. 2. Has the Cyber laws evolved since its conception? Ans:

Yes, Cyber laws have constantly evolved since its conception. Depending on the new opportunities and the challenges that the cyberspace has to face, the Cyber laws are being updated. The various issues that have creped in with the growth of the Internet such as, giving appropriate domain name, proper use of e-commerce, issues pertaining to Cyber crime, financial inconsistencies occurred due to Online banking, and so on are being taken care with the help of the Cyber laws.

Cyber Crime
Cyber crime is a generic term that refers to all criminal activities done using the medium of computers, the Internet, cyber space and the worldwide web. There isn't really a fixed definition for cyber crime. The Indian Law has not given any definition to the term 'cyber crime'. In fact, the Indian Penal Code does not use the term 'cyber crime' at any point even after its amendment by the Information Technology Act, 2000 in the Indian Cyber law. We all talk about the various wonders that Internet has done but there are certain contentious issues that have come up with the Internet. One such issue is an impediment to the proliferation of e-commerce. There are certain arguments that have developed to make the Internet a tax-free, and a regulation-free zone. Therefore, to make proper online contracts has become very important. When a contract is laid down, it needs to be governed by the rules of the country or territory where it was entered into. The rights and the obligations of an individual are determined by the laws of the jurisdiction. Even in the cases where the intellectual-property rights are infringed, the jurisdiction for pursuing legal remedies will be conducted at the place where such infringement has happened. In most other cases, the traditional principles specified in the section 20 of the Civil Procedure Code are abided with. These principles state that either you can plead for jurisdiction in the place where the infringement has happened or the person against whom you want to take an action resides.

Solutions to Chapter Eight Questions


1. Discuss the current forms of computer crime. Ans. The misuse of computers began in the year 1960. Later with the rapid growth of telecommunications dissemination of harmful contents, such as pornography and other communication offences in computer networks arose. The modus operandi does not follow a continuous path. It constantly adapts to new technologies. Hence, the computer crimes can be analyzed under the following broad categories: Privacy infringement: The personal rights of the citizens are endangered with the collection, transmission, and storage of the personal data. Therefore, in the data processing area, the protection of privacy needs to be considered. A balance needs to be maintained between the privacy interests of data subjects concerned and the economic freedom of the holders of personal data. Economic offences: The economic crimes are considered as the central area of computer crime. Hacking, fraudulent manipulation of the computer data is some of the economic offences related to computers. Computer hacking: The greatest risk that the information technology business faces today is the security of information in terms of integrity, availability, and confidentiality. Stories about website defacements, credit card frauds, non-availability of web and application servers, and new virus attacks are common. These defacements are done by hackers and this process is called as hacking. Software piracy and other forms of product piracy: This includes illegal access of computer programs. It also includes copying the softwares of the individuals to gather more information.

2. Discuss the classification of crimes under the IT Act, 2000. Ans. While considering the general terrain of cyber law, as of now, the following acts are construed as cyber crimes in the IT Act, 2000: Without permission of the authorized user Accessing or securing access to such computer, computer system or computer network

Downloading, copying or extracting any data or information for such computer, computer system or computer network including information or data held or stored on any removable storage medium Introducing any computer virus or contaminant in the computer, computer system or network Damaging the computer, computer system or network Disrupting the working of the computer, computer system or network Disrupting the access of the computer, computer system or network of an authorized user Providing assistance to ensure unauthorized access to the computer, computer system or network Tampering with computer source documents Hacking with computer system Publishing of information, which is obscene in electronic form Carrying on activities that are not in compliance with the provisions of the Act Failure to extend all facilities and technical assistance to the Controller to decrypt any information necessary for the security of the nation Unauthorized access or attempt to secure unauthorized access to a system that by official notification is declared a protected system

FAQs
1. What is Cyber crime? Ans: When Internet was developed, the founding fathers of Internet hardly had any inclination that Internet could also be misused for criminal activities. Today, there are many disturbing things happening in cyberspace. Cyber crime refers to all the activities done with criminal intent in cyberspace. These could be either the criminal activities in the conventional sense or could be activities, newly evolved with the growth of the new medium. Because of the anonymous nature of the Internet, it is possible to engage into a variety of criminal activities with impunity and people with intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal activities in cyberspace. The field of Cyber crime is just emerging and new forms of criminal activities in cyberspace are coming to the forefront with the passing of each new day. 2. What are the various categories of Cyber crimes? Ans: Cyber crimes can be basically divided into 3 major categories being Cyber crimes against persons, property and Government. 3. What are Cyber crimes against property? Ans: The second category of Cyber crimes is that of Cyber crimes against all forms of property. These crimes include unauthorized computer trespassing through cyberspace, computer vandalism, transmission of harmful programs, and unauthorized possession of computerized information. 4. Is hacking a Cyber crime? Ans: Hacking and cracking are amongst the gravest Cyber crimes known till date. It is a dreadful feeling to know that a stranger has broken into your computer system without your knowledge and consent and has tampered with precious confidential data and information. Coupled with this, the actuality is that no computer system in the world is hacking proof. It is unanimously agreed that any and every system in the world can be hacked. The recent DoS attacks seen over the popular commercial sites like E-bay, Yahoo, Amazon and others are a new category of Cyber crimes, which are slowly emerging as

being extremely dangerous. Using one's own programming abilities as also various programs with malicious intent to gain unauthorized access to a computer or network are very serious crimes. Similarly, the creation and dissemination of harmful computer programs or virus that do irreparable damage to computer systems is another kind of Cyber crime. Software piracy is also another distinct kind of Cyber crime that is perpetuated by many people online who distribute illegal and unauthorized pirated copies of software.

Additional Inputs
The following section provides some extra inputs on the important topics covered in the SG.

Contract
Contract is an agreement enforceable by law. We enter into contracts everyday. Some of these are made consciously and others are not. Contracts confer legal rights on one party and legal obligations on others. Law of contract is covered in 75 sections of Indian Contract Act, 1872. However, the code is not exhaustive and is applicable only to legally enforceable contracts. Also, it does not cover the contracts governed by the customs and usage. A contract is enforceable if there is an intention to create a contract, there is an offer and acceptance, a consideration is paid, the parties have the (legal) capacity to enter into contract, there is free consent of the parties, and the object of the agreement is not barred by law. A simple agreement differs from a contract because in a contract it is essential that there must be an intention to create a legal relationship. In an agreement, this precondition is not necessary and the aggrieved person may not be able to approach the court of law for redressal. The terms of the contract must be specific and not vague. In addition, the contract must be capable of being performed. An agreement that cannot be performed is not a contract. A contract must have a valid object. If the object of the contract itself is unlawful, or the consideration to be paid is unlawful, the contract cannot be enforced in the court. Also, a contract must not be expressly declared to be void (and should not fall under the mischief of Section 23-30).

Classifying Contracts
Contracts can be classified according to: Validity or enforceability: A contract is valid if it has all the components of a contract. If any of the ingredients are absent the contract becomes void, illegal, unenforceable, or void able.

Voidable: A voidable contract is a contract, which can be repudiated (disclaimed, not accepted), at the will of one of the parties, but until it is repudiated, it remains valid and binding. If the contract was entered into on the basis of simple misrepresentation, fraud, coercion (compulsion, force), or undue influence, the contract can be repudiated by the aggrieved party. Void: Section 2 (i) states that a contract, which is not enforceable by any of the parties, is void. Such agreement is void ab initio and is without any legal effect. A contract, which ceases to be enforceable by law, becomes void. Examples of void contracts are: Section 20 Agreements entered into through a mutual mistake of parties Section 23 Agreements whose object or consideration is unlawful Section 21 Agreements whose object or consideration is unlawful partly Section 25 Agreements made without consideration Section 26 Agreements in restrain of marriage Section 27 Agreements in restrain of trade Section 28 Agreements in restrain of legal proceedings Section 29 Uncertain agreement Section 30 Wagering agreement Section 56 Impossible agreement Agreement to enter into future agreement

Illegal: An illegal agreement is one in which the consideration or the object: Is forbidden by law Defeats the purpose of any law Is fraudulent (deceptive, fake) Involves or implies injury to another person or property Is opposed to public policy Is immoral

Unenforceable: This type of contract is not void or voidable, but rather unenforceable in the court because it lacks one or more of the essential element of evidence such as reducing the contract into writing, or stamping or registration. These conditions may be specified for the formation of agreement but may not have been practiced. However, if it is expressly provided by the agreement, that the contract shall be in writing and shall be signed by both parties, then the same shall be required to make it a valid contract. In addition, where the statute lays down that the contract shall be in writing, then the same must be reduced to writing in order to make it enforceable. If the defect is cured, the contract may become enforceable. Mode of Formation

Express Contract: When the terms of the contract are stated orally or put down in writing, it is called as expressed contract. Implied Contract: When the terms of the contract are inferred from the conduct of the parties or from the circumstances of the case, it is called as implied contract. Quasi Contract: Sometimes the law imposes obligations on one of the contracting parties, irrespective of the agreement. These are called quasi contracts. Executed: A contract that is performed in total and no condition remains undone. Executory: A contract in which something remains to be done. When an executory contract is fully performed, it becomes an executed contract. Unilateral: A contract in which only one of the party has the obligation to contract at the conclusion of the contract. Bilateral: These are contracts in which both the parties must do or abstain from doing a particular act.

Performance

Revocation of Proposal and Acceptance


Every agreement begins with an offer. A person makes a proposal and when this proposal is accepted it becomes a promise (which is a legally enforceable contract). However, there are situations where the proposal or the acceptance needs to be revoked or cancelled. Section 5 of the Indian Contract Act deals with the law for the revocation of proposal and acceptance. A proposal may be revoked at any time before the communication of its acceptance is complete as against the proposer, but not afterwards. Similarly, an acceptance may be revoked at any time before the communication of the acceptance is complete as against the acceptor, but not afterwards. For example, a proposal may be revoked at any time before its acceptance is posted, but not afterwards. Secondly, revocation of proposal must reach the offeree before its acceptance. In case of an auction sale, a bid may be withdrawn at any time before the fall of the hammer, but not afterwards. Where a proposal is to be accepted within a fixed time, it can be revoked even before the expiry of that time. The proposer is at liberty to revoke the proposal at any time before the expiry of the acceptance. A proposal is revoked by: By Notice of Revocation: A notice of revocation is effective only when it reaches the offeree before he posts his acceptance. By Lapse of Time: When a time is prescribed, the proposal if not accepted, lapses. If no time is prescribed, then the offer must be accepted in a reasonable time.

By Failure to Fulfill Condition Precedent: If the condition precedent is not fulfilled, the proposal lapses, if it is accepted before fulfilling that condition. By Death or Insanity of the Proposer: By the death or insanity of the proposer, if the fact of his death or insanity comes to the knowledge of the acceptor, before acceptance. English Law: An offer is revoked by the death or insanity of the offeror without any qualification as to the notice to the offeree. By Refusal or Counter Offer: A proposal comes to end after it is rejected by the offeree. Making of a counter offer also amounts to rejection of the original offer. Both are not covered under section 6.

The Indian Law and the English law differ on revocation of acceptance. According to Indian law, an acceptance may be revoked at any time before the acceptance reaches proposer. Time gap between posting and receiving can be used to revoke the acceptance. On the contrary, according to English law the contract is concluded when the letter of acceptance is posted. Such an acceptance is binding on both the acceptor and the proposer.

Click-Wrap Agreements and Shrink-Wrap Agreements


Click-wrap agreements are usually displayed on websites in the form of I Agree. Normally, the user/party after going through the terms and conditions of the agreement (a contract enforceable by law) provided in the website or program, indicates the assent to the same, by way of clicking the I Agree icon or decline the same by clicking the "I Disagree" icon. Shrink-wrap agreements, on the other hand, are usually associated with software programs. The terms and conditions of the software usage are generally printed on the CD ROMs. A user/party opens the shrink wrapping of the CD ROM only after accepting the terms and conditions given on the CD Cover/wrapping. Some additional terms and conditions are also imposed in such licenses, which normally appear on the screen when the CD is accessed to install the software.

Solutions to Chapter Nine Questions


1. Discus the essentials of a valid contract. Ans. The essentials of a valid contract are: Intention with which the contract is created: The intention to create a contract should be clear otherwise, it will be treated as invalid. Offer and acceptance: A contract ceases to exist without an offer. An acceptance will be deemed to be complete when both the parties are in conscience with each other. Consideration: A consideration may consist sometimes in the doing of a requested act, and sometimes in the making of a promise by the offeree. Consideration is not required for a promise to compensate, wholly or in part, a person who has already voluntarily done something for the promisor or something, which the promisor was legally compellable to do. It is also not required for a written and signed promise by the debtor (or his duly authorized agent) to pay a time-barred debt to the creditor. Capacity to enter into contract: A person can enter into a contract only after he has attained an age of majority and is not debarred by law for doing any unlawful activity. Free consent of the parties: When consent is attained by fraud or misrepresentation, the agreement can become void at the consent of the party who was forced to enter into such an agreement. Lawful object of the agreement: If the consideration or an object is unlawful, the agreement will be treated as void.

2. What are the remedies for the breach of a contract? Ans. The principal remedies for the breach of contract are:

Damages: The party who has broken the contract needs to pay compensation for any loss or damage that has occurred to the party with whom such a contract was entered into. Specific performance of the contract: In certain cases, the court directs against the party in default for the "specific performance" of the contract. This means that the party will be asked to perform the obligations that he needs to perform according to the contract. Injunction: An injunction is a preventive relief and is granted at the discretion of the court. The discretion of the court is not arbitrary but is guided by judicial principles. A further check on the discretion is the provision for correction through an appeal in a higher court.

FAQs
1. What is the result of a minor entering into a contract? Ans: Contracts made by minor are void ab initio. That is these contracts cannot be enforced on the parties with whom you have entered into a contract. These contracts cannot be endorsed by a minor even after he or she attains the age of majority. In such a case, a fresh contract can be created after the minor attains the age of majority with the same party and on the same objects. 2. What is the difference between a general and a specific offer? Ans: An offer made to a specific person is called as a specific offer. Only the person to whom such offer is made is entitled to accept it. Whereas, an offer made to the public is called as a general offer. In case of general offer, the contract is only made with a person who accepts the offer. For example, Carlill Vs Carbolic Smoke Ball Co. 3. If an e-mail consists of an offer, in this case can an e-mail acknowledgment or a read and received receipt of an e-mail be considered as an acceptance of offer? Ans: No, an e-mail acknowledgement or a read and received receipt of an e-mail cannot by itself, be considered as an acceptance of an offer. The other person will be abided by it only if the receipt or acknowledgement conveys an acceptance explicitly. 4. If a machine or a system given an automatic acceptance, will it be considered valid? Ans: Yes, if a machine or a system given an automatic acceptance, it will be considered valid.

Cyber Privacy
The issue of privacy on the Internet has generated a lot of debate and controversy. On one hand, it is necessary for the authorities to indulge in surveillance in order to keep cyber crime in control. The same surveillance affects the privacy of millions of the people who use the Internet every day. However, privacy is extremely important to all individuals, organizations, and nations. Unfortunately, the Indian judiciary has not laid down specific laws regarding cyber privacy. Currently, the judiciary can only interpret privacy in accordance with the existing regulations. As per Article 21 of the Indian constitution, the right to privacy is an integral part of the fundamental right to life. The Information Technology Bill of 1999 has ignored the issue of privacy except for section 71, which says that any person who secures access to any electronic record, book, register, correspondence, information, document, or other material without the consent of the concerned persons and discloses the same to any other person will be punished for upto two years of imprisonment, or fined upto Rs. 1 lac, or both. Today, several individuals and organizations collect information regarding the surfing habits of Internet users and sell the same to interested companies for a tidy sum of money. Hundreds of websites are

hacked and information is stolen and then sold to interested parties. Every day, individual users have to deal with the nuisance of dealing with unsolicited e-mail. All the entities - Individuals, organizations, and the government - need to contribute in the fight to curb cyber crime and at the same time respect the privacy. The government and the judiciary need to frame comprehensive laws related to privacy immediately. Organizations must frame rules regarding collection and use of the collected information. If individual Internet users are asked to volunteer information, they must be told how and why the collected information will be used, what type of information will be shared with whom, and what type of information will not be shared. All websites that collect information must protect it by using all means possible.

Solutions to Chapter Ten Questions


1. Discuss the policy approaches to privacy issues. Ans. The policy regime pertaining to protection of privacy concerns is premised upon the following three approaches: Market approach: This approach rejects extrinsic legal enforcement and takes within its fold self regulatory mechanisms, which would enable the market players to employ or adopt. It does not talk about tangible consumer remedies. Human rights approach: This approach recognizes rights to information and the related attribute of privacy as a human right. Contract approach: This recognizes contract model. This model premises on the ground that in a given context the privacy concerns are better protected if the concern is treated as terms and conditions of the contract. Hence, the contract imposes an obligation on the parties to protect the privacy concerns. In the event of breach the contract itself provides for contractual remedies.

2. Explain the essentials of P3P platform. Ans. P3P aims at providing a simple, automated way for users to gain more control over the use of personal information on websites they browse. P3P is a standardized set of multiple-choice questions about the website's privacy policies. Online customers can answer these questions to select the way their personal information will be handled by the service provider. This snapshot could be read by P3P enabled browsers and set according to the set of privacy preferences of the consumer. P3P not only provides facilitating environment for the consumer to decide, negotiate and firm up the contractual relationship, but also recognizes nine aspects of online privacy. The first five aspects deal with (a) who is collecting this data? (b) Exactly what information is being collected? (c) for what purposes? (d) which information is being shared with others? (e) and who are these recipients? The remaining four aspects focus on the site's internal privacy policies. They include (a) can users make changes in how their data is used? (b) how are disputes resolved? (c) what is the policy for retaining data? (d) and where can be detailed policies found in human readable form? P3P is software to negotiate privacy agreements between websites and online visitors. It is a kind of social technology that involves not merely technology but also active participation of human beings.

FAQs
1. What is meant by P3P? Ans: P3P is a standard that helps in automating the way the users can access the personal information on the websites they visit. It is a set of multiple-choice questions, covering all the main aspects of a website's privacy policies. The information is made available in a standard, machine-readable format. The users control is enhanced by putting the privacy policies in a format that users can understand.

2. How are the privacy policies for embedded content addressed by P3P? Ans: HTML pages contain hyperlinks to other resources. These resources can be embedded directly in a page, such as images, sounds, layers or frames. Thus, in order to render the page, user agents need to make additional requests that might or might not be covered by the policy in effect for the page that is currently laid out. It is usually not apparent to users when web pages may be covered by multiple privacy policies. However, a P3P user agent can detect when different policies apply to different objects on a page, and can fetch and review each of these policies.

Information Technology Act, 2000


Information Technology Act, 2000 provides legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies. The basic objective of IT Act is to promote the use of electronic documents and digital signatures in the commercial world as a means of enhancing the security of e-business transactions. Section 3: Digital signature is a digest of the message that is further encrypted for added privacy and security. In the electronic world digital signatures replaces conventional signatures. Private key and public key are major components of a digital signature system. The sender of electronic document for encrypting the message uses Private key. Recipient uses senders public key for decrypting the same. Subject to the provisions of this section any subscriber may authenticate an electronic record by affixing his digital signature. Sections 14 to 16: SECURE ELECTRONIC RECORDS AND SECURE DIGITAL SIGNATURES A record shall be deemed to be a secure electronic record from such point of time to the time of verification if any security procedure has been applied to an electronic record at that specific point of time. The digital signature is secure if it is: Unique to the subscriber affixing it. Capable of identifying such subscriber. Created in a manner or using a means under the exclusive control of the subscriber and is linked to the electronic record to which it relates in such a manner that if the electronic record was altered the digital signature would be invalidated.

Solutions to Chapter Eleven Questions


1. What are the evidentiary presumptions of a secured electronic document? Explain the process of encryption and decryption of data. Ans. An electronic document is said to be secure where any security procedure has been applied to the electronic document at a specific point of time. Such a document is deemed to be secure till the time of verification. But there is no presumption about the integrity and authenticity of the electronic record. To create a legally bound electronic document is technologically complex. A legally enforceable electronic document must pass the test of authentication, non-repudiation, confidentiality, and information integrity during transmission or storage. The key element in the authentication of a paper-based document is the signature of the contracting persons. Likewise an electronic signature is the key in an electronic record. The equivalent electronic signature is referred to as digital signature. A digital signature is to identify the sender of the electronic record, authenticate the originator of the message and to certify that the message could not have been tampered with during the course of its transmission. The process of making the information unintelligible to the unauthorized reader is known as encryption of data. The process of making the information readable once again is known as decryption of data. The science of Cryptography is made up of encryption and decryption. There are two types of Cryptographic systems - symmetric and asymmetric. The symmetric Crypto system consists of both the sender and the

receiver having access and sharing a common 'Key' to encrypt or decrypt a message. The asymmetric Crypto system is a more a secure system. This system uses two keys. The originator of the document keeps one of the keys known as the 'Private key' and the other key is sent to the recipient of the message. The recipient affixes the digital signature when he uses the public key to open the message sent to him. Thus the combination of the Public Key and the Private Key provide both confidentiality and authentication, which enables for secure electronic transmission. 2. Explain the term digital signature. What is a digital signature certificate? Ans. Digital Signature: The IT Act states that where any law provides that information shall be in writing or in printed form, the requirement is deemed to be satisfied if such information is in an electronic form and is accessible for subsequent reference. The key ingredients of the formation of electronic contracts comprise communication of offer and acceptance by electronic means, verification of the source of the communication, authentication of the time and place of dispatch and finally the verifiability of the receipt of the data communication. A 'digital signature' may be affixed to authenticate an electronic record. The digital signature serves to satisfy the legal requirement of affixing of a signature in a written or printed document. The Central Government has the power to make rules about the type of digital signature, the manner and format of digital certificate that shall be affixed, control process and procedures to ensure adequate integrity, security and confidentiality of electronic records and payments. Digital Signature Certificate: It certifies the identity of the subscriber and implies his acceptance of the provisions of this act and the rules and regulations contained therein. The certificate is issued only on the following grounds: The Certifying Authority being satisfied that the information contained in the application of certificate is accurate. The subscriber holds a Private Key capable of creating a Public Key. The Private Key corresponds to the Public Key to be listed in the Digital Signature Certificate. The Public Key to be listed in the certificate can be used to verify a digital signature affixed by the Private Key held by the subscriber.

But the certifying authority can revoke a digital signature certificate issued by it, if required.

FAQs
1. What are certificates? Ans: Certificates are structures that contain information such as a user's full name, electronic mail address, validity period, and public key. A message digest of the entire certificate is then created (using the SHA1 or MD-5 algorithm). This message digest is signed using the CA's private key to create a Message Authentication Code (MAC). This MAC can be verified by anyone possessing the CA's public key. 2. How do the digital signatures work? Ans: We would explain it with simple example of digitally signed e-mail. Suppose A and B wishes to correspond electronically. A wants to assure B that he originated the electronic message, and that its contents have not been tampered with. A can do so by signing the message with his digital signature. When A clicks on the digital signature option on his e-mail application, a mathematical formula known as a hash function is applied to the message. The message is converted it to a fixed-length string of characters called a "message digest". The digest acts as a "digital fingerprint" of the original message. If the original message is changed in any way, it will not produce the same message digest when the hash function is applied again. A's software then encrypts the message digest with his private key, producing a digital signature of the message. He transmits the message and digital signature to B.

B uses A's public key to decrypt the digital signature, revealing the message digest. Since only A's public key can decrypt the digital signature, he is able to verify that A was the sender of the message. To verify the message content, B's software applies the hash function to the message he received from A. The message digests should be identical. If they are, B knows the message has not been changed and he is assured of its integrity. 3. For what duration would the Digital Signature Certificate be available on the website? Ans: You can view the Digital Signature Certificate on the website up to seven years.

Information Technology Act 2000


Sections 43 to 47: PENALTIES AND ADJUD1CATION These sections deals with penalties to be imposed for damages to computers, computer systems etc. Section 43, which defines for the penalty for damages to computer systems resulting from illegal activities such as hacking, suggests up to Rs. One crore as penal damages. Under section 44, failure to present certain reports to controller or the certifying authority of the Cyber Appellate Tribunal could result in fines up to Rs. 150,000. Any delay in filing any return or furnishing any information, books or other documents within the time specified will result in fines of Rs. 5,000 per day, and Rs. 10,000 per day for repeat offence.

Solutions to Chapter Twelve Questions


1. What is meant by unauthorized access to a computer under the provisions of the IT Act, 2000? Ans. The IT Act defines unauthorized access by any person as acts done without the permission of the owner, which includes: Accessing or securing access to such computer, computer system or computer network Downloading, copying or extracting any data or information for such computer, computer system or computer network including information or data held or stored on any removable storage medium Introducing any computer virus or contaminant in the computer, computer system or network Damaging the computer, computer system or network Disrupting the working of the computer, computer system or network Disrupting the access of the computer, computer system or network to an authorized user Providing assistance to ensure unauthorized access to the computer, computer system or network The penalty to be paid by the person for unauthorized access by way of compensation not exceeding one crore rupees to the affected person

2. Discuss the ad judicatory processes incorporated in the Act. Ans. Ad judicatory Process: A reasonable opportunity is given to the person being charged with contravention of the Act by the adjudicating officer. When the adjudicating Officer is satisfied that there had been a contravention of the Act, he imposes such penalty or award compensation in accordance with the provisions of that section. While adjudging the quantum of compensation under this section the adjudicating officer shall take into consideration the amount of gain of unfair advantage wherever quantifiable made as a result of the default, the amount of loss caused to any person as a result of the default and the repetitive nature of the default. The adjudicating officer also has the powers of the Civil Court, which are conferred on the Cyber Appellate Tribunal.

FAQs
1. What do the sections 43 to 47 of the Information Technology Act deal with? Ans: Sections 43 to 47 of the Information Technology Act deal with penalties to be imposed for damages to computers, computer systems etc.

UNCITRAL Model Law on Electronic Commerce


With the advent of the information technology and growing use of online transactions, the member countries of the United Nations felt the need for uniformity of laws governing the cyber space. It was also becoming increasingly necessary to recognize the alternatives to paper-based methods of communications and storage of information. U.N. Commission on International Trade Law (UNCITRAL) took the lead and adopted a Model Law on Electronic Commerce in 1996. In 1997 the U.N. General Assembly recommended its members to give due consideration to this Model Law while enacting or revising their national laws. The Information Technology Act, 2000 is a sequel to this U.N. resolution. The statement of objects of UNCITRAL Model Law on Electronic Commerce states that it is based on the establishment of a functional equivalent for paper-based concepts such as "writing", "signature" and "original". This Model Law provides for equal legal validity to electronic communication and paper-based communication. The objectives of this Model Law are to facilitate rather than regulate electronic commerce and to adapt existing legal requirements to meet the needs of electronic commerce. By providing standards by which the legal value of electronic messages can be assessed, the Model Law plays a significant role in enhancing the use of paperless communication. The Model Law also contains rules for electronic commerce in specific areas, such as carriage of goods. The Model Law emphasizes that the term "commercial" should be given a wide interpretation so as to cover matters arising from all relationships of a commercial nature, whether contractual or not. Relationships of a commercial nature include, but are not limited to, the following transactions: any trade transaction for the supply or exchange of goods or services; distribution agreement; commercial representation or agency; factoring; leasing; construction of works; consulting; engineering; licensing; investment; financing; banking; insurance; exploitation agreement or concession; joint venture and other forms of industrial or business cooperation; carriage of goods or passengers by air, sea, rail or road.

Need for Amendments in Existing Legislations


The objects of the IT Act state that the purpose of the act is to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information. The second objective of the act is to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto. Such amendments in existing legislation were required to facilitate the implementation of the Information Technology Act. It was felt that unless such amendments are made, the existing legislations should serve as a barrier for IT Act and electronic commerce. Legal concepts based on the existence of a tangible medium of communication and authentication such as instrument, document, original, and signature needed to be redefined to give validity to the electronic transactions. Since the existing legislations such as the Indian Penal Code, Indian Evidence Act, Reserve Bank of India Act, and Bankers Books Evidence Act were enacted prior to the cyber revolution, in the existing form, these acts were unable to tackle issues related to 'electronic documents'. The basic purpose of the amendments in Indian Penal Code was to widen the scope of the term 'document' so as to bring within its ambit electronic documents. Similarly, in the Indian Evidence Act, the amendment brought electronic documents with in the ambit of the term 'evidence'. This means that electronic documents such as online contracts and e-mail transactions can now be produced in the court of law as evidence.

Similar changes in Banker's Books Evidence Act was to bring about change in the definition of "Banker's-book" to include printouts of data stored in a floppy, disc, tape or any other form of electromagnetic data storage device. Amendment also brought similar change in the expression "Certified-copy" to include such printouts within its purview. The Reserve Bank of India Act was amended to regulate transfer of funds through electronic means between the banks or between the banks and other financial institution.

FAQs
1. What is the meaning of the word 'commercial' as interpreted in the Information Technology Act? Ans: Information Technology Act of India is based on the UNCITRAL Model Law for Electronic Commerce. This Model Law lays down that the term "commercial", should be given a wide interpretation so as to cover matters arising from all relationships of a commercial nature, whether contractual or not. 2. What is UNCITRAL? Ans: UNCITRAL stands for United Nations Commission on International Trade Law. UNCITRAL was established by the General Assembly in 1966 (Resolution 2205(XXI) of 17 December 1966). The General Assembly gave the Commission the general mandate to further the progressive harmonization and unification of the law of international trade. The Commission has since come to be the core legal body of the United Nations system in the field of international trade law. 3. If a person commits a cyber crime outside India, such as fabricating a record, does the amended definition of 'evidence' and 'fabrication of record' will make him/her liable under the IT Act? Ans: Yes the person will be liable under the Information Technology Act as this act not only extends to the whole of India, but also applies to any offence or contravention committed outside India by any person. 4. Why it was necessary to introduce changes in the existing legislations along with the enactment of Information Technology Act? Ans: The earlier legislations that governed the commercial transactions were applicable only to paper documents. In view of the Information Technology Act, it was necessary that these legislations treat electronic documents and electronic transactions at par with paper documents and offline transactions. 5. What constitutes evidence and how electronic evidence is different from paper evidence? Ans: Under the Indian Evidence Act, 1872, two types of evidences are recognized, oral evidence and documentary evidence. The documentary evidences are classified as primary evidence and secondary evidence. Primary evidence is the 'original' paper or document where as secondary evidence is where the contents of the original will have to be proved or brought to the record. On the other hand, an electronic record is an original as well as in duplicate or it is primary as well as secondary evidence at the same time.