Professional Documents
Culture Documents
E Commerce Laws in India
E Commerce Laws in India
www.emeraldinsight.com/1754-243X.htm
E-commerce
laws in
India
265
1. Introduction
The emergence of e-commerce as a business technology[1] has fundamentally changed
the structure (Pastor and Alessandro, 2004) and environment of business, offering
businesses and customers a powerful channel and making it possible for these two
parties to come together in more efficient ways by creating new marketplace
(Sumanjeet, 2008a, b). E-commerce provides benefits in terms of providing information,
enhancing image, improving the business processes and improving the customer
services (Khatibi et al., 2003). Further, e-commerce significantly lowers purchase
transactions cost by eliminating the middleman in the distribution channels
(Gallaugher, 2002; Anderson et al., 1997; Bakos, 1991; Christersen et al., 1998; Benjamin
and Wignad, 1995). In some categories such as information services and digital
products, providers can decrease the financial cost of distribution to zero (Zhu
et al., 2002; Poon, 2000). Low cost and ease of use (Timmers, 1999; Kuhn and Skuterud,
2000) has resulted the widespread adoption, high degree of interconnectivity between
many parties (Shapiro and Varian, 1999). E-commerce allows businesses to target very
JEL classifications K2, K4, O33
While bearing full responsibility for any mistakes, the author wishes to thank Prof. L.N.
Dahiya; for reading the earlier versions of this paper and making a number of helpful comments
and constructive criticisms. However, the author is solely responsible for all remaining errors
and inadequacy.
IJLMA
52,4
266
Table I.
B2C e-commerce sales
in the select countries
(Asia Pacific region,
2006-2011)
Countries
2006
2007
2008
2009
2010
2011
Australia
Chinaa
India
Japan
South Korea
Asia-Pacific
9.5
2.4
0.8
36.8
9.6
59.1
13.6
3.8
1.2
43.7
10.9
73.3
20.4
6.4
1.9
56.6
12.4
97.7
26.4
11.1
2.8
69.9
14.0
124.1
28.7
16.9
4.1
80.0
15.9
145.5
31.1
24.1
5.6
90.0
17.9
168.7
Notes: Converted at average annual exchange rates (projected for future year): total B2C sales
include all purchase made on a retail website, regardless of device used to complete the transaction
(US Billion); online travel, event tickets and digital download sales; aexcludes Hong Kong
E-commerce
laws in
India
267
IJLMA
52,4
268
Electronic Governance and provides inter alia amongst others that where any law
provides that information or any other matter shall be in writing or in the typewritten
or printed form, then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied if such information or matter is:
rendered or made available in an electronic form; and accessible so as to be usable for a
subsequent reference.
3.1 Remarkable provisions of IT Act 2000
The Act provides for a Controller of Certifying Authorities (CCA) who shall perform
the functions of supervising the activities of certifying authorities as well as setting
standards and conditions governing the certifying authorities. The controller also
specifies the various forms and the content of digital signature certificates. The Act
acknowledges the need to recognize foreign certifying authorities (section 19) and it
further details the various provisions for granting the license to issue digital signature
certificates. As per Section 20 the Controller shall also keep a record of the public key
(the part of digital signature in public domain). The duties of subscribers are also
covered. The Act also covers penalties and adjudication for various types of offences
and mentions the power and qualifications for the adjudicating officer. A provision
foresees a Cyber-Regulations Appellate Tribunal where appeals against the orders
passed by Adjudicating Officers could be referred. The tribunal would not be bound by
the principles of the Code of Civil Procedure, but would follow the principles of natural
justice and have the same powers as a civil court. Any appeal against an order or
decision of the Cyber-Regulations Appellate Tribunal would be made to the High
Court. It covers various offences and stipulates that the investigation must be done by
a police officer only, and that officer should have the rank of deputy superintendent
of police (DSP) or higher. These offences include tampering with computer source
documents, publishing obscene information in electronic form, breach of
confidentiality and privacy, misrepresentation, publishing a digital signature
certificate that is false in certain particulars and publication for fraudulent purposes.
Hacking and penalties if found guilty have been defined in Section 66. For the first
time, punishment for hacking has been designated as a cyber crime. The Act also
provides for constituting the Cyber-Regulations Advisory Committee, which would
advise the government about any rules or other matter connected with the Act.
To make the e-commerce transactions safe and secure, the IT Act 2000 provides for
investigation, trial and punishment for certain offences (these offences are found in the
Chapter XI of the Act) like source code attacks (section 65), hacking[21] (section 66),
obscenity (section 67), failure to comply with controllers directions (section 68),
subscribers failure to controllers requirement for decryption (section 69), accessing
designated protected system (system 70), misrepresentation to CCA (section 71), breach
of privacy/confidentiality[22] (section 72), publishing false digital signature certificate
(section 73), making available digital signature for fraudulent purpose (section 74) and
section 75 of the IT Act 2000 deals with the offences or contravention committed outside
India which reads as: first, subject to the provision of sub-section (2), the provision of this
Act shall apply also to any offences or contravention committed outside Indian by any
person irrespective of his nationality; and second, for the purpose of sub-section (1) this
Act shall apply to an offence or contravention committed outside India by any person if
the act or conduct constituting the offence or contravention involves a computer,
computer system or computer networks located in India. The certifying authority can
suspend/revoke digital signature issued by it as given in Section 37 and 38. Further, the
E-commerce
laws in
India
269
IJLMA
52,4
270
Act states that the Controller can open an electronic document if in his opinion the
interests of the sovereignty and protection of the country or public interest are
jeopardized. The Controller can do this only by submitting a written statement to any
government agency, which in turn will take necessary steps to access the document. If
any person does not help him in this regard or obstructs him then that person may be
charged to a prison sentence of up to seven years (section 69).
Section 61 makes it clear that no court shall have jurisdiction to entertain any suit or
proceeding in respect of any matter which an adjudicating officer appointed under this
Act or the Cyber Appellate Tribunals constitute under this Act is empowered by or
under this Act to determine; no injunction shall be granted by any court or other
authority in respect of any action taken or to be taken in pursuance of any power
conferred by or under this Act. The judgment of the Tribunal can be challenged in the
High Court. The act has conferred power to: The CCA (Section 17-18), the Deputy and
Assistant CCA (Section 17 and 27), Licensed Certifying Authorities (Section, 31) and
Auditors (Rule 312), the Adjudicating Officer (Section 46), the Presiding Officer of the
Cyber Appellate Tribunals (Section 48-49), the Registrar of the Cyber Appellate
Tribunals (Section 56 and rule 263), Network Service Providers (Section 79) and Deputy
Superintendent of Police (Section 80). The Act shall apply to all circumstances and
types of transactions and documents other than specifically excepted in the clause 4
of Section 1 of the IT Act 2000. Nothing in this Act shall apply to:
.
a will as defined in Clause (h) of Section 2 of the Indian Succession Act, 1925
including any other testamentary disposition by whatever name called;
any contract for the sale or conveyance of immovable property or any interest in
such property; and
cyber theft[23], cyber stalking, cyber harassment and cyber defamation are
presently not covered under the Act[24];
jurisdiction problems are likely to arise as the act applies to both Indians and
foreign citizens;
the Act does not make any mention of payment mechanism for Indian companies
who will have to pay foreign companies for services/goods rendered;
the law is now covered under civil procedure, making the enforcement process
slow. This deters companies from approaching the cyber crime cell;
some definitions in the Act are vague[25] and can cause problems to the plaintiff;
the Act does not lay down parameters for its implementation;
the Act is also silent about issues of protection of consumers, e-taxation and right
to information;
section 75 of the Act is also problematic as it applies not to the Indian citizens but
even to the foreigners who contravene the provision of the Act with reference to
India;
there is also no provision in the IT Act 2000 for blocking of websites[27]; and
Abuse of chat rooms, cyber stalking, misappropriation and misuse of credit card
numbers are just a few of the many other loopholes which are still not addressed by IT
Act.
Added to these, the provision relating to powers of the DSP, to search and seizure
on the basis of reasonable doubt that an offence has been committed against this Act.
The width of the powers given leaves it opens for misuse and corruption. The section
is not only allowed for search but also provide the powers of arrest on the basis of
suspicions. Such wide powers regarding cyber crime have not been given to officers of
any other country in the world where Cyber Law is in place. The Act also makes only
limited number of offences as cognizable but the field of cyber law is facing newer
crimes and methods every day.
From the above discussion it is clear that the IT Act 2000 is not the end but only a
beginning to a plethora of legislation that still needs to be formed. It leaves various
issues untouched, some of them relating to intellectual property rights, data protection,
Consumer protection, taxation, etc. These issues are directly related with e-commerce.
No concrete regulations have also been formulated for cross border issues. As these
issues are of immense importance therefore the government decided to review the
Information Technology Act 2000. The result was the Information Technology
Amendment Bill 2006.
4. Amendment to the IT Act 2000
The Government of India proposed major amendments to IT Act 2000 in form of the
Information Technology (Amendment) Bill 2006. The Bill has since been passed in
the Parliament on December 23, 2008. The Bill has been renamed as Information
Technology (Amendment) Bill 2008[30] as it is not the 2006 Bill that has been approved
as it is but a totally different Bill has been approved by the Rajya Sabha and Lok
Sabha. The Bill as passed has many changes from the earlier draft indicated in
the previous paragraph and incorporates the recommendations made by the
Parliamentary Standing Committee. IT (amendment) Bill was signed into an Act {IT
(Amendment) Act 2008} by the President of India on February 5, 2009, through a
Gazette Notification. Government of India is now in the process of framing the rules
which are required under the amendments. On completion of this exercise, the date of
effect of the amendments would be notified.
The IT (Amendment) Act 2008 allows unrestricted monitoring of all electronic
communication, even for non-congnizable offences. The Act even went further than
E-commerce
laws in
India
271
IJLMA
52,4
272
section 66 introduces the pre condition of dishonesty and fraud to the current
section 66;
section 66 B[32] is new section added in the IT Act 2008 and this section cover
theft of computer, laptop, mobile phone and also information. It can also be
extended to theft of digital signals of TV transmission;
section 66 C is also added to the IT Act 2008 and this section covers password
theft which was earlier being covered under the section 66 of IT Act 2000;
section 66 D is again a new section which states that phishing[33] which was
earlier being covered under section 66 of IT Act 2000, will now also cover some
kinds of e-mail related offences including harassment;
section 66F is also a new section to cover cyber terrorism offence; and
section 67 covers child pornography, which was earlier covered under section 66
and provides some clarifications regarding Kamasautra type of literature.
To support the development of the cyber security infrastructure, the amendment has
been made by introducing section 2(nb)[35]. The term Cyber Security incorporates
both the physical security devices as well as the information stored therein. It also
covers protection from unauthorized access, use, disclose, disruption, modification
and destruction. Section 43 A[36] has been introduced to compensate for failure to
protect the data. The newly added section 43 (j) tries to expand the cases where
compensation can be claimed to cases of a person without the permission of the owner
of a computer, computer resource. Under section 67 C[37], a further responsibility has
been cast on intermediaries. Section 72 A has been added to protect data handled
under a contractual arrangement by the companies. This is an important provision
that will pull internet service providers, and management service providers (MSPs)[38]
and others who today think shirk from the responsibility of preserving information,
which would serve as evidence in case of cyber offences. Section 78, now inspectors can
undertake investigations of cyber crime under the Act. This means that it would not
only DSPs who need to be trained in IT Act 2000 but all the inspector of the State.
Privacy issue has been address by adding section 69 A[39] and 69 B[40]. Section 69
E-commerce
laws in
India
273
IJLMA
52,4
274
government may even call upon intermediaries to help it with decryption (Section.69 (3)).
Additionally, section 118 of the Indian Penal Code has been amended to recognize the use
of encryption[44] as a possible means of concealment of a design to commit [an] offence
punishable with death or imprisonment for life. Fifth, cheating by personation is not
defined, and it is not clear whether it refers to cheating as referred to under the Indian
Penal Code as conducted by communication devices, or whether it is creating a new
category of offence. In the latter case, it is not at all clear whether a restricted meaning
will be given to those words by the court such that only cases of phishing are penalized,
or whether other forms of anonymous communications or other kinds of disputes in
virtual worlds (like Second Life) will be brought under the meaning of personation and
cheating. Sixth, another problem is that the word transmit has only been defined for
section 66E. The phrase causes to be transmitted is used in sections 67, 67A and 67B.
That phrase, on the face of it, would include the recipient who initiates a transmission
along with the person from whose server the data is sent. While in India, traditionally the
person charged with obscenity is the person who produces and distributes the obscene
material, and not the consumer of such material. This new amendment might prove to be
a change in that position. Seventh, it is heartening to see that the section on child
pornography (section 67B) has been drafted with some degree of care. It talks only of
sexualized representations of actual children, and does not include fantasy play-acting
by adults, etc. From a plain reading of the section, it is unclear whether drawings
depicting children will also be deemed an offence under the section. Unfortunately, the
section covers everyone who performs the conducts outlined in the section, including
minors. A slight awkwardness is created by the age of children being defined in the
explanation to section 67B as older than the age of sexual consent. So a person who is
capable of having sex legally may not record such activity (even for private purposes)
until he or she turns 18.
It is also very strange about the IT Act 2008 that browsing or downloading
pornography on the internet even accidentally/unknowingly/unintentionally may send
anyone behind the bars for five years with a fine that may go up to Rs 10 lakhs, and the
term raised to seven years on second conviction. One of the most alarming aspects of
the Act is that it fails to put in place a safeguard mechanism that can prevent the state
from misusing this Act. Because the Act states that safeguards would be stipulated at a
later date, it would clamp down on civil liberties right away. The Act only says that
safeguards will be stipulated at a later date, which is clearly insufficient. Last but not
the least, IT Act 2008 is silent on the important issues like e-taxation, e-payment and
consumer protection.
5. Concluding remarks
Legal framework is necessary for the growth and development of new technologies like
e-commerce. As e-commerce has raised several legal issues, it has become important for
every nation to have e-commerce laws. In India, Information Technology Act deals with
the various issues related to e-commerce. In fact, the Act was passed to regulate the
activities related to e-commerce, e-governance and cyber offences. The Act has been
amended in 2008. When the Indian government thought of amending the IT Act 2000, ecommerce players and Indian IT industries including BPO thought that they would get a
improved version of IT Act 2008 that would address the problems of data theft, consumer
protection, security and privacy, spam, e-taxation and e-payment mechanisms, etc. A
Law that would prevent abuse by the Police as well as the executive. A Law that
addresses the issues arising out of Cyber Terrorism, Cyber Squatting, etc if they had
been omitted to be included earlier. But, the government has come with a legislation that
would reduced the punishment in most cases, reduces the power of police, providing
compounding at executive level even for criminal offences without consent of the victim,
makes it difficult to apply penal provisions, provides immunity from vicarious liabilities
for intermediaries against any law in the country. Further, according to amended Act
majority of the cyber crimes shall be bailable. Thus, the expectations of the nation for
effectively tackling cyber crime and stringently punishing cyber criminals have all been
let down by the extremely liberal amendments, given their soft corner and indulgence for
cyber criminals. It is also clear that the Act is much to regulate the cyber offences and egovernance activities not e-commerce activities as various issues related to e-commerce
has not been touched in the IT (Amendment) Act 2008. The Act does not create rebuttal
presumptions of confidentiality of trade secrets and information. In the absence of strong
protection of data theft and privacy nothing is left for Indian outsourcing industry.
Absence of an effective remedy for corporations is likely to further erode the confidence
of the Indian industries in the new e-commerce legal regime.
Weak and outdate regulations and weak enforcement mechanisms for protecting
networked information create an inhospitable environment in which to conduct ecommerce within a country and across the national boundaries. Inadequate legal
protection of digital information can create barriers to its exchange and stunt the
growth of e-commerce. As business expands globally, the need for strong and
consistent means to protect networked information will grow. E-commerce cannot be
implemented successfully within the present mental set up of government of India.
Indian government must appreciate that for safe and secure business environment on
the cyberspace, a sound legal framework is needed. The present IT Act is weak on
various fronts and in the absence of sound legal framework e-commerce cannot create a
success story in India. Therefore, there is strong need to introduce separate law for
e-commerce in India as the existing laws are incapable to deal with the various issues
and emerging problems in the age of e-commerce.
Notes
1. Electronic commerce (popularly know as e-commerce) is a subset of e-business, is the
purchasing, selling, and exchanging of goods and services over computer networks (such
as the internet) through which transactions or terms of sale are performed electronically.
Contrary to popular belief, e-commerce is not just on the web. In fact, e-commerce was
alive and well in business-to-business transactions before the web back in the 1970s via
EDI (electronic data interchange) through VANs (value-added networks). E-commerce
can be broken into four main categories: B2B, B2C, C2B and C2C.
2. India TV has won an internet domain case against a US-based firm with the Delhi
High Court restraining the latter from using a web address to broadcast Indian TV
programmes in its original form. In its petition, India TV had alleged that the internet
domain, indiatvlive.com, used by the US-based India Broadcast Live, was similar to its
trademark and that the plaintiffs had no legitimate right over the domain name. In an
interim order delivered by Justice S.K. Kaul in January, the US-based firm was
restrained from using any domain name containing the words India TV as also barred
from transferring the rights to any other entity. Now, in the final order this month, even
though the court has permitted the defendants to use the domain name, it has
nevertheless required a disclaimer to be placed prominently next to the logo of
Indiatvlive.com. The court said the disclaimer should read: The website has no
connection, affiliation or association whatsoever with India TV, the Indian Hindi news
and current affairs television channel. However, the defendants shifted to another
E-commerce
laws in
India
275
IJLMA
52,4
276
domain name indiabroadcastlive.com and the court has taken cognisance of the same.
The court observed that when the impugned domain name is typed, a redirection notice
says the website is not operational due to interim orders passed and visitors are
automatically redirected to indiabroadcastlive.com. Thus, the respondents have
rectified the position, Justice Kaul said in his order and added: In view of the
aforesaid, I do not deem it appropriate to proceed further with the petition and the
petition stands cancelled. The court also disallowed the defendants from proceeding
against India TV with a suit filed in the district courts in Arizona.
3. Briefly, the following issues arise for consideration:
.
Traditional source concepts were based on a strong connection between economic
activity and a specific location. Traditional residency concepts were based on
parameters such as personal and economic relations, physical presence and place of
effective control. These concepts were used as effective tools in allocating taxing
rights between various countries. As technological changes weaken the physical
nexus of business with a specific geographical point, what are the implications for
this concept? With whom lies the jurisdiction to tax?
.
A related issue is the constitution of a permanent establishment (PE). Are the
traditional principles of PE valid in the determination of the jurisdiction to tax? Can a
server or a server space constitute a PE for tax purposes?
.
How can income from transfer of technology over the internet be characterized? Does
it constitute business profits or royalties? Is there is an erosion of source taxation?
.
How can new technologies be used to improve the administration of taxes by
checking problems of tax evasion, identifications and audit trails of the transactions
and providing better services to taxpayers?
.
What would be the transfer pricing issues arising out of EC transactions?
.
What are the issues arising in relation to value added tax?
4. The Cyber Crime Investigation Cell (CCIC) of the Mumbai Police is currently conducting
investigations in a case of possible corporate data theft, in which a former employee of
a leading IT company illegally logged into the firms data network and stole sensitive
information by sending data files to his personal e-mail address. The company, which
provides market research, data collection, analytics and online marketing services to
global clients, has approached the police with a complaint that the suspected data thief is
about to join a rival company in Chennai, armed with sensitive information belonging to
his former employers.
5. Indian hackers always thought they were too sophisticated to fall into the hands of the
rough cops in this country, whom various human rights groups routinely accuse of
brutality. But that feeling evaporated after one of the four people arrested recently in
connection with a hacking incident accused Mumbai police of breaking his hand
during interrogation.
6. India ranked first for viruses and worms and second for Trojans and back doors,
which likely contributed to its high ranking in the Symantec metric that assesses the
countries or regions in which the most malicious activity takes place or originates.
China ranked first for aggregate malicious activity within the APJ region in 2008, as it
did in 2007. India increased its proportion of activity in almost every category, though
its rankings remained mostly constant. A factor that explains the prominence of India
in this metric is that internet cafes are still the most popular venue for its citizens to
access the internet, with 37 percent of the population using this method to go online.
7. The Delhi Police has recently registered Indias First Case of Cyberstalking. One Mrs.
Ritu Kohli complained to the police against the person who was using her identity to
chat over the internet at the website www.mirc.com, mostly in the Delhi channel for
four consecutive days. Mrs Kohli further complained that the person was chatting on
8.
9.
10.
11.
12.
13.
14.
15.
the net, using her name and giving her address and was talking obscene language. The
same person was also deliberately giving her telephone number to other chatters
encouraging them to call Ritu Kohli at odd hours. Consequently, Mrs Kohli received
almost 40 calls in three days mostly at odd hours from as far away as Kuwait, Cochin,
Bombay and Ahmedabad. The said calls created havoc in the personal life and mental
peace of Ritu Kohli who decided to report the matter.
In a case, the Minnesota Attorney General brought suit under the state consumer
protection statute alleging that the defendant, a Nevada resident, was liable for deceptive
trade practices, false advertising and consumer fraud on the internet by advertising that
gambling on the internet is legal even though the specific on-line gambling service
associated with the defendant was not yet operational. While the decision is limited to
the defendants unsuccessful argument that, as a Nevada resident, he was not subject to
personal jurisdiction by the Minnesota courts, it illustrates the extent to which consumer
protection laws are being used by the states to prosecute fraud even prospective fraud
on the internet. On October 31, 1998 the Minnesota Supreme Court agreed to review the
case. Minnesota vs Granite Gate Resorts, Inc., 569 N.W.2d 715(Mn. App. Ct. 1997).
E-commerce laws apply not only to websites, which are used for buying and selling
goods and services, but also to variety of information society services.
The Ministry of Commerce Government of India created the first draft of the legislation
following the UNO termed as E-Commerce Act, 1998. After the formation of a
separate ministry of Information Technology, the draft was taken over by the new
ministry which re-drafted the legislation as Information Technology Bill 1999. The
draft was placed in the Parliament in December 1999. The Act came into effect
following the clearance of the Information Technology Bill in May 2000 by both house
of the Parliament. The bill received the assent of the President of India in August 2000.
A lot of countries and organizations hurried to put into place a specific set of rules to
govern the e-commerce transactions, like the UN (United Nations), WTO (World Trade
Organisation) and the European Union, and individual countries. France issued its ecommerce law in 2000, the US issued its e-commerce law in 2001, Italy enacted its very
abbreviated and general e-commerce law in 1999 and Luxemburg in 2000. In the Arab
world, there are some countries which issued e-commerce laws in the past few years such
as Tunisia, which was the first Arab country to issue an e-commerce law in 2000, and
Jordan issued e-commerce law in 2001 and the Emirate of Dubai issued its code in 2002.
The purpose of the Model Law is to offer national legislators a set of internationally
acceptable rules to provide increased certainty as to the legal effect or validity of
electronic messages, and to create a more secure legal environment for e-commerce.
The Model Law also provides principles for parties engaged in e-commerce to follow in
drafting contracts.
Electronic records are defined in the ITAct U/s 2(1)(t) as electronic record means date,
record or data generated, image or sound stored, received or sent in an electronic form
or microfilm or computer generated microfiche.
The Act makes numerous amendments to the Indian Panel Code. By the virtue of
section 91 of the IT Act, the amendments to the IPC, as described in the first schedule
of the IT Act, take effect. Most of these amendments are in the nature of recognizing the
validity of electronic documents and electronic signatures. The Act amends existing
IPC offences such that these offices will also be punishable if committed with regard to
the electronic counterparts.
The key provision that are showed t be made in Indian Evidence Act relate to widening
of the scope of term document to include electronic records. Most important, section
65 B recognizes admissibility of computer outputs in media, paper, and optical or
magnetic form. There are detailed provisions related to admissibility of computer
output as evidence. New Section 73 (A) prescribes procedures for verification of digital
E-commerce
laws in
India
277
IJLMA
52,4
16.
17.
278
18.
19.
20.
21.
22.
signatures. New sections 85 (A) and 85 (B) create presumption as regards electronic
contracts, electronic records and digital signatures, digital signatures certificates and
electronic messages.
The Bankers Book Evidence Act has been amended in the manner specified in the
third schedule of the Act (Section 93).
The Reserve Bank of India Act has been amended in the manner specified in the fourth
schedule of the Act (Section 94).
Section 4 of the Act states that when under any particular law, if any information is to
be provided in writing or typewritten or printed form, then notwithstanding that law,
the same information can be provided in electronic form, which can also be accessed
for any future reference. This non-obstante provision will make it possible to enter into
legally binding contracts on-line.
Section 5 provides that when any information or other matter needs to be authenticated
by the signature of a person, the same can be authenticated by means of the digital
signature affixed in a manner prescribed by the Central Government. Under Section 10,
the Central Government has powers to make rules prescribing the type of digital
signature, the manner in which it shall be affixed, the procedure to identify the person
affixing the signature, the maintenance of integrity, security and confidentiality of
electronic records or payments and rules regarding any other appropriate matters.
The digital signature with the subscriber has two parts. The first part is the private
key and the latter is the public key. A person can certify a document only by using
a combination of the two parts. Any other person can view the document using the
public key by any attempt to alter will result in it being rendered useless.
The definition the provided in IT Act 2000 for the Section 66 offence, which is called
hacking, is unique since it is distinct from definitions used in other International laws
for defining an offence of somewhat similar nature. It also recognizes diminishing of
value and injurious effect of the information residing inside a computer. Of course
it also mentions the more obvious destruction, deletion and alteration. Whoever
with the intent to cause or knowing that he is likely to cause wrongful loss or damage to
the public or any person, destroys or deletes or alters any information residing in a
computer resource or diminishes its value or utility or affects it injuriously by any means,
commits hacking. Whoever commits hacking shall be punished with imprisonment up to
three years, or with fine, which may extend up to two lakh rupees, or with both.
Save as otherwise provided in this Act or any other law for the time being in force, any
person who, in pursuance of any of the powers conferred under this Act, rules or
regulations made there under, has secured access to any electronic record, book, register,
correspondence, information, document or other material without the consent of the
person concerned discloses such electronic record, book, register, correspondence,
information, document or other material to any other person shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend
to one lakh rupees, or with both. The aforesaid section has a limited application only. It
confines itself to the acts and omissions of those persons, who have been conferred
powers under this Act, Rules or Regulation made there under Section 72 of the Act
relates to any person who in pursuance of any of the powers conferred by the Act or its
allied rules and regulations has secured access to any: first, electronic record; second,
book; third, register; fourth, correspondence; fifth, information; sixth, document; or
seventh, other material. If such person discloses such electronic record, book, register,
correspondence, information, document or other material to any other person, he will be
punished with imprisonment for a term, which may extend to two years, or with fine,
which may extend to two years, or with fine, which may extend to one lakh rupees, or
with both.
23. In 2002, a person was convicted for a credit card fraud. It was the nations first cyber
conviction through the CBI (Central Bureau of Investigation), though the Act was not
invoked, and the man was convicted under section 418, 419 and 420 of IPC.
24. In a recent case of a video of a Noida girl doing striptease that has been making rounds on
the internet. The video was distributed widely through the net apparently after her
estranged boyfriend released it. Both are B-school students and now the police has
registered a case under section 506 and 507 (threat to murder) of the IPC since the victims
family has not complained about the MMS scandal. Why was the case not registered
under the IT Act? The police version is that no complaint was made about the MMS,
another fact is that the police felt that the provisions of the Act are not strong enough.
25. For example the Act is unclear as to the qualifications of an adjudicating officer and the
manner in which he shall adjudicate. Moreover, though the statute is supposedly a
long arm statute, it does not indicate the powers of the adjudicating officers when a
person commits a cyber crime or violates any provisions of the law from outside India.
Several practical difficulties may also arise in importing the cyber criminal to India.
The Act does not lay down any provisions whereby extradition treaties can be formed
with countries where the cyber criminal is located. Therefore, the extra-territorial scope
of the Act may be difficult to achieve. Furthermore, the powers to impose a penalty for
a computer crime upto Rs 1 crore offers a large discretion to adjudicating officers and
may turn out to be harmful.
26. Network service provider not to be liable in the certain cases: For the removal of
doubts, it is hereby declared that no person providing any service as a (NSP) shall be
liable under this Act, rules or regulations made there under for any third party
information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due
diligence to prevent the commission of such offence or contravention.
27. Section 69 of the Act empowers the Controller of Certifying Authority to order the
interception of electronic information transmitted through any computer system in
India. This explains the legal position of e-surveillance and website blocking powers of
India as per the provisions of IT Act 2000. A logical question that arises is what will
happen if the State exceeds it powers of blocking of web sites or e-surveillance.
28. A domain name is an identification label to define a realm of administrative autonomy,
authority, or control in the internet, based on the domain name system (DNS). Domain
names are used in various networking contexts and application-specific naming and
addressing purposes. A prominent example are the top-level internet domains (TLDs)
com, net and org. Below these top-level domains in the DNS hierarchy are the secondlevel and third-level domain names that are open for reservation and registration by endusers that wish to connect local area networks to the internet, run web sites, or create
other publicly accessible internet resources. The registration of these domain names is
usually administered by the domain name registrar, who sell their services to the public.
29. Regulation of intellectual property rights, particularly copyright on the internet is an
ever-growing problem. The Act does not discuss the implications of any copyright
violations over the net. It has no provisions to penalize copyright infringers, commonly
known as pirates, for their activities over the net. Internet piracy is a major problem
has not been tackled by this Act. No amendments have been proposed to the Copyright
Act of India.
30. In the Indian context till a Bill is finally notified by the Executive, it remains a Bill only.
Thus, till the government of India notifies it, the old Information Technology Act 2000
would govern the Indian cyber law.
31. The Foreign Intelligence Surveillance Act (FISA) was first enacted in 1978 (Public Law
95-511) and later amended by the Patriot Act. It is at the center of the controversy
concerning domestic spying by the NSA. It was passed after revelations of massive
E-commerce
laws in
India
279
IJLMA
52,4
32.
280
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
domestic spying abuses by the FBI, CIA and NSA were documented in reports issued
by the Church Committee in the 1970s. In 1972, the United States Supreme Court had
reviewed some of those abuses and declared that warrantless wiretaps of domestic
groups for national security reasons were a violation of the Fourth Amendment. United
States vs United States District Court (Keith), 407 US 297 (1972).
Under this section, receiving a stolen computer, or a mobile or even a CD, or an e-mail
containing stolen information may be punishable with three years of imprisonment.
Phishing means sending an e-mail that falsely claims to be a particular enterprise and
asking for sensitive financial information. Phishing, thus, is an attempt to scam the user into
surrendering private information that will then be used by the scammer for his own benefit.
Phishing uses spoofed e-mails and fraudulent web sites that look very similar to the real
ones, thus fooling the recipients into giving out their personal data. Most phishing attacks
ask for credit card numbers, account usernames and passwords. According to statistics
phishers are able to convince up to five percent of the recipients who respond to them.
Voyeurism is a psychosexual disorder in which a person derives sexual pleasure and
gratification from looking at the naked bodies and genital organs or observing the sexual
acts of others. The voyeur is usually hidden from view of others. Voyeurism is a form of
paraphilia. A variant form of voyeurism involves listening to erotic conversations. This is
commonly referred to as telephone sex, although it is usually considered voyeurism
primarily in the instance of listening to unsuspecting persons.
Cyber security means protecting information, equipment, devices, computer, computer
resources, communication from unauthorized access, use, disclosure, disruption,
modification and destruction.
Important to note that the limit for compensation which was Rs 1 crore under section
43 of IT Act 2000 has been removed. In other words, now there is no upper limit for
damages that can be claimed.
Intermediary shall preserve and retain such information as may be specified for such
duration and in such manner and format as the Central Govt. prescribed. Further, any
intermediary who intentionally or knowingly contravenes the provision of sub section
(1) shall be punished with an imprisonment for a term, which may extend to three
years and shall also be liable to fine.
MSPs operate wireless networks on behalf of their clients usually large organizations
that outsource key helpdesk or network operations functions to the MSP. The MSPs
employees may work in a centralized Network Operations Center or onsite at the
clients premises. In either case, the MSP needs a comprehensive, scalable and flexible
management solution that can be used across multiple customer engagements.
Power to issue directions for blocking for public access of any information through any
computer resource.
Power to authorize to monitor and collect traffic data or information through any
computer resource for cyber security.
According to Section 2 (na) of IT Act 2008, cyber cafe means any facility from where
access to the internet is offered by any person in the ordinary course of business to the
members of public.
Vicarious liability is a form of strict, secondary liability that arises under the common
law doctrine respondeat superior the responsibility of the superior for the acts of
their subordinate, or, in a broader sense, the responsibility of any third party that had
the right, ability or duty to control the activities of a violator. It can be distinguished
from contributory liability, another form of secondary liability, which is rooted in the
tort theory of enterprise liability.
43. The NSA warrantless surveillance controversy concerns surveillance of persons within
the United States incident to the collection of foreign intelligence by the USA National
Security Agency (NSA) allegedly as part of the war on terror. Under this program,
referred to by the Bush administration as the terrorist surveillance program, the NSA is
authorized by executive order to monitor, without warrants, phone calls, e-mails, internet
activity, and text messaging, and other communication involving any party believed by
the NSA to be outside the USA, even if the other end of the communication lies within
the USA. The exact scope of the program is not known, but the NSA is or was provided
total, unsupervised access to all fiber-optic communications going between some of the
nations major telecommunication companies major interconnect locations, including
phone conversations, email, web browsing and corporate private network traffic.
44. The translation of data into a secret code. Encryption is the most effective way to
achieve data security. To read an encrypted file, you must have access to a secret key
or password that enables you to decrypt it. Unencrypted data are called plain text;
encrypted data are referred to as cipher text. There are two main types of encryption:
asymmetric encryption (also called public-key encryption) and symmetric encryption.
References
Anderson, E., Day, G.S. and Rangan, V.K. (1997), Strategic channel design, Sloan Management
Review, Vol. 38 No. 4, pp. 59-69.
Bakos, J.Y. (1991), A strategic analysis of electronic marketplaces, MIS Quarterly, Vol. 15 No. 3,
pp. 295-310.
Basu, S. and Jones, R. (2002), Legal issues affecting e-commerce: a review of Indian Information
Technology Act, 2000, paper presented at the 17th BILETA Annual Conference, 5-6 April,
Free University, Amsterdam.
Benjamin, R. and Wigand, R. (1995), Electronic markets and virtual value chains on the
information superhighway, Sloan Management Review, Vol. 36 No. 2, pp. 62-72.
Christersen, C.M., Suarez, F.F. and Utterback, J.M. (1998), Strategies for survival in fast-changing
industries, Management Science, Vol. 44 No. 12, pp. S207-20.
CII (2001), E-commerce in India: how to make it happen?, Report of the CII National Committee
on e-commerce 2000-2001, Confederation of Indian Industry.
Dutta, S. (2003), Impact of information communication technology on society, Yojana, Vol. 47
No. 2, p. 24.
Gallaugher, J. (2002), E-commerce and the undulating distribution channel, Communications of
the Association for Computing Machinery, Vol. 45 No. 7, pp. 89-95.
Kaur, K. (2005), Consumer protection in e-commerce in Malaysia: an overview, UNEAC Asia
Papers, No. 10.
Khatibi, A., Thyagarajan, V. and Seetharaman (2003), E-commerce in Malaysia: perceived
benefits and barriers, Vikalpa, Vol. 28 No. 3, pp. 77-81.
Kuhn, P. and Skuterud, M. (2000), Internet and traditional job search methods, 1994-1999, paper
presented to the IRPP and CERF Conference on Creating Canadas Advantages in an
Information Age, May.
Light, D.A. (2001), Sure, you can trust us, MIT Sloan Management Review, Vol. 43 No. 1, p. 17.
Mitnick, K.D. and William, L.S. (2002), The Art of Deception: Controlling the Human Element of
Security, John Wiley and Sons, New York, NY.
Neuman, B.C. and Genyady, M. (1998), Internet payment services, in McKnight, L.W. and
Bailey, J.P. (Eds), Internet Economics, MIT Press, Cambridge, MA, pp. 401-16.
Nicholas, R. and Jerry, F. (2002), Electronic customer relationship management: an assessment of
research, International Journal of Electronic Commerce, Vol. 6 No. 3, pp. 59-111.
E-commerce
laws in
India
281
IJLMA
52,4
282
Pastor, R.S. and Alessandro, V. (2004), Evolution and Structure of the Internet: A Statistical
Physics Approach, Cambridge University Press, Cambridge.
Poon, S. (2000), Business environment and internet commerce benefits: a small business
perspective, Journal of Information System, Vol. 9, pp. 7-81.
Rastogi, R. (2002), Country Report on E-Commerce Initiatives, available at: www.unescap.org/tid/
publication/part_three2261_ind.pdf (accessed 4 June 2008).
Shapiro, C. and Varian, H. (1999), Information Rules: A Strategic Guide to the Networked
Economy, Harvard Business School Press, Boston, MA.
Sumanjeet (2002), Cyber laws in need of upgrade, Indian Business Law Journal, Vol. 1 No. 2,
pp. 27-9.
Sumanjeet (2005), E-CRM building the loyal customers in the age of electronic commerce,
Pakistan Management Review, Vol. XLII No. 3, pp. 45-54.
Sumanjeet (2008a), Electronic commerce in India: the evolution of revolution, E-Business, July.
Sumanjeet (2008b), Impact of e-commerce on economic models: little to lose; more to gain,
International Journal of Trade and Global Markets, Vol. 1 No. 3, pp. 319-37.
Sumanjeet (2010), Digital divide in India: measurement, determinants and policy for addressing
the challenges of digital divide, International Journal of Innovation and Digital Economy
(accepted for publication, forthcoming issue).
Timmers, P. (1999), Electronic Commerce: Strategy and Models for Business-to-Business Trading,
John Wiley, Chichester.
Verma, Y. (2001), Broadband: the brakes are on, Dataquest (India), 15 May.
Zhu, K., Kenneth, L.K. and Xu, S. (2002), A cross-country study of electronic business adoption
using the technology-organization-environment framework, paper presented at the ICIS
Conference, Barcelona, 15-18 December.
Corresponding author
Dr Sumanjeet can be contacted at: sumanjeetsingh@gmail.com
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.