This action might not be possible to undo. Are you sure you want to continue?
M DISSERTATION Submitted to Department of Law. University of Pune.
Mr. BALASAHEB DASHRATH PANDHARE
Under the Guidance and Supervision of Dr. J. P. Palande Department of Law. University of Pune.
PUNE. 2007 - 2008.
"At the present time there exist problems beyond our ability to solve, not because of theoretical difficulties, but because of insufficient means of mechanical computation." Howard Aiken.
I, the undersigned, hereby declare that the research work done on the topic entitled “Information Technology Act, 2000 And Contracts In The Area Of Banking – Statutory And Judicial Position” is written and submitted under the guidance of DR. J.
P. PALANDE Department of Law, University of Pune, Pune.
The findings and conclusions drawn in Dissertation are based on the data and other relevant information collected by me during the period of my research study for the award of LL.M Degree in the faculty of law from University of Pune. I further declare that the thesis submitted on the research study is my original work and I have not copied anything from any report of this nature while preparing this dissertation. Neither the work nor any part thereof is published in any journal or anywhere else.
Place: PUNE Date: 15th March, 2008
Mr. BALASAHEB D. PANDHARE Research Candidate
It is certified that the work incorporated in this dissertation: “Information technology Act, 2000 and contracts in the area of banking – statutory and judicial position” was carried out by the research candidate under my guidance and supervision. The material obtained from other sources has been duly acknowledged in the dissertation. It is further certified to the best of my knowledge that it is his original work
Place: PUNE Date: 15th March, 2008.
DR. J. P. PALANDE Research Guide Department of Law, University of Pune.
I convey my heart full gratitude to Dr. J. P. Palande for her valuable guidance, constant encouragement and valuable suggestions, without which the present study would not have come to its present shape. I have no words indeed to express my deep sense of gratitude toward her for her encouragement. I am equally grateful to Prof. Dr. D. S. Ukey, an HOD of the Dept. of Law, University of Pune and all present faculty of law for providing all the required academic facilities in accomplishing my research work. I am thankful to my friend Mr. Shrikant G. Bhavsar, Mr. Sandip B. Satbhai Mr. Gajanan S. Chaoudhary and all well wishers for their help. In the end I dedicate this small piece of work with sincere regards to the legal fraternity who has been protecting the Rule of Law and Constitutionalism in the India.
Place: PUNE. Date: 15th March, 2008.
Mr. Balasaheb D. Pandhare Research Candidate
AIR ARL ATM B2B B2C BPO C2C CA’s CAD CAM CAT CCA CFMS CP CPS CRL CSR All India Report Authority Revocation List Automated Teller Machines Business to Business Business to Consumer business process outsourcing Consumer to Consumer Certified Authorities Computer Aid Design Computerized Aid Manufacturing program Computerized Axial Technology Controller of Certifying Authority Centralized Funds Management System Company Certification Policy Certification Practice Statement Certification Revocation List Certification Signing Request
CST DN ECS EDI EFT E-mail FTP INFINET ISDN IT ITU LAN MICR MRI NASCOM NSP PIN PKI PKIX POS RAPID RBI RFID RIPS SFMS SPNS SSC UNICITRAL URL WAN
Certification Service Provider Distinguished Name Electronic Clearings service credit scheme Electronic Data Interchange Electronic Funds Transfer Electronic Mail File Transfer Protocol Indian financial network Integrated Service Digital Network Information Technology International Telecommunications Union Local Area Network Magnetic Ink Character Recognition Magnetic Resonance Images Nation Association of Software and Service Network Service Provider Personal Identity Number Public Key Infrastructure Public Key Infrastructure X.509 Point of Sale Receipt and payment instrument/document Reserve Bank of India radio-frequency identification Regulation of Investigatory Powers Act Structured Financial Messaging Solution Share Payment Network Service Secured Socket Layer United Nations Commission on International Trade Law Uniform Resource Locator Wide Area Network
World Wide Web
CONTENTS Page No.
Declaration………………………………………………………………… Certificate…………………………………………………………………. Acknowledgement……………………………………………………….... Abbreviations……………………………………………………………... II III IV V
Chapter I. 1.1. 1.2. 1.3. 1.4. Introduction………………………………………………....01- 13 Objectives of the study 13 Significance of the Study 13 Hypothesis 14 Research Methodology 15
Chapter II. Background & Need for Information Technology……….16 - 30 2.1. Introduction 16 2.2. Meaning of Information Technology 16
2.3. Development in Technology 2.4. Communication Facilities 2.1. E-Business Transaction. 2.1.1. Business to business 2.1.2. Business to Customer 2.1.3. Business to Customer 220.127.116.11.The Virtual Shop 18.104.22.168.Building and Maintaining the Virtual Shop. 2.1.4. Customer to Customer 2.1.5. E-Auctions 2.1.6. E-Banking 2.1.7. E-Commerce 2.1.8. E-Contract
17 19 21 22 22 23 23 24 24 25 27 28
Chapter III. Information Technology And Statutory…………………31- 40 3.1. The Electronic commerce Act,2000 31 3.2. The Electronic Communication Act,2000 32 3.3. The Electronic Transaction Act,1999 35 3.4. Personal Information Protection & Electronic Document Act,2000. 36 3.5. Information And communication Services Act Of 1997. 37 3.6. UNICITRAL Model Law 38 3.7. Information Technology Act,2000 39
Chapter IV. Incorporation of Information Technology Act in the Banking Transactions………………….…………………45 -78 4.1. Introduction 45 4.1.1. Section 43 46 4.1.2. Section 65 46 4.1.3. Section 66 46 4.1.4. Section 70 47 4.1.5. Section 72 47 4.1.6. The Personal Data Protection Bill 2006 47 4.2. Payment and Financial system 50 4.2.1. Sound payment system 50 4.2.2. Sound financial system 51 4.2.3 The History of Payments 52 4.2.4 Debit cards 53 4.2.5 Stored Value Cards 57 4.2.6 Automated Teller Machines 58 4.3. The Clearing House Mechanism 59
4.4. Electronic clearing System 4.4.1. ECS Credit 4.4.2. ECS Debit 4.5. Cheque Truncation 4.6. Electronic Fund Transfer 4.6.1. Electronic Funds Transfer Act 4.6.2. The Systemic Methodology for Future EFT. 4.7. Effective Regulation and Supervision 4.8. Effective Currency Management 4.9. Monetary and Financial Stability 4.10.Challenges before Internet banking 4.11. Technology and Security Standards 4.12. Internet Banking & I.T. Act
62 63 64 64 65 66 68 69 73 73 74 75 76
Chapter V. Electronic contracts: An Emerging Trend……………….81 - 98 5.1. Introduction 81 5.2. Requirement Of Electronic Contract 81 5.2.1. An offer needs to be made 81 5.2.2 The offer needs to be accepted 82 5.2.3 There has to be lawful consideration 84 5.2.4 There has to be an intention to create legal relations 5.2.5 The parties must be competent to contract 84 5.2.6 There must be free and genuine consent 85 5.2.7 The object of the contract must be lawful 85 5.2.8 There must be certainty & possibility of performance 85 5.3. Indian Position 86 5.3.1. Attribution of electronic records 86 5.3.2. Acknowledgement of receipt 87 5.3.3. Time and place of dispatch & receipt of electronic record 88 5.4. Kinds of electronic contract 88 5.4.1. The click wrap or web wrap agreements 90 5.4.2. The shrink wrap agreement 90 5.4.3. Electronic data interchange 91 5.5. Jurisdictional Perspective of Electronic Contracts 93 5.6. Exception to electronic contracts 93 5.6.1. A Negotiable instrument 94 5.6.2. A Power of Attorney 94 5.6.3. A Trust 95 5.6.4. A Will 96 5.6.5. Transaction of immovable property 96 5.6.6. Transaction notified by the Govt 96 5.7. International Position 97 5.8. India and E-commerce 97 5.8.1. Defining Electronic commerce 98 22.214.171.124.Electronic 98
Conclusion……………………………………………………………….…106 Critical Appreciation .……………………………………………………. 111 Suggestions…………………………………………………………………115 Annexure………………………………………………………………….. I List of cases………………………………………………………………... XIX Bibliography………………………………………………………………. XXI a) List of books………………………………………………………. XXI b) List of articles……………………………………………………... XXII c) Statute……………………………………………………………... XXII d) Journals……………………………………………………………. XXIII e) Report of committees……………………………………………... XXIII f) List if websites…………………………………………………….. XXIII g) Graph……………………………………………………………… XXIV h) Glossary…………………………………………………………… XXV
CHAPTER I INTRODUCTION
New communication system and digital technology have named dramatic changes in the way we live. A resolution is accruing in the way people transact the business. Business
and customers are increasingly using computers to create, transmit and store information in the electronic form, this has many advantages it is cheaper, easier to store retrieve and speedier to communicate. “Although people are aware of there advantages they are reluctant to conduct business or conclude any transaction in the electronic form due to lack of appropriate legal framework. The two principle hurdles which stand in the way of facilitating electronic commerce and electronic governance are the requirements as to the writing and signature for the legal recognition. At present, many legal provisions assumes the existence of paper based records and documents and record which should bear signature .The law of evidence is traditionally based upon paper based records and oral testimony. Since electronic commerce eliminates the need for paper based transactions, hence to facilitate e-commerce, the need for legal changes are become an urgent necessity. International trade through the medium of e-commerce is growing rapidly in the past few years. Many countries have switched over from traditional paper based commerce to ecommerce”1. E-commerce has also spread over to the area of ‘banking sector’ and gives rise to the various legal issues in the banking sector. “E-banking activities involve not just banks and their customers by numerous third parties too. Information held by banks about their customers etc changes hand several times. It is Impossible for banks to retain information solely in their own computer network, let alone a single jurisdiction is impossible. Risk pertaining to leakage tampering or blocking of data are sufficiently high warrant adequate legal and technical protection of data in electronic banking”.2 Information technology also plays a vital role in the area of formation of contracts. Contracts are an agreement made by two or more persons that is enforceable by law. It consists of voluntarily promises to do or not to do something. When people make the contracts their promises become legal obligations. “Contracts are vital to the economic system of the country where private enterprises is encouraged. Much of the wealth of free enterprise nations takes the form of such contracts as bonds and promissory notes. Most business activities in these countries depend on the contract these contracts include promises to deliver or pay for goods, perform or pay for services, pay wages or rents, exchange property and construct buildings. An agreement that could oppose public order is
1. http:// www.asianlaws.org 2. Information Technology And Cyber Law:V.D.Dodeja. p. 14
unenforceable. e.g. The courts would not enforce an agreement to bribe a public officer. The court also refuses to enforce an agreement if one party has clearly taken unfair advantage of another. The laws bar some people, chiefly minors are mentally incompetent, from assuming obligation under contract”.3 The second part of dissertation relate with the contracts in the area of banking. Most of the transaction in the banking sector are depends on the contracts. Such as “Indemnity, Guarantee, Bank Guarantee, Pledge and Hire purchase agreement”.4 In the modern time these all transactions leads to the concept of electronic banking due to the evolution of electronic banking various legal issues are emerged. “The United Nations commission on International trade law (UNICITRAL) adopted the model law on electronic commerce in 1986. The general assembly of United Nations by its resolution No.51/162, dated 30th January 1997 recommended that all states should give favorable considerations to the said model law when they enact or revise their laws. The model law provides for equal legal treatment of users of electronic communication and paper based communication. Pursuant to the recent declaration by member countries, the world trade organization is likely to form a work program to handle its work in this area including the possible creation of multilateral trade deals through the medium of electronic commerce”.5 There is need for bringing in suitable amendments in the existing laws in our country to facilitate e-commerce. It is therefore proposed to provide for legal recognition of electronic records and digital signature. This will enable a conclusion of contracts and the creation of rights and obligation through the electronic medium. It is also proposed to provide the certifying authorities issuing digital signatures certificates. To prevent the possible misuse arising out of transactions and other dealing concluded over the electronic medium, it is also proposed to create civil and criminal liabilities for contravention of the provision of the proposed legislation. “With a view to facilitate electronic governance, it is proposed to provide for the use and acceptance of electronic records and digital signatures in the government offices and its agencies. This will make the citizens interactions with the governmental offices hassle free. It is also proposed to make consequential amendments in
3. Bakhi P.M. & Suri R.K: Cyber and E-Commerce Laws:Bharat Publishiong House:First Ed:2002 pp 65,66 4 4. Law Of Contract and Specific ReliefL:2004:Avtar Singh, Wadhwa Publication: Eighth Ed:2006.p17 5 5. Ryder D. Rodney,Guide To Cyber Laws, Wadhwa&Co.Publishers:First Ed:2001p22.
the Indian penal code and the Indian evidence Act 1872 to provide for necessary changes in the various provisions which deals with offences relating to documents and paper based transactions. It is also proposed to amend the Reserve Bank of India Act, 1934 to facilitate electronic fund transfers between the financial institution and the banks. The Bankers Books Evidence Act, 1891 to given legal sanctity for books of account maintained in the electronic form by the banks”.6 This proposal was also circulated to the state Govt. they have supported the proposed legislation and have also expressed urgency for such legislation. With respect to the said proposal Indian parliament enact the Information Technology Act, 2000. Towards that end the said act stipulates number of provisions. “The said act aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The said Act further stated that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. The said Act purports to facilitate electronic intercourse to trade and commerce, it eliminates barriers and obstacles coming in the way of electronic commerce resulting from the glorious uncertaintities relating to writing and signature requirement over the internet. The Act also aims to fulfill its objects of promoting and developing the legal and business infrastructure necessary to implement electronic commerce”.7 “Connectivity via the Internet has greatly abridged geographical distances and made communication even more rapid. While activities in this limitless new universe are increasing incessantly, the need for laws to be formulated to govern all spheres of this new revolution was felt. In order to keep pace with the changing generation the Indian Parliament passed Information Technology (IT) Act, 2000. The IT Act has been conceptualized on the United Nations Commission on International Trade Law (UNCITRAL) Model Law”.8 “IT (information technology) is a term that encompasses all forms of technology used to create, store, exchange, and use information in its various forms (business data, voice conversations, still images, motion pictures, multimedia presentations, and other forms, including those not yet conceived). It's a convenient term for including both
6. http:// www.answer.com
7. Ryder D. Rodney,Guide To Cyber Laws, Wadhwa&Co.Publishers:First Ed:2001.p. 12 8. http://www.helplinelaw.com/docs/main.php3?id=INFT1
telephony and computer technology in the same word. It is the technology that is driving what has often been called "the information revolution”.9 “There are other statutes all over the world relating to the information technology such as Electronic Commerce Act,2000 was enacted to provide the legal recognition of electronic contracts, electronic writing, electronic signatures and original information in electronic form in relation to commercial and non-commercial transactions and dealings and other matters, the admissibility of evidence in relation to such matters, the accreditation, supervision and liability of certification service providers and the registration of domain names, and to provide for related matters”.10 “The Electronic Transaction Act, 1999 The object of this Act is to provide a regulatory framework that: Recognizes the importance of the information economy to the future economic and social prosperity of Australia; and facilitates the use of electronic transactions; and promotes business and community confidence in the use of electronic transactions; and enables business and the community to use electronic communications in their dealings with government”.11 “Personal Information Protection and Electronic Document Act, 2000 is an Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions and by amending the Canada evidence Act, the statutory instruments Act and the statute revision Act”.12 “Information And communication Services Act Of 1997. The purpose of this Act is to establish uniform economic conditions for the various applications of electronic information and communication services”.13 and UNICITRAL Model Law. “The Model Law establishes rules and norms that validate and recognize contracts formed through electronic means, sets default rules for contract formation and governance of electronic contract performance, defines the characteristics of a valid electronic writing and an original document, provides for the acceptability of electronic signatures for legal and commercial purposes and supports the admission of computer evidence in courts and arbitration proceedings. The
9. http://searchdatacenter.techtarget.com/sDefinition/0,,sid80_gci214023,00.html 10 10. http://www.ucc.ie/law/irlii/statutes/2000_27.htm#z1 11 11. http://www.austlii.edu.au/au/legis/cth/consol_act/eta1999256 12 12. http://www.privcom.gc.ca/legislation/02_06_01_01_e.asp 13 http://www.privcom.gc.ca/legislation/02_06_01_01_e.asp
Model Law does not have any force but merely serves as a model to countries for the evaluation and modernization of certain aspects of their laws and practices in the field of communication involving the use of computerized or other modern techniques, and for the establishment of relevant legislation where none exists”.14 “The Information Technology Act deals with the various aspects relating to the ebusiness transaction as well as the offences and penalties The Information Technology Act, 2000 also plays an important role in the area of contracts through the Section- 11, 12 & 13 under the chapter-IV i.e. Attribution, Acknowledgement and Dispatch Of Electronic Records. The Act also deals with, Provisions relating to the digital signatures, under chapter-II of the Act, by which the authentication of electronic record is made possible. It also made the provision for legal recognition of the electronic records as well as retention of the electronic records made under chapter-III of the Act. Chapter-V deals with the securing electronic record, digital signature and the procedure for the same. For achieving this purpose the Act, provides for the appointment of the controller and other certifying Authorities. These authorities are vested with the power of issuing Digital signature certificate its revocation and suspension under the Chapter-VI &VII. Chapter-VIII, deals with the duties of subscribers. The Act also prescribes the penalties and adjudication, under Chapter-IX, such as penalty for damage to computer and computer system, penalty for failure to furnish information. The act also made provision for the establishment of cyber Regulations Appellate Tribunal under chapter-X. Chapter XI specially deals with the offences, Such as tampering with the computer source documents, hacking with computer system, publishing of information which is obscene in electronic form”15. On 18th October the union cabinet of India has decided to amend IT act 2000 and decided to expand the scope of section 72 of the act to provide for criminal liability in case of leak of information. "This will prevent any intermediary and service provider, which has secured any material or information from a user entering into a contract with it, from passing it on to others without the consent of the user. Violations will invite imprisonment for a term of up to two years or fine of up to Rs 5 lac (Rs 500,000) or both," an official of the department of information technology said. The amendment introduces 5 million rupees (equivalent to 5,
14. http://www.lawcommissionbangladesh.org/wplit.html 15. Information Technology Act,2000 :Ravi Pullani And Mahesh Pullani, First Ed:2000. p.45
00,000 GBP) penalty on any company found leaking sensitive information which will be paid as damages to the affected party. This will cover all sensitive data or information which a company may own, possesses, control, or operate. The Cabinet has also approved a proposal to amend Section 43 of the IT Act, under which a person involved in hacking of computers will be liable for punishment of up to two years or fine of up to 5 lac (5000 GBP approximately) or both. The department of information technology is also keen to reduce crime like e-commerce frauds through digital signatures and impersonation such as phasing, and identity theft. It has proposed to insert a new section in the Indian Penal Code, under which the punishment for identity theft may be extended to two years and a fine, while the penalty for impersonation may be extended to 5 years and a fine Recently, many cases related to theft of data have been reported and this time Indian government is very keen to assure foreign investors about Indies sensitivity to their concerns on data theft. In the Case of State of Tamil Nadu Vs Suhas Katti16 The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced to undergo Rigorous Imprisonment for 2years under 469 IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- In another case popularly known as
“Bazee.com case, the CEO of Bazee.com was arrested in December 2004 because a CD
with objectionable material was being sold on the website. The CD was also being sold in the markets in Delhi. The Mumbai city police and the Delhi Police got into action. The CEO was later released on bail. This opened up the question as to what kind of
distinction do we draw between Internet Service Provider and Content Provider. The burden rests on the accused that he was the Service Provider and not the Content Provider. It also raises a lot of issues regarding how the police should handle the cyber crime cases and a lot of education is required”.17 Recent advances in the areas of computer technology, telecommunications
16. C.F. www.ceac4india.com. visited on20/07/2007 17. http:// www.legalserviceindia.com
technology, and software and information technology have resulted in changing the standard of living of people in an unimaginable way. New techniques of exchanging information and transacting business are transforming many aspects of social and economic organization. “These modern technologies are being combined, especially through the Internet, to link millions of people in every corner of the world. Thus communication is no more restricted due to the constraints of geography and time. Information is transmitted and received widely and more rapidly than ever before. As a result, commercial deals are struck, transactions completed, and decisions are taken almost instantaneously. And this is where the flexibility in terms of place, time, space, distance, payment that electronic commerce offers the business environment plays a vital role. It is a modern business methodology that addresses the needs of organizations, merchants and consumers to cut costs while improving the quality of goods and services and increase the speed of service delivery using computer network to search and retrieve information”.18 “Electronic Commerce Bill does promise to make electronic contracts feasible. Would a supplier making details of goods and services with prices available on a website be deemed to have made an offer or would it be an invitation to treat? Learned authors have opined that there not much difference and therefore unless the website is so designed as to be construed as making an offer, in most situations, such displays would be treated in law as an invitation to treat, the use of e-mails and website offers and acceptances also present fresh challenges to current laws on determination of time and date of offer and acceptance. E-mails may not be actually received, just like the post, or be delayed or even lie unopened. On the other hand, web transactions more closely resemble telephonic and telex communications and offer and acceptance may be instantaneous. E-commerce is associated with the buying and selling of information, products and services via computer networks. It is a means of transacting business electronically, usually, over the Internet. It involves a composite of technologies, processes, and business strategies that aids the instant exchange of information within and between organizations, buyers and sellers. Ecommerce is well suited to facilitate the re-engineering of business processes occurring at many firms. E-commerce is associated with the buying and selling of information, products and services via computer networks. It is a means of transacting business electronically,
18. Bakshi P.M & Suri R.K, Cyber and E-commerce Laws, Bharat Publishing House, edn 1, 2002 p. 56
usually, over the Internet. It involves a composite of technologies, processes, and business strategies that aids the instant exchange of information within and between organizations, buyers and sellers. E-commerce is well suited to facilitate the re-engineering of business processes occurring at many firms”.19 The Information Technology Act, 2000 excludes the transactions related to a negotiable instrument, a power-of-attorney, a trust, and a will, any contract for sale or conveyance of immovable property or any interest in such property. “The law has been slow, in relation to the progress of technology and business practices, to accommodate differences between e-commerce and traditional contracts. This trend is likely to continue, as law is created in order to keep a check on the fast changing trends of the society and is only effected when there is a cause and technology most often out spaces law. The most important difference between e-commerce and traditional commerce is that E-transactions diminish reliance on paper to document a transaction and they also diminish the role of human participation in transaction”.20 “The Indian Contracts Act, 1872 provides for the essential elements of valid Contracts, Such as proposal, acceptance, consideration, capacity to contract, free consent, lawful consideration and objects, intention to create legal relationship, certainty and possibility of performance, should not have been expressly declared void”.21 Contracts result only when one promise is made in exchange for something in return. This something in return is called consideration Section 2(d) of the Indian Contract Act, 1872 defines consideration as: When at the desire of the promisor, the promisee, or any other person has done or abstained from doing or does or abstains from doing, or promises to do or abstains from doing something, such act or abstinence or promise is called as consideration for the promise. A party failure to perform completely and strictly in accordance with the terms of an agreement constitutes a breach of contract. Indeed, with respect to the sale of goods, the law historically, embraced the perfect tender rule, a standard entitling a buyer to reject goods unless the seller complies strictly with both quality and quantity provisions of a bargain. “Where the promisor neither performs his contract nor does he tender performance, or where the performance is defective, there is said to be a breach of contract. This includes both failures to perform according to the terms of contract once the time of
19. http:// www.legalserviceindia.com 20. Information Technology Act,2000 :Ravi Pullani And Mahesh Pullani,2000.p.10 21 21. Law Of Contract and Specific ReliefL:2004:Avtar Singh, Wadhwa Publication.) p 14
the performance has arrived and the refusal to perform even before the time for performance has arrived. A party that commits breach of an agreement may face various types of liability under contract law. Due to the nature of the systems and the networks that business employ to conduct e-commerce, parties may find themselves liable for contracts which technically originated with them but, due to programming error, employee mistake or deliberate misconduct were executed, released without the actual intent or authority of the party. Sound policies dictate that parties receiving messages be able to rely on the legal expressions of the authority from the senders computer and this legally be able to attribute these messages to the sender”.22 Section 2(p) of The Information Technology Act, 2000 defines digital signatures as authentication of any electronic record by a subscriber by means of an electronic method or procedure. “Section 3 of this Act provides that such authentication shall be effected by use of asymmetric crypto system and hash function which envelope and transform the initial electronic record into another electronic record. Section 85A, 85B and 85C has been inserted in the Evidence Act, 1872 relating to presumptions as to electronic agreements. The accommodation of various requirements for legal notice and for conspicuousness via computers has been a source of continuing concern and uncertainty in e-commerce. Jurisdiction of a contract determines the law applicable to it and the codes in which theory can be enforced. Jurisdiction depends on the place where the contract is concluded. Determining this fore-contract is difficult due to ambiguity caused by technicalities of network”.23 The question of jurisdiction arose in two 1996 US Circuit Court cases. The first was CompuServe v. Patterson
in which an Ohio court held that it had jurisdiction over a
contract dispute involving CompuServe, an Ohio based concern, and Patterson, a Texas resident. The Courts decision was that so long as three tests were satisfied, they had the jurisdiction. the second case was Playboy Enterprises, Inc. v. Chuckleberry Publishing Inc25. In this case, the respondent firm had been sued for infringement of the appellants trademark rights. The respondent had done so by distributing certain materials under the name PLAYMEN on an Italian web site. The court decided that the respondents soliciting
22. Ibid 23. Bakhi P.M. & Suri R.K: Cyber and E-Commerce Laws:Bharat Publishiong House:First Ed:2002 p. 44 24 24. 1996 WL 405356 (6th. Cir. (Ohio)), No. 95-3452, July 22, 1996 25 25. S.D.N.Y., No. 79. Civ. 3525 (SAS), June 19, 1996
of US customers over the Italian web site, receiving their faxes, and e-mailing them passwords, constituted distribution in the United States. Thus the Court held that they had jurisdiction. The Supreme Court of India, in the case of SIL Import vs. Exim Aides Silk Importers
has recognized the need of the judiciary to interpret a statute by making
allowances for any relevant technological change that has occurred. Until there is specific legislation in regard to the jurisdiction of the Indian Courts with respect to Internet disputes, or unless India is a signatory to an International Treaty under which the jurisdiction of the national courts and the circumstances under which they can be exercised are spelt out, the Indian Courts will have to give a wide interpretation to Section 20 of the Code of Civil Procedure for exercising Internet disputes. In R. Vs Waddon, however, the court dismissed the argument that simply because the server is in another country, its laws should apply. The courts suggested that since the web site was interacted with, in UK, English law should be applicable, demonstrating the willingness of the courts to extend a long arm jurisdiction. The dissertation also deals with contracts in the area of banking. The contracts which mostly fall in the area of banking are as under mortgage, pledge, bailment, indemnity, guarantee and banking Guarantee. A bank guarantee is a guarantee made by a bank on behalf of a customer (usually an established corporate customer) should it fail to deliver the payment, essentially making the bank a co-signer for one of its customer's purchases. Should the bank accept that its customer has sufficient funds or credit to authorize the guarantee, it will approve it. A guarantee is a written contract stating that in the event of the borrower being unable or unwilling to pay the debt with a merchant, the bank will act as a guarantor and pay its client's debt to the merchant. “In case of a hirepurchase there are two elements ,namely that of bailment and an element of sale and when a hire- purchase agreement entered in to, here in a transfer of goods on hire-purchase which would not include at that point of time any transfer of property in the said goods”.27 In India, a Bank’s liability would arise out of contract as there is no statute to the point. When liability is contractual it means that the bank is, by virtue of the contract, under an obligation to keep customers’ data secret. If transactions are being done on an
26. 1994 (4) SCC 567 27. Jay bharat credit&Invesment co ltd V. CST. (2000)7 scc 1645
open network such as the internet then in case of a security breach, an internet service provider (ISP) may be liable, in addition to the bank. Though ambiguity persists as regards liability of an internet service provider due to death of decided case law on the point. The viability of a sectoral legislation on data protection in e-banking should be gauged. India can take cue from nations which have favored ad hoc enactment of sectoral laws over omnibus Legislation.28 Reserve Bank of India had set up a ‘Working Group on Internet Banking’ to examine different aspects of Internet Banking (I-banking). The Group had focused on three major areas of I-banking, i.e, (i) technology and security issues, (ii) legal issues and (iii) regulatory and supervisory issues. RBI has accepted the recommendations of the Group to be implemented in a phased manner. Accordingly, the following guidelines are issued for implementation by banks. Banks are also advised that they may be guided by the original report. The Indian Information Technology Act, 2000, basically a framework law, makes hacking a punishable offence under Section 66. Breach of information security is implicitly recognized as a penal offence in the form hacking. The ‘Appropriate Government’ (central/state) is empowered to declare any ‘computer’, ‘computer system’ or ‘Computer Network’ as a protected system. A ten year prison term and a hefty fine await any person who secures access to the ‘secured computer system’ in contravention of the provisions of the law.29 Despite the deterrence characterized by the penal provisions of the IT Act, 2000, a lacuna in the law is that organizations and entities can take action against those who breach data security procedure, but they are not obliged to implement data security measures to protect consumers and clients. The IT Act does not lay down any such duty upon banks. Contrastingly, in UK, failure to undertake identification of new customers properly can create an array of risks for the bank. Under the Data Protection Act, 1998 an erring bank may face an action for damages if it fails to “maintain adequate security precautions in respect of the data”. Essentially, a legal duty is thrust upon the banks, to use reasonable care and skill in disseminating information to persons who access the bank’s networks either on the internet or through an ATM card.30 The benefits and advantages of information technology for the smooth and efficient functioning of the banking business cannot be disregarded and sidelined. Its proper and
28. http:// www.legalserviceindia.com 29. http:// www.asianlaws.org 30 30. Cyber Crime: Yogesh Barua2003: Vol-3: Dominant Publishers and Distributers. p. 122
methodical use can bring the following advantages such as sound payment system, sound financial system, effective regulation and supervision, effective currency management, monetary and financial stability, and challenges before internet banking, etc. To study all above aspects, which need detailed research, the present researcher want to conduct research in this area.
OBJECTIVES OF THE STUDY
1) 2) 3) 4) 5) 6) 7) To study the mode by which the legal recognition is accorded by the Information To study the measure provided by the Act to curb the cyber crime. To observe & study statutory mechanism available to the electronic transactions. To evaluate the judicial position and attitude of the judiciary towards the To study the concept of contracts changing due to the information technology and To study the jurisdictional issue. Jurisdiction is also one of the debatable issues in To examine the potential benefits of e-commerce. Technology Act, 2000 to the electronic records.
information technology and contracts in the area of banking. its incorporation in the area of banking. the cases of cyber crime due to the very universal nature of cyber space.
SIGNIFICANCE OF THE STUDY
The topic of the study itself suggests the area and particularly the domain with in which the researcher has to work out throughout his research. The subject made emphasis on information technology and its incorporation in the area of banking and particularly in the area of contracts which are inevitable parts of the banking transactions. Each and every banking transaction needs the contractual interference. So the focus of the study is mainly on the contracts which are mostly carried out in the area banking, due to the emergence of computer network and development in the area of internet and its frequent use in the commercial transactions which create the several legal issues. Hence the study of this area is necessary to solve the legal issues and suggest the measures to control the problems. As well as one of the significance of the study is to find out the availability of the statutory mechanism , and the interpretation of those statute by the judiciary to cure the
irregularity or fill up the gap which in leave out by the legislature while framing out the statutory mechanism. Since the beginning of the civilization, man has always been motivated by the need of more progress and better the existing technologies. This has lead to tremendous development and progress which been a launching pad for further developments of all the significant advances made by mankind from the beginning till date ,probably the most important of them is the development of the Internet. “However the rapid evolution of Internet has also raised numerous legal issues and question. As the scenario continues to be still not clear, Countries throughout the world are resorting to different approaches towards controlling, regulating and facilitating electronic communication and commerce. The parliament of India has passed its first Cyber Law, The Information Technology Act, 2000 which provides legal infrastructure for E-Commerce in India. The said Act had received the assent of President of India and has become the law of the land in India”.31 Hypothesis: Hypothesis plays an important role in every research work. It provides the direction to the researcher, or show the way in which he have to proceed while conducting his research. Without hypothesis it is difficult for the researcher to complete the research in the specified time and relevant to the subject. Hence here researcher frames the following hypothesis for conducting this research. 1) 2) 3) system Research Methodology used: The study will mainly resort to the doctrinal method of research and to the use of secondary sources of literature and will stick to historical and analytical research methods. For the data collection researcher has take the assistance of the books, articles which are published in the news paper as well as in the all India reporters, researcher also has laid the
Information technology and electronic contracts have emerged as twin pillars of Electronic contracts are borne out of need for speed, convenience and efficiency. Necessary legislative support is essential to protect the interest as much of the
modern banking development
customers as of the banks in several areas relating to electronic banking and payment
31. Information Technology Act,2000 :Ravi Pullani And Mahesh Pullani,2000 p. 22
emphasis on the web sites which are relevant for the study of the present topic. The study is mainly concerned with the statutory and judicial position, so researchers will try to analyse the material in consonance with the relevance of the topic.
CHAPTER-II BACKGROUND AND NEED OF INFORMATION TECHNOLOGY
2.1 Introduction: Trade and commerce have its origin from the ancient period, during this period people carries their transactions traditionally by coming face to face, but as the time is not static the society and its conduct in any sector was also not static, they have to underwent a change with the changing need of the society. Recently the business transactions are governed by the electronic means due to the advancement in the computer technology all over the world, similarly trade and commerce as well as the banking systems and operation become global. Hence it was the need to develop and recognize the information technology. Prior to discuss about the potential importance of the Information technology it is necessary to get known about what the information technology means and its historical background. “The term "information technology" evolved in the 1970s. Its basic concept, however, can be traced to the World War II alliance of the military and industry in the development of electronics, computers, and information theory. After the 1940s, the military remained the major source of research and development funding for the expansion of automation to replace manpower with machine power. Since the 1950s, four generations of computers have evolved. Each generation reflected a change in hardware of decreased size but increased capabilities to control computer operations. The first generation used vacuum tubes, the second used transistors, the third used integrated circuits, and the fourth used integrated circuits on a single computer chip. Advances in artificial intelligence that will minimize the need for complex programming characterize the fifth generation of computers, still in the experimental stage”.32 The first commercial computer was the Univac I, developed by John Eckert and John W. Mauchly in 1951. It was used by the Census Bureau to predict the outcome of the 1952 presidential election. For the next twenty-five years, mainframe computers were used in large corporations to do calculations and manipulate large amounts of information stored in databases. Supercomputers were used in science and engineering, for designing aircraft and nuclear reactors, and for predicting worldwide weather patterns. Minicomputers came on to the scene in the early 1980s in small businesses, manufacturing plants, and factories.
“In 1975, the Massachusetts Institute of Technology developed microcomputers. In 1976, Tandy Corporation's first Radio shack microcomputer followed; the Apple microcomputer was introduced in 1977. The market for microcomputers increased dramatically when IBM introduced the first personal computer in the fall of 1981. Because of dramatic improvements in computer components and manufacturing, personal computers today do more than the largest computers of the mid-1960s at about a thousandth of the cost. Computers today are divided into four categories by size, cost, and processing ability. They are supercomputer, mainframe, minicomputer, and microcomputer, more commonly known as a personal computer. Personal computer categories include desktop, network, laptop, and handheld”.33 2.2 Meaning of Information Technology: The various institutions defined the term information technology; it does not have any precise definition. In the broadest sense, information technology refers to both the hardware and software that are used to store, retrieve, and manipulate information. At the lowest level you have the servers with an operating system. Installed on these servers are things like database and web serving software. The servers are connected to each other and to users via a network infrastructure. And the users accessing these servers have their own hardware, operating system, and software tools. Information technology Act, defines information as information includes data, text, images, sound, voice, codes, computer programme, software and databases or microfilm or computer generated microfiche.34 Information technology, as defined by the Information Technology Association of America (ITAA) states, “The study, design, development, implementation, support or management of computer-based information systems, particularly software applications and computer hardware”? Encompassing the computer and information systems industries, information technology is the capability to electronically input, process, store, output, transmit, and
33. http://www.answer.com 34. Section-2 (v), of Information Technology Act,2000
receive data and information, including text, graphics, sound, and video, as well as the ability to control machines of all kinds electronically. Information technology is comprised of computers, networks, satellite communications, robotics, videotext, cable television, electronic mail ("e-mail"), electronic games, and automated office equipment. The information industry consists of all computer, communications, and electronics-related organizations, including hardware, software, and services. Completing tasks using information technology results in rapid processing and information mobility, as well as improved reliability and integrity of processed information.35 In Rite Approach Group Ltd V. M\S Rosoboron export36 Supreme Court of India made emphasis on the need of information technology in the field of financial institutions; SC stated that there was an urgent need to incorporate the information technology in the area of financial institution to make accessible its potential benefits to the people. Development in information technology also resulted in to the criminal activities, by means of using a computer as a tool to give effect to that particular criminal activity, so it was important to define the computer crime. It can be defined as a computer crime is any illegal action where the data on a computer is accessed without permission. This access doesn't have to result in loss of data or even data modifications. Arguably the worst computer crime occurs when there are no indications that data was accessed. Computer crime is often attributed to rogue hackers and crackers, but increasingly organized crime groups have realized the relative ease of stealing data with relative low-level of risk. Government organizations are also rumored to be involved with hacking in to computer systems, but the legality of such actions is far too grey an area to be discussed here.37 2.3 Development in technology: Every day, people use computers in their transactions. Computers are increasingly affordable; they continue to be more powerful as information-processing tools as well as easier to use. Due to the technological development in various fields computer has become an useful device everywhere; it can be explained in the following words
35. www.wikipedia.com 36. AIR 2006 SC 401 37 37.http:// www.mariosales.com.
Computers in Business, One of the first and largest applications of computers is keeping and managing business and financial records. Most large companies keep the employment records of all their workers in large databases that are managed by computer programs. Similar programs and databases are used in such business functions as billing customers; tracking payments received and payments to be made; and tracking supplies needed and items produced, stored, shipped, and sold. In fact, practically all the information companies need to do business involves the use of computers and information technology. On a smaller scale, many businesses have replaced cash registers with point-of-sale (POS) terminals. These POS terminals not only print a sales receipt for the customer but also send information to a computer database when each item is sold to maintain an inventory of items on hand and items to be ordered. Computers have also become very important in modern factories. Computercontrolled robots now do tasks that are hot, heavy, or hazardous. Robots are also used to do routine, repetitive tasks in which boredom or fatigue can lead to poor quality work.
Computers in Medicine, Information technology plays an important role in medicine. For example, a scanner takes a series of pictures of the body by means of computerized axial topography (CAT) or magnetic resonance imaging (MRI). A computer then combines the pictures to produce detailed three-dimensional images of the body's organs. In addition, the MRI produces images that show changes in body chemistry and blood flow.
Computers in Science and Engineering Using supercomputers, meteorologists predict future weather by using a combination of observations of weather conditions from many sources, a mathematical representation of the behavior of the atmosphere, and geographic data. Computer-aided design and computer-aided manufacturing programs, often called CAD/CAM, have led to improved products in many fields, especially where designs tend to be very detailed. Computer programs make it possible for engineers to analyze designs of complex structures such as power plants and space stations.
Integrated Information Systems with today's sophisticated hardware, software, and communications technologies, it is often difficult to classify a system as belonging uniquely to one specific application program. Organizations increasingly are consolidating their information needs into a single, integrated information system. One example is SAP, a German software package that runs on mainframe computers and provides an enterprise-wide solution for information technologies. It is a powerful database that enables companies to organize all their data into a single database, and then choose only the program modules or tables they want. The freestanding modules are customized to fit each customer's needs.
Information and Data Processing, Data processing is the input, verification, organization, storage, retrieval, transformation, and extraction of information from data. The term is usually associated with commercial applications such as inventory control or payroll. An information system refers to business applications of computers and consists of the databases, application programs, and manual and machine procedures and computer systems that process data. Databases store the master files of the business and its transaction files. Application programs provide the data entry, updating, and query and report processing. Manual procedures document the workflow, showing how the data are obtained for input and how the system's output is distributed. Machine procedures instruct the computers how to perform batch-processing activities, in which the output of one program is automatically fed into another program. Daily processing is the interactive, realtime processing of transactions. Batch-processing programs are run at the end of the day (or some other period) to update the master files that have not been updated since the last cycle. Reports are printed for the cycle's activities. Periodic processing of an information system involves updating of the master files— adding, deleting, and changing the information about customers, employees, vendors, and products”.38
2.4 Communication Facilities: Efficient marks require the flow of quick and correct information, an efficient communication system, a system of fair and just practices and procedures accompanied by
a strict enforcement of a code of conduct on all. A national market system, if it is to be developed, would vitally depend on the efficient satellite telecommunication system in India and a proper linkage of all stock exchanges. “With the introduction of the Internet, companies, regardless of size, can communicate with each other electronically and cheaply. Companies that do so use it in several ways, depending on whether they are a manufacturer or supplier, although this can be confusing sometimes, as a manufacturer can also be a supplier”.
As a general observation, the main use of internet technologies in most
organizations was in utilizing the reach of the internet to improve contacts with the customers and other stakeholders. Many respondent companies had elaborate plans to implement tools for establishing and maintaining their relations with their stakeholders and improve the performance of the organization. The facilities and the information available through the website were also oriented towards this. However, there were limits to the use on-line technologies in executing B2C transactions, primarily because of the low penetration rates of the Internet in the Indian population. “Other important applications were in the internal processes of the companies wherein the tools of modern information technologies were used quite extensively. The use of supply side solutions is still very low in Indian companies, even among the largest and most sophisticated firms. Much of this can be attributed to the very fragmented nature of the supplier base and of the limited capabilities of second and third tier suppliers. It is ironic that the implementation of advanced technologies for firms in many of the developed countries is done by Indian software companies, yet when it comes to the utilization of these technologies and the consumption of these technologies, Indian business houses and firms lag behind. Of course, the main reason for this as noted above is the meager penetration of on-line technologies in both the consumer and industrial populations. We fully expect that as this survey is repeated, it will reveal the significant changes that occur due to economic progress within the country” 40 2.5 E-Business Transactions:
39. C.f. Saettler, Paul. (1990). The Evolution of American Educational Technology. Englewood, CO: Libraries Unlimited.
40. Information and communication technology in India and its Impact on Business Sectors – a pilot studyAtanu Ghosh, Associate Professor , Shailesh J Mehta School of Management, IIT Bombay, Powai india T.N. Sheshadri Lecturer, Management Department, Birla Institute of technology and science,pilani,rajasthan,india.
Due to the advancement in the technology and computer networks, the Indian trade and commerce was also getting developed tremendously. Now a days the practice of business was not to remain as it was traditionally where the seller and buyer never come face to face to buy the goods or to avail the services, they preferred the use of computers to do this to save the time and exertion. Such kind of on line transaction have developed on a large scale and hence it is necessary to grant the legal protection to these transactions and make it safe from any kind of Spam or save the people from the virus of the online internet frauds. E-Commerce transactions are generally are of the following types 2.5.1 Business to business: If two business organizations conduct commercial transaction with each other using the Internets then such transactions are termed as business-to-business transactions the business-to-business kind of e-commerce refers to a company selling or buying from other companies. In our context here, the company communicates with the other companies by electronic means. This is actually not new, as many businesses have already been doing it since the 80’s by means of Electronic Data Interchange (EDI). “Since the '80s, organizations have been using EDI to conduct business transactions electronically. Some of these transactions include sending/receiving of orders, invoices and shipping notices. EDI is a method of extending the organization’s computing power beyond its boundaries. But the high cost and maintenance of the networks made this method out-of-reach for small and medium sized businesses. In addition, the system is somewhat inflexible, as connecting a new vendor to the network would involve huge costs and restructuring”. 41 2.5.2 Business to Customer: A business to costumer transaction involves a business entity on one side and an individual customer on other hand. www.rediff.com which provides facilities for customers to buy goods from the websites is an example of business to customer website. In this case, the website itself serves as a shop.
The business-to-customer kind of e-commerce refers to a company selling its products or services to the customers using the Internet as the communication medium. This is what most people think e-commerce is about. 126.96.36.199 The virtual shop: Using e-commerce to market and sell can compliment the traditional shop front method. Although there are some businesses that relies solely on the virtual shop front as they do not have a physical store for walk-in customers (e.g. Amazon.com) 188.8.131.52 Building and Maintaining the Virtual Shop: With the business-to-consumer type e-commerce, the company first establishes a website on the Internet. “On the website, the company can put up information about products and services, allow customers to order these from the website and provide customer support services. In order to get customers to the website, the company must inform the public about its existence using traditional means of advertising (commercials, adverts, brochures, etc) and/or online advertising. To keep customers returning to the site, the company must also update it regularly with news about products or promotions”. 42
2.5.3 Customer to Customer:
“A Customer to customer involves two or more customers with the business entity merely providing a web based interface to facilitate the customer-to-customer transactions. www.ebuy.com is one example of a C 2 C website. Anyone can buy and sell and exchange goods and articles using the website’s-buy provide the web based interface (i.e. the website with its database and other functions) and users can transact freely with each other”.43
Electronic Business Transactions also cover the concept of E-Auctions, which are recognized by the Indian Contract Act 1872, and Sale of Goods Act 1930.44 “Applicability of Indian Contract Act and the Sale of Goods Act in this regard we have to note that except the fact that the transactions (e-auction) will take place on the Internet, of elements of the
42 43 44
42. ibid at p 4 43. ibid at p 6 44. Section-64 of sale of goods Act 1930
Contract Act and the Sale of Goods Act are attracted. The law of Indian Contract Act will govern all the parties, including your organization and bidders. With respect to the terms of Electronic Documents, you are requested to kindly refer to Section 2 (r) (t, v), Section 4, Section 6, Section 11, Section 12 and Section 13 of the Indian Technology Act, 2000”.45 “In e-auctions every offer made by a participating party shall definitely be binding as submissions of an on-line bid, via internet will amount to a valid communication and acknowledgement generated automatically and sent to the bidder or sent by e-mail or any other method on the Internet would be a valid acknowledgement and will have a binding force under Section 12 sub section 2 of the Indian Technology Act, 2000. It is further clarified that in case of stipulation is made in the agreement and conditions that the contract will be binding only on the issue of the receipt of communication, in such case unless acknowledgement has been so received, the electronic record shall be deemed to have been never sent by originator. It may please further be noted that as per Section 13 (3) sub section the place of desperate of an electric record shall be treated as the place where the originator has its place of business is deemed to have been received at a place where the addresses has all place of business, thereby the retrieval of information at different places is immaterial and well known for any effect over the jurisdiction. The Indian Technology Act, 2000 specifically provides and consequent amendments in the Indian Evidence Act 1872 have made of electronic records including the record of e-auction/transactions admissible before the court of law”. 46 2.5.5 E-Banking: E-banking activities involve not just banks and their customer, but numerous third parties too. Information held by banks about their customer, there transactions etc changes hands several times. It is impossible for banks to retaining information solely within their own computer networks, let alone a single jurisdiction is impossible. Risks pertaining leakage, tampering or blocking of data are sufficiently high to warrant adequate legal and technical protection. India has no law on data protection leave alone a law governing an area as specific as protection of data in electronic banking. Information security in e banking presents two main areas of risk: preventing unauthorized transactions and maintaining integrity of customer’s transactions. Data protection falls in the latter category.
45. Please refer chapter-IV p 87 46. c.f. www.indianlegalguide.com: E-auctions and Indian law: Ad, Vijay pal dalmia
The Indian Information Technology Act, 2000, basically a framework law, makes hacking a punishable offence under Section 66. Breach of information security is implicitly recognized as a penal offence in the form hacking. The appropriate government (central/state) is empowered to declare any computerized, account computer systematic or a computer network as a protected system. A ten-year prison term and a hefty fine await any person who secures access to the secured computer systematic in contravention of the provisions of the law. In Nasscom vs. Ajay Sood & Others47 in a landmark judgment in the case of National Association of Software and Service Companies vs. Ajay Sood & Others, delivered in March, ‘05, the Delhi High Court declared `phishing’ on the internet to be an illegal act, entailing an injunction and recovery of damages. Elaborating on the concept of ‘phishing’, in order to lay down a precedent in India, the court stated that it is a form of internet fraud where a person pretends to be a legitimate association, such as a bank or an insurance company in order to extract personal data from a customer such as access codes, passwords, etc. Personal data so collected by misrepresenting the identity of the legitimate party is commonly used for the collecting party’s advantage, court also stated, by way of an example, that typical phishing scams involve persons who pretend to represent online banks and siphon cash from e-banking accounts after conning consumers into handing over confidential banking details. The Delhi HC stated that even though there is no specific legislation in India to penalize phishing, it held phishing to be an illegal act by defining it under Indian law as “a misrepresentation made in the course of trade leading to
confusion as to the source and origin of the e-mail causing immense harm not only to
the consumer but even to the person whose name, identity or password is misused.” The court held the act of phishing as passing off and tarnishing the plaintiff’s image. The plaintiff in this case was the National Association of Software and Service Companies (Nasscom), India’s premier software association. The defendants were operating a placement agency involved in head-hunting and recruitment. In order to obtain personal data, which they could use for purposes of head- hunting, the defendants composed and sent e-mails to third parties in the name of Nasscom. The high court recognized the trademark rights of the plaintiff and passed an ex-parte ad- interim injunction restraining
the defendants from using the trade name or any other name deceptively similar to Nasscom. The court further restrained the defendants from holding themselves out as being associates or a part of Nasscom. The court appointed a commission to conduct a search at the defendants’ premises. Two hard disks of the computers from which the fraudulent emails were sent by the defendants to various parties were taken into custody by the local commissioner appointed by the court. The offending e-mails were then downloaded from the hard disks and presented as evidence in court. During the progress of the case, it became clear that the defendants in whose names the offending e-mails were sent were fictitious identities created by an employee on defendants’ instructions, to avoid recognition and legal action. On discovery of this fraudulent act, the fictitious names were deleted from the array of parties as defendants in the case. Subsequently, the defendants admitted their illegal acts and the parties settled the matter through the recording of a compromise in the suit proceedings. According to the terms of compromise, the defendants agreed to pay a sum of Rs1.6 million to the plaintiff as damages for violation of the plaintiff’s trademark rights. The court also ordered the hard disks seized from the defendants’ premises to be handed over to the plaintiff who would be the owner of the hard disks. This case achieves clear milestones: It brings the act of “phishing” into the ambit of Indian Law even in the absence of specific legislation; It clears the misconception that there is no “damages culture” in India for violation of IP rights; This case reaffirms IP owners’ faith in the Indian judicial system’s ability and willingness to protect intangible property rights and send a strong message to IP owners that they can do business in India without sacrificing their IP rights. 2.5.6 E-Commerce: E-commerce is associated with the buying and selling of information, products and services via computer networks. It is a means of transacting business electronically, usually, over the Internet. It involves a composite of technologies, processes, and business strategies that aids the instant exchange of information within and between organizations, buyers and sellers. E-commerce is well suited to facilitate the re-engineering of business processes occurring at many firms. The main objects are:
Reduced costs, Lower product cycle times, faster customer response and Improved service quality by reducing paper work, thus increasing automation Now a days, completely new business strategies and applications are used to approach the customer. Such new types of information based business as on-line customer service helps in reducing costs in managing orders and also interacting with wide range of suppliers and trading partners. With this, E-commerce is expected to improve the productivity and competitiveness of participating businesses by providing unprecedented access to an online global market place with millions of customers and thousands of products and services. “E-commerce is the tool that leads to ‘enterprise integration’ for a company for an industry and ultimately for the vast network of small businesses, government agencies, large corporations and independent businessmen. An e-commerce site will enable one to expand his business by contacting people from various regions without incurring additional expenses of opening up branch offices or extensive and expensive advertisement campaigns. E-commerce has definitely not left India untouched though in India it still has a long way to go before it matches international standards”. 48 2.5.7 E-Contract: “Electronic Commerce Bill does promise to make electronic contracts feasible. Would a supplier making details of goods and services with prices available on a website be deemed to have made an offer or would it be an invitation to treat? Learned authors have opined that there not much difference and therefore unless the website is so designed as to be construed as making an offer, in most situations, such displays would be treated in law as an invitation to treat. The use of e-mails and website offers and acceptances also present fresh challenges to current laws on determination of time and date of offer and acceptance. E-mails may not be actually received, just like the post, or be delayed or even lie unopened. On the other hand, web transactions more closely resemble telephonic and telex communications and offer and acceptance may be instantaneous”. 49 Electronic transactions are conceptually very similar to traditional (paper based) commercial transactions. Vendors present their products, prices and terms to prospective buyers. Buyers consider their options, negotiate prices and terms (where possible), place
48. Ryder D. Rodney, Guide To Cyber Laws, Wadhwa&Co.Publishers: First Ed: 2001p33.
49. C.f. www.asclonline.com.E-contracts In India: A legal perspective: By Ketki Nagarkar.
orders and make payments. Then, the vendors deliver the purchased products. Nevertheless, because of the ways in which it differs from traditional commerce, electronic commerce raises some new and interesting technical and legal challenges. These include – • • • E-contracts cannot satisfy the legal requirements of reduction of agreements to signed documents. Legal rules of evidence to such e-contracts cannot be applied and Interpreting, adapting and compiling many other existing legal standards in the context of electronic transactions. From a legal perspective, one of the most significant issues in electronic commerce is how to create enforceable digital contracts for the sale of goods and services and how to ensure that a digital transaction will be at least as enforceable and valid as a traditional paper-based transaction. “In every business environment, whether transactions are executed in person or over distance there are accepted customers and practices that determine, in conjunction with applicable legal rules, the parties, rights and responsibilities. These practices often include controls such as –Signatures, to evident agreements, Time and date stamping, to provide proof of dispatch, submission, receipt and acceptance and in some cases, witnesses, notaries or other trusted third parties, to acknowledge and authenticate transactions. The purpose of these controls is to create the necessary level of certainty in business transaction. Although electronic commerce is increasing rapidly, the development of a corresponding legal and control infrastructure or mechanisms has lagged behind. The goal of such mechanisms is to make electronic transactions at least as efficient, secure and legally binding as traditional commercial transactions, without forcing users to negotiate customized terms and conditions. At the heart of electronic commerce transaction is the intention and the critical need is to inforce a legal binding agreement between the transacting parties”.50 As far as legality of electronic is concerned these are recognized by the information technology Act, 200051 but the said legislation was not as complete as a whole because it
50. ibid at p38 51. Please refer Chapter-IV p89
has many lacunas or on certain point it is salient then in such cases it is supplemented by the judiciary. Prior to the enactment of the Information technology Act concept of electronic was exist. In Raghubir Singh v. Thakurain Sukhraj Kuar52. For contracts entered into electronically the question will be whether a digital signature, can perform the same function as a conventional signature. Signature has not been defined under Indian law. The General Clauses Act, 1897 whilst not defining the term 'sign' extends its meaning with reference to a person who is unable to write his name to include a mark, with its grammatical variations and cognate expressions. Thus if a mark or thumb impression has been affixed to a document by a person who is able to write his name, it would not be considered as a signature. It can be stated that with the emergence of computer and technology and its unavoidable use in the business transaction pave the way to enact a suitable legislation to provide legal protection to its users.
52. A.I.R. 1939 Oudh 96 at pg 99
CHAPTER-III INFORMATION TECHNOLOGY AND STATUTORY POSITION
After discussing the meaning and the concept of information technology it is desirable to discuss the statutory framework available for the protection of the information technology, all over the world. As it was necessary to provide the statutory base to the information technology therefore people should not hesitate from taking the benefit of this new emerging trend. Information technology has certain importance, which can be stated as under. The importance of information technology cannot be ignored by corporate sector, except at the cost of elimination from the competition. This is so because the use of information technology produces certain advantages, which are not available when the traditional and conventional methods of doing business are used. The use of information technology generates the following advantages to the corporate sector.53 •
Easy handling of day-to-day affairs of an organization,
53. http:// www.legalserviceindia.com
• • • • • • • • • •
Speedy disposal of routine and daily works, Assurance of authenticity, integrity and confidentiality in the functioning of the organization, Cost economy, Integration and interaction with the global institutions and organizations, Better communication and presentation facilities, Assurance of safety and sound security of the sensitive and valuable information, like trade secrets, Instant transfer of data and information where the situation demands so, It provides access to public documents which are digitalized by various departments of the Government, For making online payments of various bills and dues, To file statutory documents online etc.
These benefits can be availed only if the IT is used for legitimate and lawful activities. If the IT is used for unlawful or illegitimate purposes then it will bring counter productive results. Over the last few years, the frauds within the IT world have not only increased in occurrence but also managed to change its forms. The development of new threats has been faster than what the IT world could ever imagine or even come up with terms to describe them (e.g. morphing, phishing, pharming, spear phishing). The distinction between the various types of threats is getting more and more emulsified which is why there was an increasing emphasis on secrecy and stealth, making spyware one of the biggest threats that modern businesses now face. To keep all these on line transaction in the legal ambit and to give legal protection to all who avail the benefit of Information technology, some of the nations including India had created a statutory mechanism which is discussed as under. 3.1 Electronic Commerce Act 2000: “Irish President Mary Mc Aleese placed her digital signature on the bill in a ceremony at Aras a Uachtarain on July 10th, 2000, to make Ireland become only the second country to use a digital signature to sign its Electronic Commerce Bill in to law. Proudly positioning Ireland ahead of its European neighbors in the importance it places on
the e-commerce evolution. The purpose of the Act is to create a legal framework by providing a comprehensive piece of legislation which addresses many of the legal issues that have arisen as a result of electronic commerce and facilitate the growth of electronic in commerce and electron transactions Ireland”.54 “The legal framework created by the Act will help to build trust and confidence in the Irish electronic commerce environment. "The Electronic Commerce Act, 2000 provides for the legal recognition of contracts, electronic writing, electronic signatures and original information in electronic form in relation to commercial and non-commercial transactions and dealings and other matters, the admissibility of evidence in relation to such matters, the accreditation, supervision and liability of certification service providers and the registration of domain names, and provide for related matters”.55 The Act is divided into four parts. “The first part deals with preliminary and general issues such as the commencement order for the Act, statement of definitions, provisions made to empower the relevant Minister to make regulations and the penalties for offences. The second section deals with issues related to legal recognition and non-discrimination in respects of electronic signatures, originals, contracts and other related matters. The confidentiality of deciphering data is also addressed in this section. Probably one of the most significant differences between the Irish Electronic Commerce Act and similar US legislation is that it offers strong and explicit protection to users of encryption and forbids law enforcers from gaining access to their encryption keys. The third section deals with certification services. Issues relating to accreditation, supervision, secure signature creations devices and the liability of certification service providers (CSP's) are defined. The forth section deals with the issues of domain name recognition. The .i.e. domain name is defined and provisions are made for the regulation of the domain name registration system and what regulations may be prescribed”.56 Ireland is determined to produce a body of legislation that will ensure that consumers and businesses will be able to engage in e-commerce easily and securely. In the main the Electronic Commerce Act, 2000 does two things, it codifies elements of the
54. http://www.ucc.ie/law/irlii/statutes/2000_27.htm#z1 55. http://www.ucc.ie/law/irlii/statutes/2000_27.htm#z1 56. ibid at p22
existing common law of contract and it implements much of the EU Directive on esignatures. The main provisions of the Act are as follows: “Information (such data, writing or other text) cannot be denied legal effect, validity or enforceability simply because it is in electronic form”.57 “Where a person is required by law or contract to give information in writing then, in general, this may be given in electronic form by e-mail or otherwise. This would include making an application or request, lodging a claim or return and recording and disseminating a court order”. 58 “Where law or contract requires a person, to sign a document, then this may be given in electronic form”.59 “Contracts may not be denied legal effect simply because they are in electronic form”.60 “The courts may not deny the admissibility into evidence of documents information, communications and contracts simply because they are in electronic form”.61 “‘Advanced Electronic Signatures’, such as public key systems that utilize encryption, may be used for witnessing signatures or sealing documents”.62 “If information is required to be kept in its original form, by law or contract, then it may be kept in electronic form. This is provided that its integrity and accessibility is assured”.63 “If information is required to be retained or produced, by law or contract, this may be done in electronic form”.64 “The Act contains provisions on the dispatch and receipt of electronic communications”. 65 “The Act gives the Minister for Public Enterprise power to prohibit and regulate the registration of the i.e. domain name within Ireland’.66 “Defamation law will apply on-line, Consumer law will apply on-line”.67 “Nobody can be forced to use electronic signatures as a result of the Acts provisions At this point legislation mandating the use of electronic signatures and contracts is commonplace; the Acts provisions may be compared to the UK’s legislation on electronic signatures. The Acts main innovations are that it strenuously protects the privacy of anyone who uses encryption. The Act plainly states that nothing in it may be construed as requiring the disclosure or enabling the seizure of unique data such as codes, passwords,
57. Section-9 Electronic Communication Act 2000 58. Section-12 59 59. Section-13 60 60. Section-19 61 61. Section-22 62 62. Section-14&16 63 63. Section-17 64 64. Section-18 65 65. Section-20 66 66. Section-21&31 67 67. Section -23,15 &24
algorithms, private cryptographic keys or other data. Accessing the signature creation device of another person and using that device to create an electronic signature is an offence punishable by up 5 years imprisonment”.68 “The Act also provides that it will not require the disclosure of codes, passwords, private cryptographic keys or other data”.69 Certification services are vital to the development of advanced electronic signatures; the Act provides that prior approval will not be required before setting up such a service. Although the Minister may provide a regulatory regime for service providers, this will be voluntary. Service providers cannot be forced to obey it. In this regard the contrast between Ireland and the UK’s Regulation of Investigatory Powers Act 2000 (RIPS) is obvious. It will be interesting to see how Ireland’s E-commerce Act 2000 can be balanced with other legislation such as the Interception of Postal Packets and Telecommunications Messages Act, 1993. The Electronic Commerce Act 2000 came into force on the 1st day of September 2000. 3.2 The Electronic Communications Act 2000: “Is an Act of the Parliament of the United Kingdom that: Regulates the provision of cryptographic services in the UK and confirms the legal status of electronic signatures”.70 United Kingdom government (with Tony Blair as prime minister) had seemingly come to the conclusion that encryption, encryption services and electronic signatures would be important to the flowering of e-commerce in the UK. Interestingly, the Bill contained a "sunset clause". “When Blair's party had been the opposition party in the mid-1990s they had opposed what the then UK government (and US government) would have preferred, which was some form of key escrow: keys used in encryption would have to be lodged somewhere accessible to governments. However, when Blair's "New Labour" party came to power they seemed to change their mind; perhaps, as is alleged, because of lobbying by the US. By 1999, however, only the security services still hankered after key escrow. So a "sunset clause" was put in the bill. On May 2000 Electronic Communications Act gave the Home Office the power to create a registration regime for encryption services. This was
68. Section-25 69. Section-28 70 70. Section-7-10 of The Electronic communication Act,2000
given a five-year period before it would automatically lapse. The five years expired in May 2005 and the legislation granting such a power disappeared from the statute book”.71 “The main purpose of the legislation is to help build confidence in electronic commerce and the technology underlying it by providing for an approvals scheme for businesses and other organisations providing cryptography support services, such as electronic services and confidentiality services. The legislation is in two parts:”72 Cryptography Service Providers: This concerns the arrangements for registering providers of cryptography support services, such as electronic signature services and confidentiality services. Facilitation of Electronic Commerce, Data Storage etc. This makes provision for the legal recognition of electronic signatures and the process under which they may be generated, communicated or verified. In recognition of the fact that much legislation pre-dates the age of electronic communications, the legislation gives Ministers the power to make delegated legislation to remove any restrictions in other legislation which prevent use of electronic communications in place of paper. One proposal is to amend the Companies Act 1985 (the cornerstone of UK company law) to allow companies to communicate with shareholders and Companies House by e-mail. Miscellaneous and Supplemental: This part is concerned with the modification of telecommunication licenses and general matters including the territorial extent of the Act. 3.3 The Electronic Transaction Act, 1999: This legislation was passed by the commonwealth of Australia. This act was divided in to the three parts • • Part –A which provides for the introduction and the provisions relating to the applicability and commencement, definitions, and short title of the act Part 2- Application Of Legal Requirements To Electronic Communications This part was again divided in to the three divisions which provides for the provisions for the validity of the electronic transactions, provisions for signature, writing,
72. ibid at p12
production of documents and retention and Time and place of dispatch and receipt of, Attribution of electronic communications respectively • Part-3- provides for the schedules and regulations for the purpose of rule making. “To recognizes the importance of the information economy to the future economic and social prosperity of Australia; and To facilitates the use of electronic transaction and to promotes business and community confidence in the use of electronic transactions; and enables business and the community to use electronic communications in their dealings with government”.73 Whenever these provisions leads to creating difficulties in its true understanding the difficulties are resolved by the judiciary, we can take the reference of these cases. In Regan Gerard Gilmour V. Director of Public Prosecutions74 the court held that a person commits a offence of unauthorized access if he lacks the authority to insert the particular into a computer, notwithstanding that he has the general authority to unsent other information into such computer. The court further held that an entry intentionally made without lawful excuse and known to be false is made without lawful authority. In another case named as Director of public prosecutions V. Murdoch75 the court held that where the question whether the entry was with permission, it would be important to identify the entry and to determine whether that entry was with in the scope of permission that had been given 3.4 Personal Information Protection and Electronic Document Act, 2000: “This act was passed by the Canadian Government to provide the legal recognition to the electronic transaction. The object of the act was to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions and by amending the Canada evidence Act, the statutory instruments Act and the statute revision Act”.76 • Part-1 of the act provides for the Protection of Personal Information in the Private Sector. The purpose of this Part is to establish, in an era in which technology
73 74 75
Object of this Act is to provide a regulatory framework that:
74. (Commonwealth) No. 60488/95 In the supreme court of new south wales.(Australia) 75. 1993 1 VR 406 (Australia) 76 76. http://www.privcom.gc.ca/legislation/02_06_01_01_e.asp
increasingly facilitates the circulation and exchange of information, rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. • Part 2 provides for the provisions relating to the electronic records. The purpose of this Part is to provide for the use of electronic alternatives in the manner provided for in this Part where federal laws contemplate the use of paper to record or communicate information or transactions. • • Part 3, 4, 5, provides for the amendments to the Canada evidence act, statutory instrument act, and statutory revision act respectively. Pare-6 provides for the commencement clause. “The purpose of this Act is to establish uniform economic conditions for the various applications of electronic information and communication services. It laid down the provisions which shall apply to all electronic information and communication services which are designed for the individual use of combinable data such as characters, images or sounds and are based on transmission by means of telecommunication”.77 It also laid down the provisions which made the service provider responsible for their responsibilities these provisions are Providers shall be responsible in accordance with general laws for their own content, which they make available for use. However providers are not responsible for each and every activity it also exclude the providers from the liability in certain cases For e.g. Providers shall not be responsible for any third-party content which they make available for use unless they have knowledge of such content and are technically able and can reasonably be expected to block the use of such content. Similarly Providers shall not be responsible for any third-party content to which they only provide access. The automatic and temporary storage of third-party content due to user request shall be considered as providing access. It also made the provisions for the purpose of identification of the providers such as concerning commercial offers, providers shall
3.5 Information and communication Services Act Of 1997.
indicate: their name and address as well as, in case of associations and groups of persons, the name and address of their authorized representative. 3.6 UNICITRAL Model Law: United Nations Commission on International Trade Law, with a mandate to further the progressive harmonization and unification of the law of international trade and in that respect to bear in mind the interests of all peoples, in particular those of developing countries, in the extensive development of international trade. An increasing number of transactions in international trade are carried out by means of electronic data interchange and other means of communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information. Recalling the recommendation on the legal value of computer records adopted by the Com - 8 mission at its eighteenth session, in 1985, and paragraph 5(b) of General Assembly resolution 40/71 of 11 December 1985, in which the Assembly called upon Governments and international organizations to take action, where appropriate, inconformity with the recommendation of the Commission, so as to ensure legal security in the context of the widest possible use of automated data processing in international trade, Convinced that the establishment of a model law facilitating the use of electronic commerce 9that is acceptable to States with different legal, social and economic systems, could contribute significantly to the development of harmonious international economic relations, Noting that the Model Law on Electronic Commerce was adopted by the Commission at its 10 twenty-ninth session after consideration of the observations of Governments and interested organizations, Believing that the adoption of the Model Law on Electronic Commerce by the Commission 11 will assist all States significantly in enhancing their legislation governing the use of alternatives to paper-based methods of communication and storage of information and in formulating such legislation where none currently exists.78 The model law provides for equal legal treatment of users of electronic communication and paper based communication. Pursuant to the recent declaration by member countries, the world trade organization is likely to form a work program to handle
78. ibid at p 54
its work in this area including the possible creation of multilateral trade deals through the medium of electronic commerce. 3.7 Information Technology Act, 2000: The Information Technology Act deals with the various aspects relating to the ebusiness transaction as well as the offences and penalties. The Information Technology Act, 2000 also plays an important role in the area of contracts through the Section-11, 12 & 13. Under the chapter-IV i.e. Attribution, Acknowledgement and Dispatch Of Electronic Records as if we concern about the overview of the Act it deals with, Provisions relating to the digital signatures, under chapter-II of the Act, by which the authentication of electronic record is made possible. It also made the provision for legal recognition of the electronic records as well as retention of the electronic records under chapter-III of the Act. ChapterV deals with the securing electronic record, digital signature and the procedure for the same. For achieving this purpose the Act, provides for the appointment of the controller and other certifying Authorities. These authorities are vested with the power of issuing Digital signature certificate its revocation and suspension under the Chapter-VI &VII. Chapter-VIII, deals with the duties of subscribers. The Act also prescribes the penalties and adjudication, under Chapter-IX, such as Penalty for damage to computer and computer system, penalty for failure to furnish information. “The act also made provision for the establishment of cyber Regulations Appellate Tribunal under chapter-X. Chapter XI specially deals with the offences, such as tampering with the computer source documents, hacking with computer system, publishing of information which is obscene in electronic form”.79 Section-70 of the information technology Act 2000 which provides for Protected System80 1) The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system. 2) The appropriate Government may, by order in writing, authorize the persons who are authorized to access protected systems notified under sub-section (1). 3) Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this section shall be punished with
79. Information Technology Act,2000 :Ravi Pullani And Mahesh Pullani pp-24,33.45,55 80. Section- 70 0f Information technology Act,2ooo
imprisonment of either description for a term which may extend to ten years and shall also be liable to fine. This section was challenged and held valid in the case of Firos v. State of Karla81 this case justice V.K. Bali, C.J. and J.B. Koshy, J. Section 70 of the Information Technology Act is not unconstitutional, but, while interpreting Section 70 of the Information Technology Act, a harmonious construction with Copyright Act is needed and copyright of IT Government work is also protected under the Copyright Act and remedy provided under the Copyright Act can be availed by the parties, if their copyright is infringed even in respect of IT work. No grounds are made out by the petitioner to set aside Ext.P10 notification issued under Section 70 of the Information Technology Act in a petition under Article 226 of the Constitution of India. Therefore, the Writ Appeal is dismissed. “On 18th October the union cabinet of India has decided to amend IT act 2000 and decided to expand the scope of section 72 of the act to provide for criminal liability in case of leak of information. "This will prevent any intermediary and service provider, which has secured any material or information from a user entering into a contract with it, from passing it on to others without the consent of the user. Violations will invite imprisonment for a term of up to two years or fine of up to Rs. 5lakh (Rs.500, 000/-) or both, "an official of the department of information technology said. The amendment introduces 5 million rupees (equivalent to 5, 00,000 GBP) penalty on any company found leaking sensitive information which will be paid as damages to the affected party. This will cover all sensitive data or information which a company may own, possesses, control, or operate. The Cabinet has also approved a proposal to amend Section 43 of the IT Act, under which a person involved in hacking of computers will be liable for punishment of up to two years or fine of up to 5 lacks (5000 GBP approximately) or both. The department of information technology is also keen to reduce crime like e-commerce frauds through digital signatures and impersonation such as phishing, and identity theft. It has proposed to insert a new section in the Indian Penal Code, under which the punishment for identity theft may be extended to two years and a fine, while the penalty for impersonation may be extended to 5 years and a fine”.82
81. AIR 2006 ker 279 82. http://www.lawdit.usa.co
Recently, many cases related to theft of data have been reported and this time Indian government is very keen to assure foreign investors about India’s sensitivity to their concerns on data theft and also the unauthorized access to the computers. In U.S.A. Briggs V. state of Maryland83 the primary issue raised in this case was the meaning of the statutory requirement of access “without authorization” under the American law, the question the court has to answer was whether an employee who is entitled to use an employers computer system in connection with employment duties, but who exceeds the scope of that authorization, is committing unauthorized access. “Further in the year 2006 central Government consider amending this act, and therefore Bill was prepared by taking in to account the difficulties faced by the Government while implanting earlier act. One of the major changes inserted by 2006 amendment bill is In the Information Technology Act, 2000 for the words “digital signature” occurring in the Chapter, section, subsection and clause referred to in, the words “electronic signature” shall be substituted”.84 However at present the situation is that The Information Technology Act, 2000 yet not amended. It is given that any statute should be abreast with the phenomena it aims to regulate. This constant holds good in the case of The Information Technology Act, 2000. Though not an archaic legislation, however since it aims to regulate information technology it will require constant updating. This is due to the, (a) subject matter being information technology has a accelerated pace of development (b) intensive approach employed in it as opposed to a general framework to regulate information technology. Moreover there have been real world constraints in its implementation, sometimes its implementation has resulted in inequitable results e.g. the bazee dot com case. Due to these circumstances an expert committee was formed to review the information technology act. The committee pointing out several lacunas in the enactment proposed amendments to it in the report it tendered to the ministry of information technology. Well the beaurocrats did what they did best. They waited for two years and finessed the language of the amendments. The result was the Information Technology Amendment Bill, 2006. It was introduced in the Lok Sabha / Rajya Sabha with a view:
83. 348 Md 470 (1998) (USA 84. Information Technology (Amendment) ,Bill 2006
“To corporate the recent developments nationally and internationally particularly with reference to provisions related to data protection and privacy in the context of Business Process Outsourcing (BPO) operations, liabilities of network service providers, computer related offences, regulation of cyber cafes, issues relating to child pornography, etc. and to make the act technology neutral and to streamline the operational issues of Controller of Certifying Authority (CCA), Certifying Authorities (C As) and subscribers”.85 Now contrary to popular opinion the amendments were not passed. The Information Technology (Amendment) Bill, 2006 was referred to the standing Committee on Information Technology on 19th December, 2006 for examination and report within three months. Yes it has not yet been passed, yes the Information Technology Act, 2000 has not been amended yet. So with this discussion we can say that for the protection of information in the Cyber environment various statutes are enacted worldwide. Among those IT Act 2000 is the Indian Legislation which tries to cover different issue pertaining to the Cyber Crime and certain other E-transactions and also the authentication of E-records by the Government or other financial institution. Whenever the above statutory framework lacks its applicability then in such situation judiciary had joined the hands for the protection of people and other business entities from injustice.
CHAPTER-IV INCORPORATION OF INFORMATION TECHNOLOGY ACT IN THE BANKING TRANSACTIONS
4.1 Introduction: The banking sector in India underwent an unprecedented transformation in the 1990s with the emergence of a large number of private as well as foreign multinational banks. As a result of the economic reforms, the number of banks increased rapidly. “With the emergence of a large number of banks in the Indian economic set up, banking activities increased manifold and affected a large number of areas of operation of banks, particularly in the field of bank lending. Banks used to and still operate on the pattern of extending credit on the basis of security given by its customers associated with the bank. The facility of extending credit is recognition of the changing times in which banks have to operate in a
changing and ever evolving economic scenario. Growing needs coupled with the realization of higher rate of investments is a compulsion giving birth to bank credit”.86 “The Indian Information Technology Act, 2000, basically a framework law, makes hacking a punishable offence under Section 66. Breach of information security is implicitly recognized as a penal offence in the form hacking. The appropriate government (central/state) is empowered to declare any computerized, account computer systematic or a computer network as a protected system. A ten year prison term and a hefty fine await any person who secures access to the secured computer systematic in contravention of the provisions of the law. Despite the deterrence characterized by the penal provisions of the IT Act, 2000, a lacuna in the law is that organizations and entities can take action against those who breach data security procedure, but they are not obliged to implement data security measures to protect consumers and clients. The IT Act does not lay down any such duty upon banks. Contrastingly, in UK, failure to undertake identification of new customers properly can create an array of risks for the bank. Under the Data Protection Act, 1998 an erring bank may face an action for damages if it fails to maintain adequate security precautions in respect of the data. Essentially, a legal duty is thrust upon the banks, to use reasonable care and skill in disseminating information to persons who access the banking networks either on the internet or though an ATM card”.87 In India, a Bank liability would arise out of contract as there is no statute to the point. When liability is contractual it means that the bank is, by virtue of the contract, under an obligation to keep customers data secret. If transactions are being done on an open network such as the internet then in case of a security breach, an internet service provider (ISP) may be liable, in addition to the bank, though ambiguity persists as regards liability of an internet service provider due to dearth of decided case law on the point. Information Technology Act, 2000 laid certain provisions for the data protection pertaining to the banking which are discussed as under88
86. C.f.www.india.indymedia.org. Internet banking and its challenges in India by Praveen Dalal cyber law consultant and Advocate of supreme court of India , Wednesday, December 28, 2005
87. Praveen dalal : Internet Banking In India 88. Information Technology Act, 2000: Ravi Pullani And Mahesh Pullani, 2000.
4.1.1 Section 43: This section provides protection against unauthorized access of the computer system by imposing heavy penalty up to one core. The unauthorized downloading, extraction and copying of data are also covered under the same penalty. Clause ‘c’ of this section imposes penalty for unauthorized introduction of computer viruses of contaminants. Clause ‘g’ provides penalties for assisting the unauthorized access. 4.1.2 Section 65: This section provides for computer source code. If anyone knowingly of intentionally conceals, destroys, alters or causes another to do as such shall have to suffer a penalty of imprisonment or fine up to 2 lacs rupees. Thus protection has been provided against tampering of computer source documents. 4.1.3 Section 66: Protection against hacking has been provided under this section. As per this section hacking is defined as any act with an intention to cause wrongful loss or damage to any person or with the knowledge that wrongful loss of damage will be caused to any person and information residing in a computer resource must be either destroyed, deleted, altered or its value and utility get diminished. This section imposes the penalty of imprisonment of three years or fine up to two lakh rupees or both on the hacker. 4.1.4Section 70: This section provides protection to the data stored in the protected system. Protected systems are those computers, computer system or computer network to which the appropriate government, by issuing gazette information in the official gazette, declared it as a protected system. Any access or attempt to secure access of that system in contravention of the provision of this section will make the person accessed liable for punishment of imprisonment which may extend to ten years and shall also be liable to fine. 4.1.5 Section 72: This section provides protection against breach of confidentiality and privacy of the data. As per this, any person upon whom powers have been conferred under IT Act and allied rules to secure access to any electronic record, book, register, correspondence, information document of other material discloses it to any other person, shall be punished
with imprisonment which may extend to two years or with fine which may extend to 1 lakh rupees or both. 4.1.6 The Personal Data Protection Bill, 2006: Upon the footprints of the foreign laws, this bill has been introduced in the Rajyam Sabha on December 8th 2006. The purpose of this bill is to provide protection of personal data and information of an individual collected for a particular purpose by one organization, and to prevent its usage by other organization for commercial or other purposes and entitle the individual to claim compensation or damages due to disclosure of personal data or information of any individual without his consent and for matters connected with the Act or incidental to the Act. Provisions contained in this Act are relating to nature of data to be obtained for the specific purpose and the quantum of data to be obtained for that purpose. Data controllers have been proposed to be appointed to look upon the matters relating to violation of the proposed Act.89 In the matter of Himalaya Drug Company V/s. Sumit90 the Delhi High Court proceeded ex-parte against the defendant who admitted to pass a Herbal Data Base as that of plaintiff had violated the trade dress. The brief facts of the case were that the plaintiffs were engaged in the manufacture and sale of Ayurvedic medicinal preparations and had developed a Website under the domain name www.thehimalayadrugco.com. The plaintiff developed a Section titled “HIMALYAS HERBS” which consists of Data Base of over 209 Herbs and which essentially is a detailed monograph on each of the said herbs. The plaintiffs have spent considerable time, labor, skill and money in preparing the Data Base of Ayurvedic Herbs that is mentioned herein above. The plaintiffs also claimed before the Hon’ble High Court of Delhi that it took more than a year to prepare the said Data Base to the company. It came to the notice of the plaintiff that the defendants were operating a Website http://ayurveda.vertualaba.net which reproduced the plaintiff’s entire Herbal Data Base. It was also revealed that the defendant had not only copied the preliminary information of each Herb, but also the detailed monograph. The copying was also done to an extent that even the grammatical or syntactical errors that appear on the plaintiff’s Website have been copied on to the defendant’s Website. The Delhi High Court not only restrained the defendant by an order
89. ibid at p23 90. 2006(32) PTC 112 (DEL),
of permanent injunction from reproducing, communicating to the public, adopting, using or infringing in any other manner the plaintiff’s Copyright in the Herbal Data Base as well as each Herbal Write-up /Description that comprises the Herbal Data Base, but also awarded punitive damages to the extent of Rs. 8 lacs. In the recent case of Daljit Titus, Advocate & Ors. V/s. Alfred A. Adevare & Ors.91 the Delhi High Court protected the works done by the defendant in the plaintiff’s law firm as an employee of the firm for the benefit of clients of the plaintiff under their contract of service. The basic facts of this case were that the plaintiffs were running a law firm where advocates specializing in different fields were under one roof. The defendants were working with the plaintiff’s firm and were paid remuneration while they remained in control of the professional business of the organization. The defendants in the above case claimed to be the owners of the Copyright in the work done by them while in the organization of the plaintiff. The question which arose before the Hon’ble High Court was that whether there is an exclusive right of any of the parties in respect of the data base of the list of clients and law firms and opinion and advices in respect of which the parties had an obligation to maintain confidentiality which they have created or whether it was a joint right of all the parties. The plaintiffs claimed to have spent a substantial amount of money in training skills, computer network, specialized and customized Software, law library, office infrastructure etc. The plaintiffs claim that one of the defendants came to the office of the plaintiff after the dispute arose between the parties after the office hours and had downloaded 7.2 GB of Data Base of plaintiff’s crucial Data, Write-up through plaintiff’s local area network and also alleged that the defendants have stolen the hard copies comprising of over 10 proprietary drafts of the plaintiff. The plaintiffs prayed for protection of their exclusive Data under the Indian Copyright Act, 1957. The Delhi High Court while keeping in view the arguments advanced by both the parties reached at the conclusion that the plaintiff had a prima facie case in respect of the Data Base rights in the Data taken away by the defendants. It observed that the defendants were free to carry on their profession, utilize the skills and information they had mentally retained, but restrained them from using the copied material of the plaintiff in which the
91. 2006(32) PTC 609 (DEL),
plaintiff alone has a right. The defendants were also restrained to utilize the agreements, due diligence reports, list of clients and all such materials which came to their knowledge or have been developed during their relationship with the plaintiff. The above case raise the issue of well drafted contracts before entering into any kind of relationship with the parties. It envisaged the need of the proper clauses to be drafted as to the dealing of Data, Computer Data Base while in relationship or at the termination of such agreements. “Whenever an employee of a Solicitor firm drafts a document, the employer is the first owner of the Copyright document”, which means that to protect the Data, computer Data Bases of an organization, one needs to have good drafted contracts with an employee so that no dispute arises after the termination of service of an employee”.92 Hence it can be stated that, a sound and effective banking system is the backbone of an economy. The economy of a country can function smoothly and without many hassles if the banking system backing it is not only flexible but also capable of meeting the new challenges posed by the technology and other external as well as internal factors. “The importance and role of information technology for achieving this benign objective cannot be undermined. There is an urgent need for not only technology up gradation but also its integration with the general way of functioning of banks to give them an rim in respect of services provided to the customers, better housekeeping, optimizing the use of funds and building up of management information system for decision making. The technology has the potential to change methods of marketing, advertising, designing, pricing and distributing financial products and services and cost savings in the form of an electronic, self-service product-delivery channel. The technology holds the key to the future success of Indian Banks. Thus, “Internet Banking” is the need of the hour, which cannot be lost sight of except at the cost of elimination from the competition. The existence of Internet banking also becomes inevitable due to the standards required to be matched at the international level. Thus, the domestic as well as the international standards mandates the adoption of Internet banking at the earliest possible moment”.93 4.2 Payment and Financial System:
92. P.Narayanan on Copyright and Industrial Design – (Third Edition) para 6.28 93. http://www.financial-ombudsman.org.uk/about/index.html
The benefits and advantages of information technology for the smooth and efficient functioning of the banking business cannot be disregarded and sidelined. Its proper and methodical use can bring the following advantages 4.2.1 Sound Payment System: The first advantage originating from the use of technological advances relates to the Payment systems, which form the lifeline of any banking system. The payments in India are largely cash based although there are non-cash based payments as well. The usage of electronic means of funds movement and settlement is still in its stages of formative years. “The various forms of electronic based payment, such as credit cards, Automated Teller Machines (ATMs), Stored Value cards, Shared Payment Network Service (SPNS) etc, are emerging at an incredible speed. Many banks have made initiatives aimed at electronic modes of funds movement. While this is a positive development, it needs to be ensured that such funds transfers are made in a high level of security so that no unauthorized usage occurs in the newer modes being implemented by banks. It is this area, which has been the focus of attention by the Reserve Bank – and the efforts have now resulted in the form of the Structured Financial Messaging Solution (SFMS). The SFMS incorporates adequate security measures, including that of Public Key Infrastructure (PKI), with encryption software equivalent to some of the best security measure in the world. The use of the SFMS over the INFINET would automatically provide safe, secure and efficient funds transfers with the added benefit of the settlement of inter-bank funds transfers taking place in the books of account of banks, maintained with the Reserve Bank, thereby providing for finality of the settlement. Further, the message formats used in SFMS are very similar to those used by SWIFT, resulting in ease of usage by the banking community in the country. This secure messaging backbone can be used for a number of intra-bank applications also”.94 4.2.2 Sound Financial System: The information technology revolution has significantly benefited the financial system. In particular, there are four key areas in which the financial system has experienced the benefits of the technology revolution: product development, market infrastructure, risk control and market reach. In the process, technology has changed the contours of three
94. ibid at p76
major functions of financial intermediaries: access to liquidity, transformation of assets and monitoring of risks. The Indian financial system is adapting itself to these developments and is acquiring a customer-centric focus. The proliferation of Automated Teller Machines (ATMs), networking of these ATMs and Shared Payment Network based ATMs have been features which have been welcomed by the banking public. Other innovations already within the domain of banks and financial systems in India include Internet Banking, Electronic Funds Transfer and 'Anywhere/ Anytime banking', all of which have a high level of technology embedded in the systems offering these services. In recent years, the Reserve Bank has assigned priority to upgrading the technological infrastructure of the Indian financial system. Efforts have been made to modernize clearing and payment through Magnetic Ink Character Recognition (MICR) based cheque clearing, Electronic Clearing Services and Electronic Funds Transfer (ECS and EFT) and the Centralized Funds Management System (CFMS) 4.2.3 The history of payment: The statutory basis for the negotiability of payment is provided by the Negotiable Instrument Act, 1881 it defines a negotiable instrument as a promissory note, Bill of exchange or cheque. A bill of exchange is an instrument in writing containing an unconditional order signed by the maker, directing a certain person to pay a certain sum of money only to or to an order of, a certain person or to the bearer of the instrument. The payment instrument described above is all paper based and requires to be tendered at specific banks for payment either in person or through collection. Under the N.I. Act 1881, the cheque or instrument has to be presented to the drawer. ‘The requirement of Modern economy concerning settlement of transactions is diverse and multifarious. The needs of manufacturing trade and other commercial activities involve large value payments owe vast geographical distances .The chief disadvantage of the cheque and the deemed draft is that these instrument have to be physically presented, often leading to delays in payment. To overcome delays .fund transfer through the medium of telex were introduced. The telegraphic transfers represent payment instructions sent in a telex mode to an upcountry branch of the same bank or correspondent bank branch to credit
the beneficiaries account with a given amount. Cipher code is appended to the text of the message to insure its integrity and authenticity during transit”.95 The use of money for settlement of payment obligations has a very long history .Use of non-cash exchange through barter preceded the introduction of money. Barter, however co-exists with a monetized economy in some underdeveloped agriculture societies even now .However currency or cash, is the most readily accepted medium of exchange in all modern societies, because it is the legal lender and helps to bring about an irrevocable settlements. Currency is an important means of payment in India. 4.2.4 Debit Cards: “Debit Cards, also called `check cards', appear similar to an ATM or a credit card. Though debit card serves the same purpose as a credit card, unlike a credit card, it does not offer any credit facility, but entails a debit to the holder's bank account every time it is used. In other words, the debit card works like a cheque book, giving the holder access to his bank account at all hours. It makes sure the holder spends only the balance available in his account and also keeps track of his purchases”.96 There are two types of debit cards - direct debit cards (on-line debit cards) and deferred debit cards (off-line debit cards). In the case of direct debit cards, the money is electronically transferred from the cardholder's account to the merchant's account, on entry to the holder's PIN in the store's terminal. In the case of deferred debit cards, the transaction gets recorded in the merchant's terminal and is executed in two-three days following the actual transaction. Currently, only direct debit cards are in use in India. Some cases are registered and are now under investigation relating to the credit card frauds. In Chennai a case was registered with the Chennai police station in which several section of Indian penal code along with the section 66 of information technology Act was involved the facts of the case are as under. The assistant manager (the complainant) with the fraud control unit of a large business process outsourcing (BPO) organization filed a complaint alleging that two of its employees had conspired with a card holder to manipulate the credit limit and as a result cheated the company of INR 0.72 million.
95. Ryder D. Rodney,Guide To Cyber Laws, Wadhwa&Co.Publishers:First Ed:2001.p-78
The BPO facility had about 350 employees. Their primary function was to issue the bank’s credit cards as well as attend to customer and merchant queries. Each employee was assigned to a specific task and was only allowed to access the computer system for that specific task. The employees were not allowed to make any changes in the credit-card holder’s account unless they received specific approvals. Each of the employees was given a unique individual password. In case they entered an incorrect password three consecutive times then their password would get blocked and they would be issued a temporary password. The company suspected that its employees conspired with the son (holding an addon card) of one of the credit card holders. The modus operandi suspected by the client is as follows. “The BPO employee deliberately keyed in the wrong password three consecutive times (so that his password would get blocked) and obtained a temporary password to access the computer system. He manually reversed the transactions of the card so that it appeared that payment for the transaction has taken place. The suspect also changed the credit card holder’s address so that the statement of account would never be delivered to the primary card holder”.97 In one another incident on Feb.28th, 2000 three peoples were held guilty in one online credit card fraud. The case can be discussed as under: Customer’s credit card details were misused through online means for booking airtickets. These culprits were caught by the city Cyber Crime Investigation Cell in Pune. It is found that details misused were belonging to 100 people. Mr. Parvesh Chauhan, ICICI Prudential Life Insurance officer had complained on behalf of one of his customer. In this regard Mr. Sanjeet Mahavir Singh Lukkad, Dharmendra Bhika Kale and Ahmead Sikandar Shaikh were arrested. Lukkad being employed at a private institution, Kale was his friend. Shaikh was employed in one of the branches of State Bank of India. According to the information provided by the police, one of the customer received a SMS based alert for purchasing of the ticket even when the credit card was being held by him. Customer was alert and came to know something was fishy; he enquired and came to know about the
misuse. He contacted the Bank in this regards. Police observed involvement of many Banks in this reference. “The tickets were book through online means. Police requested for the log details and got the information of the Private Institution. Investigation revealed that the details were obtained from State Bank of India. Shaikh was working in the credit card department; due to this he had access to credit card details of some customers. He gave that information to Kale. Kale in return passed this information to his friend Lukkad. Using the information obtained from Kale Lukkad booked tickets. He used to sell these tickets to customers and get money for the same. He had given few tickets to various other institutions. Cyber Cell head DCP Sunil Pulhari and PI Mohan Mohadikar A.P.I Kate were involved in eight days of investigation and finally caught the culprits”.98 “The debit card design is similar to that of any credit card or an ATM card and follows the same process of authentication. A typical debit card transaction includes the following steps”. 99 • • • When the card is presented for payment at the payment counter, it is swiped through the reader. The card gets connected to the cardholder's bank account and the holder is required to enter his ATM PIN to forward the transaction. The bank debits the cardholder's account with the value of the goods or services purchased, fee, charges cash and other payments made by the cardholder through the card. • The transactions appear in the account statement of the accounts related to the card. Citibank and HSBC were the pioneers in the Indian credit card market in the 1980s. Over the next two decades, the number of players increased to more than ten in 2000. The credit card market registered a healthy annual growth rate of over 25% during 1987 - 2001. Besides Citibank and HSBC, the other leading players in the market were SBI, ICICI, Bank of India and Standard Chartered Bank. A wide variety of cards were introduced in the
98. ibid at p 36 99. www.statebankofondia.com
market during this period ranging from gold, silver and smart to global, affinity to secure cards. The credit card issuers principally targeted the uppers and middle classes. However, while the middle class population was around 300 million in 2001, the total credit card users amounted to only over 10 million. Identifying the vast potential for growth in the middle class segment, many players entered the fray. This intensified the competition, and forced the players to enhance their product and service offerings (through co-branded cards), enhance their card technologies, expand their reach through increased number of card operating outlets and extend the card facilities to smaller cities, apart from the metros and tourist centers. Measures for Plastic Card Protection100: • • • • The card should be signed as soon as it is received. The PIN should be entered in such a way that no one will be able to easily memorize the number typed. The receipt should not be left behind at the ATM. The PIN and account number from a discarded receipt could make the cardholder susceptible to credit-card fraud. The credit-card statement, receipts or carbons should not be thrown without first being shredded. • Giving the card number over the telephone has to be avoided, unless the call has been initiated by the cardholder. Giving the card number over a cordless phone, even when the call is initiated by the cardholder is not recommended. • • • • Credit card offers that require the holders to spend money up-front or which fail to disclose the identity of the card issuer should be ignored. The card should be taken back after the transaction is completed. The cardholder should take care of cancelled sales slips by personally tearing them. A record of all credit cards, credit-card numbers and toll-free numbers has to be maintained. Monthly statements should be thoroughly checked, to make certain the holder himself made all the transactions. He should immediately inform the card issuer in case of errors of unauthorized charges.
100. ibid at p 56
Aversion to debt: The average Indian consumer was found to be averse to the concept of utilizing debt to meet his needs. As the credit card business offered short-term loans, Indian customers were slow to respond to the concept.
High Interest Rates: The short-term credit offered to the holders was to be repaid within a stipulated time-period, failing which the cardholder had to pay a high interest over the amount not repaid. Carry forward of payments past the scheduled limit at times resulted in a debt trap for the cardholder. The interest reached 36% - 40% per annum in some cases.
Limited number of card operating outlets and their location: Until the late 1990s, the credit card market in India was largely confined to the metros and other major cities. The number of outlets offering the service was also limited.
4.2.5 Stored Value Card: A stored-value card represents money on deposit with the issuer, and is similar to a debit card. One major difference between stored value cards and debit cards is that debit cards are usually issued in the name of individual account holders, while stored value cards are usually anonymous. “The term stored-value card is usually a misnomer, as most indicia of the cards' value are maintained on computers affiliated with the card issuer. The value associated with the card can be accessed using a magnetic stripe embedded in the card, on which the card number is encoded; using radio-frequency identification (RFID); or by entering a code number, printed on the card, into a telephone or other numeric keypad”.101 “Stored value cards are one of the most dynamic and fastest growing products in the financial industry. Anyone who makes purchases with a merchant gift card, places phone calls with a prepaid telephone card, or buys goods or services with a prepaid debit card is using a stored value card. Certain types of these cards are being heavily marketed to lower-income consumers, especially the unbanked or underbanked. Although these cards may provide consumers with a more effective means of accessing funds and making financial transactions than cash, consumers need to be aware that these cards come with a vast array of features, fee structures and levels of consumer protections. This article highlights many of the principal features of these financial innovations and identifies
important aspects of these cards that consumers must be aware of in order to make informed decisions about the products that best meet their financial needs”.102 “Stored value cards provide a way to make financial transactions. Stored value cards use magnetic stripe technology to store information about funds that have been prepaid to the card. Payroll cards, government benefit cards, prepaid debit cards, gift cards, and telephone cards are examples of stored value cards. There are two main categories of stored value cards in the marketplace. The first prepaid cards made available to the marketplace were single-purpose or ‘closed-loop’ cards. Gift cards, which can only be used to purchase goods at particular retailers, and prepaid telephone cards, which can only be used to make telephone calls, are examples of single-purpose cards. The second type of card to emerge was a multipurpose or ‘open-loop’ card, which can be used to make debit transactions at a wide variety of retail locations, as well as for other purposes, such as receiving direct deposits and withdrawing cash from ATMs. Some multipurpose cards are branded by Visa or MasterCard and can be used wherever those brands are accepted”.103 Consumers obtain stored value cards in a variety of ways. They may obtain a payroll card from an employer, an electronic benefit card from a government agency, or a gift card from a retail store. Typically, a consumer would apply for a general spending multipurpose card by telephone or online, although these cards may be increasingly offered at check-cashing outlets, money transfer company locations, and retail stores. “The stored value card market is growing and evolving rapidly. According to industry estimates, more than 2,000 stored value programs are available, with roughly 7 million Visa- or MasterCard-branded stored value cards in the marketplace. There are approximately 20 million users and that figure is expected to more than double to 49 million users by 2008. In 2003, stored value cards were used to make $42 billion in transactions. By 2006 over $72 billion in stored value transactions are expected. Experts put this industry in the introductory or early growth stage of the product life cycle, suggesting that there is substantial growth potential in the years ahead. These industry figures include all stored value cards, such as multipurpose general spending cards, payroll
102. ibid at p 45 103. www.storevalue.aaa.com
cards, government benefit cards, child support payment cards, merchant gift cards, and telephone cards”.104 4.2.6 Automated Teller Machine: “The automated teller machine (ATM) is a computerized telecommunication device that provides the customers of a financial institution with access to financial transactions in a public space without the need of the human clerk or bank teller. On most modern ATM’s, the customer is identified by inserting a plastic ATM card with a magnetic stripe or a plastic smartcard with a chip, that contains a unique card number and some security information ,such as an expiration date. Security is provided by the customer entering a personal identification number (PIN)”.105 “Using an ATM, customers can access their blank accounts in order to make cash withdrawals (or credit card cash advances) and check their account balances. ATMs are known by various casual terms including automated banking machine, money machine, cash machine, hole-in-the-wall, cash point or Bancomat”.106 “Customers of one bank will be allowed free use of ATMs of other banks from April 1, 2009. Customers will soon be able to walk into any bank ATM and check their account balance for free, said the RBI in its draft circular on ATMs of banks: Fair Pricing and Enhanced Access. The central bank has rejected banks' plea to cap the number of free cash withdrawals every month by saying that such a cap was not desirable and not practical. Banks with a large ATM network were crying foul over the free ATM usage after RBI, in its draft approach paper on ATMs of banks, had said the use of ATMs of own banks for any purpose and of other bank ATMs for balance enquiries should be free of cost with immediate effect. For withdrawal of cash from ATMs of other banks, RBI has asked banks to cap charges at the rates prevailing as on December 23, 2007 and to reduce all charges to a maximum of Rs 20 per transaction from up to Rs 55 charged now from March 31, 2008. It has further suggested that cash withdrawals from any bank ATMs should be free from April 2009.RBI had earlier issued an approach paper on ATM charges and stuck to its stance despite banks not expressing their opposition to completely free usage of ATMs. Earlier in the day, RBI Deputy Governor V Leeladhar in reference to a veiled threat
104.htto:// www.paymentnews.com 105. ibid at p 3 106 106. http://www.wikipedia.com
by banks to slow down ATMs rollout said that commercial banks which were raking in huge profits needed to temper the urge to levy fee on ATM transactions. Banks are making profits in the region of Rs 2,000-3,000 crore. Many of them are prompt to announce how they have posted profits higher than those of competing banks every quarter, Leeladhar said. The RBI deputy governor said, in such circumstance, banks should do something for clients. The cost of setting up an ATM has come down from Rs 30 lakh a unit a few years ago to Rs 6 lakh now. The regulator had invited comments from the general public and banks on the draft paper. Bank customers wanted the regulator to make the service free immediately instead of April 2009. On the other hand, some respondents apprehend that such a move of making service charges free may decelerate the deployment of ATMs by acquiring banks. The Indian Banks Association (IBA) had also suggested that the number of free transactions at ATMs of other banks be restricted to two per month. Also in metro centers, the minimum cash withdrawal may be stipulated at Rs 500 for accounts other than the no-frill ones. It had also suggested a cap to be fixed for balance enquiry as such transactions attract inter-change. This has not found favour with the regulator. The regulator also rejected the other suggestions made by banks and IBA to permit third-party advertisement on ATMs may be permitted as a revenue stream for the banks, white-label ATMs be permitted, cash withdrawal at the point of sale may be permitted so that the load on ATMs be reduced”.107 “On 25th September, 2007 21 lacs Rs were stolen from Mumbai ATM. The facts of the case can be stated as under Mumbai police, investigating Sunday's Rs 21.19 lakh theft from a Citibank ATM, suspect an insider's involvement. The bank had outsourced the maintenance and housekeeping to Euro Net and G4S Cash Services Pvt Ltd was entrusted with loading "cash cassettes" into the machine. Officials said that a key was required to open the rear of the machine and two three-digit security codes had to be keyed in to unlock the panel containing cash and a layperson would not be aware of these technical aspects. Officials have questioned around 20 persons so far, including staffers of G4S Cash Services. "Those who have resigned in the recent past or are on leave will also be called for questioning," an official said. "We also cannot rule out the possibility of more than one culprit being involved," senior inspector Surendra Jaiswal said. "The events unfolded with
107.Draft circular issued by the RBI The Economics Times. 12th Dec 2007
clockwork precision, with the accused even taking away the closed-circuit television tapes," he added. The guard manning the ATM kiosk, Dayaram Jaiswar, was bound and blindfolded with gumplast. He told police that the culprit spoke chaste Hindi and was very rough in his mannerisms. He wore a helmet and sunglasses. Jaiswar was on Monday taken to the police unit at Crawford Market and shown photographs of previous offenders but he failed to recognise any. Five G4S Cash Services employees are entrusted with refilling the machine with cash, a job carried out at night. The quantity refilled at one go is usually Rs 8 lakh. But, on Saturday, the loaders refilled at least thrice the amount; the following day was a Sunday and ongoing festivals meant more withdrawals were likely, officials explained. The incident occurred between 4.45 am and 6.20 am. The robber deactivated an alarm on the security panel on the wall, then fished out a key from his pocket and opened the ATM's back panel, punched a code turning the machine to 'function mode' from 'service mode'. A lower door in the machine slid open as he punched in this code, a lower door of the machine slid open. The accused then entered another six-digit code that prompted the "cash cassettes" to spring out. The accused was smart enough not to empty the machine as that would let off an alarm at the company's office; he left behind Rs 8,800. He took away Rs 21.19 lakh; it was carried away in bags in Rs 500 and Rs 1000 denominations. 4.3 The clearing House Mechanism: “Clearing house facilitate the exchange of instruments and processing of payment instructions at a central point among the participating banks. Clearing house (paper based manual) has gradually extended their range of activities to include automated and electronic means for settlement of payment transactions. In 1986 reserved bank of India framed a set of guidelines known as the uniform regulations and the rules for the bankers clearing houses. These guidelines were prescribed against the backdrop of considerable changes occurring in the functioning of the clearing houses due to the introduction of computerization in the banking industry. The regulations are designed to provide a uniform framework for the conduct of clearing through the country and have been adopted individually by the general body of each clearing house in the country. Individual clearing houses are free to frame there own rules consistent with the broad framework provided by the regulations. The URR (Uniform regulations and the rules) represent a significant tap forward in providing a formal institutional framework for the payment system in the
country. They govern the conduct of the clearing business, prescribe fair membership criteria and provide for penalties in the case of default. They also explicitly provides for significant oversight function for reserve bank of India. The regulation provides for an Exofficio president for the clearing house, who is the officer in charge of the bank managing the clearing house .The president is assisted by a standing committee comprising of few representative of member bank to help him resolve urgent problem. All bank including state co-operative bank, general post offices are eligible to become members of the clearing house”.108 It was decided that a system needed to be put in place that would 1. Decrease the volumes of paper instruments in magnetic ink character Recognition clearing (MICR) 2. Improve customer service by insuring prompt and secure interest payments to the beneficiaries. Such a system needed to be cost-effective and serve as an alternate method of effecting bulk .low value, recurring payment transactions, thereby obviating the need to issue and handle paper instruments. Electronic Clearings service credit scheme (ECS) provided the answer to problems.109 4.4 Electronic Clearing System: 4.4.1 ECS Credit: “In ECS credit, a series of electronic payment instructions are generated to replace paper instruments. The system works on the basis of single debit transaction triggering a large number of credit entries. These credits or electronic payment instructions which possess details of the beneficiaries account number, amount and bank branch, are then communicated to the bank branches through their respective service branches for crediting the accounts of the beneficiaries either through magnetic media duly encrypted or through hard copy”.110 “User instructions, usually corporate bodies which have to effect payments to large number of beneficiaries submit details of payment in magnetic media to the bank managing the clearing house, through a sponsored bank. The user institutions are required to obtain mandates from beneficiaries, for crediting their accounts under ECS. The corporate bodies
108. D. V. Dudeja: Cyber law in India:2002 p 56 109. ibid at p 77 110 110. Farooq Ahmed: Cyber law and banking 2004 : First Ed.
too should on their own, advice the beneficiaries about the due date of credit under ECS. The minimum number of truncations per user institution is 2,500 with upper limit in value of any single item being restricted to Rs. 100,000. A very low service charge has been prescribed under the scheme to promote ECS”.111 “ECS credit service is available as on 1.09.98 at all the 16 offices of the RBI viz, Mumbai. Culutta, Chennai, New Delhi, Ahmedabad, Banglore, Hydrabad, Kanpur, Nagpur, Jaipur, Patna, Guwahati, Bhubaneshwar, Thiruvananthapuranm, Chandigarh, Pune (SBI). Plans are on the anvil to progressively increase the number of centers with large volume of business covered under the scheme”.112 4.4.2 ECS Debit: “ECS credit is a scheme which, Facilitate payment of charge to utility services such as electricity, telephone companies, payment of insurance premia and loan installments etc. by customers. The scheme has been introduced at Chennai and Mumbai for collection of telephone bills by Madras telephones and MTNL, Mumbai respectively in 1997; Calcutta telephone also joined the ECS Debit scheme. ECS Debit envisages a large number of debits resulting in a single credit simultaneously. ECS Debit work on a principle pre-authorized debit system under which the account holders account is debited on the appointed date and the amounts are passed on to the utility companies .the scheme thus facilitates”.113 • • • Faster collection of bills by companies Better cash flow management: and Eliminates the need to go to collection center/designated banks by the customers
“All precautions with regard to data validation and integrity as followed under ECS Credit are observed in full under ECS Debit as well. The Individual Truncation limit under the scheme has been fixed at Rs 25,000 which is proposed to be raised shortly to Rs 50,000. For ECS Debit (which operate under the pre-authorized debit ambit), to become widely accepted and popular, it is essential that consumer have faith in the correctness of the bill amount raised on them by the utility companies. A blanket permission to debit the amount could result in excess payment to the utility company in the event of any wrong billing. Thereafter the consumer has to arrange for recovering the excess paid amount from
111 112 113
111. ibid at p57 112. http://www.rbi.org 113. http://www.rbi.man.doc.org
the utility company. To obviate this difficulty, a variant of ECS Debit called ECS Utility Bills Payment “114 “Receipt and payment instrument/document (RAPID) has been introduced on a trial basis for the benefit of Mumbai Bus transport RAPID is post verification debit scheme. The consumer verifies the bill and has the option to pay the bill either in cash or can authorize the bank branch to debit his account. In this scheme the utility company prepares its bills in three parts which contain a MICR band is send to the service branch. The first part of the receipt is returned to the customer by the collecting branch duly affixing the paid stamp”.115 4.5 Cheque Truncation: “The paying bank has a right to insist for a physical presentation and possession of the cheque is designed to provide the bank with an opportunity to examine the signature and other authentication of the cheque. This is meant essentially to protect the interest of the drawer. Cheque Truncation is a method of payment processing where under the movement of the paper instrument is truncated by substituting with electronic transmission of the cheque details or data”.116 “Under the Negotiable Instrument Act, 1881, Cheques would have to be presented for payment to the drawee/drawer bank. Without such presentment, no cause of action arises against the drawer. It is by banking practice and under the uniform rules and regulations for clearing houses that banks have agreed for presentment at any place other than the branch, such as the clearing house. The implication of the definition of ‘Payment in Due Course” under the Negotiable Instrument Act 1881 also makes it difficult for bank to introduce cheque truncation system simply by agreement among themselves. The Sher committee had examined the legal issues pertaining to the cheque truncation and had indicated that the definition of the presentment in the Negotiable Instrument Act 1881 may have to amend for adoption of cheque truncation system in India”.117 “In U.K. the cheque truncation system started with customer consent agreement and was eventually introduced after a fair degree of familiarization with imaging technology by the banks. In India the technology with regard to MICR processing was need to be
114. http://www.rbidoc.rbi.org 115. ibid at p12 116 116. http://www.thehindubusinessline.com 117 117. Amit Bajaj & Punit Bajaj : Law of Negotiable Instrument 2006
upgraded to a full image capture solution Cheque Truncation and Electronic Presentment. Electronic Presentment of image of cheque will substitute physical delivery of cheques. This combined with centralized signature storage and retrieval system will eliminate multiplicity of destination points and reduced clearing time very substantially. By using data communications the slow physical movement would be eliminated. Thus, Introduction of the cheque truncation system requires adoption of a fairly standardized imaging technology and appropriate amendments to the Negotiable Instrument Act, 1881. Regulation on cheque truncation have to be made by suitable amendments to the Reserve bank of India Act, 1934 appropriate changes have also to be incorporated in the clearing house regulations and rules as well”.118 4.6 Electronic Fund Transfer (EFT): “In India the retail EFT scheme enables an account holder of a bank to transfer funds to another person having an account with any of the participating commercial bank, without any physical movement of instrument from one center to another center. This scheme is meant for small value fund transfer, and it uses RBI Net as its carrier”. 119 “The EFT scheme is operational in the four metropolitan centers, 4500 branches of the 27 public sector banks at the four metropolitan cities re covered under the EFT scheme. at a later date it is proposed to extend the scheme to Bangalore and Hyderabad. The Retail EFT system enables both intra and inter-bank funds transfer, with in a city and between cities. Since the scheme is retail in nature the maximum amount permitted for transfer per transaction is Rs 1, 00,000”.120 “Electronic fund transfers eliminate the ongoing inconvenience of accepting, processing and handling monthly payment by cheque, cash or other paper instruments ,designed to dramatically improve customer service and reduce the inherent cost of processing paper transactions, EFT is the means by which pre-authorized debts and credits are electronically transmitted from a customers account to the businesses accounts. The software enables one to utilize electronic fund transfers for ones financial needs without having to become involved in the detail regulatory or technical aspects of Automated clearing house item posing. Used in conjunction with electronic funds transfers, business
118. http://www.newgensoft.com/cheque_truncation_system.asp 119. http:// www.rbi.org.in 120. http://www.pnbindia.com/s_electronic.htm
can use this software to create daily reports of all transactions so that records can be tracked and reconciled quickly and easily”.121 “At the retail level a wide range of payment Instruments like EFT, ECS, E-Money, Smart cards and credit cards will cater to the needs of different types of economic transactions. At the level of inter-bank payments and settlements, real time and on line funds transfers are likely to apply a major role, both in local as well as inter-city transactions. The spread and the reach of the modern system enable equal and convenient access from both small and big centers alike. The design of an integrated system should be such that there is wide choice of payments instruments at the retail level and there is end to end connectivity over all parts of the country to enable delivery of these instruments through fast, reliable and secure communications. An integrated system would enable real time movements of the fund between different financial markets, allow fair and equal access to all the financial intermediaries and enable effective regulatory overseeing. The fundamental requirement is the integration of various payments instruments, transactions and settlement in to a single system which combines flexibility with efficiency”.122 Information Technology and Electronic Fund Transfer system has emerged as the twin pillars of modern banking development. Not only have the services or products offered by banks moved way beyond conventional banking, but access to these services has become a round the clock round the week routine. India Unfortunately, has largely bypassed this phenomenon. While many technologies that could be considered suitable for India have been introduced in some diluted form or the other "as a pilot”, the required success has not been achieved because of the following reasons:• • • • • • •
Inadequate Bank Automation Not so strong commercially oriented inter-bank platform. Lack of a planned, standardized, electronic payment system backbone Inadequate Telecom Infrastructure. Inadequate marketing effort Lack of clarity and certainty on legal issues Lack of data warehousing network.
122. ibid at p 23
Legal issues relating to electronic transaction processing at banks are very many and the need to address them by amending some of the existing Acts and by promoting legislation in a few hitherto unexpected areas has assumed critical urgency. Necessary legislative support is essential to protect the interest as much of the consumers as of the banks/branches in several areas relating to electronic banking and payment systems. This is specially required to establish the credibility of ECS and EFT schemes based on the electronic message transfer. 4.6.1 Electronic Funds Transfer Act: “In 1995, the Reserve Bank of India had set up the committee for proposing legist ion on electronic funds transfer and other electronic payments. The Share committee had recommended a set of EFT Regulations by the Reserve Bank under the reserve bank of India Act, 1934 and amendment to the Bankers Book Evidence Act, 1881 as short term measures and promotion of a few Acts like the Electronic Funds Transfer Act, the Computer Misuse and data protection Act etc. as long term measures. The Reserve Bank has already initiated steps for framing of EFT Regulations. The Information Technology Act, 2000 has made amendments to the Reserve Bank of India Act, 1934, there Bankers Book Evidence Act, 1881”.123 “The Information Technology act, 2000 in intended to be general purpose legislation covering mainly issues like secure electronic records and signatures, acceptance of digital signatures, duties of certification authority, liability of network service providers, computer crime and data protection. Both the bills deal with electronic contracts and they are being promoted by the Government of India primarily to facilitate introduction of Electronic Data Interchange in the commercial sector. However they equally applicable for electronic funds transfer already launched by the reserve bank and is increasingly resorted by the user banks of the VSAT based network, the INFINET (Indian financial network). However, there is still a need for a separate Act for Electronic funds transfer because certain transactional issues like payments finality, rights and obligation of the parties involved in electronic funds transfer etc. can not be covered in general purpose bills like the information technology Bill or the Electronic Commerce Bill. The EFT Regulations being framed by the Reserve bank would address only the specific types of EFT system
123. http:// www.efta.org
that the Reserve Bank would be involved with as a service provider as also a regulator. The EFT Regulations would moreover cover only credit transfer related transaction and not Debit clearing transactions. A separate legislation on the lines Electronic Funds Transfer Act of USA is therefore required which would be consumer protection oriented and would at the same time address transactional issues like execution of payments order, settlement finality”.124 “The reserve Bank has taken the help of a consultant in drafting a new legislation on Electronic Funds Transfer system and proposing amendments to the Reserve Bank of India Act, 1934. The committee, after a careful examination of the issue, has endorsed the view that the proposed Electronic Funds Transfer Act should cover all forms of electronic payments. The committee supports the view that the Reserve Bank, at an appropriate time considers operating the inter-bank payments systems through an agency or subsidiary so that its regulatory role is rendered distinct from its supervisory role. Retail payment system such as the ECS and the EFT remittance processing scheme presently operational may be managed by a group of large banks with country wide branch network and technical capability, with settlement assistance from the Reserve Bank. This would help the RBI to focus its efforts only on large value time critical funds transfers to be settled on an RTGS basis. In the ongoing debate on the role of central bank role as a regulator from that of service providers which could be commercial banks themselves or entitles under the control of commercial banks. The committee has considered it necessary that the legal framework for payment system takes into account this internal trend”.125 4.6.2 The Systemic Methodology for Future EFT: “Depending on the administrative exigencies, EFT system may be extended in a phased manner through out the country and different categories of banks and institutions may be admitted in stages depending upon the infrastructure and technology available for the efficient functioning of the FET system. The administration and supervision of the EFT system including establishment of EFT Centers and procuring of technological support and implements may be entrusted to the Nodal Department. Nodal Department means the department or the agency of the Reserve Bank to which the responsibility of
124. http://www.rbi.org 125. Cyber and E-commerce Laws Bakshi P. M. and Suri R.K,. Bharat Publication IInd Ed. 2005
implementation, administration and supervision of the EFT system is entrusted. The operational details and procedure to be followed by participating banks and institutions shall be specified from time to time by the Nodal department personnel for the Nodal department and EFT centers wherever required, may be drawn by selection from among the officers and other employees of the reserve bank or on deputation from banks and institutions or other outside agencies or by direct recruitment or on contract basis”.126 EFT system means an electronic funds transfer system for carrying out inter- bank and intra-bank funds transfer within India, through EFT center connected by a network and providing for settlement of payment obligation arising out of such funds transfers, between participating banks or institutions. The legal framework under which the proposed EFT system would work, is given below-127 1. If RBI is satisfied that, in the interest of development of an efficient payment system it is necessary to promote and establish multiple electronic funds transfer systems, it may by order, allow banking companies, financial or other institutions, or any other person desirous of setting up an EFT system, to apply for authorization from RBI to commence and operate an Electronics Funds Transfer System. 2. An application for approval shall be submitted in the form specified by RBI from time to time, along with a scheme of operations of the proposed system and the documents relating to the rights, duties and liabilities of the person participating in such system. 3. Any regulation framed by RBI for regulating the EFT payment system shall be binding on the applicant, the proposed participants and any other person likely to be affected or benefited thereby. 4. No person, other than a person whose application is approved by RBI shall commence or operate any Electronic Funds Transfer System. The proposed EFT Regulations have adopted the following systematic methodology for effecting EFT-128
126. ibid p. 27 127. ibid p. 29 128 128. ibid p.30
Any payment order below a sum specified shall be eligible for funds transfer under the EFT system only through Batch processing If in a single payment instruction, the originator directs payments to several beneficiaries, each payment direction shall be treated as a separate payment order.
The parties to a funds transfer in the batch processing are the sending bank, the sending service branch of the sending bank, the sending EFT center, the receiving EFT center, the receiving service branch and the beneficiaries’ bank. ‘Sending Bank’ means the branch of a bank maintaining an account of and to which payment order is issued by the originator means the person who issues the payment order to the sending bank.
Every admitted bank and institution before accepting a payment order for execution through the EFT system., shall obtain from the originator a written undertaking to remain bound by these Regulations and a contract in the form approved by the Nodal Department means the department or the agency of the Reserve Bank to which the responsibility of implementation, administration and supervision of the EFT system is entrusted.
For the purpose of determination of rights and liabilities arising out of funds transfer I n the batch process, each branch or office of a bank or an institution as the case may be, and each EFT center shall be treated as a separated unit.
A payment order issued for execution in the batch processing of the EFT system shall become irrevocable when the sending bank executes it. Any revocation, after the payment order is executed by the sending bank shall not be binding on any other party in the EFT system.
Every participating bank, institution shall open and maintain in every EFT Center a settlement account for settlement of payment obligations arising under the funds transfers executed in the EFT system. ‘Settlement account’ means the account maintain by a participating bank or institution for the purpose of settlement of payment obligations under EFT system. The payment obligations between participating banks and institutions shall be settled on a netting basis at the end of each EFT business day be debiting or crediting the settlement accounts maintain with the EFT centers.
The Nodal departments shall specify the security procedure for verification of authenticity of payment orders or as the case may be, the EFT data file. A security prouder may require the use of algorithms or other codes, identifying words or numbers, encryptions, call back procedures, authentication key or similar security devices specified from time to time. ‘Security Procedure’ means a procedure specified for the purpose of 1. Verifying that a payment order, a communication canceling a payment order or an EFT data File is authorized by the person from whom it purports to be authorized and 2. Detecting error in the transmission or the content of a payment order, a communication or an EFT Data file. 3. The nodal department may procure the required technology for carrying out funds transfer in the EFT system, on real time basis and notify the participating banks and institutions of the availability of High Value Funds Transfer facility in the EFT system. 4. Every participating bank institution shall, before execution of a payment order in the High Value Funds Transfer processing, ensure availability of adequate funds in its settlement account with the sending EFT center. 5. The nodal department may satisfy, the charges payable by a participating bank or participating institution for execution of any payment order in the high value funds transfer processing and the procedure in regard to issue, acceptance, execution and settlement of payment orders, and such other matters as are necessary for ensuring the integrity, efficiency, or reliability of the high value funds transfer processing of the EFT system. 6. Every participating bank or institution admitted n the EFT system shall be entitled to execute any payment order for transfer of funds to a beneficiary. 7. Every participating bank or institution shall maintain the security and efficiency of the system.
4.7 Effective Regulation and Supervision: “The information technology has a great potential of effective regulation and supervision of various financial institutions and banks. With fast growth in technology and
the increasing complexities of technology motivated developments in the financial markets, the regulated are more pro-active than the regulators on modernization of products and services, especially in countries like ours where there are multiple regulators and central banks face a growing task in drawing abreast and equipping themselves with an range of tools to deal with the regulatory implications of a technology induced fast changing financial world. These developments necessitate a qualitative change and fine tuning in the relationship between the regulator and the regulated. The technology has brought alterations to decades old attitude and practices, in a more effective, economical and competitive manner”.129 4.8 Effective Currency Management: “The impact of technology on the issuances of Bank Notes and Currency Management by Central bank is apparent. The technology offers us immense opportunities to significantly improve our performance of this core function. Given the high value and volume of currency in circulation, the vast geographic spread of currency operations, the largest distribution channel for the supply of currency, prevalent marked preference for cash and currency handling practices, currency management in India is a challenging and strenuous task. In 1999, the Reserve Bank of India announced a “Clean Note Policy” to bring about improvements of the quality of notes in circulation and technology has played an indispensable role in enabling the Bank to provide better quality notes to the general public. The information technology makes the task of currency management easy, effective, economical and speedier”.130 4.9 Monetary and Financial Stability: “One of the critical activities undertaken by Central bank to ensure monetary and financial stability is to provide the banking sector with finality of settlement. The payment and settlement systems are the conduits through which monetary policy measures are transmitted to the financial and then the real economy. The information technology revolution has given rise to an extraordinary increase in financial activity across the globe. The progress of technology and the development of worldwide networks have significantly reduced the cost of global funds transfer. The technology has, in fact, placed at the disposal
129. ibid at p 43
130. Praveen Dalal: Internet Banking and its Challenges in India p.13
of Central bank a desirable selection of instruments to manage and eliminate risks in payment and settlement systems. Electronic trading platforms have reduced the gap between trade finalization and trade reporting and settlement and in the process have significantly reduced risks arising from the trading and settlement process. The Real Time Gross Settlement Systems (RTGS Systems) have been the preferred mode of settlement for large value funds transfers by central banks globally to minimize settlement and systemic risk. The RTGS systems would not have been possible without the network and information system capabilities to transmit payment messages to the settlement agency and process funds transfer instructions in real time. Delivery versus payment systems to reduce credit risks is securities settlement systems also owe their origin to the technological capability to harmonize positions in settlement banks and depositories in real time. The triumph of Information Technology has perhaps been the introduction of Continuous Linked Settlement, which ensures payment versus payment settlement of very large value foreign exchange transactions thus completely eliminating the risks in cross border transactions’.131 4.10 Challenges before Internet banking: “The information technology in itself is not a panacea and it has to be effectively utilized. The concept of Internet banking cannot work unless and until we have a centralized body or institution, which can formulate guidelines, regulate, and monitor effectively the functioning of Internet banking. The most important requirement for the successful working of Internet banking is the adoption of the best security methods. This presupposes the existence of a uniform and the best available technological devices and methods to protect electronic banking transactions. In order for computerization to take care of the emerging needs, the recommendations of the Committee on Technology Up gradation in the Banking Sector (1999) may be considered. These are:132 1. Need for standardization of hardware, operating systems, system software, and application software to facilitate interconnectivity of systems across branches 2. Need for high levels of security 3. Communication and networking – use of networks which would facilitate centralized databases and distributed processing
131. ibid at p72 132. C.F.http://www.rbi.org: report of working group on internet banking
4. Need for a technology plan with periodical up gradation 5. Need for business process re-engineering 6. Need to address the issue of human relations in a computerized environment 7. Need for sharing of technology experiences 8. Need of Payment systems which use information technology tools. The Reserve Bank of India has played a lead role in this sphere of activity - with the introduction of cheque clearing using the MICR (Magnetic Ink Character Recognition) technology in the late eighties. The Reserve Bank of India constituted a “Working Group on Internet Banking” which focused on three major areas of I-banking, i.e., (i) technology and security issues, (ii) legal issues and (iii) regulatory and supervisory issues. These areas are selected in such a manner that the problems faced by banks and their customers can be minimized to the maximum possible extent. The Group recommended certain guidelines for the smooth and proper working of Internet banking. These centralized guidelines would bring uniformity in the selection and adoption of security measures, with special emphasis on a uniform procedure. The security of Internet banking transactions would not be jeopardized if these security mechanisms are adopted. This is because the success of Internet banking ultimately depends upon a uniform, secure and safe technological base, with the most advanced features. The RBI has accepted the recommendations of the Group, to be implemented in a phased manner. 4.11 Technology and Security Standards: The technology and security standards are of prime importance as the entire base of Internet banking rests on it. If the technology and security standards are inadequate, then Internet banking will not provide the desired results and will collapse ultimately. The RBI realizing this crucial requirement issued the following guidelines in this regard:133 1. Banks should designate a network and database administrator with clearly defined roles. 2. Banks should have a security policy duly approved by the Board of Directors. There should be a segregation of duty of Security Officer / Group dealing exclusively with information systems security and Information Technology
133. ibid at p 45
Division, which actually implements the computer systems. Further, Information Systems Auditor will audit the information systems. 3. Banks should introduce logical access controls to data, systems, application software, utilities, telecommunication lines, libraries, system software, etc. Logical access control techniques may include user-ids, passwords, smart cards or other biometric technologies. 4. At the minimum, banks should use the proxy server type of firewall so that there is no direct connection between the Internet and the bank’s system. It facilitates a high level of control and in-depth monitoring using logging and auditing tools. For sensitive systems, a tasteful inspection firewall is recommended which thoroughly inspects all packets of information, and past and present transactions are compared. These generally include a real time security alert. 5. All the systems supporting dial up services through modem on the same LAN as the application server should be isolated to prevent intrusions into the network as this may bypass the proxy server. 6. PKI (Public Key Infrastructure) is the most favoured technology for secure Internet banking services. However, as it is not yet commonly available, banks should use the following alternative system during the transition, until the PKI is put in place. 7. Usage of SSL (Secured Socket Layer), which ensures server authentication and use of client side certificates issued by the banks themselves using a Certificate Server. 8. The use of at least 128-bit SSL for securing browser to web server communications and, in addition, encryption of sensitive data like passwords in transit within the enterprise itself. 9. It is also recommended that all unnecessary services on the application server such as FTP (File Transfer Protocol), telnet should be disabled. The application server should be isolated from the e-mail server. 10. All computer accesses, including messages received, should be logged. Security violations (suspected or attempted) should be reported and follow up action taken should be kept in mind while framing future policy. Banks should acquire tools for monitoring systems and the networks against intrusions and attacks. These tools
should be used regularly to avoid security breaches. The banks should review their security infrastructure and security policies regularly and optimize them in the light of their own experiences and changing technologies. They should educate their security personnel and also the end-users on a continuous basis. 11. Physical access controls should be strictly enforced. Physical security should cover all the information systems and sites where they are housed, both against internal and external threats. 12. . Banks should have proper infrastructure and schedules for backing up data. The backed-up data should be periodically tested to ensure recovery without loss of transactions in a time frame as given out in the bank’s security policy. Business continuity should be ensured by setting up disaster recovery sites. These facilities should also be tested periodically. 13. All applications of banks should have proper record keeping facilities for legal purposes. It may be necessary to keep all received and sent messages both in encrypted and decrypted form. 14. Security infrastructure should be properly tested before using the systems and applications for normal operations. Banks should upgrade the systems by installing patches released by developers to remove bugs and loopholes, and upgrade to newer versions, which give better security and control. 4.12 Internet banking and the Information Technology Act, 2000: The Internet banking cannot operate properly unless it is in conformity with the Information Technology Act. 2000 (hereinafter referred to as Act). A holistic approach should be adopted, the purpose of which should be to bring uniformity and harmony between the provisions of the Act on the one hand and the guidelines issued by the RBI on the other. It must be appreciated that in case of conflict between the following provisions of the Act have a direct bearing on the functioning of Internet Banking in India. The authentication of electronic records for the purposes of Internet banking should be in accordance with the provisions of the Act134. The electronic records duly maintained for the purposes of Internet banking would be recognized as legally valid and admissible135.The digital signature affixed in a proper manner would satisfy the
134. Section 3 of Information Technology Act, 2000 135. Section 4
requirement of signing of a document for the purposes of Internet banking136. Any kind of paper work, which is required to be filed in the government offices or its agencies, would be deemed to be duly filed if it is filed in the prescribed electronic form137. Thus the paper formalities can be effectively substituted with electronic filings for Internet banking purposes. “The banking business requires certain documents or records to be retained for a fixed period. In Internet banking such documents or records can be retained in an electronic form”138 “The rules, regulations, order, bye-law, notification or any other matter pertaining to Internet banking can be published in the Official Gazette or Electronic Gazette, as the case may be”139 “The Internet banking presupposes the existence of attribution and certainty. If any electronic record is sent by the originator himself, by his agent, or by an information system programmed by or on behalf of the originator to operate automatically, then the electronic shall be attributed to the originator”140 “The requirement of acknowledgement of documents sent for the purposes of Internet banking is adequately safeguarded by the Act”141 “The Internet banking may require to determine the time and place of dispatch and receipt of electronic records. This problem can be easily solved by applying the provisions of the Act”.142 “The Internet banking would require the secured electronic records for its proper working. Where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification”143”A digital signature meeting the specified requirements would be deemed to be a secured digital signature for carrying out Internet banking transactions”144 “The Central Government has the power to prescribe the security procedures to give effect to the provisions of the Act, having regard to the commercial circumstances prevailing at the time when the procedure was used.”145 “Thus, the Central Government can specify safety measures and security
136. Section 5 137. Section 6 138 138. Section 7 139 139. Section 8 140 140. Section 11 141 141. Section 12 142 142. Section 13 143 143. Section 14 144 144. Section 15 145 145. Section 16
procedures for Internet banking under the provisions of the Act.
The Controller of
Certifying Authorities (CCA) can issues licenses to the Certification Authority under the IT Act, 2000”146. “The Certifying Authority is assisted by the Registration Authority, which is created at the level of the organizations subscribing to the services of the Certifying Authority .The Reserve Bank would function as a Registration Authority (RA) for the proper functioning of Internet banking”. “Thus, the information Technology Act, 2000 has laid down the basic legal framework conducive to the Internet banking in India. In case of any doubt or legal problem, the provisions of the Act can be safely relied upon. It must be noted that the object of the Act is to facilitate e-commerce and e-governance”. 147 Which are essential for the functioning of Internet banking in India. There may be challenges of Internet banking which cannot be tackled appropriately with the existing legal framework. To meet such challenge appropriate amendments can be made either to the Act itself or a separate new law dealing specifically with the Internet banking can be enacted. With this we can conclude that though banking customers are approach towards the electronic payment systems still the risk involved in this are also important. Hence to remove this defect we need a strong and separate legislation with the speedy and active enforcement machinery.
CHAPTER V ELECTRONIC CONTRACTS: AN EMERGING TREND
5.1 Introduction: Electronic contracts, contracts that are not paper based but rather in electronic form are born out of the need for speed, convenience and efficiency. Imagine a contract that an Indian exporter and an American Importer wish to enter into. One option would be that one party first draws up two copies of the contract, signs them and couriers them to the others who in turns signs both the copies and couriers one copy back. The other option is that the
146. Section 21 147. Objects and reasons of the Information Technology Act, 2000
two parties meet somewhere and sign the contract. In the electronic age, the whole transaction can be completed in seconds, with both the parties simply affixing their digital signatures to electronic copies of the contract. There is no need for delayed couriers and additional traveling costs in such scenario. There was initially an apprehension amongst the legislatures to recognize these modern technologies, but now many countries have enacted laws to recognize electronic contracts. 5.2 Requirements for E-Contracts: As in every other contract, an electronic contract also requires the following necessary ingredients. 5.2.1 An offer needs to be made: Often in online transactions between a business and a consumer, like conventional transactions, the offer isn't made directly one-on-one but through an advertisement system similar to a shop front whereby the consumer 'browses' the available goods and then chooses what he or she like to purchase.148 The offer in not made by the shop or website displaying the items for sale at a particular price, this is what is called an invitation to offer and hence revocable at any time up to the time of acceptance. The offer is made by the customer on taking the goods to the payment counter or, in the case of online buying through a website, placed in the virtual 'basket' “An invitation to offer is an advertisement to the world at large such as shirt in shop window marked at Rs 350, a book for sale on website for Ts 100. As such these are not offers, which can be accepted by a customer but are invitations to the customer to make an offer to the vendor, which he can then accept or reject as he sees fit”.149 “The law already recognizes contracts formed using facsimile, telex and other similar technology. An agreement between parties is legally valid if it satisfies the requirements of the law regarding its formation, i.e. that the parties intended to create a contract primarily. This intention is evidenced by their compliance with 3 classical cornerstones i.e. offer, acceptance and consideration. One of the early steps in the formation of a contract lies in arriving at an agreement between the contracting parties by means of an offer and
148. Carlill v The Carbolic Smoke Ball Co. Ltd (1893) 1 QB 256. 149. Pharmaceutical society of Great Britain v Boots Cash Chemists (Southern) ltd. (1953) 1 QB 401.
acceptance. Advertisement on website may or may not constitute an offer as offer and invitation to treat are two distinct concepts. Being an offer to unspecified person, it is probably an invitation to treat, unless a contrary intention is clearly expressed. The test is of intention whether by supplying the information, the person intends to be legally bound or not. When consumers respond through an e-mail or by filling in an online form, built into the web page, they make an Offer. The seller can accept this offer either by express confirmation or by conduct”.150 5.2.2 The offers need to be accepted: “As stated earlier, the acceptance is usually undertaken by the business after the offer has been made by the consumer in relation with the invitation to offer. It is understood by common law that an offer is revocable at any time until the acceptance is made. Problems are same, as in everyday contracts made by non-electronic means, when a revocation of the contract is attempted but the exact time of acceptance is difficult to determine”.151 “Also the place of contracting is important with regard to the jurisdiction to be used in disputes and the implications of terms into the contract. For these reasons the precise time and place of acceptance are essential data. typically business to consumer transaction will be made in one of two ways, either by they input of data on the website and the automated exchange of payment details, or by email acceptance followed by either invoicing or payment. Both such methods are similar in character to contracts made by the general postal or courier service where details are input and sent to the receiver the only difference being the absence of paper and postmen”.152 “Under conventional circumstance (i.e. in non-electronic contracts) two rules are used in order to determine the time of acceptance, they are the 'receipt rule' and the 'postal rule' The former identifies the time of acceptance as to when the offeror receives the notification of the acceptance (i.e. receipt of acceptance) Where as according to the latter rule, the acceptance is made as soon as the acceptor concludes his communication and sends, (or posts) his confirmation of acceptance. By, the contrast the receipt rule, (as the name suggest) implies that the offer is accepted when the acceptance is received by the
150. Partridge v Crittenden(1968) 2 All ER 421 151 151. Section 2(b) of Indian Contract Act,1872 152 152. Farooq ahmed: cyber law in India p 32
offeror. The question remains: which should apply to contracts made on line? It is unlikely that the postal rule should apply to e-commerce transactions, as it seems that they are instantaneous, more similar in fact to telephone communication than ordinary post. Instantaneous distance contracting is by no means a new concept. The telex machine and the fax machine have long been used to conclude contracts where the general rule states that the contract is concluded at the time of receipt of acceptance but the offeror. It should be noted, however, that there is some debate as to whether email is immediate communication as mails in transit may be stored on an external server prior to delivery to the desired recipient computer although they invariably reach the recipient instantaneously. The nature of online communication is such that more often than not, the exact time of acceptance can be easily identified as most email communication carries with them a 'delivered time’ and 'sent time' attached to the massage. In addition unlike the fax whereby message can be lost or ignored by the careless office worker, many systems have a pop-up warning often incorporating an alerting sound notifying the user that an email message has been received”.153 “This should go a long way to easing the kind of problem seen in ordinary mail acceptance where acceptances may have been sent and misdirected as a result of which there would be confusion as to when the first communication, and hence acceptance took place. To determine this issue judiciary takes a step in Entores Ltd. v. Miles Far East Corporation
In this case, the offer was made in Amsterdam and notification of the
acceptance was received in London; the contract resulting thereupon was held to be made in London. It was held that in the case of oral communication or communication by telex or over the telephone, acceptance is communicated when it is actually received by the offeror and therefore the contract is deemed to be placed where it is received this view was accepted by the Supreme Court of India. In Bhagwandas v/s Ghirdharilal & Co the judiciary. 5.2.3 There has to be lawful consideration:
this we can conclude that the issue relating to the acceptance of the proposal was settled by
153. Bakhi P.M. & Suri R.K: Cyber and E-Commerce Laws:Bharat Publishing House: First Ed:2002 154. (1955) 2 Q.B. 327, 332. 155. (1966) 1 S.C.R. 656.
Any contract to be enforceable by law must have consideration, i.e., “When both parties give and receive something in return. Therefore if an auction site facilitates a contract between two parties where one person pays brown sugar as consideration for purchasing a VCD player, such a contract is void”.156 5.2.4 There has to be an intention to create legal relations: “If there is no intention on the part of the parties to create legal relationships, then no contract is possible between them. Usually, agreements of a domestic or social nature are not contracts and therefore not enforceable, e.g. a website containing health related information invites new articles on breakthroughs in medical science to be put up on the website for the benefit of all. If a particular article is not accepted due to some reasons, there is no liability on the part of owner of the website as there never was any intention to create a legal relationship on the part of the website owner”.157 5.2.5 The parties must be competent to contract: “Contract by a minor or a lunatic is void-ab-initio. Any party to a contract suffering from any disability that impairs such party from giving his free and genuine consent is not competent to contract and is therefore a contract entered into by such party is void”.158 5.2.6 There must be free and genuine consent: Consent ad idem is said to be essence of a genuine consent. Consent is said to be free when there is absence of coercion, misrepresentation, undue influence or fraud. In other words, there must not be any subversion of the will of any party to the contract to enter such contract. Usually, in online contracts, especially when there is no active realtime interaction between the contracting parties, e.g. between the website and customer who buys through such a site, the click through prouder ensues free and genuine consent. 5.2.7 The Object of the contract must be lawful: “A valid contract presupposes a lawful object. Thus a contract for selling illegal weapons on line is void. As well as consideration to the contract must be lawful”159 5.2.8 There must be certainty and possibility of performance of the contract:
156. Section 25 and 2(d) of contract Act , 1872 157. Section 10 of Indian contract Act,1872
158. Section 11 of Indian contract Act,1872 159 159. Section 23 of Indian contract Act,1872
‘A contract, to be enforceable, must not be vague or uncertain and there must be possibility of performance. A contract, which is impossible to perform, cannot be enforced, e.g., where a website promises to reduce the weight of its customer by 5 kg. in one hour.”160 The nature of on line transaction makes it difficult to determine whether or not the required conditions have been satisfied. 5.3 Indian position: “Indian law provides for the authentication of the electronic records by affixing a digital signature. The law provides for use of an Asymmetric crypto system and hash function and also recommends standard to be adhered. Chapter-iv of the information technology Act, 2000 contains section 11, 12 and 13 and is titled Attribution, Acknowledgement and Dispatch of Electronic records”161 5.3.1 Attribution of Electronic records: Section 11 of the Act reads as under An electronic record shall be attributed to the originator,(a) if it was sent by the originator himself; (b) by a person who had the authority to act on behalf of the originator in respect of that electronic record; or (c) by an information system programmed by or on behalf of the originator to operate automatically. This section is similar with the provisions of the Indian contract Act which provide for the Proposal and its acceptance. Thus this section clarifies who would be the person making an offer or giving an acceptance in case of electronic contracts. 5.3.2 Acknowledge of receipt: Section 12(1) of the Information Technology Act, 2ooo reads as under: Where the originator has not agreed with the addressee that the acknowledgement of receipt of electronic record be given in a particular form or by a particular method, an acknowledgement may be given by(a) Any communication by the addressee, automated or otherwise; or (b) Any conduct of the addressee, sufficient to indicate to the originator that
160. Section 56 of Indian contract Act,1872 161.Information Technology Act,2000
the electronic record has been received. 2) Where the originator has stipulated that the electronic record shall be binding only on receipt of an acknowledgement of such electronic record by him, then, unless acknowledgement has been so received, the electronic record shall be deemed to have been never sent by the originator. 3) Where the originator has not stipulated that the electronic record shall be binding only on receipt of such acknowledgment, and the acknowledgement has not been received by the originator within the time specified or agreed or, if no time has been specified or agreed to within a reasonable time, then, the originator may give notice to the addressee stating that no acknowledgement has been received by him and specifying a reasonable time by which he acknowledgement must be received by him and if no acknowledgement is received within the aforesaid time limit he may after giving notice to the addressee, treat the electronic record as tough it has never been sent. This section provides for methods in which the acknowledgement of receipt of an electronic record may be given, provided no particular method has been agreed upon between the originator and the recipient. one method of giving such acknowledgement is any communication (automated or otherwise) made by the addressee in this regard. Another method is any conduct of the addressee, sufficient to indicate to the originator that the electronic record has been received. In Hotmail Corp v Van Money Pie162 would be fair to the addressee that receipt should be when the e-mail is received in the local mailbox of the addressee, or even when the addressee is notified that the e-mail has arrived or when she has also read it. In E-commerce, more often than not, acceptance is made via email or by pressing the 'Accept' or 'Buy' icons. Section 12 solves the problem of communication of acceptance or rejection in case of electronic contracts by specifying the form of acknowledgement of receipt. Whenever there is a question as to the acceptance by a party of an electronic contract, the same can be immediately answered by applying section 12. 5.3.3 Time and place of dispatch and receipt of electronic record:
162. C98 20064 ND Cal (20th April 1998)
Section 13 of the Information Technology Act, 2000 is titled” Time and place of dispatch and receipt of electronic record" Section 13(1) reads as under Save as otherwise agreed to between the originator and the addressee, the dispatch of an electronic record occurs when it enters a computer resources outside the control of the originator: This subsection states about the time of dispatch of message, if not otherwise agreed. Section 13(2) reads as under Save as otherwise agreed between the originator and the addressee, the time of receipt of an electronic record shall be determined as follows, namely:a) The addressee has designated a computer resource for the purpose of receiving electronic record i) Receipt occurs at the time when the electronic record enters the designated computer resources, or ii) If the electronic record is spent to computer resources of the addressee that is not the designated computer resource, receipt occurs at the time when the electronic record is retrieved by the addressee, b) If the addressee has not designated a computer resource along with specified timings, if any, receipt occurs when the electronic record enters the computer resource of the addressee. This section lays down the rules which determines the time of the receipt of electronic records, if not mention in the contract. • • • When It enters the designated computer resources or If it is not the designated computer resources, then receipt occurs when message is retrieved by the addressee. Receipt occurred when the messages enters the computer resource of the addressee if the addressee has not designated a computer resource along with specified timing. Section 13(3) reads as under: Save as otherwise agreed to between the originator and the addressee, an electronic record is deemed to be received at the place where the addressee has his place of business.
Section 13(4) reads as under: The provisions of sub-section (2) shall apply notwithstanding that the place where the computer resource is located may be different from the place where the electronic record is deemed to have been received under sub-section (3). Section 13(5) reads as under: For the purpose of this section a) if the originator or the addressee has more than one place of business, the principal place of business, shall be the place of business; b) if the originator or the addressee does not have a place of business, his usual place of residence shall be deemed to be the place of business; c) "Usual place of residence ", in relation to a body corporate, means the place where it is registered. Section 13 as whole lays to rest any doubts regarding the and the place of entering into an electronic contract. By making the time of receipt of an electronic record dependent on the nature of computer resource, which it is entering, the section takes care of all eventualities that may arise in case of inconsistencies about time of receipt in the course entering into an electronic contract. Moreover by making the place of dispatch of an electronic record a function of the physical place of business or of residence of a person, all uncertainties regarding the place entering into the contract is removed. Thus the jurisdictional problems associated with the enforcement of electronic contracts are solved to a great extent by section-13. 5.4 Kinds of electronic contract: Generally the three basic forms of "E-Contracts" that a person comes across if he in a computer environment which are: • • • The Click-wrap or Web-wrap Agreements. The Shrink-wrap Agreements. The Electronic Data Interchange or (EDI).
5.4.1 The Click-wrap or Web-wrap Agreements:
Now let us see the peculiarities of these contracts and the specific industries that put it to use. First and foremost are the Click-wrap agreements. Click-wrap agreements are those whereby a party after going through the terms and conditions provided in the website or program has to typically indicate his assent to the same, by way of clicking on an "I Agree" icon or decline the same by clicking "I Disagree". These type of contracts are extensively used on the Internet, whether it be granting of a permission to access a site or downloading of a software or selling something by way of a website. 5.4.2 The Shrink-wrap Agreements: Shrink-wrap agreements have derived their name from the "shrink-wrap" packaging that generally contains the CD Rom of Software. The terms and conditions of accessing the particular software are printed on the shrink-wrap cover of the CD and the purchaser after going through the same tears the cover to access the CD Rom. Sometimes additional terms are also imposed in such licenses which appear on the screen only when the CD is loaded to the computer .The user always has the option of returning the software if the new terms are not to his liking for a full refund. 5.4.3 Electronic Data Interchange or EDI : "The electronic communication between trading partners of structured business messages to common standards from computer application to computer application".163 “In other words they are contracts used in trade transactions which enables the transfer of data from one computer to another in such a way that each transaction in the trading cycle (for example, commencing from the receipt of an order from an overseas buyer, through the preparation and lodgment of export and other official documents, leading eventually to the shipment of the goods) can be processed with virtually no paperwork”.164 Here unlike the other two there is exchange of information and completion of contracts between two computers and not an individual and a computer. Now we come to the cardinal question: Are these agreements valid and binding contracts in the eyes of law? Can they be enforced and if so why! The very basic bedrock of any contract is the intention to enter into a legal relationship and that there should be ‘meeting of minds’. But as it must be already clear by
163.The Contractual Validity Of "E-Contracts": An Overview 164. Overview of Electronic Data Interchange (EDI) Services; downloaded from http://www.tid.gov.hk
now that in most of these contracts the party assenting to the terms does it without knowing or having intention to enter into any contract and even if has knowledge of the terms has no meaningful choice but to adhere to certain standard clauses put by the other party, thereby frustrating the very concept of meeting of minds. But all these contracts are held valid and enforceable in a number of judgments and statutory recognition of its validity is also forthcoming. The question of the validity of Click-wrap agreements came for consideration for the first time in 1998 in the famous case of Hotmail Corporation v. Van $ Money Pie Inc, et al
where the court for northern
district of California indirectly upheld the validity of such licenses where it said "that the defendant is bound by the terms of the license as he clicked on the box containing "I agree" thereby indicating his assent to be bound"166. This decision was followed and upheld in a catena of judgments like Groff v. America Online, Inc167Steven J. Caspi, et al v. the Microsoft Network LLC, et al168 and I lan Systems, Inc v. Netscout services Level corp169 The validity of the Shrink-wrap agreements first came up for consideration in the famous case of ProCd, Inc v. Zeidenburg
where it was held "that the very fact that purchaser
after reading the terms of the license featured outside the wrap license opens the cover coupled with the fact that he accepts the whole terms of the license that appears on the screen by a key stroke, constitutes an acceptance of the terms by conduct. ProCd’s lead was also followed in a no of judgments like Compuserve Inc v. Paterson,171 Hill v. Gateway 2000, Inc,172Tony Brower et al v. Gateway 2000,inc et al 173 5.5 Jurisdictional Perspective of Electronic Contract:
165. C98-20064 (N.D. Ca, April 20, 1998) 166. 47 U.S.P.Q. 2D (BNA) 1020, 1025(N.D.Cal 1998) 167 167. File No C.A. No PC 97-0031 1998 WL 307001 (R.I.Superior Ct 1998) 168 168. 323 N.J.super 118 (N.J. App., 1999)
169. Civ Act No.00-11489-WGY(D.Mass. Jan 2 2002) 170. 86 F.3d 1447 (7th Cir. 1996) 171. 89 F.3d 1257 (6th Cir. 1996) 172. 105 F.3d 1147 (7th Cir. 1997) 173. 1998 N.Y. App.Div.Lexis 8872
Thereafter the most important issue in the contractual obligations is the place of trial or the jurisdiction. i.e. which court is having the jurisdiction to adjudicate whenever any dispute was arose between the parties. Jurisdiction of a contract determines the law applicable to it and the codes in which theory can be enforced. Jurisdiction depends on the place where the contract is concluded. Determining this fore-contract is difficult due to ambiguity caused by technicalities of network. In e-commerce, messages relevant to a given transaction may pass through intermediaries in tens or even hundreds of jurisdiction across the world- even without the knowledge or express consent of the parties. Until legal standards are crystallized in this respect, parties engaged in e-commerce should agree upon jurisdictional issues in trading partner agreements or individual contracts.174 The physical location of the server determines the applicable jurisdiction in case there is no express cause specifying it. In R. Vs Waddon, however, the court dismissed the argument that simply because the server is in another country, its laws should apply. The courts suggested that since the web site was interacted with, in UK, English law should be applicable, demonstrating the willingness of the courts to extend a ‘long arm jurisdiction’175 E-contracts should be valid in their entirety in the jurisdiction in which they are formed. To avoid the ambiguity and the risk of being sued in other jurisdiction, the seller should incorporate a choice of law and jurisdiction clause in standard terms, choosing a jurisdiction which he is most familiar with, in order to retain control. These are the following tests which a court of law would use to decide whether it would have jurisdiction to entertain a claim or not: If the defendant has purposefully availed himself of the privilege of acting in the forum state or causing a consequence in the forum state. The cause of action must arise from the defendant’s activities there. The acts of the defendant or consequences caused by the defendant must have a substantial enough connection with the forum to make the exercise of jurisdiction over the defendant reasonable. If the above tests are satisfied then the court would entertain a claim. The question of jurisdiction arose in two 1996 US Circuit Court cases. The first was CompuServe v. Patterson176 in which an Ohio court held that it had jurisdiction over a contract dispute involving CompuServe, an Ohio based concern, and Patterson, a Texas
174. Http://www.legalserviceindia.com 175. ibid at p 4 176 176. 1996 WL 405356 (6th. Cir. (Ohio)), No. 95-3452, July 22, 1996],
resident. The Court’s decision was that so long as three tests were satisfied, they had the jurisdiction. The second case was Playboy Enterprises, Inc. v. Chuckleberry Publishing Inc,177 In this case, the respondent firm had been sued for infringement of the appellant’s trademark rights. The respondent had done so by distributing certain materials under the name “PLAYMEN” on an Italian web site. The court decided that the respondent’s soliciting of US customers over the Italian web site, receiving their faxes, and e-mailing them passwords, constituted distribution in the United States. Thus the Court held that they had jurisdiction. The Supreme Court of India, in the case of SIL Import vs. Exim Aides Silk Importers178 has recognized the need of the judiciary to interpret a statute by making allowances for any relevant technological change that has occurred. Until there is specific legislation in regard to the jurisdiction of the Indian Courts with respect to Internet disputes, or unless India is a signatory to an International Treaty under which the jurisdiction of the national courts and the circumstances under which they can be exercised are spelt out, the Indian Courts will have to give a wide interpretation to Section 20 of the Code of Civil Procedure for exercising Internet disputes. 5.6 Exceptions to Electronic contracts: The Information Technology Act, 2000 excludes transactions related to certain documents Section- 4 (a) to (f) states that Nothing in this Act shall apply to:5.6.1 Negotiable Instrument: “A "negotiable instrument" means a promissory note, bill of exchange or cheque payable either to order or to bearer. Explanation (i).- A promissory note, bill of exchange or cheque is payable to order which is expressed to be so payable to a particular person, and does not contain words prohibiting transfer or indicating an intention that it shall not be transferable. Explanation (ii).- A promissory note, bill of exchange or cheque is payable to bearer which is expressed to be so payable or on which the only or last endorsements is an endorsement is an endorsement in blank.
177. [S.D.N.Y., No. 79. Civ. 3525 (SAS), June 19, 1996]. 178 178. [reported in 1999) 4 SUPREME COURT CASES 567],
Explanation (iii) Where a promissory note, bill of exchange or cheque, either originally or by endorsement, is expressed to be payable to the order of a specified person, and not to him or his order, it is nevertheless payable to him or his order at his option. (2) A negotiable instrument may be made payable to two or more payees jointly, or it may be made payable in the alternative to one or two, or one or some of several payees”.179 5.6.2 Power of Attorney: “Powers-of-Attorney" include any instrument empowering a specified person to act for and in the name of the person executing it The donee of a power-of-attorney may, if he thinks fit, execute or do any instrument or thing in and with his own name and signature, and his own seal, where sealing is required, by authority of the donor of the power; and every instrument and thing so executed and done, shall be as effectual in law as if it had been executed or done by the donee of the power in the name, and with the signature and seal, of the donor thereof”.180 5.6.3 Trust: “A "trust" is an obligation annexed to the ownership of property, and arising out of a confidence reposed in an accepted by the owner, or declared and accepted by him, for the benefit of another, or of another and the owner”181 The person who reposes or declares the confidence is called the "author of the trust"; the person who accepts thee confidence is called the "trustee"; the person for whose benefit the confidence is accepted is called the "beneficiary"; the person for whose benefit the confidence is accepted is called the "beneficiary"; the subject-matter of the trust is called "trust-property" or "trust-money"; the "beneficial interest" or "interest" of the beneficiary is his right against the trustee as owner of the trust-property; and the instrument, if any, by which the trust is declared is called the "instrument of trust"; A breach of any duty imposed on a trustee, as such, by any law for the time being in force, is called a "breach of trust";182And in this Act, unless there be something repugnant in the subject or context, "registered" means registered under the law for the registration of documents for the time being in force; a person is said to have "notice of a fact either when
179. Section 13 of Negotiable Instrument Act, 1881 180. Sectiom 1A of Power of Attorney Act , 1882
181. Section 3 of Indian trust Act, 1882 182 182. www.commonlii.org
he actually knows that fact, or when,, but for willful abstention from inquiry or gross negligence, he would have known it, or when information of the fact is given to or obtained by his agent, under thee circumstances mentioned in the Indian Contract Act,1872, Section 229; an all expressions used herein and defined in the Indian Contract Act,1872, shall be deemed to have the meanings respectively attributed to them by that Act”.183 A trust according to this Act must be an obligation annexed to the ownership of property. According to the English Law, a trust is also annexed in privately to the estate, i.e., must stand or fall with the interest of the persons by whom the trust is created. 5.6.4 Will: “Will is a legal declaration of the intention of a testator with respect to his property, which he desires to be carried into effect after his death. It includes codicil and every writing making a voluntary posthumous disposition of property. It is testamentary instrument by which a person makes disposition of his property to take effect after his death, and which, in its own nature, is ambulatory and revocable during his life. Thus, a Will can be changed by the executants as and when he so likes. It is a secret and confidential document which the executant is never ordered to produce. There are two essential characteristics of will”184 a) It must be intended to come into effect after the death of the testator; and b) It must be revocable by the testator at any time. Although Wills are usually made for disposing property, they can also be made for appointing executors, for creating trusts and for appointing testamentary guardians of minor children. In one case, the Andhra Pradesh High Court has held that contents of the Will must indicate that it is intended to come into effect after death of testator and that it is revocable at any time prior to his death and a document cannot be treated as a Will by a mere reading of its heading. “A gift to take effect the life lime of the donor is a deed of settlement and not a Will. Section 63 of the Indian Succession Act, 1925 provides that a Will is liable to be revoked or altered by the maker of it at any time when he is competent to dispose of his property by Will. When a person dies without having made a Will, he is said to have died
183. Indian Registration Act, 1908 184 184. Section 2 (h) of Indian succession Act, 1925
intestate. His property is then inherited by his legal heirs in accordance with the law of inheritance applicable to him. It must be noted here that legal heirs generally include close family members such as one’s spouse, children, parents, brothers and sisters”.185 5.6.5 Transaction relating to immovable property: Any contract for the sale or conveyance of immovable property or any interest in such property: 5.6.6 Transactions notified by the Govt: Any other class of documents or transactions as may be notified by the Central Government in the Official Gazette. Hence we can say that section-4 of the Act makes it clear that provisions of information technology Act, 2000 are not applicable to the above mentioned transaction. 5.7 International position186: The laws relating to electronic commerce are usually enacted to facilitate the use of and to provide legal recognition to • • • • • • Electronic transactions Electronic communication and electronic data storage Electronic commerce Electronic records Electronic signatures Electronic communications in dealings with the government. The Australian law recognizes the contribution of the information economy to the future economic and social property of Australia, while some laws also aim to protect personal information. The laws of countries like Australia, Bermuda, Canada and India provide that a statutory requirement for a document or information to be in writing can be met by an electronic document. However such information must be readily accessible for subsequent references and meet prescribed specifications. The laws of countries like Australia, Bermuda, Canada, India and USA provide that a statutory requirement to retain a document is satisfied by an electronic document However, the following conditions must be met.
185. ibid at p 33 186. http://www.asianlaws.org/index.htm
The integrity of the information must be assured The information must be such that it identifies the origin and destination of the electronic document and the date and time when it was sent or received is also retained.
The information contained therein remains accessible so as to be useable for subsequent users
5.8 India and E-Commerce: The term "electronic commerce" has, in just the last few years, achieved widespread recognition, becoming a highly visible symbol in the contemporary language of the information technology culture that brought profound changes in the final years of the last millennium. The words are commonly used in the media, in business, and in casual conversation to refer to a broad class of activities which we generally understand to be associated with the use of a computer and the Internet to trade goods and services in a new, direct and electronic manner. This Chapter seeks to provide an understanding of electronic commerce, and to report on its growth. This background is essential to a discussion of the issues and responses that are emerging in the field of intellectual property. 5.8.1 Defining Electronic Commerce: By now, a number of studies and publications have addressed different aspects of electronic commerce. Several of these have provided a definition of this new mode of commercial activity. The definitions generally attempt to describe the electronic means used, and to say something about the nature of the commercial activities themselves For measurement purposes, given the rapid evolution in the activities that is underway, it may not yet be possible to arrive at a precise definition of electronic commerce . For purposes of this Primer, the phenomena may be usefully explained by addressing separately the two words, "electronic" and "commerce." 184.108.40.206 Electronic: The term "electronic" can be taken to refer to the global infrastructure of computer and telecommunication technologies and networks upon which the processing and transmission of digitized data takes place. The development from the early, private and
proprietary networks, on which electronic transactions have been commonplace for several decades, to open networks with non-proprietary protocols, such as the Internet, has been well documented . In common among the proprietary networks is that they are operated for specifically defined purposes and managed exclusively for the designated participants. “The Internet, by contrast, allows communications and transactions to take place over an "open network," with no required security apparatus, between a potentially unlimited numbers of participants who may have had no pre-existing contacts. The Internet has rapidly evolved from a scientific and academic network into a network whose principal feature, the World Wide Web, has brought mass adoption. It is the open nature of this network, along with its multifunctional character and increasingly low-cost access, which has galvanized the potential for electronic commerce At the same time, the open network is providing access to a digital medium in which multiple perfect copies of text, images, and sounds can be easily made and transmitted, and trademarks easily misused, posing new challenges for intellectual property owners”.187 220.127.116.11 Commerce: “The word "commerce" in this context refers to an expanding array of activities taking place on the open networks – buying, selling, trading, advertising and transactions of all kinds – that lead to an exchange of value between two parties. Some common examples include on-line auctions, banking and other financial services, sales of software, and an ever-increasing diversity of Internet sites offering a broad range of consumer goods or services. In the consumer area, a commercial web site that, early on, achieved widespread recognition is that of a site associated with the sale of books, through which a consumer can place an order for a book (and elect to pay by electronic means such as credit card) that will be delivered physically by postal mail to the individual’s address Other media, such as music, is now being made available for purchase by direct download in digital form to the consumer’s computer (or other digital device)”.188 While these examples show how individuals may engage in transactions over the Internet, most of the growth in electronic commerce is being driven by the less visible business-to-business sector Here, the Internet is acting as a powerful means for improving
187. Electronic commerce and intellectual property issues http://www,manuptra.com 188 188. ibid at p23
the quality of management and service, thereby enhancing existing or establishing new customer and supplier relationships, while bringing new efficiency and transparency to operations. It is potent mechanism for reducing costs across-the-board, including those associated with production, inventories, sales execution, distribution and procurement. At least two defining characteristics of this commerce taking place over the digital networks can be mentioned here. First, there is the international character of electronic commerce. The electronic means described above have created a global, borderless medium, such that any business offering goods or services on the Internet need not target a specific geographical market. Instead, the establishment of a commercial web site can provide even a small business with access to markets and Internet users worldwide. The second characteristic is the interdisciplinary nature of electronic commerce, and the corresponding impact that this element brings to the forces of convergence. Both large and small enterprises are finding that some of the traditional lines between business sectors—which have been founded on the different physical manifestations for the goods or services offered and the different physical means for their distribution (e.g., books, films, CDs, television, radio and web broadcasts)—are becoming less clear. This is generating new competitive pressures for restructuring within and across industries, confronting businesses with opportunities as well as challenges. Within the commercial sphere, issues of intellectual property that have had such relevance in the physical (off-line) world, involving rights in respect of patents, trademarks and copyrights, among others, also arise in relation to electronic commerce, but with different aspects to be addressed and, in many cases, shorter timeframes. Trademarks, for example, which provide consumers with an accessible symbol associated with the goodwill of an enterprise, are playing an important role in the electronic commercial environment where in-person dealings are infrequent. With respect to patents, the creative business methods that are being developed to conduct commerce over the digital networks raise new questions of patentability. Further, the shorter life cycles of many of the products and services associated with the Internet and digital technologies call for the timely acquisition and enforcement of such intellectual property rights. There is a further distinction of particular relevance to intellectual property, especially copyright and related rights, in respect of commerce on digital networks: as noted, the Internet facilitates both commerce
in physical products and commerce in intangible products. For commerce involving physical products, the Internet functions as a global system facilitating sales, in which the placing of an order and the making of payment can (but does not necessarily have to) take place online, while the goods themselves are delivered separately through a postal or other delivery service. For commerce involving intangible products, the Internet serves not only as a system to promote sales, but also as a system to effectuate the delivery of the intangible product itself, such as a piece of music or software, a film or a publication. This distribution can take place almost instantaneously, and the intangible product may travel virtually without restriction across national borders. Indeed, this aspect of electronic commerce may be its most compelling dimension: there is an inherent logic to using the Internet to buy and sell intangible products that need never be more than digital "bits." At the same time, however, there is a commensurate need for effective intellectual property protection that can address the international dimensions of this commerce. Already, the largest segment of business-to-consumer electronic commerce involves intangible products that can be delivered directly over the network to the consumer’s computer While these intangible products, by their very nature, are difficult to measure, an increasing amount of the content that is being offered is subject to intellectual property rights This commerce in intangible products raises a number of issues for intellectual property, in addition to those that would arise in respect of physical goods. For example, there is a growing role to be played by technological measures in protecting the rights of intellectual property owners. In addition, questions of the scope of rights and how existing law applies, jurisdiction, applicable law, validity of contracts and enforcement become more complex when the products offered have no necessary, physical manifestation. In this regard it is desirable to point out few judicial attitude on certain subjects. Reference here may be made to some leading case laws. In British Telecommunications Plc vs. One in a Million Ltd.,
it was held that the placing on the
internet register distinctive names such as "Marks and Spencer" made a representation that the registrant was connected or associated with the name registered and thus the owner of the goodwill in the name. This amounted to passing off. In addition, the registration of such a distinctive name as a domain name was an erosion of the exclusive goodwill in the name
189. (1999) FSR 1(CA)
which or which is likely to damage the owner of the goodwill. In the case of Maruti Udyog Ltd., and Suzuki Motor Corpration vs World Information Pages,190 it was held that the domain name "marutisuzuki.com" is identical to Maruti Suzuki. The registartion of the domain name was held to be registration in bad faith. The domain name was ordered to be transferred to Maruti Suzuki. In the case of Yahoo Inc., vs. Akash Arora, 191 it was held that the domain names of the Plaintiff and the Defendant being almost identical, there was every possibility of an internet user being confused and deceived into believing that the domain name had a common source or a connection. In view of the same, if there was a close resemblance between two trade marks, the addition of the word India was of no consequence. Accordingly, the addition of the word "India" did not distinguish the Defendant's domain names from that of the Plaintiff. Thus, it did not matter that "Yahoo" was a dictionary word. The name had acquired a uniqueness and distinctiveness and was associated with the business of the Plaintiff. Further, in the case of Info Edge (India) (P) Ltd. Vs Shailesh Gupta,192 the Defendant had adopted NAUKARI.COM as their domain name. The Complaint was filed by the Plaintiff, whose domain name was "NAUKRI.COM" and interim injunction was granted. In Rajagopal Vs State of TN
was stated that , A citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, motherhood, childbearing and education among other matters. None can publish anything concerning the above matters without his consent, whether truthful or otherwise and whether laudatory or critical. If he does so, he would be violating the right to privacy of the person concerned and would be liable in an action for damages This Primer adopts the above-described, broad-based understanding of electronic means used to effectuate the conduct of commerce, focusing in particular on the expanding and international commercial activities that are taking place over the open network that is the Internet. From the intellectual property perspective, this focus is particularly appropriate, for while open networks generate great potential for new commercial opportunity, they also pose significant risk for infringement of protected rights.
190. 2000 PTC 636 191. 1999 PTC 201 192 192. (2002)(24)PTC355(Del), 193 193. (1994) 6 SCC 632]
The issue of internet linking was also an emerging now days which very much affect the growth of electronic commerce Linking is of basically two types: Surface linking, where the home page of a site is linked; and Deep linking a link bypasses the home page and goes straight to an internal page within the linked site. While enabling users to surf fluidly from one Web site to another, this practice also raises copyright issues. A simple link from one Web site to the home page of another Web site does not normally raise concern, as the use of such links may be equated to the use of footnotes to refer to other sites. Often, no permission is required to make a link to a site, either because the Web site owner has given an implied license to link by posting his material on the Web, or by characterizing such linking as fair use. The problem arises only with regard to the practice of deep linking. Since Deep links defeat a Web site’s intended method of navigation. Further deep links may “steal” traffic from the linked site’s homepage thereby decreasing the revenue that could be generated from advertising that is dependant on the traffic onto the site. In Ticketmaster Corp. v. Microsoft Corp 194 the plaintiff, Ticketmaster Corporation sued Microsoft for practice of linking, without permission, deep within its site rather than to the home page, and claimed, among other things, that Microsoft effectively diverted advertising revenue that otherwise would have gone to the plaintiff. During the pendency of the court proceedings the parties entered into a settlement agreement whereby Microsoft agreed not to link to pages deep within the Ticketmaster site and agreed that the links will point visitors interested in purchasing tickets to the ticketing service’s home page. In another Scottish case, Shetland Times, Ltd. v. Dr. Jonathan Wills195 the plaintiff, the Shetland Times operated a Web site through which it made available many of the items in the printed version of its newspaper. The defendants also owned and operated a Web site on which they published a news reporting service. Defendants reproduced verbatim a number of headlines appearing in the Shetland Times. These headlines were hyperlinked to the plaintiff’s site. The judge agreed that the plaintiff had presented at least a prima facie case of copyright infringement based upon the United Kingdom’s law governing cable television program providers. Thus what liability is there for the content on a linked site? A
194. (C.D. Cal., filed Apr. 28, 1997). 195.  FSR 604
hyperlink used by a Web site does not directly cause copying of any substantive content by anyone, but instead merely provides a pointer to another site. By virtue of sections 14 and 51 of the Copyright Act, 1957, reproducing any copyrighted work, issuing copies of the work to the public or communicating the work to the public could amount to copyright violation. But in case of deep linking the linking site is not reproducing any work. The reproduction, if at all any, takes place at the end of the user who visits the linked page via the link. Can the linking site said to be issuing copies of the work or communicating it to the public? Technically, the linking site is only informing people about the presence of the work and giving the address of the site where the work is present. It is the user’s discretion to access the work by clicking the link. It is inevitable that e-commerce will ultimately barge its way into India. However, it may take a different form to what prevails in the U.S. or other developed countries. Infrastructure required for efficient e-commerce delivery and current status of such infrastructure in India.3 major classes of infrastructure required are: 1. An Internet Access System which could be telephone or cable based system. The Internet policy of India has enabled many private Internet Service Providers (ISPs) to come up in the fray, thereby improving the quality of service. However the cost remains prohibitive in comparison to the per-capita income levels of an average Indian. 2. A strong credit card payment system and fine tuned Electronic Funds Transfer system (EFT) are imperative for smooth and fast transactions. The last few years have witnessed establishment of a strong credit card infrastructure, though ‘on-line authorization’ is yet to gain momentum. One net-based authorization is implemented, credit card infrastructure will become equipped to take on the challenges of e-commerce. For this, encryption and legal system for adopting encryption are essential. 3. A fast track dispute resolution mechanism, on which the public can repose confidence, must be made available. The absence of such system and the abysmal delay involved in the legal rigmarole is a major impediment to the fast acceptance of e-commerce by the Indian public.
The National Information Technology Policy (NITP) has ambitious plans to develop ecommerce in India. The relevant paragraphs of the NITP are quoted— • In the coming years, IT Industry, will be dominated by e-commerce, ebusiness and EFT, etc. It is important for India to quickly adapt to EDI stands and encourage use of e-commerce. In order to meet the Global challenge following policies would be initiated. • • Time bound action i.e. in next 5 years to implement e-commerce in India. To actively look at e-commerce opportunities and strategize India’s position. It is important for India to directly make our strategies, so that other nations may respond to our demands.
-: CONCLUSION :The major part of business in today’s world is carried on systems using computers as their backbone. In this day & age then cyber law and litigation assume an important role. Lets today look into the information technology act 2000, passed by our parliament & which come in to force on October 1, 2000. The Act is divided in to 13 chapters, has 94 sections & has four schedules. The act gives legal recognition to Electronic documents and digital signatures. Now legally enforceable contracts can be entered via email. These documents can be presented in a court of law provided they have not been tempered with and are digitally encrypted. This being the case, Government Agencies can now start accepting documents in the electronic form and also accept electronic signature on forms and other papers. Government Agencies will now keep a record of such document and rules relating to the Act in the above matters will be published in the official Gazette later on. But the act makes it clear that no person can insist that his document should be accepted in the electronic form only. The central Government has reserved the right to make rules regarding digital signatures and also to make amendment therein. This research in chapter III in down the basis for secure electronic records and secure digital signatures and the legal and statutory framework available for this whole over the world as far as concern about the India, The central Government will lay down the procedure for issuing and attesting of such records and signatures. The central Govt. has appointed a Controller under whom the licenses for certification agencies for the purpose of digital signature will be allotted section 18 further specifies his functions; chief among which is the maintenance of database of certifying authorities. He can grant recognition to
foreign certifying under section 19.as per sec.20 the controller shall also keep a record of the “public key”. (the part of the digital signature in public domain). The digital signature with the subscriber has 2 parts. The first part is the “private code” and the later part is the “public key”. A person can certify a document only by using a combination of the two parts. Any other person can view the document using the public key but any attempt to alter will result in it being rendered useless. Sec.21 to 34 of the I.T. Act deals with the provision relating to the licensing application and disclosure of certifying authority. Chapter 7 of the Act discusses procedure for issue, usage, and abuse of a digital signature. The certifying authority can suspend a digital signature issued by it as given in Sec.37 and 38. As per section 42 any attempt at accessing of the private key of the signature by any unauthorized person has to be notified to the certifying agency immediately by the subscriber. In such a scenario, the certifying agency will suspend the signature. Chapter 9 of the Act talks about the punishment and penalties to be charged in case of violation of the sections of the Act. It says that any person who accesses or secures access for an other person to a computer or downloads or copies data, introduces any contaminant; damages the system or the software; denies access to the system to any authorized person: provides assistance to another to do any of the above can be fined to pay damages not exceeding Rs 1 crore. Section 44 and 45 cover penalty and residuary penalty provisions. One of the important sections of the Act is S.46 It states the appointment of Adjudicating officer for the purpose of settlement of disputes related to the Act and also arms him with powers possessed by a civil court. The adjudicating officer will be the first court of appeal in relation to cases and disputes related to the Act. If he is satisfied that any person has broken the provisions of the Act, then he can punish the person according to the provisions contained in the Act. The appeal against the adjudicating officer can be made to the cyber appeal tribunal. The provisions relating to the cyber appellate tribunal are covered in chapter 10. The tribunal will function on the basis of “principle of natural justice” as against those contained in the civil procedure code, 1908. Section 61 makes it clear that “no court shall have jurisdiction to entertain any suit or proceeding in respect of ant matter which an adjudicating officer appointed under this
Act or the cyber appellate tribunal constituted under this Act is empowered by or under this Act to determine: and no injunction shall be granted by any court or other authority in respect of any taken or to be taken in pursuance of any power conferred by or under this Act.” The judgment of the tribunal can be challenged only in the High Court. If any person unwillingly changes the source code of a system., he may be fined to the extent of Rs 2 lacs or imprisoned for period not exceeding 3 years .hacking is also an offence under the Act as per sec.66 and carries a sentence of imprisonment up to 3 years or fine up to Rs 2 lacs or both. Publishing pornographic material on the internet carries a sentence of 2 years imprisonment and Rs 25,000 fine for the first offence. The punishment is imprisonment up to 5 years and fine unto 50,000 on repeating the offence .The controller can open an electronic document if in his opinion the interest of the sovereignty and protection of the country or public interest are jeopardized. He can do this only by means of submitting a “written statement” to any Govt. agency, which in torn will take necessary steps to access the documents. If any person does not help him in this regard or obstructs him then that person may be charged to a prison sentence of up to 7 years. The Government can, under the act, declare it’s certain computers or computer networks as “protected computers”. Any person who commits any act against such computers may be imprisoned for a period up to 10 years. Any person who willfully gives wrong information to obtain a license as a “certifying agent” or to obtain a digital signature fraudulently may be punished for a period up to 2 years or a fine of Rs 1 lacs. Any person who obtains illegal access to any electronic document may be punished for a period of 2 years or a fine of Rs 1 lacs. If in the opinion of the controller or his authorized representative there has been a violation of the Act then he shall have access to such computers as he may deem fit. The equipment could also be confiscated u/s 75. He can also take help of such people as required to investigate the matter. The controller or any other officer authorized by him in this behalf shall exercise the like powers which are conferred on Income-tax authorities under chapter XIII of the Income-Tax Act,1961 and shall exercise such powers, subject to such limitations laid down under the act. Another important aspect of the act is covered u/s 75. It makes it clear that the act will be applicable even to foreigners or people in foreign locations if they willfully commit any breach of the Act e.g. as u/s 43. The act also
provides certain relief to the Internet electronic documentation service provider if he has merely acted as a means of information interchange, and in such a case he will not be held liable. Another important point under the Act is that only an officer of the rank of Deputy Superintendent of police shall investigate any offence under the act. He may enter any public place and search and arrest without warrant any person found therein who is reasonable suspected or having committed or of committing or of being about to commit any offence under the act. He must be presented before the magistrate as soon as possible and the rules of the criminal procedure code do not apply here. The Act also mentions the setting up of the “Cyber Regulation Advisory Committee” under section 88 which will advise the Government from time to time as to the changes required to be made due to changes in technology and development of new invention and apparatus. The Act also provides that anything contained in any other Act that is in contradiction to or which renders the application of the I.T. Act will be considered in effective. The Amendments made in the Indian penal code ; Indian evidence Act ; Bankers Book Evidence Act and the Reserve Bank of India Act are contained in the 4 schedules. The Act makes it clear that as of now the act will not apply to • • • • • • Negotiable Instrument Power of Attorney A Trust A will Conveyance of immovable property Any other transaction may be notified by the Govt.
So far as concern about the Provisions of the Act and internet banking it can be said that The major part of the dissertation deals with the development of the E-commerce particularly electronic contracts and internet banking, online banking transaction. This aspect was considered deeply in the last chapter of the dissertation. The adoption of Internet banking in India will have its own advantages to both the banks and the ultimate customers. The use of information technology will not only reduce the costs of operation but also would be effective, easy to maintain, speedier and highly competitive. The banks
cannot remain standoffish from this concept of Internet banking, and they should bring apposite changes to meet the necessities and challenges of Internet banking. The challenges posed by the Internet banking are mostly of procedural nature, which can be easily counterbalanced by adopting suitable technological and security measures. The domestic standards of banking have to be in conformity with the well-known international standards and in the near future international dealings from India would be a reality, which are presently not liberal enough. No system or institution can hope to benchmark it against international standards without making optimal use of technology. There can be no doubt about the enormous potential and emancipated opportunities offered by advances in technology. However, there are pre-requisites and preparations, which have to be made before the full benefits of the technology can be harvested.
-: CRITICAL APPRECIATION :A review of the provisions of the Information Technology Act, 2000 it clearly shows that, the Act has fulfilled the aspirations of the public against cyber crimes to a certain level. Still there are several lacunas that paves the ways of escape of cyber crimes. The lacunae should be filled up by making appropriate amendment in the Information Technology Act, the need of the hour is the amendment of Information Technology Act. In the wake of rapid technological advancements, computer has been narrowly defined in the Act and hence computer offences too have not been defined in a manner that would reflect technological advancements For instance, Phishing (the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft) was not widely known way back in 1999. "New laws cannot be enacted every two-three years and hence we are looking at making the type of offences more generic to take into account newer forms. The IT Act only talk about the digital signatures but it doesn’t talk about esignatures such as bio-metrics and fingerprints which are also a new emerging concept. Though recently the Draft Bill on the Information Technology (Amendment) Act 2006 was prepared and presented in the Rajya Sabha but it was not enacted in to an Act till now. On the issue of data protection and data privacy, the provisions of the Act are silent as to how data should be collected by entities such as hospitals, telephone companies and banks, and how it should be used.
As the IT services clients are not satisfied about the data protection in India while office working hour. The idea is to reassure Indian public that their information and data relating to credit card, mobile phone and even IPO issue application, is safe and adequately protected. One of the biggest problems when investigation relating to the offences of phishing is concerned is that of cyber jurisdiction. Since these attacks are launched from any part of the world with the victim in a separate country, prosecutions of such cases becomes even more difficult. Because one of the biggest problems in phishing is how you do go ahead and arrest these kinds of offenders. If you look at the law book, it gives you an academic answer. The IT Act, 2000 has extra-territorial jurisdiction and it applies to any person of any nationality anywhere in the world - so long as the impacted computer is physically located in India. But the reality is that the Indian law is still not applicable to people outside the territorial boundaries. Therefore, the law enforcement agencies reach a dead end. With the loopholes in the law, the best way to keep your money safe is to protect yourself from such attacks. The IT Act, 2000 does not have any specific provision to deal with Identity theft. The expert committee on amendments to IT Act, 2000 has recommended certain amendments in this context. This report does discuss and recommend insertion of amendment to tackle child pornography, theft of confidential information, gradation of severity of computer related offences under Section 66 committed dishonestly & fraudulently and Section 72(3) to deal with the problem video-voyeurism. However, this report does not deal with some other rampant problems, for instance, Spamming. In my opinion, the special law of IT Act should embody more specific provisions to deal with the diverse types of cyber crimes since both the nature and impact of such crimes is many times greater than what is suffered by the victim in offline mode. Hence, the punishment that may be provided by IPC may not do justice to victim of an online cyber crime. The dimensions of such cyber crimes are of increased degrees especially in the cases of online defamation, particularly arising due to the easy access and circulation of online published information. We do need a stronger legal & enforcement regime in India to combat the increasing cyber crimes or in other words, efficacy in dispensation of justice will be instrumental in curtailing such activities.
The Act also has it shares of shortcomings. Chief among them are; the provisions relating to the powers of Deputy superintendent of police to search and seizure on the basis of reasonable doubt that an offence has been committed against this Act. The width of the powers given leaves it opens for misuse and corruption. The section not only allows for search but also provide the powers of “arrest” on the basis of suspicion. Such wide powers regarding cyber crime have not been given to officers of any other country in the world where cyber law is in place. The Act also makes only a limited number of offences as cognizable but the field of the cyber law is facing new crimes and methods everyday. This issue has not been properly addressed. All said and done, the Act will have far reaching implications and is an important piece of legislation which is very essential especially now as we put a sharp emphasis on software industry for our economic growth. Thus we have seen a short summary of the information Technology Act, 2000; a new subject of legislation which will have a profound impact on cyber law and electronic business in our country. As far as cognizance of offence is concerned the I.T. Act was salient on this, offences are listed under chapter IX of the Act and are dealt by section 65-67 and sections 71-74. Now section 65-67 provides for imprisonment of 3year or more, and by virtue of this, are cognizable offences as per schedule I of the criminal procedure code. However offences listed out in section 71-74 have penal provisions of up to two years, thus these offences would not at first glance be held cognizable. But, for the correct interpretation, we have to refer to the definition of ‘cognizable offences’ given under section 2(c) of the criminal procedure code it states that a cognizable offences, means a offence in which, a police officer may, in accordance with the first schedule of the code or under any other law for the time being in force, arrest without warrant. Thus offenses listed out in above mentioned sections are also cognizable offences. The Act also places additional responsibility upon the service provider and they have been made liable for almost all content on their servers. The construction of section 79 leaves much scope for harassment. The Act also has several shortcomings with reference to the entire gamete of law relating to the “intellectual property”. The Act also does not make any mention of payment mechanism for Indian companies who will have to pay foreign companies for service rendered. Another important shortcoming is the total
absence of any provision relating to “domain name” which is a very important area of cyber litigation as it amount to trademark infringement. The application of the Act will also have its share of problems as the act applies not only to Indian citizens but even to foreigners who contravene the provision of the Act with reference to India. For civil and criminal justice administration regarding I.T. Act, 2000, there are certain difficulties and defects. These are noted below:1) Whether the offences are bailable or non-bailable. 2) Whether the offending sections are compoundable or non-compoundable 3) Where these offences are triable i.e. place of trial. 4) It does not provide Specifically or clearly these offences are cognizable or noncognizable 5) Where FIR has to be lodged. 6) Who will try these offences? So with this we can say that there in need of comprehensive legislation which can cover all these aspect and there would not be any difficulties while trying the cases of cyber crime by the courts.
-: SUGGESTIONS :It can be stated that cyber law has come to meet the long felt necessity of protecting human beings from cyber crimes. In a country with illiterate and ignorant people, the statutory provisions have saved the public from untold miseries. The information technology Act has fulfilled its objective to a certain extent. But inspite of all the legislative measures, protection from the cyber crime still remains a myth. The following are the suggestions for protection against cyber crime 1. The act should be amended suitably in consonance with the development of science and technology 2. Cyber cells shall be formed in all the police stations throughout the country. Net policing is the need of the hour
3. There is an immediate need to build a high technology crime and investigation infrastructure namely the cyber army. 4. Cyber judges are the need of the day. Judiciary plays vital role for effective implementation. 5. The need of the day is the enactments of practical emerging cyber law. 6. An international law on the use of computer to curb cyber crimes and to crime free cyber space is needed. 7. Judges and police officers must be given appropriate training about cyber laws and its enforcement. 8. A Subject on cyber laws should introduced in both schools and colleges. 9. Both the central and state governments should allocate more funds for conducting research on cyber crime. 10. Cyber crime must be declared as a crime against the entire humanity. 11. Don’t use online banking when others can see you. 12. Change your password at least once a month. 13. Don’t reveal your password to anyone. 14. Do not share your passwords with anyone. 15. Do not use obvious names, numbers etc….. 16. Use a combination of numbers and lower case and capital letters. 17. Don't reply to e-mail asking personal information 18. Make sure web page has padlock symbol at the bottom right. 19. To prevent cyber stalking avoid disclosing any information pertaining to
oneself. This is as good as disclosing your identity to strangers in public place. 20. Always avoid sending any photograph online particularly to strangers and
chat friends as there have been incidents of misuse of the photographs. 21. attacks. Always use latest and up date anti virus software to guard against virus
Always keep back up volumes so that one may not suffer data loss in case
of virus contamination 23. Never send your credit card number to any site that is not secured, to guard
against frauds. 24. Always keep a watch on the sites that your children are accessing to
prevent any kind of harassment or depravation in children. 25. fatal. 26. Web site owners should watch traffic and check any irregularity on the It is better to use a security programme that gives control over the Cookies
and send information back to the site as leaving the cookies Unguarded might prove
site. Putting host-based intrusion detection devices on servers may do this 27. 28. Use of firewalls may be beneficial. Web servers running public sites must be physically separate and protected
from internal corporate network.