Professional Documents
Culture Documents
Cyber Laws
Assignment-1
B.Tech 3rd Year – V Semester
(Branch: IT)
Anurag 1 1703233
Assignment no.1
Cyber Laws
Questions:
1. Explain some encryption techniques and algorithms.
2. Answer briefly:
a. What is a domain name?
b. What is a digital signature?
c. Explain cyber law.
d. What are a few Benefits of e-commerce?
e. Explain cyber-crime with an example.
f. What is domain name resolution?
g. What is the significance of copyrights?
h. What do you understand by encryption?
i. What is ISP and what is its role?
j. Explain cyberspace and netizens.
3. What are the various legal aspects of E-Commerce?
4. Discuss the various disputes arising in domain names and their resolution.
5. Explain the Various E-Commerce Models in detail.
6. Describe role of IPR in software projects. What are various types of IPR?
7. What is the need and applicability of copyrights and patents?
8. Write short note on:
a) Cyber Crime Offences
b) Certifying Authority
Answers:
The basic function of encryption is essentially to translate normal text into ciphertext.
Encryption can help ensure that data doesn’t get read by the wrong people, but can also
ensure that data isn’t altered in transit, and verify the identity of the sender.
Encryption Techniques:-
One of the easiest methods to use in cryptography and can provide minimum security to
the information
Use of only a short key in the entire process
Anurag 2 1703233
One of the best methods to use if the system cannot use any complicated coding
techniques
Requires few computing resources
A simple example is where each letter is encrypted as the next letter in the alphabet: "a simple
message" becomes "B TJNQMF NFTTBHF". In general, when performing a simple
substitution manually, it is easiest to generate the ciphertext alphabet first, and encrypt by
comparing this to the plaintext alphabet. The table below shows how one might choose to, and
we will, lay them out for this example.
The ciphertext alphabet for the cipher where you replace each letter by the next letter in the
alphabet
There are many different monoalphabetic substitution ciphers, in fact infinitely many, as each
letter can be encrypted to any symbol, not just another letter.
The history of simple substitution ciphers can be traced back to the very earliest civisilisations,
and for a long time they were more than adequate for the purposes for which they were needed.
By today's standards they are very weak, and incredibly easy to break, but they were a very
important step in developing cryptography.
The Playfair cipher encrypts pairs of letters (digraphs), instead of single letters as is the case
with simpler substitution ciphers such as the Caesar Cipher. Frequency analysis is still
possible on the Playfair cipher, however it would be against 600 possible pairs of letters
Anurag 3 1703233
instead of 26 different possible letters. For this reason the Playfair cipher is much more
secure than older substitution ciphers, and it’s use continued up until WWII.
The playfair cipher starts with creating a key table. The key table is a 5×5 grid of letters that
will act as the key for encrypting your plaintext. Each of the 25 letters must be unique and
one letter of the alphabet (usually Q) is omitted from the table (as there are 25 spots and 26
letters in the alphabet).
Encryption Algorithms
Triple DES
Triple DES was designed to replace the original Data Encryption Standard (DES) algorithm,
which hackers learned to defeat with ease. At one time, Triple DES was the recommended
standard and the most widely used symmetric algorithm in the industry.
Triple DES uses three individual keys with 56 bits each. The total key length adds up to 168
bits, but experts say that 112-bits in key strength is more like it.
Though it is slowly being phased out, Triple DES is still a dependable hardware encryption
solution for financial services and other industries.
RSA
RSA is a public-key encryption algorithm and the standard for encrypting data sent over the
internet. It also happens to be one of the methods used in PGP and GPG programs.
Unlike Triple DES, RSA is considered an asymmetric encryption algorithm because it uses a
pair of keys. The public key is used to encrypt a message and a private key to decrypt it. It takes
attackers quite a bit of time and processing power to break this encryption code.
AES
The Advanced Encryption Standard (AES) is the algorithm trusted as the standard by the U.S.
government and many other organizations.
Anurag 4 1703233
Although it is extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for
heavy-duty encryption.
AES is considered resistant to all attacks, with the exception of brute-force attacks, which
attempt to decipher messages using all possible combinations in the 128-, 192- or 256-bit
cipher. Still, security experts believe that AES will eventually become the standard for
encrypting data in the private sector.
When you, the server, digitally sign a document, you add a one-way hash (encryption) of the
message content using your public and private key pair.
Your client can still read it, but the process creates a "signature" that only the server's public
key can decrypt. The client, using the server's public key, can then validate the sender as well
as the integrity of message contents.
Cyberlaws prevent or reduce large scale damage from cybercriminal activities by protecting
information access, privacy, communications, intellectual property (IP) and freedom of
Anurag 5 1703233
speech related to the use of the Internet, websites, email, computers, cell phones, software
and hardware, such as data storage devices.
The increase in Internet traffic has led to a higher proportion of legal issues worldwide.
Because cyberlaws vary by jurisdiction and country, enforcement is challenging, and
restitution ranges from fines to imprisonment.
Identity Theft. One common form of cyber crime is identity theft. ...
Transaction Fraud. Simple financial fraud is another common crime in the online arena.
…
Advance Fee Fraud. One common crime is the advance fee fraud. ...
Hacking. ...
Piracy. ...
Anurag 6 1703233
queries to the next step in searching authoritative servers who know the complete IP. The will
resolve the domain name.
The basic function of encryption is essentially to translate normal text into ciphertext.
Encryption can help ensure that data doesn’t get read by the wrong people, but can also
ensure that data isn’t altered in transit, and verify the identity of the sender.
ISP has a network both domestically and internationally so that the customer or the user of
the connection provided by the ISP to connect to the global Internet network.
Here in the form of network transmission medium that can stream data can be either wired
(modem, leased line, and broadband), radio, ect.
Typically, ISPs implement a monthly fee to the customer. This relationship is usually divided
into two categories:
Modem ("dial-up")
Broadband.
Dial-up connection is now widely offered for free or at a low price and require the use of
ordinary telephone wires. Relationships can be broadband ISDN, non-cable, cable modem,
DSL, satellite.
Broadband compared modem has a much faster speed and always "on", but more expensive.
Anurag 7 1703233
Connect customers to the nearest Internet gateway.
Provides a modem for dial-up.
Connecting an information service to a user of the World Wide Web (www).
Allows a user to use the services of electronic mail (e-mail).
Allows a user voice conversations via the internet.
Gave place to the homepage.
ISP do protection from the spread of the virus by applying antivirus systems for his
customers.
• Describe the key technological elements comprising electronic commerce systems • Explain
the different policy, law and regulatory aspects • Describe the issues to be examined in the
other modules in the course
• Examine the legal nature of communications • Understand the process by which contracts
are entered into using electronic commerce systems • Be aware of how legal requirements of
form may constitute obstacles to reliance on the use of electronic commerce systems •
Highlight different approaches to law reform designed to facilitate electronic commerce •
Explain the evidential problems of computer-derived evidence
3. Consumer Protection
• Be able to briefly outline issues in consumer protection law and how they apply to
eCommerce. • Identify eCommerce specific consumer protection concerns and describe
how these have been addressed. • Be able to list the information requirements and describe
the cancellation right. • State the reasons why enforcement of consumer legislation is a
Anurag 8 1703233
problem and identify some solutions. • Explain how self-regulation mechanisms can operate.
• Identify different forms of consumer ADR • Be able to define the term "spam", discuss the
problems is causes and identify some technical and legal measures to prevent spam
• Describe the different forms of intellectual property rights. • Be able to identify some of the
specific areas of eCommerce that raise issues concerning such rights. • Understand the
different issues of concern to rights-holders and users • Recognise the impact of Internet
technology on the protection of intellectual property rights
5. Content Regulation
6. Securing eCommerce
7. Privacy Online
8. Taxing eCommerce
• Be able to recognise the difference between residence and source based taxation • Detail the
problems which e-commerce poses to international tax rules • Be able to identify the key
elements the OECD and EC instruments on eCommerce and taxation • Comment on the
benefits and problems which may arise from the instruments
Anurag 9 1703233
4. Discuss the various disputes arising in domain names and their resolution.
Answer:A domain name dispute is a conflict that arises when more than one individual or
group believes it has the right to register a specific domain name. Most commonly a domain
name dispute would occur when a domain name similar to a registered trademark is
registered by an individual or organization who is not the trademark owner. All domain name
registrars must follow the ICANN's Uniform Domain-Name Dispute-Resolution Policy
(UDRP).
Disputes
Concurrent Rights
Registration is on a first come first serve basis. Simply because you have a registered trade
or service mark, have a registered company name, or have been using a trade name for a
lengthy period of time does not mean that another person with a legitimate reason for
registering the domain and who uses it in good faith must give it up. One example of this is
the Prince Sports case in which Prince Sports tried in vain to have the domain
www.prince.com transferred from Prince Computers in the UK.
Companies with trade marks have tried to bully legitimate registrants out of attractive domain
names, this has sometimes been called Reverse Domain Name Hijacking and damages can
now be awarded in the US under the US Cybersquatting Act for such practice.
Cybersquatting
These are common disputes. Cybersquatting involves the registrant having registered a name,
or names in most cases, in bad faith to gain some commercial advantage. This can involve
trying to sell it back to a party it knows would be interested in having registration of the
domain name for an inflated price or more commonly using it to direct traffic to their website
or the website of a trade competitor of the trade mark holder in return for payment of a
commission.
Gripe sites
However, it has been shown that those registering a domain name incorporating a known
trade mark and using the domain name to host a website to air legitimate grievances against
the trade mark owner can successfully defend the registration of such a domain name. To be
successful in using the dispute resolution process to acquire these domain names the trade
mark holder must demonstrate the registrant has acted in bad faith perhaps by demonstrating
some attempt to extract a commercial gain from the trade mark holder.
In a case involving www.stopecg.com, a valid site airing discontent at the business practices
of the travel guide publisher European City Guide, the domain name was not transferred.
Here it was contended that a prudent person would know that the site was criticising the
Anurag 10 1703233
company and that these were not the views of the company itself. Therefore there was no
bad faith or disparagement of the trade mark. This highlights the problems that can arise
with the domain name dispute process notably that inconsistent decisions arise as decisions
do not have to be followed in subsequent cases.
It may be that multiple domain names have been registered in a number of jurisdictions. If so
it is likely to prove costly to retrieve all the domain names. Therefore, it may be advisable to
prioritise which domain names you find particularly objectionable, e.g. it is advisable to
prioritise domain names that are likely to lose you business or damage your reputation or that
are registered for territories where you plan to trade.
If the domain name is not vital it may not be worth contesting. However, it is worthwhile
monitoring the registration date and registering the domain name if the owner lets the
registration lapse.
It may be that a letter requiring the registrant to cease and desist using the domain name may
be enough to prompt them to transfer it for no payment or for no more than out of pocket
expenses, to avoid further legal action.
However the registrant is unlikely to transfer the domain name if it is registered for a
legitimate reason or for the purposes of extorting a large sum of money from a brand
owner. Negotiating a price for the acquisition of the domain name may be the commercially
prudent solution, as a quick acquisition may prove cheaper and quicker than any litigation or
dispute resolution procedure.
The owner of the domain name may agree, probably for a small sum, to have a link which
directs internet traffic that has mistakenly arrived at their site, back to your website. As an
alternative, a disclaimer may be displayed on their website stating that it is in no way
connected to your website/business. This is more likely if the registrant has not registered the
domain name in bad faith or is involved in an unrelated trade which does not compete with
yours.
The user may be in breach of its ISP's terms and conditions, particularly if the site is being
used for illegal or immoral purposes. You could then bring this to the ISP's attention and ask
them to suspend the site. Although, the ISP cannot transfer the domain name to you, the
registrant may be more willing to transfer the domain name for a reasonable sum if holding
on to the domain proves more trouble than it is worth.
Anurag 11 1703233
Dispute Resolution
When a person registers gTLD the Uniform Dispute for Domain Names Resolution Policy
(UDRP) is automatically incorporated into the registration agreement. Some country code top
level domains (ccTLDs) such as .mx (Mexico) and .ro (Romania) have also opted into the
UDRP. Complaints can be filed with one of four of bodies, the largest of which is WIPO.
Countries not using ICANN's UDRP may use a different form of dispute resolution, e.g.
Nominet for .uk domain names. The processes for these will depend on the rules of that
country's registry; however they are often similar to the ICANN procedure. If no dispute
resolution procedure exists you may have to issue court proceedings.
Every transaction occurring over the internet for e-commerce can be classified into one
of the above types.
B2B
B2B, or Business to Business, is the largest e-commerce model. In this model, both the sellers
and buyers are business entities.
This model describes the transactions between a retailer or a wholesaler, or a wholesaler and
manufacturer.
Also, the transaction of the B2B business model is much higher than that of the B2C model.
Some of the examples of B2B models are Alibaba (world’s largest online business to the
business trading platform), Amazon business, IBM, Boeing, ExxonMobil Corporation,
and more.
Anurag 12 1703233
Features of B2B Model
B2C
The B2C business is the most common type. This is the thickest e-commerce market.
Business to consumer, known as B2C, is the most common and the thickest e-commerce
market. In this online model, the business sells to individual customers. This business model
offers direct interaction with the customers.
This model works by marketers and retailers so that they can sell their goods to internet users.
This is the traditional retail model, but the business is conducted online as opposed to in a
physical store.
Some examples of B2C models are Wal-Mart, Staples, Target, and REI.
Benefits of B2C
Features of B2C
Easy to understand
Short sales cycle
Clear target market
Lower risk and costs of entry
Potential for emotional and impulse purchases
Mass/ consumer media marketing strategy
Price-sensitive customers
C2C
B2B and B2C are easy to understand. So how does a C2C look like?
The C2C or consumer to consumer business model involves a transaction between two
consumers. It is also known as a citizen to citizen. A common example of this model would be
an online auction, where a customer or visitor posts an item for sale and other customer bids to
purchase it. However, the third party generally charges a commission.
Anurag 13 1703233
Also, having a C2C business or website requires immense planning and marketing
understands. Although the sites act as intermediaries to match the customers, they don’t check
the quality of products being posted online.
The few examples for this model include Craigslist, eBay and OLX.
Benefits of C2C
No intermediary
Low transaction cost
Round the clock availability
Wide Reach
Features of C2C
C2B
Customer to business, known as C2B, involves customers selling their services or products to
business. It is roughly the same as a sole proprietorship serving a larger business.
The one thing that differentiates C2B from other business models is that the consumers create
the value for the products. Also, the model caters to the need of freelancers, who work on tasks
given by the clients.
However, these websites require planning due to the legal complexities involved.
The examples of C2B business models include Google Adsense, Commission Junction,
and Amazon. Fotolia is also a good example of the emerging C2B model.
B2G
Business to government is also referred to as the business to administration commerce. In this
model, government and businesses use central websites to do business with each other more
efficiently than they can off the web.
This e-commerce model is also referred to public sector marketing, which means marketing
services and products to multiple government levels. With this platform, the businesses can bid
on government opportunities including tenders auctions, and application submission.
C2G
Consumer to administration or consumer to government e-commerce model enables the
consumers to post feedback or request information regarding public sectors directly to the
government administration or authorities.
For example, when you pay electricity bill through the government website, payment of health
insurance, make payment of taxes, etc.
Having understood the e-commerce business types, let us now check the business models.
Anurag 14 1703233
6. Describe role of IPR in software projects. What are various types of IPR?
Answer:-Intellectual property (IP) rights are valuable assets for your business - possibly
among the most important it possesses.
Patent
A patent is a title which provides its owner the right to prevent others from exploiting the
invention mentioned in the patent. It does not allow by itself making or selling an invention
but it rather gives the right to exclude others from making, using, selling or importing the
patented invention.
Trademark
A trademark is a sign by which a business identifies its products or services and distinguishes
them from those supplied by competitors. It can be distinctive words, marks or other features.
Its purpose is to establish in the mind of the customer a link between all the different products
and/or services that the company offers, and then distinguish them from those supplied by
competitors.
Anurag 15 1703233
Design
Designs are concerned with the features, the appearance of a part or the whole product:
two-dimensional features such as patterns, lines and/or colour
three-dimensional features such as shape, texture and/or surface of an article are
protectable by design right if they are not dictated by functional considerations.
Copyright
Copyright is a legal term describing rights given to creators for their original literary, musical
or artistic works which allow them to control their subsequent use. These include for
example:
computer software
drawings, maps, charts or plans
photographs and films
architectural works
sculptures
sound recordings
TV and radio broadcasts
Patents
According to the U.S. Patent and Trademark Office, a patent gives an inventor "the right to
exclude others from making, using, offering for sale, or selling" the patent holder's
invention within the U.S. A patent does not grant the inventor the right to manufacture or
distribute his invention, only to exclude others from doing so.
A patent gives you certain legal rights, which can deter rival businesses from using or
copying your products or inventions.
Copyrights
A copyright grants sole control of an intellectual work to the work's creator. Registered in
the Office of the Library of Congress, copyrights give creators of works, such as books,
original music and other creative properties, the exclusive right to publicly perform and
distribute copies or recordings of the copyrighted work.
Anurag 16 1703233
The copyright protects the form of expression rather than the subject matter of the writing.
For example, a description of a machine could be copyrighted, but this would only prevent
others from copying the description; it would not prevent others from writing a description of
their own or from making and using the machine. Copyrights are registered by the Copyright
Office of the Library of Congress.
According to the Constitution of the United States, the goal of government in granting
copyrights and patents is "To promote the Progress of Science and useful Arts, by securing
for limited Times to Authors and Inventors the exclusive Right to their respective Writings
and Discoveries."
Crimes that target computer networks or devices. These types of crimes include
viruses and denial-of-service (DoS) attacks.
Crimes that use computer networks to advance other criminal activities. These types
of crimes include cyberstalking, phishing and fraud or identity theft.
The FBI identifies cybercrime fugitives who have allegedly committed bank fraud and
trafficked counterfeit devices that access personal electronic information. The FBI also
provides information on how to report cybercrimes, as well as useful intelligence information
about the latest cybercriminals.
b) Certifying Authority
A Certifying Authority is a trusted body whose central responsibility is to issue, revoke, renew
and provide directories of Digital Certificates. Certifying Authority means a person who has
been granted a license to issue an Electronic Signature Certificate under section 24.
Provisions with regard to Certifying Authorities are covered under Chapter VI i.e. Sec.17 to
Sec.34 of the IT Act, 2000. It contains detailed provisions relating to the appointment and
powers of the Controller and Certifying Authorities. Controller of Certifying Authorities
(CCA)
Anurag 17 1703233
The IT Act provides for the Controller of Certifying Authorities (CCA) to license and regulate
the working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature
certificates for electronic authentication of users.
The CCA certifies the public keys of CAs using its own private key, which enables users in the
cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose it
operates, the Root Certifying Authority of India (RCAI). The CCA also maintains the National
Repository of Digital Certificates (NRDC), which contains all the certificates issued by all the
CAs in the country.
(d) specify the qualifications and experience which employees of the Certifying Authorities
should possess;
(e) specify the conditions subject to which the Certifying Authorities shall conduct their
business;
(f) specify the content of written, printed or visual material and advertisements that may be
distributed or used in respect of a Electronic Signature Certificate and the Public Key;
(g) specify the form and content of a Electronic Signature Certificate and the key;
(h) specify the form and manner in which accounts shall be maintained by the Certifying
Authorities;
(i) specify the terms and conditions subject to which auditors may be appointed and the
remuneration to be paid to them;
(j) facilitate the establishment of any electronic system by a Certifying Authority either solely
or jointly with other Certifying Authorities and regulation of such systems;
(k) specify the manner in which the Certifying Authorities shall conduct their dealings with the
subscribers;
(l) resolve any conflict of interests between the Certifying Authorities and the subscribers;
(n) maintain a data-base containing the disclosure record of every Certifying Authority
containing such particulars as may be specified by regulations, which shall be accessible to the
public. Controller has the power to grant recognition to foreign certifying authorities with the
previous approval of the Central Government, which will be subject to such conditions and
restrictions imposed by regulations.
Anurag 18 1703233