Professional Documents
Culture Documents
User Data
Bookmark
Note
Description *
Paragraph Number(s)
Select folder(s) to store bookmark *
Search
Save Bookmark
Add new note here
Website Font
A-
A
A+
Bookmark
Note
Close
Table of Contents
Full Content
Suggestive Questions
Memory Tickers
Unit I - Introduction
Introduction to Cyber Space
UNCITRAL Model Law on International Commercial Arbitration
IT Act 2008
Some of the major highlights of this act are
Important Sections
Section 43: Penalty and Compensation for damage to computer, computer system, etc
(Amended vide ITAA-2008)
Section 43 A: Compensation for failure to protect data (Inserted vide ITAA 2006)
Section 65: Tampering with Computer Source Documents
Explanation
Section 67: Punishment for publishing or transmitting obscene material in electronic form
(Amended vide ITAA 2008)
Non-repudiation
Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings (Section 55)
Appeal to Cyber Appellate Tribunal (Section 57)
Procedure and powers of the Cyber Appellate Tribunal (Section 58)
Right to Legal Representation (Section 59)
Limitation (Section 60)
Civil Court not to have jurisdiction (Section 61)
Appeal to High Court (Section 62)
Compounding of contraventions (Section 63)
Recovery of Penalty (Section 64)
Businesses
Security of E-Banking
E-banking in India
Bill payment
Funds transfer
Investing
Shopping
Loss of evidence
Cyber Criminals
Children and adolescents between the age group of 6 – 18 years
Organised hackers
Professional hackers / crackers
Discontented employees
Cyber Theft
Example
Cyber Pornography
Example
Cyber Vandalism
Use of Social Networking
Example
Cyber Stalking
Example
Cyber Laundering
Example
Cyber Terrorism
Example
Cyber Trespassing
Cyber trespassing can be done in two ways
Example
Cyber Contraband
Example
Email spoofing
Spreading Trojans, viruses and worms
Email bombing
Threatening emails
Defamatory emails
Trace email -- who sent you that email?
"Who sent you that email and where are they located?"
Data Remanence
Magnetic Disks
Optical Disks
Memory
Purging
Destroying
Magnetic Media
Optical Disks
Memory
Computer Forensics
Introduction to Computer Forensics
Importance of Computer Forensics
Electronic evidence considerations
Cyberspace
Copyright in Cyberspace
Public Performance and Display Rights
Distribution Rights
Caching (Mirroring)
Database
Websites
Thumbnails
ICANN
Structure of ICANN
Meta Tagging
Cloud Computing
Types of cloud computing
Public cloud
Private cloud
Hybrid cloud
Digital archives
Issue of Censorship
Open Net Initiative report
Countries under Surveillance
Privacy Issues
Personal Privacy
Informational Privacy
Organizational Privacy
Unit I - Introduction
Disclaimer: This subject content as provided under AIR Online Education Support Suite is only Study (Reference) Material for
supplementing your Academic Classroom (Text Book) Learning. These are not Text Books on the Law Subjects.
Important Sections
Section 43: Penalty and Compensation for damage to computer, computer system, etc (Amended vide ITAA-2008)
If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer
network
a. Accesses or secures access to such computer, computer system or computer network or computer resource (ITAA2008)
b. downloads, copies or extracts any data, computer data base or information from such computer, computer system or
computer network including information or data held or stored in any removable storage medium;
c. Introduce or causes to be introduced any computer contaminant or computer virus into any computer, computer system
or computer network;
d. damages or causes to be damaged any computer, computer system or computer network, data, computer data base or
any other program residing in such computer, computer system or computer network;
e. Disrupts or causes disruption of any computer, computer system or computer network;
f. Denies or causes the denial of access to any person authorized to access any computer, computer system or computer
network by any means;
g. provides any assistance to any person to facilitate access to a computer, computer system or computer network in
contravention of the provisions of this Act, rules or regulations made there under,
h. Charges the services availed of by a person to the account of another person by tampering with or manipulating any
computer, computer system, or computer network,
i. Destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it
injuriously by any means (Inserted vide ITAA-2008)
j. Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used
for a computer resource with an intention to cause damage, (Inserted vide ITAA 2008)he shall be liable to pay damages by
way of compensation not exceeding one crore rupees to the person so affected. (Change vide ITAA 2008)
2. "Computer Database" means a representation of information, knowledge, facts, concepts or instructions in text,
image, audio, video that are being prepared or have been prepared in a formalized manner or have been produced by a
computer, computer system or computer network and are intended for use in a computer, computer system or computer
network;
3. "Computer Virus" means any computer instruction, information, data or program that destroys, damages, degrades or
adversely affects the performance of a computer resource or attaches itself to another computer resource and operates
when a program, data or instruction is executed or some other event takes place in that computer resource;
4. "Damage" means to destroy, alter, delete, add, modify or re-arrange any computer resource by any means.
5. "Computer Source code" means the listing of program, computer commands, design and layout and program analysis of
computer resource in any form (Inserted vide ITAA 2008)
Section 43 A: Compensation for failure to protect data (Inserted vide ITAA 2006)
Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it
owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby
causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation,
not exceeding five crore rupees, to the person so affected. (Change vide ITAA 2008)
Explanation: For the purposes of this section
1. "Body corporate" means any company and includes a firm, sole proprietorship or other association of individuals
engaged in commercial or professional activities
2. "reasonable security practices and procedures" means security practices and procedures designed to protect such
information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an
agreement between the parties or as may be specified in any law for the time being in force and in the absence of such
agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central
Government in consultation with such professional bodies or associations as it may deem fit.
3. "Sensitive personal data or information" means such personal information as may be prescribed by the Central
Government in consultation with such professional bodies or associations as it may deem fit.
Section 65: Tampering with Computer Source Documents
Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or
alter any computer source code used for a computer, computer program, computer system or computer network, when the computer
source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to
three years, or with fine which may extend up to two lakh rupees, or with both.
Explanation
For the purposes of this section, "Computer Source Code" means the listing of program, Computer Commands, Design and layout
and program analysis of computer resource in any form.
Section 66: Computer Related Offences (Substituted vide ITAA 2008)
If any person, dishonestly, or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a
term which may extend to two three years or with fine which may extend to five lakh rupees or with both.
Explanation
The word "dishonestly" shall have the meaning assigned to it in section 24 of the Indian Penal Code;
The word "fraudulently" shall have the meaning assigned to it in section 25 of the Indian Penal Code.
Section 66 A: Punishment for sending offensive messages through communication service etc (Introduced vide ITAA 2008)
Any person who sends, by means of a computer resource or a communication device,
a. any information that is grossly offensive or has menacing character; or
b. any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger,
obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such
computer resource or a communication device,
c. any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or
to mislead the addressee or recipient about the origin of such messages (Inserted vide ITAA 2008) shall be punishable
with imprisonment for a term which may extend to two three years and with fine.
Explanation: For the purposes of this section, terms "Electronic mail" and "Electronic Mail Message" means a message or
information created or transmitted or received on a computer, computer system, computer resource or communication device
including attachments in text, image, audio, video and any other electronic record, which may be transmitted with the message.
Section 66 B: Punishment for dishonestly receiving stolen computer resource or communication device (Inserted Vide ITA 2008)
Whoever dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to
believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either
description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.
Section 66C: Punishment for identity theft. (Inserted Vide ITA 2008)
Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of
any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall
also be liable to fine which may extend to rupees one lakh.
Section 66D: Punishment for cheating by personation by using computer resource (Inserted Vide ITA 2008)
Whoever, by means of any communication device or computer resource cheats by personating, shall be punished with
imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to
one lakh rupees.
Section 66E : Punishment for violation of privacy. (Inserted Vide ITA 2008)
Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her
consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three
years or with fine not exceeding two lakh rupees, or with both
Explanation.- For the purposes of this section:
a. “Transmit” means to electronically send a visual image with the intent that it be viewed by a person or persons;
b. “Capture”, with respect to an image, means to videotape, photograph, film or record by any means;
c. “Private area” means the naked or undergarment clad genitals, pubic area, buttocks or female breast;
d. “Publishes” means reproduction in the printed or electronic form and making it available for public;
e. “Under circumstances violating privacy” means circumstances in which a person can have a reasonable expectation that
—
1. He or she could disrobe in privacy, without being concerned that an image of his private area was being
captured; or
2. Any part of his or her private area would not be visible to the public, regardless of whether that person is in a
public or private place.
1. Whoever,-
1. With intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or
any section of the people by –
1. Denying or cause the denial of access to any person authorized to access computer resource or
2. Attempting to penetrate or access a computer resource without authorization or exceeding authorized
access; or
3. Introducing or causing to introduce any Computer Contaminant.
and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or
disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or
adversely affect the critical information infrastructure specified under section 70, or
A. knowingly or intentionally penetrates or accesses a computer resource without authorization or exceeding authorized
access, and by means of such conduct obtains access to information, data or computer database that is restricted for
reasons of the security of the State or foreign relations; or any restricted information, data or computer database, with
reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause
injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign
States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to
the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.
2.Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to
imprisonment for life’.
Section 67: Punishment for publishing or transmitting obscene material in electronic form (Amended vide ITAA 2008)
Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the
prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant
circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment
of either description for a term which may extend to two three years and with fine which may extend to five lakh rupees and in the
event of a second or subsequent conviction with imprisonment of either description for a term which may extend to five years and
also with fine which may extend to ten lakh rupees.
Section 67 A: Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form (Inserted vide
ITAA 2008)
Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains
sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which
may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction
with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten
lakh rupees.
Exception: This section and section 67 does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or
figure in electronic form-
1. the publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet,
paper, writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other
objects of general concern; or
2. Which is kept or used bona fide for religious purposes?
Section 67 B : Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form.
Whoever,-
a. Publishes or transmits or causes to be published or transmitted material in any electronic form which depicts children
engaged in sexually explicit act or conduct or
b. Creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes
material in any electronic form depicting children in obscene or indecent or sexually explicit manner or
c. Cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or
in a manner that may offend a reasonable adult on the computer resource or
d. Facilitates abusing children online or
e. Records in any electronic form own abuse or that of others pertaining to sexually explicit act with children,shall be
punished on first conviction with imprisonment of either description for a term which may extend to five years and with a
fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either
description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.
Provided that the provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing,
drawing, painting, representation or figure in electronic form-
1. The publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet,
paper writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other
objects of general concern; or
2. Which is kept or used for bona fide heritage or religious purposes
Explanation: For the purposes of this section, "children" means a person who has not completed the age of 18 years.
Section 67 C: Preservation and Retention of information by intermediaries
1. Intermediary shall preserve and retain such information as may be specified for such duration and in such manner and
format as the Central Government may prescribe.
2. Any intermediary who intentionally or knowingly contravenes the provisions of sub section (1) shall be punished with
an imprisonment for a term which may extend to three years and shall also be liable to fine.
Explanation: For the purposes of this section, "Critical Information Infrastructure" means the computer resource, the incapacitation
or destruction of which, shall have debilitating impact on national security, economy, public health or safety. (Substituted vide
ITAA-2008)
1. The appropriate Government may, by order in writing, authorize the persons who are authorized to access protected
systems notified under sub-section (1).
2. Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of
this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall
also be liable to fine.
3. The Central Government shall prescribe the information security practices and procedures for such protected system.
(Inserted vide ITAA 2008)
Section 70 A: National nodal agency. (Inserted vide ITAA 2008)
1. The Central Government may, by notification published in the official Gazette, designate any organization of the
Government as the national nodal agency in respect of Critical Information Infrastructure Protection.
2. The national nodal agency designated under sub-section (1) shall be responsible for all measures including Research
and Development relating to protection of Critical Information Infrastructure.
3. The manner of performing functions and duties of the agency referred to in sub-section (1) shall be such as may be
prescribed.
Section 70 B: Indian Computer Emergency Response Team to serve as national agency for incident response
1. The Central Government shall, by notification in the Official Gazette, appoint an agency of the government to be called
the Indian Computer Emergency Response Team.
2. The Central Government shall provide the agency referred to in sub-section (1) with a Director General and such other
officers and employees as may be prescribed.
3. The salary and allowances and terms and conditions of the Director General and other officers and employees shall be
such as may be prescribed.
4. The Indian Computer Emergency Response Team shall serve as the national agency for performing the following
functions in the area of Cyber Security,-
a. Collection, analysis and dissemination of information on cyber incidents
b. Forecast and alerts of cyber security incidents
c. Emergency measures for handling cyber security incidents
d. Coordination of cyber incidents response activities
e. Issue guidelines, advisories, vulnerability notes and white papers relating to information security practices,
procedures, prevention, response and reporting of cyber incidents
f. Such other functions relating to cyber security as may be prescribed
5. The manner of performing functions and duties of the agency referred to in sub-section (1) shall be such as may be
prescribed.
6. For carrying out the provisions of sub-section (4), the agency referred to in sub-section (1) may call for information
and give direction to the service providers, intermediaries, data centers, body corporate and any other person
7. Any service provider, intermediaries, data centers, body corporate or person who fails to provide the information called
for or comply with the direction under sub-section (6) , shall be punishable with imprisonment for a term which may
extend to one year or with fine which may extend to one lakh rupees or with both.
8. No Court shall take cognizance of any offence under this section, except on a complaint made by an officer authorized
in this behalf by the agency referred to in sub-section (1)
Section 74: Publication for fraudulent purpose
Whoever knowingly creates publishes or otherwise makes available an Electronic Signature Certificate for any fraudulent or
unlawful purpose shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend
to one lakh rupees, or with both
Section79:Exemption from liability of intermediary in certain cases
1. Notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-sections
(2) and (3), an intermediary shall not be liable for any third party information, data, or communication link hosted by him.
(Corrected vide ITAA 2008)
2. The provisions of sub-section (1) shall apply if-
a. The function of the intermediary is limited to providing access to a communication system over which
information made available by third parties is transmitted or temporarily stored; or
b. The intermediary does not:
1. initiate the transmission,
2. Select the receiver of the transmission, and
3. Select or modify the information contained in the transmission
c. The intermediary observes due diligence while discharging his duties under this Act and also observes such
other guidelines as the Central Government may prescribe in this behalf (Inserted Vide ITAA 2008)
Explanation: - For the purpose of this section, the expression ”third party information" means any information dealt with by an
intermediary in his capacity as an intermediary.
Section 79A : Central Government to notify Examiner of Electronic Evidence
The Central Government may, for the purposes of providing expert opinion on electronic form evidence before any court or other
authority specify, by notification in the official Gazette, any department, body or agency of the Central Government or a State
Government as an Examiner of Electronic Evidence.
Explanation:- For the purpose of this section, "Electronic Form Evidence" means any information of probative value that is either
stored or transmitted in electronic form and includes computer evidence, digital audio, digital video, cell phones, digital fax
machines".
Jurisdictional Issues in Cyberspace
One of the advantages of the Internet over other methods of communication and commerce is that it enables access to a much
wider, even a worldwide, audience. Spatial distance and national borders are irrelevant to the creation of an Internet business,
many of which are conceived for the express purpose of expanding sales horizons across borders. In a sense, a person can be
everywhere in the world, all at once. This ease of communication raises a vital legal question, however: when a person puts up a
website on his home server and allows access to it from all points on the globe, does he subject himself to the governance of every
law- and rule-maker in the world? Under the current system, in order to decide what state's or nation's laws govern disputes that
arise over Internet issues, a court first must decide "where" Internet conduct takes place, and what it means for Internet activity to
have an "effect" within a state or nation.
Even apart from the Internet, this border-centric view of the law creates certain difficulties in an economy moving toward
globalization. Entire bodies of law have been developed by every nation to deal with the resolution of international conflicts of
law, conflicts that arise when geography and citizenship would allow a dispute to be decided by the laws of more than one country,
and the laws of those countries are not consistent with each other. Conflicts of law are particularly likely to arise in cyberspace,
where the location of an occurrence is never certain, where ideological differences are likely to create conflicting laws, and where
rules are made not only by nations and their representatives, but also by sub-national and transnational institutions.
The test currently in force Internationally
There is little dispute that nation-states can prosecute Internet users (or anyone else, for that matter), whatever their location, for
revealing national secrets, falsifying official documents, or inciting war. These activities threaten national security, wherever they
are committed, and therefore fall under international standards for jurisdiction. Similarly, it is a universal crime to publicly incite
torture or genocide. These universal offenses may be prosecuted extraterritorially by any nation, regardless of the citizenship or
location of the user.
These are easy cases, however. Nations may also be interested in enforcing non-universal laws extraterritorially; for example, In
Germany, it is illegal to import distribute material espousing a Nazi or Neo-Nazi viewpoint. Such material is not difficult to find in
USENet or on the World Wide Web. German authorities may be interested not only in interpreting German laws to classify
Internet viewing as "importation" of material, but also (in part because of the difficulty of locating those who break an importation
statute without leaving their own homes) in prosecuting those who make such material available to Germans via the Internet. If
German authorities attempted to prosecute a U.S. citizen r resident for such an offense, however, they would be met with great
opposition by the U.S., which certainly would not enforce any judgment against the U.S. citizen in such a case, because the
German statute violates U.S. Constitutional principles. Under U.S. law, because it would be prohibitively difficult to prevent
German users from viewing such a site and therefore the result of such a prosecution would be to chill otherwise legal (if
unpleasant) speech in the U.S. Under the current system, it is possible to envision that German courts may have jurisdiction over
Americans who publish such material, even though the material may not be "purposefully directed" (one interpretation of the
American standard ) toward Germany in the way a mailing of flyers would be.
The U.S. courts apply the same "effects" test to foreign parties as to American parties. If minimum contacts exist, parties from
other countries may be hauled into court in the United States just as parties from one state may be hauled into another. Similarly,
Americans may be tried by courts in other countries depending on the rules of that country. Although each country's laws are
different, most rely on some sort of "effects" test resembling the U.S. test, whereby a party is subject to jurisdiction in a place
where his conduct has an effect. This jurisdiction traditionally is subject to a "reasonableness" test. According to section 421 of the
Restatement (Third) of the Foreign Relations Law of the U.S., exercise of jurisdiction is generally reasonable if the party is a
citizen, resident, or domiciliary of the state, or if:
....(g) the person, whether natural or personal, has consented to the exercise of jurisdiction;
(h) the person, whether natural or juridical, regularly carries on business in the state;
(i) the person, whether natural or juridical, had carried on activity in the state, but only in respect of such activity;
(j) the person, whether natural or juridical, had carried on outside the state an activity having a substantial, direct, and
foreseeable effect within the state, but only in respect of such activity; or
(k)the thing that is the subject of adjudication is owned, possessed, or used in the state, but only in respect of a claim reasonably
connected with that thing.
This standard differs somewhat from the U.S. standard for interstate exercise of jurisdiction; for example, transitory presence
(known as "tag" jurisdiction), accepted in the U.S., is not generally accepted as a method of international jurisdiction.
Every nation has an obligation to exercise moderation and restraint in invoking jurisdiction over cases that have a foreign element,
and they should avoid undue encroachment on the jurisdiction of other States. Although countries are given great discretion in
deciding whether to exercise jurisdiction over conduct in other countries, international law dictates that a country exercising its
jurisdiction in an overly self-centered way not only contravenes international law, but can also "disturb the international order and
produce political, legal, and economic reprisals."
Based on this traditional moderation, and the relatively high threshold of the "reasonableness" standard discussed above, it is
unlikely that foreign nations will have the sort of long-arm power over citizens of other nations as states have over citizens of other
states within the U.S. today. Scholars have suggested that individual persons and small commercial entities whose only contacts
with a nation are on-line are, in all likelihood, more insulated from international jurisdiction than they are from interstate
jurisdiction. This is largely speculative, however, because international Internet jurisdiction cases have thus far been rare, and
nations have not hesitated to pass laws conferring global jurisdiction for Internet activities.
Digital or Electronic Signature
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital
signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a
known sender (authentication), and that the message was not altered in transit (integrity).
Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution,
financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering.
Digital signatures are often used to implement electronic signatures, which includes any electronic data that carries the intent of a
signature, but not all electronic signatures use digital signatures. In some countries, including the United States, Algeria, Turkey,
India, Brazil, Indonesia, Mexico, Saudi Arabia, Uruguay, Switzerland and the countries of the European Union, electronic
signatures have legal significance.
Digital signatures employ asymmetric cryptography. In many instances they provide a layer of validation and security to messages
sent through a non-secure channel: Properly implemented, a digital signature gives the receiver reason to believe the message was
sent by the claimed sender. Digital seals and signatures are equivalent to handwritten signatures and stamped seals. Digital
signatures are equivalent to traditional handwritten signatures in many respects, but properly implemented digital signatures are
more difficult to forge than the handwritten type. Digital signature schemes, in the sense used here, are cryptographically based,
and must be implemented properly to be effective. Digital signatures can also provide non-repudiation, meaning that the signer
cannot successfully claim they did not sign a message, while also claiming their private key remains secret. Further, some non-
repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid.
Digitally signed messages may be anything representable as a bitstring: examples include electronic mail, contracts, or a message
sent via some other cryptographic protocol.
Definition of Digital Signature
A digital signature scheme typically consists of 3 algorithms;
A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The
algorithm outputs the private key and a corresponding public key.
A signing algorithm that, given a message and a private key, produces a signature.
A signature verifying algorithm that, given the message, public key and signature, either accepts or rejects the
message's claim to authenticity.
Two main properties are required. First, the authenticity of a signature generated from a fixed message and fixed private key can be
verified by using the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for
a party without knowing that party's private key. A digital signature is an authentication mechanism that enables the creator of the
message to attach a code that acts as a signature. The Digital Signature Algorithm (DSA), developed by the National Institute of
Standards and Technology, is one of many examples of a signing algorithm.
History of Digital Signature
In 1976, Whitfield Diffie and Martin Hellman first described the notion of a digital signature scheme, although they only
conjectured that such schemes existed based on functions that are trapdoor one-way permutations. Soon afterwards, Ronald Rivest,
Adi Shamir, and Len Adleman invented the RSA algorithm, which could be used to produce primitive digital signatures (although
only as a proof-of-concept – "plain" RSA signatures are not secure). The first widely marketed software package to offer digital
signature was Lotus Notes 1.0, released in 1989, which used the RSA algorithm.
Other digital signature schemes were soon developed after RSA, the earliest being Lamport signatures, Merkle signatures (also
known as "Merkle trees" or simply "Hash trees"), and Rabin signatures.
In 1988, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to rigorously define the security requirements of
digital signature schemes. They described a hierarchy of attack models for signature schemes, and also presented the GMR
signature scheme, the first that could be proved to prevent even an existential forgery against a chosen message attack which is the
currently accepted security definition for signature schemes. The first such scheme which is not built on trapdoor functions but
rather on a family of function with a much weaker required property of one-way permutation was presented by Moni Naor and
Moti Yung.
Application of Digital Signature
As organizations move away from paper documents with ink signatures or authenticity stamps, digital signatures can provide
added assurances of the evidence to provenance, identity, and status of an electronic document as well as acknowledging informed
consent and approval by a signatory. The United States Government Printing Office (GPO) publishes electronic versions of the
budget, public and private laws, and congressional bills with digital signatures. Universities including Penn State, University of
Chicago, and Stanford are publishing electronic student transcripts with digital signatures.
Reasons for applying a Digital Signature
Below are some common reasons for applying a digital signature to communications:
Authentication
Although messages may often include information about the entity sending a message, that information may not be accurate.
Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to
a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender
authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the
central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly
sent from an authorized source, acting on such a request could be a grave mistake.
Integrity
In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered
during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message
without understanding it. (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if
a message is digitally signed, any change in the message after signature invalidates the signature. Furthermore, there is no efficient
way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be
computationally infeasible by most cryptographic hash functions (see collision resistance).
Non-repudiation
Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of digital signatures. By this property, an
entity that has signed some information cannot at a later time deny having signed it. Similarly, access to the public key only does
not enable a fraudulent party to fake a valid signature.
Note that these authentication, non-repudiation etc. properties rely on the secret key not having been revoked prior to its usage.
Public revocation of a key-pair is a required ability, else leaked secret keys would continue to implicate the claimed owner of the
key-pair. Checking revocation status requires an "online" check; e.g., checking a certificate revocation list or via the Online
Certificate Status Protocol. Very roughly this is analogous to a vendor who receives credit-cards first checking online with the
credit-card issuer to find if a given card has been reported lost or stolen. Of course, with stolen key pairs, the theft is often
discovered only after the secret key's use, e.g., to sign a bogus certificate for espionage purpose.
Regulation of Certifying Authority
As per Section 18 of The Information Technology Act, 2000 provides the required legal sanctity to the digital signatures based on
asymmetric cryptosystems. The digital signatures are now accepted at par with handwritten signatures and the electronic
documents that have been digitally signed are treated at par with paper documents.
The IT Act provides for the Controller of Certifying Authorities(CCA) to license and regulate the working of Certifying
Authorities. The Certifying Authorities (CAs) issue digital signature certificates for electronic authentication of users.
The Controller of Certifying Authorities (CCA) has been appointed by the Central Government under section 17 of the Act for
purposes of the IT Act. The Office of the CCA came into existence on November 1, 2000. It aims at promoting the growth of E-
Commerce and E- Governance through the wide use of digital signatures.
The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority (RCAI) of India under section 18(b)
of the IT Act to digitally sign the public keys of Certifying Authorities (CA) in the country. The RCAI is operated as per the
standards laid down under the Act.
The CCA certifies the public keys of CAs using its own private key, which enables users in the cyberspace to verify that a given
certificate is issued by a licensed CA. For this purpose it operates, the Root Certifying Authority of India(RCAI). The CCA also
maintains the Repository of Digital Certificates, which contains all the certificates issued to the CAs in the country.
Provisions relating to Certifying Authority
1. The Central Government may, by notification in the Official Gazette, appoint a Controller of Certifying Authorities for
the purposes of this Act and may, also by the same or subsequent notification, appoint such number of Deputy Controllers
and Assistant Controllers as it deems fit.
2. The Controller shall discharge his functions under this Act subject to the general control and directions of the Central
Government.
3. The Deputy Controllers and Assistant Controllers shall perform functions assigned to them by the Controller under the
general superintendence and control of the Controller.
4. The qualifications, experience and terms and conditions of service of Controller, Deputy Controllers and Assistant
Controller shall be such as may be prescribed by the Central Government.
5. The Head Office and Branch Officer of the officer of the Controller shall be at such places as the Central Government
may specify, and these may be established at such places as the Central Government may think fit.
6. There shall be a seal of the Office of the Controller.
The Controller may perform all or any of the following function, namely:-
a. exercising supervision over the activities of Certifying Authorities;
b. certifying public keys of the Certifying Authorities;
c. laying down the standards to be maintained by Certifying Authorities;
d. specifying the qualifications and experience which employees of the Certifying Authorities should possess;
e. specifying the conditions subject to which the Certifying Authority shall conduct their business;
f. specifying the contents of written, printed or visual materials and advertisements that may be distributed or used in
respect of a Digital Signature Certificate and the public key;
g. specifying the form and content of a Digital Signature Certificate and the key;
h. specifying the form the manner in which accounts shall be maintained by the Certifying Authorities;
i. specifying the terms and conditions subject to which auditors may be appointed and the remuneration to be paid to
them;
j. facilitating the establishment of any electronic system by a Certifying Authority either solely or jointly with other
Certifying Authorities and regulation of such system;
k. specifying the manner in which the Certifying Authorities shall conduct their dealings with the subscribers;
l. resolving any conflict of interests between the Certifying Authorities and the subscribers;
m. laying down the duties of the Certifying Authorities;
n. maintaining a data-base containing the disclosure record of ever Certifying Authority containing such particulars as
may be specified by regulations which shall be accessible to public.
1. Subject to such conditions and restrictions as may be specified, by regulations, the Controller may, with the previous
approval of the Central Government, and by notification in the Official Gazette, recognise any Certifying Authority as a
Certifying Authority for the purposes of this Act.
2. Where any Certifying Authority is recognised under sub-section (1), the Digital Signature Certificate issued by such
Certifying Authority shall be valid for the purposes of this Act.
3. The Controller may if he is satisfied that any Certifying Authority has contravened any of the conditions and
restrictions subject to which it was granted recognition under sub-section (1), he may, for reasons to be recorded in
writing, by notification in the Official Gazette, revoke such recognition.
1. The Controller shall be the repository of all Digital Signature Certificates issued under this Act.
2. The Counter shall-
a. make use of hardware, software and procedures that are secure from intrusion and misuse;
b. observe such other standards as may be prescribed by the Central Government.
To ensure that the secrecy and security of the digital signatures are assured.
1. The Controller shall maintain a computerized data-base of all public keys in such a manner that such database and the
public keys are available to any member of the public.
1. Subject to the provisions of sub-section (2), any person may make an application to the Controller for a license to issue
Digital Signature Certificates.
2. No license shall be issued under sub-section (1), unless the applicant fulfills such requirements with respect to
qualification, expertise, manpower, financial resources and other infrastructure facilities, which are necessary to issue
Digital Signature Certificates as may be prescribed by the Central Government.
3. A license granted under this section shall-
1. The Controller or any officer authorized by him in this behalf shall take up for investigation any contravention of the
provisions of this Act, rules or regulations made thereunder.
2. The controller or any officer authorized by him in this behalf shall exercise the like powers which are conferred on
Income-tax authorities under Chapter XIII of the Income-tax Act, 1961, (43 of 1961), and shall exercise such powers,
subject to such limitations laid down under that Act.
a. he holds office until the expiry of three months from the date the Central Government receives such notice (unless the
Government permits him to relinquish his office sooner), OR
b. he holds office till the appointment of a successor, OR
c. until the expiry of his office; whichever is earlier.
1. In case of proven misbehavior or incapacity, the Central Government can pass an order to remove the Presiding Officer
of the Cyber Appellate Tribunal. However, this is only after the Judge of the Supreme Court conducts an inquiry where
the Presiding Officer is aware of the charges against him and has a reasonable opportunity to defend himself.
2. The Central Government can regulate the procedure for investigation of misbehavior or incapacity of the Presiding
Officer.
Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings (Section 55)
According to this section, no order of the Central Government appointing any person as the Presiding Officer of the Tribunal can
be questioned in any manner. Further, no one can question any proceeding before a Cyber Appellate Tribunal in any manner
merely on the grounds of any defect in the Constitution of the Tribunal.
Appeal to Cyber Appellate Tribunal (Section 57)
1. Subject to the provisions of sub-section (2), a person not satisfied with the Controller or Adjudicating Officer’s order
can appeal to the Cyber Appellate Tribunal having jurisdiction in the matter.
2. No appeal shall lie to the Cyber Appellate Tribunal from an order made by an adjudicating officer with the consent of
the parties.
3. The person filing the appeal must do so within 25 days from the date of receipt of the order from the Controller or
Adjudicating Officer. Further, he must accompany the appeal with the prescribed fees. However, if the Tribunal is
satisfied with the reasons behind the delay of filing the appeal, then it may entertain it even after the expiry of 25 days.
4. On receiving an appeal under sub-section (1), the Tribunal gives an opportunity to all the parties to the appeal to state
their points, before passing the order.
5. The Cyber Appellate Tribunal sends a copy of every order made to all the parties to the appeal and the concerned
Controller or adjudicating officer.
6. The Tribunal tries to expeditiously deal with the appeals received under sub-section (1). It also tries to dispose of the
appeal finally within six months of receiving it.
1. Every proceeding before the Cyber Appellate Tribunal is like a judicial proceeding within the meaning of sections 193
and 228 and for the purposes of section 196 of the Indian Penal Code. Further, the Tribunal is like a Civil Court for the
purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973.
List of references
Sr.No Details
1 Nandan Kamath - Law Relating to Computer - Internet and E-Commerce
2 S.K. Verma & Raman Mital - Legal Dimensions of Cyber Space
3 Rahul Mahathan - The Law relating to Computer and Internet
Disclaimer: This subject content as provided under AIR Online Education Support Suite is only Study (Reference) Material for
supplementing your Academic Classroom (Text Book) Learning. These are not Text Books on the Law Subjects.
It was also held by the Appellate Division of Superior Court of New Jersey, that by clicking the “I Agree” option given in the
dialogue box the plaintiff has entered into a valid and binding contract and can be made liable for the terms and conditions laid
down in the contract. Click wrap agreements are thus valid and enforceable in US as long as the offer and acceptance rule is taken
into consideration.
In the year 2015, an initiative known as ‘Digital India’ was launched launched to ensure that government services available to the
citizens of our country in any electronic way which will lead to the improvement of online infrastructure and internet connectivity
in our country. The initiative of Digital India aims to connect rural areas with high speed internet networks and consists of three
components such as the creation of digital infrastructure, Delivery of services digitally and digital literacy. Its main object is to
make our country digitally empowered in the field of technology.
With the wide spread expansion and globalization of technology, existence of online contract has become regular in our life right
from buying daily groceries from the market to withdrawing money from an ATM. Electronic contracts by use of technology is
much cost effective and delay can be instantly removed in comparison to traditional paper based contracts. There is less chance of
committing errors as it is much automated. It provides an opportunity to the seller to reach millions of consumers irrespective of
distance and most importantly without the involvement of middlemen or any brokers.
The Indian Contract Act, 1872 provides a basic contractual rule that a contract is valid if it is made by competent parties out of
their free consent for a lawful object and consideration. There is no specific way of communicating offer and acceptance; it can be
done verbally, in writing or even by conduct. Thus oral contracts are as valid as written contracts; the only condition is they should
posses all the essentials of a valid contract. It was held in the case of Bhagwandas Goverdhandas Kedia v. Girdharilal
Parshottamdas [AIR 1966 SC 543], “that ordinarily, it is the acceptance of offer and intimidation of that acceptance which results
in a contract. This intimation must be by some external manifestation which the law regards as sufficient. Hence, even in the
absence of any specific legislation validating e-contracts cannot be challenged because they are as much valid as a traditional
contract is.”
An online contract is simply a communication between two parties in regard to transfer of goods/services. And as per Indian
Evidence Act any e- mail communication and other communication made electronically is recognized as valid evidence in a Court
of law. By considering the points, it can be concluded that the contract that follows the communication is valid too and Indian law
thus recognizes the validity of online contracts.
The citizens of India are encouraging the concept of Digital India, but there are no definite legislations relating to the transactions
done over computerized communication networks. Several laws such as The Indian Contract Act, 1872, Information Technology
Act, 2000, Indian Copyright Act, 1957 and the Consumer Protection Act, 1986 to some extent are working and acting on resolving
issues that arise relating to the formation and validation of online contracts. The Information Technology Act, 2000 is the Act that
governs the transactions conducted over internet and explains the considerable mode of acceptance of the offer and provides the
rules for revocation of offer and acceptance in a vague or indefinite manner. Hence, a separate law for regulating contracts based
on electronic devices is highly recommended.
Evidentiary Value of Online Contract
In a country like India, where the literacy rate is not so high, the concept of ‘Digital India’ is a far reach. People still feel insecure
to do online based transactions mainly because the terms and conditions of such contracts are not transparent. Another major issue
is the nature of the law governing the electronic contracts. Even if the IT Act, 2000 has legalized electronic contracts, there are no
definite provisions mentioned in the Act.
Documents are mainly registered for conservation of evidence, assurance of title and to protect oneself from fraud. The evidentiary
value of electronic contracts has been given recognition and can be understood in the light of various sections of Indian Evidence
Act. Sec 65B of the Indian Evidence Act deals with the admissibility of electronic records. As per Sec 65B of the Indian Evidence
Act any information contained in an electronic record produced by the computer in printed, stored or copied form shall deemed to
be a document and it can be admissible as an evidence in any proceeding without further proof of the original subject to following
conditions are satisfied such as the computer from where it was produced was in regular use by a person having lawful control
over the system at the time of producing it, during the ordinary course of activities the information was fed into the system on a
regular basis, the output computer was in a proper operating condition and have not affected the accuracy of the data entered.
Section 85A, 85B, 88A, 90A and 85C of the Indian Evidence Act deal with the presumptions as to electronic records. Sec 85A has
been inserted later to confirm the validity of electronic contracts. It says that any electronic record in the form of electronic
agreement is concluded and gets recognition the moment a digital signature is affixed to such record. The presumption of
electronic record is valid only in case of five years old record and electronic messages that fall within the range of Section 85B,
Section 88A and Section 90A of Indian Evidence Act.
Remedies for Breach of Online Contract
There is no specific rule in case of breach of online contract but the rules regarding remedies for breach of contract can be
followed as provided in The Indian Contract Act. A valid contract gives rise to co- relative rights and obligations and they are
enforceable in the court of law when infringed on breach of contract. The Contract Act mainly talks about two remedies for the
breach of contract such as Damages and Quantum Merit. But few other remedies are also available as provided in the Specific
Relief Act such as specific performance of contract and injunction restraining the other party from making a breach of contract.
Sec 73 and Sec 74 of the Indian Contract Act, 1872 deals with the rules regarding the remedy of damages on breach of contract.
The person whose rights are infringed by the breach of contract may bring an action for damages or compensation in terms of
monetary value for the loss suffered by the party. There are two main aspects to be considered when any action of damages i.e
remoteness of damage and measure of damage. Sec 73 to 75 provides rules regarding the assessment of damages based on the
famous case Hadley vs. Baxendale [(1854) EWHC J70]. According to the rules laid down in this case, there can be damages which
naturally arose on the usual course of things from such breach of contract and can be called ordinary damages and secondly,
damages for loss arose from special circumstances i.e special damages. There are also other kinds of damages mentioned in the
Act such as nominal damage, pre- contract expenditure, compensation for mental agony and liquidated damages. Nominal
damages are those substantial damages awarded by the Court in recognition of right of the aggrieved party in cases where the party
has not suffered any monetary loss on the breach of contract. Whereas, pre- contract expenditure may be recovered as damages if
such is within the knowledge of the parties. Liquidated damages are those pre-determined damages decided by the parties at the
time of formation of the contract i.e amount of compensation payable in the event of breach of such contract.
When a person has done some work under a contract and the other party repudiates the contract or at the occurrence of an event
that makes further performance of the contract impossible, the party who has performed his work can claim remuneration for the
work already done. And under such circumstances the party can file suit upon quantum merit and claim for the value of work he
has done.
E-Banking and E-Banking Transactions
Online banking, also known as internet banking, is an electronic payment system that enables customers of a bank or other
financial institution to conduct a range of financial transactions through the financial institution's website. The online banking
system will typically connect to or be part of the core banking system operated by a bank and is in contrast to branch banking
which was the traditional way customers accessed banking services.
Some banks operate as a "direct bank" (or “virtual bank”), where they rely completely on internet banking.
Internet banking software provides personal and corporate banking services offering features such as viewing account balances,
obtaining statements, checking recent transaction and making payments.
Emergence of computer banking
The first known deployment of home computer banking to consumers came in December 1980 at United American Bank, a
community bank headquartered in Knoxville, Tenn. United American partnered with Radio Shack to produce a secure custom
modem for its TRS-80 computer that would allow bank customers to access account information securely. Services available in its
first year included bill pay, account balance checks, and loan applications, as well as game access, budget and tax calculators and
daily newspapers. Thousands of customers paid $25-30 per month for the service.
Large banks, many working on parallel tracks to United American, followed in 1981 when four of New York's major banks
(Citibank, Chase Manhattan, Chemical and Manufacturers Hanover) offered home banking services using the videotex system.
Because of the commercial failure of videotex, these banking services never became popular except in France (where the use of
videotex (Minitel) was subsidised by the telecom provider) and the UK, where the Prestel system was used.
The developers of United American Bank's first-to-market computer banking system aimed to license it nationally, but they were
overtaken by competitors when United American failed in 1983 as a result of loan fraud on the part of bank owner Jake Butcher,
the 1978 Tennessee Democratic nominee for governor and promoter of the 1982 Knoxville World's Fair. First Tennessee Bank,
which purchased the failed bank, did not attempt to develop or commercialize the computer banking platform.
Features of E-Banking
Online banking facilities typically have many features and capabilities in common, but also have some that are application
specific. The common features fall broadly into several categories:
Banks
a. Lesser transaction costs – electronic transactions are the cheapest modes of transaction
b. A reduced margin for human error – since the information is relayed electronically, there is no room for human error
c. Lesser paperwork – digital records reduce paperwork and make the process easier to handle. Also, it is environment-
friendly.
d. Reduced fixed costs – A lesser need for branches which translates into a lower fixed cost.
e. More loyal customers – since e-banking services are customer-friendly, banks experience higher loyalty from its
customers.
Customers
a. Convenience – a customer can access his account and transact from anywhere 24x7x365.
b. Lower cost per transaction – since the customer does not have to visit the branch for every transaction, it saves him
both time and money.
c. No geographical barriers – In traditional banking systems, geographical distances could hamper certain banking
transactions. However, with e-banking, geographical barriers are reduced.
Businesses
a. Account reviews – Business owners and designated staff members can access the accounts quickly using an online
banking interface. This allows them to review the account activity and also ensure the smooth functioning of the account.
b. Better productivity – Electronic banking improves productivity. It allows the automation of regular monthly payments
and a host of other features to enhance the productivity of the business.
c. Lower costs – Usually, costs in banking relationships are based on the resources utilized. If a certain business requires
more assistance with wire transfers, deposits, etc., then the bank charges it higher fees. With online banking, these
expenses are minimized.
d. Lesser errors – Electronic banking helps reduce errors in regular banking transactions. Bad handwriting, mistaken
information, etc. can cause errors which can prove costly. Also, easy review of the account activity enhances the accuracy
of financial transactions.
e. Reduced fraud – Electronic banking provides a digital footprint for all employees who have the right to modify banking
activities. Therefore, the business has better visibility into its transactions making it difficult for any fraudsters to play
mischief.
Security of E-Banking
Security of a customer's financial information is very important, without which online banking could not operate. Similarly the
reputational risks to banks themselves are important. Financial institutions have set up various security processes to reduce the risk
of unauthorized online access to a customer's records, but there is no consistency to the various approaches adopted.
The use of a secure website has been almost universally embraced.
Though single password authentication is still in use, it by itself is not considered secure enough for online banking in some
countries. Basically there are two different security methods in use for online banking:
a. PIN/TAN System
b. Signature based System
The PIN/TAN system where the PIN represents a password, used for the login and TANs representing one-time passwords to
authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online
banking user by postal letter. Another way of using TANs is to generate them by need using a security token. These token
generated TANs depend on the time and a unique secret, stored in the security token (two-factor authentication or 2FA).
More advanced TAN generators also include the transaction data into the TAN generation process after displaying it on their own
screen to allow the user to discover man-in-the-middle attacks carried out by Trojans trying to secretly manipulate the transaction
data in the background of the PC.
Another way to provide TANs to an online banking user is to send the TAN of the current bank transaction to the user's (GSM)
mobile phone via SMS. The SMS text usually quotes the transaction amount and details, the TAN is only valid for a short period
of time. Especially in Germany, Austria and the Netherlands many banks have adopted this "SMS TAN" service.
Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional
encryption needed.
Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation
and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation.
E-banking in India
In India, since 1997, when the ICICI Bank first offered internet banking services, today, most new-generation banks offer the same
to their customers. In fact, all major banks provide e-banking services to their customers.
Popular services under e-banking in India
1. ATMs (Automated Teller Machines)
2. Telephone Banking
3. Electronic Clearing Cards
4. Smart Cards
5. EFT (Electronic Funds Transfer) System
6. ECS (Electronic Clearing Services)
7. Mobile Banking
8. Internet Banking
9. Telebanking
10. Door-step Banking
Further, under Internet banking, the following services are available in India:
Bill payment –
Every bank has a tie-up with different utility companies, service providers, insurance companies, etc. across the country. The banks
use these tie-ups to offer online payment of bills (electricity, telephone, mobile phone, etc.). Also, most banks charge a nominal
one-time registration fee for this service. Further, the customer can create a standing instruction to pay recurring bills automatically
every month.
Funds transfer –
A customer can transfer funds from his account to another with the same bank or even a different bank, anywhere in India. He
needs to log in to his account, specify the payee’s name, account number, his bank, and branch along with the transfer amount.
The transfer is effected within a day or so.
Investing –
Through electronic banking, a customer can open a fixed deposit with the bank online through funds transfer. Further, if a
customer has a demat account and a linked bank account and trading account, he can buy or sell shares online too. Additionally,
some banks allow customers to purchase and redeem mutual fund units from their online platforms as well.
Shopping –
With an e-banking service, a customer can purchase goods or services online and also pay for them using his account. Shopping at
his fingertips.
Digital or Electronic Signature
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital
signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a
known sender (authentication), and that the message was not altered in transit (integrity).
Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution,
financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering.
Digital signatures are often used to implement electronic signatures, which includes any electronic data that carries the intent of a
signature, but not all electronic signatures use digital signatures. In some countries, including the United States, Algeria, Turkey,
India, Brazil, Indonesia, Mexico, Saudi Arabia, Uruguay, Switzerland and the countries of the European Union, electronic
signatures have legal significance.
Digital signatures employ asymmetric cryptography. In many instances they provide a layer of validation and security to messages
sent through a non-secure channel: Properly implemented, a digital signature gives the receiver reason to believe the message was
sent by the claimed sender. Digital seals and signatures are equivalent to handwritten signatures and stamped seals. Digital
signatures are equivalent to traditional handwritten signatures in many respects, but properly implemented digital signatures are
more difficult to forge than the handwritten type. Digital signature schemes, in the sense used here, are cryptographically based,
and must be implemented properly to be effective. Digital signatures can also provide non-repudiation, meaning that the signer
cannot successfully claim they did not sign a message, while also claiming their private key remains secret. Further, some non-
repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid.
Digitally signed messages may be anything representable as a bitstring: examples include electronic mail, contracts, or a message
sent via some other cryptographic protocol.
Definition of Digital Signature
A digital signature scheme typically consists of 3 algorithms;
A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The
algorithm outputs the private key and a corresponding public key.
A signing algorithm that, given a message and a private key, produces a signature.
A signature verifying algorithm that, given the message, public key and signature, either accepts or rejects the
message's claim to authenticity.
Two main properties are required. First, the authenticity of a signature generated from a fixed message and fixed private key can be
verified by using the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for
a party without knowing that party's private key. A digital signature is an authentication mechanism that enables the creator of the
message to attach a code that acts as a signature. The Digital Signature Algorithm (DSA), developed by the National Institute of
Standards and Technology, is one of many examples of a signing algorithm.
History of Digital Signature
In 1976, Whitfield Diffie and Martin Hellman first described the notion of a digital signature scheme, although they only
conjectured that such schemes existed based on functions that are trapdoor one-way permutations. Soon afterwards, Ronald Rivest,
Adi Shamir, and Len Adleman invented the RSA algorithm, which could be used to produce primitive digital signatures (although
only as a proof-of-concept – "plain" RSA signatures are not secure). The first widely marketed software package to offer digital
signature was Lotus Notes 1.0, released in 1989, which used the RSA algorithm.
Other digital signature schemes were soon developed after RSA, the earliest being Lamport signatures, Merkle signatures (also
known as "Merkle trees" or simply "Hash trees"), and Rabin signatures.
In 1988, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to rigorously define the security requirements of
digital signature schemes. They described a hierarchy of attack models for signature schemes, and also presented the GMR
signature scheme, the first that could be proved to prevent even an existential forgery against a chosen message attack which is the
currently accepted security definition for signature schemes. The first such scheme which is not built on trapdoor functions but
rather on a family of function with a much weaker required property of one-way permutation was presented by Moni Naor and
Moti Yung.
Application of Digital Signature
As organizations move away from paper documents with ink signatures or authenticity stamps, digital signatures can provide
added assurances of the evidence to provenance, identity, and status of an electronic document as well as acknowledging informed
consent and approval by a signatory. The United States Government Printing Office (GPO) publishes electronic versions of the
budget, public and private laws, and congressional bills with digital signatures. Universities including Penn State, University of
Chicago, and Stanford are publishing electronic student transcripts with digital signatures.
Reasons for applying a Digital Signature
Below are some common reasons for applying a digital signature to communications:
Authentication
Although messages may often include information about the entity sending a message, that information may not be accurate.
Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to
a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender
authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the
central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly
sent from an authorized source, acting on such a request could be a grave mistake.
Integrity
In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered
during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message
without understanding it. (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if
a message is digitally signed, any change in the message after signature invalidates the signature. Furthermore, there is no efficient
way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be
computationally infeasible by most cryptographic hash functions (see collision resistance).
Non-repudiation
Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of digital signatures. By this property, an
entity that has signed some information cannot at a later time deny having signed it. Similarly, access to the public key only does
not enable a fraudulent party to fake a valid signature.
Note that these authentication, non-repudiation etc. properties rely on the secret key not having been revoked prior to its usage.
Public revocation of a key-pair is a required ability, else leaked secret keys would continue to implicate the claimed owner of the
key-pair. Checking revocation status requires an "online" check; e.g., checking a certificate revocation list or via the Online
Certificate Status Protocol. Very roughly this is analogous to a vendor who receives credit-cards first checking online with the
credit-card issuer to find if a given card has been reported lost or stolen. Of course, with stolen key pairs, the theft is often
discovered only after the secret key's use, e.g., to sign a bogus certificate for espionage purpose.
Regulation of Certifying Authority
As per Section 18 of The Information Technology Act, 2000 provides the required legal sanctity to the digital signatures based on
asymmetric cryptosystems. The digital signatures are now accepted at par with handwritten signatures and the electronic
documents that have been digitally signed are treated at par with paper documents.
The IT Act provides for the Controller of Certifying Authorities(CCA) to license and regulate the working of Certifying
Authorities. The Certifying Authorities (CAs) issue digital signature certificates for electronic authentication of users.
The Controller of Certifying Authorities (CCA) has been appointed by the Central Government under section 17 of the Act for
purposes of the IT Act. The Office of the CCA came into existence on November 1, 2000. It aims at promoting the growth of E-
Commerce and E- Governance through the wide use of digital signatures.
The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority (RCAI) of India under section 18(b)
of the IT Act to digitally sign the public keys of Certifying Authorities (CA) in the country. The RCAI is operated as per the
standards laid down under the Act.
The CCA certifies the public keys of CAs using its own private key, which enables users in the cyberspace to verify that a given
certificate is issued by a licensed CA. For this purpose it operates, the Root Certifying Authority of India(RCAI). The CCA also
maintains the Repository of Digital Certificates, which contains all the certificates issued to the CAs in the country.
E-Commerce -Taxation Issues in India
India's e-commerce market was worth about $3.9 billion in 2009, it went up to $12.6 billion in 2013. In 2013, the e-retail segment
was worth US$2.3 billion. About 70% of India's e-commerce market is travel related. According to Google India, there were 35
million online shoppers in India in 2014 Q1 and is expected to cross 100 million mark by end of year 2016. CAGR vis-à-vis a
global growth rate of 8–10%. Electronics and Apparel are the biggest categories in terms of sales. By 2020, India is expected to
generate $100 billion online retail revenue out of which $35 billion will be through fashion e-commerce. Online apparel sales are
set to grow four times in coming years. Key drivers in Indian e-commerce are:
1. Large percentage of population subscribed to broadband Internet, burgeoning 3G internet users, and a recent
introduction of 4G across the country.
2. Explosive growth of Smartphone users, soon to be world's second largest smartphone per user base.
3. Rising standards of living as result of fast decline in poverty rate.
4. Availability of much wider product range (including long tail and Direct Imports) compared to what is available at
brick and mortar retailers.
5. Competitive prices compared to brick and mortar retail driven by disintermediation and reduced inventory and real
estate costs.
6. Increased usage of online classified sites, with more consumer buying and selling second-hand goods.
7. Evolution of Million-Dollar startups like Jabong.com, Makemytrip, Flipkart etc.
India's retail market is estimated at $470 billion in 2011 and is expected to grow to $675 billion by 2016 and $850 billion by 2020,
– estimated CAGR of 10%. According to Forrester, the e-commerce market in India saw the fastest growth within the Asia-Pacific
Region at a CAGR of over 57% between 2012–13.
As per "India Goes Digital" a report by Avendus Capital, a leading Indian investment bank specializing in digital media and
technology sector, the Indian e-commerce market is estimated at Rs 28,500 Crore ($6.3 billion) for the year 2011. Online travel
constitutes a sizable portion (87%) of this market today. Online travel market in India is expected to grow at a rate of 22% over the
next 4 years and reach Rs 54,800 crore ($12.2 billion) in size by 2015. Indian e-tailing industry is estimated at Rs 3,600 crore
(US$800 million) in 2011 and estimated to grow to Rs 53,000 crore ($11.8 billion) in 2015.
New sector in e-commerce is online medicine. Company like Reckwing-India, Buyonkart, Healthkart already selling
complementary and alternative medicine whereas NetMed has started selling prescription medicine online after raising fund from
GIC and Stead view capital citing there are no dedicated online pharmacy laws in India and it is permissible to sell prescription
medicine online with a legitimate license. Online sales of luxury products like jewellery has also increased over the years. Most of
the retail brands have also started entering into the market and they expect at least 20% sales through online in next 2–3 years.
In order to achieve this stupendous growth we see the following factors as the major reason to act as the growth catalyst.
New e-commerce guidelines liberalize FDI regulations
The government has allowed 100% foreign direct investment (FDI) in online retail of goods and services under the so-called
“marketplace model” through the automatic route, seeking to legitimize existing businesses of e-commerce companies operating in
India. It also notified new rules which could potentially end the discount wars, much to the disappointment of consumers. This is
because the rules now prohibit marketplaces from offering discounts and capping total sales originating from a group company or
one vendor at 25%. This could, however, level the playing field with offline stores, which have witnessed a slump in footfalls
corresponding to the increase in e-commerce. So far, India has allowed 100% foreign investment in business-to-business (B2B) e-
commerce but none in retail e-commerce—i.e., business-to-consumer, or B2C. Even so, Indian e-commerce companies such as
Flipkart and Snapdeal have been following the marketplace model—which was not defined—and attracting large foreign
investments. Marketplaces essentially act as a platform connecting sellers and buyers. According to the press note issued by the
department of industrial policy and promotion (DIPP), a marketplace model is an information technology platform run by an e-
commerce entity on a digital and electronic network to act as a facilitator between buyer and seller. However, DIPP has prohibited
FDI in e-commerce companies that own inventories of goods and services and sell directly to consumers using online platforms.
The marketplace e-commerce companies will be allowed to provide support services to sellers on their platform such as
warehousing, logistics, order fulfilment, call centre and payment collection.
Tax regime for e-commerce and the key challenges
In case of Indian e-tailers who are running their operations from within the shores of India the tax implications are very
straightforward and as applicable to normal business houses. However, there has always been a dispute on the taxability aspect of
non-residents carrying out such businesses in India. As per Indian taxation structure the basis of tax in India has been resident
based taxation while in other countries the taxation basis has been source basis. This has resulted into countries encroaching upon
each other’s territory to tax the assesse. However with e-commerce transactions the need for a physical presence virtually ceases,
which further creates problems in the enforcement of tax laws. Accordingly, in 2001, Central Board of Direct Taxes constituted a
High Powered Committee (HPC) to contemplate the need of a separate tax regime for e-commerce transactions. The report
submitted by the HPC took into consideration the principles laid down by the Organisation for Economic Co-operation and
Development (OECD) for taxation of e-commerce transactions. According to the press note issued by the department of industrial
policy and promotion (DIPP), a marketplace model is an information technology platform run by an e-commerce entity on a digital
and electronic network to act as a facilitator between buyer and seller.
Direct tax
While non-residents employ several business models and mechanisms to carry out their e-commerce business in the country, issues
about the taxability of income and the subsequent litigations are primarily on account of the following reasons:
1. Characterization of income in the hands of the non-resident –
In accordance with Sec 9 of the Income Tax Act, 1961 the taxation depends upon the residential status of the person. In case of
royalty and professional services the person is taxable for any income accrued or arisen in India without any linking to the PE
within India. However for business income the person taxable ought to have a permanent establishment within India. In the current
scenario it is seen in many instances that the taxmen want to tax the business income (without any PE) under the head of royalty
thereby creating artificial demands.
1. Issues surrounding PE –
On the PE front, there have been issues around whether a website in India constitutes a PE for a non-resident and whether certain
activities performed by an agent in India constitute a dependent agent PE.
1. Applicable withholding tax rates on payments made to resident e-commerce/internet companies –
There has been litigation on the applicable withholding tax rates on payments to resident e-commerce companies for activities such
as e-cataloging, warehousing, logistics and payment gateways. – Sec 194C which provides for 2% v. Sec 194J which provides for
a 10% rate.
In the Finance Act, 2016 the government has levied an equalization levy of 6% on payments exceeding INR 1 lakh a year made to
foreign e-commerce companies as consideration for online advertisement. Through this move, the Government aims to tap the
income accruing to foreign e-commerce companies in India.
Indirect tax
The indirect tax laws in India have been more of a hindrance than a driver for growth for the e-commerce sector, mainly because
of the following issues:
1. In the case of internet-based transactions, determining the jurisdiction of VAT becomes an issue in the absence of
information regarding the physical presence of entities/goods.
2. There is tax leakage on account of service tax paid on listing fees by vendors to portal owners, which is non-creditable
against VAT payable on sales made by vendors.
3. The classic sale vs. service controversy is affecting e-tailers, who end up with VAT/ CST demands in various states
involved in the supply chain.
4. The unique and varied business models in this sector make it difficult to define a broad base for tax positions —for
example, the implications on prepaid sale could be different from those on COD sale.
5. E-tailers are also seeing increasing litigation on account of entry tax and octroi being demanded/ collected on the
movement of goods.
6. Various states are amending their respective VAT laws to provide for taxing of e-commerce transactions.
GST which is expected to be implemented soon, would replace the current indirect tax regime and is expected to rid the e-
commerce sector of the issues plaguing it. If the state of consumption gets the tax, it will eliminate all issues being raised by
origination states. However, the state demanding or getting full tax earlier will lose its revenue as the consuming states will earn
all the tax revenues.
List of references
Sr.No Details
1 Nandan Kamath - Law Relating to Computer - Internet and E-Commerce
2 S.K. Verma & Raman Mital - Legal Dimensions of Cyber Space
3 Rahul Mahathan - The Law relating to Computer and Internet
4 Justice Yatindra Singh - Cyber Laws
Disclaimer: This subject content as provided under AIR Online Education Support Suite is only Study (Reference) Material for
supplementing your Academic Classroom (Text Book) Learning. These are not Text Books on the Law Subjects.
Cyber Crime
The term ‘‘Cyber Crime” means the vulnerability of any computing system, software program, or critical infrastructure to, or their
ability to resist, intentional interference, compromise, or incapacitation through the misuse of, or by unauthorized means of, the
Internet, public or private telecommunications systems.
Cyber crime is the latest and perhaps the most complicated problem in the cyber world. “Cyber crime may be said to be those
species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct
constituting crime”
“Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes
within the ambit of cyber crime”
A generalized definition of cyber crime may be “unlawful acts wherein the computer is either a tool or target or both”. The
computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online
gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be
target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of
information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet
time thefts, web jacking, theft of computer system, physically damaging the computer system.
Reasons for Cyber Crime
Hart in his work “The Concept of Law” has said ‘human beings are vulnerable so rule of law is required to protect them’. Applying
this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against
cyber crime. The reasons for the vulnerability of computers may be said to be:
Capacity to store data in comparatively small space
The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either
through physical or virtual medium makes it much easier.
Easy to access
The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not
due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes,
advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many
a security system.
Complex
The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is
fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and
penetrate into the computer system.
Negligence
Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system
there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.
Loss of evidence
Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside
the territorial extent also paralyses this system of crime investigation.
Cyber Criminals
The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have
in their mind. The following are the category of cyber criminals-
Children and adolescents between the age group of 6 – 18 years
The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and
explore the things. Other cognate reason may be to prove them to be outstanding amongst other children in their group. Further
the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his
friends.
Organised hackers
These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias,
fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian
government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always
under attack by the hackers.
Professional hackers / crackers
Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get
credible, reliable and valuable information. Further they are ven employed to crack the system of the employer basically as a
measure to make it safer by detecting the loopholes.
Discontented employees
This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge
they normally hack the system of their employee.
Cyber security is important to individuals because they need to guard against identity theft.
Businesses also have a need for this security because they need to protect their trade secrets, proprietary information,
and customer’s personal information.
The government also has the need to secure their information. This is particularly critical since some terrorism
Example
The personal details of 4.5 million people have been stolen from a recruitment website in Britain's biggest case of cyber theft.
Hackers accessed the confidential information of job seekers registered with Monster.co.uk and now hold electronic copies of their
user names, passwords, telephone numbers and email addresses. Information such as birth dates, gender and ethnicity was also
taken, along with 'basic demographic data'. The victims are mainly professionals. Monster.co.uk has posted a message on the site
advising all customers to change their passwords immediately.
Cyber Pornography
This is one of the most heinous types of crime, through this crime obscene image, lascivious message are being broadcasted &
promoted through internet. Morphing Techniques is used extensively in matter related to pornography
Example
A boy to take revenge from his friend & teacher fabricated the original photograph with some unwarranted porno images &
published it on the website. On further investigation by the police it was found that the photograph was a morphed one. It is
expected that there are approximately 42,00,000 website’s which promote pornography through internet.
Cyber Vandalism
In this type of cyber crime the computer is used as a weapon to tarnish or spoil the image of an individual organization by putting
some slandering remark through Social Networking Website like Orkut, Facebook…
Use of Social Networking
Example
In a recent case in Pune a girls profile was tarnished on a famous social network site “Orkut”. On further investigation by the
police it was revealed that the profile was put by the victim’s best friend. The reason for tarnishing the image was that both girls
were in love with the same boy & therefore to break up her relationship the girl’s best friend did it, such as the boy could develop a
negative attitude toward his girl friend & therefore she will get a chance to marry the boy. Under similar circumstances Cyber
Vandalism took place when Maharashtra Supreme patriot “Shivaji Maharaj” image was tarnished on Orkut.
Cyber Stalking
This type of crime involves harassment mail being sent to the victim, it also involves recording of the chat in unauthorized manner
which is then used against the victim for extracting money etc. This crime is related with chatting, sending threatening emails,
defamatory mails (i.e. spoiling tarnishing image or reputation of victim).
Example
A 44 year old ‘Publishing Executive’ named Claire Miller was harassed by strangers who were responding to verging-on-
pornographic promises someone had made in her name online. These postings included her home address and telephone number.
Cyber Laundering
In this type of crime, emails are sent to the victim making them believe that they have won lottery or some n-million dollars,
receiving emails by the victims that their ancestral property is deposited in some certain bank etc.
Example
In Jalgoan a doctor received email that he has won approximately Rs 7 crores in a lottery. The doctor thinking that it is genuine
mail replied to the fake lottery agency, who in turn asked personal details of the doctor for transfer the money to the doctor’s
account. The doctor sent all the relevant personal details and the fake lottery agency replied him that if he would pay advance
money to them, then they would remit the amount in to the doctors account. The doctor paid almost Rs 22 lakhs finally realizing
that he is duped by the lottery agency
Cyber Terrorism
In this type of cyber crime computer is used to facilitate unlawful activity to perform terrorist activity. In the internet world
terrorist use code word such as Honey for selling & buying of guns, weapons etc. There are websites which promotes terrorist
activity such as, how to make CO2 bomb, planting attack against nation etc. A recent survey by FBI said that there are
approximately 50,000 websites which promote terrorism.
Example
A terrorist sends an email message to a Senator stating that 50 anonymous letters have been sent to the office, each containing
large amount of anthrax.
Cyber Trespassing
This kind of offence is normally referred as hacking in the generic sense. It means following a victim online or offline by the
accused with the help of technology. It is also mean “unauthorised access “if any accused used the machine of victim which is
authorised in the name of victim.
Cyber trespassing can be done in two ways
1. Remote: It can get attack through emails.
2. Physical: It can get through unauthorized access of machine.
Example
A Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam
installed in the computer obtained her nude photographs. He further harassed this lady.
Cyber Contraband
This type of crime is done by transferring illegal items through internet (i.e. in encryption technology). Any illegal buying or
selling done online. The transaction done is stored in the MERCHANT SERVER. MERCHANT SERVER is a bank.
Example
In the internet world terrorist use code word such as Honey for selling & buying of guns, weapons etc.
1. Email Frauds
Email frauds are very often used to commit financial crimes. It becomes a simple thing not just to assume someone else's identity
but also to hide one's own. The person committing the crime understands that there is very little chance of his actually being
identified.
2. Email spoofing
A spoofed email is one that appears to originate from one source but has actually emerged from another source. Falsifying the
name and email address of the originator of the email usually does email spoofing.
Certain web-based email services like www.SendFakeMail.com, offer a facility wherein in addition to the above, a sender can also
enter the email address of the purported sender of the email.
3. Spreading Trojans, viruses and worms
Emails are often the fastest and easiest ways to propagate malicious code over the Internet. The Love Bug virus, for instance,
reached millions of computers within 36 hours of its release from the Philippines thanks to email. Hackers often bind Trojans,
viruses, worms and other computer contaminants with e-greeting cards and then email them to unsuspecting persons. Such
contaminants can also be bound with software that appears to be an anti-virus patch.
4. Email bombing
Email bombing refers to sending a large amount of emails to the victim resulting in the victim's email account or servers crashing.
A simple way of achieving this would be to subscribe the victim's email address to a large number of mailing lists. There are
several hacking tools available to automate the process of email bombing. These tools send multiple emails from many different
email servers, which make it very difficult, for the victim to protect himself.
5. Threatening emails
Email is a useful tool for technology savvy criminals thanks to the relative anonymity offered by it. It becomes fairly easy for
anyone with even a basic knowledge of computers to become a blackmailer by threatening someone via e-mail.
6. Defamatory emails
As has been discussed earlier cyber-defamation or even cyber-slander as it is called can prove to be very harmful and even fatal to
the people who have been made its victims.
Trace email -- who sent you that email?
"Who sent you that email and where are they located?"
Is it possible to find the origin of an email? Yes, it is!
Some of the Examples of Email Headers are:Hint: Full Headers show the entire path an email traveled from the author's computer
to yours. When we track an email, we work back down the path to the author's computer. Without the Full Headers, it's
impossible to report Spam or Scam email since the Brief Headers (just the From, To, Date, and Subject) don't provide any
information that can be used to find out where the malicious email is coming from. Email services hide the access to the Full
Headers in all sorts of interesting places, including in plain sight! Be sure to look around your email program window, in both
Closed Letter View and Open Letter View, for the words "View Details" or "View Headers" or any combination using the above
names for the full path.
To expose the full message header, click "Options" on the Hotmail Navigation Bar on the left side of the
2. Hot Mail
page. On the Options page, click "Preferences." Scroll down to "Message Headers" and select "Full."
Open the message and select View, then Options from the drop-down menus. Near the bottom of the
Outlook 98 and
3. screen you'll see a section titled INTERNET HEADERS. You can copy the headers and paste them into
Outlook 2000
an email elsewhere to get them to the proper people.
1. Select Options from the top MSN Hotmail navigation bar.
2. Make sure the Mail category is selected.
3. Choose Mail Display Settings.
4. MSN Hotmail 4. Set Message Headers to Full.
5. Click OK.
6. Now you can go back to the MSN Hotmail Inbox (or any folder) to open a message with full
headers.
There's an even easier solution to expanding Microsoft's Outlook Express headers so that you can copy
and paste it to another window. You need to be viewing the message in its own window or in a preview
pane, then:
1. Right click on the message and select Properties.
2. Choose the Details tab and select the Message Source Button.
3. Select All (CTRL + A) and Copy (CTRL + C).
4. Close the Message Source window and the Properties window.
5. Select New Mail and position your cursor in the body of the email.
6. Paste (CTRL + V) the copied information.
If you have disabled the preview pane.
Using the keyboard:
MS Outlook
5. Express 4, 5 and 1. Highlight the message in the folder
6 for Windows 2. Press alt & enter - this will open a message information window
3. Press Ctrl & Tab - this changes to the "Details" tab
4. Press Alt & M - the opens the message source
5. Press Ctrl & A - to select all the text
6. Press Ctrl & C - to copy the selected text to the clipboard
7. Press Alt & F4 - to close the message source window
8. Press the Esc key - to close the information window
9. Now, open a new message.
Address the message to the WHOA ISA who is working with you or to the abuse department to whom
you wish to report the message. Move your cursor to the body of the new message. Press Ctrl & V to
paste the information from the clipboard to the body of the new message
Outlook Express Select the email. From the View menu, choose Source. A new window will appear containing the email
6.
for Macintosh with full headers. Press Ctrl + A to select all, then Ctrl +C to copy.
1. Left click on the letter you want to open and click on properties
2. When that opens click on the details tab
Outlook Web 3. Then on message source
7.
Access
4. This will open the email so the full headers will be available for viewing
5. Select and copy the text. Paste into a new message.
Disposal
The process of disposal essentially consists of tossing the media in a dumpster with no attempt to hinder or prevent the recovery of
data. This also includes the reuse of disks, tape, or memory without taking steps to protect information that may have been stored
during previous operational use. It’s acceptable to follow a simple disposal process when the data stored on the media is classified
as “public”. In other words, the release of the information will not cause harm to the organization, its employees, its shareholders,
or its customers.
Clearing
Clearing requires taking steps to prevent the recovery of data through a keyboard attack. As we’ve seen, this requires more than
deleting files. At least a single overwrite of the writable areas of the media must be completed. A single overwrite significantly
increases the effort, or work factor, required to recover information. Not only does the attacker need physical access to the media,
but recovery requires the use of lab-based tools. Clearing is acceptable when release of the information stored would cause only
moderate harm to the organization, its employees, its shareholders, or its customers.
Purging
Purging is necessary when the compromise of the information stored on the media will result in serious--and possibly
irrecoverable--harm to the organization, its employees, its shareholders, or its customers. Data is overwritten enough times to
increase the work factor of lab-attack attempts to a level that exceeds the data’s value to the attacker. Ideally, all remanent data is
removed.
Destroying
Purging is a good way to retain media you wish to reuse. However, the best process for ensuring the irretrievability of highly
sensitive data is to destroy the media. During the destruction process, media is reduced to a state in which both keyboard and lab
attack attempts are impossible.
Again, the process you select depends on the sensitivity of your information and the potential impact on your business if the
information is compromised. With these basic
Processes in mind, let’s look at specific approaches to sanitizing magnetic, optical, and semiconductor storage.
Magnetic Media
Clearing magnetic storage is a simple matter of writing a single character to all writable areas of a disk or tape. This prevents the
use of easily obtainable utilities to recover deleted files. Purging is not so easy.
Purging requires that all usable remnants of any data ever stored on the tape or disk is irretrievable. Earlier in this paper, we
looked at Gutmann’s assertion that successful data retrieval grows less probable the more times it’s overwritten. Further,
recovering information is made possible by calculating variances in voltage levels detected by the read head.
Effective purging, using an overwrite technique, consists of two factors. First, the data must be overwritten a sufficient number of
times to make recovery very difficult, if not impossible. Second, the overwrite cycles must use alternating 1’s and 0’s. For
example, if we wrote all 0’s to all writable areas on a tape during the first overwrite pass, we would write all 1’s on the second
pass. However, there is a problem with this approach.
Certain disk technologies will not write a large number of contiguous 0’s or 1’s. Why is outside the scope of this paper. What is
important to understand is that the tool you use must take this into account. The best approach is alternating bit sequences that
result in writing the complement of the bit written during the previous write cycle. The following table lists possible bit sequences
that meet the necessary criteria for magnetic storage purging.
This series of patterns meets the Department of Defence general standard for purging magnetic media which is:
1. write a single pattern
2. write its complement
3. write another pattern
The actual number of these overwrites cycles necessary for tape or disk depends on the storage media and its sensitivity
Degaussing is another way to purge magnetic media by erasing all data ever stored on a tape or disk. Degassers use a
electromagnetic field to destroy magnetic imprints on media. The degasser used depends on the media processed. Various
magnetic fields strength levels are required, depending on the media types. Also, degassers must be serviced regularly to ensure
they continue to produce the expected field strength. Degaussing isn’t always the best approach when you want to reuse the erased
media. Exposing certain types of tapes and hard drives to a strong magnetic field will render them useless. Be sure to check with
the media manufacturer.
Finally, magnetic media you don’t plan to reuse can be destroyed. Acceptable destruction methods include pulverizing, smelting,
incineration, and shredding.
Optical Disks
If clearing is your objective, overwriting re-writable optical disks might be acceptable. But again, there is no proven method for
purging them. Further, overwriting is impossible for clearing or purging other types of optical media. When dealing with highly
sensitive information stored on optical disks, destruction is your best option.
In addition to the destruction options listed above for magnetic media, you might also apply an abrasive substance (i.e., an emery
wheel or sander) to the recording surface. There are products available that allow you to feed stacks of optical disks into a device
that makes this approach quick and relatively easy.
Memory
Preventing semiconductor data remanence begins before the storage media is ever used. Guttmann recommends the following
steps to reduce the potential threats posed by semiconductor data remanence
Don’t store cryto-keys in the same RAM location for long periods. Occasionally move them to different locations and
clear the original location.
Cycle EEPROM/flash cells 10 to 100 times with random data before writing anything sensitive to them to eliminate
any noticeable remanence effects arising from the use of fresh cells.
Don’t assume that a key held in RAM in a piece of crypto hardware is destroyed when the RAM is cleared. The
circuitry might carry an after-image of the key.
Remember that some non-volatile memory devices are a little too intelligent, and may leave copies of sensitive data
in mapped-out memory blocks after the active copy is erased.
Overwriting all memory cells is an acceptable method to clear semiconductor memory. However, destruction or degaussing might
be the only processes your organization find acceptable for purging. Again, it depends on the media and the purging tools used.
The destruction techniques listed for magnetic media also apply to memory devices.
Computer Forensics
Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.
Computer forensics, also called cyber forensics, is the application of computer investigation and analysis techniques to
gather evidence suitable for presentation in a court of law. The goal of computer forensic is to perform a structured investigation
while maintaining a documented chain of find out exactly what happened on a computer and who was responsible for it.
Computer forensics experts investigate data storage devices, such as hard drives, USB Drives, CD-ROMs, floppy disks, tape
drives, etc., identifying sources of documentary or other digital evidence, preserving and analyzing evidence, and presenting
findings. Computer forensics adheres to standards of evidence admissible in a court of law.
Introduction to Computer Forensics
Computer forensics is the art of finding the evidence which is valid in legal terms. Also there are standards that need be followed
to acquire the evidence. Computer crime is increasing at an alarming rate and the procedures that are required for curbing the
crime are not sufficient to have a counter effect. Hence there are introduction of new laws to deal with the computer crime and
related issues.
The major reasons for criminal activity in computers are:
1. Unauthorized use of computers mainly stealing a username and password.
2. Accessing the victim’s computer via the internet.
3. Releasing a malicious computer program that is virus.
4. Harassment and stalking in cyberspace.
5. E-mail Fraud.
6. Theft of company documents.
Importance of Computer Forensics
Adding the ability to practice sound computer forensics will help you ensure the overall integrity and survivability of your network
infrastructure. You can help your organization if you consider computer forensics as a new basic element in what is known as a
“defense – in- depth” approach to network and computer security. For instance understanding the legal and technical aspects of
computer forensics will help you capture vital information if your network is compromised and will help you prosecute the case if
the intruder is caught.
The basics things that are required for a computer forensics professional includes the proper understanding of the computer
hardware and software, understanding of the ethics and legalities, a thorough knowledge of computer operating system as well as
the file system. The first thing the computer forensics professional must do when a case is handed over to him or his team is
detailed case study.
Computer Forensics is a relatively new field in computer science and is still undergoing a process of evolution and definition. In
general computer forensics is related to evidence from or about computers that is destined for use in court, although it is also used
to describe the use of computers to analyze complex data. In this paper computer forensics is limited to a post-incident scenario
where investigators have been called in to gather evidence for use in legal proceedings.
Forensic investigations typically consist of two phases. The first phase, known as the exploratory phase, is an attempt by the
investigator to identify the nature of the problem at hand and to define what s/he thinks transpired at the scene of the incident. For
example, in a hacker case the investigator may need to pinpoint the source of the break in. In a corporation with hundreds of
computers and thousands of entry points this may well be a daunting task.
Once the investigator has determined what thinks took place the induction ends and the deduction, i.e. the evidence phase, begins.
The evidence phase revolves around the accumulation of proof admissible in court that deductively proves the conclusion of the
forensic investigator made by way of induction. The exploratory phase of the investigation tests the investigator’s ability to detect
patterns in what may appear to be a chaotic scenario. Each scenario consists of recurring patterns that define a commonly
occurring “normal” sequence of events, like users following their usual
Patterns of computer/network usage, backups, taking place according to their per-determined schedule. The patterns that form this
“normal” sequences of events when identified, allow the investigator to visualize any disruption or anomalous events that may
have taken place. The solution too many cases lie in these anomalous occurrences that should be marked for careful security at a
later date.
Electronic evidence considerations
Electronic evidence can be collected from a variety of sources. Within a company’s network, evidence will be found in any form of
technology that can be used to transmit or store data. Evidence should be collected through three parts of an offender’s
network: at the workstation of the offender, on the server accessed by the offender, and on the network that connects the both.
Investigators can therefore use three different sources to confirm the data’s origin.
Role of Computer Forensic
The Role of computer forensics techniques is to search, preserve and analyze information on computer systems to find potential
evidence for a trial. Many of the techniques detectives use in crime scene investigations have digital counterparts, but there are
also some unique aspects to computer investigations.
For example, just opening a computer file changes the file -- the computer records the time and date it was accessed on the file
itself. If detectives seize a computer and then start opening files, there's no way to tell for sure that they didn't change anything.
Lawyers can contest the validity of the evidence when the case goes to court.
All work will be done as per computer forensic techniques
Computer forensics including forensic analysis of all file systems
Training in detection and analysis of digital evidence Intellectual property theft investigations/ Source code theft
investigations
Onsite search & acquisition of digital/electronic evidence and custody Filtration and consolidation of data including
emails and files
Expert witness service Computer security, hacker tracking and in-house protection
Computer Forensic Audits to comply with the Sarbannes Oxley Act or as a part of Information Security Audits
Fraud Investigations
If the process of such collection, recovery and analysis is not undertaken properly, the evidence may be rejected in the Court of
law as not satisfying the conditions of Section 65B of the Indian Evidence Act.
In the evolution of the Indian challenge to Cyber Crimes, it may be said that during the last three years, Police in different parts of
the Country have been exposed to the reality of Cyber Crimes and more and more cases are being registered for investigation.
However, if the Law enforcement does not focus on the technical aspects of evidence collection and management, they will soon
find that they will be unable to prove any electronic document in a Court of Law.
List of references
Sr.No Details
1 Nandan Kamath - Law Relating to Computer - Internet and E-Commerce
2 S.K. Verma & Raman Mital - Legal Dimensions of Cyber Space
3 Rahul Mahathan - The Law relating to Computer and Internet
4 Justice Yatindra Singh - Cyber Laws
Disclaimer: This subject content as provided under AIR Online Education Support Suite is only Study (Reference) Material for
supplementing your Academic Classroom (Text Book) Learning. These are not Text Books on the Law Subjects.
Copyright Law
Trademark Law
Semiconductor Law
Patent Law
Data protection and privacy laws aim to achieve a fair balance between the piracy rights of an individual and the interests of data
controllers such as Banks, Hospitals, Electronic mail Service providers etc.
The Indian Penal Code (I.P.C) (as amended by I.T Act) penalizes several cyber-crimes. These include forgery of electronic
records, cyber frauds, destroying electronic evidence etc.
Digital evidence is to be collected and proven in the Court of Law as per the provisions of the Indian Evidence Act (as amended by
the I.T. Act 2000).
Every new invention in the field of technology experiences a variety of threats. Internet is one such a major threat which has
captured the physical market place and has converted into a virtual market place. The need of the hour is to initiate stringent
strategies in order to design and implement a secure cyberspace and protect copyright owners from the clutches of the wrongdoers.
As of now, copyright has been adopted to protect internet items. It protects original work or work that is fixed in a tangible
medium that means it is written, typed or recorded. Since it is not designed for internet, copyright law regarding internet is not
much clear and transparent.
Now as the technology develops, it creates new means to f ix the original expression in a tangible form and it also develops new
ways of being exploited in infringing the copyrights with impunity. Even some of the internet activities, like caching, browsing,
mirroring, scanning, downloading, uploading, or file swapping are an anathema to a purist.
These internet activities results in:
1. Transmission of information from one computer system or network to another, involving temporary storage of such
information.
2. An unauthorized storage of such information a violation of copyright owner’s exclusive right to make copies, i.e., to
reproduce the copyrighted work.
3. A violation of the copyright owner’s exclusive distribution right.
4. An appearance of a copyright image in a web browser infringing the copyright owner’s public display right.
5. An infringement of the copyright owner’s exclusive right to prepare derivative works.
The nature and characteristic of internet activities is such that there will certainly be infringements to the exclusive statutory rights
of a copyright owner.
Cyberspace is a virtual world, which technically exists only in computer memory, but it is interactive and pulsing with life. In fact,
cyberspace is a living organism which changes frequently because of constant downloading and uploading information that is fed
and also large number of people frequenting this medium. Cyberspace is linked to copyright in the sense, a person can come on the
sight and talk to the people of various locations, read, publish, research, hear music, watch video, look at art, purchase and sell
things, access to government documents, send e-mails, download software and receive technical support. Now, on the internet,
copyright faces its greatest challenge. The beauty of digital media is that there is no degradation in successive copying. The other
important factor about digital media is the case of transmission and multiple uses. The internet poses two basic challenges for
I.P.R administrator, what to administer? How to administer? Copyright is not meant to grant to its holder’s exclusive control of
their works, rather it is a very specific bundle of rights designed to foster creativity for the public interest.
Copyright violations have become rampant since the advent of cyberspace and the development of related information
technologies. Copyright threats are not limited to few blockbusters but are rampant in cyberspace, affecting a range of digital
products. Moreover, flagrant violation of copyrights is a just a tip of the iceberg of a much services problems of Intellectual
Property Rights (I.P.R) threats in the internet. The advent and growth of internet has resulted in the creation of an unruly and
anarchic space called the cyberspace, which poses extremely serious threats to copyrights. To control dissemination and copying
of works, copyright owners have been developing technological protection measures like E.C.M.S (Electronic Copyright
Management System).
Section 14 of Copyright Act makes it illegal the distribution of copies of copyrighted software without paper or
specific authorization.
The violator can be tried under both the Civil and Criminal Law
Section 63(B)-Stipulates a minimum full term of 7 days, which can be extended up to 3 years
A. Copying of code
The modern Copyright Act not only recognizes the creative, literary or musical works for the individual authors, but also provides
an effective legal framework for protecting the rights of the owners of Computer software. Section 2 (o) of the Copyright Act
states that literary work includes “computer programmes, tables and compilations including computer databases”. Computer
programme has been defined under Section 2 (ffc) of the Copyright Act, 1957 as “a set of instructions expressed in words, codes,
schemes or in any form, including a machine readable medium, capable of causing a computer to perform a particular task or
achieve a particular result.”
In India, the copyright for software lasts for the life of the author, plus sixty years, after the expiry of such period the work comes
into public domain. In case of pseudonymous or anonymous work and work by public undertakings, the copyright lasts for sixty
years from the date of publication.
Any “work” including “literary work” must be presented in some tangible form, either in print or writing. Ideas which cannot be
presented in some tangible medium cannot be protected under the Copyright Act. Computer software may be reproduced or
presented in programme manuals, punched cards, magnetic tapes, discs, papers, etc and thus provides an effective tangible
medium to get copyright protection. But the moment copies of the software are made and marketed, it becomes goods, which are
susceptible to sales tax. Further, both the source code and the object code of computer software can be copyrighted.
The general rules of copyright states that ideas cannot have copyright protection, but what is protected is the expression of the
idea. However, the expression of the idea, which is nothing but a literal imitation of a prior work with minor changes here and
there, will constitute violation of copyright law. Copyright law protects not only literal copying of the source code but copying the
non-literal elements in software like the “structure, sequence and organization”. In determining whether the two softwares are
substantial in nature, Courts in US, have applied the “abstraction-filtration-comparison test”. In this test, the Courts in the first
stage the Court will break down the program into smaller parts and identify similarities in it, starting from the source code and
moving towards program’s ultimate function. In the second stage, the Court will filter out the parts which are already in public
domain, or which are industry standards, or which dictated by efficiency (best way of doing the task) or external factors like API,
programming standards. In the third part, the Court determines the level of similarities between the two programs, if any and
importance of the copied part in comparison with the entire program. However, if the code relates of “method of operation”, a text
which helps people to describe how to operate the program, for example similar command menus in a program; it cannot be
protected under copyright law.
The rights conferred under S. 14 of the Copyright Act, are basically economic rights of the owner to exploit his creation himself or
may assign licenses to other for such economic benefits. The Copyright Act grants a copyright holder exclusive right in respect of
a work or a substantial part of it to reproduce, issue copies, perform or communicate, translate, adaptation, sell or give or rental any
computer programme.
Copyright infringement of computer programmes, popularly known as software piracy is highly prevalent in India. If any person
without the permission of the copyright owner or exceeding the terms of the license granted publish, sell, distribute a software, the
owner can file for suit for infringement. Both civil and criminal remedies are available under the Copyright Act (as discussed in
earlier chapter). A person can claim damages, injunctions, accounts of profits and other remedies conferred under the law for
copyright infringement. A person who knowingly infringes or abets the infringement of copyright in a work shall be punishable
with minimum imprisonment of six months and may extend to three years and with fine of minimum of fifty thousand rupees and
may extend to two lakh rupees. The Act also provides for enhanced punishment in case of second or subsequent offence of
copyright infringement.
The Indian judiciary is recently being very proactive and strict about cyber piracy. Recently, the Delhi High Court has granted
John Doe orders, or injunction order against prospective unknown offenders to prevent copyright violations of movies like Speedy
Singhs, Singham, Don 2 and Bodyguard before its release. The John Doe order resulted in blocking of various file sharing
websites like Megaupload, Filesonic by the Internet Access Providers (IAPs). The Calcutta High Court granted an order to the
Internet Service Providers to block various websites offering pirated music. Software owners may seek for John Doe orders to
prevent software piracy through internet in a similar fashion.
Database
Databases in an elementary sense are nothing but an arrangement of arrays of information in a tabular manner. A computer
database can be of two types – containing only raw data and a database which is complex software that stores raw data, process the
data and disseminate the information in a desirable format. Databases are generally protected as literary work, and Indian
copyright law specifically recognizes computer databases. Database includes mailing lists, telephone directories, etc in which can
be produced in either electronic or in traditional paper format. Database protections are generally granted not because they are
creative or innovative, but to recognize the labour invested in creation of the database. Creation and development of a successful
commercial database involves investment of huge sum of money and time.
However, not all databases are protected under the law, only those databases which feature some degree of originality in
compilation of the facts are protected. The data which is stored inside the database, may or may not have separate copyright
protection. Moreover, copyright protection granted to a database, does not automatically grants copyright to the data inside it. For
example, an array of phone numbers may not have copyright protection, however a compilation of skilfully arranged number may
be copyright protected, but not the numbers itself. The US Supreme Court, in Rural Telephone v. Feist laid down a three prong test
to decide whether the compilation is original or not, firstly, there must be a collection of “pre-existing materials or data”, secondly
the data must be “selected, coordinated, or arranged” in a particular way and thirdly the resultant work as a whole “constitutes an
original work of authorship”.
In India, most of the Courts have trended to follow the principle of “sweat of the brow”. In Burlington Home Shopping Pvt Ltd v.
Rajnish Chibber, Delhi High Courtheld that as the compilation of mailing addresses of customer requires lot of money, time,
labour and skills, and even though such information is available in the public domain and no uniqueness in arrangement of the
data, such compilation would meet the requirement of “literary work” under Copyright Act. However, in another case Eastern
Book Company v. Desai [AIR 2008 SC 809], the Delhi High Court have stated, referring to the Feist case, that there must some
“modicum of creativity” in arrangement and compilation of the information to meet the criteria of originality and to avail copyright
protection. In this case, the Court held that mere correction of typographical errors, addition of quotations does not meet the
threshold of originality to be protected under laws of copyright. In Himalaya Drug Company v. Sumit, the Delhi High Court,
granted permanent injunction and punitive damages against the respondent who copied an online database of the plaintiff
consisting of information on herbs and its cure.
Websites
The design, images, content, source code and illustration used in a website are individually protected under copyright laws.
However, certain elements of the website which are functional in nature and the overall layout may be difficult to be protected
under either copyright or trademark law. The remedy for protection of website layout can be availed under trade dress protection.
Trade dress law protects the “look and feel” of the website including interactive elements and overall representation of the website,
if the representations are highly intuitive for the users.
For protecting your website, you might consider following these steps:
1. Though there is no specific need to apply for copyright of the website or to give a public notice of copyright, it is
advisable to give a copyright notice at the bottom of the website.
2. Have a detailed “Terms of use” in the website, which states under what circumstances the material from the website can
be used
3. Watermarking and using low-resolution website images
4. Add codes which automatically add attribution link when image or text is copied
5. Limiting access to particular areas of the website
6. Limiting indexing of sub-pages by search engine bots, if it contains an image gallery
7. If you are getting your website designed by a freelancer or any other agency, it is advised that the agreement must
contain a copyright assignment clause granting you the copyright of the website created.
Thumbnails
Though using thumbnails of images owned by other may constitute violation of copyright, except in case the image has been used
under fair-use criteria, i.e., for news, research, criticism or review of the work., etc. The Courts in US (Perfect10 v. Amazon, Kelly
v. Arriba Soft Corp) have held that automatic indexing of the web-pages containing the images by a search engine and provide
thumbnail versions of images in response to user inquiries is fair use.
Domain Name
A company's presence on the Net starts with its domain name ("domain"). A domain is an important corporate identifier. Beyond
being the name under which the company sends and receives e-mail, like any other trademark or trade name it can be a symbol of
the company's goodwill and recognition in the marketplace. Given the unstructured nature of the Internet, obtaining an easily
ascertained domain name often is a key element of an on-line marketing strategy. Users regularly attempt to guess a company's
Internet location by typing in the name of the company followed by the ubiquitous .con top level domain. This common practice
of guessing at domain names makes an intuitive domain name a valuable corporate asset.
Generally speaking, domain names are assigned on a first come, first served basis. In the U.S. today, the vast majority of domains
are assigned by a single registry, Network Solutions, Inc. ("NSI"), under contract from the National Science Foundation.! In
assigning a domain, NSI uses a multi-level system, including a Top Level Domain ("TLD") such as ".com", ".net" and ".org",
coupled with a Second Level Domain ("SLD") requested by the party seeking the domain assignment (e.g., <ibm.com>). Not
surprisingly, the .com TLD, intended for commercial users has experienced exponential growth in the recent past; there are now
over three million such domains. As would have been expected from such growth, the .com TLD is at the eye of the storm in
domain disputes. Overseas, any number of registration entities (called NICs’ or registries) assigns individual country TLDs using
two character ISO country codes, such as ".ca" for Canada or ".fr" for France. Due to the international cachet that has developed in
.com names, many overseas business have bypassed country TLDs and have registered .com domains with NSI instead.
In the registration process, NSI (and the other NICs) will not exercise veto power over a requested name, so long as that name is
not identical to one already assigned within the TLD. Prior to the commercial explosion of the web, the domain name system
engendered little or no controversy. Only with the advent of the web, and the commercial world's awakening to the enormous
marketing possibilities it represented, did this system come under scrutiny.
Problems relating to Domain Name
As the commercial world expanded into cyberspace, three related problems with the domain name system became painfully clear.
The first and most obvious problem is the opportunity for others to "pirate" names, typically by obtaining SLD registrations within
the .com TLD of a well-known company name or brand. A number of major corporations have had the uncomfortable, and in
some cases embarrassing, experience of learning that someone else had already registered their name or mark as a second level
domain followed by the now ubiquitous .com TLD. By May 1994, the list of "pirated" names read like a Who's Who of corporate
America: McDonald's, Coke, Hertz, Nasdaq, Viacom, MTV and others. By mid-1996, Avon, Levi's, B. Dalton and Readers Digest
had joined the list. In 1997, a California college student, Daniel Khoshnood, started a web design firm called The Microsoft
Network.
Misspelling popular brands is the second problem. The domain name system creates the opportunity for others to obtain a second
level domain that is only a slight variation of someone else's well known, or not so well known, name or mark. Indeed, some
"entrepreneurs" even register slight variations of others' marks for the sole purpose of getting hits, thus capitalizing on typing
errors made by web surfers. These speculators often sell only advertising rather than products or services, while legitimate
companies that happen to have a similar domain will disclose that theirs is not the site the surfer actually was seeking.
The third problem, a variation on a theme, is created by the fact that NSI is not alone in assigning domains: NICs and other
registries all over the world may assign identical second level domains, so long as the TLD differs. Again, while Microsoft may be
<microsoft.com>, there may also be a completely unaffiliated <microsoft.co.uk> commercial domain in England or a
<microsoft.az> in Azerbaijan. Not surprisingly, the first lawsuits in the domain name area involved situations in which intentional
"pirating" was admitted or at least alleged. In the first case, Princeton Review Management Corp. v. Stanley H. Kaplan
Educational Center, Ltd., Kaplan did not take kindly to its competitor's use of <kaplan.com> in connection with a web site
containing messages disparaging Kaplan's educational testing services and praising those of Princeton Review. Kaplan refused
Princeton Review's offer to relinquish the name in exchange for a case of beer, and ultimately convinced an arbiter to order
Princeton Review to give up the domain.'
In Internet Domain Name
Internet Domain Names worldwide have assumed greater significance in recent times with the Internet increasingly being used as
an effective medium for commerce, governance, education and communication. The system of registration of Internet Domain
Names can facilitate the proliferation of Internet in a country. Many countries have, therefore, adopted liberal and market friendly
policies to register large number of Domain Names under their country code, broadly consistent with globally accepted policy and
procedures of Domain registration.
In India, .IN is the allocated country code Top Level Domain (ccTLD). It is recognized that its all round adoption by Indian
residents, individuals, Government entities, public service organizations and businesses will help in establishing their Indian
identity in the Internet space using a short and unique Domain Name.
The number of .IN Domain Names so far registered does not truly represent the penetration of information technology in India
when seen in conjunction with the dimension and vibrancy of the Indian economy and the number of companies and public
institutions operating in the area of Information Technology (IT) and Information Technology enabled Services (ITeS). An
overcautious registration policy and absence of contemporary processes and infrastructure for registration have so far hindered the
growth of .IN Domain. It is widely recognized that .IN Domain Name has an untapped growth potential. A proactive policy for .IN
Domain proliferation can help establish .IN as a globally recognized symbol of India 's growth in the area of IT.
After an in-depth review of the situation, the Government has decided to revamp the .IN Domain Name Registry in India to
provide a greater thrust to its activities. The new policy for .IN Domain Name registration covers the following main elements:
Unlimited generic .IN registration will be offered at 2 nd level of Domain Name and also at the 3 rd level in the globally popular
zones of Domain registration, e.g., .co.in, .net.in and .org.in.
Registrations will be carried out by Registrars to be appointed by the .IN Registry through an open process of selection on the basis
of transparent eligibility criteria.
Registrations will be offered by the Registrars following a competitive pricing policy and best market practices. The minimum fee
charged by the .IN Registry will be Rs. 250 and Rs. 500 per year for registrations at 3 rd and 2 nd levels respectively.
The .IN Registry will adopt Uniform Dispute Resolution Policy (UDRP), and will be assisted by a Dispute Resolution Committee
to resolve disputes involving the Registry. It will also appoint Arbitrators to address disputes involving the Registrars and the
registrants.
The entire process of registration will be online and should be completed in less than 24 hours of the receipt of the request from a
registrant.
The .IN Registry will announce a Sunrise period' of 90 days to enable registered trademark owners, registered companies and
owners of intellectual property having a legitimate interest in protecting their brand to secure registration of their Domain Names
after due verification.
The zones for Government, Military and Educational Institutions will be reserved for exclusive use by the respective organizations.
Registrations for these will be offered by NIC, an organization nominated by the Ministry of Defence, and ERNET, respectively.
The .IN Registry will have the authority to deny or suspend any registration if it conflicts with the sovereign national interest or
public order.
The names of Constitutional Authorities, States/Union Territories and specific names used by the .IN Registry will constitute the
reserved category of names, which will not be available to the general public.
The registrant must not have rights or legitimate interests in respect of the domain name;
The first difference is that under the INDRP, the absence of the conjunctive phrase “and” between the first and second element
suggests that in order to succeed, a complainant may simply satisfy the first element. Alternatively, the complainant may satisfy
the second and third element (which are conjoined with the phrase “and”) and not the first. However under the UDRP, the
complainant is expressly required to satisfy all three elements.
However, such a literal interpretation of the elements prescribed under the INDRP can have disastrous ramifications. This can be
seen with a disjunctive reading of the elements which implies that a complainant can obtain a remedy against a registrant who has
legitimate rights in a domain name which is registered and used in good faith, solely by virtue of its similarity to the complainant’s
trademark.
As a corollary, if a complainant can prove that the registrant has no legitimate interest in the domain name and that it was
registered or used in bad faith, the disjunctive interpretation implies that the domain name needn’t be similar to a trademark in
which the complainant has rights. However in such an event, the complainant may not have any locus standi to submit the
complaint in the first place.
It must be kept in mind that the object of the INDRP is to counter cybersquatting, for which it is imperative that a complainant
satisfies all three elements while seeking a remedy under the INDRP. Therefore, it is vital that the elements are interpreted
conjunctively.
The second difference is that under the UDRP, a complainant must prove that the domain name is registered and being used in bad
faith. However, under the INDRP by virtue of the disjunctive requirement of the phrase “or”, the complainant is required to prove
that the domain name has been registered or is being used in bad faith. The significance of this is that if a complainant proves that
the domain name was registered but not used in bad faith or vice-versa, the complainant will be unable to obtain a remedy under
the UDRP, but can do so under the INDRP.
There are several other unique aspects of the INDRP in contrast to the UDRP, notably:
In UDRP proceedings, the complainant selects the provider (from the list of ICANN approved providers) who then forms an
administrative panel which administers the proceedings, while under the INDRP, an arbitrator is appointed by NIXI to conduct the
proceedings.
The UDRP proceedings are governed by the UDRP Policy, Rules of Procedure and the WIPO supplemental rules, while under the
INDRP, the arbitrator has to conduct the proceedings in accordance with the INDRP Policy, Rules of Procedure and the
Arbitration and Conciliation Act, 1996.
Under the INDRP a sole arbitrator is appointed to conduct the proceedings, while under the UDRP the administrative panel can
consist of one or three panellists.
A party to an INDRP proceeding may request the arbitrator for a personal hearing to enter appearance and advance arguments to
make its case; no such provision exists under the UDRP.
Under the INDRP, an arbitrator is empowered to award costs as deemed fit while the UDRP expressly limits its remedies to
cancellation and transfer of the domain name.
Significantly, a fundamental difference between the policies is that under the UDRP a complainant may combine multiple domain
names into one consolidated complaint. However, under the INDRP, the rules clearly stipulate that “a separate complaint is
required to be filed for dispute relating to each domain name” [Paragraph 3(c)].
This poses a serious problem for a complainant who comes across an entity which wrongfully registers multiple domain names in
clear violation of its rights and who, owing to Paragraph 3(c), is required to file separate complaints for each domain name. This is
an onerous task which is not only expensive for the complainant, costing as much as $200 per complaint, but may lead to
inconsistent decisions being passed with respect to the same trademark.
Recently, Dell Inc came across such an entity that had wrongfully registered 10 domain names comprising its trademark/name
‘Dell’ and suffixed with .in.
Although it seemed both expedient and practical to submit a single complaint consolidating the domain names under the INDRP,
Dell Inc apprehended objections under Paragraph 3(c).
Dell Inc contacted representatives of NIXI to ascertain the permissibility of filing a consolidated complaint. NIXI accepted the
necessity to bring about an amendment in the existing provisions to circumvent multiplicity of proceedings, especially when
confronted with numerous decisions passed by WIPO, NAF and even the High Court of Delhi wherein multiple domain names
were consolidated to form the subject matter of a single action.
However, they appeared reluctant to allow deviation from the INDRP especially with respect to an express provision contained
therein.
Dell Inc was left with no alternative but to file separate complaints for each domain name. In the circumstances, it was essential
that all complaints were entertained by a common arbitrator in order to ensure consistency in decisions. Accordingly, a formal
request was made to NIXI to assign all the complaints to a common arbitrator to ensure consistency.
However, to Dell Inc’s surprise, despite taking all the precautions and following up with NIXI constantly, each complaint was
assigned to a different arbitrator.
It appears that until there is a significant amendment to the INDRP, starting with the abolishment of Rule 3(c), to bring it in sync
with the UDRP and court procedure, an aggrieved party must file a separate complaint before NIXI for each domain name bearing
in mind that each complaint will be assigned to a separate arbitrator and run the formidable risk of conflicting decisions, thereby
defeating the entire process. The need for a renaissance is at hand.
ICANN
The Internet Corporation for Assigned Names and Numbers (ICANN) is a nonprofit organization responsible for coordinating the
maintenance and procedures of several databases related to the namespaces and numerical spaces of the Internet, ensuring the
network's stable and secure operation. ICANN performs the actual technical maintenance work of the Central Internet Address
pools and DNS root zone registries pursuant to the Internet Assigned Numbers Authority (IANA) function contract. The contract
regarding the IANA stewardship functions between ICANN and the National Telecommunications and Information
Administration (NTIA) of the United States Department of Commerce ended on October 1, 2016, formally transitioning the
functions to the global multi-stakeholder community.
Much of its work has concerned the Internet's global Domain Name System (DNS), including policy development for
internationalization of the DNS system, introduction of new generic top-level domains (TLDs), and the operation of root name
servers. The numbering facilities ICANN manages include the Internet Protocol address spaces for IPv4 and IPv6, and assignment
of address blocks to regional Internet registries. ICANN also maintains registries of Internet Protocol identifiers.
ICANN's primary principles of operation have been described as helping preserve the operational stability of the Internet; to
promote competition; to achieve broad representation of the global Internet community; and to develop policies appropriate to its
mission through bottom-up, consensus-based processes.
ICANN's creation was announced publicly on September 17, 1998, and it formally came into being on September 30, 1998,
incorporated in the U.S. state of California. Originally headquartered in Marina del Rey in the same building as the University of
Southern California's Information Sciences Institute (ISI)], its offices are now in the Playa Vista neighborhood of Los Angeles.
Structure of ICANN
From its founding to the present, ICANN has been formally organized as a nonprofit corporation "for charitable and public
purposes" under the California Nonprofit Public Benefit Corporation Law. It is managed by a 16-member board of directors
composed of eight members selected by a nominating committee on which all the constituencies of ICANN are represented; six
representatives of its Supporting Organizations, sub-groups that deal with specific sections of the policies under ICANN's
purview; an at-large seat filled by an at-large organization; and the President / CEO, appointed by the board.
There are currently three supporting organizations: the Generic Names Supporting Organization (GNSO) deals with policy making
on generic top-level domains (gTLDs); The Country Code Names Supporting Organization (ccNSO) deals with policy making on
country-code top-level domains (ccTLDs); the Address Supporting Organization (ASO) deals with policy making on IP addresses.
ICANN also relies on some advisory committees and other advisory mechanisms to receive advice on the interests and needs of
stakeholders that do not directly participate in the Supporting Organizations.[60] These include the Governmental Advisory
Committee (GAC), which is composed of representatives of a large number of national governments from all over the world; the
At-Large Advisory Committee (ALAC), which is composed of individual Internet users from around the world selected by each of
the Regional At-Large Organizations (RALO)and Nominating Committee; the Root Server System Advisory Committee, which
provides advice on the operation of the DNS root server system; the Security and Stability Advisory Committee (SSAC), which is
composed of Internet experts who study security issues pertaining to ICANN's mandate; and the Technical Liaison Group (TLG),
which is composed of representatives of other international technical organizations that focus, at least in part, on the Internet
Meta Tagging
A Meta tag is a tag (coding statement) in the Hypertext Markup Language (HTML) that describes some aspect of the contents of a
Web page. The information that you provide in a Meta tag is used by search engines to index a page so that someone searching for
the kind of information the page contains will be able to find it. The Meta tag is placed near the top of the HTML in a Web page as
part of the heading.
There are several kinds of Meta tags, but the most important for search engine indexing are the keywords Meta tag and the
description Meta tag. The keywords Meta tag lists the words or phrases that best describe the contents of the page. The description
Meta tag includes a brief one- or two-sentence description of the page. Both the keywords and the description are used by search
engines in adding a page to their index. Some search engines also use the description to show the searcher a summary of the page's
contents.
Although most search engines also use the contents of a page as a way to determine how to index it, the creator of a Web page
should be sure to include Meta tags with appropriate keywords and description. Well-written Meta tags can help make the page
rank higher in search results.
List of references
Sr.No Details
1 Nandan Kamath - Law Relating to Computer - Internet and E-Commerce
2 S.K. Verma & Raman Mital - Legal Dimensions of Cyber Space
3 Rahul Mahathan - The Law relating to Computer and Internet
4 Justice Yatindra Singh - Cyber Laws
Disclaimer: This subject content as provided under AIR Online Education Support Suite is only Study (Reference) Material for
supplementing your Academic Classroom (Text Book) Learning. These are not Text Books on the Law Subjects.
Convergence Technologies
Technological convergence is a term that describes the layers of abstraction that enable different technologies to interoperate
efficiently as a converged system. From a practical standpoint, technological convergence encompasses two interdependent areas:
technical design and functionality. Technical design is occupied with engineering the underlying infrastructure needed to transport
digital content. Functionality refers to the ease of use with which a user can access the same content on various devices. The
functional aspects spring from the efficiency of the technical engineering.
The process by which existing technologies merge into new forms that bring together different types of media and applications is
known as Technological convergence. The technology convergence capability for organizations is the ability to embed technology
in devices and products.
Technology Convergence leads to business innovation, Competitive differentiation across the business and increased efficiency
within the organization. In future, devices and machines will communicate with each other without human intervention and can
perform synergistically to accomplish tasks that would otherwise be extremely complicated, cumbersome and time consuming.
Converging technological fields
NBIC, an acronym for Nanotechnology, Biotechnology, Information technology and Cognitive science, was, in 2014, the most
popular term for converging technologies. It was introduced into public discourse through the publication of Converging
Technologies for Improving Human Performance, a report sponsored in part by the U.S. National Science Foundation. Various
other acronyms have been offered for the same concept such as GNR (Genetics, Nanotechnology and Robotics) (Bill Joy, 2000,
Why the future doesn't need us). Journalist Joel Garreau in Radical Evolution: The Promise and Peril of Enhancing Our Minds,
Our Bodies — and What It Means to Be Human uses "GRIN", for Genetic, Robotic, Information, and Nano processes, while
science journalist Douglas Mulhall in Our Molecular Future: How Nanotechnology, Robotics, Genetics and Artificial Intelligence
Will Transform Our World uses "GRAIN", for Genetics, Robotics, Artificial Intelligence, and Nanotechnology. Another acronym
coined by the appropriate technology organization ETC Group is "BANG" for "Bits, Atoms, Neurons, Genes".
Convergence on the Internet
The role of the internet has changed from its original use as a communication tool to easier and faster access to information and
services, mainly through a broadband connection. The television, radio and newspapers were the world's media for accessing news
and entertainment; now, all three media have converged into one, and people all over the world can read and hear news and other
information on the internet. The convergence of the internet and conventional TV became popular in the 2010s, through Smart
TV, also sometimes referred to as "Connected TV" or "Hybrid TV", Smart TV is used to describe the current trend of integration of
the Internet and Web 2.0 features into modern television sets and set-top boxes, as well as the technological convergence between
computers and these television sets or set-top boxes. These new devices most often also have a much higher focus on online
interactive media, Internet TV, over-the-top content, as well as on-demand streaming media, and less focus on traditional broadcast
media like previous generations of television sets and set-top boxes always have had.
Digital Convergence
Digital Convergence means inclination for various innovations, media sources; content that becomes similar with the time. It
enables the convergence of access devices and content as well as the industry participant operations and strategy. This is how this
type of technological convergence creates opportunities, particularly in the area of product development and growth strategies for
digital product companies. The same can be said in the case of individual content producers such as bloggers in any video-sharing
platform. The convergence in this example is demonstrated in the involvement of the Internet, home devices such as smart
television, camera, the video-sharing application, and the digital content. In this setup, there are the so-called "spokes", which are
the devices that connect to a central hub, which could either be the smart TV or a Personal Computer. Here, the Internet serves as
the intermediary, particularly through its interactivity tools and social networking, in order to create unique mixes of products and
services via horizontal integration.
The above example highlights how digital convergence encompasses three phenomena:
Previously stand-alone devices are being connected by networks and software, significantly enhancing functionalities;
Previously stand-alone products are being converged onto the same platform, creating hybrid products in the process;
and,
Companies are crossing traditional boundaries such as hardware and software to provide new products and new sources
of competition.
Another example is the convergence of different types of digital contents. The next hot trend in digital convergence is converged
content, mixing personal (user-generated) content with professional (copyright protected) content. An example are personal music
videos that combine user-generated photos with chart music.
Cloud Computing
Cloud computing is a method for delivering information technology (IT) services in which resources are retrieved from the
Internet through web-based tools and applications, as opposed to a direct connection to a server. Rather than keeping files on a
proprietary hard drive or local storage device, cloud-based storage makes it possible to save them to a remote database. As long as
an electronic device has access to the web, it has access to the data and the software programs to run it.
It's called cloud computing because the information being accessed is found in "the cloud" and does not require a user to be in a
specific place to gain access to it. This type of system allows employees to work remotely. Companies providing cloud services
enable users to store files and applications on remote servers, and then access all the data via the internet.
Simply put, cloud computing is the delivery of computing services such as servers, storage, databases, networking, software,
analytics, intelligence and more, over the Internet to offer faster innovation, flexible resources and economies of scale. One
typically pays only for cloud services they use, helping lower their operating costs, run their infrastructure more efficiently and
scale as the business needs change.
In its essence, cloud computing is the idea of taking all the heavy lifting involved in crunching and processing data away from the
device carried around, or sit and work at, and moving that work to huge computer clusters far away in cyberspace. The internet
becomes the cloud, and the data, work and applications are accessible from any device through the internet, anywhere in the
world.
Types of cloud computing
Not all clouds are the same and not one type of cloud computing is right for everyone. Several different models, types and services
have evolved with time.
Types of cloud deployments:
Public Cloud
Private Cloud
Hybrid Cloud
Public cloud
Public clouds are owned and operated by a third-party cloud service provider, which deliver their computing resources like servers
and storage over the Internet. Microsoft Azure is an example of a public cloud. With a public cloud, all hardware, software and
other supporting infrastructure is owned and managed by the cloud provider. A person can access these services and manage your
account using a web browser.
Private cloud
A private cloud refers to cloud computing resources used exclusively by a single business or organization. A private cloud can be
physically located on the company’s on-site datacenter. Some companies also pay third-party service providers to host their private
cloud. A private cloud is one in which the services and infrastructure are maintained on a private network.
Hybrid cloud
Hybrid clouds combine public and private clouds, bound together by technology that allows data and applications to be shared
between them. By allowing data and applications to move between private and public clouds, a hybrid cloud gives a business
greater flexibility, more deployment options and helps to optimize the existing infrastructure, security and compliance.
Types of Cloud Services
Software as a Service (SaaS)
SaaS involves the licensure of a software application to customers. Licenses are typically provided through a pay-as-you-go model
or on-demand.
Infrastructure as a Service (IaaS)
Infrastructure as a service involves a method for delivering everything from operating systems to servers and storage through IP-
based connectivity as part of an on-demand service. Clients can avoid the need to purchase software or servers, and instead procure
these resources in an outsourced, on-demand service.
Platform as a Service (PaaS)
Of the three layers of cloud-based computing, PaaS is considered the most complex. PaaS shares some similarities with SaaS, the
primary difference being that, instead of delivering software online, it actually provides a platform for creating software that is
delivered via the internet.
Security and privacy under Cloud Computing
Cloud computing poses privacy concerns because the service provider can access the data that is in the cloud at any time. It could
accidentally or deliberately alter or delete information. Many cloud providers can share information with third parties if necessary
for purposes of law and order without a warrant. That is permitted in their privacy policies, which users must agree to before they
start using cloud services. Solutions to privacy include policy and legislation as well as end users' choices for how data is stored.
Users can encrypt data that is processed or stored within the cloud to prevent unauthorized access.
According to the Cloud Security Alliance, the top three threats in the cloud are Insecure Interfaces and API's, Data Loss &
Leakage, and Hardware Failure—which accounted for 29%, 25% and 10% of all cloud security outages respectively. Together,
these form shared technology vulnerabilities. In a cloud provider platform being shared by different users there may be a
possibility that information belonging to different customers resides on same data server. Additionally, Eugene Schultz, chief
technology officer at Emagined Security, said that hackers are spending substantial time and effort looking for ways to penetrate
the cloud. "There are some real Achilles' heels in the cloud infrastructure that are making big holes for the bad guys to get into".
Because data from hundreds or thousands of companies can be stored on large cloud servers, hackers can theoretically gain control
of huge stores of information through a single attack—a process he called "hyperjacking". Some examples of this include the
Dropbox security breach, and iCloud 2014 leak. Dropbox had been breached in October 2014, having over 7 million of its users
passwords stolen by hackers in an effort to get monetary value from it by Bitcoins (BTC). By having these passwords, they are
able to read private data as well as have this data be indexed by search engines (making the information public).
There is the problem of legal ownership of the data. Many Terms of Service agreements are silent on the question of ownership.
Physical control of the computer equipment (private cloud) is more secure than having the equipment off site and under someone
else's control (public cloud). This delivers great incentive to public cloud computing service providers to prioritize building and
maintaining strong management of secure services. Some small businesses that don't have expertise in IT security could find that
it's more secure for them to use a public cloud. There is the risk that end users do not understand the issues involved when signing
on to a cloud service (persons sometimes don't read the many pages of the terms of service agreement, and just click "Accept"
without reading). This is important now that cloud computing is becoming popular and required for some services to work, for
example for an intelligent personal assistant. Fundamentally, private cloud is seen as more secure with higher levels of control for
the owner, however public cloud is seen to be more flexible and requires less time and money investment from the user.
Containing primary sources of information (typically letters and papers directly produced by an individual or
organization) rather than the secondary sources found in a library (books, periodicals, etc.).
The technology used to create digital libraries is even more revolutionary for archives since it breaks down the second and third of
these general rules. In other words, "digital archives" or "online archives" will still generally contain primary sources, but they are
likely to be described individually rather than (or in addition to) in groups or collections. Further, because they are digital, their
contents are easily reproducible and may indeed have been reproduced from elsewhere.
Archives differ from libraries in the nature of the materials held. Libraries collect individual published books and serials, or
bounded sets of individual items. The books and journals held by libraries are not unique, since multiple copies exist and any
given copy will generally prove as satisfactory as any other copy. The material in archives and manuscript libraries are "the unique
records of corporate bodies and the papers of individuals and families".
A fundamental characteristic of archives is that they have to keep the context in which their records have been created and the
network of relationships between them in order to preserve their informative content and provide understandable and useful
information over time. The fundamental characteristic of archives resides in their hierarchical organization expressing the context
by means of the archival bond. Archival descriptions are the fundamental means to describe, understand, retrieve and access
archival material. At the digital level, archival descriptions are usually encoded by means of the Encoded Archival Description
XML format. The EAD is a standardized electronic representation of archival description which makes it possible to provide union
access to detailed archival descriptions and resources in repositories distributed throughout the world.
Features of Online Digital Library
No physical boundary: The user of a digital library need not to go to the library physically; people from all over the
world can gain access to the same information, as long as an Internet connection is available.
Round the clock availability: A major advantage of digital libraries is that people can gain access 24/7 to the
information.
Multiple accesses: The same resources can be used simultaneously by a number of institutions and patrons. This may
not be the case for copyrighted material: a library may have a license for "lending out" only one copy at a time; this is
achieved with a system of digital rights management where a resource can become inaccessible after expiration of the
lending period or after the lender chooses to make it inaccessible (equivalent to returning the resource).
Information retrieval: The user is able to use any search term (word, phrase, title, name, and subject) to search the entire
collection. Digital libraries can provide very user-friendly interfaces, giving click able access to its resources.
Preservation and conservation: Digitization is not a long-term preservation solution for physical collections, but does
succeed in providing access copies for materials that would otherwise fall to degradation from repeated use. Digitized
collections and born-digital objects pose many preservation and conservation concerns that analog materials do not.
Please see the following "Problems" section of this page for examples.
Space: Whereas traditional libraries are limited by storage space, digital libraries have the potential to store much more
information; simply because digital information requires very little physical space to contain them and media storage
technologies are more affordable than ever before.
Added value: Certain characteristics of objects, primarily the quality of images, may be improved. Digitization can
enhance legibility and remove visible flaws such as stains and discoloration.
Easily accessible.
In the current techno world, everything and anything is done with the help of internet from basic school project to
research for a Ph.D thesis. Internet has become an integral part of everyone’s life. Unlike the earlier economic
indicators – Food, Shelter and Clothing, many countries have included access to internet a basic indicator for Human
Development Index.
A minute without internet is just practically but also mentally possible for the current generation. In such a situation,
can Internet be considered a Human Right, a right which cannot be dispensed with or which defines basic dignified
lifestyle.
According to International Covenant on Economic, Social and Cultural rights, article 11(1) states, “The States Parties
to the present Covenant recognize the right of everyone to an adequate standard of living for himself and his family,
including adequate food, clothing and housing, and to the continuous improvement of living conditions. The States
Parties will take appropriate steps to ensure the realization of this right, recognizing to this effect the essential
importance of international co-operation based on free consent.” The term ‘continuous improvement of living
conditions’ states any further needs which is required for good living conditions. Further article 15(3) states “The State
Parties to the present Covenant undertake to respect the freedom indispensable for scientific research and creative
activity.” Hence in this digital world, Internet is and should be a human right guaranteed to all.
In a recent resolution, passed by United Nations, it was declared that, “online freedom” is a human right” and one that must be
protected. Further cementing this view, in July 2016 a declaration was issued indicating the importance of “applying a
comprehensive human-right based approach when providing and expanding access to internet and for the internet to be open,
accessible and nurtured. The UN Human Rights Commission has also passed a non-binding resolution that effectively makes
internet access a basic human right and any country denying it violates the human rights to its citizens. Unfortunately, India along
with other countries opposed this stating that they are open to idea of internet access to all, but they want absolute control over it.
Right to Broadband: A Fundamental Right in many jurisdictions
The Right to Internet is also known as Right to Broadband, has been included as a Fundamental right in amongst many
international communities. Former US President Barack Obama in 2015 said, “Today, high-speed broadband is not a luxury, it’s a
necessity.”
In Costa Rice, a 2010 Ruling by its Supreme Court said that technology has impacted the way humans communicate. It has
become a basic tool to exercise democratic participation, education, freedom of expression, access to information and public
services online and hence it includes fundamental right to access internet or World Wide Web. In Estonia, the government argued
that internet is essential for life in the 21st century and massive accessibility programmed was launched. Further countries like
Finland, Greece, Spain, France all have moved a step ahead and has brought access to internet under the fundamental rights of its
citizens.
International Conventions ratified by India
India has ratified many international conventions relating to human rights, thus is under obligation to implement the rights
stipulated to individuals. But unfortunately, India hasn’t chalked out policies and hasn’t yet enacted them for citizens to avail. Of
the many, India also ratified the two Covenants – International Covenant on Civil and Political Rights and Economic, Social and
Cultural Rights. Unfortunately, only the Human Rights embodied in Part III of the Constitution, which is the Fundamental Rights,
are enforceable in the Courts in India. Further the Human Rights Commission’s mandate, established in 1993, cannot extend to
those Human Rights which have been recognized in international treaties signed and ratified by India.
In a country where basic human rights are far from achievable, accessibility to internet is still a far-sighted concept. The push for
the need to have internet access has not just been raised by social forums and the media but also by the Courts as well.
In the case of Secretary, Ministry of Information and Broadcasting v. Cricket Association of Bengal [AIR 1995 SC 1236], it was
held that every citizen has a Fundamental Right to impart as well as receive information through the electronic media. A broad
interpretation of “electronic media” can definitely mean Internet as well. Enough time has passed since the time Rajiv Gandhi first
introduced computers; today everything runs and functions with Internet. In fact, the demonization move introduced by the Prime
Minister Narendra Modi emphasized the need to push India into a digital country, a cashless country with digital money. The
transition is taking place with railway stations and airports offering free internet, internet growth is booming. The growth
trajectory of broadband penetration still in its nascent stage, private companies are skeptical about the returns on their investment,
especially in the backdrop of the economic doldrums the country is experiencing.
Our policy makers, however, should have the vision to understand the potential that the rural market offers from the perspective of
business as well as development of people. The Digital India Programme by Union cabinet aiming to achieve digital empowerment
by connecting all Gram Panchayats by broadband internet, e-governance but yet the main ground for all this should be
accessibility to all. India has the necessary resources to enforce this right. Unfortunately lack of infrastructure and high cost of
Internet connectivity act as an impediment.
Even with a high demanding consumer base, still the country’s cost per MB is very high, compared to the First World countries
possessing fraction of India’s connected user. Hence there is a wide gap that has to be filled prior to declaration of right to internet
as a human right in India much less a legal right. Fortunately, The National Telecom Policy 2012 has set a target of 175 million
broadband connections by 2017, and 600 million 2020 at minimum 2 Mbps download speed and making available higher speeds of
at least 100 Mbps on demand.
The policy is also expected to look at ways to increase broadband penetration and convergence of various platforms like cable TV,
optical fiber, wireless connection through spectrum, VSAT and satellite. Currently, these platforms fall under different
departments. Cable TV for example, comes under the Ministry of Information and Broadcasting, while satellite related issues are
majorly governed by the Department of Space. With the new policy, DoT will have more control over various communication and
broadcast technologies. While this might make it easier for a company to launch all these services in one go, it increases the risk of
every communication medium being affected in case DoT comes out with bad policies in the future.
India ranks 130th in the HDI, lowest amongst the BRICS nations, with these figures, India still has lot of basic priorities to sort out
before it begins its digitalization move and hence the single answer to whether it is a basic human right or not is simply a big
“NO”. Yet again, by increasing cyber knowledge and skills associated, India can set an example amongst developing countries as
to how one can progress amidst tough constraints. The integration of rural economy with technology can bring the economic
miracle like in Japan and China.
Issue of Censorship
Internet censorship in India is selectively practiced by both federal and state governments. DNS filtering and educating service
users in better usage is an active strategy and government policy to regulate and block access to Internet content on a large scale.
Also measures for removing content at the request of content creators through court orders have become more common in recent
years. Initiating a mass surveillance government project like Golden Shield Project is also an alternative discussed over the years
by government bodies.
Open Net Initiative report
The Open Net Initiative classified India as engaged in "selective" Internet filtering in the political, conflict/security, social, and
Internet tools areas in 2011. ONI describes India as:
A stable democracy with a strong tradition of press freedom nevertheless continues its regime of Internet filtering. However,
India's selective censorship of blogs and other content, often under the guise of security, have also been met with significant
opposition.
Indian ISPs continue to selectively filter Web sites identified by authorities. However, government attempts at filtering have not
been entirely effective because blocked content has quickly migrated to other Web sites and users have found ways to circumvent
filtering. The government has also been criticized for a poor understanding of the technical feasibility of censorship and for
haphazardly choosing which Web sites to block.
Countries under Surveillance
In March 2012, Reporters without Borders added India to its list of "countries under surveillance", and stated:
“Since the Mumbai bombings of 2008, the Indian authorities have stepped up Internet surveillance and pressure on technical
service providers, while publicly rejecting accusations of censorship. The national security policy of the world's biggest democracy
is undermining freedom of expression and the protection of Internet users' personal data.”
Privacy Issues
Privacy can be defined as a right to be let alone. We as a human being want some space or privacy so that we can enjoy our life the
way we want. One should not have the fear of privacy intrusion in its own home or while enjoying his private life. Also a citizen
has a right to protect the privacy of his life, marriage, family, health, procreation and other matters.
“None can publish anything concerning the above matters without his consent, whether truthful or otherwise and whether
laudatory or critical. If he does so, he would be violating the right to privacy of the person concerned and would be liable in an
action for damages." But in certain cases the privacy of a person is not only breached but the content is made available in public
which results as defamation and loss of reputation.
Personal Privacy
The main and the most related term in the context of privacy can be related to the exposure of one’s body to another, it can also be
defined as physical privacy. This is also an aspect of personal modesty. A personal can go to extreme depth in order to protect his
modesty. Like one wears clothes to prevent his body to be seen to others, creates walls or fences etc. People also expect that their
privacy rights will be respected by others too. Some people choose to do the acts of physical intimacy in public but again this is
their personal choice.
Informational Privacy
As the term says informational privacy is related to information or data about a person. This data can be of any type and in any
form for example name, date of birth, address, phone number, bank details etc. The concern of privacy arises in collecting, storing
and sharing of personal data. With the improved technological equipments new type of Personally Identifiable Information (PII)
are generated and stored for various purposes. Like now days many organizations are implementing fingerprint scanners as a
security measure and a tool to grant access in the premises. The fingerprint scanner comes under the Biometric devices like iris
scanner, face camera, speaker recognition and many others. No doubt these devices provide effective security measures but if the
data collected by biometric devices, misused can be dangerous.
Organizational Privacy
Various organizations, agencies or corporations may desire to keep their activities hidden from other organizations or individuals.
Like the defense or military department etc. They can implement various methods to achieve their desired privacy.
Privacy and the Internet
Internet has almost changed the way one used to fear from privacy invasion. Now you don’t know how and when you are been
monitored and by whom. One do not know that his information is being sold over the internet for just 1 or 2 dollars, peoples are
being murdered by the help of internet, peoples are harassed and blackmailed on social networking sites. Their photos are
downloaded, morphed and misused. Though Internet has revolutionized the world and it has become a global village now, on the
other hand we cannot deny the negative aspects of it.
We need to understand the fact that everything that we do on internet can be noticed or revealed because it leaves digital traces.
The use of smart phones is another emerging danger to online privacy. Every device that is connected to Internet has a unique IP
address attached to it, whether it is a computer, mobile, play station or anything else which means it can be traced. If you are going
on a vacation without informing any of you friends and if your friend calls you and say what you are doing at that place, it will not
be surprising, that how he knew where you are. If you are doing online transaction or simply anything related to e-commerce it is
much possible that your credentials can be compromised. Now days even if you search anything on Google and after some time if
you want to search the same thing it will appear in the search drop list even if you type the first word of the letter.
Legal Regime to Combat Cyber Privacy in India
Information Technology Amendment Act, 2008
Information Technology Act is an act of Indian Parliament notified on 17, October, 2000. It was further amended and came into
force on October 27, 2009. It regulates the cyberspace in India and provides rules and regulations regarding different aspects of
cyber law.
Section 43(A): Compensation for failure to protect data
Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it
owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby
causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation,
to the person so affected.
Section 66(E): Punishment for violation of privacy
Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her
consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three
years or with fine not exceeding two lakh rupees, or with both.
Explanation - For the purposes of this section--
a. “Transmit” means to electronically send a visual image with the intent that it be viewed by a person or persons;
b. “Capture”, with respect to an image, means to videotape, photograph, film or record by any means;
c. “Private area” means the naked or undergarment clad genitals, pubic area, buttocks or female breast;
d. “Publishes” means reproduction in the printed or electronic form and making it available for public;
e. “Under circumstances violating privacy” means circumstances in which a person can have a reasonable expectation that
—
i. He or she could disrobe in privacy, without being concerned that an image of his private area was being
captured; or
ii. Any part of his or her private area would not be visible to the public, regardless of whether that person is in a
public or private place.
List of references
Sr.No Details
1 Nandan Kamath - Law Relating to Computer - Internet and E-Commerce
2 S.K. Verma & Raman Mital - Legal Dimensions of Cyber Space
3 Rahul Mahathan - The Law relating to Computer and Internet
4 Justice Yatindra Singh - Cyber Laws
Unit I - Introduction
Long Questions
1. Describe in detail the salient features of Information Technology Act, 2000
2. Discuss in detail the penalties given under I. T. Act.
3. What is E-Commerce? Discuss the provisions concerning E-commerce in IT Act, 2000
4. Define ‘Digital Signature’. How can it be obtained in India?
5. What do you understand by Jurisdiction? State its relevance with Cyber Crimes.
6. What are different authorities under the Information Technology Act? State their power and functions
7. Functions and Powers of Cyber Appellate Tribunal
Short Notes
1. Certifying authority.
2. How IT Act influenced Indian Evidence Act ?
3. UNCITRAL
4. Digital Signature
5. Cyber Appellate Tribunal
6. Jurisdictional Issue
7. Cyber Space Jurisdiction
List of references
Sr.No Details
1 Nandan Kamath - Law Relating to Computer - Internet and E-Commerce
2 S.K. Verma & Raman Mital - Legal Dimensions of Cyber Space
3 Rahul Mahathan - The Law relating to Computer and Internet
4 Justice Yatindra Singh - Cyber Laws
Unit I - Introduction
Let us Recapitulate points dissussed in this module:
The term ‘‘Cyber Crime” means the vulnerability of any computing system, software program, or critical infrastructure to, or
their ability to resist, intentional interference, compromise, or incapacitation through the misuse of, or by unauthorized
means of, the Internet, public or private telecommunications systems.
The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach
not due to human error but due to the complex technology.
Kinds of Cyber Criminals –
a. Children and adolescents between the age group of 6 – 18 years
b. Organised hackers
c. Professional hackers / crackers
d. Discontented employees
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents
Digital signatures employ asymmetric cryptography.
In 1976, Whitfield Diffie and Martin Hellman first described the notion of a digital signature scheme, although they only
conjectured that such schemes existed based on functions that are trapdoor one-way permutations.
In 1984, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to rigorously define the security requirements
of digital signature schemes.
A Cyber Appellate Tribunal shall consist of one person only (hereinafter referred to as the Presiding Officer of the Cyber
Appellate Tribunal to be appointed, by notification, by the Central Government.
Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal to the High Court within
sixty days from the date of communication of the decision or order of the Cyber Appellate Tribunal to him.
Web Jacking occurs when someone forcefully takes control of a website by cracking the password and later changing it.
The IT Act provides for the Controller of Certifying Authorities (CCA) to license and regulate the working of Certifying
Authorities and also to ensure that none of the provisions of the Act are violated.
The Controller of Certifying Authorities (CCA) has been appointed by the Central Government under section 17 of the Act
for purposes of the IT Act.
The IT Act provides for the Controller of Certifying Authorities(CCA) to license and regulate the working of Certifying
Authorities. The Certifying Authorities (CAs) issue digital signature certificates for electronic authentication of users.
List of references
Sr.No Details
1 Nandan Kamath - Law Relating to Computer - Internet and E-Commerce
2 S.K. Verma & Raman Mital - Legal Dimensions of Cyber Space
3 Rahul Mahathan - The Law relating to Computer and Internet
4 Justice Yatindra Singh - Cyber Laws
Just like paper made or conventional contract, one of the most essential elements of online contract is the requirement of an
offer to be made.
When a proposal or offer is made is accepted by the person to whom the offer is made, it becomes a promise.
If there is no intention of creating legal relationship on the part of the parties to contract, there is no contract between them.
It is an essential element of valid contract that parties to the contract must have intention to create legal relationships.
Contract is only enforceable by law only when it is made for a lawful purpose.
Consideration is one of most important element of a contract.
Parties to a contract must be capable of entering into a contract. He must attain the age of majority and must be of sound
mind.
Consent which is defined under Section 13 of the Indian Contract Act, 1872 is an essential requirement of a contract.
The terms and conditions of agreement must be certain and not vague and must also be such as are capable of performance.
The Information Technology Act 2000 regulates the provisions relating to e commerce in India.
Online banking, also known as internet banking, is an electronic payment system that enables customers of a bank or other
financial institution to conduct a range of financial transactions through the financial institution's website.
Internet banking software provides personal and corporate banking services offering features such as viewing account
balances, obtaining statements, checking recent transaction and making payments.
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents.
A valid digital signature gives a recipient reason to believe that the message was created by a known sender, that the sender
cannot deny having sent the message, and that the message was not altered in transit.
Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software
distribution, financial transactions, contract management software, and in other cases where it is important to detect forgery
or tampering.
List of references
Sr.No Details
1 Nandan Kamath - Law Relating to Computer - Internet and E-Commerce
2 S.K. Verma & Raman Mital - Legal Dimensions of Cyber Space
3 Rahul Mahathan - The Law relating to Computer and Internet
4 Justice Yatindra Singh - Cyber Laws
h. Cyber Trespassing
i. Cyber Contraband
The term ‘‘Cyber Crime” means the vulnerability of any computing system, software program, or critical infrastructure to, or
their ability to resist, intentional interference, compromise, or incapacitation through the misuse of, or by unauthorized
means of, the Internet, public or private telecommunications systems.
The major email related crimes are:
a. Email frauds
b. Email spoofing
c. Sending malicious codes through email
d. Email bombing
e. Sending threatening emails
f. Defamatory emails
Email frauds are very often used to commit financial crimes. It becomes a simple thing not just to assume someone else's
identity but also to hide one's own.
A spoofed email is one that appears to originate from one source but has actually emerged from another source.
Email bombing refers to sending a large amount of emails to the victim resulting in the victim's email account or servers
crashing.
Full Headers show the entire path an email traveled from the author's computer to yours.
Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage
mediums.
Computer forensics, also called cyber forensics, is the application of computer investigation and analysis techniques
to gather evidence suitable for presentation in a court of law.
The goal of computer forensic is to perform a structured investigation while maintaining a documented chain of find out
exactly what happened on a computer and who was responsible for it.
The major reasons for criminal activity in computers are:
a. Unauthorized use of computers mainly stealing a username and password.
b. Accessing the victim’s computer via the internet.
c. Releasing a malicious computer program that is virus.
d. Harassment and stalking in cyberspace.
e. E-mail Fraud.
f. Theft of company documents
The Role of computer forensics techniques is to search, preserve and analyze information on computer systems to find
potential evidence for a trial.
Section 65B(2) contains a series of certifications which is to be provided by the person who is having lawful control over the
use of the Computer generating the said computer output and is not easy to be fulfilled without extreme care.
List of references
Sr.No Details
1 Nandan Kamath - Law Relating to Computer - Internet and E-Commerce
2 S.K. Verma & Raman Mital - Legal Dimensions of Cyber Space
3 Rahul Mahathan - The Law relating to Computer and Internet
4 Justice Yatindra Singh - Cyber Laws
Public clouds are owned and operated by a third-party cloud service provider, which deliver their computing resources like
servers and storage over the Internet.
A private cloud refers to cloud computing resources used exclusively by a single business or organization.
Hybrid clouds combine public and private clouds, bound together by technology that allows data and applications to be
shared between them.
Types of Cloud Services
a. Software as a Service (SaaS)
b. Infrastructure as a Service (IaaS)
c. Platform as a Service (PaaS)
The Right to Internet is also known as Right to Broadband, has been included as a Fundamental right in amongst many
international communities.
Information Technology Act is an act of Indian Parliament notified on 17, October, 2000. It was further amended and came
into force on October 27, 2009.
There are some sections in IPC which deals with privacy. They are not directly related with cyber privacy but can be helpful
for an individual to claim his or her rights.
The Open Net Initiative classified India as engaged in "selective" Internet filtering in the political, conflict/security, social,
and Internet tools areas in 2011.
List of references
Sr.No Details
1 Nandan Kamath - Law Relating to Computer - Internet and E-Commerce
2 S.K. Verma & Raman Mital - Legal Dimensions of Cyber Space
3 Rahul Mahathan - The Law relating to Computer and Internet
4 Justice Yatindra Singh - Cyber Laws
Title :
Description :
Specify Folders
Notes
rajesh123 Notes Folder
Title :
Description :
Paragraph Number(s) :
Bookmarks
rajesh123 Bookmark Folder
Next
Go to top of page
Powered By
Copyright © 2020 AIR Law Academy | All rights reserved
Terms & Conditions Privacy Policy Refund And Cancellation Policy Help