Cyber Law & Forensic - HTML



User Data
Bookmark
Note
Add new bookmark here

Title *
Description *
Paragraph Number(s)
Select folder(s) to store bookmark *
Search
Save Bookmark
Add new note here
Select folder(s) to store note *
Search Your Folder
You can add your own title *

Description*
Description *
Save Note
Website Font
A-
A
A+
 Bookmark
 Note





 Close
Printed By: Vishal R (vishal07) on Mon Jan 27 11:57:12 UTC 2020

Cyber Law & Forensic eBooks
Table of Contents
Full Content
Suggestive Questions
Memory Tickers
Unit I - Introduction
Introduction to Cyber Space
UNCITRAL Model Law on International Commercial Arbitration
IT Act 2008
Some of the major highlights of this act are
Important Sections
Section 43: Penalty and Compensation for damage to computer, computer system, etc
(Amended vide ITAA-2008)
Section 43 A: Compensation for failure to protect data (Inserted vide ITAA 2006)
Section 65: Tampering with Computer Source Documents
Explanation
Section 66: Computer Related Offences (Substituted vide ITAA 2008)

Explanation
Section 66 A: Punishment for sending offensive messages through communication service

etc (Introduced vide ITAA 2008)
Section 66 B: Punishment for dishonestly receiving stolen computer resource or
communication device (Inserted Vide ITA 2008)
Section 66C: Punishment for identity theft. (Inserted Vide ITA 2008)
Section 66D: Punishment for cheating by personation by using computer resource
(Inserted Vide ITA 2008
Section 66E: Punishment for violation of privacy. (Inserted Vide ITA 2008)
Section 66F: Punishment for cyber terrorism
Section 67: Punishment for publishing or transmitting obscene material in electronic form
(Amended vide ITAA 2008)
Section 67 A: Punishment for publishing or transmitting of material containing sexually

explicit act, etc. in electronic form (Inserted vide ITAA 2008)
Section 67 B: Punishment for publishing or transmitting of material depicting children in

sexually explicit act, etc. in electronic form
Section 67 C: Preservation and Retention of information by intermediaries
Protected system (Amended Vide ITAA-2008)

Section 70 A: National nodal agency. (Inserted vide ITAA 2008)
Section 70 B: Indian Computer Emergency Response Team to serve as national agency for
incident response
Section 74: Publication for fraudulent purpose
Section79:Exemption from liability of intermediary in certain cases
Section 79A: Central Government to notify Examiner of Electronic Evidence
Jurisdictional Issues in Cyberspace

The test currently in force Internationally
Digital or Electronic Signature
Definition of Digital Signature
History of Digital Signature
Application of Digital Signature

Reasons for applying a Digital Signature
Authentication
Integrity
Non-repudiation
Regulation of Certifying Authority

Provisions relating to Certifying Authority
Section 17 – Appointment of the Controller and other officers
Section 18 - Functions of Controller
Section 19 - Recognition of foreign Certifying Authorities
Section 20 - Controller to act as repository
Section 21 - License tissue Digital Signature Certificates
Section 28 - Power to investigate contraventions
Cyber Regulation Appellate Tribunal

Establishment of Cyber Appellate Tribunal (Section 48)
The composition of Cyber Appellant Tribunal (Section 49)
The qualifications for appointment as Presiding Officer of the Cyber Appellate Tribunal (Section 50)
The Term of Office (Section 51)
Filling up of vacancies (Section 53)
Resignation and removal (Section 54)
Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings (Section 55)
Appeal to Cyber Appellate Tribunal (Section 57)
Procedure and powers of the Cyber Appellate Tribunal (Section 58)
Right to Legal Representation (Section 59)
Limitation (Section 60)
Civil Court not to have jurisdiction (Section 61)
Appeal to High Court (Section 62)
Compounding of contraventions (Section 63)
Recovery of Penalty (Section 64)
Unit II - Online Contracts

Introduction to Online Contract
Meaning of Contract
Online Contract
Types of Online Contract
Essential Elements of an Online Contract
Offer
Acceptance
Intention to create legal relationship
There must be a lawful object
There must be a legal or lawful consideration
Capacity of parties
There must be free and unaffected consent
Possibility of performance
Formation of Online Contract

Validity of Online Contract
Evidentiary Value of Online Contract
Remedies for Breach of Online Contract
E-Banking and E-Banking Transactions

Emergence of computer banking
Features of E-Banking
Banks
Customers
Businesses
Security of E-Banking
E-banking in India
Bill payment
Funds transfer
Investing
Shopping

Authentication
Integrity
Non-repudiation

E-Commerce -Taxation Issues in India
New e-commerce guidelines liberalize FDI regulations
Tax regime for e-commerce and the key challenges
Direct tax
Indirect tax
Unit III - Cyber Crimes
Cyber Crime
Reasons for Cyber Crime
Capacity to store data in comparatively small space
Easy to access
Complex
Negligence
Loss of evidence
Cyber Criminals
Children and adolescents between the age group of 6 – 18 years
Organised hackers
Professional hackers / crackers
Discontented employees
Mode and manner of committing Cyber crime

Unauthorized access to computer systems or networks / Hacking
Theft of information contained in electronic form
Email bombing
Data diddling
Salami attacks
Denial of Service attack
Virus / worm attacks
Logic bombs
Trojan attacks
Internet time thefts
Web jacking
Cyber Security- Meaning

Why we need Cyber security?
What is Cyber Crime?

According to different scenario and techniques these are some of Cyber Crime
Types of Cyber Crime
Financial fraud/Cyber Fraud
Example
Cyber Theft
Example
Cyber Pornography
Example
Cyber Vandalism
Use of Social Networking
Example
Cyber Stalking
Example
Cyber Laundering
Example
Cyber Terrorism
Example
Cyber Trespassing
Cyber trespassing can be done in two ways
Example
Cyber Contraband
Example
E-mail Related crimes

Email Frauds
Email spoofing
Spreading Trojans, viruses and worms
Email bombing
Threatening emails
Defamatory emails
Trace email -- who sent you that email?
"Who sent you that email and where are they located?"
Analysing Email Headers

What is an email header?
What time zone is India Time in?

Fundamentals of Storage Media Sanitation - Part 1
What is Media Sanitation?

File Deletion
Data Remanence
Magnetic Disks
Hard Drive Internals

Hard Drive Schematic
Optical Disks
Memory
Guidelines for Media Sanitation

Disposal
Clearing
Purging
Destroying
Magnetic Media
Optical Disks
Memory
Computer Forensics
Introduction to Computer Forensics
Importance of Computer Forensics
Electronic evidence considerations
Role of Computer Forensic
Admissible evidence in Court of Law
Unit IV - IPR and Cyber Space

Copyright Issues in the Internet
Copyright and Cyberspace
Copyright
Cyberspace
Copyright and Database

Database
Scope of Copyright and Database
The Berne Convention

The T.R.I.P.S Agreement
W.I.P.O (World Intellectual Property Organization)
Development Agenda of WIPO
Internet in Indian Scenario

Copyright Problems
W.I.P.O And Digital Copyrights
Copyright in Cyberspace
Public Performance and Display Rights
Distribution Rights
Caching (Mirroring)
Legal Aspects and Challenges

Copyright Infringement
Electronic Copyright Management System (E.C.M.S)

Legal Aspects of Electronic Copyright Management System
D.M.C.A (Digital Millennium Copyright Act 1998)
E.U.C.D (Europe Union Copyright Directive)
Protection of Database in India

Copyright Protection of Computer Software / Program
Internet Protection in India

Indian Cyber Jurisdiction
Copyright violations in Cyberspace: Offences and protection mechanisms

Software
Copying of code
Selling and distribution of pirated software
Database
Websites
Thumbnails
Trademark issues in the Internet

Domain Name
Problems relating to Domain Name
In Internet Domain Name
National Internet Exchange of India (NIXI)

Domain name dispute resolution
Uniform Domain-Name Dispute-Resolution Policy
Process under UDRP
ICANN
Structure of ICANN
Meta Tagging
Unit V - Contemporary Issues

Convergence Technologies
Converging technological fields
Convergence on the Internet

Digital Convergence
Cloud Computing
Types of cloud computing
Public cloud
Private cloud
Hybrid cloud
Types of Cloud Services

Software as a Service (SaaS)
Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)
Security and privacy under Cloud Computing
Online Digital Libraries

Types of digital libraries
Institutional repositories
Digital archives
Features of Online Digital Library
Access to Internet: A Human Right Issue

Right to Broadband: A Fundamental Right in many jurisdictions
International Conventions ratified by India
Issue of Censorship
Open Net Initiative report
Countries under Surveillance
Privacy Issues
Personal Privacy
Informational Privacy
Organizational Privacy
Privacy and the Internet

Legal Regime to Combat Cyber Privacy in India
Information Technology Amendment Act, 2008
Section 43(A): Compensation for failure to protect data

Section 66(E): Punishment for violation of privacy
Section 72: Breach of confidentiality and privacy

Section 72(A): Punishment for Disclosure of information in breach of lawful contract
Indian Penal Code, 1860
Code for Criminal Procedure, 1973

Right to Information Act, 2005
The Privacy Protection Bill (2013)
Course Outline of Unit I: Introduction

This Unit contains discussion on following topics :
Cyber Space Introduction and UNCITRAL Model Law - Information Technology Act,2000 with Recent Amendments -
Jurisdictional Issues - Digital Signatures - Regulation of Certifying Authorities - Cyber Regulation Appellate Tribunal
Disclaimer: This subject content as provided under AIR Online Education Support Suite is only Study (Reference) Material for
supplementing your Academic Classroom (Text Book) Learning. These are not Text Books on the Law Subjects.
Introduction to Cyber Space

Cyberspace is widespread, interconnected digital technology. The term entered the popular culture from science fiction and the
arts but is now used by technology strategists, security professionals, government, military and industry leaders and entrepreneurs
to describe the domain of the global technology environment. Others consider cyberspace to be just a notional environment in
which communication over computer networks occurs. The word became popular in the 1990s when the uses of the Internet,
networking, and digital communication were all growing dramatically and the term "cyberspace" was able to represent the many
new ideas and phenomena that were emerging. It has been called the largest unregulated and uncontrolled domain in the history of
mankind, and is also unique because it is a domain created by people vice the traditional physical domains.
The parent term of cyberspace is "cybernetic", derived from the Ancient Greek, a word introduced by Norbert Wiener for his
pioneering work in electronic communication and control science. This word cyberspace first appeared in the art installation of the
same name by danish artist Susanne Ussing, 1968).
As a social experience, individuals can interact, exchange ideas, share information, provide social support, conduct business, direct
actions, create artistic media, play games, engage in political discussion, and so on, using this global network. They are sometimes
referred to as cybernauts. The term cyberspace has become a conventional means to describe anything associated with the Internet
and the diverse Internet culture. The United States government recognizes the interconnected information technology and the
interdependent network of information technology infrastructures operating across this medium as part of the US national critical
infrastructure. Amongst individuals on cyberspace, there is believed to be a code of shared rules and ethics mutually beneficial for
all to follow, referred to as cyberethics. Many view the right to privacy as most important to a functional code of cyberethics. Such
moral responsibilities go hand in hand when working online with global networks, specifically, when opinions are involved with
online social experiences.
According to Chip Morningstar and F. Randall Farmer, cyberspace is defined more by the social interactions involved rather than
its technical implementation. In their view, the computational medium in cyberspace is an augmentation of the communication
channel between real people; the core characteristic of cyberspace is that it offers an environment that consists of many
participants with the ability to affect and influence each other. They derive this concept from the observation that people seek
richness, complexity, and depth within a virtual world.
UNCITRAL Model Law on International Commercial Arbitration
The UNCITRAL Model Law on International Commercial Arbitration was prepared by UNCITRAL, and adopted by the United
Nations Commission on International Trade Law on 21 June 1985. In 2006 the model law was amended, it now includes more
detailed provisions on interim measures.
The model law is not binding, but individual states may adopt the model law by incorporating it into their domestic law.
The model law was published in English and in French. Translations in all six United Nations languages now exist.
Note that there is a difference between the UNCITRAL Model Law on International Commercial Arbitration (1985) and the
UNCITRAL Arbitration Rules. On its website, UNCITRAL explains the difference as follows: "The UNCITRAL Model Law
provides a pattern that law-makers in national governments can adopt as part of their domestic legislation on arbitration. The
UNCITRAL Arbitration Rules, on the other hand, are selected by parties either as part of their contract, or after a dispute arises, to
govern the conduct of an arbitration intended to resolve a dispute or disputes between themselves. Put simply, the Model Law is
directed at States, while the Arbitration Rules are directed at potential (or actual) parties to a dispute."
The Model Law is of its nature a flexible device. It is not a Convention and carries no obligation to enact legislation in its entirety
in strict conformity with its terms. There may, for example, be competing interests which it might be thought desirable to protect.
A strong case can, however, be made to say that a State would best be served by reasonably close adherence to the Model Law.
The Model Law provides a set of provisions for the management of international commercial arbitration which each country may
choose to accept, subject to those modifications or additions which its national legislature considers appropriate. Naturally,
however, harmonisation is best promoted (and the interests of international arbitration best served) by the Law's close
implementation. Mechanisms for adoption are discussed in Chapter 2 (below). There is little to be gained from adherence to local
variants and much merit in providing foreign users of the arbitral system with a statement of the law which is easily ascertainable,
certain and in conformity with that of other countries.
The Model Law's example has already proved persuasive. Some of its provisions have now been incorporated in standard
arbitration rules, as for example, by the London Court of International Arbitration in its 1985 International Rules. Legislation
based on the Law has been enacted in Australia, Bulgaria, Canada (the Federal Parliament and by the Legislatures of all Provinces
and Territories), Cyprus, Hong Kong, Nigeria, Scotland and within the United States of American, California, Connecticut and
Texas. By the Model Law's adoption, these jurisdictions are creating an inviting legal forum for the settlement of international
commercial disputes, a factor conducive to international trade and commerce.
One reason for the Model Law's increasing popularity is its international origin. Representatives from all regions and legal
systems participated in its drafting, assisted by many others highly experienced in international arbitration. Participants are listed
in Appendix C. The Law has, therefore, been framed in a manner particularly appropriate to the international problems it is
designed to meet. Its international language (sometimes differing in style from national legislation) is peculiarly suited to the
international context in which it is intended to operate. Moreover, the Model Law clearly complements other international
instruments designed to apply to international arbitration, as for example, the widely-accepted New York Convention and the
UNCITRAL Arbitration Rules.
As its name indicates, the Model Law provides a text which if enacted by national legislatures would not only form a sound basis
for an arbitration regime, but also conform to internationally approved standards. It is, however, for each country to decide
whether it takes advantage of the Model Law by enacting it as part of its municipal law. Generally speaking, States have thus far
implemented the Model Law with few substantial changes. In 1989, the Australian Parliament amended the Arbitration (Foreign
Awards and Agreements) Act 1974 by the International Arbitration Amendment Act 1989.
The Model Law has a capacity for universality of operation. It is appropriate for adoption by States irrespective of whether they
have effective and up to date arbitration laws for domestic arbitration. When enacting the Model Law, States which have pre-
existing and effective domestic arbitration laws may choose to confer on the parties the capacity to stipulate that their arbitration
should proceed under the domestic regime rather than the Model Law. This is the course followed by the Australian Act. At the
same time the Model Law provides a very effective law for domestic as well as international arbitrations, and it is within the
freedom of choice of an enacting jurisdiction to apply the Model Law to both domestic and international arbitration. Such
universal enactment is a convenient mechanism for a State to enact a general relevant and up-to-date arbitration law.
The terms of the Model Law also require an adopting State to make specific provision for certain matters. Thus, under Article 6 an
enacting State should specify the court which is to perform the functions referred to in Articles 11(3), 11(4), 13(3), 14, 16(3) and
34(2).
IT Act 2008
The Information Technology (Amendment) Act, 2008 has come into force on 27th October, 2009.
Some of the major highlights of this act are
1. Cyber crime cases can now be investigated by Inspector rank police officers. Earlier such offences could not be
investigated by an officer below the rank of a deputy superintendent of police.
2. Publishing sexually explicit acts in the electronic form is punishable with jail up to 3 years. This would apply to cases
like the Delhi MMS scandal where a video of a young couple having sex was spread through cell phones around the
country.
3. Voyeurism is now specifically covered. Acts like hiding cameras in changing rooms, hotel rooms etc is punishable with
jail up to 3 years. This would apply to cases like the infamous Pune spy cam incident where a 58-year old man was
arrested for installing spy cameras in his house to ‘snoop’ on his young lady tenants.
4. Collecting, browsing, downloading etc of child pornography is punishable with jail up to 5 years for the first
conviction. For a subsequent conviction, the jail term can extend to 7 years. A fine of up to Rs 10 lakh can also be levied.
5. The punishment for spreading obscene material by email, websites, sms has been reduced from 5 years jail to 3 years
jail. This covers acts like sending ‘dirty’ jokes and pictures by email or sms.
6. Compensation on cyber crimes like spreading viruses, copying data, unauthorized access, denial of service etc is not
restricted to Rs 1 crore anymore. The Adjudicating Officers will have jurisdiction for cases where the claim is up to Rs. 5
crore. Above that the case will need to be filed before the civil courts.
7. A special liability has been imposed on call centers, BPOs, banks and others who hold or handle sensitive personal data.
If they are negligent in “implementing and maintaining reasonable security practices and procedures”, they will be liable
to pay compensation. It may be recalled that India’s first major BPO related scam was the multi crore MphasiS-Citibank
funds siphoning case in 2005. Under the new law, in such cases, the BPOs and call centers could also be made liable if
they have not implemented proper security measures.
8. Refusing to hand over passwords to an authorized official could land a person in prison for up to 7 years.
9. The offence of cyber terrorism has been specially included in the law. A cyber terrorist can be punished with life
imprisonment.
10. Sending threatening emails and sms are punishable with jail up to 3 years.
11. Hacking into a Government computer or website, or even trying to do so in punishable with imprisonment up to 10
years.
Important Sections
Section 43: Penalty and Compensation for damage to computer, computer system, etc (Amended vide ITAA-2008)
If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer
network
a. Accesses or secures access to such computer, computer system or computer network or computer resource (ITAA2008)
b. downloads, copies or extracts any data, computer data base or information from such computer, computer system or
computer network including information or data held or stored in any removable storage medium;
c. Introduce or causes to be introduced any computer contaminant or computer virus into any computer, computer system
or computer network;
d. damages or causes to be damaged any computer, computer system or computer network, data, computer data base or
any other program residing in such computer, computer system or computer network;
e. Disrupts or causes disruption of any computer, computer system or computer network;
f. Denies or causes the denial of access to any person authorized to access any computer, computer system or computer
network by any means;
g. provides any assistance to any person to facilitate access to a computer, computer system or computer network in
contravention of the provisions of this Act, rules or regulations made there under,
h. Charges the services availed of by a person to the account of another person by tampering with or manipulating any
computer, computer system, or computer network,
i. Destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it
injuriously by any means (Inserted vide ITAA-2008)
j. Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used
for a computer resource with an intention to cause damage, (Inserted vide ITAA 2008)he shall be liable to pay damages by
way of compensation not exceeding one crore rupees to the person so affected. (Change vide ITAA 2008)
Explanation - for the purposes of this section

1. "Computer Contaminant" means any set of computer instructions that are designed
a. To modify, destroy, record, transmit data or program residing within a computer, computer system or computer
network; or
b. By any means to usurp the normal operation of the computer, computer system, or computer network;
2. "Computer Database" means a representation of information, knowledge, facts, concepts or instructions in text,
image, audio, video that are being prepared or have been prepared in a formalized manner or have been produced by a
computer, computer system or computer network and are intended for use in a computer, computer system or computer
network;
3. "Computer Virus" means any computer instruction, information, data or program that destroys, damages, degrades or
adversely affects the performance of a computer resource or attaches itself to another computer resource and operates
when a program, data or instruction is executed or some other event takes place in that computer resource;
4. "Damage" means to destroy, alter, delete, add, modify or re-arrange any computer resource by any means.
5. "Computer Source code" means the listing of program, computer commands, design and layout and program analysis of
computer resource in any form (Inserted vide ITAA 2008)
Section 43 A: Compensation for failure to protect data (Inserted vide ITAA 2006)
Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it
owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby
causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation,
not exceeding five crore rupees, to the person so affected. (Change vide ITAA 2008)
Explanation: For the purposes of this section
1. "Body corporate" means any company and includes a firm, sole proprietorship or other association of individuals
engaged in commercial or professional activities
2. "reasonable security practices and procedures" means security practices and procedures designed to protect such
information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an
agreement between the parties or as may be specified in any law for the time being in force and in the absence of such
agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central
Government in consultation with such professional bodies or associations as it may deem fit.
3. "Sensitive personal data or information" means such personal information as may be prescribed by the Central
Government in consultation with such professional bodies or associations as it may deem fit.
Section 65: Tampering with Computer Source Documents
Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or
alter any computer source code used for a computer, computer program, computer system or computer network, when the computer
source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to
three years, or with fine which may extend up to two lakh rupees, or with both.
Explanation
For the purposes of this section, "Computer Source Code" means the listing of program, Computer Commands, Design and layout
and program analysis of computer resource in any form.
Section 66: Computer Related Offences (Substituted vide ITAA 2008)
If any person, dishonestly, or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a
term which may extend to two three years or with fine which may extend to five lakh rupees or with both.
Explanation
For the purpose of this section
The word "dishonestly" shall have the meaning assigned to it in section 24 of the Indian Penal Code;
The word "fraudulently" shall have the meaning assigned to it in section 25 of the Indian Penal Code.
Section 66 A: Punishment for sending offensive messages through communication service etc (Introduced vide ITAA 2008)
Any person who sends, by means of a computer resource or a communication device,
a. any information that is grossly offensive or has menacing character; or
b. any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger,
obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such
computer resource or a communication device,
c. any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or
to mislead the addressee or recipient about the origin of such messages (Inserted vide ITAA 2008) shall be punishable
with imprisonment for a term which may extend to two three years and with fine.
Explanation: For the purposes of this section, terms "Electronic mail" and "Electronic Mail Message" means a message or
information created or transmitted or received on a computer, computer system, computer resource or communication device
including attachments in text, image, audio, video and any other electronic record, which may be transmitted with the message.
Section 66 B: Punishment for dishonestly receiving stolen computer resource or communication device (Inserted Vide ITA 2008)
Whoever dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to
believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either
description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.
Section 66C: Punishment for identity theft. (Inserted Vide ITA 2008)
Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of
any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall
also be liable to fine which may extend to rupees one lakh.
Section 66D: Punishment for cheating by personation by using computer resource (Inserted Vide ITA 2008)
Whoever, by means of any communication device or computer resource cheats by personating, shall be punished with
imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to
one lakh rupees.
Section 66E : Punishment for violation of privacy. (Inserted Vide ITA 2008)
Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her
consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three
years or with fine not exceeding two lakh rupees, or with both
Explanation.- For the purposes of this section:
a. “Transmit” means to electronically send a visual image with the intent that it be viewed by a person or persons;
b. “Capture”, with respect to an image, means to videotape, photograph, film or record by any means;
c. “Private area” means the naked or undergarment clad genitals, pubic area, buttocks or female breast;
d. “Publishes” means reproduction in the printed or electronic form and making it available for public;
e. “Under circumstances violating privacy” means circumstances in which a person can have a reasonable expectation that
—
1. He or she could disrobe in privacy, without being concerned that an image of his private area was being
captured; or
2. Any part of his or her private area would not be visible to the public, regardless of whether that person is in a
public or private place.
Section 66F:Punishment for cyber terrorism
1. Whoever,-
1. With intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or
any section of the people by –
1. Denying or cause the denial of access to any person authorized to access computer resource or
2. Attempting to penetrate or access a computer resource without authorization or exceeding authorized
access; or
3. Introducing or causing to introduce any Computer Contaminant.
and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or
disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or
adversely affect the critical information infrastructure specified under section 70, or
A. knowingly or intentionally penetrates or accesses a computer resource without authorization or exceeding authorized
access, and by means of such conduct obtains access to information, data or computer database that is restricted for
reasons of the security of the State or foreign relations; or any restricted information, data or computer database, with
reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause
injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign
States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to
the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.
2.Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to
imprisonment for life’.
Section 67: Punishment for publishing or transmitting obscene material in electronic form (Amended vide ITAA 2008)
Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the
prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant
circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment
of either description for a term which may extend to two three years and with fine which may extend to five lakh rupees and in the
event of a second or subsequent conviction with imprisonment of either description for a term which may extend to five years and
also with fine which may extend to ten lakh rupees.
Section 67 A: Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form (Inserted vide
ITAA 2008)
Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains
sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which
may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction
with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten
lakh rupees.
Exception: This section and section 67 does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or
figure in electronic form-
1. the publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet,
paper, writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other
objects of general concern; or
2. Which is kept or used bona fide for religious purposes?
Section 67 B : Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form.
Whoever,-
a. Publishes or transmits or causes to be published or transmitted material in any electronic form which depicts children
engaged in sexually explicit act or conduct or
b. Creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes
material in any electronic form depicting children in obscene or indecent or sexually explicit manner or
c. Cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or
in a manner that may offend a reasonable adult on the computer resource or
d. Facilitates abusing children online or
e. Records in any electronic form own abuse or that of others pertaining to sexually explicit act with children,shall be
punished on first conviction with imprisonment of either description for a term which may extend to five years and with a
fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either
description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.
Provided that the provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing,
drawing, painting, representation or figure in electronic form-
1. The publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet,
paper writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other
objects of general concern; or
2. Which is kept or used for bona fide heritage or religious purposes
Explanation: For the purposes of this section, "children" means a person who has not completed the age of 18 years.
Section 67 C: Preservation and Retention of information by intermediaries
1. Intermediary shall preserve and retain such information as may be specified for such duration and in such manner and
format as the Central Government may prescribe.
2. Any intermediary who intentionally or knowingly contravenes the provisions of sub section (1) shall be punished with
an imprisonment for a term which may extend to three years and shall also be liable to fine.
Protected system (Amended Vide ITAA-2008)

1. The appropriate Government may, by notification in the Official Gazette, declare any computer resource which directly
or indirectly affects the facility of Critical Information Infrastructure, to be a protected system.
Explanation: For the purposes of this section, "Critical Information Infrastructure" means the computer resource, the incapacitation
or destruction of which, shall have debilitating impact on national security, economy, public health or safety. (Substituted vide
ITAA-2008)
1. The appropriate Government may, by order in writing, authorize the persons who are authorized to access protected
systems notified under sub-section (1).
2. Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of
this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall
also be liable to fine.
3. The Central Government shall prescribe the information security practices and procedures for such protected system.
(Inserted vide ITAA 2008)
Section 70 A: National nodal agency. (Inserted vide ITAA 2008)
1. The Central Government may, by notification published in the official Gazette, designate any organization of the
Government as the national nodal agency in respect of Critical Information Infrastructure Protection.
2. The national nodal agency designated under sub-section (1) shall be responsible for all measures including Research
and Development relating to protection of Critical Information Infrastructure.
3. The manner of performing functions and duties of the agency referred to in sub-section (1) shall be such as may be
prescribed.
Section 70 B: Indian Computer Emergency Response Team to serve as national agency for incident response
1. The Central Government shall, by notification in the Official Gazette, appoint an agency of the government to be called
the Indian Computer Emergency Response Team.
2. The Central Government shall provide the agency referred to in sub-section (1) with a Director General and such other
officers and employees as may be prescribed.
3. The salary and allowances and terms and conditions of the Director General and other officers and employees shall be
such as may be prescribed.
4. The Indian Computer Emergency Response Team shall serve as the national agency for performing the following
functions in the area of Cyber Security,-
a. Collection, analysis and dissemination of information on cyber incidents
b. Forecast and alerts of cyber security incidents
c. Emergency measures for handling cyber security incidents
d. Coordination of cyber incidents response activities
e. Issue guidelines, advisories, vulnerability notes and white papers relating to information security practices,
procedures, prevention, response and reporting of cyber incidents
f. Such other functions relating to cyber security as may be prescribed
5. The manner of performing functions and duties of the agency referred to in sub-section (1) shall be such as may be
prescribed.
6. For carrying out the provisions of sub-section (4), the agency referred to in sub-section (1) may call for information
and give direction to the service providers, intermediaries, data centers, body corporate and any other person
7. Any service provider, intermediaries, data centers, body corporate or person who fails to provide the information called
for or comply with the direction under sub-section (6) , shall be punishable with imprisonment for a term which may
extend to one year or with fine which may extend to one lakh rupees or with both.
8. No Court shall take cognizance of any offence under this section, except on a complaint made by an officer authorized
in this behalf by the agency referred to in sub-section (1)
Section 74: Publication for fraudulent purpose
Whoever knowingly creates publishes or otherwise makes available an Electronic Signature Certificate for any fraudulent or
unlawful purpose shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend
to one lakh rupees, or with both
Section79:Exemption from liability of intermediary in certain cases
1. Notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-sections
(2) and (3), an intermediary shall not be liable for any third party information, data, or communication link hosted by him.
(Corrected vide ITAA 2008)
2. The provisions of sub-section (1) shall apply if-
a. The function of the intermediary is limited to providing access to a communication system over which
information made available by third parties is transmitted or temporarily stored; or
b. The intermediary does not:
1. initiate the transmission,
2. Select the receiver of the transmission, and
3. Select or modify the information contained in the transmission
c. The intermediary observes due diligence while discharging his duties under this Act and also observes such
other guidelines as the Central Government may prescribe in this behalf (Inserted Vide ITAA 2008)
3. The provisions of sub-section (1) shall not apply if-

a. The intermediary has conspired or abetted or aided or induced whether by threats or promise or otherwise in
the commission of the unlawful act (ITAA 2008)
b. upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any
information, data or communication link residing in or connected to a computer resource controlled by the
intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable
access to that material on that resource without vitiating the evidence in any manner.
Explanation: - For the purpose of this section, the expression ”third party information" means any information dealt with by an
intermediary in his capacity as an intermediary.
Section 79A : Central Government to notify Examiner of Electronic Evidence
The Central Government may, for the purposes of providing expert opinion on electronic form evidence before any court or other
authority specify, by notification in the official Gazette, any department, body or agency of the Central Government or a State
Government as an Examiner of Electronic Evidence.
Explanation:- For the purpose of this section, "Electronic Form Evidence" means any information of probative value that is either
stored or transmitted in electronic form and includes computer evidence, digital audio, digital video, cell phones, digital fax
machines".
Jurisdictional Issues in Cyberspace
One of the advantages of the Internet over other methods of communication and commerce is that it enables access to a much
wider, even a worldwide, audience. Spatial distance and national borders are irrelevant to the creation of an Internet business,
many of which are conceived for the express purpose of expanding sales horizons across borders. In a sense, a person can be
everywhere in the world, all at once. This ease of communication raises a vital legal question, however: when a person puts up a
website on his home server and allows access to it from all points on the globe, does he subject himself to the governance of every
law- and rule-maker in the world? Under the current system, in order to decide what state's or nation's laws govern disputes that
arise over Internet issues, a court first must decide "where" Internet conduct takes place, and what it means for Internet activity to
have an "effect" within a state or nation.
Even apart from the Internet, this border-centric view of the law creates certain difficulties in an economy moving toward
globalization. Entire bodies of law have been developed by every nation to deal with the resolution of international conflicts of
law, conflicts that arise when geography and citizenship would allow a dispute to be decided by the laws of more than one country,
and the laws of those countries are not consistent with each other. Conflicts of law are particularly likely to arise in cyberspace,
where the location of an occurrence is never certain, where ideological differences are likely to create conflicting laws, and where
rules are made not only by nations and their representatives, but also by sub-national and transnational institutions.
The test currently in force Internationally
There is little dispute that nation-states can prosecute Internet users (or anyone else, for that matter), whatever their location, for
revealing national secrets, falsifying official documents, or inciting war. These activities threaten national security, wherever they
are committed, and therefore fall under international standards for jurisdiction. Similarly, it is a universal crime to publicly incite
torture or genocide. These universal offenses may be prosecuted extraterritorially by any nation, regardless of the citizenship or
location of the user.
These are easy cases, however. Nations may also be interested in enforcing non-universal laws extraterritorially; for example, In
Germany, it is illegal to import distribute material espousing a Nazi or Neo-Nazi viewpoint. Such material is not difficult to find in
USENet or on the World Wide Web. German authorities may be interested not only in interpreting German laws to classify
Internet viewing as "importation" of material, but also (in part because of the difficulty of locating those who break an importation
statute without leaving their own homes) in prosecuting those who make such material available to Germans via the Internet. If
German authorities attempted to prosecute a U.S. citizen r resident for such an offense, however, they would be met with great
opposition by the U.S., which certainly would not enforce any judgment against the U.S. citizen in such a case, because the
German statute violates U.S. Constitutional principles. Under U.S. law, because it would be prohibitively difficult to prevent
German users from viewing such a site and therefore the result of such a prosecution would be to chill otherwise legal (if
unpleasant) speech in the U.S. Under the current system, it is possible to envision that German courts may have jurisdiction over
Americans who publish such material, even though the material may not be "purposefully directed" (one interpretation of the
American standard ) toward Germany in the way a mailing of flyers would be.
The U.S. courts apply the same "effects" test to foreign parties as to American parties. If minimum contacts exist, parties from
other countries may be hauled into court in the United States just as parties from one state may be hauled into another. Similarly,
Americans may be tried by courts in other countries depending on the rules of that country. Although each country's laws are
different, most rely on some sort of "effects" test resembling the U.S. test, whereby a party is subject to jurisdiction in a place
where his conduct has an effect. This jurisdiction traditionally is subject to a "reasonableness" test. According to section 421 of the
Restatement (Third) of the Foreign Relations Law of the U.S., exercise of jurisdiction is generally reasonable if the party is a
citizen, resident, or domiciliary of the state, or if:
....(g) the person, whether natural or personal, has consented to the exercise of jurisdiction;
(h) the person, whether natural or juridical, regularly carries on business in the state;
(i) the person, whether natural or juridical, had carried on activity in the state, but only in respect of such activity;
(j) the person, whether natural or juridical, had carried on outside the state an activity having a substantial, direct, and
foreseeable effect within the state, but only in respect of such activity; or
(k)the thing that is the subject of adjudication is owned, possessed, or used in the state, but only in respect of a claim reasonably
connected with that thing.
This standard differs somewhat from the U.S. standard for interstate exercise of jurisdiction; for example, transitory presence
(known as "tag" jurisdiction), accepted in the U.S., is not generally accepted as a method of international jurisdiction.
Every nation has an obligation to exercise moderation and restraint in invoking jurisdiction over cases that have a foreign element,
and they should avoid undue encroachment on the jurisdiction of other States. Although countries are given great discretion in
deciding whether to exercise jurisdiction over conduct in other countries, international law dictates that a country exercising its
jurisdiction in an overly self-centered way not only contravenes international law, but can also "disturb the international order and
produce political, legal, and economic reprisals."
Based on this traditional moderation, and the relatively high threshold of the "reasonableness" standard discussed above, it is
unlikely that foreign nations will have the sort of long-arm power over citizens of other nations as states have over citizens of other
states within the U.S. today. Scholars have suggested that individual persons and small commercial entities whose only contacts
with a nation are on-line are, in all likelihood, more insulated from international jurisdiction than they are from interstate
jurisdiction. This is largely speculative, however, because international Internet jurisdiction cases have thus far been rare, and
nations have not hesitated to pass laws conferring global jurisdiction for Internet activities.
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital
signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a
known sender (authentication), and that the message was not altered in transit (integrity).
Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution,
financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering.
Digital signatures are often used to implement electronic signatures, which includes any electronic data that carries the intent of a
signature, but not all electronic signatures use digital signatures. In some countries, including the United States, Algeria, Turkey,
India, Brazil, Indonesia, Mexico, Saudi Arabia, Uruguay, Switzerland and the countries of the European Union, electronic
signatures have legal significance.
Digital signatures employ asymmetric cryptography. In many instances they provide a layer of validation and security to messages
sent through a non-secure channel: Properly implemented, a digital signature gives the receiver reason to believe the message was
sent by the claimed sender. Digital seals and signatures are equivalent to handwritten signatures and stamped seals. Digital
signatures are equivalent to traditional handwritten signatures in many respects, but properly implemented digital signatures are
more difficult to forge than the handwritten type. Digital signature schemes, in the sense used here, are cryptographically based,
and must be implemented properly to be effective. Digital signatures can also provide non-repudiation, meaning that the signer
cannot successfully claim they did not sign a message, while also claiming their private key remains secret. Further, some non-
repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid.
Digitally signed messages may be anything representable as a bitstring: examples include electronic mail, contracts, or a message
sent via some other cryptographic protocol.
A digital signature scheme typically consists of 3 algorithms;
A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The
algorithm outputs the private key and a corresponding public key.
A signing algorithm that, given a message and a private key, produces a signature.
A signature verifying algorithm that, given the message, public key and signature, either accepts or rejects the
message's claim to authenticity.
Two main properties are required. First, the authenticity of a signature generated from a fixed message and fixed private key can be
verified by using the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for
a party without knowing that party's private key. A digital signature is an authentication mechanism that enables the creator of the
message to attach a code that acts as a signature. The Digital Signature Algorithm (DSA), developed by the National Institute of
Standards and Technology, is one of many examples of a signing algorithm.
In 1976, Whitfield Diffie and Martin Hellman first described the notion of a digital signature scheme, although they only
conjectured that such schemes existed based on functions that are trapdoor one-way permutations. Soon afterwards, Ronald Rivest,
Adi Shamir, and Len Adleman invented the RSA algorithm, which could be used to produce primitive digital signatures (although
only as a proof-of-concept – "plain" RSA signatures are not secure). The first widely marketed software package to offer digital
signature was Lotus Notes 1.0, released in 1989, which used the RSA algorithm.
Other digital signature schemes were soon developed after RSA, the earliest being Lamport signatures, Merkle signatures (also
known as "Merkle trees" or simply "Hash trees"), and Rabin signatures.
In 1988, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to rigorously define the security requirements of
digital signature schemes. They described a hierarchy of attack models for signature schemes, and also presented the GMR
signature scheme, the first that could be proved to prevent even an existential forgery against a chosen message attack which is the
currently accepted security definition for signature schemes. The first such scheme which is not built on trapdoor functions but
rather on a family of function with a much weaker required property of one-way permutation was presented by Moni Naor and
Moti Yung.
As organizations move away from paper documents with ink signatures or authenticity stamps, digital signatures can provide
added assurances of the evidence to provenance, identity, and status of an electronic document as well as acknowledging informed
consent and approval by a signatory. The United States Government Printing Office (GPO) publishes electronic versions of the
budget, public and private laws, and congressional bills with digital signatures. Universities including Penn State, University of
Chicago, and Stanford are publishing electronic student transcripts with digital signatures.
Below are some common reasons for applying a digital signature to communications:
Authentication
Although messages may often include information about the entity sending a message, that information may not be accurate.
Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to
a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender
authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the
central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly
sent from an authorized source, acting on such a request could be a grave mistake.
Integrity
In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered
during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message
without understanding it. (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if
a message is digitally signed, any change in the message after signature invalidates the signature. Furthermore, there is no efficient
way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be
computationally infeasible by most cryptographic hash functions (see collision resistance).
Non-repudiation
Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of digital signatures. By this property, an
entity that has signed some information cannot at a later time deny having signed it. Similarly, access to the public key only does
not enable a fraudulent party to fake a valid signature.
Note that these authentication, non-repudiation etc. properties rely on the secret key not having been revoked prior to its usage.
Public revocation of a key-pair is a required ability, else leaked secret keys would continue to implicate the claimed owner of the
key-pair. Checking revocation status requires an "online" check; e.g., checking a certificate revocation list or via the Online
Certificate Status Protocol. Very roughly this is analogous to a vendor who receives credit-cards first checking online with the
credit-card issuer to find if a given card has been reported lost or stolen. Of course, with stolen key pairs, the theft is often
discovered only after the secret key's use, e.g., to sign a bogus certificate for espionage purpose.
As per Section 18 of The Information Technology Act, 2000 provides the required legal sanctity to the digital signatures based on
asymmetric cryptosystems. The digital signatures are now accepted at par with handwritten signatures and the electronic
documents that have been digitally signed are treated at par with paper documents.
The IT Act provides for the Controller of Certifying Authorities(CCA) to license and regulate the working of Certifying
Authorities. The Certifying Authorities (CAs) issue digital signature certificates for electronic authentication of users.
The Controller of Certifying Authorities (CCA) has been appointed by the Central Government under section 17 of the Act for
purposes of the IT Act. The Office of the CCA came into existence on November 1, 2000. It aims at promoting the growth of E-
Commerce and E- Governance through the wide use of digital signatures.
The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority (RCAI) of India under section 18(b)
of the IT Act to digitally sign the public keys of Certifying Authorities (CA) in the country. The RCAI is operated as per the
standards laid down under the Act.
The CCA certifies the public keys of CAs using its own private key, which enables users in the cyberspace to verify that a given
certificate is issued by a licensed CA. For this purpose it operates, the Root Certifying Authority of India(RCAI). The CCA also
maintains the Repository of Digital Certificates, which contains all the certificates issued to the CAs in the country.
Provisions relating to Certifying Authority
Section 17 – Appointment of the Controller and other officers
1. The Central Government may, by notification in the Official Gazette, appoint a Controller of Certifying Authorities for
the purposes of this Act and may, also by the same or subsequent notification, appoint such number of Deputy Controllers
and Assistant Controllers as it deems fit.
2. The Controller shall discharge his functions under this Act subject to the general control and directions of the Central
Government.
3. The Deputy Controllers and Assistant Controllers shall perform functions assigned to them by the Controller under the
general superintendence and control of the Controller.
4. The qualifications, experience and terms and conditions of service of Controller, Deputy Controllers and Assistant
Controller shall be such as may be prescribed by the Central Government.
5. The Head Office and Branch Officer of the officer of the Controller shall be at such places as the Central Government
may specify, and these may be established at such places as the Central Government may think fit.
6. There shall be a seal of the Office of the Controller.
Section 18 - Functions of Controller
The Controller may perform all or any of the following function, namely:-
a. exercising supervision over the activities of Certifying Authorities;
b. certifying public keys of the Certifying Authorities;
c. laying down the standards to be maintained by Certifying Authorities;
d. specifying the qualifications and experience which employees of the Certifying Authorities should possess;
e. specifying the conditions subject to which the Certifying Authority shall conduct their business;
f. specifying the contents of written, printed or visual materials and advertisements that may be distributed or used in
respect of a Digital Signature Certificate and the public key;
g. specifying the form and content of a Digital Signature Certificate and the key;
h. specifying the form the manner in which accounts shall be maintained by the Certifying Authorities;
i. specifying the terms and conditions subject to which auditors may be appointed and the remuneration to be paid to
them;
j. facilitating the establishment of any electronic system by a Certifying Authority either solely or jointly with other
Certifying Authorities and regulation of such system;
k. specifying the manner in which the Certifying Authorities shall conduct their dealings with the subscribers;
l. resolving any conflict of interests between the Certifying Authorities and the subscribers;
m. laying down the duties of the Certifying Authorities;
n. maintaining a data-base containing the disclosure record of ever Certifying Authority containing such particulars as
may be specified by regulations which shall be accessible to public.
Section 19 - Recognition of foreign Certifying Authorities
1. Subject to such conditions and restrictions as may be specified, by regulations, the Controller may, with the previous
approval of the Central Government, and by notification in the Official Gazette, recognise any Certifying Authority as a
Certifying Authority for the purposes of this Act.
2. Where any Certifying Authority is recognised under sub-section (1), the Digital Signature Certificate issued by such
Certifying Authority shall be valid for the purposes of this Act.
3. The Controller may if he is satisfied that any Certifying Authority has contravened any of the conditions and
restrictions subject to which it was granted recognition under sub-section (1), he may, for reasons to be recorded in
writing, by notification in the Official Gazette, revoke such recognition.
Section 20 - Controller to act as repository
1. The Controller shall be the repository of all Digital Signature Certificates issued under this Act.
2. The Counter shall-
a. make use of hardware, software and procedures that are secure from intrusion and misuse;
b. observe such other standards as may be prescribed by the Central Government.
To ensure that the secrecy and security of the digital signatures are assured.
1. The Controller shall maintain a computerized data-base of all public keys in such a manner that such database and the
public keys are available to any member of the public.
Section 21 - License tissue Digital Signature Certificates
1. Subject to the provisions of sub-section (2), any person may make an application to the Controller for a license to issue
Digital Signature Certificates.
2. No license shall be issued under sub-section (1), unless the applicant fulfills such requirements with respect to
qualification, expertise, manpower, financial resources and other infrastructure facilities, which are necessary to issue
Digital Signature Certificates as may be prescribed by the Central Government.
3. A license granted under this section shall-
a. be valid for such period as may be prescribed by the Central Government;

b. not be transferable or heritable;
c. be subject to such terms and conditions as may be specified by the regulations.
Section 28 - Power to investigate contraventions
1. The Controller or any officer authorized by him in this behalf shall take up for investigation any contravention of the
provisions of this Act, rules or regulations made thereunder.
2. The controller or any officer authorized by him in this behalf shall exercise the like powers which are conferred on
Income-tax authorities under Chapter XIII of the Income-tax Act, 1961, (43 of 1961), and shall exercise such powers,
subject to such limitations laid down under that Act.
Cyber Regulation Appellate Tribunal

Establishment of Cyber Appellate Tribunal (Section 48)
1. The Central Government notifies and establishes appellate tribunals called Cyber Regulations Appellate Tribunal.
2. The Central Government also specifies in the notification all the matters and places which fall under the jurisdiction of
the Tribunal.
The composition of Cyber Appellant Tribunal (Section 49)

The Central Government appoints only one person in a Tribunal – the Presiding Officer of the Cyber Appellate Tribunal.
The qualifications for appointment as Presiding Officer of the Cyber Appellate Tribunal (Section 50)
A person is considered qualified for the appointment as the Presiding Officer of a Tribunal if –
a. He has the qualification of the Judge of a High Court
b. He is or was the member of the Indian Legal Service and holds or has held a post in Grade I of that service for at least
three years.
The Term of Office (Section 51)

The Term of Office of the Presiding Officer of a Cyber Appellate Tribunal is five years from the date of entering the office or until
he attains the age of 65 years, whichever is earlier.
Filling up of vacancies (Section 53)
If for any reason other than temporary absence, there is a vacancy in the Tribunal, then the Central Government hires another
person in accordance with the Act to fill the vacancy. Further, the proceedings continue before the Tribunal from the stage at
which the vacancy is filled.
Resignation and removal (Section 54)
1. The Presiding Officer can resign from his office after submitting a notice in writing to the Central Government,
provided:
a. he holds office until the expiry of three months from the date the Central Government receives such notice (unless the
Government permits him to relinquish his office sooner), OR
b. he holds office till the appointment of a successor, OR
c. until the expiry of his office; whichever is earlier.
1. In case of proven misbehavior or incapacity, the Central Government can pass an order to remove the Presiding Officer
of the Cyber Appellate Tribunal. However, this is only after the Judge of the Supreme Court conducts an inquiry where
the Presiding Officer is aware of the charges against him and has a reasonable opportunity to defend himself.
2. The Central Government can regulate the procedure for investigation of misbehavior or incapacity of the Presiding
Officer.
Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings (Section 55)
According to this section, no order of the Central Government appointing any person as the Presiding Officer of the Tribunal can
be questioned in any manner. Further, no one can question any proceeding before a Cyber Appellate Tribunal in any manner
merely on the grounds of any defect in the Constitution of the Tribunal.
Appeal to Cyber Appellate Tribunal (Section 57)
1. Subject to the provisions of sub-section (2), a person not satisfied with the Controller or Adjudicating Officer’s order
can appeal to the Cyber Appellate Tribunal having jurisdiction in the matter.
2. No appeal shall lie to the Cyber Appellate Tribunal from an order made by an adjudicating officer with the consent of
the parties.
3. The person filing the appeal must do so within 25 days from the date of receipt of the order from the Controller or
Adjudicating Officer. Further, he must accompany the appeal with the prescribed fees. However, if the Tribunal is
satisfied with the reasons behind the delay of filing the appeal, then it may entertain it even after the expiry of 25 days.
4. On receiving an appeal under sub-section (1), the Tribunal gives an opportunity to all the parties to the appeal to state
their points, before passing the order.
5. The Cyber Appellate Tribunal sends a copy of every order made to all the parties to the appeal and the concerned
Controller or adjudicating officer.
6. The Tribunal tries to expeditiously deal with the appeals received under sub-section (1). It also tries to dispose of the
appeal finally within six months of receiving it.
Procedure and powers of the Cyber Appellate Tribunal (Section 58)

1. The Code of Civil Procedure, 1908 does not bind the Cyber Appellate Tribunal. However, the principles of natural
justice guide it and it is subject to other provisions of the Act. The Tribunal has powers to regulate its own procedure.
2. In order to discharge its functions efficiently, the Tribunal has the same powers as vested in a Civil Court under the
Code of Civil Procedure, 1908, while trying a suit in the following matters:
a. Summoning and enforcing the attendance of any person and examining him under oath
b. Ensuring the availability of the required documents or electronic records
c. Receiving evidence on affidavits
d. Issuing commissions for examining witnesses or documents
e. Reviewing its decisions
f. Dismissing an application for default or deciding it ex-parte, etc.
1. Every proceeding before the Cyber Appellate Tribunal is like a judicial proceeding within the meaning of sections 193
and 228 and for the purposes of section 196 of the Indian Penal Code. Further, the Tribunal is like a Civil Court for the
purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973.
Right to Legal Representation (Section 59)

The appellant can either appear in person or authorize one or more legal practitioners to present his case before the tribunal.
Limitation (Section 60)
The provisions of the Limitation Act, 1963, apply to the appeals made to the Tribunal.
Civil Court not to have jurisdiction (Section 61)
If the IT Act, 2000 empowers the adjudicating officer or the Cyber Appellate Tribunal for certain matters, then no Civil Court can
entertain any suit or proceedings for the same.
Further, no court can grant an injunction on any action that a person takes in pursuance of any power that the Act confers upon
him.
Appeal to High Court (Section 62)
Let’s say that a person is not satisfied with the decision or order of the Tribunal. In such cases, he can file an appeal with the High
Court. He must do so within 60 days of receiving the communication of the order/decision from the Tribunal.
The appeal can be on any fact or law arising out of such an order. The High Court can extend the period by another 60 days if it
feels that the appellant had sufficient cause and reasons for the delay.
Compounding of contraventions (Section 63)
1. The Controller or any other officer that he or the adjudicating authorizes may compound any contravention.
Compounding is possible either before or after the institution of adjudication proceedings. This is subject to the conditions
that the controller or such other officer or the adjudicating officer specifies. Provided, the sum does not exceed the
maximum amount of penalty that the Act allows for the compounded contravention.
2. Nothing in sub-section (1) applies to a person who commits the same or similar contravention within a period of three
years from the date on which his first contravention was compounded. Therefore, if the person commits a second
contravention after the expiry period of three years from the date on which his first contravention was compounded, then
this becomes his first contravention.
3. Once a contravention is compounded under sub-section (1), then no proceeding is possible against the person guilty of
the compounded contravention.
Recovery of Penalty (Section 64)

If a penalty imposed under this Act is not paid, then the same is recovered as arrears of land revenue. Further, the license or digital
signature certificate is suspended until the penalty is paid.
List of references
Sr.No Details
1 Nandan Kamath - Law Relating to Computer - Internet and E-Commerce
2 S.K. Verma & Raman Mital - Legal Dimensions of Cyber Space
3 Rahul Mahathan - The Law relating to Computer and Internet
4 Justice Yatindra Singh - Cyber Laws
Course Outline of Unit II : Online Contracts

Formation of Online Contracts - E- banking Transactions - Online Payment Options - Online Advertising - Electronic and
Digital Signature - Taxation Issues in Cyber Space - Indirect Tax - Tax Evasion - Double Tax - International Tax - Permanent
Establishment - Protection of Trade Secrets and Deceptive Trade Practices
Introduction to Online Contract

With recent technological advancement, there is an immense change in the standard of living of people. Thus, communication is no
more restricted within its geographical limits and information is transferred much widely and quickly than ever before. Electronic
commerce has made its way and many problems are removed through the use of e- commerce which flow as a traditional data.
Electronic commerce is a means of the transaction of business electronically and is associated with the buying and selling of
information, products and services over computerized communication networks. Though, it is a much broader term encompassing
not only Electronic Data Interchange but also other forms of communications such as Electronic Mail and Electronic Bulletin
Board.
With the emergence and steady growth of e-commerce, there is a quick elevation in the use of e-contracts. But the concept of e-
contract is still not unclouded, it faces lot of challenges. The law of contract in India gives a statutory recognition to the common
contractual rule. The Indian Contract Act, 1872 does not lay down the rights and duties which the law will enforce but it deals with
the limiting principles, subject to which parties may create right and duties for themselves.
Meaning of Contract
The Indian Contract Act, 1872 deals with the principles of law of contract, its essential elements, its formation, its performance and
the remedies for the breach of contracts. It determines the circumstances in which promises are made by the parties to a contract,
general principles of the formation of contract and also prescribes the remedies which are available in the Court of law for the
breach of contract against a person who fails to perform his undertaking created under the Contract.
As per Section 10 of the Indian Contract Law, 1872, an agreement is a contract which is enforceable by law. An agreement is
enforceable by law and can be defined as a valid contract if it is made by competent parties, out of their free consent and for lawful
object and consideration. In simple words, a contract is an agreement binding between two or more parties intending to create a
legal relationship, in which one makes the proposal while the other accepts the proposal or offer and thus it becomes a promise.
Such acceptance has to be certain and not vague and must be free from any undue influence, force or misrepresentation. Both the
parties to the contract must be major, sound mind and not declared disqualified by any law for the time being in force in India. As
per Section 23 of the Indian Contract Act, 1872 the object of the contract and the consideration must be lawful. It must be certain,
definite and not vague and such as are capable of performance. A contract may be made by words spoken or written. In India,
usually where there is a statutory need that contract for example Agreements relating to mortgage, sale, lease etc must be made in
writing, attested by witnesses, signed by the parties and to be registered by the parties in order to make that agreement enforceable.
Online Contract
With the advance use of internet and electronic commerce, online contracts have assumed importance mainly in terms of reach and
multiplicity. Online contract or an electronic contract is an agreement modeled, signed and executed electronically, usually over
internet. An Online contract is conceptually very similar and is drafted in the same manner in which a traditional paper-based
contract is drafted. In case of an online contract, the seller who intends to sell their products, present their products, prices and
terms for buying such products to the prospective buyers. In turn, the buyers who are interested in buying the products either
consider or click on the ‘I Agree’ or ‘Click to Agree’ option for indicating the acceptance of the terms presented by the seller or
they can sign electronically. Electronic signatures can be done in different ways like typing the name of the signer’s in the specific
signature space, copying and pasting the scanned version of the signature or clicking an option meant for that purpose. Once the
terms are accepted and the payment is made, the transaction can be completed. The communication is basically made between two
computers through servers. The online contract is brought to the scenario to help people in the way of formulating and
implementing policies of commercial contracts within business directed over internet. Online Contract is modeled for the sale,
purchase and supply of products and services to both consumers and business associates.
Online can be categorized into three types mainly i.e. browse or web wrap contracts, shrink wrap contracts and click wrap
contracts. Other kinds of online contracts include employment contract, contractor agreement, consultant agreement, Sale re-sale
and distributor agreements, non-disclosure agreements, software development and licensing agreements, source code escrow
agreements. Though these online contracts are witnessed in our everyday life, most of us are not aware of the legal complexities
connected to it; the use of online contract faces many technical and legal challenges.
Types of Online Contract
Online contracts can be of three types mainly i.e. shrink-wrap agreements, click or web-wrap agreements and browse-wrap
agreements. In our everyday life, we usually witness these types of online contracts. Other types of online contracts include
employment contract, contractor agreement, consultant agreement, Sale re-sale and distributor agreements, non-disclosure
agreements, software development and licensing agreements, source code escrow agreements.
Shrink-wrap agreements are usually the licensed agreement applicable in case of software products buying. In case of shrink-wrap
agreements, with opening of the packaging of the software product, the terms and conditions to access such software product are
enforced upon the person who buys it. Shrink-wrap agreements are simply those which are accepted by user at the time of
installation of software from a CD-ROM, for example, Nokia pc-suite. Sometimes additional terms can be observed only after
loading the product on the computer and then if the buyer does not agree to those additional terms, then he has an option of
returning the software product. As soon as the purchaser tears the packaging or the cover for accessing the software product,
shrink-wrap agreement gives protection by indemnifying the manufacturer of the product for any copyright or intellectual property
rights violation. Though, in India, there is no stable judicial decision or precedent on the validity of shrink-wrap agreements.
Click- wrap agreements are web based agreements which require the assent or consent of the user by way of clicking “I Agree’ or
“I Accept” or “Ok” button on the dialog box. In click –wrap agreements, the user basically have to agree to the terms and
conditions for usage of the particular software. Users who disagree to the terms and conditions will not be able to use or buy the
product upon cancellation or rejection. A person witnesses web-wrap agreements almost regularly. The terms and conditions for
usage are exposed to the users prior to acceptance. For agreement of an online shopping site etc.
An agreement made intended to be binding on two or more parties by the use of website can be called a browse wrap agreement.
In case of browse wrap agreement a regular user of a particular website deemed to accept the terms of use and other policies of the
website for continuous use.
Though these online contracts have become common in our daily, there are no precise judicial precedents on the validity and
enforceability of shrink-wrap and click-wrap agreements. Other countries have dealt with these online agreements such as courts in
the United States have held that as far as the general principles of contract are not violated, both shrink-wrap agreements and click-
wrap agreements are enforceable.
Essential Elements of an Online Contract
The essential elements of online contract is discussed below:
Offer –
Just like paper made or conventional contract, one of the most essential elements of online contract is the requirement of an offer
to be made. There must be a lawful proposal or offer made by one party known as the proposer and it is the starting point of a
contract. By browsing and choosing the goods and services available on the website of the seller, the consumer makes an offer to
purchase such in relation with the invitation to offer made by the seller. A proposal must be distinguished from the invitation to
offer or treat and must be made with an intention to create legal relationship. An offer or proposal is revocable and can be
withdrawn at any time before it is accepted because once it is accepted by the other party, it becomes a promise.
Acceptance –
When a proposal or offer is made is accepted by the person to whom the offer is made, it becomes a promise. The acceptance of
the proposal must be unconditional and absolute and must be communicated to the proposer or the offeror. In case of an online
contract, offer and acceptance can be made through e-mails or by filing requisite form provided in the website. They may also
need to take an online agreement by clicking on ‘I Agree’ or ‘I Accept’ for availing the services offered.
Intention to create legal relationship –
If there is no intention of creating legal relationship on the part of the parties to contract, there is no contract between them. It is an
essential element of valid contract that parties to the contract must have intention to create legal relationships. The intention of the
parties is to be considered by the Court in each case and must be ascertained from the terms of the agreement and surrounding
consequences. Agreement of social or domestic nature do not create legal relationship, hence they are not contracts and are not
enforceable by law. In the case of arrangements regulating social relations, it follows as a matter of course that parties do not
intend legal consequences to follow. For example, an invitation for marriage to a friend or family through e- mails or fax or
through any means of telecommunication is not a contract.
There must be a lawful object –
Parties to the agreement must contract for a legal object. A contract is only enforceable by law only when it is made for a lawful
purpose. It must not defeat any provision of law and must not be fraudulent in nature. Thus a contract on a website designed for the
purpose of selling illegal substances online is a void contract. If an agreement is made to cause injury to any person or his
property, such agreement is not lawful and therefore to be considered as void. If any competent Court regards any agreement as
opposed to public policy, it is a void contract.
There must be a legal or lawful consideration –
Consideration is one of most important element of a contract. The basic rule is that when a party to a contract promises to perform
his promise he must get something in return for the performance of his promise. Consideration is something of some value in the
eyes of law. It may be of some benefit, right, interest or profit given to the party as inducement of promise. An act constituting
consideration must be moved at the desire of the promisor and must be legal, real and not imaginary. Promises that are physically
impossible to perform cannot have real consideration. For e.g. an online site that offers purchase of land in moon.
Capacity of parties –
Parties to a contract must be capable of entering into a contract. He must attain the age of majority and must be of sound mind. He
must not be disqualified from contracting by any law for the time being in force. In our country an agreement where either party is
a minor has no significance. It is considered as void ab-initio. As per Section 12 of the Indian Contract Act, 1872, any person who
is in a position to judge and safeguard his own interest is of sound mind and capable enough to enter into a contract. When a
person is declared insolvent by any competent Court, he cannot enter into a contract relating to his property. In the old age
foundation case of Mohori Bibee vs. Dharmodas Ghose [AIR 1903 PC 72], it was held by the Privy Council that an agreement by
a minor is void.
There must be free and unaffected consent –
Consent which is defined under Section 13 of the Indian Contract Act, 1872 is an essential requirement of a contract. It is basically
the meeting of minds of the parties. When both agree upon the same thing in the same manner, they are said to consent. In case
consent is caused by coercion, it is voidable at the option of the party whose consent was so caused. Coercion includes physical
compulsion, threat, and violence. Consent has to be free and genuine and not induced by misrepresentation, undue influence i.e. a
case where one person is in a position to dominate the will of another. But in case of online contract there is a narrow scope of
physical communication between the website and the customer availing their service, they just give consent by clicking the option
that ensures free and genuine consent.
Possibility of performance –
The terms and conditions of agreement must be certain and not vague and must also be such as are capable of performance. An
agreement to do an act impossible in itself cannot be enforced as per section 29 of the Indian Contract Act, 1872. It is the general
rule that the promisors of the contract to perform the promise but there other persons also who may perform under certain
circumstances such as an agent if appointed by the promisor for this purpose, legal representative in case of death of a promisor.
The time, place and manner of the performance of contract are fixed generally at the desire and conveniences of the parties.
Various rules regarding the time and place of contract are laid down under section 46 to 50 and section 55. When the time is the
essence of contract, a promisor is expected to perform his promise with the stipulated time period and if he fails to do so, the
contract becomes voidable at the option of the promisee.
Formation of Online Contract
The Indian Contract Act, 1872 gives a lawful status to the common contractual rule. A valid contract is formed by free consent of
competent parties for a lawful object and consideration. This Act does not prescribe any specific provision for communicating
offer and acceptance. It may be made in writing or by word of mouth or inferred from the conduct of the parties and the
circumstances. Express contract is said to be expressed and entered into by words spoken or written where the offer and acceptance
are expressly agreed upon at the time of formation of the contract. When the contract is inferred from the conduct of the parties, a
contract is said to be implied. Such contract comes into existence on account of conduct or act of the parties.
The Information Technology Act, 2000 has made certain provisions for the validity and the formation of online contracts but no
specific legislation has been incorporated for the validity of online contracts in India. Even if no specific provision is made for the
validity of online contracts, it cannot be challenged based on technical grounds.
There are few processes available for forming an electronic contract such as e-mail by which offers and acceptances can be
exchanged. An online contract can be formed by completing the website form provided for availing good or services offered by the
seller in the website for example air tickets. The person who intends to avail the good or services offered in the website can place
an order on the website by filling the concerned form and communicating such. The goods offered can be delivered directly
through electronic means for e.g. e- tickets or may be later for e.g. clothes. Another process available for the formation of an
online contract is through online agreements by clicking on the button that says ‘ I Accept’ while connecting to a software and by
clicking on ‘I Agree’ button while signing up for an e-mail account.
Online contract is formed through new modes of communication such as e-mail, internet, fax and telephone. The requirement of
essential element such as offer and acceptance in online contract formation is as much essential as it is for the formation of paper
based traditional contract. Contract formation over websites is quite different from the earlier ways of contract formation. Online
contract formation mainly raises issues in relation to the applicability of the offer and acceptance rule. It is the website which acts
as the retailer and responds as per the consumer’s action. When a consumer is interested in downloading songs, videos or movies
from a retailer website in lieu of payment, the consumer will have to agree to the standard terms of the retailer’s website by
clicking the particular option button. Once the terms are agreed by the consumer and the acceptance is expressed, it is the
responsibility of the website to deliver the service to the consumer. And lastly, on making the appropriate payment, the contract is
completed between the consumer and the retailer’s website for the particular transaction.
Validity of Online Contract
The Information Technology Act, 2000 provides various procedural, administrative guidelines and regulates the provisions relating
to all kinds of electronic transactions. These include computer data protection, authentication of documents by way of digital or
electronic signature. Though electronic contracts have been given recognition by the IT Act, 2000, but majority feels it less
secured to get into any kind of online contracts as there are no concrete judicial precedents for the validity and enforceability of
online contracts in India. In case of browse wrap contracts, we usually accept the terms and conditions of the contract by clicking
the button that indicates ‘ I Agree’ and in case of shrink wrap contract or purchase of a software product, assent is given by the
consumer or the purchaser with tearing of the wrapper and using it. Many have the tendency of not reading the terms and
conditions carefully before agreeing to such. But these actions should be taken consciously and carefully only after reading the
terms of the contract properly as it leads to a valid contract and the terms can be strictly enforced against them.
However courts in other countries such as US, have dealt with validity and enforceability of contracts such as shrink wrap and
click wrap contracts. It was held in the famous case of ProCD. Inc. versus Zeidenburg “that the very fact that purchaser after
reading the terms of the license featured outside the wrap license opens the cover coupled with the fact that he accepts the whole
terms of the license that appears on the screen by a key stroke, constitutes an acceptance of the terms by conduct.” Thus it is
confirmed that shrink wrap agreements are valid contracts and are enforceable against the purchaser of the software. But the
enforceability of the shrink wrap agreement is extended as far as the general principles of contract are not violated. The validity of
click wrap agreement was first considered when the Court for northern district of California upheld in the famous case of Hotmail
Corporation that “the defendant is bound by the terms of the license as he clicked on the box containing “I agree” thereby
indicating his assent to be bound” [Hotmail Corporation v. Van $ Money Pie Inc, et al].
It was also held by the Appellate Division of Superior Court of New Jersey, that by clicking the “I Agree” option given in the
dialogue box the plaintiff has entered into a valid and binding contract and can be made liable for the terms and conditions laid
down in the contract. Click wrap agreements are thus valid and enforceable in US as long as the offer and acceptance rule is taken
into consideration.
In the year 2015, an initiative known as ‘Digital India’ was launched launched to ensure that government services available to the
citizens of our country in any electronic way which will lead to the improvement of online infrastructure and internet connectivity
in our country. The initiative of Digital India aims to connect rural areas with high speed internet networks and consists of three
components such as the creation of digital infrastructure, Delivery of services digitally and digital literacy. Its main object is to
make our country digitally empowered in the field of technology.
With the wide spread expansion and globalization of technology, existence of online contract has become regular in our life right
from buying daily groceries from the market to withdrawing money from an ATM. Electronic contracts by use of technology is
much cost effective and delay can be instantly removed in comparison to traditional paper based contracts. There is less chance of
committing errors as it is much automated. It provides an opportunity to the seller to reach millions of consumers irrespective of
distance and most importantly without the involvement of middlemen or any brokers.
The Indian Contract Act, 1872 provides a basic contractual rule that a contract is valid if it is made by competent parties out of
their free consent for a lawful object and consideration. There is no specific way of communicating offer and acceptance; it can be
done verbally, in writing or even by conduct. Thus oral contracts are as valid as written contracts; the only condition is they should
posses all the essentials of a valid contract. It was held in the case of Bhagwandas Goverdhandas Kedia v. Girdharilal
Parshottamdas [AIR 1966 SC 543], “that ordinarily, it is the acceptance of offer and intimidation of that acceptance which results
in a contract. This intimation must be by some external manifestation which the law regards as sufficient. Hence, even in the
absence of any specific legislation validating e-contracts cannot be challenged because they are as much valid as a traditional
contract is.”
An online contract is simply a communication between two parties in regard to transfer of goods/services. And as per Indian
Evidence Act any e- mail communication and other communication made electronically is recognized as valid evidence in a Court
of law. By considering the points, it can be concluded that the contract that follows the communication is valid too and Indian law
thus recognizes the validity of online contracts.
The citizens of India are encouraging the concept of Digital India, but there are no definite legislations relating to the transactions
done over computerized communication networks. Several laws such as The Indian Contract Act, 1872, Information Technology
Act, 2000, Indian Copyright Act, 1957 and the Consumer Protection Act, 1986 to some extent are working and acting on resolving
issues that arise relating to the formation and validation of online contracts. The Information Technology Act, 2000 is the Act that
governs the transactions conducted over internet and explains the considerable mode of acceptance of the offer and provides the
rules for revocation of offer and acceptance in a vague or indefinite manner. Hence, a separate law for regulating contracts based
on electronic devices is highly recommended.
Evidentiary Value of Online Contract
In a country like India, where the literacy rate is not so high, the concept of ‘Digital India’ is a far reach. People still feel insecure
to do online based transactions mainly because the terms and conditions of such contracts are not transparent. Another major issue
is the nature of the law governing the electronic contracts. Even if the IT Act, 2000 has legalized electronic contracts, there are no
definite provisions mentioned in the Act.
Documents are mainly registered for conservation of evidence, assurance of title and to protect oneself from fraud. The evidentiary
value of electronic contracts has been given recognition and can be understood in the light of various sections of Indian Evidence
Act. Sec 65B of the Indian Evidence Act deals with the admissibility of electronic records. As per Sec 65B of the Indian Evidence
Act any information contained in an electronic record produced by the computer in printed, stored or copied form shall deemed to
be a document and it can be admissible as an evidence in any proceeding without further proof of the original subject to following
conditions are satisfied such as the computer from where it was produced was in regular use by a person having lawful control
over the system at the time of producing it, during the ordinary course of activities the information was fed into the system on a
regular basis, the output computer was in a proper operating condition and have not affected the accuracy of the data entered.
Section 85A, 85B, 88A, 90A and 85C of the Indian Evidence Act deal with the presumptions as to electronic records. Sec 85A has
been inserted later to confirm the validity of electronic contracts. It says that any electronic record in the form of electronic
agreement is concluded and gets recognition the moment a digital signature is affixed to such record. The presumption of
electronic record is valid only in case of five years old record and electronic messages that fall within the range of Section 85B,
Section 88A and Section 90A of Indian Evidence Act.
Remedies for Breach of Online Contract
There is no specific rule in case of breach of online contract but the rules regarding remedies for breach of contract can be
followed as provided in The Indian Contract Act. A valid contract gives rise to co- relative rights and obligations and they are
enforceable in the court of law when infringed on breach of contract. The Contract Act mainly talks about two remedies for the
breach of contract such as Damages and Quantum Merit. But few other remedies are also available as provided in the Specific
Relief Act such as specific performance of contract and injunction restraining the other party from making a breach of contract.
Sec 73 and Sec 74 of the Indian Contract Act, 1872 deals with the rules regarding the remedy of damages on breach of contract.
The person whose rights are infringed by the breach of contract may bring an action for damages or compensation in terms of
monetary value for the loss suffered by the party. There are two main aspects to be considered when any action of damages i.e
remoteness of damage and measure of damage. Sec 73 to 75 provides rules regarding the assessment of damages based on the
famous case Hadley vs. Baxendale [(1854) EWHC J70]. According to the rules laid down in this case, there can be damages which
naturally arose on the usual course of things from such breach of contract and can be called ordinary damages and secondly,
damages for loss arose from special circumstances i.e special damages. There are also other kinds of damages mentioned in the
Act such as nominal damage, pre- contract expenditure, compensation for mental agony and liquidated damages. Nominal
damages are those substantial damages awarded by the Court in recognition of right of the aggrieved party in cases where the party
has not suffered any monetary loss on the breach of contract. Whereas, pre- contract expenditure may be recovered as damages if
such is within the knowledge of the parties. Liquidated damages are those pre-determined damages decided by the parties at the
time of formation of the contract i.e amount of compensation payable in the event of breach of such contract.
When a person has done some work under a contract and the other party repudiates the contract or at the occurrence of an event
that makes further performance of the contract impossible, the party who has performed his work can claim remuneration for the
work already done. And under such circumstances the party can file suit upon quantum merit and claim for the value of work he
has done.
E-Banking and E-Banking Transactions
Online banking, also known as internet banking, is an electronic payment system that enables customers of a bank or other
financial institution to conduct a range of financial transactions through the financial institution's website. The online banking
system will typically connect to or be part of the core banking system operated by a bank and is in contrast to branch banking
which was the traditional way customers accessed banking services.
Some banks operate as a "direct bank" (or “virtual bank”), where they rely completely on internet banking.
Internet banking software provides personal and corporate banking services offering features such as viewing account balances,
obtaining statements, checking recent transaction and making payments.
Emergence of computer banking
The first known deployment of home computer banking to consumers came in December 1980 at United American Bank, a
community bank headquartered in Knoxville, Tenn. United American partnered with Radio Shack to produce a secure custom
modem for its TRS-80 computer that would allow bank customers to access account information securely. Services available in its
first year included bill pay, account balance checks, and loan applications, as well as game access, budget and tax calculators and
daily newspapers. Thousands of customers paid $25-30 per month for the service.
Large banks, many working on parallel tracks to United American, followed in 1981 when four of New York's major banks
(Citibank, Chase Manhattan, Chemical and Manufacturers Hanover) offered home banking services using the videotex system.
Because of the commercial failure of videotex, these banking services never became popular except in France (where the use of
videotex (Minitel) was subsidised by the telecom provider) and the UK, where the Prestel system was used.
The developers of United American Bank's first-to-market computer banking system aimed to license it nationally, but they were
overtaken by competitors when United American failed in 1983 as a result of loan fraud on the part of bank owner Jake Butcher,
the 1978 Tennessee Democratic nominee for governor and promoter of the 1982 Knoxville World's Fair. First Tennessee Bank,
which purchased the failed bank, did not attempt to develop or commercialize the computer banking platform.
Features of E-Banking
Online banking facilities typically have many features and capabilities in common, but also have some that are application
specific. The common features fall broadly into several categories:
Banks
a. Lesser transaction costs – electronic transactions are the cheapest modes of transaction
b. A reduced margin for human error – since the information is relayed electronically, there is no room for human error
c. Lesser paperwork – digital records reduce paperwork and make the process easier to handle. Also, it is environment-
friendly.
d. Reduced fixed costs – A lesser need for branches which translates into a lower fixed cost.
e. More loyal customers – since e-banking services are customer-friendly, banks experience higher loyalty from its
customers.
Customers
a. Convenience – a customer can access his account and transact from anywhere 24x7x365.
b. Lower cost per transaction – since the customer does not have to visit the branch for every transaction, it saves him
both time and money.
c. No geographical barriers – In traditional banking systems, geographical distances could hamper certain banking
transactions. However, with e-banking, geographical barriers are reduced.
Businesses
a. Account reviews – Business owners and designated staff members can access the accounts quickly using an online
banking interface. This allows them to review the account activity and also ensure the smooth functioning of the account.
b. Better productivity – Electronic banking improves productivity. It allows the automation of regular monthly payments
and a host of other features to enhance the productivity of the business.
c. Lower costs – Usually, costs in banking relationships are based on the resources utilized. If a certain business requires
more assistance with wire transfers, deposits, etc., then the bank charges it higher fees. With online banking, these
expenses are minimized.
d. Lesser errors – Electronic banking helps reduce errors in regular banking transactions. Bad handwriting, mistaken
information, etc. can cause errors which can prove costly. Also, easy review of the account activity enhances the accuracy
of financial transactions.
e. Reduced fraud – Electronic banking provides a digital footprint for all employees who have the right to modify banking
activities. Therefore, the business has better visibility into its transactions making it difficult for any fraudsters to play
mischief.
Security of E-Banking
Security of a customer's financial information is very important, without which online banking could not operate. Similarly the
reputational risks to banks themselves are important. Financial institutions have set up various security processes to reduce the risk
of unauthorized online access to a customer's records, but there is no consistency to the various approaches adopted.
The use of a secure website has been almost universally embraced.
Though single password authentication is still in use, it by itself is not considered secure enough for online banking in some
countries. Basically there are two different security methods in use for online banking:
a. PIN/TAN System
b. Signature based System
The PIN/TAN system where the PIN represents a password, used for the login and TANs representing one-time passwords to
authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online
banking user by postal letter. Another way of using TANs is to generate them by need using a security token. These token
generated TANs depend on the time and a unique secret, stored in the security token (two-factor authentication or 2FA).
More advanced TAN generators also include the transaction data into the TAN generation process after displaying it on their own
screen to allow the user to discover man-in-the-middle attacks carried out by Trojans trying to secretly manipulate the transaction
data in the background of the PC.
Another way to provide TANs to an online banking user is to send the TAN of the current bank transaction to the user's (GSM)
mobile phone via SMS. The SMS text usually quotes the transaction amount and details, the TAN is only valid for a short period
of time. Especially in Germany, Austria and the Netherlands many banks have adopted this "SMS TAN" service.
Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional
encryption needed.
Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation
and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation.
E-banking in India
In India, since 1997, when the ICICI Bank first offered internet banking services, today, most new-generation banks offer the same
to their customers. In fact, all major banks provide e-banking services to their customers.
Popular services under e-banking in India
1. ATMs (Automated Teller Machines)
2. Telephone Banking
3. Electronic Clearing Cards
4. Smart Cards
5. EFT (Electronic Funds Transfer) System
6. ECS (Electronic Clearing Services)
7. Mobile Banking
8. Internet Banking
9. Telebanking
10. Door-step Banking
Further, under Internet banking, the following services are available in India:
Bill payment –
Every bank has a tie-up with different utility companies, service providers, insurance companies, etc. across the country. The banks
use these tie-ups to offer online payment of bills (electricity, telephone, mobile phone, etc.). Also, most banks charge a nominal
one-time registration fee for this service. Further, the customer can create a standing instruction to pay recurring bills automatically
every month.
Funds transfer –
A customer can transfer funds from his account to another with the same bank or even a different bank, anywhere in India. He
needs to log in to his account, specify the payee’s name, account number, his bank, and branch along with the transfer amount.
The transfer is effected within a day or so.
Investing –
Through electronic banking, a customer can open a fixed deposit with the bank online through funds transfer. Further, if a
customer has a demat account and a linked bank account and trading account, he can buy or sell shares online too. Additionally,
some banks allow customers to purchase and redeem mutual fund units from their online platforms as well.
Shopping –
With an e-banking service, a customer can purchase goods or services online and also pay for them using his account. Shopping at
his fingertips.
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital
signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a
known sender (authentication), and that the message was not altered in transit (integrity).
Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution,
financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering.
Digital signatures are often used to implement electronic signatures, which includes any electronic data that carries the intent of a
signature, but not all electronic signatures use digital signatures. In some countries, including the United States, Algeria, Turkey,
India, Brazil, Indonesia, Mexico, Saudi Arabia, Uruguay, Switzerland and the countries of the European Union, electronic
signatures have legal significance.
Digital signatures employ asymmetric cryptography. In many instances they provide a layer of validation and security to messages
sent through a non-secure channel: Properly implemented, a digital signature gives the receiver reason to believe the message was
sent by the claimed sender. Digital seals and signatures are equivalent to handwritten signatures and stamped seals. Digital
signatures are equivalent to traditional handwritten signatures in many respects, but properly implemented digital signatures are
more difficult to forge than the handwritten type. Digital signature schemes, in the sense used here, are cryptographically based,
and must be implemented properly to be effective. Digital signatures can also provide non-repudiation, meaning that the signer
cannot successfully claim they did not sign a message, while also claiming their private key remains secret. Further, some non-
repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid.
Digitally signed messages may be anything representable as a bitstring: examples include electronic mail, contracts, or a message
sent via some other cryptographic protocol.
A digital signature scheme typically consists of 3 algorithms;
A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The
algorithm outputs the private key and a corresponding public key.
A signing algorithm that, given a message and a private key, produces a signature.
A signature verifying algorithm that, given the message, public key and signature, either accepts or rejects the
message's claim to authenticity.
Two main properties are required. First, the authenticity of a signature generated from a fixed message and fixed private key can be
verified by using the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for
a party without knowing that party's private key. A digital signature is an authentication mechanism that enables the creator of the
message to attach a code that acts as a signature. The Digital Signature Algorithm (DSA), developed by the National Institute of
Standards and Technology, is one of many examples of a signing algorithm.
conjectured that such schemes existed based on functions that are trapdoor one-way permutations. Soon afterwards, Ronald Rivest,
Adi Shamir, and Len Adleman invented the RSA algorithm, which could be used to produce primitive digital signatures (although
only as a proof-of-concept – "plain" RSA signatures are not secure). The first widely marketed software package to offer digital
signature was Lotus Notes 1.0, released in 1989, which used the RSA algorithm.
Other digital signature schemes were soon developed after RSA, the earliest being Lamport signatures, Merkle signatures (also
known as "Merkle trees" or simply "Hash trees"), and Rabin signatures.
In 1988, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to rigorously define the security requirements of
digital signature schemes. They described a hierarchy of attack models for signature schemes, and also presented the GMR
signature scheme, the first that could be proved to prevent even an existential forgery against a chosen message attack which is the
currently accepted security definition for signature schemes. The first such scheme which is not built on trapdoor functions but
rather on a family of function with a much weaker required property of one-way permutation was presented by Moni Naor and
Moti Yung.
As organizations move away from paper documents with ink signatures or authenticity stamps, digital signatures can provide
added assurances of the evidence to provenance, identity, and status of an electronic document as well as acknowledging informed
consent and approval by a signatory. The United States Government Printing Office (GPO) publishes electronic versions of the
budget, public and private laws, and congressional bills with digital signatures. Universities including Penn State, University of
Chicago, and Stanford are publishing electronic student transcripts with digital signatures.
Below are some common reasons for applying a digital signature to communications:
Authentication
Although messages may often include information about the entity sending a message, that information may not be accurate.
Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to
a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender
authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the
central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly
sent from an authorized source, acting on such a request could be a grave mistake.
Integrity
In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered
during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message
without understanding it. (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if
a message is digitally signed, any change in the message after signature invalidates the signature. Furthermore, there is no efficient
way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be
computationally infeasible by most cryptographic hash functions (see collision resistance).
Non-repudiation
Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of digital signatures. By this property, an
entity that has signed some information cannot at a later time deny having signed it. Similarly, access to the public key only does
not enable a fraudulent party to fake a valid signature.
Note that these authentication, non-repudiation etc. properties rely on the secret key not having been revoked prior to its usage.
Public revocation of a key-pair is a required ability, else leaked secret keys would continue to implicate the claimed owner of the
key-pair. Checking revocation status requires an "online" check; e.g., checking a certificate revocation list or via the Online
Certificate Status Protocol. Very roughly this is analogous to a vendor who receives credit-cards first checking online with the
credit-card issuer to find if a given card has been reported lost or stolen. Of course, with stolen key pairs, the theft is often
discovered only after the secret key's use, e.g., to sign a bogus certificate for espionage purpose.
As per Section 18 of The Information Technology Act, 2000 provides the required legal sanctity to the digital signatures based on
asymmetric cryptosystems. The digital signatures are now accepted at par with handwritten signatures and the electronic
documents that have been digitally signed are treated at par with paper documents.
The Controller of Certifying Authorities (CCA) has been appointed by the Central Government under section 17 of the Act for
purposes of the IT Act. The Office of the CCA came into existence on November 1, 2000. It aims at promoting the growth of E-
Commerce and E- Governance through the wide use of digital signatures.
The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority (RCAI) of India under section 18(b)
of the IT Act to digitally sign the public keys of Certifying Authorities (CA) in the country. The RCAI is operated as per the
standards laid down under the Act.
The CCA certifies the public keys of CAs using its own private key, which enables users in the cyberspace to verify that a given
certificate is issued by a licensed CA. For this purpose it operates, the Root Certifying Authority of India(RCAI). The CCA also
maintains the Repository of Digital Certificates, which contains all the certificates issued to the CAs in the country.
E-Commerce -Taxation Issues in India
India's e-commerce market was worth about $3.9 billion in 2009, it went up to $12.6 billion in 2013. In 2013, the e-retail segment
was worth US$2.3 billion. About 70% of India's e-commerce market is travel related. According to Google India, there were 35
million online shoppers in India in 2014 Q1 and is expected to cross 100 million mark by end of year 2016. CAGR vis-à-vis a
global growth rate of 8–10%. Electronics and Apparel are the biggest categories in terms of sales. By 2020, India is expected to
generate $100 billion online retail revenue out of which $35 billion will be through fashion e-commerce. Online apparel sales are
set to grow four times in coming years. Key drivers in Indian e-commerce are:
1. Large percentage of population subscribed to broadband Internet, burgeoning 3G internet users, and a recent
introduction of 4G across the country.
2. Explosive growth of Smartphone users, soon to be world's second largest smartphone per user base.
3. Rising standards of living as result of fast decline in poverty rate.
4. Availability of much wider product range (including long tail and Direct Imports) compared to what is available at
brick and mortar retailers.
5. Competitive prices compared to brick and mortar retail driven by disintermediation and reduced inventory and real
estate costs.
6. Increased usage of online classified sites, with more consumer buying and selling second-hand goods.
7. Evolution of Million-Dollar startups like Jabong.com, Makemytrip, Flipkart etc.
India's retail market is estimated at $470 billion in 2011 and is expected to grow to $675 billion by 2016 and $850 billion by 2020,
– estimated CAGR of 10%. According to Forrester, the e-commerce market in India saw the fastest growth within the Asia-Pacific
Region at a CAGR of over 57% between 2012–13.
As per "India Goes Digital" a report by Avendus Capital, a leading Indian investment bank specializing in digital media and
technology sector, the Indian e-commerce market is estimated at Rs 28,500 Crore ($6.3 billion) for the year 2011. Online travel
constitutes a sizable portion (87%) of this market today. Online travel market in India is expected to grow at a rate of 22% over the
next 4 years and reach Rs 54,800 crore ($12.2 billion) in size by 2015. Indian e-tailing industry is estimated at Rs 3,600 crore
(US$800 million) in 2011 and estimated to grow to Rs 53,000 crore ($11.8 billion) in 2015.
New sector in e-commerce is online medicine. Company like Reckwing-India, Buyonkart, Healthkart already selling
complementary and alternative medicine whereas NetMed has started selling prescription medicine online after raising fund from
GIC and Stead view capital citing there are no dedicated online pharmacy laws in India and it is permissible to sell prescription
medicine online with a legitimate license. Online sales of luxury products like jewellery has also increased over the years. Most of
the retail brands have also started entering into the market and they expect at least 20% sales through online in next 2–3 years.
In order to achieve this stupendous growth we see the following factors as the major reason to act as the growth catalyst.
New e-commerce guidelines liberalize FDI regulations
The government has allowed 100% foreign direct investment (FDI) in online retail of goods and services under the so-called
“marketplace model” through the automatic route, seeking to legitimize existing businesses of e-commerce companies operating in
India. It also notified new rules which could potentially end the discount wars, much to the disappointment of consumers. This is
because the rules now prohibit marketplaces from offering discounts and capping total sales originating from a group company or
one vendor at 25%. This could, however, level the playing field with offline stores, which have witnessed a slump in footfalls
corresponding to the increase in e-commerce. So far, India has allowed 100% foreign investment in business-to-business (B2B) e-
commerce but none in retail e-commerce—i.e., business-to-consumer, or B2C. Even so, Indian e-commerce companies such as
Flipkart and Snapdeal have been following the marketplace model—which was not defined—and attracting large foreign
investments. Marketplaces essentially act as a platform connecting sellers and buyers. According to the press note issued by the
department of industrial policy and promotion (DIPP), a marketplace model is an information technology platform run by an e-
commerce entity on a digital and electronic network to act as a facilitator between buyer and seller. However, DIPP has prohibited
FDI in e-commerce companies that own inventories of goods and services and sell directly to consumers using online platforms.
The marketplace e-commerce companies will be allowed to provide support services to sellers on their platform such as
warehousing, logistics, order fulfilment, call centre and payment collection.
Tax regime for e-commerce and the key challenges
In case of Indian e-tailers who are running their operations from within the shores of India the tax implications are very
straightforward and as applicable to normal business houses. However, there has always been a dispute on the taxability aspect of
non-residents carrying out such businesses in India. As per Indian taxation structure the basis of tax in India has been resident
based taxation while in other countries the taxation basis has been source basis. This has resulted into countries encroaching upon
each other’s territory to tax the assesse. However with e-commerce transactions the need for a physical presence virtually ceases,
which further creates problems in the enforcement of tax laws. Accordingly, in 2001, Central Board of Direct Taxes constituted a
High Powered Committee (HPC) to contemplate the need of a separate tax regime for e-commerce transactions. The report
submitted by the HPC took into consideration the principles laid down by the Organisation for Economic Co-operation and
Development (OECD) for taxation of e-commerce transactions. According to the press note issued by the department of industrial
policy and promotion (DIPP), a marketplace model is an information technology platform run by an e-commerce entity on a digital
and electronic network to act as a facilitator between buyer and seller.
Direct tax
While non-residents employ several business models and mechanisms to carry out their e-commerce business in the country, issues
about the taxability of income and the subsequent litigations are primarily on account of the following reasons:
1. Characterization of income in the hands of the non-resident –
In accordance with Sec 9 of the Income Tax Act, 1961 the taxation depends upon the residential status of the person. In case of
royalty and professional services the person is taxable for any income accrued or arisen in India without any linking to the PE
within India. However for business income the person taxable ought to have a permanent establishment within India. In the current
scenario it is seen in many instances that the taxmen want to tax the business income (without any PE) under the head of royalty
thereby creating artificial demands.
1. Issues surrounding PE –
On the PE front, there have been issues around whether a website in India constitutes a PE for a non-resident and whether certain
activities performed by an agent in India constitute a dependent agent PE.
1. Applicable withholding tax rates on payments made to resident e-commerce/internet companies –
There has been litigation on the applicable withholding tax rates on payments to resident e-commerce companies for activities such
as e-cataloging, warehousing, logistics and payment gateways. – Sec 194C which provides for 2% v. Sec 194J which provides for
a 10% rate.
In the Finance Act, 2016 the government has levied an equalization levy of 6% on payments exceeding INR 1 lakh a year made to
foreign e-commerce companies as consideration for online advertisement. Through this move, the Government aims to tap the
income accruing to foreign e-commerce companies in India.
Indirect tax
The indirect tax laws in India have been more of a hindrance than a driver for growth for the e-commerce sector, mainly because
of the following issues:
1. In the case of internet-based transactions, determining the jurisdiction of VAT becomes an issue in the absence of
information regarding the physical presence of entities/goods.
2. There is tax leakage on account of service tax paid on listing fees by vendors to portal owners, which is non-creditable
against VAT payable on sales made by vendors.
3. The classic sale vs. service controversy is affecting e-tailers, who end up with VAT/ CST demands in various states
involved in the supply chain.
4. The unique and varied business models in this sector make it difficult to define a broad base for tax positions —for
example, the implications on prepaid sale could be different from those on COD sale.
5. E-tailers are also seeing increasing litigation on account of entry tax and octroi being demanded/ collected on the
movement of goods.
6. Various states are amending their respective VAT laws to provide for taxing of e-commerce transactions.
GST which is expected to be implemented soon, would replace the current indirect tax regime and is expected to rid the e-
commerce sector of the issues plaguing it. If the state of consumption gets the tax, it will eliminate all issues being raised by
origination states. However, the state demanding or getting full tax earlier will lose its revenue as the consuming states will earn
all the tax revenues.
List of references
Sr.No Details
Course Outline of Unit III: Cyber Crimes

Understanding Cyber Crimes - Actus Reus and Mens Rea - Types of Crimes in the Internet - Against Person, Against Property,
Against Government - Digital Evidence - Investigation and Adjudication of Cyber Crimes in India - Cyber Arbitration- Cyber
Conflict Investigation
Cyber Crime
The term ‘‘Cyber Crime” means the vulnerability of any computing system, software program, or critical infrastructure to, or their
ability to resist, intentional interference, compromise, or incapacitation through the misuse of, or by unauthorized means of, the
Internet, public or private telecommunications systems.
Cyber crime is the latest and perhaps the most complicated problem in the cyber world. “Cyber crime may be said to be those
species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct
constituting crime”
“Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes
within the ambit of cyber crime”
A generalized definition of cyber crime may be “unlawful acts wherein the computer is either a tool or target or both”. The
computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online
gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be
target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of
information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet
time thefts, web jacking, theft of computer system, physically damaging the computer system.
Reasons for Cyber Crime
Hart in his work “The Concept of Law” has said ‘human beings are vulnerable so rule of law is required to protect them’. Applying
this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against
cyber crime. The reasons for the vulnerability of computers may be said to be:
Capacity to store data in comparatively small space
The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either
through physical or virtual medium makes it much easier.
Easy to access
The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not
due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes,
advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many
a security system.
Complex
The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is
fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and
penetrate into the computer system.
Negligence
Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system
there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.
Loss of evidence
Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside
the territorial extent also paralyses this system of crime investigation.
Cyber Criminals
The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have
in their mind. The following are the category of cyber criminals-
Children and adolescents between the age group of 6 – 18 years
The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and
explore the things. Other cognate reason may be to prove them to be outstanding amongst other children in their group. Further
the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his
friends.
Organised hackers
These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias,
fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian
government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always
under attack by the hackers.
Professional hackers / crackers
Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get
credible, reliable and valuable information. Further they are ven employed to crack the system of the employer basically as a
measure to make it safer by detecting the loopholes.
Discontented employees
This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge
they normally hack the system of their employee.
Mode and manner of committing Cyber crime

Unauthorized access to computer systems or networks / Hacking
This kind of offence is normally referred as hacking in the generic sense. However the framers of the information technology act
2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for
‘unauthorized access’ as the latter has wide connotation.
Theft of information contained in electronic form .
This includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the
data physically or by tampering them through the virtual medium.
Email bombing
This kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail
servers there by ultimately resulting into crashing.
Data diddling
This kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing
is completed. The electricity board faced similar problem of data diddling while the department was being computerised.
Salami attacks
This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An
important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. E.g. The Ziegler
case wherein a logic bomb was introduced in the bank’s system, which deducted 10 cents from every account and deposited it in a
particular account
Denial of Service attack
The computer of the victim is flooded with more requests than it can handle which cause it to crash. Distributed Denial of Service
(DDoS) attack is also a type of denial of service attack, in which the offenders are wide in number and widespread. E.g. Amazon,
Yahoo.
Virus / worm attacks
Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other
computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not
need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all
the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The
losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose on the Internet
by Robert Morris sometime in 1988. Almost brought development of Internet to a complete halt.
Logic bombs
These are event dependent programs. This implies that these programs are created to do something only when a certain event
(known as a trigger event) occurs. E.g. even some viruses may be termed logic bbombs because they lie dormant all through the
year and become active only on a particular date (like the Chernobyl virus).
Trojan attacks
This term has its origin in the word ‘Trojan horse’. In software field this means an unauthorized programme, which passively gains
control over another’s system by representing itself as an authorised programme. The most common form of installing a Trojan is
through e-mail. E.g. a Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal
through the web cam installed in the computer obtained her nude photographs. He further harassed this lady.
Internet time thefts
Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining
access to the login ID and the password. E.g. Colonel Bajwa’s case- the Internet hours were used up by any other person. This was
perhaps one of the first reported cases related to cyber crime in India. However this case made the police infamous as to their lack
of understanding of the nature of cyber crime.
Web jacking
This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of
another. He may even mutilate or change the information on the site. This may be done for fulfilling political objectives or for
money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene
matter was placed therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that of
the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish was changed. Further a ransom of
US $ 1 million was demanded as ransom. Thus web jacking is a process where by control over the site of another is made backed
by some consideration for it.
Cyber Security- Meaning

Computer security is a branch of technology known as information security as applied to computers and networks. The objective
of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the
information and property to remain accessible and productive to its intended users.
Why we need Cyber security?
As the sensitive information is now frequently stored on computers that are attached to the internet. Also many tasks that were
once done by hand are carried out by computer; therefore there is a need for Information Assurance (IA) and security.
Cyber security is important to individuals because they need to guard against identity theft.
Businesses also have a need for this security because they need to protect their trade secrets, proprietary information,
and customer’s personal information.
The government also has the need to secure their information. This is particularly critical since some terrorism
What is Cyber Crime?

A simple yet sturdy (i.e. well-built) definition of cyber crime would be “unlawful acts wherein the computer is either a tool or a
target or both”.
Defining cyber crimes, as “acts that are punishable by the information Technology Act” would be unsuitable as the Indian Penal
Code also covers many cyber crimes, such as e-mail spoofing, cyber defamation etc.
According to different scenario and techniques these are some of Cyber Crime
Types of Cyber Crime
Financial fraud/Cyber Fraud
This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An
important feature of this type of offence is that the alteration is so small that it would normally go unnoticed.
Example
In US one of the top most Nationalized Banks had his interest calculation program malfunctioning, i.e. from every account Rs 2/-
were being taken & deposited in the account of an unknown person in the bank. Since the bank had almost 20 lakh account
holders taking Rs 2/-. From each account meant that Rs 40 lakh were transferred to an unknown account.
Cyber Theft
Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining
access to the login ID and the password.
Stealing the credit card details
This is nothing but stealing the internet time
It is also stealing Talk time
Example
The personal details of 4.5 million people have been stolen from a recruitment website in Britain's biggest case of cyber theft.
Hackers accessed the confidential information of job seekers registered with Monster.co.uk and now hold electronic copies of their
user names, passwords, telephone numbers and email addresses. Information such as birth dates, gender and ethnicity was also
taken, along with 'basic demographic data'. The victims are mainly professionals. Monster.co.uk has posted a message on the site
advising all customers to change their passwords immediately.
Cyber Pornography
This is one of the most heinous types of crime, through this crime obscene image, lascivious message are being broadcasted &
promoted through internet. Morphing Techniques is used extensively in matter related to pornography
Example
A boy to take revenge from his friend & teacher fabricated the original photograph with some unwarranted porno images &
published it on the website. On further investigation by the police it was found that the photograph was a morphed one. It is
expected that there are approximately 42,00,000 website’s which promote pornography through internet.
Cyber Vandalism
In this type of cyber crime the computer is used as a weapon to tarnish or spoil the image of an individual organization by putting
some slandering remark through Social Networking Website like Orkut, Facebook…
Use of Social Networking
Example
In a recent case in Pune a girls profile was tarnished on a famous social network site “Orkut”. On further investigation by the
police it was revealed that the profile was put by the victim’s best friend. The reason for tarnishing the image was that both girls
were in love with the same boy & therefore to break up her relationship the girl’s best friend did it, such as the boy could develop a
negative attitude toward his girl friend & therefore she will get a chance to marry the boy. Under similar circumstances Cyber
Vandalism took place when Maharashtra Supreme patriot “Shivaji Maharaj” image was tarnished on Orkut.
Cyber Stalking
This type of crime involves harassment mail being sent to the victim, it also involves recording of the chat in unauthorized manner
which is then used against the victim for extracting money etc. This crime is related with chatting, sending threatening emails,
defamatory mails (i.e. spoiling tarnishing image or reputation of victim).
Example
A 44 year old ‘Publishing Executive’ named Claire Miller was harassed by strangers who were responding to verging-on-
pornographic promises someone had made in her name online. These postings included her home address and telephone number.
Cyber Laundering
In this type of crime, emails are sent to the victim making them believe that they have won lottery or some n-million dollars,
receiving emails by the victims that their ancestral property is deposited in some certain bank etc.
Example
In Jalgoan a doctor received email that he has won approximately Rs 7 crores in a lottery. The doctor thinking that it is genuine
mail replied to the fake lottery agency, who in turn asked personal details of the doctor for transfer the money to the doctor’s
account. The doctor sent all the relevant personal details and the fake lottery agency replied him that if he would pay advance
money to them, then they would remit the amount in to the doctors account. The doctor paid almost Rs 22 lakhs finally realizing
that he is duped by the lottery agency
Cyber Terrorism
In this type of cyber crime computer is used to facilitate unlawful activity to perform terrorist activity. In the internet world
terrorist use code word such as Honey for selling & buying of guns, weapons etc. There are websites which promotes terrorist
activity such as, how to make CO2 bomb, planting attack against nation etc. A recent survey by FBI said that there are
approximately 50,000 websites which promote terrorism.
Example
A terrorist sends an email message to a Senator stating that 50 anonymous letters have been sent to the office, each containing
large amount of anthrax.
Cyber Trespassing
This kind of offence is normally referred as hacking in the generic sense. It means following a victim online or offline by the
accused with the help of technology. It is also mean “unauthorised access “if any accused used the machine of victim which is
authorised in the name of victim.
Cyber trespassing can be done in two ways
1. Remote: It can get attack through emails.
2. Physical: It can get through unauthorized access of machine.
Example
A Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam
installed in the computer obtained her nude photographs. He further harassed this lady.
Cyber Contraband
This type of crime is done by transferring illegal items through internet (i.e. in encryption technology). Any illegal buying or
selling done online. The transaction done is stored in the MERCHANT SERVER. MERCHANT SERVER is a bank.
Example
In the internet world terrorist use code word such as Honey for selling & buying of guns, weapons etc.
E-mail Related crimes

Email has fast emerged as the world's most preferred form of communication. Billions of email messages traverse the globe daily.
Like any other form of communication, email is also misused by criminal elements. The ease, speed and relative anonymity of
email has made it a powerful tool for criminals.
Some of the major email related crimes are:
1. Email frauds
2. Email spoofing
3. Sending malicious codes through email
4. Email bombing
5. Sending threatening emails
6. Defamatory emails
1. Email Frauds
Email frauds are very often used to commit financial crimes. It becomes a simple thing not just to assume someone else's identity
but also to hide one's own. The person committing the crime understands that there is very little chance of his actually being
identified.
2. Email spoofing
A spoofed email is one that appears to originate from one source but has actually emerged from another source. Falsifying the
name and email address of the originator of the email usually does email spoofing.
Certain web-based email services like www.SendFakeMail.com, offer a facility wherein in addition to the above, a sender can also
enter the email address of the purported sender of the email.
3. Spreading Trojans, viruses and worms
Emails are often the fastest and easiest ways to propagate malicious code over the Internet. The Love Bug virus, for instance,
reached millions of computers within 36 hours of its release from the Philippines thanks to email. Hackers often bind Trojans,
viruses, worms and other computer contaminants with e-greeting cards and then email them to unsuspecting persons. Such
contaminants can also be bound with software that appears to be an anti-virus patch.
4. Email bombing
Email bombing refers to sending a large amount of emails to the victim resulting in the victim's email account or servers crashing.
A simple way of achieving this would be to subscribe the victim's email address to a large number of mailing lists. There are
several hacking tools available to automate the process of email bombing. These tools send multiple emails from many different
email servers, which make it very difficult, for the victim to protect himself.
5. Threatening emails
Email is a useful tool for technology savvy criminals thanks to the relative anonymity offered by it. It becomes fairly easy for
anyone with even a basic knowledge of computers to become a blackmailer by threatening someone via e-mail.
6. Defamatory emails
As has been discussed earlier cyber-defamation or even cyber-slander as it is called can prove to be very harmful and even fatal to
the people who have been made its victims.
Trace email -- who sent you that email?
"Who sent you that email and where are they located?"
Is it possible to find the origin of an email? Yes, it is!
Analysing Email Headers

What is an email header?
Every email comes with a Header which is one part of an e-mail structure. It has basic information such as from whom the email
comes, to whom it is addressed, date/time it was sent and the subject of the email. It is similar to an electronic postmark. This basic
information comes in all brief/basic headers that most email programs will automatically show. However, there is other detail
technical information that an email has. This detail technical information can be viewed in a full header. All email programs can be
set to show only brief header or full header and it is up to the users to set the program whether to view only brief header or full
header.
What time zone is India Time in?
India Time Standard Time is 5.5 hours (5 hours 30 minutes) ahead of GMT
Greenwich Mean Time (GMT+5.5).
IST Indian Standard Time (GMT +05:30)
PST Pacific Standard Time (GMT-0800)
GMT Greenwich Mean Time (GMT)
Some of the Examples of Email Headers are:Hint: Full Headers show the entire path an email traveled from the author's computer
to yours. When we track an email, we work back down the path to the author's computer. Without the Full Headers, it's
impossible to report Spam or Scam email since the Brief Headers (just the From, To, Date, and Subject) don't provide any
information that can be used to find out where the malicious email is coming from. Email services hide the access to the Full
Headers in all sorts of interesting places, including in plain sight! Be sure to look around your email program window, in both
Closed Letter View and Open Letter View, for the words "View Details" or "View Headers" or any combination using the above
names for the full path.
Sr.no Email Client How to retrieve full header
1. Open the message you'd like to view headers for.

1. Gmail 2. Click the down arrow next to Reply, at the top-right of the message pane.
3. Select Show original.
To expose the full message header, click "Options" on the Hotmail Navigation Bar on the left side of the
2. Hot Mail
page. On the Options page, click "Preferences." Scroll down to "Message Headers" and select "Full."
Open the message and select View, then Options from the drop-down menus. Near the bottom of the
Outlook 98 and
3. screen you'll see a section titled INTERNET HEADERS. You can copy the headers and paste them into
Outlook 2000
an email elsewhere to get them to the proper people.
1. Select Options from the top MSN Hotmail navigation bar.
2. Make sure the Mail category is selected.
3. Choose Mail Display Settings.
4. MSN Hotmail 4. Set Message Headers to Full.
5. Click OK.
6. Now you can go back to the MSN Hotmail Inbox (or any folder) to open a message with full
headers.
There's an even easier solution to expanding Microsoft's Outlook Express headers so that you can copy
and paste it to another window. You need to be viewing the message in its own window or in a preview
pane, then:
1. Right click on the message and select Properties.
2. Choose the Details tab and select the Message Source Button.
3. Select All (CTRL + A) and Copy (CTRL + C).
4. Close the Message Source window and the Properties window.
5. Select New Mail and position your cursor in the body of the email.
6. Paste (CTRL + V) the copied information.
If you have disabled the preview pane.
Using the keyboard:
MS Outlook
5. Express 4, 5 and 1. Highlight the message in the folder
6 for Windows 2. Press alt & enter - this will open a message information window
3. Press Ctrl & Tab - this changes to the "Details" tab
4. Press Alt & M - the opens the message source
5. Press Ctrl & A - to select all the text
6. Press Ctrl & C - to copy the selected text to the clipboard
7. Press Alt & F4 - to close the message source window
8. Press the Esc key - to close the information window
9. Now, open a new message.
Address the message to the WHOA ISA who is working with you or to the abuse department to whom
you wish to report the message. Move your cursor to the body of the new message. Press Ctrl & V to
paste the information from the clipboard to the body of the new message
Outlook Express Select the email. From the View menu, choose Source. A new window will appear containing the email
6.
for Macintosh with full headers. Press Ctrl + A to select all, then Ctrl +C to copy.
1. Left click on the letter you want to open and click on properties
2. When that opens click on the details tab
Outlook Web 3. Then on message source
7.
Access
4. This will open the email so the full headers will be available for viewing
5. Select and copy the text. Paste into a new message.
Log into your Yahoo! Mail account.

For New Yahoo Mail:
1. Right-hand click on the email to view from message listing.
2. Choose "View Full Headers" from the action list.
8. Yahoo 3. For Yahoo Mail Classic:
4. Open the email to view.
5. Go to the bottom of the message.
6. Click "Full Headers" in the lower-right corner of the page.
Fundamentals of Storage Media Sanitation - Part 1
One of the most fundamental principles of information security is that it's all about the data. Data in transit or at rest is the primary
focus of administrative, physical, and technical safeguards. Security professionals are doing better every day when it comes to
protecting information in static production environments. But what happens when magnetic or optical media is repurposed or
retired?
In this three-part series, I define media sanitation and how it fits into an overall security program. Next, I examine how attackers
can extract information from electronic media--even after it's been overwritten. Finally, I explore ways you can protect your
organization from casual and highly motivated attacks.
What is Media Sanitation?

When electronic media is repurposed or retired, it's the responsible of the data owner--the representative of the responsible
organization--to ensure the data currently or previously stored on that media is not easily accessible. This is the purpose of media
sanitation. Put another way, media sanitation
"…refers to the general process of removing data from storage media, such that there is reasonable assurance, in proportion to the
confidentiality of the data, that the data may not be retrieved and reconstructed”.
Media sanitation is another control, or safeguard, that should be implemented in accordance with risk management principles.
Reasonable assurance varies based on the sensitivity of the information and the retrieval methods most likely to be used by an
attacker. The method used depends on the reward or value derived from obtaining the data versus the work factor and costs
associated with available retrieval resources.
There are two basic categories of data retrieval--keyboard and lab. The keyboard category includes all normal data access
methods. An example of a normal access method is the use of software installed on the system housing the information, whether
authorized or unauthorized, while located in it normal-use location. The lab category includes sophisticated retrieval techniques,
both hardware and software, that usually require the physical removal of the storage media from the secure location where it's
normally used; retrieval resources are installed and configured in an off-site lab environment.
Each media type might have its own unique set of sanitation challenges to protect data on storage media in transition. They include
magnetic disks, optical disks, and flash memory devices.
Before looking at specific storage media types, however, we need to understand the underlying challenges common to all media-
file deletion and data remanence.
File Deletion
Deleting files from storage media doesn't necessarily delete the data contained in the file. Instead, the file names-or some other
pointers to the files-are marked as deleted. This tells the controlling operating system (OS) that it can reuse the areas associated
with the deleted files. Until a deleted file's data is overwritten, it's still subject to retrieval by keyboard methods with off-the-shelf
or OS-based utilities.
A single overwrite of data is a good way to prevent keyboard retrieval of sensitive information. But lab retrieval defense requires
more. This is due to data remanence.
Data Remanence
"Data remanence is the residual physical representation of data that has been in some way erased" (NCSC, 1991). In other words,
data that has been removed or overwritten once or twice is potentially retrievable through the use of lab-based methods. Data
remanence has various causes, which we'll examine as we look at three different media types-magnetic disk, optical disk, and
memory (USB/Thumb drives and RAM).
Magnetic Disks
Figure 1 is a photo of the internal components of a 5.25" hard drive. The topmost disk (platter) is on the left. On the right are the
components that make up the disk arm assembly. Note the disk arm hovering over the platter. At the end of the disk arm is the
read/write head.
Hard Drive Internals
A typical hard drive consists of multiple platters connected to a central spindle (Figure 2). Each platter surface is logically divided
into tracks. Tracks are further divided into sectors. A read/write head floats above each platter. When a file is written, the drive
selects sectors on one or more available tracks on one or more platters and writes the file data. The information about where the
file was written is stored in a directory located on one of the platters. (This is a very simplified explanation of how hard drives
work. For more detailed information, see the Wirzenius, Oja, and Stafford reference in Works Cited.)
Hard Drive Schematic
When a file is deleted, the information about how to locate the file is marked as deleted in the directory. However, the file data
still resides in the tracks and sectors on the platter(s). When future files are written to the drive, one or more of the sectors
occupied by the deleted file might be used, but until all the sectors are reused any attacker can use common tools to retrieve part or
all of the "deleted" information. Retrieval of deleted files in this way is a keyboard method. No special lab equipment is required.
One way to eliminate the possibility of successful keyboard attacks is to overwrite the deleted file's disk sectors. However, this
isn't a perfect solution. After a single overwrite, lab retrieval technology can "read" the data previously written to the disk. This is
due to variations in the strength of the recorded bits as well as stray magnetism at the edges of the tracks .The number of
overwrites necessary depends on the sensitivity of the information you're trying to protect. According to Gutmann,
"When all the… factors are combined it turns out that each track contains an image of everything ever written to it, but the
contribution from each "layer" gets progressively smaller the further back it was made. Intelligence organisations have a lot of
experience in recovering these palimpsestuous images"
Advances in disk technology are making it harder to recover overwritten data, but it's still an issue for magnetic disks--containing
highly sensitive information--that are removed from the protection of a secure physical environment.
One final note about overwriting data stored on magnetic disks. As a drive ages, sectors once used for data storage fail to meet
working parameters as seen by the drive electronics. These sectors are marked as bad. During overwrite processes, these sectors are
normally ignored, leaving the data stored there available for potential retrieval. We'll take a closer look at this in Part 3 of this
series.
I didn't cover tape in this article, but the problems with tape are similar to those encountered with magnetic disk. I'll discuss tape
disposal and reuse next week.
Optical Disks
All optical disk technologies (CD-ROM, write-once, rewritable, etc.) work in essentially the same way. A read laser detects light
and dark areas on the disk surface. The light (reflective) areas cause the low intensity beam from the laser to reflect back into a
read head. These pulsing reflections are translated into 1's and 0's.
The only effective way to dispose of non-rewritable optical media is destruction. Data on rewritable optical disk can be
overwritten. However, there isn't enough empirical evidence to support the premise that overwriting optical media is effective in
preventing lab attacks. Like other types of optical disk media, destruction appears to be the best course of action when a CD holds
highly sensitive information.
Memory
We usually consider Random Access Memory (RAM) as an easy medium to erase. After all, all you have to do is remove power
and everything stored immediately disappears. And erasing flash memory is as easy as deleting all data. What could be left
behind? The answer is, it depends.
According to Gutmann, semiconductor devices can "remember". In other words, the characteristics of the substances that make up
memory components create a tendency in those components to retain a trace of bits previously stored. The strength of this trace
retention depends on the length of time the data was stored.
In RAM, sensitive pieces of data might be stored for long periods. For example, encryption variables are often stored in the same
place in memory for as long as the system is powered on. This might cause a trace of the crypto information to remain after power
is removed. Even if the memory is reused, data previously stored might be retrievable. The memory that makes up thumb drives
has a similar problem. Simply erasing or attempting to overwrite data stored on your USB thumb drive might not be sufficient to
protect highly sensitive information from lab retrieval systems.
Guidelines for Media Sanitation
Disposal
The process of disposal essentially consists of tossing the media in a dumpster with no attempt to hinder or prevent the recovery of
data. This also includes the reuse of disks, tape, or memory without taking steps to protect information that may have been stored
during previous operational use. It’s acceptable to follow a simple disposal process when the data stored on the media is classified
as “public”. In other words, the release of the information will not cause harm to the organization, its employees, its shareholders,
or its customers.
Clearing
Clearing requires taking steps to prevent the recovery of data through a keyboard attack. As we’ve seen, this requires more than
deleting files. At least a single overwrite of the writable areas of the media must be completed. A single overwrite significantly
increases the effort, or work factor, required to recover information. Not only does the attacker need physical access to the media,
but recovery requires the use of lab-based tools. Clearing is acceptable when release of the information stored would cause only
moderate harm to the organization, its employees, its shareholders, or its customers.
Purging
Purging is necessary when the compromise of the information stored on the media will result in serious--and possibly
irrecoverable--harm to the organization, its employees, its shareholders, or its customers. Data is overwritten enough times to
increase the work factor of lab-attack attempts to a level that exceeds the data’s value to the attacker. Ideally, all remanent data is
removed.
Destroying
Purging is a good way to retain media you wish to reuse. However, the best process for ensuring the irretrievability of highly
sensitive data is to destroy the media. During the destruction process, media is reduced to a state in which both keyboard and lab
attack attempts are impossible.
Again, the process you select depends on the sensitivity of your information and the potential impact on your business if the
information is compromised. With these basic
Processes in mind, let’s look at specific approaches to sanitizing magnetic, optical, and semiconductor storage.
Magnetic Media
Clearing magnetic storage is a simple matter of writing a single character to all writable areas of a disk or tape. This prevents the
use of easily obtainable utilities to recover deleted files. Purging is not so easy.
Purging requires that all usable remnants of any data ever stored on the tape or disk is irretrievable. Earlier in this paper, we
looked at Gutmann’s assertion that successful data retrieval grows less probable the more times it’s overwritten. Further,
recovering information is made possible by calculating variances in voltage levels detected by the read head.
Effective purging, using an overwrite technique, consists of two factors. First, the data must be overwritten a sufficient number of
times to make recovery very difficult, if not impossible. Second, the overwrite cycles must use alternating 1’s and 0’s. For
example, if we wrote all 0’s to all writable areas on a tape during the first overwrite pass, we would write all 1’s on the second
pass. However, there is a problem with this approach.
Certain disk technologies will not write a large number of contiguous 0’s or 1’s. Why is outside the scope of this paper. What is
important to understand is that the tool you use must take this into account. The best approach is alternating bit sequences that
result in writing the complement of the bit written during the previous write cycle. The following table lists possible bit sequences
that meet the necessary criteria for magnetic storage purging.
This series of patterns meets the Department of Defence general standard for purging magnetic media which is:
1. write a single pattern
2. write its complement
3. write another pattern
The actual number of these overwrites cycles necessary for tape or disk depends on the storage media and its sensitivity
Degaussing is another way to purge magnetic media by erasing all data ever stored on a tape or disk. Degassers use a
electromagnetic field to destroy magnetic imprints on media. The degasser used depends on the media processed. Various
magnetic fields strength levels are required, depending on the media types. Also, degassers must be serviced regularly to ensure
they continue to produce the expected field strength. Degaussing isn’t always the best approach when you want to reuse the erased
media. Exposing certain types of tapes and hard drives to a strong magnetic field will render them useless. Be sure to check with
the media manufacturer.
Finally, magnetic media you don’t plan to reuse can be destroyed. Acceptable destruction methods include pulverizing, smelting,
incineration, and shredding.
Optical Disks
If clearing is your objective, overwriting re-writable optical disks might be acceptable. But again, there is no proven method for
purging them. Further, overwriting is impossible for clearing or purging other types of optical media. When dealing with highly
sensitive information stored on optical disks, destruction is your best option.
In addition to the destruction options listed above for magnetic media, you might also apply an abrasive substance (i.e., an emery
wheel or sander) to the recording surface. There are products available that allow you to feed stacks of optical disks into a device
that makes this approach quick and relatively easy.
Memory
Preventing semiconductor data remanence begins before the storage media is ever used. Guttmann recommends the following
steps to reduce the potential threats posed by semiconductor data remanence
Don’t store cryto-keys in the same RAM location for long periods. Occasionally move them to different locations and
clear the original location.
Cycle EEPROM/flash cells 10 to 100 times with random data before writing anything sensitive to them to eliminate
any noticeable remanence effects arising from the use of fresh cells.
Don’t assume that a key held in RAM in a piece of crypto hardware is destroyed when the RAM is cleared. The
circuitry might carry an after-image of the key.
Remember that some non-volatile memory devices are a little too intelligent, and may leave copies of sensitive data
in mapped-out memory blocks after the active copy is erased.
Overwriting all memory cells is an acceptable method to clear semiconductor memory. However, destruction or degaussing might
be the only processes your organization find acceptable for purging. Again, it depends on the media and the purging tools used.
The destruction techniques listed for magnetic media also apply to memory devices.
Computer Forensics
Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.
Computer forensics, also called cyber forensics, is the application of computer investigation and analysis techniques to
gather evidence suitable for presentation in a court of law. The goal of computer forensic is to perform a structured investigation
while maintaining a documented chain of find out exactly what happened on a computer and who was responsible for it.
Computer forensics experts investigate data storage devices, such as hard drives, USB Drives, CD-ROMs, floppy disks, tape
drives, etc., identifying sources of documentary or other digital evidence, preserving and analyzing evidence, and presenting
findings. Computer forensics adheres to standards of evidence admissible in a court of law.
Introduction to Computer Forensics
Computer forensics is the art of finding the evidence which is valid in legal terms. Also there are standards that need be followed
to acquire the evidence. Computer crime is increasing at an alarming rate and the procedures that are required for curbing the
crime are not sufficient to have a counter effect. Hence there are introduction of new laws to deal with the computer crime and
related issues.
The major reasons for criminal activity in computers are:
1. Unauthorized use of computers mainly stealing a username and password.
2. Accessing the victim’s computer via the internet.
3. Releasing a malicious computer program that is virus.
4. Harassment and stalking in cyberspace.
5. E-mail Fraud.
6. Theft of company documents.
Importance of Computer Forensics
Adding the ability to practice sound computer forensics will help you ensure the overall integrity and survivability of your network
infrastructure. You can help your organization if you consider computer forensics as a new basic element in what is known as a
“defense – in- depth” approach to network and computer security. For instance understanding the legal and technical aspects of
computer forensics will help you capture vital information if your network is compromised and will help you prosecute the case if
the intruder is caught.
The basics things that are required for a computer forensics professional includes the proper understanding of the computer
hardware and software, understanding of the ethics and legalities, a thorough knowledge of computer operating system as well as
the file system. The first thing the computer forensics professional must do when a case is handed over to him or his team is
detailed case study.
Computer Forensics is a relatively new field in computer science and is still undergoing a process of evolution and definition. In
general computer forensics is related to evidence from or about computers that is destined for use in court, although it is also used
to describe the use of computers to analyze complex data. In this paper computer forensics is limited to a post-incident scenario
where investigators have been called in to gather evidence for use in legal proceedings.
Forensic investigations typically consist of two phases. The first phase, known as the exploratory phase, is an attempt by the
investigator to identify the nature of the problem at hand and to define what s/he thinks transpired at the scene of the incident. For
example, in a hacker case the investigator may need to pinpoint the source of the break in. In a corporation with hundreds of
computers and thousands of entry points this may well be a daunting task.
Once the investigator has determined what thinks took place the induction ends and the deduction, i.e. the evidence phase, begins.
The evidence phase revolves around the accumulation of proof admissible in court that deductively proves the conclusion of the
forensic investigator made by way of induction. The exploratory phase of the investigation tests the investigator’s ability to detect
patterns in what may appear to be a chaotic scenario. Each scenario consists of recurring patterns that define a commonly
occurring “normal” sequence of events, like users following their usual
Patterns of computer/network usage, backups, taking place according to their per-determined schedule. The patterns that form this
“normal” sequences of events when identified, allow the investigator to visualize any disruption or anomalous events that may
have taken place. The solution too many cases lie in these anomalous occurrences that should be marked for careful security at a
later date.
Electronic evidence considerations
Electronic evidence can be collected from a variety of sources. Within a company’s network, evidence will be found in any form of
technology that can be used to transmit or store data. Evidence should be collected through three parts of an offender’s
network: at the workstation of the offender, on the server accessed by the offender, and on the network that connects the both.
Investigators can therefore use three different sources to confirm the data’s origin.
Role of Computer Forensic
The Role of computer forensics techniques is to search, preserve and analyze information on computer systems to find potential
evidence for a trial. Many of the techniques detectives use in crime scene investigations have digital counterparts, but there are
also some unique aspects to computer investigations.
For example, just opening a computer file changes the file -- the computer records the time and date it was accessed on the file
itself. If detectives seize a computer and then start opening files, there's no way to tell for sure that they didn't change anything.
Lawyers can contest the validity of the evidence when the case goes to court.
All work will be done as per computer forensic techniques
Computer forensics including forensic analysis of all file systems
Recovering deleted email massage
Recovering deleted files such as documents, graphics , and Photo
Lost Password Recovery
Forensic bits ream imaging of various digital storage devices
Training in detection and analysis of digital evidence Intellectual property theft investigations/ Source code theft
investigations
Onsite search & acquisition of digital/electronic evidence and custody Filtration and consolidation of data including
emails and files
Law Firm consultations including defense strategies Corporate investigations
Expert witness service Computer security, hacker tracking and in-house protection
Computer Forensic Audits to comply with the Sarbannes Oxley Act or as a part of Information Security Audits
Fraud Investigations
Admissible evidence in Court of Law

Whether in the case of a Cyber Crime pursued by the Police or a Computer Audit pursued by an auditor, "Evidence" plays a vital
part in securing the interests of the Information Asset owner. Naavi discusses the legal requirements and the devices required for
the purpose of collecting judicially acceptable Cyber Evidence.
In the case of electronic documents produced as "Primary Evidence", the document itself must be produced to the Court. However,
such electronic document obviously has to be carried on a media and can be read only with the assistance of an appropriate
Computer with appropriate operating software and application software.
In many cases even in non-electronic documents, a document may be in a language other than the language of the Court in which
case it needs to be translated and submitted for the understanding of the Court by an "Expert". Normally the person making
submission of the document also submits the translation from one of the "Experts". If the counter party does not accept the
"Expert's opinion", the court may have to listen to another "Expert" and his interpretation and come to its own conclusion of what
is the correct interpretation of a document.
In the case of the Electronic documents, under the same analogy, "Presentation" of document is the responsibility of the
prosecution or the person making use of the document in support of his contention before the Court. Based on his "Reading" of the
documents, he submits his case. This may however be disputed by the counter party. In such a case, it becomes necessary for the
Court to "Get the document Read by an expert" to its satisfaction. It is necessary to have some clarity on the legal aspects of such
documents presented to the Court because most of the court battles are expected to revolve around "Proper Reading" of the
documents and "Possible manipulation of the documents".
In making presentation of an "Electronic Document", the presentor may submit a readable form of the document in the form of a
"Print Out". Question arises in such a case whether the print out is a "Primary Evidence" or a "Secondary Evidence".
According to Indian Evidence Act, section 65 refers to "Cases in which secondary evidence relating to documents may be given".
However, the modifications made to this section by ITA-2000 have added Sections 65 A and Section 65 B.
Though these sections have been numbered as A and B of 65, these are not to be treated as sub sections of Section 65. As per
schedule II to ITA-2000, serial number 9, it appears that 65A and 65B are to be treated as independent sections.
According to Section 65 A therefore, "Contents of electronic records may be proved in accordance with the provisions of Section
65B".
Whether by design or otherwise, Section 65B clearly states that " Not withstanding anything contained in this (Ed: Indian
Evidence Act) Act, any information contained in an electronic record which is printed on a paper, stored, recorded or copied in
optical or magnetic media produced by a computer (herein after called the Computer Output) shall be deemed to be also a
document...."
However, for the "Computer Output" to be considered as admissible evidence, the conditions mentioned in the Section 65 B (2)
needs to be satisfied.
Section 65B(2) contains a series of certifications which is to be provided by the person who is having lawful control over the use
of the Computer generating the said computer output and is not easy to be fulfilled without extreme care.
It is in this context that the responsibility of the Law Enforcement Authorities in India becomes onerous while collecting the
evidence.
In a typical incident when a Cyber Crime is reported, the Police will have to quickly examine a large number of Computers and
storage media and gather leads from which further investigations have to be made. Any delay may result in the evidence getting
obliterated in the ordinary course of usage of the suspect hard disk or the media.
Any such investigation has to cover the following main aspects of Cyber Forensics, namely,
1. Collection of suspect evidence
2. Recovery of erased/hidden/encrypted data
3. Analysis of suspect evidence
If the process of such collection, recovery and analysis is not undertaken properly, the evidence may be rejected in the Court of
law as not satisfying the conditions of Section 65B of the Indian Evidence Act.
In the evolution of the Indian challenge to Cyber Crimes, it may be said that during the last three years, Police in different parts of
the Country have been exposed to the reality of Cyber Crimes and more and more cases are being registered for investigation.
However, if the Law enforcement does not focus on the technical aspects of evidence collection and management, they will soon
find that they will be unable to prove any electronic document in a Court of Law.
List of references
Sr.No Details
Course Outline of Unit IV: IPR and Cyber Space

Copyright Issues in the Internet- Protection of Computer Software - Caching - International Regime - OSS - DMCA - Data
Protection Directive - Trademark Issues in the Internet - Domain Name - Registration - Domain Name Registration - Domain
Name Dispute - ICANN - UDRP Policy - Linking - Framing - Met tagging - Database Issues in the Internet
Copyright Issues in the Internet

Copyright is about protecting expression. It protects the “original work of authorship” that are fixed in any tangible medium of
expression from which they can be perceived, reproduce, or otherwise communicated either directly or with the aid of a machine or
device. Copyright arises as soon as a ‘work’ is created. It does not extend any idea, procedure, process, system, method or
operation, concept, principle or discovery, unless fixed in a tangible form.
Copyright is a key issue in Intellectual Property Rights (I.P.R) in digital era. Though the term “Copyright” is not new, the modern
technology brought in a great importance to intellectual property and copyright in particular, which has cropped up in new
concepts such as computer programs, computer database, computer layouts, websites etc.
The internet has now become all encompassing; it touches the lives of every human being. We cannot undermine the benefits of
internet; however, its anonymous nature allows miscreants to indulge in various cybercrimes.
Cyberspace can be defined as an intricate environment that involves interactions between people, software and services.
Cyber security denotes the technologies and procedures intended to safeguard computer networks and data from unlawful
admittance of weaknesses and attacks transported through the internet by cyber delinquents.
Intellectual property refers to creations of the human mind, for example; a story, a song, a painting, a design, a program etc. The
facets of intellectual property that relates to cyberspace are covered by cyber law namely
Copyright Law
Trademark Law
Semiconductor Law
Patent Law
Data protection and privacy laws aim to achieve a fair balance between the piracy rights of an individual and the interests of data
controllers such as Banks, Hospitals, Electronic mail Service providers etc.
The Indian Penal Code (I.P.C) (as amended by I.T Act) penalizes several cyber-crimes. These include forgery of electronic
records, cyber frauds, destroying electronic evidence etc.
Digital evidence is to be collected and proven in the Court of Law as per the provisions of the Indian Evidence Act (as amended by
the I.T. Act 2000).
Every new invention in the field of technology experiences a variety of threats. Internet is one such a major threat which has
captured the physical market place and has converted into a virtual market place. The need of the hour is to initiate stringent
strategies in order to design and implement a secure cyberspace and protect copyright owners from the clutches of the wrongdoers.
As of now, copyright has been adopted to protect internet items. It protects original work or work that is fixed in a tangible
medium that means it is written, typed or recorded. Since it is not designed for internet, copyright law regarding internet is not
much clear and transparent.
Now as the technology develops, it creates new means to f ix the original expression in a tangible form and it also develops new
ways of being exploited in infringing the copyrights with impunity. Even some of the internet activities, like caching, browsing,
mirroring, scanning, downloading, uploading, or file swapping are an anathema to a purist.
These internet activities results in:
1. Transmission of information from one computer system or network to another, involving temporary storage of such
information.
2. An unauthorized storage of such information a violation of copyright owner’s exclusive right to make copies, i.e., to
reproduce the copyrighted work.
3. A violation of the copyright owner’s exclusive distribution right.
4. An appearance of a copyright image in a web browser infringing the copyright owner’s public display right.
5. An infringement of the copyright owner’s exclusive right to prepare derivative works.
The nature and characteristic of internet activities is such that there will certainly be infringements to the exclusive statutory rights
of a copyright owner.
Cyberspace is a virtual world, which technically exists only in computer memory, but it is interactive and pulsing with life. In fact,
cyberspace is a living organism which changes frequently because of constant downloading and uploading information that is fed
and also large number of people frequenting this medium. Cyberspace is linked to copyright in the sense, a person can come on the
sight and talk to the people of various locations, read, publish, research, hear music, watch video, look at art, purchase and sell
things, access to government documents, send e-mails, download software and receive technical support. Now, on the internet,
copyright faces its greatest challenge. The beauty of digital media is that there is no degradation in successive copying. The other
important factor about digital media is the case of transmission and multiple uses. The internet poses two basic challenges for
I.P.R administrator, what to administer? How to administer? Copyright is not meant to grant to its holder’s exclusive control of
their works, rather it is a very specific bundle of rights designed to foster creativity for the public interest.
Copyright violations have become rampant since the advent of cyberspace and the development of related information
technologies. Copyright threats are not limited to few blockbusters but are rampant in cyberspace, affecting a range of digital
products. Moreover, flagrant violation of copyrights is a just a tip of the iceberg of a much services problems of Intellectual
Property Rights (I.P.R) threats in the internet. The advent and growth of internet has resulted in the creation of an unruly and
anarchic space called the cyberspace, which poses extremely serious threats to copyrights. To control dissemination and copying
of works, copyright owners have been developing technological protection measures like E.C.M.S (Electronic Copyright
Management System).
Copyright and Cyberspace

Copyright
It is the exclusive and assignable legal right given to originator for a fixed number of years to print, publish, perform, and film or
material.
“It is a legal device that gives the creator of a literary artistic, musical or other creative work, the sole right to publish and sell that
work.”
Cyberspace
“It is domains characterized by the use of electronics and the electromagnetic spectrum to store, modify and exchange data via
networked systems and associated physical infrastructures. In effect, cyberspace can be thought of as the interconnection of human
beings through computers and telecommunication without regard to physical geography.”
With the onset of modern technology, more importantly the internet, copyright protection assumed greater significance. Now days,
copyright law has been incorporated and put into usage to protect internet items. It protects original work or work that is fixed in a
tangible medium i.e.; it is written, typed or recorded. In fact, the internet was introduced in 1960 and WWW in 1990’s; which
clearly established the fact that copyright which a manual operation was hitherto got transformed into electromagnetic operation.
Although the current copyright laws do provide protection to copyright owners, it also has some shortcomings as to the
effectiveness of copyright protection being enforced on the people. Thus the boundaries nature of internet calls for a stronger and
mightier relationship in other jurisdictions and close cooperation with international organizations. It is therefore the duty of the
society that needs to be educated about the necessity of copyright protection in order to check, control and also prevent any
unauthorized usage.
Cyberspace is a virtual world, which technically exists only in computer memory, but it is interactive and pulsing with life. The
advantage in cyberspace is that one can meet and talk to new people, read, publish research, hear music, watch video, look at art,
purchase and sell things, access to the government documents, send e-mails, download software and receive technical support.
One-way cyberspace is a living organism enable to frequent changes to suit the demands of the public. Now a days, people are so
accustomed to the cyberspace that it has become a part of our daily life and are more dependent on it even for a slightest need for
example to book a movie ticket, they go online, so is the importance of cyber space.
Copyright and Database

Database
Before going into the details it is better to know and understand about “database”. Indeed, database is a collection of data arranged
in a systematic way to allow for the easy and efficient retrieval of information. It is usually in an electronic form. A database must
be distinguished from a database system (also known as Data Base Management System (D.B.M.S)). This is an important
distinction to keep in mind when considering what is protected in a database. Thus computer database means a representation of
information knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in
a formalized manner and have been produced by a computer, computer system or computer network.
A database can generally be looked at as being a collection of records, each of which contains one or more fields about some
entity, such as a person, organization, city, product, work of art, recipe, chemical or sequence of D.N.A. For example, the fields for
a database that is about people who work for a specific company might include the name, employee identification number,
address, telephone number, date of employment etc.
Scope of Copyright and Database
Database is meant to describe a compilation of works, data or other materials, i.e., collection of facts arranged in a systematic or by
logical principles in a methodical or scientific manner. According to Lord Atkinson, for the subsistence of copyright, “it is
necessary that labour, skill and capital should be expended sufficiently to impart to the product some quality or character which
the raw material does not possess and which differentiates the product from the material.
Accordingly, database refers to collection of data, works, information or other independent material arranged in a systematic or
methodical way following some basic principle of compilation; database should be given copyright protection even if they are the
compilation of non-original work as they are the result of skill and labour employed by the author in creating the work. For
example, a database of articles on any topic such as “Copyright” should be given copyright as it is a work that is the result of
labour, skill and capital employed and judgment expended in selecting and arranging the articles by the creator of the database.
In India, databases have been treated as literary works. According to Section 2(o) of the Copyright Act 1957 “Literary works”
include computer programs, tables and compilation including computer database.
The Berne Convention

The Berne Convention of 1886 was the first step in harmonizing copyright law at a global level. The convention established a
minimal level of copyright protection for the member nations to follow and adopt the “National Treatment Policy”
The T.R.I.P.S Agreement

The General Agreement on Tariffs and Trade (G.A.T.T) has also addressed copyright issues, in parallel to W.I.P.O. The goal of
G.A.T.T is to promote the reduction of tariff barriers to the international movement of goods. In 1994, the Uruguay round of
G.A.T.T produced T.R.I.P.S (Trade Related Aspects Of Intellectual Property Rights). The same round also instituted the W.T.O
(World Trade Organisation). The T.R.I.P.S Agreement adopts portions of the Berne, Rome and Paris Conventions in enunciating
norms for intellectual property laws.
W.I.P.O (World Intellectual Property Organization)

W.I.P.O is an organization of the United Nations (U.N). W.I.P.O’s activities are of four kinds:- registration, promotion of inter-
governmental cooperation in the administration of intellectual property rights, specialized programme activities and lastly dispute
resolution facilities. In 1996, member countries found it necessary to form a treaty to deal with the protection of copyright
evolvement of new technology.
Development Agenda of WIPO
In October 2004, WIPO agreed to adopt a proposal offered by Argentina and Brazil, the "Proposal for the Establishment of a
Development Agenda for WIPO"—from the Geneva Declaration on the Future of the World Intellectual Property Organization.
[14] This proposal was well supported by developing countries. The agreed "WIPO Development Agenda"[15] (composed of over
45 recommendations) was the culmination of a long process of transformation for the organization from one that had historically
been primarily aimed at protecting the interests of rightholders, to one that has increasingly incorporated the interests of other
stakeholders in the international intellectual property system as well as integrating into the broader corpus of international law on
human rights, environment and economic cooperation.
A number of civil society bodies have been working on a draft Access to Knowledge (A2K)[16] treaty which they would like to
see introduced.
In December 2011, WIPO published its first World Intellectual Property Report on the Changing Face of Innovation, the first such
report of the new Office of the Chief Economist.[17] WIPO is also a co-publisher of the Global Innovation Index.
Internet in Indian Scenario

The internet system has spread very fast in India. Eg: V.S.N.L (Videsh Sanchar Nigam Limited), a Public Sector Unit started its
commercial activities on 15th August 1995. With the growth of internet, issues of Intellectual Property Rights are also likely to
increase.
Copyright Problems
The internet poses two basic challenges for I.P.R administrator. What to administer? and How to administer? One of the basic
copyright issues in the internet is determining the border between private and public use. The Indian Copyright Act,1957 (amended
in 1994, 2012) also makes a distinction between reproduction for public use and can be done only with the right holder’s
permission, whereas the law allows a fair dealing for the purpose of private use, research, criticism or review.
The right of reproduction presents certain fundamental problems over the internet. This is because of the basic nature of internet
transmission. Reproduction takes place at every stage of transmission. Temporary copying (known as caching) is an essential part
of the transmission process through internet without which messages cannot travel through the networks and reach their
destinations. In the Indian Law, reproduction has to be in a material form but includes “storing of it in any medium by electronic
means.” Case laws need to make it amply clear about the temporary and permanent reproduction, that takes place in the internet
communications.
W.I.P.O And Digital Copyrights
The Copyright Treaty 1996 and Performances and Phonograms Treaty 1996 are the two major international legal instruments
relating to cyberspace created under the auspices of W.I.P.O. A close analysis of W.I.P.O Copyrights Treaty would reveal the
scope and limitations of protection related to digital copyrights.
W.I.P.O Copyright Treaty addresses these specific rights namely the rights of distribution, rental and communication to the public.
The Treaty also interestingly addresses the issue of Rights Management Information (R.M.I) which is relevant to the popular
Digital Rights Management (D.R.M)
Copyright in Cyberspace
Copyright protection gives the author of work a certain “bundle of rights”, including the exclusive right to reproduce the work in
copies, to prepare derivative works based on the copyright work and to perform or display the work publicly.
Public Performance and Display Rights
The right that does get affected is that of display. Display of the work is also done by making copies, which are then retailed or
lent out. This also falls under the right to display, which the holder of the copyright has.
Distribution Rights
Copyright Law grants the holder of the copyright the exclusive right to distribute copies of the work to the public by sale or by the
transfer of the ownership.
Caching (Mirroring)
A cache is a temporary storage area. For example, the files you automatically request by looking at a Web page are stored on your
hard disk in a cache subdirectory under the directory for your browser. When you return to a page you've recently looked at, the
browser can get those files from the cache rather than the original server, saving you time and saving the network the burden of
additional traffic.
Caching is a violation on the internet. Caching may be local caching and proxy caching. In addition, proxy caching may give rise
to infringement of the right of public distribution, public policy, public performance and digital performance.
Legal Aspects and Challenges

Copyright Infringement
Copyright in a work is infringed when the work is copied without the consent of the copyright owner. A copyright law deals with
the form in which the work is expressed. It doesn’t monopolies the idea of information. As a medium, it allows a person to access
a large amount of information and to copy that information in the same state as it is displayed.
Electronic Copyright Management System (E.C.M.S)
The copyright owners have an option to make use of the technology protection measures. E.C.M.S is indeed a legal framework to
protect against third parties circumventing these systems.
Technology protection measures may be classified as follows: - access control measures and copy control measures. Examples of
access control measures include passwords, encryption and set top boxes. E.C.M.S is used to enable the copyright owners to track,
manage or prevent copying of their work, such as digital watermarking system. This system allows the copyright owner to track
and identify unauthorized copies made by the original work.
Legal Aspects of Electronic Copyright Management System
D.M.C.A (Digital Millennium Copyright Act 1998)
This Act (D.M.C.A)provides firstly, that no person shall circumvent a technological protection measure that effectively controls
access to a work protected under the Act. The Second part prohibits trafficking in devices or services for circumventing technology
measures that control access. The third part prohibits trafficking in devices or services for circumventing technology measures that
protect the rights of a copyright owner.
E.U.C.D (Europe Union Copyright Directive)
The main focus was on the preparatory activities, because the real danger for Intellectual Property Rights will not be a single act
of circumvention by individuals but preparatory activities to produce devices or offer services to circumvent.
Protection of Database in India
The Indian Copyright Act 1957 protects “Databases” as “Literary Works” under Section 13(1) (a) of the Act which says that
copyright shall subsist throughout India in original literary, dramatic, musical and artistic works. The term computer Database has
been defined in the Information Technology Act 2000 for the first time. Section 43 of the I.T. Act 2000 provides for compensation
to the aggrieved party up to one crore rupees from a person who violates the copyright and cyberspace norms. Also Section 66 of
I.T.Act 2000 provides for penal liabilities in such a case.
Copyright Protection of Computer Software / Program
Under the T.R.I.P.S Agreement, computer programs now qualify for copyright protection just as any other literary work, as well as
other forms of I.P. protection. Copyright, matters most in the computer software industry to off- the shelf business applications
sector.
Under T.R.I.P.S, developing countries are permitted the flexibility to allow reverse engineering of software.
Internet Protection in India

The internet challenge for the protection of internet is the protection of intellectual property. It is still unclear as to how copyright
law governs or will govern these materials (literary works, pictures and other creative works) as they appear on the internet.
Section 79 of the I.T. Act 2000 provides for the liability of I.S.P’s “Network Service Providers not to be liable in certain case.”
Section 79 of the I.T.Act exempts I.S.P’s from liability for third party information.
For the first time in India, the copyright law clearly made several provisions in this regard to protect the copyright owners: -
The right of a copyright holder
Position on rentals of software
The rights of the user to make backup copies
Section 14 of Copyright Act makes it illegal the distribution of copies of copyrighted software without paper or
specific authorization.
The violator can be tried under both the Civil and Criminal Law
Heavy punishment and fines for infringement of software copyright.
Section 63(B)-Stipulates a minimum full term of 7 days, which can be extended up to 3 years
Indian Cyber Jurisdiction

Though it is the in nascent stage as of now, Jurisprudential development would become essential in the near future; as the internet
and e-commerce shall shrink borders and merge geographical and territorial restrictions on jurisdiction. There are two dimensions
to deal with.
1. Manner in which foreign courts assume jurisdiction over the internet and relative issues
2. The consequences of decree passed by a foreign court.
Copyright violations in Cyberspace: Offences and protection mechanisms

Software
A. Copying of code
The modern Copyright Act not only recognizes the creative, literary or musical works for the individual authors, but also provides
an effective legal framework for protecting the rights of the owners of Computer software. Section 2 (o) of the Copyright Act
states that literary work includes “computer programmes, tables and compilations including computer databases”. Computer
programme has been defined under Section 2 (ffc) of the Copyright Act, 1957 as “a set of instructions expressed in words, codes,
schemes or in any form, including a machine readable medium, capable of causing a computer to perform a particular task or
achieve a particular result.”
In India, the copyright for software lasts for the life of the author, plus sixty years, after the expiry of such period the work comes
into public domain. In case of pseudonymous or anonymous work and work by public undertakings, the copyright lasts for sixty
years from the date of publication.
Any “work” including “literary work” must be presented in some tangible form, either in print or writing. Ideas which cannot be
presented in some tangible medium cannot be protected under the Copyright Act. Computer software may be reproduced or
presented in programme manuals, punched cards, magnetic tapes, discs, papers, etc and thus provides an effective tangible
medium to get copyright protection. But the moment copies of the software are made and marketed, it becomes goods, which are
susceptible to sales tax. Further, both the source code and the object code of computer software can be copyrighted.
The general rules of copyright states that ideas cannot have copyright protection, but what is protected is the expression of the
idea. However, the expression of the idea, which is nothing but a literal imitation of a prior work with minor changes here and
there, will constitute violation of copyright law. Copyright law protects not only literal copying of the source code but copying the
non-literal elements in software like the “structure, sequence and organization”. In determining whether the two softwares are
substantial in nature, Courts in US, have applied the “abstraction-filtration-comparison test”. In this test, the Courts in the first
stage the Court will break down the program into smaller parts and identify similarities in it, starting from the source code and
moving towards program’s ultimate function. In the second stage, the Court will filter out the parts which are already in public
domain, or which are industry standards, or which dictated by efficiency (best way of doing the task) or external factors like API,
programming standards. In the third part, the Court determines the level of similarities between the two programs, if any and
importance of the copied part in comparison with the entire program. However, if the code relates of “method of operation”, a text
which helps people to describe how to operate the program, for example similar command menus in a program; it cannot be
protected under copyright law.
The rights conferred under S. 14 of the Copyright Act, are basically economic rights of the owner to exploit his creation himself or
may assign licenses to other for such economic benefits. The Copyright Act grants a copyright holder exclusive right in respect of
a work or a substantial part of it to reproduce, issue copies, perform or communicate, translate, adaptation, sell or give or rental any
computer programme.
B. Selling and distribution of pirated software
Copyright infringement of computer programmes, popularly known as software piracy is highly prevalent in India. If any person
without the permission of the copyright owner or exceeding the terms of the license granted publish, sell, distribute a software, the
owner can file for suit for infringement. Both civil and criminal remedies are available under the Copyright Act (as discussed in
earlier chapter). A person can claim damages, injunctions, accounts of profits and other remedies conferred under the law for
copyright infringement. A person who knowingly infringes or abets the infringement of copyright in a work shall be punishable
with minimum imprisonment of six months and may extend to three years and with fine of minimum of fifty thousand rupees and
may extend to two lakh rupees. The Act also provides for enhanced punishment in case of second or subsequent offence of
copyright infringement.
The Indian judiciary is recently being very proactive and strict about cyber piracy. Recently, the Delhi High Court has granted
John Doe orders, or injunction order against prospective unknown offenders to prevent copyright violations of movies like Speedy
Singhs, Singham, Don 2 and Bodyguard before its release. The John Doe order resulted in blocking of various file sharing
websites like Megaupload, Filesonic by the Internet Access Providers (IAPs). The Calcutta High Court granted an order to the
Internet Service Providers to block various websites offering pirated music. Software owners may seek for John Doe orders to
prevent software piracy through internet in a similar fashion.
Database
Databases in an elementary sense are nothing but an arrangement of arrays of information in a tabular manner. A computer
database can be of two types – containing only raw data and a database which is complex software that stores raw data, process the
data and disseminate the information in a desirable format. Databases are generally protected as literary work, and Indian
copyright law specifically recognizes computer databases. Database includes mailing lists, telephone directories, etc in which can
be produced in either electronic or in traditional paper format. Database protections are generally granted not because they are
creative or innovative, but to recognize the labour invested in creation of the database. Creation and development of a successful
commercial database involves investment of huge sum of money and time.
However, not all databases are protected under the law, only those databases which feature some degree of originality in
compilation of the facts are protected. The data which is stored inside the database, may or may not have separate copyright
protection. Moreover, copyright protection granted to a database, does not automatically grants copyright to the data inside it. For
example, an array of phone numbers may not have copyright protection, however a compilation of skilfully arranged number may
be copyright protected, but not the numbers itself. The US Supreme Court, in Rural Telephone v. Feist laid down a three prong test
to decide whether the compilation is original or not, firstly, there must be a collection of “pre-existing materials or data”, secondly
the data must be “selected, coordinated, or arranged” in a particular way and thirdly the resultant work as a whole “constitutes an
original work of authorship”.
In India, most of the Courts have trended to follow the principle of “sweat of the brow”. In Burlington Home Shopping Pvt Ltd v.
Rajnish Chibber, Delhi High Courtheld that as the compilation of mailing addresses of customer requires lot of money, time,
labour and skills, and even though such information is available in the public domain and no uniqueness in arrangement of the
data, such compilation would meet the requirement of “literary work” under Copyright Act. However, in another case Eastern
Book Company v. Desai [AIR 2008 SC 809], the Delhi High Court have stated, referring to the Feist case, that there must some
“modicum of creativity” in arrangement and compilation of the information to meet the criteria of originality and to avail copyright
protection. In this case, the Court held that mere correction of typographical errors, addition of quotations does not meet the
threshold of originality to be protected under laws of copyright. In Himalaya Drug Company v. Sumit, the Delhi High Court,
granted permanent injunction and punitive damages against the respondent who copied an online database of the plaintiff
consisting of information on herbs and its cure.
Websites
The design, images, content, source code and illustration used in a website are individually protected under copyright laws.
However, certain elements of the website which are functional in nature and the overall layout may be difficult to be protected
under either copyright or trademark law. The remedy for protection of website layout can be availed under trade dress protection.
Trade dress law protects the “look and feel” of the website including interactive elements and overall representation of the website,
if the representations are highly intuitive for the users.
For protecting your website, you might consider following these steps:
1. Though there is no specific need to apply for copyright of the website or to give a public notice of copyright, it is
advisable to give a copyright notice at the bottom of the website.
2. Have a detailed “Terms of use” in the website, which states under what circumstances the material from the website can
be used
3. Watermarking and using low-resolution website images
4. Add codes which automatically add attribution link when image or text is copied
5. Limiting access to particular areas of the website
6. Limiting indexing of sub-pages by search engine bots, if it contains an image gallery
7. If you are getting your website designed by a freelancer or any other agency, it is advised that the agreement must
contain a copyright assignment clause granting you the copyright of the website created.
Thumbnails
Though using thumbnails of images owned by other may constitute violation of copyright, except in case the image has been used
under fair-use criteria, i.e., for news, research, criticism or review of the work., etc. The Courts in US (Perfect10 v. Amazon, Kelly
v. Arriba Soft Corp) have held that automatic indexing of the web-pages containing the images by a search engine and provide
thumbnail versions of images in response to user inquiries is fair use.
Trademark issues in the Internet

Cyberspace raises a variety of thought-provoking trademark and trademark-related issues. While many of the issues and problems
that arise may be analyzed and resolved from the vantage point of traditional notions of trademark law, others present thornier
questions requiring greater sensitivity to the practical effect of cyberspace on the commercial marketplace.
The cyberspace trademark issue that continues to get the most press is the domain name controversy. Is a domain a trademark?
When does use of a domain infringe trademark rights? If someone else registers a company's name or trademark as their domain,
what can the company do? Beyond domains lies the vast array of trademark issues that ultimately are likely to be more important
than domain disputes. Questions of what constitutes use, and abuse, of trademarks in cyberspace are exploding along with the web.
In addition to garden variety trademark enhancement and policing concerns that take new shapes on the Internet, companies must
be vigilant in avoiding trademark dilution and think twice before linking to other sites or permitting others to link to the company's
site using company logos. Attempting to police trademark rights in cyberspace can be a daunting, but infinitely interesting, task.
Domain Name
A company's presence on the Net starts with its domain name ("domain"). A domain is an important corporate identifier. Beyond
being the name under which the company sends and receives e-mail, like any other trademark or trade name it can be a symbol of
the company's goodwill and recognition in the marketplace. Given the unstructured nature of the Internet, obtaining an easily
ascertained domain name often is a key element of an on-line marketing strategy. Users regularly attempt to guess a company's
Internet location by typing in the name of the company followed by the ubiquitous .con top level domain. This common practice
of guessing at domain names makes an intuitive domain name a valuable corporate asset.
Generally speaking, domain names are assigned on a first come, first served basis. In the U.S. today, the vast majority of domains
are assigned by a single registry, Network Solutions, Inc. ("NSI"), under contract from the National Science Foundation.! In
assigning a domain, NSI uses a multi-level system, including a Top Level Domain ("TLD") such as ".com", ".net" and ".org",
coupled with a Second Level Domain ("SLD") requested by the party seeking the domain assignment (e.g., <ibm.com>). Not
surprisingly, the .com TLD, intended for commercial users has experienced exponential growth in the recent past; there are now
over three million such domains. As would have been expected from such growth, the .com TLD is at the eye of the storm in
domain disputes. Overseas, any number of registration entities (called NICs’ or registries) assigns individual country TLDs using
two character ISO country codes, such as ".ca" for Canada or ".fr" for France. Due to the international cachet that has developed in
.com names, many overseas business have bypassed country TLDs and have registered .com domains with NSI instead.
In the registration process, NSI (and the other NICs) will not exercise veto power over a requested name, so long as that name is
not identical to one already assigned within the TLD. Prior to the commercial explosion of the web, the domain name system
engendered little or no controversy. Only with the advent of the web, and the commercial world's awakening to the enormous
marketing possibilities it represented, did this system come under scrutiny.
Problems relating to Domain Name
As the commercial world expanded into cyberspace, three related problems with the domain name system became painfully clear.
The first and most obvious problem is the opportunity for others to "pirate" names, typically by obtaining SLD registrations within
the .com TLD of a well-known company name or brand. A number of major corporations have had the uncomfortable, and in
some cases embarrassing, experience of learning that someone else had already registered their name or mark as a second level
domain followed by the now ubiquitous .com TLD. By May 1994, the list of "pirated" names read like a Who's Who of corporate
America: McDonald's, Coke, Hertz, Nasdaq, Viacom, MTV and others. By mid-1996, Avon, Levi's, B. Dalton and Readers Digest
had joined the list. In 1997, a California college student, Daniel Khoshnood, started a web design firm called The Microsoft
Network.
Misspelling popular brands is the second problem. The domain name system creates the opportunity for others to obtain a second
level domain that is only a slight variation of someone else's well known, or not so well known, name or mark. Indeed, some
"entrepreneurs" even register slight variations of others' marks for the sole purpose of getting hits, thus capitalizing on typing
errors made by web surfers. These speculators often sell only advertising rather than products or services, while legitimate
companies that happen to have a similar domain will disclose that theirs is not the site the surfer actually was seeking.
The third problem, a variation on a theme, is created by the fact that NSI is not alone in assigning domains: NICs and other
registries all over the world may assign identical second level domains, so long as the TLD differs. Again, while Microsoft may be
<microsoft.com>, there may also be a completely unaffiliated <microsoft.co.uk> commercial domain in England or a
<microsoft.az> in Azerbaijan. Not surprisingly, the first lawsuits in the domain name area involved situations in which intentional
"pirating" was admitted or at least alleged. In the first case, Princeton Review Management Corp. v. Stanley H. Kaplan
Educational Center, Ltd., Kaplan did not take kindly to its competitor's use of <kaplan.com> in connection with a web site
containing messages disparaging Kaplan's educational testing services and praising those of Princeton Review. Kaplan refused
Princeton Review's offer to relinquish the name in exchange for a case of beer, and ultimately convinced an arbiter to order
Princeton Review to give up the domain.'
In Internet Domain Name
Internet Domain Names worldwide have assumed greater significance in recent times with the Internet increasingly being used as
an effective medium for commerce, governance, education and communication. The system of registration of Internet Domain
Names can facilitate the proliferation of Internet in a country. Many countries have, therefore, adopted liberal and market friendly
policies to register large number of Domain Names under their country code, broadly consistent with globally accepted policy and
procedures of Domain registration.
In India, .IN is the allocated country code Top Level Domain (ccTLD). It is recognized that its all round adoption by Indian
residents, individuals, Government entities, public service organizations and businesses will help in establishing their Indian
identity in the Internet space using a short and unique Domain Name.
The number of .IN Domain Names so far registered does not truly represent the penetration of information technology in India
when seen in conjunction with the dimension and vibrancy of the Indian economy and the number of companies and public
institutions operating in the area of Information Technology (IT) and Information Technology enabled Services (ITeS). An
overcautious registration policy and absence of contemporary processes and infrastructure for registration have so far hindered the
growth of .IN Domain. It is widely recognized that .IN Domain Name has an untapped growth potential. A proactive policy for .IN
Domain proliferation can help establish .IN as a globally recognized symbol of India 's growth in the area of IT.
After an in-depth review of the situation, the Government has decided to revamp the .IN Domain Name Registry in India to
provide a greater thrust to its activities. The new policy for .IN Domain Name registration covers the following main elements:
Unlimited generic .IN registration will be offered at 2 nd level of Domain Name and also at the 3 rd level in the globally popular
zones of Domain registration, e.g., .co.in, .net.in and .org.in.
Registrations will be carried out by Registrars to be appointed by the .IN Registry through an open process of selection on the basis
of transparent eligibility criteria.
Registrations will be offered by the Registrars following a competitive pricing policy and best market practices. The minimum fee
charged by the .IN Registry will be Rs. 250 and Rs. 500 per year for registrations at 3 rd and 2 nd levels respectively.
The .IN Registry will adopt Uniform Dispute Resolution Policy (UDRP), and will be assisted by a Dispute Resolution Committee
to resolve disputes involving the Registry. It will also appoint Arbitrators to address disputes involving the Registrars and the
registrants.
The entire process of registration will be online and should be completed in less than 24 hours of the receipt of the request from a
registrant.
The .IN Registry will announce a Sunrise period' of 90 days to enable registered trademark owners, registered companies and
owners of intellectual property having a legitimate interest in protecting their brand to secure registration of their Domain Names
after due verification.
The zones for Government, Military and Educational Institutions will be reserved for exclusive use by the respective organizations.
Registrations for these will be offered by NIC, an organization nominated by the Ministry of Defence, and ERNET, respectively.
The .IN Registry will have the authority to deny or suspend any registration if it conflicts with the sovereign national interest or
public order.
The names of Constitutional Authorities, States/Union Territories and specific names used by the .IN Registry will constitute the
reserved category of names, which will not be available to the general public.
National Internet Exchange of India (NIXI)

The Department of Information Technology (DIT), in association with the Internet Service Providers Association of India (ISPAI),
has promoted the National Internet Exchange of India (NIXI) as a Not-for-Profit Company under Section 25 of the Indian
Companies Act, 1956 with the objective of facilitating improved Internet services in the country. In its operation, NIXI aims to
ensure that the Internet traffic which originates within India and also has destination in India, remains within the country, resulting
in improved traffic latency, reduced cost and better security.
As a part of the implementation plan of NIXI, four Internet Exchange Nodes, have been set up and operationalised at Noida
(Delhi), Mumbai, Chennai and Kolkata in the premises of the Software Technology Parks of India. As many as 34 Internet Service
Providers (ISPs), including major Class A ISPs, have joined these nodes as members. The number of ISPs joining the NIXI nodes
is increasing in view of the demonstrated experience of improved traffic routing and savings in the usage cost of bandwidth.
In order to address the problem of excessive cost of connectivity for smaller ISPs (Class B and C) operating in secondary cities, the
Government is considering a proposal to set up, in partnership with the State Governments, and with the ISPs as stake holders, a
second tier of NIXI hubs in a few selected provincial capitals.
NIXI has implemented a dynamic traffic routing and tariff policy for its members with effect from 1 st July 2004. The policy is
regularly reviewed by the Board of NIXI to ensure that the requirements of the members are addressed while ensuring that the
objectives set for NIXI are met.
We have also entrusted with the responsibility of operating the .IN Registry to implement the new policy framework for .IN
Domain Name by creating a .IN Network Information Centre (INNIC). The synergy between NIXI and the INNIC is proposed to
be established by ensuring that the Registrars selected by the .IN Registry are from among or utilize the services of the Internet
Service Providers connected to NIXI nodes.
The INNIC under NIXI will function as an autonomous body with the primary responsibility of maintaining .IN Domain and
ensuring its operational stability, reliability and security. It will implement the various elements of the new policy set out by the
Government.
Domain name dispute resolution

A domain name dispute concerning the country code TLD (ccTLD) name for India (.in) is governed by the .IN Dispute Resolution
Policy (INDRP) and is overseen by the National Internet Exchange of India (NIXI).
While the INDRP and the UDRP follow similar procedures, the INDRP remains unique and is distinct from the UDRP. The most
significant difference lies in the three criteria which a complainant must satisfy under the respective policies, namely:
The domain name must be similar to the complainant’s trademark;
The registrant must not have rights or legitimate interests in respect of the domain name;
The domain name must be registered and/or used in bad faith.
The first difference is that under the INDRP, the absence of the conjunctive phrase “and” between the first and second element
suggests that in order to succeed, a complainant may simply satisfy the first element. Alternatively, the complainant may satisfy
the second and third element (which are conjoined with the phrase “and”) and not the first. However under the UDRP, the
complainant is expressly required to satisfy all three elements.
However, such a literal interpretation of the elements prescribed under the INDRP can have disastrous ramifications. This can be
seen with a disjunctive reading of the elements which implies that a complainant can obtain a remedy against a registrant who has
legitimate rights in a domain name which is registered and used in good faith, solely by virtue of its similarity to the complainant’s
trademark.
As a corollary, if a complainant can prove that the registrant has no legitimate interest in the domain name and that it was
registered or used in bad faith, the disjunctive interpretation implies that the domain name needn’t be similar to a trademark in
which the complainant has rights. However in such an event, the complainant may not have any locus standi to submit the
complaint in the first place.
It must be kept in mind that the object of the INDRP is to counter cybersquatting, for which it is imperative that a complainant
satisfies all three elements while seeking a remedy under the INDRP. Therefore, it is vital that the elements are interpreted
conjunctively.
The second difference is that under the UDRP, a complainant must prove that the domain name is registered and being used in bad
faith. However, under the INDRP by virtue of the disjunctive requirement of the phrase “or”, the complainant is required to prove
that the domain name has been registered or is being used in bad faith. The significance of this is that if a complainant proves that
the domain name was registered but not used in bad faith or vice-versa, the complainant will be unable to obtain a remedy under
the UDRP, but can do so under the INDRP.
There are several other unique aspects of the INDRP in contrast to the UDRP, notably:
In UDRP proceedings, the complainant selects the provider (from the list of ICANN approved providers) who then forms an
administrative panel which administers the proceedings, while under the INDRP, an arbitrator is appointed by NIXI to conduct the
proceedings.
The UDRP proceedings are governed by the UDRP Policy, Rules of Procedure and the WIPO supplemental rules, while under the
INDRP, the arbitrator has to conduct the proceedings in accordance with the INDRP Policy, Rules of Procedure and the
Arbitration and Conciliation Act, 1996.
Under the INDRP a sole arbitrator is appointed to conduct the proceedings, while under the UDRP the administrative panel can
consist of one or three panellists.
A party to an INDRP proceeding may request the arbitrator for a personal hearing to enter appearance and advance arguments to
make its case; no such provision exists under the UDRP.
Under the INDRP, an arbitrator is empowered to award costs as deemed fit while the UDRP expressly limits its remedies to
cancellation and transfer of the domain name.
Significantly, a fundamental difference between the policies is that under the UDRP a complainant may combine multiple domain
names into one consolidated complaint. However, under the INDRP, the rules clearly stipulate that “a separate complaint is
required to be filed for dispute relating to each domain name” [Paragraph 3(c)].
This poses a serious problem for a complainant who comes across an entity which wrongfully registers multiple domain names in
clear violation of its rights and who, owing to Paragraph 3(c), is required to file separate complaints for each domain name. This is
an onerous task which is not only expensive for the complainant, costing as much as $200 per complaint, but may lead to
inconsistent decisions being passed with respect to the same trademark.
Recently, Dell Inc came across such an entity that had wrongfully registered 10 domain names comprising its trademark/name
‘Dell’ and suffixed with .in.
Although it seemed both expedient and practical to submit a single complaint consolidating the domain names under the INDRP,
Dell Inc apprehended objections under Paragraph 3(c).
Dell Inc contacted representatives of NIXI to ascertain the permissibility of filing a consolidated complaint. NIXI accepted the
necessity to bring about an amendment in the existing provisions to circumvent multiplicity of proceedings, especially when
confronted with numerous decisions passed by WIPO, NAF and even the High Court of Delhi wherein multiple domain names
were consolidated to form the subject matter of a single action.
However, they appeared reluctant to allow deviation from the INDRP especially with respect to an express provision contained
therein.
Dell Inc was left with no alternative but to file separate complaints for each domain name. In the circumstances, it was essential
that all complaints were entertained by a common arbitrator in order to ensure consistency in decisions. Accordingly, a formal
request was made to NIXI to assign all the complaints to a common arbitrator to ensure consistency.
However, to Dell Inc’s surprise, despite taking all the precautions and following up with NIXI constantly, each complaint was
assigned to a different arbitrator.
It appears that until there is a significant amendment to the INDRP, starting with the abolishment of Rule 3(c), to bring it in sync
with the UDRP and court procedure, an aggrieved party must file a separate complaint before NIXI for each domain name bearing
in mind that each complaint will be assigned to a separate arbitrator and run the formidable risk of conflicting decisions, thereby
defeating the entire process. The need for a renaissance is at hand.
Uniform Domain-Name Dispute-Resolution Policy

The Uniform Domain-Name Dispute-Resolution Policy (UDRP) is a process established by the Internet Corporation for Assigned
Names and Numbers (ICANN) for the resolution of disputes regarding the registration of internet domain names. The UDRP
currently applies to all generic top level domains (.com, .net, .org, etc...), some country code top-level domains, and some older top
level domains in specific circumstances.
Process under UDRP
A complainant in a UDRP proceeding must establish three elements to succeed:
The domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights;
The registrant does not have any rights or legitimate interests in the domain name; and
The domain name has been registered and the domain name is being used in "bad faith".
In a UDRP proceeding, a panel will consider several non-exclusive factors to assess bad faith, such as:
Whether the registrant registered the domain name primarily for the purpose of selling, renting, or otherwise transferring the
domain name registration to the complainant who is the owner of the trademark or service mark;
Whether the registrant registered the domain name to prevent the owner of the trademark or service mark from reflecting the mark
in a corresponding domain name, if the domain name owner has engaged in a pattern of such conduct; and
Whether the registrant registered the domain name primarily for the purpose of disrupting the business of a competitor; or
Whether by using the domain name, the registrant has intentionally attempted to attract, for commercial gain, internet users to the
registrant's website, by creating a likelihood of confusion with the complainant's mark.
The goal of the UDRP is to create a streamlined process for resolving such disputes. It was envisioned that this process would be
quicker and less expensive than a standard legal challenge. The costs to hire a UDRP provider to handle a complaint often start
around US$1,000 to $2,000.
If a party loses a UDRP proceeding, in many jurisdictions it may still bring a lawsuit against the domain name registrant under
local law. For example, the administrative panel's UDRP decision can be challenged and overturned in a U.S. court of law by
means of e.g. the Anticybersquatting Consumer Protection Act. If a domain name registrant loses a UDRP proceeding, it must file
a lawsuit against the trademark holder within ten days to prevent ICANN from transferring the domain name.
ICANN
The Internet Corporation for Assigned Names and Numbers (ICANN) is a nonprofit organization responsible for coordinating the
maintenance and procedures of several databases related to the namespaces and numerical spaces of the Internet, ensuring the
network's stable and secure operation. ICANN performs the actual technical maintenance work of the Central Internet Address
pools and DNS root zone registries pursuant to the Internet Assigned Numbers Authority (IANA) function contract. The contract
regarding the IANA stewardship functions between ICANN and the National Telecommunications and Information
Administration (NTIA) of the United States Department of Commerce ended on October 1, 2016, formally transitioning the
functions to the global multi-stakeholder community.
Much of its work has concerned the Internet's global Domain Name System (DNS), including policy development for
internationalization of the DNS system, introduction of new generic top-level domains (TLDs), and the operation of root name
servers. The numbering facilities ICANN manages include the Internet Protocol address spaces for IPv4 and IPv6, and assignment
of address blocks to regional Internet registries. ICANN also maintains registries of Internet Protocol identifiers.
ICANN's primary principles of operation have been described as helping preserve the operational stability of the Internet; to
promote competition; to achieve broad representation of the global Internet community; and to develop policies appropriate to its
mission through bottom-up, consensus-based processes.
ICANN's creation was announced publicly on September 17, 1998, and it formally came into being on September 30, 1998,
incorporated in the U.S. state of California. Originally headquartered in Marina del Rey in the same building as the University of
Southern California's Information Sciences Institute (ISI)], its offices are now in the Playa Vista neighborhood of Los Angeles.
Structure of ICANN
From its founding to the present, ICANN has been formally organized as a nonprofit corporation "for charitable and public
purposes" under the California Nonprofit Public Benefit Corporation Law. It is managed by a 16-member board of directors
composed of eight members selected by a nominating committee on which all the constituencies of ICANN are represented; six
representatives of its Supporting Organizations, sub-groups that deal with specific sections of the policies under ICANN's
purview; an at-large seat filled by an at-large organization; and the President / CEO, appointed by the board.
There are currently three supporting organizations: the Generic Names Supporting Organization (GNSO) deals with policy making
on generic top-level domains (gTLDs); The Country Code Names Supporting Organization (ccNSO) deals with policy making on
country-code top-level domains (ccTLDs); the Address Supporting Organization (ASO) deals with policy making on IP addresses.
ICANN also relies on some advisory committees and other advisory mechanisms to receive advice on the interests and needs of
stakeholders that do not directly participate in the Supporting Organizations.[60] These include the Governmental Advisory
Committee (GAC), which is composed of representatives of a large number of national governments from all over the world; the
At-Large Advisory Committee (ALAC), which is composed of individual Internet users from around the world selected by each of
the Regional At-Large Organizations (RALO)and Nominating Committee; the Root Server System Advisory Committee, which
provides advice on the operation of the DNS root server system; the Security and Stability Advisory Committee (SSAC), which is
composed of Internet experts who study security issues pertaining to ICANN's mandate; and the Technical Liaison Group (TLG),
which is composed of representatives of other international technical organizations that focus, at least in part, on the Internet
Meta Tagging
A Meta tag is a tag (coding statement) in the Hypertext Markup Language (HTML) that describes some aspect of the contents of a
Web page. The information that you provide in a Meta tag is used by search engines to index a page so that someone searching for
the kind of information the page contains will be able to find it. The Meta tag is placed near the top of the HTML in a Web page as
part of the heading.
There are several kinds of Meta tags, but the most important for search engine indexing are the keywords Meta tag and the
description Meta tag. The keywords Meta tag lists the words or phrases that best describe the contents of the page. The description
Meta tag includes a brief one- or two-sentence description of the page. Both the keywords and the description are used by search
engines in adding a page to their index. Some search engines also use the description to show the searcher a summary of the page's
contents.
Although most search engines also use the contents of a page as a way to determine how to index it, the creator of a Web page
should be sure to include Meta tags with appropriate keywords and description. Well-written Meta tags can help make the page
rank higher in search results.
List of references
Sr.No Details
Course Outline of Unit V: Contemporary Issues

Convergence Technologies - Cloud Computing - Online Digital Libraries - Access to Internet : A Human Right Issue - Issue of
Censorship - Privacy issues - National Security and Social Security
Convergence Technologies
Technological convergence is a term that describes the layers of abstraction that enable different technologies to interoperate
efficiently as a converged system. From a practical standpoint, technological convergence encompasses two interdependent areas:
technical design and functionality. Technical design is occupied with engineering the underlying infrastructure needed to transport
digital content. Functionality refers to the ease of use with which a user can access the same content on various devices. The
functional aspects spring from the efficiency of the technical engineering.
The process by which existing technologies merge into new forms that bring together different types of media and applications is
known as Technological convergence. The technology convergence capability for organizations is the ability to embed technology
in devices and products.
Technology Convergence leads to business innovation, Competitive differentiation across the business and increased efficiency
within the organization. In future, devices and machines will communicate with each other without human intervention and can
perform synergistically to accomplish tasks that would otherwise be extremely complicated, cumbersome and time consuming.
Converging technological fields
NBIC, an acronym for Nanotechnology, Biotechnology, Information technology and Cognitive science, was, in 2014, the most
popular term for converging technologies. It was introduced into public discourse through the publication of Converging
Technologies for Improving Human Performance, a report sponsored in part by the U.S. National Science Foundation. Various
other acronyms have been offered for the same concept such as GNR (Genetics, Nanotechnology and Robotics) (Bill Joy, 2000,
Why the future doesn't need us). Journalist Joel Garreau in Radical Evolution: The Promise and Peril of Enhancing Our Minds,
Our Bodies — and What It Means to Be Human uses "GRIN", for Genetic, Robotic, Information, and Nano processes, while
science journalist Douglas Mulhall in Our Molecular Future: How Nanotechnology, Robotics, Genetics and Artificial Intelligence
Will Transform Our World uses "GRAIN", for Genetics, Robotics, Artificial Intelligence, and Nanotechnology. Another acronym
coined by the appropriate technology organization ETC Group is "BANG" for "Bits, Atoms, Neurons, Genes".
Convergence on the Internet
The role of the internet has changed from its original use as a communication tool to easier and faster access to information and
services, mainly through a broadband connection. The television, radio and newspapers were the world's media for accessing news
and entertainment; now, all three media have converged into one, and people all over the world can read and hear news and other
information on the internet. The convergence of the internet and conventional TV became popular in the 2010s, through Smart
TV, also sometimes referred to as "Connected TV" or "Hybrid TV", Smart TV is used to describe the current trend of integration of
the Internet and Web 2.0 features into modern television sets and set-top boxes, as well as the technological convergence between
computers and these television sets or set-top boxes. These new devices most often also have a much higher focus on online
interactive media, Internet TV, over-the-top content, as well as on-demand streaming media, and less focus on traditional broadcast
media like previous generations of television sets and set-top boxes always have had.
Digital Convergence
Digital Convergence means inclination for various innovations, media sources; content that becomes similar with the time. It
enables the convergence of access devices and content as well as the industry participant operations and strategy. This is how this
type of technological convergence creates opportunities, particularly in the area of product development and growth strategies for
digital product companies. The same can be said in the case of individual content producers such as bloggers in any video-sharing
platform. The convergence in this example is demonstrated in the involvement of the Internet, home devices such as smart
television, camera, the video-sharing application, and the digital content. In this setup, there are the so-called "spokes", which are
the devices that connect to a central hub, which could either be the smart TV or a Personal Computer. Here, the Internet serves as
the intermediary, particularly through its interactivity tools and social networking, in order to create unique mixes of products and
services via horizontal integration.
The above example highlights how digital convergence encompasses three phenomena:
Previously stand-alone devices are being connected by networks and software, significantly enhancing functionalities;
Previously stand-alone products are being converged onto the same platform, creating hybrid products in the process;
and,
Companies are crossing traditional boundaries such as hardware and software to provide new products and new sources
of competition.
Another example is the convergence of different types of digital contents. The next hot trend in digital convergence is converged
content, mixing personal (user-generated) content with professional (copyright protected) content. An example are personal music
videos that combine user-generated photos with chart music.
Cloud Computing
Cloud computing is a method for delivering information technology (IT) services in which resources are retrieved from the
Internet through web-based tools and applications, as opposed to a direct connection to a server. Rather than keeping files on a
proprietary hard drive or local storage device, cloud-based storage makes it possible to save them to a remote database. As long as
an electronic device has access to the web, it has access to the data and the software programs to run it.
It's called cloud computing because the information being accessed is found in "the cloud" and does not require a user to be in a
specific place to gain access to it. This type of system allows employees to work remotely. Companies providing cloud services
enable users to store files and applications on remote servers, and then access all the data via the internet.
Simply put, cloud computing is the delivery of computing services such as servers, storage, databases, networking, software,
analytics, intelligence and more, over the Internet to offer faster innovation, flexible resources and economies of scale. One
typically pays only for cloud services they use, helping lower their operating costs, run their infrastructure more efficiently and
scale as the business needs change.
In its essence, cloud computing is the idea of taking all the heavy lifting involved in crunching and processing data away from the
device carried around, or sit and work at, and moving that work to huge computer clusters far away in cyberspace. The internet
becomes the cloud, and the data, work and applications are accessible from any device through the internet, anywhere in the
world.
Types of cloud computing
Not all clouds are the same and not one type of cloud computing is right for everyone. Several different models, types and services
have evolved with time.
Types of cloud deployments:
Public Cloud
Private Cloud
Hybrid Cloud
Public cloud
Public clouds are owned and operated by a third-party cloud service provider, which deliver their computing resources like servers
and storage over the Internet. Microsoft Azure is an example of a public cloud. With a public cloud, all hardware, software and
other supporting infrastructure is owned and managed by the cloud provider. A person can access these services and manage your
account using a web browser.
Private cloud
A private cloud refers to cloud computing resources used exclusively by a single business or organization. A private cloud can be
physically located on the company’s on-site datacenter. Some companies also pay third-party service providers to host their private
cloud. A private cloud is one in which the services and infrastructure are maintained on a private network.
Hybrid cloud
Hybrid clouds combine public and private clouds, bound together by technology that allows data and applications to be shared
between them. By allowing data and applications to move between private and public clouds, a hybrid cloud gives a business
greater flexibility, more deployment options and helps to optimize the existing infrastructure, security and compliance.
Software as a Service (SaaS)
SaaS involves the licensure of a software application to customers. Licenses are typically provided through a pay-as-you-go model
or on-demand.
Infrastructure as a Service (IaaS)
Infrastructure as a service involves a method for delivering everything from operating systems to servers and storage through IP-
based connectivity as part of an on-demand service. Clients can avoid the need to purchase software or servers, and instead procure
these resources in an outsourced, on-demand service.
Platform as a Service (PaaS)
Of the three layers of cloud-based computing, PaaS is considered the most complex. PaaS shares some similarities with SaaS, the
primary difference being that, instead of delivering software online, it actually provides a platform for creating software that is
delivered via the internet.
Security and privacy under Cloud Computing
Cloud computing poses privacy concerns because the service provider can access the data that is in the cloud at any time. It could
accidentally or deliberately alter or delete information. Many cloud providers can share information with third parties if necessary
for purposes of law and order without a warrant. That is permitted in their privacy policies, which users must agree to before they
start using cloud services. Solutions to privacy include policy and legislation as well as end users' choices for how data is stored.
Users can encrypt data that is processed or stored within the cloud to prevent unauthorized access.
According to the Cloud Security Alliance, the top three threats in the cloud are Insecure Interfaces and API's, Data Loss &
Leakage, and Hardware Failure—which accounted for 29%, 25% and 10% of all cloud security outages respectively. Together,
these form shared technology vulnerabilities. In a cloud provider platform being shared by different users there may be a
possibility that information belonging to different customers resides on same data server. Additionally, Eugene Schultz, chief
technology officer at Emagined Security, said that hackers are spending substantial time and effort looking for ways to penetrate
the cloud. "There are some real Achilles' heels in the cloud infrastructure that are making big holes for the bad guys to get into".
Because data from hundreds or thousands of companies can be stored on large cloud servers, hackers can theoretically gain control
of huge stores of information through a single attack—a process he called "hyperjacking". Some examples of this include the
Dropbox security breach, and iCloud 2014 leak. Dropbox had been breached in October 2014, having over 7 million of its users
passwords stolen by hackers in an effort to get monetary value from it by Bitcoins (BTC). By having these passwords, they are
able to read private data as well as have this data be indexed by search engines (making the information public).
There is the problem of legal ownership of the data. Many Terms of Service agreements are silent on the question of ownership.
Physical control of the computer equipment (private cloud) is more secure than having the equipment off site and under someone
else's control (public cloud). This delivers great incentive to public cloud computing service providers to prioritize building and
maintaining strong management of secure services. Some small businesses that don't have expertise in IT security could find that
it's more secure for them to use a public cloud. There is the risk that end users do not understand the issues involved when signing
on to a cloud service (persons sometimes don't read the many pages of the terms of service agreement, and just click "Accept"
without reading). This is important now that cloud computing is becoming popular and required for some services to work, for
example for an intelligent personal assistant. Fundamentally, private cloud is seen as more secure with higher levels of control for
the owner, however public cloud is seen to be more flexible and requires less time and money investment from the user.
Online Digital Libraries

A digital library is a collection of documents in organized electronic form, available on the Internet or on CD-ROM (compact-disk
read-only memory) disks. Depending on the specific library, a user may be able to access magazine articles, books, papers,
images, sound files, and videos.
On the Internet, the use of a digital library is enhanced by a broadband connection such as cable modem or DSL. Dial-up
connections can be used to access plain-text documents and some documents containing images, but for complex files and those
with animated video content, a downstream data speed of at least several hundred kilobits per second ( Kbps ) can make the user's
experience less tedious, as well as more informative. Internet-based digital libraries can be updated on a daily basis. This is one of
the greatest assets of this emerging technology.
On CD-ROM, the amount of data is limited to several hundred megabytes ( MB ) per disk, but access is generally much faster than
on an Internet connection. Several CD-ROMs can be combined in a set, and because the disks are small, a large library can be
accommodated in a reasonable physical space. The main limitation of CD-ROM is the fact that updating cannot be done as
frequently as on the Internet. In addition, producing and distributing CD-ROMs involves overhead costs that are largely
nonexistent in Internet-based libraries.
Some institutions have begun the task of converting classic books to electronic format for distribution on the Internet. Some files
can be viewed directly in HTML format; others can be downloaded in PDF format and printed. Some publishers keep electronic
files of books and produce them one unit at a time in printed and bound form on demand.
Electronic distribution of intellectual and artistic property has authors, agents, and publishers concerned about the possibility of
copyright infringement. It is much easier to copy a CD-ROM, or to download an electronic book and make unauthorized copies of
it, than it is to reproduce bound volumes and distribute them illegitimately. Fundamental changes in copyright law - and/or changes
in the way in which the laws are enforced - are likely to occur as digital libraries expand and their use becomes more widespread.
Institutional repositories
Many academic libraries are actively involved in building institutional repositories of the institution's books, papers, theses, and
other works which can be digitized or were 'born digital'. Many of these repositories are made available to the general public with
few restrictions, in accordance with the goals of open access, in contrast to the publication of research in commercial journals,
where the publishers often limit access rights. Institutional, truly free, and corporate repositories are sometimes referred to as
digital libraries. Institutional repository software is designed for archiving, organizing, and searching a library's content.
Digital archives
Physical archives differ from physical libraries in several ways. Traditionally, archives are defined as:
Containing primary sources of information (typically letters and papers directly produced by an individual or
organization) rather than the secondary sources found in a library (books, periodicals, etc.).
Having their contents organized in groups rather than individual items.
Having unique contents.
The technology used to create digital libraries is even more revolutionary for archives since it breaks down the second and third of
these general rules. In other words, "digital archives" or "online archives" will still generally contain primary sources, but they are
likely to be described individually rather than (or in addition to) in groups or collections. Further, because they are digital, their
contents are easily reproducible and may indeed have been reproduced from elsewhere.
Archives differ from libraries in the nature of the materials held. Libraries collect individual published books and serials, or
bounded sets of individual items. The books and journals held by libraries are not unique, since multiple copies exist and any
given copy will generally prove as satisfactory as any other copy. The material in archives and manuscript libraries are "the unique
records of corporate bodies and the papers of individuals and families".
A fundamental characteristic of archives is that they have to keep the context in which their records have been created and the
network of relationships between them in order to preserve their informative content and provide understandable and useful
information over time. The fundamental characteristic of archives resides in their hierarchical organization expressing the context
by means of the archival bond. Archival descriptions are the fundamental means to describe, understand, retrieve and access
archival material. At the digital level, archival descriptions are usually encoded by means of the Encoded Archival Description
XML format. The EAD is a standardized electronic representation of archival description which makes it possible to provide union
access to detailed archival descriptions and resources in repositories distributed throughout the world.
No physical boundary: The user of a digital library need not to go to the library physically; people from all over the
world can gain access to the same information, as long as an Internet connection is available.
Round the clock availability: A major advantage of digital libraries is that people can gain access 24/7 to the
information.
Multiple accesses: The same resources can be used simultaneously by a number of institutions and patrons. This may
not be the case for copyrighted material: a library may have a license for "lending out" only one copy at a time; this is
achieved with a system of digital rights management where a resource can become inaccessible after expiration of the
lending period or after the lender chooses to make it inaccessible (equivalent to returning the resource).
Information retrieval: The user is able to use any search term (word, phrase, title, name, and subject) to search the entire
collection. Digital libraries can provide very user-friendly interfaces, giving click able access to its resources.
Preservation and conservation: Digitization is not a long-term preservation solution for physical collections, but does
succeed in providing access copies for materials that would otherwise fall to degradation from repeated use. Digitized
collections and born-digital objects pose many preservation and conservation concerns that analog materials do not.
Please see the following "Problems" section of this page for examples.
Space: Whereas traditional libraries are limited by storage space, digital libraries have the potential to store much more
information; simply because digital information requires very little physical space to contain them and media storage
technologies are more affordable than ever before.
Added value: Certain characteristics of objects, primarily the quality of images, may be improved. Digitization can
enhance legibility and remove visible flaws such as stains and discoloration.
Easily accessible.
Access to Internet: A Human Right Issue

Every human being is entitled to some basic rights. Human right is a generic term and it embraces civil rights, civil liberties and
social, economic and cultural rights. Thus it can be said that all people have by virtue of being human certain rights, these rights
are called Human Rights. The idea of human rights is bound up with the idea of human dignity. Chief Justice of India, J.S.Verma
has stated, ‘human dignity is the quintessence of human rights’. D.D.Basu defines human rights as those minimum rights which
every individual must have against the State or other public authority by virtue of his being a member of human family,
irrespective of any other consideration.
Human rights have been classified by the United Nations into two kinds mainly,
1. Civil and Political Rights – those rights which are related to the protection of the right to life and personal liberty
2. Economic, Social and Cultural Rights – those related to the guarantee of minimum necessities of the life to human
beings.
In the current techno world, everything and anything is done with the help of internet from basic school project to
research for a Ph.D thesis. Internet has become an integral part of everyone’s life. Unlike the earlier economic
indicators – Food, Shelter and Clothing, many countries have included access to internet a basic indicator for Human
Development Index.
A minute without internet is just practically but also mentally possible for the current generation. In such a situation,
can Internet be considered a Human Right, a right which cannot be dispensed with or which defines basic dignified
lifestyle.
According to International Covenant on Economic, Social and Cultural rights, article 11(1) states, “The States Parties
to the present Covenant recognize the right of everyone to an adequate standard of living for himself and his family,
including adequate food, clothing and housing, and to the continuous improvement of living conditions. The States
Parties will take appropriate steps to ensure the realization of this right, recognizing to this effect the essential
importance of international co-operation based on free consent.” The term ‘continuous improvement of living
conditions’ states any further needs which is required for good living conditions. Further article 15(3) states “The State
Parties to the present Covenant undertake to respect the freedom indispensable for scientific research and creative
activity.” Hence in this digital world, Internet is and should be a human right guaranteed to all.
In a recent resolution, passed by United Nations, it was declared that, “online freedom” is a human right” and one that must be
protected. Further cementing this view, in July 2016 a declaration was issued indicating the importance of “applying a
comprehensive human-right based approach when providing and expanding access to internet and for the internet to be open,
accessible and nurtured. The UN Human Rights Commission has also passed a non-binding resolution that effectively makes
internet access a basic human right and any country denying it violates the human rights to its citizens. Unfortunately, India along
with other countries opposed this stating that they are open to idea of internet access to all, but they want absolute control over it.
Right to Broadband: A Fundamental Right in many jurisdictions
The Right to Internet is also known as Right to Broadband, has been included as a Fundamental right in amongst many
international communities. Former US President Barack Obama in 2015 said, “Today, high-speed broadband is not a luxury, it’s a
necessity.”
In Costa Rice, a 2010 Ruling by its Supreme Court said that technology has impacted the way humans communicate. It has
become a basic tool to exercise democratic participation, education, freedom of expression, access to information and public
services online and hence it includes fundamental right to access internet or World Wide Web. In Estonia, the government argued
that internet is essential for life in the 21st century and massive accessibility programmed was launched. Further countries like
Finland, Greece, Spain, France all have moved a step ahead and has brought access to internet under the fundamental rights of its
citizens.
International Conventions ratified by India
India has ratified many international conventions relating to human rights, thus is under obligation to implement the rights
stipulated to individuals. But unfortunately, India hasn’t chalked out policies and hasn’t yet enacted them for citizens to avail. Of
the many, India also ratified the two Covenants – International Covenant on Civil and Political Rights and Economic, Social and
Cultural Rights. Unfortunately, only the Human Rights embodied in Part III of the Constitution, which is the Fundamental Rights,
are enforceable in the Courts in India. Further the Human Rights Commission’s mandate, established in 1993, cannot extend to
those Human Rights which have been recognized in international treaties signed and ratified by India.
In a country where basic human rights are far from achievable, accessibility to internet is still a far-sighted concept. The push for
the need to have internet access has not just been raised by social forums and the media but also by the Courts as well.
In the case of Secretary, Ministry of Information and Broadcasting v. Cricket Association of Bengal [AIR 1995 SC 1236], it was
held that every citizen has a Fundamental Right to impart as well as receive information through the electronic media. A broad
interpretation of “electronic media” can definitely mean Internet as well. Enough time has passed since the time Rajiv Gandhi first
introduced computers; today everything runs and functions with Internet. In fact, the demonization move introduced by the Prime
Minister Narendra Modi emphasized the need to push India into a digital country, a cashless country with digital money. The
transition is taking place with railway stations and airports offering free internet, internet growth is booming. The growth
trajectory of broadband penetration still in its nascent stage, private companies are skeptical about the returns on their investment,
especially in the backdrop of the economic doldrums the country is experiencing.
Our policy makers, however, should have the vision to understand the potential that the rural market offers from the perspective of
business as well as development of people. The Digital India Programme by Union cabinet aiming to achieve digital empowerment
by connecting all Gram Panchayats by broadband internet, e-governance but yet the main ground for all this should be
accessibility to all. India has the necessary resources to enforce this right. Unfortunately lack of infrastructure and high cost of
Internet connectivity act as an impediment.
Even with a high demanding consumer base, still the country’s cost per MB is very high, compared to the First World countries
possessing fraction of India’s connected user. Hence there is a wide gap that has to be filled prior to declaration of right to internet
as a human right in India much less a legal right. Fortunately, The National Telecom Policy 2012 has set a target of 175 million
broadband connections by 2017, and 600 million 2020 at minimum 2 Mbps download speed and making available higher speeds of
at least 100 Mbps on demand.
The policy is also expected to look at ways to increase broadband penetration and convergence of various platforms like cable TV,
optical fiber, wireless connection through spectrum, VSAT and satellite. Currently, these platforms fall under different
departments. Cable TV for example, comes under the Ministry of Information and Broadcasting, while satellite related issues are
majorly governed by the Department of Space. With the new policy, DoT will have more control over various communication and
broadcast technologies. While this might make it easier for a company to launch all these services in one go, it increases the risk of
every communication medium being affected in case DoT comes out with bad policies in the future.
India ranks 130th in the HDI, lowest amongst the BRICS nations, with these figures, India still has lot of basic priorities to sort out
before it begins its digitalization move and hence the single answer to whether it is a basic human right or not is simply a big
“NO”. Yet again, by increasing cyber knowledge and skills associated, India can set an example amongst developing countries as
to how one can progress amidst tough constraints. The integration of rural economy with technology can bring the economic
miracle like in Japan and China.
Issue of Censorship
Internet censorship in India is selectively practiced by both federal and state governments. DNS filtering and educating service
users in better usage is an active strategy and government policy to regulate and block access to Internet content on a large scale.
Also measures for removing content at the request of content creators through court orders have become more common in recent
years. Initiating a mass surveillance government project like Golden Shield Project is also an alternative discussed over the years
by government bodies.
Open Net Initiative report
The Open Net Initiative classified India as engaged in "selective" Internet filtering in the political, conflict/security, social, and
Internet tools areas in 2011. ONI describes India as:
A stable democracy with a strong tradition of press freedom nevertheless continues its regime of Internet filtering. However,
India's selective censorship of blogs and other content, often under the guise of security, have also been met with significant
opposition.
Indian ISPs continue to selectively filter Web sites identified by authorities. However, government attempts at filtering have not
been entirely effective because blocked content has quickly migrated to other Web sites and users have found ways to circumvent
filtering. The government has also been criticized for a poor understanding of the technical feasibility of censorship and for
haphazardly choosing which Web sites to block.
Countries under Surveillance
In March 2012, Reporters without Borders added India to its list of "countries under surveillance", and stated:
“Since the Mumbai bombings of 2008, the Indian authorities have stepped up Internet surveillance and pressure on technical
service providers, while publicly rejecting accusations of censorship. The national security policy of the world's biggest democracy
is undermining freedom of expression and the protection of Internet users' personal data.”
Privacy Issues
Privacy can be defined as a right to be let alone. We as a human being want some space or privacy so that we can enjoy our life the
way we want. One should not have the fear of privacy intrusion in its own home or while enjoying his private life. Also a citizen
has a right to protect the privacy of his life, marriage, family, health, procreation and other matters.
“None can publish anything concerning the above matters without his consent, whether truthful or otherwise and whether
laudatory or critical. If he does so, he would be violating the right to privacy of the person concerned and would be liable in an
action for damages." But in certain cases the privacy of a person is not only breached but the content is made available in public
which results as defamation and loss of reputation.
Personal Privacy
The main and the most related term in the context of privacy can be related to the exposure of one’s body to another, it can also be
defined as physical privacy. This is also an aspect of personal modesty. A personal can go to extreme depth in order to protect his
modesty. Like one wears clothes to prevent his body to be seen to others, creates walls or fences etc. People also expect that their
privacy rights will be respected by others too. Some people choose to do the acts of physical intimacy in public but again this is
their personal choice.
Informational Privacy
As the term says informational privacy is related to information or data about a person. This data can be of any type and in any
form for example name, date of birth, address, phone number, bank details etc. The concern of privacy arises in collecting, storing
and sharing of personal data. With the improved technological equipments new type of Personally Identifiable Information (PII)
are generated and stored for various purposes. Like now days many organizations are implementing fingerprint scanners as a
security measure and a tool to grant access in the premises. The fingerprint scanner comes under the Biometric devices like iris
scanner, face camera, speaker recognition and many others. No doubt these devices provide effective security measures but if the
data collected by biometric devices, misused can be dangerous.
Organizational Privacy
Various organizations, agencies or corporations may desire to keep their activities hidden from other organizations or individuals.
Like the defense or military department etc. They can implement various methods to achieve their desired privacy.
Privacy and the Internet
Internet has almost changed the way one used to fear from privacy invasion. Now you don’t know how and when you are been
monitored and by whom. One do not know that his information is being sold over the internet for just 1 or 2 dollars, peoples are
being murdered by the help of internet, peoples are harassed and blackmailed on social networking sites. Their photos are
downloaded, morphed and misused. Though Internet has revolutionized the world and it has become a global village now, on the
other hand we cannot deny the negative aspects of it.
We need to understand the fact that everything that we do on internet can be noticed or revealed because it leaves digital traces.
The use of smart phones is another emerging danger to online privacy. Every device that is connected to Internet has a unique IP
address attached to it, whether it is a computer, mobile, play station or anything else which means it can be traced. If you are going
on a vacation without informing any of you friends and if your friend calls you and say what you are doing at that place, it will not
be surprising, that how he knew where you are. If you are doing online transaction or simply anything related to e-commerce it is
much possible that your credentials can be compromised. Now days even if you search anything on Google and after some time if
you want to search the same thing it will appear in the search drop list even if you type the first word of the letter.
Legal Regime to Combat Cyber Privacy in India
Information Technology Amendment Act, 2008
Information Technology Act is an act of Indian Parliament notified on 17, October, 2000. It was further amended and came into
force on October 27, 2009. It regulates the cyberspace in India and provides rules and regulations regarding different aspects of
cyber law.
Section 43(A): Compensation for failure to protect data
Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it
owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby
causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation,
to the person so affected.
Section 66(E): Punishment for violation of privacy
Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her
consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three
years or with fine not exceeding two lakh rupees, or with both.
Explanation - For the purposes of this section--
a. “Transmit” means to electronically send a visual image with the intent that it be viewed by a person or persons;
b. “Capture”, with respect to an image, means to videotape, photograph, film or record by any means;
c. “Private area” means the naked or undergarment clad genitals, pubic area, buttocks or female breast;
d. “Publishes” means reproduction in the printed or electronic form and making it available for public;
e. “Under circumstances violating privacy” means circumstances in which a person can have a reasonable expectation that
—
i. He or she could disrobe in privacy, without being concerned that an image of his private area was being
captured; or
ii. Any part of his or her private area would not be visible to the public, regardless of whether that person is in a
public or private place.
Section 72: Breach of confidentiality and privacy:

Save as otherwise provided in this Act or any other law for the time being in force, any person who, in pursuant of any of the
powers conferred under this Act, rules or regulations made there under, has secured access to any electronic record, book, register,
correspondence, information, document or other material without the consent of the person concerned discloses such electronic
record, book, register, correspondence, information, document or other material to any other person shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
Section 72(A): Punishment for Disclosure of information in breach of lawful contract
Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who,
while providing services under the terms of lawful contract, has secured access to any material containing personal information
about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses,
without the consent of the person concerned, or in breach of a lawful contract, such material to any other person shall be punished
with imprisonment for a term which may extend to three years, or with a fine which may extend to five lakh rupees, or with both.
Indian Penal Code, 1860
There are some sections in IPC which deals with privacy. They are not directly related with cyber privacy but can be helpful for an
individual to claim his or her rights. Like Section 499 –
Defamation, Section 500 – Punishment for Defamation, Section 292 – Sale, etc., of obscene books etc., Section 447 – Punishment
for Criminal Trespass, Section 509 - Word, gesture or act intended to insult the modesty of a woman.
Code for Criminal Procedure, 1973
Few of the sections in CrPC can also be implied with the other sections in other Acts such as
Section 320 - Compounding of offences.
Right to Information Act, 2005
Section 8 - Exemption from disclosure of information.
The Privacy Protection Bill (2013)
As the bill says that it is a bill “to establish an effective regime to protect the privacy of all persons and their personal data from
Governments, public authorities, private entities and others, to set out conditions upon which surveillance of persons and
interception and monitoring of communications may be conducted, to constitute a Privacy Commission, and for matters connected
therewith and incidental thereto.”
List of references
Sr.No Details
Long Questions
1. Describe in detail the salient features of Information Technology Act, 2000
2. Discuss in detail the penalties given under I. T. Act.
3. What is E-Commerce? Discuss the provisions concerning E-commerce in IT Act, 2000
4. Define ‘Digital Signature’. How can it be obtained in India?
5. What do you understand by Jurisdiction? State its relevance with Cyber Crimes.
6. What are different authorities under the Information Technology Act? State their power and functions
7. Functions and Powers of Cyber Appellate Tribunal
Short Notes
1. Certifying authority.
2. How IT Act influenced Indian Evidence Act ?
3. UNCITRAL
4. Digital Signature
5. Cyber Appellate Tribunal
6. Jurisdictional Issue
7. Cyber Space Jurisdiction
List of references
Sr.No Details

Long Questions
1. Formation of Online Contract and the safety measure to be taken?
2. What is E-Banking? Explain E-Banking Transaction
3. Electronic and Digital Signature. How can it be obtained in India?
4. Explain Taxation Issues in Cyber Space and Discuss International Tax
5. Protection of Trade Secrets and Deceptive Trade Practice, Discuss
6. E-Banking and Online Payment Options, How much is it safe? Comment.
Short Notes
1. E-Banking Transaction
2. Online Advertisement
3. Electronic Signature
4. Indirect Tax
5. Tax Evasion
6. Double Tax
7. International Tax
8. Electronic contract
9. Digital signature
10. Domain names
11. Advantages of E-commerce
List of references
Sr.No Details

Long Questions
1. Explain in detail types of Crime on Internet
2. Discuss in detail Investigation and Adjudication of Cyber Crime in India
3. What is Digital Evidence and its admissibility in the Court?
4. What is stalking? Explain in detail law relating to cyber stalking in India
5. Write a detail note on cyber terrorism
6. Discuss in detail violation of privacy on internet and data protection.
7. Differentiate between Ordinary Crime and Cyber Crime.
8. State the precautions to be exercised by the internet users for preventing cyber crimes against them.
9. Explain the meaning of electronic evidence. Is it admissible in judicial process?
10. Write a detail note on Cyber defamation
11. What is meant by cyber crime? Explain in detail any five of them.
12. What is Cyber Squatting? Explain with case law
Short Notes
1. Actus Reus
2. Mens Rea
3. Cyber Arbitration
4. What is Cyber Conflict Investigation
5. Internet Crime against Government
6. Digital Evidence
7. Define Hacking.
8. Credit card fraud
9. Denial of service attacks
10. Cyber squatting.
11. Phishing
12. Fishing
13. What is Pornography?
14. What do you mean by Right to Privacy?
15. Explain the meaning of cyber crime.
16. What is identity theft?
17. Piracy
18. ISO
19. What is internal time theft?
20. What is cyber fraud?
21. What is cyber stalking?
22. Cryptography
23. Data diddling
24. Concept of Internet Security
List of references
Sr.No Details

Long Questions
1. What is domain name dispute? Discuss any such dispute.
2. What is copyright in Internet? And what is it Infringement?
3. What is trademark in e-commerce? Is domain name a trademark? Comment.
4. What is trademark in e commerce? Is domain name intellectual property? Comment
5. What is Domain Name and what are the process of registration of the Domain Name on Internet
Short Notes
1. Cyberspace
2. Caching
3. OSS
4. DMCA
5. Data Protection Directive
6. Domain Name Dispute
7. ICANN
8. UDRP Policy
9. Met Tagging
10. Database issues on Internet
11. What is domain name?
12. What is an ISP?
13. Concept of Internet Security
14. Benefits of cryptography
List of references
Sr.No Details

Long Questions
1. Explain in detail National Security and Social Security on Internet
2. Write an explanatory note on Convergence Technologies
3. Differentiate between Social Security and National Security on Internet
4. What is Digital Libraries? Explain the concept of Digital Libraries.
5. Explain in detail the concept of freedom of expression on internet.
6. Discuss in detail the concept of E–governance with suitable examples
7. Explain the role of Internet service providers and their liability
8. Describe the meaning, nature and scope of the term E-governance.
9. Who is Controller? What are the functions of Controller?
10. Discuss the international efforts taken to provide for effective regulation of Cyber Space.
Short Notes
1. Cloud Computing
2. Write a short note on Digital Libraries
3. National Security
4. Social Security
5. Digital Libraries
6. Explain Anti-virus
List of references
Sr.No Details
Let us Recapitulate points dissussed in this module:
The term ‘‘Cyber Crime” means the vulnerability of any computing system, software program, or critical infrastructure to, or
their ability to resist, intentional interference, compromise, or incapacitation through the misuse of, or by unauthorized
means of, the Internet, public or private telecommunications systems.
The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach
not due to human error but due to the complex technology.
Kinds of Cyber Criminals –
a. Children and adolescents between the age group of 6 – 18 years
b. Organised hackers
c. Professional hackers / crackers
d. Discontented employees
Mode and manner of committing Cyber crime –

a. Unauthorized access to computer systems or networks / Hacking
b. Theft of information contained in electronic form .
c. Email bombing
d. Data diddling
e. Salami attacks
f. Denial of Service attack
g. Virus / worm attacks
h. Logic bombs
i. Trojan attacks
j. Internet time thefts
k. Web jacking
Types of Cyber Crime –

a. Financial fraud/Cyber Fraud
b. Cyber Theft
c. Cyber Pornography
d. Cyber Vandalism
e. Cyber Stalking
f. Cyber Laundering
g. Cyber Terrorism
h. Cyber Trespassing
i. Cyber Contraband
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents
Digital signatures employ asymmetric cryptography.
conjectured that such schemes existed based on functions that are trapdoor one-way permutations.
In 1984, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to rigorously define the security requirements
of digital signature schemes.
A Cyber Appellate Tribunal shall consist of one person only (hereinafter referred to as the Presiding Officer of the Cyber
Appellate Tribunal to be appointed, by notification, by the Central Government.
Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal to the High Court within
sixty days from the date of communication of the decision or order of the Cyber Appellate Tribunal to him.
Web Jacking occurs when someone forcefully takes control of a website by cracking the password and later changing it.
The IT Act provides for the Controller of Certifying Authorities (CCA) to license and regulate the working of Certifying
Authorities and also to ensure that none of the provisions of the Act are violated.
The Controller of Certifying Authorities (CCA) has been appointed by the Central Government under section 17 of the Act
for purposes of the IT Act.
List of references
Sr.No Details

As per Section 10 of the Indian Contract Law, 1872, an agreement is a contract which is enforceable by law.
An Online contract is conceptually very similar and is drafted in the same manner in which a traditional paper-based contract
is drafted.
Online can be categorized into three types mainly –
a. browse or web wrap contracts
b. shrink wrap contracts
c. clickwrap contracts
Essential elements of online contract –

a. Offer
b. Acceptance
c. Intention to create legal relationship
d. Lawful Object
e. Legal or lawful consideration
f. Capacity of the Parties
g. Free consent
h. Possibility of performance
Just like paper made or conventional contract, one of the most essential elements of online contract is the requirement of an
offer to be made.
When a proposal or offer is made is accepted by the person to whom the offer is made, it becomes a promise.
If there is no intention of creating legal relationship on the part of the parties to contract, there is no contract between them.
It is an essential element of valid contract that parties to the contract must have intention to create legal relationships.
Contract is only enforceable by law only when it is made for a lawful purpose.
Consideration is one of most important element of a contract.
Parties to a contract must be capable of entering into a contract. He must attain the age of majority and must be of sound
mind.
Consent which is defined under Section 13 of the Indian Contract Act, 1872 is an essential requirement of a contract.
The terms and conditions of agreement must be certain and not vague and must also be such as are capable of performance.
The Information Technology Act 2000 regulates the provisions relating to e commerce in India.
Online banking, also known as internet banking, is an electronic payment system that enables customers of a bank or other
financial institution to conduct a range of financial transactions through the financial institution's website.
Internet banking software provides personal and corporate banking services offering features such as viewing account
balances, obtaining statements, checking recent transaction and making payments.
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents.
A valid digital signature gives a recipient reason to believe that the message was created by a known sender, that the sender
cannot deny having sent the message, and that the message was not altered in transit.
Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software
distribution, financial transactions, contract management software, and in other cases where it is important to detect forgery
or tampering.
List of references
Sr.No Details

Kinds of Cyber Criminals –
a. Children and adolescents between the age group of 6 – 18 years
b. Organised hackers
c. Professional hackers / crackers
d. Discontented employees
Mode and manner of committing Cyber crime –

a. Unauthorized access to computer systems or networks / Hacking
b. Theft of information contained in electronic form .
c. Email bombing
d. Data diddling
e. Salami attacks
f. Denial of Service attack
g. Virus / worm attacks
h. Logic bombs
i. Trojan attacks
j. Internet time thefts
k. Web jacking
Types of Cyber Crime –

a. Financial fraud/Cyber Fraud
b. Cyber Theft
c. Cyber Pornography
d. Cyber Vandalism
e. Cyber Stalking
f. Cyber Laundering
g. Cyber Terrorism
h. Cyber Trespassing
i. Cyber Contraband
The term ‘‘Cyber Crime” means the vulnerability of any computing system, software program, or critical infrastructure to, or
their ability to resist, intentional interference, compromise, or incapacitation through the misuse of, or by unauthorized
means of, the Internet, public or private telecommunications systems.
The major email related crimes are:
a. Email frauds
b. Email spoofing
c. Sending malicious codes through email
d. Email bombing
e. Sending threatening emails
f. Defamatory emails
Email frauds are very often used to commit financial crimes. It becomes a simple thing not just to assume someone else's
identity but also to hide one's own.
A spoofed email is one that appears to originate from one source but has actually emerged from another source.
Email bombing refers to sending a large amount of emails to the victim resulting in the victim's email account or servers
crashing.
Full Headers show the entire path an email traveled from the author's computer to yours.
Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage
mediums.
Computer forensics, also called cyber forensics, is the application of computer investigation and analysis techniques
to gather evidence suitable for presentation in a court of law.
The goal of computer forensic is to perform a structured investigation while maintaining a documented chain of find out
exactly what happened on a computer and who was responsible for it.
The major reasons for criminal activity in computers are:
a. Unauthorized use of computers mainly stealing a username and password.
b. Accessing the victim’s computer via the internet.
c. Releasing a malicious computer program that is virus.
d. Harassment and stalking in cyberspace.
e. E-mail Fraud.
f. Theft of company documents
The Role of computer forensics techniques is to search, preserve and analyze information on computer systems to find
potential evidence for a trial.
Section 65B(2) contains a series of certifications which is to be provided by the person who is having lawful control over the
use of the Computer generating the said computer output and is not easy to be fulfilled without extreme care.
List of references
Sr.No Details

Cyberspace can be defined as an intricate environment that involves interactions between people, software and services.
Cyber security denotes the technologies and procedures intended to safeguard computer networks and data from unlawful
admittance of weaknesses and attacks transported through the internet by cyber delinquents.
The facets of intellectual property that relates to cyberspace are covered by cyber law namely
a. Copyright Law
b. Trademark Law
c. Semiconductor Law
d. Patent Law
Data protection and privacy laws aim to achieve a fair balance between the piracy rights of an individual and the interests of
data controllers such as Banks, Hospitals, Electronic mail Service providers etc.
Digital evidence is to be collected and proven in the Court of Law as per the provisions of the Indian Evidence Act (as
amended by the I.T. Act 2000).
Copyright is a legal device that gives the creator of a literary artistic, musical or other creative work, the sole right to publish
and sell that work.
Cyber space is domains characterized by the use of electronics and the electromagnetic spectrum to store, modify and
exchange data via networked systems and associated physical infrastructures
Database is meant to describe a compilation of works, data or other materials, i.e., collection of facts arranged in a
systematic or by logical principles in a methodical or scientific manner.
The Berne Convention of 1886 was the first step in harmonizing copyright law at a global level.
The General Agreement on Tariffs and Trade (G.A.T.T) has also addressed copyright issues, in parallel to W.I.P.O. The goal
of G.A.T.T is to promote the reduction of tariff barriers to the international movement of goods.
In October 2004, WIPO agreed to adopt a proposal offered by Argentina and Brazil, the "Proposal for the Establishment of a
Development Agenda for WIPO"—from the Geneva Declaration on the Future of the World Intellectual Property
Organization.
The Copyright Treaty 1996 and Performances and Phonograms Treaty 1996 are the two major international legal
instruments relating to cyberspace created under the auspices of W.I.P.O.
Copyright protection gives the author of work a certain “bundle of rights”, including the exclusive right to reproduce the
work in copies, to prepare derivative works based on the copyright work and to perform or display the work publicly.
Under the T.R.I.P.S Agreement, computer programs now qualify for copyright protection just as any other literary work, as
well as other forms of I.P. protection.
The modern Copyright Act not only recognizes the creative, literary or musical works for the individual authors, but also
provides an effective legal framework for protecting the rights of the owners of Computer software.
Databases in an elementary sense are nothing but an arrangement of arrays of information in a tabular manner.
A company's presence on the Net starts with its domain name ("domain"). A domain is an important corporate identifier.
List of references
Sr.No Details

Technological convergence is a term that describes the layers of abstraction that enable different technologies to interoperate
efficiently as a converged system.
The process by which existing technologies merge into new forms that bring together different types of media and
applications is known as Technological convergence.
Digital Convergence means inclination for various innovations, media sources; content that becomes similar with the time.
Cloud computing is a method for delivering information technology (IT) services in which resources are retrieved from the
Internet through web-based tools and applications, as opposed to a direct connection to a server.
Types of cloud deployments:
a. Public Cloud
b. Private Cloud
c. Hybrid Cloud
Public clouds are owned and operated by a third-party cloud service provider, which deliver their computing resources like
servers and storage over the Internet.
A private cloud refers to cloud computing resources used exclusively by a single business or organization.
Hybrid clouds combine public and private clouds, bound together by technology that allows data and applications to be
shared between them.
a. Software as a Service (SaaS)
b. Infrastructure as a Service (IaaS)
c. Platform as a Service (PaaS)
SaaS involves the licensure of a software application to customers.

Infrastructure as a service involves a method for delivering everything from operating systems to servers and storage through
IP-based connectivity as part of an on-demand service.
PaaS shares some similarities with SaaS, the primary difference being that, instead of delivering software online, it actually
provides a platform for creating software that is delivered via the internet.
Solutions to privacy include policy and legislation as well as end users' choices for how data is stored.
A digital library is a collection of documents in organized electronic form, available on the Internet or on CD-ROM
(compact-disk read-only memory) disks.
a. Institutional repositories
b. Digital archives

a. No physical boundary
b. Round the clock availability
c. Multiple accesses
d. Information retrieval
e. Preservation and conservation
f. Space
g. Added value
h. Easily accessible
The Right to Internet is also known as Right to Broadband, has been included as a Fundamental right in amongst many
international communities.
Information Technology Act is an act of Indian Parliament notified on 17, October, 2000. It was further amended and came
into force on October 27, 2009.
There are some sections in IPC which deals with privacy. They are not directly related with cyber privacy but can be helpful
for an individual to claim his or her rights.
The Open Net Initiative classified India as engaged in "selective" Internet filtering in the political, conflict/security, social,
and Internet tools areas in 2011.
List of references
Sr.No Details
Title :
Description :
Specify Folders
Notes
rajesh123 Notes Folder
Title :
Description :
Paragraph Number(s) :
Select Folder to Store Bookmark
Bookmarks
rajesh123 Bookmark Folder
 Next
Go to top of page
"Benevolent Partnering for Professional Empowerment"
Powered By
Copyright © 2020 AIR Law Academy | All rights reserved
Terms & Conditions Privacy Policy Refund And Cancellation Policy Help

Cyber Law & Forensic - HTML

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Law & Forensic - HTML

Uploaded by

Copyright:

Available Formats



Add new bookmark here

Select folder(s) to store note *

Search Your Folder

You can add your own title *

Printed By: Vishal R (vishal07) on Mon Jan 27 11:57:12 UTC 2020

Section 66: Computer Related Offences (Substituted vide ITAA 2008)

Section 66 A: Punishment for sending offensive messages through communication service

Section 67 A: Punishment for publishing or transmitting of material containing sexually

Section 67 B: Punishment for publishing or transmitting of material depicting children in

Section 67 C: Preservation and Retention of information by intermediaries

Protected system (Amended Vide ITAA-2008)

Section 79A: Central Government to notify Examiner of Electronic Evidence

Jurisdictional Issues in Cyberspace

Application of Digital Signature

Regulation of Certifying Authority

Cyber Regulation Appellate Tribunal

Unit II - Online Contracts

Formation of Online Contract

E-Banking and E-Banking Transactions

Digital or Electronic Signature

Regulation of Certifying Authority

Mode and manner of committing Cyber crime

Cyber Security- Meaning

What is Cyber Crime?

E-mail Related crimes

Analysing Email Headers

What time zone is India Time in?

What is Media Sanitation?

Hard Drive Internals

Guidelines for Media Sanitation

Role of Computer Forensic

Admissible evidence in Court of Law

Unit IV - IPR and Cyber Space

Copyright and Database

The Berne Convention

Internet in Indian Scenario

Legal Aspects and Challenges

Electronic Copyright Management System (E.C.M.S)

E.U.C.D (Europe Union Copyright Directive)

Protection of Database in India

Internet Protection in India

Copyright violations in Cyberspace: Offences and protection mechanisms

Selling and distribution of pirated software

Trademark issues in the Internet

In Internet Domain Name

National Internet Exchange of India (NIXI)

Unit V - Contemporary Issues

Convergence on the Internet

Types of Cloud Services

Infrastructure as a Service (IaaS)

Security and privacy under Cloud Computing

Online Digital Libraries

Features of Online Digital Library

Access to Internet: A Human Right Issue

International Conventions ratified by India

Privacy and the Internet

Section 43(A): Compensation for failure to protect data

Section 72: Breach of confidentiality and privacy

Indian Penal Code, 1860

Code for Criminal Procedure, 1973

The Privacy Protection Bill (2013)

Course Outline of Unit I: Introduction