Session 30

Cyber Laws

By
Prof. Atul Kochhar
C.A, C.S, Insurance Inst. Of India, MDP- IIM-A
Visiting Faculty, IBS Gurgaon
atulkochhar1@Hotmail.com
+91-9876247722 1
Atul Kochhar C.A, C.S
Cyber Crime – India accounts for 3%

2
Atul Kochhar C.A, C.S
 The Information Technology Act, 2000
The objectives of the Act are as follows:

1. Grant legal recognition to all transactions done via electronic exchange of data or other electronic
means of communication or e-commerce, in place of the earlier paper-based method of
communication.

2. Give legal recognition to digital signatures for the authentication of any information or matters
requiring legal authentication

3. Facilitate the electronic filing of documents with Government agencies and also departments

4. Facilitate the electronic storage of data

5. Give legal sanction and also facilitate the electronic transfer of funds between banks and financial
institutions

6. Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve Bank of India Act,
1934, for keeping the books of accounts in electronic form
3
Atul Kochhar C.A, C.S
 Features of the Act
1. All electronic contracts made through secure electronic channels are legally valid
2. Legal recognition for digital signatures

3. Security measures for electronic records and also digital signatures are in place

4. A procedure for the appointment of adjudicating officers for holding inquiries under the Act is finalized
5. Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act. Further, this tribunal will
handle all appeals made against the order of the Controller or Adjudicating Officer.
6. An appeal against the order of the Cyber Appellant Tribunal is possible only in the High Court

7. Digital Signatures will use an asymmetric cryptosystem and also a hash function

8. Provision for the appointment of the Controller of Certifying Authorities (CCA) to license and regulate the
working of Certifying Authorities. The Controller to act as a repository of all digital signatures.

9. The Act applies to offences or contraventions committed outside India

10. Senior police officers and other officers can enter any public place and search and arrest without
warrant 4
11. Provisions for the constitution of a Cyber Regulations Advisory Committee to advise the Central
Government and Controller. Atul Kochhar C.A, C.S
 Non – applicability of the Act

According to Section 1 (4) of the Information Technology Act, 2000, the Act is not applicable to the
following documents:

1. Execution of Negotiable Instrument under Negotiable Instruments Act, 1881, except cheques.

2. Execution of a Power of Attorney under the Powers of Attorney Act, 1882.

3. Creation of Trust under the Indian Trust Act, 1882.

4. Execution of a Will under the Indian Succession Act, 1925 including any other testamentary disposition
by whatever name called.

5. Entering into a contract for the sale of conveyance of immovable property or any interest in such
property.

6. Any such class of documents or transactions as may be notified by the Central Government in the
Gazette.

5
Atul Kochhar C.A, C.S
 Digital & Electronic Signatures
Digital signature is a mathematical scheme to verify the authenticity of digital documents or messages. Also, a valid
digital signature allows the recipient to trust the fact that a known sender has sent the message and it was not altered in
transit. Like written signatures, digital signatures provide authentication of the messages. The three important features of
digital features are:
• Authentication – They authenticate the source of messages. Since the ownership of a digital certificate is bound to a
specific user, the signature shows that the user has sent it.
• Integrity – Sometimes, the sender and receiver of a message need an assurance that the message was not altered
during transmission. A digital certificate provides this feature.
• Non-Repudiation (denial of the validity) – A sender cannot deny sending a message which has a digital signature.

Electronic Signature
Electronic Signature has been defined under Section 2(1)(ta) of the Information Technology Act, 2000. Electronic
Signature means the authentication of any electronic record by a subscriber by means of the electronic technique as
specified under the Second Schedule and also includes a digital signature. An electronic signature is described as any
6
electronic symbol, process or sound that is associated with a record or contract where there is intention to sign the
document by the party involved. The major feature of an electronic signature is thus the intention to sign the document or
the contract. Atul Kochhar C.A, C.S
 Digital v/s Electronic Signatures
a)The main difference between the two is that digital signature is mainly used to secure documents and is
authorized by certification authorities while electronic signature is often associated with a contract where
the signer has got the intention to do so
b)The other notable aspect that makes an electronic signature different from a digital signature is that an
electronic signature can be verbal, a simple click of the box or any electronically signed authorization
c)The main purpose of a digital signature is to secure a document so that it is not tampered with by people
without authorization. An electronic signature is mainly used to verify a document. The source of the
document and the authors are identified
d)Digital signature is authorized and regulated by certification authorities. These are trusted third parties
entrusted with the duty to perform such task. Electronic signatures are not regulated and this is the reason
why they are less favorable in different states since their authenticity is questionable. They can be easily
tampered with.
e)A digital signature is comprised of more security features that are meant to protect the document. An
electronic signature is less secure since it is not comprised of viable security features that can be used to
secure it from being tampered with by other people without permission

7
f)A digital signature can be verified to see if the document has not been tempered with. A digital certificate
can be used to track the original author of the document. It may be difficult to verify the real owner of the
signature since it is not certified. This compromises the authenticity as well as integrity of the document.
Atul Kochhar C.A, C.S
 Cyber Crimes
Cybercrimes: is not defined in Information Technology Act 2000 nor in the I.T. Amendment Act 2008 nor
in any other legislation in India.

Cybercrimes can be defined as: "Offences that are committed against individuals or groups of
individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or
mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such
as Internet (networks including chat rooms, emails, notice boards and groups) and mobile phones
(Bluetooth/SMS/MMS)".

To put it in simple terms ‘any offence or crime in which a computer is used is a ‘cyber-crime’.
Interestingly even a petty offence like stealing or pick-pocket can be brought within the broader
purview of cyber-crime if the basic data or aid to such an offence is a computer or an information
stored in a computer used (or misused) by the fraudster.

The I.T. Act defines a computer, computer network, data, information and all other necessary
ingredients that form part of a cyber-crime. In a cyber-crime, computer or the data itself is the target or
the object of offence or a tool in committing some other offence, providing the necessary inputs for
that offence. All such acts of crime will come under the broader definition of cyber-crime.
8
Atul Kochhar C.A, C.S
 Cyber Crimes…contd.

Cybercrime may threaten a person or a nation's security and financial health. Issues surrounding these
types of crimes have become high-profile, particularly those regarding hacking, copyright infringement,
unwarranted mass-surveillance, sextortion, child pornography, and child grooming.

Cybercrime usually includes:

(a)Unauthorized access of the computers

(b)Data diddling
(c) Virus/worms attack
(d)Theft of computer system
(e) Hacking
(f) Denial of attacks
(g)Logic bombs
(h) Trojan attacks
(i) Internet time theft
(j) Web jacking
(k) Email bombing, etc.
9
Atul Kochhar C.A, C.S
 Case Law – Shivendu Madhav
October 2, 2014
Unable to challenge the might of Google with his potent search engine tezguru.com in the want of funds in
2009, a teenaged techno genius Shivendu Madhav turned into an alleged cyber criminal five years later.
The 22-year-old techno whizkid from Siwan district of Bihar, Shivendu was arrested by the UP STF on October
1 in Lucknow, for allegedly being the tech brain of a Varanasi-based racket of youths, who had allegedly
created the fake portal of the Railway Recruitment Board.

tezguru.com, had even won accolades from former president Dr APJ Abdul Kalam in 2009 at a techno
exhibition in Bihar. Duped large number of job aspirants nationwide in the name of railway jobs, spanning
from track men to ticket collector

The young fraudsters had not only developed the fake RRB-Bhopal website, but also gave hypertext links to
RRB's official website http://www.rrbbpl.nic.in/so that anybody logging on to the fake site and clicking on a
link was taken to the official site, adding credibility to the fraudsters' claims. Processing fees of Rs 300 and Rs
500. Police came to know about Shivendu through a Mumbai-based internet payment gateway which was
being used by him and aides and subsequently located the racket to be based in Varanasi.

To ensure that duped job aspirants get their money back, Rs 13 lakh sum earned by fraudsters has been
blocked with the internet payment gateway being used by them 10
Atul Kochhar C.A, C.S