Cyber Law

Module 8 Part 1
Information Technology Act 2000

Section 78-90:-

CrPC section 155 that a police officer cannot investigate a non-cognizable case without
Magistrate’s order. While investigating the commission of a cognizable offence the police
officer can investigate any non-cognizable offence, which may arise out of the same facts.

Chapter XII CrPC gives right to the police to investigate based on FIR or other 1 st
information suggesting a cognizable offence. Office-in-charge has to register the case.

78. Power to investigate offences.–

A police officer not below the rank of Inspector shall investigate cognizable (sections 65-70,
72A) as well as non-cognizable (sections 68, 70B, 71-74, and section 33) offences under the
Act.

Code of Criminal Procedure, 1973 investigation:

(a) section 155 under non-cognizable offence, police officer is to obtain the order of a
Magistrate and

(b) section 156 under cognizable offence, any officer in charge of a police station may
proceed without the order of a Magistrate

Chapter XII Intermediaries not to be liable in certain cases:

Section 79:- Exemption from liability of Intermediary in certain cases

(1) For any 3rd party information, communication link, or data which was made available to
an intermediary or hosted by him, he will not be liable under this provision for the same. It
removes civil liability of an intermediary.

(2) conditions -

(a) his functions should be limited to providing access to communication system over which
data made available is transmitted, temporarily stored or hosted; or

(b) he doesn’t
(i) start the transmission,
(ii) select the receiver of the purpose of transmission and
(iii) select or modify the data contained in the transmission.

(c) he has followed due diligence while performing his duties and also followed guidelines as
prescribed by the Central Govt.
(3) Exemption shall not apply if-

(a) he has conspired, abetted, aided or induced, in commission of the unlawful act.
(b) after getting knowledge, or on being informed by Govt that any data in or connected to a
computer resource controlled by him is being used to commit some illegal act, he fails to
remove or disable access to that data without destroying the evidence in any manner.

CHAPTER XIIA
EXAMINER OF ELECTRONIC EVIDENCE

79A. Central Government to notify Examiner of Electronic Evidence.–

For the purposes of providing expert opinion on electronic form evidence the Central
Government may by notification in the Official Gazette specify any Department, body or
agency of the Central or a State Government as an Examiner of Electronic Evidence.

Section 45A of Indian Evidence Act gives power to Examiner of Electronic Evidence to
appear as an expert to give opinion on electronic form evidence.

CHAPTER XIII
MISCELLANEOUS

80. Power of police officer and other officers to enter, search, etc.–

(1) any police officer, not below the rank of an Inspector, or any other officer of the Central
or a State Government may enter any public place and search and arrest without warrant any
person found therein who is reasonably suspected of having committed or of committing or
of being about to commit any offence.

(2) Where any person is arrested under by an officer other than a police officer, such officer
shall, without unnecessary delay, take or send the person arrested before a magistrate

(3) CrPC will apply in relation to any entry, search or arrest.

81. Act to have overriding effect.

Right under the Copyright Act, 1957 (14 of 1957) or the Patents Act, 1970 (39 of 1970) not
covered.

Meherban Khan vs UoI

It was held that the section 81 cannot override Limitation Act to give effect to any appeal
barred by limitation.

81A. Application of the Act to electronic cheque and truncated cheque.–

(1) The act will apply to electronic cheques and the truncated cheques subject to
modifications and amendments for the purposes of the Negotiable Instruments Act,
1881.
82. Controller, Deputy Controller and Assistant Controller to be public servants.–
Deemed to be public servants within the meaning of section 21 of the Indian Penal Code.
Deemed public servant not for the purpose of IPC.

State of Maharashtra vs Lalit Rajshi Saha

“Deemed public servant” is a legal fiction. The act asks certain persons to be treated as public
servants for the purpose of that particular Act only not for other Acts as well.

83. Power to give directions.– The Central Government may give directions to any State
Government.

84. Protection of action taken in good faith.–

No legal proceeding shall lie against the Central, State Government, the Controller or any
person acting on behalf of him, and adjudicating officers for anything which is in good faith
done or intended to be done in pursuance of this Act or any rule, regulation or order made
thereunder.

84A. Modes or methods for encryption.–

The Central Government may, for secure use of the electronic medium and for promotion of
e-governance and e-commerce, prescribe the modes or methods for encryption.

84B. Punishment for abetment of offences.–

Whoever abets any offence shall, if the act abetted is committed in consequence of the
abetment, and no express provision for the punishment of such abetment, be punished with
the punishment provided for the offence.

84C. Punishment for attempt to commit offences.–

Whoever attempts to commit an offence or causes such an offence to be committed, and in
such an attempt does any act towards the commission of the offence, shall, where no express
provision is made for the punishment of such attempt, be punished with imprisonment of any
description provided for the offence, for a term which may extend to one-half of the longest
term of imprisonment provided for that offence, or with such fine as is provided for the
offence, or with both.

85. Offences by companies.–

(1) Where a person committing a contravention of any of the provisions is a company, every
person who, at the time the contravention was committed, was in charge of, and was
responsible to, the company for the conduct of business as well as the company, shall be
guilty of the contravention and shall be liable to be proceeded against and punished
accordingly:

Exception:
Without knowledge and with all due diligence to prevent

(2) where a contravention of any of the provisions has been committed by a company and it is
proved that the contravention has taken place with the consent or connivance of, or is
attributable to any neglect on the part of, any director, manager, secretary or other officer of
the company, such person shall also be deemed to be guilty of the contravention and shall be
liable to be proceeded against and punished accordingly.
Aneeta Hada vs Godfather travels and tours (P) ltd.

Director solely cannot be held liable without impleading the company.

YOUSAFALLI ESMAIL NEGREE Vrs State of Maharashtra (not sure ki isi case ka
judgement hai)

"tape recording" is an admissible evidence if it can be proved beyond reasonable doubt that
the record was not tampered with.

The imprint as magnetic tape is the direct effect of tape sounds. Like a photograph of a
relevant incident, a contemporaneous tape record of a relevant conversation is relevant fact
and is admissible u/s. 7 of Indian Evidence Act.

86. Removal of difficulties.–

(1) If any difficulty arises in giving effect to the provisions of this Act, the Central
Government may, by order published in the Official Gazette, make such provisions not
inconsistent with the provisions of this Act as appear to it to be necessary or expedient for
removing the difficulty:

87. Power of Central Government to make rules.–

(1) The Central Government may, by notification in the Official Gazette and in the Electronic
Gazette, make rules to carry out the provisions of this Act.
(2) List of matters

88. Constitution of Advisory Committee.–

(1) The Central Government shall constitute a Committee called the Cyber Regulations
Advisory Committee.
(2) consist of a Chairperson and such number of other official and non-official members
representing the interests principally affected or having special knowledge of the subject-
matter as the Central Government may deem fit.
(3) The Cyber Regulations Advisory Committee shall advise–
(a) the Central Government either generally as regards any rules or for any other purpose
connected with this Act;
(b) the Controller in framing the regulations under this Act.

89. Power of Controller to make regulations.–

(1) The Controller may, after consultation with the Cyber Regulations Advisory Committee
and with the previous approval of the Central Government, make regulations consistent with
this Act and the rules made thereunder to carry out the purposes of this Act.
(2) such regulations may provide for all or any of the following matters, namely:–
(a) the particulars relating to maintenance of data base containing the disclosure
record of every Certifying Authority under clause 1[(n)] of section 18;
(b) the conditions and restrictions subject to which the Controller may recognise any
foreign Certifying Authority under sub-section (1) of section 19;
(c) the terms and conditions subject to which a licence may be granted under clause
(c) of sub-section (3) of section 21;
(d) other standards to be observed by a Certifying Authority under clause (d) of
section 30;
 (e) the manner in which the Certifying Authority shall disclose the matters specified
in sub-section (1) of section 34;
(f) the particulars of statement which shall accompany an application under sub-
section (3) of section 35.
(g) the manner by which the subscriber shall communicate the compromise of private
key to the Certifying Authority under sub-section (2) of section 42.

90. Power of State Government to make rules.–

(1) The State Government may make rules to carry out the provisions of this Act.
(2) such rules may provide for all or any of the following matters, namely:–
(a) the electronic form in which filing, issue, grant, receipt or payment shall be
effected under sub-section (1) of section 6;
(b) for matters specified in sub-section (2) of section 6;
 AMENDMENTS TO EVIDENCE ACT, 1872

Under Section 52 of IT Act (Amendment) 2008

1. Section-3: "EVIDENCE" means and includes (1) All statements which court permits or
requires to be made before it by witness, in relation to matter of fact under inquiry; Such
documents are called "documentary evidence" (includes electronic records)

2. Section 17: Admission defined-

An admission is a statement, oral or documentary or CONTAINED IN ELECTRONIC

FORM, which suggests any inference as to any fact in issue or relevant fact and which is
made by any of the persons, and under the circumstances, hereinafter mentioned.

3. Section 22:

"Section 22A when oral admission as to contents of electronic records are relevant- not
relevant, unless the genuineness of the electronic record produced is in question.

4. Section 34: Entries in books of account when relevant: Entries in the books of account
including THOSE MAINTAINED IN AN ELECTRONIC FORM in the course of
business, are relevant, whenever they refer to a matter into which the court has to inquire, but
such statements shall not alone be sufficient evidence to change any person with liability.

5. Section 35: Relevancy of Entry in Public Record, made in performance of duty-

An entry in any public or other official book, register or record or an ELECTRONIC

RECORD stating a fact in issue or relevant fact and made by a public servant in discharge of
his official duty or by any other person in performance of a duty specially enjoined by law of
the country on which such book, register or record or AN ELECTRONIC RECORD is
kept, is itself relevant fact.

6. Section 39: Whatever evidence to be given when statement forms part of a

conversation, document, ELECTRONIC RECORD, BOOK OR SERIES OF LETTERS
OR PAPERS:
When any statement of which evidence is given forms part of a longer statement or of a
conversation or part of an isolated document, or is contained in document which forms part of
a book, or is contained in part of ELECTRONIC RECORD or of a connected series of
letters or papers, evidence shall be given of so much and no more of the statement,
conversation, document, ELECTRONIC RECORD, book or series of letters or papers as
the, court considers necessary in the particular case to the full understanding of the nature and
effect of the statement, and of the circumstances under which it was made".

6A. Section45:

45A opinion of Examiner of ELECTRONIC EVIDENCE when a proceeding, the court has
to form an opinion on any matter relating to any information transmitted or stored in any
COMPUTER SOURCE or any ELECTRONIC OR DIGITAL form the opinion of
Examiner of Electronic Evidence referred to in Section 79A of IT Act 2000 is relevant fact.
7. Section 47
"47A opinion as to digital signature when relevant- when a court has to form an opinion
as to the electronic signature of any person, the opinion of the certifying Authority which has
issued the Electronic Signature Certificate is a relevant fact".

8. Section 59: For the word "Contents of documents" the words “contents of documents or
ELECTRONIC RECORDS" shall be substituted.

9. Section 65
Section 65A special provision as to evidence relating to electronic record-

The contents of electronic records may be proved in accordance with provisions of section
65B.

Section 65B- Admissibility of electronic records (Non-obstante clause)

(1) Any information contained in an electronic record which can be printed on a paper,
Stored, recorded or copied in Optical or magnetic media produced by a computer shall be
deemed to be also a document, if the conditions mentioned in this section are satisfied in
relation to the information and computer in question and shall be admissible in any
proceedings, without further proof or production of the original, as evidence of any contents
of the original or any fact stated therein of which direct evidence would be admissible.

(2) conditions:-
a) the computer output containing the information was produced by the computer during the
period over which the computer was used regularly to store or process information for the
purposes of any activities regularly carried on over that period by the person having lawful
control over the use of the computer.
(b) during the said period, information of the kind contained in electronic record or of the
kind from which the information so contained is derived was regularly fed into the computer
in ordinary course of the said activities.
(c) throughout the materials part of the said period the computer was operating properly or if
not, then in respect of any period in which it was not operating properly or was out of
operation during that part of the period, was not such as to affect the electronic record or the
accuracy of its contents and
(d) the information contained in the electronic record reproduces or is derived from such
information fed into the computer in ordinary course of the said activities.

(3) where over any period, the function of storing or processing information for the purposes
of any activities regularly carried on over the period as mentioned in clause (a) of sub section
(2) was regularly performed by the computer, whether
(a) by a combination of computers operating over that period
(b) by different computers operating in succession over that period; or
(c) by different combination of computers operating in succession over that period,
(d) in any other manner involving the successive operation over that period, in whatever
order, of one or more computers and one or more combinations of computers,
All computers used for that purpose during that period shall be treated for the purpose of this
section as constituting a SINGLE COMPUTER; and references in this section to a computer
shall be construed accordingly.
(4) In any proceedings where it is desired to give a statement in evidence by virtue of this
section, a certificate doing any of the following things, that is to say,
(a) identifying the electronic record containing the statement and describing the manner in
which it is produced.
(b) giving such particulars of any device involved in the production of that electronic record
as may be appropriate for the purpose of showing that the electronic record was produced by
a computer.
(c) dealing with any of the matters to which the conditions mentioned in sub section (2)
relate, And purporting to be signed by a person occupying a responsible official position in
relation to the operation of relevant device or the management of the relevant activities shall
be evidence of the matter stated in the certificate, and for the purposes of this section it shall
be sufficient for a matter to be stated to the best of the knowledge and belief of the person
stating it.

(5) for the purposes of this section-

(a) information shall be taken to be supplied to a computer if it is supplied thereto in any
appropriate form and whether it is so supplied directly or by means of any appropriate
equipment,
(b) whether in the course of activities carried on by any official, information is supplied with
a view to its being stored or processed for the purposes of those activities by a computer
operated otherwise than in course of those activities, that information, if duly supplied to the
computer, shall be taken to be supplied to it in course of those activities.
(c) a computer output shall be taken to have been produced by a computer whether it was
produced directly or means of any appropriate equipment.

10. Section 67 –
67A. Proof as to digital signature- Except in the case of a secure [electronic signature] if
the electronic signature of any subscriber is alleged to have been affixed to an electronic
record the fact that such electronic signature is the electronic signature of the subscriber must
be proved.

11. Section 73-

73A-Proof as to verification of digital signature. In order to ascertain whether a digital
signature is that of the person by whom it purports to have affixed, the court may direct-
(a) That person or Controller or Certifying Authority to produce digital signature certificate.
(b) Any other person to apply the public key listed in the Digital to signature certificate and
verify the digital signature purported have been fixed by that person.

12. Section 81
"81A-Presumption as Gazettes in electronic form:- The court shall presume the
genuineness of every electronic record purporting to be the official gazette, or purporting to
be electronic record directed by any law to be kept by any person, if such electronic record is
kept substantially in form required by law and is produced from proper custody."

13. Section 85,

85A presumption as to electronic agreement The court shall presume that every electronic
record purporting to be an agreement containing electronic signature of the parties was so
concluded by affixing the electronic signatures of the parties."

"85B-Presumptions as to electronic records and digital signatures

(1) In any proceedings involving a secure electronic record, the court shall presume unless
contrary is proved, that the secure electronic record has not been altered since the specific
point of time to which the secure status relates

(2) In any proceedings involving a secure electronic signature, the court shall presume unless
the contrary is proved that-
(a) The secure electronic signature is affixed by subscriber with the intention of signing or
approving the electronic record
(b) Except in the case of a secure electronic record of a secure electronic signature nothing in
this section shall create any presumption relating to authenticity and integrity of electronic
record or any electronic signature.

85C. Presumption as to Digital Signature Certificate- The court shall presume unless
contrary is proved, that the information listed in a electronic signature certificate is correct
except for information specified subscriber information which has not been verified, if the
certificate was accepted by the subscriber".

14. Section 88-

"88A- Presumption as to electronic messages- The court may presume that an electronic
message forwarded by the originator through an electronic mail server to addressee to whom
the message purports to be addressed corresponds with the message as fed into his computer
for transmission, but the court shall not make any presumption as to the person by whom
such message was sent.

15. Section 90-

"90A- Presumption as to electronic records five year old- where any electronic record,
purporting or proved to be five years old, is produced from any custody which the court in the
particular case considers proper, the court may presume that the electronic signature which
purports to be the electronic signature of any particular person was so affixed by him or any
person authorised by him in this behalf.

Section 65-A, 65-B judgements

State (NCT of Delhi) v. Navjot Sandhu AIR 2005 SC. 3820.

Parliament Attack conviction appeal. Question related to the proof and admissibility of
mobile telephone call records. A submission was made on behalf of the accused that no
reliance could be placed on the mobile telephone call records, because the prosecution had
failed to produce the relevant certificate under Section 65-B(4) of the Evidence Act. The
Supreme Court concluded that a cross-examination of the competent witness acquainted with
the functioning of the computer during the relevant time and the manner in which the
printouts of the call records were taken was sufficient to prove the call records.

Jagjit Singh v. State of Haryana (2006) 11 S.CC.1.

The speaker of the Legislative Assembly of the State of Haryana disqualified a member for
defection. The Supreme Court considered the digital evidence in the form of interview
transcripts from the Zee News television channel, the Aaj Tak television channel and the
Haryana News of Punjab Today television channel. The court determined that the electronic
evidence placed on record was admissible and upheld the reliance placed by the speaker on
the recorded interview when reaching the conclusion that the voices recorded on the CD were
those of the persons taking action.

Bodala Murali Krishna v. Smt. Bodala Prathima 2007 (3) ALD 72.
"... the amendments carried to the Evidence Act by introduction of Sections 65-A and 65-B
are in relation to the electronic record. Sections 67-A and 73-A were introduced as regards
proof and verification of digital signatures. As regards presumption to be drawn about such
records, Sections 85-A, 85-B, 85-C, 88-A and 90-A were added. These provisions are
referred only to demonstrate that the emphasis, at present, is to recognize the electronic
records and digital signatures, as admissible pieces of evidence."

Dharambir v. Central Bureau of Investigation 148 (2008) DLT 289

The court arrived at the conclusion that when Section 65-B talks of an electronic record
produced by a computer referred to as the computer output) it would also include a hard disc
in which information was stored or was earlier stored or continues to be stored.

It distinguished as there being two levels of an electronic record. One is the hard disc which
once used itself becomes an electronic record in relation to the information regarding the
changes the hard disc has been subject to and which information is retrievable from the hard
disc by using a software program. The other level of electronic record is the active accessible
information recorded in the hard disc in the form of a text file, or sound file or a video file
etc. Such information that is accessible can be converted or copied as such to another
magnetic or electronic device like a CD, pen drive etc. Even a blank hard disc which contains
no information but was once used for recording information can also be copied by producing
a cloned had or a mirror image.

Anvar P.V. v P.K. Basheer and Others, Computer Output is not admissible without
Compliance of 65B, this overrules the judgment laid down in the State (NCT of
Delhi) v. Navjot Sandhu alias Afzal Guru by the two judge Bench of the Supreme
Court. The court specifically observed that the Judgment of Navjot Sandhu", to the
extent, the statement of the law on admissibility of electronic evidence pertaining to
electronic record of this court, does not lay down correct position and is required to be
overruled. This judgment has provided a guideline regarding the practices being
followed in the various High Courts and the Trial Court as to the admissibility of the
Electronic Evidences.
The legal interpretation by the court of the following Sections 22A, 45A, 59, 65A &
65B of the Evidence Act has confirmed that the stored data in CD/DVD/Pen Drive is
not admissible without a certificate u/s 65B(4) of Evidence Act and further clarified
that in absence of such a certificate, the oral evidence to prove existence of such
electronic evidence and the expert view under section 45A Evidence Act cannot be
availed to prove authenticity thereof.

The apex court in its judgement had laid down that since Section65B is a "non obstante
clause it would have an overriding effect on the law relating to secondary evidence as
mentioned in Section 63 and 65. Secondary evidence would be entirely administered by
section 65A and 65B of the evidence act.

The main and only option to present the electronic record is by creating the first electronic
media as Primary Evidence to the court or its duplicate through secondary evidence under
sections 65A/65B of Evidence Act. In this way, on account of CD, VCD, chip, and so on, the
same should be submitted with a certificate as far as Section 65B is concerned, not complying
with the same would lead the evidence to be inadmissible.

R. Vrs. Sinha (1995) Cr.LR 68

The defendant, a doctor, a patient had consulted him, complaining of palpitations and
defendant had prescribed a course of beta blockers without ascertaining from her medical
records that she was an asthmatic. The following day, the patient took one of the beta
blockers and later died as a result of an acute asthma attack. The coroner requested the senior
partner at the defendant's practice supply him with patient's records. The senior partner could
not find the written records, so he sent the computerised version found traces of earlier
version of patient's records which has been deleted. This lead to enquiries and finally the
defendant admitted that on 3 occasions, following the patient's death, he had altered her
computerised therapy records which had previously contained 4 separate reference to her
asthmatic conditions. He was sentenced to 6 months imprisonment.
 Module 8 Part 1

CYBER CRIME INVESTIGATION (INITIATIVES TAKEN BY CBI)

1. Cyber crimes research and development unit (CCRDU) is charged with the
responsibility of keeping track of the developments in this ever growing area. It has following
tasks-

a) Liaison with the state police forces and collection of information on case of Cyber Crime
reported to them for investigation and to find out about the follow-up action in each case.
b) Liaison with software experts to identify areas, which require attention of State Police
Force for prevention and detection of such crimes with a view to train them for the task;
c) Collection of information on the latest cases reported in other countries and innovations
employed by Police Forces in those countries to handle such cases,
d) Prepare a monthly Cyber Crime Digest for the benefit of state police forces and,
e) Maintenance of close rapport with ministry of IT, Govt. of India, and other
organizations/institutions and Interpol Headquarters, Lyons for achieving its objective of
giving the needed thrust to collection and dissemination of information on Cyber Crimes.

2. The Cyber Crime investigation cell (CCIC), it is a part of the Economic Offences
Division. The cell has all-India Jurisdiction and investigates criminal offences under the
information Technology Act 2000, besides frauds committed with the help of computers,
credit cards etc. It is also a round the clock NODAL POINT of CONTACT for Interpol to
report Cyber Crimes in India and also a member of "Cyber Crime Technology Information
Network System" Japan.

3. The Cyber Forensics Laboratory (CFL), functions under the Director, central Forensic
science Laboratory.

The responsibility of CFL are-

i) Provide media analysis in support of criminal investigation by CBI and other Law
Enforcement Agencies
ii) Provide onsite assistance for computer search and seizure on request.
iii) Provide consultation on investigation or activities in which media analysis is probable or
occurring;
iv) Provide expert testimony
v) Research and development in Cyber Forensic.

The following principles are followed by the CFL-

i) Purpose of analysis shall be to use the evidence in court
ii) All legal formalities shall be followed
(iii)The media should have been legally seized, and chain of custody maintained.
(iv) The analysis shall be on an image of the media and not on the media itself.
(v) The laboratory shall have the best imaging tools and software tools for analysis.

4. NETWORK MONITORING CENTRE (NMC) is to Police the internet. It has network

monitoring tool (NMT) developed by IIT, Kanpur and may use similar and other tools to
achieve its purpose after following the required procedure.
 SEARCH AND SEIZURE OF DIGITAL EVIDENCE:

ADVANCE PLANNING FOR SEARCH.

When the Investigating Officer is required to carry out search in a place where it is suspected
that computer network or any other electronic memory devices are likely to be found, it is
advisable to contact computer forensic scientist of a forensic science laboratory to accompany
the search team- in case it is not possible, information may be collected regarding the type,
make, model operating system, network architecture, type of location of data storage, remote
access possibilities etc, which can be passed on to forensic experts as that would help making
necessary preparation to collect and preserve evidence. It must be remembered that on some
occasions, it may not be possible to remove the computer system physically and data may
have to be copied at the scene of crime/ place of search. The investigator or expert must carry
necessary media, software, and other specialized items as well as special packing materials
which can prevent loss of data as data of magnetic media can be destroyed by dust, jerks, and
electrostatic environment.

PRECAUTION AT THE SEARCH SITE

Taking control of the Location:

It is extremely important to ensure that suspect or an accused is not allowed to touch any part
of the computer or accessory attached to it either by physical means or through wireless.
Since, systems could be connected through physical networks such as fiber optics, cables,
telephone or on wi-fi or wi-max wireless networks or even through a mobile phone having a
wireless communication port, the investigator, has to be extremely alert and may seek
guidance from an expert, if not available on site, on telephone and take steps as per
instructions. The Investigator must remember that even by pressing a key or by giving a
command through a wireless mouse or keyboard or even by executing a command through an
e-mail message, the entire data either could be wiped out or corrupted, making it useless for
the Investigator. This is also applicable in case of small devices or removable storage devices,
which have the capacity of storing huge amount of data.
The information in a network environment need not be stored at the same site. The data could
reside at a remote Location and take action accordingly. In case, storage of data is suspected
to be located outside the country, it may be necessary to alert the Interpol and take necessary
follow up steps to issue letter rogatory under the provisions of section 166 A Cr. P.C.

Before conducting the search, the Investigator will need to decide whether to seize data on
site, or seize hardware for examination at a computer forensic Laboratory. While on site data
seizure has the advantage, that one does not have to transport much hardware, one may need
services of a computer Forensic Expert to download data for analysis and preserve data for
presenting it in the Court. When in doubt, make use of a computer Forensic Expert Specialist
at the scene, if possible, to determine whether one needs to seize data or seize hardware. In
case, a specialist is not available, it is recommended that one seizes everything.

NET WORKED COMPUTERS:

Do not disconnect the computer if networks or mainframes are involved, pulling a computer
from a network may damage the network, and cause harm to the company's operations. It is
generally not practical to seize a mainframe because it requires disconnecting all the
computers that are attached to it. Hardware seizure with computers on a network can be very
complicated, and one should definitely enlist the help of computer forensic specialist in these
cases.

PREPARATION FOR SEARCH:

The Investigator should carry the following items:

1. DISKS OR CARTRIDGED These can be used to store copies of files from the computer
for use in his investigation.
2. LABELS - to label cables, where they plug in discs, the various parts of the computer and
to write / protect disks.
3. Screw drivers and other tools
4. GLOVES
5. Packing materials - rubber bands, tape, boxes, bubble wrap, and if he does not have
access to anti-static wrap, paper bags, should be used, because they have less static charge
than plastic bags.
6. CAMERA EQUIPMENT -to videotape and photograph the scene.
7. CHAIN OF CUSTODY-report sheets, and other paper to inventories seized evidence.

STEPS FOR SEARCH:

Rely on Technical Staff or Experts:

Be careful not to cause damage during a search as electronically stored data can be easily
lost. The Forensic experts will help during a search but could also assist in interviewing the
company's technical personnel because they will know what questions to ask to elicit relevant
information for the investigation.
Once on the site the Investigating Officer must survey the equipment and take precautionary
steps. Next he will need to document the way the system is connected together and take
following steps.

(i) Labeling and photographing the setup:

Labeling and photographing everything prior to dismantle the system is an important first
step- Take some general photographs of the search site to document its pre-search condition
for legal purpose and to serve as a reference during investigation. This documentation on how
the system was configured may prove essential when the system is reconnected in the
Forensic Laboratory. As the Investigating Officer is taking the pictures, he should pay special
attention to DIP switches on the back of certain equipment that must be in a certain
configuration. These switches settings could accidentally be removed in transport creating
problems for the examiners.

(ii) Label all parts:

The Investigating Officer should label each part before he starts dismantling any of the
equipment. He should remember to label all the connectors, and plugs at both ends, and on
the computer so that re-assembly is easy and accurate.

(iii)POWER SYSTEM DOWN:

If a computer is off, it should not be turned on. Hackers can make their computer erase data if
a certain disc is not in the drive when the machine is booted up or if a certain password is not
entered. Likewise, if the machine is on, one should check it before turning it off, otherwise it
may destroy data. Keep in mind a computer may look powered down but actually, it may be
in a "Sleep" mode. Hackers can set their computers to erase data if not properly awaken from
a "sleep" mode so one may be required to pull the plug or remove the battery from a laptop in
these cases. The Investigating Officer may need to shut the machine down through the
operating system rather than just "Pulling the plug". If, however, he does need to "pull the
plug", he should disconnect it from the back of the machine rather than at wall, because if the
machine is plugged into a backup power supply, it may initiate a shut down procedure that
could alter files.

(iv) Dismantle the system:

Once system is labeled and powered down, it can be dismantled into separate components for
transportation.

(v) Seize documentations:

Seize all manuals for the computer, its peripheral devices and especially the software and
operating system. The examiners at Forensic Laboratory need to refer to a manual to
determine the kind of hardware and its technicalities. Seizing other documentation at the site
like notes, passwords, and journals may prove very useful. Sticky notes or other pieces of
paper around the computer systems that may have passwords or login ID's written on them,
should be seized from the spot.

HANDLING EVIDENCE AND COMPUTER HARDWARE:

(1) Protecting Data

The Investigating Officer should also write / protect disks or cartridges he finds at the site of
search in order to protect data. Most disks and cartridges have a small sliding tab that
prevents changing the disc content when set correctly. Placing a blank disk in the hard drive
of a computer system will keep them from booting up from the hard drive if they are
accidentally turned on.

(ii) Packaging for Transport:

Computers parts being sensitive are handled carefully. One should not wrap the computer
components using Styrofoam because small particles can break off and get inside the
computer causing it to malfunction. Antistatic bubble/wrap is preferred.

(iii) Keep System Components together:

Keep the components of each computer system together. This small organizational step can
save lots of time when the examiners are trying to reconstruct the system.

iv) Single Machine, Single Seizing Agent:

If one person handles the seizure of a computer, that same person can authenticate the
evidence at a trial.

(v) How to transport and store the System:

The computer system should be secured in a way that would reduce vibrations that may shake
a part loose. The Investigating Officer should store the computer in a secure, cool dry place
away from any generators or other devices that emit electromagnetic signals.

DATA SECURITY COUNCIL OF INDIA

It is a not for profit company set up by NASSCOM as an independent self Regulatory

Organisation to promote data protection, develop security and privacy codes and standards
and encourage the IT/BPO industry to implement the same.

DSCI is focused on capacity building of Law Enforcement Agencies for combating cyber
crimes in the country and towards this, it operates several cyber laboratories across India to
train police officers, prosecutors and Judicial officials in Cyber forensics. "Cyber Crime
Investigation Manual" was printed to help police officers in Cyber Crime investigation using
cyber forensic tools and standard operating procedures - it was released by the Union Home
Secretary in March, 2011.

EVIDENCE GATHERING DOCTRINE:

The onus is on the prosecution to show the Court that evidence produced is no more and no
less than when it was first taken into possession." The Association of Chief of Police Officers
(ACPO) has given some "Good Practice Guide" for Computer based Electronic Evidence.

1. No actions performed by investigator should change data contained in digital devices or

storage media that may subsequently be relied upon in the Court.
2. Individuals accessing original data must be competent to do so and have the ability to
explain their action.
3. A trail or other records of applied processes, suitable for replication of the results by an
independent 3rd party, must be created and preserved, accurately documenting each
investigative step.
4. The person in charge of investigation has overall responsibility for ensuring the above
mentioned procedures are followed and in compliance with governing law.

CLASSIFICATION OF CYBER FORENSICS:

1. Disc Forensic deals with extracting data / information from storage media by searching
active, deleted files and also from unallocated, slack spaces.

2. Network Forensics: is a sub branch relating to monitoring and analysis network traffic for
the purposes of Information Gathering, legal evidence detection. Network investigation deal
with volatile and dynamic information. Network traffic is transmitted and then lost, so
network forensic is often a proactive investigation.

3 Wireless Forensics: is a sub discipline of network forensic. The main goal of wireless
forensic is to provide the methodology and tools required to collect and analyse wireless
network traffic data. The data collected can correspond to plain data, or, with broad usage of
voice-over-IP (VoIP) technologies, especially over wireless, can include voice conversations.

4 Database Forensics: is a branch of digital forensic science relating to the forensic study of
databases and their related metadata (a set of data that describes and gives information about
other data).

5. Malware Forensics: deals with investigation and analysis of Malicious Code for
identification of Malware like viruses, Trojans, worms, keyloggers etc. and study their
payload which causes.

6. Mobile Device Forensics: deals with examining and analyzing Mobile devices like mobile
phones, pagers, to retrieve address book, call logs, Missed, dialed, received), paired device
history, Incoming/outgoing SMS/MMS, videos, photos, Audio etc.

7. GPS Forensics or Sat Nav Forensics: It is used for examining and analyzing GPS devices
to retrieve Track fogs, Track points, way points, Routes, stored locations, Home, Office etc.

8. E-mail Forensics: deals with recovery and analysis of e-mails including deleted emails,
calendars, and contacts.

9. Memory Forensics: deals with collecting data from system memory [e.g. system registers,
cache, RAM (Random Access Memory)] in raw form and carving the data from the raw
dump.

CYBER FORENSIC PROCESS ENCOMPASSES FIVE KEY ELEMENTS.

1. The Identification and Acquiring of Digital Evidence

Knowing what evidence is present, where it is stored, and how it is data stored is vital in
determining which processes are to be employed to facilitate its recovery. In addition, the
cyber forensic examiner must be able to identify the type of information stored in a device
and the format in which it is stored so that the appropriate technology can be used to extract
it. After the evidence is identified the cyber forensic examiner / investigator should image /
clone the hard disk or the storage media.

2. Preservation of Digital Evidence:

Any examination of electronically stored data can be carried out in the least intrusive manner.
Alteration to data that is evidentiary value must be accounted for and justified.

3. The Analysis of Digital Evidence:

The extraction, processing and interpretation of digital data is generally regarded as main
element of cyber forensics. Extraction produces a "Binary Junk", which should be processed,
to make it readable by human being.

4. Report the findings:

It means giving the findings in a simple, lucid manner so that any person can understand. The
report should be in simple terms, giving description of the items, process adopted for analysis
and chain of custody, the hard and soft copies of the findings, glossary of terms, etc.

5. Presentation of Digital Evidence:

It involves deposing evidence in the Court of law regarding the findings and the credibility of
the processes employed during analysis.

EXPECTATIONS FROM FORENSIC ANALYST

Cyber forensic analyst should be able to extract and recover information from

(1) Active file (2) Deleted files (3) File Metadata (4) Software Applications (5) Hidden
files/Folders/Partitions (6) Encrypted files (7) Data in unallocated sectors, Swap files (8) Data
retrieval from formatted Disks, Defragmentation Disks. (9) E-mail tracing (10) E-mail box
recovery (11) Recycle Bin (12) Registry (13) Forensic Analysis of Mobile Phones (14) "Bios
examination (15) password Cracking (16) Bios, Os, Application Package (17) Hard held
devices (18) Mobile phones, PDA'S, SIM card examination.

FUNDAMENTAL FORENSIC PRINCIPLES

It is based on "Locard's Exchange Principle". If a culprit commits a crime he must have

left his foot prints behind. The culprit while handling a computer or digital device leaves his
marks which betray him.

Deleted files still with computers.

When we create a new document then at the same time a shadow file (temporary file) is also
created which is invisible. When we delete the word file, it disappears. The file system
actually does not delete it, but its file structure; it turns the first letter of the file to a "geek
sigma" which says to the computer that it can over write this file. So, this content is actually
present very much in computer. Therefore, it is easy for a forensic investigator or a data
recovery program to bring back that file intact.

STEPS FOR DIGITAL CRIME SCENE INVESTIGATION:

• Identifying and securing the crime scene

• "As is where is" documentation of the scene of offence
• Collection of Evidence
- Procedure for gathering evidence from switched off systems.
- Procedure for gathering evidence from live or switched on systems.
• Forensic duplication.
• Conducting interviews.
• Labeling and documenting of evidence.
• Packaging and transportation of Evidence.

PRELIMINARY REVIEW OF SCENE OF OFFENCE:

 • Residence of the individual
• Cyber café
• Companies/organizations
• With or without internet works.

INVESTIGATIVE TOOLS AND EQUIPMENTS:

1. Documentation tools such as (a) Cable tags (b) indelible felt-tip markers (c) stick on
labels.

2. Dissembling and removal tools are available in variety of non-magnetic sizes and types
that includes packaging and transporting supplies such as a) Antistatic bags and bubble
wraps (b) cable ties and Evidence Bag (c) Evidence and packing tape (d) sturdy boxes of
various sizes (e) Faraday Bag to pack mobile / wireless devices.

3. Other items, such as (a) Evidence tags/evidence tape/ gloves/forms/large rubber bands (b)
List of contact telephone numbers for assistance (c) Magnifying glass/printed paper/seizure
disk/ small flash light

COLLECTING DIGITAL EVIDENCE:

(1) Procedure For Gathering Information From Switch-Off Systems:

Secure and take control of the scene of crime, both physically and electronically.

(a) Make sure the computer is SWITCHED OFF; some screen savers may give the
appearance that the computer is switched off, but the hard drive and monitor lights may
indicate that the machine is switched on. Some laptops may power on by opening the lid.
(b) Remove the battery from the laptop
(c) Unplug the power and other devices from sockets.
(d) Never switch on the computer in any circumstances
(e) Label and photograph (or video graph) all components in-site and if no camera is
available draw a sketch plan of the system.
(f) Label the ports and (in and out) cables so that the computer may be reconstructed at a later
date, if necessary.
(g) Open side casing of CPU of laptop or Desktop.
(h) Identify the HARD DISK and detach it from power cables and mother-board
(i) Recover unique identifiers like make, model, and serial number.
(j) Take signature of accused and witness on hard disk
(k) Gather non-electronic records or evidence like diaries, note books, or pieces of paper with
passwords.

(2) Procedure For Gathering Information From Switched On Systems:

Record what is on the screen by photography and making a written note of the contents of the
screen.

a) Do not touch the keyboard or click the mouse and if the screen is blank or a screen saver is
present, the case officer should be asked to decide if they wish to restore the screen. If so,
then a short movement of the mouse will restore the screen or reveal that the screen saver is
password protected. If the screen restores, then photograph, video graph and note its contents.
If the password protected is shown, then continue as below without further disturbing the
mouse. Record the time and the activity of the use of mouse in these circumstances.
b) Take help of a technical expert to use live forensic tool to extract the information that is
present in temporary storage memory like RAM.
c) If no specialist advice is available, then remove the power supply from the back of the
computer, without closing down any program. When removing the power supply cable,
always remove the end attached to the computer and not the one attached to the socket. This
will prevent any database being written to the hard drive if an uninterruptible power
protection device is fitted.

(3) GATHERING EVIDENCE FROM MOBILE PHONES:

(a) If the device is "off" do not turn "on".

(b) If PDA or cell phone device is "on" leave it "on".
Powering down device may enable password, thus preventing access to the evidence.
(c) Photograph device and screen display (if available)
(d) Label and collect the cable (including power supply) and transport with device.
(e) Keep the device charged
(f) It the device cannot be kept charged, then analysis by a specialist must be completed prior
to battery discharge or data may be lost.
(g) Seize additional storage media (Memory sticks, compact flash etc.)
(h) Document all steps involved in seizure of device and components.

FORENSIC DUPLICATION

1. LOGICAL BACK UP:

A logical backup copies the directories and files of a logical volume. It does not capture other
data that may be present in the media such as deleted files or residual data stored in slack
space.

2. BIT STREAMING IMAGING:

Also known as disk imaging cloning / bit stream imaging generates a bit for bit copy of the
original media, including free space and slack space. It requires more storage and more time.

WRITE BLOCKER:
A write blocker is a hardware or soft ware-based tool that prevents a computer from writing
to computer storage media connected to it. Hardware write blockers are physically connected
to the computer and storage media being processed to prevent any writes to that media. Wide
varieties of "WRITE BLOCKERS" devices are available based on the type of the interface
eg. SATA /IDE/USB etc. Never connect directly without Blocker device.

NETWORK DRIVES IMAGING AND LOGICAL FILE COLLECTION:

If the hard drive cannot be removed, then we have to image the computer using network
acquisition. This is done by connecting the evidence computer to the forensic computer via a
"SPECIAL ETHERNET CABLE" called a "CROS CABLE (Network Cross over cable).
Once the computers are connected, boot the evidence computer from a forensic Distribution
like "HELIX" or "LINEN" and connect the forensic computer to the evidence computer using
forensic tool like "ENCASE". Now the acquisition just occurs like regular hard drive
acquisition.

SEALING AND TRANSPORTATION

(a) Use antistatic aerated cover to place the seized hard disk. Send it to laboratory through
special messenger for imaging and analysis.
(b) Do not send it by post/courier
(c) The person who is transporting should be made to understand that the exhibit is not
exposed to any magnetic field during transportation.
(d) Computers are to be kept in Antistatic Bubble Wrap is preferable.
(e) Keep system and computer together.
(f) Single machine should have single seizing agent.
(g) Paper bags are not having static electricity and are preferable over plastic bags.
(h) Use of Faraday Bag while seizing mobile phones prevents data from network
communicating with the device thus preventing any chance of evidence being tampered with.

PANCHANAMA (SEIZURE MEMO) & SEIZURE PROCEEDINGS

Power to search, seize is under section 165 Cr.P.C. and IT Act 2008.

Ensure that a technical person from the responder side along with 2 independent witnesses
are part of search and seizure procedure to identify the equipment correctly and guide the
Investigating Officer and witnesses.
• Time zone/system time play a very critical role in investigation. Please make sure this
information is noted carefully in the Panchanama, from the systems that are switched
on condition.
• Please do not switch on any device.
• Please make sure that a serial number is allotted for each device and same should be
duly noted not only on panchnama but also in the chain of custody and Digital
evidence collection form.

CHAIN OF CUSTODY:

Chain of custody refers to documentation that shows the people who have been entrusted
with the evidence. These would be people who had seized the equipment, people who are in
charge of transferring the evidence from the crime scene to forensic lab, people in-charge of
analyzing the evidence and others. It includes details of digital evidence and technical
information and chain of custody.

HASHING (PAGE 18 OF MODULE 8 PART 2 DOC)

Provides a fixed integer value represent data on seized media. Any changes if made to the
evidence will change the value of hash.

Forensic Analysis tools (PAGE 19 OF MODULE 8 PART 2 DOC)

(A) Encase forensic software from Guidance Software

(B) Forensic toolkit from Access Data (FTK)
(C) Passware Kit Forensic
 (D) Electronic Discovery tools
(E) Write Blocker tools
(F) Forensic Duplicators
(G) Forensic Dossier

Vound (PAGE 21 OF MODULE 8 PART 2 DOC)

INTERNATIONAL ORGANISATION ON COMPUTER EVIDENCE (I.O.C.E)

(PRINCIPLES AND GUIDELINES)
SCIENTIFIC WORKING GROUP OF DIGITAL EVIDENCE (SWGDE)

Introduction: The SWGDE was established in February 1998 through a collaborative effort
of the Federal Crime Lab. Directors. SWGDE, as the US based component of standardization
efforts conducted by the IOCE, was charged with the development of cross-disciplinary
guidelines and standards for the RECOVERY, PRESERVATION, and EXAMINATION OF
DIGITAL EVIDENCE, including AUDIO, IMAGING and ELECTRONIC DEVICES.

A document was drafted by SWGDE and presented at the INTERNATIONAL HI-TECH

CRIME AND FORENSIC CONFERENCE (IHCFC) held in London, UK October 4-7, 1999.
It proposes establishment of standards for Exchange of DIGITAL EVIDENCE between
Sovereign nations and is intended to elicit constructive discussion regarding digital evidence.
The document has been adopted as draft standard for US law enforcement Agencies.

PURPOSE: From Law Enforcement perspective, more of the information that serves as
currency in the judicial process is being stored, transmitted, or processed in "digital form".
The connectivity resulting from a single world economy in which companies providing goods
and services are truly international, has enabled criminals to act trans-jurisdictionally with
ease. Consequently, a perpetrator may be brought to justice in one jurisdiction while the
digital evidence required to successfully prosecute the case may reside only in other
jurisdictions.

This situation requires that all nations have the ability to collect and preserve digital evidence
for their own needs as well as for the potential need of other countries. Each jurisdiction has
its own system of government and administration of justice, but in order for one country to
protect itself and its citizens; it must be able to make use of evidence collected by other
nations.

Though it is not reasonable to expect all nations to know about and abide by the precise laws
and rules of other countries, a means that will allow the exchange of evidence must be found.
This document by SWGDE is a first attempt to define the technical aspects of these
exchanges.

ORGANISATION: The format of this document was adopted in conformance with the
format of American Society of Crime Laboratory Directors/ Laboratory Accreditation Board
manual.

DEFINITIONS:

(1) ACQUISITION OF DIGITAL EVIDENCE:

(2) DATA OBJECTS:
(3) DIGITAL EVIDENCE:
(4) PHYSICAL ITEMS:
(5) ORIGINAL DIGITAL EVIDENCE:
(6) DUPLICATE DIGITAL EVIDENCE:
(7) COPY:

STANDARDS

PRINCIPLE 1: Standard operating procedures (SOPs) are documented quality- control

guidelines that must be supported by proper case records and use broadly accepted
procedures, equipment, and materials.

Standards and Criteria (1.1)

All agencies that seized and/or examine digital evidence must maintain an appropriate SOP
document. All elements of an agency's policies and procedures concerning digital evidence
must be clearly set forth in this S.O.P document; which must be issued under the agency's
management authority.

Standards and Criteria (1.2)

Agency Management must review the SOPs on an annual basis to ensure their continued
suitability and effectiveness.

Standards and Criteria (1.3)

Procedure used must be generally accepted in the field or supported by data gathered and
recorded in scientific manner.

Standards and Criteria (1.4)

The Agency must maintain written copies of appropriate technical procedure.

Standards and Criteria (1.5)

The Agency must use hardware and software that is appropriate and effective for the seizure
or examination procedure.

Standards and Criteria (1.6)

All activities relating to the seizure, storage, examination, or transfer of digital evidence must
be recorded in writing and be available for review and testimony.

Standards and Criteria (1.7)

Any action that has the potential to alter, damage, or destroy any aspect of original evidence
must be performed by qualified persons in a forensically sound manner.

INTERNATIONAL ORGANISATION ON COMPUTER EVIDENCE (I.O.C.E)

INTRODUCTION: The IOCE was established in 1955 to provide International Enforcement

agencies a forum for the exchange of information concerning computer Crime Investigation
and other computer-related forensic issues. Comprised of accredited government agencies
involved in computer forensic investigations. IOCE identifies and discusses issues of interest
to its constituents, facilitates the International dissemination of information and develops
recommendations for consideration by its member agencies. In addition to formulating
computer evidence standards, IOCE develops communication services between member
agencies and holds conferences geared toward the establishment of working relationships.

1.O.C.E. INTERNATIONAL PRINCIPLES

The International principles developed by IOCE for the standardized recovery of computer-
based evidence are governed by the following attributes.
• Consistency with all legal systems.
• Allowance for the use of common language.
• Durability
• Ability to cross international boundaries.
• Ability to instill confidence in the integrity of evidence
• Applicability to all forensic evidence; and
• Applicability at all levels, including that of individual, agency, and country.

These Principles were presented and approved at the "International Hi-tech Crime and
Forensic Conference" in October 1999. They are as follows.

1. Upon seizing digital evidence, actions taken should not change that evidence.
2. When it is necessary for a person to access original digital evidence, that person must be
forensically competent.
3. All activity relating to the seizure, access, storage, or transfer of digital evidence must be
fully documented, preserved, and available for review.
4. An individual is responsible for all actions taken with respect to digital evidence, while the
digital evidence is in their possession.
5. Any agency that is responsible for seizing, accessing, storing, or transferring digital
evidence is responsible for compliance with these principles.

Other items recommended by IOCE for further debate and/or facilitation included:

• "Forensic competency and need to generate agreement on international accreditation

and the validation of tools, techniques, and training:
• Issues related to practices and procedures for the examination of digital evidence; and
• The sharing of Information relating to hi-tech crime and forensic computing, such as
events, tools and techniques.
 Module 7

NET NEURALITY

Term "Net neutrality' was coined by Columbia University Professor Tim Wu in 2003. It is a
principle that mobile operators, internet service providers and governments should not
discriminate on data access on the internet. A service provider for instance, should not offer a
higher access speed to a website on basis of a higher payment by that website.

Gopal Saxena:- (Module 7 page 40)

CHILE perhaps the 1 country to enact a net-neutrality law in 2010. Interestingly, the law was
a culmination of a citizen's movement, in particular the effort of citizen group
NEUTRALIDAD S1. In 2014 Chilean telecommunications regulator "SUBTEL" banned
mobile operators from "Zero- rating" whereby Internet companies strike deals with mobile
telecom operators to offer consumers free internet usage.

NETHERLAND
BRAZIL
USA

In INDIA, the civil society Organizations startups, and many ordinary people have been
aghast since word emerged that "FLIPKART" and "AIRTEL" were working on a "Free data
access" process. TRAI was also activated and invited public opinion on issue of "Net
Neutrality". Startups and venture capitalist said there is nothing open about this arrangement
and goes against innovation as the system unfairly gives preference to one firm over others.

The save the Internet. In coalition, an appolitical collective, said the timing of AIRTEL
ZERO showed little respect or even adopted a policy of forbearance during this period of
consultation organized by TRAI. "We believe that this is unfortunate since it appears to be
with a view towards consolidating violates of network neutrality as a norm", the organization
said in a statement. Karan Mahla, associate director and head of digital consumer investment
at V.C. firm IDG ventures, said that even from a capitalist perspective, the zero. rating plan
goes against innovation.

However, Ranjan S Mathews, director general, Cellular Operaters Association of India

(COA), said a distinction needs to be made between "Zero rating" and "Net Neutrality". The
spectrum we have leased out from the Government by paying thousands of crores has certain
terms and conditions and we are not violating any of that under zero rating plans. Let TRAI
define "net neutrality" first and let us find a safe guard mechanism within that," he said.
Meanwhile about 10 lakh emails were sent to TRAI about Net Neutrality. Orissa Chief
Minister also wrote a letter to TRAI for net neutrality. Meanwhile department of telecom
(DOT) called meeting of Cyber Regulations Advisory Committee to discuss about the net
neutrality.

FLIPKART declared that it is quitting the "Airtel Zero". They said that it was committed to
the "larger cause of net-neutrality" in India.

In another development Mark Zuckerberg's argument for "Internet.org" was also criticized by
about 8 lakhs net users. IT Minister Ravishankar Prasad has voiced for "Net neutrality".
Meanwhile some mobile phone users have filed petition before the Delhi High Court
pleading that whatsapp's decision to share user data with parent company Facebook is acting
against "Privacy". TRAI was also asked by a bench of Chief Justice G.Rohini and Justice
Sangita to respond. Zukerberg's policy was criticized as variant "half a loaf is better than no
bread" argument. Search engine giant Google is also facing "Antitrust charges" in Europe for
similar offence-abusing its dominant position and manipulating on line traffic.

The Trai has been praised for its policy of "Free data" or low cost data in India. However, in
case of Net Neutrality Trai's Differential Pricing Policy is merely an eye wash today as it has
exempted "closed Network Services" and has refused to clarify whether Internet like services
(Music, News, Video, payments etc) offered on a closed network by telecom operators are
subject to net neutrality policy and rules or not.

INTERNET OF THINGS

The concept of Internet of Things was invented by and term coined by Peter T. Lewis in
Sept.1985 in a speech delivered at a US Federal communication commission. The Internet of
Things (IoT) is the internetworking of physical devices, Vehicles buildings and other items-
embedded with electronics software, sensors, actuators, and network connectivity that
enables these objects to collect and exchange data.

In 2013 the Global standards Initiative on Internet of Things (IoT-GSI) defined the loT as
"the Infrastructure of the Information Society. The loT allows objects to be sensed or
controlled remotely across existing network infrastructure, creating opportunities for more
direct integration of the physical world into computer-based systems, and resulting in
improved efficiency, accuracy and economic benefit in addition to reduce human
intervention.

When loT is augmented with "sensors and actuators" the technology becomes an instance of
more general class of cyber-physical systems, which also encompasses technologies such as
smart grids, virtual power plants, smarts homes, intelligent transportation and smart Cities.
Each thing is uniquely identifiable through its embedded computing system but is able to
interoperate within the existing Internet Infrastructure.

NET NEUTRALITY

The idea of EQUAL or NON DISCRIMUNATORY TREATMENT of traffic that flows on

the Internet resonates in the Net neutrality principles, adopted by various jurisdiction,
although the term itself does not necessary feature in their regulatory instruments. The EU
regulations, for instance, create "Common rule to safeguard equal and non discriminatory
treatment of traffic" without express by using the term Net Neutrality.

Given the key terms such as "Equal treatment" are still contested, many have urged against a
right definition of Net Neutrality. This was also the view expressed by the DoT committee in
its report where it stated that, "The crux of the matter is that we need not hard code the
definition of net neutrality but assimilate the core principles of net neutrality and shape the
actions around them". The committee suggested the following as guide lines to define these
core principles.
1. USER RIGHT:- Subject to lawful restrictions the fundamental right to freedom of
expression and non-discriminatory access to internet will apply.
2. CONTENT:- right to create and to access any legal content, applications of services
without any restrictions.
3. DEVICES: Freedom to connect all kinds of devices, which are not harmful, to the network
and services.
4. HARMFUL PRACTICES: Practices like blocking, throttling and improper prioritization
may not be permitted.

In IT context-Agnosticism refers to anything that is designed to be compatible across most

common systems.

OTHER COUNTRY: Countries including the US, EU, Norway and Chile have put in place
the core principles that end user's have a right to send or receive information/contents
irrespective of the content, source or destination of packets being transmitted. The EU
regulators provide for the safeguarding of non discriminatory Internet access laying down
that:-

1. END USERS have the right to (i) access and distribute information and content (ii) Use
and provide applications and service and (iii) Use terminal equipment of their choice.

2. PROVIDERS OF INTERNET "Access service should treat all Internet Traffic "equally
and without discrimination, restrictions or interference". Being Treated equally and without
discrimination is defined as treatment that is independent of the (1) Sender and receiver; (ii)
Content applications or services; or (ii) terminal equipment being used.

In addition to these "CORE PRINCIPLES" the EU specifically prohibits agreements between

TSPS (Telecom Service Providers) and end users on characteristics "Such as price, data
volumes or speeds" and any commercial practices of TSPS that limit the exercise of the end
users rights. Thus flowing from this end-users "right" is a corresponding "obligation" on
providers of Internet access to treat all data packages on "Non discriminatory" basis.

In US it is a GENERAL OBLIGATION NOT TO CAUSE "unreasonable interference/

DISADVANTAGE THE ABILITY OF user/ edge providers to use Internet access services to
reach one another, thus causing harm to "Open Internet".

DEVICE NEUTRALITY (Page 45 module 7)

RESTRICTIVE PRACTICES

Several countries specifically "PROHIBIT CERTAIN PRACTICES that are regarded as

being violations of such core principles. The US in one such prominent example of a
jurisdiction that lays down "Bright-line" rules prohibiting practices of blocking, throttling,
and paid prioritization that are "Known to harm" the "OPEN NETWORK".

1. BLOCKING: The FCC (Federal Communication Commission) open Internet Order in US

prevents blocking access to "Legal content. applications, services or non-harmful devices"
while Brazilian law on Internet rights refers to a prohibition on blocking, monitoring, filtering
and analyzing the contents of data packets.
2. THROTTLING: This term has been defined in various ways which included the
following types of interferences in the access of particular Content :-

(1) Slow Down, alter, restrict, interfere with degrade or discriminate"- (EU),
(ii) "Impair or degrade" (US)
(iii) "Interfere with, discriminate, binder or restrict" (Chile)
(iv) "Unreasonable manipulation or degradation of traffic-(Norway)

3. PREFERENTIAL TREATMENT: In addition, some countries also include a "bright

line" rules restricting any form of content-specific preferential treatment. The FCC in US
uses the term "Paid prioritization", where it is required that prioritization was either "(a) in
exchange for consideration from a third party or (b) to benefit an affiliated entity." In Japan,
the voluntary guidelines prevent, "favourable or unfavourable treatment of specific users",
which could include both throttling and preferential treatment of content.

LINK WITH REASONABLE TRAFFIC MANAGEMENT

Countries also differ in terms of their approach towards balancing the principles of Net
Neutrality with reasonable Traffic Management Principles (TMP)

i. In USA, the FCC has made it clear that "reasonable network management" is an exception
to "bright line rules" recognition of the service providers to manage the technical and
engineering aspect of their networks.

ii. In Chile, while the core principles prevents service providers from "arbitrary" interfering
with the right of users, there is a specific exception allowing them to "take the measures or
actions necessary for traffic management and network management provided that this is not
designed to perform actions that affect or may affect free competitions".

iii. In Slovakia, the law has a clear exception for "Urgent technical measures to secure the
undisputed operation of networks and services" as well as "Urgent Measures to preserve the
integrity and security of networks and services".

iv. In contrast, other jurisdictions do not frame reasonable traffic management as an

exception to, or in conflict with, the core NN principles and instead clarify that such
principles will not prevent the reasonable management of networks. For example, EU
regulations state that the rules, "SHALL NOT PREVENT Providers of Internet access
services from Implementing reasonable traffic management measures. Norway clarifies that,
"It does not mean that the principle precludes" reasonable network management.

SCOPE OF "TRANSPARENCY"OBLIGATIONS

In the "Net Neutrality context the scope of "TRANSPARENCY OBLIGATIONS" cast upon
Technical Service Providers (TSP) to disclose technical information on QoS parameters, to
provide high level information that is widely understandable and may enable consumers to
make more informed decisions and detect violations.

The scope of "Transparency" cover (1) First, "price information and commercial terms"
relating to Internet access service being provided (ii) Second, relating to information on
"performance characteristics" of service being provided and (ii) third, relating to "Traffic
Management practices" deployed by the TSP as well as (iv) any other specialized services/
Enterprise solutions being offered.

Both FCC Transparency Notice" 2016 and the BEREC "Transparency Guidelines 2011
supplementing the disclosure requirements under the UNIVERSAL SERVICE DIRECTIVE
2009, recommend disclosure of information relating to these broad criteria as mentioned
above and below.

1. PRICE INFORMATION AND COMMERCIAL TERMS:

2. PERFORMANCE CHARACTERSTICS
3. TRAFFIC MANAGEMENT PRACTICES
4. SPECIALISED SERVICES

MANNER AND MODE OF INFORMATION DISCLOSURE

1. E.U Universal Service Directive,2009 requires the service providers to provide specific
information in a CLEAR, COMPREHENSIVE and ACCESSIBLE FORM at the time of
signing contract.

2. FCC open Internet Order: 2015 requires prominent display of disclosures relating to
commercial terms, performance characteristics and network management "ON A PUBLICLY
AVAILABLE WEBSITE and DISCLOSURE OF RELEVANT INFORMATION AT THE
POINT OF SALE.

INDIAN APPROACH

The TRAI had recommended for active reforms for N.N.. This may involve a self regulatory
model or the use of legal instruments for mandating BRIGHT LINE RULES on NN,
implemented through transparency, monitoring and consequences for any violations. Later
approach can help in sending a strong regulatory message to Telecom Service Providers
(TSP) while serving the interest of end-user choice, ensuring a level playing field for
"Content Providers and facilitating the overall growth of the Internet Sector. This approach
can be implemented by following ways:-

(1) LICENSE:- Clause 2.2 (i) of ISP License Agreement Provides for access to the Internet
and all content available without any access restrictions. Govt. of India may follow the UASL
and may amend the licensing clause as "The Subscriber shall have unrestricted access to all
the content available on Internet except for those contents which are restricted by the
direction issued by licensor/TRAI from time to time.

(2) REGULATIONS: As noted in the Explanatory Memorandum to the Prohibition on

Discriminatory Tariffs for DATA SERVICE REGULATIONS 2016, that discriminatory
tariff for data services based on content is not permissible".

As per the section 11 (b) (v) of TRAI act, 1997, the Authority is mandated to "lay down the
standards of "Quality of Service" (QoS) to be provided by service providers and ensure the
quality of service and conduct the periodical survey of such service provided by service
providers so as protect the interests of the consumers of telecommunication services".
In this regulation one can put in place an Umbrella regulation on N.N. with subsections
addressing tariff. QoS and related transparency requirements.

(3) LEGISLATIVE CHANGES: The Govt. can think of passing a new law on net neutrality
basing on BEREC (Body of European Regulators for Electronic Communication) guidelines
2016, a variety of enforcement measures like (i) Issuing cease and desist orders in case of
infringement, (ii) Combined with periodical penalties or fines, in accordance with national
laws.

(4) MONITORING: Identifying violation of NN will require a robust monitoring and

information seeking approach. While transparency with respect to TMP (Traffic Management
Practice) is critical, it has been pointed out that relying on TSP(Telecom Service Provider)
disclosures to self- report violations may not be sufficient for this purpose. This calls for a
need for a proactive monitoring approach, that takes into account (i) TSP disclosure (ii) Users
Complaints (iii) Users experience on apps. (iv )surveys (v) Questionnairs and form (vi) Third
parties through research studies (vii) news articles (viii) Consumer Advocacy Reports etc.