INFORMATION TECHNOLOGY ACT

Information Technology Act

To give legal recognition to Digital signatures To facilitate electronic filing, electronic storage of data, electronic fund transfers To give legal recognition for keeping of books of accounts by bankers

Sections
SECTION 2: Definitions       Data Information Digital signature Key pair Computer Network Secure system

Sections
SECTION 3: Authentication of electronic records Digital Signature A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document.

Sections
Electronic Signature IT Act Amendment 2008 introduces the term Electronic Signature. Now digital signature has been made a subset of electronic signature It indicates that a person adopts the contents of an electronic message

Sections & Caselets

Section 7: Retention of electronic records

Section 21: License to issue Digital Signature Certificates Certifying Authorities: Safescrypt 2) NIC MtnlTrustline 6) GNFC

1) 5)

3) 7)

IDRBT e-MudhraCA

4) TCS

Section 43: Penalty and Compensation for damage to computer, computer system, etc (Amended vide ITAA-2008) Section 43A: Compensation for failure to protect data (Inserted vide ITAA-2008)

SECTIONS 65, 66, 67, 71 : Offences

Section No. 65 Offence Tampering with computer source documents Hacking with Computer System Punishment for sending offensive messages through communication service, etc.
Punishment for dishonestly receiving stolen computer resource or communication device Punishment for identity theft

Penalty
Imprisonment:- up to three years Fine: up to two lakh rupees or both Imprisonment:- up to three years Fine: up to two lakh rupees or both Imprisonment:- up to three years with a fine

66

66 A

66B

Imprisonment:- up to three years Fine: up to one lakh rupees or both Imprisonment:- up to three years Fine: up to one lakh rupees or both Imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both

66C

66D

Punishment for cheating by personation by using computer resource

66E

Punishment for violation of privacy. Imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both

Section No.
66F 67

Offence
Punishment for cyber terrorism Publishing of information which is obscene in electronic form

Penalty
Imprisonment:- may extend to life imprisonment First Conviction: Imprisonment:- up to three years Fine: up to five lakh rupees Second Conviction: Imprisonment:- up to five years Fine: up to ten lakh rupees First Conviction: Imprisonment:- up to five years Fine: up to ten lakh rupees Second Conviction: Imprisonment:- up to seven years Fine: up to ten lakh rupees First Conviction: Imprisonment:- up to five years Fine: up to ten lakh rupees Second Conviction: Imprisonment:- up to seven years Fine: up to ten lakh rupees Imprisonment:- up to two years Fine: up to one lakh rupees or both

67A

Punishment for publishing or transmitting of material containing sexually explicit act, etc., in electronic form.

67B

Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc., in electronic form.

71

Penalty for misrepresentation

NASSCOM
Premier Trade Body of IT Software & Services 950 members globally in the field of IT & Software services Set up to facilitate trade in software and encourage advancement in research Primary Objective - Act as a catalyst for the growth IT industry in India Partnering Govt of India as an advisor, consultant in formulating IT policies

Role of NASSCOM
Aimed to strengthen data protection regime Data protection policies in outsourcing industry Defining personal data Specific provisions for critical information protection Clauses to ensure new types of cyber crimes are punishable Recognition of more general electronic signatures Formation of Contracts electronically

Email Fraud (African Agents)

Emails sent to people (Dr. C Thomas) to claim unclaimed money left behind by a Nigerian businessman Advertised that the money was kept aside for charitable hospital and was lying unclaimed in a bank On response, processing fees of 30 lakhs was prompted

Five years of rigourous imprisonment under Section 66D of IT Act 2008

ICICI Bank Phishing Case

Customers received emails asking for their bank account details. Email takes them to website which had same look and feel. Funds transferred by the scammers. Customers informed the bank and lodged a complaint against the bank Bank was found guilty under Section 85(Offences by companies) under IT Act 2000 Liable under Section 46(Power to Adjudicate) of the Act to compensate the victim under IT Act 2000

Citibank Mphasis CC Case

Fraud done by employees of call center at Mphasis BFL, Pune. Targeted US customers who called into Mphasis call centers. Obtained their account information and transferred funds from their account Police recovered Rs 1 million. Found guilty under  Section 67 of the IT Act, 2000  IPC sections 420, 465, 467 and 671

Baazee.com
Case involved posting of an obscene video for auction Influential Baazee.com conspired to change the laws through the amendments of IT Act 2000 Parliamentary Committee pointed out many inadequacies of the proposal However, charge under Sec 292 of the was under dispute  Violated Sec 67 & 85 of the IT Act 2000  Sec 292 & 294 of the IPC

Napster Scenario
Napster services are illegal. Illegal downloads were thought to cause a decline in sales. RIAA (Recording Industry Association of America) filed suit for copyright violation Injunction was issued on March 5, 2001 ordering Napster to prevent the trading of copyrighted music Napster agreed to pay music creators and copyright owners a $26 million settlement for past

Hypothetical Case Study

Background of the case:  Story revolves around Raja  Hypothetical situations involving cyber crimes  Part I: College Life crimes  Part II: Work Life crimes

Hypothetical Case Study

Offenses Covered: Music & Software Piracy Sections 43 & 66, IT Act Email Account Hacking Sections 43 & 66, IT Act Virus & Trojan Attacks Sections 43 & 66, IT Act Social Networking Fake Profile Accounts Section 67, IT Act Source Code Thefts Sections 43, 65 & 66, IT Act Theft of Confidential Information Sections 43 & 66, IT Act Cyber Pornography Section 67, IT Act

Advantages
Online filling, creating and retention of official documents is legally accepted Digital Signature & Digital Records can be used as legal proof in court

Loopholes
Issues relating to confidentiality Lenient view on most cyber crimes Absence of issues pertaining to spam and electronic discovery Issues pertaining to jurisdiction Reduction in quantum of punishment Changes in Investigation procedure Complicated issues of encryption

Recommendations
Educating the common man using mass media Investigation, prosecution of cyber criminals requires efficient international cooperation regime and procedures

Global Scenario
China - Regulations on Internet email Services Australia - Spam Act 2003 USA - Cybersecurity Act of 2009 UK - Privacy and Electronic Communications Regulations 2003 South Korea - Act on Promotion of Information and Communication and Communications Network Utilization and Information Protection of 2001 Brazil PL 84/99 (Proposed Law)

Effect of IT Act on other Sectors

Banking Sector E-commerce Sector Industrial/ Manufacturing Sector Telecom Sector

Awareness Analysis
Downloading songs from Internet is a cyber crime?

Aware of provisions of IT Act?

When hacked, did you try to trace the hacker?

Well protected against cyber crimes?

Steps we should take

Look for spam and emails with viruses and trojans Regular virus scans, trojan scans Avoid publishing personal details online Check for secured (HTTPS) connections for social networking sites Take regular backup of data Finally, If you are affected by a cyber crime Approach the Cyber Crime Investigation Cell