Lehar Ajwani

Mehul Jain

Shweta Singh

Puneet Vyas

Subodh Mallya
 Background

Drew inspiration from Model Law on Electronic

Commerce adopted by the United Nations
Commission of International Trade Law
(UNCITRAL).

The said resolution recommends inter alia

that all states give favorable consideration to
to the said Model Law when they enact or
revise their laws.

This is in view of need of uniformity

 Objective
Seeks to address two different aspects of
technological revolution.
Providing legal recognition to electronic
transactions and use of alternatives to paper-
based methods of communications and storage
etc.
Regulation and control of Cyber Crime and
other offences.
Seeks to define various offences arising out of
use of Digital Signatures
Lays guidelines for regulating these offences.
 Structure of the Act
Consists of 13 Chapters.
 Chapter 1: Describes the scope and applicability of
the act and the definitions clause.
 Chapter 2: Authentication using digital signatures
and asymmetric cryptosystem
 Chapter 3: Legal recognition of electronic records
and digital signatures.
 Chapter 4: Contractual aspects of use of electronic
records such as attribution, acknowledgement, time
and place of dispatch and receipt.
 Chapter 5: presumptions available to secure
electronic records
 Chapter 6,7,& 8: legal frame work within which DS
can be issued and used.
 Structure Of The Act (contd’…)

Chapter 9,10 & 11: contraventions offences and

penalties
Chapter 12: single provision directed towards
issue of network service provider liability
Chapter 13: miscellaneous provisions
 Transactions

Transaction: “An action or a set of actions occurring

between two or more persons relating to the conduct
of the business, commercial or governmental affairs.”
Automated Transactions: “A transaction conducted or
performed, in whole or in part, by electronic means or
electronic records in which the acts of one or both the
parties are not reviewed by an individual in the
ordinary course of forming a contract, performing
under existing contract or fulfilling an obligation
required by the transaction.”
 Paperless Contract

IT Act read in conjunction with the Contract Act.

There has to be an offer.

There has to be an acceptance of the said offer.

There has to be some consideration for the

contract.
 Legal issues in e-commerce

Though the Internet is a goldmine, without adequate legal

protection it could become a landmine

E-commerce is the mode of conducting business through

electronic means.

All business activity conducted using a combination of electronic

communications and information processing technology.

Total transaction volume of e-commerce in India is expected to

grow rapidly to Rs. 1,950 crore by 2008
 CORE LEGAL ISSUES
• Offer and Acceptance

• Click wrap contracts

• Online Identity

• Security : Security over the Internet is of immense importance

to promote e-commerce.

• Authentication :Though the Internet eliminates the need for

physical contact, it does not do away with the fact that any
form of contract or transaction would have to be authenticated
 PRIVACY & DATA PROTECTION
No legislation in India that upholds the privacy rights of an individual

•Dissemination of sensitive and confidential medical, financial and personal

records of individuals and organisations;
• Sending spam (unsolicited) e-mails;
• Tracking activities of consumers by using web cookies
• Unreasonable check and scrutiny on an employee’s activities, including
their email correspondence.
 Intellectual Property Rights

 The Internet is a boundless and unregulated medium

 ("IPRs") is a challenge and a growing concern amongst most e-

businesses
 ISSUES IN E-COMMERCE TRANSACTIONS

 Preventing unauthorised hyper linking and meta tagging

 Protection against unfair competition

• Interactive marketing practices

• Spamming

• Immersive marketing
.
 Domain Names :If the company chooses a domain name that is
similar to some domain name or some existing trademark of a third
party, the company could be held liable for cybersquatting.
 Electronic payment issues

 Secure Credit Card Transactions

 Recognition of digital currencies

 Determining the relevant jurisdiction

 Risk of Regulatory Change

 Transaction risks

 Consumer-oriented risks
 JURISDICTION

For example, XYZ, a company in London, having its server in USA, may
sell its products to customers in India or other countries.
If you receive defective goods or if you regret having made the purchase,
the question would arise as to which jurisdiction can you sue the company
or claim damages or withdrawal respectively.
The company, onthe other hand, might find itself confronted with foreign
laws
 REGULATORY MEASURES

CMS - Electronic Copyright Management System

. WIPO - World Intellectual Property Organisation

-commerce Taxation

ealising the potential of earning tax revenue from such sources,

tax authorities world over are examining the tax implications of e-
commerce transactions and resolving mechanisms to tax such
transactions.
 Concept of Keys
 A ‘key’ comprises of a series of binary digits
 Locking / Unlocking of Keys
 “Key Pairs” consist of two keys
 Public Key

 Private Key
 What is Cryptography?
 Hashing Algorithm ‘RSA” used for encryption/decryption
 Where does my computer store my private key?
 Who needs a key pair?
 For how long does a key stay valid?
 What happens when a key expires?
Message Transfer

I
N
T
E
R
N
E
T
REGULATION OF CERTIFYING AUTHORITIES
 Exercising supervision over the activities of the Certifying
Authorities

 Certifying public keys

 Laying down the standards

 Facilitating the establishment of any electronic system by a

Certifying Authority / Certifying Authorities

 Resolving any conflict of interests between the Certifying

Authorities and the subscribers

 Laying down the duties of the Certifying Authorities

 Maintaining a data base containing the disclosure record of every
Certifying Authority containing such particulars as may be specified
by regulations, which shall be accessible to public.

 Act as repository

 Recognition of foreign Certifying Authorities.

 Recognition of foreign Certifying Authorities.

 Power to delegate

 Power to investigate contraventions.

 Access to data and computer systems

 CERTIFYING AUTHORITY FUNCTIONS
 Make use of hardware, software and procedures
that are secure from intrusion and misuse

 Provide a reasonable level of reliability in its

services

 To ensure compliance of the Act

 Disclosure
Demonstration of Use of DSC
Demonstration of Use of DSC

Digital
Signature
Certificate To
Be Attached
here
Details for Registering a DSC
Cyber Crime
Offences Under IT Act 2000
 Offences Under IT Act 2000
The offence Offence Not an Offence Conditions
Computer network break-ins      
Only if a computer is
Industrial espionage    
involved
Copyright piracy   χ   
Software Piracy   χ   
Child Pornography      
E-mail bombings   χ   
Only after the password is
Password ‘sniffers    
Actually used to hack
Spoofing   χ   
Credit card fraud      
Cyber squatting   χ 
Misleading search words   χ   
Using an imaginary password and gaining access      
to a software
Changing the information in a file by a regular      
operator
Copying data and selling or giving free to any      
third party
While playing games, a virus enters the system      
Taking a bribe to permit an offender to gain      
entry to the office
 Penal Provisions
43. Penalty of damage of computer, computer system, etc.

If any person without permission of the owner or any other person who is in
charge of a computer, computer or computer network,-

c)accesses or secures access to such computer, computer system or

computer network;

d)downloads, copies or extracts any data, computer data base or information

from such computer, computer system or computer network including
information or data held or stored in any removable storage medium;

e)introduces or causes to be introduced any computer contaminant or

computer virus into any computer, computer system or computer network;

f)damages or causes to be damaged any computer, computer system or

computer network, data, computer data base or other programmes residing in
 Penal Provisions
43. Penalty of damage of computer, computer system, etc.

If any person without permission of the owner or any other person who is in charge of
a computer, computer or computer network,-

c)disrupts or causes disruption of any computer, computer system or computer

network;

d)denies or causes the denial of access to any person authorised to access any
computer, or computer network by any means;

e)provides any assistance to any person to facilitate access to a computer, computer

system or computer network in contravention of the provisions of this Act, rules or
regulations made there under;

f)charges the services availed of by a person to the account of another person by

tampering with or manipulating any computer, computer system, or computer
network,
Cyber Appellate Tribunal

Sections 48 –
64 Deals with
the Cyber
Appellate
Tribunal
Cyber Appellate Tribunal
 Cyber Appellate Tribunal
Appeal to Cyber Appellate Tribunal

(1) Save as provided in sub-section (2), any person aggrieved by an order made by
Controller or an adjudicating officer under this Act may prefer an appeal to a Cyber
Appellate Tribunal jurisdiction in the matter.

(2) No appeal shall lie to the Cyber Appellate Tribunal from an order made by an
adjudicating officer with the consent of the parties.

(3) Every appeal under sub-section (1) shall be filed within a period of forty-five days
from the date on which a copy of the order made by the Controller or the
adjudicating officer is received by the person aggrieved and it shall be in such form
and be accompanied by such fee as may be prescribed:

Provided that the Cyber Appellate Tribunal may entertain an appeal after the expiry
of the said period of forty-five days if it is satisfied that there was sufficient cause for
not filing it within that period.
 Cyber Appellate Tribunal
Appeal to Cyber Appellate Tribunal

(4) On receipt of an appeal under sub-section (1), the Cyber Appellate

Tribunal may, after giving the parties to the appeal, an opportunity of being
heard, pass such orders thereon as it thinks fit, confirming, modifying or
setting aside the order appealed against.

(5) The Cyber Appellate Tribunal shall send a copy or every order made by
it to the parties to the appeal and to the concerned Controller or
adjudicating officer.

(6) The appeal filed before the Cyber Appellate Tribunal under sub-section
(1) shall be dealt with by it as expeditiously as possible and endeavour
shall be made by it to dispose of the appeal finally within six months from
the date of receipt of the appeal.
 Conclusion

WHERE WE ARE
Fastest growing sector
Contributes more than $30 Billion to India’s G.D.P
World leader in outsourcing

DIFFICULTIES
Slow response from govt.
Less support from foreign law enforcement
agencies
Slow in adaptability of technology used by
criminals
 Suggestions
FUTURE COURSE OF ACTION
Need international co-operation
Mutual co-operation between countries
Transfer of technology between countries
Deportation of criminals
Educate the masses
Spreading awareness about cyber crimes
Training and educating policemen
More and more stringent norms
 THANKS

QUESTIONS