1.

INTRODUCTION
The first recorded cyber crime took place in the year 1820. That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China. The era of modern computers, however, began with the analytical engine of Charles Babbage. In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime. "Cyber crime" is not a rigorously defined concept. For our purposes, consider it to embrace criminal acts that can be accomplished while sitting at a computer keyboard. Such acts include gaining unauthorized access to computer files, disrupting the operation of remote computers with viruses, worms, logic bombs, Trojan horses, and denial of service attacks; distributing and creating child pornography, stealing another's identity; selling contraband, and stalking victims. Cyber crime is cheap to commit (if one has the know-how to do it), hard to detect (if one knows how to erase one's tracks), and often hard to locate in jurisdictional terms, given the geographical indeterminacy of the net.

Page | 1

2. WHAT IS CYBER CRIME

Computer crime or cybercrime is a form of crime where the Internet or computers are used as a medium to commit crime. Cybercrime is criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cybercrime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet. "The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb". National Research Council, "Computers at Risk", 1991.

Computer crime or cybercrime is a form of crime where the Internet or computers are used as a medium to commit crime. Cybercrime is criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cybercrime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet. Cyber crime encompasses any criminal act dealing with computers and networks (called hacking). Additionally, cyber crime also includes traditional crimes conducted through the Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit card account thefts are considered to be cyber crimes when the illegal activities are committed through the use of a computer and the Internet. Cyber crime can be classified in to 4 major categories as; (A) Cyber crime against Individual (B) Cyber crime Against Property (C) Cyber crime Against Organization (D) Cyber crime Against Society

(A)Against Individuals:
Emailspoofing: A spoofed email is one in which e-mail header is forged so that mail appears to originate from one source but actually has been sent from another source Spamming: Spamming means sending multiple copies of unsolicited mails or mass e-mails such as chain letters. Cyber Defamation:

Page | 2

This occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information. Harassment&Cyberstalking: Cyber Stalking Means following the moves of an individual's activity over internet. It can be done with the help of many protocols available such as e- mail, chat rooms, user net groups etc. Phishing: Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

(B) Against Property:

Credit Card Fraud : Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Intellectual Property Crimes : These include Software piracy, illegal copying of programs, Distribution of copies of software, Copyright infringement, Trademarks violations, Theft of computer source code. InternetTimeTheft: The usage of the Internet hours by an unauthorized person which is actually paid by another person.

(C)Against Organization DenialofService:

When Internet server is flooded with continuous bogus requests so as to denying legitimate users to use the server or to crash the server. Virusattack: A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Viruses can be file infecting or affecting boot sector of the computer. Worms, unlike viruses do not need the host to attach themselves to. EmailBombing: Sending large numbers of mails to the individual or company or mail servers thereby ultimately resulting into crashing. SalamiAttack: When negligible amounts are removed & accumulated in to something larger. These attacks are used for the commission of financial crime.

Page | 3

LogicBomb: It is an event dependent program, as soon as the designated event occurs, it crashes the computer, release a virus or any other harmful possibilities. Trojanhorse: An unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. Datadiddling: This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed.

(D) Against Society

Forgery : Currency notes, revenue stamps, mark sheets etc can be forged using computers and high quality scanners and printers. Cyber Terrorism : According to the U.S. Federal Bureau of Investigation, cyber terrorism is any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents." Web Jacking : Hackers gain access and control over the website of another, even they change the content of website for fulfilling political objective or for money.

2.1 AGAINST INDIVIDUALS

2.1.1 E-MAIL SPOOFING: It is a term used to describe (usually fraudulent but can sometimes be legitimate - see below) e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. The result is that, although the e-mail appears to come from the address indicated in the from field (found in the e-mail headers), it actually comes from another source. Occasionally (especially if the spam requires a reply from the recipient, such as the '419' scams), the source of the spam e-mail is indicated in the Reply-To field (or at least a way of identifying the spammer); if this is the case and the initial e-mail is replied to, the delivery will be sent to the address specified in the Reply-To field, which could be the spammer's address. However, most spam emails (especially malicious ones with a Trojan/virus payload,

Page | 4

or those advertising a web site) forge this address too, and replying to it will annoy an innocent third party. Prior to the advent of unsolicited commercial email as a viable business model, "legitimately spoofed" email was common. For example, a visiting user might use the local organization's SMTP server to send email from the user's foreign address. Since most servers were configured as open relays, this was a common practice. As spam email became an annoying problem, most of this victim uses antispam techniques. E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. Spoofing can be used legitimately. Classic examples of senders who might prefer to disguise the source of the e-mail include a sender reporting mistreatment by a spouse to a welfare agency or a "whistle-blower" who fears retaliation. However, spoofing anyone other than you is illegal in some jurisdictions. E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include an authentication mechanism. Although an SMTP service extension allows an SMTP client to negotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use it to send messages. To send spoofed email, senders insert commands in headers that will alter message information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you with a message that you didn't write. 2. 1.2. SPAMMING: Spam is the use of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam. Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming is universally reviled, and has been the subject of legislation in many jurisdictions. People who create electronic spam are called spammers. 2.1.3. INSTANT MESSAGING:

Page | 5

Instant Messaging spam makes use of instant messaging systems. Although less ubiquitous than its e-mail counterpart, according to a report from Ferris Research, 500 million spam IMs were sent in 2003, twice the level of 2002. As instant messaging tends to not be blocked by firewalls, it is an especially useful channel for spammers. 2.1.4. NEWSGROUP AND FORUM: Newsgroup spam is a type of spam where the targets are Usenet newsgroups. Spamming of Usenet newsgroups actually pre-dates e-mail spam. Usenet convention defines spamming as excessive multiple posting, that is, the repeated posting of a message (or substantially similar messages). The prevalence of Usenet spam led to the development of the Breidbart Index as an objective measure of a message's "spamminess". Forum spam is the creating of messages that are advertisements, abusive, or otherwise unwanted on Internet forums. It is generally done by automated spambots. Most forum spam consists of links to external sites, with the dual goals of increasing search engine visibility in highly competitive areas such as weight loss, pharmaceuticals, gambling, pornography, real estate or loans, and generating more traffic for these commercial websites. Some of these links contain code to track the spambot's identity if a sale goes through, when the spammer behind the spambot works on commission. 2.1.5. MOBILE PHONES: Mobile phone spam is directed at the text messaging service of a mobile phone. This can be especially irritating to customers not only for the inconvenience but also because of the fee they may be charged per text message received in some markets. The term "SpaSMS" was coined at the adnews website Adland in 2000 to describe spam SMS. 2.1.6. ONLINE GAME MESSAGING: Many online games allow players to contact each other via player-to-player messaging, chat rooms, or public discussion areas. What qualifies as spam varies from game to game, but usually this term applies to all forms of message flooding, violating the terms of service contract for the website. They send spam via the in-game private messaging system, via the in-game mailing system, via yelling publicly to everyone in the area and by creating a lot of characters and committing suicide (with hacks) and making a row of bodies resemble a site URL which takes the user to a gold-selling website. All of these spam methods can interfere with the user's game play experience and this is one reason why spam is discouraged by game developers. 2.1.7. BLOG, WIKI, AND GUESTBOOK: Blog spam, or "blam" for short, is spamming on weblogs. In 2003, this type of spam took advantage of the open nature of comments in the blogging software Movable Type by repeatedly placing comments to various blog posts that provided nothing more than a link to the spammer's commercial web site. Similar attacks are often performed against wikis and guestbook, both of which accept user contributions. 2.1.8. PHISHING:

Page | 6

Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one One example would be if you received an e-mail that appears to be from your bank requesting you click a hyperlink in the e-mail and verify your online banking information. Usually there will be a repercussion stated in the e-mail for not following the link, such as "your account will be closed or suspended". The goal of the sender is for you to disclose personal and (or) account related information. This type of e-mail scam is also called phishing. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the users information. 2.1.9 CYBERSTALKING: Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims pet, vandalizing victims property, leaving written messages or objects. Stalking may be followed by serious violent acts such as physical harm to the victim and the same has to be treated and viewed seriously. It all depends on the course of conduct of the stalker. Both kind of Stalkers Online & Offline have desire to control the victims life. Majority of the stalkers are the dejected lovers or ex-lovers, who then want to harass the victim because they failed to satisfy their secret desires. Most of the stalkers are men and victim female. Cyber stalking is the use of the Internet or other electronic means to stalk or harass an individual, a group of individuals, or an organization. It may include false accusations, monitoring, making threats, identity theft, and damage to data or equipment, the solicitation of minors for sex, or gathering information in order to harass. The definition of "harassment" must meet the criterion that a reasonable person, in possession of the same information, would regard it as sufficient to cause another reasonable person distress. "Stalking is a form of mental assault, in which the perpetrator repeatedly, unwontedly, and disruptively breaks into the life-world of the victim, with whom he has no relationship (or no longer has), with motives that are directly or indirectly traceable to the affective sphere. Moreover, the separated acts that make up the intrusion cannot by themselves cause the mental abuse, but do taken together (cumulative effect)." 2.1.10 CYBER DEFAMATION: Cyber Defamation is a crime conducted in cyberspace, usually through the Internet, with the intention of defaming others. The cyber defamation law that the Korean government tries to

Page | 7

make is intended to capture such criminal activities by allowing police to crack down on hateful comments without any reports from the victims. The only country where such cyber defamation law is being implemented is China, and South Korea is the first democratic country in the process of introducing the law.

2.2. AGAINST PROPERTY: 2.2.1. HACKING:

Hacking is unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.) Hacking is a felony in the United States and most other countries. When it is done by request and under a contract between an ethical hacker and an organization, it's OK. The key difference is that the ethical hacker has authorization to probe the target. We work with IBM Consulting and its customers to design and execute thorough evaluations of their computer and network security. Depending on the evaluation they request (ranging from Web server probes to all-out attacks), we gather as much information as we can about the target from publicly available sources. As we learn more about the target, its subsidiaries and network connectivity, we begin to probe for weaknesses. Examples of weaknesses include poor configuration of Web servers, old or unpatched software, disabled security controls, and poorly chosen or default passwords. As we find and exploit vulnerabilities, we document if and how we gained access, as well as if anyone at the organization noticed. (In nearly all the cases, the Information Systems department is not informed of these planned attacks.) Then we work with the customer to address the issues we have discovered. When we do an ethical hack, we could be holding the keys to that company once we gain access. It's too great a risk for our customers to be put in a compromising position. With access to so many systems and so much information, the temptation for a former hacker could be too great - like a kid in an unattended candy store. Technically, a hacker is someone who is enthusiastic about computer programming and all things relating to the technical workings of a computer. Under such a definition, I would gladly brand myself a hacker. However, most people understand a hacker to be what is more accurately known as a 'cracker' Crackers are people who try to gain unauthorized access to computers. This is normally done through the use of a 'backdoor' program installed on your machine. A lot of crackers also try to gain access to resources through the use of password cracking software, which tries billions of passwords to find the correct one for accessing a computer. 2.2.2 CREDIT CARD FRAUD:
Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft.

Page | 8

2.2.3. SKIMMING: Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an "inside job" by a dishonest employee of a legitimate merchant. The thief can procure a victims credit card number using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victims credit card numbers. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's credit card out of their immediate view. The thief may also use a small keypad to unobtrusively transcribe the 3 or 4 digit Card Security Code which is not present on the magnetic strip. Call centers are another area where skimming can easily occur 2.2.4. INTELLECTUAL PROPERTY CRIMES: Intellectual property is any innovation, commercial or artistic, or any unique name, symbol, logo or design used commercially. Intellectual property is protected by Patents on inventions; Trademarks on branding devices; Copyrights on music, videos, patterns and other forms of expression; Trade secrets for methods or formulas having economic value and used commercially IP crime is more generally known as counterfeiting and piracy. Counterfeiting is, willful trade mark infringement, while piracy involves, willful copyright infringement. These are very similar and often overlapping crimes. IP crime is not a new phenomenon but due to globalization and advances in technology counterfeiting and piracy has become big business. 2.3. AGAINST ORGANIZATION 2.3.1. VIRUS DISSEMINATION: Malicious software attaches itself to other software. (Virus, worms, Trojan horse, Time bomb and Logic Bomb are the malicious). A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer. As stated above, the term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, even those that do not have the reproductive ability. Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm

Page | 9

can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan horse is a program that appears harmless but hides malicious functions. Worms and Trojan horses, like viruses, may harm a computer system's data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to them. Some viruses do nothing beyond reproducing themselves. 2.3.2. COMPUTER WORM: A computer worm is a self-replicating malware computer program. It uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. Many worms that have been created are only designed to spread, and don't attempt to alter the systems they pass through. A "payload" is code designed to do more than spread the wormit might delete files on a host system (e.g., the Explore Zip worm), encrypt files in a crypto viral extortion attack, or send documents via e-mail. A very common payload for worms is to install a backdoor in the infected computer to allow the creation of a "zombie" computer under control of the worm author. 2.3.3. Worms with good intent Beginning with very first research into worms at Xerox PARC, there have been attempts to create useful worms. The Nachi family of worms, for example, tried to download and install patches from Microsoft's website to fix vulnerabilities in the host systemby exploiting those same vulnerabilities. In practice, although this may have made these systems more secure, it generated considerable network traffic, rebooted the machine in the course of patching it, and did its work without the consent of the computer's owner or user. Some worms, such as XSS worms, have been written for research to determine the factors of how worms spread, such as social activity and change in user behavior, while other worms are little more than a prank, such as one that sends the popular image macro of an owl with the phrase "O RLY?" to a print queue in the infected computer. Most security experts regard all worms as malware, whatever their payload or their writers' intentions. 2.3.4. Protecting against dangerous computer worms Worms spread by exploiting vulnerabilities in operating systems. Vendors with security problems supply regular security updates (see "Patch Tuesday"), and if these are installed to a machine then the majority of worms are unable to spread to it. If a vendor acknowledges vulnerability, but has yet to release a security update to patch it, a zero day exploit is possible. However, these are relatively rare. Users need to be wary of opening unexpected email and should not run attached files or programs, or visit web sites that are linked to such emails. However, as with the ILOVEYOU worm, and with the increased growth and efficiency of phishing attacks, it remains possible

Page | 10

to trick the end-user into running a malicious code.Anti-virus and anti-spyware software are helpful, but must be kept up-to-date with new pattern files at least every few days. The use of a firewall is also recommended. 2.3.5. TROJAN HORSE: A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system. "It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems".The most important difference between a trojan horse and a virus is that trojans dont spread themselves. Trojan horses disguise themselves as valuable and useful software available for download on the internet. Most people are fooled by this ploy and end up dowloading the virus disguised as some other application. The name comes from the mythical Trojan Horse that the Ancient Greeks set upon the city of Troy. A trojan horse is typically separated into two parts a server and a client. Its the client that is cleverly disguised as significant software and positioned in peer-to-peer file sharing networks, or unauthorized download websites. Once the client Trojan executes on your computer, the attacker, i.e. the person running the server, has a high level of control over your computer, which can lead to destructive effects depending on the attackers purpose. A trojan horse virus can spread in a number of ways. The most common means of infection is through email attachments. The developer of the virus usually uses various spamming techniques in order to distribute the virus to unsuspecting users. Another method used by malware developers to spread their trojan horse viruses is via chat software such as Yahoo Messenger and Skype. Another method used by this virus in order to infect other machines is through sending copies of itself to the people in the address book of a user whose computer has already been infected by the virus. 2.3.6. DENIEL OF SERVICE: A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. The term is generally used with regards to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management. One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media

Page | 11

between the intended users and the victim so that they can no longer communicate adequately. 2.3.7. E-MAIL BOMBING: In Internet usage, an e-mail bomb is a form of net abuse consisting of sending huge volumes of e-mail to an address in an attempt to overflow the mailbox or overwhelm the server where the email address is hosted in a denial-of-service attack. There are two methods of perpetrating an e-mail bomb: mass mailing and list linking. Mass mailing: Mass mailing consists of sending numerous duplicate mails to the same email address. These types of mail bombs are simple to design but their extreme simplicity means they can be easily detected by spam filters. Email-bombing using mass mailing is also commonly performed as a DoS attack by employing the use of "zombie" botnets; hierarchical networks of computers compromised by malware and under the attacker's control. Similar to their use in spamming, the attacker instructs the botnet to send out millions or even billions of e-mails, but unlike normal botnet spamming, the e-mails are all addressed to only one or a few addresses the attacker wishes to flood. This form of email bombing is similar in purpose to other DoS flooding attacks. As the targets are frequently the dedicated hosts handling website and e-mail accounts of a business, this type of attack can be just as devastating to both services of the host. This type of attack is more difficult to defend against than a simple mass-mailing bomb because of the multiple source addresses and the possibility of each zombie computer sending a different message or employing stealth techniques to defeat spam filters. List linking: List linking means signing a particular email address to several email list subscriptions. The victim then has to unsubscribe from these unwanted services manually. In order to prevent this type of bombing, most email subscription services send a confirmation email to a person's inbox when that email is used to register for a subscription. This method of prevention is easily circumvented: if the perpetrator registers a new email account and sets it to automatically forward all mail to the victim, he or she can reply to the confirmation emails, and the list linking can proceed.

2.3.8. Zip bombing

A ZIP bomb is a variant of mail-bombing. After most commercial mail servers began checking mail with anti-virus software and filtering certain malicious file types, EXE, RAR, Zip, 7-Zip. Mail server software was then configured to unpack archives and check their contents as well. A new idea to combat this solution was composing a "bomb" consisting of an enormous text files, containing, for example, only the letter z repeating millions of times. Such a file compresses into a relatively small archive, but its unpacking (especially by early versions of mail servers) would use a greater amount of processing, which could result in a DoS (Denial of Service).

Page | 12

2.3.9. SALAMI SLICING ATTACKS: Salami slicing is a series of many minor actions, often performed by clandestine means, those together results in a larger action that would be difficult or illegal to perform at once. The term is typically used pejoratively. An example of salami slicing, also known as penny shaving, is the fraudulent practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. It would be done by always rounding down, and putting the fractions of a cent into another account. The idea is to make the change small enough that any single transaction will go undetected. In information security, salami attack is a series of minor attacks that together result in a larger attack. Computers are ideally suited to automating this type of attack. 2.3.10. LOGIC BOMBS: A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger), should they ever be terminated from the company. A logic bomb is a program, or portion of a program, which lies dormant until a specific piece of program logic is activated. In this way, a logic bomb is very analogous to a real-world land mine. The most common activator for a logic bomb is a date. The logic bomb checks the system date and does nothing until a preprogrammed date and time is reached. At that point, the logic bomb activates and executes its code. A logic bomb could also be programmed to wait for a certain message from the programmer. The logic bomb could, for example, check a web site once a week for a certain message. When the logic bomb sees that message, or when the logic bomb stops seeing that message, it activates and executes its code. A logic bomb can also be programmed to activate on a wide variety of other variables, such as when a database grows past a certain size or a users home directory is deleted. The most dangerous form of the logic bomb is a logic bomb that activates when something doesnt happen. Imagine a suspicious and unethical system administrator who creates a logic bomb which deletes all of the data on a server if he doesnt log in for a month. The system administrator programs the logic bomb with this logic because he knows that if he is fired, he wont be able to get back into the system to set his logic bomb. One day on his way to work, our suspicious and unethical system administrator is hit by a bus. Three weeks later, his logic bomb goes off and the server is wiped clean. The system administrator meant for the logic bomb to explode if he was fired; he did not foresee that he would be hit by a bus. Because a logic bomb does not replicate itself, it is very easy to write a logic bomb program. This also means that a logic bomb will not spread to unintended victims. In some ways, a logic bomb is the most civilized programmed threat, because a logic bomb must be targeted against a specific victim. The classic use for a logic bomb is to ensure payment for software. If payment is not made by a certain date, the logic bomb activates and the software automatically deletes itself. A more malicious form of that logic bomb would also delete other data on the system.

Page | 13

2.3.11. DATA DIDDLING: Data diddling involves changing data prior or during input into a computer. In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the process of having information stored in a computer file. The culprit can be anyone involved in the process of creating, recording, encoding, examining, checking, converting, or transmitting data. This is one of the simplest methods of committing a computer-related crime, because it requires almost no computer skills whatsoever. Despite the ease of committing the crime, the cost can be considerable. For example, a person entering accounting may change data to show their account, or that or a friend or family member, is paid in full. By changing or failing to enter the information, they are able to steal from the company. To deal with this type of crime; a company must implement policies and internal controls. This may include performing regular audits, using software with built-in features to combat such problems, and supervising employees. 2.4. AGAINST SOCIETY: 2.4.1 COMPUTER FORGERY: Offences of computer forgery and counterfeiting have become rampant as it is very easy to counterfeit a document like birth certificate and use the same to perpetuate any crime. The authenticity of electronic documents hence needs to be safeguarded by making forgery with the help of computers abs explicit offence punishable by law. When a perpetrator alters documents stored in computerized form, the crime committed may be forgery. In this instance, computer systems are the target of criminal activity. Computers, however, can also be used as instruments with which to commit forgery. A new generation of fraudulent alteration or counterfeiting emerged when computerized color laser copiers became available. These copiers are capable of high-resolution copying, modification of documents, and even the creation of false documents without benefit of an original, and they produce documents whose quality is indistinguishable from that of authentic documents except by an expert. These schemes take very little computer knowledge to perpetrate. Counterfeit checks, invoices and stationery can be produced using scanners, color printers, and graphics software. Such forgeries are difficult to detect for the untrained eye. It is relatively easy to scan a logo into a computer system and go from there. 2.4.2. CYBER TERRORISM: The North Atlantic Treaty Organization (NATO) has offered its own definition in 2008. NATO defined cyber terrorism as a cyber attack using or exploiting computer or communication networks to cause sufficient destruction or disruption to generate fear or to intimidate a society into an ideological goal.

Page | 14

Cyber terrorism is a controversial term. Some authors choose a very narrow definition, relating to deployments, by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic. By this narrow definition, it is difficult to identify any instances of cyber terrorism. 2.4.3. WEB JACKING: This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even change the information on the site. This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked.

3. CYBER-CRIME LAWS (INDIA)

Cyber law is a term used to describe the legal issues related to use of communications technology, particularly cyberspace, i.e. the Internet. It is less of a distinct field of law in the way that property or contract are, as it is an intersection of many legal fields, including intellectual property, privacy, freedom of expression, and jurisdiction. In essence, cyber law is an attempt to apply laws designed for the physical world, to human activity on the Internet. In India, The IT Act, 2000 as amended by The IT (Amendment) Act, 2008 is known as the Cyber law. It has a separate chapter XI entitled Offences in which various cybercrimes have been declared as penal offences punishable with imprisonment and fine. Hacking Hacking is not defined in the amended IT Act, 2000. Hacking means unauthorized attempts to bypass the security mechanisms of an information system or network. Also, in simple words Hacking is the unauthorized access to a computer system, programs, data and network resources. Laws and punishment: Under Information Technology (Amendment) Act, 2008, Section 43(a) read with section 66 is applicable and Section 379 & 406 of Indian Penal Code, 1860 also are applicable. If crime is proved under IT Act, accused shall be punished for imprisonment, which may extend to three years or with fine, which may extend to five lakh rupees or both. Hacking offence is cognizable, bailable, compoundable with permission of the court before which the prosecution of such offence is pending and triable by any magistrate. Data Theft According to Wikipedia, Data Theft is a growing problem, primarily perpetrated by office workers with access to technology such as desktop computers and handheld devices, capable of storing digital information such as flash drives, iPods and even digital cameras. The

Page | 15

damage caused by data theft can be considerable with todays ability to transmit very large files via e-mail, web pages, USB devices, DVD storage and other hand-held devices. According to Information Technology (Amendment) Act, 2008, crime of data theft under Section 43 (b) is stated as - If any person without permission of the owner or any other person, who is in charge of a computer, computer system of computer network - downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium, then it is data theft. Law & Punishment Under Information Technology (Amendment) Act, 2008, Section 43(b) read with Section 66 is applicable and under Section 379, 405 & 420 of Indian Penal Code,1860 also applicable. Data Theft offence is cognizable, bailable, compoundable with permission of the court before which the prosecution of such offence is pending and triable by any magistrate. Spreading Virus or Worms In most cases, viruses can do any amount of damage, the creator intends them to do. They can send your data to a third party and then delete your data from your computer. They can also ruin/mess up your system and render it unusable without a re-installation of the operating system. Most have not done this much damage in the past, but could easily do this in the future. Usually the virus will install files on your system and then will change your system so that virus program is run every time you start your system. It will then attempt to replicate itself by sending itself to other potential victims Law & Punishment Under Information Technology (Amendment) Act, 2008, Section 43(c) & 43(e) read with Section 66 is applicable and under Section 268 of Indian Penal Code, 1860 also applicable. Spreading of Virus offence is cognizable, bailable, compoundable with permission of the court before which the prosecution of such offence is pending and triable by any magistrate. Identity Theft Law & Punishment Under Information Technology (Amendment) Act, 2008, Section 66-C and Section 419 of Indian Penal Code, 1860 also applicable. Identity Theft offence is cognizable, bailable, compoundable with permission of the court before which the prosecution of such offence is pending and triable by any magistrate. E-Mail Spoofing E-mail spoofing is e-mail activity in which the sender addresses and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. E-mail spoofing is sending an e-mail to another person in such a way that it appears that the e-mail was sent by someone else. A spoof email is one that appears to originate from one source but actually has been sent from another source. Spoofing is the act of electronically disguising one computer as another for gaining as the password system. It is becoming so common that you can no longer take for granted that the e-mail you are receiving is truly from the person identified as the sender. Email spoofing is a technique used by hackers to fraudulently send

Page | 16

email messages in which the sender address and other parts of the email header are altered to appear as though the email originated from a source other than its actual source. Law & Punishment Under Information Technology (Amendment) Act, 2008, Section 66-D and Section417, 419 & 465of Indian Penal Code, 1860 also applicable. Email spoofing offence is cognizable, bailable, compoundable with permission of the court before which the prosecution of such offence is pending and triable by any magistrate.

4. AMENDMENTS
Information Technology Act 2000 FIRST SCHEDULE Amendments to the Indian penal code (45 of 1860) Electronic record 1. "29A. The words "electronic record" shall have the meaning assigned to them in clause (t) of sub-section (1) of section 2 of the Information Technology Act, 2000." 2. In section 167, for the words "such public servant, charged with the preparation or translation of any document, frames or translates that document", the words "such public servant, charged with the preparation or translation of any document or electronic record, frames, prepares or translates that document or electronic record" shall be substituted. 3. In section 172, for the words "produce a document in a Court of Justice", the words "produce a document or an electronic record in a Court of Justice" shall be substituted. 4. In section 173, for the words "to produce a document in a Court of Justice", the words "to produce a document or electronic record in a Court of Justice" shall be substituted. 5. In section 175, for the word "document" at both the places where it occurs, the words "document or electronic record" shall be substituted. 6. In section 192, for the words "makes any false entry in any book or record, or makes any document containing a false statement", the words "makes any false entry in any book or record, or electronic record or makes any document or electronic record containing a false statement" shall be substituted. 7. In section 204, for the word "document" at both the places where it occurs, the words "document or electronic record" shall be substituted. 8. In section 463, for the words "Whoever makes any false documents or part of a document with intent to cause damage or injury", the words "Whoever makes any false documents or false electronic record or part of a document or electronic record, with intent to cause damage or injury" shall be substituted.
Information Technology Act 2000 SECOND SCHEDULE

BACKGROUND OF THE ACT The Model Law on Electronic Commerce was framed by the United Nations Commission on International Trade Law in the year 1996. By the

Page | 17

Resolution A/RE S/51/162, dated January 30 1997, the United Nations General Assembly adopted this set of Model Law. It was recommended by this resolution that all States need to give favourable considerations to the Model Law so made and in order to do this, the states should amend, enact or revise the existing laws in such a manner that there will be a uniformity with regards to the laws on Information Technology which will be applicable to the countries at large. By so doing, a common scheme of implementation can be affected in the countries on a single window format. There also needs to be a law in order to deal with the alternatives which are coming out with regard to the paper based storage and communication of information. The Government of India through the Ministry of Commerce wing formed the first draft of the legislation following the Draft Laws of International nature on mind. This initial draft legislation was termed as the E Commerce Act of 1998. But later, because of the projects and new ventures and transactions coming into the field, the government devised a separate ministry for the same kind of transactions which was called the Ministry of Information and Technology. They took up the task and revamping the draft and started drafting of a new legislation. This legislation piece was called the Information Technology Bill of 1999. This draft bill was placed for discussion in the Parliament in December 1999 and was finally passed in May 2000. For the final notification of the Act to come in, the assent of the President was obtained on June 9, 2000 and finally on October 17, 2000, the Act was notified vide Notification Number G.S.R. 788 (E). The reasons and jurisprudence behind the Act has been clearly indicated by the intention of legislature which is given in the beginning of the Act per se. This Act while being interpreted has been made very clear in its forms and procedures. Though some shady portions and incomplete enactments have been there due to the non continous nature of the Act, the act still covers the basic gist of the Governments intentions to make the Act a passing reality for the judges to stress more on the interpretative clauses. The object of the Act has been clearly mentioned to be as follows: An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934.

Page | 18

Page | 19

Most of the chapters and the subsequent sections of the Act have been formalized keeping in view the need to issue digital certificates and facilitate the growing trend of e commerce in India. Besides, the management of the digital certificates have also been tried to be addressed in the present Act by formation of the Root Authorities, controlling authorities and even a separating adjudicating and dispute solving authority to give the Act a boost due to its specific nature. It has also been tried that the Act should have special and overriding features of several of the Laws which are already existing in this country.2 But in this act, there has been only passing references to cyber crimes and as a subject, it has not been justified and has not been persuaded or perused in great depth. 2 Ms Nidhi Kakkar v. Mr. Munish Kakkar, (2011)162PLR113 3 T. SINHA and K. SUBHADRA, Sourcing the Outsourcing Arithmetic : A Journey from America to India, p. 8 available on http://papers.ssrn.com/sol3/papers.cfm?abstract_id=705801 as last accessed on the 18th of July, 2011. Clearly, most sections addressed the need of issuance of digital certificates and management of these certificates. Cyber crime as a subject was not looked into at depth. There were only passing references to acts of cyber crime without mentioning the crime specifically. Since the implementation of the Act and since the time the legislature has brought the act into force, there has been a renewed vigor as to get all the cyber crimes adderessed through the means of this act. It has also to be understood that the cyber crimes which are taking place in India are not of a complete unique nature. It has always been emphasized that a uniform international model can be followed in order to deal with cyber crimes in general. It has also been contended by several scholars3 that immediate redressal for the same is required in this field which has to be done with immediate effect. THE FOUNDATIONS From the time that the act has come into existence, there has been demands from all corners of society that there should be changes brought into the manner in which the Act is looking into the aspects of cyber crime in general and criminology in particular. It being a completely new form of law, we have seen how the aspects have developed and similarly come into being as regards the intention of the legislature so arises. Not only was cyber crimes restricted to that of siphoning of money from online bank accounts and credit cards, it included the practices of leakage of personal data and cyber pornography which played a big role in changing the very outlook of the society with regards to computers. Computers penetrated across the length and breadth of India covering villages, towns and cities alike bringing the so long ungrided network in grided ones. Not long did it takefor the society to involve the concept of internet into regular parlance and social networking sites became a rage. Cyber crimes erupted to giant proportions taking into account even the perspectives of privacy issues. The BPO industry in India fueled the debate for a more responsible system of the Information Technology Act and several consequent amendments were made in this regard to that of the Information Technology Act which has been of greater contentions not only with regard to that ZENITH International Journal of Business Economics & Management Research Vol.2 Issue 5, May 2012, ISSN 2249 8826 Online available at http://zenithresearch.org.in/ www.zenithresearch.org.in 185

Page | 20

of the Act in general but also with regard to that of the changing dimensions of the legal scenario which has evolved in this case. It has also been a contention that the Information Technology Act has been given a greater scope in India and an upper hand of the general criminal laws and civil laws since it is a specific act. But the point which is to be noted in this regard is how the whole development evolved through amendments.4 The first major amendment came about in February 2003 with the Negotiable Instruments Act being amended in this very regard. The whole scenario changed with the concepts of cheques in electronic form coming up which was somewhat of a hesitative existence from that of the time being. The act started recognizing not only the normal cheques but also electronic cheques and gave a legal validity to a concept which was in force in the market but not in the legal arguments. Several mythical science fictions were converted into legal reality and not just deeming fictions. The government slowly could relate to the growing importance of cyber laws in general and the added accelerations which were taking place with regard to that of developments in information technology and cyber laws in general.5 Several committees appointed by the IT Ministry looked into the changes which are taking place especially in the case of the information technology laws and consequently changed their stance about the same. The parliamentary committee, which was appointed to look into the IT Act and its applicability, suggested a list of amendments that can come in the domain of information technology laws. Several lacunas were pointed out by the committee and subsequently, the amendment bill of 2006 was brought in. Looking into the recent history of the Indian legislations, it is evident that the Information Technology Act has been amongst the most amended, criticized as well as discussed acts and the Government has played a major role in the same. Personal data protection and privacy were the most important issues which were looked into in the 2006 amendment after the constant backlashes by fundamentalists as to the manner in which the country was running its legal system pertaining to cyber laws. It was often contended that the whole of the legislation was affected by means of the constant debates which were taking place in case of the IT Act. The Personal Data Protection Bill was introduced in the Rajya Sabha in the year 2006.6 The most recent amendment which has shaken and stirred the general masses and companies at large was passed in 2008. The legal fraternity is waking up every day to new developments taking place during each and every passing day and hence, the author expects a lot of developments in the near future.
Amendments to the Indian Evidence Act, 1872 (1 of 1872) (a) in the definition of "Evidence", for the words "all documents produced for the inspection of the Court", the words "all documents including electronic records produced for the inspection of the Court" shall be substituted. (b) after the definition of "India", the following shall be inserted, namely: the expressions "Certifying Authority", "digital signature", "Digital Signature Certificate", "electronic form", "electronic records", "information", "secure electronic record", "secure digital signature" and "subscriber" shall have the meanings respectively assigned to them in the Information Technology Act, 2000..

Page | 21

2. In section 17, for the words "oral or documentary", the words "oral or documentary or contained in electronic form" shall be substituted. 3.After section 22, the following section shall be inserted, namely : When oral admission as to contents of electronic records are relevant. "22A. Oral admissions as to the contents of electronic records are not relevant, unless the genuineness of the electronic record produced is in question.". 4. In section 34, for the words "Entries in the books of account", the words "Entries in the books of account, including those maintained in an electronic form" shall be substituted. 5. In section 35, for the word "record", in both the places where it occurs, the words "record or an electronic record" shall be substituted. Information Technology Act 2000 THIRD SCHEDULE Amendments to the bankers books evidence act 891 (18 of 1891)

1. In section 2 (a) for clause (3), the following clause shall be substituted, namely: (3) "bankers books" include ledgers, day-books, cash-books, account-books and all other books used in the ordinary business of a bank whether kept in the written form or as printouts of data stored in a floppy, disc, tape or any other form of electro-magnetic data storage device; (b) for clause (8), the following clause shall be substituted, namely: (8) "certified copy" means when the books of a bank, (a) are maintained in written form, a copy of any entry in such books together with a certificate written, the foot of such copy that it is a true copy of such entry, that such entry is contained in one of the ordinary books of the bank and was made in the usual and ordinary course of business and that such book is still in the custody of the bank, and where the copy was obtained by a mechanical or other process which in itself ensured the accuracy of the copy, a further certificate to that effect, but where the book from which such copy was prepared has been destroyed in the usual course of the banks business after the date on which the copy had been so prepared, a further certificate to that effect, each such certificate being dated and subscribed by the principal accountant or manager of the bank with his name and official title; (b) consist of printouts of data stored in a floppy, disc, tape or any other electro-magnetic data storage device, a printout of such entry or a copy of such printout together with such statements certified in accordance with the provisions of section 2A.. Information Technology Act 2000 FOURTH SCHEDULE
Amendment to the Reserve Bank of India act, 1934 (2 of 1934)

Page | 22

In the Reserve Bank of India Act, 1934, in section 58, in sub-section (2), after clause (p), the following clause shall be inserted, namely: "(pp) the regulation of fund transfer through electronic means between the banks or between the banks and other financial institutions referred to in clause of section 45-1, including the laying down of the conditions subject to which banks and other financial institutions shall participate in such fund transfers, the manner of such fund transfers and the rights and obligations of the participants in such fund transfers".

5. GENERAL TIPS
Preventing credit/debit card fraud By taking certain precautions, a user can prevent their credit or debit card from being misused both online and offline. 1. Do not provide photocopies of both the sides of the credit card to anyone. The card verification value (CVV) which is required for online transactions is printed on the reverse of the card. Anyone can use the card for online purchases if the information is available with them. 2. Do not click on links in email seeking details of your account, they could be phishing emails from fraudsters. Most reputed companies will ask you to visit their website directly. 3. While using a credit card for making payments online, check if the website is secure The CVV will also be required. 4. Do not give any information to persons seeking credit card information over phone 5. Notify your bank / credit card issuer if you do not receive the monthly credit card statement on time. If a credit card is misplaced or lost, get it cancelled immediately. Take a test before opening any attachment Is the email from someone that you know? Have you received email from this sender before? Were you expecting email with an attachment from this sender? Does email from the sender with the contents as described in the Subject line and the name of the attachment(s) make sense? Does this email contain a virus? To determine this, you need to install and use an antivirus program. Use Strong Password

For each computer and service you use (e-mail, chatting, online purchasing, for example), you should have a password. You shouldnt write them down nor should you share them with anyone, even your best friends. Computer intruders use trial-and-error, or brute-force techniques, to discover passwords. Use alphanumeric characters and special characters in your password.

Page | 23

The length of password should be as long as possible (More than 8 characters). Do not write it to some place where it is visible to someone else.

Protect Your Website 1. Stay informed and be in touch with security related news. 2. Watch traffic to your site. Put host-based intrusion detection devices on your web servers and monitor activity looking for any irregularities. 3. Put in firewall. 4. Configure your firewall correctly. 5. Develop your web content off line. 6. Make sure that the web servers running your public web site are physically separate and individually protected from your internal corporate network. 7. Protect your databases. If your web site serves up dynamic content from database, consider putting that database behind a second interface on your firewall, with tighter access rules than the interface to your web server. 8. Back up your web site after every update. Protect Your Personal Computer 1. Use the latest version of a good anti-virus software package which allows updation from the Internet. 2. Use the latest version of the operating system, web browsers and e-mail programs. 3. Dont open e-mail attachments unless you know the source. Attachments, especially executables (those having .exe extension) can be dangerous. 4. Confirm the site you are doing business with. Secure yourself against "WebSpoofing". Do not go to websites from email links. 5. Create passwords containing atleast 8 digits. They should not be dictionary words. They should combine upper and lower case characters. 6. Use different passwords for different websites. 7. Send credit card information only to secure sites. 8. Use a security program that gives you control over "Cookies" that send information back to websites. Letting all cookies in without monitoring them could be risky. Tips For Children 1. Do not give out identifying information such as name, home address, school name or telephone number in a chat room. 2. Do not send your photograph to any one on the Net without initially checking with the parent or guardian. 3. Do not respond to messages or bulletin board items that are obscene, belligerent or threatening. 4. Never arrange a face to face meeting without informing your parent or guardian. 5. Remember that people online may not be who they seem to be.

Page | 24

6. WRITE-UP
Here's a Accessing The Protected System write-up. Accessing Protected System According to section 70 of the IT Act (1) The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system. (2) The appropriate Government may, by order in writing, authorize the persons who are authorized to access protected systems notified under sub-Section (1). (3) Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this Section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine. As per Executive order dated 12-9-2002, issued by Ministry of Communications & Information Technology details of every protected system should be provided to the Controller of Certifying Authorities. There are three elements to this section1. Gazette notification for declaring protected system. 2. Government order authorizing persons to access protected systems. 3. Punishment for access to protected systems by unauthorized persons. Let us discuss the relevant terms and issues in detail. Appropriate government is determined as per Schedule VII of the Constitution of India. Schedule VII of the Constitution of India contains 3 lists Union, State and Concurrent. Parliament has the exclusive right to make laws on items covered in the Union List e.g. defence, Reserve Bank of India etc. State Governments have the exclusive right to make laws on items covered in the State List e.g. police, prisons etc. Parliament as well as the State Governments can make laws on matters in the Concurrent List e.g. forests, electricity etc. Illustration 1 If the computer network of the Indian Army is to be declared as a protected system, the Central Government would be the appropriate Government. Illustration 2 If the computer network of the Mumbai police is to be declared as a protected system, the Government of Maharashtra would be the appropriate Government. Illustration 3 If the computer network of the Forest Department in Maharashtra is to be declared as a protected system, the Central Government as well as the Government of Maharashtra would be the appropriate Government. All the acts, rules, regulations etc passed by the Central and State Government are notified in the Official Gazette. The Official Gazette in the electronic form is called the Electronic Gazette. A notification becomes effective on the date of its publication in the Gazette. The Government order may specify the authorised persons by name or by designation (e.g. all officers of rank of Inspector and above deputed in a particular department). The term securing access in this section is a grammatical variation of the term secures access as discussed earlier.

Page | 25

Attempt to secure access is a very wide term and can best be understood through the following illustrations. Illustration 1 Sameer runs a password cracking software to crack the password of a protected system. Irrespective of whether he succeeds in cracking the password, he is guilty of attempting to secure access. Illustration 2 Sameer runs automated denial of service software to bring down the firewall securing a protected system. Irrespective of whether he succeeds in bringing down the firewall, he is guilty of attempting to secure access. Illustration 3 Sameer sends a Trojan by email to Pooja, who is the network administrator of a protected system. He plans to Trojanize Poojas computer and thereby gain unauthorised access to the protectedsystem. Irrespective of whether he succeeds in finally accessing the protected system, he is guilty of attempting to secure access. The punishment provided for this section is rigorous or simple. Imprisonment of up to 10 years and fine. Unauthorized Access to Protected System (Summary) Actions covered Unauthorized access to protected system (or attempt thereof) Imprisonment up to 10 years and fine (this may be rigorous or simple imprisonment i.e. with or without hard labour) Court of Session High Court 1. Controller of Certifying Authorities (CCA) 2. Person authorized by CCA 3. Police Officer not below the rank of Deputy Superintendent 1. Complainant details 2. Suspect details 3. Details of gazette notification and Government order 4. How and when the contravention was discovered and by whom 5. Other relevant information

Penalty

Relevant authority Appeal lies to Investigation Authorities

Points to mention in complaint

Page | 26

7. CASE STUDY
Firos vs. State of Kerala Appellants: Firos Vs. Respondent: State of Kerala

7.1. BACKGROUND OF THE CASE

Government of Kerala, as part of IT implementation in Government departments, conceived a project idea of "FRIENDS" (Fast, Reliable, Instant, Efficient Network for Disbursement of Services). The project envisaged development of a software for single window collection of bills payable to Government, local authorities, various statutory agencies, Government Corporations etc. towards tax, fees, charges for electricity, water, etc. A person by making a consolidated payment in a computer counter served through "FRIENDS" system could discharge all his liabilities due to the Government, local authorities and various agencies. The work of developing the "FRIENDS" software was entrusted to Firos. The application software "FRIENDS" was first established at Thiruvananthapuram, free of cost, and since the project was successful, the Government decided to set up the same in all other 13 district centres. The Government of Kerala entered into a contract with Firos for setting up and commissioning "FRIENDS" software system in 13 centers all over Kerala for providing integrated services to the customers through a single window for a total consideration of Rs. 13 lack. Firos set up FRIENDS service centres in all the 13 centres and they were paid the agreed remuneration. A dispute arose between Firos and the Government with regard to Intellectual Property Rights (IPR) in the FRIENDS software. The Government arranged to modify the FRIENDS software to suit its further requirements through another agency. Firos alleged violation of copyright and filed a criminal complaint against the Government. A counter case was filed by the Government against Firos. The Government of Kerala issued a notification under Section 70 of the Information Technology Act declaring the FRIENDS software installed in the computer system and computer network established in all centers in Kerala as a protected system. Firos filed a writ petition challenging section 70 of the IT Act.

7.2. FACTS OF THE CASE

1. Appellant/petitioner approached this Court for declaring that Section 70 of the Information Technology Act, 2000 (hereinafter referred to as 'the Act') is unconstitutional and unenforceable and also for issuance of a writ of certiorari to quash Ext.P10 notification issued by the Government of Kerala under Sub-section (1) of Section 70 of the Act (Central Act No.

Page | 27

21 of 2000). According to the appellant, while disposing of the Writ Petition, the learned single Judge did not enter into any finding regarding the constitutional validity of Section 70 of the Act though it upheld ExtP10 notification issued by the State Government. The learned single Judge also directed to withdraw the suit for declaration of copyright and for injunction filed against the petitioner though the learned single Judge held that the suit is maintainable. The court also directed respondents 1 to 4 to withdraw the criminal complaint filed against the petitioner if the petitioner accepts the judgment and informs the same to the second respondent in writing within a period of one year from the date of judgment. The petitioner did not accept the judgment, but, challenged the same before this Court. 2. The facts of this case are as follows: Government of Kerala, as part of IT implementation in Government departments, conceived a project idea of "FRIENDS" (Fast, Reliable, Instant, Efficient Network for Disbursement of Services). The project envisaged is development of a software for single window collection of bills payable to Government, local authorities, various statutory agencies, Government Corporations etc. towards tax, fees, charges for electricity, water, etc. A person by making a consolidated payment in a computer counter served through "FRIENDS" system can discharge all his liabilities due to the Government, local authorities and various agencies. The first respondent Kerala State Government entrusted the work of developing the "FRIENDS" software with the fourth respondent. Fourth respondent is a registered society under the control of Government as the Total Solution Provider (TSP). The fourth respondent, in turn, entrusted the work of development of pilot project to be set up at Thiruvananthapuram to the petitioner. The application-software "FRIENDS" was first established at Thiruvananthapuram, free of cost, and since the project was successful, Government decided to set up the same in all other 13 district centres. By Ext.P6, fourth respondent entered contract with the petitioner for setting up and commissioning "FRIENDS" softwaresystem in 13 centres all over Kerala for providing integrated services to the customers through a single window for a total consideration of Rs. 13 lakhs. Pursuant to Ext.P6 agreement, petitioner set up FRIENDS service centres in all the 13 centres and they were paid the agreed remuneration. After successful completion of the project, there was a subsequent agreement between the fourth respondent and the petitioner (Ext.P9 for continued technical support and for maintenance of system) : Extended period was over. Disputes arose between the petitioner and Government with regard to Intellectual Property Right (IPR) in the software developed, namely, FRIENDS. There is no dispute that IPR software is recognised in law that copyright can be claimed for IPR in the software in view of the amendment in the Copyright Act, 1957 in 1994. When respondents 1 to 4 arranged to modify the software "FRIENDS" to suit its further requirements through another agency, petitioner alleged violation of copyright and petitioner filed criminal complaint against respondents 1 to 4 which was later referred. A counter case was filed by the State and fourth respondent against the petitioner and charge sheet was issued and a crime was registered as Crime No. 119 of 2003 and is pending before the Additional Chief Judicial Magistrate's Court, Thiruvananthapuram. Petitioner filed an application for copyright before the Registrar of Copyright and the first respondent filed a suit before the District Court, Thiruvananthapuram under Sections 60 and 61 of the Copyright Act against the petitioner

Page | 28

alleging infringement of copyright and for declaration and injunction. Since the suit is pending in the civil court, the Registrar of Copyright left the matter to be decided by the civil court and rejected petitioner's application for registration of copyright in the "FRIENDS" software applied for by him leaving freedom to any party to apply for registration of copyright after the civil court decides the issue. First respondent, State of Kerala, also issued separate notification, Ext.P10, under Section 70 of the Act declaring, among other items, that the "FRIENDS" software installed in the computer system and computer network established in all centres in Kerala as a 'protected system' for the purpose of the said Act. It is true that the criminal case against the petitioner is pending before the Chief Judicial Magistrate's Court, Thiruvananthapuram and suit filed by the first respondent against the petitioner is pending in the District Court, Thiruvananthapuram. This Writ Petition was filed challenging Section 70 of the Act. It is also contended that Ext.P10 circular issued is arbitrary, discriminatory and violative of Article 19(1)(g) of the Constitution of India and against the statutory right conferred under Section 17 of the Copyright Act. 3. Before going into the contentions raised, we may extract Section 70 of the Information Technology Act,2000 as follows: 70. Protected system: (1) The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system. (2) The appropriate Government may, by order in writing, authorise the persons who are authorised to access protected systems notified under Sub-section (1). (3) Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this section shall be punished with imprisonment of either description for a term which mayextend to ten years and shall also be liable to fine. It is the main contention of the petitioner that the computer programme "FRIENDS" is a literary work as defined under Section 2(o) of the Copyright Act and he, being its creator, is the author as defined under Section 2(d)(vi) and, therefore, he is entitled to registration of copyright. According to him, his application for registration is presently rejected on account of the pendency of the suit in the civil court and ultimately he is entitled to registration of copyright under the Act. According to the petitioner, Section 70 of the Act which confers the unfettered powers on the State Government to declare any computer system as a protected system is arbitrary and unconstitutional and inconsistent with Copyright Act and Section 70 of the Act has to be declared as illegal. The alternative contention of the petitioner is that Government should have declared it as a protected system only after obtaining declaratory decree from the civil court. In the writ petition as well as in the writ appeal even though petitioner challenged Section 70 of the Information Technology Act as unconstitutional, serious contention was regarding Ext.P10 and not regarding the validity of Section 70 of the Act. According to the petitioner, there is direct conflict between the provisions of Section 17 of the Copyright Act and Section 70 of the Information Technology Act. When there is conflict between the two Acts, it is well settled law that a harmonious construction has to be adopted. Further, Information Technology Act is a comprehensive legislation with regard to Information Technology Act and its provisions. The provisions of the same will be binding especially considering Section 81 of the Act which provides as follows:

Page | 29

81. Act to have overriding effect. The provisions of this Act shall have effect notwithstanding anything inconsistent therewith contained in any other law for the time being in force. But, as far as the Copyright Act is concerned, it is a comprehensive special Act and it is a comprehensive legislation regarding the law relating to Copyrights in India. Therefore, as far as copyright in respect of information technology is concerned, it has to be considered with reference to the provisions of the Copyright Act and as rightly held by the learned single Judge Section 70 of the Information Technology Act is directly related to Sections 2(k) and 17(d) of the Copyright Act and Government's authority to notify the system as a protected system applies only to such of the system of "Government work". Description of Government work is defined under Section 2(k) of the Copyright Act on which Government is confirmed copyright under Section 17 (d). The learned single Judge held as follows: Therefore while the IT Act deals with all matters pertaining to information technology, copyright in respect of information technology has to be considered with reference to the provisions of the Copyright Act and in this regard the contention of the petitioner, in principle has to be upheld. I feel the petitioner's contention is relevant only when Section 70 is taken in insolation, and if the Government proceeds to declare any computer system or network other than "Government work" as protected. I am of the view that Section 70 of the IT Act is directly related to Sections 2(k) and 17(d) of the Copyright Act and Government's authority to notify any system as protected applies only to such of the system which answers the description of "Government work" as defined in Section 2(k) of the Copyright Act, on which Govt. is conferred copyright under Section 17(d). In other words, a notification under Section 70 of the IT Act is a declaration of copyright under Section 17(d) of the Copyright Act which applies only to "Government work" within the meaning of Section 2(k) of the said Act. Since the apparent conflict between the provisions of both the statutes can be resolved by adopting the interpretation that a "Government work" as defined under Section 2(k) of the Copyright Act on which Government has copyright under Section 17(d) of the said Act only can be declared by Government as a "protected system" under Section 70 of the IT Act, the challenge against Section 70 as against the provisions of the Copyright Act does not survive and is only to be rejected. In other words, Section 70 of the IT Act is not against but subject to the provisions of the Copyright Act and Government cannot unilaterally declare any system as "protected" other than "Government work" falling under Section 2(k) of the Copyright Act on which Govt.'s copyright is recognised under Section 17(d) of the said Act. However, if the Government proceeds to declare any other computer system or network under Section 70 of the IT Act as a protected system, it will be open to the aggrieved party to challenge such action as arbitrary and unauthorised. So long as the authority of the Government under Section 70 of the IT Act is to declare only "Government work" as defined under Section 2(k) of the Copyright Act as "protected system" the challenge against the validity of the section will not stand and the mere possibility of the Government exceeding it's powers is no ground to declare statutory provision unconstitutional. Hence this contention is rejected. We agree with the above observations. 4. Section 2(k) of the Copyright Act deals with the Government work as follows: (k) 'Government work' means a work which is made or published by or under the direction or control of -

Page | 30

(i) the Government or any department of the Government; (ii) any Legislature in India; (iii) any Court, Tribunal or other judicial authority in India; Section 17(d) of the Copyright Act is as follows: 17. First owner of copyright:- Subject to the provisions of this Act, the author of a work shall be the owner of the copyright therein; xxx xxx xxx (d) in the case of a Government work, Government shall, in the absence of any agreement to the contrary, be the first owner of the copyright therein; There is a statutory presumption in favour of every enactment and apart from a vague statement that Section 70 of the Information Technology Act is unconstitutional, petitioner was not able to show it is unconstitutional. Legislative power of Parliament is not questioned by the petitioner in enacting Section 70. When virus of an enactment or section is challenged alleging conflict with the provision in another Act, the conflict should be resolved as far as possible in favour of the legislature putting the most liberal construction and looking at the substance of the legislation by using the principle of harmonious construction. (See: Diamond Sugar Mills v. State of U.P. AIR 1962 SC 652 at 655) and Peerless General Finance and Investment Co. Ltd. and Anr. v. Reserve Bank of India and Ors. ). When there is conflict between the provisions of two Acts, court has to construe the provisions in such a way to avoid a 'head on clash' and a harmonious construction should be adopted to resolve the conflict (See: Jogendra Lal Saha v. Stale of Bihar and Ors. ). A harmonious construction of Copyright Act and Information Technology Act is necessary and questions regarding the 'copyrights' for the computer system, electronic devices and other works under the Information Technology Act are covered by the Copyright Act. Copyright (Amendment) Act, 1999 shows that copyrights with regard to the data work, data basis, computer work etc. are specifically covered under the Copyright Act. All matters connected with copyright can be resolved by the provisions in the Copyright Act as it is a special Act for that purpose and matters regarding information technology have to be resolved by applying the provisions of the Information Technology Act as t is a special Act for that purpose. There is no conflict between the provisions of Copyright Act and Section 70 of Information Technology Act. Hence, we are of the opinion that there is no merit in the challenge made in Section 70 of the Information Technology Act. 5. The next question to be considered is whether Ext.P10 notification issued by the Government is liable to be set aside and can Government declare "FRIENDS" application software as a protected system? To decide that question whether petitioner has got a copyright of "FRIENDS" software or whether it is a Government work within the meaning of Section 2(k) of the Copyright Act, this Court declared to decide the matter on merits in O.P. 33536 of 2002 by the District Court, Thiruvananthapuram. We are of the opinion that Ext.P10 could be issued by the Government without registration of the copyright and even without a declaration of copyright by the civil court under Section 60 of the Copyright Act. If any party claims that he has got a copyright and the Government cannot declare it as a protected system, it is for him to go to the civil court and get an injunction

Page | 31

and also get a declaration that he has got a copyright of the property. It is settled position that no registration is required to claim copyright under the Copyright Act and non-registration under the Copyright Act does not bar action for infringement. The learned single Judge rightly held as follows: ...A Division Bench of this Court in Kumari Kanaka v. Sundararajan 1972 KLR 536 held that registration of the work under the Copyright is not compulsory, nor is it a condition precedent for maintaining a suit for damages or for injunction against infringement of copyright. Similar is the view taken by the Madras High Court in Manojah Cine Productions v. Sundaresan AIR 1976 Mad. 22 and by the Allahabad High Court in Nav Sahitya Prakash v. Anand Kumar . Therefore, if the "FRIENDS" software is a "Government work" as defined under Section 2(k) of the Copyright Act, then by virtue of Section 17(d) of the said Act, the Government is entitled to notify it under Section 70 of the IT Act as a protected system without any prior registration under the Copyright Act. There is nothing to indicate in Section 70 of the IT Act that the Government. should get any declaratory decree of copyright from District Court under Section 60 of the Copyright Act before issuing notification declaring a computer system as protected. Sections 60 and 61 of the Copyright Act are only remedial measures available to an aggrieved party. While Government is free to issue notification under Section 70 of the IT Act without any registration of copyright or without obtaining any declaratory decree of copyright from District Court under Section 60 of the Act, it was open to the petitioner to challenge Ext.P10 by filing a suit under sections 60 and 61 of the Copyright Act, Though the petitioner is defending the suit, it will not be permissible for the petitioner as defendant to challenge Ext.P10 in the pending suit filed by the State. Admittedly, petitioner did not file any suit. Petitioner was free to file a suit under Sections 60 and 61 of the Limitation Act wherein he could challenge Ext.P10 notification if it infringes his copyright. Sections 60 and 61 of the Copyright Act read as follows: 60. Remedy in the case of groundless threat of legal proceedings:- Where any person claiming to be the owner of copyright in any work, by circulars, advertisements or otherwise, threatens any other person with any legal proceedings or liability in respect of an alleged infringement of the copyright, any person aggrieved thereby may, notwithstanding anything contained in Section 34 of the Specific Relief Act, 1963 (47 of 1963), institute a declaratory suit that the alleged infringement to which the threats related was not in fact an infringement of any legal rights of the person making such threats and may in any such suit -(a) obtain an injunction against the continuance of such threats; and (b) recover such damages, if any as he has sustained by reason of such threats: Provided that this section does not apply if the person making such threats, with due diligence, commences and prosecutes an action for infringement of the copyright claimed by him. 61. Owners of copyright to be party to the proceeding: (1) In every Civil Suit or other proceeding regarding infringement of copyright instituted by an exclusive licensee, the owner of the copyright shall, unless the Court otherwise directs, be made a defendant and where such owner is made a defendant, he shall have the right to dispute the claim of the exclusive licensee.

Page | 32

(2) Where any Civil Suit or other proceeding regarding infringement of copyright instituted by an exclusive licensee is successful, no fresh suit or other proceeding in respect of the same cause of action shall lie at the instance of the owner of the copyright. 6. We agree with the learned single Judge that Ext.P10 is not an adjudicatory order under Chapter IX of the Information Technology Act to file an appeal to the Cyber Appellate Tribunal constituted under Chapter X of the Information Technology Act. It is true that under Ext.P6 agreement disputes between the parties could be settled by arbitration by second respondent in terms of clause 7 (2) of the said agreement. Petitioner has not chosen to avail such a remedy. Admittedly, petitioner did not file any suit and did not go for arbitration. The remedy of the petitioner was to file a suit or to refer the matter to arbitration instead of filing a writ petition. That was not done. Counsel for the petitioner insisted that since they have not filed any suit and writ petition was pending from about two years, the question whether "FRIENDS" software developed is a Government work and whether Government can issue Ext.P10 notification under Section 17(d) of the Copyright Act should be decided by this Court. Arguments were advanced by both sides to the point. The learned single Judge went through the contentions in detail and found after examining Exts.P1, 3, 6 and 9 that the software was developed for the Government and for the purpose of rendering services by the Government to the public. Even though Exts.P6 and 9 are executed with fourth respondent and Government is not directly a party, fourth respondent was only a Government agency and Government created the above agency as a total solution provider for developing softwares for the Government. Clause (10) of Ext.R4(b) reads as follows: 10. Departmental Task Force will monitor the actual implementation of the project vis-a-vis the milestones set by the TSP. Intellectual Property Rights of the system developed by all the TSPs and Departments shall vest in the Government of Kerala. Government of Kerala will be free to deploy the same system or with modification in any of the Government/SemiGovernment/Quasi Government Departments/ Organisation. Fourth respondent was bound by the above clause. Petitioner who understood technical support by executing agreement with fourth respondent is also bound by the above clause in Ext.R4(b). Government has decided itself to the IPR copyright in respect of "FRIENDS" software and there is no document or clause in the agreement to show that fourth respondent has assigned IPR right to the petitioner. The agreement was valid for a definite period and the petitioner was bound to give technical support during the currency of agreement. The software developed is for the sole purpose of collection of tax and amount payable to the various Government agencies through a single window. The learned single Judge held that it answers the definition of 'Government work' under Section 2(k). We agree with the learned single Judge. 7. It is contended by the learned Government Pleader that findings 7 and 8 were not warranted as when suit is maintainable, the court should not have directed to withdraw the suit, but, the question whether Government is entitled to publish Ext.PIO notification under Section 70 was decided by the learned single Judge himself and, therefore, a declaratory suit was not necessary. The learned single Judge also held that the petitioner is prohibited from claiming any right from "FRIENDS" software in view of Ext.PIO notification. Therefore, a further suit is unnecessary and, in any event, no appeal has been filed by the Government. We

Page | 33

agree with the finding of the learned single Judge that Section 70 of the Information Technology Act is not unconstitutional, but, while interpreting Section 70 of the Information Technology Act, a harmonious construction with Copyright Act is needed and copyright of IT Government work is also protected under the Copyright Act and remedy provided under the Copyright Act can be availed by the parties, if their copyright is infringed even in respect of IT work. No grounds are made out by the petitioner to set aside Ext.P10 notification issued under Section 70 of the Information Technology Act in a petition under Article 226 of the Constitution of India. Therefore, the Writ Appeal is dismissed.

8. ACTS USED IN THE CASE

8.1. SECTION 70 of IT Act
(1) The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system. (2) The appropriate Government may, by order in writing, authorize the persons who are authorized to access protected systems notified under sub-Section (1). (3) Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this Section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine. As per Executive order dated 12-9-2002, issued by Ministry of Communications &Information Technology details of every protected system should be provided to the Controller of Certifying Authorities. There are three elements to this section1. Gazette notification for declaring protected system. 2. Government order authorizing persons to access protected systems. 3. Punishment for access to protected systems by unauthorised persons. Let us discuss the relevant terms and issues in detail. Appropriate government is determined as per Schedule VII of the Constitution of India. Schedule VII of the Constitution of India contains 3 lists Union, State and Concurrent. Parliament has the exclusive right to make laws on items covered in the Union List e.g. defence, Reserve Bank of India etc. State Governments have the exclusive right to make laws on items covered in the State List e.g. police, prisons etc. Parliament as well as the State Governments can make laws on matters in the Concurrent List e.g. forests, electricity etc. Illustration 1 If the computer network of the Indian Army is to be declared as a protected system, the Central Government would be the appropriate Government. Illustration 2 If the computer network of the Mumbai police is to be declared as a protected system, the Government of Maharashtra would be the appropriate Government. Illustration 3

Page | 34

If the computer network of the Forest Department in Maharashtra is to be declared as a protected system, the Central Government as well as the Government of Maharashtra would be the appropriate Government. All the acts, rules, regulations etc passed by the Central and State Government are notified in the Official Gazette. The Official Gazette in the electronic form is called the Electronic Gazette. A notification becomes effective on the date of its publication in the Gazette. The Government order may specify the authorised persons by name or by designation (e.g. all officers of rank of Inspector and above deputed in a particular department). The term securing access in this section is a grammatical variation of the term secures access as discussed earlier. Attempt to secure access is a very wide term and can best be understood through the following illustrations. Illustration 1 Sameer runs a password cracking software to crack the password of a protected system. Irrespective of whether he succeeds in cracking the password, he is guilty of attempting to secure access. Illustration 2 Sameer runs automated denial of service software to bring down the firewall securing a protected system. Irrespective of whether he succeeds in bringing down the firewall, he is guilty of attempting to secure access. Illustration 3 Sameer sends a Trojan by email to Pooja, who is the network administrator of a protected system. He plans to Trojanize Poojas computer and thereby gain unauthorised access to the protected system. Irrespective of whether he succeeds in finally accessing the protected system, he is guilty of attempting to secure access. The punishment provided for this section is rigorous or simple imprisonment of up to 10 years and fine. Unauthorized Access to Protected System (Summary) Actions covered Unauthorized access to protected system (or attempt thereof) Imprisonment up to 10 years and fine (this may be rigorous or simple imprisonment i.e. with or without hard labour) Court of Session High Court 1. Controller of Certifying Authorities (CCA) 2. Person authorized by CCA 3. Police Officer not below the rank of Deputy Superintendent

Penalty

Relevant authority Appeal lies to Investigation Authorities

Page | 35

Points to mention in complaint

1. Complainant details 2. Suspect details 3. Details of gazette notification and Government order 4. How and when the contravention was discovered and by whom 5. Other relevant information

8.2. SECTION 17 of COPYRIGHT Act

First owner of copyright; Subject to the provisions of this Act, the author of a work shall be the first owner of the copyright therein; provided that(a) in the case of a literary, dramatic or artistic work made by the author in the course of his employment by the proprietor of a newspaper, magazine or similar periodical under a contract of service or apprenticeship, for the purpose of publication in a newspaper, magazine or similar periodical, the said proprietor shall, in the absence of any agreement to the contrary, be the first owner of the copyright in the work in so far as the copyright relates to the publication of the work in any newspaper, magazine or similar periodical, or to the reproduction of the work for the purpose of its being so published, but in all other respects the author shall be the first owner of the copyright in the work; (b) subject to the provisions of clause (a), in the case of a photograph taken, or a painting or portrait drawn, or an engraving or a cinematograph film made, for valuable consideration at the instance of any person, such person shall, in the absence of any agreement to the contrary, be the first owner of the copyright therein; (c) in the case of a work made in the course of the author' s employment under a contract of service or apprenticeship, to which clause (a) or clause (b) does not apply, the employer shall, in the absence of any agreement to the contrary, be the first owner of the copyright therein; (cc) in the case of any address or speech delivered In public, the person who has delivered such address or speech or if such person has delivered such address or speech on behalf of any other person, such other person shall be the first owner of the copyright therein notwithstanding that the person who delivers such address or speech, or, as the case may be, the person on whose behalf such address or speech is delivered, is employed by any other person who arranges such address or speech or on whose behalf or premises such address or speech is delivered; (d) in the case of a Government work, Government shall, in the absence of any agreement to the contrary, be the first owner of the copyright therein; (dd) in the case of a work made or first published by or under the direction or control of any public undertaking such public undertaking shall, in the absence of any agreement to the

Page | 36

contrary, be the first owner of the copyright therein. Explanation.- For the purposes of this clause and section 28A," public undertaking" means(i) an undertaking owned or controlled by Government; or (ii) a Government Company as defined in section 617 of the Companies Act, 1956 ; or (iii) a body corporate established by or under any Central, Provincial or State Act.] (e) in the case of a work to which the provisions of section 41 apply, the international organization concerned shall be the first owner of the copyright therein.

8.3. SECTION 2(K) of COPYRIGHT Act

" Government work" means a work which is made or published by or under the direction or control of-(i) the Government or any department of the Government; (ii) any Legislature in India; (iii) any court, tribunal or other judicial authority in India.

9. CONCLUSION OF THE COURT

1. There is no conflict between the provisions of Copyright Act and Section 70 of IT Act. 2. Section 70 of the IT Act is not unconstitutional. 3. While interpreting section 70 of the IT Act, a harmonious construction with Copyright Act is needed. 4. Section 70 of the IT Act is not against but subject to the provisions of the Copyright Act. Cyber Crime & Digital Evidence Indian Perspective 5. Government cannot unilaterally declare any system as "protected" other than "Government work" falling under section 2(k) of the Copyright Act on which Govt.'s copyright is recognised under Section 17(d) of the said Act. Section 2(k) of the Copyright Act (k) 'Government work' means a work which is made or published by or under the direction or control of (i) the Government or any department of the Government; (ii) any Legislature in India; (iii) any Court, Tribunal or other judicial authority in India; Section 17(d) of the Copyright Act 17. First owner of copyright:- Subject to the provisions of this Act, the author of a work shall be the owner of the copyright therein; (d) in the case of a Government work, Government shall, in the absence of any agreement to the contrary, be the first owner of the copyright therein.

Page | 37

REFERENCES
1) 2) 3) 4) 5) 6) http://cyberlaws.net/cyberindia/articles.htm http://www.cyberlawsindia.net/ http://satheeshgnair.blogspot.com/2009/06/selected-case-studies-on-cybercrime.html http://www.cybercellmumbai.com/ Kumar Vinod Winning the Battle against Cyber Crime http://indiakanoon.com

Page | 38