Professional Documents
Culture Documents
"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb". National Research Council, "Computers at Risk", 1991.
INTRODUCTION
An Act to provide legal recognition for electronic transactions carried out by means of electronic data interchange. (Electronic Commerce or e-commerce). To give legal recognition to digital signature for accepting any agreement in electronic form. To facilitate electronic filing of documents with the Government agencies. To stop computer crime and protect privacy of internet users. To give legal recognition for keeping books of accounts by bankers and other companies in electronic form. To give more power to IPC,RBI and Indian Evidence Act for restricting electronic crime.
SCOPE
All electronic information except
A negotiable instrument (Sec 13, NIA 1881) Power of attorney (Sec 1A, PAA 1882) A trust (Sec 3, ITA 1882) A will (Sec 2, ISA 1925) Contract for sale of immovable property. Other documents notified by the Central Government in the Official Gazette.
CRYPTOGRAPHY
Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries).
Adversary is a malicious entity whose aim is to prevent the users of the cryptosystem from achieving their goal (primarily privacy, integrity, and availability of data).
An encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. Symmetric-key systems are simpler and faster, but their main drawback is that the two parties must somehow exchange the key in a secure way. Public-key encryption avoids this problem because the public key can be distributed in a non-secure way, and the private key is never transmitted.
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit.
ADVANTAGES OF DS
Authentication: The process of proving one's identity. Integrity: Assuring the receiver that the received message has not been altered in any way from the original. Non-repudiation: A mechanism to prove that the sender really sent this message.
DIGITAL SIGNATURES
E-COMMERCE
E-Commerce
transactions over the Internet include Formation of Contracts Delivery of Information and Services Delivery of Content
E-GOVERNANCE
Application
of ICT Aim towards making govt. services available to citizens in transparent manner. Model of e-governance: One Stop portal
ELECTRONIC RECORD
Electronic document produced by a computer. Stored in digital form, and cannot be perceived without using a computer.
Characteristics of Electronic Record: It can be deleted, modified and rewritten without leaving a mark. A copy is indistinguishable from the original. It cant be sealed in the traditional way, where the author affixes his signature.
Recognition of Electronic Record Legal Recognition of Digital Signatures Use of Electronic Records in Government & Its Agencies. Retention of electronic records. Power to make rules by Central Government in respect of digital signature.
Originator has not specified particular method- Any communication automated or otherwise or conduct to indicate the receipt If specified that the receipt is necessary- Then unless acknowledgement has been received Electronic Record shall be deemed to have been never sent Where ack. not received within time specified or within reasonable time the originator may give notice to treat the Electronic record as though never sent
otherwise agreed dispatch occurs when ER enters resource outside the control of originator If addressee has a designated computer resource , receipt occurs at time ER enters the designated computer, if electronic record is sent to a computer resource of addressee that is not designated , receipt occurs when ER is retrieved by addressee If no computer resource designated- when ER enters computer resource of addressee, it shall be deemed to be received by the addressee.
DEFINITIONS
security procedure means the security procedure prescribed by the Central Government under the IT Act, 2000. secure electronic record where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification
If by application of a security procedure agreed to by the parties concerned, it can be verified that a digital signature, at the time it was affixed, was: (a) unique to the subscriber affixing it; (b) capable of identifying such subscriber; (c) linked to the electronic record to which it relates in such a manner that if the electronic record was altered the digital signature would be invalidated, then such digital signature shall be deemed to be a secure digital signature.
"Certifying Authority" means a person who has been granted a licence to issue a Digital Signature Certificate Controller is appointed by Central Government as a body to supervise the working of certifying authorities.
Functions of Controller
Shall exercise supervision over the activities of Certifying
Authorities Lay down standards and conditions governing Certifying Authorities Specify various forms and content of Digital Signature Certificates
Power to delegate
Controller can authorize the Deputy/Assistant controller or any other officer to exercise any power of the controller
Repository of Digital Signature issued by certifying authorities Maintain the secrecy and security of digital signature Maintain a database of Public key and should be accessible to public
Any person can apply for the licence Successful applicant needs proper qualification, expertise, manpower, financial resources and other infrastructure facilities Valid for some period as prescribed by Central government Not transferable or heritable Subjected to term and conditions specified by regulators
Suspension of licence
Incorrect or false material failed to comply with terms and conditions failed to maintain the standards violation of any provision of this Act
Should publish the notice in database maintained the database should be accessible to applicant through web site or any other mean
Display of Licence . Certifying Authority shall display the licence in the premises where it
carries the business
Surrender of Licence
Should surrender the licence after it is suspended or revoked Otherwise, the person on whose name licence is issued shall be punished with imprisonment up to six months or fine up to 10K or both
Disclosure
Certifying authorities should disclose its Digital Signature used to digitally sign the other Digital Signature Certificates notice of suspension or revocation, if any any fact that affect the reliability or service of the Certifying Authority
Any event or situation which may adversely affect computer system or the conditions subject to which Digital Signature was granted, then Certifying Authority shall use reasonable efforts to notify the person who is likely to affected by it use the specified procedures to deal with the situation.
If convicted a second time imprisonment may extend upto 10 yrs and fine upto 2 lakh rupees.
The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. EMails were also forwarded to the victim for information by the accused through a false e-mail account opened by him in the name of the victim. The posting of the message resulted in annoying phone calls to the lady in the belief that she was soliciting. The accused was a known family friend of the victim and was reportedly interested in marrying her. She however married another person. This marriage later ended in divorce and the accused started contacting her once again. On her reluctance to marry him, the accused took up the harassment through the Internet.
VERDICT
the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently. The accused paid fine amount and he was lodged at Central Prison, Chennai. This is considered as the first case convicted under section 67 of Information Technology Act 2000 in India.
Residual Penalty
Whoever contravenes any rules or regulations made under this act, for the contravention of which no penalty has been separately provided, shall be liable to pay a compensation not exceeding twenty thousand rupees to the person affected.
Power to Adjudicate
The officer to be appointed should have experience in the field of Information Technology and legal or judicial experience. Officer not below the rank of Director to the Government of India is appointed as an adjudicating officer. The appointed officer is given all the rights to impose the concerned penalty. Every adjudicating officer has the powers of a civil court under sub section(2) of section 58, and- All proceedings are deemed to be judicial proceedings within the meanings of sections 193 and 228 of Indian Penal Code. Are deemed to be a civil court for the purposes of sections 345 ad 346 of Code of Criminal Procedure, 1973.
The Central Government establishes one or more appellate tribunals to be known as the Cyber Appellate Tribunal It has been established under the IT Act under the aegis of the Controller of Certifying Authorities (CCA) First and only CAT in the country established by the Central Government in accordance with the provision of the contained under the Section 48 (1) of the IT Act, 2000 Started functioning in Oct. 2006 in New Delhi and headed by Honble Mr Justice Rajesh Tandon The Central Government also specifies the matters and places to which the Cyber Appellate Tribunal may exercise jurisdiction The Cyber Appellate Tribunal shall consist of one presiding officer who is appointed, by notification, by the central government and any such number of other members
Any person is qualified for appointment to office, given that the person:
is or has been, or is qualified to be, a Judge of a High Court is or has been a member of the Indian Legal Service and is holding or has held a post in Grade I of that Service for at least three years.
The presiding officer can hold office for a term of 5 years from the date on which he enters upon his office or until he attains the age of 65 years, whichever is earlier.
FILLING OF VACANCIES
For reasons other than temporary absence, if any vacancy occurs in the office of Presiding Officer of a Cyber Appellate Tribunal, then the Central Government shall appoint another person according to the provisions of the act.
The proceedings, if any, may continue once the vacancy has been filled.
The presiding officer of CRAT may, by notice in writing to the central government, resign his office The presiding officer of Cyber Appellate Tribunal shall not be removed from his office, except by an order of the central government, on the ground of proven misbehavior or incapacity . The central government may, by rules, regulate the procedure for investigating the misbehavior or incapacity of the aforesaid Presiding Officer.
The Central government shall provide the Tribunal with such officers and employees as the government may think fit The officers can discharge their duties under the supervision of the Presiding Officer. The salaries, allowances and other conditions of service shall be prescribed by the Central Government
Any person aggrieved by an order made by Controller or an adjudicating officer may appeal to the Appellate Every appeal shall be made within forty five days from the date on which a copy of the order made by the Controller or the adjudicating officer is received by the aggrieved person. On receipt of an appeal, the Cyber Appellate Tribunal may pass orders to confirm, modify or set aside the order appealed against.
CONTD
The appellate must also send a copy of every order made by it to, the parties to the appeal and to the concerned Controller. The appeal filed before the Cyber Appellate Tribunal shall be dealt with as expeditiously as possible and endeavor shall be made by it to dispose of the appeal finally within six months.
The Appellate Tribunal shall have powers to regulate its own procedure including the place at which it shall have its sittings. The cyber appellate tribunal shall have, for the purposes of the act, the same powers as vested in a civil court for e.g. summoning and enforcing the attendance of any person, requiring discovery of documents etc
Every proceeding before the cyber appellate tribunal shall be deemed to be judicial.
The appellant may either appear in person or authorize one or more legal practitioners to present his case before the Tribunal. No civil court has any jurisdiction in the proceedings that come under the purview of the Tribunal.
Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal to the High Court within sixty days from the date of communication of the decision or order of the Cyber Appellate Tribunal to him on any question of fact or law arising out of such order The High Court may also, if satisfied, let the person file a case beyond that in some cases.
RECOVERY OF PENALTY
A penalty imposed under this Act, if it is not paid, shall be recovered as an arrear of land revenue and the licence or the Digital Signature Certificate, as the case may be, shall be suspended till the penalty is paid
CYBER CRIMES
CYBER CRIMES
S65 : tampering with computer source documents S66 : hacking with computer system S67 : publishing the information which is obscene in electronic form S70 : un-authorized access to protected system S72 : breach of confidentiality S73 : publishing false digital signature
"computer source code" means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form. Tempering occurs when someone: Conceals Destroys Alters Punishment Imprisonment upto 3 years Fine upto 2L
EXAMPLE
A big mobile services company launched a famous scheme wherein this company was giving an expensive hand-set at a very low cost but with a lock-in period of 3 years in which the mobile subscriber has to pay a fixed monthly rental and a premium call charge to such mobile services company. A special computer program / technology was used by this mobile services company wherein the hand-set can only be used with this mobile services and not with other mobile services. Employees of a completing mobile services company lured the customers of the above company to alter / tamper with the special (locking) computer program / technology so that the hand-set can be used with the competing mobile services
S66 : HACKING
EXAMPLE
Two BPO employees gained illegal access to their companys computer system by hacking with the passwords. They conspired with son of a credit card holderand illegally increased the credit limit of the card and changed the communication address so that credit card statement never reaches the original card holder. The credit card company was cheated about Rs. 7.2 laks.
material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely to read, see or hear Punishment Imprisonment upto 5 years and fine upto 1L Imprisonment upto 10 years and fine upto 2L
EXAMPLE
Some unknown person had created an email ID using the name of a lady and had used this email ID to post messages on five Web pages describing her as a call girl along with her contact numbers
Controller can direct government agency to intercept any information transmitted through any computer source if Interest of sovereignty integrity of India the security of the State friendly relations with foreign Stales public order for preventing incitement to the commission of any cognizable offence Imprisonment upto 7 years
The subscriber or any person who fails to assist the agency referred to in sub-section
S70
(1) The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system. (2) The appropriate Government may, by order in writing, authorize the persons who are authorized to access protected systems notified under sub-section. (3) Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.
Whoever makes any misrepresentation, to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate, as the case may be, shall be punished with imprisonment for a terms which may extend to two years, or with fine which may extend to one lac rupees, or with both.
Person having secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of a person concerned discloses the document Imprisonment upto 2 years Fine upto 1L
S73: publishing false digital signature No person can issue digital signature if The certifying authority has not issued it Subscriber in the certificate has not accepted it certificate has been suspended Imprisonment upto 2 years Fine upto 1L
No person providing service as a network service provider shall be liable if he proves that the offence was committed without his knowledge Network service provider : intermediary third party information : any information dealt with by a network service provider in his capacity as an intermediary The criminal liability on the network service providers has been defined by the provisions of sub section (1) Eg: Case of issuing SIM cards through stolen Ids
MISCELLANEOUS
of Police.
Any other officer of the Central Government or a State Government authorised by the Central Government
Public place
PUBLIC SERVANTS
The Presiding Officer Other officers and employees of a Cyber Appellate Tribunal The Controller The Deputy Controller The Assistant Controllers
No suit, prosecution or other legal proceeding Central Government, State Government The Controller, any person acting on his behalf
REMOVAL OF DIFFICULTIES
Central Government can make provisions consistent with the provisions of the Act.
No order shall be made after the expiry of 2 years from the commencement of this Act.
To carry out the provisions of this Act. Manner of authentication of Digital Signatures Method and form of filing of Electronic Records Security procedure for creating secure electronic records and secure digital signature
Shall advice:
related to this Act. The Controller in framing regulations under this Act.
The Controller - after consultation with the Cyber Regulations Advisory Committee.
Previous approval of the Central Government. Make laws consistent with the Act. Maintenance of data-base containing the disclosure record of every Certifying Authority.
The electronic form in which filing, issue, grant of receipt or payment shall be effected.
THANK YOU