Information Technology Act. Cyber Law. Cyber crimes . Types and Penalties thereof. E-commerce and Econtract.

act. Internet policy of Government of India.

By K. VINOTHINI. G. DIVYA.

CYBER LAW
What is Cyber Law?
Cyber Law is the law governing cyber space. Cyber space is a very wide term and includes computers, networks, software, data storage devices (such as hard disks, USB disks etc), the internet, websites, emails and even electronic devices such as cell phones, ATM machines etc. Law encompasses the rules of conduct: 1. that have been approved by the government, and 2. which are in force over a certain territory, and 3. which must be obeyed by all persons on that territory. Violation of these rules could lead to government action such as imprisonment or fine or an order to pay compensation. Cyber law encompasses laws relating to: 1. Cyber Crimes 2. Electronic and Digital Signatures 3. Intellectual Property 4. Data Protection and Privacy

Need for Cyber Law

There are various reasons why it is extremely difficult for conventional law to cope with cyberspace. Some of these are discussed below. 1. Cyberspace is an intangible dimension that is impossible to govern and regulate using conventional law. 2. Cyberspace has complete disrespect for jurisdictional boundaries. A person in India could break into a banks electronic vault hosted on a computer in USA and transfer millions of Rupees to another bank in Switzerland, all within minutes. All he would need is a laptop computer and a cell phone. 3. Cyberspace handles gigantic traffic volumes every second. Billions of emails are crisscrossing the globe even as we read this, millions of websites are being accessed every minute and billions of dollars are electronically transferred around the world by banks every day.

4. Cyberspace is absolutely open to participation by all. A tenyear-old in Bhutan can have a live chat session with an eightyear-old in Bali without any regard for the distance or the anonymity between them.
5. Cyberspace offers enormous potential.

CYBER LAW AND IT ACT 2000

Provides legal recognition to electronic documents and a framework to support efiling and e-commerce transactions and also provides a legal framework to mitigate, check cyber crimes. IT Act 2000. IT (Amendment) Act, 2008.

Information Technology Act, 2000

In India the Information Technology Act, 2000 is the Mother Legislation that deals with issues related to use of computers, computer systems , computer networks and the Internet. Information Technology Act, 2000-came into force on 17 October

2000
amended by the Information Technology (Amendment )Act, 2008. Extends to whole of India and also applies to any offence or

contravention there under committed outside India by any person

{section 1 (2)}

Contents of IT act
Penalties and adjudication for various offences involving computers, computer systems and computer networks.. Imprisonment and fine for various cybercrimes defined.. Various cyber offences defined.. Cyber offences to be investigated only by a Police Officer not bellow the rank of the Inspector (now), Deputy Superintendent of Police(earlier).

Civil Wrongs under IT Act

Chapter IX of IT Act, Section 43 Whoever without permission of owner of the computer Secures access (mere U/A access) Not necessarily through a network Downloads, copies, extracts any data Introduces or causes to be introduced any viruses or contaminant Damages or causes to be damaged any computer resource Destroy, alter, delete, add, modify or rearrange Change the format of a file Disrupts or causes disruption of any computer resource

CYBER CRIME
It is a CRIMINAL activity committed on the internet. This is a broad term that describes everything from Electronic cracking to denial of service attacks that cause electronic commerce sites to lose money.

Classification of cyber crimes

The computer as a target - attacking the computers of others (spreading viruses is an example). The computer as a weapon - using a computer to commit "traditional crime" that we see in the physical world (such as fraud or illegal gambling). The computer as an accessory - using a computer as a "fancy filing cabinet" to store illegal or stolen information.

Types of Cyber crimes

Hacking Credit card frauds Cyber pornography Sale of illegal articles-narcotics, weapons, wildlife Online gambling Intellectual Property crimes- software piracy, copyright infringement, trademarks violations, theft of computer source code Email spoofing Forgery Defamation Cyber stalking (section 509 IPC) Phising Cyber terrorism Denial of service attack Virus Disseemination Software piracy
Crime against Government

Crime against property

Crime against persons

Pictorial representation of various cyber crimes

Cyber crimes

Web jacking

Hacking

Information Theft

E-mail bombing

Salami attacks

Denial of Service attacks

Trojan attacks

Common cyber crimes

Hacking Computer hacking is when someone modifies computer hardware or software in a way that alters the creator's original intent. People who hack computers are known as hackers. Hackers are usually real technology buffs who enjoy learning all they can about computers and how they work. Spam The most common type of cyber crime is spam. While email spam laws are fairly new, there have been laws on the books regarding "unsolicited electronic communication" for many years. Fraud Credit fraud is another common form of cyber crime. Certain computer viruses can log keystrokes on your keyboard and send them to hackers, who can then take your Social Security number, credit card number and home address. This information will be used by the hacker for his own means.

Cyber Bullying Harassment, or cyber bullying, is a growing problem among teenagers. Many countries in Europe and several states in the United States have laws to punish those who consistently harass somebody over the Internet. Drug Trafficking
Believe it or not, drug trafficking is happening over the Internet. Many traffickers use encrypted email or password-protected message boards to arrange drug deals.

Cyber Terrorism
There are many forms of cyberterrorism. Sometimes it's a rather smart hacker breaking into a government website, other times it's just a group of like-minded Internet users who crash a website by flooding it with traffic. No matter how harmless it may seem, it is still illegal.

Piracy
Far and away the most talked about form of cyber crime is thievery. Yes, downloading music from peer-to-peer websites is illegal and therefore a form of cyber crime.

Penalties
On first conviction - imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees. Second or subsequent conviction imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.

Section 66: Hacking

Ingredients
Intention or Knowledge to cause wrongful loss or damage to the public or any person Destruction, deletion, alteration, diminishing value or utility or injuriously affecting information residing in a computer resource

Punishment
imprisonment up to three years, and / or fine up to Rs. 2 lakh

Cognizable, Non Bailable,

Section 66 covers data theft aswell as data alteration

15

Sec. 67. Pornography

Ingredients
Publishing or transmitting or causing to be published in the electronic form, Obscene material

Punishment
On first conviction imprisonment of either description up to five years and fine up to Rs. 1 lakh On subsequent conviction imprisonment of either description up to ten years and fine up to Rs. 2 lakh

Section covers
Internet Service Providers, Search engines, Pornographic websites

Cognizable, Non-Bailable, JMIC/ Court of Sessions

Sec 69: Decryption of information

Ingredients
Controller issues order to Government agency to intercept any information transmitted through any computer resource. Order is issued in the interest of the
sovereignty or integrity of India, the security of the State, friendly relations with foreign States, public order or preventing incitement for commission of a cognizable offence

Person in charge of the computer resource fails to extend all facilities and technical assistance to decrypt the information-punishment upto 7 years.

Computer Related Crimes under IPC and Special Laws

Sending threatening messages by email Sec 503 IPC

Sending defamatory messages by email

Forgery of electronic records Bogus websites, cyber frauds Email spoofing Online sale of Drugs

Sec 499, 500 IPC

Sec 463, 470, 471 IPC Sec 420 IPC Sec 416, 417, 463 IPC NDPS Act

Web-Jacking
Online sale of Arms

Sec. 383 IPC

Arms Act

18

CASE: FIR NO 76/02 PS

PARLIAMENT STREET
Mrs. SONIA GANDHI RECEIVED THREATING E-MAILS E- MAIL FROM missonrevenge84@khalsa.com missionrevenge84@hotmail.com THE CASE WAS REFERRED ACCUSED PERSON LOST HIS PARENTS DURING 1984 RIOTS(1984 anti-Sikh riots)

19

Case: Phishing
With the tremendous increase in the use of online banking, online share trading and ecommerce, there has been a corresponding growth in the incidents of phishing being used to carry out financial frauds. Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details etc) by masquerading as a trusted entity.

Scenario 1: The victim receives an email that appears to have been sent from his bank. The email urges the victim to click on the link in the email. When the victim does so, he is taken to a secure page on the banks website. The victim believes the web page to be authentic and he enters his username, password and other information. In reality, the website is a fake and the victims information is stolen and misused. The law Sections 43 and 66 of Information Technology Act and sections 419, 420 and 468 of Indian Penal Code. Who is liable? All persons involved in creating and sending the fraudulent emails and creating and maintaining the fake website. The persons who misuse the stolen or phished information are also liable. The motive Illegal financial gain. Modus Operandi The suspect registers a domain name using fictitious details. The domain name is usually such that can be misused for spoofing e.g. Noodle Bank has its website at www.noodle.com The suspects can target Noodle customers using a domain name like www.noodle-bank-customerlogin.com The suspect then sends spoofed emails to the victims. e.g. the emails may appear to come from info@noodle.com The fake website is designed to look exactly like the original website.

AN OVERVIEW OF CYBERCRIME IN INDIA

February 2012

The Cost of Cybercrime

In India in 2010:
29.9 million people fell victim to cybercrime $4 billion in direct financial losses $3.6 billion in time spent resolving the crime 4 in 5 online adults (80%) have been a victim of cybercrime 17% of adults online have experienced cybercrime on their mobile phone

Source: Norton Cybercrime Report 2011

Why India?
A rapidly growing online user base
121 million internet users 65 million active internet users, up 28% from 51 million in 2010 50 million users shop online on ecommerce and online shopping sites 46+ million social network users 346 million mobile users had subscribed to data packages
Source: IAMAI; Juxt; wearesocial 2011

What kind of

cybercrimes?

The majority of cybercrimes are centered on forgery, fraud and phishing India is the third-most targeted country for phishing attacks after the US and the UK Social networks as well as ecommerce sites are major targets 6.9 million bot-infected systems in 2010 14,348 website defacements in 2010 6,850 .in and 4,150 .com domains were defaced during 2011 15,000 sites hacked in 2011 India is the number 1 country in the world for generating spam

What should government tackle?

The police have recorded 3,038 cases but made only 2,700 arrests in 3 years (between 2007 and 2010) India registered only 1,350 cases under the IT Act and IPC in 2010 50% of cybercrimes are not even reported

Why are so few cases are reported and does that mean the legislation is inadequate?

Arrests & Reports under IT Act

Under the IT Act, 966 cybercrime cases were filed in 2010 420 in 2009) Geographic breakdown of cases reported:
153 from Karnataka, 148 from Kerala 142 from Maharashtra 105 Andhra Pradesh 52 Rajasthan 52 Punjab

233 persons were arrested in 2010 33% of the cases registered were related to hacking
Source: National Crime Records Bureau

The future of cybercrimes in India

Continued website hacks and defacements Data and information theft

Increasing phishing attacks on ecommerce and financial websites

Cybercriminals targeting social and professional networks Threats directed at the mobile platform: smartphones and tablets

Better Enforcement initiatives

Mumbai Cyber lab is a joint initiative of Mumbai police and NASSCOM more exchange

and coordination of this kind

Suggested amendments to the IT Act,2000-new provisions for child pornography, etc More Public awareness campaigns Training of police officers to effectively combat cyber crimes More Cyber crime police cells set up across the country Effective E-surveillance Websites aid in creating awareness and encouraging reporting of cyber crime cases.

Specialised Training of forensic investigators and experts

Active coordination between police and other law enforcement agencies and authorities is required.

Recommendations
1. Firms should secure their networked information. 2. Governments should assure that their laws apply to cyber crimes. 3. Firms, governments, and civil society should work cooperatively to strengthen legal frameworks for cyber security.

E-commerce and E-contract. Internet policy of Government of India.

Electronic contracts (contracts that are not paper based but rather in electronic form) are born out of the need for speed, convenience and efficiency.

For further Reading

Please refer

http://www.cyberlawsindia.net/
http://dict.mizoram.gov.in/uploads/attachments/cyber_crime/intro-indian-cyberlaw.pdf http://www.iibf.org.in/documents/Cyber-Laws-chapter-in-Legal-Aspects-Book.pdf

E Contract: http://dict.mizoram.gov.in/uploads/attachments/cyber_crime/electroniccontracts.pdf