Information Technology Act 2000

Connectivity via the Internet has greatly abridged geographical distances and made communication even more rapid. While activities in this limitless new universe are increasing incessantly, laws must be formulated to monitor these activities. Some countries have been rather vigilant and formed some laws governing the net. In order to keep pace with the changing generation, the Indian Parliament passed the muchawaited Information echnology !ct, "### .!s they say, "Its better late than never". $owever, even after it has been passed, a debate over certain controversial issues continues. ! large portion of the industrial community seems to be dissatisfied with certain aspects of the !ct. %ut on the whole, it is a step in the right direction for India. The Information Technology Act 2000, regulates the transactions relating to the computer and the Interne. he ob&ectives of the !ct as reflected in the Preamble to the !ct are' (. he Preamble to the !ct states that it aims at providing legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as )electronic commerce), which involve the use of alternatives to paperbased methods of communication and storage of information and aims at facilitating electronic filing of documents with the *overnment agencies. ". o facilitate electronic filing of the document with the government of India. he *eneral !ssembly of the +nited ,ations had adopted the -odel .aw on /lectronic Commerce adopted by the +nited ,ations Commission on International rade .aw 0+,CI 1!.2 in its *eneral !ssembly 1esolution !31/S34(3(5" dated 6anuary 7#, (889. he Indian !ct is in keeping with this resolution that recommended that member nations of the +, enact and modify their laws according to the -odel .aw. hus with the enactment of this !ct, Internet transactions will now be recogni:ed, on-line contracts will be enforceable and e-mails will be legally 1

acknowledged. It will tremendously augment domestic as well as international trade and commerce. he Infromation echnology !ct e;tends to the whole of India and, save as otherwise provided in this Act , it applies also to any offence or contravention thereunder committed outside India by any person. $owever he !ct does not apply to' (. a negotiable instrument as defined in section (7 of the ,egotiable Instruments !ct,(<<(= ". a power-of-attorney as defined in section (! of the Powers-of-!ttorney !ct, (<<"= 7. a trust as defined in section 7 of the Indian rusts !ct, (<<"= >. a will as defined in clause 0h2 of section " of the Indian Succession !ct, (8"4including any other testamentary disposition by whatever name called= 4. any contract for the sale or conveyance of immovable property or any interest insuch property= 5. any such class of documents or transactions as may be notified by the Central*overnment in the ?fficial *a:ette. Some of the Important Definition (. )Ad!"dicating officer) means an ad&udicating officer appointed under subsection of section >5= ". )Affi#ing digital signat"re) with its grammatical variations and cognate e;pressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature= 7. )Appropriate $overnment) means as respects any matter,@ 0i2 0ii2 /numerated in .ist II of the Seventh Schedule to the Constitution= relating to any State law enacted under .ist III of the Seventh Schedule to the Constitution, the State *overnment and in any other case, the Central *overnment=

>. )Asymmetric crypto system) means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature= 4. )%ertifying A"thority) means a person who has been granted a licence to issue a Aigital Signature Certificate under section ">= 5. )%ertification practice statement) means a statement issued by a Certifying !uthority to specify the practices that the Certifying !uthority employs in issuing Aigital Signature Certificates= 9. )%yber Appellate Trib"nal) means the Cyber 1egulations !ppellate established under sub-section 0(2 of section ><= <. )Digital signat"re) means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 7= 8. )Digital Signat"re %ertificate) means a Aigital Signature Certificate issued under subsection of section 74= (#. )&lectronic form) with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device= ((. )&lectronic $a'ette) means the ?fficial *a:ette published in the electronic form= (". )Sec"re system) means computer hardware, software, and procedure that@ 0a2 are reasonably secure from unauthorised access and misuse= 0b2 provide a reasonable level of reliability and correct operation= 0c2 are reasonably suited to performing the intended functions= and 0d2 adhere to generally accepted security procedures= (egitimacy and )se of Digital Signat"res he !ct has adopted the Public Bey Infrastructure for securing electronic transactions. !s per Section 7 of the !ct, a digital signature means an authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the other provisions of the !ct. hus a subscriber can authenticate an ribunal

electronic record by affi;ing his digital signature. ! private key is used to create a digital signature whereas a public key is used to verify the digital signature and electronic record. hey both are uniCue for each subscriber and together form a functioning key pair. Section 4 provides that when any information or other matter needs to be authenticated by the signature of a person, the same can be authenticated by means of the digital signature affi;ed in a manner prescribed by the Central *overnment. +nder Section (#, the Central *overnment has powers to make rules prescribing the type of digital signature, the manner in which it shall be affi;ed, the procedure to identify the person affi;ing the signature, the maintenance of integrity, security and confidentiality of electronic records or payments and rules regarding any other appropriate matters. Durthermore, these digital signatures are to be authenticated by Certifying !uthorities 0C!Es2 appointed under the !ct. hese authorities would inter alias= have the license to issue Aigital Signature Certificates 0ASCEs2. on the ASC must form the functioning key pair. ?nce the subscriber has accepted the ASC, he shall generate the key pair by applying the security procedure. /very subscriber is under an obligation to e;ercise reasonable care and caution to retain control of the private key corresponding to the public key listed in his ASC. he subscriber must take all precautions not to disclose the private key to any third party. If however, the private key is compromised, he must communicate the same to the Certifying !uthority 0C!2 without any delay. *riting re+"irements Section > of the !ct states that when under any particular law, if any information is to be provided in writing or typewritten or printed form, then notwithstanding that law, the same information can be provided in electronic form, which can also be accessed for any future reference. his non-obstinate provision will make it possible to enter into legally binding contracts on-lineF he applicant must have a private key that can create a digital signature. his private key and the public key listed

Attrib"tion, Ac,nowledgement and Dispatch of &lectronic -ecords /;plicates the manner in which electronic records are to be attributed, acknowledged and dispatched. agreements electronically. Section (( states that an electronic record shall be attributed to the originator as if it was sent by him or by a person authori:ed on his behalf or by an information system programmed to operate on behalf of the originator. !s per Section (", the addressee may acknowledge the receipt of the electronic record either in a particular manner or form as desired by the originator and in the absence of such reCuirement, by communication of the acknowledgement to the addresses or by any conduct that would sufficiently constitute acknowledgement. ,ormally if the originator has stated that the electronic record will be binding only on receipt of the acknowledgement, then unless such acknowledgement is received, the record is not binding. $owever, if the acknowledgement is not received within the stipulated time period or in the absence of the time period, within a reasonable time, the originator may notify the addressee to send the acknowledgement, failing which the electronic record will be treated as never been sent. Section (7 specifies that an electronic record is said to have been dispatched the moment it leaves the computer resource of the originator and said to be received the moment it enters the computer resource of the addressee. )tility of electronic records and digital signat"res in $overnment A"dits Agencies !ccording to the provisions of the !ct, any forms or applications that have to be filed with the appropriated *overnment office or authorities can be filed or any license, permit or sanction can be issued by the *overnment in an electronic form. Similarly, the receipt or payment of money can also take place electronically. -oreover, any documents or records that need to be retained for a specific period may be retained in an electronic form provided the document or record is easily accessible in the same format as it was generated, sent or received or in another hese provisions play a vital role while entering into

format that accurately represents the same information that was originally generated, sent or received. he details of the origin, destination, date and time of the dispatch or receipt of the record must also be available in the electronic record. Durthermore, when any law, rule, regulation or byelaw has to be published in the ?fficial *a:ette of the *overnment, the same can be published in electronic form. If the same are published in printed and electronic form, the date of such publication will be the date on which it is first published. $owever, the above-mentioned provisions do not give a right to anybody to compel any -inistry or Aepartment of the *overnment to use electronic means to accept issue, create, retain and preserve any document or e;ecute any monetary transaction. ,evertheless, if these electronic methods are utili:ed, the *overnment will definitely save a lot of money on paperF -eg"lation of %ertifying A"thorities .%As/ ! C! is a person who has been granted a license to issue digital signature certificates. hese C!s are to be supervised by the Controller of C!s appointed by the Central *overnment. Aeputy or !ssistant Controllers may also assist the Controller. he Controller will normally regulate and monitor the activities of the C!s and lay down the procedure of their conduct. he Controller has the power to grant and renew licenses to applicants to issue ASCs and at the same time has the power to even suspend such a license if the terms of the license or the provisions of the !ct are breached. he C!s has to follow certain prescribed rules and procedures and must comply with the provisions of the !ct. Iss"ance, S"spension and -evocation of Digital Signat"re %ertificates .DS%s/ !s per Section 74, any interested person shall make an application to the C! for a ASC. he application shall be accompanied by filing fees not e;ceeding 1s. "4,### and a certification practice statement or in the absence of such statement= any other statement containing such particulars as may be prescribed by the regulations. !fter scrutinising the application, the C! may either grant the ASC or re&ect the application furnishing reasons in writing for the same.

While issuing the ASC, the C! must inter alias, ensure that the applicant holds a private key which is capable of creating a digital signature and corresponds to the public key to be listed on the ASC. %oth of them together should form a functioning key pair. he C! also has the power to suspend the ASC in public interest on the reCuest of the subscriber listed in the ASC or any person authorised on behalf of the subscriber. $owever, the subscriber must be given an opportunity to be heard if the ASC is to be suspended for a period e;ceeding fifteen days. communicate the suspension to the subscriber. here are two cases in which the ASC can be revoked. Dirstly, as per Section 7< 0(2, it may be revoked either on the reCuest or death of the subscriber or when the subscriber is a firm or company, on the dissolution of the firm or winding up of the company. Secondly, according to Section 7<0"2, the C! may sue moto revoke it if some material fact in the ASC is false or has been concealed by the subscriber or the reCuirements for issue of the ASC are not fulfilled or the subscriber has been declared insolvent or dead et al. ! notice of suspension or revocation of the ASC must be published by the C! in a repository specified in the ASC. 0enalties for %omp"ter %rimes !s per the !ct, civil liability and stringent criminal penalties may be imposed on any person who causes damage to a computer or computer system. he offender would be liable to pay compensation not e;ceeding 1s. ( Crore 0(# million2 for gaining unauthori:ed access to a computer or computer system, damaging it, introducing a virus in the system, denying access to an authori:ed person or assisting any person in any of the above activities. Durthermore, the !ct also defines specific penalties for violation of its provisions or of any rules or regulations made there under. $owever, if any person contravenes any rules or regulations framed under the !ct for which no specific penalty is prescribed, he will be liable to pay compensation not e;ceeding 1s. "4,###. he C! shall

-oreover, any person who intentionally or knowingly tampers with computer source documents would be penali:ed with imprisonment up to three years or a fine of up to 1s. " lakhs or both. In simpler terminology, hacking is made punishable. he !ct also disallows the publishing and dissemination of obscene information and material. he introduction of this provision should curtail pornography over the net. !ny person who disobeys this provision will be punishable with imprisonment of two years and a fine of 1s. "4,### for the first conviction. In the event of a subseCuent conviction, the imprisonment is five years and the fine doubles to 1s. 4#,###. he Controller has the power to issue directions for complying with the provisions of the !ct. Dailure to comply with his directions is punishable. -oreover, the interference with protected systems or the reluctance to assist a *overnment !gency to intercept information in order to protect state sovereignty and security is also made punishable. he ad&udicating court also has the powers to confiscate any computer, computer system, floppies, compact disks, tape drives or any accessories in relation to which any provisions of the !ct are being violated. ,o penalty or confiscation made under this !ct will affect the imposition of any other punishment under any other law in force. If penalties that are imposed under the !ct are not paid, they will be recovered, as arrears of land revenue and the licence or ASC shall be suspended till the penalty is paid. Ad!"dicating 1fficers he Central *overnment shall appoint an officer not below the rank of Airector to the *overnment of India or eCuivalent officer of the State *overnment as an ad&udicating officer to ad&udicate upon any inCuiry in connection with the contravention of the !ct. Such officer must have the legal and &udicial e;perience as may be prescribed by the Central *overnment in that behalf. he !d&udicating ?fficer must give the accused person an opportunity to be heard and after being satisfied that he has violated the law, penalise him according to

the provisions of the !ct. While ad&udicating, he shall have certain powers of a Civil Court. %yber -eg"lations Appellate Trib"nal .%-AT/ ! Cyber 1egulations !ppellate ribunal 0C1! 2 is to be set up for appeals from the order of any ad&udicating officer. /very appeal must be filed within a period of fortyfive days from the date on which the person aggrieved receives a copy of the order made by the ad&udicating officer. five days if sufficient cause is shown. he appeal filed before the Cyber !ppellate ribunal shall be dealt with by it as e;peditiously as possible and endeavor shall be made by it to dispose of the appeal finally within si; months from the date of receipt of the appeal. have certain powers of a civil court. !s per Section 5(, no court shall have the &urisdiction to entertain any matter that can be decided by the ad&udicating officer or the C1! . $owever, a provision has been made to appeal from the decision of the C1! to the $igh Court within si;ty days of the date of communication of the order or decision of the C1! . he stipulated period may be e;tended if sufficient cause is shown. he appeal may be made on either any Cuestion of law or Cuestion of fact arising from the order. 0olice 0owers ! police officer not below the rank of deputy superintendent of police has the power to enter any public place and arrest any person without a warrant if he believes that a cyber crime has been or is about to be committed. his provision may not turn to be very effective for the simple reason that most of the cyber crimes are committed from private places such as ones own home or office. Cyber-cafGs and public places are rarely used for cyber crimes. $owever, if the !ct did give the police department powers to enter peopleEs houses without search warrants, it would amount to an invasion of the right to privacy and create pandemonium. Beeping this in mind, the he C1! shall also he appeal must be the appropriate form and accompanied by the prescribed fee. !n appeal may be allowed after the e;piry of forty-

.egislature has tried to balance this provision so as to serve the ends of &ustice and at the same time, avoid any chaos. ?n being arrested, the accused person must, without any unnecessary delay, be taken or sent to the magistrate having &urisdiction or to the officer-in-charge of a police station. he provisions of the Code of Criminal Procedure, (897 shall apply in relation to any entry, search or arrest made by the police officer. 2etwor, Service 0roviders not liable in certain cases o Cuote Section 9<, it states' )Dor the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this !ct, rules or regulations made there under for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had e;ercised all due diligence to prevent the commission of such offence or contravention.) )/;planation. Dor the purposes of this section, 0a2 ,etwork service provider means an intermediary= 0b2 hird party information means any information dealt with by a network service provider in his capacity as an intermediary.) hus a plain reading of the section indicates that if the network service provider is unable to prove its innocence or ignorance, it will be held liable for the crime. 0ossible )ses of &3$overnance3 he future of e-governance is very bright. With the help of information technology, the daily matters can be effectively taken care of irrespective of the field covered by it. Dor instance, the Aelhi Police $eadCuarter has launched a website, which can be used for lodging a Dirst Information 1eport. Similarly, the Patna $igh Court has taken a bold step of granting bail on the basis of an online bail application. he educational institutions, including universities, are issuing admission forms electronically, which can be downloaded from their respective websites. he results of e;aminations of various

10

educational institutions, both school level and university level, are available online, which can be obtained without any trouble. hese are but some of the instances of the use of technology for a better e-governance. can be utili:ed for the following purposes' o have access to public documents. Dor making online payments of various bills and dues. o file statutory documents online. o file the complaints, grievances and suggestions of citi:ens online. he online facility can be used to enter into a partnership the appropriate government in cases of government contracts. he citi:ens can use the online facility to file their income ta; returns. he citi:ens will en&oy the facility of online services. he beneficial concept of e-governance

Digital Signat"re Aigital Signature means authentication of any electronic record by a subscriber by means of an electronic method or procedure 1apid developments in e-business pose a growing need for online security and authentication. -any emerging technologies are being developed to provide online authentication. he ma&or concern in e-business transactions is the need for the replacement of the hand-written signature with an onlineE signature. he traditional email system, which has problems of message integrity and non-repudiation, does not fulfil the basic reCuirements for an online signature. Durther, since the Internet communication system is prone to various types of security breaches, the discussion of robust and authenticated e-business transactions is incomplete without consideration of HsecurityE as a prominent aspect of Honline signaturesE. ?ne may consider an e-signature as a type of electronic authentication. Such authentication can be achieved by means of different types of technologies. ! Aigital Signature 0AS2 can be considered as a type of e-signature, which uses a particular kind of technology that is AS technology. AS technology involves encrypting messages in

11

such a way that only legitimate parties are able to decrypt the message. wo separate but interrelated HkeysE carry out this process of encryption and decryption. ?ne party in the transactions holds the secret key, or the private key, and the other party holds the public key or the key with wide access. he selection and use of an encryption techniCue plays a crucial role in the design and development of keys. In short, a AS satisfies all the functions, such as authenticity, non-repudiation, and security, of a hand-written signature. Such a HsignatureE can be viewed as a means of authentication and can be owned by an individual. While using this technology, there must be third party involvement order to handle the liability issues that may be raised by bilateral transactions. With this e;isting legal infrastructure and the rapid emergence of software security products, it is important to understand the role of emerging technologies like AS in e-business. ?ne of the ma&or indicators of technological improvements is the market development and commerciali:ation of that technology.

12

4acts and 4ig"res

In "##5, this number more than doubled to "## incidents. ,ot only were attacks being launched in India but "##5 saw the ma;imum phishing attacks being launched from India on other countries as well. Security e;pert, Surinder Singh says, I!s per Websense Security .ab, we find that at any given point in time in "##5, there were " to 7## websites being hosted. here was a spurt in ?ctober where we identified 98# websites which were hosted in India and being used to carry out attacks.J he +nited States remains at the top with "<.9<K of all phishing sites located out of the +nited States and ((.85K out of China. Borea, *ermany, !ustralia, Canada, 6apan, +nited Bingdom, Italy and India are the other countries where phishing attacks are prevalent. !s of now, ".((K of the phishing sites are located in India. Singh says, IIndia on the threshold of having more and more people getting into online banking or taking online peronal loans. So, it wonIt be a surpir:se if someday someone tells me that out of the total si:e of frauds happening - India would be at (K or "K - but even that would be 1s "## crore.J Auring the year "##7, 5# cases were registered under I !ct as compared to 9# cases during the previous year thereby reporting a decline of (>.7 percent in "##7 over "##". ?f the total 5# cases registered under I !ct "###, around 77 percent 0"# cases2 relate to ?bscene Publication 3 ransmission in electronic form, normally known as cases of cyber pornography. (9 persons were arrested for committing such offences during "##7. here were "( cases of $acking of computer systems wherein (< persons were arrested in "##7. ?f the total 0"(2 $acking cases, the cases relating to .oss3Aamage of computer resource3utility under Sec 550(2 of the I !ct were to the tune of 5" percent 0(7 cases2 and that related to $acking under Section 550"2 of I !ct were 7< percent 0<cases2.

13

Auring "##7, a total of >(( cases were registered under IPC Sections as compared to 97< such cases during "##" thereby reporting a significant decline of >> percent in "##7 over "##". !ndhra Pradesh reported more than half of such cases 0"(< out of >((2 047 percent2. > ?f the >(( cases registered under IPC, ma&ority of the crimes fall under 7 categories vi:. Criminal %reach of rust or Draud 0"582, Dorgery 0<82 and Counterfeiting 0472. hough, these offences fall under the traditional IPC crimes, the cases had the cyber tones wherein computer, Internet or its related aspects were present in the crime and hence they were categori:ed as Cyber Crimes under IPC. Auring "##7, number of cases under Cyber Crimes relating to Counterfeiting of currency3Stamps stood at 47 wherein ((< persons were arrested during "##7. ?f the >9,>9< cases reported under Cheating, the Cyber Dorgery 0<82 accounted for #." per cent. ?f the total Criminal %reach of rust cases 0(7,>7"2, the Cyber frauds 0"582 accounted for " percent. ?f the Counterfeiting offences 0",#442, Cyber Counterfeiting 0472 offences accounted for ".5 percent. ! total of >94 persons were arrested in the country for Cyber Crimes under IPC during "##7. ?f these, 47.5 percent offenders 0"442 were taken into custody for offences under Criminal %reach of rust3Draud 0Cyber2 and "(.> percent 0(#"2 for offences under HCyber DorgeryE. he age-wise profile of the arrested persons showed that >4 percent were in the age-group of 7#->4 years, "<.4 percent of the offenders were in the age-group of >45# years and (( offenders were aged 5# years and above. *u&arat reported " offenders who were below (< years of age. Draud3Illegal gain 0("#2 accounted for 5# per cent of the total Cyber Crime motives reported in the country. *reed3-oney 0(4 cases2 accounted for 9.4 percent of the Cyber Crimes reported. /ve-teasing and $arassment 0< cases2 accounted for around > per cent. Cyber Suspects include ,eighbors 3 Driends 3 1elatives 08(2, Aisgrunted employees 0((2, %usiness Competitors 082, Crackers Students 3 Professional learners 072. Cyber crime is not on the decline. he latest statistics show that cyber crime is actually on the rise. $owever, it is true that in India, cyber crime is not reported too much about. ConseCuently there is a false sense of complacency that cyber crime does

14

not e;ist and that 4 society is safe from cyber crime. his is not the correct picture. he fact is that people in our country do not report cyber crime for many reasons. -any do not want to face harassment by the police. here is also the fear of bad publicity in the media, which could hurt their reputation and standing in society. !lso, it becomes e;tremely difficult to convince the police to register any cyber crime, because of lack of orientation and awareness about cyber crimes and their registration and handling by the police. ! recent survey indicates that for every 4## cyber crime incidents that take place, only 4# are reported to the police and out of that only one is actually registered. hese figures indicate how difficult it is to convince the police to register a cyber crime. he number of viruses and worm variants rose sharply to 9,75# that is a 5>K increase over the previous reporting period and a 77"K increase over the previous year. here are (9,4## variants of Win.7" viruses. hreats to confidential information are on the rise with 4>K of 5 the top 4# reporting malicious code with the potential to e;pose such information. Phishing messages grew to >.4 million from ( million between 6uly and Aecember "##>.

%ase St"dy Delhi School5s crime 0Section 662

15

Schools 0laygro"nd for cyber crime7

Crimes on the internet were common but they have now reached school classrooms. Cyber crimes by school children are disturbingly increasing and while a few are reported, most are hushed up by the schools themselves.

?ne of the renowned schools in Aelhi - %al %harti School - now hides its face behind closed doors. wo students of this school were suspended last week for hacking into the schoolIs official website and morphing their Lice-PrincipalIs photograph. $owever, the school wants to hush up the case with even the principal refusing to talk to the media.

We tried speaking to a %al %harti School ?fficial= however, he refused to comment on the matter. Intimidated by the school authorities and fearing their own e;pulsion, the school children also talk in hushed tones. Some even blame the Lice-Principal for blowing up a normal prank. )Mes, our Lice Principal has made the issue very big,) says one senior student.

$owever, there are many who are not even aware of the issue. )Mes, he &ust switched on his computer and created some photograph,) says one young student. Similar cases of delinCuent behaviour on the net have surfaced in recent years.

16

1nline delin+"ent behavio"r not new In "##", a Aelhi school Principal got a threatening e-mail followed by a blast in the school lobby. In "##4, one student of a Aelhi school was caught creating a website with offensive te;t on school teachers. !nd in "##5, a student was punished for writing and circulating an e-mail defaming the school. Ignoring delinCuent behavior on the net, at times, gets serious. hereIs also a chance that such behavior can translate into cyber crime. %ut with easy access to the internet and students getting more tech-savvy - some even learning how to hack - school authorities confess that they can do little. While Internet was introduced to facilitate e-learning, increasing cyber crimes in schools like these speak otherwise, thus putting a Cuestion mark on not &ust unmonitored use of internet by school children but also on the school authorities who try their best to bury the case.

D2A %yber crime comes of age as foreign pl"gs sell secrets ,eha Aara Wednesday, ?ctober (8, "##4 "7'"8 IS ,/W A/.$I' Cases of data loss from I /S companies may no longer be new but the arrest of two employees, from an Indian %P? in *urgaon has a twist in the tale. he two arrests were made on uesday and Wednesday.

17

%ritish national $arish Parmar and Sarita 1awat, both employees of Cybersys Infotech .imited, were arrested by the *urgaon police for stealing confidential data and selling it to different competitors, special superintendent of police $anif Nureshi said in a press conference in *urgaon on Wednesday. $owever, this is no ordinary case of data loss. Cybersys Infotech .td had entered into an e;clusive contract with the %ritish company City Credit -anagement. !s a condition of this e;clusive contract, $arish Parmar was made City CreditIs representative on the board of Cybersys. !s outsourced work dealt with a highly specialised area like mortgage, Cybersys spent huge amounts developing training manuals and systems. $owever, soon after, City Credit started outsourcing its call-centre work to other Indian %P?s, in a breach of the e;clusivity contract. ,ot only that, to cut costs, the specially developed manuals and systems were allegedly stolen through Parmar and 1awat and sold to those %P?s. his saved them the investment that Cybersys has made in developing the same, and conseCuently saved City Credit money as well. Languard Info-Solutions .imited in *urgaon was one of the %P?s to which this information was sold and which was forthcoming with the details to the police. he involvement of one other %P? is suspected, but its name, and the e;tent of the loss incurred by Cybersys, is yet to be established. he complaint with the police was filed by Lineet Banwar, the director of Cybersys Infotech .imited, against employees Sarita 1awat, $arish Parmar who is a director on the Indian company and the %ritish, his wife, who is also a director of the %ritish company, and City Credit -anagement itself. !ccording to Supreme Court advocate and cyber law e;pert Pavan Auggal, the crime in this case is therefore )both of hacking 0covered by section 55 of the I !ct2 and of breach of trust, because an e;clusive contract was broken 0covered under section 9" of the I !ct and >#5, >#8 and ("#b of the IPC2.) Indian I /S companies have recently been haunted by a spate of crimes that have raised Cuestions about security of client data. $owever, this is perhaps the first time when the overseas client itself has been accused of engineering the data loss

18

1r,"t The new danger .Section 68/ ?rkut, the online portal, owned by *oogle finds itself at the centre of debate. ! nineteen-year-old student has been accused of making a fake account of a girl. Can we prevent the misuse of this technology by not posting our numbers and picturesO !%$IS$/B ,/L/1 I-!*I,/A that the prank he played on his classmate would land him in &ail. !bhishek, a management student and still in his teens, was arrested by the hane police following a girlEs complaint about tarnishing her image in the public forum - ?rkut. he report after being published in -umbai -irror has created a stir among the ?rkutians and opened up a whole new bo; of debate. he incident !bhishek had created a fake account in the name of the girl with her mobile number posted on the profile. he profile has been sketched in such a way that it draws lewd comments from many who visit her profile. he hane Cyber Cell tracked down !bhishek from the false e-mail id that he made to open up the account. he Cuestion In this case, the girl has not posted her picture or mobile number in the fake profile. ! brief search in the ?rkut profile will reveal many such profiles with pictures of beautiful girls. -y guess is that many of these girls are not even aware of the fact that their profile e;ists. hese are created by some other people. I will term this as Prape of the imageJ. ,ow the Cuestion is PCan we really prevent this rapeOJ he debate he -umbai -irrorEs report on the issue came with tips to the ?rkut users. Police SubInspector 1avindra Chauhan has been Cuoted as saying, P?rkut users should not put up their photographs on the site. hey should not reveal personal information in their profile. !lso no cellphone numbers or identity should be mentioned in the scrap book, as it is open to all.J %ut whether this really can be a way out, is debatable. PWhat about the hundreds of CLs I send to the unknown agencies everydayO hey even contain my

19

mobile numberJ, says !diti, a A+ student and a hardcore ?rkut addict. She does have a point. he truth is that in todayEs world mobile numbers are far from being personal information. he proof lies in the numerous sales calls that we receive from credit card agents. ?n the issue of the photograph, !diti says, PWhen ?rkut gives an opportunity to show your face to the whole world, then why notOJ When asked about the risks involved, she replied, PWho caresOJ %ut everyone is not as carefree as !diti. ! brief search in ?rkut once more will reveal profiles that have pictures of film stars, flowers, animals, sceneries and not the face of the owner. PI will never put my picture on ?rkut profile,J says -ansi, whose profile in ?rkut carries the picture of !ishwarya 1ai. PItEs not safe, anybody and everybody can save it on their computer and can misuse it.J %ut here again the Cuestion lies - can we really prevent itO What happens to the hundreds of passport photographs we send with the application forms all our lifeO !ny of them can be scanned and put up without our notice. !re we sure that all copies of the digital pictures taken at our local photography shop are deleted after we leaveO PI donEt know, but there is no harm in being careful,J says -ansi. So perhaps even in this age of globalisation and technical advancements we will hold ourselves from showing our face to the entire world for we never know who is misusing it in what way. !nd as the lawmakers say PWe cannot do anything, until a complaint is lodgedJ. S129.SA:;A2D<.%1: India saw its first cyber crime conviction recently. It all began after a complaint was filed by Sony India Private .td, which runs a website called www.sony-sambandh.com, targeting ,on 1esident Indians. he website enables ,1Is to send Sony products to their friends and relatives in India after they pay for it online. he company undertakes to deliver the products to the concerned recipients. In -ay "##", someone logged onto the website under the identity of %arbara Campa and ordered a Sony Colour elevision set and a cordless head phone. She gave her credit

20

card number for payment and reCuested that the products be delivered to !rif !:im in ,oida. he payment was duly cleared by the credit card agency and the transaction processed. !fter following the relevant procedures of due diligence and checking, the company delivered the items to !rif !:im. !t the time of delivery, the company took digital photographs showing the delivery being accepted by !rif !:im. he transaction closed at that, but after one and a half months the credit card agency informed the company that this was an unauthori:ed transaction as the real owner had denied having made the purchase. he company lodged a complaint for online cheating at the Central %ureau of Investigation which registered a case under Section >(<, >(8 and >"# of the Indian Penal Code. he matter was investigated into and !rif !:im was arrested. Investigations revealed that !rif !:im, while working at a call centre in ,oida gained access to the credit card number of an !merican national which he misused on the companyEs site. he C%I recovered the colour television and the cordless head phone. In this matter, the C%I had evidence to prove their case and so the accused admitted his guilt. he court convicted !rif !:im under Section >(<, >(8 and >"# of the Indian Penal Code @ this being the first time that a cybercrime has been convicted. he court, however, felt that as the accused was a young boy of "> years and a firsttime convict, a lenient view needed to be taken. accused on probation for one year. he &udgment is of immense significance for the entire nation. %esides being the first conviction in a cybercrime matter, it has shown that the the Indian Penal Code can be effectively applied to certain categories of cyber crimes which are not covered under the Information echnology !ct "###. Secondly, a &udgment of this sort sends out a clear message to all that the law cannot be taken for a ride. he court therefore released the

Tamil Tiger credit card rac,et spreads to %hennai, India (> Debruary "##9

21

he Sri 1amachandra -edical College police at Porur, Chennai, arrested *. /lango, a amil iger agent carrying a %ritish passport, on Driday and sei:ed "< ! - cards in his possession. he police said /lango illegally withdrew over 1s. 7# lakh from the ! centres of a few nationali:ed banks and a private bank. he amount was then sent to the +nited Bingdom through unauthori:ed channels. It is learnt that the Chennai Police was alerted by a civilian who had seen /lango using several ! - cards to withdraw money from an ! - centre of a private bank on -ountPoonamallee 1oad, Porur. ! police team led by the !ssistant Commissioner Police %alasubramaniam caught /lango red-handed while he was withdrawing money from the ! - machine. *. /lango 07<2 of -iddlese;, +nited Bingdom, is a shareholder in H hamiliniE -- a cash and carry grocery shops operated by the amil igers in +B. /lango is from Lalvetiturai, a notorious port for smugglers in the north of Sri .anka. $e is the partner of the . /Es cash and carry centres of hamilini in .ondon suburbs one in Croydon and another in Southall. !fter the arrest Police has found, besides the ! - cards, registration certificate books of two cars, a cellular phone and a passport. amil ,adu Police is now seeking the he amil assistance of the Scotland Mard to obtain more information about /lango. %oncl"sion !s we can see that there where so many cyber crimes happening in India before the amendment of information technology act the rate of crime have not stopped nor it have come down but it is reaching its high .

tigers are also under investigation in +B for operating credit card rackets in /urope.

22

We have try to find out various reasons that despite of such a tight act and high penalties and punishments what are the lope holes in the act which is blocking the proper implementation of such a force full act . Cyber .aw in India is in its infancy stage. ! lot of efforts and initiatives are reCuired to make it a mature legal instrument. .aw has been instrumental in giving Cyber .aw in India a shape that it deserves. o make the circle complete we are proudly introducing another effort in this direction. Dollowing are some of the lope holes which we have tried to figure out' (. 1eporting of important matters pertaining to Cyber .aw in India' ". !nalysis of Cyber .aw scenario in India, 7. Providing a comprehensive database for cases and incidents related to Cyber .aw in India, >. ! ready reference for problems associated with Cyber .aw in India, etc. he discussion group cum database will analyse Cyber .aw of India that suffers from the following drawbacks' (. ,on-inclusion of contemporary Cyber crimes and Contraventions like Phishing, Spamming, Cyber e;tortions, Compromised e-mails, Cyber errorism, etc. ". !n obscure position of Dreedom of speech and e;pression under the I !ct, "###. 7. !bsence of .iability for illegal blocking of websites, blogs, etc. >. .ack of echno-.egal compliance under the I !ct, "###. 4. .ack of Wireless security under the I !ct, "###. 5. !bsence of legal protection pertaining to IP1s in cyberspace. 9. ! confusion regarding .ocus-standi and due diligence. <. !bsence of Private defence in cyberspace. 8. ,on-dealing of issues like Cyber terrorism and private defence, (#. /-waste in India must be taken seriously, etc.

23

%esides these grey areas India is also facing problems of lack of Cyber Security in India as well as IC Security in India. ! techno-legal base is the need of the hour. +nfortunately, we do not have a sound and secure IC Security %ase in India and Cyber security in India is still an ignored World. If opening of Cyber Cells and Cyber +nits is Cyber Security than perhaps India is best in the World at managing Cyber Security issues. +nfortunately IC Security in India is eCuated with face saving e;ercises of false claims and redundant e;ercises. he truth remains that IC Security in India is a myth and not reality. he Cyber .aw in India reCuires a dedicated and pro active approach towards IC and Cyber Security in India. In the absence of a dedicated and sincere approach, the Cyber .aw in India is going to collapse. ,ow as we know what are the ma&or lope holes in the act let us try to fine the possible suggestion to over come these and try to learn form what us3uk are following inorder to have a virus free cyber.

S"ggestion -ecr"itment here is a high need to increase the strength of staff for proper functioning of the !C . -ed coding System Set - up a red coding system, with the help of which the government can keep a tap on mails, chat, etc. this system will help the government to detect the possibility of further cyber crime.

24

Training and Development ?ne of the most important reCuirements for the proper function of the !C is that, there should be good Cuality training programs on a regular base. Domain It is necessary, Aomain should be treated as a separate entity rather then treating it as IP !C . %yber theft, cyber stal,ing, cyber harassment and cyber defamation are presently not covered "nder the act. hese crimes need to have specific provisions in the act to enable the police to take Cuick action. =ag"e Definitions Aefinitions, prescriptions of punishment and certain provisions 0such as that dealing with hacking2 need specific amendment. 0arameters for its implementation .aw enforcement officials need to be trained for effective enforcement. ;ibliography ;oo,s Company .aw %y *ulshan Bapur *ebsites http'33www.naavi.org3importantlaws3itbill"###3preamble.htm http'33en.wikipedia.org3wiki3CyberQCrime http'33www.e;presscomputeronline.com3"##"#<"53cover.shtml http'33www.e;presscomputeronline.com3"##>#>"53coverstory#(.shtml http'33www.e;presscomputeronline.com3"##>#9#43newsanalysis#(.shtml http'33sify.com3finance3fullstory.phpOidR(>7>>94( http'33www.delhipolice.nic.in3home3pressrel.htm 25

 http'33www.indiaforensic.com3cyberlotto.htm http'33articles.sakshay.in3inde;.phpOarticleR(4"49 http'33www.cyberlawclinic.org3cyberlaw.htm http'33www.cio.in3govern3view!rticle3!1 IC./IAR"955 http'33www.techtree.com3India3,ews3?rgani:edQCyberQCrimeQinQ"##9344(998>5-4<".html http'33www.timesnow.tv3CyberQcrimeQinQschools3articleshow3(<<4"5(.cms http'33www.businessline.in3cgibin3print.plO fileR"##5((#5##(>#7##.htmSdateR"##53((3#53SprdRewS http'33www.bpoindia.org3research3cyber-crime-asia.shtml http'33www.dnaindia.com3report.aspO,ewsIAR5>(( http'33www.cidap.gov.in3cybercrimes.asp; http'33infotech.indiatimes.com3/nterprise3,etQlossQ*ettingQawayQwithQcrimeQ3ar ticleshow3"#95(88.cms http'33www.dnaindia.com3report.aspO,ewsIAR(#7<494

26