1. By: Prashant Kr. Vats,
M.tech., Ph.D.
INDIRA GANDHI DELHI TECHNICAL
UNIVERSITY FOR WOMEN
2. The objective of this course is to enable students to
understand, explore, and acquire a critical
understanding of cyber law.
Develop competencies for dealing with frauds and
deceptions (confidence tricks, scams) and other cyber
crimes.
It also covers overview of Intellectual Property Right
and Cyber Laws in Indian and global perspectives.
3. ● To introduce the cyber world and cyber law in general
● To explain about the various facets of cyber crimes
● To enhance the understanding of problems arising out of
online transactions and provoke them to find solutions
● To clarify the Intellectual Property issues in the cyber space
and the growth and development of the law in this regard
● To educate about the regulation of cyber space at national
and international level
4. On successful completion of this course, students will be
able to:
● Understand the cyber world and cyber law in general
and various facets of cyber crimes
● Understand regulation of cyber space at national and
international level
● Understand the Intellectual Property issues in the
cyber space
5. What is cyber world?
Noun. cyberworld (plural cyberworlds) (uncountable,
computing)
The world of intercomputer communication.
(countable, computing)
A real or virtual world of information in cyberspace.
6. cyberspace is the web of consumer electronics, computers,
and communications network which interconnect the
world.
Since cyberspace is a virtual space, it has no boundaries,
mass, or gravity. It simply represents the interconnected
space between computers, systems, and other networks.
It exists in the form of bits and bytes – zeroes and ones (0’s
and 1’s). In fact, the entire cyberspace is a dynamic
environment of 0’s and 1’s which changes every second.
These are simply electronic impulses.
Also, it is an imaginary location where the words of two
parties meet in conversation.
7. Firstly, cyberspace is a digital medium and not a
physical space. It is an interactive world and is not a
copy of the physical world.
Physical World Cyberspace
Static, well-defined, and
incremental
Dynamic, undefined, and
exponential
Has fixed contours
Is as vast as the human
imagination and has no fixed
shape
8. As technology evolved, the need to regulate human
behavior evolved too.
Cyber laws came into existence in order to ensure that
people use technology and avoid its misuse.
If an individual commits an act which violates the
rights of a person in the cyberspace, then it is treated
as a cyberspace violation and punishable under the
provisions of the cyber laws.
Since the cyberspace is completely different from the
physical world, traditional laws are not applicable
here.
In order to provide cyber security to users, the
government introduced several cyber laws.
9. When the internet was designed and developed, the
developers had no idea that it would have the potential of
growing to such great an extent.
Today, many people are using the internet for illegal and
immoral activities which need regulation. In the
cyberspace things like money laundering, identity theft,
terrorism, etc. have created a need for stringent laws to
enhance cyber security.
Additionally, many technologically qualified criminals like
hackers interfere with internet accounts through the
Domain Name Server (DNS), IP address, phishing, etc. and
gain unauthorized access to a user’s computer system and
steal data.
While there is no clear definition of cyber law, it is broadly
the legal subject which emanated from the development of
technology, innovation of computers, use of the internet,
etc.
10. Cyber Law encapsulates legal issues which are related to
the use of communicative, transactional, and distributive
aspects of networked information technologies and
devices.
It is not as distinct as the Property Law or other such laws
since it covers many areas the law and regulation. It
encompasses the legal, statutory, and constitutional
provisions which affect computers and networks.
Further, it concerns itself with individuals, and institutions
which:
1. Play an important part in providing access to cyberspace
2. Create hardware or software which allows people to
access cyberspace
3. Use their own computers and enter cyberspace
11. Cyber Law is a generic term referring to all the legal
and regulatory aspects of the internet. Everything
concerned with or related to or emanating from any
legal aspects or concerning any activities of the
citizens in the cyberspace comes within the ambit of
cyber laws.
Currently, there are two main statutes which ensure
cyber security:
1. The Indian Penal Code. 1860
2. The Information Technology Act, 2000
12. Cybercrime, or computer-oriented crime, is a crime that involves
a computer and a network. The computer may have been used in the
commission of a crime, or it may be the target.
Cybercrime may threaten a person or a nation's security and financial
health.
There are many privacy concerns surrounding cybercrime
when confidential information is intercepted or disclosed, lawfully or
otherwise.
Internationally, both governmental and non-state actors are usually
found engaged in cybercrimes, including espionage, financial theft,
and other cross-border crimes.
Cybercrimes crossing international borders and involving the actions
of at least one nation-state is sometimes referred to as cyber warfare.
Cybercrime, also called computer crime, is the use of a computer as
an instrument to further illegal ends, such as committing fraud
trafficking in child pornography and intellectual property, stealing
identities, or violating privacy.
13. Computer crime encompasses a broad range of activities.
Financial fraud crimes
Cyber terrorism
Cyber extortion
Cybersex trafficking
Cyber warfare
Cyber squatting (T he practice of registering names, especially
well-known company or brand names, as Internet domains, in
the hope of reselling them at a profit)
Cyber espionage (Stealing of Confidential Information)
Computer as a target (primarily target computer networks or
devices using computer viruses, DOS attacks, Malwares)
Computer as a tool (Use of Computer as source to perform
Spamming, Fishing, Internet based financial frauds)
Demonstration of any Obscene or offensive content using
Computer resources.
14. There are many types of cyber crime prevailing in the
system; broadly we can classify them in to four major
categories as discussed below:
CRIME AGAINST INDIVIDUALS
CRIME AGAINST PROPERTY
CRIME AGAINST ORGANIZATION
CRIME AGAINST SOCIETY
15. It includes Cybercrimes committed against individual persons include such
types of crimes like
transmission of Child Pornography,
Harassment of any one with the use of a computer such as e-mail,
Cyber Defamation,
Hacking,
Indecent exposure,
E-mail spoofing,
IRC Crime (Internet Relay Chat),
Net Extortion,
Malicious code,
Trafficking,
Distribution,
Obscene Posting,
Phishing,
Credit Card Fraud and Dissemination of obscene material including Software
Piracy.
The potential harm of such a crime to individual person can hardly be bigger.
16. Another classification of Cyber-crimes is that,
Cybercrimes against all forms of property.
These crimes include computer vandalism
(obliteration of others' property), Intellectual Property
Crimes, Threatening, Salami Attacks.
This kind of crime is normally prevalent in the
financial institutions or for the purpose of committing
financial crimes.
An important feature of this type of offence is that the
amendment is so small that it would normally go
unobserved.
17. The third type of Cyber-crimes classification relate to
Cybercrimes against organization.
Cyber Terrorism is one discrete kind of crime in this kind.
The growth of internet has shown that the standard of
Cyberspace is being used by individuals and groups to
pressure the international governments as also to terrorize
the citizens of a country.
This crime obvious itself into terrorism when a human
being "cracks" into a government or military maintained
website.
It is across the world agreed that any and every system in
the world can be cracked.
18. The forth type of Cyber-crimes relate to Cybercrimes
against society.
In this category forgery, cyber terrorism, web jacking,
polluting the Youth through Indecent, Financial Crimes,
Sale of Illegal Articles, Net Extortion, Cyber Contraband,
Data Diddling, Salami Attacks, Logic Bombs types of crime
is included.
Forgery currency notes, revenue stamps, mark sheets etc
can be forged using computers and high quality scanners
and printers.
Web hackers gain access and control over the website of
another, even they change the content of website for
fulfilling political objective or for money.
19. There are several obstacles that may be encountered
during cybercrime investigations. One such obstacle is
created by the anonymity that information and
communication technology affords to users.
Anonymity enables individuals to engage in activities
without revealing themselves and/or their actions to
others. One such technique is the use of proxy servers.
20. Attribution is another obstacle encountered during
cybercrime investigations.
Attribution is the determination of who and/or what is
responsible for the cybercrime.
This process seeks to attribute the cybercrime to a
particular digital device, user of the device, and/or
others responsible for the cybercrime (e.g., if the
cybercrime is state-sponsored or directed)).
The use of anonymity-enhancing tools can make the
identification of the devices and/or persons
responsible for the cybercrime difficult.
21. Jurisdictional challenges
Jurisdiction may be defined as the power of a court or
judge to entertain an action, petition or proceedings.
Cyber Criminals operate through different electronic
devices which may in the same of varied country. The
problem of jurisdiction arises when they are
committed outside India, effecting Indian citizen or
Indian property.
It acts as a shield against the authorities trying to
figure out ways to put ban in India.
22. Handling nature of the Digital Evidence
It involves Locating and Securing Relevant Material
A major problem concern the seizure of digital evidence from
hard derives on networked computer in which both relevant and
irrelevant materials (as well as legally privileged material) are
contained together.
The practical problem arises when imaging hard drives and then
having to determine which material is relevant to the charges in
question.
This creates problem with search warrants where non-specified
data are included in hard drive, arguably leading to the invalidity
of the whole search and seizure procedure.
Other problem relate to disabling networks when seizing data,
especially for large public or private sector organization which
rely on 24 hour access to networks, and also problem of offender
storing data externally on the other people’s computer in order to
evade detection.
23. Mutual Assistance & International Treaties (Eg 22/11
In order to facilitate criminal investigation carried out internationally,
use is often made of mutual legal assistance treaties.
These provide a legal basis for authorities from another country.
Instrument of this kind cover a range of assistance including:
the identification and location of persons;
the service document;
the obtaining of evidence, articles and documents;
the obtaining of evidence, articles and documents;
the execution of search and seizure request;
and assistance in relation to proceeds of crime.
The 2008 Mumbai attacks (also referred to as 26/11) were a series of
terrorist attacks that took place in November 2008, when 10 members
of Lashkar-e-Taiba, an extremist Islamist terrorist organization based
in Pakistan, carried out 12 coordinated shooting and bombing
attacks lasting four days across Mumbai.
24. The cyber world is a universal domain but being a domain it is still
highly unregulated.
Cyber space is replete with conflicts, and threatened by a variety of
threats caused by different players like unethical hackers/crackers,
terrorists and non-state actors, and also by the use of covert cyber
capabilities by nation states.
New advances and further up gradation in technology are taking place
daily and, as a result, new threats are emerging, while safety and
security related developments are put on the back burner, and are not
so often in the news.
Internet was initially developed as a research and information sharing
tool and was in an unregulated manner. As the time passed by it
became more transactional with e-business, e-commerce, e-governance
and e-procurement etc. All legal issues related to internet crime are
dealt with through cyber laws. As the number of internet users is on
the rise, the need for cyber laws and their application has also gathered
great momentum.
Regulation of cyber space is, however, not a one-time activity but an
ongoing process, similar to cyber governance.
25. In today's highly digitalized world, almost everyone is affected by cyber
law. For example:
Almost all transactions in shares are in demat form.
Almost all companies extensively depend upon their computer
networks and keep their valuable data in electronic form.
Government forms including income tax returns, company law forms
etc. are now filled in electronic form.
Consumers are increasingly using credit cards for shopping.
Most people are using email, cell phones and SMS messages for
communication.
Even in "non-cyber crime" cases, important evidence is found in
computers / cell phones e.g. in cases of divorce, murder, kidnapping,
tax evasion, organized crime, terrorist operations, counterfeit currency
etc.
Cyber crime cases such as online banking frauds, online share trading
fraud, source code theft, credit card fraud, tax evasion, virus attacks,
cyber sabotage, phishing attacks, email hijacking, denial of service,
hacking, pornography etc are becoming common.
Digital signatures and e-contracts are fast replacing conventional
methods of transacting business.
26. Cyber law is important because it touches almost all
aspects of transactions and activities on and involving
the internet, World Wide Web and cyberspace.
Every action and reaction in cyberspace has some legal
and cyber legal perspectives.
Cyber law encompasses laws relating to –
Cyber crimes
Electronic and digital signatures
Intellectual property
Data protection and privacy
27. A major programme has been initiated on
development of cyber forensics specifically cyber
forensic tools, setting up of infrastructure for
investigation and training of the users, particularly
police and judicial officers in use of this tool to collect
and analyze the digital evidence and present them in
Court.
Indian Computer Emergency Response Team (CERT-
In) and Centre for Development of Advanced
Computing (CDAC) are involved in providing basic
and advanced training of Law Enforcement Agencies,
Forensic labs and judiciary on the procedures and
methodology of collecting, analyzing and presenting
digital evidence.
28. In India, cyber laws are contained in the Information Technology Act,
2000 ("IT Act") which came into force on October 17, 2000.
The main purpose of the Act is to provide legal recognition to
electronic commerce and to facilitate filing of electronic records with
the Government.
The following Act, Rules and Regulations are covered under cyber laws:
1. Information Technology Act, 2000
2. Information Technology (Certifying Authorities) Rules, 2000
3. Information Technology (Security Procedure) Rules, 2004
4. Information Technology (Certifying Authority) Regulations, 2001
Firstly, India has an extremely detailed and well-defined legal system in
place. Numerous laws have been enacted and implemented and the
foremost amongst them is The Constitution of India.
We have inter alia, amongst others, the Indian Penal Code, the Indian
Evidence Act 1872, the Banker's Book Evidence Act, 1891 and the
Reserve Bank of India Act, 1934, the Companies Act, and so on.
However the arrival of Internet signaled the beginning of the rise of
new and complex legal issues.
29. The coming of the Internet led to the emergence of
numerous ticklish legal issues and problems which
necessitated the enactment of Cyber laws.
Secondly, the existing laws of India, even with the most
benevolent and liberal interpretation, could not be
interpreted in the light of the emerging cyberspace, to
include all aspects relating to different activities in
cyberspace.
Thirdly, none of the existing laws gave any legal validity
or sanction to the activities in Cyberspace.
Fourthly, Internet requires an enabling and supportive
legal infrastructure in tune with the times. This legal
infrastructure can only be given by the enactment of the
relevant Cyber laws as the traditional laws have failed to
grant the same. For e.g., the E-commerce, the biggest
future of Internet, can only be possible if necessary
legal infrastructure compliments the same to enable its
vibrant growth.
30. The Information Technology Act, 2000 (also known as ITA-2000,
or the IT Act) is an Act of the Indian Parliament (No 21 of 2000)
notified on 17 October 2000. It is the primary law
in India dealing with cybercrime and electronic commerce.
The Act provides a legal framework for electronic governance by
giving recognition to electronic records and digital signatures. It
also defines cyber crimes and prescribes penalties for them.
The Act directed the formation of a Controller of Certifying
Authorities to regulate the issuance of digital signatures.
It also established a Cyber Appellate Tribunal to resolve disputes
rising from this new law.
The Act also amended various sections of the Indian Penal Code,
1860, the Indian Evidence Act, 1872, the Banker's Book Evidence
Act, 1891, and the Reserve Bank of India Act, 1934 to make them
compliant with new technologies.
31.
32. Section 43 – Penalty and Compensation for damage to computer,
computer system, etc.
Related Case: Mphasis BPO Fraud: 2005In December 2004, four call
centre employees, working at an outsourcing facility operated by
MphasiS in India, obtained PIN codes from four customers of MphasiS’
client, Citi Group.
These employees were not authorized to obtain the PINs. In association
with others, the call centre employees opened new accounts at Indian
banks using false identities.
Within two months, they used the PINs and account information
gleaned during their employment at MphasiS to transfer money from
the bank accounts of CitiGroup customers to the new accounts at
Indian banks.
By April 2005, the Indian police had tipped off to the scam by a U.S.
bank, and quickly identified the individuals involved in the scam.
Arrests were made when those individuals attempted to withdraw cash
from the falsified accounts, $426,000 was stolen; the amount recovered
was $230,000.
Verdict: Court held that Section 43(a) was applicable here due to the
nature of unauthorized access involved to commit transactions.
33. Section 65 – Tampering with Computer Source
Documents
Related Case: Syed Asifuddin and Ors. Vs. The
State of Andhra PradeshIn this case, Tata Indicom
employees were arrested for manipulation of the
electronic 32- bit number (ESN) programmed into cell
phones theft were exclusively franchised to Reliance
Infocomm.
Verdict: Court held that tampering with source code
invokes Section 65 of the Information Technology Act.
34. Section 66C – Punishment for identity theft
Relevant Cases:
The CEO of an identity theft protection company,
Lifelock, Todd Davis’s social security number was
exposed by Matt Lauer on NBC’s Today Show. Davis’
identity was used to obtain a $500 cash advance loan.
Li Ming, a graduate student at West Chester University
of Pennsylvania faked his own death, complete with a
forged obituary in his local paper. Nine months later,
Li attempted to obtain a new driver’s license with the
intention of applying for new credit cards eventually.
35. Section 69 – Powers to issue directions for interception or
monitoring or decryption of any information through any
computer resource
Relevant Case: In August 2007, Lakshmana Kailash K., a techie from
Bangalore was arrested on the suspicion of having posted insulting
images of Chhatrapati Shivaji, a major historical figure in the state of
Maharashtra, on the social-networking site Orkut.The police identified
him based on IP address details obtained from Google and Airtel -
Lakshmana’s ISP. He was brought to Pune and detained for 50 days
before it was discovered that the IP address provided by Airtel was
erroneous. The mistake was evidently due to the fact that while
requesting information from Airtel, the police had not properly
specified whether the suspect had posted the content at 1:15 p.m.
Verdict: Taking cognizance of his plight from newspaper accounts, the
State Human Rights Commission subsequently ordered the company to
pay Rs 2 lakh to Lakshmana as damages. The incident highlights how
minor privacy violations by ISPs and intermediaries could have impacts
that gravely undermine other basic human rights.