1. A PRESENTATION BY PAVAN DUGGAL,ADVOCATE, SUPREME COURT OF INDIA PRESIDENT,CYBERLAW ASIA CYBERLAW CONSULTANT, MEMBER, MAC, ICANN NIRC-ICAI SEMINAR 1-4-2006 , DELHI
2. CYBERCRIMES ANDDUE DILIGENCE
3. CYBERCRIMES GALORE• ARIF AZIM CASE• Juvenile found guilty for sending threatening email• SHEKHAR VERMA CASE• Juvenile Found guilty for sending threting email• MANY MANY MORE THAT OCCUR BUT ARE NEVER REPORTED
4. GROSS UNDER REPORTING• FOR EVERY 500 INSTANCES OF CYBERCRIMES THAT OCCUR IN INDIA,• ONLY 50 ARE REPORTED AND• OUT OF THE SAME, ONLY ONE CASE GETS REGISTERED BY THE POLICE.• UNDER REPORTING DOES NOT EQUAL TO ABSENCE OF CYBERCRIME
5. CYBERCRIME DEFINITION• Cybercrime refers to all the activities done with criminal intent in cyberspace or using the medium of Internet.• These could be either the criminal activities in the conventional sense or may be activities newly evolved with the growth of the new medium.
6. CYBERCRIME IMPACT ON IT• Cybercrime adversely impacts various activities in the electronic medium using computers, computer systems and computer networks• Effect is not just destruction or adverse impact on data.• Cybercrimes also have the ability to disrupt or damage computers, computer systems and computer networks as also data or information resident therein• Cybercrimes directly inhibit e-commerce and the free use of the Internet and computers.
7. CYBERCRIME CATEGORIES• Cybercrimes can be basically divided into 3 major categories being Cybercrimes – against persons – against property – against Government
8. STATISTICS• The Asian School of Cyberlaws’ Computer Crime and Abuse Report (India) 2001-02 reports that Data Theft at 33% makes up largest category of reported incidents of Cybercrime.• Of this 37% of data stolen is the Source/Object Code.
9. INFORMATIONTECHNOLOGY ACT, 2000 & CYBERCRIME• Various cyber offences defined• Cyber offences to be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police.
10. CYBER OFFENCES UNDER THE IT ACT• Tampering with computer source documents – Section 65• Hacking - Section 66• Publishing of information which is obscene in electronic form - Section 67
11. SECTION 65• Tampering with computer source documents• Knowingly or intentionally concealing, destroying or altering or intentionally or knowingly causing another to conceal, destroy or alter any computer source code used for computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force
12. PUNISHMENT FOR TAMPERING COMPUTER SOURCE DOCUMENTS• Imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.
13. SECTION 66• Hacking with computer system• Occurs when there is intent to cause or knowledge that one is likely to cause wrongful loss or damage to the public or any person by destroying or deleting or altering any information residing in a computer resource or diminishing its value or utility or affecting it injuriously by any means
14. PUNISHMENT FOR HACKING• Imprisonment up to three years, or with fine which may extend upto two lakh rupees, or with both.
15. SECTION 67• Publishing of information which is obscene in electronic form• Publishing or transmitting or causing to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it
16. PUNISHMENT FOR PUBLISHING OBSCENE INFORMATION IN ELECTRONIC FORM• On first conviction - imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees• Second or subsequent conviction - imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees.
17. CYBER OFFENCES UNDER THE IT ACT (contd)• Breach of confidentiality and privacy• Misrepresentation• Publishing Digital Signature Certificate false in certain particulars and publication for fraudulent purposes.
18. NEW MANIFESTATIONS• NEW FORMS AND MANIFESTATIONS OF CYBERCRIMES EMERGING EVERYDAY.
19. IT ACT DEFICIENT• The offences defines in the IT Act are by no means exhaustive.• However, the drafting of the relevant provisions of the IT Act make it appear as if the offences detailed in the said IT Act are the only Cyber offences possible and existing.
20. NEED FOR INGENUITY• Just as human mind is ingenious enough to devise new ways for perpetuating crime, similarly, human ingenuity needs to be channelised into developing effective legal and regulatory mechanisms to control and prevent Cybercrimes.
21. BREACH OF SECURITY• Breach of security attracts consequences of civil liability.• If a person without the permission of owner or any other person in charge of a computer, computer system or computer network, accesses or secures access to such computer, computer system or computer network, he is liable to pay statutory damages by way of compensation, not exceeding one crore rupees to the person so affected.
22. CIVIL LIABILITY• Downloading, copying or extracting any data, computer database or information from such system or introducing any computer virus into the same or damaging, destructing or causing to be damaged or disruption of the same or denying the access to any authorized person of the same, and providing any assistance to any person for doing any of the acts mentioned above, would also attract the civil liability of damages by way of compensation not exceeding rupees one crore.
23. BREACH OF SECURITY (contd.)• Breach of security is also implicitly recognized as a penal offence in the form of hacking.• This offence is declared as a penal offence punishable with three years imprisonment and two lakh rupees fine.
24. INVESTIGATION• For the purpose of investigating the offences detailed under the IT Act, 2000, police officers not below the rank of Deputy Superintendent of Police have been duly authorized and who have also been given the power of entry, search and arrest without warrant in public places.
25. Section 79• For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.
26. Network Service Providers: When Not Liable• Explanation.—For the purposes of this section, —(a) "network service provider" means an intermediary;(b) "third party information" means any information dealt with by a network service provider in his capacity as an intermediary.
27. OFFENCES BY COMPANIESWhere a person committing a contravention of any of the provisions of this Act or of any rule, direction or order made thereunder is a company, every person who, at the time the contravention was committed, was in charge of, and was responsible to, the company for the conduct of business of the company as well as the company, shall be guilty of the contravention and shall be liable to be proceeded against and punished accordingly:
28. OFFENCES BY COMPANIES(contd)Provided that nothing contained in this sub-section shall render any such person liable to punishment if he proves that the contravention took place without his knowledge or that he exercised all due diligence to prevent such contravention.
29. CLAUSE 49, SEBI• FOR LISTED COMPANIES• CERTIFICATIONS BY CEO AND THE COMPLAINCE OFFICER• CERTIFICATION OF DATA , INFORMATION, COMPUTERS, COMPUTER SYSTEMS AND COMPUTER NETWORKS• NEED FOR CYBER LEGAL DUE DILIGENCE
30. DUE DILIGENCE• Compliance with IT Act, IT Rules, notifications etc.• Compliance with Indian Evidence Act.• Information Technology Security Policy• Legal Authentication of E- records.• Retention of E-records as per law.
31. CONCLUSION• Techno-Legal Risks in today’s Business Environment.• Need to have a systematic plan for to measure risk of exposure to the same.• Due Diligence and Compliance only mantra of survival in today’s E- world.
32. PDA DUE DILIGENCE VER 1.• PAVAN DUGGAL ASSOCIATES• PAVAN DUGGAL DUE DILIGENCE VERSION 1.• 33 PARAMETERS, COMPLIANCE WITH THE IT ACT, 2000
33. CONCLUSION(contd)• Limiting your liability for criminal activities done on your computers, computers and computer networks by others is absolutely essential lest we face some unpleasant situations.
34. CONCLUSION(contd)• CYBERLAW AUDIT OF YOUR OPERATIONS USING COMPUTERS, COMPTUER SYSTEMS AND COMPUTER NETWORKS CRITICAL FOR YOUR CONTINUED GROWTH.• PAVAN DUGGAL ASSOCIATES UNDERTAKES CYBERLAW AUDITS FOR CLIENTS FOR LIMITING THEIR LIABILITY
35. THAT WAS A PRESENTATION BY PAVAN DUGGAL,ADVOCATE, SUPREME COURT OF INDIA HEAD, PAVAN DUGGAL ASSOCIATES, PRESIDENT,CYBERLAWS.NET EMAIL : firstname.lastname@example.org email@example.com