Impact of cyber laws on various stakeholders
Upcoming SlideShare
Loading in...5
×
 

Impact of cyber laws on various stakeholders

on

  • 1,140 views

 

Statistics

Views

Total Views
1,140
Views on SlideShare
1,140
Embed Views
0

Actions

Likes
0
Downloads
39
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • ASCL has been training and working closely with the law enforcement for the past 10years We are aware about on ground realities and requirements and based on inputs by law enforcement and field operatives.
  • www.swiftforensics.com Digital Forensics with Encase - I
  • www.swiftforensics.com Digital Forensics with Encase - I
  • www.swiftforensics.com Digital Forensics with Encase - I
  • Electronic records – Sec. 2(1)(t) - "electronic record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.

Impact of cyber laws on various stakeholders Impact of cyber laws on various stakeholders Presentation Transcript

  • IMPACT OF CYBER LAWS ON VARIOUS STAKEHOLDERS Adv. Sagar Rahurkar Techno-Legal Consultant © Adv. Sagar Rahurkar 2012
  • INDEX Development of cyber law in India Various authorities under the IT Act Legal issues related to digital evidence  Who is an expert witness in case of digital evidence? Some of the important issues covered by the IT Act Powers of government/law enforcement under IT Act Landmark cases decided by Indian courts Shortcomings in the current system Who is expecting what from the cyber laws? © Adv. Sagar Rahurkar 2012
  • CYBER LAWS© Adv. Sagar Rahurkar 2012
  • RECENT RULES UNDER IT ACT © Adv. Sagar Rahurkar 2012
  • AIMS BEHIND ENACTMENT © Adv. Sagar Rahurkar 2012
  • JURISDICTION © Adv. Sagar Rahurkar 2012
  • AUTHORITIES UNDER THE IT ACT & THEIR POWERS NTRO  Sec. 70A CERT-IN  Sec. 70B Military CERT’S (Military laws) Intelligence Agencies (Special pawers) CID/CBI (Special cases) Forensics labs (For computer forensics) Police/Cyber Cell (First responders) © Adv. Sagar Rahurkar 2012
  • WHAT IS DIGITAL EVIDENCE ? Digital evidence is information and data of value to an investigation that is stored on, received, or transmitted by an electronic device. This evidence is acquired when data or electronic devices are seized and secured for examination. © Adv. Sagar Rahurkar 2012
  • DIGITAL EVIDENCE AND CYBER TRAILS CANRELATE TO.. Cyber sabotage Virus attacks Organized crimeEmail hijacking Online share trading fraud Defamation Online banking frauds Source code theft Terrorist operations Divorce cases Extortion Murder cases Credit card fraud Denial of service PornographyTax evasion Phishing attacks Hacking Smuggling etc..
  • Scene of Acquisition Office Setup Cyber Cafe Home PC
  • What do you look for ???? ? CD op /D a pt VD ? L ? ri ve DDe en sk P to ? p ? a rd r yC m o e M
  • POTENTIAL DEVICES OF EVIDENCE Storage Devices Handheld Devices Peripheral Devices Network Devices Other potential source of digital evidence © Adv. Sagar Rahurkar 2012
  • DIGITAL EVIDENCE ANALYSIS AS A PROCESS First Forensic Responder Analyst
  • DIGITAL EVIDENCE – LEGAL ISSUES © Adv. Sagar Rahurkar 2012
  • INDIAN EVIDENCE ACT Sec. 3 (a) – Scope of definition of evidence expanded to include electronic records Sec. 65B - Admissibility of electronic records The person owning or in-charge of the computer from which the evidence is taken has to give certificate as to the genuineness of electronic record. © Adv. Sagar Rahurkar 2012
  • INDIAN EVIDENCE ACT Sec. 88A - Presumption as to electronic messages The Court may presume that an electronic message forwarded by the originator through an electronic mail server to the addressee to whom the message purports to be addressed corresponds with the message as fed into his computer for transmission; but the Court shall not make any presumption as to the person by whom such message was sent.
  • THE IT ACT Sec. 79A - Central Government to notify Examiner of Electronic Evidence The Central Government may, for the purposes of providing expert opinion on electronic evidence before any court or other authority specify, by notification in the Official Gazette, any Department, body or agency of the Central Government or a State Government as an Examiner of Electronic Evidence © Adv. Sagar Rahurkar 2012
  • WHO IS AN EXPERT?
  • WHO IS AN EXPERT? Daubert principle is a very famous for cases in which scientific methods and knowledge is involved and is still referred in courts while determining the test for the admission of scientific expert’s testimony. In Frye v United States, 54 App. D.C. 46, 47, 293 F.1013, 1014, for the rule that expert opinion based on a scientific technique is inadmissible unless the technique is “generally accepted” as reliable in the relevant scientific community.
  • WHO IS AN EXPERT?  THE COURT MUST ASK Does this person possess enough specialized or skilled knowledge about the subject matter in question, to enable him or her to assist the trier of fact? But again here the question arises, though the expert witness possesses the knowledge, whether the judge has understood the technology involved in the case? Without understanding the technology involved, how can a judge deny expert’s testimony?
  • WHO IS AN EXPERT?  DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS1. While carrying out the investigation, whether the expert working on that case has used scientific method i.e. discovery technique.? This will help court in determining the approach of the expert and the method used to arrive at the conclusion is proper or not. The court will see in the testimony of the expert is able to explain proper justification of each and every step performed to arrive at the conclusion.
  • WHO IS AN EXPERT?  DAUBERT TESTFOCUSES ON THE FOLLOWING POINTS –2. The court shall also try to analyze whether the method used by the expert in the present case has ever been used by any other expert or same expert in any other case. The court may also look at the impact in the light of facts of both cases. The court may also see the justification of each and every step.
  • WHO IS AN EXPERT?  DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS –3. The court may also look at what kind of discovery methods used and may ask for the justification. Court may also go into the inquiry of tools used by the expert and chances of getting error in computer forensics. Court may go for the comparison for the same discovery technique used in present case with the technique used in the other cases. It becomes the responsibility of the computer forensics expert to satisfy judge.
  • WHO IS AN EXPERT?  DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS –4. If the computer forensics expert is relying on someone’s opinion, then the expert should produce such document or such opinion before the court of law to justify his statement.
  • WHO IS AN EXPERT?  DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS – Other factors to be considered when evaluating the admissibility of expert testimony –  Testing method;  Peer review;  Error rates;  Acceptability within the relevant professional community.
  • WHO IS AN EXPERT?  DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS – Minimum Standard to be called as an “Computer Forensics Expert” may include –  Technical knowledge and Qualification  Experience  Evidence Analysis  Discovery technique
  • WHO IS AN EXPERT?  DAUBERT TEST FOCUSES ON THE FOLLOWING POINTS – Court may reject the Computer Forensics Expert in the following circumstances –  Unable to answer  Unable to preserve the evidence  Does not find the evidence for the same issue  Vague Conclusion  Judge’s discretion
  • OVERVIEW OF CYBER LAWS
  • CRIMINAL OFFENCES – CHAPT. XI
  • SECTION 66 Removal of definition of “hacking” Section renamed as Computer related offences All the acts referred under Section 43, are covered u/Sec. 66 if they are done “dishonestly” or “fraudulently”
  • SOURCE CODE THEFT Section 65 and 43 (j) • Punishment (U/Sec. 65) –  Imprisonment – Upto 3 years or  Fine – Upto Rs. 2 Lakh or  Both • Additionally provisions of Copyright Act will also apply
  • SECTION 66A• Sending of offensive or false messages• Covers following sent by sms / email:-  grossly offensive messages  menacing messages  false information sent for causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will..  phishing, email spoofing, Spam mails, Threat mails• Punishment – imprisonment upto 3 years and fine
  • SECTION 66B• Dishonestly receiving stolen computer resource or communication device• Covers use of stolen Computers, mobile phones, SIM Cards, etc• Also covers “data theft”• Punishment – imprisonment upto 3 years and fine
  • Section 66 C• Identity theft• Fraudulently or dishonestly using someone else’s electronic signature, password or any other unique identification feature• Punishment - imprisonment upto 3 years and fine
  • Section 66 D• Cheating by Personation• Cheating by pretending to be some other person•  To create an e-mail account, Social networking a/c on someone elses name• Punishment – imprisonment upto 3 years and fine
  • Section 66F - Cyber Terrorism  Use of Cyberspace to –  Threaten the unity, integrity, security or sovereignty of India or  To strike terror amongst people or  Attack on Critical Information Infrastructure of India with terror intentions  Punishment - Life imprisonment (Max.)
  • Sec. 66 E• Violation of Personal Privacy• Popularly known as Voyeurism• Covers acts like hiding cameras in changing rooms, hotel rooms, etc.• Punishment –imprisonment upto 3 years or fine upto Rs. 2 lakh or both
  • Section 67Cyber PornographyPublishing or transmitting obscenematerial in the electronic formPunishment –First instance - imprisonment upto 3years and fine upto Rs. 5 lakhSubsequent - imprisonment upto 5 yearsand fine upto Rs. 10 lakh
  • Section 67(B)Child PornographyCreating, collecting, browsing, downloading, etc of amaterial relating to Child PornographyPunishment –• First instance - imprisonment upto 5 years• Subsequent - imprisonment upto 7 years Fine upto Rs. 10 lakh
  • POWERS OF GOVERNMENT ANDLAW ENFORCEMENT AGENCIES
  • PRESERVATION OF INFORMATION BY INTERMEDIARIES • Section 67(C) • Intermediary shall preserve and retain information as may be specified for such duration and in such manner and format as the Central Government may prescribe • Maintaining MAC address????
  • SEC 69- POWER TO INTERCEPT OR MONITOR OR DECRYPT Central or State Government or any of its officer specially authorised have powers to issue directions for interception or monitoring or decryption of any information through any computer resource under special circumstances* Failure to co-operate with the aforementioned agencies shall be punishable with imprisonment for 7 years + fine
  • SEC 69(A)- BLOCKING FOR PUBLICACCESS Central Government or any of its officer specially authorised have powers to issue directions for blocking for public access of any information through any computer resource under special circumstances* Intermediary failing to comply with the directions shall be punishable with imprisonment for 7 years + fine
  • LANDMARK CASES DECIDED BY THE INDIAN COURTS
  • AVNISH BAJAJ VS. STATE (N.C.T.) OF DELHI Avnish Bajaj, CEO of Baazee.com, (former Indian subsidiary of eBay) was arrested for distributing pornographic clip by using its website. The charges stemmed from the fact that someone had sold copies of a pornographic CD through the Baazee.com website.
  • GOOGLE INDIA PVT. LTD., VS. M/S. VISAKA INDUSTRIES LIMITED The petitioner cannot claim any exemption u/s 79 of the IT Act and as petitioner had failed to act expeditiously and diligently despite of the fact that the respondent issued notice about dissemination of the defamatory material and unlawful activities.
  • SHRI. THOMAS RAJU VS ICICI BANK Case decided by – the Adjudicating officer, Government of Tamilnadu Petitioner suffered a loss of Rs. 1,62,800/- as a result of the phishing attack Amount was supposed to have been transferred on the account of another customer of ICICI Bank Petitioner claimed that he had suffered a loss due to unauthorised access to his account Petitioner further claimed that he had suffered a loss as bank has failed to establish a due diligence and in providing adequate checks and safeguards to prevent unauthorised access into his account. Bank had also 48 not adhered to the KYC norms given by the RBI.
  • STATE VS. MOHD. AFZAL AND OTHERS Several terrorists had attacked the Parliament of India on 13th December, 2001. During their prosecution, evidence produced was in a Digital form. The accused had argued that computers and digital evidence can easily be tampered and hence should not be relied upon. The court dismissed these arguments and held that challenges as to the accuracy of digital evidence on any ground should be proved by the challenger. Mere theoretical and generic doubts cannot be cast on the evidence.
  • SHORTCOMINGS IN THE CURRENT SYSTEM
  • FUNDAMENTALS OF INVESTIGATION
  • FUNDAMENTALS OF INVESTIGATION
  • ISSUES
  • POSSIBLE SOLUTIONS Initiate efforts to achieve international co-operation in investigation (Eu Conv.) Laws relating to expert witness should be clear Establish guidelines for search and seizure (Increasing capacity of 1 st responders) Correct application of law Establishment of cyber forensics cells Awareness, sensitization and training
  • WHO IS EXPECTING WHAT FROM CYBER LAWS?
  • contact@sagarrahurkar.com 09623444448