Your SlideShare is downloading. ×
Rohas nagpal _it_act_2000_vs_2008 - ClubHack2009
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Rohas nagpal _it_act_2000_vs_2008 - ClubHack2009

1,361

Published on

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total Views
1,361
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
115
Comments
1
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Rohas Nagpal Asian School of Cyber Laws
  • 2.
    • Information Technology Act, 2000 came into force in October 2000
    • Amended on 27 th October 2009
    • Indian Penal Code
    • Evidence Act
  • 3.
    • Voyeurism is now specifically covered.
    • Acts like hiding cameras in changing rooms, hotel rooms etc is punishable with jail upto 3 years.
    • This would apply to cases like the infamous Pune spycam incident where a 58-year old man was arrested for installing spy cameras in his house to ‘snoop’ on his young lady tenants.
  • 4.
    • Publishing sexually explicit acts in the electronic form is punishable with jail upto 3 years.
    • This would apply to cases like the Delhi MMS scandal where a video of a young couple having sex was spread through cell phones around the country.
  • 5.
    • Collecting, browsing, downloading etc of child pornography is punishable with jail upto 5 years for the first conviction.
    • For a subsequent conviction, the jail term can extend to 7 years. A fine of upto Rs 10 lakh can also be levied.
  • 6.
    • The punishment for spreading obscene material by email, websites, sms has been reduced from 5 years jail to 3 years jail.
    • This covers acts like sending ‘dirty’ jokes and pictures by email or sms.
    • Bangalore student sms case
  • 7.
    • Compensation is not restricted to Rs 1 crore anymore on cyber crimes like:
      • accessing or securing access to a computer
      • downloading, copying or extracting data
      • computer contaminant or virus
      • damaging computer
      • disrupting computer
  • 8.
    • Compensation is not restricted to Rs 1 crore anymore on cyber crimes like:
      • providing assistance to facilitate illegal access
      • computer fraud
      • destroying, deleting or altering or diminishing value or utility or affecting injuriously
      • stealing, concealing, destroying or altering computer source code
  • 9.
    • The Adjudicating Officers will have jurisdiction for cases where the claim is upto Rs. 5 crore.
    • Above that the case will need to be filed before the civil courts.
  • 10.
    • A special liability has been imposed on call centers, BPOs, banks and others who hold or handle sensitive personal data.
    • If they are negligent in “implementing and maintaining reasonable security practices and procedures”, they will be liable to pay compensation.
  • 11.
    • It may be recalled that India’s first major BPO related scam was the multi crore MphasiS-Citibank funds siphoning case in 2005.
    • Under the new law, in such cases, the BPOs and call centers could also be made liable if they have not implemented proper security measures.
  • 12.
    • Refusing to hand over passwords to an authorized official could land a person in prison for upto 7 years.
    • The offence of cyber terrorism has been specially included in the law. A cyber terrorist can be punished with life imprisonment.
  • 13.
    • Sending threatening emails and sms are punishable with jail upto 3 years.
    • Hacking into a Government computer or website, or even trying to do so in punishable with imprisonment upto 10 years.
  • 14.
    • Cyber crime cases can now be investigated by Inspector rank police officers.
    • Earlier such offences could not be investigated by an officer below the rank of a deputy superintendent of police.
  • 15.
    • The Information Technology Act, 2000 took a "technology dependent" approach to the issue of electronic authentication.
    • This was done by specifying digital signatures as the means of authentication.
  • 16.
    • The defect in this approach is that the law is bound by a specific technology, which in due course of time may be proven weak.
    • The advantage of using a technology neutral approach is that if one technology is proven weak, others can be used without any legal complexities arising out of the issue.
  • 17.
    • An example of this is the MD5 hash algorithm that at one time was considered suitable.
    • MD5 was prescribed as suitable by Rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 .
  • 18.
    • MD5 was subsequently proven weak by mathematicians.
    • In fact, Asian School of Cyber Laws had filed a public interest litigation in the Bombay High Court on the same issue.
  • 19.
    • Subsequently, the Information Technology (Certifying Authorities) Amendment Rules, 2009 amended the Rule 6 mentioned above.
    • MD5 was replaced by SHA-2.
  • 20.
    • The Information Technology (Amendment) Act, 2008 amends the technology dependent approach.
    • It introduces the concept of electronic signatures in addition to digital signatures.
  • 21.
    • Digital signatures are one type of technology coming under the wider term “electronic signatures”.
  • 22.
    • 1. based on the knowledge of the user or the recipient e.g. passwords, personal identification numbers (PINs)
    • 2. those based on the physical features of the user (e.g. biometrics)
    • 3. those based on the possession of an object by the user (e.g. codes or other information stored on a magnetic card).
  • 23.
    • Digital signatures within a public key infrastructure (PKI)
    • biometric devices
  • 24.
    • PINs
    • user-defined or assigned passwords,
    • scanned handwritten signatures,
    • signature by means of a digital pen,
    • clickable “OK” or “I accept” boxes.
  • 25.
    • Hybrid solution like combined use of passwords and secure sockets layer (SSL)
    • It is a technology using a mix of public and symmetric key encryptions.
  • 26.  
  • 27.
    • Fraudulently or dishonestly using someone else’s electronic signature, password or any other unique identification feature
    • 3 years jail and fine upto Rs 1 lakh.
    • New provision
  • 28.
    • Section 65
    • Conceal / destroy / alter source code
    • 3 years jail and / or fine upto Rs 2 lakh
    • Unchanged provision
  • 29.
    • Section 66
    • 3 years jail and / or fine upto 5 lakh
    • New provision
    • Replaces ‘hacking’
  • 30.
    • dishonestly or fraudulently:
      • accessing or securing access to a computer
      • downloading, copying or extracting data
      • computer contaminant or virus
      • damaging computer
      • disrupting computer
      • denial of access
  • 31.
    • dishonestly or fraudulently:
      • providing assistance to facilitate illegal access
      • computer fraud
      • destroying, deleting or altering or diminishing value or utility or affecting injuriously
      • stealing, concealing, destroying or altering computer source code
  • 32.
    • Section 66A
    • 3 years jail and fine
    • New provision
  • 33.
    • Covers following sent by sms / email:
      • grossly offensive
      • menacing
      • false information sent for causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will
      • phishing, email spoofing
  • 34.
    • Email spoofing
    • SMS spoofing
    • Phishing
  • 35.  
  • 36.  
  • 37. Asian School of Cyber Laws

×