Rohas nagpal _it_act_2000_vs_2008 - ClubHack2009

1,646 views
1,557 views

Published on

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total views
1,646
On SlideShare
0
From Embeds
0
Number of Embeds
37
Actions
Shares
0
Downloads
132
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Rohas nagpal _it_act_2000_vs_2008 - ClubHack2009

  1. 1. Rohas Nagpal Asian School of Cyber Laws
  2. 2. <ul><li>Information Technology Act, 2000 came into force in October 2000 </li></ul><ul><li>Amended on 27 th October 2009 </li></ul><ul><li>Indian Penal Code </li></ul><ul><li>Evidence Act </li></ul>
  3. 3. <ul><li>Voyeurism is now specifically covered. </li></ul><ul><li>Acts like hiding cameras in changing rooms, hotel rooms etc is punishable with jail upto 3 years. </li></ul><ul><li>This would apply to cases like the infamous Pune spycam incident where a 58-year old man was arrested for installing spy cameras in his house to ‘snoop’ on his young lady tenants. </li></ul>
  4. 4. <ul><li>Publishing sexually explicit acts in the electronic form is punishable with jail upto 3 years. </li></ul><ul><li>This would apply to cases like the Delhi MMS scandal where a video of a young couple having sex was spread through cell phones around the country. </li></ul>
  5. 5. <ul><li>Collecting, browsing, downloading etc of child pornography is punishable with jail upto 5 years for the first conviction. </li></ul><ul><li>For a subsequent conviction, the jail term can extend to 7 years. A fine of upto Rs 10 lakh can also be levied. </li></ul>
  6. 6. <ul><li>The punishment for spreading obscene material by email, websites, sms has been reduced from 5 years jail to 3 years jail. </li></ul><ul><li>This covers acts like sending ‘dirty’ jokes and pictures by email or sms. </li></ul><ul><li>Bangalore student sms case </li></ul>
  7. 7. <ul><li>Compensation is not restricted to Rs 1 crore anymore on cyber crimes like: </li></ul><ul><ul><li>accessing or securing access to a computer </li></ul></ul><ul><ul><li>downloading, copying or extracting data </li></ul></ul><ul><ul><li>computer contaminant or virus </li></ul></ul><ul><ul><li>damaging computer </li></ul></ul><ul><ul><li>disrupting computer </li></ul></ul>
  8. 8. <ul><li>Compensation is not restricted to Rs 1 crore anymore on cyber crimes like: </li></ul><ul><ul><li>providing assistance to facilitate illegal access </li></ul></ul><ul><ul><li>computer fraud </li></ul></ul><ul><ul><li>destroying, deleting or altering or diminishing value or utility or affecting injuriously </li></ul></ul><ul><ul><li>stealing, concealing, destroying or altering computer source code </li></ul></ul>
  9. 9. <ul><li>The Adjudicating Officers will have jurisdiction for cases where the claim is upto Rs. 5 crore. </li></ul><ul><li>Above that the case will need to be filed before the civil courts. </li></ul>
  10. 10. <ul><li>A special liability has been imposed on call centers, BPOs, banks and others who hold or handle sensitive personal data. </li></ul><ul><li>If they are negligent in “implementing and maintaining reasonable security practices and procedures”, they will be liable to pay compensation. </li></ul>
  11. 11. <ul><li>It may be recalled that India’s first major BPO related scam was the multi crore MphasiS-Citibank funds siphoning case in 2005. </li></ul><ul><li>Under the new law, in such cases, the BPOs and call centers could also be made liable if they have not implemented proper security measures. </li></ul>
  12. 12. <ul><li>Refusing to hand over passwords to an authorized official could land a person in prison for upto 7 years. </li></ul><ul><li>The offence of cyber terrorism has been specially included in the law. A cyber terrorist can be punished with life imprisonment. </li></ul>
  13. 13. <ul><li>Sending threatening emails and sms are punishable with jail upto 3 years. </li></ul><ul><li>Hacking into a Government computer or website, or even trying to do so in punishable with imprisonment upto 10 years. </li></ul>
  14. 14. <ul><li>Cyber crime cases can now be investigated by Inspector rank police officers. </li></ul><ul><li>Earlier such offences could not be investigated by an officer below the rank of a deputy superintendent of police. </li></ul>
  15. 15. <ul><li>The Information Technology Act, 2000 took a &quot;technology dependent&quot; approach to the issue of electronic authentication. </li></ul><ul><li>This was done by specifying digital signatures as the means of authentication. </li></ul>
  16. 16. <ul><li>The defect in this approach is that the law is bound by a specific technology, which in due course of time may be proven weak. </li></ul><ul><li>The advantage of using a technology neutral approach is that if one technology is proven weak, others can be used without any legal complexities arising out of the issue. </li></ul>
  17. 17. <ul><li>An example of this is the MD5 hash algorithm that at one time was considered suitable. </li></ul><ul><li>MD5 was prescribed as suitable by Rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 . </li></ul>
  18. 18. <ul><li>MD5 was subsequently proven weak by mathematicians. </li></ul><ul><li>In fact, Asian School of Cyber Laws had filed a public interest litigation in the Bombay High Court on the same issue. </li></ul>
  19. 19. <ul><li>Subsequently, the Information Technology (Certifying Authorities) Amendment Rules, 2009 amended the Rule 6 mentioned above. </li></ul><ul><li>MD5 was replaced by SHA-2. </li></ul>
  20. 20. <ul><li>The Information Technology (Amendment) Act, 2008 amends the technology dependent approach. </li></ul><ul><li>It introduces the concept of electronic signatures in addition to digital signatures. </li></ul>
  21. 21. <ul><li>Digital signatures are one type of technology coming under the wider term “electronic signatures”. </li></ul>
  22. 22. <ul><li>1. based on the knowledge of the user or the recipient e.g. passwords, personal identification numbers (PINs) </li></ul><ul><li>2. those based on the physical features of the user (e.g. biometrics) </li></ul><ul><li>3. those based on the possession of an object by the user (e.g. codes or other information stored on a magnetic card). </li></ul>
  23. 23. <ul><li>Digital signatures within a public key infrastructure (PKI) </li></ul><ul><li>biometric devices </li></ul>
  24. 24. <ul><li>PINs </li></ul><ul><li>user-defined or assigned passwords, </li></ul><ul><li>scanned handwritten signatures, </li></ul><ul><li>signature by means of a digital pen, </li></ul><ul><li>clickable “OK” or “I accept” boxes. </li></ul>
  25. 25. <ul><li>Hybrid solution like combined use of passwords and secure sockets layer (SSL) </li></ul><ul><li>It is a technology using a mix of public and symmetric key encryptions. </li></ul>
  26. 27. <ul><li>Fraudulently or dishonestly using someone else’s electronic signature, password or any other unique identification feature </li></ul><ul><li>3 years jail and fine upto Rs 1 lakh. </li></ul><ul><li>New provision </li></ul>
  27. 28. <ul><li>Section 65 </li></ul><ul><li>Conceal / destroy / alter source code </li></ul><ul><li>3 years jail and / or fine upto Rs 2 lakh </li></ul><ul><li>Unchanged provision </li></ul>
  28. 29. <ul><li>Section 66 </li></ul><ul><li>3 years jail and / or fine upto 5 lakh </li></ul><ul><li>New provision </li></ul><ul><li>Replaces ‘hacking’ </li></ul>
  29. 30. <ul><li>dishonestly or fraudulently: </li></ul><ul><ul><li>accessing or securing access to a computer </li></ul></ul><ul><ul><li>downloading, copying or extracting data </li></ul></ul><ul><ul><li>computer contaminant or virus </li></ul></ul><ul><ul><li>damaging computer </li></ul></ul><ul><ul><li>disrupting computer </li></ul></ul><ul><ul><li>denial of access </li></ul></ul>
  30. 31. <ul><li>dishonestly or fraudulently: </li></ul><ul><ul><li>providing assistance to facilitate illegal access </li></ul></ul><ul><ul><li>computer fraud </li></ul></ul><ul><ul><li>destroying, deleting or altering or diminishing value or utility or affecting injuriously </li></ul></ul><ul><ul><li>stealing, concealing, destroying or altering computer source code </li></ul></ul>
  31. 32. <ul><li>Section 66A </li></ul><ul><li>3 years jail and fine </li></ul><ul><li>New provision </li></ul>
  32. 33. <ul><li>Covers following sent by sms / email: </li></ul><ul><ul><li>grossly offensive </li></ul></ul><ul><ul><li>menacing </li></ul></ul><ul><ul><li>false information sent for causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will </li></ul></ul><ul><ul><li>phishing, email spoofing </li></ul></ul>
  33. 34. <ul><li>Email spoofing </li></ul><ul><li>SMS spoofing </li></ul><ul><li>Phishing </li></ul>
  34. 37. Asian School of Cyber Laws

×