Rohas nagpal _it_act_2000_vs_2008 - ClubHack2009

  • 1,301 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,301
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
112
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Rohas Nagpal Asian School of Cyber Laws
  • 2.
    • Information Technology Act, 2000 came into force in October 2000
    • Amended on 27 th October 2009
    • Indian Penal Code
    • Evidence Act
  • 3.
    • Voyeurism is now specifically covered.
    • Acts like hiding cameras in changing rooms, hotel rooms etc is punishable with jail upto 3 years.
    • This would apply to cases like the infamous Pune spycam incident where a 58-year old man was arrested for installing spy cameras in his house to ‘snoop’ on his young lady tenants.
  • 4.
    • Publishing sexually explicit acts in the electronic form is punishable with jail upto 3 years.
    • This would apply to cases like the Delhi MMS scandal where a video of a young couple having sex was spread through cell phones around the country.
  • 5.
    • Collecting, browsing, downloading etc of child pornography is punishable with jail upto 5 years for the first conviction.
    • For a subsequent conviction, the jail term can extend to 7 years. A fine of upto Rs 10 lakh can also be levied.
  • 6.
    • The punishment for spreading obscene material by email, websites, sms has been reduced from 5 years jail to 3 years jail.
    • This covers acts like sending ‘dirty’ jokes and pictures by email or sms.
    • Bangalore student sms case
  • 7.
    • Compensation is not restricted to Rs 1 crore anymore on cyber crimes like:
      • accessing or securing access to a computer
      • downloading, copying or extracting data
      • computer contaminant or virus
      • damaging computer
      • disrupting computer
  • 8.
    • Compensation is not restricted to Rs 1 crore anymore on cyber crimes like:
      • providing assistance to facilitate illegal access
      • computer fraud
      • destroying, deleting or altering or diminishing value or utility or affecting injuriously
      • stealing, concealing, destroying or altering computer source code
  • 9.
    • The Adjudicating Officers will have jurisdiction for cases where the claim is upto Rs. 5 crore.
    • Above that the case will need to be filed before the civil courts.
  • 10.
    • A special liability has been imposed on call centers, BPOs, banks and others who hold or handle sensitive personal data.
    • If they are negligent in “implementing and maintaining reasonable security practices and procedures”, they will be liable to pay compensation.
  • 11.
    • It may be recalled that India’s first major BPO related scam was the multi crore MphasiS-Citibank funds siphoning case in 2005.
    • Under the new law, in such cases, the BPOs and call centers could also be made liable if they have not implemented proper security measures.
  • 12.
    • Refusing to hand over passwords to an authorized official could land a person in prison for upto 7 years.
    • The offence of cyber terrorism has been specially included in the law. A cyber terrorist can be punished with life imprisonment.
  • 13.
    • Sending threatening emails and sms are punishable with jail upto 3 years.
    • Hacking into a Government computer or website, or even trying to do so in punishable with imprisonment upto 10 years.
  • 14.
    • Cyber crime cases can now be investigated by Inspector rank police officers.
    • Earlier such offences could not be investigated by an officer below the rank of a deputy superintendent of police.
  • 15.
    • The Information Technology Act, 2000 took a "technology dependent" approach to the issue of electronic authentication.
    • This was done by specifying digital signatures as the means of authentication.
  • 16.
    • The defect in this approach is that the law is bound by a specific technology, which in due course of time may be proven weak.
    • The advantage of using a technology neutral approach is that if one technology is proven weak, others can be used without any legal complexities arising out of the issue.
  • 17.
    • An example of this is the MD5 hash algorithm that at one time was considered suitable.
    • MD5 was prescribed as suitable by Rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 .
  • 18.
    • MD5 was subsequently proven weak by mathematicians.
    • In fact, Asian School of Cyber Laws had filed a public interest litigation in the Bombay High Court on the same issue.
  • 19.
    • Subsequently, the Information Technology (Certifying Authorities) Amendment Rules, 2009 amended the Rule 6 mentioned above.
    • MD5 was replaced by SHA-2.
  • 20.
    • The Information Technology (Amendment) Act, 2008 amends the technology dependent approach.
    • It introduces the concept of electronic signatures in addition to digital signatures.
  • 21.
    • Digital signatures are one type of technology coming under the wider term “electronic signatures”.
  • 22.
    • 1. based on the knowledge of the user or the recipient e.g. passwords, personal identification numbers (PINs)
    • 2. those based on the physical features of the user (e.g. biometrics)
    • 3. those based on the possession of an object by the user (e.g. codes or other information stored on a magnetic card).
  • 23.
    • Digital signatures within a public key infrastructure (PKI)
    • biometric devices
  • 24.
    • PINs
    • user-defined or assigned passwords,
    • scanned handwritten signatures,
    • signature by means of a digital pen,
    • clickable “OK” or “I accept” boxes.
  • 25.
    • Hybrid solution like combined use of passwords and secure sockets layer (SSL)
    • It is a technology using a mix of public and symmetric key encryptions.
  • 26.  
  • 27.
    • Fraudulently or dishonestly using someone else’s electronic signature, password or any other unique identification feature
    • 3 years jail and fine upto Rs 1 lakh.
    • New provision
  • 28.
    • Section 65
    • Conceal / destroy / alter source code
    • 3 years jail and / or fine upto Rs 2 lakh
    • Unchanged provision
  • 29.
    • Section 66
    • 3 years jail and / or fine upto 5 lakh
    • New provision
    • Replaces ‘hacking’
  • 30.
    • dishonestly or fraudulently:
      • accessing or securing access to a computer
      • downloading, copying or extracting data
      • computer contaminant or virus
      • damaging computer
      • disrupting computer
      • denial of access
  • 31.
    • dishonestly or fraudulently:
      • providing assistance to facilitate illegal access
      • computer fraud
      • destroying, deleting or altering or diminishing value or utility or affecting injuriously
      • stealing, concealing, destroying or altering computer source code
  • 32.
    • Section 66A
    • 3 years jail and fine
    • New provision
  • 33.
    • Covers following sent by sms / email:
      • grossly offensive
      • menacing
      • false information sent for causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will
      • phishing, email spoofing
  • 34.
    • Email spoofing
    • SMS spoofing
    • Phishing
  • 35.  
  • 36.  
  • 37. Asian School of Cyber Laws