Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

INDIAN CYBERLAW AND SECURITY

9,157 views

Published on

INDIAN CYBERLAW AND SECURITY

Published in: Business, Technology
  • Be the first to comment

INDIAN CYBERLAW AND SECURITY

  1. 1. INDIAN CYBERLAW AND SECURITY
  2. 2. A PRESENTATION BY PAVAN DUGGAL, ADVOCATE, SUPREME COURT OF INDIA PRESIDENT,CYBERLAWS.NET HEAD-PAVAN DUGGAL ASSOCIATES INTERNATIONAL CONFERENCE ON e GP, NEW DELHI-11-3-2005
  3. 3. CYBER LAW IN INDIA <ul><li>In India the Information Technology Act, 2000 is the legislation that deals with issues related to the Internet. </li></ul>
  4. 4. THE INFORMATION TECHNOLOGY ACT , 2000
  5. 5. I.T. ACT, 2000: OBJECTIVES <ul><li>Different approaches for controlling, regulating and facilitating electronic communication and commerce. </li></ul><ul><li>Aim to provide legal infrastructure for e-commerce in India. </li></ul>
  6. 6. OBJECTIVES (contd.) <ul><li>To provide legal recognition for transactions:- </li></ul><ul><li>Carried out by means of electronic data interchange, and </li></ul><ul><li>Other means of electronic communication, commonly referred to as &quot;electronic commerce&quot;, involving the use of alternatives to paper-based methods of communication and storage of information. </li></ul>
  7. 7. OBJECTIVES (contd.) <ul><li>To facilitate electronic filing of documents with the Government agencies </li></ul><ul><li>To amend the Indian Penal Code, the Indian Evidence Act, 1872, the Banker's Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934 </li></ul>
  8. 8. AUTHENTICATION OF ELECTRONIC RECORDS <ul><li>Any subscriber may authenticate an electronic record </li></ul><ul><li>Authentication by affixing his digital signature. </li></ul><ul><li>Any person by the use of a public key of the subscriber can verify the electronic record </li></ul>
  9. 9. LEGALITY OF DIGITAL SIGNATURES <ul><li>Legal recognition of digital signatures. </li></ul><ul><li>Electronic Signatures not yet legal in India. </li></ul><ul><li>Certifying Authorities for Digital Signatures. </li></ul><ul><li>Scheme for Regulation of Certifying Authorities for Digital Signatures </li></ul>
  10. 10. CONTROLLER OF CERTIFYING AUTHORITIES <ul><li>Shall exercise supervision over the activities of Certifying Authorities </li></ul><ul><li>Lay down standards and conditions governing Certifying Authorities </li></ul><ul><li>Specify various forms and content of Digital Signature Certificates </li></ul>
  11. 11. DIGITAL SIGNATURES & ELECTRONIC RECORDS <ul><li>Use of Electronic Records and Digital Signatures in Government Agencies. </li></ul><ul><li>Publications of rules and regulations in the Electronic Gazette. </li></ul>
  12. 12. INFORMATION SECURITY LAW <ul><li>India does not have a dedicated law on Information Security </li></ul>
  13. 13. IT ACT, 2000 <ul><li>Not a law dedicated to security </li></ul><ul><li>However, since security is an absolutely necessity for e-commerce transactions, the laws covers some aspects relating to security </li></ul>
  14. 14. DEFINITIONS <ul><li>Definitional clause of the Indian Cyberlaw does not give a legal definition of security </li></ul><ul><li>Provides the definition of a secure system and security procedure </li></ul>
  15. 15. Section 79 <ul><li>For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention. </li></ul>
  16. 16. Network Service Providers: When Not Liable <ul><li>Explanation.— For the purposes of this section, — </li></ul><ul><li>(a) &quot;network service provider&quot; means an intermediary; </li></ul><ul><li>(b) &quot;third party information&quot; means any information dealt with by a network service provider in his capacity as an intermediary. </li></ul>
  17. 17. “ SECURE SYSTEM” <ul><li>“ secure system” means computer hardware, software, and procedure that-  </li></ul><ul><li>(a)    are reasonably secure from unauthorized access and misuse; </li></ul><ul><li>(b)   provide a reasonable level of reliability and correct operation; </li></ul><ul><li>(c)    are reasonably suited to performing the intended function; and </li></ul><ul><li>(d) adhere to generally accepted security procedures </li></ul>
  18. 18. DEFINITTIONS <ul><li>“ security procedure” means the security procedure prescribed by the Central Government under the IT Act, 2000. </li></ul><ul><li>secure electronic record – where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification </li></ul>
  19. 19. SECURE DIGITAL SIGNATURE <ul><li>If by application of a security procedure agreed to by the parties concerned, it can be verified that a digital signature, at the time it was affixed, was: </li></ul><ul><li>(a)     unique to the subscriber affixing it; </li></ul><ul><li>(b)     capable of identifying such subscriber; </li></ul><ul><li>(c)  created in a manner or using a means under the exclusive control of the subscriber and is linked to the electronic record to which it relates in such a manner that if the electronic record was altered the digital signature would be invalidated, </li></ul><ul><li>then such digital signature shall be deemed to be a secure digital signature. </li></ul>
  20. 20. POWER TO CENTRAL GOVERNMENT <ul><li>Central Government empowered to prescribe the security procedure, having regard to the commercial circumstances prevailing at the time when the procedure was used, including- </li></ul><ul><ul><li>the nature of the transaction; </li></ul></ul><ul><ul><li>the level of sophistication of the parties with reference to their technological capacity; </li></ul></ul><ul><ul><li>the volume of similar transactions engaged in by other parties; </li></ul></ul><ul><ul><li>the availability of alternatives offered to but rejected by any party; </li></ul></ul><ul><ul><li>the cost of alternative procedures; </li></ul></ul><ul><ul><li>the procedures in general use for similar types of transactions or communications. </li></ul></ul>
  21. 21. BREACH OF SECURITY <ul><li>The Indian Cyberlaw makes breach of security an act which attracts consequences of civil liability. </li></ul><ul><li>If a person without the permission of owner or any other person in charge of a computer, computer system or computer network, accesses or secures access to such computer, computer system or computer network, he is liable to pay statutory damages by way of compensation, not exceeding one Crore rupees ( Rs 10,000,000/- ) to the person so affected. </li></ul>
  22. 22. BREACH OF SECURITY <ul><li>Thus, merely gaining access to any computer, computer system or computer network by breaching or violating the security processes or mechanisms is enough to attract the civil liability. </li></ul>
  23. 23. CRIMINAL OFFENCE <ul><li>Breach of security is also implicitly recognized as a penal offence in the form of hacking </li></ul><ul><li>Section 66 of the IT Act, 2000 makes hacking a penal offence punishable with three years imprisonment and two lakh rupees ( Rs 200,000/- ) fine </li></ul>
  24. 24. PROTECTED SYSTEM <ul><li>The appropriate government, be it the Central or State Government, has been given the discretion to declare any computer, computer system or computer network as a protected system. </li></ul><ul><li>Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of the law, shall be punished with imprisonment of either description for a term which may extend to ten years and shall be liable to fine. </li></ul>
  25. 25. OFFENCES & PENALTIES <ul><li>Penalties and adjudication for various offences involving computers, computer systems and computer networks. </li></ul><ul><li>Penalties for damage to computer, computer system etc. </li></ul><ul><li>Fixed as damages by way of compensation not exceeding Rs. 1,00,00,000/- to affected persons. </li></ul>
  26. 26. CYBER OFFENCES <ul><li>Various cyber offences defined </li></ul><ul><li>Cyber offences to be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. </li></ul>
  27. 27. CYBER OFFENCES (contd.) <ul><li>Tampering with computer source documents. </li></ul><ul><li>Publishing of information which is obscene in electronic form. </li></ul><ul><li>Breach of confidentiality and privacy. </li></ul>
  28. 28. CYBER OFFENCES (contd.) <ul><li>Hacking </li></ul><ul><li>Misrepresentation </li></ul><ul><li>Publishing Digital Signature Certificate false in certain particulars and publication for fraudulent purposes. </li></ul>
  29. 29. RETENTION OF INFORMATION IN ELECTRONIC FORMAT <ul><li>Can legally retain information in the electronic form, if- </li></ul><ul><li>the information contained therein remains accessible so as to be usable for a subsequent reference; </li></ul>
  30. 30. RETENTION OF INFORMATION IN ELECTRONIC FORMAT <ul><li>(b) the electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received; </li></ul>
  31. 31. RETENTION OF INFORMATION IN ELECTRONIC FORMAT (contd) <ul><li>(c) the details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record. </li></ul>
  32. 32. INVESTIGATION <ul><li>For the purpose of investigating the offences detailed under the IT Act, 2000, police officers not below the rank of Deputy Superintendent of Police have been duly authorized and have also been given the power of entry, search and arrest without warrant in public places. </li></ul>
  33. 33. PROVING IT <ul><li>Amendments made in the Indian Evidence Act 1872 by the IT Act, 2000 </li></ul><ul><li>In any proceedings involving a secure electronic record, the court shall presume, unless contrary is proved, that the secure electronic record has not been altered since the specific point of time, to which the secure status relates </li></ul>
  34. 34. PROVING IT <ul><li>The law also presumes that in any proceedings, involving secure digital signature, the court shall presume, unless the contrary is proved, that the secure digital signature is affixed by the subscriber with the intention of signing or approving the electronic record </li></ul>
  35. 35. IT SECURITY GUIDELINES <ul><li>Information Technology Act, 2000 has come up with Information Technology Security Guidelines </li></ul><ul><li>As also Information Technology (Certifying Authority) Rules, 2000 </li></ul>
  36. 36. INFORMATION SECURITY GUIDELINES <ul><li>The Information Security guidelines are generic and broad and should be followed by all legal entities involved in computer, computer systems and computer networks </li></ul><ul><li>More relevant in the context of Electronic Government Procurement in India as the sector’s life and spirit is dependant upon the Information Security of its systems and networks </li></ul>
  37. 37. LITIGATION ALREADY BEGUN <ul><li>Litigation already begun in India relation to e-procurement. </li></ul><ul><li>Numerous legal issues relating to electronic government procurement will continue to emerge in the near future. </li></ul><ul><li>Need to adopt a proactive approach in dealing with these various legal challenges </li></ul>
  38. 38. NEED TO COMPLY <ul><li>There is a need to proactively comply with the requirements of the Indian Cyberlaw . </li></ul><ul><li>Necessary to limit liability and emergence of undesirable consequences. </li></ul><ul><li>The Information Technology Act, 2000 currently under review by the Government. </li></ul><ul><li>Need to adopt a flexible approach of due diligence. </li></ul>
  39. 39. THAT WAS A PRESENTATION BY PAVAN DUGGAL, ADVOCATE, SUPREME COURT OF INDIA PRESIDENT, CYBERLAWS.NET HEAD-PAVAN DUGGAL ASSOCIATES EMAIL : pduggal@vsnl.com [email_address]

×