SlideShare a Scribd company logo

Cyber Law & Forensics

H
Harshita Ved

This document discusses several key issues relating to the investigation and regulation of cybercrimes. It covers topics such as obtaining witness cooperation, choosing the appropriate jurisdiction, logistical barriers to international investigations, identifying suspects, challenges with search and seizure of digital evidence, problems of encryption, locating and securing relevant materials, use of mutual assistance treaties, and securing extradition when suspects are located across international borders. Overall, the document outlines the complex legal and technical challenges involved in investigating cybercrimes that cross international lines.

Engineering
1 of 9
Download to read offline
Unit 4: Regulation of cyber-crimes, Issues relating to investigation, issues relating to jurisdiction, issues relating to evidence, relevant provisions under Information Technology Act 2000, Indian penal code, pornography Act and evidence Act etc. Regulation of Cyber-crimes The ever increasing use of computers, networks and the Internet has led to the need for regulation in the fields of cybercrime, cyber security and national security. As the extent of commerce transacted over cyberspace continues to grow, along with increasing reliance on information technology to derive cost-efficiencies, the risk exposures to enterprises have increased. Regulators from several countries in Asia have strengthened existing data privacy and cybercrime laws or created new ones in response to the increasing frequency and severity of cyber-attacks in the region. Companies with single or multinational operations in Asia must keep pace with the changing regulatory landscape, as governments enhance existing laws, create new laws, and step up enforcement, increasing risk exposures for companies who are the subject of a cyber-attack, misuse or mishandle customer data. As crime increasingly has a digital component, legislators in the United States have responded by strengthening and broadening legislation to address the threats; the Computer Fraud and Abuse act is a prime example. Center researchers examine the impact of this and other laws and regulation on cybercrime, asking whether particular provisions achieve their desired results and/or produce costly, unintended side effects. The goal of this work is to arrive at generalizations about the types of laws and regulations that are effective at deterring fraud and promoting security. In India, The Information Technology Act of 2000 addresses a range of cybercrimes, such as hacking, viruses, email scams, Dodos, forgery, cyber terrorism, identity theft, phishing, and e- commerce fraud. In 2013, the government went one step further by announcing a National Cyber Security Policy aimed at setting up an agency to protect the public and private infrastructures from cyber-attacks and safeguarding the personal information of web users, financial and banking information, and sovereign data. How this policy will be executed remains to be seen? India is also working on a new piece of legislation on privacy, which provides for the protection of data and personal privacy. Relevant law: -  The Information Technology Act, 2000.  Information Technology Act Amendment (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.  RBI Regulation: DBOD.COMP.BC.No. 130/07.03.23/2000-01 To prevent cyber crime-- 1) Education - Hackers aren’t the only ones who can gain power from information. By educating yourself about the types of scams that exist on the Internet and how to avert them, you are putting yourself one step ahead of the cybercriminals. Since phishing is prevalent, read up on the latest phishing scams and learn how to recognize a phishing attempt. Remember, phishing is when hackers attempt to lure you into revealing personal information by pretending to be a legitimate organization or person. These scams often play off major new stories, so keep informed on the latest news-related scams. 2) Use a firewall - Firewalls monitor traffic between your computer or network and the Internet and serve as a great first line of defence when it comes to keeping intruders out. Make sure to use the firewall that comes with your security software. And if you have a home wireless network, enable the firewall that comes with your router. 3) Click with caution - When you’re checking your email or chatting over instant messenger (IM), be careful not to click on any links in messages from people you don’t know. The link could take you to a fake website that asks for your private information, such as user names and passwords, or it could download malware onto your computer. Even if the message is from someone you know, be cautious. Some viruses replicate and spread through email, so look for information that indicates that the message is legitimate. 4) Practice safe surfing - When navigating the web, you need to take precautions to avoid phony websites that ask for your personal information and pages that contain malware. Use a search engine to help you navigate to the correct web address since it will correct misspellings. That way, you won’t wind up on a fake page at a commonly misspelled address. (Creating a phony site at an address similar to the real site is called “typo squatting,” and it is a fairly common scam.) You may also want to use a product like McAfee® SiteAdvisor® software to help you navigate. SiteAdvisor software is a free browser tool that tells you if a site is safe or not right in your search results, so you are warned before you click. 5) Practice safe shopping - In addition to practicing safe surfing, you also need to be careful where you shop online. Be cautious when shopping at a site that you’ve never visited before and do a little investigation before you enter your payment information. Look for a Trustmark, such as McAfee SECURE™, to tell you if a site is safe. And when you’re on a payment page, look for the lock symbol in your browser, indicating that the site uses encryption, or scrambling, to keep your information safe. Click on the icon to make sure that the security certificate pertains to the site you are on. You also want to look at the address bar to see if the site starts with “https://” instead of “http://” because this is another way to see if the site uses encryption. When it comes time to pay, use a credit card instead of a debit card. If the site turns out to be fraudulent your credit card issuer may reimburse you for the charges, but with a debit card your money is gone. Finally, evaluate the site’s security and privacy policies in regards to your personal data. 6) Use comprehensive security software and keep your system updated - Because hackers have a wide variety of ways to access your system and information, you need comprehensive security software that can protect you from all angles. Software like McAfee® SecurityCenter, available preloaded on Dell™ PCs, can help protect you from malware, phishing, spyware, and other common and emerging threats. Just make sure that you keep your security software up to date by selecting the automatic update function on your security control panel. And don’t forget to perform regular scans. You also want to update your operating system
(OS) and browser with the latest security patches. If you are a Microsoft Windows user, you can enable automatic updates to keep your OS safe. 7) Secure your wireless network - Hackers can access data while it’s in transit on an unsecured wireless network. You can keep the hackers out by enabling the firewall on your router and changing the router’s administrator password. Cybercriminals often know the default passwords and they can use them to hack into your network. You may also want to set up your router so it only allows access to people with passwords that are encrypted. Check your owner’s manual for instructions on setting up encryption. 8) Use strong passwords - Although it may be easier for you to remember short passwords that reference your birthday, middle name, or pet’s name, these kinds of passwords also make it easy for hackers. Strong passwords can go a long way in helping secure your information, so choose a password that is at least 10 characters long and consists of a combination of letters, numbers and special characters. Also consider changing your password periodically to reduce the likelihood of it being compromised. 9) Use common sense - Despite the warnings, cybercrime is increasing, fuelled by common mistakes people make such as responding to spam and downloading attachments from people they don’t know. So, use common sense whenever you’re on the Internet. Never post personal information online or share sensitive information such as your social security number and credit card number. Exercise caution when clicking on any links or downloading any programs. 10) Be suspicious - Even if you consider yourself cyber savvy, you still need to keep your guard up for any new tricks and be proactive about your safety. Backup your data regularly in case anything goes wrong, and monitor your accounts and credit reports to make sure that a hacker has not stolen your information or identity. 11) Encryption: This is considered as an important tool for protecting data in transit. Plain text (readable) can be converted to cipher text (coded language) by this method and the recipient of the data can decrypt it by converting it into plain text again by using private key. This way except for the recipient whose possessor of private key to decrypt the data, no one can gain access to the sensitive information. Not only the information in transit but also the information stored on computer can be protected by using Conventional cryptography method. Public key encryptograpy was one solution to this where the public key could be known to the whole world but the private key was only known to receiver, it’s very difficult to derive private key from public key. 12) Digital Signature: Are created by using means of cryptography by applying algorithms. This has its prominent use in the business of banking where customer’s signature is identified by using this method before banks enter into huge transactions. Issues relating to Investigation 1. Obtaining Witness Cooperation The first impediment that faces investigators is that of securing the cooperation of complainants and witnesses. It is now well-documented that the victims of cyber-crime are reluctant to report them to the police. Ernst & Young found in its most recent 8th Global Survey of business fraud, that only one quarter of frauds reported in the survey were referred to the police. Some common reasons for this included a belief that the matter was not serious enough to warrant police 2 attention, a fear of consumer backlash, bad publicity, inadequate proof, and a reluctance to devote time and resources to prosecuting the matter. Reporting the matter to the authorities simply prevented the organization in question from minimizing its financial losses, and possibly leading to further losses being incurred in prosecuting the matter. 2. Choosing the Appropriate Jurisdiction The need of choosing appropriate jurisdiction arises where offences are committed in various countries or where the offender and victim are located in different places, questions arise as to which court should deal with the matter. If the offence in question can be charged in the country in which the offender is located then problems of extradition will be avoided, but if the offence must be charged in the country in which the victim is located or where the effect of the conduct occurred, then the offender will need to be extradited to that country. A recent case that illustrates this question concerned a resident of Melbourne in Victoria who was accused of stalking a woman in Canada by sending letters and E-mail messages and using the telephone and the Internet. The Canadian woman complained to police in Toronto who referred the case to the Victoria Police. When the case came before a Magistrate in Melbourne, the accused argued that the effect of his activities, if any, was in Canada and not in Victoria and so the court had no jurisdiction to hear the charges. The Magistrate agreed and dismissed the charges deciding that the fear or apprehension had to be experienced in Victoria for Victorian law to apply. The problem of so called ‘negative international jurisdiction’ also arises. That is, cases that are not investigated because they could be prosecuted in one of many countries, but none wants to take action. There is also the reverse problem of too many countries wanting to prosecute a particularly noteworthy case. What may be needed to deal with this situation is the creation of an international protocol along the lines of the United Nations protocol on negotiating jurisdiction, setting out how jurisdiction is best determined in these cases. Generally, the rule is that if a country refuses to extradite an offender and if it has power to take action, then it should be obliged to do so. 3 Logistical and Practical Barriers Conducting investigations across national borders raises many practical problems that delay matters and increase cost. Often, for example, investigators have to contact people on the other side of the globe at inconvenient times. Teleconferences are difficult to arrange at times suitable for all concerned. Documents often need to be translated, particularly if required for diplomatic purposes. This can cost considerable sums and again delays investigations. Witnesses from non-English speaking countries may need the assistance of interpreters which can also be expensive and slow down investigations. Finally, countries have different priorities in terms of the importance of cybercrime investigations. Economic crimes committed using computers are often at the bottom of the hierarchy of importance in countries where violent crime is prevalent, or where
national security interests may be at stake. The result is that requests for assistance in cybercrime cases may simply be given a much lower priority, especially if they have come from a country with no history of cooperative action. 4 Identifying Suspects One of the foremost problems that face cybercrime investigators is the identification of suspects. Occasionally, this can lead to considerable problems when the wrong person is arrested. Digital technologies enable people to disguise their identity in a wide range of ways making it difficult to know with certainty who was using a computer from which illegal communications came. This problem is more prevalent in business environments where multiple people may have access to a personal computer and where passwords are known or shared, than in private homes where it can often be assumed who the person was who was using the computer because of circumstantial evidence. In a recent study of online anonymity, Forde and Armstrong (2002) argued that those Internet services that provide the highest levels of anonymity are most likely to be used for criminal purposes. Encrypted Email and Internet Relay Chat that provide higher levels of anonymity were found to be preferred by those engaging in on-line pedophile activity and hacking, while the use of the World Wide Web and File Transfer Protocols that provided weaker levels of anonymity tended to be avoided by serious criminals. 5 Search and Seizure Two methods of obtaining data from a computer system can be distinguished on technical and legal criteria. In the first, data are obtained as part of a search of premises or the place where the system is located. The second involves the interception or monitoring of data being transmitted from, to or within the system. Some of the main difficulties, however, relate to obtaining permission to conduct such a search, securing the relevant access device such as a password, decrypting data that have been encrypted, and imaging a hard drive without interfering with the evidence. There is also the practical problem of conducting searches quickly so that data cannot be removed. A final problem concerns the retention of material by investigators. If child pornography has been seized by police, they may be unable to return it to accused persons as this would entail the illegal distribution of obscene materials. In the United Kingdom, the Possession of Unlawful Items Act could be used to enable police to dispose of child pornography that had been found of computers –but this is not yet in force 6. Problems of Encryption A difficult problem that faces cybercrime investigators concerns data that have been encrypted by accused persons who refuse to provide the decryption key or password. An illustration of the use of strong encryption by a criminal organization was uncovered during Operation Cathedral’ by police in 1998, which led to the largest ever global seizure of pedophile material. This involved police in 15 countries who uncovered the activities of the W0nderland (sic) Club, an international network with members in Europe, North America, and Australia who used the Internet to download and exchange child pornography including real-time video images. The Club used a secure network with regularly changed passwords and encrypted content. In Europe alone, over 750,000 images were recovered from computers, along with over 750 CDs and 1,300 videos and 3,400 floppy disks. The encryption used was able to be overcome because one member of the Club cooperated with police and provided access to the files. This led to approximately 100 arrests around the world in September 1998 (Australasian Centre for Policing Research 2000, p. 126). 7. Locating and Securing Relevant Material Considerable difficulties arise in locating and securing electronic evidence as the mere act of switching on a computer may alter critical evidence and associated time and date records. It is also necessary to search through vast quantities of data in order to locate the information being sought. A major problem concerns the seizure of digital evidence from hard drives on networked computers in which both relevant and irrelevant material (as well as legally privileged material) are contained together. The practical problem arises when imaging hard drives and then having to determine which material is relevant to the charges in question. This creates problems with search warrants where non-specified data are included in the hard drive, arguably leading to the invalidity of the whole search and seizure procedure. It is practically impossible to examine 80GB of data held on a hard drive in order to determine what is relevant. Other problems relate to disabling networks when seizing data, especially for large public or private sector organizations which rely on 24-hour access to networks, and also the problem of offenders storing data externally on other people’s computers in order to evade detection. 8. Mutual Assistance In order to facilitate criminal investigations carried out internationally, use is often made of mutual assistance treaties. These provide a legal basis for authorities in one country to obtain evidence for criminal investigations at the request of authorities from another country. Instruments of this kind cover a range of assistance including: the identification and location of persons; the service of documents; the obtaining of evidence, articles and documents; the execution of search and seizure requests; and assistance in relation to proceeds of crime. There are, however, various problems associated with using mutual legal assistance arrangements. The central difficulty is the slow and cumbersome nature of official requests. Costs associated with mutual legal assistance are borne by the party providing assistance. This creates hardship where small countries are concerned that are required to process many requests for assistance from large countries, but they rarely seek assistance themselves. 9. Securing Extradition Where an accused person is resident in a country other than the one in which criminal proceedings are to be taken, it is possible for that person to be extradited to that country to stand trial. Extradition requires not only that an appropriate treaty exist between the two countries concerned, but also that the conduct in question be criminalized in both the referring and receiving country. In the case of computer crime this if often not the case. An example of the kind of difficulties that can arise concerns the case of Onel de Guzman who was alleged to have sent out the so- called ‘Love Bug virus’ in May 2000. The virus which infected Microsoft Windows operating systems was sent by E-mail
attachments which when opened damaged files in the computer and then replicated itself by sending similar messages to all the addresses in the infected computer’s address book. The estimated damage caused globally was estimated to be between $6.7 billion and $15.3 billion. The virus was traced to an Internet Service Provider in the Philippines who cooperated with police to locate the residence in question. A computer science student named Onel de Guzman was arrested but the creation and release of a computer virus was not proscribed by Philippine law at the time. Because the conduct was not illegal in the Philippines he could not be extradited to the United States where the conduct was illegal because of the principle of dual criminality (Bell 2002). Conclusion How, then, can these problems be overcome? The solutions lie in harmonizing laws and procedures globally, improving the technical capabilities of investigators, and finally in sharing information between public and private sector investigators and enhancing international cooperation. Issues relating to Jurisdiction Jurisdiction refers to a system of law courts or the body with official powers to make legal decisions and judgements. In cyberspace various jurisdiction issues are faced. Like:  Absence of geographically limitations could lead the incautious to believe that the laws of their home state apply to their actions, when in fact they are inadvertent violations of the laws of another State. In these circumstances, the courts could and do, assume jurisdiction over the offence and try the offender within their own jurisdiction, resulting in situations where persons located in a completely different jurisdiction may be tried in court of different jurisdiction.  Presence of multiple parties in various parts of the world who have only a virtual connection with each other. Then, if one party wants to sue the other, where can he sue? Traditional requirement generally encompasses two areas: - 1. Firstly, the Place where the defendant resides, or 2. Secondly, where the cause of action arises. However, in the context of the internet or cyberspace both these are difficult to establish with any certainty. Considering the lack of physical boundaries on the internet, is it possible to reach out beyond the court’s geographic boundaries to haul a defendant into its court for conduct in “Cyberspace”? Issues of this nature have contributed to the complete confusion and contradictions that plague judicial decisions in the area of internet jurisdiction. Therefore, any kind of use of the World Wide Web and any related activities on the internet may expose the person to risk of being sued in any state or foreign country where another internet user may establish a claim. A single transaction may involve the laws of at least three jurisdictions: 1. The laws of the state/nation in which the user resides, 2. The laws of the state/nation that apply where the server hosting the transaction is located, and 3. The laws of the state/nation which apply to the person or business with whom the transaction takes place.  There is no uniform, international jurisdictional law of universal application, and such questions are generally a matter of conflict of law, particularly private international law. An example would be where the contents of a web site are legal in one country and illegal in another. In the absence of a uniform jurisdictional code, legal practitioners are generally left with a conflict of law issue. Thus the major problem of cyber law lies in whether to treat the Internet as if it were physical space, and thus subject to a given jurisdiction’s laws, or to act as if the Internet is a world in itself, and therefore free of such restraints.  Rules enforcing ‘‘agreement of parties’’ It is well-established law in India that where more than one court has jurisdiction in a certain matter, an agreement between the parties to confer jurisdiction only on one to the exclusion of the other is valid. Thus the position of law on the point is that first, a choice of law agreement is permissible; and secondly, the agreement operates only in respect of a court, which does not otherwise inherently lack jurisdiction. In any such case, the courts also consider the balance of convenience and interests of justice while deciding for the forum.  How much does authority of one country willing to help another one? Collection of information in cyber matters requires searches and confiscation of delicate material that needs speedy and expert handling. Assistance in such areas is slow and half-hearted despite there being bets relations among countries.  Section 75 has potential to create problems, as an act that occurred overseas may have no connection in India except the use of some remote computer resource located here, this, which is quite common in internet relations, may be brought within the purview of our laws. How it is justifiable to start criminal proceedings against a foreigner who has not committed any act on Indian Territory? It is submitted that jurisdiction of IT Act shall not extend to those cases where the accused and victims are foreigners and the offence is committed outside the territory of India.  Absence of Laws: There are only 13 countries that have cyber-crime laws. This puts enormous pressure on the law enforcement agencies in obtaining international co-operation. The absence of such laws is like shielding the criminals from the legal provisions and providing them safe haven to continue with their evil deeds. Issues Related to Evidence
To effectively combat the cyber-crime, it is not sufficient to successfully investigate the crime and nab the criminal, but more important is to prosecute and administer justice, according to the law of land. This requires an effective legal frame work, which fully supports the detection and prosecution of cyber criminals. The traditional techniques for investigation of cyber- crime and the prosecution procedures are inadequate. The judiciary must also appreciate the intricacies of the digital evidence that is collected and presented in the courts of law, in spite of the technical and operational hurdles the investigator faces.  Search and Seizure Two methods of obtaining data from a computer system can be distinguished on technical and legal criteria. In the first, data are obtained as part of a search of premises or the place where the system is located. The second involves the interception or monitoring of data being transmitted from, to or within the system. Some of the main difficulties, however, relate to obtaining permission to conduct such a search, securing the relevant access device such as a password, decrypting data that have been encrypted, and imaging a hard drive without interfering with the evidence. There is also the practical problem of conducting searches quickly so that data cannot be removed. A final problem concerns the retention of material by investigators. If child pornography has been seized by police, they may be unable to return it to accused persons as this would entail the illegal distribution of obscene materials. In the United Kingdom, the Possession of Unlawful Items Act could be used to enable police to dispose of child pornography that had been found of computers –but this is not yet in force  Problems of Encryption A difficult problem that faces cybercrime investigators concerns data that have been encrypted by accused persons who refuse to provide the decryption key or password. An illustration of the use of strong encryption by a criminal organization was uncovered during Operation Cathedral’ by police in 1998, which led to the largest ever global seizure of pedophile material. This involved police in 15 countries who uncovered the activities of the W0nderland (sic) Club, an international network with members in Europe, North America, and Australia who used the Internet to download and exchange child pornography including real-time video images. The Club used a secure network with regularly changed passwords and encrypted content. In Europe alone, over 750,000 images were recovered from computers, along with over 750 CDs and 1,300 videos and 3,400 floppy disks. The encryption used was able to be overcome because one member of the Club cooperated with police and provided access to the files. This led to approximately 100 arrests around the world in September 1998 (Australasian Centre for Policing Research 2000, p. 126).  Locating and Securing Relevant Material Considerable difficulties arise in locating and securing electronic evidence as the mere act of switching on a computer may alter critical evidence and associated time and date records. It is also necessary to search through vast quantities of data in order to locate the information being sought. A major problem concerns the seizure of digital evidence from hard drives on networked computers in which both relevant and irrelevant material (as well as legally privileged material) are contained together. The practical problem arises when imaging hard drives and then having to determine which material is relevant to the charges in question. This creates problems with search warrants where non-specified data are included in the hard drive, arguably leading to the invalidity of the whole search and seizure procedure. It is practically impossible to examine 80GB of data held on a hard drive in order to determine what is relevant. Other problems relate to disabling networks when seizing data, especially for large public or private sector organizations which rely on 24-hour access to networks, and also the problem of offenders storing data externally on other people’s computers in order to evade detection.  Admissibility in court- we need to ensure integrity of digital evidence which is inherently fragile and almost always suspect. This include establishing the authenticity, lack of tampering in all the system it has passed, reliability of computer generated records and authorship.  Difference between human entered and computer generated Data Legal distinctions also arise with the differences between human entered and computer generated data. Specific research areas include the development of anti-tampering methods like- digital signature, one-way hash algorithms, checksum etc. to check integrity of evidence is preserved.  Detection and Recovery of Hidden Data Specific research areas include- categorization of places and mechanism for hiding data, mechanism for detection of original material and methods for exacting and recovering hidden data.  Handling vast Data Massive Data volume, network monitoring, increasing complexity and broader application- This have resulted a vast amount of data to be dealt with while following a single transaction. This result in a biggest issue i.e. where to get evidence in such big data. Search has to be done on whole content which affects precious time of investigators and engages manpower. Sometimes no evidence could be obtained after searching a big hard disk. So the need of some heuristic is needed here to begin the search of evidence smartly rather than just picking any random related device and start searching. Relevant provision under IT ACT 2000  The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. It is based on the United Nations Model Law on Electronic Commerce 1996 (UNCITRAL Model) recommended by the General Assembly of United Nations by a resolution dated 30 January 1997.  An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper- based methods of communication and storage of information, to facilitate electronic filing of documents with the Government
agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.  Some highlights of the Act are listed below: Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber. Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is - rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference. The said chapter also details the legal recognition of Digital Signatures. Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act envisages a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying Authorities and it further details the various provisions for the issue of license to issue Digital Signature Certificates. Chapter-VII of the Act details about the scheme of things relating to Digital Signature Certificates. The duties of subscribers are also enshrined in the said Act. Chapter-IX of the said Act talks about penalties and adjudication for various offences. The penalties for damage to computer, computer systems etc. has been fixed as damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of the said Act or rules framed there under. The said Adjudicating Officer has been given the powers of a Civil Court. Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the orders passed by the Adjudicating Officers, shall be preferred. Chapter-XI of the Act talks about various offences and the said offences shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. These offences include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking.  LAWS: Section Offence Description 65 Tampering with computer source documents If a person knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force. 66 Hacking with computer system If a person with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hack. 66B Receiving stolen computer or communication device A person receives or retains a computer resource or communication device which is known to be stolen or the person has reason to believe is stolen. 66C Using password of another person A person fraudulently uses the password, digital signature or other unique identification of another person. 66D Cheating using computer resource If a person cheats someone using a computer resource or communication. 66E Publishing private images of others If a person captures, transmits or publishes images of a person's private parts without his/her consent or knowledge. 66F Acts of cyberterrorism If a person denies access to an authorized personnel to a computer resource, accesses a protected system or introduces contaminant into a system, with the intention of threatening the unity, integrity, sovereignty or security of India, then he commits cyberterrorism. 67 Publishing information which is obscene in electronic form. If a person publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it. 67A Publishing images If a person publishes or transmits images containing a sexual explicit act or conduct.
containing sexual acts 67B Publishing child porn or predating children online If a person captures, publishes or transmits images of a child in a sexually explicit act or conduct. If a person induces a child into a sexual act. A child is defined as anyone under 18. 67C Failure to maintain records Persons deemed as intermediary (such as an ISP) must maintain required records for stipulated time. Failure is an offence. 68 Failure/refusal to comply with orders The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, rules or any regulations made thereunder. Any person who fails to comply with any such order shall be guilty of an offence. 69 Failure/refusal to decrypt data If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign Stales or public order or for preventing incitement to the commission of any cognizable offence, for reasons to be recorded in writing, by order, direct any agency of the Government to intercept any information transmitted through any computer resource. The subscriber or any person in charge of the computer resource shall, when called upon by any agency which has been directed, must extend all facilities and technical assistance to decrypt the information. The subscriber or any person who fails to assist the agency referred is deemed to have committed a crime. 70 Securing access or attempting to secure access to a protected system The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system. The appropriate Government may, by order in writing, authorize the persons who are authorized to access protected systems. If a person who secures access or attempts to secure access to a protected system, then he is committing an offence. 71 Misrepresentation If anyone makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate. Indian Penal Code The Indian Penal Code (IPC) is the main criminal code of India. It is a comprehensive code intended to cover all substantive aspects of criminal law. The code was drafted in 1860 on the recommendations of first law commission of India established in 1834 under the Government of India Act 1833 under the Chairmanship of Macaulay. It came into force in British India during the early British Raj period in 1862. However, it did not apply automatically in the Princely states, which had their own courts and legal systems until the 1940s. The Code has since been amended several times and is now supplemented by other criminal provisions. Based on IPC, Jammu and Kashmir has enacted a separate code known as Ranbir Penal Code (RPC). The Indian Penal Code applies to the whole of India except for the state of Jammu & Kashmir. Structure The Indian Penal Code of 1860, sub-divided into twenty-three chapters, comprises five hundred and eleven sections. The Code starts with an introduction, provides explanations and exceptions used in it, and covers a wide range of offences. Public Wrong A Wrong can take place in two ways. Public Wrong and a Private Wrong. Private Wrong causes injury to an individual or a group of individuals and the injured / aggrieved parties approach the Civil Court for damages/relief. E.g.: Private nuisance, tort etc. Public Wrong on the other hand is a threat to the society. It is an offence committed against the society which creates a social disorder. e.g.: Murder, Rape etc. Unnatural Offenses - Section 377 Whoever, voluntarily has carnal intercourse against the order of nature with any man, woman or animal, shall be punished with imprisonment of life, or with imprisonment of either description for a term which may extend to ten Years, and shall also be liable to fine. Attempt to Commit Suicide The Section 309 of the Indian Penal Code deals with an unsuccessful attempt to suicide. Attempting to commit suicide and doing any act towards the commission of the offence is punishable with imprisonment up to one year or with fine or with both. Section 497 The Section 497 of the IPC has been criticized on the one hand for allegedly treating woman as the private property of her husband, and on the other hand for giving women complete protection against punishment for adultery.[14][15] Death Penalty Sections 120B (criminal conspiracy), 121 (war against the Government of India), 122 (mutiny), 194 (false evidence to procure conviction for a capital offense), 302, 303 (murder), 305 (abetting suicide), 364A (kidnapping for ransom), 364A (banditry with murder), 376A (rape) have death penalty as punishment. There is ongoing debate for abolishing capital punishment. Pornography Act:
Pornography or obscenity is very sensitive issue all over the world yet there is no settled definition of the word under any law. What is nude art or sexually explicit thing for one person may be obscene or porn for another. Hence, it is very difficult to define “What is porn?” There have been many attempts to limit the availability of pornographic content on the Internet by governments and law enforcement bodies all around the world but with little effect. Classic example is a website, www.incometaxpune.com, prima facie, it looks a website of Income tax department of Pune City, but actually it’s a porn site. Though it was blocked many times by law enforcement agencies in India, it is still available with obscene contains. Pornography on the Internet is available in different formats. These range from pictures and short animated movies, to sound files and stories. The Internet also makes it possible to discuss sex, see live sex acts, and arrange sexual activities from computer screens. Although the Indian Constitution guarantees the fundamental right of freedom of speech and expression; it has been held that a law against obscenity is constitutional. The Supreme Court has defined obscene as “offensive to modesty or decency; lewd, filthy, repulsive”, Section 67 of the Information Technology Act, 2000 penalizes cyber pornography. Other Indian laws that deal with pornography include the Indecent Representation of Women (Prohibition) Act and the Indian Penal Code. Section 67 reads as under: - Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees. This section explains what is considered to be obscene and also lists the acts in relation to such obscenity that are illegal. Explanation Any material in the context of this section would include video files, audio files, text files, images, animations etc. These may be stored on CDs, websites, computers, cell phones etc. Lascivious is something that tends to excite lust. Appeals to, in this context, means “arouses interest”. Prurient interest is characterized by lustful thoughts. Effect means to produce or cause some change or event. Tend to deprave and corrupt in the context of this section means “to lead someone to become morally bad”. Persons here refers to natural persons (men, women, children) and not artificial persons (such as companies, societies etc.). To be considered obscene for the purpose of this section, the matter must satisfy at least one of the following conditions: -  it must tend to excite lust, or  it must arouse interest in lustful thoughts, or  It must cause a person to become morally bad. Illustration Sameer launches a website that contains information on sex education. The website is targeted at higher secondary school students. Pooja is one such student who is browsing the said website. Her illiterate young maid servant happens to see some explicit photographs on the website and is filled with lustful thoughts. This website would not be considered obscene. This is because it is most likely to be seen by educated youngsters who appreciate the knowledge sought to be imparted through the photographs. It is under very rare circumstances that an illiterate person would see these explicit images. Acts those are punishable in respect of obscenity: - “Publishing” means “to make known to others”. It is essential that at least one natural person (man, woman or child) becomes aware or understands the information that is published. Simply putting up a website that is never visited by any person does not amount to publishing. “Transmitting” means to pass along convey or spread. It is not necessary that the “transmitter” actually understands the information being transmitted. Information in the electronic form includes websites, songs on a CD, movies on a DVD, jokes on a cell phone, photo sent as an email attachment etc. The punishment provided under this section is as under: -  First offence: Simple or rigorous imprisonment up to 3 years and fine up to Rs. 5 lakh.  Subsequent offence: Simple or rigorous imprisonment up to 5 years and fine up to Rs. 10 lakhs. Amendments of 2008 introduced new Section on Cyber pornography i.e. Section 67A. The Section makes publishing or transmitting of sexually explicit act or conduct illegal with a punishment of imprisonment up to five years and with fine which may extend to ten lakh rupees for first offence and seven years for subsequent offences.
Hence, the Section makes publishing or transmission of blue films, audio sex clips, pictures, magazines and any other material in the electronic form involving sexually explicit acts illegal. The Indian Evidence Act 1872: This is another legislation amended by the ITA. Prior to the passing of ITA, all evidences in a court were in the physical form only. With the ITA giving recognition to all electronic records and documents, it was but natural that the evidentiary legislation in the nation be amended in tune with it. In the definitions part of the Act itself, the “all documents including electronic records” were substituted. Words like ‘digital signature’, ‘electronic form’, ‘secure electronic record’ ‘information’ as used in the ITA, were all inserted to make them part of the evidentiary mechanism in legislations. Admissibility of electronic records as evidence as enshrined in Section 65B of the Act assumes significance. This is an elaborate section and a landmark piece of legislation in the area of evidences produced from a computer or electronic device. Any information contained in an electronic record which is printed on a paper, stored, recorded or copied in optical or magnetic media produced by a computer shall be treated like a document, without further proof or production of the original, if the conditions like these are satisfied: (a) the computer output containing the information was produced by the computer during the period over which the computer was used regularly by lawful persons. (b) the information derived was regularly fed into the computer in the ordinary course of the said activities; (c) throughout the material part of the said period, the computer was operating properly and a certificate is signed by a person responsible etc. To put it in simple terms, evidences (information) taken from computers or electronic storage devices and produced as print-outs or in electronic media are valid if they are taken from system handled properly with no scope for manipulation of data and ensuring integrity of data produced directly with or without human intervention etc. and accompanied by a certificate signed by a responsible person declaring as to the correctness of the records taken from a system a computer with all the precautions as laid down in the Section. However, this Section is often being misunderstood by one part of the industry to mean that computer print-outs can be taken as evidences and are valid as proper records, even if they are not signed. We find many computers generated letters emanating from big corporates with proper space below for signature under the words “Your faithfully” or “truly” and the signature space left blank, with a Post Script remark at the bottom “This is a computer generated letter and hence does not require signature”. The Act does not anywhere say that ‘computer print-outs need not be signed and can be taken as record’. This Act is divided into three parts and there are 11 chapters in total under this Act.[2] Part 1 Part 1 deals with relevancy of the facts. There are two chapters under this part: the first chapter is a preliminary chapter which introduces to the Evidence Act and the second chapter specifically deals with the relevancy of the facts. Part 2 Part 2 consists of chapters from 3 to 6. Chapter 3 deals with facts which need not be proved, chapter 4 deals with oral evidence, chapter 5 deals with documentary evidence and chapter 6 deals with circumstances when documentary evidence has been given preference over the oral evidence. Part 3 The last part, that is part 3, consists of chapter 7 to chapter 11. Chapter 7 talks about the burden of proof. Chapter 8 talks about estoppel, chapter 9 talks about witnesses, chapter 10 talks about examination of witnesses, and last chapter which is chapter 11 talks about improper admission and rejection of evidence.

Recommended

Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
Harshita Ved
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
Harshita Ved
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
Harshita Ved
 
Introduction to Cyber Law
Introduction to Cyber LawIntroduction to Cyber Law
Introduction to Cyber Law
n|u - The Open Security Community
 
Cyber law by pravin ghosekar
Cyber law by pravin ghosekarCyber law by pravin ghosekar
Cyber law by pravin ghosekar
PravinGhosekar
 
Unit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrUnit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hr
Tushar Rajput
 
An Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAn Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a Newbie
Anuj Khandelwal
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime
homeworkping4
 

Recommended

Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
Harshita Ved
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
Harshita Ved
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
Harshita Ved
 
Introduction to Cyber Law
Introduction to Cyber LawIntroduction to Cyber Law
Introduction to Cyber Law
n|u - The Open Security Community
 
Cyber law by pravin ghosekar
Cyber law by pravin ghosekarCyber law by pravin ghosekar
Cyber law by pravin ghosekar
PravinGhosekar
 
Unit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrUnit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hr
Tushar Rajput
 
An Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a NewbieAn Introduction to Cyber World to a Newbie
An Introduction to Cyber World to a Newbie
Anuj Khandelwal
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime
homeworkping4
 
Introduction to Cyber Crimes
Introduction to Cyber CrimesIntroduction to Cyber Crimes
Introduction to Cyber Crimes
atuljaybhaye
 
Case study on cyber crime
Case study on cyber crimeCase study on cyber crime
Case study on cyber crime
ishmecse13
 
Cyber law & information technology
Cyber law & information technologyCyber law & information technology
Cyber law & information technology
Talwant Singh
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
Prof. (Dr.) Tabrez Ahmad
 
English in written
English in writtenEnglish in written
English in written
azhar manap
 
HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2
Vikas Saw
 
Statutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in indiaStatutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in india
Dr. Arun Verma
 
Cybertorts
CybertortsCybertorts
Cybertorts
panabaha
 
An introduction to cyber law
An introduction to cyber lawAn introduction to cyber law
An introduction to cyber law
shreya sanghvi
 
Need And Importance Of Cyber Law
Need And Importance Of Cyber LawNeed And Importance Of Cyber Law
Need And Importance Of Cyber Law
Poonam Bhasin
 
Computer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaComputer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of Ghana
Mohammed Mahfouz Alhassan
 
Cyber Law
Cyber LawCyber Law
Cyber Law
ihah
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime Investigation
Harshita Ved
 
Cyber law
Cyber lawCyber law
Cyber law
premarhea
 
Computer Crimes
Computer CrimesComputer Crimes
Computer Crimes
Upekha Vandebona
 
Unit 2 Regulation of Cyberspace
Unit 2 Regulation of CyberspaceUnit 2 Regulation of Cyberspace
Unit 2 Regulation of Cyberspace
Tushar Rajput
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd period
charvill
 
CYBERSPACE & CRIMINAL BEHAVIOR
CYBERSPACE & CRIMINAL BEHAVIORCYBERSPACE & CRIMINAL BEHAVIOR
CYBERSPACE & CRIMINAL BEHAVIOR
Dharmik Navadiya
 
Cyber law nepal
Cyber law nepalCyber law nepal
Cyber law nepal
Kavya2Kavyaa
 
Cyberspace Usages Challenges And Disputeresolution Ja
Cyberspace Usages Challenges And Disputeresolution JaCyberspace Usages Challenges And Disputeresolution Ja
Cyberspace Usages Challenges And Disputeresolution Ja
utkarshjani
 
The Major Types of Cybercrime
The Major Types of CybercrimeThe Major Types of Cybercrime
The Major Types of Cybercrime
Rubi Orbeta
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
Aswani34
 

More Related Content

What's hot

Cyber law & information technology
Cyber law & information technologyCyber law & information technology
Cyber law & information technology
Talwant Singh
 
English in written
English in writtenEnglish in written
English in written
azhar manap
 
Need And Importance Of Cyber Law
Need And Importance Of Cyber LawNeed And Importance Of Cyber Law
Need And Importance Of Cyber Law
Poonam Bhasin
 
Cyber Law
Cyber LawCyber Law
Cyber Law
ihah
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd period
charvill
 

What's hot (20)

Introduction to Cyber Crimes
Introduction to Cyber CrimesIntroduction to Cyber Crimes
Introduction to Cyber Crimes
 
Case study on cyber crime
Case study on cyber crimeCase study on cyber crime
Case study on cyber crime
 
Cyber law & information technology
Cyber law & information technologyCyber law & information technology
Cyber law & information technology
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
 
English in written
English in writtenEnglish in written
English in written
 
HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2HSC IT - Cyber Law and Ethics part 2
HSC IT - Cyber Law and Ethics part 2
 
Statutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in indiaStatutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in india
 
Cybertorts
CybertortsCybertorts
Cybertorts
 
An introduction to cyber law
An introduction to cyber lawAn introduction to cyber law
An introduction to cyber law
 
Need And Importance Of Cyber Law
Need And Importance Of Cyber LawNeed And Importance Of Cyber Law
Need And Importance Of Cyber Law
 
Computer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaComputer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of Ghana
 
Cyber Law
Cyber LawCyber Law
Cyber Law
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime Investigation
 
Cyber law
Cyber lawCyber law
Cyber law
 
Computer Crimes
Computer CrimesComputer Crimes
Computer Crimes
 
Unit 2 Regulation of Cyberspace
Unit 2 Regulation of CyberspaceUnit 2 Regulation of Cyberspace
Unit 2 Regulation of Cyberspace
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd period
 
CYBERSPACE & CRIMINAL BEHAVIOR
CYBERSPACE & CRIMINAL BEHAVIORCYBERSPACE & CRIMINAL BEHAVIOR
CYBERSPACE & CRIMINAL BEHAVIOR
 
Cyber law nepal
Cyber law nepalCyber law nepal
Cyber law nepal
 
Cyberspace Usages Challenges And Disputeresolution Ja
Cyberspace Usages Challenges And Disputeresolution JaCyberspace Usages Challenges And Disputeresolution Ja
Cyberspace Usages Challenges And Disputeresolution Ja
 

Similar to Cyber Law & Forensics

Crimes in digital marketing..pptx
Crimes in digital marketing..pptxCrimes in digital marketing..pptx
Crimes in digital marketing..pptx
RajviNikeetaRathore
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
Mark Albala
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank Report
Yogesh Kumar
 

Similar to Cyber Law & Forensics (20)

The Major Types of Cybercrime
The Major Types of CybercrimeThe Major Types of Cybercrime
The Major Types of Cybercrime
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
cyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxcyber security presentation 1234567.pptx
cyber security presentation 1234567.pptx
 
Crimes in digital marketing..pptx
Crimes in digital marketing..pptxCrimes in digital marketing..pptx
Crimes in digital marketing..pptx
 
Information security
Information securityInformation security
Information security
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
LEGAL AND ETHICAL USE OF TECHNOLOGY.pptx
LEGAL AND ETHICAL USE OF TECHNOLOGY.pptxLEGAL AND ETHICAL USE OF TECHNOLOGY.pptx
LEGAL AND ETHICAL USE OF TECHNOLOGY.pptx
 
techalpha07
techalpha07techalpha07
techalpha07
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Internet security
Internet securityInternet security
Internet security
 
Security issue in e commerce
Security issue in e commerceSecurity issue in e commerce
Security issue in e commerce
 
Internet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwalInternet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwal
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank Report
 
Cyber Privacy & Password Protection
Cyber Privacy & Password ProtectionCyber Privacy & Password Protection
Cyber Privacy & Password Protection
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 

Recently uploaded

Online blood donation management system project.pdf
Online blood donation management system project.pdfOnline blood donation management system project.pdf
Online blood donation management system project.pdf
Kamal Acharya
 
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical SolutionsRS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
Atif Razi
 
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdfONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 
Digital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdfDigital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdf
AbrahamGadissa
 
A case study of cinema management system project report..pdf
A case study of cinema management system project report..pdfA case study of cinema management system project report..pdf
A case study of cinema management system project report..pdf
Kamal Acharya
 
Event Management System Vb Net Project Report.pdf
Event Management System Vb Net Project Report.pdfEvent Management System Vb Net Project Report.pdf
Event Management System Vb Net Project Report.pdf
Kamal Acharya
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
Pipe Restoration Solutions
 
Fruit shop management system project report.pdf
Fruit shop management system project report.pdfFruit shop management system project report.pdf
Fruit shop management system project report.pdf
Kamal Acharya
 

Recently uploaded (20)

Online blood donation management system project.pdf
Online blood donation management system project.pdfOnline blood donation management system project.pdf
Online blood donation management system project.pdf
 
fundamentals of drawing and isometric and orthographic projection
fundamentals of drawing and isometric and orthographic projectionfundamentals of drawing and isometric and orthographic projection
fundamentals of drawing and isometric and orthographic projection
 
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical SolutionsRS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
 
Construction method of steel structure space frame .pptx
Construction method of steel structure space frame .pptxConstruction method of steel structure space frame .pptx
Construction method of steel structure space frame .pptx
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
 
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdfONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
 
Digital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdfDigital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdf
 
Quality defects in TMT Bars, Possible causes and Potential Solutions.
Quality defects in TMT Bars, Possible causes and Potential Solutions.Quality defects in TMT Bars, Possible causes and Potential Solutions.
Quality defects in TMT Bars, Possible causes and Potential Solutions.
 
NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...
NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...
NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...
 
A case study of cinema management system project report..pdf
A case study of cinema management system project report..pdfA case study of cinema management system project report..pdf
A case study of cinema management system project report..pdf
 
Event Management System Vb Net Project Report.pdf
Event Management System Vb Net Project Report.pdfEvent Management System Vb Net Project Report.pdf
Event Management System Vb Net Project Report.pdf
 
2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
 
KIT-601 Lecture Notes-UNIT-4.pdf Frequent Itemsets and Clustering
KIT-601 Lecture Notes-UNIT-4.pdf Frequent Itemsets and ClusteringKIT-601 Lecture Notes-UNIT-4.pdf Frequent Itemsets and Clustering
KIT-601 Lecture Notes-UNIT-4.pdf Frequent Itemsets and Clustering
 
İTÜ CAD and Reverse Engineering Workshop
İTÜ CAD and Reverse Engineering WorkshopİTÜ CAD and Reverse Engineering Workshop
İTÜ CAD and Reverse Engineering Workshop
 
KIT-601 Lecture Notes-UNIT-3.pdf Mining Data Stream
KIT-601 Lecture Notes-UNIT-3.pdf Mining Data StreamKIT-601 Lecture Notes-UNIT-3.pdf Mining Data Stream
KIT-601 Lecture Notes-UNIT-3.pdf Mining Data Stream
 
A CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdf
A CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdfA CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdf
A CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdf
 
Democratizing Fuzzing at Scale by Abhishek Arya
Democratizing Fuzzing at Scale by Abhishek AryaDemocratizing Fuzzing at Scale by Abhishek Arya
Democratizing Fuzzing at Scale by Abhishek Arya
 
Fruit shop management system project report.pdf
Fruit shop management system project report.pdfFruit shop management system project report.pdf
Fruit shop management system project report.pdf
 
Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
 

Cyber Law & Forensics

  • 1. Unit 4: Regulation of cyber-crimes, Issues relating to investigation, issues relating to jurisdiction, issues relating to evidence, relevant provisions under Information Technology Act 2000, Indian penal code, pornography Act and evidence Act etc. Regulation of Cyber-crimes The ever increasing use of computers, networks and the Internet has led to the need for regulation in the fields of cybercrime, cyber security and national security. As the extent of commerce transacted over cyberspace continues to grow, along with increasing reliance on information technology to derive cost-efficiencies, the risk exposures to enterprises have increased. Regulators from several countries in Asia have strengthened existing data privacy and cybercrime laws or created new ones in response to the increasing frequency and severity of cyber-attacks in the region. Companies with single or multinational operations in Asia must keep pace with the changing regulatory landscape, as governments enhance existing laws, create new laws, and step up enforcement, increasing risk exposures for companies who are the subject of a cyber-attack, misuse or mishandle customer data. As crime increasingly has a digital component, legislators in the United States have responded by strengthening and broadening legislation to address the threats; the Computer Fraud and Abuse act is a prime example. Center researchers examine the impact of this and other laws and regulation on cybercrime, asking whether particular provisions achieve their desired results and/or produce costly, unintended side effects. The goal of this work is to arrive at generalizations about the types of laws and regulations that are effective at deterring fraud and promoting security. In India, The Information Technology Act of 2000 addresses a range of cybercrimes, such as hacking, viruses, email scams, Dodos, forgery, cyber terrorism, identity theft, phishing, and e- commerce fraud. In 2013, the government went one step further by announcing a National Cyber Security Policy aimed at setting up an agency to protect the public and private infrastructures from cyber-attacks and safeguarding the personal information of web users, financial and banking information, and sovereign data. How this policy will be executed remains to be seen? India is also working on a new piece of legislation on privacy, which provides for the protection of data and personal privacy. Relevant law: -  The Information Technology Act, 2000.  Information Technology Act Amendment (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.  RBI Regulation: DBOD.COMP.BC.No. 130/07.03.23/2000-01 To prevent cyber crime-- 1) Education - Hackers aren’t the only ones who can gain power from information. By educating yourself about the types of scams that exist on the Internet and how to avert them, you are putting yourself one step ahead of the cybercriminals. Since phishing is prevalent, read up on the latest phishing scams and learn how to recognize a phishing attempt. Remember, phishing is when hackers attempt to lure you into revealing personal information by pretending to be a legitimate organization or person. These scams often play off major new stories, so keep informed on the latest news-related scams. 2) Use a firewall - Firewalls monitor traffic between your computer or network and the Internet and serve as a great first line of defence when it comes to keeping intruders out. Make sure to use the firewall that comes with your security software. And if you have a home wireless network, enable the firewall that comes with your router. 3) Click with caution - When you’re checking your email or chatting over instant messenger (IM), be careful not to click on any links in messages from people you don’t know. The link could take you to a fake website that asks for your private information, such as user names and passwords, or it could download malware onto your computer. Even if the message is from someone you know, be cautious. Some viruses replicate and spread through email, so look for information that indicates that the message is legitimate. 4) Practice safe surfing - When navigating the web, you need to take precautions to avoid phony websites that ask for your personal information and pages that contain malware. Use a search engine to help you navigate to the correct web address since it will correct misspellings. That way, you won’t wind up on a fake page at a commonly misspelled address. (Creating a phony site at an address similar to the real site is called “typo squatting,” and it is a fairly common scam.) You may also want to use a product like McAfee® SiteAdvisor® software to help you navigate. SiteAdvisor software is a free browser tool that tells you if a site is safe or not right in your search results, so you are warned before you click. 5) Practice safe shopping - In addition to practicing safe surfing, you also need to be careful where you shop online. Be cautious when shopping at a site that you’ve never visited before and do a little investigation before you enter your payment information. Look for a Trustmark, such as McAfee SECURE™, to tell you if a site is safe. And when you’re on a payment page, look for the lock symbol in your browser, indicating that the site uses encryption, or scrambling, to keep your information safe. Click on the icon to make sure that the security certificate pertains to the site you are on. You also want to look at the address bar to see if the site starts with “https://” instead of “http://” because this is another way to see if the site uses encryption. When it comes time to pay, use a credit card instead of a debit card. If the site turns out to be fraudulent your credit card issuer may reimburse you for the charges, but with a debit card your money is gone. Finally, evaluate the site’s security and privacy policies in regards to your personal data. 6) Use comprehensive security software and keep your system updated - Because hackers have a wide variety of ways to access your system and information, you need comprehensive security software that can protect you from all angles. Software like McAfee® SecurityCenter, available preloaded on Dell™ PCs, can help protect you from malware, phishing, spyware, and other common and emerging threats. Just make sure that you keep your security software up to date by selecting the automatic update function on your security control panel. And don’t forget to perform regular scans. You also want to update your operating system
  • 2. (OS) and browser with the latest security patches. If you are a Microsoft Windows user, you can enable automatic updates to keep your OS safe. 7) Secure your wireless network - Hackers can access data while it’s in transit on an unsecured wireless network. You can keep the hackers out by enabling the firewall on your router and changing the router’s administrator password. Cybercriminals often know the default passwords and they can use them to hack into your network. You may also want to set up your router so it only allows access to people with passwords that are encrypted. Check your owner’s manual for instructions on setting up encryption. 8) Use strong passwords - Although it may be easier for you to remember short passwords that reference your birthday, middle name, or pet’s name, these kinds of passwords also make it easy for hackers. Strong passwords can go a long way in helping secure your information, so choose a password that is at least 10 characters long and consists of a combination of letters, numbers and special characters. Also consider changing your password periodically to reduce the likelihood of it being compromised. 9) Use common sense - Despite the warnings, cybercrime is increasing, fuelled by common mistakes people make such as responding to spam and downloading attachments from people they don’t know. So, use common sense whenever you’re on the Internet. Never post personal information online or share sensitive information such as your social security number and credit card number. Exercise caution when clicking on any links or downloading any programs. 10) Be suspicious - Even if you consider yourself cyber savvy, you still need to keep your guard up for any new tricks and be proactive about your safety. Backup your data regularly in case anything goes wrong, and monitor your accounts and credit reports to make sure that a hacker has not stolen your information or identity. 11) Encryption: This is considered as an important tool for protecting data in transit. Plain text (readable) can be converted to cipher text (coded language) by this method and the recipient of the data can decrypt it by converting it into plain text again by using private key. This way except for the recipient whose possessor of private key to decrypt the data, no one can gain access to the sensitive information. Not only the information in transit but also the information stored on computer can be protected by using Conventional cryptography method. Public key encryptograpy was one solution to this where the public key could be known to the whole world but the private key was only known to receiver, it’s very difficult to derive private key from public key. 12) Digital Signature: Are created by using means of cryptography by applying algorithms. This has its prominent use in the business of banking where customer’s signature is identified by using this method before banks enter into huge transactions. Issues relating to Investigation 1. Obtaining Witness Cooperation The first impediment that faces investigators is that of securing the cooperation of complainants and witnesses. It is now well-documented that the victims of cyber-crime are reluctant to report them to the police. Ernst & Young found in its most recent 8th Global Survey of business fraud, that only one quarter of frauds reported in the survey were referred to the police. Some common reasons for this included a belief that the matter was not serious enough to warrant police 2 attention, a fear of consumer backlash, bad publicity, inadequate proof, and a reluctance to devote time and resources to prosecuting the matter. Reporting the matter to the authorities simply prevented the organization in question from minimizing its financial losses, and possibly leading to further losses being incurred in prosecuting the matter. 2. Choosing the Appropriate Jurisdiction The need of choosing appropriate jurisdiction arises where offences are committed in various countries or where the offender and victim are located in different places, questions arise as to which court should deal with the matter. If the offence in question can be charged in the country in which the offender is located then problems of extradition will be avoided, but if the offence must be charged in the country in which the victim is located or where the effect of the conduct occurred, then the offender will need to be extradited to that country. A recent case that illustrates this question concerned a resident of Melbourne in Victoria who was accused of stalking a woman in Canada by sending letters and E-mail messages and using the telephone and the Internet. The Canadian woman complained to police in Toronto who referred the case to the Victoria Police. When the case came before a Magistrate in Melbourne, the accused argued that the effect of his activities, if any, was in Canada and not in Victoria and so the court had no jurisdiction to hear the charges. The Magistrate agreed and dismissed the charges deciding that the fear or apprehension had to be experienced in Victoria for Victorian law to apply. The problem of so called ‘negative international jurisdiction’ also arises. That is, cases that are not investigated because they could be prosecuted in one of many countries, but none wants to take action. There is also the reverse problem of too many countries wanting to prosecute a particularly noteworthy case. What may be needed to deal with this situation is the creation of an international protocol along the lines of the United Nations protocol on negotiating jurisdiction, setting out how jurisdiction is best determined in these cases. Generally, the rule is that if a country refuses to extradite an offender and if it has power to take action, then it should be obliged to do so. 3 Logistical and Practical Barriers Conducting investigations across national borders raises many practical problems that delay matters and increase cost. Often, for example, investigators have to contact people on the other side of the globe at inconvenient times. Teleconferences are difficult to arrange at times suitable for all concerned. Documents often need to be translated, particularly if required for diplomatic purposes. This can cost considerable sums and again delays investigations. Witnesses from non-English speaking countries may need the assistance of interpreters which can also be expensive and slow down investigations. Finally, countries have different priorities in terms of the importance of cybercrime investigations. Economic crimes committed using computers are often at the bottom of the hierarchy of importance in countries where violent crime is prevalent, or where
  • 3. national security interests may be at stake. The result is that requests for assistance in cybercrime cases may simply be given a much lower priority, especially if they have come from a country with no history of cooperative action. 4 Identifying Suspects One of the foremost problems that face cybercrime investigators is the identification of suspects. Occasionally, this can lead to considerable problems when the wrong person is arrested. Digital technologies enable people to disguise their identity in a wide range of ways making it difficult to know with certainty who was using a computer from which illegal communications came. This problem is more prevalent in business environments where multiple people may have access to a personal computer and where passwords are known or shared, than in private homes where it can often be assumed who the person was who was using the computer because of circumstantial evidence. In a recent study of online anonymity, Forde and Armstrong (2002) argued that those Internet services that provide the highest levels of anonymity are most likely to be used for criminal purposes. Encrypted Email and Internet Relay Chat that provide higher levels of anonymity were found to be preferred by those engaging in on-line pedophile activity and hacking, while the use of the World Wide Web and File Transfer Protocols that provided weaker levels of anonymity tended to be avoided by serious criminals. 5 Search and Seizure Two methods of obtaining data from a computer system can be distinguished on technical and legal criteria. In the first, data are obtained as part of a search of premises or the place where the system is located. The second involves the interception or monitoring of data being transmitted from, to or within the system. Some of the main difficulties, however, relate to obtaining permission to conduct such a search, securing the relevant access device such as a password, decrypting data that have been encrypted, and imaging a hard drive without interfering with the evidence. There is also the practical problem of conducting searches quickly so that data cannot be removed. A final problem concerns the retention of material by investigators. If child pornography has been seized by police, they may be unable to return it to accused persons as this would entail the illegal distribution of obscene materials. In the United Kingdom, the Possession of Unlawful Items Act could be used to enable police to dispose of child pornography that had been found of computers –but this is not yet in force 6. Problems of Encryption A difficult problem that faces cybercrime investigators concerns data that have been encrypted by accused persons who refuse to provide the decryption key or password. An illustration of the use of strong encryption by a criminal organization was uncovered during Operation Cathedral’ by police in 1998, which led to the largest ever global seizure of pedophile material. This involved police in 15 countries who uncovered the activities of the W0nderland (sic) Club, an international network with members in Europe, North America, and Australia who used the Internet to download and exchange child pornography including real-time video images. The Club used a secure network with regularly changed passwords and encrypted content. In Europe alone, over 750,000 images were recovered from computers, along with over 750 CDs and 1,300 videos and 3,400 floppy disks. The encryption used was able to be overcome because one member of the Club cooperated with police and provided access to the files. This led to approximately 100 arrests around the world in September 1998 (Australasian Centre for Policing Research 2000, p. 126). 7. Locating and Securing Relevant Material Considerable difficulties arise in locating and securing electronic evidence as the mere act of switching on a computer may alter critical evidence and associated time and date records. It is also necessary to search through vast quantities of data in order to locate the information being sought. A major problem concerns the seizure of digital evidence from hard drives on networked computers in which both relevant and irrelevant material (as well as legally privileged material) are contained together. The practical problem arises when imaging hard drives and then having to determine which material is relevant to the charges in question. This creates problems with search warrants where non-specified data are included in the hard drive, arguably leading to the invalidity of the whole search and seizure procedure. It is practically impossible to examine 80GB of data held on a hard drive in order to determine what is relevant. Other problems relate to disabling networks when seizing data, especially for large public or private sector organizations which rely on 24-hour access to networks, and also the problem of offenders storing data externally on other people’s computers in order to evade detection. 8. Mutual Assistance In order to facilitate criminal investigations carried out internationally, use is often made of mutual assistance treaties. These provide a legal basis for authorities in one country to obtain evidence for criminal investigations at the request of authorities from another country. Instruments of this kind cover a range of assistance including: the identification and location of persons; the service of documents; the obtaining of evidence, articles and documents; the execution of search and seizure requests; and assistance in relation to proceeds of crime. There are, however, various problems associated with using mutual legal assistance arrangements. The central difficulty is the slow and cumbersome nature of official requests. Costs associated with mutual legal assistance are borne by the party providing assistance. This creates hardship where small countries are concerned that are required to process many requests for assistance from large countries, but they rarely seek assistance themselves. 9. Securing Extradition Where an accused person is resident in a country other than the one in which criminal proceedings are to be taken, it is possible for that person to be extradited to that country to stand trial. Extradition requires not only that an appropriate treaty exist between the two countries concerned, but also that the conduct in question be criminalized in both the referring and receiving country. In the case of computer crime this if often not the case. An example of the kind of difficulties that can arise concerns the case of Onel de Guzman who was alleged to have sent out the so- called ‘Love Bug virus’ in May 2000. The virus which infected Microsoft Windows operating systems was sent by E-mail
  • 4. attachments which when opened damaged files in the computer and then replicated itself by sending similar messages to all the addresses in the infected computer’s address book. The estimated damage caused globally was estimated to be between $6.7 billion and $15.3 billion. The virus was traced to an Internet Service Provider in the Philippines who cooperated with police to locate the residence in question. A computer science student named Onel de Guzman was arrested but the creation and release of a computer virus was not proscribed by Philippine law at the time. Because the conduct was not illegal in the Philippines he could not be extradited to the United States where the conduct was illegal because of the principle of dual criminality (Bell 2002). Conclusion How, then, can these problems be overcome? The solutions lie in harmonizing laws and procedures globally, improving the technical capabilities of investigators, and finally in sharing information between public and private sector investigators and enhancing international cooperation. Issues relating to Jurisdiction Jurisdiction refers to a system of law courts or the body with official powers to make legal decisions and judgements. In cyberspace various jurisdiction issues are faced. Like:  Absence of geographically limitations could lead the incautious to believe that the laws of their home state apply to their actions, when in fact they are inadvertent violations of the laws of another State. In these circumstances, the courts could and do, assume jurisdiction over the offence and try the offender within their own jurisdiction, resulting in situations where persons located in a completely different jurisdiction may be tried in court of different jurisdiction.  Presence of multiple parties in various parts of the world who have only a virtual connection with each other. Then, if one party wants to sue the other, where can he sue? Traditional requirement generally encompasses two areas: - 1. Firstly, the Place where the defendant resides, or 2. Secondly, where the cause of action arises. However, in the context of the internet or cyberspace both these are difficult to establish with any certainty. Considering the lack of physical boundaries on the internet, is it possible to reach out beyond the court’s geographic boundaries to haul a defendant into its court for conduct in “Cyberspace”? Issues of this nature have contributed to the complete confusion and contradictions that plague judicial decisions in the area of internet jurisdiction. Therefore, any kind of use of the World Wide Web and any related activities on the internet may expose the person to risk of being sued in any state or foreign country where another internet user may establish a claim. A single transaction may involve the laws of at least three jurisdictions: 1. The laws of the state/nation in which the user resides, 2. The laws of the state/nation that apply where the server hosting the transaction is located, and 3. The laws of the state/nation which apply to the person or business with whom the transaction takes place.  There is no uniform, international jurisdictional law of universal application, and such questions are generally a matter of conflict of law, particularly private international law. An example would be where the contents of a web site are legal in one country and illegal in another. In the absence of a uniform jurisdictional code, legal practitioners are generally left with a conflict of law issue. Thus the major problem of cyber law lies in whether to treat the Internet as if it were physical space, and thus subject to a given jurisdiction’s laws, or to act as if the Internet is a world in itself, and therefore free of such restraints.  Rules enforcing ‘‘agreement of parties’’ It is well-established law in India that where more than one court has jurisdiction in a certain matter, an agreement between the parties to confer jurisdiction only on one to the exclusion of the other is valid. Thus the position of law on the point is that first, a choice of law agreement is permissible; and secondly, the agreement operates only in respect of a court, which does not otherwise inherently lack jurisdiction. In any such case, the courts also consider the balance of convenience and interests of justice while deciding for the forum.  How much does authority of one country willing to help another one? Collection of information in cyber matters requires searches and confiscation of delicate material that needs speedy and expert handling. Assistance in such areas is slow and half-hearted despite there being bets relations among countries.  Section 75 has potential to create problems, as an act that occurred overseas may have no connection in India except the use of some remote computer resource located here, this, which is quite common in internet relations, may be brought within the purview of our laws. How it is justifiable to start criminal proceedings against a foreigner who has not committed any act on Indian Territory? It is submitted that jurisdiction of IT Act shall not extend to those cases where the accused and victims are foreigners and the offence is committed outside the territory of India.  Absence of Laws: There are only 13 countries that have cyber-crime laws. This puts enormous pressure on the law enforcement agencies in obtaining international co-operation. The absence of such laws is like shielding the criminals from the legal provisions and providing them safe haven to continue with their evil deeds. Issues Related to Evidence
  • 5. To effectively combat the cyber-crime, it is not sufficient to successfully investigate the crime and nab the criminal, but more important is to prosecute and administer justice, according to the law of land. This requires an effective legal frame work, which fully supports the detection and prosecution of cyber criminals. The traditional techniques for investigation of cyber- crime and the prosecution procedures are inadequate. The judiciary must also appreciate the intricacies of the digital evidence that is collected and presented in the courts of law, in spite of the technical and operational hurdles the investigator faces.  Search and Seizure Two methods of obtaining data from a computer system can be distinguished on technical and legal criteria. In the first, data are obtained as part of a search of premises or the place where the system is located. The second involves the interception or monitoring of data being transmitted from, to or within the system. Some of the main difficulties, however, relate to obtaining permission to conduct such a search, securing the relevant access device such as a password, decrypting data that have been encrypted, and imaging a hard drive without interfering with the evidence. There is also the practical problem of conducting searches quickly so that data cannot be removed. A final problem concerns the retention of material by investigators. If child pornography has been seized by police, they may be unable to return it to accused persons as this would entail the illegal distribution of obscene materials. In the United Kingdom, the Possession of Unlawful Items Act could be used to enable police to dispose of child pornography that had been found of computers –but this is not yet in force  Problems of Encryption A difficult problem that faces cybercrime investigators concerns data that have been encrypted by accused persons who refuse to provide the decryption key or password. An illustration of the use of strong encryption by a criminal organization was uncovered during Operation Cathedral’ by police in 1998, which led to the largest ever global seizure of pedophile material. This involved police in 15 countries who uncovered the activities of the W0nderland (sic) Club, an international network with members in Europe, North America, and Australia who used the Internet to download and exchange child pornography including real-time video images. The Club used a secure network with regularly changed passwords and encrypted content. In Europe alone, over 750,000 images were recovered from computers, along with over 750 CDs and 1,300 videos and 3,400 floppy disks. The encryption used was able to be overcome because one member of the Club cooperated with police and provided access to the files. This led to approximately 100 arrests around the world in September 1998 (Australasian Centre for Policing Research 2000, p. 126).  Locating and Securing Relevant Material Considerable difficulties arise in locating and securing electronic evidence as the mere act of switching on a computer may alter critical evidence and associated time and date records. It is also necessary to search through vast quantities of data in order to locate the information being sought. A major problem concerns the seizure of digital evidence from hard drives on networked computers in which both relevant and irrelevant material (as well as legally privileged material) are contained together. The practical problem arises when imaging hard drives and then having to determine which material is relevant to the charges in question. This creates problems with search warrants where non-specified data are included in the hard drive, arguably leading to the invalidity of the whole search and seizure procedure. It is practically impossible to examine 80GB of data held on a hard drive in order to determine what is relevant. Other problems relate to disabling networks when seizing data, especially for large public or private sector organizations which rely on 24-hour access to networks, and also the problem of offenders storing data externally on other people’s computers in order to evade detection.  Admissibility in court- we need to ensure integrity of digital evidence which is inherently fragile and almost always suspect. This include establishing the authenticity, lack of tampering in all the system it has passed, reliability of computer generated records and authorship.  Difference between human entered and computer generated Data Legal distinctions also arise with the differences between human entered and computer generated data. Specific research areas include the development of anti-tampering methods like- digital signature, one-way hash algorithms, checksum etc. to check integrity of evidence is preserved.  Detection and Recovery of Hidden Data Specific research areas include- categorization of places and mechanism for hiding data, mechanism for detection of original material and methods for exacting and recovering hidden data.  Handling vast Data Massive Data volume, network monitoring, increasing complexity and broader application- This have resulted a vast amount of data to be dealt with while following a single transaction. This result in a biggest issue i.e. where to get evidence in such big data. Search has to be done on whole content which affects precious time of investigators and engages manpower. Sometimes no evidence could be obtained after searching a big hard disk. So the need of some heuristic is needed here to begin the search of evidence smartly rather than just picking any random related device and start searching. Relevant provision under IT ACT 2000  The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. It is based on the United Nations Model Law on Electronic Commerce 1996 (UNCITRAL Model) recommended by the General Assembly of United Nations by a resolution dated 30 January 1997.  An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper- based methods of communication and storage of information, to facilitate electronic filing of documents with the Government
  • 6. agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.  Some highlights of the Act are listed below: Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber. Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is - rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference. The said chapter also details the legal recognition of Digital Signatures. Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act envisages a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying Authorities and it further details the various provisions for the issue of license to issue Digital Signature Certificates. Chapter-VII of the Act details about the scheme of things relating to Digital Signature Certificates. The duties of subscribers are also enshrined in the said Act. Chapter-IX of the said Act talks about penalties and adjudication for various offences. The penalties for damage to computer, computer systems etc. has been fixed as damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of the said Act or rules framed there under. The said Adjudicating Officer has been given the powers of a Civil Court. Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the orders passed by the Adjudicating Officers, shall be preferred. Chapter-XI of the Act talks about various offences and the said offences shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. These offences include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking.  LAWS: Section Offence Description 65 Tampering with computer source documents If a person knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force. 66 Hacking with computer system If a person with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hack. 66B Receiving stolen computer or communication device A person receives or retains a computer resource or communication device which is known to be stolen or the person has reason to believe is stolen. 66C Using password of another person A person fraudulently uses the password, digital signature or other unique identification of another person. 66D Cheating using computer resource If a person cheats someone using a computer resource or communication. 66E Publishing private images of others If a person captures, transmits or publishes images of a person's private parts without his/her consent or knowledge. 66F Acts of cyberterrorism If a person denies access to an authorized personnel to a computer resource, accesses a protected system or introduces contaminant into a system, with the intention of threatening the unity, integrity, sovereignty or security of India, then he commits cyberterrorism. 67 Publishing information which is obscene in electronic form. If a person publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it. 67A Publishing images If a person publishes or transmits images containing a sexual explicit act or conduct.
  • 7. containing sexual acts 67B Publishing child porn or predating children online If a person captures, publishes or transmits images of a child in a sexually explicit act or conduct. If a person induces a child into a sexual act. A child is defined as anyone under 18. 67C Failure to maintain records Persons deemed as intermediary (such as an ISP) must maintain required records for stipulated time. Failure is an offence. 68 Failure/refusal to comply with orders The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, rules or any regulations made thereunder. Any person who fails to comply with any such order shall be guilty of an offence. 69 Failure/refusal to decrypt data If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign Stales or public order or for preventing incitement to the commission of any cognizable offence, for reasons to be recorded in writing, by order, direct any agency of the Government to intercept any information transmitted through any computer resource. The subscriber or any person in charge of the computer resource shall, when called upon by any agency which has been directed, must extend all facilities and technical assistance to decrypt the information. The subscriber or any person who fails to assist the agency referred is deemed to have committed a crime. 70 Securing access or attempting to secure access to a protected system The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system. The appropriate Government may, by order in writing, authorize the persons who are authorized to access protected systems. If a person who secures access or attempts to secure access to a protected system, then he is committing an offence. 71 Misrepresentation If anyone makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate. Indian Penal Code The Indian Penal Code (IPC) is the main criminal code of India. It is a comprehensive code intended to cover all substantive aspects of criminal law. The code was drafted in 1860 on the recommendations of first law commission of India established in 1834 under the Government of India Act 1833 under the Chairmanship of Macaulay. It came into force in British India during the early British Raj period in 1862. However, it did not apply automatically in the Princely states, which had their own courts and legal systems until the 1940s. The Code has since been amended several times and is now supplemented by other criminal provisions. Based on IPC, Jammu and Kashmir has enacted a separate code known as Ranbir Penal Code (RPC). The Indian Penal Code applies to the whole of India except for the state of Jammu & Kashmir. Structure The Indian Penal Code of 1860, sub-divided into twenty-three chapters, comprises five hundred and eleven sections. The Code starts with an introduction, provides explanations and exceptions used in it, and covers a wide range of offences. Public Wrong A Wrong can take place in two ways. Public Wrong and a Private Wrong. Private Wrong causes injury to an individual or a group of individuals and the injured / aggrieved parties approach the Civil Court for damages/relief. E.g.: Private nuisance, tort etc. Public Wrong on the other hand is a threat to the society. It is an offence committed against the society which creates a social disorder. e.g.: Murder, Rape etc. Unnatural Offenses - Section 377 Whoever, voluntarily has carnal intercourse against the order of nature with any man, woman or animal, shall be punished with imprisonment of life, or with imprisonment of either description for a term which may extend to ten Years, and shall also be liable to fine. Attempt to Commit Suicide The Section 309 of the Indian Penal Code deals with an unsuccessful attempt to suicide. Attempting to commit suicide and doing any act towards the commission of the offence is punishable with imprisonment up to one year or with fine or with both. Section 497 The Section 497 of the IPC has been criticized on the one hand for allegedly treating woman as the private property of her husband, and on the other hand for giving women complete protection against punishment for adultery.[14][15] Death Penalty Sections 120B (criminal conspiracy), 121 (war against the Government of India), 122 (mutiny), 194 (false evidence to procure conviction for a capital offense), 302, 303 (murder), 305 (abetting suicide), 364A (kidnapping for ransom), 364A (banditry with murder), 376A (rape) have death penalty as punishment. There is ongoing debate for abolishing capital punishment. Pornography Act:
  • 8. Pornography or obscenity is very sensitive issue all over the world yet there is no settled definition of the word under any law. What is nude art or sexually explicit thing for one person may be obscene or porn for another. Hence, it is very difficult to define “What is porn?” There have been many attempts to limit the availability of pornographic content on the Internet by governments and law enforcement bodies all around the world but with little effect. Classic example is a website, www.incometaxpune.com, prima facie, it looks a website of Income tax department of Pune City, but actually it’s a porn site. Though it was blocked many times by law enforcement agencies in India, it is still available with obscene contains. Pornography on the Internet is available in different formats. These range from pictures and short animated movies, to sound files and stories. The Internet also makes it possible to discuss sex, see live sex acts, and arrange sexual activities from computer screens. Although the Indian Constitution guarantees the fundamental right of freedom of speech and expression; it has been held that a law against obscenity is constitutional. The Supreme Court has defined obscene as “offensive to modesty or decency; lewd, filthy, repulsive”, Section 67 of the Information Technology Act, 2000 penalizes cyber pornography. Other Indian laws that deal with pornography include the Indecent Representation of Women (Prohibition) Act and the Indian Penal Code. Section 67 reads as under: - Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees. This section explains what is considered to be obscene and also lists the acts in relation to such obscenity that are illegal. Explanation Any material in the context of this section would include video files, audio files, text files, images, animations etc. These may be stored on CDs, websites, computers, cell phones etc. Lascivious is something that tends to excite lust. Appeals to, in this context, means “arouses interest”. Prurient interest is characterized by lustful thoughts. Effect means to produce or cause some change or event. Tend to deprave and corrupt in the context of this section means “to lead someone to become morally bad”. Persons here refers to natural persons (men, women, children) and not artificial persons (such as companies, societies etc.). To be considered obscene for the purpose of this section, the matter must satisfy at least one of the following conditions: -  it must tend to excite lust, or  it must arouse interest in lustful thoughts, or  It must cause a person to become morally bad. Illustration Sameer launches a website that contains information on sex education. The website is targeted at higher secondary school students. Pooja is one such student who is browsing the said website. Her illiterate young maid servant happens to see some explicit photographs on the website and is filled with lustful thoughts. This website would not be considered obscene. This is because it is most likely to be seen by educated youngsters who appreciate the knowledge sought to be imparted through the photographs. It is under very rare circumstances that an illiterate person would see these explicit images. Acts those are punishable in respect of obscenity: - “Publishing” means “to make known to others”. It is essential that at least one natural person (man, woman or child) becomes aware or understands the information that is published. Simply putting up a website that is never visited by any person does not amount to publishing. “Transmitting” means to pass along convey or spread. It is not necessary that the “transmitter” actually understands the information being transmitted. Information in the electronic form includes websites, songs on a CD, movies on a DVD, jokes on a cell phone, photo sent as an email attachment etc. The punishment provided under this section is as under: -  First offence: Simple or rigorous imprisonment up to 3 years and fine up to Rs. 5 lakh.  Subsequent offence: Simple or rigorous imprisonment up to 5 years and fine up to Rs. 10 lakhs. Amendments of 2008 introduced new Section on Cyber pornography i.e. Section 67A. The Section makes publishing or transmitting of sexually explicit act or conduct illegal with a punishment of imprisonment up to five years and with fine which may extend to ten lakh rupees for first offence and seven years for subsequent offences.
  • 9. Hence, the Section makes publishing or transmission of blue films, audio sex clips, pictures, magazines and any other material in the electronic form involving sexually explicit acts illegal. The Indian Evidence Act 1872: This is another legislation amended by the ITA. Prior to the passing of ITA, all evidences in a court were in the physical form only. With the ITA giving recognition to all electronic records and documents, it was but natural that the evidentiary legislation in the nation be amended in tune with it. In the definitions part of the Act itself, the “all documents including electronic records” were substituted. Words like ‘digital signature’, ‘electronic form’, ‘secure electronic record’ ‘information’ as used in the ITA, were all inserted to make them part of the evidentiary mechanism in legislations. Admissibility of electronic records as evidence as enshrined in Section 65B of the Act assumes significance. This is an elaborate section and a landmark piece of legislation in the area of evidences produced from a computer or electronic device. Any information contained in an electronic record which is printed on a paper, stored, recorded or copied in optical or magnetic media produced by a computer shall be treated like a document, without further proof or production of the original, if the conditions like these are satisfied: (a) the computer output containing the information was produced by the computer during the period over which the computer was used regularly by lawful persons. (b) the information derived was regularly fed into the computer in the ordinary course of the said activities; (c) throughout the material part of the said period, the computer was operating properly and a certificate is signed by a person responsible etc. To put it in simple terms, evidences (information) taken from computers or electronic storage devices and produced as print-outs or in electronic media are valid if they are taken from system handled properly with no scope for manipulation of data and ensuring integrity of data produced directly with or without human intervention etc. and accompanied by a certificate signed by a responsible person declaring as to the correctness of the records taken from a system a computer with all the precautions as laid down in the Section. However, this Section is often being misunderstood by one part of the industry to mean that computer print-outs can be taken as evidences and are valid as proper records, even if they are not signed. We find many computers generated letters emanating from big corporates with proper space below for signature under the words “Your faithfully” or “truly” and the signature space left blank, with a Post Script remark at the bottom “This is a computer generated letter and hence does not require signature”. The Act does not anywhere say that ‘computer print-outs need not be signed and can be taken as record’. This Act is divided into three parts and there are 11 chapters in total under this Act.[2] Part 1 Part 1 deals with relevancy of the facts. There are two chapters under this part: the first chapter is a preliminary chapter which introduces to the Evidence Act and the second chapter specifically deals with the relevancy of the facts. Part 2 Part 2 consists of chapters from 3 to 6. Chapter 3 deals with facts which need not be proved, chapter 4 deals with oral evidence, chapter 5 deals with documentary evidence and chapter 6 deals with circumstances when documentary evidence has been given preference over the oral evidence. Part 3 The last part, that is part 3, consists of chapter 7 to chapter 11. Chapter 7 talks about the burden of proof. Chapter 8 talks about estoppel, chapter 9 talks about witnesses, chapter 10 talks about examination of witnesses, and last chapter which is chapter 11 talks about improper admission and rejection of evidence.