This document discusses several legal and ethical issues related to e-commerce, including privacy and information rights, property rights, governance issues, and public safety concerns. It outlines India's Information Technology Act of 2000, which provides the legal framework for e-commerce and addresses cybercrime. Specific issues covered include security threats to e-commerce like hacking and viruses; legal issues involving incorporation, trademarks, and transactions; and the regulation of internet gambling. Ethical concepts around responsibility, accountability, and analyzing dilemmas are also examined.
2. • Legal and ethical issues in E- Commerce:
Security issues in E- Commerce
• Cyber laws-Information Technology Act 2000
• Internet Gambling
• Threats to children.
3. ETHICAL, SOCIAL,ANDLEGALISSUESIN ECOMMERCE- E-COMMERCECONCEPTS
• Defining the rights of people to express their ideas and
the property rights of copyright owners are just two of
many ethical, social, and legal issues raised by the rapid
evolution of e-commerce.
• We live in an “information society,” where power and
wealth increasingly depend on information and knowledge.
• the Internet and ecommerce can be used to achieve social
progress, and for the most part, this has occurred.
• However, the same technologies can be used to commit
crimes, despoil the environment, and threaten cherished
social values.
• Many business firms and individuals are benefiting from the
commercial development of the Internet but Before the
Internet, there was very little “cyber crime.”
4. • The major ethical, social, and legal issues that have developed
around e commerce over the past seven to eight years can be
loosely categorized into four major dimensions:
Information rights: What rights to their own personal
information do individuals have in a public marketplace.
• What rights do individuals have to access information about
business firms and other organizations?
Property rights: How can traditional intellectual property
rights be enforced in an internet world?
Governance: Should the Internet and e-commerce be subject
to public laws? And if so, what law-making bodies have
jurisdiction - state, federal, and/or international?
Public safety and welfare: What efforts should be undertaken
to ensure equitable access to the Internet and ecommerce
channels? Is certain online content and activities - such as
gambling - a threat to public safety and welfare?
5.
6. Basic Ethical Concepts: Responsibility
Accountability, and Liability
• Ethics is the study of principles that individuals
and organizations can use to determine right and
wrong courses of action.
Analyzing Ethical Dilemmas
• A dilemma is a situation in which there are at
least two diametrically opposed actions, each of
which supports a desirable outcome.
• When confronted with a situation that seems to
present ethical dilemmas, how can you analyze
and reason about the situation? The following is a
five step process that should help.
7. 1.Identify and describe clearly the facts. Find out
who did what to whom, and where, when, and
how. It also helps to get the opposing parties
involved in an ethical dilemma to agree on the
facts.
2.Define the conflict or dilemma and identify the
higher order value involved. Ethical, social, and
political issues always reference higher values.
Otherwise, there would be no debate. The parties
to a dispute all claim to be pursuing higher values
(e.g., freedom, privacy, protection of property,
and the -enterprise system).
8. 3.Identify the stakeholders. Every ethical, social, and
political issue has stakeholders: players in the game who
have an interest in the outcome, Find out the identity of
these groups and what they want. This will be useful later
when designing a solution.
4.Identity the options that you can reasonably take. You
may find that none of the options satisfies all the interests
involved, but that some options do a better job than others.
• Sometimes, arriving at a “good” or ethical solution may not,
always be a balancing of consequences to stakeholders.
5.Identify the potential consequences of your options. Some
options may be ethically correct, but disastrous from other
points of view.
• Other options may work in this one instance, but not in
other similar instances. All the aspects need to be identified.
9. Privacy and Information Rights.
• Privacy is the moral right of individuals to be left
alone, free from surveillance or interference from
other individuals or organizations.
• Information privacy is a subset of privacy. The
right to information privacy includes both the
claim that certain information should not be
collected at all by governments or business firms,
and the claim of individuals to control over
personal of whatever information that is collected
about them.
• Individual control over personal information is at
the core of the privacy concept. Due process also
plays an important role in defining privacy.
10. Legal Issues:
• In addition to common law and the
Constitution, there are state laws that protect
individuals against government intrusion and
in some cases define privacy rights vis-à-vis
private organizations such as financial,
education, and media institutions.
• Described below are some of the common
legal issues an e-commerce business faces.
11. 1.Incorporation Problem
• If you are a company operated merely via a
website, not being incorporated is a crucial
problem.
• Any purchase and selling activity related to
your products will be considered illegal and
you can’t claim your right in case of any fraud
and corruption.
• Without incorporation, your business has no
shelter.
12. 2.Trademark Security Problem
• Not getting your trademark protected is one of the main
legal issues in the field of e-commerce.
• Since trademark is company’s logo and symbol, the
representation of business all over the web, it must be
protected.
• If don’t secure it, it won’t take long before you’ll
realize your trademark is being infringed upon.
• This is very common legal issue and can become a
deadly threat to e-business.
• With the hackers on loose and cybercrime so common,
trademark infringement of your business or by your
business can be a serious legal matter and may hinder
your business’s progress.
13. 3.Copyright Protection Issue
• While publishing content for your e-commerce
website, using content of any other company can
be a severe legal problem.
• This might mark an end to your e-business. There
are many sites online which are royalty free and
allow you to access their content and images.
• You may use those sites for creating web content
for your business site.
• Even if you unintentionally used copyrighted
content, the other party can easily sue your
business.
14. 4.Transaction Issues
• If your business fails to provide clear and
complete description of the product, cost and
purchase details, information about delivery
i.e. when the customer will receive products
and make any claims related to exchange and
refunds, and there exist chances for imposing
penalties on your business.
15. E-COMMERCE SECURITY ISSUES
• E-commerce security is the protection of e-commerce
assets from unauthorized access, use, alteration, or
destruction.
6 dimensions of e-commerce security
1.Integrity: prevention against unauthorized data
modification
2.Nonrepudiation: prevention against any one party from
reneging on an agreement after the fact
3. Authenticity: authentication of data source
4. Confidentiality: protection against unauthorized data
disclosure
5. Privacy: provision of data control and disclosure
6. Availability: prevention against data delays or removal
16. E-COMMERCE SECURITY THREATS
• Threats may from anyone with the capability,
technology, opportunity, and intent to do harm.
• Potential threats can be foreign or domestic,
internal or external, state-sponsored or a single
rogue element.
• Terrorists, insiders, disgruntled employees, and
hackers are included in this profile
17. 1. Intellectual property threats -- use existing materials found on the
Internet without the owner's permission, e.g., music downloading,
software pirating
2. Client computer threats
– Trojan horse
– Active contents
– Viruses
3. Communication channel threats
– Sniffer program
– Backdoor
– Spoofing
– Denial-of-service
4. Server threats
– Privilege setting
– Server Side Include (SSI), Common Gateway Interface (CGI)
– File transfer
– Spamming
18. • Loss of Privacy/confidentiality, data
misuse/abuse.
• Cracking, eavesdropping, spoofing, rootkits
• Viruses, Trojans, worms, hostile ActiveX and
Java
• System unavailability, denial of service,
natural disasters, power interruptions
19. Backdoors Attacks
• It is a type of attacks which gives an attacker to unauthorized access
to a system by bypasses the normal authentication mechanisms. It
works in the background and hides itself from the user that makes it
difficult to detect and remove.
Denial of service attacks
• A denial-of-service attack (DoS attack) is a security attack in which
the attacker takes action that prevents the legitimate (correct) users
from accessing the electronic devices. It makes a network resource
unavailable to its intended users by temporarily disrupting services
of a host connected to the Internet.
Direct Access Attacks
• Direct access attack is an attack in which an intruder gains physical
access to the computer to perform an unauthorized activity and
installing various types of software to compromise security. These
types of software loaded with worms and download a huge amount
of sensitive data from the target victims.
20. Eavesdropping
• This is an unauthorized way of listening to private
communication over the network. It does not interfere with
the normal operations of the targeting system so that the
sender and the recipient of the messages are not aware that
their conversation is tracking.
Credit/Debit card fraud
• A credit card allows us to borrow money from a recipient
bank to make purchases. The issuer of the credit card has
the condition that the cardholder will pay back the borrowed
money with an additional agreed-upon charge.
• A debit card is of a plastic card which issued by the
financial organization to account holder who has a savings
deposit account that can be used instead of cash to make
purchases. The debit card can be used only when the fund is
available in the account.
21. HOW TO MINIMIZE SECURITY THREATS
1. Perform a risk assessment à a list of information assets and
their value to the firm
2. Develop a security policy às a written statement on:
* what assets to protect from whom?
* why these assets are being protected?
* who is responsible for what protection?
* which behaviors are acceptable and unacceptable?
3. Develop an implementation plan à a set of action steps to
achieve security goals
4. Create a security organization à a unit to administer the
security policy
5. Perform a security audit à a routine review of access logs
and evaluation of security procedures
22. Cyber laws-Information Technology Act 2000
• The Information Technology Act, 2000 or ITA, 2000 or IT
Act, was notified on October 17, 2000.
• It is the law that deals with cybercrime and electronic
commerce in India.
• In 1996, the United Nations Commission on International
Trade Law (UNCITRAL) adopted the model law
on electronic commerce (e-commerce) to bring uniformity
in the law in different countries.
• Further, the General Assembly of the United
Nations recommended that all countries must consider this
model law before making changes to their own laws.
• India became the 12th country to enable cyber law after it
passed the Information Technology Act, 2000.
23. • While the first draft was created by the
Ministry of Commerce, Government of India
as the E-Commerce Act, 1998, it was redrafted
as the ‘Information Technology Bill, 1999’,
and passed in May 2000.
24. Objectives of the Act
• The Information Technology Act, 2000 provides
legal recognition to the transaction done via
electronic exchange of data and other
electronic means of communication or electronic
commerce transactions.
• This also involves the use of alternatives to a
paper-based method of communication and
information storage to facilitate the electronic
filing of documents with the Government
agencies.
25. The objectives of the Act are as follows:
• Grant legal recognition to all transactions done via
electronic exchange of data or other electronic means of
communication or e-commerce, in place of the earlier
paper-based method of communication.
• Give legal recognition to digital signatures for the
authentication of any information or matters requiring legal
authentication
• Facilitate the electronic filing of documents with
Government agencies and also departments
• Facilitate the electronic storage of data
• Give legal sanction and also facilitate the electronic
transfer of funds between banks and financial institutions
• Grant legal recognition to bankers under the Evidence
Act, 1891 and the Reserve Bank of India Act, 1934, for
keeping the books of accounts in electronic form.
26. Features of the Information Technology Act,
2000
• All electronic contracts made through secure electronic
channels are legally valid.
• Legal recognition for digital signatures.
• Security measures for electronic records and also digital
signatures are in place
• A procedure for the appointment of adjudicating officers
for holding inquiries under the Act is finalized
• Provision for establishing a Cyber Regulatory Appellant
Tribunal under the Act. Further, this tribunal will handle
all appeals made against the order of the Controller or
Adjudicating Officer.
• An appeal against the order of the Cyber Appellant Tribunal
is possible only in the High Court
27. • Digital Signatures will use an asymmetric cryptosystem
and also a hash function
• Provision for the appointment of the Controller of
Certifying Authorities (CCA) to license and regulate
the working of Certifying Authorities. The Controller to
act as a repository of all digital signatures.
• The Act applies to offences or contraventions
committed outside India
• Senior police officers and other officers can enter any
public place and search and arrest without warrant
• Provisions for the constitution of a Cyber Regulations
Advisory Committee to advise the Central Government
and Controller.
28. Applicability and Non-Applicability
of the Act
• According to Section 1 (2), the Act extends to
the entire country, which also includes Jammu
and Kashmir. In order to include Jammu and
Kashmir, the Act uses Article 253 of the
constitution. Further, it does not take
citizenship into account and provides extra-
territorial jurisdiction.
29. • section 1 (2) along with Section 75, specifies
that the Act is applicable to any offence or
contravention committed outside India as well.
• If the conduct of person constituting the
offence involves a computer or a computerized
system or network located in India, then
irrespective of his/her nationality, the person is
punishable under the Act.
• Lack of international cooperation is the only
limitation of this provision.
30. Non-Applicability
• According to Section 1 (4) of the Information Technology
Act, 2000, the Act is not applicable to the following
documents:
1. Execution of Negotiable Instrument under Negotiable
Instruments Act, 1881, except cheques.
2. Execution of a Power of Attorney under the Powers of
Attorney Act, 1882.
3. Creation of Trust under the Indian Trust Act, 1882.
4. Execution of a Will under the Indian Succession Act, 1925
including any other testamentary disposition
by whatever name called.
5. Entering into a contract for the sale of conveyance of
immovable property or any interest in such property.
6. Any such class of documents or transactions as may be
notified by the Central Government in the Gazette.
31. Internet Gambling
• Online gambling (or Internet gambling) is any kind
of gambling conducted on the internet. This includes
virtual poker, casinos and sports betting.
• The first online gambling venue opened to the general public, was
ticketing for the Liechtenstein International Lottery in October
1994..
• Today the market is worth around $40 billion globally each year,
according to various estimates.
• Many countries restrict or ban online gambling.
• However it is legal in some states of the United States, some
provinces in Canada, most countries of the European Union and
several nations in the Caribbean.
• In many legal markets, online gambling service providers are
required by law to have some form of license if they wish to provide
services or advertise to residents.
32. Forms of online Gambling
Poker
• Players play against each other rather than the
"house", with the card room making its money
through "rake" and through tournament fees.
Casinos
• There are a large number of online casinos in
which people can play casino games such
as roulette, blackjack, pachinko, baccarat and
many others. These games are played against the
"house" which makes money because the odds are
in its favor.
33. Sports betting
• Sports betting is the activity of
predicting sports results and placing a wager
on the outcome. Usually the wager is in the
form of money.
Bingo
• Online bingo is a type of number game played
on the Internet.
34. Horse racing betting
• Horse racing betting comprises a significant
percentage of online gambling wagers.
• Betting on Horse Racing is one of the few
legal betting activities in India.
• The leading online horse racing portals are
the likes of Bet365 and Betway.
35. Mobile gambling
• Mobile gambling refers to playing games of chance or
skill for money by using a remote device such as
a tablet computer, smart phone or a mobile phone with
a wireless Internet connection.
In-play gambling
• In-play gambling is a feature on many online sports
betting websites that allows the user to bet while the
event is in progress.
• A benefit of live in-play gambling is that there are
much more markets.
• For example, in Association football a user could bet on
which player will receive the next Yellow card, or
which team will be awarded the next corner kick
36. Legal regulations on internet gambling in India
• Online Gaming/Gambling laws in India prohibit
betting or wagering and any act which is intended
to aid or facilitate the same.
• Gaming/Gambling being a State subject,
gaming/gambling in India have laws which differ
from state to state .
• This would mean what is permitted in one State
may be an offence in another.
• The Public Gambling Act, 1867, is the central
enactment on the subject, which has been adopted
by certain states of India like Uttar Pradesh,
Punjab, Madhya Pradesh etc.
37. • The other States have enacted their own
legislation to regulate gaming / gambling in
India activities within its territory.
• It is to be noted that State Legislations have
been enacted prior to the advent of virtual /
online gambling in India and therefore
references of gaming/gambling in India, in
respective state legislatures are in relation to
physical premises only,
• barring Sikkim and Nagaland which are the
only States who have introduced regulations
pertaining the online gaming.
38. • The State gambling laws for online gambling in India,
found that, except the State of Orissa and Assam, most
of the States have excluded ‘games of skill’ from
applicability of its respective gaming/gambling laws.
• Further, playing certain games including ‘Poker’, both
online and offline, is permitted under the laws of West
Bengal, Nagaland and Sikkim subject to licence from
the appropriate State Authorities.
• But this would be applicable only in the territorial
limits of the respective State.
• In Goa, gambling is permitted only in Government
permitted places operated as casinos.
39. Game of Skill v. Game of Chance:
• There has been a substantial discussion by
Supreme Court and High Court on what
constitutes a ‘game of skill’ and a ‘game of
chance’.
• The judgments is that a game where there is
preponderance of skill over chance is a ‘game of
skill’ and vice-versa.
• Eg: game of Rummy to be a ‘game of skill’.
• Three card game which goes under different
names such as flush, brag, etc. is a game of pure
chance.
40. • Game of skills, if played with stakes does not
amount to gambling;
• Playing games of skill for money is only legal
in the real form, online games cannot be
compared to real games;
• Attracting business or enticing players by
alluring them with prize money is illegal;
• Gaming sites partaking a slice on the winning
hand are illegal as they amount to a virtual
gambling house.
41. Internet based Threats to children.
• There are various threats to children in cyber space,
including sexual harassment and cyber bullying .
• Most children are unaware of these problems and
realize that they have been victimized by a
cybercriminal.
• On the other hand, parents either have inadequate
information about the means through which they can
safeguard their children on the internet or may have
little time or resources or training to safeguard their
children on the internet.
• The Global Youth On-Line Behavior Survey conducted
by Microsoft declares that 53% of the children between
age 8-17 in India have become victims of cyber
bullying.
42. cyber grooming
• Cyber criminals target children often through
social media or other means for biological
gratification or record inappropriate content
which they can commercially exploit both
online and offline.
• They initiate conversation with a child and
gradually groom the child for biological
exploitation purposes.
43. Obscenity online
• At times misleading website names could lead a
child to read an obscene material unknowingly
• or such websites which are age inappropriate
could crop up on its own in the form of popup ads
to distract a child.
• A recent survey points out while 56% of Indian
parents are concerned about their children being
misguided online, 42% of Indian parents (of
between 4 to 8 year old children) apprehend their
children may be exposed to adult content.
44. Cyber bullying
• Children who use internet often become victims
of cyber bullying.
• This term denotes an act or series of acts
directed at harassing or harming a child's
psychology, confidence or morale.
• In case a stranger is accepted as a member by a
child in his/her social network, the stranger could
be a cyber criminal who could bully or harass a
child by making unwarranted comments or pokes
or posting objectionable contents in order to bully
a child.
45. Photo morphing
• Photo Morphing means altering digital images
so that a person is shown in an embarrassing
situation.
• A lot of children receive their images in a
morphed manner containing sexually explicit
content.
• This is done to harm a child's self esteem and
cause undue harassment to him by circulating
these illegally on social media
46. Cyber Stalking
• This is a widely prevalent cybercrime that
poses a risk to children online.
• Any one can conceal his/their true identity or
use fake names to start a conversation with a
child online or use the available information
about the child such as their email address to
send them harassing content online.
47. Addiction to on-line gambling
• There are certain websites that target and
entice children into online gambling.
• This could be addictive and be also illegal in
certain jurisdictions such as India.
• Such sites could have criminal objectives to
also illegally collect personal data or financial
information from gullible children
48. Enticing children into drugs or other illegal activity
• There are fraudsters and criminals who are targeting
children online and enticing them into gambling,
money laundering and even introducing them to drugs
and other illegal activity.
Phishing
• It is a financial crime where cyber criminals could send
emails to children or adults to extract personal sensitive
information such as credit card details or net-banking
details and harm them by making unauthorized debits
to the victim's account causing wrongful loss to him
49. Pharming
• This technique is used to introduce malicious
code in a system or it is used to take the user
to fake sites where hacker can steal their
personal information.
• In order to protect oneself while making
purchase online we must use a https website
which is a secured website with adequate
safeguards for making online payments.
50. Malware infected files breaching privacy of children
• Cyber criminals are using more sophisticated tools to
commit cyber crimes.
• They are using new mechanisms to defraud children by
use of technical tools, software and malware,
particularly in Social networking websites.
• They conceal their true identity by spoofing (i.e
concealing true identity and garbing a fake identity)
and hiding their IP addresses, infecting the systems
by introducing viruses, Trojans, key loggers
(spyware) or trigger software which open a web cam
unauthorisedly.
51. Pass word attack
• When a cyber criminal makes attempts to hack
a user account or pass-word, this is termed as
Brute Force Attack.
• This can lead to compromise of a social network
account or email address or other online account
of a person.
• It is advisable to use complex Alpha Numeric
Pass-words and change these Passwords from
time to time to ensure their integrity.
• Use of OTP (One Time Password) or
cryptographic authentication can strengthen
password protection.
52. Malvertising
• A recent phenomenon on the internet is a
deliberate circulation of e-books that can be
downloaded for free by children.
• These free e-books are available on diverse
topics of academic interests to children but
may contain malware and infect their systems
without any signs of warning that the systems
have been hacked or certain data has been
extracted from their system by a cyber-
criminal.