2. India is one of the few countries other than U.S.A, Singapore, Malaysia in the world that
have Information Technology Act to promote E-Commerce and electronic transactions.
Indian parliament has already passed the legislation known as Information Technology
Act 2000 drafted by the Ministry of Communications and Information Technology. The Act
is based on the "United Nations Commission on International Trade Law" (UNCITRAL)
model Law on Electronic Commerce.
2
3. Need of I.T. Act 2000
National Reasons
Increasing use of ICTs - business
transactions and entering into
contracts
No legal protection
Signatory to UNCITRAL
International Reasons
International trade through
electronic means.
UNCITRAL had adopted a Model
Law on Electronic Commerce in
1996.
The General Assembly of the
United Nations- 31st January, 1997
World Trade Organization (WTO)-
Electronic medium for transactions.
3
Crime is no longer limited to space, time or a group of people. Cyber space
creates moral, civil and criminal wrongs.
4. Objectives
1. To suitably amend existing laws in India to facilitate e-commerce.
2. To provide legal recognition of electronic records and digital signatures.
3. To provide legal recognition to the transactions carried out by means of Electronic Data
Interchange (EDI) and other means of electronic communication.
4. To provide legal recognition to business contacts and creation of rights and obligations
through electronic media.
5. To establish a regulatory body to supervise the certifying authorities issuing digital
signature certificates.
6. To create civil and criminal liabilities for contravention of the provisions of the Act and to
prevent misuse of the e-business transactions.
7. To facilitate e-governance and to encourage the use and acceptance of electronic records
and digital signatures in government offices and agencies.
4
5. Components of the Act
Legal Recognition to Digital Signatures
Electronic Governance
Mode of Attribution, Acknowledgement and Despatch of Electronic Records.
Secure Electronic Records.
Regulation of Certification Authorities.
Digital Certificates.
5
7. IT ACT, 2000 –MAJOR PROVISIONS
Extends to the whole of India
(Section 1(2))
Electronic contracts will be legally valid
(Section 10A )
Legal recognition of digital signatures
(Section 3 )
Security procedure for electronic records and digital signature
(Section 16 )
Appointment of Controller of Certifying Authorities to license and regulate the
working of Certifying Authorities
(Section 17 of the Act for purposes of the IT Act )
7
8. IT ACT, 2000 –MAJOR PROVISIONS (Contd..)
Certifying Authorities to get License from the Controller to issue digital
signature certificates
(Section 2)
Various types of computer crimes defined and stringent penalties provided
under the Act
Appointment of Adjudicating Officer for holding inquiries under the Act
(Section 46)
Establishment of Cyber Regulatory Appellate Tribunal under the Act
(Section 48 )
8
9. IT ACT, 2000 –MAJOR PROVISIONS
Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to
any Civil Court
(Section 57)
Appeal from order of Cyber Appellate Tribunal to High Court
(Section 62)
Act to apply for offences or contraventions committed outside India
(Section 75 (1) and (2))
Network service providers not to be liable in certain cases
Power of police officers and other officers to enter into any public place and
search and arrest without warrant
(Section 80)
Constitution of Cyber Regulations Advisory Committee to advise the Central
Government and the Controller
(Section 88)
9
10. Digital Signatures
If a message should be readable but not modifiable, a digital
signature is used to authenticate the sender
Parameter Paper Electronic
Authenticity May be forged Cannot be copied
Integrity Signature
independent of the
document
Signature depends
on the contents of
the document
Non-repudiation a.Handwriting
expert needed
b.Error prone
a.Any computer
user
b.Error free
10
11. Civil Offences under the IT Act 2000
(Section 43 )
Unauthorised copying, extracting and downloading
of any data, database
Unauthorised access to computer, computer system
or computer network
Introduction of virus
Damage to computer System and Computer
Network
Disruption of Computer, computer network
11
12. Civil Offences under the IT Act 2000 (Section 43 )
Denial of access to authorised person to computer
Providing assistance to any person to facilitate
unauthorised access to a computer
Charging the service availed by a person to an
account of another person by tampering and
manipulation of other computer
shall be liable to pay damages by way of
compensation not exceeding one crore rupees to
the person so affected.
12
13. Criminal Offences under the IT Act 2000
(Sections 65 to 75)
Tampering with computer source documents
Hacking with computer system
"Whoever with the intent to cause or knowing that he is likely to
cause wrongful loss or damage to the public or any person
destroys or deletes or alters any information residing in a
computer resource or diminishes its value or utility or affects it
injuriously by any means, commits hacking."
…shall be punishable with imprisonment up to three years, or
with fine which may extend up to two lakh rupees, or with both.
13
14. Criminal Offences under the IT Act 2000
Electronic forgery I.e. affixing of false digital signature, making false
electronic record
Electronic forgery for the purpose of cheating
Electronic forgery for the purpose of harming reputation
Using a forged electronic record
Publication of digital signature certificate for fraudulent purpose
Offences and contravention by companies
14
15. Criminal Offences under the IT Act 2000
Electronic forgery I.e. affixing of false digital signature, making false
electronic record
Electronic forgery for the purpose of cheating
Electronic forgery for the purpose of harming reputation
Using a forged electronic record
Publication of digital signature certificate for fraudulent purpose
Offences and contravention by companies
Unauthorised access to protected system
15
16. Criminal Offences under the IT Act 2000
Confiscation of computer, network, etc.
Unauthorised access to protected system (Sec. 70)
Misrepresentation or suppressing of material facts for
obtaining Digital Signature Certificates
Directions of Controller to a subscriber to extend facilities
to decrypt information (Sec. 69)
Breach of confidentiality and Privacy (Sec. 72)
16
17. Cases
Famous Baazee (now eBay India) CEO arrest case
Two school kids record a pornographic clip on their mobile phone, and
share it as an MMS
An IIT student receives the clip and posts it on Baazee.com (the Indian
arm of Ebay) for auction
When this is discovered, the Delhi Cyber Crime Cell arrests:
Mr. Avnish Bajaj, Director of Bazee
The IIT student who posted the clip
The juvenile who was in the clip
Section 67 “Publishing of information which is obscene in electronic
form” is invoked
17
18. Cases
The Cybercime Cell’s website was hacked
A hoax email about a bomb planted in Parliament was sent to all the MP’s
In both cases, the police arrested the owners of the cyber cafes from
where the crimes were committed
Sections 65 (tampering with computer source documents) and 66 (hacking
with computer system) were invoked
Conclusions
info@niiconsulting.com
18
20. 1) Electronic signatures introduced-
With the passage of the IT ( Amendment) Act,2008 India has
become technologically neutral due to adoption of electronic
signatures as a legally valid mode of executing signatures .
This includes digital signatures as one of the modes of
signatures and is far broader in ambit covering biometrics and
other new forms of creating electronic signatures
20
21. (2) Corporate responsibility introduced in S. 43A
The corporate responsibility for data protection is incorporated
in S 43A in the amended IT Act, 2000 whereby corporate
bodies handling sensitive personal information or data in a
computer resource are under an obligation to ensure adoption
of ‘reasonable security practices‟ to maintain its secrecy,
failing which they may be liable to pay damages. Also, there is
no limit to the amount of compensation that may be awarded
by virtue of this section.
21
22. (3) Legal validity of electronic documents re-emphasized-
Two new sections Section 7A and 10A in the amended Act
reinforce the equivalence of paper based documents to
electronic documents. Section 7A in the amended Act makes
audit of electronic documents also necessary wherever paper
based documents are required to be audited by law. Section
10A confers legal validity & enforceability on contracts formed
through electronic means.
22
23. (4) New cybercrimes as offences under amended Act-
Many cybercrimes for which no express provisions existed in
the IT Act,2000 now stand included by the IT (Amendment)
Act, 2008. Sending of offensive or false messages (s 66A),
receiving stolen computer resource (s 66B), identity theft (s
66C), cheating by personation (s 66D), violation of privacy (s
66E). A new offence of Cyber terrorism is added in Section 66
F which prescribes punishment that may extend to
imprisonment for life .
23
24. (5) Section 69- Power of the controller to
intercept amended
It deals with power of Controller to intercept information being
transmitted through a computer resource when necessary in
national interest is amended by Section 69.In fact the power
vests now with the Central Government or State Government
that empowers it to appoint for reasons in writing, any agency
to intercept, monitor or decrypt any information generated ,
transmitted , received or stored in any computer resource .
24
25. (6) Power to block unlawful websites should be exercised with
caution-
Section 69A has been inserted in the IT Act by the amendments in
2008 and gives power to Central government or any authorized
officer to direct any agency or intermediary(for reasons recorded in
writing ) to block websites in special circumstances as applicable in
Section 69
Section 69B added to confer Power to collect, monitor traffic data
25
26. (7)Liability of Intermediary amended
The amended Section 79 states that the intermediary shall not
be liable for any third party information if it is only providing
access to a communication system over which information
made available by third parties is transmitted or temporarily
stored or hosted or the intermediary does not initiate the
transmission, select the receiver and select or modify the
information contained in transmission.
26
27. Cyber crime
• Cybercrimes are Offences that are committed against individuals or groups of individuals
with a criminal motive to intentionally harm the reputation of the victim or cause physical
or mental harm to the victim directly or indirectly, using modern telecommunication
networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile
phones (SMS/MMS)”.
• India is the third most affected nation by online banking malware and cyber crime
27
28. • Credit card frauds
• Cyber pornography
• Sale of illegal articles-narcotics, weapons, wildlife
• Online gambling
• Intellectual Property crimes- software piracy,
copyright infringement, trademarks violations,
theft of computer source code
• Email spoofing
• Forgery
• Defamation
• Cyber stalking (section 509 IPC)
• Phishing
• Cyber terrorism
Cybercrime is one of the fastest-growing criminal activities on the planet. It
covers a huge range of illegal activity including
28
29. Types of cyber crime
Target group of
computer
devices
Target personal
computer
devices
Against
Individual
Against
Property
Against
Govt.
Denial of
service
Malware
Computer
Viruses
Transmission
of indecent
material
Harassment
(sexual,
racial,
religious etc.)
Computer
Vandalism
Transmission
of harmful
programs
Terrorize
international
Govt.
Cracking
into military
maintained
website
29
30. Modes and manner of committing crimes
Unauthorized access
Unauthorized access means any kind of access without the permission of either the rightful owner
or the person in charge of a computer, computer system or computer network.
Hacking
Every act committed towards breaking into a computer and/or network is hacking. Hackers write or
use ready-made computer programs to attack the target computer.
Trojan Attack
The program that act like something useful but do the things that are quiet damping. The
programs of this kind are called as Trojans.
Virus and Worm attack:-
A program that has capability to infect other programs and make copies of itself and spread into
other programs is called virus.
Programs that multiply like viruses but spread from computer to computer are called as worms.
30
31. Script-kiddies
Crackers do more than just spoiling websites. Novices, who are called "script-kiddies" in
their circles, gain "root" access to a computer system, giving them the same power over
a system as an administrator – such as the power to modify features. They cause
damage by planting viruses.
Email spoofing
Email spoofing refers to email that appears to have been originated from one source
when it was actually sent from another source.
Phishing scams and fraud
A ‘phisher’ may use spoof emails to direct a computer user to fraudulent websites to
elicit a transfer of money, or sensitive information such as passwords or credit card
details, from the user.
31
32. Cyber crimes in India is likely to cross 3,00,000 by 2015
The majority of cybercrimes are centered on fraud and Phishing,
India is the third-most targeted country for Phishing attacks after the US and the UK,
Social networks as well as ecommerce sites are major targets,
India is the 16th most bot-infected country worldwide
A total number of 22,060, 71,780, 1,30,338, and 49,504 cyber-security incidents including
phishing, scanning, spam, malicious code, website intrusion etc were reported during the year
2012, 2013, 2014 and 2015 (up to May).
In 2015 32,323 websites were hacked by various hacker groups.
India is the number 1 country in the world for generating spam.
Cyber crime in India
42 million people fell victim to cybercrime,
$8 billion in direct financial losses (2013)
4 in 5 online adults (80%) have been a victim of Cybercrime,
17% of adults online have experienced cybercrime on their mobile phone
Cost of cyber crime
32
33. National Association of Software and Services
Companies (NASSCOM):
Premier trade body and the chamber of commerce of the IT-BPO industries in India Not-for-profit
organization, registered under the Indian Societies Act, 1860 NASSCOM is the global trade body
with over 1200 members, of which over 250 are
Global companies from the US, UK, EU, Japan and China
NASSCOM's Vision is to maintain India leadership position in the global offshore IT-BPO
industry, to grow the market by enabling industry to tap into emerging opportunity areas and to
strengthen the domestic market in India
NASSCOM's Aim to drive the overall growth of the technology and services market and maintain
India's leadership position, by taking up the role of a strategic advisor to the industry.
NASSCOM'S Objective include accelerating trade development efforts, improving talent supply,
strengthening local infrastructure, building partnerships and driving operational excellence.
NASSCOM is also helping catalyse the process of innovation, IT workforce development and
enhancing data security.
33
34. NASSCOM Initiative
Diversity and Inclusivity Initiative: The initiative focuses on mentoring and empowering
diversity within the workplace with respect to gender, ifferently-abledand multi-cultural
workforce.
Domestic IT Market Initiative: The focus is to promote and grow the domestic IT market
by driving IT adoption in newer industry verticals and small and medium businesses.
eGovernance Initiative: This initiative aims to be catalyst in eGovernance initiatives and
harness ICT for inclusive growth by facilitating collaboration between the industry and
government.
Education Initiative: The initiative aims to improve the interface between the IT-BPO
industry and academia to ensure availability of globally employable IT-BPO professionals.
Specific programmes on enhancing capacity and employment of the workforce are being
undertaken.
Green IT Initiative: This initiative is focused on enabling the IT-BPO industry in India to
contribute to the environment through technology and adoption of environmentally-friendly
infrastructure.
34
35. Conclusion
New forms of cyber crimes
Internet Banking, E-fund transfer and e-payments laws.
Cyber Taxation issues:-
Jurisdictional problems
PE- issues whether a website a PE
Problem of jurisdiction and extraterritorial jurisdiction
Privacy concerns
But
Suggested amendments to the IT Act,2000-new provisions for child pornography, etc.
35