BUB B Com 4th SEM Business Regulations

1. INFORMATION TECHNOLOGY ACT 2000
The Information Technology Bill was passed by both Houses of
Parliament and it received the assent of the President on 9th June,
2000 and became “The Information Technology Act, 2000”.
The Act came into force on 17th October, 2000
The Information Technology Act, 2000 is based on the Model Law on
Electronic Commerce which was adopted by the United Nations
Commission on International Trade and Law (UNCITRAL) in
1996.

2. Objectives of IT Act
The Information Technology Act, 2000 seeks to achieve the following objectives.
(i) To grant legal recognition to electronic records.
(ii) To grant legal recognition to Digital Signature for authentication of the information or matters
requiring authentication under any law of the country.
(iii) To facilitate electronic filing of documents with Government department.
(iv) To facilitates electronic storage of data.
(v) To provide legal sanction to electronic fund transfers to and between banks and financial
institutions.
(vi) To provide legal recognition for keeping books of account in electronic format by bankers.
(vii) To amend the Indian Penal Code, Indian Evidence Act, 1872, the Banker’s Book Evidence
Act, 1891 and RBI Act, 1934.
(viii) To provide legal infrastructure to promote e-commerce and secure information system.
(ix) To manage crimes at national and international levels by enforcing laws

3. Cyber Law in India
Cyber law deals with the legal aspects of cyberspace, the internet, and computing.
In a broader view, cyber law handles the issues of intellectual property, contract,
jurisdiction, data protection laws, privacy, and freedom of expression in the digital
space.
In India, cyber laws are contained in the Information Technology Act, 2000 ("IT Act")
which came into force on October 17, 2000.
The main purpose of the Act is to provide legal recognition to electronic commerce and
to facilitate filing of electronic records with the Government.
The following Act, Rules and Regulations are covered under cyber laws:
1. Information Technology Act, 2000
2. Information Technology (Certifying Authorities) Rules, 2000
3. Information Technology (Security Procedure) Rules, 2004
4. Information Technology (Certifying Authority) Regulations, 2001

4. CYBER CRIMES
Cybercrime in a narrow sense (computer crime): Any illegal
behavior directed by means of electronic operations that targets the
security of computer systems and the data processed by them.
Cybercrime in a broader sense (computer-related crime): Any illegal
behavior committed by means of, or in relation to, a computer system
or network, including such crimes as illegal possession [and] offering
or distributing information by means of a computer system or
network.

5. Various Cyber Crimes
1. Cyber pornography - This would include pornographic websites,
pornographic magazines produced using computers.
2. Sale of illegal articles -This would include sale of narcotics, weapons and wildlife
etc., by posting information on websites
3. Online gambling - There are millions of websites; all hosted on servers abroad,
that offer online gambling. Used money laundering, Cases of hawala, etc.,
4. Intellectual Property crimes - These include software piracy, copyright infringement, trademarks
violations, theft of computer source code etc. In other words, this
is also referred to as cyber squatting.
5. Email spoofing - Spoofing is a type of cybercriminal activity where someone or something
forges the sender’s information and pretends to be a legitimate source
6. Forgery - currency notes, postage and revenue stamps, mark sheets etc., can be forged using
sophisticated computers, printers and scanners.

6. 7. Cyber Defamation-This occurs when defamation takes place with the help of
computers and / or the Internet
8. Cyber stalking
9. Unauthorized access to computer systems or networks This activity is
commonly referred to as hacking
10. Theft of information contained in electronic form
11. Email bombing
12. Data diddling - This kind of an attack involves altering raw data
13. Salami attacks
14. Denial of Service attack-This involves flooding a computer resource with
more requests than it can handle.

7. 15. Virus / worm attacks
16. Logic bombs -These are event dependent programs
17. Trojan attacks
18. Internet time theft
19. Web jacking - This occurs when someone forcefully takes control of a
website
20. Theft of computer system
21. Physically damaging a computer system

8. Preventive Measures for Cyber Crimes
Preventive Measures for Cyber Crimes
availability.
external sources. Examples:
disgruntled employees - leaving bugs behind in your system, hackers looking to steal confidential
information.
upgrades of your systems.
the guards.
provisions to maintenance and
mindful of who is guarding
Roles for security should be defined, documented, and implemented for both your company and
external contractors.
communicated in non-
technical terms. This could include briefings, posters, clauses in employee contracts, security
awareness days etc.
particular technical areas.
security controls for their
ivities that may occur on your system. System records must note
who was using the system, when, for how long, deletions etc.
only be able to see information that they are authorized to see.
employee leaves the company.
mandatory. Employees should
needed. Example: in case an

9. Offences and Punishment under the Information Technology Act, 2000
Section Contents Imprisonment Fine
65 Tampering with computer source documents Up to 3 years or With Fine which may extend to 2 Lakh Rupees
66 Hacking with computer system dishonestly or fraudulently Up to 3 years or With fine which may extend to 5 Lakh Rupees
66A* Punishment for Sending offensive messages through communication
devise
Up to 3 years and With fine
66B Punishment for dishonestly receiving Stolen computer resource or
communication device
Up to 3 years or With fine which may extend to 1 Lakh Rupees
66C Punishment for Identity Theft - fraudulently or dishonestly make use of
the electronic signature, password or
any other unique identification feature of any other person
Up to 3 years and With fine which may extend to 1 Lakh Rupees
66D Punishment for cheating by Personation by using computer resource Up to 3 years and With fine which may extend to 1 Lakh Rupees
66E Punishment for Violation of Privacy Up to 3 years or With fine not exceeding 2 Lakh Rupees
66F Punishment for Cyber Terrorism With Imprisonment which may
extend to
imprisonment for Life.
----
67 Punishment for Publish or transmitting Obscene material in electronic
form - First time
Second Time or Subsequent conviction
Up to 3 years and Up to 5
years and
With fine which may extend to 5 Lakh Rs.
With fine which may
extend to 10 Lakh Rs.

10. 67A Punishment for Publishing or transmitting
material containing Sexually Explicit Act
etc. in electronic form First time
Second time or subsequent conviction
Up to 5 years and Up to
7 years and
With fine which may extend
to 10 Lakh Rs With fine
which may extend to 10
Lakh Rs
67B Punishment for Publishing or transmitting
material containing Children in Sexually
Explicit Act – First time
second time or Subsequent conviction
Up to 5 years and Up
to 7 years and
With fine which may extend to
10 Lakh Rs.
With fine which may extend
to 10 Lakh Rs
69A Failure to comply with directions for
Blocking for Public Access of any
information through any computer
resource
Up to 7 Years and Shall also be liable to Fine
69B Failure to comply with directions to
Monitor and Collect Traffic Data or
information generated, transmitted,
received or stored in any computer
resource
Up to 3 Years and Shall also be liable to Fine
70 Protected system. Any unauthorized access to
such system
Up to 10 years and Shall also be liable to Fine

11. Cyberspace
Cyberspace refers to the virtual computer world, and more specifically, an
electronic medium that is used to facilitate online communication.
Cyberspace typically involves a large computer network made up of many
worldwide computer sub-networks that employ TCP/IP protocol to aid in
communication and data exchange activities.
•The TCP/IP model is a framework that describes how data is transmitted
over networks, dividing communication into four layers:
•Application,
•Transport,
•Internet, and
•Network Access.

12. Private Key
The private key is used in both encryption as well as decryption.
This key is shared between the sender and receiver of the encrypted sensitive
information.
The private key is also called "symmetric" because it is shared by both parties.
Private key cryptography is faster than public-key cryptography mechanism.
A private key should be kept secret for effective security;
Public Key
Asymmetric cryptography, often known as public-key cryptography, is a type of
encryption that employs pairs of keys. Cryptographic techniques based on
mathematical problems known as one-way functions are used to generate such key
pairs.
a public key can be freely circulated without jeopardizing security.

13. Digital Signature Certificate (DSC)
It is an electronic and legal alternative of traditional wet signature. It can be
presented electronically to obtain services or information on the internet or
else to sign documents digitally. Also, users can utilize a digital signature
certificate to send encrypted emails.
Most importantly, a digital signature certificate is highly secure file that stores
signer's personal information.
An individual or an organization can be eligible to digitally sign documents
only after registering with a certifying authority (CA).
eMudhra is a licensed certifying authority wherein, individuals or
organizations can purchase class 3 digital signature certificates for one, two, or
three years