An overview of cyberimes


Published on

Presentation made by Dr. Tabrez Ahmad, in training programme at Biju Pattanaik, state Police Academy Bhubaneswar, to train DSPs organised by Crminal Investigation department govt. of India

Published in: Education
1 Comment
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

An overview of cyberimes

  1. 1. An Overview of Cyber CrimesBiju Pattnaik State Police Academy Bhubaneswar By Dr. Tabrez Ahmad Professor of Law tabrezahmad7@gmail.com
  2. 2. Dr. Tabrez Ahmad,
  3. 3. Agenda1. Background of Cybercrime2. The categories of cybercrimes3. Analysis of the cybercrime & Indian legal position4. Vicarious Liability of ISPs and Govt.5. Future course of action Dr. Tabrez Ahmad,
  4. 4. Digital Revolution Internet Infra in INDIA Internet INDIA Internet Infrastructure:2008.5 1Mil. Domains (0.5 Mil. “.in”) Bharti BSNL NIC 130+ IDCs 134 Major Mail Servers ISPs ERNET Reliance TATA Communications4.8 Mil. High DNSSpeed Internet Enterprise IT /65 Mil. Internet Govt. ITESUsers BPO Home248 Mil. Mobile AcademiaPhones8 Mil. Mobile Phones being addedper month `Tele Density 24 per 1000 person Dr. Tabrez Ahmad,Targetted Broadband connection = 10 Mil. VOIP, IPTV(2010) 4
  5. 5. Real-world & Virtual- worldCurrent approaches evolved todeal with real-world crimeCybercrime occurs in a virtual-world and therefore presentsdifferent issues Dr. Tabrez Ahmad,
  6. 6. Example : TheftReal-world theft: Possession of property shifts completelyfrom A to B, i.e., A had it now B has itTheft in Virtual-world (Cyber-theft):Property is copied, so A “has” it and so does B Dr. Tabrez Ahmad,
  7. 7. Development of Cyberlaw and need of regulation Internet for Security USA ARPANET Internet for Research Internet for e-commerce UNCITRAL Model Law 1996 I.T Act 2000 Internet for e-governance Internet regulation – serious matter after 9/11 attack on World Trade Centre US Patriot Act I.T Amendment Act 2008 Dr. Tabrez Ahmad,
  8. 8. What is India inc‘s biggestthreat? Cyber crime is now a bigger threat to India Inc than physical crime. In a recent survey by IBM, a greater number of companies (44%) listed cyber crime as a bigger threat to their profitability than physical crime (31%). The cost of cyber crime stems primarily from loss of revenue, loss of market capitalisation, damage to the brand, and loss of customers, in that order. About 67% local Chief Information Officers (CIOs) who took part in the survey perceived cyber crime as more costly, compared to the global benchmark of 50%.Dr. Tabrez Ahmad,
  9. 9. Types of Cyber crimes Crime against Government Crime against property Crime against persons Dr. Tabrez Ahmad,
  10. 10. Cyber Crimes/Civil Wrongs Cyber Protection Vicarious trespass Cyberlibel of Contents Pornography Cyberte Liability of on rrorism Websites ISPsTrespass Trespass toto person Property Cookies, Viruses Data Online Magic Collection survelliance LanternTechnique Identity Cybersquating Theft Software Piracy Phising Cyberst Data Protection alking Confidential Spammin Information g Hacking Dr. Tabrez Ahmad,
  11. 11. Unauthorized access: This occurs when a user/hackerdeliberately gets access into someone else‘s network either tomonitor or data destruction purposesFor e.g. In February hackers hacked the password of CU VCProf. Surabhi Banerjee and send the mails to different Govt.officials.Denial of service attack: It involves sending ofdisproportionate demands or data to the victims server beyondthe limit that the server is capable to handle and hence causesthe server to crash Dr. Tabrez Ahmad,
  12. 12. Virus, Worms and Trojan attacks: Viruses are basically programs that are attached to a file which then gets circulated to other files and gradually to other computers in the network. Worms unlike Viruses do not need a host for attachments they make copies of themselves and do this repeatedly hence eating up all the memory of the computer. Trojans are unauthorized programs which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. Dr. Tabrez Ahmad,
  13. 13. Computer Viruses Viruses Viruses A computer virus is a computer program that can infect other computer programs by modifying them Boot and in such a way as to include a File Boot infectors record file (possibly evolved) copy of it. viruses Note that a program does not infectors have to perform outright damage (such as deleting or corrupting files) in order to be called a "virus". Dr. Tabrez Ahmad,
  14. 14. Email Bombing It refers to sending a large number of emailsto the victim resulting in the victims email account (in case ofan individual) or mail servers (in case of a company or anemail service provider) crashingInternet Time TheftsThis connotes the usage by an unauthorized person of the Internet hours paid for by another. Dr. Tabrez Ahmad,
  15. 15.  Web Jacking This occurs when someone forcefully takes control of a website (by cracking the password and later changing it). The actual owner of the website does not have any more control over what appears on that website Theft and Physical damage of computer or its peripherals This type of offence involves the theft of a computer, some parts of a computer or a peripheral attached to the computer. and physically damaging a computer or its peripherals. Attack on PM Office by Chinese hackers in December 2009 Dr. Tabrez Ahmad,
  16. 16. Combating cyber crimes Technological measures-Public key cryptography, Electronic signatures ,Firewalls, honey pots Cyber investigation- Computer forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable in courts of law. These rules of evidence include admissibility (in courts), authenticity (relation to incident), completeness, reliability and believability. Legal framework-laws & enforcement Dr. Tabrez Ahmad,
  17. 17. I.T. ACT, 2000: OBJECTIVES Different approaches for controlling, regulating and facilitating electronic communication and commerce. Aim to provide legal infrastructure for e-commerce in India. To provide legal recognitionfor e-transactionsDr. Tabrez Ahmad,
  18. 18. OBJECTIVES (Contd.) Carried out by means of electronic data interchange, and Other means of electronic communication, commonly referred to as "electronic commerce", involving the use of alternatives to paper-based methods of communication and storage of information. To facilitate electronic filing of documents with the Government agencies To amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934Dr. Tabrez Ahmad,
  19. 19. GOVERNMENT –NSP??  Governments Providing Services On The Network  Governments Are Intermediaries. Sec 79 IT Act.  Under The It Act, 2000, All Governments, Central And State, All Governmental Bodies Are ―Network Service Providers‖ Dr. Tabrez Ahmad,
  20. 20. Section 79 For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.Dr. Tabrez Ahmad,
  21. 21. Network Service Providers:When Not Liable Explanation.—For the purposes of this section, —(a) "network service provider" means an intermediary;(b) "third party information" means any information dealt with by a network service provider in his capacity as an intermediary.Dr. Tabrez Ahmad,
  22. 22. TRANSPARENCY Need For Transparent E-governance Right To Information Act Government Would Now Not Be Able To Hide Records Concerning E-governance Dr. Tabrez Ahmad,
  23. 23. AUTHENTICATION OFELECTRONIC RECORDS Any subscriber may authenticate an electronic record Authentication by affixing his digital signature. Any person by the use of a public key of the subscriber can verify the electronic recordDr. Tabrez Ahmad,
  24. 24. LEGALITY OF ELECTRONICSIGNATURES  Legal recognition of digital signatures.  Certifying Authorities for Digital Signatures.  Scheme for Regulation of Certifying Authorities for Digital Signatures Dr. Tabrez Ahmad,
  25. 25. CONTROLLER OFCERTIFYINGAUTHORITIES Shall exercise supervision over the activities of Certifying Authorities Lay down standards and conditions governing Certifying Authorities Specify various forms and content of Digital Signature Certificates Dr. Tabrez Ahmad,
  26. 26. DIGITAL SIGNATURES & ELECTRONICRECORDS Use of Electronic Records and Electronic Signatures in Government Agencies. Publications of rules and regulations in the Electronic Gazette. Dr. Tabrez Ahmad,
  27. 27. International initiatives Representatives from the 26 Council of Europe members, the United States, Canada, Japan and South Africa in 2001  Main objectives- signed a convention on cybercrime in efforts to enhance international  Create effective cyber cooperation in combating computer- crime laws based crimes.  Handle jurisdiction issues The Convention on Cybercrime, drawn  Cooperate in international up by experts of the Council of Europe, is investigations designed to coordinate these countries  Develop acceptable policies and laws on penalties on crimes practices for search and in cyberspace, define the formula guaranteeing the efficient operation of seizure the criminal and judicial authorities, and  Establish effective establish an efficient mechanism for public/private sector international cooperation. interaction In 1997, The G-8 Ministers agreed to ten "Principles to Combat High-Tech Crime" and an "Action Plan to Combat High- Tech Crime." Dr. Tabrez Ahmad,
  28. 28. Combating Cyber crime-Indian legalframework Information Technology Act, 2000-came into force on 17 October 2000 Extends to whole of India and also applies to any offence or contravention there under committed outside India by any person {section 1 (2)} read with Section 75- Act applies to offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India Section 2 (1) (a) –‖Access‖ means gaining entry into ,instructing or communicating with the logical, arithmetic or memory function resources of a computer, computer resource or network IT Act confers legal recognition to electronic records and digital signatures (section 4,5 of the IT Act,2000)Dr. Tabrez Ahmad,
  29. 29. Cybercrime vs Cyber contravention The IT Act prescribes provisions for contraventions in ch IX of the Act, particularly s 43 of the Act, which covers unauthorised access, downloading, introduction of virus, denial of access and Internet time theft committed by any person. It prescribes punishment by way of damages not exceeding Rs 1 crore to the affected party. Chapter XI of the IT Act 2000 discusses the cyber crimes and offences inter alia, tampering with computer source documents (s 65), hacking (s 66), publishing of obscene information (s 67), unauthorised access to protected system (s 70), breach of confidentiality (s 72), publishing false digital signature certificate (s 73). Whereas cyber contraventions are ‗civil wrongs‘ for which compensation is payable by the defaulting party, ‗cyber offences‘ constitute cyber frauds and crimes which are criminal wrongs for which punishment of imprisonment and/or fine is prescribed by the Information Technology Act 2000.Dr. Tabrez Ahmad,
  30. 30. Special and General statutesapplicable to cybercrimes While the IT Act 2000, provides for the specific offences it has to be read with the Indian Penal Code 1860 (IPC) and the Code of Criminal Procedure 1973 (Cr PC) IT Act is a special law, most IT experts are of common consensus that it does not cover or deal specifically with every kind of cyber crime for instance, for defamatory emails reliance is placed on s 500 of IPC, for threatening e-mails, provisions of IPC applicable thereto are criminal intimidation (ch XXII), extortion (ch XVII), for e-mail spoofing, provisions of IPC relating to frauds, cheating by personation (ch XVII) and forgery (ch XVIII) are attracted. Likewise, criminal breach of trust and fraud (ss 405, 406, 408, 409) of the IPC are applicable and for false electronic evidence, s 193 of IPC applies. For cognisability and bailability, reliance is placed on Code of Criminal Procedure which also lays down the specific provisions relating to powers of police to investigate.Dr. Tabrez Ahmad,
  31. 31. Tampering of source code According to s 65 of the IT Act- a person who intentionally conceals or destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer program, computer system or network when the computer source code is required to be maintained by law is punishable with imprisonment upto 3 years or with fine that may extend upto 2 lakh rupees or with both.Dr. Tabrez Ahmad,
  32. 32. Hacking Section 66 of the IT Act 2000 deals with the offence of computer hacking. In simple words, hacking is accessing of a computer system without the express or implied permission of the owner of that computer system. Examples of hacking may include unauthorised input or alteration of input, destruction or misappropriation of output, misuse of programs or alteration of computer data. Punishment for hacking is imprisonment upto 3years or fine which may extend to 2 lakh rupees or bothDr. Tabrez Ahmad,
  33. 33. Publishing obscene information Section 67 of the IT Act lays down punishment for the offence of publishing of obscene information in electronic form Recently, the Supreme Court in Ajay Goswami v Union of India considered the issue of obscenity on Internet and held that restriction on freedom of speech on ground of curtailing obscenity amounts to reasonable restriction under art 19(2) of the Constitution. The court observed that the test of community mores and standards has become obsolete in the Internet age. punishment on first conviction with imprisonment for a term which may extend to 5 years and with fine which may extend to 1 lakh rupees. In the event of second conviction or subsequent conviction imprisonment of description for a term which may extend to 10 years and fine which may extend to2 lakh rupees.Dr. Tabrez Ahmad,
  34. 34. New offences defined under IT AmendmentAct 2008 with effect from 27th October 2009 Many cybercrimes for which no express provisions existed in the IT Act 2000 now stand included by the IT Amendment Act 2008. Sending of offensive or false messages (s 66A), receiving stolen computer resource (s 66C), identity theft (s 66C), (s 66D) cheating by personation, violation of privacy (s 66E). Barring the offence of cyber terrorism (s 66F ) punishment prescribed is generally upto three years and fine of one/two lakhs rupees has been prescribed and these offences are cognisable and bailable. This will not prove to play a deterrent factor for the cyber criminals. Further, as per new s 84B,abetment to commit an offence is made punishable with the punishment provided for the offence under the Act and the new s 84C makes attempt to commit an offence also a punishable offence with imprisonment for a term which may extend to one-half of the longest term of imprisonment provided for that offence Dr. Tabrez Ahmad,
  35. 35. The IT Amendment Act 2008  In certain offences, such as hacking (s 66) punishment is enhanced from 3 years of imprisonment and fine of 2 lakhs to fine of 5 lakhs rupees. In s 67, for publishing of obscene information imprisonment term has been reduced from five years to three years (and five years for subsequent offence instead of earlier ten years) and fine has been increased from one lakh to five lakhs rupees (ten lakhs on subsequent conviction).  Section 67A adds an offence of publishing material containing sexually explicit conduct punishable with imprisonment for a term that may extend to 5 years with fine upto ten lakhs rupees. Dr. Tabrez Ahmad,
  36. 36. The IT Amendment Act 2008 Section 67B punishes offence of child pornography, child‘s sexually explicit act or conduct with imprisonment on first conviction for a term upto 5 years and fine upto 10 lakhs rupees.Dr. Tabrez Ahmad,
  37. 37. Section 46 IT Act Section 46 of the IT Act states that an adjudicating officer shall be adjudging whether a person has committed a contravention of any of the provisions of the said Act, by holding an inquiry. Principles of audi alterum partum and natural justice are enshrined in the said section which stipulates that a reasonable opportunity of making a representation shall be granted to the concerned person who is alleged to have violated the provisions of the IT Act. The said Act stipulates that the inquiry will be carried out in the manner as prescribed by the Central Government All proceedings before him are deemed to be judicial proceedings, every Adjudicating Officer has all powers conferred on civil courts Appeal to cyber Appellate Tribunal- from decision of Controller, Adjudicating Officer {section 57 IT act}Dr. Tabrez Ahmad,
  38. 38. Section 47, IT Act Section 47 of the Act lays down that while adjudging the quantum of compensation under this Act, the adjudicating officer shall have due regard to the following factors, namely- (a) the amount of gain of unfair advantage, wherever quantifiable, made as a result of the default; (b) the amount of loss caused to any person as a result of the default; (c) the repetitive nature of the defaultDr. Tabrez Ahmad,
  39. 39. Section 65: Source Code Most important asset of software companies ―Computer Source Code" means the listing of programmes, computer commands, design and layout Ingredients  Knowledge or intention  Concealment, destruction, alteration  computer source code required to be kept or maintained by law Punishment  imprisonment up to three years and / or  fine up to Rs. 2 lakhDr. Tabrez Ahmad,
  40. 40. Section 66: Hacking• Ingredients – Intention or Knowledge to cause wrongful loss or damage to the public or any person – Destruction, deletion, alteration, diminishing value or utility or injuriously affecting information residing in a computer resource• Punishment – imprisonment up to three years, and / or – fine up to Rs. 2 lakh• Cognizable, Non Bailable, Section 66 covers data theft aswell as data alterationDr. Tabrez Ahmad, 40
  41. 41. Computer Related Crimes under IPC and Special Laws Sending threatening messages by email Sec 503 IPC Sending defamatory messages by email Sec 499, 500 IPC Forgery of electronic records Sec 463, 470, 471 IPC Bogus websites, cyber frauds Sec 420 IPC Email spoofing Sec 416, 417, 463 IPC Online sale of Drugs NDPS ActWeb -Jacking Sec. 383 IPC Online sale of Arms Arms ActDr. Tabrez Ahmad, 41
  42. 42. Case Study- BPO Data Theft The recently reported case of a Bank Fraud in Pune in which some ex employees of BPO arm of MPhasis Ltd MsourcE, defrauded US Customers of Citi Bank to the tune of RS 1.5 crores has raised concerns of many kinds including the role of "Data Protection".Dr. Tabrez Ahmad,
  43. 43. Case Study (contd.) The crime was obviously committed using "Unauthorized Access" to the "Electronic Account Space" of the customers. It is therefore firmly within the domain of "Cyber Crimes". ITA-2000 is versatile enough to accommodate the aspects of crime not covered by ITA-2000 but covered by other statutes since any IPC offence committed with the use of "Electronic Documents" can be considered as a crime with the use of a "Written Documents". "Cheating", "Conspiracy", "Breach of Trust" etc are therefore applicable in the above case in addition to section in ITA-2000. Under ITA-2000 the offence is recognized both under Section 66 and Section 43. Accordingly, the persons involved are liable for imprisonment and fine as well as a liability to pay damage to the victims to the maximum extent of Rs 1 crore per victim for which the "Adjudication Process" can be invoked. Dr. Tabrez Ahmad,
  44. 44. Case Study (contd.) The BPO is liable for lack of security that enabled the commission of the fraud as well as because of the vicarious responsibility for the ex- employees involvement. The process of getting the PIN number was during the tenure of the persons as "Employees" and hence the organization is responsible for the crime. Some of the persons who have assisted others in the commission of the crime even though they may not be directly involved as beneficiaries will also be liable under Section 43 of ITA-2000. Under Section 79 and Section 85 of ITA-2000, vicarious responsibilities are indicated both for the BPO and the Bank on the grounds of "Lack of Due Diligence". At the same time, if the crime is investigated in India under ITA-2000, then the fact that the Bank was not using digital signatures for authenticating the customer instructions is a matter which would amount to gross negligence on the part of the Bank. (However, in this particular case since the victims appear to be US Citizens and the Bank itself is US based, the crime may come under the jurisdiction of the US courts and not Indian Courts). Dr. Tabrez Ahmad,
  45. 45. Cyber Pornography Section 67 of IT Act  Publishing, transmitting, causing to be published  Porn in the electronic form Strict punishment  5 years jail (SI or RI) + 1 lakh fine  10 years jail (SI or RI) + 2 lakh fineDr. Tabrez Ahmad,
  46. 46. Baazee case Dr. Tabrez Ahmad,
  47. 47. Baazee case Obscene MMS clipping listed for sale on 27th November, 2004 - ―DPS Girl having fun". Some copies sold through Avnish Bajaj (CEO) arrested and his bail application was rejected by the trial court.Dr. Tabrez Ahmad,
  48. 48. Points of the prosecution The accused did not stop payment through banking channels after learning of the illegal nature of the transaction. The item description "DPS Girl having fun" should have raised an alarm.Dr. Tabrez Ahmad,
  49. 49. Points of the defence Section 67 relates to publication of obscene material and not transmission. Remedial steps were taken within 38 hours, since the intervening period was a weekend.Dr. Tabrez Ahmad,
  50. 50. Findings of the Court It has not been established from the evidence that any publication took place by the accused, directly or indirectly. The actual obscene recording/clip could not be viewed on the portal of The sale consideration was not routed through the accused.Dr. Tabrez Ahmad,
  51. 51. Findings of the Court Prima facie had endeavored to plug the loophole. The accused had actively participated in the investigations. The nature of the alleged offence is such that the evidence has already crystallized and may even be tamper proof.Dr. Tabrez Ahmad,
  52. 52. Findings of the Court Even though the accused is a foreign citizen, he is of Indian origin with family roots in India. The evidence indicates  only that the obscene material may have been unwittingly offered for sale on the website.  the heinous nature of the alleged crime may be attributable to some other person.Dr. Tabrez Ahmad,
  53. 53. Court order The court granted bail to Mr. Bajaj subject to furnishing two sureties of Rs. 1 lakh each. The court ordered Mr. Bajaj to  surrender his passport  not to leave India without Court permission  to participate and assist in the investigation.Dr. Tabrez Ahmad,
  54. 54. State of Tamil Nadu Vs Suhas Katti This Case is notable for the fact that the conviction was achieved successfully within a relatively quick time of 7 months from the filing of the FIR . The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. Additional Chief Metropolitan Magistrate, delivered the judgment on 5-11-04 as follows: ―The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/- and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.‖ This is considered the first case convicted under section 67 of Information Technology Act 2000 in India Dr. Tabrez Ahmad,
  55. 55.  Recently, the Supreme Court in Ajay Goswami v Union of India considered the issue of obscenity on Internet and held that restriction on freedom of speech on ground of curtailing obscenity amounts to reasonable restriction under art 19(2) of the Constitution. The court observed that the test of community mores and standards has become obsolete in the Internet age. Punishment on first conviction with imprisonment for a term which may extend to 5 years and with fine which may extend to 1 lakh rupees. In the event of second conviction or subsequent conviction imprisonment of description for a term which may extend to 10 years and fine which may extend to2 lakh rupees. Dr. Tabrez Ahmad,
  56. 56. Protected SystemsDr. Tabrez Ahmad,
  57. 57. Protected Systems Gazette notification for declaring protected system. Government order authorizing persons to access protected systems. 10 years jail for accessing or attempting to access protected systems.Dr. Tabrez Ahmad,
  58. 58. Firos vs. State of Kerala Govt of Kerala declared the FRIENDS application software as a protected system. The author of the application software challenged the notification and the constitutional validity of section 70. The Court upheld the validity of bothDr. Tabrez Ahmad,
  59. 59. Tampering with source codeDr. Tabrez Ahmad,
  60. 60. Tampering with source code Computer source code need not only be in the electronic form. It can be printed on paper (e.g. printouts of flowcharts for designing a software application).Dr. Tabrez Ahmad,
  61. 61. Tampering with source code Following are punishable with 3 years jail and / or 2 lakh fine:  Concealing  Altering  DestroyingDr. Tabrez Ahmad,
  62. 62. Syed Asifuddin case Tata Indicom employees were arrested for manipulation of the electronic 32-bit number (ESN) programmed into cell phones that were exclusively franchised to Reliance Infocomm. The court held that such manipulation amounted to tampering with computer source code as envisaged by section 65.Dr. Tabrez Ahmad,
  63. 63. Parliament attack case Several terrorists attacked Parliament House on 13-Dec-01 Digital evidence played an important role during their prosecution. The accused had argued that computers and digital evidence can easily be tampered and hence should not be relied upon. Dr. Tabrez Ahmad,
  64. 64. Parliament attack case A laptop, several smart media storage disks and devices were recovered from a truck intercepted at Srinagar pursuant to information given by two of the suspects. These articles were deposited in the police ―malkhana‖ on 16-Dec-01 but some files were written onto the laptop on 21-Dec-01.Dr. Tabrez Ahmad,
  65. 65. Parliament attack case Evidence found on the laptop included:  fake identity cards,  video files containing clippings of political leaders with Parliament in background shot from TV news channels,  scanned images of front and rear of a genuine identity card,Dr. Tabrez Ahmad,
  66. 66. Parliament attack case  image file of design of Ministry of Home Affairs car sticker,  the game wolf pack with the user name Ashiq. Ashiq was the name in one of the fake identity cards used by the terrorists.Dr. Tabrez Ahmad,
  67. 67. The Information Technology (Amendment)Act, 2008 has come into force on 27thOctober, 2009. Almost Nine years and 10 days after the birth of cyber laws in India, the new improved cyber law regime in India has become a reality. The Information Technology Act initially came into force on 17th October 2000 on the model UNCITRAL of UNO 1996. Major changes to the IT Act 2000 have now come into force with effect from 27th October 2009. There are around 17 changes and out of that most of the changes relate to cyber crimes. The last decade has seen a spurt in crimes like cyber stalking and voyeurism, cyber pornography, email frauds, phishing and crimes through social networking. All these and more are severely dealt with under the new laws. Dr. Tabrez Ahmad,
  68. 68. Some of the major modifications are: 1. A special liability has been imposed on call centers, BPOs, banks and others who hold or handle sensitive personal data. If they are negligent in "implementing and maintaining reasonable security practices and procedures", they will be liable to pay compensation. It may be recalled that Indias first major BPO related scam was the multi crore MphasiS- Citibank funds siphoning case in 2005. Under the new law, in such cases, the BPOs and call centers could also be made liable if they have not implemented proper security measures. 2. Compensation on cyber crimes like spreading viruses, copying data, unauthorised access, denial of service etc is not restricted to Rs 1 crore anymore. The Adjudicating Officers will have jurisdiction for cases where the claim is upto Rs. 5 crore. Above that the case will need to be filed before the civil courts. Dr. Tabrez Ahmad,
  69. 69.  3.The offence of cyber terrorism has been specially included in the law. A cyber terrorist can be punished with life imprisonment. 4. Sending threatening emails and sms are punishable with jail upto 3 years. 5. Publishing sexually explicit acts in the electronic form is punishable with jail upto 3 years. This would apply to cases like the Delhi MMS scandal where a video of a young couple having sex was spread through cell phones around the country. Dr. Tabrez Ahmad,
  70. 70.  6.Voyeurism is now specifically covered. Acts like hiding cameras in changing rooms, hotel rooms etc is punishable with jail upto 3 years. This would apply to cases like the infamous Pune spycam incident where a 58-year old man was arrested for installing spy cameras in his house to snoop on his young lady tenants. 7. Cyber crime cases can now be investigated by Inspector rank police officers. Earlier such offences could not be investigated by an officer below the rank of a deputy superintendent of police. 8. Collecting, browsing, downloading etc of child pornography is punishable with jail upto 5 years for the first conviction. For a subsequent conviction, the jail term can extend to 7 years. A fine of upto Rs 10 lakh can also be levied. Dr. Tabrez Ahmad,
  71. 71.  9. The punishment for spreading obscene material by email, websites, sms has been reduced from 5 years jail to 3 years jail. This covers acts like sending dirty jokes and pictures by email or sms. 10. Refusing to hand over passwords to an authorized official could land a person in prison for upto 7 years. 11. Hacking into a Government computer or website, or even trying to do so in punishable with imprisonment upto 10 years. 12. Rules pertaining to section 52 (Salary, Allowances and Other Terms and Conditions of Service of Chairperson and Members), Dr. Tabrez Ahmad,
  72. 72.  13. Rules pertaining to section 69 (Procedure and Safeguards for Interception, Monitoring and Decryption of Information), 14. Rules pertaining to section 69A (Procedure and Safeguards for Blocking for Access of Information by Public), 15. Rules pertaining to section 69B (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) and 16. Notification under section 70B for appointment of the Indian Computer Emergency Response Team. 17. Rules Rules pertaining to section 54 (Procedure for Investigation of Misbehaviour or Incapacity of Chairperson and Members), Dr. Tabrez Ahmad,
  73. 73. Do you have any question?
  74. 74. Dr. Tabrez Ahmad,