Anda di halaman 1dari 50

PRESENTATION ON

CYBER LAWS
CONTENTS
INTRODUCTION
NEED FOR CYBER LAWS
CYBER LAWS IN INDIA
CYBER CRIMES
OFFENCES AND LAWS IN CYBER
SPACE
CYBER LAWS AMENDMENTS
CONCLUSION
INTRODUCTION
GROWTH OF
CYBER SPACE

ONSET OF
INTERNET

CYBER LAW OR
LAW OF
INTERNET
Cyber Law
The General Assembly of UNO recognizing the need
of a separate law for Ecommerce and E business ,
resolved on 30-01-1997 to adopt a model law on
electronic commerce framed by United Nations
commission on international trade law.
The Government of India Keeping in view the above
fact got enacted by Parliament the Information
Technology ACT 2000.
Objectives of the law
To bring in uniformity in the law applicable to
paperless methods of communication and
storage of information prevalent in India on the
pattern of the international law
To promote efficient delivery of Government
services by means of reliable electronic records
Scope and Application
Has come into effect from 17th October 2000
The act does not apply to the following
A negotiable instrument as per NI Act1881
A power-of-attorney as per POA Act 1882
A trust deed
A will
Any contract for sale or conveyance of immovable property
or any interest in such property
Any such class of documents or transactions as may be
notified by the central govt in the official gazette.
History of Computerization in Banks
Banks had a large data for back office
Banks has well spread from 1969 after nationalization.
Indian Banks have initiated their computerization efforts as
early as in 1960 by installing IBMs unit recording machines for
inter branch reconciliation job. The first banks to take up this
step is SBI, Canara Bank, IOB
In 1966 SBI installed a Main frame IBM 1401, followed by a
Burroughs B1728 Some other Banks also followed suit
In 1972 ASCOTA Ledger Posting machines were installed in
some metropolitan cities, followed by CALSTAR for interest
calculation
For using the computer for customer interface unions used to
have strong objection.
NEED FOR CYBER LAWS

TACKLING CYBER
CRIMES

INTELLECTUAL
PROPERTY RIGHTS
AND COPYRIGHTS
PROTECTION ACT
CYBER LAWS IN INDIA
ITACT PASSED IN
2000
INTERNET IN
INDIA
IMPLEMENTATION
OF CYBER LAW
REASONS FOR
DELAY IN
IMPLEMENTATION
OF CYBER LAWS IN
INDIA
Act covers
Digital Signature
Electronic Governance
Attribution, acknowledgement and dispatch of electronic records
Secure Electronic Records and Secure Digital Signatures
Regulation of Certifying authorities
Granting Licence
Digital Signature Certificates
Duties of Subscribers
Penalties and Adjudication
The Cyber Regulations appellate Tribunal
Offences
Offences
Tampering with computer source documents
Hacking with computer system
Publishing of information which is absence in electronic form
Protected System
Penalty For Misrepresentation
Breach Of confidentiality and Privacy
Publication for fraudulent purpose
Confiscation
Penalties and confiscation not to interfere with other
punishments
Next session
Different Delivery channels( ATMs, ABB,
internet banking) -Payment Systems -Cheque
truncation E Commerce- Credit Card, Debit
Card, E purse, E cheque, E Money -
IT Act, 2000
Enacted on 17th May
2000- India is 12th
nation in the world to
adopt cyber laws
IT Act is based on
Model law on e-
commerce adopted by
UNCITRAL
Objectives of the IT Act
To provide legal recognition for transactions:-
Carried out by means of electronic data interchange, and other
means of electronic communication, commonly referred to as
"electronic commerce
To facilitate electronic filing of documents with Government
agencies and E-Payments
To amend the Indian Penal Code, Indian Evidence Act,1872, the
Bankers Books Evidence Act 1891,Reserve Bank of India Act
,1934
Definitions ( section 2)
"computer" means electronic, magnetic, optical or other high-speed date
processing device or system which performs logical, arithmetic and memory
functions by manipulations of electronic, magnetic or optical impulses, and
includes all input, output, processing, storage, computer software or
communication facilities which are connected or relates to the computer in a
computer system or computer network;
"computer network" means the inter-connection of one or more computers
through-
(i) the use of satellite, microwave, terrestrial lime or other communication
media; and
(ii) terminals or a complex consisting of two or more interconnected
computers whether or not the interconnection is continuously maintained;
Definitions ( section 2)
"computer system" means a device or collection of devices, including input
and output support devices and excluding calculators which are not
programmable and capable being used in conjunction with external files
which contain computer programmes, electronic instructions, input data and
output data that performs logic, arithmetic, data storage and retrieval,
communication control and other functions;
"data" means a representation of information, knowledge, facts, concepts or
instruction which are being prepared or have been prepared in a formalised
manner, and is intended to be processed, is being processed or has been
processed in a computer system or computer network, and may be in any
form (including computer printouts magnetic or optical storage media,
punched cards, punched tapes) or stored internally in the memory of the
computer.
Definitions ( section 2)
"electronic record" means date, record or date generated, image or sound stored,
received or sent in an electronic form or micro film or computer generated micro
fiche;
secure system means computer hardware, software, and procedure that-
(a) are reasonably secure from unauthorized access and misuse;
(b) provide a reasonable level of reliability and correct operation;
(c) are reasonably suited to performing the intended function; and
(d) adhere to generally accepted security procedures
security procedure means the security procedure prescribed by the Central
Government under the IT Act, 2000.
secure electronic record where any security procedure has been applied to an
electronic record at a specific point of time, then such record shall be deemed to be a
secure electronic record from such point of time to the time of verification
E-Commerce
Universal Internet access
Total Internet economy in 2004
US $ 4.48 trillion
E-Commerce spending in 2004
US $ 2.5 trillion
E-Commerce in India in 2005
Rs. 1,95,000 Crore
E-Commerce in Asia in 2005
28% of world total
Electronic Commerce
EC transactions over the
Internet include
Formation of Contracts
Delivery of Information and
Services
Delivery of Content
Future of Electronic
Commerce depends on
the trust that the transacting parties
place in the security of the
transmission and content of their
communications
Electronic World
Electronic document produced by a
computer. Stored in digital form, and cannot
be perceived without using a computer
It can be deleted, modified and rewritten
without leaving a mark
Integrity of an electronic document is
genetically impossible to verify
A copy is indistinguishable from the original
It cant be sealed in the traditional way,
where the author affixes his signature
The functions of identification, declaration,
proof of electronic documents carried out
using a digital signature based on
cryptography.
Electronic World
Digital signatures created and verified using
cryptography
Public key System based on Asymmetric keys
An algorithm generates two different and related
keys
Public key
Private Key
Private key used to digitally sign.
Public key used to verify.
Role of the Government
Government has to provide the definition of
the structure of PKI
the number of levels of authority and their juridical form
(public or private certification)
which authorities are allowed to issue key pairs
the extent to which the use of cryptography should be
authorised for confidentiality purposes
whether the Central Authority should have access to the
encrypted information; when and how
the key length, its security standard and its time validity
IT ACT PROVISIONS
email would now be a valid and legal form of
communication in our country that can be duly
produced and approved in a court of law.

Companies shall now be able to carry out


electronic commerce using the legal infrastructure
provided by the Act.

Digital signatures have been given legal validity


and sanction in the Act.
IT ACT PROVISIONS
The Act now allows Government to issue
notification on the web thus heralding e-
governance

statutory remedy in case if anyone breaks


into companies computer systems or
network and causes damages or copies data
CYBER CRIMES
CYBER CRIMES AGAINST
PERSONS
eg melissaand lovebug virus
CYBER CRIMES AGAINST
PROPERTY
eg computer vandalism
CYBER CRIMES AGAINST
GOVERNMENT
eg Al-Qaeda
CYBER CRIMES
CRIME THROUGH ORKUT
Koushambi ,24-year
old software
professional
working for TCS
was brutally killed
by Manish Thakur,
in a hotel room at
Andheri.
INTERNET AND ITS EFFECT
20% - 30% of Internet
pornography consumption is by
children of ages 12 - 17.

MySpace is being used by


predators to meet and entice
kids online.

Specific marketing strategies


are being used to attract
children to porn sites.
Digital Signature Certificate

Any person may make an application to the Certifying Authority for issue of
Digital Signature Certificate. The Certifying Authority while issuing such
certificate shall certify that it has complied with the provisions of the Act.
The Certifying Authority has to ensure that the subscriber (i.e., a person in
whose name the Digital Signature Certificate is issued) holds the private key
corresponding to the public key listed in the Digital Signature Certificate and
such public and private keys constitute a functioning key pair. The Certifying
Authority has the power to suspend or revoke Digital Signature Certificate.
Section 3 Defines Digital Signatures
The authentication to be affected by use of
asymmetric crypto system and hash function
The private key and the public key are unique to
the subscriber and constitute functioning key
pair
Verification of electronic record possible
Secure digital signature-S.15
If by application of a security procedure agreed to by the parties concerned, it
can be verified that a digital signature, at the time it was affixed, was:
(a) unique to the subscriber affixing it;
(b) capable of identifying such subscriber;
(c) created in a manner or using a means under the exclusive control of the
subscriber and is linked to the electronic record to which it relates in such a
manner that if the electronic record was altered the digital signature would be
invalidated,
then such digital signature shall be deemed to be a secure digital signature
Certificate based Key
Management
CA
CA A
Operated by trusted-third
B

party - CA
Provides Trading Partners
Certificates
Notarises the relationship
User A CA A User B between a public key and
CA B

its owner
Essential steps of the digital signature process

STEP 1 The signatory is the authorized holder a unique cryptographic key pair;
STEP 2 The signatory prepares a data message (for example, in the form of an
electronic mail message) on a computer;
STEP 3 The signatory prepares a message digest, using a secure hash algorithm.
Digital signature creation uses a hash result derived from and unique to the signed
message;
STEP 4 The signatory encrypts the message digest with the private key. The
private key is applied to the message digest text using a mathematical algorithm.
The digital signature consists of the encrypted message digest,
STEP 5 The signatory typically attaches or appends its digital signature to the
message;
STEP 6 The signatory sends the digital signature and the (unencrypted or
encrypted) message to the relying party electronically;
Essential steps of the digital signature process

STEP 7 The relying party uses the signatorys public key to verify the signatorys
digital signature. Verification using the signatorys public key provides a level of
technical assurance that the message came exclusively from the signatory;
STEP 8 The relying party also creates a message digest of the message, using the
same secure hash algorithm;
STEP 9 The relying party compares the two message digests. If they are the same,
then the relying party knows that the message has not been altered after it was
signed. Even if one bit in the message has been altered after the message has been
digitally signed, the message digest created by the relying party will be different
from the message digest created by the signatory;
STEP 10 Where the certification process is resorted to, the relying party obtains a
certificate from the certification service provider (including through the signatory
or otherwise), which confirms the digital signature on the signatorys message. The
certificate contains the public key and name of the signatory (and possibly
additional information), digitally signed by the certification service provider.
Section 15- Secure Digital
Signatures
If Digital signatures are applied in such a
manner that if ER was altered the Digital
Signatures would be invalidated then it is called
Secured Digital signatures
Unique to subscriber
Identifies the subscriber
Section 4- Legal recognition of
Electronic Records
If any information is required in printed or
written form under any law the Information
provided in electronic form, which is accessible
so as to be usable for subsequent use, shall be
deemed to satisfy the requirement of presenting
the document in writing or printed form.
Sections 5, 6 & 7
Legal recognition of Digital Signatures
Use of Electronic Records in Government & Its Agencies

Publications of rules and regulations in the Electronic Gazette.

Retention of Electronic Records


Accessibility of information, same format, particulars of
dispatch, origin, destination, time stamp ,etc
OFFENCES AND LAWS IN
CYBER SPACE
TAMPERING WITH
COMPUTER
DOCUMENTS
HACKING WITH
COMPUTER SYSTEM
PUBLISHING OBSCENE
MATERIAL ON
INTERNET
BREACHING OF
CONFIDENTIALITY
AND PRIVACY
Cybercrime provisions under IT
Act,2000
Offences & Relevant Sections under IT Act

Tampering with Computer source documents Sec.65


Hacking with Computer systems, Data alteration Sec.66
Publishing obscene information Sec.67
Un-authorized access to protected system Sec.70
Breach of Confidentiality and Privacy Sec.72
Publishing false digital signature certificates Sec.73
TYPES OF CYBER CRIMES
Cyber terrorism
Cyber pornography
Defamation Crime against Government
Cyber stalking (section 509 IPC)
Sale of illegal articles-narcotics, weapons,
wildlife
Online gambling Crime against persons
Intellectual Property crimes- software
piracy, copyright infringement, trademarks
violations, theft of computer source code
Crime against property
Email spoofing
Forgery
Phising
Credit card frauds
TYPES OF CYBER CRIMES

Cyber crimes

Web jacking

Denial of
Information E-mail Salami Trojan
Hacking Service
Theft bombing attacks attacks
attacks
Frequency of reporting Cybercrime in
India

During the year 2005, 179 cases were registered


under IT Act as compared to 68 cases during 2004
21.2% cases reported from Karnataka, followed by
Maharashtra(26) , Tamil Nadu(22) and Chhattisgarh
and Rajasthan (18 each) out of 179 cases, 50% were
related to Section 67 IT Act.,125 persons were
arrested. 74 cases of hacking were reported wherein
41 were arrested.
Section 66: Hacking

Ingredients
Intention or Knowledge to cause wrongful loss
or damage to the public or any person
Destruction, deletion, alteration, diminishing
value or utility or injuriously affecting
information residing in a computer resource
Punishment
imprisonment up to three years, and / or
fine up to Rs. 2 lakh
Cognizable, Non Bailable,

Section 66 covers data theft aswell as data alteration


CYBER LAWS AMENDMENTS
INDIAN PENAL CODE,1860

INDIAN EVIDENCE ACT,1872

BANKERS BOOK EVIDENCE ACT,1891

GENERAL CLAUSES ACT,1897


CONCLUSION
CYBER LAWS_ ESSENTIAL FEATURE
IN TODAYS WORLD OF INTERNET

ACHIEVING GLOBAL PEACE AND


HARMONY
BPO data theft -Case Study
(contd.)
ITA-2000 is versatile enough to accommodate the
aspects of crime not covered by ITA-2000 but
covered by other statutes since any IPC offence
committed with the use of "Electronic Documents"
can be considered as a crime with the use of a
"Written Documents". "Cheating", "Conspiracy",
"Breach of Trust" etc are therefore applicable in the
above case in addition to section in ITA-2000.

Under ITA-2000 the offence is recognized both


under Section 66 and Section 43. Accordingly, the
persons involved are liable for imprisonment and fine
as well as a liability to pay damage to the victims to
the maximum extent of Rs 1 crore per victim for
which the "Adjudication Process" can be invoked.
BPO data theft -Case
Study (contd.)
The BPO is liable for lack of security that enabled the commission of
the fraud as well as because of the vicarious responsibility for the ex-
employee's involvement. The process of getting the PIN number was
during the tenure of the persons as "Employees" and hence the
organization is responsible for the crime.
Some of the persons who have assisted others in the commission of
the crime even though they may not be directly involved as
beneficiaries will also be liable under Section 43 of ITA-2000.
Under Section 79 and Section 85 of ITA-2000, vicarious
responsibilities are indicated both for the BPO and the Bank on the
grounds of "Lack of Due Diligence".
At the same time, if the crime is investigated in India under ITA-2000,
then the fact that the Bank was not using digital signatures for
authenticating the customer instructions is a matter which would
amount to gross negligence on the part of the Bank.
Case Study- Case of Extortion of Money
Through Internet

The complainant has received a threatening


email and demanded protection from
unknown person claiming to be the member
of Halala Gang, Dubai. Police registered a
case u/s. 384/506/511 IPC.
The sender of the email used the email ID
xyz@yahoo.com & abc@yahoo.com and
signed as Chengez Babar.
Case of Extortion of Money
Through Internet -Case Study
(contd.)
Both the email accounts were tracked, details collected
from ISPs & locations were identified.

The Cyber cafes from which the emails has been made
were monitored and the accused person was nabbed
red handed.
THANK YOU

QUERIES WELCOMED

Anda mungkin juga menyukai