CYBER LAWS
CONTENTS
INTRODUCTION
NEED FOR CYBER LAWS
CYBER LAWS IN INDIA
CYBER CRIMES
OFFENCES AND LAWS IN CYBER
SPACE
CYBER LAWS AMENDMENTS
CONCLUSION
INTRODUCTION
GROWTH OF
CYBER SPACE
ONSET OF
INTERNET
CYBER LAW OR
LAW OF
INTERNET
Cyber Law
The General Assembly of UNO recognizing the need
of a separate law for Ecommerce and E business ,
resolved on 30-01-1997 to adopt a model law on
electronic commerce framed by United Nations
commission on international trade law.
The Government of India Keeping in view the above
fact got enacted by Parliament the Information
Technology ACT 2000.
Objectives of the law
To bring in uniformity in the law applicable to
paperless methods of communication and
storage of information prevalent in India on the
pattern of the international law
To promote efficient delivery of Government
services by means of reliable electronic records
Scope and Application
Has come into effect from 17th October 2000
The act does not apply to the following
A negotiable instrument as per NI Act1881
A power-of-attorney as per POA Act 1882
A trust deed
A will
Any contract for sale or conveyance of immovable property
or any interest in such property
Any such class of documents or transactions as may be
notified by the central govt in the official gazette.
History of Computerization in Banks
Banks had a large data for back office
Banks has well spread from 1969 after nationalization.
Indian Banks have initiated their computerization efforts as
early as in 1960 by installing IBMs unit recording machines for
inter branch reconciliation job. The first banks to take up this
step is SBI, Canara Bank, IOB
In 1966 SBI installed a Main frame IBM 1401, followed by a
Burroughs B1728 Some other Banks also followed suit
In 1972 ASCOTA Ledger Posting machines were installed in
some metropolitan cities, followed by CALSTAR for interest
calculation
For using the computer for customer interface unions used to
have strong objection.
NEED FOR CYBER LAWS
TACKLING CYBER
CRIMES
INTELLECTUAL
PROPERTY RIGHTS
AND COPYRIGHTS
PROTECTION ACT
CYBER LAWS IN INDIA
ITACT PASSED IN
2000
INTERNET IN
INDIA
IMPLEMENTATION
OF CYBER LAW
REASONS FOR
DELAY IN
IMPLEMENTATION
OF CYBER LAWS IN
INDIA
Act covers
Digital Signature
Electronic Governance
Attribution, acknowledgement and dispatch of electronic records
Secure Electronic Records and Secure Digital Signatures
Regulation of Certifying authorities
Granting Licence
Digital Signature Certificates
Duties of Subscribers
Penalties and Adjudication
The Cyber Regulations appellate Tribunal
Offences
Offences
Tampering with computer source documents
Hacking with computer system
Publishing of information which is absence in electronic form
Protected System
Penalty For Misrepresentation
Breach Of confidentiality and Privacy
Publication for fraudulent purpose
Confiscation
Penalties and confiscation not to interfere with other
punishments
Next session
Different Delivery channels( ATMs, ABB,
internet banking) -Payment Systems -Cheque
truncation E Commerce- Credit Card, Debit
Card, E purse, E cheque, E Money -
IT Act, 2000
Enacted on 17th May
2000- India is 12th
nation in the world to
adopt cyber laws
IT Act is based on
Model law on e-
commerce adopted by
UNCITRAL
Objectives of the IT Act
To provide legal recognition for transactions:-
Carried out by means of electronic data interchange, and other
means of electronic communication, commonly referred to as
"electronic commerce
To facilitate electronic filing of documents with Government
agencies and E-Payments
To amend the Indian Penal Code, Indian Evidence Act,1872, the
Bankers Books Evidence Act 1891,Reserve Bank of India Act
,1934
Definitions ( section 2)
"computer" means electronic, magnetic, optical or other high-speed date
processing device or system which performs logical, arithmetic and memory
functions by manipulations of electronic, magnetic or optical impulses, and
includes all input, output, processing, storage, computer software or
communication facilities which are connected or relates to the computer in a
computer system or computer network;
"computer network" means the inter-connection of one or more computers
through-
(i) the use of satellite, microwave, terrestrial lime or other communication
media; and
(ii) terminals or a complex consisting of two or more interconnected
computers whether or not the interconnection is continuously maintained;
Definitions ( section 2)
"computer system" means a device or collection of devices, including input
and output support devices and excluding calculators which are not
programmable and capable being used in conjunction with external files
which contain computer programmes, electronic instructions, input data and
output data that performs logic, arithmetic, data storage and retrieval,
communication control and other functions;
"data" means a representation of information, knowledge, facts, concepts or
instruction which are being prepared or have been prepared in a formalised
manner, and is intended to be processed, is being processed or has been
processed in a computer system or computer network, and may be in any
form (including computer printouts magnetic or optical storage media,
punched cards, punched tapes) or stored internally in the memory of the
computer.
Definitions ( section 2)
"electronic record" means date, record or date generated, image or sound stored,
received or sent in an electronic form or micro film or computer generated micro
fiche;
secure system means computer hardware, software, and procedure that-
(a) are reasonably secure from unauthorized access and misuse;
(b) provide a reasonable level of reliability and correct operation;
(c) are reasonably suited to performing the intended function; and
(d) adhere to generally accepted security procedures
security procedure means the security procedure prescribed by the Central
Government under the IT Act, 2000.
secure electronic record where any security procedure has been applied to an
electronic record at a specific point of time, then such record shall be deemed to be a
secure electronic record from such point of time to the time of verification
E-Commerce
Universal Internet access
Total Internet economy in 2004
US $ 4.48 trillion
E-Commerce spending in 2004
US $ 2.5 trillion
E-Commerce in India in 2005
Rs. 1,95,000 Crore
E-Commerce in Asia in 2005
28% of world total
Electronic Commerce
EC transactions over the
Internet include
Formation of Contracts
Delivery of Information and
Services
Delivery of Content
Future of Electronic
Commerce depends on
the trust that the transacting parties
place in the security of the
transmission and content of their
communications
Electronic World
Electronic document produced by a
computer. Stored in digital form, and cannot
be perceived without using a computer
It can be deleted, modified and rewritten
without leaving a mark
Integrity of an electronic document is
genetically impossible to verify
A copy is indistinguishable from the original
It cant be sealed in the traditional way,
where the author affixes his signature
The functions of identification, declaration,
proof of electronic documents carried out
using a digital signature based on
cryptography.
Electronic World
Digital signatures created and verified using
cryptography
Public key System based on Asymmetric keys
An algorithm generates two different and related
keys
Public key
Private Key
Private key used to digitally sign.
Public key used to verify.
Role of the Government
Government has to provide the definition of
the structure of PKI
the number of levels of authority and their juridical form
(public or private certification)
which authorities are allowed to issue key pairs
the extent to which the use of cryptography should be
authorised for confidentiality purposes
whether the Central Authority should have access to the
encrypted information; when and how
the key length, its security standard and its time validity
IT ACT PROVISIONS
email would now be a valid and legal form of
communication in our country that can be duly
produced and approved in a court of law.
Any person may make an application to the Certifying Authority for issue of
Digital Signature Certificate. The Certifying Authority while issuing such
certificate shall certify that it has complied with the provisions of the Act.
The Certifying Authority has to ensure that the subscriber (i.e., a person in
whose name the Digital Signature Certificate is issued) holds the private key
corresponding to the public key listed in the Digital Signature Certificate and
such public and private keys constitute a functioning key pair. The Certifying
Authority has the power to suspend or revoke Digital Signature Certificate.
Section 3 Defines Digital Signatures
The authentication to be affected by use of
asymmetric crypto system and hash function
The private key and the public key are unique to
the subscriber and constitute functioning key
pair
Verification of electronic record possible
Secure digital signature-S.15
If by application of a security procedure agreed to by the parties concerned, it
can be verified that a digital signature, at the time it was affixed, was:
(a) unique to the subscriber affixing it;
(b) capable of identifying such subscriber;
(c) created in a manner or using a means under the exclusive control of the
subscriber and is linked to the electronic record to which it relates in such a
manner that if the electronic record was altered the digital signature would be
invalidated,
then such digital signature shall be deemed to be a secure digital signature
Certificate based Key
Management
CA
CA A
Operated by trusted-third
B
party - CA
Provides Trading Partners
Certificates
Notarises the relationship
User A CA A User B between a public key and
CA B
its owner
Essential steps of the digital signature process
STEP 1 The signatory is the authorized holder a unique cryptographic key pair;
STEP 2 The signatory prepares a data message (for example, in the form of an
electronic mail message) on a computer;
STEP 3 The signatory prepares a message digest, using a secure hash algorithm.
Digital signature creation uses a hash result derived from and unique to the signed
message;
STEP 4 The signatory encrypts the message digest with the private key. The
private key is applied to the message digest text using a mathematical algorithm.
The digital signature consists of the encrypted message digest,
STEP 5 The signatory typically attaches or appends its digital signature to the
message;
STEP 6 The signatory sends the digital signature and the (unencrypted or
encrypted) message to the relying party electronically;
Essential steps of the digital signature process
STEP 7 The relying party uses the signatorys public key to verify the signatorys
digital signature. Verification using the signatorys public key provides a level of
technical assurance that the message came exclusively from the signatory;
STEP 8 The relying party also creates a message digest of the message, using the
same secure hash algorithm;
STEP 9 The relying party compares the two message digests. If they are the same,
then the relying party knows that the message has not been altered after it was
signed. Even if one bit in the message has been altered after the message has been
digitally signed, the message digest created by the relying party will be different
from the message digest created by the signatory;
STEP 10 Where the certification process is resorted to, the relying party obtains a
certificate from the certification service provider (including through the signatory
or otherwise), which confirms the digital signature on the signatorys message. The
certificate contains the public key and name of the signatory (and possibly
additional information), digitally signed by the certification service provider.
Section 15- Secure Digital
Signatures
If Digital signatures are applied in such a
manner that if ER was altered the Digital
Signatures would be invalidated then it is called
Secured Digital signatures
Unique to subscriber
Identifies the subscriber
Section 4- Legal recognition of
Electronic Records
If any information is required in printed or
written form under any law the Information
provided in electronic form, which is accessible
so as to be usable for subsequent use, shall be
deemed to satisfy the requirement of presenting
the document in writing or printed form.
Sections 5, 6 & 7
Legal recognition of Digital Signatures
Use of Electronic Records in Government & Its Agencies
Cyber crimes
Web jacking
Denial of
Information E-mail Salami Trojan
Hacking Service
Theft bombing attacks attacks
attacks
Frequency of reporting Cybercrime in
India
Ingredients
Intention or Knowledge to cause wrongful loss
or damage to the public or any person
Destruction, deletion, alteration, diminishing
value or utility or injuriously affecting
information residing in a computer resource
Punishment
imprisonment up to three years, and / or
fine up to Rs. 2 lakh
Cognizable, Non Bailable,
The Cyber cafes from which the emails has been made
were monitored and the accused person was nabbed
red handed.
THANK YOU
QUERIES WELCOMED