Embed Size (px)
DESCRIPTION
IT Act and Applications
Citation preview
Information Technology Act and
Some Applications
Rajnish KumarProfessor, Information Technology National Academy of Indian [email protected]
Structure of Lecture
Applications & Trends
Introduction to IT Act 2000
Issues in Cyber space, being Safe
Do you recognize this photo?
Shaheen Dhadha and her friend Renu Srinivas were detained over a Facebook comment on a leader’s funeral in Nov 2012.
Comments were, “People like -------- are born and they die daily, and one should not observe a bandh”
Now, Section 66A scrappedBut IT Act is much beyond this
IT Act, 2000 - MOTTO
Creating Trust in
Electronic Environment
IT Act, 2000
• Enacted on 17th May 2000- India is 12th nation in the world to adopt cyber laws
• IT Act is based on Model law on e-commerce adopted by UNCITRAL- United Nations Commission on International Trade Law
JURISDICTION Extent of application
• Extends to whole of India and also applies to offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India
• section 1 (2) read with Section 75
Objectives of the IT ActTo provide legal recognition for transactions:-• Carried out by means of electronic data interchange, and
other means of electronic communication, commonly referred to as "electronic commerce”
• To facilitate electronic filing of documents with Government agencies and E-Payments
• To amend the Indian Penal Code, Indian Evidence Act,1872, the Banker’s Books Evidence Act 1891,Reserve Bank of India Act ,1934
Civil Wrongs under IT Act
Chapter IX of IT Act, Section 43Whoever without permission of owner of the
computer• Secures access • Downloads, copies, extracts any data• Introduces any viruses etc.• Damages or causes to be damaged any computer resource
Denies or causes denial of access by any means• Denial of service attacks
Civil Wrongs under IT Act
Investigation byADJUDICATING OFFICER – normally IT
Secretary of State.Appeal to Cyber Appellate TribunalPowers of a civil court
For claims upto Rs 5 crore to the affected party (Jurisdiction)
Beyond that court. (sec 46 (1A)
Adjudication and Cyber Appellate Tribunal - Sections 46 and thereafter
• http://catindia.gov.in/
• The Central Government may appoint any officer not below the rank of a director to the Government of India or a state Government as the adjudicator.
• The I.T. Secretary in any state is normally the nominated Adjudicator for all civil offences arising out of data thefts and resultant losses in the particular state.
• Needs to be popularized
Example of Adjudicatorhttps://it.maharashtra.gov.in/1130/Filing-Complaints-under-IT-Act
Cybercrime provisions under IT Act,2000
Cyber Crime Brief Description Relevant Section in IT Act
Punishments
Cyber Stalking Stealthily following a person, tracking his internet chats.
43, 65, 66 3 years, or withfine up to 2 lakh
Cyber Pornography including child pornography
Publishing Obscene in Electronic Form involving children
67, 67 (2) 10 years and with fine may extends to 10 lakh
Intellectual Property Source Code Tampering, piracy, copyright infringement etc.
65 3 years, or with fine up to 2 lakh
Cyber Terrorism Protection against cyber terrorism 69 Imprisonment for a term, may extend to 7 years
Cyber Hacking Destruction, deletion, alteration, etc in a computer resources
66 3 years, or with fine up to 2 lakh
Phishing Bank Financial Frauds in Electronic Banking
43, 65, 66 3 years, or withfine up to 2 lakh
Privacy Unauthorised access to computer 43, 66, 67, 69, 72 2 years, or withfine up to 1 lakh
The scrapped SectionSec 66A
Exact wording66A. Punishment for sending offensive messages through
communication service, etc.
Any person who sends, by means of a computer resource or a communication device,—
(a) any information that is grossly offensive or has menacing character; or
(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device,
(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages,
shall be punishable with imprisonment for a term which may extend to three years and with fine.
Case on 16-3-2015• http://
timesofindia.indiatimes.com/india/Teen-arrested-for-Facebook-post-attributed-to-Azam-Khan-gets-bail/articleshow/46620033.cms
• RAMPUR: Police in Rampur (UP) have arrested and sent to the district jail a class 11 student of a reputed public school in Bareilly for uploading what they called an 'objectionable' post against Samajwadi Party strongman and the state's urban development minister Azam Khan.
• Khan's media in-charge Fasahat Ali also lodged an FIR against the boy. Later, in a court which sent the student to 14 days in judicial remand, his family members said that he had merely shared the post on Facebook and not uploaded it.
Tourism officer booked for posting objectionable pics of UP CM on WhatsApp – 5/3/2015
http://timesofindia.indiatimes.com/city/bareilly/Tourism-officer-booked-for-posting-objectionable-pics-of-UP-CM-on-WhasApp/articleshow/46470748.cms
The morphed pictures were allegedly circulated last month(feb 15) in a WhatsApp group of state government employees and went viral among other groups also.
After a SP leader chanced to see these images in Lucknow and alerted Azam Khan regarding this, his local media in-charge met Rampur superintendent of police and demanded an investigation into the matter.
According to sources, police officials are also scrutinizing all the comments posted on the pictures.
In 2013, Dalit writer and social activist Kanwal Bharti was similarly arrested by Rampur police for an objectionable Facebook post against Azam Khan. Bharti was booked under section 66-A of the Information Technology Act.
PIL in Supreme Court, which got it scrapped….
…….the phraseology of Section 66A of the IT Act, 2000 is so wide and vague and incapable of being judged on objective standards, that it is susceptible to wanton abuse and hence falls foul of Article 14, 19 (1)(a) and Article 21 of the Constitution…..
What is desirable…
……be treated as a non-cognizable offence for the purposes of Section 41 and Section 156 (1) of CrPC
Supreme Court on Sec 66ANews dated 24-3-2015http://www.hindustantimes.com/india-news/supreme-court-uphold-free-speech-online-strikes-down-vague-section-66a-of-it-act/article1-1329903.aspx
• The Supreme Court on Tuesday struck down a controversial law that made posting "offensive" comments online a crime punishable by jail, after a long campaign by defenders of free speech.
• The Supreme Court said the 2009 amendment to India's Information Technology Act known as section 66A was unconstitutional and a restriction on freedom of speech.
• "Section 66A is unconstitutional and we have no hesitation in striking it down," said justice RF Nariman, reading out the judgement. "The public's right to know is directly affected by section 66A."
Care….
But it will be imperative that you exercise due diligence when you send information on the Internet, social media and mobile networks.
There is section 67 – Punishment for publishing or transmitting obscene material in
electronic form. –
Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious (lewd, playful) or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, ……..
Suggested Reading• http://catindia.gov.in/pdfFiles/IT_Act_2000_vs_2008.pdf
• http://www.csi-india.org/c/document_library/get_file?uuid=2ce4b842-aca6-4f54-87b6-d778093925d9&groupId=10157
• http://www.slideshare.net/NIIConsulting/it-act-2000-penalties-offences-with-case-studies
• http://deity.gov.in/content/cyber-laws
• http://delhidistrictcourts.nic.in/ejournals/CYBER%20LAW.pdf
• http://www.police.mizoram.gov.in/uploads/files/cyber-pornography-it-act.pdf
• List of books - http://www.lexisnexis.in/books-cyber-crimes.htm
Issues in Cyber space
• Information, responsibility and Data Protection
• Piracy, Copyright• Email Policy of Govt of India• Spam, Email Spoofing
Information and Responsibility• Protect your information• It is your responsibility
Data ProtectionSections in IT ACT 2000/2008
Section 43-A primarily deals with compensation for negligence in implementing and maintaining reasonable security practices and procedures in relation to sensitive personal data or information (“SPDI”).
Section 72-A deals with personal information and provides punishment for disclosure of information in breach of lawful contract or without the information provider’s consent.
Sensitive Personal Data or Information (SPDI)
• On 13 April 2011, the Ministry of Communications and Information Technology (MCIT), Government of India, notified the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (Rules).
SPDI consists of the following
Passwords;
Financial information such as bank account or credit card or debit card
or other payment instrument details;
Physical, physiological and mental health condition;
Sexual orientation; Medical records and history; Biometric information.
International Standards for SECURITYIS / ISO / IEC 27001
• ISO 27001:2013 is an information security standard that was published on the 25 September 2013.
• It cancels and replaces ISO 27001:2005, and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
List of third part ISO 27001 service providers on http://www.cert-in.org.in/On the website, click
Third party ISO 27001 certification bodies
India’s Institution CERT-In
• http://www.cert-in.org.in/• CERT-In (the Indian Computer Emergency
Response Team) is a government-mandated information technology (IT) security organization.
• The purpose of CERT-In is to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country.
Piracy – Who is liable?
Useror
Service Provider
Piracy – Liability of the intermediary
Information Technology Amendment Act has clarified the definition “Intermediary” by specifically including the:
• telecom services providers, • network providers, • internet service providers, • web-hosting service providers in the definition of
intermediaries thereby removing any doubts.
Furthermore, search engines, online payment sites, online-auction sites, online market places and cyber cafés are also included in the definition of the intermediary
BAZZEE.COM case
Piracy – Liability of the intermediary
Under the Information Technology Amendment Act, 2008, Section 79 has been modified to the effect that an intermediary shall not be liable for any third party information data or communication link made available or hosted by him.
Piracy – Liability of the intermediary
As a result of this provision, social networking sites like Facebook, Twitter etc. would be immune from liability as long as they satisfy the conditions provided under the section.
Similarly, Internet Service Providers (ISP), blogging sites, etc. would also be exempt from liability.
Notifications of Rules under section 6A, 43A and 79http://deity.gov.in/sites/upload_files/dit/files/GSR3_10511(1).pdf
Piracy – Court OrderOver 200 sites blocked in India after Sony's piracy complaint
http://timesofindia.indiatimes.com/articleshow/37961214.cms
A number of websites including torrent file aggregators, file storage sites and even Google Docs and Google's URL shortener Goo.gl have been blocked in India, as per a new report.
Delhi high court order passed on 23 June 2014 instructs internet service providers (ISPs) to block as many as 472 websites.
The order was passed following a complaint alleging online piracy by Sony's Multi Screen Media, which has broadcasting rights for the Fifa World Cup.
Software Piracy- Copyright Act
• According to Section 63 of the Copyright (Amendment) Act 1994, there is a minimum jail term of 6 months for copyright infringement.
• The section also provides for fines up to Rs 2,00,000 and jail term up to three years or both.
Software Piracy – IT Act
• Liable under Section 66 of IT Act, 2000
• All the accused who are providing assistance to any person to facilitate access or those who are illegally downloading/copying/extracting software are also liable to pay damages to the affected party per section 43 of the IT Act, 2000.
• In such cases the company/firm as well as its in-charge are liable under section 85 of the Information Technology Act, 2000.
Govt of India – Cyber Issues website
http://deity.gov.in/content/cyber-laws
Email Policy of Govt of Indiahttp://www.egazette.nic.in/WriteReadData/2015/163000.pdfhttp://www.deity.gov.in/content/email-policy
Issued in Oct 2014, notification issued in gazette again on 25th Feb 2015
Clause 5.1.d.viii: Forwarding of e-mail from the e-mail id provided by GoI to the Government official’s personal id outside the GoI email service is not allowed due to security reasons.
Official e-mail id provided by the IA can be used to communicate with any other user, whether private or public.
Two email ids
5.2 E-mail Account Management
a) NIC will create two ids, one based on the designation and the other based on the name.
Designation based id’s are recommended for officers dealing with the public.
Ref: No. 2(22)/2013-EG-II Ministry of Communication & Information Technology Department of Electronics & Information Technology Page 8 of 16
No E-mail on POP or IMAP3rd Party Apps
Clause 5.1 d (iii)Users shall not download e-mails from their official e-
mail account, configured on the GoI mail server, by configuring POP or IMAP on any other e-mail service provider.
This implies that users should not provide their GoI e-mail account details (id and password) to their accounts on private e-mail service providers.
Safe Practices for Internet Usage(Internet Safety…)
Passwords• Strong Passwords:
– Phrases, mixed case, special characters, and long:- 5db10mw! (Slow Down Buddy I’m On My Way!)- w@yD0wny0nd3r#% (Way Down Yonder #%)
PHISHING – Most dangerous
• What does phishing mean?• Phishing means sending an e-mail that falsely claims to
be a particular enterprise and asking for sensitive financial information.
• Phishing, thus, is an attempt to scam the user into surrendering private information that will then be used by the scammer for his own benefit.
• Statistics reveal phishers are able to convince up to five per cent of the recipients who respond to them.
A sample of a fraudulent e-mail that can be sent to ICICIBank.com customers. It purports to be from ICICIBank.com but it is not. Its intent is to get you to enter sensitive information about your account and to then use this information to commit fraud.
To ensure a legitimate and safe sign on, always enter www. icicibank.com in your browser.
1. Do not disclose details like passwords, debit card grid values, etc. to anyone, even if they claim to be bank employees or on emails / links from government bodies like RBI, I.T. Dept., etc.
2. Type the web address in the browser. Do not use links received in emails
3. Change your passwords from your own computer, in case you have used a cyber cafe / shared computer
4. A click on the padlock icon appearing on the web page will display the digital certificate for genuineness of the website
https://www.onlinesbi.com/http://www.axisbank.com/pre-login/internetbanking_prelogin.aspxhttps://onlineservices.tin.egov-nsdl.com/etaxnew/tdsnontds.jsp
PHISHING – How to avoid
Padlock sign
More Information About Internet Safety and Phishing• http://www.visa.ca/en/personal/securewithvisa/phishing_lg.h
tml• http://support.apple.com/kb/HT4933• http://office.microsoft.com/en-in/outlook-help/identify-fraud
ulent-e-mail-and-phishing-schemes-HA001140002.aspx• http://www.icicibank.com/online-safe-banking/phishing.html• http://incometaxindia.gov.in/Phishing.asp• http://www.rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?pr
id=26506 (Next slide)
RBI’s warning on its website
VERIFY APPLE IDSCAM
Fake WhatsApp ‘Voice Message Notification
FACEBOOKSCAM
“Your unread messages will be deleted in a few days”
Some useful applications
Cloud Computing
• Simply put- using remote servers as your storage cum processor, ultra light and minimum memory devices can be used.
• For us, CLOUD STORAGE is relevant now.
Best Cloud Storage Solutions
Most popular
Dropbox - https://www.dropbox.com/Google Drive - https://drive.google.com/#my-driveMicrosoft skydrive - https://skydrive.live.com/?
Several others - http://gizmodo.com/5828035/the-best-way-to-store-stuff-in-the-cloud
Wireless Printinggoogle cloud print
https://www.google.com/cloudprint#printers
Wireless Printinggoogle cloud print
https://www.google.com/cloudprint#printers
How to connect - https://support.google.com/cloudprint/answer/1686197?rd=1Once Google Chrome is installed, follow the steps below to enable the Google Cloud Print connector in
Google Chrome.Log in to your user account on the Windows, Mac, or Linux computer.Open Google Chrome.Click the Chrome menu on the browser toolbar.Select Settings.Click the Show advanced settings link.Scroll down to the “Google Cloud Print” section. Click Manage.
The next screen will show a list of devices already registered with Google Cloud Print, and new devices available on the network.
In the "Classic printers" section, click Add printers.
You'll see a confirmation that Google Cloud Print has been enabled. Click Manage your printers to learn more.
The printer is now associated with your Google Account and connected to Google Cloud Print. You can print to this printer using Google Cloud Print whenever you’re signed in with the same Google Account.
Slacklatest trend in Office Communication
DescriptionAll your team communication in one place, instantly searchable, available wherever you go. * Powerful search and archiving, meaning no one is ever left out of the loop* Dozens of integrations with tools including: Dropbox, Asana, Google+ Hangouts, Twitter, Zendesk* New integrations and features added frequently* Inline images and video, with rich link summaries giving context without leaving the app* Instantly synced across all devices* Configurable notifications for desktop, mobile push and email
Mobile UtilitiesMy tracks
COURSERANew way to learn
https://www.coursera.org/courses
Humanities, Medicine, Biology, Social Sciences, Mathematics, Business, Computer Science
AADHAR BASED eSignhttps://esign.cdac.in/AspInterface/
TRENDS IN THE CYBERWORLD
Dot com burst and
final winners
Adapted from http://www.slideshare.net/jigserv/big-data-marketing-analytics-vijayanta-gupta-adobe-systems
http://www.wsj.com/articles/SB10001424053111903480904576512250915629460
Adapted from http://www.slideshare.net/jigserv/big-data-marketing-analytics-vijayanta-gupta-adobe-systems
http://www.claytonchristensen.com/
Adapted from http://www.slideshare.net/jigserv/big-data-marketing-analytics-vijayanta-gupta-adobe-systems
Adapted from http://www.slideshare.net/jigserv/big-data-marketing-analytics-vijayanta-gupta-adobe-systems
Adapted from http://www.slideshare.net/jigserv/big-data-marketing-analytics-vijayanta-gupta-adobe-systems
Remain Safe in
cyberspace!!!!
