Received the assent of the President on the 9th June, 2000

ByDr T N Sharma

J ,

• Enacted on 17th May 2000- Dr T.N.SharmaIndia is 12th nation in the world to adopt cyber laws

• IT Act is based on Model lawIT Act is based on Model law on e-commerce adopted by UNCITRALLo

gicPac

e Pvt.

Ltd.

Tampering computer source documents (Section 65 IT Act)

Loss /damage to computer resource/utility (Section 66 (1) IT Act)Loss /damage to computer resource/utility (Section 66 (1) IT Act)

Hacking (Section 66 (2) IT Act)

Obscene publication/transmission in electronic form (Section 67 IT Act)

Un-authorised access/attempt to access to protected computer system (Section70 IT Act)

Obtaining license or Digital Signature Certificate by misrepresentation /Obtaining license or Digital Signature Certificate by misrepresentation /suppression of fact (Section 71 IT Act)

Publishing false Digital Signature Certificate (Section 73 IT Act)

Fraud Digital Signature Certificate (Section 74 IT Act)

Breach of confidentiality/privacy (Section 72 IT Act)

Others Logic

Pace P

vt. Lt

d.

Using a computer to target other computer – for eg. Virus attacks, hacking,etc.

Using a computer to commit crimes – for eg. Credit card frauds, cyberterrorism, etc.

Logic

Pace P

vt. Lt

d.

The reasons for the vulnerability of computers may be said to be:

◦ Capacity to store data in comparatively small space

E t◦ Easy to access

◦ Complex

◦ Negligence◦ Negligence

◦ Loss of evidence

Logic

Pace P

vt. Lt

d.

Cyber Crimes against Persons:

◦ Harassment via E-Mails, Facebook, Twitter

◦ Cyber-Stalking

◦ Defamation

◦ Hacking

◦ Cracking

E M il S fi◦ E-Mail Spoofing

◦ SMS Spoofing

◦ CardingCarding

◦ Cheating & Fraud

◦ Child Pornography g p y

◦ Assault by Threat Logic

Pace P

vt. Lt

d.

Crimes Against Person’s Property

◦ Intellectual Property Crimes

◦ Cyber Squatting

◦ Cyber Vandalism

◦ Hacking Computer System

◦ Transmitting Virus

Cyber Trespass◦ Cyber Trespass

◦ Internet Time Thefts

Cybercrimes Against GovernmentCybercrimes Against Government

◦ Cyber Terrorism

◦ Cyber Warfare y

◦ Distribution of pirated software

◦ Possession of Unauthorized Information

Logic

Pace P

vt. Lt

d.

CCybercrimes Against society at large

◦ Child Pornography

◦ Cyber Trafficking

◦ Online Gambling g

◦ Financial Crimes

F◦ Forgery

Logic

Pace P

vt. Lt

d.

Logic

Pace P

vt. Lt

d.

Logic

Pace P

vt. Lt

d.

The authentication to be affected by use of asymmetric crypto system and hash functionTh i k d h bli k iThe private key and the public key are unique to the subscriber and constitute functioning key pairkey pairVerification of electronic record possible

Logic

Pace P

vt. Lt

d.

If by application of a security procedure agreed to by theparties concerned, it can be verified that a digital signature,p , g g ,at the time it was affixed, was:(a) unique to the subscriber affixing it;(b) capable of identifying such subscriber;(c) created in a manner or sing a means nder the e cl si e(c) created in a manner or using a means under the exclusivecontrol of the subscriber and is linked to the electronic recordto which it relates in such a manner that if the electronicrecord was altered the digital signature would be invalidated,h h di i l i h ll b d d bthen such digital signature shall be deemed to be a secure

digital signature

Logic

Pace P

vt. Lt

d.

CA

Operated by trusted-third party - CAP id T di

CA A B

Provides Trading Partners CertificatesNotarises theNotarises the relationship between a public key and its ownerUser A User B

CA A CA B

Logic

Pace P

vt. Lt

d.

STEP 1 The signatory is the authorized holder a unique cryptographic key pair;STEP 2 Th i t d t (f l i th f fSTEP 2 The signatory prepares a data message (for example, in the form of an electronic mail message) on a computer; STEP 3 The signatory prepares a “message digest”, using a secure hash algorithm. Digital signature creation uses a hash result derived from and unique to the signedDigital signature creation uses a hash result derived from and unique to the signed message;STEP 4 The signatory encrypts the message digest with the private key. The private key is applied to the message digest text using a mathematical algorithm. The digital signature consists of the encrypted message digest,STEP 5 The signatory typically attaches or appends its digital signature to the message;STEP 6 Th i t d th di it l i t d th ( t dSTEP 6 The signatory sends the digital signature and the (unencrypted or encrypted) message to the relying party electronically;

Logic

Pace P

vt. Lt

d.

STEP 7 The relying party uses the signatory’s public key to verify the signatory’s digital signature. Verification using the signatory’s public key provides a level ofdigital signature. Verification using the signatory s public key provides a level of technical assurance that the message came exclusively from the signatory;STEP 8 The relying party also creates a “message digest” of the message, using the same secure hash algorithm;STEP 9 Th l i t th t di t If th thSTEP 9 The relying party compares the two message digests. If they are the same, then the relying party knows that the message has not been altered after it was signed. Even if one bit in the message has been altered after the message has been digitally signed, the message digest created by the relying party will be different f th di t t d b th i tfrom the message digest created by the signatory;STEP 10 Where the certification process is resorted to, the relying party obtains a certificate from the certification service provider (including through the signatory or otherwise), which confirms the digital signature on the signatory’s message. The certificate contains the public key and name of the signatory (and possibly additional information), digitally signed by the certification service provider.

Logic

Pace P

vt. Lt

d.

If any information is required in printed orwritten form under any law the Informationprovided in electronic form, which isaccessible so as to be usable for subsequentaccessible so as to be usable for subsequentuse, shall be deemed to satisfy therequirement of presenting the document inq p gwriting or printed form.

Logic

Pace P

vt. Lt

d.

Legal recognition of Digital SignaturesU f El t i R d i G t & ItUse of Electronic Records in Government & Its Agencies

Publications of rules and regulations in thePublications of rules and regulations in the

Electronic Gazette.

Retention of Electronic RecordsAccessibility of information same formatAccessibility of information, same format, particulars of dispatch, origin, destination, time stamp ,etc

Logic

Pace P

vt. Lt

d.

Chapter IX of IT Act, Section 43Whoever without permission of owner of the computer◦ Secures access (mere U/A access)

Not necessarily through a network◦ Downloads, copies, extracts any dataDownloads, copies, extracts any data◦ Introduces or causes to be introduced any viruses or

contaminant◦ Damages or causes to be damaged any computer

resourceDestroy, alter, delete, add, modify or rearrangeChange the format of a file

◦ Disrupts or causes disruption of any computer resourcePreventing normal continuance of computerPreventing normal continuance of computer

© Seth Associates, 2008 All Rights Reserved

Logic

Pace P

vt. Lt

d.

Civil Wrongs under IT Act (C td )

◦ Denies or causes denial of access by any meansl f k

(Contd.)

Denial of service attacks◦ Assists any person to do any thing above

Rogue Websites, Search Engines, Insiders providing vulnerabilitiesvulnerabilities

◦ Charges the services availed by a person to the account of another person by tampering or manipulating any computer resource

f fCredit card frauds, Internet time thefts◦ Liable to pay damages not exceeding Rs. One crore to

the affected party◦ Investigation by◦ Investigation by◦ ADJUDICATING OFFICER◦ Powers of a civil court

© Seth Associates, 2008 All Rights Reserved

Logic

Pace P

vt. Lt

d.

Section 66 and 43(d) of the I.T. Act covers theSection 66 and 43(d) of the I.T. Act covers the offence of data diddlingPenalty: Not exceeding Rs. 1 crore Case in point :pNDMC Electricity Billing Fraud Case: A privatecontractor who was to deal with receipt andaccounting of electricity bills by the NDMC,Delhi Collection of money computerizedDelhi. Collection of money, computerizedaccounting, record maintenance andremittance in his bank who misappropriatedhuge amount of funds by manipulating datafil h l i d b k ifiles to show less receipt and bank remittance.

© Seth Associates, 2008 All Rights Reserved

Logic

Pace P

vt. Lt

d.

Cyberspace -Cyberspace can be defined as an intricate environmentthat involves interactions between people, software, and services.Cyber security

b d h h l d d d d f d◦ Cybersecurity denotes the technologies and procedures intended to safeguardcomputers, networks, and data from unlawful admittance, weaknesses, andattacks transported through the Internet by cyber delinquents.

◦ ISO 27001 (ISO27001) is the international Cybersecurity Standard that deliversa model for creating, applying, functioning, monitoring, reviewing, preserving,g, pp y g, g, g, g, p g,and improving an Information Security Management System.

◦ The Ministry of Communication and Information Technology under thegovernment of India provides a strategy outline called the NationalCybersecurity Policy. The purpose of this government body is to protect thepublic and private infrastructure from cyber-attackspublic and private infrastructure from cyber attacks.

Cybersecurity Policy - The cybersecurity policy is a developingmission that caters to the entire field of Information andCommunication Technology (ICT) users and providers. It includes −◦ Home usersHome users◦ Small, medium, and large Enterprises◦ Government and non-government entitiesCyber Crime - The Information Technology Act 2000 or anylegislation in the Country does not describe or mention thelegislation in the Country does not describe or mention theterm Cyber Crime.Lo

gicPac

e Pvt.

Ltd.

Electronic Contracts will be legally valid.LEGAL recognition of Digital signatures.Digital signature to be effected by use of asymmetric crypto system and hash function.Security procedure for Electronic records and Digital signature.

f f h ( ) d ll f fAppointment of Certifying Authorities (CAs) and Controller of Certifying Authorities including recognition of foreign Certifying Authorities.Controller to Act as repository of all Digital Certificates.Certifying Authorities to get license to issue Digital CertificatesCertifying Authorities to get license to issue Digital Certificates.Various types of computer crimes defined and stringent penalties provided under the Act.Appointment of Adjudicating Officer for holding inquiries under the Act.pp j g g qEstablishment of Cyber Appellate Tribunal under the Act.Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court.Appeal from order of Cyber Appellate Tribunal to High Court.Lo

gicPac

e Pvt.

Ltd.

Act to apply for offences or ContraventionsAct to apply for offences or Contraventions committed outside India.Network Service providers not to be liable in

t icertain cases.Power of Police Officers and other Officers to enter into any public place and search andenter into any public place and search and arrest without warrant.Constitution of Cyber Regulations Advisory C itt h ill d i th C t lCommittee who will advice the Central Government and Controller.Amendments in Indian Penal Code, IndianAmendments in Indian Penal Code, Indian Evidence Act, Banker's Books Evidence Act and Reserve Bank of India Act

Logic

Pace P

vt. Lt

d.

The Information Technology Act 2000 does not cover the f ll i l l ifollowing legal issues.

•Taxation Issues arising out of e-commerce, Internet, m-commerce

•Intellectual Property Rights such as Digital Copyright Issues, Trade Marks, Patents

•Domain Name Registration Policy ,Domain Name Disputes, Cybersquatting

•Privacy and Data Protection Issuesy

•Junk Mail and Spamming

Logic

Pace P

vt. Lt

d.

The salient features of the I T Act are as follows −Digital signature has been replaced with electronic signature to make it a more technology neutral act.

The salient features of the I.T Act are as follows −

It elaborates on offenses, penalties, and breaches.It outlines the Justice Dispensation Systems for cyber-crimes.It defines in a new section that cyber café is any facility from y y ywhere the access to the internet is offered by any person in the ordinary course of business to the members of the public.It provides for the constitution of the Cyber Regulations p y gAdvisory Committee.It is based on The Indian Penal Code, 1860, The Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, , , , ,The Reserve Bank of India Act, 1934, etc.It adds a provision to Section 81, which states that the provisions of the Act shall have overriding effect. The p gprovision states that nothing contained in the Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957.

Logic

Pace P

vt. Lt

d.

The following points define the scheme of the I.T. Act −

The I.T. Act contains 13 chapters and 90 sections.The last four sections namely sections 91 to 94 in the I.T. Act 2000 deals with the amendments to the Indian Penal Code 1860, The Indian

The following points define the scheme of the I.T. Act

,Evidence Act 1872, The Bankers’ Books Evidence Act 1891 and the Reserve Bank of India Act 1934 were deleted.It commences with Preliminary aspect in Chapter 1, which deals with the short, title, extent, commencement and application of the Act in Section 1 Section 2 provides Definition1. Section 2 provides Definition.Chapter 2 deals with the authentication of electronic records, digital signatures, electronic signatures, etc.Chapter 11 deals with offences and penalties. A series of offences have been provided along with punishment in this part of The Actbeen provided along with punishment in this part of The Act.Thereafter the provisions about due diligence, role of intermediaries and some miscellaneous provisions are been stated.The Act is embedded with two schedules. The First Schedule deals with Documents or Transactions to which the Act shall not apply. The SecondDocuments or Transactions to which the Act shall not apply. The Second Schedule deals with electronic signature or electronic authentication technique and procedure. The Third and Fourth Schedule are omitted.

Logic

Pace P

vt. Lt

d.

ection Offence Punishment65 Tampering with Computer Source

CodeImprisonment up to 3 years or fine up to Rs 2 lakhs

66 Computer Related Offences Imprisonment up to 3 years or fine up to Rs 5 lakhs

66-A Sending offensive messages through Communication service, etc...

Imprisonment up to 3 years and fine

66-B Dishonestly receiving stolen computer resource or communication

Imprisonment up to 3 years and/or fine up to Rs. 1 lakhp

devicep

66-C Identity Theft Imprisonment of either description up to 3 years and/or fine up to Rs. 1 lakh

66-D Cheating by Personation by using computer resource

Imprisonment of either description up to 3 years and /or fine up to Rs. 1 lakh

66-E Violation of Privacy Imprisonment up to 3 years and /or fine up to Rs. 2 lakh

66-F Cyber Terrorism Imprisonment extend to imprisonment for Life

67 Publishing or transmitting obscene On first Conviction imprisonment up67 Publishing or transmitting obscene material in electronic form

On first Conviction, imprisonment up to 3 years and/or fine up to Rs. 5 lakh On Subsequent Conviction imprisonment up to 5 years and/or fine up to Rs. 10 lakh

Logic

Pace P

vt. Lt

d.

67-A Publishing or transmitting of material containing sexually explicit act, etc... in electronic form

On first Conviction imprisonment up to 5 years and/or fine up to Rs. 10 lakh On Subsequent Convictionform On Subsequent Conviction imprisonment up to 7 years and/or fine up to Rs. 10 lakh

67-B Publishing or transmitting of material depicting children in sexually explicit act etc., in electronic form

On first Conviction imprisonment of either description up to 5 years and/or fine up to Rs. 10 lakh On Subsequent Conviction imprisonment of either description up to 7 years and/or fine up to Rs. 10 lakh

67-C Intermediary intentionally or knowingly contravening the directions about Preservation

Imprisonment up to 3 years and fine

and retention of information

68 Failure to comply with the directions given by Controller

Imprisonment up to 2 years and/or fine up to Rs. 1 lakhLo

gicPac

e Pvt.

Ltd.

69 Failure to assist the agency referred to in sub section (3) in regard interception or

Imprisonment up to 7 years and fine

Offence is Non-Bailable, Cognizable.

monitoring or decryption of any information through any computer resourceresource

69-A Failure of the intermediary to comply with the direction issued for

Imprisonment up to 7 years and fine

Offence is Non-Bailable, Cognizable.

direction issued for blocking for public access of any information through any computer y presource

69-B Intermediary who intentionally or knowingly

Imprisonment up to 3 years and fine

Offence is Bailable, Cognizable.

contravenes the provisions of sub-section (2) in regard monitor and collect traffic data ortraffic data or information through any computer resource for cybersecurity

Logic

Pace P

vt. Lt

d.

70 Any person who secures access or attempts to secure access to the protected system in contravention of provision

Imprisonment of either description up to 10 years and fine

of Sec. 7070-B Indian Computer Emergency

Response Team to serve as national agency for incident

A i

Imprisonment up to 1 year and/or fine up to Rs. 1 lakh

response. Any service provider, intermediaries, data centres, etc., who fails to prove the information called for or comply with thefor or comply with the direction issued by the ICERT.

71 Misrepresentation to the Controller to the Certifying Authority

Imprisonment up to 2 years and/ or fine up to Rs. 1 lakh.

Authority72 Breach of Confidentiality and

privacyImprisonment up to 2 years and/or fine up to Rs. 1 lakh.

72-A Disclosure of information in breach of lawful contract

Imprisonment up to 3 years and/or fine up to Rs 5 lakhbreach of lawful contract and/or fine up to Rs. 5 lakh.

73 Publishing electronic Signature Certificate false in certain particulars

Imprisonment up to 2 years and/or fine up to Rs. 1 lakh

74 Publication for fraudulent Imprisonment up to 2 years74 Publication for fraudulent purpose

Imprisonment up to 2 years and/or fine up to Rs. 1 lakhLogic

Pace P

vt. Lt

d.

Logic

Pace P

vt. Lt

d.