Embed Size (px)
DESCRIPTION
Citation preview
INFORMATION TECHNOLOGY ACT-20001.Introduction & definitions
2. Digital Signature and Certificates
3. E-Commerce & E- Governance
4. Duties of Subscriber
5. Penalties and adjudication
6. Cyber Crime
7. Amendments to the Act
by Avinash Yadav
IT Act, 2000
Enacted on 17th May 2000- India is 12th nation in the world to adopt cyber laws
IT Act is based on Model law on e-commerce adopted by UNCITRAL
Objectives of the IT ActTo provide legal recognition for transactions:-
Carried out by means of electronic data interchange, and
other means of electronic communication, commonly
referred to as "electronic commerce“
To facilitate electronic filing of documents with
Government agencies and E-Payments
To amend the Indian Penal Code, Indian Evidence
Act,1872, the Banker’s Books Evidence Act
1891,Reserve Bank of India Act ,1934
Extent of application Extends to whole of India and also applies to any
offence or contravention there under committed
outside India by any person {section 1 (2)} read
with Section 75- Act applies to offence or
contravention committed outside India by any
person irrespective of his nationality, if such act
involves a computer, computer system or
network located in India
Definitions ( section 2) Access: "access" with its grammatical variations and
cognate expressions means gaining entry into, instructing
or communicating with the logical, arithmetical, or memory
function resources of a computer, computer system or
computer network;
Addresee; "addressee" means a person who is intended
by the originator to receive theelectronic record but does
not include any intermediary;
Certifying Authority: Certifying Authority"
means a person who has been granted a
licence to issue a Digital Signature
Certificate under section 24;
Subscriber: "subscriber" means a person
in whose name the Digital Signature
Certificate is issued.
"computer network" means the inter-
connection of one or more computers through-
(i) the use of satellite, microwave, terrestrial
line or other communication media; and
(ii) terminals or a complex consisting of two or
more interconnected computers whether or
not the interconnection is continuously
maintained
"computer system" means a device or
collection of devices, including input and output
support devices and excluding calculators which
are not programmable and capable being used
in conjunction with external files which contain
computer programmes, electronic instructions,
input data and output data that performs logic,
arithmetic, data storage and retrieval,
communication control and other functions;
"computer resource" means computer,
computer system, computer network,
data,computer data base or software;
"Controller" means the Controller of
Certifying Authorities appointed under sub-
section (l) of section 17;
"data" means a representation of information,
knowledge, facts, concepts or instruction which are
being prepared or have been prepared in a
formalized manner, and is intended to be processed,
is being processed or has been processed in a
computer system or computer network, and may be
in any form (including computer printouts magnetic or
optical storage media, punched cards, punched
tapes) or stored internally in the memory of the
computer.
"Digital Signature Certificate" means a Digital
Signature Certificate issued under subsection
(4) of section 35;
"electronic form" with reference to information
means any information generated, sent,
received or stored in media, magnetic, optical,
computer memory, micro film, computer
generated micro fiche or similar device.
"electronic record" means data, record or data
generated, image or sound stored, received or sent in an
electronic form or micro film or computer generated micro
fiche;
"originator" means a person who sends, generates, stores
or transmits any electronic message or causes any electronic
message to be sent, generated, stored or
transmitted to any other person but does not include
an intermediary;
DIGITAL SIGNATURE&
DIGITAL SIGNATURE CERTIFICATE
***************************By- ZISHAN MALLIK
(10MBMA32)***************************
A Digital Signature is a mathematical scheme to confirm the authenticity of the identity of a person or to prove the integrity of information. Subject to the provisions of section 3, any subscriber may authenticate an electronic record by affixing his digital signature.
A digital signature is issued by a Certification Authority (CA) It contains:-
●Owner's public key
● the Owner's name
●Expiration date of the public key
●the Name of the issuer
● Serial number of the digital signature
● the digital signature of the issuer.
DIGITAL SIGNATURE
A key generation algorithm that selects
a private key uniformly at random from a set
of possible private keys. The algorithm outputs
the private key and a corresponding public
key.
THREE ALGORITHMS OF DIGITAL SIGNATURE
A signing algorithm that, given a message
and a private key, produces a signature.
A signature verifying algorithm that, given
a message, public key and a signature,
either accepts or rejects the message's
claim to authenticity.
Diagram showing how a simple digital signature is applied and then verified
A Secure Digital Signature is one, which
is :-
1. Unique to the subscriber affixing it
2. Capable of identifying such subscriber
3. Created in a manner that if electronic
record was altered, the digital signature
would be invalidated.
SECURE DIGITAL SIGNATURE
Authentication:- It confirms the authenticity of the
identity of a person and prove the integrity of the
information.
Integrity:- Once the signature has been done, then
any change in the message afterwards will
invalidate the signature.
Non- Repudiation:- An entity that has signed some
information cannot at a later time deny having
signed it.
ASPECTS OF DIGITAL SIGNATURE
There are basic three uses :-
1). Digital Signature Certificate can be used to access
secured zones of web sites.
2). Digital Signature Certificate is used to digitally sign your
emails sent through Outlook Express/ MS-Outlook etc.
3) To publish electronic versions of the budget, public and
private laws, and congressional bills
USES OF DIGITAL SIGNATURE
It means a certificate for digital signature, issued under section 35(4).
Any person may make an application to the Certifying Authority for the issue of Digital Signature Certificate with a fee not exceeding Rs. 25000.Credentials required are—
Proof of identity- a self attested copy of
PAN card, valid active PAN with income tax
department.
Proof of Permanent Residence. A Digital Signature Certificate is normally valid for 1 or 2
years, after which renewal is required
DIGITAL SIGNATURE CERTIFICATE
Class one:- It do not hold any legal validity as the validation process is based only on a valid e-mail ID and involves no direct verification.
Class two:- It states that a person’s identity is to be verified against a trusted, pre-verified database.
Class three:- requires the person present himself or herself in front of a Registration Authority (RA) and prove his/her identity.
CLASSES OF DIGITAL SIGNATURE CERTIFICATE
Manbadakara Buhroy
10MBMA42
E-GOVERNANCE AND E-COMMERCE
e-Governance and e-Commerce
E-Governance
Governance has become a major requirement in most
organizations and business communities.
Do not confuse with the word ‘Governance’ with
‘Government’.
E-Governance applies to both: government as well as
private organizations.e-Governance
1
Reforming Corporate Governance In order to raise the bar for corporate governance standards factors
like transparency, integrity and accountability must be taken into consideration in designing governance structures and business practices.
Governance is not a new phenomena; it has been around for many years within organizations.
Corporate examples Governance failure: WorldCom, Enron, and
more recently Satyam.
e-Governance
2
What is E-Governance ?
E-Governance is managing, controlling and reporting of
processes, using electronic systems such as computers,
internet, etc. within a private as well as public organizations.
E-Governance forces organizations to consider all the
relevant stakeholders, such as employees, financers,
shareholders, government, customers, suppliers and the
community at large; by using Information Technology.
e-Governance
3
Audit Trail
This means, increasing rules and regulations applying to (business) processes. This implies, system is transparent, accountable for all individual process steps and for the entire end-to-end process.
E-Governance ensures that the processes are properly followed.
E-Governance ensures that the reporting and audit trail of the actions taken by process managers are properly recorded.
e-Governance
4
e-Governance in India E-Governance is now also practiced by the government of
India. Information Technology enables the delivery of government services as it caters to a large base of people across different segments and geographical locations.
The effective use of IT services in government administration can greatly enhance existing efficiencies, drive down communication costs, and increase transparency in the functioning of various departments.
E-governance also gives citizens easy access to tangible benefits such as online form filling, bill sourcing and payments, or complex applications like distance education and tele-medicine.e-Governance
5
Bhoomi Project The Karnataka government’s ‘Bhoomi’ project has led to the
computerisation of the centuries-old system of handwritten rural land
records. Through it, the revenue department has done away with the
corruption-ridden system that involved bribing village accountants to
procure land records; records of right, tenancy and cultivation
certificates (RTCs).
The project is expected to benefit seventy lakh villagers in 30,000
villages.
e-Governance
6
E-Seva
In Gujarat there are websites where citizens log on and get
access to the concerned government department on issues such
as land, water and taxes.
In Hyderabad, through e-Seva, citizens can view and pay bills for
water, electricity and telephones, besides municipal taxes. They
can also avail of birth / death registration certificates, passport
applications, permits / licenses, transport department services,
reservations, Internet and B2C services, among other things.e-Governance
7
e-Governance in Central Excise and Service Tax With the introduction of e-governance, the
assesses got the benefit of reduced paper work and can file their returns from their office and the acknowledgement can be generated by themselves and no need to visit the department office.
Like wise, the department is also benefited with less paperwork. They can do the online validation of the returns.
e-Governance
8
Central Excise and Service Tax Over the past few years, various Web Based Applications were
launched as a step towards e-governance. As on date, there are several applications are hosted such as, online registration of Central Excise and Service Tax Assesses and online filing of tax returns for the top revenue paying assesses of Central Excise.
About 1.4 Lakhs Central Excise assesses have been registered with a unique 15 digit identification number based on the PAN. Similarly, e-governance in Service Tax also taken up and a comprehensive database of about 12.20 lakhs Service Tax assesses from all over India have been registered.
e-Governance
9
Electronic Commerce (E-Commerce) Commerce refers to all the activities related to the
purchase and sales of goods or services i.e. marketing, sales, payment, fulfillment, customer services etc.
Electronic commerce is doing commerce with the use of computer networks and commerce enabled software (more than just online shopping).
e-Commerce
10
Feature of E-Commerce Online business
Covers vast amount of B2C and B2C
Advertisement
Anytime and anywhere service
Direct contact between buyer and seller
Reduction of cost
Medium of interaction
Expand the business
e-Commerce
11
Process of E-Commerce Attract customers
Advertising, marketing Interact with customers
Catalog, negotiation Handle and manage orders
Payment, transaction, fulfillment (physical good, service good, digital good)
React to customer inquiries
Customer service, order tracking
e-Commerce
12
Elements of E-Commerce Consumer shopping on the web called B2C (Business to Consumer)
Transactions conducted between business on the web, called B2B
(Business to Business)
Transactions and business processes that support selling and
purchasing activities on the web
Supplier, inventory, distribution, payment management.
Financial management, purchasing products information.
e-Commerce
13
Scope of E-Commerce
E-Payment
It does not involve physical exchange of currency. Its convenient to make payment via network.
E-Banking
It means anywhere any time banking E-Marketing
The growth of internet has created opportunities for consumer and firms to participate in online global market place
E-Security
It is system to protect data and system through use of adequate precautions
E-Governance
It is technology law which confers authority on government, to issue notification as well as accept fillings, payment of fees etc.
e-Commerce
14
Prospects of growth of E-Commerce in India It lowers the purchasing cost
It lowers sales/marketing cost
It creates new sales opportunities
In B2B segment, it facilitate exchange of transactional
information with other business more cost effectively
In B2C segment, it provides growing channel for efficient
delivery of goods and services
e-Commerce
15
E-Commerce Applications Video on demand
Remote banking
Purchasing
Online marketing and advertisement
Home shopping
Auctions
e-Commerce
16
Conclusion The Government of India has launched the National e-
Governance Plan (NeGP) with the intent to support the growth of e-governance within the country. The Plan envisages creation of right environments to implement G2G,G2B, and G2C services.
Biggest benefit of e-governance is its potential to give birth to an entire web-based economy in private as well as public organizations.
Thus we come to the conclusion that E-Commerce has great advantages for industrialization which has laid revolutionalization. Thus, increasing the growth of our country in terms of economy.e-Governance and e-Commerce
17
Duties of Subscriber Generating key pair : Where any Digital
Signature Certificate, the public key of which
corresponds to the private key of that subscriber
which is to be listed in the Digital Signature
Certificate has been accepted by a subscriber,
then, the subscriber shall generate the key pair by
applying the security procedure.
Acceptance of Digital Signature Certificate
(1) A subscriber shall be deemed to have accepted a Digital Signature Certificate if he
publishes or authorises the publication of a Digital Signature Certificate—
(a) to one or more persons;
(b) in a repository, or otherwise demonstrates his approval of the Digital Signature in any manner.
42. Control of private key.
(1) Every subscriber shall exercise reasonable care to retain control of the private and take all steps to prevent its disclosure to a person not authorised to affix the digital signature of the subscriber.
(2) If the private key corresponding to the public key listed in the Digital Signature Certificate has been compromised, then, the subscriber shall communicate the same without any delay to the Certifying Authority in such manner as may be specified by .the regulations.
Penalty & Adjudication Penalty for damage to computer,
computer system, etc.
If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network, —
(a) accesses or secures access to such computer, computer system or computer network;
(b) downloads, copies or extracts any data,
computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
(d) damages or causes to be damaged any computer, computer system orcomputer network, data, computer data base or any other programmes residing insuch computer, computer system or computer network;
(e) disrupts or causes disruption of any computer, computer system orcomputer network;
(f) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;
(g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under
(h) charges the services availed of by a person to the account of another person
by tampering with or manipulating any computer, computer system, or computer network,
he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected.
Penalty for failure to furnish information return, etc.
If any person who is required under this Act or any rules or regulations made thereunder to—
(a) furnish any document, return or report to the Controller or the Certifying
Authority fails to furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each such failure;
(b) file any return or furnish any information,
books or other documents with in the time
specified therefor in the regulations fails to file
return or furnish the same within the time
specified therefor in the regulations, he shall
be liable to a penalty not exceeding five
thousand rupees for every day during which
such failure continues;
(c) maintain books of account or
records, fails to maintain the same, he
shall be liable to a penalty not exceeding
ten thousand rupees for every day
during which the failure continues
Residuary penalty.
Whoever contravenes any rules or regulations
made under this Act, for the contravention of
which no penalty has been separately provided,
shall be liable to pay a compensation not
exceeding twenty-five thousand rupees to the
person affected by such contravention or a
penalty not exceeding twenty-five thousand
rupees.
Power to adjudicate.
(1) For the purpose of adjudging under this Chapter whether any person has committed a contravention of any of the provisions of this Act or of any rule, regulation, direction or order made there under the Central Government shall, subject to the provisions of sub-section (3), appoint any officer not below the rank of a Director to the Government of India or an equivalent officer of a State Government to be an adjudicating officer for holding an inquiry in the manner prescribed by the Central Government.
(2) The adjudicating officer shall, after giving the
person referred to in sub-section (1) a
reasonable opportunity for making
representation in the matter and if, on such
inquiry, he is satisfied that the person has
committed the contravention, he may impose
such penalty or award such compensation as
he thinks fit in accordance with the
provisions of that section.
(3) No person shall be appointed as an adjudicating officer unless he possesses such experience in the field of Information Technology and legal or judicial experience as may be prescribed by the Central Government.
(4) Where more than one adjudicating officers are appointed, the Central Government shall specify by order the matters and places with respect to which such officers shall exercise their jurisdiction.
(5) Every adjudicating officer shall have the powers of a civil court which are conferred on the Cyber Appellate Tribunal under sub-section (2) of section 58, and—
(a) all proceedings before it shall be deemed to be judicial proceedings within
the meaning of sections 193 and 228 of the Indian Penal Code;
(b) shall be deemed to be a civil court for the purposes of sections 345 and 346 of the Code of Criminal Procedure, 1973.
CYBER CRIME
“ Rather than giving Information and technology Gives rise to
cyber crime.”
SHAILENDRA K CHAUDHARY (10MBMA61)
Cyber crime
“Any criminal activity that uses a computer
either as an instrumentality, target or a
means for perpetuating further crimes comes
within the ambit of cyber crime” Reasons for increase are easy to access, complex, negligence
and loss of evidence.
Cybercrime can be against individuals, individual properties,
organisation and society.
Classification of cyber crime
Against Individuals: –
i. Harassment via e-mails.
ii. Cyber-stalking.
iii. Dissemination of obscene material.
iv. Defamation.
v. Unauthorized control/access over computer system.
vi. Indecent exposure
vii. Email spoofing
viii. Cheating & Fraud
Against Individual Property: -
i. Computer vandalism.
ii. Transmitting virus.
iii. Netrespass
iv. Unauthorized control/access over
computer system.
v. Intellectual Property crimes
Against Organization: -
i. Unauthorized control/access over computer systemii. Possession of unauthorized information.iii. Cyber terrorism against the government organization.iv. Distribution of pirated software etc.
Against Society at large: -
i. Pornography (basically child pornography).ii. Polluting the youth through indecent exposure.iii. Financial crimesiv. Sale of illegal articlesv. Online gamblingvi. Forgery
Famous Cyber Crime Cases in India Three customer service agents of
call centre contractor MphasiS BFL, working on the Citibank account, gained the confidence of four US customers and obtained their PIN numbers and other classified account information. They then used these to transfer money out of those customers' accounts and into the accounts of members of their gang.
An Indian court has granted bail to a schoolboy who
allegedly recorded a sexual act between himself and a 16-
year-old girl on his mobile phone.
The clip was later sold on video CDs via auction site Baazee.com, sparking the
arrest of its manager for India.
Prevention of Cyber Crime Avoid disclosing any information
pertaining to oneself. Use latest and up date anti virus
software to guard against virus attacks. Keep back up volumes so that one may
not suffer data loss in case of virus contamination.
Keep a watch on the sites that children are accessing to prevent any kind of harassment.
Use of firewalls may be beneficial.
Global Initiatives Five countries from three continents banding together to fight cyber crime in a synergistic way by sharing intelligence, swapping tools and best practices, and strengthening and even synchronizing their respective laws
PROPOSED INITIATIVES PROPOSED RECOMMENDATIONS & AMENDMENTS TO IT ACT
M.S.AVINASH YADAV
10MBMA58
Report of the Expert Committee Proposed Amendments to Information Technology Act 2000 .
SUMMARY -August 2005 Proposal to add Sec. 43(2) related to handling of
sensitive personal data or information with reasonable security practices and procedures thereto
(ii) Gradation of severity of computer related offences under Section 66, committed dishonestly or fraudulently and punishment thereof
(iii) Proposed additional Section 72 (2) for breach of confidentiality with intent to cause injury to a subscriber.
A new section on Section 67 (2) has been added to address child pornography with higher punishment, a globally accepted offense
Suggestions from Report of the Expert Committee (contd..) A new phenomenon of video voyeurism has
emerged in recent times where images of private area of an individual are captured without his knowledge and then transmitted widely without his consent thus violating privacy rights. This has been specifically addressed in a new proposed sub-section 72(3).
Section 79 has been revised to bring-out explicitly the extent of liability of intermediary in certain cases.
Power to make rules w.r.t the functioning of the “Intermediary” including “Cyber Cafes” has been provided for under Section 87.
POSITIVE INITIATIVES & RECOMMENDATIONS
Mumbai Cyber lab is a joint initiative of Mumbai police
and NASSCOM has been set up.
RECENT EXAMPLE: Cong official sends vulgar emails to rival, held
Ahmed Ali, TNN, Oct 21, 2010, 12.28am
MUMBAI: Hemal Joshi, block president of Congress from Mahim constituency, who sent threatening and vulgar emails to Ajit Sawant, Congress office-bearer from Mahim, was arrested by the cyber crime investigating cell of the Mumbai police on Wednesday.
Cyber lab set up.
New provisions for child pornography, etc.
More Cyber crime police cells set up across the country.
Effective E-surveillance and more Public awareness
campaigns
Specialized Training of forensic investigators and experts
Active coordination between police and other law enforcement
agencies and authorities is required.
Training of police officers to effectively combat cyber crimes-In
a public-private partnership, public sector Canara Bank, the
Karnataka Police department and NASSCOM have jointly set
up the lab, which would train 1,000 officials every year. The
trained officers would be able to analyze and scrutinize data on
hard disks, track e-mails, extract evidence using internet and
mobile phones and cyber crime-related legislation.
IT AMENDMENT ACT, 2008 NOTIFIED W.E.F. 27/10/2009(As Amended by Information Technology Amendment Bill 2006 passed in Loksabha on Dec 22nd and in Rajyasbha on Dec 23rd of 2008 , Presidential assent given on 5th February 2009, and notified with effect from October 27, 2009)
Technology neutral (Section 15)- Electronic
Signatures
Examiner of Electronic Evidence (Section 79-A)
Eight New Cyber offences added
Power of interception of electronic
communication to the Government
Data base security and privacy
Offences made bail able, less stringent
Offence of hacking only if with dishonest
or fraudulent intention
The level of investigation brought down to
the Inspectors from DSPs
CRITICISM TO ITAA 2008Due to lack of insight and good provisions ITAA 2008 has been
criticized by many cyber law observers Praveen Dalal, Managing Partner of Perry4Law and the leading Techno-
Legal Expert of India has also criticized it on many counts. Realising the urgency of the situation, union minister for law and justice M
Veerappa Moily has also in the past said that the government would bring in amendments to Information Technology and Extradition Act to make them more effective in tackling cyber crime.
Recently, a national conference on the theme of ‘Information Management, Computing and Security’ (IMCS’09) was organized. Speaking on this occasion, A.N. Shastry, Associate Vice President, Infosys said that the IT Act passed by the Indian government in the year 2000 needs to be revised.
Indian Express(06/02/2009) : Section 69 of the Information Technology (Amendment) Act of 2008 appears to be in violation of Article 21 of the Constitution — “no person shall be deprived of his life or personal liberty except according to procedure established by law.” It is unfortunate that a democratic and independent India has passed a law which is far more detrimental to personal liberty than the British Raj did.
Thankyou
