OBJECTIVES

INFORMATION TECHNOLOGYACT, 2000Tushar Gataum Archit Sharma Varsha Sharma Purab Morwal Riddhisha Rane I060 I062 I072 M068 M069

INTRODUCTIONThe United Nations Commission on International Trade Law (UNCITRAL) prepared a model act for the countries to adopt to counter IT related threats.

Based on the draft Act of the UN, the Indian Parliament enacted the Information Technology Act,2000.

A significant amendment to the Act was made in 2008 and became effective in 2009.OBJECTIVESTo give legal recognition to any transaction which is done by electronic way or use of internet.To give legal recognition to digital signature for accepting any agreement via computer. To provide facility of filling document online relating to school admission or registration in employment exchange.According to I.T. Act 2000, any company can store their data in electronic storage. To stop computer crime and protect privacy of internet users.To give legal recognition for keeping books of accounts by bankers and other companies in electronic form. To give more power to IPO, RBI and Indian Evidence act for restricting electronic crime.

DEFINITIONSDIGITAL SIGNATURE :- Authentication of any electronic record by a subscriber by means of an electronic method.

CERTIFYING AUTHORITY :- A person who has been granted a licence to issue a Digital Signature Certificate under section 24.

AFFIXING DIGITAL SIGNATURE :- Adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature.

CERTIFICATION PRACTICE STATEMENT :- A statement issued by a Certifying Authority to specify the practices that the Certifying Authority employs in issuing Digital Signature Certificates.DEFINITIONSELECTRONIC FORM :- Any information generated, sent, received or stored in media, computer memory or similar device.

INTERMEDIARY :- Any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message.

ASYMMETRIC CRYPTO SYSTEM :- A system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature.

HACK :- Whoever with the intent to cause wrongful loss or damage to the public or any person destroys or alters any information residing in a computer resource commits hack.

PROVISIONSDigital Signature

3A. Electronic Signature.

(1)Notwithstanding anything contained in section 3, but subject to the provisions of subsection (2)a subscriber may authenticate any electronic record by such electronic signature or electronic authentication technique which-(a) is considered reliable ; and(b) may be specified in the Second Schedule

Digital SignatureRecognition of Electronic Document4. Legal Recognition of Electronic Records.

Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is-(a) rendered or made available in an electronic form; and(b) accessible so as to be usable for a subsequent reference.

Formation of Contract10A. Validity of Contracts Formed Through Electronic Means.

Where in a contract formation, the communication of proposals, the acceptance of proposals, the revocation of proposals and acceptances, as the case may be, are expressed in electronic form or by means of an electronic record, such contract shall not be deemed to be unenforceable solely on the ground that such electronic form or means was used for that purpose.

Formation of ContractIn case the parties involved in an agreement have not settled on the jurisdiction of a court, Section 13(3) of the Act has provided as follows:

13. Time and Place of Despatch and Receipt of Electronic Record.

(3)Save as otherwise agreed to between the originator and the addressee, an electronic record is deemed to be despatched at the place where the originator has his place of business, and is deemed to be received at the place where the addressee has his place of business.

Data ProtectionThe amendment to the IT Act, 2000 has provided for the protection of data. Section 43 A provides:

43A. Compensation for Failure to Protect Data.

Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, not exceeding five crore rupees, to the person so affected.

"body corporate" means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities"reasonable security practices and procedures" means security practices and procedures designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law12Data ProtectionThe act also makes negligent disclosure of personal information a criminal offence. Section 72A provides:

72A. Punishment for Disclosure of Information in Breach of Lawful Contract.

Any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person shall be punished with imprisonment for a term which may extend to three years, or with a fine which may extend to five lakh rupees, or with both.

OffencesSection 43 of the Act gives a description of all IT related offences.

43. Penalty and compensation for damage to computer, computer system, etc. - If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network-

accesses or secures access to such computer, computer system or computer networkor computer resource;downloads, copies or extracts any data, computer data base or information from such computer;introduces or causes to be introduced any computer contaminant or computer virus;

damages or causes to be damaged any computer;disrupts or causes disruption of any computer;denies or causes the denial of access to any person authorised to access any computer;provides any assistance to any person to facilitate access to a computer;charges the services availed of by a person to the account of another person by tampering with or manipulating any computer;destroys, deletes or alters any information residing in a computer resource or diminishes its value;steal, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code with intention to cause damage; he shall be liable to pay damages by way of compensation to the person so affected.

OffencesPenaltySection 66 prescribes the penalty for the offences referred in section 43. It provides imprisonment for a term which may extend to 2 or 3 years or with fine which may extend to 5 lakh rupees or with both. It was majorly amended in 2008 to introduce a series of new provisions under Section 66 covering almost all major cybercrime incidents.Amendments: 2008SECTIONCHANGE66Dishonesty and Fraudulent intention made necessary; fine has been increased66APunishment for sending offensive messages through communication service, etc. It provides cover for Cyber stalking, threat mails, Phishing mails, SMS, etc.66BPunishment for dishonestly receiving stolen computer resource or communication device66CCovers Identity theft which was not specifically covered earlier66DPunishment for cheating by personation by using computer resource66EThis is a new section which covers Video Voyeurism (privacy of others)66FCovers "Cyber Terrorism" and makes it punishable with imprisonment upto life term. Conspiracy is also covered under the section. The offence would not be bailable or compoundable.

Mphasis BPO Fraud: 2005 Four call centre employees obtained PIN codes from four customers of MphasiS client, Citi Group

The call centre employees opened new accounts at Indian banks using false identities

They used the PINs and account information to transfer money from the bank accounts of CitiGroup customers to the new accounts at Indian banks

By April 2005, the Indian police had tipped off to the scam by a U.S. bank

Arrests were made when those individuals attempted to withdraw cash from the falsified accounts

$426,000 was stolen; the amount recovered was $230,000

Verdict: Court held that Section 43(a) was applicable here due to the nature of unauthorized access involved to commit transactions.

Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime.

Reasons for increase are :Easy to accessComplexNegligence Lack of evidence

E-mail spoofing

Spamming

Defamation

Cyber stalking

Cheating & Fraud

Computer vandalism

Intellectual Property crimes

Internet time theftsAGAINSTINDIVIDUALSAGAINST PROPERTYAGAINSTORGANIZATIONSAGAINSTSOCIETY AT LARGEUnauthorized access of computer system

Denial of service

Logic bomb

Distribution of pirated software etcPornography (basically child pornography)

Financial crimes

Web jacking

ForgeryNASSCOM & ITS ROLE IN ITNational Association of Software and Service Companies (NASSCOM), is a premier trade body to facilitate business and trade in software services.

It is a Non profit organization which was setup in 1988 and currently has more than 1200 members.

Acts as a platform for developing companies

NASSCOM has representatives in various committees in the Government of India and has been a continuous supporter of free trade for growth of IT industry.

OBJECTIVES OF NASSCOMSimplification of trade and business in software and service industry.To enhance cyber security.Establish India as a hub for innovation and professional servicesTo maintain Indias leadership position as a safe place to do businessWork with government to shape policy in all key areas of activities such as skill development, trade and business servicesProvide platforms for members and other stakeholders to work together.Expand the countrys pool of relevant and skilled talent and harness the benefits of ICT to drive inclusive and balanced growthTransform Business, Transform India