Upload
dhrubak-banerjee
View
231
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Brief overview of IT Act 2000 & its amendmentsRole of IT in Banking SectorComparison of IT law of India & BrazilRole of NASSCOMCase studies
Citation preview
Information Technology Act, 2000
Information Technology Act, 2000
Report Submitted To:Report Prepared By:
A.G. AmdekarMayuriD001Mohit AgrawalD003Ankit Anurag D005Dhrubak B D007Apoorva CD009Ruchi CD011Jay DoshiD013Aditya GhoshD015Mohit GuptaD017Ashish JainD019
ContentsExecutive Summary1Background2Rationale behind the Act:2National reasons3International reasons4UNCITRAL Model Law on E-Commerce 19964Structure of the IT Act5Key Terms5Highlights of the Act61.Digital Signature:6i. Definition of Digital Signature6ii. Functions of digital signature7iii. Legal provision relating to digital signature7Non- Applicability of the IT Act, 20008Amendments:82.Electronic Governance:9Amendments:123. Acknowledgement and Dispatch of Electronic Records:12Validity of contracts formed through electronic means12Time of dispatch of e-record12Time of receipt of e-record124. Offences:131. Tampering with the computer source documents & hacking with computer system132. Publishing or transmitting, or causing to be published, pornographic material in electronic form133. Penalty for breach of confidentiality and privacy134. Penalty for publishing false Digital Signature Certificate in certain particulars145. Application of the Act for offence or contravention committed outside India:146. Power to investigate offences14Other notable new additions to the Act in the amendment151. Punishment for sending offensive messages through communication service, etc.152. Punishment for identity theft153. Punishment for Cyber Terrorism154. Preservation and retention of information by intermediaries165. Corporate responsibility with respect to protection of information16Statistics related to cybercrime:18State wise cybercrime rate:20Role of Information Technology in the Development of Banking Sector in India21Comparison with Brazil22Domain name and cybersquatting:22Network Neutrality:24NASSCOM and its contribution towards IT Act:26Initiatives by NASSCOM:281)National Skills Registry (NSR):-28Key Engagements341)Budget Recommendations:-342)SEZs operations and revival plans353)Digital Economy and Policy Implications35Case Studies36Arbitrary Arrests for Comment on Bal Thackeray's Death36AIB Roast38MphasiS-Citibank Fraud39ISIS Twitter Handle40IIPM42Conclusion43References45
Page | 1
Executive SummaryThis report summarizes the key provisions of IT Act 2000 and the amended act of 2008.Information Technology Act 2000 addressed the issues of legal recognition of electronic documents and digital signatures, offenses and contraventions and justice dispensation systems forcybercrimes. The amended Act has provided additional focus on information security. It has added several new sections on offences includingcyber terrorismanddata protection.
Through this report we have tried to understand the implications of this act on business specifically banking sector. The report also brings out certain key statistics related to cybercrimes and hence makes the relevance of this act more significant. With the new Government in the country, the focus on Information technology has increased. The proposed setting up of IT hubs and IT infrastructure is being looked at favorably by various businesses. This act has improved the ease of doing business in the country and has provided e commerce industry a significant boost.
We have also highlighted the role of NASSCOM in the digital revolution of the country. The IT law in India has been compared globally to understand the gaps with the more mature implementation of the act. The impact of this act on SEZs has also been covered. A knowledge about this act is a must for future managers as we are heading towards a digital economy and the provisions of this act will also have a significant impact on policy changes introduced by Government in the future.Lastly the act has been explained and analyzed through various case studies of national and international importance.
BackgroundToday e-commerce has become a major market and the sector is only to grow in the future. Business is being done over internet, data has become accessible to everyone on smartphones, paper based communication has been substituted by e-communication, paper based commerce by e-commerce and paper based governance by e-governance. Internet is taking over our daily lives as processes are going online, all our data have become electronic. Accordingly we have new terminologies cyber world, netizens, e-transaction, e-banking, e-return and e-contracts.The Government of India realized the need for introducing a new law and for making suitable amendments to the existing laws to facilitate e-commerce and give legal recognition to electronic records and digital signatures. The legal recognition to electronic records and digital signatures in turn will facilitate the conclusion of contracts and the creation of legal rights and obligations through the electronic communication like Internet. This gave birth to the Information Technology Bill, 1999. In May 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received the assent of the President in August 2000 and came to be known as the Information Technology Act, 2000.Apart from positive side of e-revolution there is seamy side also, as computer; internet and ICT in the hands of criminals have become weapons of offence. Thus a new branch of jurisprudence emerged to tackle the problems of cyber crimes in cyber space. The IT Law also aimed to provide protection from such crimes over the internet.
Rationale behind the Act:New communication systems and digital technology have made dramatic changes in the way we live. Businesses and consumers are increasingly using computers to create, transmit and store information in electronic form instead of traditional paper documents. Information stored in electronic form have many advantages. It is cheaper, easier to store, retrieve and speedier to communicate. But there wasnt any appropriate legal framework for the online transactions. The two principal hurdles were requirements as to writing and signature for legal recognition. The law of evidence is traditionally based on paper based records and oral testimony. Since electronic commerce eliminates the need for paper transactions, the need for legal changes had become necessary. These laws would provide for legal recognition of electronic records and digital signatures. This would enable the conclusion of contracts and creation of rights and obligations through online medium. The illustrations below provide a picture of the growth of internet users and the e-commerce space in India.
These growth figures justify the legalization of transactions conducted online. The major reasons for IT Act, 2000 are discussed below:National reasonsi. Increasing use of ICTs in conducting business transactions and entering into contracts, because it was easier, faster and cheaper to store, transact and communicate electronic information than the traditional paper documents.ii. Business people were aware of these advantages but were reluctant to interact electronically because there was no legal protection under the existing laws.
International reasonsi. International trade through electronic means was growing tremendously and many countries had switched over from traditional paper based commerce to e-commerce.ii. The United Nations Commission on International Trade Law (UNCITRAL) had adopted a Model Law on Electronic Commerce in 1996, so as to bring uniformity in laws governing e-commerce across the globe.iii. India, being a signatory to UNCITRAL, had to revise its national laws as per the said model law. Therefore, India also enacted the IT Act, 2000.iv. Because the World Trade Organization (WTO) was also likely to conduct its transactions only in electronic medium in future.
UNCITRAL Model Law on E-Commerce 1996The Indian Information Technology Act is based on the UNCITRAL Model Law on E-Commerce 1996. The United Nations Commission on International Trade Law (UNCITRAL) adopted this model law to enable and facilitate commerce conducted using electronic means by providing national legislators with a set of internationally acceptable rules aimed at removing legal obstacles and increasing legal predictability for electronic commerce. In particular, it was intended to overcome obstacles arising from statutory provisions that may not be varied contractually by providing equal treatment to paper-based and electronic information. Such equal treatment was essential for enabling the use of paperless communication, thus fostering efficiency in international trade.
The MLEC was the first legislative text to adopt the fundamental principles of non-discrimination, technological neutrality and functional equivalence that are widely regarded as the founding elements of modern electronic commerce law. The principle of non-discrimination ensures that a document would not be denied legal effect, validity or enforceability solely on the grounds that it is in electronic form. The principle of technological neutrality mandates the adoption of provisions that are neutral with respect to technology used. In light of the rapid technological advances, neutral rules aim at accommodating any future development without further legislative work. The functional equivalence principle lays out criteria under which electronic communications may be considered equivalent to paper-based communications.
Structure of the IT ActThe Act totally has 13 chapters and 90 sections (the last four sections namely sections 91 to 94 in the Information Technology Act, 2000 dealt with the amendments to the four Acts namely the Indian Penal Code 1860, The Indian Evidence Act 1872, The Bankers Books Evidence Act 1891 and the Reserve Bank of India Act 1934). The Act begins with preliminary and definitions and from there on the chapters that follow deal with authentication of electronic records, digital signatures, electronic signatures etc. Elaborate procedures for certifying authorities (for digital certificates as per Information Technology Act -2000 and since replaced by electronic signatures in the Information Technology Act Amendment -2008) have been spelt out. The civil offence of data theft and the process of adjudication and appellate procedures have been described. Then the Act goes on to define and describe some of the well-known cybercrimes and lays down the punishments therefore. Then the concept of due diligence, role of intermediaries and some miscellaneous provisions have been described.Key Terms "Computer" means any electronic magnetic, optical or other high-speed dataprocessing device or system which performs logical, arithmetic, and memory functions bymanipulations of electronic, magnetic or optical impulses, and includes all input, output,processing, storage, computer software, or communication facilities which are connected orrelated to the computer in a computer system or computer network;
"Computer network" means the interconnection of one or more computers through(i) The use of satellite, microwave, terrestrial line or other communication media; and(ii) Terminals or a complex consisting of two or more interconnected computers whetheror not the interconnection is continuously maintained;
"Data" means a representation of information, knowledge, facts, concepts or instructionswhich are being prepared or have been prepared in a formalized manner, and is intended to beprocessed, is being processed or has been processed in a computer system or computernetwork, and may be in any form (including computer printouts magnetic or optical storagemedia, punched cards, punched tapes) or stored internally in the memory of the computer.
"Digital Signature" means authentication of any electronic record by a subscriber bymeans of an electronic method or procedure in accordance with the provisions of section 3.
"Electronic Record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche
"Asymmetric Crypto System" means a system of a secure key pair consisting of aprivate key for creating a digital signature and a public key to verify the digital signature
"Subscriber" means a person in whose name the Digital Signature Certificateis issued
Computer source code means a listing of programs, design & layout, computer commands and programs, analysis of resource in any form.
Highlights of the Act1. Digital Signature:Digital signature is a secure method of binding the identity of the signer with electronic record or message. This method uses a public key crypto system commonly known as asymmetric crypto system to generate digital signature.i. Definition of Digital SignatureDigital signature means authentication of any electronic record by a subscriber by means of an electronic method or procedure.
ii. Functions of digital signatureFollowing are the main functions of digital signaturea. To provide authenticity, integrity, secrecy and non-repudiation to electronic record or message.b. To use the internet as a safe and secure medium without any violation or compromise for any e-transaction.
iii. Legal provision relating to digital signatureThe IT Act, 2000 contains following provisions relating to digital signature:a. Authentication of electronic recordsAny subscriber may authenticate an electronic record by affixing his digital signature.
b. Authentication by use of asymmetric crypto system and hash functionThe authentication of electronic record shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record.Hash function means an algorithm mapping or translation of one sequence of bits into another, generally smaller, set known as hash result such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its input making it computationally infeasible: To derive or reconstruct the original electronic record from the hash result produced by the algorithm; That two electronic records can produce the same hash result using the algorithm.
c. Verification of electronic recordAny person by the use of public key of the subscriber can verify the electronic record.
d. Private key and public key are uniqueThe private key and the public key are unique to the subscriber and constitute a functioning key pair.
Non- Applicability of the IT Act, 2000The provisions of IT Act, 2000 is not applicable to documents specified in the First Schedule of the Act which are as follows:1. Execution of a Negotiable Instrument (other than a cheque) under the Negotiable Instruments Act, 1881.2. Execution of a Power of Attorney under the Power of Attorney Act, 18823. Creation of a trust under Indian Trusts Act, 18824. Execution of a Will under the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called5. Entering into a contract for the sale or conveyance of immovable property or any interest in such propertyThe Central Government may, by notification in the Official Gazette, amend the above list of documents by way of addition or deletion of entries therefrom.The reason for excluding the above mentioned documents from the purview of the Act is that such documents are required to be authenticated only by handwritten signatures. Also, these documents require special attestation and/or registration formalities, which are also a reason for their exclusion.
Amendments:The amendment has brought a far broader ambit covering biometrics and other new forms of creating electronic signatures in this section.India has different segments people and all may not be technologically adept to understand and use the digital signatures hence, allowing other forms of authentication that are simpler to use viz. retina scanning can be quite useful in effective implementation of the Act. However, this creates additional task of accessibility to authentication tools, educating the masses on their usage as well as developing suitable conditions for reliability of the signature. Section 84A has empowered the Central Government to prescribe modes or methods for encryption which should be done in consultation with NASSCOM/governmental agencies that can assist.
Another amendment has been made in the definition for Communication devices & Intermediary. Communication devices have been defined as all communication devices, cellphones, iPods or other devices used to communicate, send or transmit any text ,video ,audio or image.Definition of intermediary similarly clarifies the categories of service providers viz. telecom service providers, network service providers, web hosting service providers, internet service provider, search engines, online auction sites & payment sites, online marketplaces and cyber cafes.With the recent revelations of terrorists and nefarious activities pertaining to transmittance of information being carried through mobile devices, cyber cafes etc. this addition is a welcome one.
2. Electronic Governance:E-governance is the application of ICTs to the processes of government functioning so as to have simple, accountable, speedy, responsive and transparent governance. Further, the World Bank defines e-governance as the use of information and communication technologies by government agencies to transform relations with citizens, business and other arms of the government. It involves information technology enabled initiatives that are used for improving:
a. The interaction between government and citizens or government and business commonly known as e-services;b. The internal government operations commonly known as e-administration; andc. External interaction among the members of society commonly known as e-society.
According to CSR Prabhu, e-governance is a form of e-business, which involves delivery of electronic services to the public. It also involves collaborating with business partners of the government by conducting electronic transactions with them. It enables general public to interact with the government, through electronic means, for getting the desired services.
The Government's online tax filing facility is a form of e-governance. This initiative has helped reduce paperwork and eased the whole process, thus increasing the effectiveness of the process. Other examples of e-governance are e-tenders through Central Procurement Portal, e-Seva Kendras etc.
E-filing of Income Tax: An example of E-governance
E-Tenders: Another example of E-governance
The Act gives details about the electronic governance and provides amongst others that where any law provides that information or any other matter shall be in writing or in typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is(a) Rendered or made available in an electronic form; and(b) Accessible so as to be usable for a subsequent reference
About retention of electronic records it states that where any law provides that documents, records or information shall be retained for any specific period, then, that requirement shall be deemed to have been satisfied if such documents, records or information are retained in the electronic form, if(a) The information contained therein remains accessible so as to be usable for a subsequent reference;(b) The electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;(c) The details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record
The main objective of e-governance is to simplify and improve governance and enable peoples participation in governance through mail and internet. E-governance is much more than just preparing some websites. It ranges from the use of internet for the dissemination of plain web based information at its simplest level to services and online transactions on the one hand and utilizing IT in the democratic process itself, i.e., election on the other.
E-governance is applied in following ways:a. Putting government laws and legislations online.b. Putting information relating to government plans, budgets, expenditures and performances online.c. Putting online key judicial decisions like environment decisions etc. which are important to citizens and create precedence for future actions.d. Making available contact addresses of local, regional, national and international officials online.e. Making available the reports of enquiry committees or commissions online
Amendments:Amendment has been made to re-emphasize the legal validity of electronic documents in Section 7A & 10A. According to Section 7A, audit of electronic documents is necessary wherever paper based documents are required to be audited by law. Section 10A confers legal validity & enforceability of contracts formed through electronic means.
3. Acknowledgement and Dispatch of Electronic Records:Validity of contracts formed through electronic meansWhere in a contract formation, the communication of proposals, the acceptance of proposals, the revocation of proposals and acceptances, are expressed in electronic form or by means of an electronic record, then such record shall not be deemed to be unenforceable solely on the ground that such electronic form or means was used for that purpose.
Time of dispatch of e-recordThe dispatch of an e-record occurs when it enters a computer resource outside the control of the originator.
Time of receipt of e-recordThe time of receipt of an e-record shall be determined in the following manner:i. Where the addressee has assigned a computer resource for the purpose of receiving e-records and the e-record is received in a designed computer resource then receipt occurs at the time when e-record enters the designated computer resource; or a computer resource of the addressee that is not the designated computer resource then receipt occurs at a time when the e-record is retrieved by the addressee.ii. Where the addressee has not designated a computer resource nor specified any timings for receipt of e-record then the receipt occurs when e-record enters the computer resource of the addressee4. Offences:Some of the offences and cybercrimes listed under the act are:1. Tampering with the computer source documents & hacking with computer systemAnyone who intentionally destroys or alters the computer source code when its supposed to be not tampered with according to the law, shall be punishable with imprisonment up to 3 year, or with fine up to 2 lakh rupees, or both.When such intentions are to cause loss or damage to a person or the public by tampering with information residing in a computer resource, it is considered hacking. It can attract an imprisonment up to 3 years or fine up to 2 lakh rupees or both.
2. Publishing or transmitting, or causing to be published, pornographic material in electronic formThis offence can, on first conviction, attract imprisonment up to 5 years or penalty up to 1 lakh rupees. On second conviction, the terms can increase to 10 years and fines to 2 lakh rupees.The amendment has changed the terms for punishment of the offence with first conviction attracting imprisonment up to 3 years and fine up to Rs. 5 lakh. The second or subsequent offence will attract imprisonment up to 5 years and also with fine which may extend to Rs. 10 lakh.
3. Penalty for breach of confidentiality and privacyIf any individual under the provisions of the Act, rules or regulations has secured access to any electronic information material without the consent of the concerned person & discloses the information to any other person is liable to be imprisoned up to 2 years or a fine up to 1 lakh rupees or both.The terms for punishment were enhanced by the amendment. The fine limit was increased to 2 lakh and imprisonment limit to 3 years.
4. Penalty for publishing false Digital Signature Certificate in certain particularsThe offence is committed when Certifying authority listed in the certificate has not issued it or the subscriber has not accepted it or the certificate has been revoked or suspended. It will attract an imprisonment up to 2 years or fine up to 1 lakh rupees or with both.The amendment extended the punishment for the offence for a term which may extend to 3 years and shall also be liable to fine which may extend to Rs. 1 lakh.
5. Application of the Act for offence or contravention committed outside India:The act is applicable for any contravention committed outside India by any person, if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.
6. Power to investigate offencesAny investigation of offences laid down in the act should be conducted by a police officer not below the rank of Deputy Superintendent.To enhance cyber security and for identification, analysis and prevention of intrusion or spread of computer contaminant in the country, the amendment provides for the Central Government to authorize any agency of the Government to monitor and collect traffic data or information generated, transmitted, received or stored in any computer resource by way of notification in the Official Gazette.The intermediary or any person-in-charge of the computer resource, when called upon by such agency, shall provide technical assistance and extend all facilities to such agency to enable online access or to secure and provide online access to the computer resource generating, transmitting, receiving or storing such traffic data or information. Any intermediary who intentionally or knowingly contravenes the above said duty shall be punished with imprisonment for a term which may extend to 3 years and shall also be liable to fine.
Other notable new additions to the Act in the amendment1. Punishment for sending offensive messages through communication service, etc.Any person who, by means of a computer resource or a communication device, sends a. Any information that is grossly offensive or has a menacing character; orb. Any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device; orc. Any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages, shall be punishable with imprisonment for a term which may extend to 3 years and with fine
2. Punishment for identity theftAny person who, fraudulently or dishonestly makes use of the electronic signature, password, or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to 3 years and shall also be liable to fine which may extend to Rs. 1 lakh
3. Punishment for Cyber TerrorismA person commits the offence of cyber terrorism if he,(i). with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people a. denies or causes the denial of access to any person authorized to access computer resource; orb. attempts to penetrate or access a computer resource without authorization or by exceeding authorized access; orc. introduces or causes to introduce any computer contaminant;and by means of such conduct causes or is likely to cause death or injuries to persons, or damage to or destruction of property, or knowing that it is likely to cause damageor destruction of supplies or services essential to the life of the community, or adversely affect the critical information infrastructure specified u/s 70
(ii). Knowingly or intentionally accesses or penetrates a computer resource without authorization or exceeding authorized access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or foreign relations, or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise
4. Preservation and retention of information by intermediariesIntermediary shall preserve and retain such information as may be specified for such duration and in such manner and format as the Central Government may prescribe.Any intermediary who intentionally or knowingly contravenes the above duty shall be punished with imprisonment for a term which may extend to 3 years and also be liable to fine.
5. Corporate responsibility with respect to protection of informationThe amendment in 2008 has introduced has provided for corporate bodies which handle sensitive personal information or data in a computer resource to adopt reasonable security practices in order to maintain its secrecy, failing which they may be liable to pay damages in form of compensation, extent of which may be unlimited.It is of particular significance to BPO & KPO companies that handle such sensitive information in the regular course of their business. The term reasonable security practices as explained in section 43A only indicates these procedures. However the law explaining the definition of the term is yet to be laid down by the Central government. Perhaps, we can take guidance from certain foreign laws on data protection & standards laid down in European Union or by organizations such as OECD in protection of sensitive personal data.
Statistics related to cybercrime:Ranks of states based on the internet penetration rate:
StatesRank based on no of internet users
MAHARASHTRA1
TAMIL NADU2
KARNATAKA3
UTTAR PRADESH4
ANDHRA PRADESH5
KERALA6
WEST BENGAL7
GUJARAT8
PUNJAB9
HARYANA10
RAJASTHAN11
MADHYA PRADESH12
BIHAR13
ODISHA14
ASSAM15
JHARKHAND16
CHHATTISGARH17
UTTARAKHAND18
JAMMU & KASHMIR19
HIMACHAL PRADESH20
GOA21
MANIPUR22
TRIPURA23
MEGHALAYA24
NAGALAND25
MIZORAM26
ARUNACHAL PRADESH27
SIKKIM28
State wise cybercrime rate:
There is a strong correlation between internet penetration rate and the number of cybercrimes in a particular state.
Role of Information Technology in the Development of Banking Sector in IndiaInformation and communication technology is playing a vital role across many industries and sectors, resulting in a positive impact on economic development. The financial sector and more particularly banking industry was one of the very first to utilize information technology way back in the 1960s, and has thus the record of influencing the development process through the technology. The banking sector is an example in which information technology infrastructures have had implications on the economic development of many nations across jurisdictions.Since the 1990s, the banking sector in India has seen greater emphasis being placed on technology and innovation. Banks began to use technology initially with a view to take care of their internal requirements pertaining to bookkeeping, balancing and for transactions processing; the all-pervasive face of Information Technology soon enabled banks to provide better quality of services at greater speed. Internet banking and mobile banking have made it possible for customers to access banking services literally and virtually from anywhere and anytime. The biggest barriers, time and distance, to access banking services were crossed by leveraging technology. The sector has also moved rapidly towards universal banking and electronic transactions, which changed the way banking is done, during the last decade or so. These technology driven delivery channels are being used to reach out to maximum number of customers at lower cost and in most efficient manner. The beauty of these banking innovations is that it puts both banker and customer in a win- win situation. Effective use of technology has a multiplier effect on growth and development.
Lets take the e.g. of various Payment Systems. Until 1990s, one could make payments through two predominant means - cash and cheque. Today, a tech-savvy customer is empowered to choose a desired service from slew of products- card payments, NEFT transfer, RTGS transfer, ECS/NECS payments, mobile payments etc. Further, after using any of these payment methods, the first instrument he turns to is his mobile phone for confirmatory messages, a feature unique to India.Customers have become increasingly individualistic and, at the same time, more discerning in their relationships with banks. Ubiquitous information and the power of social media inputs have resulted in customers comparing offerings across the market; evaluating the service levels of different banks like in the corporate sector. As a result of intensifying competition, banks are coming up with customer centric products.
Information Technology also plays a major role in financial inclusion, a sustainable banking theme very relevant to a country like India that has a large unbanked population. For example, handheld devices, used by bank agents to draw people living in remote areas into the banking fold, run on technology. Internet and mobile technologies are trying to reach out to the populace starved of banking services as well. Financial institutions are also joining forces with network operators in providing access to mobile based payment services even to those who do not have bank accounts. These product and channel innovations require robust and scalable ICT platforms.
Technology has also helped banking sector in delivering affordable financial services with greater efficiency without compromising on levels of safety, security and reliability. It has brought down the cost of financial services by using economies of scale. Technology has also been used in removing geographical barriers and reaching out to the unbanked - the poor are now unreached but not unreachable. The use of electronic payment modes to disburse the governments social benefit transfers illustrates this point.
Thus IT has completely revolutionized the current BFSI sector.
Comparison with BrazilDomain name and cybersquatting:Electronic commerce is based on the system of domain names. The Information Technology Act, 2000 does not even touch the issues relating to domain names. Even domain names have not been defined and the rights and liabilities of domain name owners do not find any mention in the law.Whereas in Brazil there has been a growing interest in the registration of a domain name with a .com.br top domain level and until recently only companies established in Brazil, and therefore companies that were holders of a CNPJ (Brazilian Federal Taxpayers Registry) number, could register such a domain name. Nevertheless, FAPESP (the Brazilian agency responsible for the registration of Internet domain names) issued rules that also allow foreign entities without a CNPJ number to register a domain name with a .com.br address. Under these rules, a foreign entity aiming to register a domain name without a CNPJ number, has to nominate an attorney-in-fact who is both legally established in Brazil and registered with FAPESP. Furthermore, the foreign entity must provide its attorney-in-fact with the required documents which shall be delivered to FAPESP. Afterwards, FAPESP will grant a temporary identification number to the foreign entity, which, for the purposes of the registration of the domain name, shall be the temporary substitute for the CNPJ. During the registration of the domain name with FAPESP, the attorney-in-fact, on behalf of the foreign entity, must designate the people who will be responsible for the communication between the foreign entity and FAPESP, also referred to as the IDs. Such IDs include the administrative ID; the technical ID (used for posting or deleting content from the Web Site at that address) and the institutional ID (used to represent the company in proceedings with FAPESP). FAPESPs main objective through these rules is to allow foreign entities to be able to register a domain name with a .com.br address. The registration process is still somewhat bureaucratic, but it is the first step towards spreading such domain names around the globe.Cybersquatting is the most crucial type of domain dispute prevalent around the world. It is a practice where individuals buy domain names reflecting the names of existing companies, with an intention to sell the names back to businesses to attain profit when they want to set up their own websites. The definition of Cybersquatting can be best summarized in Manish Vij v. Indra Chugh, AIR 2002 Del 243, the court held that an act of obtaining fraudulent registration with an intent to sell the domain name to the lawful owner of the name at a premium. Many multinational companies like Tata, Bennett & Coleman, Mc Donalds etc were among the first victims of cybersquatting. Many cases are also decided by the WIPO (World Intellectual Property Organization) and ICANN.Maruti Udyog, Indias largest automaker had filed a case in 2006 (Maruti.com et al. v. Maruti Udyog Ltd. et al., U.S. Dist. Ct. No. L-03-1478) against Rao Tella who was deemed a cyber-squatter three times by WIPO. In this case the defendant had registered a domain name www.maruti.com. The US court held that since Maruti does not manufacture or sell cars in the United States, therefore the ACPA would not be applicable. Though the WIPO arbitration panel had given an order in favor of MarutiUdyog, it was not binding on the US district court.The first case in India with regard to cybersquatting was Yahoo Inc. V. Aakash Arora & Anr., where the defendant launched a website nearly identical to the plaintiffs renowned website and also provided similar services. Here the court ruled in favour of trademark rights of U.S. based Yahoo. Inc (the Plaintiff) and against the defendant, that had registered itself as YahooIndia.com. The Court observed, it was an effort to trade on the fame of yahoos trademark. A domain name registrant does not obtain any legal right to use that particular domain name simply because he has registered the domain name, he could still be liable for trademark infringement. The Bombay High Court in Rediff Communication v. Cyberbooth & Anr 2000 PTC 209 observed that the value and importance of a domain name is like a corporate asset of a company. In this case the defendant had registered a domain name radiff.com which was similar to rediff.com. The court gave a decision in favor of the plaintiff.Looking at the current situation prevailing in the world, it is certain that cybersquatting is a menace. It is a menace which has no boundaries. In my opinion, it is similar to terrorism. The only difference is that in the latter human life is affected. Cyber squatters have robbed businesses of their fortune. Looking from the Indian perspective cybersquatting has been prevalent since internet came to the subcontinent. The courts in India have decided many cases related to cybersquatting. It is the imperative for the parliament to enact a law which would deal with this menace. As of now there is no such law which prohibits cybersquatting like that of the United States or of Brazil.
Network Neutrality:It is the principle that Internet service providers and governments should treat all data on the Internet equally, not discriminating or charging differentially by user, content, site, platform, application, type of attached equipment, or mode of communication. In 2014, the telecom company TIM (the Brazilian subsidiary of Telecom Italia Mobile), in partnership with WhatsApp, released a zero rating plan that allowed subscribers to use the app for "free, meaning it would not drain subscribers data allowances. The zero rating proposal generated discussions about a possible violation of the net neutrality provision of Marco Civil. Marcelo Bechara, the counselor of the National Telecommunications Agency (ANATEL), believes the proposal is a matter of the free market, while others argue that the gratuity of the app generates an asymmetry in traffic (since many users will choose to use this particular app) thus limiting and inhibiting the emergence of new applications and innovations.According to the InternetLab, the most discussed topic in the Marco Civils consultation is "Net neutrality". The main discussion involves "zero rating" plans and the following question: "Can the mobile operators perform this type of discrimination in favor of one application in spite of its competitors?As of 2014,India has no laws governingnet neutrality. There have already been a few violations of net neutrality in India by some service providers. TheTelecom Regulatory Authority of India (TRAI) is yet to form proper guidelines regarding net neutrality.Examples: In February 2014,Gopal Vittal, CEO of Airtel's India operations, said that companies offering free messaging apps likeSkype,Line andWhatsApp should be regulated similar to telecom operators. In August 2014, TRAI rejected a proposal from telecom companies to make messaging application firms share part of their revenue with the carriers or the government. In October 2014,Vodafone India Marten Pieters CEO suggested that companies likeFacebook andWhatsApp should be taxed to ensure a level playing field with telecom operators. In November 2014, TRAI began investigating if Airtel was implementing preferential access by offering special internet packs which allowed WhatsApp and Facebook data at rates which were lower than its standard data rates.In December 2014, Airtel changed its service terms for 2G and 3G data packs so that VoIP data was excluded from the set amount of free data. A standard data charge of0.04 per 10 KB for 3G service and0.10 per 10 KB (more than10,000.00 for 1GB) for 2G service was levied on VoIP data. A few days later Airtel announced a separated internet pack for VoIP apps, it offered 75 MB for75 with a validity of 28 days. The TRAI chief Rahul Khullar said that Airtel cannot be held responsible for violating net neutrality because India has no regulation that demands net neutrality. Airtel's move faced criticism on social networking sites likeFacebook,Twitter andReddit. Later on 29 December 2014, Airtel announced that it would not be implementing planned changes, pointing out that there were reports that TRAI would be soon releasing a consultation paper on the issue.NASSCOM and its contribution towards IT Act:The National Association of Software and Services Companies (NASSCOM) is a trade association of Indian Information Technology (IT) and Business Process Outsourcing (BPO) industry. Established in 1988, NASSCOM is a non-profit organization NASSCOM is a global trade body with over 1500 members, of which over 250 are companies from the United States, UK, EU, Japan and China. NASSCOM's member companies are in the business of software development, software services, software products, IT-enabled/BPO services and e-commerce. NASSCOM facilitates business and trade in software and services and encourages the advancement of research in software technology. It is registered under the Indian Societies Act, 1860. NASSCOM is headquartered in New Delhi, India, with regional offices in the cities of Mumbai, Chennai, Hyderabad, Bangalore, Pune, and Kolkata.
In addition to this NASSCOM members have the opportunity to: Be represented among regulators, and governments of India and other countries on issues that impact IT and BPO companies at a national, international and regional level. Share and gain insights on current regulations and how they are relevant to Indian IT-BPO organizations Engage with policy makers and parliamentarians and help spread the message of the impact of IT on IndiaVision:- To help the IT and IT enabled products and services industry in India to be a trustworthy, respected, innovative and society friendly industry in the world
The primary set of activities Nasscom does are given as follows:- Set Strategic direction for industry Policy advocacy for Industry growth. Best practices, sharing & collaboration International partnerships & affiliation Workforce development SustainabilityMembers of NASSCOM are Indian Companies in varied businesses such as software development, software services, and IT-enabled/BPO services. NASSCOM role has primarily been to make sure that service quality and enforcement of Intellectual Property Rights have been properly implemented in the Indian software and BPO industry. As of June 2007, more than 1,110 information technology companies in India were members of NASSCOM, which included domestic software/ITES companies along with multinationals operating within India. NASSCOM has a Mentorship Programme for the mid-sized companies. This is a six-month engagement, which will help the organization to develop a better assessment of their strengths and weaknesses.
Insights on industry trends Access to NASSCOM research and intelligence that tracks industry trends, growth opportunities and best practices. Access to industry presentations, blogs, discussions and articles. An opportunity to engage with the NASSCOM research team and share case studies or transformational stories. Opportunities to enhance visibility Visibility through features and interviews on the NASSCOM website, as well as the monthly newsletter, NASSCOM Newsline. Speak, sponsor or participant opportunities at NASSCOM events. Chance to contribute to blogs and newsletters as thought leaders. Brand building through NASSCOM awards and recognitions. Opportunity to network, build and share best practices Chance to use the member database on NASSCOM's website to post a trade lead, or participate in one. Chance to share or learn best practices through city-level networking sessions on human capital development, data security, contract management, quality, diversity and more. Global trade development Members can participate in opportunities for global networking and build business at NASSCOM's global events, and through delegations and road shows. Network with companies in other countries through their delegations to India. Receive information regularly about policy updates in countries. Understand issues related to visas, immigration through NASSCOM's mobility best practices sessions. Learn about trends and opportunities in markets through country reports.
Initiatives by NASSCOM:1) National Skills Registry (NSR):-
National Skills Registry is a NASSCOM initiative to have a credible information repository about all persons working in the industry. This develops trusted and permanent fact sheet of information about each professional along-with background check reports. This is a security best practice for the industry and assures identity security, industry acceptance to honest professionals.
National Skills Registry (NSR) is a database of details of the Professionals as entered by them and background check information on the same. It includes personal, academic and employment details of individuals employed / to be employed in the industry. Every professional registered in NSR is identified uniquely by finger-prints. The database also stores the photograph of the registered professional.Human resources are the key assets for IT-BPO industry in India and the industry has focused on developing and implementing best practices in human capital management, safety and security that span across employees, clients and other stakeholders.
Background and Purpose of National Skills Registry (NSR):The Indian IT and BPO industry has seen dramatic growth and evolution over the last 10 years and there is little hesitation from the outsourcers to look at India as a preferred destination for outsourcing. Today, the Indian IT and BPO are increasingly viewed as trusted partners that have a growing role in global customers business strategy. This trend has resulted in Indian IT industry becoming an extension of customers processes, IT systems, network and their business.The rewards of a close partnership are accompanied by a responsibility to safeguard global customers business interest and to ensure that the trust placed in our services does not introduce any additional risk to the customers business, data or reputation. The need therefore is to project India as a safe and secured destination for IT & BPO outsourcing. Information security is no more a mere legal requirement but it is fast becoming a factor for companies to compete on and grow businesses. A secure and reliable environmentdefined by strong copyright, IT and cyber lawsis an imperative for the growth and future success of the IT services and BPO industry players.NASSCOM along with Indian IT&BPO industry has been proactive in pushing this cause and ensuring that the Indian Information Security environment benchmarks with the best across the globe. The IT services and BPO players in India are taking as many precautions as possible to ensure that data and personal information of their customers is protected. That means following international best practices, getting procedures audited by independent parties and making sure that these procedures are up to date and are being closely followed.
Information Security Environment in India and National Skills Registry
While most Indian IT services and BPO firms are recognized for high quality processes and services special focus has been given to the protection of customer data. One of the frequent concerns expressed by global customers are the absence of a consistent mechanism that can be used to accurately and uniquely identify an individual, which is a serious impediment in determining the reliability of an Indian IT professional. This concern has become even more critical, as India as a country, doesnt have any unique identification number (like US Social Security number) assigned to every citizen.The purpose of NSR therefore is to create a consistent means of uniquely identifying the IT professionals, allowing the Indian IT industry players and customers to conduct business in a very effective and confident this enhancing the profile and competitiveness of the Indian IT industry. NSR will also help IT companies to reduce cost on hiring and most importantly will evolve a standardized process for the industry.There are six important stakeholders and team behind the success of NSR:Employee-KP Knowledge Professional: NSR system basically hosts the factual information about the KP.Employers They are either the current employer or the prospective employer accessing the system through Digital signature certificatesPOS Point of service vendors who are responsible for checking the KYC documents and scanning of the photographs and the fingerprints.EBC Empanelled Background checkers. These are the verification partners shortlisted by NSR based on selection criteria and compliance checks by the NSR team.NDML- Most important stake holder. NDML provides the hosting of the data.
Some of the facts regarding this initiative are as under:- 123 leading companies registered 8.44 ITPINs generated Over 12.90 lakh professionals registered 91 Point of Service across 21 cities are functional 17 Background Verification Companies empanelled
Association with New Government & its Contribution:-10000 Start-ups:10,000 Start-ups is an ambitious attempt by NASSCOM supported by Google, Microsoft, Verisign, Kotak & Intel, to scale up the startup ecosystem in India by 10x! 10,000 Start-ups aims to enable incubation, funding and support for 10,000 technology start-ups in India BY 2023.No. Of applications: 9000No. Of startups shortlisted so far: 800
Over the years Indias contribution towards global IT services have steadily increased. Indian IT sector has evolved from a low cost service provider to innovation and business impact.
67% of the respondents sought Indian IT service for Innovation and Business Impact.
India has the 3rd largest technology start-up base in the world. As per the report the numbers will increase by 4 folds. To cater to this growing industry and the changing outlook of the world towards the Indian IT sector NASSCOM suggested for a super IT Hub.
NASSCOM continues to be in forefront, highlighting concerns and working with both, the industry and the government towards a better environment. Industry inputs and support in this process has been critical. They are working with both the union and state governments of India to create a policy and regulatory climate conducive to the growth of the IT-BPM industry in the country. It is indeed heartening that the suggestions related to leveraging ICT for growth, easing regulatory and compliance burden for businesses in general and for start-ups and small organizations in particular, are today the center piece of various government initiatives. The governments focus on streamlining business environment and a commitment to leverage technology, in particular ICT, for realizing development goals, offer significant opportunities for the Industry. NASSCOM is deeply involved in the Digital India and skilling India consultations, making suggestions and offering a platform for the Industry to showcase the transformative impact, global capabilities as well as concerns related to business conditions to the Government of India. Several announcements and clarifications related to existing policies have been made in the last one year, taking into account the issues raised and associated recommendations made by NASSCOM.
Key EngagementsThe highlights of its key engagements with the government and their outcome are as follows:1) Budget Recommendations:-The pre-budget discussions and recommendations made to the government have been targeted to enable the IT industry to map a sustained growth plan, and suggest how best global competencies of the ICT sector can be leveraged for growth and development goals. The success of the flagship initiatives of the government Digital India and Make in India offers tremendous opportunities for the innovation driven technology industry, and the success also hinges on the sustainability and continued growth of the technology driven sector. Hence, factors that can potentially restrict growth and innovation and necessary aspects to promote a growth oriented business environment for existing players, innovation driven start-ups and SMEs were shared. Further suggestions were made to encourage adoption and migration to digital economy, thereby helping government leverage the inherent transparency and traceability of online transactions.Some of the salient recommendations by NASSCOM are: Addressing regulatory and tax challenges for technology startups and SMEs, like: Ambiguous software product taxation including dual levies and implementation issues adding to the burden, Difficulties in access to funding for low asset based firms, Investors difficulties related to regulations and taxations discouraging investors Incentives for technology startups and SMEs: Extend provisions on deduction for employment and skill development (Section 80JJAA), R&D credits Suggestions for new provisions like offsetting manpower training cost, deferred tax credits for start-ups Interest rates on penalty for service tax, for amount under litigation, should be rationalized Towards Make in India: In recognition of the transformative impact of IT, extend incentives to the Indian industry for adoption and implementation of IT tools for efficiency enhancement, ensuring sustainability and global competitiveness for the success of the Make in India programme, revoke exclusion of expenses towards software tools for R&D from weighted deduction under the DSIR guidelines to encourage adoption of advanced R&D Policy revisions/clarifications for expansion of the industry: Exports Foreign Tax Credit policy, drawback scheme for services and carry backward of business losses, Domestic business Align royalty definition with international practices, clarify POPS rules, revisit amendments made in CENVAT rules, restore lower TDS rates on fees for technical services and clarify transfer pricing related issues some of which were addressed in the last budget but details are awaited, prevailing conditions and prerequisites for participating in government programmes are onerous. Further, SMEs face stiff barriers in the eligibility criteria. There is a need to revisit and refine the procurement process for government projects. Several long pending issues that require clarifications to minimize disputes were also raised and it was agreed that the industry will leverage the recently constituted High Level Committee for the purpose of a resolution
2) SEZs operations and revival plansThe Union Budget in May 2014, in response to several representations both at the Centre and State, clarified administrative procedure for SEZ refunds, allowing for upfront exemptions. NASSCOM has also submitted feedback on operational issues and need to address them at the earliest, and also made suggestions for changes in the SEZ Act for incorporation in the SEZ revival plans. One of the key suggestions made was to allow services to access domestic market, at par with access offered to sale of goods to DTA.
3) Digital Economy and Policy Implications They strive to encourage growth of ecommerce, taxation on digital transactions should be in the least, at par with the physical world, if not reduced to facilitate adoption and migration to technology enabled platformsa. Online payments: Continuing the efforts in streamlining the online payment environment to ensure that recurring payments for subscription to internet enabled based products and services are possible in a manner that is acceptable and the norm around the world, we have made representations to the RBI on the issue. The RBI has acknowledged the issue and we await a simplified single authentication, which will allow easy recurring payments with adequate safeguards.b. Regulations for Cloud Communication Service Providers and issues related to ecommerce: As cloud enabled services grow in India, NASSCOM has been interacting with the government on how regulations should be adapted, modified or clarified to prevent operational hassles. In continuation of this, a guidance paper was made available to Cloud Communication Service Providers, highlighting essential contract terms to ensure compliance with Telecom Regulatory Authority of India (TRAI) regulations. The contents were prepared in discussion with the regulators taking care of their concerns and also drawing from best practices from other sectors. The Industry has been referring to it, as they draft client contracts. IV.Companies Act NASSCOM has been sharing industry feedback related to the various provisions of the Companies Act that add to the compliance burden, and need simplifications. NASSCOM Foundation is taking lead in the area of Corporate Social Responsibility (CSR) and associated guidelines and rules. Along with industry, they are working closely with the Ministry of Corporate Affairs (MCA) in suggesting changes and processes for a smooth adoption of the CSR mandate in the IT sector.V. Start-up and Software Product Policy Initiative Specific issues specific to technology start-ups have been taken up across ministries for resolution. This includes working with Ministry of Finance, DeitY, Ministry of Micro, Small & Medium Enterprises (MSME), MCA, Ministry of Commerce etc. The categories under which recommendations are being made encompass taxation, regulatory compliance, investor issues and proposal for a comprehensive framework for incentives and support.Case StudiesArbitrary Arrests for Comment on Bal Thackeray's DeathTwo girls had been arbitrarily and unlawfully arrested for making comments about the late Shiv Sena supremo Bal Thackeray's death. Police arrested a 21-year-old girl for questioning the total shutdown in the city for Bal Thackerays funeral on her Facebook account. Another girl who liked the comment was also arrested.
The duo were booked under Section 295A of the IPC ("outraging religious feelings of any class") and Section 66A ("sending offensive messages through communication service, etc.") of the Information Technology Act, 2000. Though the girl withdrew her comment and apologized, a mob of some 2,000 Shiv Sena workers attacked and ransacked her uncles orthopedic clinic at Palghar.Her comment said People like Thackeray are born and die daily and one should not observe a bandh for that.
Section 295A of the IPC is cognizable and non-bailable, and hence the police have the powers to arrest a person accused of this without a warrant. Section 66A of the IT Act is cognizable and bailable.Interestingly, the question arises of the law under which the friend who 'liked' the Facebook status update was arrested. It would take a highly clever lawyer and a highly credulous judge to make 'liking' of a Facebook status update an act capable of being charged with electronically "sending ... any information that is grossly offensive or has menacing character" or "causing annoyance or inconvenience", or under any other provision of the IT Act (or, for that matter, the IPC). That 'liking' is protected speech under Article 19(1)(a) is not under question in India (unlike in the USA where that issue had to be adjudicated by a court), since unlike the wording present in the American Constitution, the Indian Constitution clearly protects the 'freedom of speech and expression', so even non-verbal expression is protection.Role of bad law and the policeIn this case the blame has to be shared between bad law (s.66A of the IT Act) and an abuse of powers by police. The police were derelict in their duty, as they failed to provide protection to the Dhada Orthopaedic Hospital, run by the uncle of the girl who made the Facebook posting. Then they added insult to injury by arresting Shaheen Dhada and the friend who 'liked' her post. Rule of lawRule of law demands that laws are not applied in an arbitrary manner. When tens of thousands were making similar comments in print (Justice Katju's article in the Hindu, for instance), over the Internet (countless comments on Facebook, Rediff, Orkut, Twitter, etc.), and in person, how did the police single out Shaheen Dhada and her friend for arrest?Social Media Regulation vs. Suppression of Freedom of Speech and ExpressionThis should not be seen merely as "social media regulation", but as a restriction on freedom of speech and expression by both the law and the police. Section 66A makes certain kinds of speech-activities ("causing annoyance") illegal if communicated online, but legal if that same speech-activity is published in a newspaper. This distinction is important as it being a Facebook status update should not grant Shaheen Dhada any special immunity; the fact of that particular update not being punishable under s.295 or s.66A (or any other law) should.
AIB RoastAccording to a press release sent by lawyer Abha Singh, who filed the complaint on behalf social activist Santosh Daundkar, the Chief Metropolitan Magistrate of Girgaon court, ordered the police to file an FIR based on Daundkar's complaint.All India Bakchod (AIB) a popular comedy group had held a roast (a comedy event where a celebrity is mocked) of Arjun Kapoor and Ranveer Singh in a stadium in December 2014 and later uploaded the video on YouTube. After a police complaint in Pune, the group took down the YouTube video, which had had over 8 million hits.
According to Abha Singh's press statement, the show was 'pre-scripted' and vulgar, obscene and pornographic.She also raised the issue in her complaint that the AIB roast could not be justified under the argument of free speech because the current law does not allow for such obscene speech.She said in the complaint, "If they (advocates of free speech) think that law on obscenity is improper and constrains freedom of speech and expression then the right course for them is to approach the government for changing the law, these votaries of free speech cannot take law in their own hands and then utter pornographic words in front of women audience, more so at the time when the entire country is concerned with women safety."The complaint also says that "crimes against women are being influenced by such obscene and pornographic happenings" and that such a show should not have been allowed on land that has been leased out by the government to be used for sports, etc.According to the report, social activist Santosh Daundkar has previously been involved in other complaints like the Adarsh Housing Society case, Shah Rukh Khan's Mumbai bungalow and the purchase of bullet-proof jackets for Mumbai Police after November 2008 terror attacks among others.The FIR has been filed against president of National Sports Council of India (NSCI) Jayantilal Shah, secretary general NSCI Ravinder Aggarwal and participants in the AIB Roast including Karan Johar, Ranveer Singh, Rohan Joshi, Tanmay Bhatt, Gursimran Khamba, Ashish Shakya, Aditi Mittal, Deepika Padukone, Aalia Bhatt, Rajeev Masand, and Arjun Kapoor.The police will now investigate the matter under the following sections: Section 67 and 66A of the Information Technology Act, 2000: For having putting up an obscene, pornographic and vulgar show on the internet.
MphasiS-Citibank FraudThe MphasiS-Citibank funds siphoning case is particularly noteworthy because of the ease with which a bunch of young BPO employees from middle-class, criminal-free backgrounds allegedly pulled off a financial fraud worth nearly half-a-million dollars ($425,000 at last count on April 20).
The five accused employees of MsourcE the BPO arm of MphasiS BFL unit supervisor Maurelene Fernandes, Bijoy Alexander, and former customer care executives Ivan Thomas, Siddhartha Mehta and Steph-an Daniel were no geeks or hackers. They were not breaking through firewalls or decoding encrypted software. Instead, they are said to have identified glaring loopholes in the MphasiS system, devised a modus operandi, roped in friends like John from outside and executed the fraud over four months.
Being the authorized e-banking service providers to Citibank, MphasiS-MsourcE employees were privy to confidential details of various account holders. The only pieces missing were the password/PINs which the prime accused in the scam Maurelene and Ivan allegedly got by "sweet-talking" five account holders.
Neither Citibank nor MphasiS detected anything amiss after the first illegal transfer in November 2004. In March 2005, a series of rapidfire wire transfers took place, with money being moved to about a dozen bank accounts opened with the help of documents allegedly forged by John and co-accused Anand Karnavat, an ICICI home loans agent. John and Karnavat are among 11 of the 16 arrested in the case who are non-BPO employees and whose role was largely to facilitate the illegal accounts.
However, Citibank finally smelt a rat, after at least one account-holder complained. It alerted Citigroup Investigative Services in Mumbai, headed by Rajendra Bhagwat. Bhagwat's team in Mumbai immediately touched base with the recipient banks in Pune and confirmed the fraud. The Pune police's cyber crime cell was alerted and a trap duly laid.
Many of the accused have been charged under section 67 of the IT Act, 2000 and Indian Penal Code sections 420 (cheating), 465, 467 and 671 (forgery) besides other sections.
ISIS Twitter HandleMehdi Masroor Biswas was handling the pro-jihad tweeter "@ShamiWitness" and he was particularly close to English-speaking ISIS terroristsAn engineer working as "manufacturing executive" with a Bengaluru-based multinational company for an annual package of Rs 5.3 lakh, he became "a source of incitement and information" for the new ISIS recruitsCases had been registered against Mehdi under various provisions of IPC, Unlawful Activities (Prevention) Act and IT ActMehdi had more than 17,000 followers on Twitter and used to "ferociously" tweet by aggregating information and closely watching developments of the region.The Bengaluru Police had launched a manhunt for Mehdi after Britain's Channel 4 News had aired the report regarding the country's IT capital's link with the Twitter account that is followed by foreign jihadis.Channel 4 News had said its investigation had revealed that the man operating the account is called Mehdi and he is an executive in Bangalore working for an Indian conglomerate.Mehdi was interested in the Levantine region, also known as Eastern Mediterranean, consisting of Cyprus, Israel, Jordan, Lebanon, Palestine, Syria and part of Southern Turkey from 2003 onwards.He used to work in the office during daytime and became active on the Internet at nights, he had bought 60 GB Internet connection on monthly basis to read all breaking news on websites relating to ISIS/ISL.Mehdi was careful in hiding his true identity and was confident that it would never get revealed, the state police chief said. "His identity was exposed by Channel 4 and inputs were passed on to the Indian agencies."In its report, 'Channel 4' said the man operating the account had been able to remain anonymous "until now" and avoiding questions about his role in the Islamic State's propaganda war.
Channel 4 News had said its investigation had, however, revealed that the man operating the account is called Mehdi and he is an executive with an Indian conglomerate in Bengaluru.
IIPM
Using Section 66a, the educational company IIPM had got a judge in Gwalior to order the DoT to block 73 URLs that were critical of IIPM, it claims, and evaluations of the courses that it offers students. Within a day of the court ruling on February 14, CERT-In (Computer Emergency Response Team India) and the Department of Telecommunications proceeded to block these URLs. Amongst the URLs that were blocked was the University Grants Commission URL that told students that IIPM was neither a University nor was it authorized to offer degrees.
The Judiciary of India, ordered one Government Department to block the URL of another Government department, for putting out a notice that is in the interest of fee paying students and their families, because a company that claims to provide a service was grossly offended. It was either that or IIPM believes that everyone is mounting a gigantic conspiracy to lie about the quality of the courses it offers. Not only that, the order got the DoT to block URLs of websites of various newspapers and magazines thereby trying to muzzle freedom of press. In both cases it was successful, because the IT Act allowed it the right to do so.
This is not the first time that IIPM has gone after the on-line community to muzzle criticism. However, this time around it has been aided by a singularly draconian piece of legislation that has no business being on the statute books of any civilized nation.ConclusionThe Information Technology Act, 2000 is Indias mother legislation regulating the use of computers, computer systems and computer networks as also data and information in the electronic format. The said legislation has provided for the legality of the electronic format as well as electronic contracts. This legislation and further on, its amendments have touched varied aspects pertaining to electronic authentication, digital signatures, cybercrimes and liability of network service providers. However, it has fallen short in various accounts.
Though is heartening to see that the section on child pornography has been drafted with care, the same cannot be said of other section. For example, section 66A which punishes persons for sending offensive messages is overly broad, and is in violation of freedom of expression article of our Constitution. The fact that some information is "grossly offensive" (s.66A(a)) or that it causes "annoyance" or "inconvenience" while being known to be false (s.66A(c)) cannot be the only reasons for curbing the freedom of speech unless there is some direct relation to indecency, immorality, public order, or defamation. We have seen the misuse of the same in the Bal Thackrey case as well as the ongoing AIB Roast case.
Another case in point is Section 69A which grants powers to the Central Government to "issue directions for blocking of public access to any information through any computer resource". These absolute powers are yet to be put under any framework. It must be ensured that they the framework and guidelines are prescribed first, before any powers of censorship are granted to any body.
Cheating a common phenomenon in the e-world today is not clearly defined in the Act.Whether its cheating by personation is not defined or whether its cheating as referred to under the Indian Penal Code or whether it is creating a new category of offence. If its the latter case, its unclear whether a restricted meaning will be given to those words by the court such that only cases of phishing are penalized, or whether other forms of anonymous communications or disputes in virtual worlds will be brought under the meaning of "personation" and "cheating". With the electronic world expanding limitlessly and personal information being available at the snap of a finger such considerations should have been taken into account in the Act.
The most bizarre and startling aspect of the new amendments is that these amendments seek to make the Indian cyber law a cybercrime friendly legislation; - a legislation that goes extremely soft on cyber criminals, with a soft heart; a legislation that chooses to encourage cyber criminals by lessening the quantum of punishment accorded to them under the existing law; a legislation that chooses to give far more freedom to cyber criminals than the existing legislation envisages; a legislation which actually paves the way for cyber criminals to wipe out the electronic trails and electronic evidence by granting them bail as a matter of right; a legislation which makes a majority of cybercrimes stipulated under the Information Technology Act , 2000 as bailable offences; a legislation that is likely to pave way for India to become the potential cybercrime capital of the world.
Cases of cyber defamation do not fit neatly in the accepted categories of crimes. They represent harm of greater magnitude than the traditional crimes and of a nature different from them. Unlike the traditional crimes, they are not in the shape of positive aggressions or invasions. They may not result in direct or immediate injury; nevertheless, they create a danger, which the law must seek to minimize. Hence, if legislation applicable to such offences, as a matter of policy, departs from legislation applicable to ordinary crimes, in respect of the traditional requirements as to mens rea and the other substantive matters, as well as on points of procedure, the departure would be justified10An effort is still wanted to formulate an international law on the use of Internet to curb this imminent danger of cyber crimes and to achieve a crime free cyber space.
Defamation laws should be sufficiently flexible to apply to all media.The difficulty is that the defamation laws world over were principally framed at a time when most defamatory publications were either spoken or the product of unsophisticated printing.We do need a stronger legal & enforcement regime in India to combat the increasing cybercrimes or in other words, efficacy in dispensation of justice will be instrumental in curtailing such activities.The position in Indian law is not very clear and amendments should be brought to Section 67 of the Information Technology Act, 200011 and also to Section 499 of the Indian Penal Code12 by expressly bring within their ambit offences such as defamation in cyber space, which is certainly a socio-economic offence.
Referenceshttp://aijmr.net/documents/1.4/1413.pdfhttp://papers.ssrn.com/sol3/papers.cfm?abstract_id=2151162http://eac.gov.in/aboutus/chspe/RolTechdev_Bankg.pdfhttp://indianresearchjournals.com/pdf/APJMMR/2012/September/3.pdfhttp://www.ijmbs.com/24/sreelatha.pdfhttp://www.theinternationaljournal.org/ojs/index.php?journal=rjcbs&page=article&op=view&path%5B%5D=1155http://www.rbi.org.in/scripts/BS_SpeechesView.aspx?Id=760http://www.nasscom.in/sites/default/files/NASSCOM-Annual-Report-2015_0.pdfhttp://10000startups.com/http://www.nasscom.in/nasscom-bcg-india-globalized-services-%E2%80%93-innovating-scalehttps://www.youtube.com/watch?v=TAz-E06SdBkPage | 45
