introduction to cyber law

1

INTRODUCTION TO INTRODUCTION TO

CYBER LAWCYBER LAW

Adv. Dipak G. ParmarAdv. Dipak G. ParmarB. Com., LL. M. , C. S. (Inter), Adv. Dip. in Cyber LawB. Com., LL. M. , C. S. (Inter), Adv. Dip. in Cyber Law

Founder, Cyber-IPRFounder, Cyber-IPR

27/01/2011

Copyright Dipak G. Parmar Meant for educational

purpose only

INTRODUCTION

Pre 1990: People are not connectedPre 1990: People are not connected

1990: Connecting People to Information 1990: Connecting People to Information

2000: Connecting People to People2000: Connecting People to People

2010: Everything is connected2010: Everything is connected

We are now living in e-world… dominated by numbers of “e”.

e-friend…e-music…e-network…e-ticket…e-commerce… and very soon e-service of notice in commercial matters of our supreme court.

Recently, our Supreme Court had decided to serve email notice in commercial matters in addition to the regular notice by R. P. A. D. in order to cut down the delay in the servicing notice.

In my opinion, right to life includes right to e-life.

Technology is growing at lightening speed. While the technology brings lot of good things, it also brings equal amount of risks and challenges.

Every day, we read in the newspapers about the various cyber crimes, like Credit card cloning, spoofing, phishing, stalking, etc.

Some of the youngsters indulge in misusing the technology and get caught by the Police Authorities.

A recent study revealed that 80 percent of the cyber crimes in the Corporate Houses are committed by the ‘insiders’.

More than 95 percent of the cases do not get reported to the Police Authorities.

Only 3% of cyber crime complaints filed in Mumbai are being converted in FIR.

CYBERSPACE

Cyberspace is the electronic medium of computer networks, in which online communication takes place.

It is readily identified with the interconnected information technology required to achieve the wide range of system capabilities associated with the transport of communication and control products and services.

The term “cyberspace” was first used by the cyberpunk science fiction author William Gibson.

Now, the term has become a conventional means to describe anything associated with computers, information technology, the internet and the diverse internet culture.

Cyberspace includes Cyberspace includes ◦ The Internet, websites The Internet, websites ◦ computers, networkscomputers, networks◦ software, data storage devices, emails software, data storage devices, emails ◦ electronic devices (cell phones, ATM machines etc)electronic devices (cell phones, ATM machines etc)

Cyber Law governs cyberspaceCyber Law governs cyberspace

Cyber space is an intangible and provides Cyber space is an intangible and provides an extreme mobilityan extreme mobility◦ events taking place on the internet are not happening events taking place on the internet are not happening

in the locations where participants or servers are in the locations where participants or servers are physically located, but "in cyberspace". physically located, but "in cyberspace".

Cyber space offers great economic Cyber space offers great economic efficiency.efficiency.◦ Billions of dollars worth of software can be traded over

the Internet without the need for any government licenses, shipping and handling charges and without paying any customs duty.

Cyber space has Complete disrespect for Cyber space has Complete disrespect for national boundaries.national boundaries.◦ A person in India could break into a bank’s electronic

vault hosted on a computer in USA and transfer millions of Rupees to another bank in Switzerland, all within minutes. All he would need is a laptop computer and a cell phone.

Cyber space is absolutely open to Cyber space is absolutely open to participation by all.participation by all.◦ A ten year-old to an eighty year-old grand mother

without any regard for the distance or the anonymity between them.

Cyber space offers enormous potential for Cyber space offers enormous potential for anonymity to its members.anonymity to its members.◦ "On the Internet, nobody knows you're a dog" is an

adage which began as the caption of a cartoon by Peter Steiner published by The New Yorker on July 5, 1993.

◦ The cartoon features two dogs: one sitting on a chair in front of a computer, speaking the caption to a second dog sitting on the floor.

◦ http://www.unc.edu/depts/jomc/academics/dri/idog.html

On the Internet, it is very easier to create On the Internet, it is very easier to create several copies and transmitting the same in several copies and transmitting the same in different locations of world in few minutes. For different locations of world in few minutes. For these reasons, the Internet has been described these reasons, the Internet has been described as “the world’s biggest copy machine”. as “the world’s biggest copy machine”.

“ “It’s the World’s Biggest Copy Machine,” PC week (January 27, 1997).It’s the World’s Biggest Copy Machine,” PC week (January 27, 1997).

The IT Act gives legal recognition to electronic records and digital and electronic signature.

Where any law provides that information or any other matter shall be authenticated by affixing the signature or any document should be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of electronic/digital signature affixed in such manner as may be prescribed by the Central Government.

Use of Electronic Records and Electronic Signature in Government and its agencies

Penalty, Compensation and

Offences

22

If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network -◦(a) to (j)

Then he shall be liable to pay unlimited damages to affected the person.

If any person, dishonestly or fraudulently, does any act referred to in section 43,

Punishment: Jailed upto three years and/or fine upto five lakh rupees.

Dishonestly- the intention of causing wrongful gain to one person or wrongful loss to another person

Fraudulently – the intention to defraud but not otherwise

If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network -

◦(a) accesses or secures access to such computer, computer system or computer network or computer resource

Access means Gaining entry into, Instructing with the logical, arithmetical, or

memory function resources of Communicating with the logical,

arithmetical, or memory function resources of

a computer, computer system or computer network (widely defined to cover every with a computer chip)

Access means Gaining entry into a computer, computer

system or computer network (widely defined to cover

Applies to physical access too Examples

Unauthorized access to a room storing a server/super computers

Unscrews the cabinet of computer

Access means Instructing or communicating with the

logical, arithmetical, or memory function resources of a computer, computer system or computer network (widely defined to cover

Instructing means giving order or directing (one way process)

Communicating means exchange of information (one way process)

Examples (instructing or communicating )

Remotely shutting down computer by sending SMS Port scanning??

A port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it.

Section 43 (a) covers access or secures access◦ Secure means to make certain

To make certain that access can be achieved as and when desired by the person seeking to access.

Example X, network administrator of ABC Limited, stores

passwords of main servers in his personal laptop. Y, a friend of X, with X permission, access X’s laptop and note down passwords of main server. Y secured access to main servers of ABC Limited.

If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network -

◦(g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder,

Assistances – is act of helping or aiding Facilitate – to make easier or to make less

difficult or to assist in the progress of…

Examples Handing over password by the existing officer Deliberately ignoring warnings of IDS Putting firewall on disable mode

Secured access or attempts to secure access to a protected system

Punishment : jailed upto 10 years and/or fine Protected system declared by the Government

Examples: Computers of India Army, Mumbai Police, Forest Dept of Government etc.

Examples (attempts) Unsuccessful attempt to break password Unsuccessful DOS attack Unsuccessful attempt to send a Trojan


◦(b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;

To download is to transfer information from one computer to another

To copy is to imitate or reproduce an exact replica of the original

To extract is to take out, distil, deduce, derive or quote from any source


◦(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;

If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network –

◦(d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;

Damage means to destroy, alter, delete, add, modify or rearrange any computer resource by any means

Examples Changing an image from .gif format to .jpg format Deleting/changing of code/URL/ excel file


◦(e) disrupts or causes disruption of any computer, computer system or computer network;

Disruption- could be total or partial To prevent the normal continuance of To throw into confusion or disorder To interupt or impede the progress of

Examples of Disruption Spreading worms in a global network…

slowing down of the network

Switching off the wi-fi modem

Using the slow internet connection for heavy download…it is not available to other legitimate users.


◦(f) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;

◦Examples: DOS and DDOS attacks


◦(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network,

◦Examples: internet time theft, misuse of credit card etc

If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network -◦(j) Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage,

Any person knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter ◦ any computer source code used for a computer,

computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force,

Punishment: jailed up to three years and/or fine up to two lakh rupees. Case-Law: Syed Asifuddin & others v/s State of A. P and

another

Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, to the person so affected.

Example: BPO outsourcing contract

Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who,◦ while providing services under the terms of lawful

contract, ◦ has secured access to any material containing

personal information about another person, ◦ with the intent to cause or knowing that he is likely to

cause wrongful loss or wrongful gain ◦ discloses, without the consent of the person

concerned, or in breach of a lawful contract, such material to any other person,

Punishment: Jailed upto three years, or/and fine upto five lakh rupees

Any person who sends, by means of a computer resource or a communication device,-

◦a) any information that is grossly offensive or has menacing character; or

Punishment: Jailed upto three years, or/and fine

Any person who sends, by means of a computer resource or a communication device,-◦ ◦ b) any information which he knows to be false,

but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device,


Any person who sends, by means of a computer resource or a communication device,-

◦c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages


Examples: SPAM, spoofing

67. Punishment for publishing or transmitting obscene material in electronic form

67 A Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form

67 B Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form

If any person, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, ◦ Punishment: Jailed upto three years, or/and fine

upto two lakhs “private area” means the naked or

undergarment clad genitals, pubic area, buttocks or female breast

66 B. Punishment for dishonestly receiving stolen computer resource or communication device

66C. Punishment for identity theft 66D. Punishment for cheating by personation by

using computer resource 66F. Punishment for cyber terrorism

Sec 75 Act to apply for offence or contraventions committed outside India by any person irrespective of his nationality.

if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.

1.1. PReSENSE, Issue No 32 – Oct 2008 PReSENSE, Issue No 32 – Oct 2008 (http://www.primepointfoundation.org/presense/presense1008.pdf accessed on (http://www.primepointfoundation.org/presense/presense1008.pdf accessed on 27-09-2009) 27-09-2009)

2.2. Introduction to Indian Cyber Law, Rohas Nagpal, Asian School of Cyber Laws Introduction to Indian Cyber Law, Rohas Nagpal, Asian School of Cyber Laws (http://www.asianlaws.org/library/cyber-laws/intro-indian-cyber-law.pdf (http://www.asianlaws.org/library/cyber-laws/intro-indian-cyber-law.pdf accessed on 27-09-2009)accessed on 27-09-2009)

3.3. A False Bargain: The Los Angeles County Economic consequences of A False Bargain: The Los Angeles County Economic consequences of counterfeit Product, prepared by Gregory Freeman, Nancy D Sidhu and Michael counterfeit Product, prepared by Gregory Freeman, Nancy D Sidhu and Michael Montoya (February 2007)Montoya (February 2007)

4.4. ““It’s the World’s Biggest Copy Machine,” PC week (January 27, 1997).It’s the World’s Biggest Copy Machine,” PC week (January 27, 1997).5.5. Wikipedia Wikipedia

http://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_you're_a_dog http://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_you're_a_dog (Accessed on 15-09-2010)(Accessed on 15-09-2010)

http://en.wikipedia.org/wiki/Cyberspace (Accessed on 15-09-2010)http://en.wikipedia.org/wiki/Cyberspace (Accessed on 15-09-2010)http://en.wikipedia.org/wiki/Port_scanner (Accessed on 27-01-2011)

1.1. presentation on Digital DNA & Digital Augmentation (how technology and new presentation on Digital DNA & Digital Augmentation (how technology and new economic force are changing business) by Martin Deinoff economic force are changing business) by Martin Deinoff (http://www.slideshare.net/MartinDeinoff/digital-dna-digital-augmentation-(http://www.slideshare.net/MartinDeinoff/digital-dna-digital-augmentation-5162852 Accessed on 13-09-2010)5162852 Accessed on 13-09-2010)

Thank YouThank You

Adv. DIPAK G. PARMARAdv. DIPAK G. [email protected]@Cyber-IPR.com

0982019697109820196971