Presentation made by Dr. Tabrez Ahmad, in training programme at Biju Pattanaik, state Police Academy Bhubaneswar, to train DSPs organised by Crminal Investigation department govt. of India
1. An Overview of Cyber Crimes
Biju Pattnaik State Police Academy
Bhubaneswar
By Dr. Tabrez Ahmad
Professor of Law
www.technolexindia.com
tabrezahmad7@gmail.com
http://technolexindia.blogspot.com
3. Agenda
1. Background of Cybercrime
2. The categories of cybercrimes
3. Analysis of the cybercrime & Indian
legal position
4. Vicarious Liability of ISPs and Govt.
5. Future course of action
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
4. Digital Revolution Internet Infra in INDIA
Internet INDIA Internet Infrastructure:2008.5
1Mil. Domains
(0.5 Mil. “.in”)
Bharti
BSNL NIC
130+ IDCs 134 Major Mail Servers
ISPs
ERNET
Reliance
TATA
Communications
4.8 Mil. High DNS
Speed Internet
Enterprise
IT /
65 Mil. Internet Govt. ITES
Users BPO
Home
248 Mil. Mobile Academia
Phones
8 Mil. Mobile Phones being added
per month `
Tele Density 24 per 1000 person
Dr. Tabrez Ahmad,
Targetted Broadband connection = 10 Mil. VOIP, IPTV
(2010) 4
http://technolexindia.blogspot.com
5. Real-world & Virtual- world
Current approaches evolved to
deal with real-world crime
Cybercrime occurs in a virtual-
world and therefore presents
different issues
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
6. Example : Theft
Real-world theft:
Possession of property shifts completely
from A to B, i.e., A had it now B has it
Theft in Virtual-world (Cyber-theft):
Property is copied, so A “has” it and so does B
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
7. Development of Cyberlaw and need
of regulation
Internet for Security USA ARPANET
Internet for Research
Internet for e-commerce UNCITRAL Model Law
1996
I.T Act 2000
Internet for e-governance
Internet regulation – serious matter after 9/11 attack
on World Trade Centre
US Patriot Act
I.T Amendment Act 2008
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
8. What is India inc‘s biggest
threat?
Cyber crime is now a bigger threat to India Inc than
physical crime. In a recent survey by IBM, a greater
number of companies (44%) listed cyber crime as a
bigger threat to their profitability than physical crime
(31%).
The cost of cyber crime stems primarily from loss of
revenue, loss of market capitalisation, damage to the
brand, and loss of customers, in that order.
About 67% local Chief Information Officers (CIOs)
who took part in the survey perceived cyber crime as
more costly, compared to the global benchmark of
50%.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
9. Types of Cyber crimes
Crime against
Government
Crime against property
Crime against persons
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
10. Cyber Crimes/Civil
Wrongs
Cyber Protection Vicarious
trespass Cyberlibel of Contents Pornography Cyberte
Liability of
on rrorism
Websites ISPs
Trespass Trespass to
to person Property Cookies,
Viruses Data Online Magic
Collection survelliance LanternTechnique
Identity Cybersquating
Theft
Software Piracy
Phising
Cyberst Data Protection
alking
Confidential
Spammin Information
g
Hacking Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
11. Unauthorized access: This occurs when a user/hacker
deliberately gets access into someone else‘s network either to
monitor or data destruction purposes
For e.g. In February hackers hacked the password of CU VC
Prof. Surabhi Banerjee and send the mails to different Govt.
officials.
Denial of service attack: It involves sending of
disproportionate demands or data to the victims server beyond
the limit that the server is capable to handle and hence causes
the server to crash
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
12. Virus, Worms and Trojan attacks: Viruses are basically
programs that are attached to a file which then gets
circulated to other files and gradually to other computers in
the network. Worms unlike Viruses do not need a host for
attachments they make copies of themselves and do this
repeatedly hence eating up all the memory of the computer.
Trojans are unauthorized programs which functions from
inside what seems to be an authorized program, thereby
concealing what it is actually doing.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
13. Computer Viruses
Viruses
Viruses
A computer virus is a
computer program that can
infect other computer
programs by modifying them Boot and
in such a way as to include a File Boot
infectors record file
(possibly evolved) copy of it. viruses
Note that a program does not infectors
have to perform outright
damage (such as deleting or
corrupting files) in order to be
called a "virus".
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
14. Email Bombing It refers to sending a large number of emails
to the victim resulting in the victim's email account (in case of
an individual) or mail servers (in case of a company or an
email service provider) crashing
Internet Time Thefts
This connotes the usage by an
unauthorized person of the Internet hours paid for by another.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
15. Web Jacking This occurs when someone forcefully takes
control of a website (by cracking the password and later
changing it). The actual owner of the website does not have
any more control over what appears on that website
Theft and Physical damage of computer or its peripherals
This type of offence involves the theft of a computer, some
parts of a computer or a peripheral attached to the computer.
and physically damaging a computer or its peripherals.
Attack on PM Office by Chinese hackers in December 2009
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
16. Combating cyber crimes
Technological measures-Public key
cryptography, Electronic signatures
,Firewalls, honey pots
Cyber investigation- Computer forensics
is the process of identifying, preserving,
analyzing and presenting digital
evidence in a manner that is legally
acceptable in courts of law.
These rules of evidence include
admissibility (in courts), authenticity
(relation to incident), completeness,
reliability and believability.
Legal framework-laws & enforcement
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
17. I.T. ACT, 2000: OBJECTIVES
Different approaches for controlling, regulating
and facilitating electronic communication and
commerce.
Aim to provide legal infrastructure for
e-commerce in India.
To provide legal recognition
for e-transactions
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
18. OBJECTIVES (Contd.)
Carried out by means of electronic data interchange,
and
Other means of electronic communication, commonly
referred to as "electronic commerce", involving the
use of alternatives to paper-based methods of
communication and storage of information.
To facilitate electronic filing of documents with the
Government agencies
To amend the Indian Penal Code, the Indian
Evidence Act, 1872, the Banker's Book Evidence Act,
1891 and the Reserve Bank of India Act, 1934
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
19. GOVERNMENT –NSP??
Governments Providing Services On The
Network
Governments Are Intermediaries. Sec 79 IT
Act.
Under The It Act, 2000, All Governments,
Central And State, All Governmental Bodies
Are ―Network Service Providers‖
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
20. Section 79
For the removal of doubts, it is hereby declared
that no person providing any service as a network
service provider shall be liable under this Act,
rules or regulations made thereunder for any third
party information or data made available by him if
he proves that the offence or contravention was
committed without his knowledge or that he had
exercised all due diligence to prevent the
commission of such offence or contravention.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
21. Network Service Providers:
When Not Liable
Explanation.—For the purposes of this section, —
(a) "network service provider" means an
intermediary;
(b) "third party information" means any information
dealt with by a network service provider in his
capacity as an intermediary.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
22. TRANSPARENCY
Need For Transparent E-governance
Right To Information Act
Government Would Now Not Be Able To Hide
Records Concerning E-governance
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
23. AUTHENTICATION OF
ELECTRONIC RECORDS
Any subscriber may authenticate an electronic
record
Authentication by affixing his digital signature.
Any person by the use of a public key of the
subscriber can verify the electronic record
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
24. LEGALITY OF ELECTRONIC
SIGNATURES
Legal recognition of digital signatures.
Certifying Authorities for Digital Signatures.
Scheme for Regulation of Certifying Authorities
for Digital Signatures
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
25. CONTROLLER OF
CERTIFYINGAUTHORITIES
Shall exercise supervision over the activities of
Certifying Authorities
Lay down standards and conditions governing Certifying
Authorities
Specify various forms and content of Digital Signature
Certificates
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
26. DIGITAL SIGNATURES & ELECTRONIC
RECORDS
Use of Electronic Records and Electronic
Signatures in Government Agencies.
Publications of rules and regulations in the
Electronic Gazette.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
27. International initiatives
Representatives from the 26 Council of
Europe members, the United States,
Canada, Japan and South Africa in 2001 Main objectives-
signed a convention on cybercrime in
efforts to enhance international Create effective cyber
cooperation in combating computer- crime laws
based crimes. Handle jurisdiction issues
The Convention on Cybercrime, drawn Cooperate in international
up by experts of the Council of Europe, is investigations
designed to coordinate these countries' Develop acceptable
policies and laws on penalties on crimes practices for search and
in cyberspace, define the formula
guaranteeing the efficient operation of seizure
the criminal and judicial authorities, and Establish effective
establish an efficient mechanism for public/private sector
international cooperation. interaction
In 1997, The G-8 Ministers agreed to ten
"Principles to Combat High-Tech Crime"
and an "Action Plan to Combat High-
Tech Crime."
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
28. Combating Cyber crime-Indian legal
framework
Information Technology Act, 2000-came into force on 17 October
2000
Extends to whole of India and also applies to any offence or
contravention there under committed outside India by any person
{section 1 (2)}
read with Section 75- Act applies to offence or contravention
committed outside India by any person irrespective of his
nationality, if such act involves a computer, computer system or
network located in India
Section 2 (1) (a) –‖Access‖ means gaining entry into ,instructing
or communicating with the logical, arithmetic or memory function
resources of a computer, computer resource or network
IT Act confers legal recognition to electronic records and digital
signatures (section 4,5 of the IT Act,2000)
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
29. Cybercrime vs Cyber contravention
The IT Act prescribes provisions for contraventions in ch IX of the Act,
particularly s 43 of the Act, which covers unauthorised access,
downloading, introduction of virus, denial of access and Internet time
theft committed by any person. It prescribes punishment by way of
damages not exceeding Rs 1 crore to the affected party.
Chapter XI of the IT Act 2000 discusses the cyber crimes and offences
inter alia, tampering with computer source documents (s 65), hacking (s
66), publishing of obscene information (s 67), unauthorised access to
protected system (s 70), breach of confidentiality (s 72), publishing false
digital signature certificate (s 73).
Whereas cyber contraventions are ‗civil wrongs‘ for which compensation
is payable by the defaulting party, ‗cyber offences‘ constitute cyber
frauds and crimes which are criminal wrongs for which punishment of
imprisonment and/or fine is prescribed by the Information Technology
Act 2000.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
30. Special and General statutes
applicable to cybercrimes
While the IT Act 2000, provides for the specific offences it has to be
read with the Indian Penal Code 1860 (IPC) and the Code of Criminal
Procedure 1973 (Cr PC)
IT Act is a special law, most IT experts are of common consensus that it
does not cover or deal specifically with every kind of cyber crime
for instance, for defamatory emails reliance is placed on s 500 of IPC,
for threatening e-mails, provisions of IPC applicable thereto are criminal
intimidation (ch XXII), extortion (ch XVII), for e-mail spoofing, provisions
of IPC relating to frauds, cheating by personation (ch XVII) and forgery
(ch XVIII) are attracted.
Likewise, criminal breach of trust and fraud (ss 405, 406, 408, 409) of
the IPC are applicable and for false electronic evidence, s 193 of IPC
applies.
For cognisability and bailability, reliance is placed on Code of Criminal
Procedure which also lays down the specific provisions relating to
powers of police to investigate.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
31. Tampering of source code
According to s 65 of the IT Act-
a person who intentionally conceals or destroys or
alters or intentionally or knowingly causes another to
conceal, destroy or alter any computer source code
used for a computer, computer program, computer
system or network when the computer source code is
required to be maintained by law is punishable with
imprisonment upto 3 years or with fine that may
extend upto 2 lakh rupees or with both.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
32. Hacking
Section 66 of the IT Act 2000 deals with the offence of
computer hacking.
In simple words, hacking is accessing of a computer
system without the express or implied permission of
the owner of that computer system.
Examples of hacking may include unauthorised input
or alteration of input, destruction or misappropriation
of output, misuse of programs or alteration of
computer data.
Punishment for hacking is imprisonment upto 3years
or fine which may extend to 2 lakh rupees or both
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
33. Publishing obscene information
Section 67 of the IT Act lays down punishment for the offence of
publishing of obscene information in electronic form
Recently, the Supreme Court in Ajay Goswami v Union of India
considered the issue of obscenity on Internet and held that
restriction on freedom of speech on ground of curtailing
obscenity amounts to reasonable restriction under art 19(2) of
the Constitution. The court observed that the test of community
mores and standards has become obsolete in the Internet age.
punishment on first conviction with imprisonment for a term
which may extend to 5 years and with fine which may extend to 1
lakh rupees. In the event of second conviction or subsequent
conviction imprisonment of description for a term which may
extend to 10 years and fine which may extend to2 lakh rupees.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
34. New offences defined under IT Amendment
Act 2008 with effect from 27th October 2009
Many cybercrimes for which no express provisions existed in the IT
Act 2000 now stand included by the IT Amendment Act 2008.
Sending of offensive or false messages (s 66A), receiving stolen
computer resource (s 66C), identity theft (s 66C), (s 66D) cheating by
personation, violation of privacy (s 66E). Barring the offence of cyber
terrorism (s 66F ) punishment prescribed is generally upto three
years and fine of one/two lakhs rupees has been prescribed and
these offences are cognisable and bailable. This will not prove to
play a deterrent factor for the cyber criminals.
Further, as per new s 84B,abetment to commit an offence is made
punishable with the punishment provided for the offence under the
Act and the new s 84C makes attempt to commit an offence also a
punishable offence with imprisonment for a term which may extend
to one-half of the longest term of imprisonment provided for that
offence
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
35. The IT Amendment Act 2008
In certain offences, such as hacking (s 66) punishment is
enhanced from 3 years of imprisonment and fine of 2 lakhs to
fine of 5 lakhs rupees. In s 67, for publishing of obscene
information imprisonment term has been reduced from five years
to three years (and five years for subsequent offence instead of
earlier ten years) and fine has been increased from one lakh to
five lakhs rupees (ten lakhs on subsequent
conviction).
Section 67A adds an offence of publishing material containing
sexually explicit conduct punishable with imprisonment for a term
that may extend to 5 years with fine upto ten lakhs rupees.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
36. The IT Amendment Act 2008
Section 67B punishes offence of child pornography,
child‘s sexually explicit act or conduct with
imprisonment on first conviction for a term upto 5
years and fine upto 10 lakhs rupees.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
37. Section 46 IT Act
Section 46 of the IT Act states that an adjudicating officer
shall be adjudging whether a person has committed a
contravention of any of the provisions of the said Act, by holding
an inquiry. Principles of audi alterum partum and natural justice
are enshrined in the said section which stipulates that a
reasonable opportunity of making a representation shall be
granted to the concerned person who is alleged to have
violated the provisions of the IT Act. The said Act stipulates that
the inquiry will be carried out in the manner as prescribed by
the Central Government
All proceedings before him are deemed to be judicial
proceedings, every Adjudicating Officer has all powers conferred
on civil courts
Appeal to cyber Appellate Tribunal- from decision of Controller,
Adjudicating Officer {section 57 IT act}
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
38. Section 47, IT Act
Section 47 of the Act lays down that while
adjudging the quantum of compensation
under this Act, the adjudicating officer shall
have due regard to the following factors,
namely-
(a) the amount of gain of unfair advantage,
wherever quantifiable, made as a result of the
default;
(b) the amount of loss caused to any
person as a result of the default;
(c) the repetitive nature of the default
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
39. Section 65: Source Code
Most important asset of software companies
―Computer Source Code" means the listing of
programmes, computer commands, design
and layout
Ingredients
Knowledge or intention
Concealment, destruction, alteration
computer source code required to be kept or
maintained by law
Punishment
imprisonment up to three years and / or
fine up to Rs. 2 lakh
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
40. Section 66: Hacking
• Ingredients
– Intention or Knowledge to cause wrongful loss
or damage to the public or any person
– Destruction, deletion, alteration, diminishing
value or utility or injuriously affecting
information residing in a computer resource
• Punishment
– imprisonment up to three years, and / or
– fine up to Rs. 2 lakh
• Cognizable, Non Bailable,
Section 66 covers data theft aswell as data alteration
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com 40
41. Computer Related Crimes under IPC
and Special Laws
Sending threatening messages by email Sec 503 IPC
Sending defamatory messages by email Sec 499, 500 IPC
Forgery of electronic records Sec 463, 470, 471 IPC
Bogus websites, cyber frauds Sec 420 IPC
Email spoofing Sec 416, 417, 463 IPC
Online sale of Drugs NDPS Act
Web -Jacking Sec. 383 IPC
Online sale of Arms Arms Act
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com 41
42. Case Study- BPO Data Theft
The recently reported case of a Bank Fraud in
Pune in which some ex employees of BPO arm
of MPhasis Ltd MsourcE, defrauded US
Customers of Citi Bank to the tune of RS 1.5
crores has raised concerns of many kinds
including the role of "Data Protection".
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
43. Case Study (contd.)
The crime was obviously committed using "Unauthorized
Access" to the "Electronic Account Space" of the customers.
It is therefore firmly within the domain of "Cyber Crimes".
ITA-2000 is versatile enough to accommodate the aspects
of crime not covered by ITA-2000 but covered by other
statutes since any IPC offence committed with the use of
"Electronic Documents" can be considered as a crime with
the use of a "Written Documents". "Cheating", "Conspiracy",
"Breach of Trust" etc are therefore applicable in the above
case in addition to section in ITA-2000.
Under ITA-2000 the offence is recognized both under
Section 66 and Section 43. Accordingly, the persons
involved are liable for imprisonment and fine as well as a
liability to pay damage to the victims to the maximum extent
of Rs 1 crore per victim for which the "Adjudication Process"
can be invoked.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
44. Case Study (contd.)
The BPO is liable for lack of security that enabled the commission of
the fraud as well as because of the vicarious responsibility for the ex-
employee's involvement. The process of getting the PIN number was
during the tenure of the persons as "Employees" and hence the
organization is responsible for the crime.
Some of the persons who have assisted others in the commission of
the crime even though they may not be directly involved as
beneficiaries will also be liable under Section 43 of ITA-2000.
Under Section 79 and Section 85 of ITA-2000, vicarious responsibilities
are indicated both for the BPO and the Bank on the grounds of "Lack of
Due Diligence".
At the same time, if the crime is investigated in India under ITA-2000,
then the fact that the Bank was not using digital signatures for
authenticating the customer instructions is a matter which would
amount to gross negligence on the part of the Bank. (However, in this
particular case since the victims appear to be US Citizens and the
Bank itself is US based, the crime may come under the jurisdiction of
the US courts and not Indian Courts).
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
45. Cyber Pornography
Section 67 of IT Act
Publishing, transmitting, causing to be published
Porn in the electronic form
Strict punishment
5 years jail (SI or RI) + 1 lakh fine
10 years jail (SI or RI) + 2 lakh fine
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
46. Baazee case
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
47. Baazee case
Obscene MMS clipping listed for sale on
27th November, 2004 - ―DPS Girl having fun".
Some copies sold through Baazee.com
Avnish Bajaj (CEO) arrested and his bail
application was rejected by the trial court.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
48. Points of the prosecution
The accused did not stop payment through
banking channels after learning of the illegal
nature of the transaction.
The item description "DPS Girl having fun" should
have raised an alarm.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
49. Points of the defence
Section 67 relates to publication of obscene
material and not transmission.
Remedial steps were taken within 38 hours,
since the intervening period was a weekend.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
50. Findings of the Court
It has not been established from the evidence
that any publication took place by the
accused, directly or indirectly.
The actual obscene recording/clip could not
be viewed on the portal of Baazee.com.
The sale consideration was not routed
through the accused.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
51. Findings of the Court
Prima facie Baazee.com had endeavored to
plug the loophole.
The accused had actively participated in the
investigations.
The nature of the alleged offence is such that
the evidence has already crystallized and may
even be tamper proof.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
52. Findings of the Court
Even though the accused is a foreign citizen,
he is of Indian origin with family roots in India.
The evidence indicates
only that the obscene material may have been
unwittingly offered for sale on the website.
the heinous nature of the alleged crime may be
attributable to some other person.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
53. Court order
The court granted bail to Mr. Bajaj subject to
furnishing two sureties of Rs. 1 lakh each.
The court ordered Mr. Bajaj to
surrender his passport
not to leave India without Court permission
to participate and assist in the investigation.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
54. State of Tamil Nadu Vs Suhas Katti
This Case is notable for the fact that the conviction was achieved
successfully within a relatively quick time of 7 months from the filing
of the FIR .
The case related to posting of obscene, defamatory and annoying
message about a divorcee woman in the yahoo message group.
Additional Chief Metropolitan Magistrate, delivered the judgment on
5-11-04 as follows:
―The accused is found guilty of offences under section 469, 509 IPC
and 67 of IT Act 2000 and the accused is convicted and is sentenced
for the offence to undergo RI for 2 years under 469 IPC and to pay
fine of Rs.500/- and for the offence u/s 509 IPC sentenced to
undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and
for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to
pay fine of Rs.4000/- All sentences to run concurrently.‖
This is considered the first case convicted under section 67 of
Information Technology Act 2000 in India
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
55. Recently, the Supreme Court in Ajay Goswami v Union of India
considered the issue of obscenity on Internet and held that restriction on
freedom of speech on ground of curtailing obscenity amounts to
reasonable restriction under art 19(2) of the Constitution. The court
observed that the test of community mores and standards has become
obsolete in the Internet age.
Punishment on first conviction with imprisonment for a term which may
extend to 5 years and with fine which may extend to 1 lakh rupees. In
the event of second conviction or subsequent conviction imprisonment
of description for a term which may extend to 10 years and fine which
may extend to2 lakh rupees.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
57. Protected Systems
Gazette notification for declaring protected
system.
Government order authorizing persons to access
protected systems.
10 years jail for accessing or attempting to
access protected systems.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
58. Firos vs. State of Kerala
Govt of Kerala declared the FRIENDS application
software as a protected system.
The author of the application software challenged
the notification and the constitutional validity of
section 70.
The Court upheld the validity of both
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
60. Tampering with source code
Computer source code need not only be in the
electronic form.
It can be printed on paper (e.g. printouts of
flowcharts for designing a software application).
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
61. Tampering with source code
Following are punishable with 3 years jail and /
or 2 lakh fine:
Concealing
Altering
Destroying
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
62. Syed Asifuddin case
Tata Indicom employees were arrested for
manipulation of the electronic 32-bit number
(ESN) programmed into cell phones that were
exclusively franchised to Reliance Infocomm.
The court held that such manipulation
amounted to tampering with computer source
code as envisaged by section 65.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
63. Parliament attack case
Several terrorists attacked Parliament House on
13-Dec-01
Digital evidence played an important role during
their prosecution.
The accused had argued that computers and
digital evidence can easily be tampered and
hence should not be relied upon.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
64. Parliament attack case
A laptop, several smart media storage disks and
devices were recovered from a truck intercepted
at Srinagar pursuant to information given by two
of the suspects.
These articles were deposited in the police
―malkhana‖ on 16-Dec-01 but some files were
written onto the laptop on 21-Dec-01.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
65. Parliament attack case
Evidence found on the laptop included:
fake identity cards,
video files containing clippings of political leaders
with Parliament in background shot from TV news
channels,
scanned images of front and rear of a genuine
identity card,
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
66. Parliament attack case
image file of design of Ministry of Home Affairs car
sticker,
the game 'wolf pack' with the user name 'Ashiq'.
Ashiq was the name in one of the fake identity
cards used by the terrorists.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
67. The Information Technology (Amendment)
Act, 2008 has come into force on 27th
October, 2009.
Almost Nine years and 10 days after the birth of cyber
laws in India, the new improved cyber law regime in India
has become a reality. The Information Technology Act
initially came into force on 17th October 2000 on the
model UNCITRAL of UNO 1996. Major changes to the IT
Act 2000 have now come into force with effect from 27th
October 2009.
There are around 17 changes and out of that most of the
changes relate to cyber crimes. The last decade has seen
a spurt in crimes like cyber stalking and voyeurism, cyber
pornography, email frauds, phishing and crimes through
social networking. All these and more are severely dealt
with under the new laws.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
68. Some of the major modifications are:
1. A special liability has been imposed on call centers, BPOs,
banks and others who hold or handle sensitive personal
data. If they are negligent in "implementing and maintaining
reasonable security practices and procedures", they will be
liable to pay compensation. It may be recalled that India's
first major BPO related scam was the multi crore MphasiS-
Citibank funds siphoning case in 2005. Under the new law, in
such cases, the BPOs and call centers could also be made
liable if they have not implemented proper security
measures.
2. Compensation on cyber crimes like spreading viruses,
copying data, unauthorised access, denial of service etc is
not restricted to Rs 1 crore anymore. The Adjudicating
Officers will have jurisdiction for cases where the claim is
upto Rs. 5 crore. Above that the case will need to be filed
before the civil courts.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
69. 3.The offence of cyber terrorism has been specially
included in the law. A cyber terrorist can be punished
with life imprisonment.
4. Sending threatening emails and sms are
punishable with jail upto 3 years.
5. Publishing sexually explicit acts in the electronic
form is punishable with jail upto 3 years. This would
apply to cases like the Delhi MMS scandal where a
video of a young couple having sex was spread
through cell phones around the country.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
70. 6.Voyeurism is now specifically covered. Acts like hiding
cameras in changing rooms, hotel rooms etc is
punishable with jail upto 3 years. This would apply to
cases like the infamous Pune spycam incident where a
58-year old man was arrested for installing spy cameras
in his house to 'snoop' on his young lady tenants.
7. Cyber crime cases can now be investigated by
Inspector rank police officers. Earlier such offences
could not be investigated by an officer below the rank of
a deputy superintendent of police.
8. Collecting, browsing, downloading etc of child
pornography is punishable with jail upto 5 years for the
first conviction. For a subsequent conviction, the jail term
can extend to 7 years. A fine of upto Rs 10 lakh can also
be levied.
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
71. 9. The punishment for spreading obscene material
by email, websites, sms has been reduced from 5
years jail to 3 years jail. This covers acts like sending
'dirty' jokes and pictures by email or sms.
10. Refusing to hand over passwords to an
authorized official could land a person in prison for
upto 7 years.
11. Hacking into a Government computer or
website, or even trying to do so in punishable with
imprisonment upto 10 years.
12. Rules pertaining to section 52 (Salary,
Allowances and Other Terms and Conditions of
Service of Chairperson and Members),
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com
72. 13. Rules pertaining to section 69 (Procedure and
Safeguards for Interception, Monitoring and
Decryption of Information),
14. Rules pertaining to section 69A (Procedure and
Safeguards for Blocking for Access of Information by
Public),
15. Rules pertaining to section 69B (Procedure and
safeguard for Monitoring and Collecting Traffic Data
or Information) and
16. Notification under section 70B for appointment of
the Indian Computer Emergency Response Team.
17. Rules Rules pertaining to section 54 (Procedure
for Investigation of Misbehaviour or Incapacity of
Chairperson and Members),
Dr. Tabrez Ahmad,
http://technolexindia.blogspot.com