E-Governance

Definition: E-governance, expands to electronic governance, is the integration of Information

and Communication Technology (ICT) in all the processes, with the aim of enhancing
government ability to address the needs of the general public. The basic purpose of e-governance
is to simplify processes for all, i.e. government, citizens, businesses, etc. at National, State and
local levels.
In short, it is the use of electronic means, to promote good governance. It connotes the
implementation of information technology in the government processes and functions so as to
cause simple, moral, accountable and transparent governance. It entails the access and
delivery of government services, dissemination of information, communication in a quick and
efficient manner.

Benefits of E-governance
 Reduced corruption
 High transparency
 Increased convenience
 Growth in GDP
 Direct participation of constituents
 Reduction in overall cost.
 Expanded reach of government

Through e-governance, the government plans to raise the coverage and quality of information
and services provided to the general public, by the use of ICT in an easy, economical and
effective manner. The process is extremely complicated which requires, the proper arrangement
of hardware, software, networking and indeed re-engineering of all the processes to facilitate
better delivery of services.

Concept of information technology in cyber space

Definition - What does Cyberspace mean?

Cyberspace is hence “the speculative environment in which communication over computer

networks occurs.” The term derived from the ancient greek word cybernetics ,was first used in
science fiction and cinema in the 1980s, was adopted by computer professionals and became a
household term in the 1990s. During this period, the uses of the internet, networking, and digital
communication were all growing dramatically and the term “cyberspace” was able to represent
the many new ideas and phenomena that were emerging.

Cyberspace refers to the virtual/practical computer world, and more specifically, is an electronic
medium used to form a global computer network to facilitate online communication.
It is a large computer network made up of many worldwide computer helping in communication
and data exchange activities.

Cyberspace's core feature is an interactive and virtual environment for a broad range of
participants.
With the benefits carried by the technological advancements, the cyberspace today has become a
common pool used by citizens, businesses, critical information infrastructure, military and
Government. The cyberspace is anticipated to become even more complex in the upcoming
years, with the increase in networks and devices connected to it.

CONCEPT OF INFORMTION TECHNOLOGY IN CYBER SPACE

Information Technology Act

The Government of India enacted The Information Technology Act with some major objectives
which are as follows −
 To deliver lawful recognition for transactions through electronic data interchange (EDI)
and electronic commerce or E-Commerce. The aim was to use replacements of paper-
based methods of communication and storage of information.
 To facilitate electronic filing of documents with the Government agencies and further to
amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books
Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected
therewith or incidental thereto.
The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000. The I. T. Act
got the President’s assent on June 9, 2000 and it was made effective from October 17, 2000. By
adopting this Cyber Legislation, India became the 12th nation in the world to adopt a Cyber Law
regime.

Cyber Crime
It has no boundaries, no geographical mass, or gravity. Numerous advancements are done due to
cyber activities but the major question is that whether it should be regulated or not. Cyber Law is
the law that controls cyber space. Cyber space is a very broad term and includes computers,
networks, software, and data storage devices such as hard disks, USB disks, the Internet,
websites, emails and even electronic devices such as cell phones, ATM machines. The increased
dependence of individuals and organizations on cyberspace has resulted in many cybercrimes.

The Information Technology Act 2000 or any legislation in the Country does not describe or
mention the term Cyber Crime. It can be globally considered as the gloomier face of
technology. The only difference between a traditional crime and a cyber-crime is that the cyber-
crime involves in a crime related to computers. Let us see the following example to understand it
better –

Traditional Theft − A thief breaks into Ram’s house and steals an object kept in the house.
Hacking − A Cyber Criminal/Hacker sitting in his own house, through his computer, hacks the
computer of Ram and steals the data saved in Ram’s computer without physically touching the
computer or entering in Ram’s house.
The I.T. Act, 2000 defines the terms −
 access in computer network in section 2(a)
 computer in section 2(i)
 computer network in section (2j)
 data in section 2(0)
 information in section 2(v).
 
To understand the concept of Cyber Crime, you should know these laws. The object of offence
or target in a cyber-crime are either the computer or the data stored in the computer.
Nature of Threat
Among the most serious challenges of the 21st century are the prevailing and possible threats in
the sphere of cybersecurity. Threats originate from all kinds of sources, and mark themselves in
disruptive activities that target individuals, businesses, national infrastructures, and governments
alike. The effects of these threats transmit significant risk for the following –

 public safety
 security of nations
 stability of the globally linked international community

Malicious use of information technology can easily be concealed. It is difficult to determine the
origin or the identity of the criminal. Even the motivation for the disruption is not an easy task to
find out. Criminals of these activities can only be worked out from the target, the effect, or other
circumstantial evidence. Threat actors can operate with considerable freedom from virtually
anywhere. The motives for disruption can be anything such as −
 simply demonstrating technical prowess
 theft of money or information
 extension of state conflict, etc.
Criminals, terrorists, and sometimes the State themselves act as the source of these threats.
Criminals and hackers use different kinds of malicious tools and approaches. With the criminal
activities taking new shapes every day, the possibility for harmful actions propagates.

Cyber security
Cybersecurity denotes the technologies and procedures intended to safeguard computers,
networks, and data from unlawful admittance, weaknesses, and attacks transported through the
Internet by cyber delinquents.
ISO 27001 (ISO27001) is the international Cybersecurity Standard that delivers a model for
creating, applying, functioning, monitoring, reviewing, preserving, and improving an
Information Security Management System.
The Ministry of Communication and Information Technology under the government of India
provides a strategy outline called the National Cybersecurity Policy. The purpose of this
government body is to protect the public and private infrastructure from cyber-attacks.

Cybersecurity Policy
The cybersecurity policy is a developing mission that caters to the entire field of Information and
Communication Technology (ICT) users and providers. It includes –

 Home users
 Small, medium, and large Enterprises
 Government and non-government entities
It serves as an authority framework that defines and guides the activities associated with the
security of cyberspace. It allows all sectors and organizations in designing suitable cybersecurity
policies to meet their requirements. The policy provides an outline to effectively protect
information, information systems and networks.
It gives an understanding into the Government’s approach and strategy for security of cyber
space in the country. It also sketches some pointers to allow collaborative working across the
public and private sectors to safeguard information and information systems. Therefore, the aim
of this policy is to create a cybersecurity framework, which leads to detailed actions and
programs to increase the security carriage of cyberspace.

Mission and Vision Cybersecurity Program

Mission
The following mission caters to cybersecurity −
 To safeguard information and information infrastructure in cyberspace.
 To build capabilities to prevent and respond to cyber threats.
 To reduce vulnerabilities and minimize damage from cyber incidents through a
combination of institutional structures, people, processes, technology, and cooperation.
Jurisdiction in cyberspace is regarded as an international space. The same is the case with
jurisdiction issues. i.e, jurisdiction within the ambit of cyber space can be classified as:
 Subjective Territoriality
 Objective Territoriality
 Nationality
 Protective Principle
 Passive Nationality
 Universality

CYBER SPACE AND ISSUES IN CYBER SPACE JURISDICTION

Cyber Laws
In technology driven society, internet has huge contribution for the growth of humans. Many
investigators explained that cyberspace is a physical space but actually were a computer-
generated construction representing abstract data. It is a virtual medium. It has no boundaries, no
geographical mass, or gravity. Numerous advancements are done due to cyber activities but the
major question is that whether it should be regulated or not. Cyber Law is the law that controls
cyber space. Cyber space is a very broad term and includes computers, networks, software, and
data storage devices such as hard disks, USB disks, the Internet, websites, emails and even
electronic devices such as cell phones, ATM machines. The increased dependence of individuals
and organizations on cyberspace has resulted in many cybercrimes.
Buy These Notes in PDF Format
Cyber crimes are illegal acts where the computer is used either as a tool or a target or both. The
massive growth in electronic commerce (e-commerce) and online share trading has led to an
unusual erupt in incidents of cybercrime. Although, there is system to protect devices from
infected with computer virus to the data and computer networks such as firewalls, antivirus
software, and other technological solutions, but in India efforts must be done towards effective
use of these technologies to protect the valuable data and to combat cyber-crime. Even expert
users of IT tools may not be aware of cyber victimization. Along with the progression in
technology it is similarly important to be aware of cyber-crime and other related issues thereof.
The cyber safety depends on the knowledge of the technology and the care taken while using
internet and that of the defensive measures adopted by user and servers systems. Cyber law
portrays the legal issues associated with the use of communications technology, mainly
"cyberspace", i.e. the Internet. It is a junction of numerous legal fields, including intellectual
property, privacy, freedom of expression, and jurisdiction. It is established that cyber law applies
to regulations designed for the physical world, to human activity on the Internet. Cyber law
basically deals with almost all aspects of transaction and activities concerning Internet, World
Wide Web and Cyberspace in India.
The law for cyberspace is to control the man and the machine. The fundamental goal of cyber
laws is to legalize human behaviour and not technology. Cyber laws are technology intensive
laws, advocating the use but not the mishandling of technology. Cyber law comprises of all the
cases, statutes and legal provisions that affect persons and institutions who control the entry to
cyberspace, provide access to cyberspace, create the hardware and software which enable people
to access cyberspace or use their own devices to go 'online' and enter cyberspace. Law covers the
rules of conduct that have been accepted by the government, and which are in force over a
certain region, and which must be followed by all people on that region. Breach of these rules
could lead to government action such as captivity or fine or an order to pay compensation. Cyber
law encompasses laws relating to Cyber Crimes, Electronic and Digital Signatures, Intellectual
Property, and Data Protection and Privacy.
Requirement of Cyber Law
There are many grounds why it is difficult for conventional law to manage with cyberspace. The
first reason is that Cyberspace is an intangible dimension that is unfeasible to govern and
regulate using conventional law. Secondly, cyberspace has complete disregard for jurisdictional
boundaries. Another reason is that cyberspace handles huge traffic volumes every second.
Billions of emails are crisscrossing the globe even as we read this, millions of websites are being
accessed every minute and billions of dollars are electronically transferred around the world by
banks every day. Cyberspace is absolutely open to sharing by all. Cyberspace offers enormous
potential for secrecy to its members. Readily available encryption software and steganographic
tools that flawlessly hide information within image and sound files ensure the confidentiality of
information exchanged between cyber-citizens. Electronic information has become the main aim
of cyber-crime. It is considered by extreme mobility, which exceeds by far the mobility of
persons, goods or other services. International computer networks can transfer huge amounts of
data around the globe within seconds. A software source code worth crores of rupees or a movie
can be pirated across the globe within hours of their release. Theft of corporeal information such
as books, papers, CD ROMs, floppy disks is easily covered by conventional penal provisions.
Nevertheless, the difficulty begins when electronic records are copied quickly, inconspicuously
and often via telecommunication facilities.
In digital world, most of the areas are affected by cyber law. Approximately all transactions in
shares are in demat form. All companies comprehensively depend upon their computer networks
and keep their valuable data in electronic form. Government forms including income tax returns,
company law forms are filled in electronic form. Consumers are progressively more using credit
cards for shopping. Most people are using email, cell phones and SMS messages for
communication. Even in "non-cyber crime" cases, important evidence is found in computers /
cell. Cyber crime cases such as online banking frauds, online share trading fraud, source code
theft, credit card fraud, tax evasion, virus attacks, cyber sabotage, phishing attacks, email
hijacking, denial of service, hacking, pornography are very common. Digital signatures and e-
contracts have reinstated usual methods of transacting business.
To control cyber-crime, Electronic signatures are used to validate electronic records. Digital
signatures are one type of electronic signature. Digital signatures satisfy three major legal
requirements – signer authentication, message authentication and message integrity. The
technology and efficiency of digital signatures makes them more trustworthy than hand written
signatures. Intellectual property refers to the creations of the human mind e.g. a story, a song, a
painting, a design etc. The facets of intellectual property that relate to cyber space are covered by
cyber law. These include copyright law in relation to computer software, computer source code,
websites, cell phone content, software and source code licences, trademark law with relation to
domain names, meta tags, mirroring, framing, linking, semiconductor law which relates to the
guard of semiconductor integrated circuits design and layouts, patent law in relation to computer
hardware and software. Data protection and privacy laws intend to accomplish a fair balance
between the privacy rights of the individual and the interests of data controllers such as banks,
hospitals, and email service providers. These laws try to address the challenges to privacy caused
by collecting, storing and transmitting data using new technologies.
Cyber law is new stream for study of law and is increasing at rapid rate. It is vital that user must
be aware of basic building blocks of cyber laws, namely Netizens, Cyberspace, and
Technology.
Netizens: Cyber law has initiated notion of netizens. A Netizen is an occupant of the worldwide
world. He is the one, who inhabits the Net and uses it as an extension of his day-to-day physical
world. He reproduces his physical world actions, such as socializing, buying, and selling through
online medium. He goes beyond geographical space and time by a click. He identifies no man-
made or geographical boundaries. Netizen could be nameless, nameless and faceless person, if he
wants to and yet can indulge in various internet activities.
Cyberspace: Cyber laws are made for cyberspace. Cyberspace incorporates the activities, which
have occurred in the physical space just prior to entry into cyberspace. Cyberspace is the
significant aspect of cyber law which serves as a link between the physical space and the
cyberspace, in order to control interface between man and machine. The presence of cyber laws
are an expansion of physical laws in cyberspace. These are 'analogy-seeking' laws.
Technology: Cyber laws are devised according to technology used. They turn around technology
and its applications. Cyber laws set up norms of acknowledged human behaviour in cyberspace.
Currently, there are two-technology school of laws which include technology Specific School
and Technology Neutral School. Technology Specific School states that the law should identify
only one given set of technology or technology standard. That is, law treats other standards as
unlawful, non-binding and thus not allowable. This School offers a single technology platform
for the whole community but it disrupts the process of technological innovations and helps in
creating monopolistic business. In Indian condition, people follow a technology specific rule.
Under the law (The Information Technology Act, 2000), digital signatures using prescribed
asymmetric cryptosystem standard is considered legally valid. Use of any other standards would
be digital signature unacceptable. When this Act is introduced, the technology procedure was
quite low, but with time technology maturity has increased in India and the new Information
Technology (Amendment) Bill, 2006 advocate migration towards the technology neutral rule.
The following Act, Rules and Regulations are included under cyber laws:
1. Information Technology Act, 2000
2. Information Technology (Certifying Authorities) Rules, 2000
 3. Information Technology (Security Procedure) Rules, 2004
4. Information Technology (Certifying Authority) Regulations, 2001
Major objectives of the Information Technology Act, 2000 are to provide legal recognition for
transactions carried out by means of electronic communication, which is termed as "electronic
commerce" and involve the use of alternatives to paper-based methods of communication and
storage of information, to facilitate electronic filing of documents with the Government agencies.
The aims of the Act make it facilitating Act, an enabling Act, and a regulating Act. The
Information Technology Act, 2000 is a facilitating Act because it allows both e-commerce and e-
governance. The Information Technology Act, 2000 also considered as enabling Act which
allows legal system of electronic records and digital signatures.
Though Internet does not have any geographical limits of a country, one of the United Nations
agencies 'United Nations Commission on International Trade Law' (UNCITRAL) recommended
a certain level of consistency of laws in all member nations. For this, the Model Law on
Electronic Commerce was adopted by the United Nations Commission on International Trade
Law (UNCITRAL) to control cyber-crime around the world.
Scope of Cyber Laws
Cyber laws have broad scope in current complex situation and eruption of cyber-crime. These
laws cover other areas of law having a technology component. Laws related to ecommerce,
online contracts, copyright, trademark, business software patenting, e-taxation, e-governance and
cyber-crimes fall within the meaning and scope of cyber laws.
To, summarize, cyber laws offers the vital mechanism to impeach any person, who is
realistically suspected of having committed or of committing or of being about to carry out any
offence using any computer, computer system or computer network. Cyber law is an important
field of law which represents all the legal issues linked with the internet, and governs all the
aspects of the internet and cyberspace, along with dealing in legal cases regarding software
patents, net banking and others. Cyber legal representatives perform regular investigations on the
major cyber-crimes that are widespread across the internet. With the growing increase in cyber-
crimes against individuals, organizations and the government via the internet today, there is a
need for strict cyber laws in the global society. Cyber laws which battles cyber-crimes have a
dominant effect on any other laws for the time being in force. In India, it was observed that there
is drastic increase in the number of cyber-crimes therefore the field of cyber law in India is
gaining huge recognition.
Advantages and Disadvantages of Information Technology
Business
Advantages
 Increases Production and Saves Time
Businesses today more than ever use technology to automate tasks. A good example is
a bakery which uses electronic temperature sensors to detect a drop or increase in
room or oven temperature in a bakery. These sensors send information directly to the
operator, reporting any temperature change. This temperature system saves the bakery
time, and it also results in consistent higher quality products.
 Improves Communication
With the help of communication technology tools like phones, video conferencing,
electronic mail or instant messenger just to mention a few, movement of information
within an organization or business has become instantaneous. Employees can easily
move data across departments without having any interruptions. Tools like electronic
mail, e-fax, mobile phones and text messaging enhance the movement of information
data among employees, customers, and business partners or suppliers, this allows for
greater interconnectivity throughout internal and external structures.
 Improves Data Storage, File Management, and Data Reporting/ Analysis
Businesses use cloud hosting services to store and backup business data. Also, it
saves on paperwork and makes transfer and access to data possible remotely. With
services like Dropbox.com, business owners can access their data anytime anywhere.
Additionally, databases today allow for greater correlation of information, analysis of this
data relationship can encourage better and more informed decision making, resulting in
potential growth.
Improves Financial Management
. It allows for faster processing and calculation of financial information and the recording
or storing of financial data that may need to be referenced in the future.
 Improves Business to Consumer Relationship
Businesses have embraced the social technology to interact with their consumers and
fans, creating a strong business to consumer relationship, and it results in business
growth via customer loyalty and expansion. Information technology can be used to
improve customer service in so many ways. For example, businesses can use their
website or email to inform their customers about great deals and discounts. Making the
customer aware of these offers can drive their desire to buy. Good customer service
can be used as an excellent tool for any small business to gain the competitive
advantage.
 Improves Business Competitive Advantage
Companies have used technology to gain the competitive advantage over their
competitors. Business who innovate and adopt technology to remain efficient and
improve processes, typically have high customer loyalty rates. As they can consistently
meet and exceed expectations of their customers.

Disadvantages
 Implementation Expenses
Small businesses sometimes struggle to afford and maintain expensive core
technology, so they end up losing their clients to a company which has the capital and
resources necessary to compete in the industry.
 Job Elimination
Technology has replaced many positions humans used to occupy. Software is now
doing complete accounting, so trained accountants have fewer opportunities, robots can
cut the lawn or clean the pools, no need for a handyman.
 Security Breaches
Since businesses store their data on remote cloud servers which can be
accessed online with a username and password, they risk potentially losing that data to
hackers or viruses.

Advantages and Disadvantages of information Technology in Purchasing

Advantages
 Credit Cards and Smartcards Make Payment Safer
Buying and selling of goods and services have become simple because of these smart
cards. A user can go to a merchant’s website and make an order using their smart card
or credit card. The money is transferred from the consumers account to the merchant’s
account in seconds, and then the merchant delivers the item to the consumer’s address.
This transaction saves time for both parties and is often safer, as companies like Paypal
allow for buy protection and refunds.
 Electronic Bill Presentation and Payment
(EBPP) Systems send us bills over the internet giving us an easy convenient way to
pay. No more paper bills in the mail. Save the Trees!

Disadvantages
 Internet Security Issues
For the merchant to process an order online, a consumer has to provide their financial
details. Experienced hackers can use this loophole to channel this information and use
it for their own needs. Use PayPal!
 Faulty Products and Duplication
In some cases, auction websites have products that are not original. So a user can bid
on a shoe thinking it is original, upon delivery, they discover that the shoe is fake and it
does not meet your expectation.
 Privacy
E-commerce websites collect personal data using cookies to know more about us and
suggest products based on that information. Initially, data was collected without any
notice, now most websites declare they intend to collect your information.

Advantages and Disadvantages of Information Technology in Society

Advantages
 Improved Innovation
Modern Technology has been prominent in job role creation and the emerging of
technology-based companies. With access to a computer and internet, anyone can start
a business while at home. Most successful technology-based ventures like Apple,
Amazon or Facebook, to mention but a few, started from home but now they employ
thousands of people.
 Improved Entertainment
Technology has changed the entertainment industry; now we have many options to
choose from. You can have a playlist of 10,000 songs on your iPod or you can watch
movies on the go with an iPad; the list is endless.
 Improved Social Discovery
Finding both old and new friends have become very simple. With social networks like
Facebook and Twitter, you can easily keep up with all your old friends and also make
new ones.
 Globalization of Knowledge
Today you can use the internet to get the latest news from any country around the
globe. Services like ‘’Twitter’’ have enabled people to become a journalist, so they
report news on the instant by tweeting. Services like Wikipedia.org is well equipped with
data on about anything, though not 100% always accurate
 Improved Communication
Like businesses, society has also benefited from communication technology. We can
Skype, Whatsapp or video call our loved ones instantly.

Disadvantages
 Cyber-Sickness
With the increased addiction to social networks and internet games, people are
spending more time on computers and reject their normal offline life, resulting in
increased isolation and social imbalance.

Advantages and Disadvantages of Information Technology in Education

Advantages
 Online Education Has Made Educational Material and Data Accessible
Anywhere
The use of internet technology has opened institutional boundaries. Students from
developing countries now have a chance to study their desired courses at a standard
similar in some cases to first world education institutions. This type of education
increases their likelihood of employment international.
 Technology Has Created New Methods of Education
Use of educational video games and puzzles has increased students interest in
learning. Basing on research, students enjoy learning with technology, many schools
have started providing free internet on the school campus, this helps students do
research and learn on their own.

Disadvantages
 Over-dependence on Information Technology
Students no longer take time to solve equations and research topics, all they do is
a query in google or on a calculator, poof the answer. Without these devices, they would
not know how to achieve the same results in a library or on paper.
 Poor Quality Publications Online
Many online publishers post content for monetary purposes, so you may find that most
the content published online is not accurate or well detailed to help students and
researchers.

Advantages and Disadvantages of Information Technology in Banking

Advantages
 Online Banking/ Convenient Payments
Many banks have integrated advanced information technology systems to improve their
customer service. Today, it is effortless to withdraw money or make a purchase using a
Credit card or smartphone with a simple tap; this saves customers from wasting time
lining up in banks or from carrying a lot of cash.
 Fast Credit
The technology used in banks helps in the gathering of financial details and credit
scores about each customer, the information gathered can be used when a customer
applies for credit in that bank.

Disadvantages
  Money Laundering
Cases of online money laundering are on the rise, and this has exposed many online
users to the predators.
 Security
Banking security has improved significantly, however, so has hacking expertise. If your
information is connected to the internet, there is always the possibility it may get
hacked.
INFORMAITON TECHNOLOGY
Information Technology
The term IT consist of two words information and technology. Information is
essential in our daily life for making decisions, communication, knowledge and
productivity. Information means a collection of facts gathered by various means or
communication to draw a conclusion. It is the representation of knowledge such as
facts, data or opinions in any form i.e. textual, numerical, graphic audio/video form.
However, for information to be useful it must be accurate timely, complete,
precise and relevant. However, technology is the study of science. It is the specific
information and knowledge required for the practical purposes like development in
various fields. Therefore, the term IT refers to scientific, technological and engineering
disciplines as well as management technologies used in information handling,
communication, processing, their applications and associated software, equipment and
their interaction.
Hence, IT comprises hardware, software, people and data. According to another
jurist, ICT is defined as technology required for information processing. It involves the
use of computer and computer software to convert, store, process, transit, and retrieve
information. In Information Technology we primarily concentrate on the following
technologies:
(i) Computer Hardware Technologies: These technologies microcomputer, midsize
servers and large mainframe systems, and the input, output and storage device that
support them.
(ii) Compute, Software Technologies: These technologies includes operating system
software, web browsers, software productivity suits and software for business
applications.
(iii)Telecommunication and network technologies: These technologies include
telecommunications media, processors and software needed to provide wife-based and
wireless access and support for internet and other networks.
(iv) Data Resource Management Technologies: These technologies include
database management system software for the development, access and maintenance
ofthe databases of an organization.
Difference between Information Technology and Computer Science
Though these terms i.e. Information Technology and Computer Science are
almost used interchangeably but technically these are different. Computer science deals
with the design and use of computers for solving different types of problems whereas
information technology deals with the practical application of computer science in
business industry. For example: Study and develop a data structure is a part of
computer science whereas to use that data structure in some application is a part of
information technology.
004.Cyber Space
The term "cyberspace" was first used by the cyberpunk science fiction author
William Gibson, which he later described as an "evocative and essentially meaningless"
buzzword that could serve as a cipher for all of his cybernetic musings. Now it is used to
describe anything associated with computers, information technology, the Internet and
the diverse Internet culture.
Cyberspace is the electronic medium of computer networks, in which online
communication takes place and where individuals can interact, exchange ideas, share
information, provide social support, conduct business, direct actions, create artistic
media, play games, engage in political discussion, and so on. It is readily identified with
the interconnected information technology required to achieve the wide range of system
capabilities associated with the transport of communication and control products and
services.
However, the term cyber space is rooted in the science of cybernetics from the
Greek word (kybernetes, steersman, governor, pilot, or rudder) and Norbert Wiener's
pioneering work in electronic communication and computer science, a forerunner to
current information theory and computer science. Cyberspace is the "place" where a
telephone conversation appears to occur. In cyberspace, the computational medium is
an augmentation of the communication channel between real people.
Therefore, cyber Space is a virtual space where internet works.
Salient features of cyber space
(1) Just like the real world comprises the entire earth, Cyberspace consists of the
entire virtual world i.e.. The world where people are connected through computer and
internet and where computer programmes work and data is processed.
(2) The ICTs, computers and Internet Technology are expanding the boundaries
ofcyberspaces day by day .
(3) According to an estimate, Cyber space is doubling every 100 days, .
(4) Unlike the problems in the real world, it is very easy to roam around in the
cyberspace on "information superhighways".
(5) The speed is tremendous, the reach is unlimited. Moreover it is easy to enter
and exit.
(6) Very less resources are needed to enter cyberspace.
(7) It is easy to disguise one's identity in cyberspace.
(8) Cyberspace and real world impact each other.
DUTIES OF CERTIFYING AUTHORIEITS
 =========
Legal Provisions
The confluence of two legal paradigms, i.e., the law of evidence and that of information
technology has made the legal domain at par with the contemporary challenges of the cyber
space.
1. Firstly, the traditional law defining the term “Evidence” has been amended to include
electronic evidence in Section 3, The Evidence Act, 1872. The other parallel legal
recognition appeared in Section 4, The Information Technology (Amendment) Act, 2008,
with the provision for acceptance of matter in electronic form to be treated as “written” if
the need arises. These show a prima facie acceptability of digital evidence in any trial.
2. Further, Section 79A of the IT (Amendment) Act, 2008 has gone aboard to define
electronic evidence as any information of probative value that is either stored, or
transmitted in electronic form and includes computer evidence, digital audio, digital
video, cell phones and digital fax machines.
3. With regards to admissibility of electronic records, Section 65-B of the Evidence Act,
1872 enunciates various conditions for the same.
4. Since digital evidence ought to be collected and preserved in certain form, the
admissibility of storage devices imbibing the media content from the crime scene is also
an important factor to consider. Reading Section 3 and Section 65-B, The Evidence Act,
1872 cumulatively, it can be inferred that certain computer outputs of the original
electronic record, are now made admissible as evidence “without proof or production of
the original record. Thus, the matter on computer printouts and floppy disks and CDs
become admissible as evidence.”[2]
5. The other most crucial question in cybercrime investigation regarding the reliability of
digital evidence has also been clarified by Section 79A of the IT (Amendment) Act,
2008, which empowers the Central government to appoint any department or agency of
Central or State government as Examiner of Electronic Evidence. This agency will play a
crucial role in providing expert opinion on electronic form of evidence
6. Electronic Evidence : Admissibility of Electronic Evidence
7. Generally, we all know that whenever a case is investigated it may civil or Criminal
Case we collect some kinds of Documents. such as an agreement to sell, Birth Certificate
etc.these are the part of the common traditional Documentary Evidence. There are two
kinds of documentary evidence namely Primary Evidence and Secondary
Evidence. With the passage of time and advancement of technology, everything is
changing. Nowadays we all use a mobile phone, Laptop, Computer, ATM card,
Electronic fund Transfer Machines etc all these are parts of electronic equipment.

8. What is Electronic Evidence/ Digital Evidence

9.

According to Section 3 of the Indian Evidence Act 1872, digital signature”,

“Digital Signature Certificate”, “electronic form”, “electronic records”, “information”,
“secure electronic record”, “secure digital signature” and “subscriber” shall have the
meanings respectively assigned to them in the Information Technology Act, 2000.

Electronic evidence or digital evidence in any probative information stored or

transmitted in digital form that a party to a court case may use at trial. Before accepting
digital evidence court will determine if the evidence is relevant whether it is authentic if
it is hearsay and whether a copy is acceptable or the original required. (Wikipedia)

Definition of Electronic Evidence is given in the IT Act Section 2(1)(t) it

defines."electronic record" means data, record or data generated, image or sound stored,
received
or sent in an electronic form or micro film or computer generated micro fiche.

Record or Data Generated - SMS, Email, Any other documents.

Image - Photo or Video.

Sound - Tape Record version, Music, Conversation etc.

10. Whether Electronic Evidence is a Primary Evidence or Secondary Evidence?
11.

As we know the best evidence is 'Primary Evidence' because it is doubt free. There are
two views regarding this question first view is that electronic record stored in the
computer or server is primary the Second view is that its print out is only primary
evidence.

12. Admissibility of Digital Evidence

13.
Conditions -

There are Three Conditions -

1) Document in question is an Electronic Evidence as defined under Section 2(1)(t) of the

Information Technology Act 2000.

2) Produced by Computer - as defined under IT Act 2000.

3) Accompanied by a certificate, fulfilling the conditions laid down Section 65(b)

Admissibility of Electronic Evidence [Section 65(B)] -

(1) Notwithstanding anything contained in Indian Evidence Act, any information

contained in an electronic record which is printed on a paper, stored, recorded or copied
in optical or magnetic media produced by a computer (hereinafter referred to as the
computer output) shall be deemed to be also a document, if the conditions mentioned in
this section are satisfied in relation to the information and computer in question and shall
be admissible in any proceedings, without further proof or production of the original, as
evidence of any contents of the original or of any fact stated therein of which direct
evidence would be admissible.

(2) The conditions referred to in sub-section (1) in respect of a computer output shall be
the following, namely —

(a) the computer output containing the information was produced by the computer
during the period over which the computer was used regularly to store or process
information for the purposes of any activities regularly carried on over that period by the
person having lawful control over the use of the computer;

(b) during the said period, information of the kind contained in the electronic
record or of the kind from which the information so contained is derived was regularly
fed into the computer in the ordinary course of the said activities;

(c) throughout the material part of the said period, the computer was operating
properly or, if not, then in respect of any period in which it was not operating properly or
was out of operation during that part of the period, was not such as to affect the electronic
record or the accuracy of its contents; and

(d) the information contained in the electronic record reproduces or is derived from
such information fed into the computer in the ordinary course of the said activities.

(3) Where over any period, the function of storing or processing information for the
purposes of any activities regularly carried on over that period as mentioned in clause (a)
of sub-section (2) was regularly performed by computers, whether— (a) by a
combination of computers operating over that period; or (b) by different computers
operating in succession over that period; or (c) by different combinations of computers
operating in succession over that period; or (d) in any other manner involving the
successive operation over that period, in whatever order, of one or more computers and
one or more combinations of computers, all the computers used for that purpose during
that period shall be treated for the purposes of this section as constituting a single
computer; and references in this section to a computer shall be construed accordingly.

(4) In any proceedings where it is desired to give a statement in evidence by virtue of this
section, a certificate doing any of the following things, that is to say,—

(a) identifying the electronic record containing the statement and describing the
manner in which it was produced;

(b) giving such particulars of any device involved in the production of that
electronic record as may be appropriate for the purpose of showing that the electronic
record was produced by a computer;

(c) dealing with any of the matters to which the conditions mentioned in sub-section
(2) relate, and purporting to be signed by a person occupying a responsible official
position in relation to the operation of the relevant device or the management of the
relevant activities (whichever is appropriate) shall be evidence of any matter stated in the
certificate; and for the purposes of this sub-section it shall be sufficient for a matter to be
stated to the best of the knowledge and belief of the person stating it.

(5) For the purposes of this section —

(a) infomation shall be taken to be supplied to a computer if it is supplied thereto

in any appropriate form and whether it is so supplied directly or (with or without human
intervention) by means of any appropriate equipment;

(b) whether in the course of activities carried on by any official information is

supplied with a view to its being stored or processed for the purposes of those activities
 by a computer operated otherwise than in the course of those activities, that information,
if duly supplied to that computer, shall be taken to be supplied to it in the course of those
activities;

(c) a computer output shall be taken to have been produced by a computer whether
it was produced by it directly or (with or without human intervention) by means of any
appropriate equipment.

Certifying Authorities
A Certifying Authority is a trusted body whose central responsibility is to issue, revoke, renew
and provide directories of Digital Certificates. Certifying Authority means a person who has
been granted a license to issue an Electronic Signature Certificate under section 24.

Provisions with regard to Certifying Authorities are covered under Chapter VI i.e. Sec.17 to
Sec.34 of the IT Act, 2000. It contains detailed provisions relating to the appointment and
powers of the Controller and Certifying Authorities. Controller of Certifying Authorities (CCA)

The IT Act provides for the Controller of Certifying Authorities (CCA) to license and regulate
the working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature
certificates for electronic authentication of users.

The CCA certifies the public keys of CAs using its own private key, which enables users in the
cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose it
operates, the Root Certifying Authority of India (RCAI). The CCA also maintains the National
Repository of Digital Certificates (NRDC), which contains all the certificates issued by all the
CAs in the country.

The functions of the Controller are –

(a) to exercise supervision over the activities of the Certifying Authorities;

(b) certify public keys of the Certifying Authorities;

(c) lay down the standards to be maintained by the Certifying Authorities;

(d) specify the qualifications and experience which employees of the Certifying Authorities
should possess;

(e) specify the conditions subject to which the Certifying Authorities shall conduct their
business;

(f) specify the content of written, printed or visual material and advertisements that may be
distributed or used in respect of a Electronic Signature Certificate and the Public Key;

(g) specify the form and content of a Electronic Signature Certificate and the key;
(h) specify the form and manner in which accounts shall be maintained by the Certifying
Authorities;

(i) specify the terms and conditions subject to which auditors may be appointed and the
remuneration to be paid to them;

(j) facilitate the establishment of any electronic system by a Certifying Authority either solely or
jointly with other Certifying Authorities and regulation of such systems;

(k) specify the manner in which the Certifying Authorities shall conduct their dealings with the
subscribers;

(l) resolve any conflict of interests between the Certifying Authorities and the subscribers;

(m) lay down the duties of the Certifying Authorities;

(n) maintain a data-base containing the disclosure record of every Certifying Authority
containing such particulars as may be specified by regulations, which shall be accessible to the
public. Controller has the power to grant recognition to foreign certifying authorities with the
previous approval of the Central Government, which will be subject to such conditions and
restrictions imposed by regulations.

Certifying Authorities
A Certifying Authority is a trusted body whose central responsibility is to issue, revoke, renew
and provide directories of Digital Certificates. Certifying Authority means a person who has
been granted a license to issue an Electronic Signature Certificate under section 24.

Provisions with regard to Certifying Authorities are covered under Chapter VI i.e. Sec.17 to
Sec.34 of the IT Act, 2000. It contains detailed provisions relating to the appointment and
powers of the Controller and Certifying Authorities. Controller of Certifying Authorities (CCA)

The IT Act provides for the Controller of Certifying Authorities (CCA) to license and regulate
the working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature
certificates for electronic authentication of users.

The CCA certifies the public keys of CAs using its own private key, which enables users in the
cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose it
operates, the Root Certifying Authority of India (RCAI). The CCA also maintains the National
Repository of Digital Certificates (NRDC), which contains all the certificates issued by all the
CAs in the country.

The functions of the Controller are –

(a) to exercise supervision over the activities of the Certifying Authorities;

(b) certify public keys of the Certifying Authorities;

(c) lay down the standards to be maintained by the Certifying Authorities;

(d) specify the qualifications and experience which employees of the Certifying Authorities
should possess;

(e) specify the conditions subject to which the Certifying Authorities shall conduct their
business;

(f) specify the content of written, printed or visual material and advertisements that may be
distributed or used in respect of a Electronic Signature Certificate and the Public Key;

(g) specify the form and content of a Electronic Signature Certificate and the key;

(h) specify the form and manner in which accounts shall be maintained by the Certifying
Authorities;

(i) specify the terms and conditions subject to which auditors may be appointed and the
remuneration to be paid to them;

(j) facilitate the establishment of any electronic system by a Certifying Authority either solely or
jointly with other Certifying Authorities and regulation of such systems;

(k) specify the manner in which the Certifying Authorities shall conduct their dealings with the
subscribers;

(l) resolve any conflict of interests between the Certifying Authorities and the subscribers;

(m) lay down the duties of the Certifying Authorities;

(n) maintain a data-base containing the disclosure record of every Certifying Authority
containing such particulars as may be specified by regulations, which shall be accessible to the
public. Controller has the power to grant recognition to foreign certifying authorities with the
previous approval of the Central Government, which will be subject to such conditions and
restrictions imposed by regulations.

Appointment of the Controller and other officers

 The Central Government may appoint a Controller of Certifying Authorities after
notifying the Official Gazette. They may also appoint Deputy Controllers and Assistant
Controllers as it deems fit.
  The Controller discharges his responsibilities subject to the general control and also
directions of the Central Government
 The Deputy Controllers and Assistant Controllers shall perform the functions assigned to
them by the Controller under the general superintendence and also control of the
Controller.
 The qualifications, experience and terms and conditions of service of Controller, Deputy
Controllers, and Assistant Controllers shall be such as may be prescribed by the Central
Government.
 The Head Office and Branch Office of the office of the Controller shall be at such places
as the Central Government may specify, and these may be established at such places as
the Central Government may think fit.
 There shall be a seal of the Office of the Controller.
2. Functions of Controller (Section 18)
A Controller performs some or all of the following functions:
 Supervise the activities of the Certifying Authorities and also certify their public keys
 Lay down the standards that the Certifying Authorities follow
 Specify the following:
a. qualifications and also experience requirements of the employees of all Certifying
Authorities
b. conditions that the Certifying Authorities must follow for conducting business
c. the content of the printed, written, and also visual materials and advertisements in
respect of the digital signature and the public key
d. the form and content of a digital signature certificate and the key
e. the form and manner in which the Certifying Authorities maintain accounts
f. terms and conditions for the appointment of auditors and their remuneration
 Facilitate the Certifying Authority to establish an electronic system, either solely or
jointly with other Certifying Authorities and its regulation
 Specify the manner in which the Certifying Authorities deal with the subscribers
 Resolve any conflict of interests between the Certifying Authorities and the subscribers
 Lay down the duties of the Certifying Authorities
 Maintain a database containing the disclosure record of every Certifying Authority with
all the details as per regulations. Further, this database is accessible to the public.
3. Recognition of Foreign Certifying Authority (Section 19)
 A Controller has the right to recognize any foreign certifying authority as a certifying
authority for the purpose of the IT Act, 2000. While this is subject to the conditions and
restrictions which the regulations specify, the Controller can recognize it with the
previous approval of the Central Government and notify in the Official Gazette.
 If a controller recognizes a Certifying Authority under sub-section (i), then its digital
signature certificate is also valid for the purpose of the Act.
 If the controller feels that any certifying authority has contravened any conditions or
restrictions of recognition under sub-section (i), then he can revoke the recognition.
However, he needs to record the reason in writing and notify in the Official Gazette.
4. Controller to act as a repository (Section 20)
 The Controller will act as a repository of all digital signature certificates under this Act.
 The Controller will –
a. Make use of secure hardware, software, and also procedures.
 b. Observe the standards that the Central Government prescribes to ensure the
secrecy and also the security of the digital signatures.
 The Controller will maintain a computerized database of all public keys. Further, he must
ensure that the public keys and the database are available to any member of the public.
5. License to issue Digital Signature Certificates (Section 21)
(1) Subject to the provisions of sub-section (2), any person can apply to the Controller for a
license to issue digital signature certificates.
(2) A Controller can issue a license under sub-section (1) only if the applicant fulfills all the
requirements. The Central Government specifies requirements with respect to qualification,
expertise, manpower, financial resources, and also infrastructure facilities for the issuance of
digital signature certificates.
(3) A license granted under this section is –
(a) Valid for the period that the Central Government specifies
(b) Not transferable or inheritable
(c) Subject to the terms and conditions that the regulations specify
6. Power to investigate contraventions (Section 28)
1. The Controller or any other Officer that he authorizes will investigate any contravention
of the provisions, rules or regulations of the Act.
2. The Controller or any other Officer that he authorizes will also exercise the powers
conferred on Income-tax authorities under Chapter XIII of the Income Tax Act, 1961.
Also, the exercise of powers will be limited according to the Act.
Digital signature and Electronic signature
Digital Signatures provide a viable solution for creating legally enforceable electronic records,
closing the gap in going fully paperless by completely eliminating the need to print documents
for signing. Digital signatures enable
the replacement of slow and expensive paper-based approval processes with fast, low-cost, and
fully digital ones. The purpose of a digital signature is the same as that of a handwritten
signature. Instead of using pen and paper, a digital signature uses digital keys (public-key
cryptography). Like the pen and paper method, a digital signature attaches the identity of the
signer to the document and records a binding commitment to the document. However, unlike a
handwritten signature, it is considered impossible to forge a digital signature the way a written
signature might be. In addition, the digital signature assures that any changes made to the data
that has been signed cannot go undetected

Digital signatures are easily transportable, cannot be imitated by someone else and can be
automatically time-stamped. A digital signature can be used with any kind of message, whether it
is encrypted or plaintext. Thus Digital Signatures provide the following three features:-

 Authentication - Digital signatures are used to authenticate the source of messages. The
ownership of a digital signature key is bound to a specific user and thus a valid signature
shows that the message was sent by that user.

 Integrity - In many scenarios, the sender and receiver of a message need assurance that the
message has not been altered during transmission. Digital Signatures provide this feature by
using cryptographic message digest functions.
 Non Repudiation – Digital signatures ensure that the sender who has signed the information
cannot at a later time deny having signed it. A handwritten signature scanned and digitally
attached with a document does not qualify as a Digital Signature. An ink signature can be
easily replicated from one document to another by copying the image manually or
electronically.

Digital Signatures cryptographically bind an electronic identity to an electronic document and

the digital signature cannot be copied to another document.

Digital signatures are a means to ensure validity of electronic transactions however who
guarantees about the authenticity that such signatures are indeed valid or not false. In order
that the keys be secure the parties must have a high degree of confidence in the public and
private keys issued. Digital Signature is not like our handwritten signature. It is a jumble of
letters and digits. It looks something like this.
Electronic Signature
Electronic signature has also been dealt with under Section 3A of the IT Act, 2000. A
subscriber can authenticate any electronic record by such electronic signature or electronic
authentication technique which is considered reliable and may be specified in the Second
Schedule.

Any electronic signature or electronic authentication technique will be considered reliable if-

(a) the signature creation data or the authentication data are, within the context in which they are
used, linked to the signatory or , as the case may be, the authenticator and of no other person.

(b) the signature creation data or the authentication data were, at the time of signing, under the
control of the signatory or, as the case may be, the authenticator and of no other person.

(c) any alteration to the electronic signature made after affixing such signature is detectable.

(d) any alteration to the information made after its authentication by electronic signature is
detectable.

(e) it fulfills such other conditions which may be prescribed. An electronic signature will be
deemed to be a secure electronic signature if-

(i) the signature creation data, at the time of affixing signature, was under the exclusive control
of signatory and no other person. and

(ii) the signature creation data was stored and affixed in such exclusive manner as may be
prescribed. (Sec.15)

An Amendment to the IT Act in 2008 introduced the term electronic signatures. The implication
of this Amendment is that it has helped to broaden the scope of the IT Act to include new
techniques as and when technology becomes available for signing electronic records apart from
Digital Signatures.
E-Governance
E-governance or Electronic Governance is dealt with under Sections 4 to 10A of the IT Act,
2000. It provides for legal recognition of electronic records and Electronic signature and also
provides for legal recognition of contracts formed through electronic means.

Filing of any form, application or other documents, creation, retention or preservation of records,
issue or grant of any license or permit or receipt or payment in Government offices and its
agencies may be done through the means of electronic form.

The Government may authorise any any service provider to set up, maintain and upgrade the
computerized facilities and perform such other services as it may specify, by notification in the
Official Gazette for efficient delivery of services to the public through electronic means. Service
provider so authorized includes any individual, private agency, private company, partnership
firm, sole proprietor form or any such other body or agency which has been granted permission
by the appropriate Government to offer services through electronic means in accordance with the
policy governing such service sector.

Where any law provides that documents, records or information should be retained for any
specific period, then such documents, records or information retained in the electronic form will
also be covered, if the information contained which it was originally generated, sent or received
or in a format which can be demonstrated to represent accurately the information originally
generated, sent or received and the details which will facilitate the identification of the origin,
destination, date and time of dispatch or receipt of such electronic record are available in the
electronic record.

Where any law provides for audit of documents, records or information, then that provision will
also be applicable for audit of documents, records or information processed and maintained in
electronic form. Where any law provides that any rule, regulation, order, bye-law, notification or
any other matter should be published in the Official Gazette, then, such requirement shall be
deemed to have been satisfied if such rule, regulation, order, bye-law, notification or any other
matter is published in the Official Gazette or Electronic Gazette.

However, the above mentioned provisions do not give a right to anybody to compel any Ministry
or Department of the Government to use electronic means to accept, issue, create, retain and
preserve any document or execute any monetary transaction.

The following are some of the eGovernance applications already using the

Digital Signatures:-

• MCA21 – a Mission Mode project under NeGP (National e-governance plan) which is one of
the first few e-Governance projects under NeGP to successfully implement Digital Signatures in
their project

• Income Tax e-filing

• Indian Railway Catering and Tourism Corporation (IRCTC)

• Director General of Foreign Trade (DGFT)

• RBI Applications (SFMS : structured Financial Messaging System)

• National e-Governance Services Delivery Gateway (NSDG)

• eProcurement

• eOffice

• eDistrict applications of UP, Assam etc

Chapter VIII – Duties of Subscribers with respect to acceptance of Digital Signature

Certificate.xviChapter IX –Punishments.xviiChapter X – The procedure, powers and the
compositions of the Tribunals for Cyber.xviiiChapter XI- Offences.xixChapter XII – Service
Provides for Network and their liability.xxChapter XIII –– Here the powers of the police officers
are laid down with respect to enter any premises, appoint a controller along with his deputy.
Powers, protection, offences by companies, Constitution of Advisory Committee, controller’s
powers

Power of police officer and other officers to enter, search, etc.–

(1) Not with standing anything contained in the Code of Criminal

Procedure, 1973 (2 of 1974), any police officer, not below the
rank of a 1[Inspector], or any other officer of the Central
Government or a State Government authorised by the Central
Government in this behalf may enter any public place and
search and arrest without warrant any person found therein
who is reasonably suspected of having committed or of
committing or of being about to commit any offence under this
Act..–
(2) For the purposes ―public place‖includes any public
conveyance, any hotel, any shop or any other place intended
for use by, or accessible to the public.
(3) Where any person is arrested by an officer other than a police
officer, such officer shall, without unnecessary delay, take or
send the person arrested before a magistrate having
jurisdiction in the case or before the officer-in-charge of a
police station
 (3) The provisions of the Code of Criminal Procedure, 1973 (2 of
1974) shall, subject to the provisions of this section, apply, so far
as may be, in relation to any entry, search or arrest, made under
this section.====
9(a) the signature creation data or the authentication data are, within the context in which they
are used, linked to the signatory or, as the case may be, the authenticator and to no other
person;(b) the signature creation data or the authentication data were, at the time of signing,
under the control of the signatory or, as the case may be, the authenticator andof no other
person;(c) any alteration to the electronic signature made after affixing such signature is
detectable;(d) any alteration to the information made after its authentication by electronic
signature is detectable; and(e) it fulfils such other conditions which may be prescribed.(3) The
Central Government may prescribe the procedure for the purpose of ascertaining whether
electronic signature is that of the person by whom it is purported to have been affixed or
authenticated.(4) The Central Government may, by notification in the Official Gazette, add to or
omit any electronic signature or electronic authentication technique and the procedure for
affixing such signature from the Second Schedule:Provided that no electronic signature or
authentication technique shall be specified in the Second Schedule unless such signature or
technique is reliable.(5) Every notification issued under sub-section (4) shall be laid before each
House of Parliament.]CHAPTER IIIELECTRONIC GOVERNANCE4. Legal recognition of electronic
records.—Where any law provides that information or any other matter shall be in writing or in
the typewritten or printed form, then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied ifsuch information or matter is–(a) rendered
or made available in an electronic form; and(b) accessible so as to be usable for a subsequent
reference.5. Legal recognition of 1[electronic signatures].—Where any law provides that
information or any other matter shall be authenticated by affixing the signature or any document
shall be signed or bear the signature of any person, then, notwithstanding anything contained in
such law, such requirement shall be deemed to have been satisfied, if such information or
matter is authenticated by means of 1[electronicsignature]affixed in such manner as may be
prescribed by the Central Governmen=================

Digital Signature Certificates

35. Certifying Authority to issue Digital Signature Certificate.

 Any person may make an application to the Certifying Authority for the issue of a Digital
Signature Certificate in such form as may be prescribed by the Central Government
 Every such application shall be accompanied by such fee not exceeding twenty-five thousand
rupees as may be prescribed by the Central Government, to be paid to the Certifying Authority:
Provided that while prescribing fees under sub-section (2) different fees may be prescribed for
different classes of applicants'.
 Every such application shall be accompanied by a certification practice statement or where
there is no such statement, a statement containing such particulars, as may be specified by
regulations.
 On receipt of an application under sub-section (1), the Certifying Authority may, after
consideration of the certification practice statement or the other statement under sub-section
(3) and after making such enquiries as it may deem fit, grant the Digital Signature Certificate or
for reasons to be recorded in writing, reject the application:
Provided that no Digital Signature Certificate shall be granted unless the Certifying Authority is
satisfied that -

 the applicant holds the private key corresponding to the public key to be listed in the Digital
Signature Certificate.
 the applicant holds a private key, which is capable of creating a digital signature.
 the public key to be listed in the certificate can be used to verify a digital signature affixed by the
private key held by the applicant:
Provided further that no application shall be rejected unless the applicant has been given a
reasonable opportunity of showing cause against the proposed rejection.

36. Representations upon issuance of Digital Signature Certificate.

A Certifying Authority while issuing a Digital Signature Certificate shall certify that--

 it has complied with the provisions of this Act and the rules and regulations made thereunder.
 it has published the Digital Signature Certificate or otherwise made it available to such person
relying on it and the subscriber has accepted it.
 the subscriber holds the private key corresponding to the public key, listed in the Digital
Signature Certificate.
 the subscriber's public key and private key constitute a functioning key pair.
 the information contained in the Digital Signature Certificate is accurate, and
 it has no knowledge of any material fact, which if it had been included in the Digital Signature
Certificate would adversely affect the reliability of the representations made in clauses (a) to (d).

37. Suspension of Digital Signature Certificate.

 Subject to the provisions of sub-section (2), the Certifying Authority which has issued a Digital
Signature Certificate may suspend such Digital Signature Certificate -
o on receipt of a request to that effect from -
 the subscriber listed in toe Digital Signature Certificate, or
 any person duly authorised to act on behalf of that subscriber
o if it is of opinion that the Digital Signature Certificate should be suspended in public
interest
 A Digital Signature Certificate shall not be suspended for a period exceeding fifteen days unless
the subscriber has been given an opportunity of being heard in the matter.
 On suspension of a Digital Signature Certificate under this section, the Certifying Authority shall
communicate the same to the subscriber.
 Comparison Chart

Basis for
Digital Signature Electronic Signature
comparison
Digital signature can be visualised as an Electronic signature could be any
Basic
electronic "fingerprint", that is symbol, image, process attached to
 Basis for
Digital Signature Electronic Signature
comparison
encrypted and identifies the person's the message or document signifies
identity who actually the signer's identity and
signed it. act an consent on it.
Authentication Verifies signers identity through
Certificate-based digital ID
mechanism email, phone PIN, etc.
Used for Securing a document. Verifying a document.
Performed by trusted certificate
Validation No specific validation process.
authorities or trust service providers.
Security Highly secure Vulnerable to tampering

The table below shows a quick, at-a-glance view of some of the key differences between digital
signatures and electronic signatures:

Digital Signature Electronic Signature

Digital signatures are like a lock on a document. If
the document changes after the signature is Electronic signatures are open to tampering.
applied, it will show up as an invalidated signature.

Digital signatures are very secure. Hashes cannot be Electronic signature’s are not based on standards
easily undone and encryption using a digital and tend to use proprietary methods so are
certificate is highly secure. intrinsically less secure.

A digital signature is hard to deny. This is also

known as non-repudiation. A digital signature is
associated with an individual’s private key of a Electronic signatures are much harder to verify.
digital certificate. This identifies them as being the
signatory, as it is unique.

Digital signatures are nearly always time stamped. Electronic signatures can have a time and date
This is very useful in a court of law to tie a person to associated with the signature but it is held
a signature at a specific day and time. separate to the signature itself so is open to abuse.

Digital signatures can hold logs of events, showing

when each signature was applied. In advanced
Audit logs are not easily applied to electronic
digital signature products like ApproveMe, this
signatures.
audit trail can even send out alerts if the log is
tampered with.
 Digital Signature
The digital certificates representing the individual
signatories give details of the person signing the
document, such as full name, email address and
company name – they are tied to the document
signature through the certificate.
Electronic Signature
If details of the person placing an electronic
signature on a device or document are required,
they have to be placed separately to the signature
and are not held with the signature itself,
therefore are more open to abuse.

Definition of Digital Signature

The Digital Signature is a type of electronic signature and follows the particular standards. It
imparts independent verification and tamper evidence. The verification of digital signatures is
done by the trusted third party commonly referred to a Certificate Authority.

Certificate authorities bind the user’s identity to a PKI-based digital certificate which allows
the user to apply digital signatures to the document and the cloud-based signing platforms. When
a digital signature is employed to a document, a cryptographic operation attaches digital
certificate with the data into one unique fingerprint.

The message is signed by the private key of the sender which is only known to him/her; this
ensures authentication of the message source. The message and its signature cannot be changed
thenceforth signing a message. Sender and receiver do not have to worry about transit alteration
without the private key, the message and its signature could never be altered. The sender of the
message cannot refuse having signed a signature if it is valid. Digital signature distinctively
correlates with the corresponding message and renders integrity.

Digital signatures need not separate from a message or document for using it in another
document. These types of signatures depend on the document as well as on the signer.

Digital signature scheme steps:

 Key generation: The public key and its correlated private key of the user is computed in this
step.
 Signing: The corresponding message is signed by the user with his/her private key.
 Verification: In this step, the signature for a provided message against the public key is verified.

Definition of Electronic Signature

Electronic Signatures use a technology that binds the signature to the signer’s identity and the
time it was signed. An electronic signature could be a process attached, electronic symbol or
sound to a message, contract or document which can be used to get consent or approval on
electronic documents or forms. Electronic signatures are a substitute for handwritten signatures
in practically each personal or business process.
It uses general electronic authentication technique to justify signer identity, such as email,
corporate ID etc. When security needed to be enhanced multifactor authentication can also be
used. The efficient e-signature solutions indicate proof of signing by utilizing a secure process of
audit trail along with the final document. It does not use encryption and is not secure enough to
find the tampering like digital signature.

Key Differences Between Digital Signature and Electronic Signature

1. Digital signatures are consistently time-stamped while in electronic signature date and time can
be associated with it but placed separately.
2. Digital Signatures comply the standards and enhance security by using cryptographic encryption
methods. As against, electronic signatures does not depend on standards and tend to be less
secure comparatively.
3. Authentication mechanism used in the electronic signature is not defined and uses signer’s
email, phone PIN, etc. In contrast, digital signature involves certificate-based digital ID
authentication method.
4. Digital signature ensures the security of the digital document whereas electronic signature is
used for verifying the digital document.
5. In the digital signature, the signature validation is performed by the trusted certificate
authorities while it is not the case in electronic signature.
6. Electronic signatures are prone to tampering. On the contrary, digital signatures are highly
secured and offer tamper evidence.

Conclusion

The terms digital signature and electronic signature are occasionally used interchangeably, but
there exists a large difference between them. Although, their purposes would overlap, i.e.,
authenticating a digital document. Digital signatures is widely used and more secure than
electronic signatures.

e-Governance

Electronic governance or e-governance is the application of information and communication

technology (ICT) for delivering government services, exchange of information communication
transactions, integration of various stand-alone systems and services between government-to-
customer (G2C), government-to-business (G2B), government-to-government (G2G) as well
as back office processes and interactions within the entire government framework.

Objectives of E-Governance

The object of E-Governance is to provide a SMARRT Government. The Acronym SMART

refers to Simple, Moral, Accountable, Responsive, Responsible and Transparent Government.

S – The use of ICT brings simplicity in governance through electronic documentation, online
submission, online service delivery, etc.
M – It brings Morality to governance as immoralities like bribing, red-tapism, etc. are
eliminated.

A – It makes the Government accountable as all the data and information of Government is
available online for consideration of every citizen, the NGOs and the media.

R – Due to reduced paperwork and increased communication speeds and decreased

communication time, the Government agencies become responsive.

R – Technology can help convert an irresponsible Government Responsible. Increased access to

information makes more informed citizens. And these empowered citizens make a responsible
Government.

T – With increased morality, online availability of information and reduced red-tapism the
process of governance becomes transparent leaving no room for the Government to conceal any
information from the citizens.

These objects of E-Governance are achievable with the use of ICT and therefore the concept is
very alluring and desirable

Advantages of E-Governance

The e-governance is becoming a celebrated concept and the sole reasons are the advantage which
it brings with it in the country it is applied. The advantages if ICT are many and “the use of
information and communications technologies (ICT) to improve the efficiency, effectiveness,
transparency and accountability of government” .

1. Reduces the cost

This is a significant achievement which an e-governance scheme procures, as we know that most
of the Government expenditure is appropriated towards the cost of stationary and paper works.
This Paper-based communication proves to be a costlier one and this sucks in a lot of
governments or public money as it calls for constant heavy expenditure. The solution to this
problem is this electronic way of working, Internet and Phones makes communication cheaper
saving valuable money for the Government.

2. Speedy working
E-governance works on the basis of Technology and it is a known fact that technology makes
communication speedier thus this is what makes the working speedier and the working becomes
faster. Internet, Phones, Cell Phones have reduced the time taken in normal communication.

3. Increase Transparency
The main concern of any nation in the present era is the increasing and continuing corruption in
the system. This can also be solved through the use of ICT which makes governing profess
transparent. All the information of the Government would be made available on the internet and
right to information of citizens would be taken care of and respected. This revolutionizes the way
governments function, ensuring much more transparency in the functioning, thereby eliminating
corruption. The citizens can see the information whenever they want to see and ICT helps the
citizen in this aspect and leaves no way in which the information could be concealed from the
citizens and therefore it helps in reducing corruption and in a way it makes the governance more
transparent.

4. It brings Accountability
When the governing process is made transparent the Government automatically becomes
accountable and accountability is a very basic requirement of good governance. Accountability
includes answerability of the Government to the people about its working and this is right of the
people to know exactly about the functioning of the government. E-governance therefore makes
a noteworthy contribution in the society by providing a better government which is accountable
to its citizens and this fulfills the basic requirement of the demand of the population which elects
its government.

Challenges In The E-Governance

E-governance is a constructive idea that can be of an immense positive output but it is not so
easy to attain in a country like India which is practically a developing nation. E-governance itself
is a very technical scheme and it has challenges which make the implementation easier said than
done.

The most significant characteristic of any successful e-government application is its quality
(Signore, et al 2005) and accessibility. The issue (Cost, Time) of integration of legacy systems
comes onto the scene. As the information collected by governments may be politically sensitive,
installation of appropriate security mechanisms may be an important technical consideration. At
the same time, many other policy issues need to be resolved, such as authentication and
confidentiality.

1. Digital Divide

The digital divide refers to the separation that exists between individuals, communities, and
businesses that have access to information technology and those that do not have such access.
Social, economic, infrastructural and ethno-linguistic indicators provide explanations for the
presence of the digital divide. Economic poverty is closely related to limited information
technology resources. An individual living below poverty line does not afford a computer for
him to harness the benefits of e-government and other online services. As the digital divide
narrows, broader adoption of e-government in the public domain becomes possible. E-
governance is totally based on modern technology and it will be a failure if this part is not taken
into consideration. Technology has to be in the reach of the people for whom the policies are
made and who have to use them.

2. Lack of communication

India is a country which has decentralized government and in such a case the power is
decentralized and does not only rest in the hands of centre but divided in different spheres and
departments, so the lack of communication between these departments is one of the biggest
challenge that India has to face while opting for E-governance. So the information that exists in
one department has no or very little use with respect to some other department of the
government.

3. Population

This comes out to be probably biggest challenge for the e-governance. E-governance requires
huge amount of work for making the databases of the citizens of the country and doing it
efficiently for such a population is in itself a very big task. Security issues and privacy issues are
also to be dealt with proper care and so it becomes a little hindrance.

4. Different Languages

In a country like India which is highly diverse, language comes as a barrier in the path of
communication and this is a very important expect of success of the any scheme. Ensuring E-
Governance in local language is a big task to achieve. Supplying information to the public in a
language that they understand and are comfortable with, and generally, it is the local language.
As, technology is available by which transliteration from English into other languages can be
made. Therefore, the problem is manageable provided there is enough motivation to do this
onerous task.

Worms are programs that replicate themselves and destroy data and files on the computer they
invade. Worms work to "eat" your system’s operating and data files until the drive is empty.

A Warhol worm is a computer worm that rapidly replicates, infecting a wide swath of computers
in as little as 15 minutes. Some researchers assert that a true Warhol worm could infect all
computers on the internet within a 15-minute time frame, hence the phrase Andy Warhol once
famously said, "Everyone will be famous for 15 minutes.“

The Sapphire worm – also called Slammer or SQL Slammer – was the first that approached these
limits, raising interest in how much damage a malicious, rapidly spreading worm might be able
to cause.

Although the Sapphire didn’t carry any malicious payload, it still was destructive. Its appearance
suggests that Warhol worms are not just a theoretical threat, but an actual one.

Computer worms are a significant security concern because they self-replicate, are self-contained
and propagate through a computer's existing data transport mechanisms without any human
interaction.

A computer worm coupled with a Trojan virus – hybrid malware – is a worm with a Trojan
payload that's capable of using multiple means of transport to make multiple types of attacks and
hide itself for future attacks.
A computer worm is a self-contained program (or set of programs) that is able to spread
functional copies of itself or its segments to other computer systems (usually via network
connections). Unlike viruses, worms do not need to attach themselves to a host program.

There are two types of worms - host computer worms and network worms.

Host computer worms are entirely contained in the computer they run on and use network
connections only to copy themselves to other computers. Host computer worms where he
original terminates itself after launching a copy on another host (so there is only one copy of the
worm running somewhere on the network at a given moment) are also called "rabbits".

Network worms consist of multiple parts (called "segments"), each running on different
machines (and possibly performing different actions) and using the network for several
communication purposes. Propagating a segment from one machine to another is only one of
those purposes. Network worms that have one main segment, which coordinates the work of the
other segments are sometimes called "octopuses."

History of Worms

Despite, debatably, being the most famous, the Internet worm of 1988 was, assuredly, not the
first or the last to have affected any network. The term "worm" was used for the first time by
science fiction author John Brunner in his book called "The Shockwave Rider". In his book
Brunner described a totalitarian form of Government, which would keep a control over their
citizens by the use of a powerful computer network. A freedom fighter, in the story, introduced
into this computer network system a contaminant, which was called a "tapeworm". This
tapeworm infested the system and forced the government to shut down the network and their
main base of power was lost.

Surprisingly, the first worms in history were actually designed to good rather than harm to
networks. The first ever programme that could be called a worm, as per definition, was
developed for the assistance of air traffic controllers by Bob Thomas in 1971. This worm"
programme would notify air traffic controllers when the controls of a plane moved from one
computer to another. In fact, this worm named "creeper" would travel from one computer screen
to the other on the network showing the message, "I'm reeper! Catch me if you can!" The
difference from most worms was that this creeper did not reproduce itself. Even later, although
the idea of developing worms slowly faded away, a few people did try to experiment with these.
These included John Shock and Jon Hepps of Xerox's Palo Alto Research Center, who in the
early 1980s began working on worm programmes. This was also the first time that this type of
programme was called a worm.

Both of them developed a total of 5 worms, each specially designed to perform a particular
function. They were programmed to do certain tasks around the network. The simplest of these
worms was a "town crier" worm. Its job was only to post announcements on all the computers of
the network. Then there were the more complicated worms, like the one, which would remain
completely dormant during the day and would activate only in the night. Once all the employees
had left for the day, this worm would harness the extra computing power of the idle computers to
do tasks which required more computing power. In the morning, before the arrival of the
employees it would save all the work done during the night and become dormant till the next
evening.

Although these programmes were apparently helpful around the network, their developers were
given a rude glimpse of their inherent destructive possibilities when one morning the employees
returned to find that all the computers had crashed. When they tried to restart the computers, they
crashed again. It was found that one of the worms had malfunctioned and had created havoc in
the network. A "vaccine" had to be created so as to deactivate the worm before the computers on
the network could become functional again.

World Famous Worms

The Internet Worm - 1988

On November the 22nd, 1988, Robert Morris, a Cornell University science graduate accidentally
released his worm on a very large network in the area. This network was named Arpanet, which
later went on to become the Internet. The worm managed to infect approximately three thousand
computers during eight hours of activity. The Internet worm as it came to be known, disabled all
those machines by making copies of itself and thus clogging them. Apart from clogging all the
security loopholes, many machines had to be completely taken off the network till all copies of
the worm could be totally removed. Although the entire process took the scientists almost two to
three days, no data was lost on any of the infected computers and no permanent damage was
done to any of the computers.

The SPAN network worm - 1989

On the 16th of October 1989, a worm named WANK infected many VAX and VMS computers
on the SPAN network. This worm, if it found that it had system privileges, would then change
the system announcement message to "Worms against Nuclear Killers!" The message was then
graphically displayed as the first letters of each word and the last three letters of the last word.

The Christmas tree Worm - 1987

The Christmas tree worm, which was a combination of a Trojan Horse (a programme which does
something more than what is entered in its specifications) and a chain letter. This was a
mainframe worm and managed to paralyze the IBM network on Christmas day 1987. The worm
was written in a language called Exec. It asked the user to type the word "Christmas" on the
screen. Then it drew a Christmas tree and sent itself to all the names of people stored in the user
files "Names" and "Netlog" and in this way propagating itself.
Email-Worms spread via email. The worm sends a copy of itself as an attachment to an email message or
a link to its file on a network resource (e.g. a URL to an infected file on a compromised website or a
hacker-owned website).

IM-Worm
Malware capable of self-replicating in instant messaging systems, such as Facebook Messenger,
Skype, or WhatsApp.

For this purpose, worms send messages to the victim’s contacts with a URL link to a file
containing the body of the worm. This is almost the exact same distribution method used by
Email-Worms.


 IRC-Worm

This type of worm spreads via Internet Relay Chat.

Like email worms, IRC Worms have two ways of spreading via IRC channels. The first involves
sending an URL which leads to a copy of the worm. The second technique is to send an infected
file to an IRC channel user. However, the recipient of the infected file has to accept the file, save
it to disk, and open (launch) it.

Net-Worm
 Kaspersky Lab Encyclopedia
 Knowledge Base
 Net-Worm

Net-Worms propagate via computer networks. The distinguishing feature of this type of worm is
that it does not require user action in order to spread.

This type of worm usually searches for critical vulnerabilities in software running on networked
computers. In order to infect the computers on the network, the worm sends a specially crafted
network packet (called an exploit) and as a result the worm code penetrates the victim computer
and activates. Sometimes the network packet only contains the part of the worm code which will
download and run a file containing the main worm module. Some network worms use several
exploits simultaneously to spread, thus increasing the speed at which they find victims.

P2P-Worm
  Kaspersky Lab Encyclopedia
 Knowledge Base
 P2P-Worm

P2P Worms spread via peer-to-peer file sharing networks (such as Kazaa, Grokster, EDonkey,
FastTrack, Gnutella, etc.).

Most of these worms work in a relative simple way: in order to get onto a P2P network, all the
worm has to do is copy itself to the file sharing directory, which is usually on a local machine.
The P2P network does the rest: when a file search is conducted, it informs remote users of the
file and provides services making it possible to download the file from the infected computer.

There are also more complex P2P-Worms that imitate the network protocol of a specific file
sharing system and responds positively to search queries; a copy of the P2P-Worm is offered as a
match.

Software piracy is the stealing of legally protected software. Under copyright law, software piracy occurs
when copyright protected software is copied, distributed, modified or sold. Software piracy is
considered direct copyright infringement when it denies copyright holders due compensation for use of
their creative works.

Software piracy is the illegal copying, distribution, or use of software. It is such a profitable "business"
that it has caught the attention of organized crime groups in a number of countries.

There Are Five Main Types of Software Piracy

Counterfeiting
This type of piracy is the illegal duplication, distribution and/or sale of copyrighted material with
the intent of imitating the copyrighted product. In the case of packaged software, it is common to
find counterfeit copies of the compact discs incorporating the software programs, as well as
related packaging, manuals, license agreements, labels, registration cards and security features.

Internet Piracy
This occurs when software is downloaded from the Internet. The same purchasing rules apply to
online software purchases as for those bought in compact disc format. Common Internet piracy
techniques are:

 Websites that make software available for free download or in exchange for others
 Internet auction sites that offer counterfeit or out-of-channel software
  Peer-to-peer networks that enable unauthorized transfer of copyrighted programs

End User Piracy

This occurs when an individual reproduces copies of software without authorization. These
include:

 Using one licensed copy to install a program on multiple computers

 Copying discs for installation or distribution
 Taking advantage of upgrade offers without having a legal copy of the version to be
upgraded
 Acquiring academic or other restricted or non-retail software without a proper license
 Swapping discs in or outside the workplace

Client-Server Overuse
This type of piracy occurs when too many users on a network are using a central copy of a
program at the same time. If you have a local-area network and install programs on the server for
several people to use, you have to be sure your license entitles you to do so. If you have more
users than allowed by the license, that's "overuse."

Hard-Disk Loading
This occurs when a business sells new computers with illegal copies of software loaded onto the
hard disks to make the purchase of the machines more attractive.

Types of cyberterror capability

The following three levels of cyberterror capability are defined by Monterey group

 Simple-Unstructured: The capability to conduct basic hacks against individual systems

using tools created by someone else. The organization possesses little target analysis,
command, and control, or learning capability.

 Advanced-Structured: The capability to conduct more sophisticated attacks against
multiple systems or networks and possibly, to modify or create basic hacking tools. The
organization possesses an elementary target analysis, command and control, and learning
capability.

 Complex-Coordinated: The capability for a coordinated attack capable of causing mass-
disruption against integrated, heterogeneous defenses (including cryptography). Ability to
create sophisticated hacking tools. Highly capable target analysis, command, and control,
and organization learning capability.[27]

Identity theft
Updated: 06/16/2017 by Computer Hope
Identity theft is the act of a person obtaining information illegally about someone else. Thiefs
try to find such information as full name, maiden name, address, date of birth, social security
number, passwords, phone number, e-mail, and credit card numbers. The thief can then use this
information to gain access to bank accounts, e-mail, cell phones, identify themselves as you, or
sells your information.

Tips on preventing identity theft

1. When entering any personal information on the Internet, make sure the connection is
encrypted. A connection encrypted with HTTPS is usually indicated with a small lock icon in the
address bar.
2. When purchasing something over the Internet, unless you plan on buying something from that
same company again, do not store your credit card or personal information on that site.
3. Make sure to have an active and up-to-date spyware protection program and antivirus
protection program.
4. Be aware of fake e-mails and phishing e-mails that claim to be a company, such as your bank,
requesting any personal information or login information.
5. Make sure your computer is secure.
6. If you're a victim of a stolen computer, read through the steps on what to do if a computer or
laptop was stolen or lost.
7. When entering answers to the secret question or forgot password question, don't enter
something that can be found online. For example, a common security question is, "What is your
 pet's name?" because a stranger might not know the answer. However, if on your Facebook wall
you're constantly talking about your dog Fluffy, an attacker could use this information to guess
the answer and break into your account.

There are many different examples of identity theft, such as:

 Tax-related identity theft, where a thief files a false tax return with the Internal Revenue
Service (IRS) using a stolen Social Security number.

 Medical identity theft, where a thief steals information, including health insurance
member numbers, to receive medical services. The victim's health insurance provider
may get the fraudulent bills, which will be reflected in the victim's account as services
they received.
 Child identity theft, where a child's Social Security number is misused to apply for
government benefits, open bank accounts and other services. Children's information is
often sought after by criminals, as the damage may go unnoticed for a long time.
 Senior identity theft, where a senior is the target of an identity thief. Seniors are often in
contact with medical professionals and insurance providers, and may be used to giving
out their personal information. They may also not be as aware of the scamming methods
thieves use to steal their information.

Identity theft recovery

Depending on the type of information stolen, the victim should contact the appropriate
organization -- the bank, credit card company, health insurance provider or the IRS -- and inform
them of the situation. The victim should request to have their account frozen or closed to prevent
further charges, claims or actions taken by imposters. The identity theft victim should file a
complaint with the Federal Trade Commission and inform one of the three major credit bureaus -
- Equifax, Experian and TransUnion -- in order to have a fraud alert or account freeze placed on
their credit records.

If someone's personal information was compromised in a data breach, they should follow up with
the company responsible to see what types of assistance and protections it may have in place for
victims and their data.

Preventing identity theft

To prevent identity theft, experts recommend that individuals regularly check credit reports with
major credit bureaus, pay attention to billing cycles and follow up with creditors if bills do not
arrive on time.

Data is distinct pieces of information, usually formatted in a special way. All software is divided
into two general categories: data and programs. Programs are collections of instructions for
manipulating data.
Data can exist in a variety of forms — as numbers or text on pieces of paper, as bits and bytes
stored in electronic memory, or as facts stored in a person's mind. Since the mid-1900s, people
have used the word data to mean computer information that is transmitted or stored.

Strictly speaking, data is the plural of datum, a single piece of information. In practice, however,
people use data as both the singular and plural form of the word, and as a mass noun (like
"sand").

Computer data is information processed or stored by a computer. This information may be in the
form of text documents, images, audio clips, software programs, or other types of data.
Computer data may be processed by the computer's CPU and is stored in files and folders on the
computer's hard disk.

At its most rudimentary level, computer data is a bunch of ones and zeros, known as binary data.
Because all computer data is in binary format, it can be created, processed, saved, and stored
digitally. This allows data to be transferred from one computer to another using a network
connection or various media devices. It also does not deteriorate over time or lose quality after
being used multiple times.

electronic-record
Information captured through electronic means, and which may or may not have a paper record
to back it up. Also called machine readable record

Digital evidence or electronic evidence is any probative information stored or transmitted in

digital form that a party to a court case may use at trial.[1] Before accepting digital evidence a
court will determine if the evidence is relevant, whether it is authentic, if it is hearsay and
whether a copy is acceptable or the original is required.[1]

The use of digital evidence has increased in the past few decades as courts have allowed the use
of e-mails, digital photographs, ATM transaction logs, word processing documents, instant
message histories, files saved from accounting programs, spreadsheets, internet browser
histories, databases, the contents of computer memory, computer backups, computer printouts,
Global Positioning System tracks, logs from a hotel’s electronic door locks, and digital video or
audio files.[2]

Shrink-wrap agreements are usually the licensed agreement applicable in case of software products
buying. In case of shrink-wrap agreements, with opening of the packaging of the software product, the
terms and conditions to access such software product are enforced upon the person who buys it. Shrink-
wrap agreements are simply those which are accepted by user at the time of installation of software
from a CD-ROM, for example, Nokia pc-suite. Sometimes additional terms can be observed only after
loading the product on the computer and then if the buyer does not agree to those additional terms,
then he has an option of returning the software product. As soon as the purchaser tears the packaging
or the cover for accessing the software product, shrink-wrap agreement gives protection by
indemnifying the manufacturer of the product for any copyright or intellectual property rights violation.
Though, in India, there is no stable judicial decision or precedent on the validity of shrink-wrap
agreements.

Types of Online Contract

Online contracts can be of three types as underneath:

1. Shrink-wrap agreements

Shrink wrap contracts are usually a licensing agreement for software purchases. In the case of
shrink-wrap agreements, the terms and conditions for access to such software products shall be
enforced by the person buying it, with the initiation of the packaging of the software product.
Tightening-up agreements are simply the agreements that are accepted by users, for instance,
Nokia pc-suite, at time of installing the software on a CD-ROM. Sometimes, after loading the
product onto your computer, additional conditions may only be observed and then, if the buyer
disagrees, he has an opportunity to return the software product. The shrink-wrap Agreement
provides protection by exonerating the product manufacturer of any violation of copyright or
intellectual property rights as soon as the purchaser tears the product or the coverage for
accessing the product. However, the validity of shrink-wrap agreements does not exist in India
with a stable judgment or precedent.

2. Click or web-wrap agreements

Click-wrap contracts are web-based contracts that require the user’s consent or consent through
the “I Accept,” or “OK” button. The user must accept the terms of use of the particular software
with the clickwrap agreements. Users who disagree with the terms and conditions cannot use or
purchase the product after cancellation or refusal. Someone almost regularly observes web-wrap
agreements. The terms of use shall be set down before acceptance by the users. For instance,
online shopping agreement, etc.
3. Browse-wrap agreements

A browsing wrap agreement can be called an agreement which is to be binding on two or more
parties through the use of the website. In case of an agreement on browsing, an ordinary user of a
given Website is to accept the terms and conditions of use and other website policies for
continuous use. We usually witness such kinds of online contracts in our daily lives. Although
this online agreement is becoming common in all of our businesses, there is no precise judicial
precedent regarding its validity and enforceability. Other countries, such as courts in the USA,
have dealt with those online agreements and held that both Shrink-wrap Agreements and Click-
Wrap Agreements are enforceable as far as the general principles of the contract are not violated.

Other types of online agreements include contracts for employment, contractors, contracts for
consultants, sales and resale agreements, distributors, non-disclosure agreements, software
developer and licensing agreements and contracts for source-code escrow.

Formation of Online Contracts or Electronic

Contracts
Like an ordinary contract, e-contracts consisting of an offer and acceptance are enforceable. The
conduct of the parties, such as exchanging e-mails or acceptance of a condition or terms or by
downloading can also imply a contract. A variety of procedures are available for forming
electronic/online contracts:

Email: The parties may create a valid contract by exchanging e-mail communications. Offers or
acceptances can be completely exchanged via e-mail, or combined with paper documents, faxes,
and oral debates.

Website Forms: In many cases, an e-commerce website offers for sale goods or services that are
ordered by customers, by filling in and submitting an on-screen order form. The seller will enter
into a contract once the order has been accepted. The products and services can be delivered off-
line physically. A contract would also be valid for the terms of use of a website once the user
accepts the contract by clicking “I Agree.”

EULA: The End User License Agreements also form valid contracts in which end users click “I
Accept” or “I Accept the Terms.”

In summary, an e-contract is very different from a traditional contract: it is paperless and it is

sometimes not possible for the parties to meet face to face. Here we try to analyze and examine
various aspects of a conventional online contract.

Offer and Acceptance

The concept of offer and acceptance is the fundamental concept of effective communication in
contract formation. In relation to this question, e-commerce poses a major problem. The offer
and acceptance should be identified as they determine the exact time and place of the agreement,
and thus which jurisdiction applies.

Often in e-commerce transactions between parties, they never meet. The issue is immediate and
the traditional form of contract is challenged, as it makes it difficult to ensure that the parties act
legally and that the transaction itself is legal and has taken the necessary steps to respect the
Contract. With regard to bilateral contracts, an offer is a clear declaration of the terms and
conditions in which a person (the offeror) pledges to be bound; the other party (the offeree)
accepts the offer. It’s difficult to determine, on the internet, whether a website is a deal or an
invitation to treat.

The words used in an online offer can frequently be considered misleading, and different legal
systems can deal with these issues differently. An acceptation is an unqualified final agreement
to the terms and conditions of the offer. Generally, it must be communicated to the offeror and
the parties are free to vary by agreement. E-mail is a common method of acceptance in an e-
commerce environment. Acceptance of an offer becomes effective at the moment the indication
of assent by the offeree reaches the offeror. E-mail is a common acceptance method in the field
of e-commerce, but it is problematic. The ‘Postal Acceptance Rule’ states that if a Party agreed
to enter into a deal by post the contract shall be deemed to have been concluded when the
Offeror sends the letter of acceptance, whether the Offeree receives it or not. This rule does not
apply to e-commerce.

Jurisdiction and Place of Execution of a

Contract
Jurisdiction is a territory or sphere of activity within which a court or other institution’s legal
authority is extended. In the broader sense, it refers to the country or country whose legislation
applies during the period of interpretation of any contractual terms or in the event of a dispute.
The pace of execution of the contract normally determines this. A traditional contract shall be
concluded when contracting parties meet and execute the contract, usually at a predetermined
place and time, by placing the signatures on the document. This is not the case in e-contracts in
which the parties meet online and can be located at different places. Consequently, a strict
determination of the jurisdiction is lacking in the “place of execution”. The parties may however
voluntarily submit themselves to a particular jurisdiction which might be the location for the
business of one of the contracting parties, or a completely different jurisdiction agreed by all of
the contracting parties.

Signature Requirement
In general, signature means signing a document with one’s own name. The principal function of
signing a document is to confirm the identity of the contracting parties and to give consents to
the contractual terms and to refuse repudiation, i.e. when a person appends his signature, he
cannot subsequently refuse that he was not a contracting party. A signature is not essential in
accordance with the Indian Contract Act, which states that a valid contract may also be an oral
agreement between parties. For it to be valid, therefore, a contract must not be signed physically.
However, certain statutes have specified requirements for signature, for example, a transfer
certificate on an immovable property cannot be valid if the signature and/or thumb impression
has not been attested to by the seller to the same. In another case, the Indian Copyright Act of
1957 calls for the customer to sign. The IT Act is thus a physical signature for electronic
signature. Competent authorities have to sign electronically in accordance with the IT Act, but
electronic signatures have not been notified by the central government.

Requirement as per The Indian Stamp Act

The Indian Stamp Act and different State legislation mandate that documents in which rights are
established or transferred must be stamped. A document not properly stamped shall not be
permitted as proof in a court of law, or even a competent authority unless it was imposed (a fine
of 10 times the amount of the required stamping duty).However, documents cannot be stamped
for an online contract until this date.

Standard Form Contracts

A majority of online contracts belong to the type ‘Click-Wrap,’ a standard contract form in
which all conditions are stated on the software webpage or installation page and all parties are
required to use a click on the button appropriate for the terms and conditions. In standard form
contracts, there is no scope for negotiation. In some cases, the courts (except India) found certain
specific contractual terms to be unconscionable and abolished. With regard to India’s position,
Article 15(3) of the Indian Contract Act states that where a party holds a domination position and
enters into a contract with another party, and the transaction appears unreasonable on its face or
on evidence supplied, it must burden a person in the dominant position to demonstrate that that
contract has not been concluded under pressure.

Enforceability
However, the enforceability of internet contracts is questionable, if written agreements that were
signed and agreed are considered binding. While the internet is only emerging, the Internet
contracts are usually well governed by the principles laid down in writing.

Often, the user of the commercial website is requested to read and agree to the terms and
conditions of activities before purchasing or receiving the service provided by the site. The
agreements entered into in this way are referred to as the clickwrap agreements, as the user
normally specifies his agreement to the terms and conditions by clicking the button or the
hyperlink marked “I agree”.
Clickwrap agreements are usually implementable and browsewrap agreements are very difficult
to implement subject to traditional contractual principles. There are somewhere between
shrinkwrap agreements, although recent cases support their enforceability.

Specific Exclusions
In particular, the IT Act 2000 excludes from electronic transactions the following documents:

 Negotiable Instruments
 Power of Attorney
 Trust Deed
 Will
 Sale Deed or Conveyance deed with respect to the immovable property of any documents
relating to any interest in an immovable property.

Conclusion
The IT laws of India have gone a long way since the IT Act was introduced in 2000. However,
many aspects of an Online Contract, in particular, the requirements of signature and stamping,
remain uncertain and confused. The current trend of demonetizing and digitalization seems a
necessity, and we sincerely hope that the government would take appropriate action in that
regard, to eradicate all uncertainties in relation to the validity of e-contracts.

Electronic contracts are the contracts which take place through e-commerce, without meeting of
the parties to the contract. These contracts are generally very similar to the paper based
commercial contracts in which the commercial transactions conducted and concluded
electronically. With the advancement of technology and the globalization, it has accelerated the
presence of e-commerce companies throughout the world.

Kinds of E-Contracts

1.Browse Wrap Agreements

This agreement is considered as a browse wrap agreement which is intended to be

binding upon the contracting party by the use of the website. These include the user
policies and terms of service of websites such as Flipkart or E-bay and are in the form of
a “terms of use”, a “user agreement” or “terms of service”, which can be used as the links
at the corner or bottom of website.

2. Shrink Wrap Contracts

 These contracts are the license agreement by which the terms and conditions of the
contract are enforced upon the contracting parties and are usually present on the plastic or
in manuals accompanying with the software products which the consumer buys.

3. Click Wrap Agreements

These agreements require the user to give his consent to the terms and conditions which
are known as end user agreement and governs the licensed usage of the software by
clicking “Ok” or “I agree” button. There are certain kinds of check which ensures that the
terms of the agreement are binding upon the contracting parties. These are as follows:

1.The user agreement or the terms of service must be specifically conveyed to the party.
By simply inserting a link to the terms on the website without drawing any attention of
the user shall not be considered as the intimation to user. Therefore, if the user continues
to use the website after the intimation of the terms shall be considered as the acceptance
of the contract.

2.The terms of the agreement should not be changed if the user has given his assent for
the particular action.

3.The changes made to the terms of the agreement must be specifically intimated to the
user which providers a user to give a fresh consent for the modifications in the terms. In
case the user does not agree to the changes then he has the option to leave the website at
that very moment

Execution of E-contracts

The recognition and regulation to E-Contracts is provided by various laws such as Information
Technology Act, 2000 and the Indian Evidence Act, 1872. The provisions in the I.T. Act mention
about the attribution, acknowledgement and dispatch of electronic records and secured electronic
procedures.

The IT Act recognizes the basic features of the contract such as the communication of the
proposals, acceptance of proposals, revocation of proposals and acceptances, as the case may be
which could be expressed either in electronic form or by means of an electronic record.

Further, the recognition of a contract is accorded under the Indian Evidence Act, by which the
term “document” includes any information contained in an electronic record which is printed on
a paper, stored, recorded or copied in optical or magnetic media produced by a computer. Such
information are in conformity with the conditions of Section 65B of the Act which shall be
admissible in any proceedings, without any further proof or production of the original document
before the concerned authority and shall be regarded as an evidence of any content of the original
or any fact stated therein of which direct evidence would be admissible.

Electronic Signatures
The Information Technology (Amendment) Act, 2008 has substituted the term ‘digital signature’
with the term ‘electronic signature’. A digital signature is the technology specific and is
irreversibly unique to both the document and the signer. However, an electronic signature is
technology unbiased and general in nature. However, there is no standard for electronic
signature. It can be either a typed name or digitized image of hand written signature. The
substitution of the term ‘digital signature’ with ‘electronic signature’ is meant to expand the
scope of E-contracts in an e-commerce world.

Recognizing the change in the execution of commercial transactions the Supreme Court
disregarded the argument that exchanges over e-mail did not qualify as contracts and held that
“Once the contract is concluded orally or in writing, the mere fact that a formal contract has to
be prepared and initialed by the parties would not affect either the acceptance of the contract so
entered into or implementation thereof, even if the formal contract has never been
initialed.”Thus, the e-mails which convey the clear intention of the contracting parties can be
treated as a binding contract

Validity of Electronic Contracts in India

The Indian Contract 1872 has recognized the traditional agreements which include the oral
contracts made by the free consent of the contracting parties who are competent to contract for
the lawful consideration with a lawful object and are not expressly declared to be void. Hence,
there is no provision in this Act which prohibits the enforceability of electronic agreements
provided that the essential elements of the valid contract must be present in such agreements.

The free consent is considered as the main characteristics of the valid contract. Generally, there
is no scope for negotiation on E-contracts. The option of “take it or leave it” transaction is
always available to the user.

There are various cases where the Indian Courts have dealt with validity of the e-contracts such
as negotiation of the terms of the contract. In the case of LIC India vs. Consumer Education and
Research Centre, the Supreme Court had held that “In dotted line contracts there would be no
occasion for a weaker party to bargain as to assume to have equal bargaining power. He has
either to accept or leave the service or goods in terms of the dotted line contract. His option
would be either to accept the unreasonable or unfair terms or forgo the service forever.”