Information Technology Act 2000 (ITA-2000)

Introduction In IT field the main important act is Information Technology Act 2000 (ITA-2000) in which all important aspects of information technology are covered. India became only the 12th country in the world to enact the cyber-laws and pass the IT Act 2000, which besides granting legal sanctity to electronic documents, covers a broad range of legal issues. The Ministry of Information Technology has set up an IT security centre at Hyderabad, in line with the American Computer Emergency Response Team (CERT) as part of a multi-pronged approach to control cyber-crime. Digital signature, electronic governance, secure electronic records, duties of subscribers penalties all related things in this field are covered under this act only. Some important points are discussed here below.

The Information Technology Act 2000 (ITA-2000) (IT ACT) is an Act of the Indian notified on October 17, 2000. History (ITA-2000): Following the UN Resolution India passed the Information Technology Act 2000 in May 2000 and notified it for effectiveness on October 17, 2000. The Information technology Act 2000 has been substantially amended through the Information Technology Amendment Act 2008 which was passed by the two houses of the Indian Parliament on December 23, and 24, 2008. It got the Presidential assent on February 5, 2009 and was notified for effectiveness on October 27, 2009. The ITA ,2008 has provided additional focus on Information Security. It has added several new sections on offences including Cyber Crimes and Data Protection. Cyber crimes can involve criminal activities that are traditionally in nature such as theft, fraud, forgery, defamation and mischief all of which are subject to the Indian Penal Code. 0 Information technology Act 2000 consisted of 94 sections segregated into 13 chapters. Four schedules form part of the Act. In the 2008 version of the Act, there are 124 sections (excluding 5 sections that have been omitted from the earlier version) and 14 chapters. Schedule I and II have been replaced. Schedules III and IV are deleted.

Its objectives (ITA-2000): This is an Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.

To grant legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication commonly referred to as electronic commerce in place of paper based methods of communication; To give legal recognition to Digital signatures for authentication of any information or matter which requires authentication under any law. To facilitate electronic filing of documents with Government departments To facilitate electronic storage of data To facilitate and give legal sanction to electronic fund transfers between banks and financial institutions To give legal recognition for keeping of books of accounts by bankers in electronic form. To amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers Book Evidence Act, 1891, and the Reserve Bank of India Act, 1934. Essence of the Act Information Technology Act 2000 addressed the following issues: (1) Legal Recognition of Electronic Records Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is

(a) (b)

rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference

Absence of Legal Recognition of Electronic Records in Some Cases Some documents in electronic form are not considered to be legally valid under Indian cyber laws. These include:

In case of a will. In case of a negotiable instrument. Trusts and powers of attorney (excluding constructive and resulting trusts). In case of contract pertaining to immovable property. In case of documents of title. Any other document issued by the Central Government. Indian laws require these above mentioned documents to be legally valid only when they are in written form.

(2) Legal recognition of digital signatures - Where any law provides that information or any other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person, then, in spite of anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government. Explanation.- For the purposes of this section, "signed", with its grammatical variations and related expressions, shall, with reference to a person, means affixing of his hand written signature or any mark on any document and the expression "signature" shall be construed accordingly.

(3) Penalties and Compensation for damage to computer, computer system, etc (Amended vide ITAA-2008) If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network (a) Accesses or secures access to such computer, computer system or computer network or computer resource (ITAA2008) (b) Downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;

(c) Introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network; (d) Damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network; (e) Disrupts or causes disruption of any computer, computer system or computer network; (f) Denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means; (g) Provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under, (h) Charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network, (i) Destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means (Inserted vide ITAA-2008) (j) Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage, (Inserted vide ITAA 2008) He shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected. ( change vide ITAA 2008)

(4) Some other important points (a) The Act talks of the establishment of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the orders passed by the Adjudicating Officers, shall be preferred. (b) The Act talks about various offences and the said offences shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. These offences include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking Now lets talk about one most important part of this act. And it is CYBER CRIME.

CYBER CRIME

What is Cyber Crime? In simple way we can say that cyber crime is unlawful acts where in the computer is either a tool or target or both. Cyber crimes can involve criminal activities that are traditionally in nature such as theft, fraud, forgery, defamation and mischief. All of which one subject to the Indian Penal Code. The abuse of computers has also given birth to ageing of new age crimes that are addressed by the Information Technology Act, 2000.

We can categorize Cyber Crime in two ways. 1) The Compute as a target- using computer to attack other computers. e.g. Hacking, Virus/worm attacks, Dos attacks etc. 2) The Computer as a weapon- Using a computer to commit veal world crimes. e.g. Cyber Terrorisms, IPR violation, Credit and frauds, EFT fraud, pornography etc.

Technical Aspects. Technological aspects created new possibilities for criminal activity. In particular the criminal misuse of information technologies such as.

1) Unauthorized access and hacking:Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer or computer network.

2) Trojan Attack:The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans. The name Trojan Horse is popular.

3) Forgery:Counterfeit currency notes, postage and revenue stamps, mark sheets etc. can be forged using sophisticated computers, printers and scanners. Also impersonate another person is considered forgery. 4) Cyber Terrorism:Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets, others like police, medical, fire and rescue systems etc.

5) Banking / Credit Related Crimes:In the corporate world, Internet hackers are continually looking for opportunities to compromise a companys security in order to gain access to confidential banking and financial formation. Use of stolen card in formation or fake credit/ debit cards is common.

6) Online Gambling:There are millions of websites hosted on servers abroad that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering.

Concern Authority for IT ACT 2008

Under the Act the authority is given only to the officers not below the rank of a Director to the government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of this act will be liable to give penalties and adjudicate for various offences.

The penalties for damage to computer, computer systems etc. has been fixed as damages by way of compensation not exceeding Rs. 1,00,00,00 to affected persons. The power of adjudicating officer is given under a Civil Court.

CASE STUDY

ACCUSESD IN RS 400 MILLION SMS SCAM ARRESTED IN MUMBAI MUMBAI: The alleged mastermind behind a Rs 400 million SMS fraud that duped at least 50,000 people has been arrested along with an associate more than two months after the scam was unearthed. Jayanand Nadar, 30, and Ramesh Gala, 26, were arrested from a hotel in Mira Road in the western suburbs. Nadar, a first year college dropout, along with his brother Jayaraj had allegedly duped at least 50,000 people of Rs.400 million, said officials in the city police's Economic Offences Wing (EOW). The two brothers along with Gala allegedly took help of SMS technology and launched the firstof-its- kind SMS fraud in India. According to EOW sources, in August 2006 the duo launched an aggressive and catchy advertisement campaign in the print media that read: "Nothing is impossible. The word itself is: I M Possible." As part of the attractive scheme, the Nadar brothers messaged random numbers, asking people interested in 'earning Rs.10,000 per month' to contact them. "Interested 'subscribers' were asked to deposit Rs.500 each. The conmen duo claimed to be working with a US-based company named Aropis Advertising Company, which wanted to market its client's products through SMS'," senior inspector A Thakur said. "The brothers even put up a website (www.getpaid4sms. com) to promote their scheme. Subscribers who registered with them received about 10 SMS' every day about various products and were promised handsome commissions if they managed to rope in more subscribers by forwarding the messages," Thakur said. In return, the Nadars promised to pay Rs.10,000 over 16 months to the investors. The amount was to be paid in instalments of Rs.1,000 every few months. The brothers are said to have told the subscribers that they were using SMS as it was the latest medium of communication.. Initially, the brothers paid up small amounts. But when cheques and pay orders of larger sums issued by the duo were not honoured, the agents got worried. The SMSes too suddenly stopped. On November 30, one of the duped agents approached the DN Road police station and lodged a complaint after a bank failed to honour a pay order amounting Rs.2.17 million issued by the Nadar brothers. Then suddenly, the Nadars and Gala disappeared By December, the police were flooded with similar complaints. The DN Road police station registered a case against the brothers and Gala and later transferred it to the EOW. "By December 2006 the scheme had an over 50,000 membership in Mumbai alone. And we suspect that hundreds of thousands from across the country were also hooked to the scheme,

thanks to a massive agent network and a door-to-door campaign carried out by the firm's now duped agents," Thakur said. "We suspect that the fraud amount may be over Rs.1 billion. With the extent of the scam spread across the country, we are still trying to get the details." During investigations, the EOW came to know that the Nadars, residents of the upmarket JuhuTara Road, owned a fleet of imported sport utility vehicles and sedans. "The brothers led an extravagant life. They would stay in top five star hotels, throw massive parties for investors and were also known faces in the city's Page-3 circuit," Thakur revealed. "We are now looking for Jayaraj, who has eluded arrest. Gala, who is believed to have looked after the accounts, and Jayanand have been remanded to police custody till March 5

Punishment The penalty for illegally accessing a computer system ranges from 6 months to 5 years. The penalty for the unofficial modification on a computer ranges from 5 to 10 years. Other penalties are listed below: Information Technology Act-2000: According to this act, different penalties are available for different crimes. Some of the penalties are as follows: Computer source document tampering: The person who changes the source code on the website or any computer program will get a punishment up to 3 years of imprisonment or fine.

Computer hacking: The individual who hacks the computer or computer devices will get an imprisonment up to 3 years or a fine. Government protected system: An act of trying to gain access to a system which is a protected system by the government, will result in imprisonment for 10 years and a heavy fine. The introduction of such penalties have lead to a drastic reduction in the cyber crime rates as more and more criminals are becoming aware of the penalties related to them. Spreading the word about the penalties of cyber crime can serve as a deterrent against such crime. Penalties relating to cyber crime will vary depending on the country and legislation in place.

As said Our mouse can be just as dangerous as a bullet or a bomb."