CYBER LAWS AND

CODE OF ETHICS

K Anvar Sadath
Manager (e-Governance)
Kerala State IT Mission
 CYBER LAWS
FOR TRANSACTIONS IN ‘CYBER SPACE’
• Cyber Property
• Trademarks, Domain names, Copyright, Patents,
Cyber Frauds…
• Cyber Contracts
• Cyber Documents and digital signatures
• Right to Free Speech
• Cyber Privacy
• Protection against Spamming, Cyber stalking…
• Right for Peaceful cyber existence
• Protection against Intrusion, Virus, Hacking…
INFORMATION TECHNOLOGY ACT, 2000
• Aims to provide a legal and regulatory framework for
promotion of e-Commerce and e-Governance.

• Enacted on 7th June 2000 and was notified in the official

gazette on 17th October 2000.

• India became the 12th nation in the world to enact

a Cyber law.

• Review on 2005 - Draft Amendments published

 IT ACT, 2000 –MAJOR PROVISIONS

• Extends to the whole of India

• Electronic contracts will be legally valid

• Legal recognition of digital signatures

• Security procedure for electronic records and digital

signature

• Appointment of Controller of Certifying Authorities

to license and regulate the working of Certifying
Authorities
IT ACT, 2000 –MAJOR PROVISIONS (Contd..)

• Certifying Authorities to get License from the

Controller to issue digital signature certificates

• Various types of computer crimes defined and

stringent penalties provided under the Act

• Appointment of Adjudicating Officer for holding

inquiries under the Act

• Establishment of Cyber Regulatory Appellate

Tribunal under the Act
IT ACT, 2000 –MAJOR PROVISIONS (Contd..)

• Appeal from order of Adjudicating Officer to Cyber

Appellate Tribunal and not to any Civil Court

• Appeal from order of Cyber Appellate Tribunal to

High Court

• Act to apply for offences or contraventions

committed outside India

• Network service providers not to be liable in certain

cases
IT ACT, 2000 –MAJOR PROVISIONS (Contd..)

• Power of police officers and other officers to enter

into any public place and search and arrest without
warrant

• Constitution of Cyber Regulations Advisory

Committee to advise the Central Government and
the Controller
 IT ACT, 2000 –ENABLES:

• Legal recognition of digital signature is at par with

the handwritten signature

• Electronic Communication by means of reliable

electronic record

• Acceptance of contract expressed by electronic

means

• Electronic filing of documents

• Retention of documents in electronic form

 IT ACT, 2000 –ENABLES: (Contd..)

• Uniformity of rules, regulations and standards

regarding the authentication and integrity of
electronic records or documents

• Publication of official gazette in the electronic form

• Interception of any message transmitted in the

electronic or encrypted form
 Changes / modifications in other
prevailing Acts..
• Indian Evidence Act, 1872

• Indian Penal Code, 1860

• Banker's Book Evidence Act, 1891

• Reserve Bank of India Act, 1934

 Changes / modifications in other
prevailing Acts..
• Indian Evidence Act, 1872

• Indian Penal Code, 1860

• Banker's Book Evidence Act, 1891

• Reserve Bank of India Act, 1934

Excluded from the purview of the IT Act
• A negotiable instrument as defined in Negotiable
Instruments Act, 1881

• A power-of-attorney as defined in Powers-of-

Attorney Act, 1882

• A trust as defined in the Indian Trusts Act, 1882

• A will as defined in the Indian Succession Act 1925

including any other testamentary disposition by
whatever name called
Excluded from the purview of the IT Act

• Any contract for the sale or conveyance of

immovable property or any interest in such property

• Any such class of documents or transactions

as may be notified by the Central
Government in the Official Gazette.
 Digital Signatures

• If a message should be readable but not modifiable, a digital

signature is used to authenticate the sender

Parameter Paper Electronic

Authenticity May be forged Cannot be copied

Integrity Signature Signature depends

independent of the on the contents of
document the document

Non-repudiation a.Handwriting a.Any computer

expert needed user
b.Error prone b.Error free
 http://www.cca.gov.in

Licensed CAs :

• Safescrypt
• NIC
• IDRBT
• TCS
• MTNL
• Customs & Central Excise
• (n) Code Solutions CA (GNFC)
 Hardware Tokens

Smart Card

iKey
Paper IDRBT Certificate Electronic
 Civil Offences under the IT Act 2000
(Section 43 )
• Unauthorised copying, extracting and downloading
of any data, database

• Unauthorised access to computer, computer system

or computer network

• Introduction of virus

• Damage to computer System and Computer

Network

• Disruption of Computer, computer network

Civil Offences under the IT Act 2000
(contd..) (Section 43 )

• Denial of access to authorised person to computer

• Providing assistance to any person to facilitate

unauthorised access to a computer

• Charging the service availed by a person to an

account of another person by tampering and
manipulation of other computer

shall be liable to pay damages by way of compensation not

exceeding one crore rupees to the person so affected.
 Criminal Offences under the IT Act 2000
(Sections 65 to 75)
• Tampering with computer source documents

• Hacking with computer system

"Whoever with the intent to cause or knowing that he is likely
to cause wrongful loss or damage to the public or any person
destroys or deletes or alters any information residing in a
computer resource or diminishes its value or utility or affects
it injuriously by any means, commits hacking."

• …shall be punishable with imprisonment up to three years, or

with fine which may extend up to two lakh rupees, or with
both.
 Criminal Offences under the IT Act 2000 …

• Electronic forgery I.e. affixing of false digital signature,

making false electronic record

• Electronic forgery for the purpose of cheating

• Electronic forgery for the purpose of harming reputation

• Using a forged electronic record

• Publication of digital signature certificate for fraudulent

purpose

• Offences and contravention by companies

Criminal Offences under the IT Act 2000 …

67. Publishing of information which is obscene in electronic

form.

"Whoever publishes or transmits or causes to be published

in the electronic form, any material which is lascivious or
appeals to the prurient interest or if its effect is such as to
tend to deprave and corrupt persons who are likely, having
regard to all relevant circumstances, to read, see or hear the
matter contained or embodied in it, shall be punished on first
conviction with imprisonment of either description for a term
which may extend to five years and with fine which may
extend to one lakh rupees and in the event of a second or
subsequent conviction with imprisonment of either
description for a term which may extend to ten years and also
with fine which may extend to two lakh rupees."
 Criminal Offences under the IT Act 2000 …

• Electronic forgery I.e. affixing of false digital signature,

making false electronic record

• Electronic forgery for the purpose of cheating

• Electronic forgery for the purpose of harming reputation

• Using a forged electronic record

• Publication of digital signature certificate for fraudulent

purpose

• Offences and contravention by companies

• Unauthorised access to protected system

 Criminal Offences under the IT Act 2000 …

• Confiscation of computer, network, etc.

• Unauthorised access to protected system (Sec. 70)

• Misrepresentation or suppressing of material facts for

obtaining Digital Signature Certificates

• Directions of Controller to a subscriber to extend facilities

to decrypt information (Sec. 69)

• Breach of confidentiality and Privacy (Sec. 72)

 Criminal Offences under the IT Act 2000 …

• Confiscation of computer, network, etc.

• Unauthorised access to protected system (Sec. 70)

• Misrepresentation or suppressing of material facts for

obtaining Digital Signature Certificates

• Directions of Controller to a subscriber to extend facilities

to decrypt information (Sec. 69)

• Breach of confidentiality and Privacy (Sec. 72)

 Criminal Offences under the IT Act 2000 …

• Offence or contravention commited outside India (Sec. 75)

by any person irrespective of his nationality.

• Network service providers not to be liable in certain case

(Sec. 79 )
…no person providing any service as a network service
provider shall be liable under this Act, rules or regulations
made there under for any third party information or data
made available by him if he proves that the offence or
contravention was committed without his knowledge or that
he had exercised all due diligence to prevent the commission
of such offence or contravention.
 Vulnerabilities Reported
6000

5000

4000

3000

2000

1000

0
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005

Vulnerabilities
 The Web
• The web was not designed with security in mind
• The typical web user is not very educated, nor
security conscious
• In fact, even some System Administrators are not
sufficiently security conscious!
• The wide distribution of access points (eg., cyber
cafes) also makes building secure applications a
challenge
• A large number of applications use the web
(informational, educational, entertainment,
transactional, governance...) as transport
 Common Web exploits ..

• Password guessing
• Proxies and man-in-the-middle attack
• HTML comments
• “Forgot password” implementations
• Keystroke loggers
• SQL injection
• Command injection
• URL manipulation
• XSS
 Spam
• Spam has become a major consumer of
bandwidth, disk space and users' time, with
imputed costs running into millions of dollars

• All kinds of material ride the Net as spam: chain

letters, advertisements, virus hoaxes, scams...

• Never reply to spam, as the spammer now

knows that he has a valid email ID

• Despite legislation, spam filters and smart mail

clients (eg., gmail), spam occupies about 30% of
all email today, growing at about 20% each year
 Spam and Spim
• At this rate, 99% of all email will be spam by the
year 2009 !

• Some spammers user automated techniques

(eg., a graphic image embedded in a spam
through a CGI script) to separate real email ids
from fake ones

• Spim is similar to spam, but the carriers are IMs

(Instant Messengers)

• Spim is set to treble from 400 million in 2003 to

1.2 billion this year
 Scams

• There are several scams that are using the

Internet and print media to circulate:
– Nigeria (419) scam
– Auction fraud
– Patent medication (Cialis, herbal viagra)
– Pump-and-dump stock market scam
– Viruses
– Chain letters (“Microsoft will pay you $25”)
– Identity theft
– Lottery
 Scams

– “Work from home and make big money”

– Health and diet scams
– “Spy on anyone”
– Get credit card numbers and site passwords
– Scholarship scams
– Telephone billing scam (bills are charged to
telephone accounts—the lost pet scam)
– Get a college degree
– Get software cheap
– 9/11 donations
– Free computers (cameras, printers...)
 Auction scams

• Misrepresentation of item or value

• Failure to ship
• Failure to pay (bounced cheques, stolen cards)
• Shilling (artificially boosting bids by accomplices)
• Bid shielding (using phony bids to scare away real
bidders and finally retracting the bid)
• Piracy (of music or other counterfeit material)
• Fencing (selling stolen goods)
• Buy and switch (buying and then returning a
different, but damaged item)
• Shell auction (no merchandise exists)
 Identity theft
• When someone appropriates your personal
information in order to commit fraud or theft

• Credentials (Name, email, address, social

security number, credit card number) can be
obtained through a variety of mechanisms
(including a lost wallet)

• In the West, ID theft can be serious, as the

fraudster can completely take over the ID (and
deny the original owner of medical care, bank
credit and even mail!)
 Cyberterrorism
• After 9/11, there is substantial attention on the
use of the Internet by terrorist groups

• These groups use techniques such as

steganography to multicast messages

• Apart from images and sounds, the latest

discovery is that secret messages can be hidden
in in the most common mail--Spam!
 Phishing
• A high-tech scam of spoofing trusted sites
by misleading links (esp. in HTML mail or a
link like
www.ebay.com@members.tripod.com)
• Aimed to fool inexperienced (and some
experienced) users
• Can result in loss of user credentials and
financial loss
 CYBER FORENSICS IS……

“The unique process of identifying, preserving,

analyzing and presenting digital evidence in a
manner that is legally accepted.”

TYPICAL TOOLS (from CDAC)

– EMAIL TRACER : Tracing
– TRUEBACK : Seizure and acquisition
– CYBERCHECK : Analysis
 Domain Name Battles
• www.radiff.com Vs www.rediff.com
• www.yahooindia.com Vs www.yahoo.com
• www.jeevanbhima.com ( LIC Vs ICICI )
• www.indiainfospace .com Vs infospace
• Tata.com
• Satyama.net, .org
• www.yoohoo.com (thailand)
• Madonna
THANK YOU

K ANVAR SADATH
anvar.k@gmail.com