Business

Transactions and
Cyber Laws
Change in the
Environment
Technological Revolution.
Increase in Volumes & Complexities of
transactions.
User wants the electronic records to be
confidential & protected from tampering
User wants to trust the participants are who
they claim to be
Information Technology Act
2000
Became statute on 17th May 2000- 12th nation
in the world to have cyber laws
Also Amended: -
 Indian Panel Code 1862
 Indian Evidence Act 1872
 The Bankers’ Book Evidence Act 1891
 Reserve Bank of India Act 1934

Objectives
To provide legal recognition for transactions:-


Carried out by means of electronic data

interchange, and Other means of electronic
communication, commonly referred to as
"electronic commerce“
To facilitate electronic filing of documents with
Government agencies and E-Payments
Act does not apply to
(a) a negotiable instrument (Other than a
cheque) as defined in section 13 of the
Negotiable Instruments Act, 1881;
(b) a power-of-attorney as defined in section
1A of the Powers-of-Attorney Act, 1882;
(c) a trust as defined in section 3 of the Indian
Trusts Act, 1882;
Act does not apply to
(Contd)
(d) a will as defined in clause (h) of section 2 of
the Indian Succession Act, 1925 including any
other testamentary disposition
(e) any contract for the sale or conveyance of
immovable property or any interest in such
property;
(f) any such class of documents or transactions
as may be notified by the Central
Government
Section 3 Defines Digital
Signatures
The authentication to be affected by use of
asymmetric crypto system and hash
function
The private key and the public key are unique
to the subscriber and constitute functioning
key pair

Section 4- Legal recognition
of Electronic Records
If any information is required in printed or
written form under any law the Information
provided in electronic form, which is
accessible so as to be usable for subsequent
use, shall be deemed to be lawful.
Sections 5, 6 & 7
Legal recognition of Digital Signatures
Use of Electronic Records in Government & Its
Agencies
Retention of Electronic Records
Section 11- Attribution of Electronic
Records
Shall be attributed to the originator if


Sent by originator
By a person having authority to act on behalf
of originator
By an information system programmed by
originator or his behalf to operate
automatically.
Section 12- Acknowledgement of
Receipt
If Originator did not specified particular
method- Any communication automated
or otherwise or conduct to indicate the
receipt
If specified that the receipt is must- Then
unless acknowledgement has been
received ER shall be deemed to have
been newer sent
Where ack. not received within time
specified or within reasonable time the
originator may give notice to treat the
ER though never sent.
Section 13- Dispatch of
ER
Unless otherwise agreed dispatch occurs when
ER enters resource outside the control of
originator
Shall be deemed to be dispatched and
received where they have their principal
place of business otherwise at his usual place
of residence
Section 13- Receipt of ER
Unless otherwise agreed time of Receipt of
ER shall occur: -
If Computer Resource designated- at the
time ER enters the Designated Resource
If sent to Resource not designated when
the addressee retrieves the record
If no Computer Resource designated- when
ER enters Computer Resource of
Addressee.
Section 15- Secure Digital
Signatures
If Digital signatures are applied in such a
manner that if ER was altered the Digital
Signatures would be invalidated then it is
called Secured Digital signatures
Digital Signatures
Section 16- to prescribe security procedures
Sec 17 to 34- Appointment and Regulation of
Controller and certifying authority
Sec 35 to 39- Obtaining DSC
Sec 40 to 42- Duties if Subscriber of DSC
Administration
Sec 43 to 47- provides for penalties and
adjudications
Sec 48 to 64- prescribes for establishment of
Appellate tribunals etc and compounding of
contraventions.
Sections 65-78 Offences
Tampering with computer source documents
(sec 65)
Hacking with computer system (sec 66)
Publishing of information which is obscene
(Sec 67)
The act to apply for offences or
contraventions committed outside India.
(sec 68)
Net work service provider
Section 79- provides for non liability of network
service provider in certain cases if he proves
that the offence or contravention was
committed without his knowledge or that he
had exercised all due diligence to prevent the
commission of such offence or contravention.
Amendments- Indian Evidence
Act 1872
Section3 of the Evidence Act amended to take
care of admissibility of ER as evidence along
with the paper based records as part of the
documents which can be produced before the
court for inspection.
Evidence Act (Contd)
Section 22A has been inserted which provides
that oral evidences as to the content of the
electronic records are not relevant unless
the genuineness of the electronic record
produced is in question.
The entries in the electronic records have been
recognized as are the entries in the books
of accounts.
Admissibility of ER without further
proof Section 65A & B
The output was produced by the computer
during the period over which computer
was regularly for the purposes of any
activity regularly carried on over the
period by the person having lawful
control over the use of the computer.
During the period the information of the
kind contained in the ER or of the kind
from which the information so contained
was derived was regularly fed into the
computer in the ordinary course of such
activity.
Admissibility of ER without further
proof Section 65A &B
For the material part of the said period the
computer was operating properly. Or if
not operating properly was not such as
to affect the electronic record or the
accuracy of the contents.
The information contained in the ER
reproduces or is derived from such
information fed into the computers in
the ordinary course of the said activities.
Presumption as to Secured
ER
Unless the contrary is proved the courts
shall presume that the secure ER have not
been altered since the specific point of
time to which secure status relates & the
court shall also presume that the Secured
digital signature is affixed by subscriber
with the intention of signing and approving
the ER. Otherwise if the record or signature
is not secured there will be no presumption
relating to authenticity & integrity of the
record or signatures.
Amendments
Negotiable Instruments Amendment Act 2002
w.e.f 6.3.2003 has brought cheques within
the preview of IT Act by changing section
1(4)(a) and inserting section 81-A
Adjudicating Process
The Adjudication process covers
contraventions of ITA-2000 under Chapter IX
of ITA-2000. This covers Section 43, 44 and
45 of the Act.
Adjudicating officers appointed by notification
dated 25th March 2003 u/s 46
Gray Areas & Special
Issues
Should not be technology specific but
technology neutral- namely asymmetric
crypto system and hash function
Domain Names and rights of domain name
owners and squatting
IPR issues not addressed
SPAM issues

Gray Areas (Contd)
New forms of cyber crimes
Internet Banking, E-fund transfer and e-
payments laws.
Cyber Taxation issues:-
Jurisdictional problems
PE- issues whether a website a PE



Internet Transactions &
Jurisdictional Issues
Legal Jurisdiction- belongs to the sovereign
government
Judicial Jurisdiction- belongs to courts
Enforcement Jurisdiction- belong to law
enforcement authorities
Internet Operates in “Border Less” cyber
space- hence inter jurisdictional conflicts
Auditor & Legal Framework
The ER is stamped with the system date
and time when it enters or leaves a
computer system. The system date
and time can be very easily tampered
with.
The Auditor has to make sure that the ER
on the basis of which he is generating
audit evidences to carry on his attest
function is reliable, not been
tampered and is secured. The
reliability of various other documents
on the basis of which he is forming his
opinion are reliable and have been
duly signed digitally of course.
Auditor & Legal
Framework
In spite of many provisions emphasizing the
necessity of maintaining adequate security,
no provision has been made for the audit
and certification of the reliability of the
computers used.
What is the
Cyberspace?
 William Gibson in 1980s wrote
a science fiction named
Neuromancer wherein
computer hackers waged
war against secure data.
 The setting had no physical
existence and was named
‘Cyberspace’ by Gibson.
 Unique features - dynamic,
borderless space,
anonymity, speed, cost
effective, marked with
rapid technological
advances
Regulating the Internet..
 Proponents of Cyberlaws
believe that one’s activities
on the Internet need
regulation by framing laws
and rules that govern our
activities in the cyberspace.
This branch of law is termed
as “Cyberlaws”
 European Union, USA,
UNCITAL framed important
laws to govern cyberspace
 UNCITRAL Model law of e-
commerce 1996
 EU data protection Directive
 DMCA Act 1998 in USA
 WIPO domain name dispute
Resolution policy
 Critics who advocate ‘no
regulation’ or ‘self
regulation’ in the Virtual
space believe that
government should have
minimum interference in
regulating the cyberspace
and its use of surveillance
or censorship measures.
 John Perry Barlow’s
“Declaration of the
Independence of the
cyberspace” and David G.
Post, The “Unsettled
Paradox”: The Internet, the
State, and the Consent of
the Governed, 5 IND. J.
GLOBAL LEGAL STUD. 521,
539 (1998)
Inherent challenges in
framing Cyberlaws
 Some early adopters in the US and the West drafted their own
legislations by either adapting their existing laws in the context
of cyberspace or creating new laws in respect thereof.

 Determining jurisdiction and formation the e-contracts are two key
issues on which traditional legal principles have been largely applied
by Courts worldwide . For e.g . Longarm Statutes enacted in US and
Minimum Contacts test.

 General consensus that in the e-world, electronic signatures and
electronic documents are equally legally valid as the hand-
written signatures or hard copy paper documents. Model law on
Electronic Commerce in 1996 promotes application of principle of
‘ functional equivalence’

 India enacted its first law of IT through the IT Act, 2000 based on the
principles elucidated in the UNCITRAL Model law of e-commerce.
Extends to whole of India and also applies to any offence or
contravention thereunder committed outside India by any person
{section 1 (2)} read with Section 75
No Homogenous
Cyberlaw
 Nature of the internet- anonymity
element coupled with no
territorial borders and absence
of uniform law poses a challenge to
legislators and enforcement
authorities
 A global consensus with respect to
legal enforcement and internet
censorship against certain offences

 such as-Child pornography,

Cyberwarfare, threat to national
security and cyberterrorism
 Different countries differ in treatment
of certain other serious issues such
as Gambling, hatespeech,
political propaganda, defamatory
matter, pornography on internet
 These inturn may be protected by the
Right to freedom of speech and
expression

Tests to Determine Jurisdiction in
Cyberspace
 Zippo sliding scale test (1) ( based on interactivity of a
website),
 Effects test (2) based on where effects of an illegal act are
felt),
 Targeting approach principles (3)( based on whether
accused solicited business in a particular jurisdiction).
(1) Zippo Manufacturer v Zippo Dot com 952 F. Supp. 1119
(D.C.W.D. Pa. 1997)
 (2) Calder v. Jones465 U.S. 783 (1984).
 (3) People v. World Interactive Gaming714 N.Y.S. 2d 844
(N.Y.Sup. 1999), 1999 N.Y. Misc. LEXIS 425 (S.C. N.Y.1999)
What is a cyber threat?


 From the information security perspective, a ‘threat ‘ is

defined as the potential to cause an unwanted incident in
which an asset, system or organisation may be harmed.

 ‘Cyber threat ‘ is a threat that percolates or infiltrates through
the use of computers , internet or interconnected
communication devices and could comprise of information
stealth, cyber warfare, virus attacks, cyber terrorism,
hacking attempts , phising,sabotage, singly or in
combination.

 Computer vulnerability
 Computers store huge amounts of data in small spaces
 Ease of access
 Complexity of technology
 Human error
 One of the key elements that keeps most members of any society honest is
fear of being caught — the deterrence factor. Cyberspace changes two of
those rules. First, it offers the criminal an opportunity of attacking his
victims from the remoteness of a different continent and secondly, the
results of the crime are not immediately apparent.
 Need new laws and upgraded technology to combat cyber crimes
Introduction to Cyber Crime

 Computer Crime, E-Crime,

Hi-Tech Crime or
Electronic Crime is where
a computer is the target of
a crime or is the means
adopted to commit a crime.
 Most of these crimes are not
new. Criminals simply
devise different ways to
undertake standard
criminal activities such as
fraud, theft, blackmail,
forgery, and embezzlement
using the new medium,
often involving the Internet
Different Types of
Cybercrimes
 Types of Cyber crimes
 Credit card frauds
 Cyber pornography
 Sale of illegal articles-narcotics,
weapons, wildlife
 Online gambling
 Intellectual Property crimes- software
piracy, copyright infringement,
trademarks violations, theft of
computer source code
 Email spoofing
 Forgery
 Defamation
 Cyber stalking (section 509 IPC)
 Phising
 Cyber terrorism

 Trademark &
domain names Copyright

Trade secrets Patent

C a te g o rie s o f IP rig h ts
Utility model / Designs Geographical
Indications

Plant Breeder ’ s
rights
 Classification of
IPR
Intellectual Property
IPR
Patents Broadcasting
Music
Copyright Dramatics
Trademarks Works
Literature
Industrial Sound
Design Recording
Works of Art
Geographical Computer
Indications Programs
 Different Acts governing IP
assets
T h e Tra d e M a rks A ct, 1 9 9 9
Tra d e M a rks

Pa te n ts T h e Pa te n ts A ct, 1 9 7 0

C o p yrig h t T h e C o p yrig h t A ct, 1 9 5 7

T h e D e sig n s A ct, 2 0 0 0
D e sig n s

G e o g ra p h ica l T h e G e o g ra p h ica lIn d ica tio n s

In d ica tio n s O f G o o d s A ct, 1 9 9 9
T h e Pro te ctio n o f p la n t
Pla n t V a rie tie s va rie tie s a n d
Fa rm e rs’ R ig h t A ct, 2 0 0 1
S e m i co n d u cto r IC la yo u t
S e m ico n d u cto r IC d e sig n
la yo u t A ct, 2 0 0 0
IP-Duration of
Patents (20 years)
Term of Protection
 Trademarks (10 years + renewals)
 Copyrights in published literary, dramatic, musical, and
artistic works (Lifetime of author +60 years).
 Copyright in photographs ,cinematographic film, sound
recordings –(60 years from year in which it was
published)
 Broadcast reproduction right-(25 years from the
beginning of the calendar year next following the year
in which the broadcast is made.)
 Performers right-(25 years from the beginning of the
calendar year next following the year in which the
performance is made)
 Industrial designs (10 years+ renewal permitted once
for 5 years )
 Trade-secrets and know howcollectively “proprietary
technology” (contract period-protected by contract
provisions, doctrine of breach of trust)
 There are multiple perspectives about
intellectual property rights on the
Internet
 Nature of internet-Borderless space, ease of flow of
information, promptness, anonymity, easy to share,
distribute and copy information at very less cost.
 These multiple perspectives to IPR include:
 "Information Wants to be Free." These people believe
there should be no copyrights or other protections of
intellectual property; everything made publicly available
should be public domain.
 "Right of Attribution." These people believe that the only
rights owed to authors and creators is the right of
attribution; otherwise, all information is free.
 "Limited Use Rights." These people believe that copyright
has validity but minor infringing behavior, whether "fair
use" or not, should be legal.
 "Strong IP Regimes." These people adhere strictly to
intellectual property protections.
(Note that there is also the moral rights perspective, which
exists
on a different scale but is most closely aligned with the Strong

IP
Regimes category.)
 Protecting Copyright in the
digital millennium
 The question of new, sui generis form of protection was
seriously considered in the 1970s, but copyright
protection became the norm. the TRIPS Agreement
requires that ‘Computer program, whether in source or
in object code, shall be protected as literary works under
the Berne Convention’. Case on point-Ibcos computers v
Barclays FinanceLtd(1994)FSR 275,Apple computer inc
vsFranklin ComputerCorpn714F2d1240(3rd Cir 1983).
 India party to Berne convention, Paris convention and
UCC1952.
 India-Copyright Act-Section 2(o)-computer programme is
literary work.section 2(ffc) defines computer
programme.,section 2(ffb) defines computer-copyright –
tangible –storage in any medium


THANK YOU