indian cyberlaw some perspective
TRANSCRIPT
INDIAN CYBERLAW-INDIAN CYBERLAW-SOME PERSPECTIVES SOME PERSPECTIVES
A A
PRESENTATION PRESENTATION
BY BY
PAVAN DUGGAL,PAVAN DUGGAL,ADVOCATE,ADVOCATE,
SUPREME COURT OF INDIA SUPREME COURT OF INDIAPRESIDENT,CYBERLAWS.NETPRESIDENT,CYBERLAWS.NET
HEAD-PAVAN DUGGAL HEAD-PAVAN DUGGAL ASSOCIATES ASSOCIATES
NEW DELHI-19-5-2006NEW DELHI-19-5-2006
PUBLIC DOMAIN BUZZPUBLIC DOMAIN BUZZ
GOAP E-TENDERING PROJECTGOAP E-TENDERING PROJECT
NOT BASED UPON DIGITAL SIGNATURES, NOT BASED UPON DIGITAL SIGNATURES,
DESPITE BEING LAUNCHED IN 2002DESPITE BEING LAUNCHED IN 2002
ALLEGATIONS AGAINST THE BACKEND ALLEGATIONS AGAINST THE BACKEND
SERVICE PROVIDER, WHO HAD ACCESS TO SERVICE PROVIDER, WHO HAD ACCESS TO
ALL BIDDING CONFIDENTIAL INFORMATIONALL BIDDING CONFIDENTIAL INFORMATION
NEW CASESNEW CASES
GOVERNMENT OF RAJASTHAN- TENDER FOR GOVERNMENT OF RAJASTHAN- TENDER FOR
CUSTOMIZED SOFTWARECUSTOMIZED SOFTWARE
CAUGHT IN A LEGAL BATTLE BETWEEN CAUGHT IN A LEGAL BATTLE BETWEEN
VENDORS IN THE DELHI HIGH COURTVENDORS IN THE DELHI HIGH COURT
NEW CASES( contd)NEW CASES( contd)
ASHOKINTEGRIX IP ADDRESS CASE- INDIA’S ASHOKINTEGRIX IP ADDRESS CASE- INDIA’S
FIRST JOHN DOE CASE IN INFORMATION FIRST JOHN DOE CASE IN INFORMATION
TECHNOLOGY LITIGATIONTECHNOLOGY LITIGATION
BIRTH OF A NEW KIND OF LIABILITY NOT BIRTH OF A NEW KIND OF LIABILITY NOT
YET PERCEIVEDYET PERCEIVED
NEW CASESNEW CASES
ARIF AZIM CASE- INDIA’S FIRST ARIF AZIM CASE- INDIA’S FIRST
CYBERCRIME CONVICTIONCYBERCRIME CONVICTION
BREACH OF DATA SECURITYBREACH OF DATA SECURITY
INTERNAL SOURCES- THE BIGGEST RISK FOR INTERNAL SOURCES- THE BIGGEST RISK FOR
ANY LEGAL ENTITY USING COMPUTERSANY LEGAL ENTITY USING COMPUTERS
BEGINNING OF LIABLITYBEGINNING OF LIABLITY
S.CHANDER CASE- INDIA’S FIRST LEGAL S.CHANDER CASE- INDIA’S FIRST LEGAL
PRECEDENT FOR EXPOSURE TO LIABILITYPRECEDENT FOR EXPOSURE TO LIABILITY
FOREMOST BANK MADE LIABLE FOR MISUSE FOREMOST BANK MADE LIABLE FOR MISUSE
ON THE NETWORK BY AN ERRANT ON THE NETWORK BY AN ERRANT
EMPLOYEEEMPLOYEE
CELEBRATED CASESCELEBRATED CASES
BAAZEE.COM CASEBAAZEE.COM CASE
KARAN BAHREE CASEKARAN BAHREE CASE
MPHASIS CASEMPHASIS CASE
CYBER LAW IN INDIACYBER LAW IN INDIA
In India the Information Technology Act, In India the Information Technology Act,
2000 is the legislation that deals with issues 2000 is the legislation that deals with issues
related to the Internet.related to the Internet.
THE THE INFORMATION INFORMATION
TECHNOLOGY ACT , 2000TECHNOLOGY ACT , 2000
I.T. ACT, 2000:I.T. ACT, 2000:OBJECTIVESOBJECTIVES
Different approaches for controlling, Different approaches for controlling,
regulating and facilitating electronic regulating and facilitating electronic
communication and commerce.communication and commerce.
Aim to provide legal infrastructure for Aim to provide legal infrastructure for
e-commerce in India.e-commerce in India.
GOVERNMENT –NSP??GOVERNMENT –NSP??
GOVERNMENTS PROVIDING SERVICES ON GOVERNMENTS PROVIDING SERVICES ON
THE NETWORKTHE NETWORK
GOVERNMENTS ARE INTERMEDIARIESGOVERNMENTS ARE INTERMEDIARIES
UNDER THE IT ACT, 2000, ALL UNDER THE IT ACT, 2000, ALL
GOVERNMENTS, CENTRAL AND STATE, AS GOVERNMENTS, CENTRAL AND STATE, AS
ASLO ALL GOVERNMENTAL BODIES ARE ASLO ALL GOVERNMENTAL BODIES ARE
“NETWORK SERVICE PROVIDERS”“NETWORK SERVICE PROVIDERS”
Section 79Section 79
For the removal of doubts, it is hereby For the removal of doubts, it is hereby declared that no person providing any service declared that no person providing any service as a network service provider shall be liable as a network service provider shall be liable under this Act, rules or regulations made under this Act, rules or regulations made thereunder for any third party information or thereunder for any third party information or data made available by him if he proves that data made available by him if he proves that the offence or contravention was committed the offence or contravention was committed without his knowledge or that he had exercised without his knowledge or that he had exercised all due diligence to prevent the commission of all due diligence to prevent the commission of such offence or contravention.such offence or contravention.
Network Service Providers:Network Service Providers:When Not LiableWhen Not Liable
Explanation.—Explanation.—For the purposes of this section, For the purposes of this section, ——
(a) (a) "network service provider" means an "network service provider" means an intermediary;intermediary;
(b) (b) "third party information" means any "third party information" means any information dealt with by a network service information dealt with by a network service provider in his capacity as an intermediary.provider in his capacity as an intermediary.
TRANSPARENCYTRANSPARENCY
NEED FOR TRANSPARENT E-NEED FOR TRANSPARENT E-
GOVERNMENTAL PROVIDERSGOVERNMENTAL PROVIDERS
RIGHT TO INFORMATION ACTRIGHT TO INFORMATION ACT
GOVERNMENTAL WOULD NOW NOT BE ABLE GOVERNMENTAL WOULD NOW NOT BE ABLE
TO HIDE RECORDS CONCERNING E-TO HIDE RECORDS CONCERNING E-
GOVERNMENTAL PROCUREMENTSGOVERNMENTAL PROCUREMENTS
IT ACT, 2000-OBJECTIVES IT ACT, 2000-OBJECTIVES
To provide legal recognition for transactions:-To provide legal recognition for transactions:- Carried out by means of electronic data Carried out by means of electronic data
interchange, and interchange, and Other means of electronic communication, Other means of electronic communication,
commonly referred to as "electronic commonly referred to as "electronic commerce", involving the use of alternatives commerce", involving the use of alternatives to paper-based methods of communication and to paper-based methods of communication and storage of information.storage of information.
OBJECTIVES (contd.)OBJECTIVES (contd.)
To facilitate electronic filing of documents To facilitate electronic filing of documents
with the Government agencieswith the Government agencies
To amend the Indian Penal Code, the Indian To amend the Indian Penal Code, the Indian
Evidence Act, 1872, the Banker's Book Evidence Act, 1872, the Banker's Book
Evidence Act, 1891 and the Reserve Bank of Evidence Act, 1891 and the Reserve Bank of
India Act, 1934 India Act, 1934
AUTHENTICATION OF AUTHENTICATION OF ELECTRONIC RECORDSELECTRONIC RECORDS
Any subscriber may authenticate an electronic Any subscriber may authenticate an electronic record record
Authentication by affixing his digital Authentication by affixing his digital signature. signature.
Any person by the use of a public key of the Any person by the use of a public key of the subscriber can verify the electronic recordsubscriber can verify the electronic record
LEGALITY OF DIGITAL LEGALITY OF DIGITAL SIGNATURESSIGNATURES
Legal recognition of digital signatures.Legal recognition of digital signatures.
Electronic Signatures not yet legal in India.Electronic Signatures not yet legal in India.
Certifying Authorities for Digital Signatures.Certifying Authorities for Digital Signatures.
Scheme for Regulation of Certifying Scheme for Regulation of Certifying
Authorities for Digital SignaturesAuthorities for Digital Signatures
CONTROLLER OF CONTROLLER OF CERTIFYING CERTIFYING
AUTHORITIESAUTHORITIES
Shall exercise supervision over the Shall exercise supervision over the
activities of Certifying Authorities activities of Certifying Authorities
Lay down standards and conditions Lay down standards and conditions
governing Certifying Authorities governing Certifying Authorities
Specify various forms and content of Specify various forms and content of
Digital Signature CertificatesDigital Signature Certificates
DIGITAL SIGNATURES & DIGITAL SIGNATURES & ELECTRONIC RECORDSELECTRONIC RECORDS
Use of Electronic Records and Digital Signatures in Use of Electronic Records and Digital Signatures in
Government Agencies. Government Agencies.
Publications of rules and regulations in the Publications of rules and regulations in the
Electronic Gazette.Electronic Gazette.
MCA –21 Project- Usage of Digital SignaturesMCA –21 Project- Usage of Digital Signatures
COMPENSATIONCOMPENSATION
If a person without the permission of owner or any If a person without the permission of owner or any other person in charge of a computer, computer other person in charge of a computer, computer system or computer network, accesses or secures system or computer network, accesses or secures access to such computer, computer system or access to such computer, computer system or computer network, he is liable to pay statutory computer network, he is liable to pay statutory damages by way of compensation, not exceeding damages by way of compensation, not exceeding one Crore rupees ( Rs 10,000,000/- ) to the person one Crore rupees ( Rs 10,000,000/- ) to the person so affected.so affected.
CYBER OFFENCESCYBER OFFENCES
Various cyber offences definedVarious cyber offences defined
Cyber offences to be investigated only by a Cyber offences to be investigated only by a
Police Officer not below the rank of the Police Officer not below the rank of the
Deputy Superintendent of Police. Deputy Superintendent of Police.
CYBER OFFENCES (contd.)CYBER OFFENCES (contd.)
Tampering with computer source documents.Tampering with computer source documents.
Publishing of information which is obscene in Publishing of information which is obscene in
electronic form.electronic form.
Breach of confidentiality and privacy.Breach of confidentiality and privacy.
CYBER OFFENCES (contd.)CYBER OFFENCES (contd.)
HackingHacking
MisrepresentationMisrepresentation
Publishing Digital Signature Certificate false Publishing Digital Signature Certificate false
in certain particulars and publication for in certain particulars and publication for
fraudulent purposes.fraudulent purposes.
LITIGATION ALREADY LITIGATION ALREADY BEGUNBEGUN
Litigation already begun in India relation to e-Litigation already begun in India relation to e-procurement.procurement.
Numerous legal issues relating to electronic Numerous legal issues relating to electronic government procurement will continue to government procurement will continue to emerge in the near future.emerge in the near future.
Need to adopt a proactive approach in dealing Need to adopt a proactive approach in dealing with these various legal challengeswith these various legal challenges
AMENDMENTS INAMENDMENTS IN IT ACT, 2000 IT ACT, 2000
MAKES THE LAW TECHNOLOGY MAKES THE LAW TECHNOLOGY NEUTRALNEUTRAL
ELECTRONIC SIGNATURES INSTEAD OF ELECTRONIC SIGNATURES INSTEAD OF DIGITAL SIGNATURESDIGITAL SIGNATURES
NEW PROVISION ON PRIVACYNEW PROVISION ON PRIVACY WATERS DOWN THE LIABILITY OF THE WATERS DOWN THE LIABILITY OF THE
NETWORK SERVICE PROVIDERSNETWORK SERVICE PROVIDERS
HUGE DRAWBACKS OF THE HUGE DRAWBACKS OF THE PROPSOED AMENDMENTSPROPSOED AMENDMENTS
DATA PROTECTIONDATA PROTECTION NO NEW CYBERCRIMES ADDEDNO NEW CYBERCRIMES ADDED PRIVACY APPROACH PRIMITIVEPRIVACY APPROACH PRIMITIVE INTELLECTUAL PROPERTY RIGHTSINTELLECTUAL PROPERTY RIGHTS TAXATIONTAXATION E-PAYMENTSE-PAYMENTS
NEED TO COMPLY NEED TO COMPLY
There is a need to proactively comply with the There is a need to proactively comply with the requirements of the Indian Cyberlaw .requirements of the Indian Cyberlaw .
Necessary to limit liability and emergence of Necessary to limit liability and emergence of undesirable consequences.undesirable consequences.
The Information Technology Act, 2000 The Information Technology Act, 2000 currently under review by the Government.currently under review by the Government.
Need to adopt a flexible approach of due Need to adopt a flexible approach of due diligence.diligence.
THAT WAS A PRESENTATION THAT WAS A PRESENTATION
BY BY
PAVAN DUGGAL,PAVAN DUGGAL,
ADVOCATE, SUPREME COURT OF INDIAADVOCATE, SUPREME COURT OF INDIA
PRESIDENT, CYBERLAWS.NETPRESIDENT, CYBERLAWS.NET
HEAD-PAVAN DUGGAL ASSOCIATES HEAD-PAVAN DUGGAL ASSOCIATES
EMAIL : [email protected] : [email protected]
[email protected]@gmail.com