lab modual-4 information technology act 2000 ppt
DESCRIPTION
legal aspects of business is related to law for every business.......TRANSCRIPT
INFORMATION
TECHNOLOGY ACT
2000- AN OVERVIEW
1
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-K
NV
IBM
CHANGE IN THE ENVIRONMENT
Technological Revolution.
Increase in Volumes & Complexities of
transactions.
User wants the electronic records to be
confidential & protected from tampering
More Flexible, Time Savings & Communicate
easily etc..
2
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
3
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
Universal Internet access
Total Internet economy in 2008
US $ 4.48 trillion
E-Commerce in India in 2008
Rs. 2,95,000 Crore
E-Commerce in Asia in 2008
38% of world total
E- COMMERCE
4
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
EC transactions over the Internet include
Formation of Contracts
Delivery of Information and Services
Delivery of Content
IT ACT, 2000
Enacted on 17th May 2000- India is 12th
nation in the world to adopt cyber laws
5Dr. M.K.SHARMA & ASHISH
KANJARIA - KNVIBM
OBJECTIVES OF THE IT ACT
To provide legal recognition for transactions:-
Carried out by means of electronic data interchange,and other means of electronic communication,commonly referred to as "electronic commerce”
To facilitate electronic filing of documents withGovernment agencies and E-Payments
To amend the Indian Penal Code, Indian EvidenceAct,1872, the Banker‟s Books Evidence Act1891,Reserve Bank of India Act ,1934 6
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
ACT DOES NOT APPLY TO…
(a) a negotiable instrument (Other than a cheque)as defined in section 13 of the NegotiableInstruments Act, 1881;
(b) a power-of-attorney as defined in section 1A ofthe Powers-of-Attorney Act, 1882;
(c) a trust as defined in section 3 of the IndianTrusts Act, 1882;
(d) a will as defined in clause (h) of section 2 ofthe Indian Succession Act, 1925 including anyother testamentary disposition
7
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
(e) any contract for the sale or conveyance ofimmovable property or any interest in suchproperty;
(f) any such class of documents or transactions asmay be notified by the Central Government
8
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
ACT DOES NOT APPLY TO…
DEFINITIONS ( SECTION 2)
"computer" means electronic, magnetic, optical orother high-speed date processing device or systemwhich performs logical, arithmetic and memoryfunctions by manipulations of electronic, magneticor optical impulses, and includes all input, output,processing, storage, computer software orcommunication facilities which are connected orrelates to the computer in a computer system orcomputer network;
"computer network" means the inter-connection ofone or more computers through-
(i) the use of satellite, microwave, terrestrial limeor other communication media; and
(ii) terminals or a complex consisting of two or moreinterconnected computers whether or not theinterconnection is continuously maintained;
9
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
DEFINITIONS ( SECTION 2)
"computer system" means a device or collection ofdevices, including input and output support devicesand excluding calculators which are notprogrammable and capable being used inconjunction with external files which containcomputer programmes, electronic instructions, inputdata and output data that performs logic, arithmetic,data storage and retrieval, communication controland other functions;
"data" means a representation of information,knowledge, facts, concepts or instruction which arebeing prepared or have been prepared in aformalised manner, and is intended to be processed,is being processed or has been processed in acomputer system or computer network, and may bein any form (including computer printouts magneticor optical storage media, punched cards, punchedtapes) or stored internally in the memory of thecomputer.
10
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
DEFINITIONS ( SECTION 2)
"electronic record" means date, record or date generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche;
“secure system” means computer hardware, software, and procedure that-
(a) are reasonably secure from unauthorized access and misuse;
(b) provide a reasonable level of reliability and correct operation;
(c) are reasonably suited to performing the intended function; and
(d) adhere to generally accepted security procedures 11
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
DEFINITIONS ( SECTION 2)
“security procedure” means the securityprocedure prescribed by the Central Governmentunder the IT Act, 2000.
secure electronic record – where any securityprocedure has been applied to an electronicrecord at a specific point of time, then such recordshall be deemed to be a secure electronic recordfrom such point of time to the time of verification
12
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
SECTION 3 DEFINES DIGITAL
SIGNATURES
The authentication to be affected by use ofasymmetric crypto system and hash function
The private key and the public key are unique tothe subscriber and constitute functioning keypair
Verification of electronic record possible
13
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
ESSENTIAL STEPS OF THE DIGITAL SIGNATURE
PROCESS
14
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
STEP 1 The signatory is the authorized holder a unique cryptographic key
pair;
STEP 2 The signatory prepares a data message (for example, in the form of
an electronic mail message) on a computer;
STEP 3 The signatory prepares a “message digest”, using a secure hash
algorithm. Digital signature creation uses a hash result derived from and
unique to the signed message;
STEP 4 The signatory encrypts the message digest with the private key. The
private key is applied to the message digest text using a mathematical
algorithm. The digital signature consists of the encrypted message digest,
STEP 5 The signatory typically attaches or appends its digital signature to
the message;
STEP 6 The signatory sends the digital signature and the (unencrypted or
encrypted) message to the relying party electronically;
15
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
STEP 7 The relying party uses the signatory’s public key to verify thesignatory’s digital signature. Verification using the signatory’s public keyprovides a level of technical assurance that the message came exclusivelyfrom the signatory;
STEP 8 The relying party also creates a “message digest” of the message,using the same secure hash algorithm;
STEP 9 The relying party compares the two message digests. If they are thesame, then the relying party knows that the message has not been alteredafter it was signed. Even if one bit in the message has been altered after themessage has been digitally signed, the message digest created by the relyingparty will be different from the message digest created by the signatory;
STEP 10 Where the certification process is resorted to, the relying partyobtains a certificate from the certification service provider (includingthrough the signatory or otherwise), which confirms the digital signature onthe signatory’s message. The certificate contains the public key and name ofthe signatory (and possibly additional information), digitally signed by thecertification service provider.
ESSENTIAL STEPS OF THE DIGITAL SIGNATURE
PROCESS
SECTION 4- LEGAL RECOGNITION OF
ELECTRONIC RECORDS
16
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
If any information is required in printed or written
form under any law the Information provided in
electronic form, which is accessible so as to be usable
for subsequent use, shall be deemed to satisfy the
requirement of presenting the document in writing or
printed form.
SECTIONS 5, 6 & 7
17
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
Legal recognition of Digital Signatures
Use of Electronic Records in Government & ItsAgencies
Publications of rules and regulations in the
Electronic Gazette.
Retention of Electronic Records
Accessibility of information, same format, particularsof dispatch, origin, destination, time stamp ,etc
CONTROLLING & CERTIFYING
AUTHORITIES [CAS]
18
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
The Central Government may appoint a Controller of CertifyingAuthority who shall exercise supervision over the activities ofCertifying Authorities.
Certifying Authority means a person who has beengranted a license to issue a Digital Signature Certificate.The Controller of Certifying Authority shall have powers to laydown rules, regulations, duties, responsibilities and functions ofthe Certifying Authority issuing Digital Signature Certificates.The Certifying Authority empowered to issue a DigitalSignature Certificate shall have to procure a license from theController of Certifying Authority to issue Digital SignatureCertificates. The Controller of Certifying Authority hasprescribed detailed rules and regulations in the Act, as to theapplication for license, suspension of license and procedure forgrant or rejection of license.
19
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
Crime against property
Crime against Government
Crime against persons
Cyber terrorism
Cyber pornography
Sale of illegal articles-narcotics,
weapons, wildlife
Online gambling
Intellectual Property crimes-
software piracy, copyright
infringement, trademarks
violations, theft of computer source
code
Email spoofing
Credit card frauds
TYPES OF CYBER CRIMES
TYPES OF CYBER CRIMES
20
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
Cyber crimes
HackingInformation
Theft
bombing
Salami
attacks
Denial of
Service
attacks
Trojan
attacks
Web jacking
Common scenarios in Cyber Crime
Unauthorized access: This occurs when a user/hacker deliberately gets
access into someone else’s network either to monitor or data destruction
purposes
Denial of service attack: It involves sending of disproportionate demands
or data to the victims server beyond the limit that the server is capable to
handle and hence causes the server to crash
Virus, Worms and Trojan attacks: Viruses are basically programs that are
attached to a file which then gets circulated to other files and gradually to
other computers in the network. Worms unlike Viruses do not need a host
for attachments they make copies of themselves and do this repeatedly
hence eating up all the memory of the computer. Trojans are unauthorized
programs which functions from inside what seems to be an authorized
program, thereby concealing what it is actually doing.21
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
Email Bombing It refers to sending a large number of emails
to the victim resulting in the victim's email account (in case of an
individual) or mail servers (in case of a company or an email
service provider) crashing
Internet Time Thefts This connotes the usage by an
unauthorized person of the Internet hours paid for by another.
Web Jacking This occurs when someone forcefully takes control of a
website (by cracking the password and later changing it). The actual owner
of the website does not have any more control over what appears on that
website
Theft and Physical damage of computer or its peripherals This type of
offence involves the theft of a computer, some parts of a computer or a
peripheral attached to the computer. and physically damaging a computer
or its peripherals22
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
Software and Hardware Issues: The growth of Cyber crime as given rise to
numerous Forensic software vendors. The challenge being to choose among them and
no single forensic tool solves the entire case, there are loads of third party tools
available. But when it comes to Mobile forensics it is a challenge to decide the
compatibility of different phones and which h/w to rely on..
Recently China has been manufacturing mobile phones that have cloned IME
numbers which is a current challenge faced in Mobile forensics.
Information sharing: Information sharing is a best practice and can be accomplished
by a variety of means such as interacting with industry groups, attending briefings,
meetings, seminars and conferences, and working actively with forensic bodies.
23
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
Global Issues: Most of the IP addresses retrieved during investigation leads to servers or
computers located abroad which have no identity, hence further investigations are blocked
and closed. Correspondence with bodies such as Google, Yahoo, Hotmail is quite time
consuming and prolong the investigations.
Wireless or Wi-Fi, Bluetooth, Infrared Issues: Latest wireless technologies which
provide internet connections causes exploitation especially when it is not secured. This is
the present technology terrorists and radical activists exploit. This is another vulnerability
that law enforcement faces.
24
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
25
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
SECTION 65: SOURCE CODE
Most important asset of software companies
“Computer Source Code" means the listing of programmes, computer commands, design and layout
Ingredients
Knowledge or intention
Concealment, destruction, alteration
computer source code required to be kept or maintained by law
Punishment
imprisonment up to three years and / or
fine up to Rs. 2 lakh
Section 66: Hacking
• Ingredients– Intention or Knowledge to cause wrongful loss
or damage to the public or any person
– Destruction, deletion, alteration, diminishingvalue or utility or injuriously affectinginformation residing in a computer resource
• Punishment– imprisonment up to three years, and / or
– fine up to Rs. 2 lakh
26
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
SEC. 67. PORNOGRAPHY
Ingredients Publishing or transmitting or causing to be published
in the electronic form,
Obscene material
Punishment On first conviction
imprisonment of either description up to five years and
fine up to Rs. 1 lakh
On subsequent conviction
imprisonment of either description up to ten years and
fine up to Rs. 2 lakh
Section covers Internet Service Providers,
Search engines,
Pornographic websites
27
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
SEC 69: DECRYPTION OF
INFORMATION Ingredients
Controller issues order to Government agency to
intercept any information transmitted through
any computer resource.
Order is issued in the interest of the
sovereignty or integrity of India,
the security of the State,
friendly relations with foreign States,
public order or
preventing incitement for commission of a
cognizable offence
Person in charge of the computer resource fails to
extend all facilities and technical assistance to
decrypt the information-punishment up to 7 years.
28
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
SEC 70 PROTECTED SYSTEM
Ingredients Securing unauthorised access or attempting to
secure unauthorised access
to „protected system‟
Acts covered by this section: Using installed software / hardware
Installing software / hardware
Punishment Imprisonment up to 10 years and fine
29
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
Sending threatening messages by
emailSec 503 IPC
Sending defamatory messages
by email
Sec 499, 500 IPC
Forgery of electronic records Sec 463, 470, 471
IPC
Bogus websites, cyber frauds Sec 420 IPC
Email spoofing Sec 416, 417, 463
IPC
Online sale of Drugs NDPS Act
Web - Jacking Sec. 383 IPC
Online sale of Arms Arms Act
Computer Related Crimes under IPC
and Special Laws
30Dr. M.K.SHARMA & ASHISH
KANJARIA - KNVIBM
CYBER STALKING
Ritu Kohli (first lady to register the cyber stalking
case) is a victim of cyber-stalking. A friend of her
husband gave her phone number and name on a
chat site for immoral purposes. A computer expert,
Kohli was able to trace the reason. Now, the latter
is being tried for "outraging the reserve of a
woman", under Section 509 of IPC.
31
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
EMAIL SPOOFING:
Pranab Mitra , former executive of Gujarat AmbujaCement posed as a woman, Rita Basu, and created afake e-mail ID through which he contacted one V.R.Ninawe an Abu Dhabi businessmen . After longcyber relationship and emotional massages Mitrasent an e-mail that „„she would commit suicide‟‟ ifNinawe ended the relationship. He also gave him„„another friend Ruchira Sengupta‟s‟‟ e-mail IDwhich was in fact his second bogus address. WhenNinawe mailed at the other ID he was shocked tolearn that Mitra had died and police is searchingNinawe. Mitra extorted few lacs Rupees as advocatefees etc. Mitra even sent e-mails as high court andpolice officials to obtain under force more money.Ninawe finally came down to Mumbai to file apolicecase.
32
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
ONLINE GAMBLING: VIRTUAL CASINOS,
CASES OF MONEY LAUNDERING
Cyber case: In Andhra Pradesh one Kola Mohan
created a website and an email address on the
Internet with the address '[email protected].'
which shows his own name as receiver of 12.5 million
pound in Euro lottery. After getting confirmation with
the email address a telgu newspaper published this
as news.
He gathered huge sums from the public as well as
from some banks. The fraud came to light only when
a cheque amounting Rs 1.73 million discounted by
him with Andhra bank got dishonored. 33
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
34
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
The salient features of the Information Technology Act, 2000 are as follows:—
(i) Extends to the whole of India (Section 1)
(ii) Authentication of electronic records (Section 3)
(iii) Legal Framework for affixing Digital signature by use of asymmetric crypto system and hash function (Section 3)
(iv) Legal recognition of electronic records (Section 4)
(v) Legal recognition of digital signatures (Section 5)
(vi) Retention of electronic record (Section 7)
(vii) Publication of Official Gazette in electronic form (Section 8)
(viii) Security procedure for electronic records and digital signature (Sections 14, 15, 16)
(ix) Licensing and Regulation of Certifying authorities for issuing digital signature certificates (Sections 17-42)
Functions of Controller (Section 18)
SALIENT FEATURES OF THE ACT
35
Dr. M
.K.S
HA
RM
A &
AS
HIS
H K
AN
JA
RIA
-
KN
VIB
M
(xi) Appointment of Certifying Authorities and Controller of Certifying Authorities, including recognition of foreign Certifying Authorities (Section 19)
(xii) Controller to act as repository of all digital signature certificates (Section 20)
(xiii) Data Protection (Sections 43 & 66)
(xiv) Various types of computer crimes defined and stringent penalties provided under the Act (Section 43 and Sections 66, 67, 72)
(xv) Appointment of Adjudicating officer for holding inquiries under the Act (Sections 46 & 47)
(xvi) Establishment of Cyber Appellate Tribunal under the Act (Sections 48-56)
(xvii) Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court (Section 57)
(xviii) Appeal from order of Cyber Appellate Tribunal to High Court (Section 62)
(xix) Interception of information from computer to computer (Section 69)
(xx) Protection System (Section 70)
(xxi) Act to apply for offences or contraventions committed outside India (Section 75)
(xxii) Investigation of computer crimes to be investigated by officer at the DSP (Deputy Superintendent of Police) level
(xxiii) Network service providers not to be liable in certain cases (Section 79)
(xxiv) Power of police officers and other officers to enter into any public place and search and arrest without warrant (Section 80)
(xxv) Offences by the Companies (Section 85)
(xxvi) Constitution of Cyber Regulations Advisory Committee who will advice the Central Government and Controller (Section 88)
Cont…………..