legal strategies for a robust i.t. infrastructure · • negotiable instruments, for example, ......
TRANSCRIPT
Legal Strategies For a Robust I.T.Infrastructure
Dr.V.K.Unni
1
DIGITAL LAWS
Signatures and the Law: In the realm of law signature serves the following general purposes:
• Evidence: A signature authenticates a writing by identifying the signer with the signed document. When the signer makes a mark in a distinctive manner, the writing becomes attributable to the signerwriting becomes attributable to the signer
• Approval: In certain contexts defined by law or custom, a signature expresses the signer's approval or authorization of the writing, or the signer's intention that it have legal effect
2
DIGITAL LAWS
• Efficiency and logistics: A signature on a written document often imparts a sense of clarity and finality to the transaction and may lessen the subsequent need to inquire beyond the face of a document
• Negotiable instruments, for example, rely upon formal requirements, including a signature, for their ability to requirements, including a signature, for their ability to change hands with ease, rapidity, and minimal interruption
• The formal requirements for legal transactions, including the need for signatures, vary in different legal systems, and also vary with the passage of time.
3
DIGITAL LAWS
• Most legal systems have reduced formal requirements or are trying to minimise the consequences of failure to satisfy formal requirements.
• However sound practice even today calls for transactions to be formalised in a manner which assures the parties of their validity and enforceability.the parties of their validity and enforceability.
• In current practice, formalisation usually involves documenting the transaction on paper and signing or authenticating the paper
4
DIGITAL LAWS
• Although the fundamental nature of transactions has not changed, the law has slowly started towards adjusting to advances in technology.
• Presently we can see that in many instances, the information exchanged to effect a transaction never information exchanged to effect a transaction never takes the paper form.
• Computer-based information is presently acting as a substitute or addition to its paper counterpart.
• Thus even in the electronic world there is the need for some form of authentication
5
DIGITAL LAWS
Thus a reliable signature in the electronic world should have the following features
• Signer authentication: A signature should indicate who signed a document, message or record.
• Document authentication: A signature should identify • Document authentication: A signature should identify what is signed, making it impracticable to falsify or alter either the signed matter or the signature without detection
6
DIGITAL LAWS
Electronic Signature – Digital signature
What is an electronic signature ???
• The phrase "electronic signature" covers any type of digital marking used by a party to authenticate a record. record.
• It is a broad term and could include digitized images of paper signatures, electronic mail headers or footers, a digitized hologram, a name on an e-mail, a digital signature system using public key infrastructure,
7
DIGITAL LAWS
• A click through procedure (the kinds that are seen when one signs up for a new e-mail account or while installing a software) or any process that seeks to authenticate an electronic record and is transmitted or stored electronically can be an electronic signature
• It has to be borne in mind that all electronic signatures • It has to be borne in mind that all electronic signatures can’t replicate the main functions of a hand written signature, namely, authentication, non-repudiation and data integrity.
• Presently only digital signatures, a sub-set of electronic signatures, give such functionality
8
DIGITAL LAWS
• Thus it is clear that electronic signatures have no way of verifying whether a document has been altered since the time that it was signed.
• To be simple "electronic signature" technology, excluding digital signatures, can’t provide any kind of signer or document authenticationsigner or document authentication
• Thus electronic signature includes all technologies for substituting hand written signatures in an electronic ambience e.g. a scanned signature
• Although a 'digital signature' is an 'electronic signature', the latter is a broader concept than the former
9
DIGITAL LAWS
• Digital signature is a name for technological applications using asymmetric cryptography, to make sure that the electronic messages are authentic and also to guarantee the integrity of the contents of these messages.
Then what is this cryptography ?Then what is this cryptography ?• Cryptography is the science of using mathematics to
encrypt and decrypt data. • Cryptography enables a person to store sensitive
information or transmit it across the Internet so that it cannot be read by anyone except the intended recipient.
10
DIGITAL LAWS
• Information that can be read and understood without employing any special measures is called plaintext or clear text.
• The method of disguising plain-text in such a way as to hide its substance is called encryption.
• Encrypting plaintext results in unreadable gibberish • Encrypting plaintext results in unreadable gibberish called cipher text.
• Encryption is used to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data.
• The process of reverting cipher text to its original plaintext is called decryption
11
DIGITAL LAWS
• In conventional cryptography popularly known as symmetric-key encryption, one key is used both for encryption and decryption.
Conventional encryption has certain benefits.
• It is really fast and specially useful for encrypting data • It is really fast and specially useful for encrypting data that is not being transmitted.
• So if a person wants to store information which no one should read without his authorization it would be a good idea to use conventional encryption
12
DIGITAL LAWS
• However it has a very important drawback when it comes to transmitting data because of the difficulty of key distribution.
• If a sender and receiver are in different physical locations, they must trust a courier or some other locations, they must trust a courier or some other secure communication medium to prevent the disclosure of the secret key during transmission.
• Anyone who overhears or intercepts the key in transit can read, modify, and forge all information encrypted or authenticated with that key
13
DIGITAL LAWS
• The problems of key distribution are solved by public key cryptography, a concept that was introduced in 1975.
• Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or which encrypts data, and a corresponding private, or secret key for decryption
• I can publish my public key to the world while keeping my private key secret.
• It is computationally infeasible to deduce the private key from the public key
14
DIGITAL LAWS
• A key is a value that works with a cryptographic algorithm to produce a specific cipher text.
• Keys are basically big numbers. the bigger the key, the more secure it is, but this is not the only determining factor
• While the public and private keys are mathematically • While the public and private keys are mathematically related, it is very difficult to derive the private key when only the public key is given
• This makes it very important to pick keys of the right size; large enough to be secure, but small enough to be applied fairly quickly
15
DIGITAL LAWS
Hash Functions
• The hash function ensures that, if the information is changed in any way-even by just one bit-an entirely different output value is produced
• These are the sample output values obtained using a • These are the sample output values obtained using a Standard Hash Algorithm called “NFAG”
A - 86f7e437jdo459asfd
ASCL - 9ba772dc8d88764h
Ascl - 5b7a25874223fec64
16
DIGITAL LAWS
• Thus it can be seen that by changing the input from ASCL to Ascl, an entirely different hash value is generated
Digital signature creation
• The signer first creates the message that he is • The signer first creates the message that he is desirous of digitally signing. (step 1)
• He then uses a hash function (say NFAG) to compute the hash result (also called message digest) of the message. (step 2)
17
DIGITAL LAWS
• He/she then uses his/her private key to digitally sign the message digest. (step 3)
• The signer then sends the original message and the digitally signed message digest to the receiver. (step 4)
• It should be noted that steps 2 and 3 are performed • It should be noted that steps 2 and 3 are performed by the digital signature software.
Digital signature verification • The receiver receives the original message and the
digitally signed message digest from the sender (step 1)
18
DIGITAL LAWS
• The receiver computes the message digest from the original message using the same hash function as used by the sender (NFAG in this case). Step 2
• He/she then compares the message digest computed by him to the message digest sent to him by the sender. If they are the same it implies that the message has not they are the same it implies that the message has not been altered Step 3
• The receiver then verifies whether the private key of the sender was actually used to sign the message digest. He does this using the public key of the sender. Step 4
• Here steps 2, 3 and 4 are performed by the digital signature software
19
DIGITAL LAWS
• Digital certificates, simplify the task of establishing whether a public key truly belongs to the purported owner.
• A digital certificate contains information included with a person's public key that helps others verify that a key is person's public key that helps others verify that a key is genuine or valid.
• Such digital signature certificates are issued by the Certifying Authorities (Sec 35, I.T. ACT 2000)
• However the Certifying Authority will issue a digital signature only if it is satisfied that
20
DIGITAL LAWS
• The applicant holds the private key corresponding to the public key listed in the digital signature certificate
• The said private key is capable of creating the digital signature
• The public key which is listed in the certificate can be • The public key which is listed in the certificate can be used to verify a digital signature created using the private key held by the applicant
• The subscriber’s public key and private key constitute a functioning key pair
21
DIGITAL LAWS
Again there are provisions given for revoking the digital signature this is generally done by the certifying authority if (Sec 38, IT Act 2000)
• Any material fact represented in the digital signature certificate is false or has been concealed
• The requirement of the issue of digital signature • The requirement of the issue of digital signature certificate was not fulfilled
• The private key was compromised in a manner materially affecting the digital signature’s reliability
• Subscriber is dead or insolvent, if it is a company the signature will be revoked when the company has been dissolved
22
DIGITAL LAWSDuties of Subscriber (bank)• When any Digital Signature Certificate, has been
accepted by a subscriber, then, the subscriber shallgenerate the key pair by applying the security procedure(Sec 40)
By accepting a Digital Signature Certificate the subscriberBy accepting a Digital Signature Certificate the subscribercertifies to all that-
• the subscriber holds the private key corresponding to thepublic key listed in the Digital Signature Certificate and isentitled to hold the same;
• all representations made by the subscriber to theCertifying Authority and all material relevant to theinformation contained in the Digital Signature Certificateare true, Sec 41 (2)
23
DIGITAL LAWS
Control of private key. (Sec 42 I.T ACT 2000)• Every subscriber shall take reasonable care to retain
control of the private key corresponding to the public key listed in his Digital Signature Certificate
• Furthermore it has to take all steps to prevent its disclosure to a person who is not authorised to affix the
• Furthermore it has to take all steps to prevent its disclosure to a person who is not authorised to affix the digital signature of the subscriber.
• This provision has considerable significance to the banker and here the banker while transacting business using digital signature has to make sure that the integrity of the private key is not compromised at any stage.
24
DIGITAL LAWS
• If the private key is compromised then, the subscriber will have to communicate the same without any delay to the Certifying Authority
• The subscriber will be liable for all losses till he has informed the Certifying Authority about the private key being compromisedbeing compromised
• Thus the Act stipulates strict liability on the part of the subscriber in properly safeguarding the private key and any lapse on the part of the subscriber has to be notified immediately to the certifying authority who can take prompt corrective action
25
DIGITAL LAWS
Penalties under the IT ACT 2000• It has to be noted that the Information Technology Act
2000, enumerates various acts for which a person will be liable to pay a compensation of up to Rs. 1 crore. (Sec 43)
These acts are classified under the followingThese acts are classified under the following• Unauthorized access to a computer Sec 43(a)• Unauthorized downloading or extraction of data,
Sec 43(b)• Unauthorized introduction of virus or contaminant
Sec 43(c)
26
DIGITAL LAWS
• Unauthorized damage to computer, Sec 43(d)
• Unauthorized disruption of computer, Sec 43(e)
• Unauthorized denial of access, Sec 43 (f)
• Assisting unauthorized access, Sec 43(g)
• Charging the services availed of by a person to the • Charging the services availed of by a person to the account of another person by tampering with or manipulating the computer system, Sec 43(h)
• These are the civil remedies provided by the IT Act for the normally occurring digital malpractices
27
DIGITAL LAWS
Unauthorized access to a computer Sec 43(a)
• This penalizes the unauthorized access into another person’s computer. Thus it becomes very important to know the meaning of the word access
• “Access” is defined in the IT Act as “…gaining entry into, • “Access” is defined in the IT Act as “…gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.”
• Interestingly the computer has been given a very wide interpretation under the Act. {Sec 2(1) (i)}
28
DIGITAL LAWS
• The Act defines a computer as any "electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses,
• The definition includes all input, output, processing, • The definition includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network
• Thus literally everything under the sun is covered and from the point of view of a banker an ATM is definitely covered
29
DIGITAL LAWS
• For e.g. If a bank's branch has 2 interconnected PCs, a scanner,web camera, printer and a modem. In such case the 2 computers, the printer, the scanner,web cam, the modem, the operating systems in the PCs and the software in the PCs, all CDs, floppies etc would all be construed as a “computer”construed as a “computer”
• Thus it becomes clear that the IT Act will cover almost all the devices and systems a bank will be using for its transactions
• Then what is unauthorized access ??
30
DIGITAL LAWS
The term unauthorized access can definitely cover the followings acts
1. Just switching on a computer
2. Using a software program installed on a computer
3. Installing a software on a computer3. Installing a software on a computer
4. Viewing the contents of a CD ROM or flash drive
5. Taking a computer printout
6. Accessing the Internet
31
DIGITAL LAWS
• This is not restricted to unauthorized access gained remotely through a network.
• It equally applies to unauthorized access made physically.
• Section 43(b) penalizes unauthorized • Section 43(b) penalizes unauthorized downloading, extraction and copying of data, computer database, or any information
• It extends to information or data held or stored in any removable storage medium like a floppy disk, hard disk, CD ROM, etc
32
DIGITAL LAWS
• To "copy" means making an imitation or to reproduce an exact replica of the original.
• To "extract" means to take out, deduce, derive or quote from any source
• Thus liability is imposed in many ways. This very commonly happens when a viewer of the website
• Thus liability is imposed in many ways. This very commonly happens when a viewer of the website downloads copyrighted material from the site and uses it without authorization from the owner.
• The second form of liability arises when a viewer only views the website but does not download any material from the site.
33
DIGITAL LAWS
• This is because whenever a viewer accesses a web page, a copy of the contents of the page are stored in the RAM of the machine.
• Thus a temporary copy is created in the RAM of the machine and strictly speaking merely by visiting the website a person has committed the act of copyingwebsite a person has committed the act of copying
• However no website owner would sue any body for just browsing its website, because most website owners actively solicit viewers to their sites for many reasons like promoting e-commerce or enlightening customers about their products and/or services.
34
DIGITAL LAWS
• Therefore, initiating any kind of action for web surfing seems unlikely, as any such action would be self-defeating
• However, this section mentions that unauthorized downloading or copying of "any data, computer data base or information" would attract liability under this base or information" would attract liability under this section.
• Logically this would cover the downloading or copying of information, which is in the public domain but only compiled, e.g. listings of telephone numbers etc would attract liability
35
DIGITAL LAWS
• As per Sec 43 (c) if any person introduces or causes to be introduced any computer contaminant or computer virus into any computer, he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affectedcrore rupees to the person so affected
• A computer contaminant is any set of computer instructions that are designed to modify, destroy, record or transmit any data or programme in a computer
36
DIGITAL LAWS
• Contaminants may also be designed to control the normal operation of the computer.
• A computer virus is a computer instruction that destroys, damages, degrades or adversely affects the performance of a computer or attaches itself to another computer resource and operates when a programme, computer resource and operates when a programme, data or instruction is executed
• Atleast from the point of view of the definition it becomes clear that the subsection tries to distinguish between computer contaminants like worms/ Trojans and computer viruses
37
DIGITAL LAWS
Then what is the difference between a computer worm and a virus ?
• A computer virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels.
• Just like the viruses that affect humans, computer • Just like the viruses that affect humans, computer viruses can range in severity; some viruses cause only mildly annoying effects while others can cripple the entire network.
• Although the virus may exist on a computer but it cannot infect the computer unless the person runs or opens the malicious program
38
DIGITAL LAWS
• Worms are programs that replicate themselves from system to system without the use of a host file.
• This is in contrast to viruses, which requires the spreading of an infected host file.
• The entire document will travel from computer to computer, so the entire document should be considered
• The entire document will travel from computer to computer, so the entire document should be considered the worm
• For e.g. a worm can send a copy of itself to everyone listed in an e-mail book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line.
39
DIGITAL LAWS
• Due to the copying nature of a worm and its ability to travel across networks the end result in most cases is that the worm consumes too much system resources and network bandwidth.
• Trojan Horse is true to its name and is a perfect successor of the mythological Trojan Horse.successor of the mythological Trojan Horse.
• The Trojan Horse, at first glance will appear to be useful software but it will actually do damage once installed or run on a computer.
• Trojans gives malicious users access to the system, possibly allowing confidential or personal information to be compromised.
40
DIGITAL LAWS
Whether a cookie is a computer contaminant ??
• Cookies are messages that a Web server transmits to a Web browser so that the Web server can keep track of the user's activity on a specific Web site
• The message that the Web server conveys to the • The message that the Web server conveys to the browser is entered into the memory of the browser.
• The browser in turn stores the cookie information on the hard drive, thus even if the browser is closed and reopened at a later date the cookie information is still available
41
DIGITAL LAWS
• Cookies were originally developed as a simple mechanism to help make it easier for users to access their favorite websites without having to go through a lengthy process of identifying themselves on every visit.
• But presently this is used to actually track movements across the Web. across the Web.
• This is done by secretly planting cookies and then retrieving them in such a way that allows building detailed profiles of the users interests, spending habits and lifestyle.
42
DIGITAL LAWS
• Cookies do not act maliciously on computer systems. They are merely text files that can be deleted at any time
• The IT Act is not clear whether a cookie can be treated as a computer contaminant or not
• However planting of a cookie may incur liability under • However planting of a cookie may incur liability under section 43(c) if the given questions are answered :
1. Whether a cookie is put in the computer of a person without his permission ?
2. Whether a cookie is a set of computer instructions?3. Whether a cookie modifies the data residing on the
computer of the surfer ?
43
DIGITAL LAWS
• With respect to consent of the surfer, most surfers are unaware of the fact that the websites they visit are dumping cookies on to their machine
• However if a surfer has set his web-browser to ask before accepting cookies, then obviously the person is permitting it and there is consent on the part of the surferpermitting it and there is consent on the part of the surfer
• Coming to the second question to set a cookie, certain instructions have to be included in an HTML file specifying necessary details.
• Thus it can be safely said that a cookie is a set of computer instructions
44
DIGITAL LAWS
• Thirdly on the question whether cookie, can modify the data residing on the computer of the surfer, it can be seen that a cookie can contain up to 4000 text characters and is stored in the computer of the Internet surfer. surfer.
• Thus a cookie adds some data to the data already stored on the computer.
• Whether this "addition" of data amounts to "modification" of data has to be determined by the courts
45
DIGITAL LAWS
Unauthorized damage to computer Sec 43 (d)• Section 43(d) deals with the penalty for damaging a
computer. • Damage means to destroy, alter, delete, add, modify or
rearrange any computer resource by any means, e.g., deleting the information contained in a PDF file, rearrange any computer resource by any means, e.g., deleting the information contained in a PDF file, changing an image from the jpg format to some other format etc.
• Section 43(c) imposes liability upon a person for introducing a virus or other contaminant. If the virus introduced causes damage e.g., deletes data, an additional liability under Section 43(d) is attracted
46
DIGITAL LAWS
• Section 43(e) deals with unauthorized disruption of computers
• Since the word disruption is not defined under the Act, it can be assumed the word disruption means preventing the normal continuance of the functioning of any computercomputer
• Shutting down of the server in a network undoubtedly will amount to disruption of the functioning of the network.
• Such disruption may be done physically or electronically by releasing a virus into the network
47
DIGITAL LAWS
• In many cases the liability can be cumulative according to the effect caused by a virus
ILLUSTRATION• If a person causes unauthorized transmission of a virus,
he is liable under Sec 43(c), he is liable under Sec 43(c), • Again if such virus damages the computer of the person
which it infects, then additional liability under Sec 43(d) is imposed
• Furthermore if such virus causes disruption of the computer which it infects, Sec 43(e) is also attracted apart from the other 2 subsections
48
DIGITAL LAWS
• Sec 43(f) deals with the unauthorized denial of access to any person who is authorized to access any computer
• Again this provision is of significance to the banker• A common case of a denial of access attack is when a
web server is bombarded by millions of requests leading to its crash, these kinds of attacks also clog networks web server is bombarded by millions of requests leading to its crash, these kinds of attacks also clog networks and hamper traffic, thereby causing denial of access
• Any one who physically or in other ways prevents another person from accessing a computer system, which the latter person is entitled to access, will be liable under sec 43(f)
49
DIGITAL LAWS
• Sec 43(g) penalizes the act of giving assistance for unauthorized access to a computer.
• Here penalty is prescribed for providing any assistance to facilitate access to a computer in contravention of the provisions of the Act
This section can be draconian in the sense that it can cover This section can be draconian in the sense that it can cover various activities/websites like
Websites providing information on how to obtain unauthorized access e.g. ethicalhacking.com.
Websites providing software / tools used to obtain unauthorized access AntiCode.com
50
DIGITAL LAWS
• Search engines providing links to websites mentioned above e.g. Google.com, Yahoo.com etc.
• Employees who deliberately create vulnerabilities in their employer’s computers to enable unauthorized access.
• Employees intentionally making the security measures in their employer’s computers ineffective
• Employees intentionally making the security measures in their employer’s computers ineffective
• Section 43(h) relates to manipulating or tampering of a computer for financial benefit
• The term, ‘manipulate’, means, “to turn to one’s own purpose or advantage”.
51
DIGITAL LAWS
• The term ‘tampering’ in the context of sec 43(h) means, “meddling or interfering with a computer to misuse or alter it”
• Logically this will include “altering a computer for an improper purpose or in an improper way”
• As the Internet becomes an integral part of our day to • As the Internet becomes an integral part of our day to day transactions, authentication and identification of a party to the transaction become very significant.
• As we all know and have experienced, the principal means of authentication and identification are being achieved using a password or PIN based authentication system.
52
DIGITAL LAWS
• The flip side is that the very nature of these kinds of authentication systems facilitates impersonation, infact impersonation is much easier to accomplish in a digital environment than in a physical environment
• Thus, credit card thefts and Internet time thefts are becoming increasingly common in today’s networked becoming increasingly common in today’s networked world, which this sub section seeks to penalize
Failure to furnish information (Sec 44)• Sec 44 prescribes penalties for failure to furnish any
information or documents required under the Act or its allied rules. (penalty up to Rs 1.5 lakhs)
53
DIGITAL LAWS
Criminal Remedies • Sec 65 to 74 of the IT Act 2000 contain provisions
relating to various cyber crimes. The maximum imprisonment provided for by the IT Act extends to 10 years
• Sec 65 of the Act deals with the punishment for • Sec 65 of the Act deals with the punishment for tampering with computer source documents. Whoever knowingly or intentionally conceals, destroys
or alters …. any computer source code used for a computer…shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both
54
DIGITAL LAWS
• Conceal means to hide or keep secret.
• Thus changing the directory where the files are stored so that they cannot easily be found by the authorized persons, hiding the CD ROM in which the source code files are stored etc will come under the definition of files are stored etc will come under the definition of concealing
• Destroy means to demolish or reduce to nothing. This covers acts that render the source code useless for the purpose for which they had been designed.
55
DIGITAL LAWS
• Alter means to change in characteristics or position. In the context of source code this would include changing the nature and characteristics of a file
• Offences u/s 65 can be tried by a magistrate and are punishable with imprisonment up to 3 years and / or fine punishable with imprisonment up to 3 years and / or fine up to Rs 2 lakh
• Sec.66 defines the offence of hacking, Hacking is commonly understood to cover the unauthorized access of computer systems and networks
• Thus hacking should have the following ingredients
56
DIGITAL LAWS
• Firstly, there must be either
an intention to cause wrongful loss or damage to any person, or knowledge that wrongful loss or damage will be caused to any personto any person
• Secondly the information residing in a computer resource must be either destroyed or deleted or alteredor diminished in value/utility or affected injuriously
57
DIGITAL LAWS
• Although the Act has not defined the term "destroy”, generally it means demolish or reduce to nothing.
• In other words, destroying information means render the information useless for the purpose for which it had been created.
• Since information in a computer resource is contained in • Since information in a computer resource is contained in files (e.g. document files, html files etc) either one of the following act will constitute hacking
• Changing the contents of the file so as to make the file useless for the purpose that it was initially serving.
• Nullifying the contents of the file by removing all the information contained in the file
58
DIGITAL LAWS
• Delete means to "make no longer effective by crossing out or obliterating or removing".
• In the context of information in a computer, this would mean removing a file
• Alter means to change in characteristics or position. • Alter means to change in characteristics or position. • With respect to information in a computer this includes
changing the location of a file from one folder/directory to another.
• It may also include changing the nature and characteristics of a file, e.g. making a document file into an HTML/ PDF file or removing the security options of a file.
59
DIGITAL LAWS
Diminished in value or utility• This has considerable impact upon the confidentiality of
a document• E.g. If any question paper is saved in a computer and if
anybody accesses the said document, then the value of the information is completely lost, this will make then anybody accesses the said document, then the value of the information is completely lost, this will make then party liable under this provision
Affected injuriouslyE.g. When a Word document is converted to PDF Format
some of the formatting features may be lost since they are not supported in the PDF format.
60
DIGITAL LAWS
• In such cases it can be said that the information contained in the Word document is has been affected injuriously.
• If anybody changes the document from one format to another with the intention of injuriously affecting the original file, then he will be liable under the Sec 66 of the original file, then he will be liable under the Sec 66 of the IT Act 2000
• Thus hacking under the IT Act is so wide that various cyber crimes would be coming under its ambit.
• Punishment for hacking can be imprisonment up to 3 years and / or fine up to Rs 2 lakh as a punishment Sec 66(2)
61
DIGITAL LAWS
Recent amendments to the IT Act 2000• Initially the IT Act was not applicable to negotiable
instruments• But in 2002 an amendment has been made to the I.T. Act
by which the IT Act has been made applicable to 2 types of cheques, i.e. electronic cheques and truncated by which the IT Act has been made applicable to 2 types of cheques, i.e. electronic cheques and truncated cheques.
• But even today the IT Act is not applicable to other negotiable instruments
• Thus an electronic cheque is a cheque in the electronic form, which contains the exact mirror image of a paper cheque and is signed using a digital signature
62
DIGITAL LAWS
Truncated Cheque• In the case of truncation of cheques, they will be
scanned and the electronic image will be transmitted to the paying bank
• Under the provision of the Negotiable Instruments Act, in normal course a cheque must be presented for payment
• Under the provision of the Negotiable Instruments Act, in normal course a cheque must be presented for payment to the collecting banker, who will send it to through the clearing house to the paying banker
• Thus after the amendment, presentation of an electronic image of a truncated cheque will amount to presentation of the cheque as per the N.I Act
63
DIGITAL LAWS
Benefits of truncation• Cheques are truncated for the purpose of avoiding
physical movement of paper instruments so as to ensure faster clearance of instruments and reduction in the cost of processing
• However in case of any suspicion, the paying bank can • However in case of any suspicion, the paying bank can demand further information regarding a truncated cheque
• Only in case of any suspicion of any fraud, forgery, tampering of cheque the paying bank is entitled to demand the presentation of the said cheque for verification
64
DIGITAL LAWS
• Thus the custody of the truncated cheque is with the collecting bank
• It shall be the duty of the bank or clearing house which truncates the cheque to ensure the correctness of the electronic image of the truncated cheque, while scanning electronic image of the truncated cheque, while scanning or transmitting the image
• Any bank which receives the cheque has a duty to verify from the party who transmitted the image to it, that the image so transmitted to it and received by it is exactly the same
65
DIGITAL LAWS
Evolution of E-money• Public-key cryptography and digital signatures make e-
money possible• Banks and customers use their keys to encrypt and sign
blocks of digital data that represent money orders.blocks of digital data that represent money orders.• A bank signs pay orders using its private key and
customers pay and merchants verify the signed money orders using the bank's widely published public key.
• Customers sign deposits and withdraws using their private key and the bank uses the customer's public key to verify the signed withdraws and deposits.
66
DIGITAL LAWS
• Data security mechanisms, in particular the use of encryption, lie at the heart of the development of such E-money products.
• The widespread adoption of such payment techniques will depend on the degree to which banks are able to provide adequate assurances to customers and provide adequate assurances to customers and regulators about the strength of such security.
• Legal recognition of such techniques will go a long way towards addressing such concerns and undoubtedly our IT Act 2000 is a step towards that direction
67
DIGITAL LAWS
Virtual Banking• This means and includes the types of banking and allied
services, through extensive use of information technology, here in most cases the customer need not even visit his bank
• This concept originated in the 1970’s when ATM’s were • This concept originated in the 1970’s when ATM’s were introduced, later on various technological innovations like Internet, mobile phones etc have revolutionized the concept of banking
• Virtual banking includes various types of banking and financial services like, ATMs, net banking, credit cards, debit cards etc
68
DIGITAL LAWS
Advantages are
• It has lower cost of handling through a virtual resource when compared to the cost of handling a transaction through a branch
• Speed of the transactions is increased manifold, thus the • Speed of the transactions is increased manifold, thus the system will be able to service more customers and this can maximize the profits
• With the efficient use of right technology, the quality of services can be improved, furthermore there is always the convenience of round the clock access
69