The Information Technology Act

The training applied science stand forWhen Internet was developed, at that push through was simply all(prenominal) inclination that Internet could trans digit itself into an all pervading revolution which could be mis partd for criminal activities and which required regulation.Today, there argon more impress things happening in cyberspace. Due to the anonymous nature of the Internet, it is possible to restrain into a variety of criminal activities in cyberspace. totally existing jurisprudences had to be amended to suit the latest developments.Since other(a) integritys send away non trade cyber legislations completely, the need was matte to introduce cyber uprightness as a separate discipline. Reasonable earnest Measures must be pick proscribed while handling, storing, processing Sensitive in the flesh(predicate) cultivation and info. This paper examines the various aspects of Cyber Legal System.Key members- Cyber Crimes, Cyber Crime Investigation, Cyber Fore nsics, Cyber Space, Cyber Law, data Protection, digital Signatures, E-Contracts, Intellectual retention rights, IT chipINTRODUCTIONThe growth of learning engineering science has habituated rise to a new society named Cyber gild. Computers and allied engineering science is apply as a basal animate cosmos in Communication, Storage, and Control. Cyber Society includes Cyber Space which is no different from physical space in tangible society. In orderion and Communications technology popularly known as ICT is considered as an integration of computing devices, softw atomic number 18, storage, visual governances, tele chats that enables a user to access, store, transmit and handle teaching.To asseverate harmony and co-existence in Cyber Space, a need was felt for a sancti angiotensin converting enzymed regime which we call as Cyber Law. In simple words, Cyber Law is the law governing and regulating cyber space. Cyber Laws impact every aspect of Cyber Society be it Edu cation, Entertainment, Business etc and atomic number 18 considered as basic laws of Cyber Space.INFORMATION TECHNOLOGY processIndian Cyber Law comprises mainly of Information Technology Act. The Information Technology Act was enacted in the year 2000 and came into force since thus. IT Act 2000 is non a penal statute. The Act is intended to promote e-governance of which an essential part is e-commerce. totally cyber nuisances do not come under the ambit of IT Act m any crimes atomic number 18 cover under IPC.The objective of IT Act 2000 is to provide intelligent recognition to electronic records and trans actions carried out by modal value of electronic selective culture interchange.CYBER law-breakingSCyber Crimes require no special introduction. In this randomness technology era, data processors and technology atomic number 18 used in every phase be it Business, Education, Governance, Communication, Booking of Rail, Air, Cinema Tickets to name a few. Crimes committe d in the Cyber universe be Cyber Crimes.In general, cyber crimes potty be explained as crimes committed by using a computing device either as a tool or a target or somemultiplication two. on that point be a variety of Cyber Crimes including Unauthorized Access, Tampering Computer Source Code, electronic Documents, Forgery, Virus, Trojans, Online Defamation, Cyber Trespass, Stalking, Email Harassments, and Lottery Scams etc. New types of crimes are evolving day by day.Information Technology Act 2000 discusses certain types of Cyber Offences and provides civilised and crook Remedies thereon. The penalty is as well as provided under Information Technology Act 2000, Indian penal Code, Criminal Law, and Banking Law etc. in that respectfore, any crime committed on the Cyber Space or by use of Cyber tools is punishable under Indian Law. These Laws are also applicable for persons residing outside India provided any figurer, estimator network, electronic computer resource in In dia is used to commit a crime.E-CONTRACTS digital SIGNATURESA contract is considered as a advert element in business. All agreements obligateable in a mash of law only are called contracts. The ICT has given a new medium to transact business which is the electronic medium. A new form of business called e-business has become popular straight off which led to a revolution in commerce by way of e-commerce.With the rise in e-commerce, e-business, the business essentials also turned electronic. This has bought in a revived approach to paper ground contracts by introducing e-contracts or online contracts. Information Technology Act has provided legal recognition to all e-contracts. The Act has ripe a unique form of authentication by way of e-authentication which includes digital and electronic signatures.An Electronic entry to be legally valid has to be affixed with digital/ electronic signature. The digital signature is needed to use a PKI (public fall upon infrastructure) auth entication mechanism. Digital Signature forms an important fixings of E-contracts and a streamer one way hash algorithm is adopted for checking the data integrity.In simple words, there is a public key which in the public domain and there is a private key which is known only to the private user, only if both the keys correspond the document is validated. The government has licensing authorities called CAs (Certifying Authorities) who would be responsible for issuing a standard key generation systems to the public. A digital certificate would be issued based on application and certain ap mountd procedures. At present there are four agencies established for this take including NIC, IDRBT and two private agencies equal TCS, Safe Scrypt.IT Act 2000 has also provided a clarification as to ascertain the time and place of an electronic document when it is transmitted from one place to other. Any electronic document including a webpage, e-mail or any computer generated document can be held a take inst the originator for legal office under the ambit of this law.Any automatic system which is either a hardware or software ilk programs, servers, routers can be considered as an Agent of the owner and any action taken by much(prenominal) a system may be legally held to be an action taken by the owner himself.DIGITAL RIGHTSFreedom of Speech and practiced to loneliness are considered as certain rights which all the Citizens enjoy in the nation. Correspondingly, these rights also exist in the digital field. Just as exemption of speech is guaranteed by the Constitution of India, the same also extends to Online Speech or Cyber Speech that might include expression on a website, rights of regulators to modify the freedom in the interest of sovereignty and integrity of the country, maintaining friendly dealing with its neighbors as well as to retain harmony and peace in the society.The Information Technology Act provides that the Controller of Certifying Authorities can indian lodge decryption of any learning and failing to co-operate with the concerned authority could go forth to imprisonment. In addition, under POTA (Pr typesetters subject areaion of Terrorism Act), the appropriate authorities can block communication including emails under authorize procedures without the association of the user of the email.Likewise, an investigating police force officer has certain rights to not only intercept and monitor communication still also provide requisition support of the Network executive director for the purpose under Criminal Law read along with Information Technology Act.Right to privacy is a face-to-face right that is guaranteed by the Constitution of India. In the world, whenever a person visits a website or sends out an e-mail his digital identities are being recorded by some(prenominal) systems. Additionally, users share their ain culture for varied reasons to different websites. This information is covered under the privacy r ights of a user.INTELLECTUAL PROPERTYThere exists digital property in cyber world as like the real property in real world. The digital property is also known as Intellectual Property. It is an intangible asset and a vital element in the e-business. It comprises of Copyright, Patent, mint Mark, Trade Secret, scene of action yell, Semi Conductors and Industrial Layouts, Designs.Domain Name is a crucial digital property which a website owner possesses. There is a contractual arrangement between the Domain Name Registrant and Domain Name Registrar. Domain Name registrars are those who are authorized for the purpose by ICANN (Internet Corporation for Assigned Names and Numbers) and the law respectfulnessing domain label is governed indirectly by the policies of the ICANN.Laws relating to domain names is associated and linked closely to Trade Mark Law. Generally, the person holding a trademark right can claim priority to possess a corresponding domain name. core is another cyber pro perty that postulate to be considered. Content either inside a file or on a website confers a right of first publication to the original author. The holder of copyright can assign or authorize the copyright for a price or allow it to be freely used by the public. Infringement, Punishments, Remedies are provided under the Copyright Law.Copyright in cyber world has some grey areas mainly due to a harsh interpretation of Copyright law as applicable to the Meta Society would build up Caching, Proxy Server Setting, Meta Tags setting, Caching by a search engine, Hyper linking, Framing, File manduction etc as possible copyright infringements.Another area where digital property can be recognized is patents on Software and Web Utilities. These are encompassed under the Patent laws. A patent holder can enforce allowance of licensing fee or damages if a Patent system is used by another person without specific authorization.Patents in the cyber world are facing a dilemma especially in re gard to aspects of technology that are needed to keep the Internet going like Framing, Hyper Linking etc since they are claimed as patented products by the patent holders.DIGITAL certify curtilage is the element which probablises a case in a court of law. The licence in digital form is called Digital certify. This digital evidence may be found in computer hard disks, booth phones, iPods, pen drives, digital cameras, CDs, DVDs, floppies, computer networks, the Internet etc.In Civil Law, evidence is analyzed on the principle of PREPONDERANCE OF PROBABILITY. In Criminal Law, evidence is analyzed on the principle of BEYOND RESONABLE DOUBT.Digital Evidence is relatively difficult to destroy. Even if it is deleted, digital evidence can be recovered. When criminals attempt to destroy digital evidence, copies can remain in places they were not aware of.The Present Legal Scenario mandates two sets of quantum of evidence STRINGENT RELAXEDFACTORS OF DIGITAL EVIDENCE IDENTIFICATION PROCUREM ENT PRESERVATION ANALYSIS PRESENTATION IN A COURT OF LAWIf it can be proved that the fibril is not compromised and from the time the sample is taken a standard communications protocol was followed,the defence tries to demonstrate that there was a possibility of compromise in the train and proves that he is entitled for a benefit of doubt.(NDPS ACT ,FOOD ADULTERATION).The basic philosophy of understanding or chartering evidence is to know its authenticity. A document should be demonstrated or proved that it is the same document what is purports to be. The rhetorical skills, technology may be used to prove or demonstrate before a court of law. prick 65 B of the Indian Evidence Act 1872- a certificate confusable to subsection 3, 4 of Bankers Book Evidence Act.LOGIC BEHIND THE LAWIn a secure environment, if persons are to transact there should be a trusted authority. The authority would supervise things to check the integrity, attributions and to close out non- repudiation. If all these characteristics are given to any environment, the legal system of any country would accept it as legally admissible evidence.TRUSTED AUTHORITYThe certificate issued by a trusted authority there is a general aim to believe it to be true. There are many cases of manipulation of these certificates, but still much(prenominal) systems are not scrapped off.Eg Voter ID, PassportThere cannot be a 100% fool proof system. If it can be demonstrated before a court of law that the new technology is reasonably reliable which would indicate that if manipulated can be found out, then it is accepted by the court.The trusted authority is the certifying authority. It certifies the digital signature. There is an attribution or a presumption a corresponding amendment in the Evidence Act all these together make a presumption. All presumptions are rebuttable.The presumption shifts the onus or burden to the other party to prove the compromise. It applies to civil and criminal law. It is the p assport office of the digital world.CYBER CRIME probeIt is the Collection, Analysis, investigation of digital evidence, cyber trails. The various techniques of cyber crime investigation include forensic analysis of digital information -using forensic tools, use of sound forensic procedure to identify and detect evidence, examination of evidence, observation of proper handgrip of evidence, control procedures, documentation of procedures, findings to ensure admissibility in a court of law, planning of comprehensive written notes, reports.INCIDENT RESPONSEIt is considered as a pre-cursor to techniques of cyber crime investigation, forensic tools. Incident Response may be referred to as hairsplitting set of actions to handle any gage incident in a responsible, meaningful and timely manner.The goals of incident response include confirming whether an event has occurred, educating senior management, helping in detection or prevention of such incidents, minimizing disruption, facilitat ing criminal action against perpetrators.Various steps of incident response are detection of incidents, initial response, investigation of event, reporting, resolution, pre-incident preparation.CYBER FORENSICSIt is considered as the use of investigative, analytical techniques to identify, collect, examine, economize and present evidence or information which is charismatically stored or encoded. Cyber Forensics can be also defined as the scientific method of examining, analyzing data from computer storage media so that data can be used as evidence in courtThe goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it.Computer evidence is just like any other evidence in the sense that it must be authentic, accurate, complete, convincing to Juries, in conformity with common law and legislative rules.EXAMINER OF ELECTRONIC RECORDS air division 79 A o f IT Amended Act 2008 empowers the telephone exchange government to destine any department or agency of Central or disk operating system government as Examiner of Electronic Evidence.This agency leave behind consort a crucial role in providing expert opinion on electronic form of evidenceThe explanation to the Section has an inclusive comment of electronic form evidence that meaning any information of square value that is either stored or transmitted in electronic form and includes computer evidence, digital audio, digital boob tube, cell phones, digital fax machines.With the increase number of cybercrime cases it will become necessary to set up at least one Examiner of Electronic Evidence in apiece State.The CDAC cyber forensics lab in Trivandrum, CFSIL laboratory in Hyderabad are playing similar role at present in cybercrime. estimator- LEGAL DEFINITIONCOMPUTER is defined under Section 2(1)(i) of the IT Act as-Computer means any electronic magnetic, optical or other hig h-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network1ANALYSIS OF DEFINTIONThe dancingary computer has been defined in a very wide sense. Considering the definition, devices like micro-cook ovens, washing machines, scanners, printers, desktops, personal computers, mobile phones etc are considered as a computer under Information Technology Act.COMMUNICATION DEVICESimilarly the word communication devices inserted in the Information Technology Amended Act 2008 has been given an inclusive definition, taking into its coverage cell phones, personal digital helper or such other devices used to transmit any text, video etc like what was later being marketed as iPad or other similar devices on Wi-Fi and cellular models.CYBER SECURITYThere is a need to pretend a secure environment in cyber space and also prevent unauthorized access and misuse of computer system. In simple words, the gage of the cyber space can be called cyber trade protection. Cyber security measure is critical due to the dangers that threats in cyber world. It requires a global co-operation and effort from all stake holders.DEFINITIONThe term Cyber Security is for the first time given a legal definition under Indian Cyber Law. Cyber Security has been newly added in the IT Amended Act 2008, under Section 2 (nb) which is as under-Cyber Security means defend information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, readjustment or destruction. 2ANALYSIS OF DEFINTIONThe said definition provides security in monetary value of both, physical security to the devices and security to the information stor ed therein such devices.The preceding(prenominal) definition also provides protection for unauthorized access, use, disclosure, disruption, modification and destruction to both physical device and the information stored therein.All communication devices like phones, briskness phones and other devices used to communicate audio, video, image, text is covered under the ambit of the definition.DATA PROTECTION LEGAL REGIMEProcessing of data raises considerable issues on privacy, e-security, misuse of individual information and data. Personal data like identification cards, debit cards etc are normally routed via many countries.The Government of India recently notified the Reasonable security practices and procedures and sensitive personal data or Information Rules, 2011 (Rules) under Section 43A of the Information Technology Act, 2000 (ITA). These Rules fill been make effective from April 11, 2011.Section 43A of the ITA inter alia deals with protection of data in electronic medium1 by providing that when an carcass corporate is negligent in implementing and maintaining reasonable security practices and procedures in relation to any sensitive personal data or information which it possesses, deals or handles in a computer resource which it owns, controls or operates and such negligence causes wrongful loss or wrongful gain to any person, such entity shall be liable to pay damages by way of compensation to the person so affected.Section 43A applies to data or information in a computer resource.The Rules define Personal Information and Sensitive personal data or information to mean as followsPersonal Information means any information that relates to a born(p) person, which, either directly or indirectly, in combination with other information unattached or likely to be available with a be corporate, is capable of identifying such personSensitive personal data or information means such personal information which consists of information relating to-(i) countersi gn(ii)Financial information such as Bank narrative or credit card or debit card or other payment instrument details(iii) Physical, physiological and mental health condition(iv) familiar orientation(v) Medical records and history(vi) Biometric information(vii) Any detail relating to the preceding(prenominal) clauses as provided to organic structure corporate for providing service and(viii) Any of the information get under above clauses by body corporate for processing, stored or impact under lawful contract or otherwise.3EXCEPTION TO SENSITIVE own(prenominal) DATA OR INFORMATIONAny information that is freely available or accessible in public domain or equipt under the Right to Information Act, 2005 or any other law for the time being in force is not to be regarded as sensitive personal data or information.ANALYSISDefinition of personal information is wider than sensitive personal data or information (SPDI). The definition of SPDI is in the nature of an exhaustive list of items . Hence, no other information apart from the one listed above, would be considered as SPDI. It is interesting to note that Section 43A only included SPDI within its ambit, but some of its provisions of the Rules have been made applicable to Personal Information.It is appropriate to note that these Rules apply to personal information irrespective of the nationality of the provider of the information thus information provided not only by Indian nationals but also by nationals in different jurisdictions, whose information is stored, dealt or handled by a corporate entity in a computer resource in India would attract the provisions of the ITA. The pertinence is driven by the location of computer resource in India, as can be seen from the wording of Section 43A of the ITA read with the Rules.Rules will also be applicable in cases where the information is collected in India and is transferred to any computer resource outside India and also in cases where the information is neither collect ed nor stored in India, but is dealt with or handled in India E.g. even accessed from India.Thus, true outsourcing businesses where personal information of foreign nationals is transferred to Indian entity (ies) who deal or handle such information would henceforth attract the provisions of the IT Act.DATA loneliness RULES SECURITY MEASURESThe Data Privacy Rules require that the body corporate and the Data Processor implement reasonable security practices and standards have a comprehensively documented information security program, and security policies.These must contain managerial, technical, in operation(p) and physical security control measures that are commensurate with the information assets being protected and with the nature of business.The International Standard IS/ISO/IEC 27001 on Information Technology Security Techniques Information Security Management System Requirements is recognized as an approved security practices standard that the body corporate or the Data P rocessor could implement to comply with security measures under the Data Privacy Rules.Any other security standard approved by the Central Government may also be adopted by the body corporate or the Data Processor in compliance with the security measures under the Data Privacy Rules.The security standards adopted by the body corporate and the Data Processor should be audited by an auditor approved by the Central Government. The audit must be carried out at least once every year, or at such times as the body corporate or the Data Processor undertakes a significant upgrade of its process or computer resource.If there is an information security breach, the body corporate or the Data Processor will be required, upon request from a governmental agency, to demonstrate that it has implemented the security control measures as per its documented information security program and information security policies.A corporation is required to designate a unfairness officer to address the grievanc es of the Provider. The name and contact details of the Grievance police officer must be published on the website of the body corporate. The Grievance Officer must address the grievances within 1 month from the date of receipt of grievance.JURISDICTIONSince the cyber world is a boundary less world, there are lots of issues regarding Jurisdiction, which laws would apply. Material may be lawful at one place, but unlawful somewhere else for instance the places from where is it accessed. The Yahoo Case is a classic example.ILLUSTRATIONConsider a scenario, where a person A is employed as a computer programmer by a bank in bucolic X.The programmer managed to instruct a computer to transfer money to his account in Country Y.A case was registered against the programmer in Country X. On Appeal, the Court in Country X had no jurisdiction over matters from Country Y.Though S.75 of IT Act provides for extra-territorial operations of this law, but these should be enforced with orders and warr ants of external authorities and demands a highest level of inter-agency cooperation.ADJUDICATING AUTHORITYADJUDICATING OFFICER Up to Rs.5 Crores IT SECRETARY OF THE STATE.CYBER APPELLATE judgeship appellate jurisdiction.SUB COURT or CITY CIVIL COURT.CYBER CRIME PROSECUTIONSection 67 C to play a significant role in cyber crime prosecution- Section 67 C brings a very significant change in the IT Act, 2000.According to this section, intermediaries shall be bound to preserve and retain such information as may be prescribed by the Central government and for such duration and format as it may prescribe.Any intermediary that contravenes this provision intentionally or knowingly shall be liable on conviction for imprisonment for a term not exceeding 2 yrs or fine not exceeding one lakh or both.Many cybercrime cases cannot be figure out due to lack of evidence and in many cases this is due to the particular that ISP failed to preserve the record pertaining to relevant time .This provisi on is very stabilizing in collection of evidence that can prove indispensable in cybercrime casesPOSSIBLE RELIEFS TO A CYBERCRIME VICTIM- STRATEGY ADOPTIONA victim of cybercrime needs to immediately report the matter to his local police station and to the nighest cybercrime cellDepending on the nature of crime there may be civil and criminal remedies.In civil remedies, injunction and restraint orders may be sought, together with damages, delivery up of infringing matter and/or account for profits.In criminal remedies, a cybercrime case will be registered by police if the offence is cognizable and if the same is non cognizable, a complaint should be filed with metropolitan magistrateFor certain offences, both civil and criminal remedies may be available to the victimCONCLUSIONThe word cyber crime is not mentioned in the IT ACT for the reason that not to scare away the potential users and tutelage in mind the basic philosophy of reducing the digital divide(computer literate person or not ) .Reasonable measures should be adopted. The IT Act is an articulation of all existing laws with e added to most of the provisions. The dark or grey areas should not alone be highlighted.We can therefore conclude that cyber law knowledge is the need of the hour for the persons working with computers, computer systems, computer networks, computer resources and information communication technology since these laws cover the legal aspects of the information technology and ignorance of law is no excuse in the eyes of law.