Provisions of Cyber law

Topics Covered
Presented By
Introduction Gayathri S
Cyber Crime Gokila R
Techniques of Cyber Crime Govindarajan N
Internet Crime Hareesh A
Cyber Law Case Study Harish Babu S
Cyber Appellate Tribunal Harish K
Advantages & Disadvantages
Introduction to Cyber Law:

In Simple way we can say that cyber crime is an unlawful act wherein the computer is
either a tool or a target or both.

Cyber crimes can involve criminal activities that are traditional in nature, such as theft,
fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal
Code. The abuse of computers has also given birth to a gamut of new age crimes that
are addressed by the Information Technology Act, 2000.

We can categorize Cyber crimes in two ways:

The Computer as a Target:-using a computer to attack other computers.

E.g. Hacking, Virus/Worm attacks, DOS attack etc.

The computer as a weapon:-using a computer to commit real world crimes.

E.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.

Cyber Crime regulated by Cyber Laws or Internet Law.

What is Cyber Law?

Cyber law (also referred to as cyber law) is a term used to describe the legal issues
related to use of communications technology, particularly "cyberspace", i.e. the Internet.
It is less a distinct field of law in the way that property or contract are as it is an
intersection of many legal fields, including intellectual property, privacy, freedom of
expression, and jurisdiction. In essence, cyber law is an attempt to integrate the
challenges presented by human activity on the Internet with legacy system of laws
applicable to the physical world.

Special techniques such as Social Engineering are commonly used to obtain

confidential information.

HISTORY OF CYBERLAW LEGISLATION IN INDIA

The origin of Information Technology Act, 2000 (ITA 2000) can be traced to the
UNCITRAL model law on E-Commerce adopted by the United Nations and
recommended to member nations in 1996.

Based on United Nations resolution A/RES/51/162, dated 30thJanuary, 1997, the

Ministry of Commerce, drafted the first version of the E-Commerce laws in India which
was titled “Draft Ecommerce Act 1998”. In 1999, the Government of India created a
separate ministry for IT and the task of finalizing the legislation was entrusted to the
department of IT under the ministry. The Ministry of Information Technology, as it was
called at that time, came up with a draft of “Information Technology Bill, 1999” which
was presented in the Parliament on 9th December, 1999. The Bill was subsequently
passed on May 17, 2000 by the Parliament, got the assent of the President on 9th June
2000 and notified as a law with effect from 17th October, 2000. This is the Act which we
refer to as the Information Technology Act, 2000. The Act went through consequential
amendments with effect from 6th February 2003 when Negotiable Instruments Act,
1881 was amended introducing “E-Cheques” and “Truncated Cheques”. In January
2005, the Government of India appointed an Expert Committee to review the Act and
recommend modifications. The Committee submitted its report on August 2005 based
on which a draft of Information Technology Act Amendment Bill, 2006 was presented in
the Parliament on December 15th 2006. This Bill was referred to a Parliamentary
Standing Committee under the Chairmanship of Mr Nikhil Kumar which recommended
substantial changes to the bill based on opinion gathered from several experts. On
December 15, 2008, the Ministry of Communications and Technology presented
amendments to the Information Technology Amendment Bill, 2006 through another
amendment Bill. This was passed on December 22nd in Lok Sabha and December 23rd
, 2008 in Rajya Sabha (the two houses of Parliament). The Bill received the assent of
the President of India on 5th February, 2009 and is now termed as Information
Technology (Amendment) Act 2008.

SCOPE OF THE ACT

The Act extends to the whole of India (except as mentioned in the Act) and as per
Section 75 of the Act, it also applies to any offence or contravention committed outside
India or by a person who is not a citizen of India if a computer resource located in India
has been used in the commission of an offence. Thus, the Act applies to all entities in
India, including branches of foreign companies operating in India.

As per the provisions for determination of time and place of dispatch and receipt of
electronic records, an electronic record is deemed to be dispatched at the place where
the originator has his place of business and is deemed to be received at the place
where the addressee has his place of business. If the originator has more than one
place of business, the principal place of business shall be the place of business and
where the originator does not have a place of business, it will be the usual place of
residence (in case of a body corporate, this will mean the place where it is registered).
Thus, for determining the liability for communication under the Act, the location of the
computer resource (ex. where a server is located) does not have much bearing.
Introduction to Cyber Crime

The first recorded cyber crime took place in the year 1820! That is not surprising
considering the fact that the abacus, which is thought to be the earliest form of a
computer, has been around since 3500 B.C. in India, Japan and China. The era of
modern computers, however, began with the analytical engine of Charles Babbage.

In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the

loom. This device allowed the repetition of a series of steps in the weaving of special
fabrics. This resulted in a fear amongst Jacquard's employees that their traditional
employment and livelihood were being threatened. They committed acts of sabotage to
discourage Jacquard from further use of the new technology. This is the first recorded
cyber crime.

Cyber Crime Techniques:

1. Unauthorized access & Hacking:

Access means gaining entry into, instructing or communicating with the logical,
arithmetical, or memory function resources of a computer, computer system or
computer network.

Unauthorized access would therefore mean any kind of access without the permission
of either the rightful owner or the person in charge of a computer, computer system or
computer network.

Every act committed towards breaking into a computer and/or network is hacking.
Hackers write or use ready-made computer programs to attack the target computer.
They possess the desire to destruct and they get the kick out of such destruction. Some
hackers hack for personal monetary gains, such as to stealing the credit card
information, transferring money from various bank accounts to their own account
followed by withdrawal of money.

By hacking web server taking control on another person’s website called as web
hijacking.

Section 66 which was the principal section on offences in the original Act has been reworded and
it now applies to contraventions listed in Section 43 and applies only if the act is dishonestly or
fraudulently performed. Earlier title to this section referred to this offence as “hacking” and this
term has now been removed in the amendments.

2. Trojan Attack:
The program that act like something useful but do the things that are quiet damping.
The programs of this kind are called as Trojans.

The name Trojan horse is popular.

Trojans come in two parts, a Client part and a Server part. When the victim
(unknowingly) runs the server on its machine, the attacker will then use the Client to
connect to the Server and start using the trojan.

TCP/IP protocol is the usual protocol type used for communications, but some functions
of the Trojans use the UDP protocol as well.

3. Virus and Worm attack:

A program that has capability to infect other programs and make copies of itself and
spread into other programs is called virus.

Programs that multiply like viruses but spread from computer to computer are called as
worms.

4. E-mail & IRC related crimes:-

 Email spoofing

Email spoofing refers to email that appears to have been originated from one source
when it was actually sent from another source.

 Email Spamming

Email "spamming" refers to sending email to thousands and thousands of users - similar
to a chain letter.

This would include trade of narcotics, weapons and wildlife etc., by posting information
on websites, auction websites, and bulletin boards or simply by using email
communication.

Research shows that number of people employed in this criminal area. Daily people
receiving so many emails with offer of banned or illegal products for sale.

 Sending malicious codes through email

E-mails are used to send viruses, Trojans etc through emails as an attachment or by
sending a link of website which on visiting downloads malicious code.

 Email bombing
E-mail "bombing" is characterized by abusers repeatedly sending an identical email
message to a particular address.

 Sending threatening emails

 Defamatory emails

 Email frauds

 IRC related

Section 66A applies to sending offensive messages and covers any electronic mail for
the purpose of causing annoyance or inconvenience or to deceive or mislead. This
Section will cover offences like Cyber Stalking and Phishing. It is possible to interpret
the section to also cover “Spamming”.

5. Denial of Service attacks:-

Flooding a computer resource with more requests than it can handle. This causes the
resource to crash thereby denying access of service to authorized users.

Examples include

Attempts to "flood" a network, thereby preventing legitimate network traffic

Attempts to disrupt connections between two machines, thereby preventing access to a

service

Attempts to prevent a particular individual from accessing a service

Attempts to disrupt service to a specific system or person.

6. Distributed DOS

A distributed denial of service (DoS) attack is accomplished by using the Internet to

break into computers and using them to attack a network.

Hundreds or thousands of computer systems across the Internet can be turned into
“zombies” and used to attack another system or website.
Types of DOS

There are three basic types of attack:

 Consumption of scarce, limited, or non-renewable resources like NW bandwith,

RAM, CPU time. Even power, cool air, or water can affect.

 Destruction or Alteration of Configuration Information

 Physical Destruction or Alteration of Network Components.

7. Pornography:-

Adult entertainment is the largest industry on internet. There are more than 420 million
individual web pages today.

Research shows that 50% of the web-sites containing potentially illegal contents relating
to child abuse were ‘Pay-Per-View’. This indicates that abusive images of children over
Internet have been highly commercialized.

Pornography delivered over mobile phones is now a burgeoning business, “driven by

the increase in sophisticated services that deliver video clips and streaming video, in
addition to text and images.”

Section 66E covers punishment for violation of privacy and video voyeurism.Provisions
of the erstwhile Section 67, which covered “Obscenity” has now been distributed into
three sections - 67,67A and 67B.

Under Section 67, which continues to cover publishing and transmission of obscene
information in electronic form, the fine has been increased to Rupees five lakhs for first
instance and Rupees ten lakhs for subsequent instances along with imprisonment of
three years for first instance and five years for subsequent instance.

New Sections 67A & 67B have been introduced to cover pornography with punishment
of imprisonment which may extend to five years in the first instance and seven years in
the second instance with fine which may extend to Rupees ten lakhs. This would be
applicable for cases where “Sexually Explicit” content and “Child Pornography” is
involved.

8. IPR Violations:-
These include software piracy, copyright infringement, trademarks violations, theft of
computer source code, patent violations. etc.

Cyber Squatting- Domain names are also trademarks and protected by ICANN’s
domain dispute resolution policy and also under trademark laws.

Cyber Squatters registers domain name identical to popular service provider’s domain
so as to attract their users and get benefit from it.

Section 43 which lays down penalty and compensation for damage to computer and
computer system now specifically includes computer source code. Under the Act,
‘source code’ means listing of programs, computer commands, design and layout and
program analysis of computer resources in any form.

9. Cyber Terrorism:-

Targeted attacks on military installations, power plants, air traffic control, banks, trail
traffic control, telecommunication networks are the most likely targets. Others like
police, medical, fire and rescue systems etc.

Cyber terrorism is an attractive option for modern terrorists for several reasons.

1. It is cheaper than traditional terrorist methods.

2. Cyber Terrorism is more anonymous than traditional terrorist methods.

3. The variety and number of targets are enormous.

4. Cyber Terrorism can be conducted remotely, a feature that is especially appealing to

terrorists.

5. Cyber Terrorism has the potential to affect directly a larger number of people.

An important amendment in the context of the existing environment has been

introduced through Section 66F and is termed “Cyber Terrorism”. Accordingly, whoever
denies or causes the denial of access to any person authorized to access computer
resource or attempts to penetrate or access a computer resource without adequate
authorization or introduces or causes to introduce any computer contaminant with intent
to threaten the unity, integrity, security or sovereignty of India or friendly relations with
foreign states and causes death or injury to person or damage or destruction to property
or adversely affect the critical information infrastructure shall be punishable with
imprisonment which may extend up to life. The definition of Cyber Terrorism extends to
“Conspiracy” also.
 10. Banking/Credit card Related crimes:-

In the corporate world, Internet hackers are continually looking for opportunities to
compromise a company’s security in order to gain access to confidential banking and
financial information.

Uses of stolen card information or fake credit/debit cards are common.

Bank employee can grab money using programs to deduce small amount of money
from all customer accounts and adding it to own account also called as salami.

Section 66A will cover offences like Phishing. It is possible to interpret the section to
also cover “Spamming”.

11. Online gambling:-

There are millions of websites hosted on servers abroad that offer online gambling. In
fact, it is believed that many of these websites are actually fronts for money laundering.

12. Defamation: -

Defamation can be understood as the intentional infringement of another person's right

to his good name.

Cyber Defamation occurs when defamation takes place with the help of computers and /
or the Internet. E.g. someone publishes defamatory matter about someone on a website
or sends e-mails containing defamatory information to all of that person's friends.
Information posted to a bulletin board can be accessed by anyone. This means that
anyone can place

Cyber defamation is also called as Cyber smearing.

Section 66A applies to sending offensive messages and covers any electronic mail for
the purpose of causing annoyance or inconvenience or to deceive or mislead

16. Cyber Stalking:-

Cyber stalking involves following a person’s movements across the Internet by posting
messages (sometimes threatening) on the bulletin boards frequented by the victim,
entering the chat-rooms frequented by the victim, constantly bombarding the victim with
emails etc.
In general, the harasser intends to cause emotional distress and has no legitimate
purpose to his communications.

Section 66A applies to sending offensive messages and covers any electronic mail for
the purpose of causing annoyance or inconvenience or to deceive or mislead. This
Section will cover offences like Cyber Stalking and Phishing. It is possible to interpret
the section to also cover “Spamming”.

17. Identity Theft: -

Identity theft is the fastest growing crime in countries like America.

Identity theft occurs when someone appropriates another's personal information without
their knowledge to commit theft or fraud.

Identity theft is a vehicle for perpetrating other types of fraud schemes.

Section 66C covers identity theft and covers fraudulent or dishonest usage of electronic
signature, passwords or unique identification features of any other person.

18. Data diddling:-

Data diddling involves changing data prior or during input into a computer.

In other words, information is changed from the way it should be entered by a person
typing in the data, a virus that changes data, the programmer of the database or
application, or anyone else involved in the process of having information stored in a
computer file.

It also include automatic changing the financial information for some time before
processing and then restoring original information.

Section 72A has been inserted which specifically provides for punishment for disclosure
of information in breach of a lawful contract. The punishment stipulated is imprisonment
for a term which may extend to three years or fine which may extend to Rupees five
lakhs or both. The offence is cognizable but bailable.

These provisions should address the requirements regarding data theft and data
leakage directly by or with the assistance of employees of an organization.

19. Breach of Privacy and Confidentiality

 Privacy

Privacy refers to the right of an individual/s to determine when, how and to what extent
his or her personal data will be shared with others.
Breach of privacy means unauthorized use or distribution or disclosure of personal
information like medical records, sexual preferences, financial status etc.

 Confidentiality

It means non disclosure of information to unauthorized or unwanted persons.

In addition to Personal information some other type of information which useful for
business and leakage of such information to other persons may cause damage to
business or person, such information should be protected.

Generally for protecting secrecy of such information, parties while sharing information
forms an agreement about he procedure of handling of information and to not to
disclose such information to third parties or use it in such a way that it will be disclosed
to third parties.

Many times party or their employees leak such valuable information for monitory gains
and causes breach of contract of confidentiality.

Internet Crime

Internet crime is crime committed on the Internet, using the Internet and by means of
the Internet.

Computer crime is a general term that embraces such crimes as phishing, credit card
frauds, bank robbery, illegal downloading, industrial espionage, child pornography,
kidnapping children via chat rooms, scams, cyberterrorism, creation and/or distribution
of viruses, Spam and so on. All such crimes are computer related and facilitated crimes.

With the evolution of the Internet, along came another revolution of crime where the
perpetrators commit acts of crime and wrongdoing on the World Wide Web. Internet
crime takes many faces and is committed in diverse fashions. The number of users and
their diversity in their makeup has exposed the Internet to everyone. Some criminals in
the Internet have grown up understanding this superhighway of information, unlike the
older generation of users.. Some crimes committed on the Internet have been exposed
to the world and some remain a mystery up until they are perpetrated against someone
or some company.

The different types of Internet crime vary in their design and how easily they are able to
be committed. Internet crimes can be separated into two different categories. There are
crimes that are only committed while being on the Internet and are created exclusively
because of the World Wide Web. The typical crimes in criminal history are now being
brought to a whole different level of innovation and ingenuity. Such new crimes devoted
to the Internet are email “phishing”, hijacking domain names, virus immistion, and cyber
vandalism. A couple of these crimes are activities that have been exposed and
introduced into the world. People have been trying to solve virus problems by installing
virus protection software and other software that can protect their computers. Other
crimes such as email “phishing” are not as known to the public until an individual
receives one of these fraudulent emails. These emails are cover faced by the illusion
that the email is from your bank or another bank. When a person reads the email he/she
is informed of a problem with he/she personal account or another individual wants to
send the person some of their money and deposit it directly into their account. The
email asks for your personal account information and when a person gives this
information away, they are financing the work of a criminal.

WHITE HAT HACKERS

A white hat hacker, also rendered as ethical hacker, is, in the realm of information
technology, a person who is ethically opposed to the abuse of computer systems.
Realization that the Internet now represents human voices from around the world has
made the defense of its integrity an important pastime for many. A white hat generally
focuses on securing IT systems, whereas a black hat (the opposite) would like to break
into them.

Terminology:The term white hat hacker is also often used to describe those who
attempt to break into systems or networks in order to help the owners of the system by
making them aware of security flaws, or to perform some other altruistic activity. Many
such people are employed by computer security companies; these professionals are
sometimes called sneakers. Groups of these people are often called tiger teams.

The primary difference between white and black hat hackers is that a white hat hacker
claims to observe ethical principles. Like black hats, white hats are often intimately
familiar with the internal details of security systems, and can delve into obscure
machine code when needed to find a solution to a tricky problem. Some use the term
grey hat and fewer use brown hat to describe someone's activities that cross between
black and white.

In recent years the terms white hat and black hat have been applied to the Search
Engine Optimization (SEO) industry. Black hat SEO tactics, also called spamdexing,
attempt unfairly to redirect search results to particular target pages, whereas white hat
methods are generally approved by the search engines.

GREY HAT HACKERS

A Grey Hat in the computer security community, refers to a skilled hacker who
sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid
between white and black hat hackers. They usually do not hack for personal gain or
have malicious intentions, but may or may not occasionally commit crimes during the
course of their technological exploits.
Disambiguation: One reason a grey hat might consider himself to be grey is to
disambiguate from the other two extremes: black and white. It might be a little
misleading to say that grey hat hackers do not hack for personal gain. While they do not
necessarily hack for malicious purposes, grey hats do hack for a reason, a reason
which more often than not remains undisclosed. A grey hat will not necessarily notify the
system admin of a penetrated system of their penetration. Such a hacker will prefer
anonymity at almost all cost, carrying out their penetration undetected and then exiting
said system still undetected with minimal damages. Consequently, grey hat
penetrations of systems tend to be for far more passive activities such as testing,
monitoring, or less destructive forms of data transfer and retrieval.

A person who breaks into a computer system and simply puts their name there whilst
doing no damage (such as in war gaming - see) can also be classified as a grey hat.

BLACK HAT HACKERS 

A black hat is a person who compromises the security of a computer system without
permission from an authorized party, typically with malicious intent. The term white hat
is used for a person who is ethically opposed to the abuse of computer systems, but is
frequently no less skilled. The term cracker was coined by Richard Stallman to provide
an alternative to using the existing word hacker for this meaning.[1] The somewhat
similar activity of defeating copy prevention devices in software which may or may not
be legal in a country's laws is actually software cracking.

Terminology

Use of the term "cracker" is mostly limited (as is "black hat") to some areas of the
computer and security field and even there, it is considered controversial. Until the
1980s, all people with a high level of skills at computing were known as "hackers". A
group that calls themselves hackers refers to "a group that consists of skilled computer
enthusiasts". The other, and currently more common usage, refers to those who attempt
to gain unauthorized access to computer systems. Over time, the distinction between
those perceived to use such skills with social responsibility and those who used them
maliciously or criminally, became perceived as an important divide. Many members of
the first group attempt to convince people that intruders should be called crackers rather
than hackers, but the common usage remains ingrained. The former became known as
"hackers" or (within the computer security industry) as white hats, and the latter as
"crackers" or "black hats". The general public tends to use the term "hackers" for both
types, a source of some conflict when the word is perceived to be used incorrectly; for
example Linux has been criticised as "written by hackers". In computer jargon the
meaning of "hacker" can be much broader.
Usually, a black hat is a person who uses their knowledge of vulnerabilities and exploits
for private gain, rather than revealing them either to the general public or the
manufacturer for correction. Many black hats hack networks and web pages solely for
financial gain. Black hats may seek to expand holes in systems; any attempts made to
patch software are generally done to prevent others from also compromising a system
they have already obtained secure control over. A black hat hacker may write their own
zero-day exploits (private software that exploits security vulnerabilities; 0-day exploits
have not been distributed to the public). In the most extreme cases, black hats may
work to cause damage maliciously, and/or make threats to do so as extortion.

Cyber Law Cases in India and World

 MYSPACE CATCHES A MURDERER

MySpace has played an important role in helping Oakland police apprehend a 19-year
old man accused of shooting a San Leandro High School football player Greg "Doody"
Ballard, Jr, Oakland police had a street name of a suspect and were able to identify Dwayne
Stancill, 19 of Oakland from a picture they found on a gang's MySpace page. Police brought the
suspect to their headquarters where detectives say he confessed. What was most troubling to
investigators was the lack of motive for the killing.

Three people held guilty in on line credit card scam

Customers credit card details were misused through online means for booking air-
tickets. These culprits were caught by the city Cyber Crime Investigation Cell in pune. It
is found that details misused were belonging to 100 people.

Mr. Parvesh Chauhan, ICICI Prudential Life Insurance officer had complained on behalf
of one of his customer. In this regard Mr. Sanjeet Mahavir Singh Lukkad, Dharmendra
Bhika Kale and Ahmead Sikandar Shaikh were arrested. Lukkad being employeed at a
private institution, Kale was his friend. Shaiklh was employed in one of the branches of
State Bank of India .

According to the information provided by the police, one of the customer received a
SMS based alert for purchasing of the ticket even when the credit card was being held
by him. Customer was alert and came to know something was fishy; he enquired and
came to know about the misuse. He contacted the Bank in this regards. Police observed
involvement of many Bank's in this reference.

The tickets were book through online means. Police requested for the log details and
got the information of the Private Institution. Investigation revealed that the details were
obtained from State Bank of India . Shaikh was working in the credit card department;
due to this he had access to credit card details of some customers. He gave that
information to Kale. Kale in return passed this information to his friend Lukkad. Using
the information obtained from Kale Lukkad booked tickets. He used to sell these tickets
to customers and get money for the same. He had given few tickets to various other
institutions.

Cyber Cell head DCP Sunil Pulhari and PI Mohan Mohadikar A.P.I Kate were involved
in eight days of investigation and finally caught the culprits.

In this regards various Banks have been contacted; also four air-line industries were
contacted.
DCP Sunil Pulhari has requested customers who have fallen in to this trap to inform
police authorities on 2612-4452 or 2612-3346 if they have any problems.

CYBER APPELLATE TRIBUNAL

The structure of the Cyber Appellate Tribunal has changed substantially with the
conversion of the Present one man Tribunal to a multi member tribunal with provision
for technology specialists from the Government to be members of the tribunal.

ADJUDICATION

The powers of the adjudicator which applies to contraventions under Section 43 of the Act has
automatically got expanded with two new contraventions corresponding to Sections 65 & 66
having been added and the limit of Rs 1 crore specified in Section 43 having been removed.
The adjudicator can adjudicate claims up to Rs 5 crores and the civil court’s authority has been
introduced for claims beyond Rs. 5 crores. It should be noted that this is the first time that civil
courts (below High Courts) will be required to handle disputes under ITA 2000.

Advantages of Cyber Laws

The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber
crimes. We need such laws so that people can perform purchase transactions over the
Net through credit cards without fear of misuse. The Act offers the much-needed legal
framework so that information is not denied legal effect, validity or enforceability, solely
on the ground that it is in the form of electronic records.

In view of the growth in transactions and communications carried out through electronic
records, the Act seeks to empower government departments to accept filing, creating
and retention of official documents in the digital format. The Act has also proposed a
legal framework for the authentication and origin of electronic records / communications
through digital signature.

From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain
many positive aspects. Firstly, the implications of these provisions for the e-businesses
would be that email would now be a valid and legal form of communication in our
country that can be duly produced and approved in a court of law.

 Companies shall now be able to carry out electronic commerce using the legal
infrastructure provided by the Act.

 Digital signatures have been given legal validity and sanction in the Act.

 The Act throws open the doors for the entry of corporate companies in the
business of being Certifying Authorities for issuing Digital Signatures Certificates.

 The Act now allows Government to issue notification on the web thus heralding
e-governance.

 The Act enables the companies to file any form, application or any other
document with any office, authority, body or agency owned or controlled by the
appropriate Government in electronic form by means of such electronic form as
may be prescribed by the appropriate Government.

 The IT Act also addresses the important issues of security, which are so critical
to the success of electronic transactions. The Act has given a legal definition to
the concept of secure digital signatures that would be required to have been
passed through a system of a security procedure, as stipulated by the
Government at a later date.

 Under the IT Act, 2000, it shall now be possible for corporate to have a statutory
remedy in case if anyone breaks into their computer systems or network and
causes damages or copies data. The remedy provided by the Act is in the form
of monetary damages, not exceeding Rs. 1 crore.

Critical evaluation of the IT Act, 2000 amendments

The proposed IT Act, 2000 amendments are neither desirable nor conducive for
the growth of ICT in India. They are suffering from numerous drawbacks and
grey areas and they must not be transformed into the law of the land. These
amendments must be seen in the light of contemporary standards and
requirements.Some of the more pressing and genuine requirements in this
regard are:

There are no security concerns for e-governance in India

The concept of due diligence for companies and its officers is not clear to
the concerned segments

The use of ICT for justice administration must be enhanced and

improved

The offence of cyber extortions must be added to the IT Act, 2000 along
with Cyber Terrorism and other contemporary cyber crimes

The increasing nuisance of e-mail hijacking and hacking must also be

addressed

The use of ICT for day to day procedural matters must be considered

The legal risks of e-commerce in India must be kept in mind

The concepts of private defence and aggressive defence are missing

from the IT Act, 2000

Internet banking and its legal challenges in India must be considered

Adequate and reasonable provisions must me made in the IT Act, 2000

regarding “Internet censorship”

The use of private defence for cyber terrorism must be introduced in the
IT Act, 2000

The legality of sting operations (like Channel 4) must be adjudged

The deficiencies of Indian ICT strategies must be removed as soon as

possible
 A sound BPO platform must be established in India, etc

Conclusion:

The Government has mistakenly relied too much upon “self governance” by private
sectors and in that zeal kept aside the “welfare State role”. The concept of self
governance may be appropriate for matters having civil consequences but a
catastrophic blunder for matter pertaining to crimes, offences, contraventions and cyber
crimes. Further, the Government must also draw a line between “privatization’ and
“abdication of duties” as imposed by the Supreme Constitution of India. The concepts of
“Public-Private Partnerships’ must be reformulated keeping in mind the welfare State
role of India. The “collective expertise” must be used rather than choosing a segment
that is not representing the “silent majority”. It would be appropriate if the Government
puts the approved draft by the Cabinet before the public for their inputs before finally
placing them before the Parliament.