Professional Documents
Culture Documents
BSIT - 64
Kuvempu University
Shankaraghatta, Shimoga District, Karnataka
In
collaboration
with
II
Printed at :
III
: Contributing Author :
Na. Vijayashankar,
IV
V
a
Contents
Unit 1
WHAT IS COMPUTER ETHICS
1.0
1.1
1.2
1.3
1.4
Introduction
Evolution of computer ethics: Some historical milestones
Defining the field of computer ethics:
Three levels of Computer Ethics
Check your progress:
Unit 2
TOPICS IN COMPUTER ETHICS
2.0
2.1
2.2
2.3
2.4
2.5
2.6
2.7
Introduction.
Computers in the workplace: Social and Ethical issues
Computer crime:
Privacy and anonymity
Intellectual property
Professional responsibility
Globalization
Check your progress:
Unit 3
ETHICS AND THE INTERNET
3.0
Introduction
14
VI
3.1
3.2
3.3
3.4
Distinct features
Types of problematic behavior
Internet and Moral Values
3.3.1
Fundamental Moral Values
3.3.2
Moral rules on the internet
Check your progress
Unit 4
A PROFESSIONALS CODE OF ETHICS
4.0
4.1
4.2
4.3
4.4
19
Introduction
Functions of the Code of ethics
Limitations of the Code of ethics
The Ten Commandments for Computer Ethics
Check your progress
Unit 5
INFORMATION TECHNOLOGY AND THE NET
5.0
5.1
5.2
5.3
5.4
5.5
5.6
5.7
24
Introduction
Objective
We, Cyberspace and Our Lives
The Nature of the Net
Features of the Net
Geographical Indeterminacy
Information technological revolution and societal impact
Check your progress
Unit 6
SOURCES OF THE LAW
6.0
6.1
6.2
6.3
6.4
6.5
6.6
6.7
Introduction
Objective
Sources of law
The Significance of Legislation
The common law or uncodified law
Precedent as a Source of law
Branches of law
Check your progress
29
VII
Unit 7
INFORMATION TECHNOLOGY AND THE ATTEMPTED
LEGAL RESPONSE
7.0
7.1
7.2
7.3
7.4
34
Introduction
Objective
Primary assumptions of a legal system
7.2.1
Sovereignty
7.2.2
Territorial Enforcement
7.2.3
Notion of Property
7.2.4
Real Relationships
7.2.5
Paper Based Transactions
Role of the Judiciary in the evolving legal framework
Check your progress
Unit 8
CYBER CRIMES
8.0
8.1
8.2
8.3
8.4
8.5
8.6
Introduction
Objective
Cyber Crime A perspective
The Problem: Current Forms of Computer Crime
8.3.1
Infringements of Privacy
8.3.2
Economic offences
8.3.3
Computer Hacking
8.3.4
Computer Espionage
8.3.5
Software Piracy and other forms of Product Piracy
8.3.6
Computer Sabotage and Computer Extortion
8.3.7
Computer Fraud
8.3.8
Illegal and harmful contents
Other Offences
8.4.1
Attacks on Life
8.4.2
Organized Crime
8.4.3
Electronic Warfare
Classification of Cyber Crimes in I.T. Act, 2000
Check your progress
38
VIII
Unit 9
CYBER CONTRACTS
9.0
9.1
9.2
9.3
9.4
9.5
9.6
9.7
9.8
9.9
9.10
9.11
9.12
9.13
9.14
47
Introduction
Objective
Cyber Contract
Essentials of a contract
9.3.1
Intention to be bound
9.3.2
Offer and Acceptance
9.3.3
Concept of offer
9.3.4
Offer by and to whom
9.3.5
Statements which are not offers
Termination of offer
Quality of acceptance
Consideration
Capacity of the parties
Consent
Unlawful agreements
Persons bound by contract
Performance and frustration
Subsequent Events and Frustration
Remedies for Breach of Contract
9.13.1 Damages
9.13.1.1
Penal Stipulations
9.13.2 Specific performance
9.13.3 Injunctions
Check your progress
Unit 10
CYBER PRIVACY
10.0
10.1
10.2
10.3
Introduction
Objective
Cyber Privacy A perspective
Policy approaches to privacy concerns
10.3.1 Market approach
10.3.2 Human rights approach
10.3.3 Contract approach
10.4 Platform for Privacy Preferences Project (P3P)
10.5 Check your progress
57
IX
Unit 11
INFORMATION TECHNOLOGY ACT, 2000 (I.T. ACT, 2000)
11.0
11.1
11.2
11.3
11.4
11.5
11.6
11.7
11.8
11.9
11.10
11.11
11.12
65
Introduction
Objective
The Information Technology Act, 2000: An overview
Transmission of electronic documents
Evidentiary presumptions of a secured electronic document
Certifying Authority (CA)
Controller of Certifying Authorities
Suspension of Certifying Authority
Digital Signature
Digital Signatures: Power of Central Government to make rules
Digital Signature Certificate
Revocation of Digital Signature Certificate
Check your progress
Unit 12
PENALTIES AND ADJUDICATION
12.0 Introduction
12.1 Objective
12.2 Penalties and adjudication: A brief overview
12.2.1 Penalty for damage to computer, computer system, etc
12.2.2 Penalty for failure to furnish information, return, etc
12.2.3 Residuary penalty (Section 45)
12.2.4 Power to adjudicate
12.3 Cyber Regulations Appellate Tribunal
12.4 Composition of the Cyber Appellate Tribunal
12.5 Right of Appeal to Cyber Regulations Appellate Tribunal
12.6 Procedures and powers of the Cyber Appellate Tribunal
12.7 Compounding of Contravention
12.8 Jurisdiction of Civil Courts
12.9 Appeal to High Court on order of Tribunal
12.10 Check your progress
72
X
Unit 13
AMENDMENTS TO CURRENT LEGAL PROVISIONS
13.0 Introduction
13.1 Objective
13.1.1 Amendments to the Indian Penal Code
13.1.2 Amendments to the Indian Evidence Act , 1872
13.1.3 Amendment to the Bankers Books Evidence Act, 1891
13.1.4 Amendment to the Reserve Bank of India Act, 1934
APPENDIX - I
Sample Codes of Ethics and Guidelines
APPENDIX - II
The Information Technology Act, 2000
APPENDIX - III
Bibliographical Information
78
1
Unit 1
1.0 INTRODUCTION
omputer ethics is the analysis of the nature and social impact of computer technology and the
formulation and justification of the policies for the ethical use of such technology. Computer
ethics examine the ethical issues surrounding computer usage and the connection between ethics
and technology. It includes consideration of both personal and social policies for ethical use of computer
technology. The goal is to understand the impact of computing technology upon human values, minimize
the damage that technology can do to human values and to identify ways to use computer technology to
advance human values. The term computer ethics was coined in the mid 1970s by Walter Manor to refer
to that field of applied professional ethics dealing with ethical problems aggravated, transformed or created
by human technology. (James H Moor, 1997)
Ethics is a branch of philosophy that deals with what is considered to be right and wrong. There are
many definitions of ethics such as codes of morals of a particular profession, the standards of conduct
of a given profession, agreement among people to do right and to avoid wrong. While whatever is
unethical is not necessarily illegal, in most cases, individuals or organizations when faced with an ethical
question are not considering whether to break the law.
Many companies or professional organizations develop their own code of conduct. A code of ethics is
a collection of principles intended as a guide for the members of a company or an organization.
The diversity of IT applications and the incremental use of technology have created a variety of ethical
issues. Ethical issues can be classified into four kinds.
Privacy: Collection, storage and dissemination of information about individuals.
2
What things can people keep to themselves and not be forced to reveal to others
What information about individuals should be kept in databases, and how secure is the information
there.
Who is responsible for the accuracy, fidelity and accuracy of information collected?
How can we ensure that information will be processed properly and presented accurately to the
users
How can we ensure that errors in databases, data transmissions and data processing are
accidental and not intentional?
Who is to be held responsible for errors in information, and how should the injured party be
compensated.
What are the just and fair prices for its exchange
How should experts who contribute their knowledge to create expert systems be compensated
What information does a person or a organization have a right or a privilege to obtain under what
conditions and safeguards (Mason, 1995, Ethics of Information Management)
Computer ethics is a dynamic and complex field of study, which considers the relationships between
facts, policies and values with regard to constantly changing computer technology. Computers provide us
with new capabilities and thus the society benefits from increased choices for action. The basic problem
in computer ethics is that a constantly changing computer technology is essentially involved and there is
uncertainty regarding the issues being thrown up and mode of dealing with them. Thus a typical problem
in computer ethics arises because there is a policy vacuum about how computer technology is to be used.
Either there are no policies for conduct in newly emerging situations or the existing policies are inadequate
as they were formulated without keeping technology in mind. A central task in computer ethics is to
determine what we should we do in such cases.
The focus is on professional ethics, privacy concerns, property issues, accountability and social
implications, which form the core issues in computer ethics. Included in the scope of computer ethics is
standards of professional practice, codes of ethics, aspects of computer law, public policy, corporate
ethics etc. (James H Moor, 1997)
which contained curriculum materials and guidelines to develop and teach computer ethics. By the 1980s
a number of social and ethical consequences of information technology were becoming public issues in
America and Europe. Issues like computer enabled crime, disasters caused by computer failures, invasions
of privacy through computer databases etc become the order of the day. This led to an explosion of
activities in the field of computer ethics. The 1990s heralded the beginning of the second generation of
computer ethics. Past experience led to the situation, which helped to build and elaborate the conceptual
foundation while developing the frameworks within which practical action can occur, thus reducing the
unforeseen effects of information technology application.
have helped to sensitize the public at large to the fact that computer technology can threaten human
values as well as advance them.
The second level consists of someone who takes interest in computer ethics cases, collects examples,
clarifies them, looks for similarities and differences, reads related works, attends relevant events to make
preliminary assessments and after comparing them, suggests possible analyses.
The third level of computer ethics referred to as theoretical computer ethics applies scholarly theories
from philosophy, social science, law etc. to computer ethics cases and concepts in order to deepen the
understanding of issues. All three level of analysis are important to the goal of advancing and defending
human values. (James H Moor, 1997)
2.
6
Unit 2
2.0 INTRODUCTION
omputers as a universal tool can in principle perform any task and hence pose a threat to jobs.
They are far more efficient than humans in performing many tasks. Therefore economic incentives
to replace humans with computerized devices are very high. In the industrialized world many
workers doing jobs as bank tellers, autoworkers, telephone operators, typists, graphic artists, already have
been replaced by computers. Even professionals like medical doctors, lawyers, teachers, accountants
and psychologists are finding that computers can perform many traditional duties performed by workers
and professionals.
On the other hand the computer industry has generated a wide range of new jobs in the form of
hardware engineers, software engineers, system analysts, webmasters, information technology teachers,
computer sales clerks etc. Even when a job is not eliminated by computers, the job profile could be
radically altered. An airline pilot for example gets to fly the plane with less manual effort with the assistance
of a computer. In other work places computerized devices actually perform the needed tasks. In this way
computers tend to cause de-skilling of workers, turning workers into passive observers. In other cases,
new jobs generated by the advent of computers have required new sophisticated skill to perform. Job
gains and losses are to be viewed in the context of the society we live in. Thus ethical questions regarding
the fate of people who have been displaced by the advent of computer needs to be addressed.
Another workplace issue concerns health and safety. When information technology is introduced into
the work place it is important to consider likely impact upon health and job satisfaction of workers who
will use it. The advent of stress in the workplace due to the introduction of computers is becoming more
and more evident. The threat to the health of the workers from exposure to monitor radiation and repetitive
stress injury is becoming pronounced. These are just two of the social and ethical questions that arise
when information technology is introduced into the workplace.
kinds of sensitive information out of public domain or out of the hands of those who are perceived as
potential threats. During the past decade, commercialization and rapid growth of the internet, the rise of
the world wide web, increasing user friendliness and processing power of the computers, decreasing
costs of computer technology have led to new privacy issues such as taking data without authorization,
data mining, data matching, workplace monitoring, recording of click trails on the web and so on.
The concept of privacy itself has undergone a sea change over the period of time. Initially privacy
was defined as control over personal information[Weston, 1967]. Later interpretation was that control
of personal information was insufficient to establish or protect privacy and that the concept of privacy
was best defined in terms of restricted access not control[Moor, 1997]. Yet another interpretation was
that privacy also existed in public places and thus a definition of privacy must take into account privacy
in public[Nassenbaum, 1998]. As anonymity provides the same benefits as privacy, questions regarding
anonymity and privacy are discussed in the same context. Anonymity and privacy can be helpful in
preserving human values, but at the same time it can be exploited to facilitate unwanted and undesirable
computer aided activities in cyberspace such as money laundering etc.
Information privacy is the right to control the disclosure of and access to ones personal information.
The internet has facilitated a significant abuse of the principles of disclosure and access. Information
privacy is violated when the individual:
Since their inception, computers have facilitated the violation of privacy of individual information. In
order to protect privacy of an individual, the computer professionals Code of Ethics also came out with
guidelines that a computer professional should:
Establish procedures to allow individuals to review their records and correct inaccuracies
The concern to protect privacy from large centralized databases of personalized information led to
formulation of numerous legislations. Data collection principles focus on:
Collection limitation: Data should be obtained lawfully and fairly; some very sensitive data should
not be collected at all.
Data quality: Data should be relevant to the stated purposes, accurate, complete and up to date;
proper precautions should be taken to ensure this accuracy.
Proper specification: The purposes for which data will be used should be identified and the data
should be destroyed if they no longer serve the given purpose.
Use limitation: Use of data for purposes other than specified is forbidden, except with the
consent of the data subject or by authority of the law.
Security safeguards: Agencies should establish safeguards to guard against loss, corruption,
destruction or misuse of data.
Openness: It must be possible to acquire information about the collection, storage and use of
personal data.
Individual participation: The data subject had the right to access and challenge personal data.
Privacy policy guidelines for databases include guidelines for data collection, data accuracy and data
confidentiality.
Data collection
Data should be collected on individuals only for the purpose of accomplishing a legitimate business
objective.
Data should be adequate, relevant and not excessive in relation to the business objective.
Individuals must give their consent before data pertaining to them can be gathered. Such consent
may be implied from the individuals actions.
Data Accuracy
Sensitive data gathered on individuals should be verified before it is entered into the database.
Data should be accurate and where and when necessary kept current.
The file should be made available so the individual can ensure that the data is correct.
If there is disagreement about the accuracy of the data, the individuals version should be noted
and included with any disclosure of the file.
Data confidentiality
10
unauthorized disclosure of data. They should include physical, technical and administrative
security measures.
Third parties should not be given access to data without the individuals knowledge or permission,
except as required by law.
Disclosures of data, other than the most routine, should be noted and maintained for as long as
the data is maintained
Data should not be disclosed for reasons incompatible with the business objective for which
they are collected. (Mason, 1995)
The overriding positive value of the internet is free information exchange. The privacy trade-off is that
the window that helps us to look out on the world is the same window that lets the world look in on us, and
this open window reduces our control over private information. The privacy problem on the internet has a
different flavor from what it had before- individuals now open doors to information about themselves
(Donald Gotterbarn).
11
A patent is a document that grants the holder exclusive rights on an invention for a fixed period of time.
Patenting of software would be superior to copyright protection as it protects against later independent
development and not just actual copying.
Copyright is a statutory grant that provides the creators of intellectual property with ownership of it
also for a fixed period of time with generally extends till the life of the creator of the work plus sixty years.
Owners are entitled to collect fees from anyone who wants to copy the property. With respect to literary
work, the copyright holder among other rights has the exclusive right to reproduce the work in any
material form.
The most common intellectual property relating to information technology deals with software. A
computer program can be classified into different aspects, which is capable of being owned independently.
These are:
1. Source code: the source code consists of the code written by the programmer in a high-level
computer language like Java or C++.
2. Object Code: It is the machine language translation of the source code.
3. Algorithm: It is the sequence of machine commands that the source code and object code
represents.
4. Look and Feel of the program: It is the way the program appears on the screen and interfaces
with the users.
Computer software is granted copyright protection as well as patent protection.
Copyright protection enables companies to prevent copying, limit competition and charge monopoly
prices for the products. In the U.K., before 1985 it was uncertain whether software was protected by
copyright. Subsequently, after intense lobbying by the computer industry, computer programs are now
protected as literary works. It also protects implicitly other forms of works created using a computer or
stored in or on computer media. In India, literary works being protected by copyright includes computer
program, table and compilations including databases.
A very controversial issue today is regarding ownership of a computer algorithm through a patent. A
patent provides the patent owner an exclusive monopoly on the use of the patented item thus denying the
right to the others to use the mathematical formula that are part of the program without the permission of
the patent holder. Opponents of algorithm patenting argue that algorithm patents effectively remove parts
of mathematics from public domain causing detriment to the society at large. They claim that algorithm
patenting stifles competition and decreases the variety of programs available to the society (The League
for Programming Freedom, 1992).
Patent laws differ from country to country. Whether a product is entitled to protection in India is
determined by the Patents Act, 1970. The U.S. approach towards computer related inventions is that
12
software that demonstrably controls or configures some computer hardware is patentable, regardless of
whether it includes mathematical algorithms. The European approach to patentability of software related
inventions is that to determine whether the software program has technical content or makes a technical
contribution. The Indian position on patenting on computer programs or computer related inventions have
not developed much. The Indian Patents Act, 1970 states that computer program per se or algorithms
cannot be patented.
employee
client
professional
professional
professional
society
professional
These relationships involve a diversity of interests and sometimes these interests can come into conflict
with each other. Responsible computer professionals, therefore, will be aware of possible conflicts of
interests and try to avoid them.
Professional organizations like the Association for Computing Machinery (ACM) and the Institute of
Electrical and Electronic Engineers (IEEE) have established code of ethics, curriculum guidelines and
accreditation requirements to help computer professions understand and manage ethical responsibilities.
They have also adopted Code of Ethics for their members which include general moral imperatives
such as avoiding harm to others and to be honest and trustworthy, specific professional responsibilities
like acquiring and maintaining professional competence and knowing and respecting existing laws pertaining
to professional work. The IEEE Code Of Ethics includes such principles as avoiding real or perceived
conflicts of interest whenever possible.
2.6 GLOBALIZATION
Computer ethics is rapidly evolving into a broader and even more important field, which might reasonably
be called global information ethics. Global networks like the internet and especially the World Wide
13
Web are connecting people all over the globe. Efforts are on to develop mutually agreed standards
of conduct and efforts to advance and defend human values. Some of the global issues being
debated are:
Global laws: Over two hundred countries are already interconnected by the internet. Given this situation,
what is the effect and impact of the law of one particular country on the rest of the world? Issues
regarding freedom of speech, protection of intellectual property, invasion of privacy vary from country to
country. The framing of common laws pertaining to such issues to ensure compliance by all the countries
is one of the foremost questions being debated.
Global cyber business: Technology is growing rapidly to enable electronic privacy and security on the
internet to safely conduct international business transactions. With such advanced technology in place,
there will be a rapid expansion of global cyber business. Nations with a technological infrastructure
already in place will enjoy rapid economic growth, while rest of the world lags behind. This disparity in
levels of technology will fuel a political and economic fallout, which could further widen the gap between
the rich and the poor.
Global education: Inexpensive access to the global information net for the rich and the poor alike is
necessary for everyone to have access to daily news from a free press, free texts, documents, political,
religious and social practices of peoples everywhere. However the impact of this sudden and global
education on different communities, cultures and religious practices are likely to be profound. The impact
on lesser known universities would be felt as older well-established universities begin offering degrees
and knowledge modules over the internet.
Examine the social and ethical issues arising out of the presence of computers in the workplace.
2.
14
Unit 3
3.0 INTRODUCTION
nternet has the potential to make life easy for some people and at the same time it has the power to
create problems as well. It tends to bridge distances to bring people together and provides a new
arena for increased economic cooperation, entertainment and sociability. Internet can be compared
as a means of communication and can be regarded as having three distinct features:
1. Global scope of communication
2. Anonymity
3. Reproducibility
Global scope: Internet communication has much broader scope and reach. With little effort a user can
reach hundreds and thousands of individuals around the globe. The ability to reach many people quickly
and easily is not exactly new or unique compared to radio or television communication. But the significant
difference between the internet and television and radio is that, in the case of radio and television it is in
most cases one way whereas in the case of internet it is interactive. It is this interactivity that is the unique
characteristic of the internet which provides to many individuals who are geographically distinct the
power to communicate easily and quickly.
Anonymity: The second important feature of the internet is that it provides a certain kind of anonymity.
It is a silent feature of this type of communication that people can deliberately avoid seeing or hearing one
another directly. On the internet, individuals can create a different person ensuring that information about
14
15
themselves cannot be traced while in communication with the other on the internet. This kind of anonymity
makes accountability for ones action difficult to achieve and tends to diminish trust in the information that
is being exchanged. The feature of anonymity has also facilitated the development of Virtual information.
The open and anonymous nature of communications on the web, a species of software has been developed
and employed with stealth to gather information intelligently. An inference is made from information
gathered without our knowledge or consent, which is termed as virtual information. This type of information
adds information to a persons profile and tends to redefine a persons digital persona. This is an invasion
of ones virtual privacy.
Reproducibility: This third important feature is not just a feature of the internet, but of information
technology in general. Electronic information exists in the form that makes it easy to copy without any loss
of originality or value in the process of reproduction. Copied data or software is perfectly usable. Copied
data or software leave no evidence behind of it being copied and the creator/owner of the data or software
could remain unaware of their work being copied. Reproducibility facilitates anonymity. The traditional
notion of a persons property is that the person is in the control of the property over which he claims
ownership. Reproducibility goes counter to this traditional notion wherein the scope of anonymity gives
rises to serious questions regarding the integrity of the information.
These three features of communication lead directly or indirectly to a wide range of ethical issues. The
global scope of the internet do things to one another demonstrates the great amount of power when
connected to the internet. The global scope enables individuals apart from fraternizing with one other also
to disrupt, steal, damage, snoop, harass, stalk and defame from great distances. Anonymity available on
the internet gives individuals a sense if invisibility that allows them to engage in behavior that they might
not otherwise engage in. The positive aspect of anonymity is that it might allow individuals to get a free
and equal treatment irrespective of their race, colour or creed. It might also enable their participation in
activities where individuals might otherwise be reluctant. But anonymity leads to serious problems for
accountability and integrity of information. Reproducibility exacerbates the problems arising from global
reach and anonymity. It also adds to the problems of accountability and integrity of information arising out
of anonymity.
16
problem. The hackers were usually young men who had acquired a good knowledge of the computers and
were involved in testing the limits of their knowledge by attempting to breach the protection devices of a
system. Only over a period of time did the activity of hacking become branded as an illegal activity as
attempts to break into systems were directed towards illegal actions including stealing software. It also
included intentionally sending viruses or worms on the net that damage the computer systems and also
taking unauthorized control of a web site. Hacking causes harm, it violates legitimate privacy and property
rights and it often deprives users of access to their own computer systems. Thus hacking is unethical and
has rightly been made illegal.
The other category of problematic behavior is the criminal actions involving theft and extortion. In
these cases the internet facilitates such behavior. Falling in the scope of criminal actions include stealing
of electronic funds, cyber stalking, slander, fraud, harassment, solicitation of minors etc.
The third category of problematic behavior involves issues whether specific laws need to be framed to
make such behavior illegal. Such laws framed to counter such behavior forms a part of netiquette or in
other words the type of actions that are acceptable or informal conventions regarding how to behave on
the net. Netiquette is defined as the dos and donts of online communication or as informal rules of the
net or as common courtesy online. Violations of netiquette are considered unethical. Being polite,
being patient and not breaking any laws are considered the important features of netiquette. Acts of
spamming i.e. sending unsolicited bulk e-mail and sending inflammatory or insulting messages called
flaming are examples of violations of netiquette. Thus for the smooth functioning of the internet, laws
have been framed and human behavior has in many cases caused inconvenience and harm to others.
Netiquette promotes ethical behavior and thus is an important tool for shaping the behavior on the net.
(Johnson, 1999)
17
terms of happiness, basic needs, shares of primary goods, desires etc. Both of these approaches represent
overly simplistic accounts of moral deliberation and decision-making and need to be supplemented or
enriched to be adequate as an ethical framework for the moral evaluation of individual cases and actions.
These different types of value reflect the value that human beings can take different perspectives and
can switch between them. One can think of a problem or situation from a self interested and personal
stance, but also from the point of view of humanity or from the point of view of us as social beings with
roles and position in a social network of relations. Some of the fundamental values are outcome oriented
(Utility), some are abstract from the consequences of actions (obligations and duty), and some of them
are personal and self centered and others impersonal. (Van den Hover, 1999).
18
9. Dont abuse your power.
10. Be forgiving of other peoples mistakes.
Most of these rules are connected with two things, first the respect for human beings (1,2,3, 8,10), and
second respect for information resources (3,4,6,9). Of common concern to both parts is the ease with
which e-mail is sent, wrong attachments are appended, and effects on the individual are forgotten because
of the technological mediation and absence of real human interlocutor. They also draw attention towards
maintaining good relationships. Neglect of these factors can lead to flame wars that is episodes of escalating,
rude e-mail correspondence. Flame wars add injuries to insult, since in addition to insults that are made,
disrespect is shown for things like time, attention, resources that are scarce and valuable to others.
2.
What are the fundamental conceptions regarding the evaluation of individual actions?
19
Unit 4
4.0 INTRODUCTION
code of ethics helps in clarifying issues and provides a broader and firmer foundation on which
an ethical framework can be built. It would provide a basis to address issues from the viewpoint
of the computing profession. Some view the Code as a veiled attempt to generate a positive
image for the computing profession. Others claim that the Codes merely establish a moral minimum and
are incomplete. It is necessary to identify and emphasize the characteristics of the Code that are relevant
to the situation. Despite the misgivings, Codes do serve a number of positive functions. The different
functions of Codes are better understood by distinguishing them into
1. Code of ethics: Code of ethics are more aspirational. They are mission statements emphasizing
the professional objectives and vision.
2. Code of conduct: Code of conduct are more oriented towards the professionals attitude. They
do not describe in detail now to carry out a particular action, bur they make clear the issues at
stake in different specialized fields.
3. Code of practice: Code of practice on the other hand fixes some accepted state of art (Berleur,
1996) and relate to current operational activities.
The degree of enforcement possible is dependant on the type of code. Code of ethics, which is primarily
aspirational, uses no more that light coercion. Codes of conduct violations generally carry sanctions ranging
from warning to exclusion from the professional bodies. Violations of the codes of practice may lead to
legal action on the grounds of malpractice or negligence. The type of code used to guide behavior affects
the type of enforcement. The hierarchy of codes parallel the three levels of ethical obligations owed by
professionals. The first level identified is a set of ethical values, such as integrity and justice, which
19
20
professionals share with other human beings by virtue of their shared humanity. Code statements at this
level are statements of aspiration that provide vision and objectives. The second level obliges professionals
to more challenging obligations than those required at the first level. At the second level, by virtue of their
role as professionals and their special skills, they owe a higher degree of care to those affected by their
work. Every type of professional shares this second level of ethical obligation. Code statements at this
level express the obligations of all professionals and professional attitudes. They do not describe specific
behavior details, but they clearly indicate professional responsibilities. The third and deeper level comprises
several obligations that derive directly from elements unique to the particular professional practice. Code
elements at this level assert more specific behavioral responsibilities that are more closely related to the
state of art within the particular profession. The range of statements is from more general aspirational
statement to specific and measurable requirements. Professional code of ethics needs to address all three
of these levels.
21
could serve as a formal basis in some organizations to revoke membership or suspend license to
practice.
6. Enhance the professions public image: Codes serve to educate multiple constituencies
about the ethical obligations and the responsibilities of the professional. They educate the
professionals about what they should expect from themselves and what they should expect
from their colleagues. Codes also serve to educate society about its rights, about what society
has a right to expect from the practicing professional.
A code fulfilling its function will change the approach of many to the internet and provide a counter
pressure against the tendency to behave unethically. It would also help many to realize that their behavior
may be unethical. The standards expected and the realization of ones conduct will make them pause and
think about the consequences of their actions. This is summed up in the preamble to the Software Engineering
Code of Ethics and Professional Practice:
These principles should influence internet developers / users to consider broadly who is affected by
their work; to examine if they and their colleagues are treating other human beings with due respect; to
consider how the public, if reasonably well informed, would view their decisions; to analyze how the least
empowered will be effected by their decisions; and to consider whether their acts would be judged worthy
of the ideal professional working as a software engineer. In all these judgements, concern for the health
safety and welfare of public is primary; that is public interest is central to the code. ( Donald Gotternbarn,
1994).
22
3. Codes cannot serve as the final moral authority for professional conduct. To accept the current
code of a professional society as the last word would amount to ethical conventionalism.
Ethical conventionalism is viewing that a particular set of conventions, customs or law is selfcertifying and not to be questioned as long as it is set in force at a given time or for a given place.
Such a view rules out the possibility of criticizing that set of conventions from a wider moral
framework.
4. Codes do not indicate if a view taken in respect to a particular situation is correct or not. They
only provide a framework for ongoing debate and discussion. Codes represent a compromise
between differing judgements and are developed amidst disagreements.
5. The existence of separate codes for different professional bodies could give rise to feeling that
ethical conduct is rather relative. It also gives room for suspicion that none of the codes are
really right. (Mike W. Martin, 2003)
How do professional codes address issues from the viewpoint of computing profession?
2.
23
24
Unit 5
5.0 INTRODUCTION
e begin by giving you a brief picture of the electronic world we all live in. It is apparent that
geographical divide is no longer a limiting factor for doing business. Electronic commerce has
literally shrunk the globe and has virtually made it a market without boundaries.
5.1 OBJECTIVE
At the end of this chapter you will be able to understand the relationship between electronic world and
our lives. You will also be able to explain the nature of the net, the features of the net and the impact of
information technology revolution on society.
24
25
steal money or proprietary data, invade private records, conduct industrial espionage, cause a vital
infrastructure to cease operations, or engage in information warfare.
Digitalization has radically transformed the ways of accessing and using information. Technical
convergence not only rendered fillip to this process, but also as a result, affected positive impact on
economics of the nations. The influence of cyber is so striking in our day to day lives, that one would
discern not only in the realm of trade and commerce, but also in the ambit of personal communications,
academic and scientific research, critical infrastructure and the like. In the Indian context, but for the
inherent lack of capacity in terms of PC penetration, basic telephony etc., cyber influence would have
been far different from our own contemplation. In view of two significant strengths of internet, namely
connectivity and the pace and accuracy with which the transmission of information takes place, online
transactions particularly that of commercial nature has secured tremendous social receptivity. The resultant
outcome, as a natural corollary of the same, can be observed not only in terms of swelling numbers of
online users but also creative and expansive nature of services that are rendered by the internet providers.
For instance, in the initial stages of cyber influence, broadly, if one may put it, the subject matter of
substantial part of online transactions was merely focusing on tangible or physical property and service
rendering. Now, with the convergence, digitalization of various products is taking place, as a result,
transactions involving particular kind of subject matter are more effectively facilitated by the cyber medium.
For instance, online music and software tools and techniques are some of the products falling under this
category. This clearly indicates how the strides in information technology are changing the facets of
cyberspace.
Again, the advent of global computer networks has rendered geographical boundaries increasingly
porous and ephemeral. As internet subscription increases, just as any sizeable number of human beings
interact, disagreements may be expected to arise. As the community of internet users grows increasingly
diverse, and the range of online interaction expands, disputes of every kind may be expected to occur.
Online contracts will be breached, online torts (any kind of civil wrong) will be committed and online
crimes will be perpetrated. Although, many of these disputes will be settled informally, others may require
formal mechanisms of dispute resolution and adjudication of liability.
26
This medium defined by these shared protocols is distinctly unlike any other. First, the internet is a
packet switching network. Unlike communications media that tie up the entire channel in real time during
transmission, the internet breaks information into discreet packets of bits that can be transmitted as
capacity allows. Packets are labeled with the addresses of their final destination, and may follow any of
a number of different routes from computer to computer until finally their final destination, where they are
re-assembled by the recipient machine. Thus, packets from a variety of sources may share the same
channel as bandwidth allows, promoting more efficient use of available carrying capacity. (Dan L. Burk,
1999).
There is no centralized control of packet routing, or for that matter, of almost any other aspect of the
internet. From a technical standpoint, each computer acts autonomously, co-ordinating traffic with its
nearest connected neighbors, and guided only by the invisible hand that arises from the sum of millions
of such independent actions. From a management standpoint, each node is similarly autonomous, answering
only to its own systems administrator. This means that there is no central authority to govern the internet
usage, no one to ask for permission to join the network, and no one to complain to when things go wrong.
27
indifferent to physical location. So insensitive is the network to geography, that it is frequently impossible
to determine the physical location of a resource or a user. In real space, a business can usually locate a
person or entity with which it is interacting; this tends to facilitate identification of partners and validation
of transactions. This process is far more difficult in cyberspace, when the parties in a transaction may be
in adjoining rooms, or half the world away, and the network offers no way to tell the difference. In other
words, there is no nexus between cyberspace and real space. Even in some instances an internet address
tells something about the location of a given machine, it tells nothing about the location of the user of that
machine.
To fully appreciate the inchoate nature of internet geography, it is important to consider the common
internet practice of caching copies of frequently accessed resources. In order to better manage packet
traffic, some internet servers will store partial or complete duplicates of the materials from frequently
accessed sites; keeping copies on hand eliminates the need to repeatedly request copies from the original
server. An internet user who attempts to access the materials will never know the difference between the
cached materials and the original. The materials displayed on the users machine will appear to come
from the original source, whether they are actually transmitted from there or from a nearly cache. Nearby
connotes logical proximity but not physical proximity.
The modern world relies on computerized systems for almost everything in life from air, train and bus
traffic control to medical services and co-ordination of national security. Even a small glitch in the operation
of these systems can jeopardize human lives. The societys dependence on computer systems, therefore,
has a profound human dimension too. The rapid boundaryless expansion of large-scale computer networks
and the ability to access systems through regular telephone lines increases the vulnerability of these
systems. And it also increases the opportunity for perpetrating crimes. The consequences of computer
crime may have serious economic implications, as well as invaluable loss in terms of human security. In
this context, it is important to understand the motivation behind cyber crimes in terms of perceived value
of information as a critical source in todays digital society. This value of information revolves around six
factors:
a) The persons concerns and commitments;
b) The persons capabilities;
c) Availability of information resource to the person;
d) Availability of information resource to other persons affected;
e) Resource integrity;
f) Time. (Nina Godbole, 2000)
28
2.
3.
4.
29
Unit 6
6.0 INTRODUCTION
espite divergent views and opinions about law, it is universally construed as an instrument of
social change. In other words, law and legal regulation is expected to bring about desired social
change and order which is quintessentially necessary to maintain societal peace and tranquility.
Yet times, it is necessary to facilitate rule or norm compliance to ensure orderly human conduct in a
particular activity like economic one.
However, this is not to be understood that such desired rule compliance or social change is only
possible because of law and legal system. Suffice it to say that law and legal system form part of series
of measures which would influence such change like education, economic parity, ethics and the like. But
law and the legal system definitely plays a decisive role in bringing about the required change subject to
factors like, social receptivity and fair and non-discriminatory nature of legal enforcement.
6.1 OBJECTIVE
The objective of this unit is to give you a brief overview as to the evolution of law. You will be able to
explain the sources of law and the different branches of law needed to cater to societal needs.
29
30
and shaped by British rulers and jurists. Common law connotes, judicial practice of recognizing customary,
traditional practices of the people in a formal sense of judgments.
In this kind of system there are three main sources of the law, namely, legislation, case law and
custom.
Legislation is the formal enactment of law by the legislature created or authorized by the Constitution.
Essentially, the process of codification or legislative enactment is the premise. It stands in contrast to
judge made law; Legislation consists of leges scriptae (written laws), as contrasted with judge made law
or common law (jus commune). Legislation also stands in contrast to customary law (consuetudines).
Common law comprises the body of principles, which derive their authority solely from the decisions
of courts. It is a body of law that develops and derives through judicial decisions, as distinguished from
legislative enactments. Its principles do not derive their validity from formal law making by any body of
persons, but from their enunciation through decisions of courts. Judicial decisions become a source of law
by reason of the practice of courts (in common law jurisdictions), of accepting precedent as a source of
law, that is, the established judicial practice that a court must follow the law laid down by a decision of the
higher judiciary in the country or State and the law laid down by itself in an earlier judgment, if it is itself
an organ of the higher judiciary.
Custom (as a source of law) denotes a usage or practice of the people (including a particular social
group or a group residing in a particular locality) which, by common adoption and acquiescence and by
long and unvarying habit, has become compulsory and has acquired the force of law with respect to the
place or subject matter to which it relates [Black, Law Dictionary, (1990), page 385]. Legislation and case
law can (subject to constitutional limitations) operate in any sphere of human activity, while the operation
of custom is generally restricted to a particular locality, group or family. (P.M. Bakshi, 1996)
31
of separation of powers, the legislature cannot reverse or modify the actual decision rendered by the court
in a particular case). In contrast courts cannot repeal or modify a legislature enactment (though they can
declare it to be void, as unconstitutional).
Legislation is the most fertile source of law. Subject to limitations flowing from the constitutional
doctrine, that matters of policy cannot be delegated, the legislature can vest a subordinate authority with
power to make rules, orders, etc. But a court pronouncing a judgment cannot do so.
A legislative enactment is not subject to appeal; and the law enacted by it cannot be reversed, as such,
by a higher authority (though it can be declared to be void, if it is unconstitutional). In contrast, the law laid
down in a judgement of a court laying down the law may be reversed on appeal by a higher judicial
authority, which may take a different view of the law. (P.M. Bakshi, 1996)
32
2.
3.
4.
5.
33
34
Unit 7
7.0 INTRODUCTION
technological pace is something insurmountable for the law to keep abreast. In addition, the process
of law making itself has a definite contribution towards this. A look into the assumptions upon
7.1 OBJECTIVE
After going through this unit will be able to explain the primary assumptions which any legal system is
based upon. You will be able to understand the relationship between national law, sovereignty and world
commerce especially in the age where world commerce is blurring geographical boundaries.
34
35
7.2.1 Sovereignty
Law making power is a matter of sovereign prerogative. As a result, the writ of sovereign authority
runs throughout wherever sovereign power exercises authority. Beyond its authority, which is always
attributed to determinate geographical boundaries, the sovereign cannot regulate a subject matter through
legal intervention. However, in the cyber context, geography is a matter of history, in the sense that
barriers in terms of distance and geographical boundaries do not make much sense.
36
37
are not confined to any single one of the traditional legal categories but which arise in, for example,
criminal law, intellectual property law, contract law and tort law. For instance, presently, the following
issues are being addressed by law.
How does the law deal with computer hackers or those who introduce viruses?
Should a contract for the acquisition of software be categorized as one dealing with goods?
Similarly, should software be regarded as a product? Can copyright subsist in a computer program?
Would patent protection be more appropriate?
Does the widespread dissemination of text on networks herald the death of copyright?
Should the content of the material on the internet be regulated and, if so, by whom? What about
freedom of information and expression?
How is the privacy of the individual to be protected amid the increasing capacity for storing,
gathering and collating information?
An overview of these concerns will enable us to broadly identify the applicable parameters for better
comprehension and understanding of:
cyber crimes;
cyber contracts;
cyber privacy;
38
Unit 8
Cyber Crimes
8.0 INTRODUCTION
t the outset, terminological clarification about usage of this phrase namely, cyber crimes is
warranted. Many a time, cyber crimes is used synonymously to indicate computer crimes also.
However, technically speaking, the phrase cyber crimes entails a different and unique
understanding. No doubt, computer, in whatever sense we use the term is basically required to undertake
any activity in the cyber context. In other words, possible crime can be perpetrated with the help of a
computer devoid of cyber context. But as matters stand now, without the help of a computer network it
is not possible to involve in any kind of activity in the cyber context.
8.1 OBJECTIVE
The objective of this unit is to define what constitutes Cyber Crime. You will be able to identify the
offences that constitute Cyber Crime under the I.T. Act 2000.
38
39
processing system. Many businesses store their most valuable company secrets electronically. Marine,
air, and space control systems, as well as medical supervision rely to a great extent on modern computer
systems. Computers and the internet also play an increasing role in the education and leisure of minors.
International computer networks are the nerves of the economy, the public sector and society. The security
of these computer and communication systems and their protection against computer crime is therefore
of essential importance.
In the course of this development computer crime has developed into a major threat of todays
information society. The spreading of computer technology into almost all areas of life as well as the
interconnection of computers by international computer networks has made computer crime more diverse,
more dangerous, and internationally present. An analysis of relevant criminogenic factors shows that
modern computer and communication networks have specific characteristics which are highly useful for
perpetrators but which imply difficulties for potential victims and for law enforcement (such as complex
security questions, multiple hardware and software systems, inexperience of many users, anonymity,
encryption and international mobility). Groups active in organized crime, professional business espionage
and secret services around the world are already exploiting these new features of computer crime.
However, many governments, businesses and private users are not aware of the attacks that happen or
could happen to them in the data processing area. Thus, governmental agencies, the industry and private
users should be made aware that protection against computer attacks is of great significance. They
should be informed about the main threats of computer crime and the responses thereto. (Prof. Ulrich
Sieber, 1997)
40
41
42
43
In 1996 the Spanish public was stunned by a case of distribution of child pornography. Two students
had a collection of over 150 floppy disks with child pornography all collected over the internet. Both had
to be released from prison after 3 days because of a legal gap in the new Spanish Criminal Code of 1996.
Increasingly, video games with a racial background in which the user could discriminate against foreigners
and ethnic minorities is serving as propaganda material for young people.
An example for libel was dealt with by court in the United States in 1991. In this case, CompuServe
contracted with a third party for that user to conduct a special- interest forum (called Rumorville) on
CompuServe. The plaintiff claimed that defamatory material about its business was posted by a user in
that forum, and sued both the forum host and CompuServe. CompuServe moved for, and received, summary
judgement in its favor.
The prosecution of perpetrators disseminating illegal contents in the Internet is not only made difficult
by the fact that these perpetrators are acting from abroad and that the international mechanisms of cooperation are often weak and slow. Prosecution is often impossible since perpetrators can hide behind the
anonymity which today is granted by anonymous re-mailers and by the abuse of free access software.
44
45
Computer Forgery: The input, alteration, erasure, or suppression of computer data or computer programs
or other interference with the course of data processing in a manner as prescribed by the law;
Damage to computer Data or computer Programs: The erasure, damaging, deterioration, or suppression
of computer data or computer programs without right;
Computer Sabotage: The input, alteration, erasure, or suppression of computer data or computer programs
or other interference with computer systems, with an intent to hinder the functioning of a computer or a
telecommunication system;
Unauthorized Access: The access without right to a computer system or network by infringing security
measures;
Unauthorized Interception: The interception made without right and by technical means, of
communications to, from and within a computer system or network;
Unauthorized Reproduction of a Protected Computer Program: The reproduction, distribution, or
communication to the public without right;
46
2.
47
Unit 9
Cyber Contracts
9.0 INTRODUCTION
he Indian Contract Act, 1872 has been the basis for the enforcement of Contracts. The Act
specifies the conditions that are necessary for a contract to be a valid contract and to be enforceable
by law. The Information Technology Act, 2000 (I.T. Act, 2000) contains provisions on how a
contract can be formed electronically. The Act acts in conjunction with the Indian contract Act, 1872.
9.1 OBJECTIVE
The objective in this unit is to give you a concise picture regarding the formation of a contract, the
validity of a contract and statutory provisions governing the formation of a contract. After reading through
this unit you will be able to explain the essential features of a contract and the specific requirements for
electronic contracts.
47
48
avenues to conclude and validate a contract executed by people separated geographically have emerged.
In the age of the internet where distances are no barriers to business, the primacy of paper documentation
had given way to contracts by electronic means. As far as there is a valid offer and acceptance, the
means of communication has ceased to be a factor. The I.T. Act, 2000 being a commercial code of ebusiness transaction, contains provisions with means to conclude a contract electronically and also to
provide a legal validity to such a transaction.
The I.T. Act states that where any law provides that information shall be in writing or in printed form,
the requirement is deemed to be satisfied if such information is in an electronic form and is accessible for
subsequent reference. The key ingredients of the formation of electronic contracts comprise communication
of offer and acceptance by electronic means, verification of the source of the communication, authentication
of the time and place of dispatch and finally the verifiability of the receipt of the data communication. If
the key ingredients are satisfied the legal enforceability of an electronic contract is at par with the paper
contract.
The provisions of Information Technology act are not applicable to the following
Negotiable instruments other than the cheque (i.e: Bill of Exchange and Promissory note)
as defined in the Negotiable Instruments Act, 1881.
Power of attorney instruments as defined in the Power of Attorney Act, 1882
Trust as defined under the Indian Trusts Act, 1882
Will as defined in the Indian Succession Act 1925
Any contract for the sale or conveyance of immovable property
Any such class of documents or transactions as may be notified by the central Government in
the official Gazette
Consideration
49
Writing is not essential for the validity of a contract, except where a specific statutory provision
requires writing. An arbitration clause must be in writing.
Has there been an offer at all in the particular case, or is there something less than an offer?
Has the acceptance been communicated to the person making the offer?
50
9.3.3 Concept of offer
An offer (or its Indian counterpart, a Proposal) is not defined by statute. It is generally understood as
denoting the expression, by words or conduct, of a willingness to enter into a legally binding contract. By
its terms, it expressly or impliedly indicates that it is to become binding on the offeror as soon as it has
been accepted, usually by a return promise or an act on the part of the person (the offeree) to whom it is
so addressed.
An acceptance, in relation to an offer, is a final and unqualified expression of assent to the terms of the
offer.
Offer followed by acceptance is an agreement. If an agreement is enforceable by law, it is a Contract.
Statement made during negotiation, without indicating that the maker intends to be bound without
further negotiation.
A statement which invites the other party to make an offer (e.g. a notice inviting tenders).
Statement of lowest price. Harvey v. Facey, (1893) A.C. 552; Macpherson v. Appana, A.I.R.
1951 S.C. 184. It is regarded as an invitation to make offers Re Webster (1975) 132 C.L.R. 270.
Display of goods in a shop with price tags is not an offer, but is merely an invitation to make an
offer. Bell (1960) 3 All E.R. 731.
51
By lapse of time, if the offer is stated to be open only for a fixed time.
52
9.6 CONSIDERATION
As a rule, an agreement without consideration is void. The Indian Contract Act defines consideration
as follows:
When, at the desire of the promisor, the promisee or any other person has done or abstained from
doing, or does or abstains from doing, or promises to do or abstains from doing something, such act,
abstinence, or promise is called a consideration for the promise.
A mere promise to give a donation, either orally or in writing, is not enforceable. Settlement of bona
fide but doubtful claims involves a bargain between the contracting parties and is, therefore, based on
consideration. Money is not the only form of consideration. A consideration may consist sometimes in the
doing of a requested act, and sometimes in the making of a promise by the offeree. Forbearance of sue at
the promisors desire constitutes good consideration.
Consideration is not required for a promise to compensate, wholly or in part, a person who has already
voluntarily done something for the promisor or something which the promisor was legally compellable to
do. It is also not required for a written and signed promise by the debtor (or his duly authorized agent) to
pay a time-barred debt to the creditor.
9.8 CONSENT
When consent to a transaction is procured by coercion, undue influence, fraud or misrepresentation,
the agreement is voidable at the option of the party whose consent was so procured. Cases of undue
influence arise where the transaction is ex facie unconscionable and one party was in a position to
dominate the will of the other. Where parties are bound by a fiduciary relationship, as in the case of father
53
and son, doctor and patient, master and servant, advocate and client, the law protects the weaker party,
throwing on the other party the burden of proving that no undue influence was exercised. Mutual mistake
in respect of material facts in the formation of a contract renders the agreement void. A unilateral mistake,
however, does not render an agreement void. Nor does a mistake of law affect its validity.
54
Damages,
Injunction.
9.13.1 Damages
When a contract has been broken, the party who suffers by such breach is entitled to receive, from the
party who has broken the contract, compensation for any loss or damage caused to him thereby, being
loss or damages which naturally arose in the usual course of things from such breach or which the parties
knew, when they made the contract, to be likely to result from the breach of it.
Such compensation is not to be given for any remote and indirect loss or damage sustained by reason
of the breach.
55
The same principle applies for determining damages for breach of an obligation arising from quasicontract.
In estimating the loss or damage arising from a breach of contract, the means which existed of
remedying the inconvenience caused by the non-performance of the contract must be taken into account.
9.13.3 Injunctions
An injunction is a preventive relief and is granted at the discretion of the court. The discretion of the
court is not arbitrary but is guided by judicial principles. A further check on the discretion is the provision
for correction through an appeal in a higher court. The different types of injunctions are
a. Temporary injunction: A temporary injunction is granted to continue until a specified period of
time or until the time the court orders its continuation. The injunction can be granted at any time
of the suit and is governed by the Code of civil procedure.
b. Permanent injunction: A permanent injunction is granted to prevent a breach of an obligation
existing in favor of an applicant. A permanent injunction is granted by the court only after an
hearing and on the merits of the case.
56
9.14 CHECK YOUR PROGRESS
QUESTIONS
1.
2.
57
Unit 10
Cyber Privacy
10.0 INTRODUCTION
rivacy in cyber space has assumed great importance given the proliferation in electronic commerce.
The privacy violation particularly in the western societies is viewed as an infringement of ones
right, whether the violation concerns activity that is of a commercial or a private nature. In this unit
you will find a detailed discussion regarding privacy issues confronting the cyber world
10.1 OBJECTIVE
This unit will discuss important issues that figure in cyber piracy. You will be able to explain the
different aspects of cyber privacy and analyze the privacy issues that need to be addressed.
57
58
of information will be provided by the users or rather demanded by the service provider. The information
includes, e-mail identity, address for communication, telephone numbers, employment, marital status, health
status and financial information and the like. In other words, the growing influence of information technology
is resulting in sharing and storing of wealth of personal information. Today enormous amounts of information
are being collected by many thousands of web sites. As of now in the practice while an effective technology
called SSL (Secure Sockets Layer) is used for protecting the privacy of the transaction between a browser
and a web server, the protection ceases once the information is on the server and in the hands of the
entity.
In the area of data-gathering and use by on-line businesses, the new technology has made it possible
not only to store personal information provided by consumers but also to track consumers decisions as
they move through on-line sites - whether or not they complete transactions. Should this sort of transactional
data be used differently than the personal information affirmatively provided by consumers? The personal
and transactional information that can be captured on-line differs both qualitatively and quantitatively
from the information a merchant obtains when an in-person transaction is completed. Should the nature of
the information gathered limit the uses to which such information may be put by business? Are there, for
example, types of information that should not be used for target marketing purposes? Should information
gathered for the purpose of consummating a transaction be used for market research? What are the limits
on a business ability to resell/rent personal consumer information to other businesses? Is it appropriate to
think of a consumers interest in his or her personal or transactional information as a right? If so, what
is the responsibility of business with regard to that right? If not, to what extent should the consumer have
control over personal and transactional information? How should the consumers control be exercised?
What constitutes voluntary consent to the use of personal or transactional information that has been
gathered on-line? How much is the consumer entitled to know about the uses to which personal or
transactional information will be put? At what stage in a business relationship should the consumer be
asked for consent? Should that be informed consent ? If so, what kind of information is to be furnished by
the service provider? To what extent should consumers have access to the information about and the
ability to correct or modify information that is being collected from them and gathered about them? These
are well founded concerns of online users who part with the information, as and when demanded by the
service provider.
That the individual shall have full protection in person and in property is a principle as old as the
common law; but it has been found necessary from time to time to define anew the exact nature and
extent of such protection. Political, social and economic changes entail the recognition of new rights, and
the common law, in its eternal youth, grows to meet the demands of society. Thus, in very early times, the
law gave a remedy only for physical interference with life and property, for trespass etc. ( See, Samuel D.
Warren and Louis D. Brandeis, The Right to Privacy, Harvard Law Review, Vol.15, 1890,at p.192).
However, the passage of time revealed that only a part of the pain, pleasure, and profit of life lay in
physical things, and the remaining in the personhood, in the sense of, thoughts, emotions and sensations
and the like. The unique feature of common law enabled the judges to afford the requisite protection,
59
without the interposition of the legislature, in this area of intangible nature, i.e., privacy. Judge Cooley
pronounced this as right to be left alone. (See Cooley on Torts, 2nd ed., p.29)
In this process, over a period of time, the nature of legal response in the form of common law based
tort law, has evolved towards privacy concerns. This development had profound impact particularly on
constitutional law. In so far as Indian context is concerned, by and large, evolution of privacy related law
had undergone similar experience. One unique development in this respect is, judiciarys painstaking
efforts to recognize right to privacy involving gender dimension which can be acquired by virtue of a local
custom or a grant or special permission. (See Ratanlal and Dhirajlal, Law of torts at pp382-383).
In recent times, the Supreme Courts pronouncements (Particularly focusing on surveillance and
telephone tapping situations. Gobind v. State of M.P. (1975) 2 SCC 148 per Honble K.K. Mathew, V.R.
Krishna Iyer and P.K. Goswamy JJ. Also see Kharak Singh v. State of U.P. AIR 1963 SC 1295 per
Honble B.P. Sinha, Syed Jafer Imam, K. Subba Rao, J.C. Shah, N. Rajagopala Iyengar, J.R. Mudholkar
JJ.) on this matter from the perspective of Constitutional law are quite enlightening. Justice K.K. Mathew,
in one such case, observed that, privacy-dignity claims deserve to be examined with care and to be
denied only when an important countervailing interest is shown to be superior. If the court does find that
a claimed right is entitled to protection as a fundamental privacy right, a law infringing it must satisfy the
compelling State interest. Then the question would be whether a State interest is of such paramount
importance as would justify an infringement of the right. Obviously, if the enforcement of morality were
held to be a compelling as well as a permissible State interest, the characterization of a claimed right as a
fundamental privacy right would be of far less significance. Privacy primarily concerns the individual. It
therefore relates to and overlaps with the concept of liberty. The most serious advocate of privacy must
confess that there are serious problems of defining the essence and scope of the right. Privacy interest in
autonomy must also be placed in the context of other rights and values. Any right to privacy must compass
and protect the personal intimacies of the home, the family, marriage, motherhood, procreation and child
rearing. This catalogue approach to the question is obviously not as instructive as it does not give an
analytical picture of the distinctive characteristics of the right of privacy. Perhaps, the only suggestion that
can be offered as unifying principle underlying the concept has been the assertion that a claimed right
must be a fundamental right implicit in the concept of ordered liberty. The right to privacy in any event will
necessarily have to go through a process of case-by-case development. In an attempt to legitimately
justify this kind of interpretation of bringing right to privacy under Article 21 of our Constitution, Justice
Kuldip Singh (Peoples Union for Civil Liberties (PUCL) v. Union of India (1997) 1 SCC 301 per Honble
Kuldip Singh, S. Saghir Ahmed JJ.) affirmed that, India is a signatory to the International Covenant on
Civil and Political Rights, 1966. Article 17 thereof provides for right of privacy. Article 12 of the Universal
Declaration of Human Rights, 1948 is almost in similar terms. Article 17 of the International Covenant
does not go contrary to any part of our municipal law. Article 21 of the Constitution has, therefore, to be
interpreted in conformity with the international law. The right to privacy, the Supreme Court continued, by
itself, has not been identified under the Constitution. As a concept it may be too broad and moralistic to
define it judicially. Whether right to privacy can be claimed or has been infringed in a given case would
depend on the facts of the said case. But the right to hold a telephone conversation in the privacy of ones
60
home or office without interference can certainly be claimed as right to privacy. Conversations on the
telephone are often of an intimate and confidential character. Telephone conversation is a part of modern
mans life. Right of privacy would certainly include telephone conversation in the privacy of ones home
or office. Telephone tapping would, thus, infract Article 21 of the Constitution of India unless it is permitted
under the procedure established by law.
Though it is claimed that the constitutionally interpreted right to privacy under Article 21 can be
enforced against private persons as well, many others strongly feel that the right to privacy against private
persons can only be enforced by invoking the principle of privacy as an actionable tort per se. (See
R.Rajagopal v. State of Tamil Nadu (1994) 6 SCC 632 per Honble B.P Jeevan Reddy and Suhas C. Sen
JJ Also see, Soli Sorabjee, Privacy and Defamation : Supreme Court defines parameters, Indian Express
dated 12th November, at p.9.)
Similarly, any act or behavior threatening or disturbing privacy per se has not been subjected to
criminalization, in the initial phase. One plausible reason could be, like criminal law, for long has not
recognized any kind of injury or interference caused to either intangible or incorporeal property. Thats the
reason why, till suitable and subject specific statutory codifications have been made, in English Criminal
law, theft of information was not construed as a criminal offence. (See Chris Reed and John Angel,
Computer Law at pp.270-71). For similar developments in Scotts Law and Canadian Law, see ibid. at
pp.271-76.) More or less similar developments have taken place in Indian context as well.
The concern has acquired a new dimension in the electronic era. Unlike the legal rules concerning
corporeal objects, information law does not only consider the economic interests of the proprietor or
holder but also takes into account the interests of persons concerned with the content of information.
Before the invention of computers, the legal protection of persons in regard to the content of information
was limited. Few provisions existed in the criminal law other than those in relation to libel. Since the 1970s,
however, new technologies have expanded the possibilities of collecting, storing, accessing, comparing,
selecting, linking and transmitting data, thereby causing new threats to privacy. This has prompted many
countries to enact new elements of administrative, civil and penal regulations.
Various international measures, support this evolution by developing a common approach to privacy
protection. (http://www.ifs.univie.ac.at/~pr2gq1/rev4344.html )
In response to the challenges posed by the cyber context, different legal measures have been initiated
in diverse jurisdictions, particularly envisaging remedial measures for privacy violations. (For instance see
Data Protection Act, 1998. For a comprehensive source of primary and secondary legislation in this
regard, see Encyclopedia of Data Protection, S.Chalton, S.Gaskill,H. Grant and I Walden (eds),
London:Sweet & Maxwell. Section 72 of The Information Technology Act, 2000 states that any person
who, in pursuance of any of the powers conferred under this Act, rules or regulations made thereunder
has secured access to any electronic record, book, register, correspondence, information, document or
other material without the consent of the person concerned discloses such electronic record, book,
register, correspondence, information, document or other material to any other person shall be punished
61
with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh
rupees or with both.)
At the outset, it is necessary to understand and realize that any attempt to address the concerns
pertaining to consumer privacy should not ignore or overlook the concerns of all those who possess an
interest in the continued growth of e-commerce and trade. There appears to be a kind of consensus which
is largely driven by the thinking of National Information Infrastructure Task Force (NIIF) (Constituted by
Clinton administration, based in USA.) to the effect that electronic medium must shape development of a
workable privacy policy which could be pragmatically subjected to realistic enforcement without
compromising the interests of either the industry or the consumers. In this regard, fundamentally envisaged
principles include: (a) everyone associated particularly, consumers, government and business have a shared
responsibility towards fair and proper use of personal information; (b) the technology must be consumer
friendly, in the sense that it would empower individuals to take steps to protect that information themselves;
(c) transparency about and accountability for the process of collecting and using personal information; (d)
dissemination of information about the ways in which the personal information is used or misused in
cyberspace. (This is with a view to create public awareness, so that the public will be able to initiate
appropriate preventive measures.)
The NIIF privacy principles broadly identify three fundamental concerns that must govern the way in
which personal information is acquired, disclosed and used on the net information privacy, information
integrity and information quality. First an assurance as to the collected personal information regarding its
proper usage. Second, unfair or improper alteration of personal information. And, third, personal information
should be accurate, timely, complete and relevant for the purposes for which it is provided and used.
In addition, those who gather and use personal information should recognize and respect the privacy
interests that individuals have in personal information by (a) assessing the impact on privacy in deciding
whether to obtain or use personal information, and (b) obtaining and keeping only information that could
be reasonably expected to support current or planned activities and use the information only for those or
compatible principles and none else. As the individual consumers must be enabled to take informed
decision about providing personal information, the service providers or entities that collect information
must be obligated to comply with the following by disclosing: (a) why they are collecting the information;
(b) what is the apparent purpose of collecting such information; (c) what measures will be employed to
protect its confidentiality, quality and integrity of information collected; (d) reasonable consequences in
the form of substantive remedies for providing or withholding information.
62
63
Despite the business practice of treating privacy concerns as part of overall contractual terms and
conditions, the current experiences have clearly revealed that, they have little to offer in terms of providing
equitable remedy to the online consumers. And also the different ways in which such personal information
is misused in the cyber context has unfolded downsliding nature of public faith in cyber systems. Naturally,
it is necessary to preempt the possible onslaught on the technological innovation by strategizing newer
ways of protecting and promoting the privacy concerns. In response to this, Privacy Preferences Project
(P3P) agreements have come to be viewed as an important process.
64
web sites and online visitors. It is a kind of social technology which involves not merely technology but
also active participation of human beings. Software generated information enabling browsers to decide
about the effective ways of protecting their privacy interests, ( in the form of P3P ) as a process presupposes
prior knowledge on the part of the consumers. Mere computer literacy in the sense of operating a system
is not adequate. What is required is technical know how in understanding and appreciating the technical
language that is employed in structuring the agreements. Particularly the kind of vocabulary that is used.
Secondly, the entire framework of P3P lacks transparent negotiability factors, as a result of which the
online consumer has to depend on what is given as a possible option or choice. In a sense, the agreement
reflects more of unitary approach with standardized set of terms and conditions. Another significant part
is that, before the consumer finalizes the deal, he or she must be categorically and unequivocally informed
as to what the entity is going to do with the information to be provided by the consumer. Under no
circumstances, this option can be given to the party after finalization of the contract, in such a case, it
would not serve any purpose. How do we ensure this? Unless it is ensured, it is difficult to say that P3P
agreements empower netizens to exercise control over the information given by them.
Though P3P agreements apparently claim protection or control over the information, however, do not
provide a technical mechanism for making sure service providers act according to their agreements.
Therefore, there is a need for parallel laws and systemic processes including self-regulatory programmes
which can provide enforcement mechanisms,if not, P3P may not be construed by public as an effective
and alternative method of protecting privacy interests.
(Also see Robert Thibadeau, A Critique of P3P: Privacy on the Web (http://dollar.ecom.cmu.edu/
p3critique)
password;
(ii)
financial information such as Bank account or credit card or debit card orother payment
instrument details ;
65
66
Unit 11
11.0 INTRODUCTION
n this age of globalization where India is one of the biggest emerging markets, it is natural that modern
methods of communication and new technology based business practices are the order of the day.
There has been an increasing use of electronic technology and the internet as the medium of doing
business. Existing laws though having stood the test of time were falling short of providing the legal
framework for emerging technology based business practices. New laws put together under the
nomenclature Cyber Laws have been framed to act in conjunction with the existing laws of the land.
The Information Technology Act has been formulated to give a legal framework for electronic transactions
in India.
11.1 OBJECTIVE
In this unit you will be able to get an overview of the I.T. Act, 2000. It will enable you to explain the
scope of computer crime and the provisions in law designed to punish actions that break the law.
66
67
the use of alternatives to paper based methods of communication and storage of information, to facilitate
electronic filling of documents with the Government agencies and further to amend the Indian Penal
Code, the Indian Evidence Act, 1872, the Bankers Book Evidence Act, 1891 and the Reserve Bank of
India Act, 1934 and for matters connected therewith or incidental thereto.
Towards that end, the said Act aims to provide for the legal framework so that legal sanctity is accorded
to all electronic records and other activities carried out by electronic means. The said Act further states
that, unless otherwise agreed, an acceptance of contract may be expressed by electronic means of
communication and the same shall have legal validity and enforceability. The said Act purports to facilitate
electronic intercourse in trade and commerce, eliminate barriers and obstacles coming in the way of
electronic commerce resulting from the glorious uncertainties relating to writing and signature requirements
over the Internet. The Act also aims to fulfill its objects of promoting and developing the legal and business
infrastructure necessary to implement electronic commerce.
Chapter II of the said Act specifically stipulates that any subscriber may authenticate an electronic
record by affixing his digital signature. It further states that any person by the use of a public key of the
subscriber can verify the electronic record.
Chapter III of the Act details about Electronic Governance and provides that information or any other
matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in
such law, such requirement shall be deemed to have been satisfied if such information or matter is
rendered or made available in an electronic form; and accessible so as to be usable for a subsequent
reference.
The said chapter also details about the legal recognition of Digital Signatures. The various provisions
further elaborate on the use of Electronic Records and Digital Signatures in Government Agencies. The
Act gives a scheme for Regulation in the Electronic Gazette.
Chapter VI of the said Act gives a scheme for Regulation of Certifying Authorities. It details who shall
perform the function of exercising supervision over the activities of the Certifying Authorities. It also lays
down standards and conditions governing the Certifying Authorities and also specifies the various forms
and content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying
Authorities and its further details the various provisions for the issue of license to issue Digital Signature
Certificates.
Chapter VII of the Act details the scheme of things relating to Digital Signature Certificates.
The duties of subscribers are also enshrined in the said Bill.
Chapter IX of the said Act talks about penalties and adjudication for various offences. It also provides
for adjudication of claims for damages as compensation to affected persons. The said Adjudicating Officer
has been given the powers of a Civil Court.
There is a provision in Chapter X which envisage the Cyber Regulations Appellate Tribunal shall be an
68
appellate body where appeals against the orders passed by the adjudicating officers shall be preferred.
The said Tribunal shall not be bound by the principles of the code of civil procedure but shall follow the
principles of natural justice and shall have the same powers as those are vested in a civil court. Against an
order or decision of the cyber appellate Tribunal, an appeal shall lie to the high court.
Chapter IX of the said Act talks about penalties and adjudication for various offences. It also provides
for adjudication of claims for damages as compensation to affected persons. The said Adjudicating Officer
has been given the powers of a Civil Court.
69
The public key of the recipient is also used by the sender to encrypt the message to ensure that it
cannot be viewed by any person other than the recipient who possesses the private key required for the
decryption. Thus the combination of Public Key and Private Key along with hash function provides both
confidentiality and authentication which are key enablers for secure electronic transmission.
In order to enable certification of a public key during distribution, an authority called Certifying
Authority is licensed under the Act by an authority called Controller of Certifying Authority.
70
That the Digital Certificate issued to a subscriber contains a copy of the public key identified
with the subscriber along with the credentials such as his name, email address etc.
That the person named in the certificate possesses a private key corresponding to the public key
contained in the digital certificate.
That the pair of keys associated with the certificate have been generated by the subscriber
using a security process as declared in the Certification Practice Statement issued by the Certifying
Authority and approved by the Controller of Certifying Authorities.
That other standards set by the regulations for issue of digital certificates are followed.
Maintaining a database containing the disclosure record of every CA and ensuring its access to
the public
Specify the manner in which the CA shall conduct their dealings with the subscriber.
Incorrect information has been submitted at the time of applying for a license or at the time of
renewal.
There is non compliance with the terms and conditions to which license was granted
71
The manner and procedure that facilitates identification of person affixing the digital certificate
Control process and procedures to ensure adequate integrity, security and confidentiality of
electronic records and payments
The Certifying Authority being satisfied that the information contained in the application of
certificate is accurate.
72
The Private Key corresponds to the Public Key to be listed in the Digital Signature Certificate
The Public Key to be listed in the certificate can be used to verify a digital signature affixed by
the Private Key held by the subscriber.
What are the evidentiary presumptions of a secured electronic document. Explain the process of encryption
and decryption of data.
2.
3.
Explain the difference between the system of Hash Value Creation and Asymmetric key Encryption
73
Unit 12
12.0 INTRODUCTION
he I.T. Act has clearly spelt out the actions that attract penalty under the law. Given the fact that
Cyber Crime is capable of causing enormous damage both in financial terms and also in terms of
user confidence, the Act has prescribed severe penalties for such infractions. However the law
of the land requires that every person accused of a crime must be heard and be given a fair trail. The Act
has proposed a mechanism for a fair hearing and also a provision for appeal against an order.
12.1 OBJECTIVE
The objective of this unit is to give you an idea about the provisions in the Act for penalties to be levied
and also the mechanism for adjudicating a complaint. You will be able to explain the actions that attract
penalties under the Act and also the mechanism for adjudicating a complaint.
73
74
75
Furnish any document, return or report to the Controller as required by the Act. Failure to do so
will attract a penalty not exceeding one lakh fifty and thousand rupees for each such failure.
File any return or furnish any information, books or other documents within the time specified
under the Act. A penalty not exceeding five thousand rupees for every day of delay is to be
levied.
Maintain books of account or records. Failure to comply attracts a penalty not exceeding ten
thousand rupees for every day the failure continues.
Summon and enforce the attendance of any person and examine him on oath.
76
All proceedings shall be deemed to be judicial proceedings within the meaning of sections 193 and 228
of the Indian Penal Code and shall also be deemed to be a civil court for the purposes of section 345 and
346 of the Code of Criminal Procedure.
77
On receipt of an appeal the Tribunal may after hearing both sides pass orders it thinks fit either
confirming, modifying or setting aside the order appealed against.
A copy of the order passed by the Tribunal shall be sent to the parties to the appeal and to the
concerned Controller or Adjudicating Officer.
Every appeal shall be expeditiously dealt with, and an attempt is to be made to dispose the appeal
within a period of six months from the date of receipt of the appeal.
Summoning and enforcing the attendance of any person and examining him on oath
Every proceeding before the Tribunal shall be deemed to be a proceeding under the meaning of
sections 193 and 228 and for the purposes of section 196 of the Indian Penal Code and the Tribunal shall
be deemed to be a civil court for the purposes of section 195 and chapter XXVI of the Code of Criminal
Procedure.
78
What is meant by unauthorized access to a computer under the provisions of the IT Act, 2000.
2.
79
Unit 13
13.0 INTRODUCTION
he existing legal provisions have stood the test of time and have admirably served the needs of the
public. Interpretations of the laws by courts have reflected the changing perceptions of law in
tune with current times. However new technology has facilitated thrust areas like electronic
transactions and the internet. To ensure parity between electronic transactions and the traditional
transactions based on paper and to provide a legal recognition for electronic transactions, some existing
laws have been amended while new laws too have been introduced.
13.1 OBJECTIVE
This unit only highlights some amendments to the existing laws. After reading through this unit you will
be able to get an idea regarding the amendments to the existing legal provisions to accommodate the I.T.
Act, 2000.
78
80
Offences against body
Offences against property
Offences against marriage
Offences against public tranquility
Offences against state
Some important aspects have to be weighed while determining whether a crime has been committed
or not. The state of mind of the person committing the crime, the circumstantial evidence available, the
corroborative evidence which might shed more light on the act have to be taken into account while
determining if a crime has been committed or not.
As the definition of crime would include an fraudulent act or deliberate misrepresentation involving the
use of documents, any cyber transaction using the equivalent of a document need protection under law.
To facilitate enforcement of laws to cover cyber transactions, the IPC has been amended to cover cyber
transactions.
The important changes in IPC include provisions regarding documents and signature. As electronic
records have replaced documents in the IT act, the IPC have been amended to read also the expression
electronic records where the term document appears in the act. Section 464 of the act has the term
digital signature as understood by the definition of the term digital signature in the IT Act 1999. Section
22A has been newly introduced into the act. It defines the word Electronic Record as understood by the
definition of that term in the IT Act of 1999. The other sections that have been amended are section 167,
172, 173, 175, 192, 204,463, 464, 468, 469, 470, 471, 474, 476 and 477A.
81
Section 22A (This is a new section that has been introduced) When oral admission as to
contents of electronic records are records - Oral admissions as to the contents of electronic
records are not relevant, unless the genuineness of the electronic record produced is in question.
Section 34 Entries in the book of account Entries in the book of account, including those
maintained in an electronic form.
Section 39: What evidence to be given when statement forms part of a conversation, document,
electronic record, book or series of letters or papers Evidence shall be given so much and no
more of the statement, conversation, document, electronic record, book or series of letters or
papers as the court considers necessary in that particular case to the full understanding of the
nature and effect of the statement, and the circumstances under which it was made.
Section 47A: (New section) Opinion as to digital signature when relevant When the court
has to form an opinion as to the digital signature of any person, the opinion of the Certifying
Authority who has issued the Digital Signature Certificate is relevant.
Section 59: Contents of documents Content of documents would mean to include contents of
electronic records also.
Section 65A: New section Special provisions as to evidence relating to new records contents
of electronic records have to be proved
Section 65B New section Admissibility of electronic records A computer output of any
information contained in an electronic record is deemed to be a document and is admissible as
evidence subject to certain conditions.
Section 67A-New section Proof as to digital signature Except in the case of a secure digital
signature this section requires that any disputed digital signature requires to be proved.
Section 73A: New section Proof as to verification of digital signature To ascertain the
genuineness of a digital signature this section empowers the court to direct the Controller(
Controller as defined under sub-section (1) of section 17 of I.T. Act 1999) or certifying authority
to produce the Digital signature certificate or direct any other person to apply the public Key to
verify the digital signature.
Section 81A: New section Presumption as to Gazettes in electronic form The courts shall
presume that the electronic record pertaining to a Gazette to be genuine.
Section 85A: New section Presumption as to electronic agreements the courts shall presume
the genuineness of the digital signature in an electronic record.
82
Section 85B: New section Presumption as to electronic records and digital signatures The
courts shall presume that secure electronic records have not been altered since a specific point
of time unless the contrary is proved. The court would also presume that unless the contrary is
proved, the secure digital signature has been affixed by the subscriber.
Section 88A: New section Presumption as to electronic messages The court may presume
that an electronic message forwarded by the originator through an electronic mail server to the
addressee corresponds with the message sent though there is no presumption regarding the
identity of the person sending the message.
Section 90A: New section Presumption as to electronic records five years old The court
may presume the genuineness of a digital signature if produced from any custody which the
court considers proper.
Section 131: Production of documents or electronic documents which another person, having
possession could refuse to produce No one shall be compelled to produce documents in his
possession or electronic records under his control unless such person consents to their production.
83
APPENDIX - I
organize the resources available to him and optimize these in attaining the objectives of his
organisation,
use the codes of practice conveyed by the CSI from time to time in carrying out his tasks,
comply with the Indian laws relating to the management of his organization particularly with
regard to Privacy and Piracy, and operate within the spirit of these laws,
conduct his affairs so as to uphold project and further the image and reputation of the CSI,
CODES OF PRACTICE
2. As regard his ORGANISATION an IT professional should:
act with integrity in carrying out the !awful policy and instructions of his organisation and uphold
its image and reputation,
plan, establish and review objectives and tasks for himself and his subordinates which are
compatible with the Codes of Practice of other professionals in the enterprise, and direct all
available effort towards the success of the enterprise rather than of himself,
Appendix - I
82
84
fully respect the confidentiality of information which comes to him in the course of his duties,
and not use confidential information for personal gain or in a manner which may be detrimental
to his organisation or his clients,
in his contacts and dealings with other people, demonstrate his personal integrity and humanity
and when called to give an opinion in his professional capacity, shall, to the best of his ability, give
an opinion that is objective and reliable.
set an example to his subordinates through his own work and performance, through his leadership
and by taking account of the needs and problems of his subordinates,
pay proper regard to the safety and well-being of the personnel for whom he is responsible,
ensure that the terms of all contracts and terms of business be stated clearly and unambiguously
and honoured,
not use the computer to harm other people or to bear false witness,
always use a computer in ways that ensure consideration and respect for fellow humans.
Appendix - I
85
entertainment and society at large. Software engineers are those who contribute by direct participation or
by teaching, to the analysis, specification, design, development, certification, maintenance and testing of
software systems. Because of their roles in developing software systems, software engineers have significant
opportunities to do good or cause harm, to enable others to do good or cause harm, or to influence others
to do good or cause harm. To ensure, as much as possible, that their efforts will be used for good,
software engineers must commit themselves to making software engineering a beneficial and respected
profession. In accordance with that commitment, software engineers shall adhere to the following Code
of Ethics and Professional Practice.
The Code contains eight Principles related to the behavior of and decisions made by professional
software engineers, including practitioners, educators, managers, supervisors and policy makers, as well
as trainees and students of the profession. The Principles identify the ethically responsible relationships in
which individuals, groups, and organizations participate and the primary obligations within these relationships.
The Clauses of each Principle are illustrations of some of the obligations included in these relationships.
These obligations are founded in the software engineers humanity, in special care owed to people affected
by the work of software engineers, and the unique elements of the practice of software engineering. The
Code prescribes these as obligations of anyone claiming to be or aspiring to be a software engineer.
It is not intended that the individual parts of the Code be used in isolation to justify errors of omission
or commission. The list of Principles and Clauses is not exhaustive. The Clauses should not be read as
separating the acceptable from the unacceptable in professional conduct in all practical situations. The
Code is not a simple ethical algorithm that generates ethical decisions. In some situations standards may
be in tension with each other or with standards from other sources. These situations require the software
engineer to use ethical judgment to act in a manner which is most consistent with the spirit of the Code of
Ethics and Professional Practice, given the circumstances.
Ethical tensions can best be addressed by thoughtful consideration of fundamental principles, rather
than blind reliance on detailed regulations. These Principles should influence software engineers to consider
broadly who is affected by their work; to examine if they and their colleagues are treating other human
beings with due respect; to consider how the public, if reasonably well informed, would view their decisions;
to analyze how the least empowered will be affected by their decisions; and to consider whether their acts
would be judged worthy of the ideal professional working as a software engineer. In all these judgments
concern for the health, safety and welfare of the public is primary; that is, the Public Interest is central
to this Code.
The dynamic and demanding context of software engineering requires a code that is adaptable and
relevant to new situations as they occur. However, even in this generality, the Code provides support for
software engineers and managers of software engineers who need to take positive action in a specific
case by documenting the ethical stance of the profession. The Code provides an ethical foundation to
which individuals within teams and the team as a whole can appeal. The Code helps to define those
actions that are ethically improper to request of a software engineer or teams of software engineers.
86
The Code is not simply for adjudicating the nature of questionable acts; it also has an important
educational function. As this Code expresses the consensus of the profession on ethical issues, it is a
means to educate both the public and aspiring professionals about the ethical obligations of all software
engineers.
PRINCIPLES
Principle 1: PUBLIC
Software engineers shall act consistently with the public interest. In particular, software engineers
shall, as appropriate:
1.01. Accept full responsibility for their own work.
1.02. Moderate the interests of the software engineer, the employer, the client and the users with
the public good.
1.03. Approve software only if they have a well-founded belief that it is safe, meets specifications,
passes appropriate tests, and does not diminish quality of life, diminish privacy or harm the
environment. The ultimate effect of the work should be to the public good.
1.04. Disclose to appropriate persons or authorities any actual or potential danger to the user, the
public, or the environment, that they reasonably believe to be associated with software or
related documents.
1.05. Cooperate in efforts to address matters of grave public concern caused by software, its
installation, maintenance, support or documentation.
1.06. Be fair and avoid deception in all statements, particularly public ones, concerning software
or related documents, methods and tools.
1.07. Consider issues of physical disabilities, allocation of resources, economic disadvantage and
other factors that can diminish access to the benefits of software.
1.08. Be encouraged to volunteer professional skills to good causes and contribute to public education
concerning the discipline.
Appendix - I
87
2.02. Not knowingly use software that is obtained or retained either illegally or unethically.
2.03. Use the property of a client or employer only in ways properly authorized, and with the
clients or employers knowledge and consent.
2.04. Ensure that any document upon which they rely has been approved, when required, by
someone authorized to approve it.
2.05. Keep private any confidential information gained in their professional work, where such
confidentiality is consistent with the public interest and consistent with the law.
2.06. Identify, document, collect evidence and report to the client or the employer promptly if, in
their opinion, a project is likely to fail, to prove too expensive, to violate intellectual property
law, or otherwise to be problematic.
2.07. Identify, document, and report significant issues of social concern, of which they are aware,
in software or related documents, to the employer or the client.
2.08. Accept no outside work detrimental to the work they perform for their primary employer.
2.09. Promote no interest adverse to their employer or client, unless a higher ethical concern is
being compromised; in that case, inform the employer or another appropriate authority of the
ethical concern.
Principle 3: PRODUCT
Software engineers shall ensure that their products and related modifications meet the highest
professional standards possible. In particular, software engineers shall, as appropriate:
3.01. Strive for high quality, acceptable cost and a reasonable schedule, ensuring significant tradeoffs
are clear to and accepted by the employer and the client, and are available for consideration
by the user and the public.
3.02. Ensure proper and achievable goals and objectives for any project on which they work or
propose.
3.03. Identify, define and address ethical, economic, cultural, legal and environmental issues related
to work projects.
3.04. Ensure that they are qualified for any project on which they work or propose to work by an
appropriate combination of education and training, and experience.
3.05. Ensure an appropriate method is used for any project on which they work or propose to
work.
3.06. Work to follow professional standards, when available, that are most appropriate for the task
at hand, departing from these only when ethically or technically justified.
88
3.07. Strive to fully understand the specifications for software on which they work.
3.08. Ensure that specifications for software on which they work have been well documented,
satisfy the users requirements and have the appropriate approvals.
3.09. Ensure realistic quantitative estimates of cost, scheduling, personnel, quality and outcomes
on any project on which they work or propose to work and provide an uncertainty assessment
of these estimates.
3.10. Ensure adequate testing, debugging, and review of software and related documents on which
they work.
3.11. Ensure adequate documentation, including significant problems discovered and solutions
adopted, for any project on which they work.
3.12. Work to develop software and related documents that respect the privacy of those who will
be affected by that software.
3.13. Be careful to use only accurate data derived by ethical and lawful means, and use it only in
ways properly authorized.
3.14. Maintain the integrity of data, being sensitive to outdated or flawed occurrences.
3.15 Treat all forms of software maintenance with the same professionalism as new development.
Principle 4: JUDGMENT
Software engineers shall maintain integrity and independence in their professional judgment. In particular,
software engineers shall, as appropriate:
4.01. Temper all technical judgments by the need to support and maintain human values.
4.02 Only endorse documents either prepared under their supervision or within their areas of
competence and with which they are in agreement.
4.03. Maintain professional objectivity with respect to any software or related documents they are
asked to evaluate.
4.04. Not engage in deceptive financial practices such as bribery, double billing, or other improper
financial practices.
4.05. Disclose to all concerned parties those conflicts of interest that cannot reasonably be avoided
or escaped.
4.06. Refuse to participate, as members or advisors, in a private, governmental or professional
body concerned with software related issues, in which they, their employers or their clients
have undisclosed potential conflicts of interest.
Appendix - I
89
Principle 5: MANAGEMENT
Software engineering managers and leaders shall subscribe to and promote an ethical approach to the
management of software development and maintenance. In particular, those managing or leading software
engineers shall, as appropriate:
5.01 Ensure good management for any project on which they work, including effective procedures
for promotion of quality and reduction of risk.
5.02. Ensure that software engineers are informed of standards before being held to them.
5.03. Ensure that software engineers know the employers policies and procedures for protecting
passwords, files and information that is confidential to the employer or confidential to others.
5.04. Assign work only after taking into account appropriate contributions of education and
experience tempered with a desire to further that education and experience.
5.05. Ensure realistic quantitative estimates of cost, scheduling, personnel, quality and outcomes
on any project on which they work or propose to work, and provide an uncertainty assessment
of these estimates.
5.06. Attract potential software engineers only by full and accurate description of the conditions of
employment.
5.07. Offer fair and just remuneration.
5.08. Not unjustly prevent someone from taking a position for which that person is suitably qualified.
5.09. Ensure that there is a fair agreement concerning ownership of any software, processes,
research, writing, or other intellectual property to which a software engineer has contributed.
5.10. Provide for due process in hearing charges of violation of an employers policy or of this
Code.
5.11. Not ask a software engineer to do anything inconsistent with this Code.
5.12. Not punish anyone for expressing ethical concerns about a project.
Principle 6: PROFESSION
Software engineers shall advance the integrity and reputation of the profession consistent with the
public interest. In particular, software engineers shall, as appropriate:
6.01. Help develop an organizational environment favorable to acting ethically.
6.02. Promote public knowledge of software engineering.
90
Principle 7: COLLEAGUES
Software engineers shall be fair to and supportive of their colleagues. In particular, software engineers
shall, as appropriate:
7.01. Encourage colleagues to adhere to this Code.
7.02. Assist colleagues in professional development.
7.03. Credit fully the work of others and refrain from taking undue credit.
7.04. Review the work of others in an objective, candid, and properly-documented way.
7.05. Give a fair hearing to the opinions, concerns, or complaints of a colleague.
7.06. Assist colleagues in being fully aware of current standard work practices including policies
Appendix - I
91
and procedures for protecting passwords, files and other confidential information, and security
measures in general.
7.07. Not unfairly intervene in the career of any colleague; however, concern for the employer, the
client or public interest may compel software engineers, in good faith, to question the
competence of a colleague.
7.08. In situations outside of their own areas of competence call upon the opinions of other
professionals who have competence in that area.
Principle 8: SELF
Software engineers shall participate in lifelong learning regarding the practice of their profession and
shall promote an ethical approach to the practice of the profession. In particular, software engineers shall
continually endeavor to:
8.01. Further their knowledge of developments in the analysis, specification, design, development,
maintenance and testing of software and related documents, together with the management
of the development process.
8.02. Improve their ability to create safe, reliable, and useful quality software at reasonable cost
and within a reasonable time.
8.03. Improve their ability to produce accurate, informative, and well-written documentation.
8.04. Improve their understanding of the software and related documents on which they work and
of the environment in which they will be used.
8.05. Improve their knowledge of relevant standards and the law governing the software and
related documents on which they work.
8.06 Improve their knowledge of this Code, its interpretation, and its application to their work.
8.07 Not give unfair treatment to anyone because of any irrelevant prejudices.
8.08. Not influence others to undertake any action that involves a breach of this Code.
8.09. Recognize that personal violations of this Code are inconsistent with being a professional
software engineer.
Copyright (c) 1999 by the Association for Computing Machinery, Inc. and the Institute for Electrical
and Electronics Engineers, Inc.
92
UNAUTHORIZED copying of software is illegal. Copyright law protects software authors and
publishers, just as patent law protects inventors.
UNAUTHORIZED copying of software by individuals can harm the entire academic community.
If unauthorized copying proliferates on a campus, the institution may incur legal liability. Also,
the institution may find it more difficult to negotiate agreements that would make software more
widely and less expensively available to members of the academic community.
UNAUTHORIZED copying and use of software deprives publishers and developers of a fair
return for their work, increases prices, reduces the level of future support and enhancements,
and can inhibit the development of new software products.
RESPECT for the intellectual work of others has traditionally been essential to the mission of colleges
and universities. As members of the academic community, we value the free exchange of ideas. Just as
we do not tolerate plagiarism, we do not condone the unauthorized copying of software, including programs,
applications, data bases and code.
Appendix - I
93
Classification of software
In terms of copyright, there are four broad classifications of software:
Commercial
Shareware
Freeware
Public Domain
Commercial
Commercial software represents the majority of software purchased from software publishers,
commercial computer stores, etc. When you buy software, you are actually acquiring a license to use it,
not own it. You acquire the license from the company that owns the copyright. The conditions and
restrictions of the license agreement vary from program to program and should be read carefully. In
general, commercial software licenses stipulate that
1. the software is covered by copyright,
2. although one archival copy of the software can be made, the backup copy cannot be used
except when the original package fails or is destroyed,
3. modifications to the software are not allowed,
4. decompiling (i.e. reverse engineering) of the program code is not allowed without the permission
of the copyright holder, and
5. development of new works built upon the package (derivative works) is not allowed without the
permission of the copyright holder.
Shareware
Shareware software is covered by copyright, as well. When you acquire software under a shareware
arrangement, you are actually acquiring a license to use it, not own it. You acquire the license from the
individual or company that owns the copyright. The conditions and restrictions of the license agreement
vary from program to program and should read carefully. The copyright holders for shareware allow
purchasers to make and distribute copies of the software, but demand that if, after testing the software,
you adopt it for use, you must pay for it. In general, shareware software licenses stipulate that
1. the software is covered by copyright,
94
2. although one archival copy of the software can be made, the backup copy cannot be used
except when the original package fails or is destroyed,
3. modifications to the software are not allowed,
4. decompiling (i.e. reverse engineering) of the program code is not allowed without the permission
of the copyright holder, and
5. development of new works built upon the package (derivative works) is not allowed without the
permission of the copyright holder.
Selling software as shareware is a marketing decision; it does not change the legal requirements with
respect to copyright. That means that you can make a single archival copy, but you are obliged to pay for
all copies adopted for use.
Freeware
Freeware also is covered by copyright and subject to the conditions defined by the holder of the
copyright. The conditions for freeware are in direct opposition to normal copyright restrictions. In general,
freeware software licenses stipulate that
1. the software is covered by copyright,
2. copies of the software can be made for both archival and distribution purposes but that distribution
cannot be for profit,
3. modifications to the software are allowed and encouraged,
4. decompiling (i.e. reverse engineering) of the program code is allowed without the explicit
permission of the copyright holder, and
5. development of new works built upon the package (derivative works) is allowed and encouraged
with the condition that derivative works must also be designated as freeware. That means that
you cannot take freeware, modify or extend it, and then sell it as commercial or shareware
software.
Public domain
Public domain software comes into being when the original copyright holder explicitly relinquishes all
rights to the software. Since under current copyright law, all intellectual works (including software) are
protected as soon as they are committed to a medium, for something to be public domain it must be clearly
marked as such. Before March 1, 1989, it was assumed that intellectual works were not covered by
copyright unless the copyright symbol and declaration appeared on the work. With the U.S. adherence to
the Berne Convention this presumption has been reversed. Now all works assume copyright protection
unless the public domain notification is stated. This means that for public domain software
Appendix - I
95
CODE OF ETHICS
I will act with professional responsibility and integrity in my dealings with clients, employers, employees,
students and the community generally. By this I mean:
1. I will serve the interests of my clients and employers, my employees and students, and the
community generally, as matters of no less priority than the interests of myself or my colleagues.
2. I will work competently and diligently for my clients and employers.
3. I will be honest in my representations of skills, knowledge, services and products.
4. I will strive to enhance the quality of life of those affected by my work.
5. I will enhance my own professional development, and that of my colleagues, employees and
students.
6. I will enhance the integrity of the Computing Profession and the respect of its members for each
other.
96
STANDARD OF CONDUCT
The standards set out below explain how the Code of Ethics applies to members professional work.
The list of standards is not necessarily exhaustive, and should not be read as definitively demarking the
acceptable from the unacceptable in professional conduct in all practical situations faced by a member.
The intention of the Standard of Conduct is to illustrate, and to explain in more detail, the mean of the
Code of Ethics in terms of specific behaviours. However, the mere fact that a member engages in, or
does not engage in, these behaviours does not of itself guarantee that a member is acting ethically, or
unethically, respectively.
The ACS accepts that the standards are ideal, and many not all be achievable at all times in all
circumstances. In practice, a member may occasionally find that some standards conflict with other
standards, including standards from other sources. On these occasions the member must weight up the
relevant factors and choose to act in the manner which is most consistent with the Codes of Ethics, given
the circumstances.
It is not possible to set totally objective standards about ethical conduct, and this Standard does not
attempt to do so. The delineation of ethical and unethical behaviour requires some element of subjectivity.
A member is expected to take into account the spirit of the entire Code in order to resolve ambiguous or
contentious issues concerning ethical conduct. In the final analysis the member is answerable to other
members in jointly determining what is ethical and what are not in particular circumstances.
In summary, a member is expected to act at all times in a manner likely to be judged by informed,
respected, and experienced peers in possession of all of the facts as the most ethical way to act in the
circumstances.
I. PRIORITIES
I will serve the interests of my clients and employers, my employees and students, and the community
generally, as matters of no less priority than the interests of myself or my colleagues.
1.1. I will endeavour to preserve continuity of computing services and information flow in my
care.
1.2. I will endeavour to preserve the integrity and security of others information.
1.3. I will respect the proprietary nature of others information.
1.5. I will advise my client or employer of any potential conflicts of interest between my assignment
and legal or other accepted community requirements.
1.6. I will advise my clients and employers as soon as possible of any conflicts of interest or
conscientious objections which face me in connection with my work.
Appendix - I
97
II. COMPETENCE
I will work competently and diligently for my clients and employers.
2.1. I will endeavour to provide products and services which match the operational and financial
needs of my clients and employers.
2.2. I will give value for money in the services and products I supply.
2.3. I will make myself aware of relevant standards, and act accordingly.
2.4. I will respect and protect my clients and employers proprietary interests.
2.5. I will accept responsibility for my work.
2.6. I will advise my clients and employers when I believe a proposed project is not in their best
interests.
2.7. I will go beyond my brief, if necessary, in order to act professionally.
III. HONESTY
I will be honest in my representation of skills, knowledge, services and products.
3.1. I will not knowingly mislead a client or potential client as to the suitability of a product or
service.
3.2. I will not misrepresent my skills or knowledge.
3.3. I will give opinions which are as far as possible unbiased and objective.
3.4. I will give realistic estimates for projects under my control.
3.5. I will qualify professional opinions which I know are based on limited knowledge or experience.
3.6. I will give credit for work done by others where credit is due.
98
4.5. I will attempt to increase the feelings of personal satisfactions, competence, and control of
those affected by my work.
4.6. I will not require, or attempt to influence, any person to take any action which would involve
a breach of this Code.
V. PROFESSIONAL DEVELOPMENT
I will enhance my own professional development, and that of my colleagues, employees and students.
5.1. I will continue to upgrade my knowledge and skills.
5.2. I will increase my awareness of issues affecting the computing profession and its relationship
with the community.
5.3. I will encourage my colleagues, employees and students to continue their own professional
development.
Appendix - I
99
100
Appendix - I
101
1. to accept responsibility in making engineering decisions consistent with the safety, health and
welfare of the public, and to disclose promptly factors that might endanger the public or the
environment;
2. to avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected
parties when they do exist;
3. to be honest and realistic in stating claims or estimates based on available data;
4. to reject bribery in all its forms;
5. to improve the understanding of technology, its appropriate application, and potential consequences;
6. to maintain and improve our technical competence and to undertake technological tasks for
others only if qualified by training or experience, or after full disclosure of pertinent limitations;
7. to seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors,
and to credit properly the contributions of others;
8. to treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or
national origin;
9. to avoid injuring others, their property, reputation, or employment by false or malicious action;
10.to assist colleagues and co-workers in their professional development and to support them in
following this code of ethics.
102
103
APPENDIX - II
n Act to provide legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to as electronic
commerce, which involve the use of alternatives to paper-based methods of communication
and storage of information, to facilitate electronic filing of documents with the Government agencies and
further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers Books Evidence
Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental
thereto.
whereas the General Assembly of the United Nations by resolution A/RES/51/162, dated the 30th
January, 1997 has adopted the Model Law on Electronic Commerce adopted by the United Nations
Commission on International Trade Law;
and whereas the said resolution recommends inter alia that all States give favorable consideration to
the said Model Law when they enact or revise their laws, in view of the need for uniformity of the law
applicable to alternatives to paper-cased methods of communication and storage of information;
and whereas it is considered necessary to give effect to the said resolution and to promote efficient
delivery of Government services by means of reliable electronic records.
be it enacted by Parliament in the Fifty-first Year of the Republic of India as follows:
Appendix - II
102
104
CHAPTER I
PRELIMINARY
1. Short title, extent, commencement and application
(1) This Act may be called the Information Technology Act, 2000.
(2) It shall extend to the whole of India and, save as otherwise provided in this Act, it applies also
to any offence or contravention thereunder committed outside India by any person.
(3) It shall come into force on such date as the Central Government may, by notification, appoint
and different dates may be appointed for different provisions of this Act and any reference in
any such provision to the commencement of this Act shall be construed as a reference to the
commencement of that provision.
(4) Nothing in this Act shall apply to,
(a) a negotiable instrument as defined in section 13 of the Negotiable Instruments Act, 1881;
(b) a power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
(c) a trust as defined in section 3 of the Indian Trusts Act, 1882;
(d) a will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including
any other testamentary disposition by whatever name called;
(e) any contract for the sale or conveyance of immovable property or any interest in such
property;
(f) any such class of documents or transactions as may be notified by the Central Government
in the Official Gazette.
2. Definitions
(1) In this Act, unless the context otherwise requires,
(a) access with its grammatical variations and cognate expressions means gaining entry
into, instructing or communicating with the logical, arithmetical, or memory function
resources of a computer, computer system or computer network;
(b) addressee means a person who is intended by the originator to receive the electronic
record but does not include any intermediary;
Appendix - II
105
(c) adjudicating officer means an adjudicating officer appointed under subsection (1) of
section 46;
(d) affixing digital signature with its grammatical variations and cognate expressions means
adoption of any methodology or procedure by a person for the purpose of authenticating
an electronic record by means of digital signature;
(e) appropriate Government means as respects any matter,
a)
b)
Relating to any State law enacted under List III of the Seventh Schedule to the
Constitution, the State Government and in any other case, the Central Government;
(f) asymmetric crypto system means a system of a secure key pair consisting of a private
key for creating a digital signature and a public key to verify the digital signature;
(g) Certifying Authority means a person who has been granted a licence to issue a Digital
Signature Certificate under section 24;
(h) certification practice statement means a statement issued by a Certifying Authority to
specify the practices that the Certifying Authority employs in issuing Digital Signature
Certificates;
(i) computer means any electronic magnetic, optical or other high-speed data processing
device or system which performs logical, arithmetic, and memory functions by manipulations
of electronic, magnetic or optical impulses, and includes all input, output, processing, storage,
computer software, or communication facilities which are connected or related to the
computer in a computer system or computer network;
(j) computer network means the interconnection of one or more computers through
the use of satellite, microwave, terrestrial line or other communication media; and
(k) computer resource means computer, computer system, computer network, data,
computer data base or software;
(l) computer system means a device or collection of devices, including input and output
support devices and excluding calculators which are not programmable and capable of
being used in conjunction with external files, which contain computer programmes,
electronic instructions, input data and output data, that performs logic, arithmetic, data
storage and retrieval, communication control and other functions;
106
(m) Controller means the Controller of Certifying Authorities appointed under sub-section
(l) of section 17;
(n) Cyber Appellate Tribunal means the Cyber Regulations Appellate Tribunal established
under sub-section (1) of section 48;
(o) data means a representation of information, knowledge, facts, concepts or instructions
which are being prepared or have been prepared in a formalized manner, and is intended
to be processed, is being processed or has been processed in a computer system or
computer network, and may be in any form (including computer printouts magnetic or
optical storage media, punched cards, punched tapes) or stored internally in the memory
of the computer;
(p) digital signature means authentication of any electronic record by a subscriber by
means of an electronic method or procedure in accordance with the provisions of
section 3;
(q) Digital Signature Certificate means a Digital Signature Certificate issued under subsection (4) of section 35;
(r) electronic form with reference to information means any information generated, sent,
received or stored in media, magnetic, optical, computer memory, micro film, computer
generated micro fiche or similar device;
(s) Electronic Gazette means the Official Gazette published in the electronic form;
(t) electronic record means data, record or data generated, image or sound stored, received
or sent in an electronic form or micro film or computer generated micro fiche;
(u) function, in relation to a computer, includes logic, control arithmetical process, deletion,
storage and retrieval and communication or telecommunication from or within a computer;
(v) information includes data, text, images, sound, voice, codes, computer programmes,
software and databases or micro film or computer generated micro fiche:
(w) intermediary with respect to any particular electronic message means any person who
on behalf of another person receives, stores or transmits that message or provides any
service with respect to that message;
(x) key pair, in an asymmetric crypto system, means a private key and its mathematically
related public key, which are so related that the public key can verify a digital signature
created by the private key;
(y) law includes any Act of Parliament or of a State Legislature, Ordinances promulgated
by the President or a Governor, as the case may be. Regulations made by the President
Appendix - II
107
under article 240, Bills enacted as Presidents Act under sub-clause (a) of clause (1) of
article 357 of the Constitution and includes rules, regulations, bye-laws and orders issued
or made thereunder;
(z) licence means a licence granted to a Certifying Authority under section 24;
(za) originator means a person who sends, generates, stores or transmits any electronic
message or causes any electronic message to be sent, generated, stored or transmitted to
any other person but does not include an intermediary;
(zb) prescribed means prescribed by rules made under this Act;
(zc) private key means the key of a key pair used to create a digital signature;
(zd) public key means the key of a key pair used to verify a digital signature and listed in
the Digital Signature Certificate;
(ze) secure system means computer hardware, software, and procedure that
(a)
(b)
(c)
(d)
(zf) security procedure means the security procedure prescribed under section 16 by the
Central Government;
(zg) subscriber means a person in whose name the Digital Signature Certificate is issued;
(zh) verify in relation to a digital signature, electronic record or public key, with its grammatical
variations and cognate expressions means to determine whether
(a)
the initial electronic record was affixed with the digital signature by the use of
private key corresponding to the public key of the subscriber;
(b)
the initial electronic record is retained intact or has been altered since such electronic
record was so affixed with the digital signature.
(2) Any reference in this Act to any enactment or any provision thereof shall, in relation to an area in
which such enactment or such provision is not in force, be construed as a reference to the corresponding
law or the relevant provision of the corresponding law, if any, in force in that area.
108
CHAPTER II
DIGITAL SIGNATURE
3. Authentication of electronic records.
(1) Subject to the provisions of this section any subscriber may authenticate an electronic record
by affixing his digital signature.
(2) The authentication of the electronic record shall be effected by the use of asymmetric crypto
system and hash function which envelop and transform the initial electronic record into another
electronic record.
Explanation.For the purposes of this sub-section, hash function means an algorithm mapping or
translation of one sequence of bits into another, generally smaller, set known as hash result such that an
electronic record yields the same hash result every time the algorithm is executed with the same electronic
record as its input making it computationally infeasible
(a) to derive or reconstruct the original electronic record from the hash result produced by the algorithm;
(b) that two electronic records can produce the same hash result using the
algorithm.
(3) Any person by the use of a public key of the subscriber can verify the electronic record.
(4) The private key and the public key are unique to the subscriber and constitute a functioning key
pair.
CHAPTER III
ELECTRONIC GOVERNANCE
4. Legal recognition of electronic records.
Where any law provides that information or any other matter shall be in writing or in the typewritten or
printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to
have been satisfied if such information or matter is
Appendix - II
109
110
(a) the information contained therein remains accessible so as to be usable for a subsequent
reference;
(b) the electronic record is retained in the format in which it was originally generated, sent or
received or in a format which can be demonstrated to represent accurately the information
originally generated, sent or received;
(c) the details which will facilitate the identification of the origin, destination, date and time of
dispatch or receipt of such electronic record are available in the electronic record:
Provided that this clause does not apply to any information which is automatically generated solely for
the purpose of enabling an electronic record to be dispatched or received.
(2) Nothing in this section shall apply to any law that expressly provides for the retention of
documents, records or information in the form of electronic records.
9. Sections 6,7 and 8 not to confer right to insist document should be accepted
in electronic form.
Nothing contained in sections 6, 7 and 8 shall confer a right upon any person to insist that any Ministry
or Department of the Central Government or the State Government or any authority or body established
by or under any law or controlled or funded by the Central or State Government should accept, issue,
create, retain and preserve any document in the form of electronic records or effect any monetary
transaction in the electronic form.
Appendix - II
111
(c) the manner or procedure which facilitates identification of the person affixing the digital signature;
(d) control processes and procedures to ensure adequate integrity, security and confidentiality of
electronic records or payments; and
(e) any other matter which is necessary to give legal effect to digital signatures.
CHAPTER IV
112
acknowledgment has been received by him and specifying a reasonable time by which the
acknowledgment must be received by him and if no acknowledgment is received within the
aforesaid time limit he may after giving notice to the addressee, treat the electronic record as
though it has never been sent.
Appendix - II
113
CHAPTER V
114
CHAPTER VI
Appendix - II
115
(h) specifying the form and manner in which accounts shall be maintained by the Certifying
Authorities;
(i) specifying the terms and conditions subject to which auditors may be appointed and the
remuneration to be paid to them;
(j) facilitating the establishment of any electronic system by a Certifying Authority either solely or
jointly with other Certifying Authorities and regulation of such systems;
(k) specifying the manner in which the Certifying Authorities shall conduct their dealings with the
subscribers;
(l) resolving any conflict of interests between the Certifying Authorities and the subscribers;
(m) laying down the duties of the Certifying Authorities;
(n) maintaining a data base containing the disclosure record of every Certifying Authority containing
such particulars as may be specified by regulations, which shall be accessible to public.
116
(3) The Controller shall maintain a computerized data base of all public keys in such a manner that
such data base and the public keys are available to any member of the public.
Appendix - II
117
118
Provided that the data base containing the notice of such suspension or revocation, as the case may be,
shall be made available through a web site which shall be accessible round the clock:
Provided further that the Controller may, if he considers necessary, publicize the contents of database
in such electronic or other media, as he may consider appropriate.
Appendix - II
119
34. Disclosure.
(1) Every Certifying Authority shall disclose in the manner specified by regulations
(a) its Digital Signature Certificate which contains the public key corresponding to the private
key used by that Certifying Authority to digitally sign another Digital Signature Certificate;
(b) any certification practice statement relevant thereto;
(c) notice of the revocation or suspension of its Certifying Authority certificate, if any; and
(d) any other fact that materially and adversely affects either the reliability of a Digital
Signature Certificate, which that Authority has issued, or the Authoritys ability to perform
its services.
(2) Where in the opinion of the Certifying Authority any event has occurred or any situation has
arisen which may materially and adversely affect the integrity of its computer system or the
conditions subject to which a Digital Signature Certificate was granted, then, the Certifying
Authority shall
(a) use reasonable efforts to notify any person who is likely to be affected by that occurrence;
or
(b) act in accordance with the procedure specified in its certification practice statement to
deal with such event or situation.
120
CHAPTER VII
Appendix - II
121
(b) it has published the Digital Signature Certificate or otherwise made it available to such person
relying on it and the subscriber has accepted it;
(c) the subscriber holds the private key corresponding to the public key, listed in the Digital Signature
Certificate;
(d) the subscribers public key and private key constitute a functioning key pair,
(e) the information contained in the Digital Signature Certificate is accurate;
and
(f) it has no knowledge of any material fact, which if it had been included in the Digital Signature
Certificate would adversely affect the reliability of the representations made in clauses (a) to
(d).
122
(2) Subject to the provisions of sub-section (3) and without prejudice to the provisions of subsection (1), a CertifyingAuthority may revoke a Digital Signature Certificate which has been
issued by it at any time, if it is of opinion that
(a) a material fact represented in the Digital Signature Certificate is false or has been concealed;
(b) a requirement for issuance of the Digital Signature Certificate was not satisfied;
(c) the Certifying Authoritys private key or security system was compromised in a manner
materially affecting the Digital Signature Certificates reliability;
(d) the subscriber has been declared insolvent or dead or where a subscriber is a firm or a
company, which has been dissolved, wound-up or otherwise ceased to exist
(3) A Digital Signature Certificate shall not be revoked unless the subscriber has been given an
opportunity of being heard in the matter.
(4) On revocation of a Digital Signature Certificate under this section, the Certifying Authority
shall communicate the same to the subscriber.
CHAPTER VIII
DUTIES OF SUBSCRIBERS
40. Generating key pair.
Where any Digital Signature Certificate, the public key of which corresponds to the private key of that
subscriber which is to be listed in the Digital Signature Certificate has been accepted by a subscriber,
then, the subscriber shall generate the key pair by applying the security procedure.
Appendix - II
123
CHAPTER IX
124
computer system or computer network including information or data held or stored in any
removable storage medium;
(c) Introduces or causes to be introduced any computer contaminant or computer virus into any
computer, computer system or computer network;
(d) Damages or causes to be damaged any computer, computer system or computer network,
data, computer data base or any other programmes residing in such computer, computer system
or computer network;
(e) Disrupts or causes disruption of any computer, computer system or computer network;
(f) Denies or causes the denial of access to any person authorized to access any computer, computer
system or computer network by any means;
(g) Provides any assistance to any person to facilitate access to a computer, computer system or
computer network in contravention of the provisions of this Act, rules or regulations made
thereunder;
(h) Charges the services availed of by a person to the account of another person by tampering with
or manipulating any computer, computer system, or computer network,
he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the
person so affected.
Explanation.For the purposes of this section,
(i) computer contaminant means any set of computer instructions that are designed
(a) to modify, destroy, record, transmit data or programme residing within a computer, computer
system or computer network; or
(b) by any means to usurp the normal operation of the computer, computer system, or computer
network;
(ii) computer data base means a representation of information, knowledge, facts, concepts or
instructions in text, image, audio, video that are being prepared or have been prepared in a
formalized manner or have been produced by a computer, computer system or computer network
and are intended for use in a computer, computer system or computer network;
(iii) computer virus means any computer instruction, information, data or programme that destroys,
damages, degrades or adversely affects the performance of a computer resource or attaches
itself to another computer resource and operates when a programme, data or instruction is
executed or some other event takes place in that computer resource;
(iv) damage means to destroy, alter, delete, add, modify or rearrange any computer resource by
any means.
Appendix - II
125
126
(5) Every adjudicating officer shall have the powers of a civil court which are conferred oh the
Cyber Appellate Tribunal under sub-section (2) of section 58, and
(a) all proceedings before it shall be deemed to be judicial proceedings within the meaning of
sections 193 and 228 of the Indian Penal Code;
(b) shall be deemed to be a civil court for the purposes of sections 345 and 346 of the Code
of Criminal Procedure, 1973.
CHAPTER X
Appendix - II
127
52. Salary, allowances and other terms and conditions of service of Presiding
Officer.
The salary and allowances payable to, and the other terms and conditions of service including pension,
gratuity and other retirement benefits of. the Presiding Officer of a Cyber Appellate Tribunal shall be
such as may be prescribed:
Provided that neither the salary and allowances nor the other terms and conditions of service of the
Presiding Officer shall be varied to his disadvantage after appointment.
128
55. Orders constituting Appellate Tribunal to be final and not to invalidate its
proceedings.
No order of the Central Government appointing any person as the Presiding Officer of a Cyber
Appellate Tribunal shall be called in question in any manner and no act or proceeding before a Cyber
Appellate Tribunal shall be called in question in any manner on the ground merely of any defect in the
constitution of a Cyber Appellate Tribunal.
Appendix - II
129
60. Limitation.
The provisions of the Limitation Act, 1963, shall, as far as may be, apply to an appeal made to the
Cyber Appellate Tribunal.
61. Civil court not to have jurisdiction.
No court shall have jurisdiction to entertain any suit or proceeding in respect of any matter which an
adjudicating officer appointed under this Act or the Cyber Appellate Tribunal constituted under this Act is
empowered by or under this Act to determine and no injunction shall be granted by any court or other
authority in respect of any action taken or to be taken in pursuance of any power conferred by or under
this Act.
130
62. Appeal to High Court.
Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal to
the High Court within sixty days from the date of communication of the decision or order of the Cyber
Appellate Tribunal to him on any question of fact or law arising out of such order
Provided that the High Court may, if it is satisfied that the appellant was prevented by sufficient cause
from filing the appeal within the said period, allow it to be filed within a further period not exceeding sixty
days.
Appendix - II
131
CHAPTER XI
OFFENCES
65. Tampering with computer source documents.
Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes
another to conceal, destroy or alter any computer source code used for a computer, computer programme,
computer system or computer network, when the computer source code is required to be kept or maintained
by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine
which may extend up to two lakh rupees, or with both.
Explanation.For the purposes of this section, computer source code means the listing of
programmes, computer commands, design and layout and programme analysis of computer resource in
any form.
132
(2) Any person who fails to comply with any order under sub-section (1) shall be guilty of an
offence and shall be liable on conviction to imprisonment for a term not exceeding three years or
to a Fine not exceeding two lakh rupees or to both.
Appendix - II
133
correspondence, information, document or other material to any other person shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to one lakh
rupees, or with both.
76. Confiscation.
Any computer, computer system, floppies, compact disks, tape drives or any other accessories related
thereto, in respect of which any provision of this Act. rules, orders or regulations made thereunder has
been or is being contravened, shall be liable to confiscation:
Provided that where it is established to the satisfaction of the court adjudicating the confiscation that
the person in whose possession, power or control of any such computer, computer system, floppies,
134
compact disks, tape drives or any other accessories relating thereto is found is not responsible for the
contravention of the provisions of this Act, rules, orders or regulations made thereunder, the court may,
instead of making an order for confiscation of such computer, computer system, floppies, compact disks,
tape drives or any other accessories related thereto, make such other order authorized by this Act against
the person contravening of the provisions of this Act, rules, orders or regulations made thereunder as it
may think fit.
CHAPTER XII
Appendix - II
135
CHAPTER XIIL
MISCELLANEOUS
80. Power of police officer and other officers to enter, search, etc.
(1) Notwithstanding anything contained in the Code of Criminal Procedure, 1973, any police officer,
not below the rank of a Deputy Superintendent of Police, or any other officer of the Central
Government or a State Government authorized by the Central Government in this behalf may
enter any public place and search and arrest without warrant any person found therein who is
reasonably suspected or having committed or of committing or of being about to commit any
offence under this Act
Explanation.For the purposes of this sub-section, the expression public place includes any public
conveyance, any hotel, any shop or any other place intended for use by, or accessible to the public.
(2) Where any person is arrested under sub-section (1) by an officer other than a police officer,
such officer shall, without unnecessary delay, take or send the person arrested before a magistrate
having jurisdiction in the case or before the officer-in-charge of a police station.
(3) The provisions of the Code of Criminal Procedure, 1973 shall, subject to the provisions of this
section, apply, so far as may be, in relation to any entry, search or arrest, made under this
section.
136
Government, the Controller or any person acting on behalf of him, the Presiding Officer, adjudicating
officers and the staff of the Cyber Appellate Tribunal for anything which is in good faith done or intended
to be done in pursuance of this Act or any rule, regulation or order made thereunder.
Appendix - II
137
ii.
the electronic form in which filing, issue, grant or payment shall be effected under
sub-section (1) of section 6;
iii.
the manner and format in which electronic records shall be filed, or issued and the
method of .payment under sub-section (2) of section 6;
iv.
the matters relating to the type of digital signature, manner and format in which it may
be affixed under section 10;
v.
the security procedure for the purpose of creating secure electronic record and secure
digital signature under section 16;
vi.
the qualifications, experience and terms and conditions of service of Controller, Deputy
Controllers and Assistant Controllers under section 17;
vii.
other standards to be observed by the Controller under clause (b) of subsection (2) of
section 20;
viii.
the requirements which an applicant must fulfil under sub-section (2) of section 21;
ix.
the period of validity of licence granted under clause (a) of sub-section (3) of section
21;
x.
the form in which an application for licence may be made under sub-section (1) of
section 22;
xi.
the amount of fees payable under clause (c) of sub-section (2) of section 22;
xii.
such other documents which shall accompany an application for licence under clause
(a) of sub-section (2) of section 22;
xiii.
the form and the fee for renewal of a licence and the fee payable there of under
section 23;
xiv.
the form in which application for issue of a Digital Signature Certificate may be made
under sub-section (1) of section 35;
138
xv.
the fee to be paid to the CertifyingAuthority for issue of a Digital Signature Certificate
under sub-section (2) of section 35;
xvi.
the manner in which the adjudicating officer shall hold inquiry under subsection (1) of
section 46;
xvii. the qualification and experience which the adjudicating officer shall possess under
sub-section (3) of section 46;
xviii. the salary, allowances and the other terms and conditions of service of the Presiding
Officer under section 52;
xix.
xx.
the salary and allowances and other conditions of service of other officers and
employees under sub-section (3) of section 56;
xxi.
the form in which appeal may be filed and the fee thereof under sub -section (3) of
section 57;
xxii. any other power of a civil court required to be prescribed under clause (g) of subsection (2) of section 58; and
xxiii. any other matter which is required to be, or may be, prescribed.
(3) Every notification made by the Central Government under clause (f) of subsection (4) of
section 1 and every rule made by it shall be laid, as soon as may be after it is made, before each
House of Parliament, while it is in session, for a total period of thirty days which may be comprised
in one session or in two or more successive sessions, and if, before the expiry of the session
immediately following the session or the successive sessions aforesaid, both Houses agree in
making any modification in the notification or the rule or both Houses agree that the notification
or the rule should not be made, the notification or the rule shall thereafter have effect only in
such modified form or be of no effect, as the case may be; so, however, that any such modification
or annulment shall be without prejudice to the validity of anything previously done under that
notification or rule.
Appendix - II
139
140
of no effect, as the case may be; so, however, that any such modification or annulment shall be
without prejudice to the validity of anything previously done under that regulation.
Appendix - II
141
(45 of 1860)
After section 29, the following section shall be inserted, namely:
Electronic record.
29A. The words electronic record shall have the meaning assigned to them in clause (t) of subsection (1) of section 2 of the Information Technology Act, 2000..
2. In section 167, for the words such public servant, charged with the preparation or translation of
any document, frames or translates that document, the words such public servant, charged
with the preparation or translation of any document or electronic record, frames, prepares or
translates that document or electronic record shall be substituted.
3. In section 172, for the words produce a document in a Court of Justice, the words produce a
document or an electronic record in a Court of Justice shall be substituted.
4. In section 173, for the words to produce a document in a Court of Justice, the words to
produce a document or electronic record in a Court of Justice shall be substituted.
5. In section 175, for the word document at both the places where it occurs, the words document
or electronic record shall be substituted.
6. In section 192, for the words makes any false entry in any book or record, or makes any
document containing a false statement, the words makes any false entry in any book or
record, or electronic record or makes any document or electronic record containing a false
statement shall be substituted.
7. In section 204, for the word document at both the places where it occurs, the words document
or electronic record shall be substituted.
8. In section 463, for the words Whoever makes any false documents or part of a document with
intent to cause damage or injury, the words Whoever makes any false documents or false
electronic record or part of a document or electronic record, with intent to cause damage or
injury shall be substituted.
9. In section 464,
(a) for the portion beginning with the words A person is said to make a false document and
ending with the words by reason of deception practiced upon him, he does not know the
contents of the document or the nature of the alteration, the following shall be substituted,
namely:
A person is said to make a false document or false electronic record
FirstWho dishonestly or fraudulently
142
(a)
(b)
(c)
(d)
makes any mark denoting the execution of a document or the authenticity of the
digital signature,
with the intention of causing it to be believed that such document or part of document, electronic
record or digital signature was made, signed, sealed, executed, transmitted or affixed by or by the authority
of a person by whom or by whose authority he knows that it was not made, signed, sealed, executed or
affixed; or
SecondlyWho, without lawful authority, dishonestly or fraudulently, by cancellation or otherwise,
alters a document or an electronic record in any material part thereof, after it has been made, executed or
affixed with digital signature either by himself or by any other person, whether such person be living or
dead at the time of such alteration; or
ThirdlyWho dishonestly or fraudulently causes any person to sign, seal, execute or alter a document
or an electronic record or to affix his digital signature on any electronic record knowing that such
person by reason of unsoundness of mind or intoxication cannot, or that by reason of deception practiced
upon him, he does not know the contents of the document or electronic record or the nature of the
alteration. ;
(b) after Explanation 2, the following Explanation shall be inserted at the end, namely:
Explanation 3.For the purposes of this section, the expression affixing digital signature shall
have the meaning assigned to it in clause (d) of subsection (1) of section 2 of the Information Technology
Act, 2000..
10. In section 466,
(a) for the words Whoever forges a document, the words Whoever forges a document or
an electronic record shall be substituted;
(b) the following Explanation shall be inserted at the end, namely:
Explanation.For the purposes of this section, register includes any list, data or record of any
entries maintained in the electronic form as defined in clause (r) of sub-section (1) of section 2 of the
Information Technology Act, 2000..
11. In section 468, for the words document forged, the words document or electronic record
forged shall be substituted.
Appendix - II
143
12. In section 469, for the words intending that the document forged, the words intending that
the document or electronic record forged shall be substituted.
13. In section 470, for the word document in both the places where it occurs, the words document
or electronic record shall be substituted.
14. In section 471, for the word document wherever it occurs, the words document or electronic
record shall be substituted.
15. In section 474, for the portion beginning with the words Whoever has in his possession any
document and ending with the words if the document is one of the description mentioned in
section 466 of this Code, the following shall be substituted, namely:
Whoever has in his possession any document or electronic record, knowing the same to be
forged and intending that the same shall fraudulently or dishonestly be used as a genuine, shall,
if the document or electronic record is one of the description mentioned in section 466 of this
Code..
16. In section 476, for the words any document, the words any document or electronic record
shall be substituted.
17. In section 477A, for the words book, paper, writing at both the places where they occur, the
words book, electronic record, paper, writing shall be substituted.
144
2. In section 17, for the words oral or documentary,, the words oral or documentary or contained
in electronic form shall be substituted.
3. After section 22, the following section shall be inserted, namely:
When oral admission as to contents of electronic records are relevant.
22A. Oral admissions as to the contents of electronic records are not relevant, unless the
genuineness of the electronic record produced is in question..
4. In section 34, for the words Entries in the books of account, the words Entries in the books
of account, including those maintained in an electronic form shall be substituted.
5. In section 35, for the word record, in both the places where it occurs, the words record or an
electronic record shall be substituted.
6. For section 39, the following section shall be substituted, namely:
What evidence to be given when statement forms part of a conversation, document, electronic
record, book or series of letters or papers.
39. When any statement of which evidence is given forms part of a longer statement, or of a
conversation or pan of an isolated document, or is contained in a document which forms part of
a book, or is contained in part of electronic record or of a connected series of letters or papers,
evidence shall be given of so much and no more of the statement, conversation, document,
electronic record, book or series of letters or papers as the Court considers necessary in that
particular case to the full understanding of the nature and effect of the statement, and of the
circumstances under which it was made..
7. After section 47, the following section shall be inserted, namely:
Opinion as to digital signature where relevant.
47A. When the Court has 10 form an opinion as to the digital signature of any person, the
opinion of the Certifying Authority which has issued the Digital Signature Certificate is a relevant
fact..
8. In section 59, for the words contents of documents the words contents of documents or
electronic records shall be substituted.
9. After section 65, the following sections shall be inserted, namely:
Special provisions as to evidence relating to electronic record.
65A. The contents of electronic records may be proved in accordance with the provisions of
section 65B.
Appendix - II
145
146
(4) In any proceedings where it is desired to give a statement in evidence by virtue of this section,
a certificate doing any of the following things, that is to say,
(a) identifying the electronic record containing the statement and describing the manner in
which it was produced;
(b) giving such particulars of any device involved in the production of that electronic record
as may be appropriate for the purpose of showing that the electronic record was produced
by a computer;
(c) dealing with any of the matters to which the conditions mentioned in sub-section (2)
relate,
and purporting to be signed by a person occupying a responsible official position in relation to the
operation of the relevant device or the management of the relevant activities (whichever is appropriate)
shall be evidence of any matter stated in the certificate; and for the purposes of this sub-section it shall be
sufficient for a matter to be stated to the best of the knowledge and belief of the person stating it.
(5) For the purposes of this section,
(a) information shall be taken to be supplied to a computer if it is supplied thereto in any
appropriate form and whether it is so supplied directly or (with or without human
intervention) by means of any appropriate equipment;
(b) whether in the course of activities carried on by any official, information is supplied with
a view to its being stored or processed for the purposes of those activities by a computer
operated otherwise than in the course of those activities, that information, if duly supplied
to that computer, shall be taken to be supplied to it in the course of those activities;
(c) a computer output shall be taken to have been produced by a computer
whether it was produced by it directly or (with or without human intervention)
by means of any appropriate equipment.
Explanation.For the purposes of this section any reference to information being derived from other
information shall be a reference to its being derived therefrom by calculation, comparison or any other
process.
10. After section 67, the following section shall be inserted, namely:
Proof as to digital signature.
67A. Except in the case of a secure digital signature, if the digital signature of any subscriber
is alleged to have been affixed to an electronic record the fact that such digital signature is the
digital signature of the subscriber must be proved..
Appendix - II
147
11. After section 73, the following section shall be inserted, namely:
Proof as to verification of digital signature.
73A. In order to ascertain whether a digital signature is that of the person by whom it purports
to have been affixed, the Court may direct
(a) that person or the Controller or the Certifying Authority to produce the Digital Signature
Certificate;
(b) any other person to apply the public key listed in the Digital Signature Certificate and
verify the digital signature purported to have been affixed by that person.
Explanation.For the purposes of this section, Controller means the Controller appointed under
sub-section (1) of section 17 of the Information Technology Act, 2000'.
12. Presumption as to Gazettes in electronic forms.
After section 81, the following section shall be inserted, namely:
81 A. The Court shall presume the genuineness of every electronic record purporting to be the
Official Gazette, or purporting to be electronic record directed by any law to be kept by any
person, if such electronic record is kept substantially in the form required by law and is produced
from proper custody..
13. Presumption as to electronic agreements.
After section 85, the following sections shall be inserted, namely:
85A. The Court shall presume that every electronic record purporting to be an agreement
containing the digital signatures of the parties was so concluded by affixing the digital signature
of the parties.
Presumption as to electronic records and digital signatures.
85B. (1) In any proceedings involving a secure electronic record, the Court shall presume unless
contrary is proved, that the secure electronic record has not been altered since the specific point
of time to which the secure status relates.
(2) In any proceedings, involving secure digital signature, the Court shall presume unless the contrary
is proved that
(a) the secure digital signature is affixed by subscriber with the intention of signing or approving
the electronic record;
(b) except in the case of a secure electronic record or a secure digital signature, nothing in
148
this section shall create any presumption relating to authenticity and integrity of the electronic
record or any digital signature.
Presumption as to Digital Signature Certificates.
85C. The Court shall presume, unless contrary is proved, that the information listed in a Digital
Signature Certificate is correct, except for information specified as subscriber information which
has not been verified, if the certificate was accepted by the subscriber..
14. Presumption as to electronic messages.
After section 88, the following section shall be inserted, namely:
88A. The Court may presume that an electronic message forwarded by the originator through
an electronic mail server to the addressee to whom the message purports to be addressed
corresponds with the message as fed into his computer for transmission; but the Court shall not
make any presumption as to the person by whom such message was sent.
Explanation.For the purposes of this section, the expressions addressee and originator shall
have the same meanings respectively assigned to them in clauses (b) and (za) of sub-section (1) of
section 2 of the Information Technology Act, 2000..
15. Presumption as to electronic records five years old.
After section 90, the following section shall be inserted, namely:
90A. Where any electronic record, purporting or proved to be five years old, is produced from
any custody which the Court in the particular case considers proper, the Court may presume
that the digital signature which purports to be the digital signature of any particular person was
so affixed by him or any person authorized by him in this behalf.
Explanation.Electronic records are said to be in proper custody if they are in the place in which,
and under the care of the person with whom, they naturally be; but no custody is improper if it is proved
to have had a legitimate origin, or the circumstances of the particular case are such as to render such an
origin probable.
This Explanation applies also to section 81A..
16. For section 131, the following section shall be substituted, namely:
Production of documents or electronic records which another person, having possession, could
refuse to produce.
131. No one shall be compelled to produce documents in his possession or electronic records
under his control, which any other person would be entitled to refuse to produce if they were in
his possession or control, unless such last-mentioned person consents to their production..
Appendix - II
149
150
i.
the safeguards adopted by the system to ensure that data is entered or any other
operation performed only by authorized persons;
ii.
iii.
the safeguards available to retrieve data that is lost due to systemic failure or any
other reasons;
iv.
the manner in which data is transferred from the system to removable media like
floppies, discs, tapes or other electro-magnetic data storage devices;
v.
the mode of verification in order to ensure that data has been accurately transferred
to such removable media;
vi.
vii.
the arrangements for the storage and custody of such storage devices;
viii.
the safeguards to prevent and detect any tampering with the system; and
ix.
any other factor which will vouch for the integrity and accuracy of the system.
(c) a further certificate from the person in-charge of the computer system to the effect that
to the best of his knowledge and belief, such computer system operated properly at the
material time, he was provided with all the relevant data and the printout in question
represents correctly, or is appropriately derived from, the relevant data..
151
APPENDIX - III
Bibliographical Information
I. BOOKS
1.
Reed, Chris- Computer Law 3rd Edn., London, Blackstone Press Pvt. Ltd., 1996.
2.
3.
4.
Campbell, Christian Ed. Law of International On-line Business: A Global Perspective Ed, by Christian
Campbell London, Sweet & Maxwell, 1998.
5.
Chissick, Michael Electronic Commerce: Law and Practice Michael Chissick and Alistair Kelman
London, Sweet & Maxwell, 1999.
6.
Edwards, Lilian Ed. Law and the Internet Regulating Cyberspace Ed. By Lilian Edwards and Charriotte
Waelde Oxford, Hart Publishing, 1997.
7.
Gringras, Clive The Laws of Internet Clive Gringras London, Butterworths, 1997.
8.
Liberty, Ed. Liberating Cyberspace: Civil Liberties, Human Rights and The Internet Ed. By Liberty,
London, Pluto Press, 1999.
9.
Kamath, Nandan Law Relating to Computers, Internet and E-commerce: A Guide to Cyber Laws, Nandan
Kamath Delhi, Universal Law Publishing Co., Ltd., 2000.
10. P.M. Bakshi, An Introduction to Legal and Health Systems, (1998)TILEM, NLSIU, Bangalore.
11.
Matthan, Rahul The Law Relating to Computers and the Internet, Rahul Matthan, New Delhi, Butterworths,
2000.
12. N.R. Madhava Menon, Public Legal Education, (1994), NLSIU, Bangalore.
13. The Criminal Law Review: Crime, Criminal Justice and The Internet London, Sweet & Maxwell, 1998.
152
14. Asija, Pai How to Protect Computer Programs (A case history of the First pure Software Patent), Pal Asija,
Allahabad: Law Publishers (India) Pvt. Ltd., 1983.
15. Lautsch, John C American Standard Handbook of Software Business Law John C Lautsch, Virginia:
Reston Publishing Co., 1985.
16. Lloyd, Ian J Information Technology Law / Ian J Lloyd 2nd Ed. London: Butterworths, 1997.
17. Malik, Vijay Law for Cinemas, Videos and Computer Programmes Vijay Malik 7th Ed. Lucknow: Eastern
Book Co., 1995.
2.
Andrew Feenberg,Alternative Modernity: The Technical Turn in Philosophy and Social Theory,1995,University
of California Press, London.
3.
Ankit Majmudar, A Jurisdiction and the Internet Cyberspace, Nandan Kamath(ed.),Law Relating to Computers,
Internet and E-Commerce,2000,Universal Law Publishing Co. Pvt. Ltd Delhi, at p.17.
4.
Anna Sampaio et al., To Boldly Go (Where No Man has Gone Before):Women and Politics in Cyberspace, Chris
Toulouse and Timothy W. Luke(eds.),The Politics of Cyberspace,1998, Routledge New York and London, at
p.144.
5.
Bhakta Batsal Patnaik et al., A Crime on the Internet-A Challenge Signatures, Nandan Kamath(ed.),Law Relating
to Computers, Internet and E-Commerce,2000,Universal Law Publishing Co. Pvt. Ltd Delhi, at p.229.
6.
David Resnick,AThe Politics of Cyberspace, Chris Toulouse and Dev Saif Gangjee, A Pornography on the
Internet and the Indian Penal Code, Nandan Kamath(ed.),Law Relating to Computers, Internet and ECommerce,2000,Universal Law Publishing Co. Pvt. Ltd Delhi, at p.258.
7.
Devashish Krishan, A Internet evidence and the Indian Legal Regime Internet Cyberspace Nandan
Kamath(ed.),Law Relating to Computers, Internet and E-Commerce, 2000, Universal Law Publishing Co., Pvt.
Ltd., Delhi, at p.48.
8.
Ian J. Lloyd et al., Computer Crime,Chris Reed (ed.),Computer Law,1996,Universal Publishing Co. Pvt. Ltd,
Delhi,at p.241.
9.
Lawrence Lesig, The Law of the Horse: What Cyber Law Might Teach 113 Harvard Law Review at p.501.
10.
Michael Mann, Nation states in Europe and Other Continents: Diversifying, Developing, Not Dying122(3)
Daedalus 1993 at p.141.
11.
Michael Silverleaf,Evidence, Chris Reed (ed.),Computer Law,1996,Universal Publishing Co. Pvt. Ltd, Delhi,
at p.275.
Appendix - III
153
12.
Nandan Kamath, A Understanding Digital Signatures Nandan Kamath(ed.),Law Relating to Computers, Internet
and E-Commerce,2000,Universal Law Publishing Co. Pvt. Ltd Delhi, at p.96.
13.
Nina Godbole, Cyber Crimes, Information Technology ,May 2000 atp.4214. Pranav Sharma et al., A
Censoring Cyberspace - In the Search of an International Regulatory Norm, Nandan Kamath(ed.),Law Relating
to Computers, Internet and E-Commerce,2000,Universal Law Publishing Co. Pvt. Ltd Delhi, at p.272.
15.
Rahul Rao, Sweeping Cobwebs off the law...the law, lawyers and Cyberspace Nandan Kamath(ed.),Law Relating
to Computers, Internet and E-Commerce,2000,Universal Law Publishing Co. Pvt. Ltd Delhi, at p.1.
16.
Shelly M. Liberto, A Supreme Court Strikes Down Decency Act in Defense of Internet Chaos WWWIZ
magazine, September 1997, Legal Issue.
17.
18.
III. WEBSITES
http://www.epic.org/epic/staff/banisar/hacker.html
http://www.cybercrime.gov.html
http://ramapages.onramp.net/dgmccown/a-fedcc.html
http://www.ascusc.org/jcmc/vol2/issue1/due.html
http://vjolt.student.virginie.edu/graphics/vol1_art3.html http://www.emergis.com/en/solutions/list/epayment/
bill_presentment .html
http://conferences.americanbanker.com/conferences/EBPP/ebpp_5easy.html
http://conferences.americanbanker.com/conferences/EBPP/agenda.html
http://www.ifs.univie.ac.at/~pr2gq1/rev4344.html
http://www.usdoj.govopa/pr/1996/March96/146.1.html
10.http://www.ascusc.org/jcmc/vol2/issue1/juris.html
IV . ONLINE JOURNALS
Federal Communications Law Journal
John Marshall Journal of Computer and Information Law
Journal of Computer - Mediated Communication
Journal of Information Law and Technology (JILT)
154
Journal of Law and Information Science
The Journal of Online Law
Journal of Technology Law & Policy
LSN Cyberspace Law
Netwatchers Cyberzine
Richmond Journal of Law & Technology
Santa Clara Computer & High Technology Law Journal
Technology Law Column
UCLA Bulletin of Law & Technology
Villanova Information Law Chronicle
Web Journal of Current Legal Issues.
* * * *