Get documents about "Cyber Laws
Document Sample
CYBER LAWS AND
CODE OF ETHICS
K Anvar Sadath
Manager (e-Governance)
Kerala State IT Mission
CYBER LAWS
FOR TRANSACTIONS IN „CYBER SPACE‟
• Cyber Property
• Trademarks, Domain names, Copyright, Patents,
Cyber Frauds…
• Cyber Contracts
• Cyber Documents and digital signatures
• Right to Free Speech
• Cyber Privacy
• Protection against Spamming, Cyber stalking…
• Right for Peaceful cyber existence
• Protection against Intrusion, Virus, Hacking…
INFORMATION TECHNOLOGY ACT, 2000
• Aims to provide a legal and regulatory framework for
promotion of e-Commerce and e-Governance.
• Enacted on 7th June 2000 and was notified in the official
gazette on 17th October 2000.
• India became the 12th nation in the world to enact
a Cyber law.
• Review on 2005 - Draft Amendments published
IT ACT, 2000 –MAJOR PROVISIONS
• Extends to the whole of India
• Electronic contracts will be legally valid
• Legal recognition of digital signatures
• Security procedure for electronic records and digital
signature
• Appointment of Controller of Certifying Authorities
to license and regulate the working of Certifying
Authorities
IT ACT, 2000 –MAJOR PROVISIONS (Contd..)
• Certifying Authorities to get License from the
Controller to issue digital signature certificates
• Various types of computer crimes defined and
stringent penalties provided under the Act
• Appointment of Adjudicating Officer for holding
inquiries under the Act
• Establishment of Cyber Regulatory Appellate
Tribunal under the Act
IT ACT, 2000 –MAJOR PROVISIONS (Contd..)
• Appeal from order of Adjudicating Officer to Cyber
Appellate Tribunal and not to any Civil Court
• Appeal from order of Cyber Appellate Tribunal to
High Court
• Act to apply for offences or contraventions
committed outside India
• Network service providers not to be liable in certain
cases
IT ACT, 2000 –MAJOR PROVISIONS (Contd..)
• Power of police officers and other officers to enter
into any public place and search and arrest without
warrant
• Constitution of Cyber Regulations Advisory
Committee to advise the Central Government and
the Controller
IT ACT, 2000 –ENABLES:
• Legal recognition of digital signature is at par with
the handwritten signature
• Electronic Communication by means of reliable
electronic record
• Acceptance of contract expressed by electronic
means
• Electronic filing of documents
• Retention of documents in electronic form
IT ACT, 2000 –ENABLES: (Contd..)
• Uniformity of rules, regulations and standards
regarding the authentication and integrity of
electronic records or documents
• Publication of official gazette in the electronic form
• Interception of any message transmitted in the
electronic or encrypted form
Changes / modifications in other
prevailing Acts..
• Indian Evidence Act, 1872
• Indian Penal Code, 1860
• Banker's Book Evidence Act, 1891
• Reserve Bank of India Act, 1934
Changes / modifications in other
prevailing Acts..
• Indian Evidence Act, 1872
• Indian Penal Code, 1860
• Banker's Book Evidence Act, 1891
• Reserve Bank of India Act, 1934
Excluded from the purview of the IT Act
• A negotiable instrument as defined in Negotiable
Instruments Act, 1881
• A power-of-attorney as defined in Powers-of-
Attorney Act, 1882
• A trust as defined in the Indian Trusts Act, 1882
• A will as defined in the Indian Succession Act 1925
including any other testamentary disposition by
whatever name called
Excluded from the purview of the IT Act
• Any contract for the sale or conveyance of
immovable property or any interest in such property
• Any such class of documents or transactions
as may be notified by the Central
Government in the Official Gazette.
Digital Signatures
• If a message should be readable but not modifiable, a digital
signature is used to authenticate the sender
Parameter Paper Electronic
Authenticity May be forged Cannot be copied
Integrity Signature Signature depends
independent of the on the contents of
document the document
Non-repudiation a.Handwriting a.Any computer
expert needed user
b.Error prone b.Error free
http://www.cca.gov.in
Licensed CAs :
• Safescrypt
• NIC
• IDRBT
• TCS
• MTNL
• Customs & Central Excise
• (n) Code Solutions CA (GNFC)
Hardware Tokens
Smart Card
iKey
Paper IDRBT Certificate Electronic
Civil Offences under the IT Act 2000
(Section 43 )
• Unauthorised copying, extracting and downloading
of any data, database
• Unauthorised access to computer, computer system
or computer network
• Introduction of virus
• Damage to computer System and Computer
Network
• Disruption of Computer, computer network
Civil Offences under the IT Act 2000
(contd..) (Section 43 )
• Denial of access to authorised person to computer
• Providing assistance to any person to facilitate
unauthorised access to a computer
• Charging the service availed by a person to an
account of another person by tampering and
manipulation of other computer
shall be liable to pay damages by way of compensation not
exceeding one crore rupees to the person so affected.
Criminal Offences under the IT Act 2000
(Sections 65 to 75)
• Tampering with computer source documents
• Hacking with computer system
"Whoever with the intent to cause or knowing that he is likely
to cause wrongful loss or damage to the public or any person
destroys or deletes or alters any information residing in a
computer resource or diminishes its value or utility or affects
it injuriously by any means, commits hacking."
• …shall be punishable with imprisonment up to three years, or
with fine which may extend up to two lakh rupees, or with
both.
Criminal Offences under the IT Act 2000 …
• Electronic forgery I.e. affixing of false digital signature,
making false electronic record
• Electronic forgery for the purpose of cheating
• Electronic forgery for the purpose of harming reputation
• Using a forged electronic record
• Publication of digital signature certificate for fraudulent
purpose
• Offences and contravention by companies
Criminal Offences under the IT Act 2000 …
67. Publishing of information which is obscene in electronic
form.
"Whoever publishes or transmits or causes to be published
in the electronic form, any material which is lascivious or
appeals to the prurient interest or if its effect is such as to
tend to deprave and corrupt persons who are likely, having
regard to all relevant circumstances, to read, see or hear the
matter contained or embodied in it, shall be punished on first
conviction with imprisonment of either description for a term
which may extend to five years and with fine which may
extend to one lakh rupees and in the event of a second or
subsequent conviction with imprisonment of either
description for a term which may extend to ten years and also
with fine which may extend to two lakh rupees."
Criminal Offences under the IT Act 2000 …
• Electronic forgery I.e. affixing of false digital signature,
making false electronic record
• Electronic forgery for the purpose of cheating
• Electronic forgery for the purpose of harming reputation
• Using a forged electronic record
• Publication of digital signature certificate for fraudulent
purpose
• Offences and contravention by companies
• Unauthorised access to protected system
Criminal Offences under the IT Act 2000 …
• Confiscation of computer, network, etc.
• Unauthorised access to protected system (Sec. 70)
• Misrepresentation or suppressing of material facts for
obtaining Digital Signature Certificates
• Directions of Controller to a subscriber to extend facilities
to decrypt information (Sec. 69)
• Breach of confidentiality and Privacy (Sec. 72)
Criminal Offences under the IT Act 2000 …
• Confiscation of computer, network, etc.
• Unauthorised access to protected system (Sec. 70)
• Misrepresentation or suppressing of material facts for
obtaining Digital Signature Certificates
• Directions of Controller to a subscriber to extend facilities
to decrypt information (Sec. 69)
• Breach of confidentiality and Privacy (Sec. 72)
Criminal Offences under the IT Act 2000 …
• Offence or contravention commited outside India (Sec. 75)
by any person irrespective of his nationality.
• Network service providers not to be liable in certain case
(Sec. 79 )
…no person providing any service as a network service
provider shall be liable under this Act, rules or regulations
made there under for any third party information or data
made available by him if he proves that the offence or
contravention was committed without his knowledge or that
he had exercised all due diligence to prevent the commission
of such offence or contravention.
Vulnerabilities Reported
6000
5000
4000
3000
2000
1000
0
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005
Vulnerabilities
The Web
• The web was not designed with security in mind
• The typical web user is not very educated, nor
security conscious
• In fact, even some System Administrators are not
sufficiently security conscious!
• The wide distribution of access points (eg., cyber
cafes) also makes building secure applications a
challenge
• A large number of applications use the web
(informational, educational, entertainment,
transactional, governance...) as transport
Common Web exploits ..
• Password guessing
• Proxies and man-in-the-middle attack
• HTML comments
• “Forgot password” implementations
• Keystroke loggers
• SQL injection
• Command injection
• URL manipulation
• XSS
Spam
• Spam has become a major consumer of
bandwidth, disk space and users' time, with
imputed costs running into millions of dollars
• All kinds of material ride the Net as spam: chain
letters, advertisements, virus hoaxes, scams...
• Never reply to spam, as the spammer now
knows that he has a valid email ID
• Despite legislation, spam filters and smart mail
clients (eg., gmail), spam occupies about 30% of
all email today, growing at about 20% each year
Spam and Spim
• At this rate, 99% of all email will be spam by the
year 2009 !
• Some spammers user automated techniques
(eg., a graphic image embedded in a spam
through a CGI script) to separate real email ids
from fake ones
• Spim is similar to spam, but the carriers are IMs
(Instant Messengers)
• Spim is set to treble from 400 million in 2003 to
1.2 billion this year
Scams
• There are several scams that are using the
Internet and print media to circulate:
– Nigeria (419) scam
– Auction fraud
– Patent medication (Cialis, herbal viagra)
– Pump-and-dump stock market scam
– Viruses
– Chain letters (“Microsoft will pay you $25”)
– Identity theft
– Lottery
Scams
– “Work from home and make big money”
– Health and diet scams
– “Spy on anyone”
– Get credit card numbers and site passwords
– Scholarship scams
– Telephone billing scam (bills are charged to
telephone accounts—the lost pet scam)
– Get a college degree
– Get software cheap
– 9/11 donations
– Free computers (cameras, printers...)
Auction scams
• Misrepresentation of item or value
• Failure to ship
• Failure to pay (bounced cheques, stolen cards)
• Shilling (artificially boosting bids by accomplices)
• Bid shielding (using phony bids to scare away real
bidders and finally retracting the bid)
• Piracy (of music or other counterfeit material)
• Fencing (selling stolen goods)
• Buy and switch (buying and then returning a
different, but damaged item)
• Shell auction (no merchandise exists)
Identity theft
• When someone appropriates your personal
information in order to commit fraud or theft
• Credentials (Name, email, address, social
security number, credit card number) can be
obtained through a variety of mechanisms
(including a lost wallet)
• In the West, ID theft can be serious, as the
fraudster can completely take over the ID (and
deny the original owner of medical care, bank
credit and even mail!)
Cyberterrorism
• After 9/11, there is substantial attention on the
use of the Internet by terrorist groups
• These groups use techniques such as
steganography to multicast messages
• Apart from images and sounds, the latest
discovery is that secret messages can be hidden
in in the most common mail--Spam!
Phishing
• A high-tech scam of spoofing trusted sites
by misleading links (esp. in HTML mail or a
link like
www.ebay.com@members.tripod.com)
• Aimed to fool inexperienced (and some
experienced) users
• Can result in loss of user credentials and
financial loss
CYBER FORENSICS IS……
“The unique process of identifying, preserving,
analyzing and presenting digital evidence in a
manner that is legally accepted.”
TYPICAL TOOLS (from CDAC)
– EMAIL TRACER : Tracing
– TRUEBACK : Seizure and acquisition
– CYBERCHECK : Analysis
Domain Name Battles
• www.radiff.com Vs www.rediff.com
• www.yahooindia.com Vs www.yahoo.com
• www.jeevanbhima.com ( LIC Vs ICICI )
• www.indiainfospace .com Vs infospace
• Tata.com
• Satyama.net, .org
• www.yoohoo.com (thailand)
• Madonna
THANK YOU
K ANVAR SADATH
anvar.k@gmail.com
