Docstoc

Cyber Laws

Document Sample
Cyber Laws Powered By Docstoc
					CYBER LAWS AND
CODE OF ETHICS




         K Anvar Sadath
        Manager (e-Governance)
        Kerala State IT Mission
                    CYBER LAWS
           FOR TRANSACTIONS IN „CYBER SPACE‟
•   Cyber Property
       • Trademarks, Domain names, Copyright, Patents,
          Cyber Frauds…
•   Cyber Contracts
       • Cyber Documents and digital signatures
•   Right to Free Speech
•   Cyber Privacy
       • Protection against Spamming, Cyber stalking…
•   Right for Peaceful cyber existence
       • Protection against Intrusion, Virus, Hacking…
INFORMATION TECHNOLOGY ACT, 2000
• Aims to provide a legal and regulatory framework for
  promotion of e-Commerce and e-Governance.

• Enacted on 7th June 2000 and was notified in the official
  gazette on 17th October 2000.

• India became the 12th nation in the world to enact
  a Cyber law.

• Review on 2005 - Draft Amendments published
  IT ACT, 2000 –MAJOR PROVISIONS

• Extends to the whole of India

• Electronic contracts will be legally valid

• Legal recognition of digital signatures

• Security procedure for electronic records and digital
  signature

• Appointment of Controller of Certifying Authorities
  to license and regulate the working of Certifying
  Authorities
IT ACT, 2000 –MAJOR PROVISIONS (Contd..)

 • Certifying Authorities to get License from the
   Controller to issue digital signature certificates

 • Various types of computer crimes defined and
   stringent penalties provided under the Act

 • Appointment of Adjudicating Officer for holding
   inquiries under the Act

 • Establishment of Cyber Regulatory Appellate
   Tribunal under the Act
IT ACT, 2000 –MAJOR PROVISIONS (Contd..)

 • Appeal from order of Adjudicating Officer to Cyber
   Appellate Tribunal and not to any Civil Court

 • Appeal from order of Cyber Appellate Tribunal to
   High Court

 • Act to apply for offences or contraventions
   committed outside India

 • Network service providers not to be liable in certain
   cases
IT ACT, 2000 –MAJOR PROVISIONS (Contd..)

 • Power of police officers and other officers to enter
   into any public place and search and arrest without
   warrant

 • Constitution of Cyber Regulations Advisory
   Committee to advise the Central Government and
   the Controller
          IT ACT, 2000 –ENABLES:

• Legal recognition of digital signature is at par with
  the handwritten signature

• Electronic Communication by means of reliable
  electronic record

• Acceptance of contract expressed by electronic
  means

• Electronic filing of documents

• Retention of documents in electronic form
    IT ACT, 2000 –ENABLES: (Contd..)

• Uniformity of rules, regulations and standards
  regarding the authentication and integrity of
  electronic records or documents

• Publication of official gazette in the electronic form

• Interception of any message transmitted in the
  electronic or encrypted form
 Changes / modifications in other
       prevailing Acts..
• Indian Evidence Act, 1872

• Indian Penal Code, 1860

• Banker's Book Evidence Act, 1891

• Reserve Bank of India Act, 1934
 Changes / modifications in other
       prevailing Acts..
• Indian Evidence Act, 1872

• Indian Penal Code, 1860

• Banker's Book Evidence Act, 1891

• Reserve Bank of India Act, 1934
Excluded from the purview of the IT Act
• A negotiable instrument as defined in Negotiable
  Instruments Act, 1881

• A power-of-attorney as defined in Powers-of-
  Attorney Act, 1882

• A trust as defined in the Indian Trusts Act, 1882

• A will as defined in the Indian Succession Act 1925
  including any other testamentary disposition by
  whatever name called
Excluded from the purview of the IT Act

• Any contract for the sale or conveyance of
  immovable property or any interest in such property

• Any such class of documents or transactions
  as may be notified by the Central
  Government in the Official Gazette.
                   Digital Signatures

• If a message should be readable but not modifiable, a digital
  signature is used to authenticate the sender

     Parameter               Paper               Electronic
  Authenticity       May be forged           Cannot be copied



  Integrity          Signature               Signature depends
                     independent of the      on the contents of
                     document                the document

  Non-repudiation a.Handwriting              a.Any computer
                  expert needed              user
                  b.Error prone              b.Error free
                         http://www.cca.gov.in



Licensed CAs :

 • Safescrypt
 • NIC
 • IDRBT
 • TCS
 • MTNL
 • Customs & Central Excise
 • (n) Code Solutions CA (GNFC)
       Hardware Tokens

            Smart Card




iKey
Paper   IDRBT Certificate   Electronic
   Civil Offences under the IT Act 2000
                  (Section 43   )
• Unauthorised copying, extracting and downloading
  of any data, database

• Unauthorised access to computer, computer system
  or computer network

• Introduction of virus

• Damage to computer System and Computer
  Network

• Disruption of Computer, computer network
Civil Offences under the IT Act 2000
(contd..) (Section 43 )

 • Denial of access to authorised person to computer

 • Providing assistance to any person to facilitate
   unauthorised access to a computer

 • Charging the service availed by a person to an
   account of another person by tampering and
   manipulation of other computer


 shall be liable to pay damages by way of compensation not
 exceeding one crore rupees to the person so affected.
   Criminal Offences under the IT Act 2000
              (Sections 65 to 75)
• Tampering with computer source documents

• Hacking with computer system
  "Whoever with the intent to cause or knowing that he is likely
  to cause wrongful loss or damage to the public or any person
  destroys or deletes or alters any information residing in a
  computer resource or diminishes its value or utility or affects
  it injuriously by any means, commits hacking."


• …shall be punishable with imprisonment up to three years, or
  with fine which may extend up to two lakh rupees, or with
  both.
 Criminal Offences under the IT Act 2000 …


• Electronic forgery I.e. affixing of false digital signature,
  making false electronic record

• Electronic forgery for the purpose of cheating

• Electronic forgery for the purpose of harming reputation
• Using a forged electronic record

• Publication of digital signature certificate for fraudulent
  purpose

• Offences and contravention by companies
Criminal Offences under the IT Act 2000 …

67. Publishing of information which is obscene in electronic
form.

"Whoever publishes or transmits or causes to be published
in the electronic form, any material which is lascivious or
appeals to the prurient interest or if its effect is such as to
tend to deprave and corrupt persons who are likely, having
regard to all relevant circumstances, to read, see or hear the
matter contained or embodied in it, shall be punished on first
conviction with imprisonment of either description for a term
which may extend to five years and with fine which may
extend to one lakh rupees and in the event of a second or
subsequent conviction with imprisonment of either
description for a term which may extend to ten years and also
with fine which may extend to two lakh rupees."
 Criminal Offences under the IT Act 2000 …


• Electronic forgery I.e. affixing of false digital signature,
  making false electronic record

• Electronic forgery for the purpose of cheating

• Electronic forgery for the purpose of harming reputation
• Using a forged electronic record

• Publication of digital signature certificate for fraudulent
  purpose

• Offences and contravention by companies

• Unauthorised access to protected system
 Criminal Offences under the IT Act 2000 …


• Confiscation of computer, network, etc.

• Unauthorised access to protected system (Sec. 70)

• Misrepresentation or suppressing of material facts for
  obtaining Digital Signature Certificates

• Directions of Controller to a subscriber to extend facilities
  to decrypt information (Sec. 69)

• Breach of confidentiality and Privacy (Sec. 72)
 Criminal Offences under the IT Act 2000 …


• Confiscation of computer, network, etc.

• Unauthorised access to protected system (Sec. 70)

• Misrepresentation or suppressing of material facts for
  obtaining Digital Signature Certificates

• Directions of Controller to a subscriber to extend facilities
  to decrypt information (Sec. 69)

• Breach of confidentiality and Privacy (Sec. 72)
 Criminal Offences under the IT Act 2000 …


• Offence or contravention commited outside India (Sec. 75)
      by any person irrespective of his nationality.



• Network service providers not to be liable in certain case
  (Sec. 79 )
     …no person providing any service as a network service
     provider shall be liable under this Act, rules or regulations
     made there under for any third party information or data
     made available by him if he proves that the offence or
     contravention was committed without his knowledge or that
     he had exercised all due diligence to prevent the commission
     of such offence or contravention.
                 Vulnerabilities Reported
6000


5000


4000


3000


2000


1000


  0
  1995   1996   1997   1998   1999   2000      2001   2002   2003   2004   2005

                                 Vulnerabilities
                   The Web
• The web was not designed with security in mind
• The typical web user is not very educated, nor
  security conscious
• In fact, even some System Administrators are not
  sufficiently security conscious!
• The wide distribution of access points (eg., cyber
  cafes) also makes building secure applications a
  challenge
• A large number of applications use the web
  (informational, educational, entertainment,
  transactional, governance...) as transport
      Common Web exploits ..

•   Password guessing
•   Proxies and man-in-the-middle attack
•   HTML comments
•   “Forgot password” implementations
•   Keystroke loggers
•   SQL injection
•   Command injection
•   URL manipulation
•   XSS
                        Spam
• Spam has become a major consumer of
  bandwidth, disk space and users' time, with
  imputed costs running into millions of dollars

• All kinds of material ride the Net as spam: chain
  letters, advertisements, virus hoaxes, scams...

• Never reply to spam, as the spammer now
  knows that he has a valid email ID

• Despite legislation, spam filters and smart mail
  clients (eg., gmail), spam occupies about 30% of
  all email today, growing at about 20% each year
             Spam and Spim
• At this rate, 99% of all email will be spam by the
  year 2009 !

• Some spammers user automated techniques
  (eg., a graphic image embedded in a spam
  through a CGI script) to separate real email ids
  from fake ones

• Spim is similar to spam, but the carriers are IMs
  (Instant Messengers)

• Spim is set to treble from 400 million in 2003 to
  1.2 billion this year
                      Scams

• There are several scams that are using the
  Internet and print media to circulate:
  –   Nigeria (419) scam
  –   Auction fraud
  –   Patent medication (Cialis, herbal viagra)
  –   Pump-and-dump stock market scam
  –   Viruses
  –   Chain letters (“Microsoft will pay you $25”)
  –   Identity theft
  –   Lottery
                  Scams

–   “Work from home and make big money”
–   Health and diet scams
–   “Spy on anyone”
–   Get credit card numbers and site passwords
–   Scholarship scams
–   Telephone billing scam (bills are charged to
    telephone accounts—the lost pet scam)
–   Get a college degree
–   Get software cheap
–   9/11 donations
–   Free computers (cameras, printers...)
               Auction scams

•   Misrepresentation of item or value
•   Failure to ship
•   Failure to pay (bounced cheques, stolen cards)
•   Shilling (artificially boosting bids by accomplices)
•   Bid shielding (using phony bids to scare away real
    bidders and finally retracting the bid)
•   Piracy (of music or other counterfeit material)
•   Fencing (selling stolen goods)
•   Buy and switch (buying and then returning a
    different, but damaged item)
•   Shell auction (no merchandise exists)
                Identity theft
• When someone appropriates your personal
  information in order to commit fraud or theft

• Credentials (Name, email, address, social
  security number, credit card number) can be
  obtained through a variety of mechanisms
  (including a lost wallet)

• In the West, ID theft can be serious, as the
  fraudster can completely take over the ID (and
  deny the original owner of medical care, bank
  credit and even mail!)
              Cyberterrorism
• After 9/11, there is substantial attention on the
  use of the Internet by terrorist groups

• These groups use techniques such as
  steganography to multicast messages

• Apart from images and sounds, the latest
  discovery is that secret messages can be hidden
  in in the most common mail--Spam!
                Phishing
• A high-tech scam of spoofing trusted sites
  by misleading links (esp. in HTML mail or a
  link like
  www.ebay.com@members.tripod.com)
• Aimed to fool inexperienced (and some
  experienced) users
• Can result in loss of user credentials and
  financial loss
      CYBER FORENSICS                    IS……




“The unique process of identifying, preserving,
  analyzing and presenting digital evidence in a
  manner that is legally accepted.”

TYPICAL TOOLS (from CDAC)
  – EMAIL TRACER : Tracing
  – TRUEBACK : Seizure and acquisition
  – CYBERCHECK : Analysis
        Domain Name Battles
•   www.radiff.com Vs www.rediff.com
•   www.yahooindia.com Vs www.yahoo.com
•   www.jeevanbhima.com ( LIC Vs ICICI )
•   www.indiainfospace .com Vs infospace
•   Tata.com
•   Satyama.net, .org
•   www.yoohoo.com (thailand)
•   Madonna
THANK YOU




      K ANVAR SADATH
      anvar.k@gmail.com

				
DOCUMENT INFO