Ethics and cyber law

IT Act 2000

Understanding the technology of Internet ( Students need to fine these concepts and note it down)
1) Definition of network
2) Why networking
3) Types of Networks (LAN,MAN,WAN,PAN/SAN)
4) Types to Data Communication Digital/Analog, Modem Simplex, half duplex, full duplex
5) Types of internet connection (Dailup, broadband, leasedline, wifi, wimax)
6) IP (Dynamic IP, Static IP, Public IP) DNS
7) Definition of internet WWW
8) Modems Network servers , mail servers , domain servers , web servers, Network and mobile
towers , Switches, routers etc)
9) Introduction to IT Act, Introduction to LAW
Law an official rule of a country or state that says what people may or may not do
Jurisprudence, or legal theory, is the theoretical study of law. jurisprudence explains the nature of
law and provide a deeper understanding of legal reasoning, legal systems, legal institutions, and the
role of law in society.
Jurisdiction are legal power or authority; the area in which this power can be used
A legislature is a assembly with the authority to make laws for a country or state. Legislatures form
important parts of most governments; 
A statute is a rule or law which has been made by a government or other organization and formally
written down. A statute is a formal written enactment of a legislative authority that governs the legal
entities of a state, or country.
A constitution is an aggregate of fundamental principles that constitute the legal basis of a (political
identity) like country
Adjudication is the legal process by which  judge reviews evidence and argumentation, including
legal reasoning by opposing parties or litigants, to come to a decision which determines rights and
obligations between the parties involved.
Law is a system of rules created and enforced through social or governmental institutions to regulate
behavior
Legal systems vary between countries, in the same concern every country has their own IT act, and in
some countries there is no concept such as IT act.
Law's scope can be divided into two domains. Public law concerns government and society,
including constitutional law, administrative law, and criminal law. Private law deals with legal
disputes between individuals and/or organisations in areas such as contracts,  and commercial law.
Scope of Cyber law is associated with all the areas of business which has a technological touch .there
are mainly six areas of concern for a cyber law  
1
1)e-commerce,
2) online contracts,
3) business software patenting,
4) e-taxation,
5) e-governance,
6) cyber crimes.
e-commerce: In simple words, e-commerce is the commercial transaction of services in the electronic
format.
‘Any transaction conducted over the Internet or through Internet access, comprising the sale, lease, license,
offer or delivery of property, goods, services or information, whether or not for consideration, and includes
the provision of Internet access.‘
Online Contracts: According to the Indian Contract Act, 1872, a contract needs a proposal and an
acceptance of the proposal which transforms into a promise.
Further, a consideration supports the promise and becomes an agreement. Also, an agreement
enforceable by law is a contract. In the online environment, a series of contractual obligations form
online contracts.
Legally speaking, an online contract has the same pre-requisites as a physical contract. At its most
basic level, an online contract needs an online proposal and its online acceptance by the other party.
Business Software Patenting: A patent protects a process. Copyright, on the other hand, protects an
expression. Therefore, patents confer stronger rights than copyrights. Typically, a computer program
has thousands of instructions.
Also, every program is unique since it is a combination of logically arranged algorithms. The
copyright law covers programs, while the algorithms and techniques qualify for patenting.
e-taxation: As e-commerce grew, commercial transactions across country borders increased too. This
led to debates over the issue of taxation.
Many national tax administrations consider e-commerce as having the potential to create new
revenue streams while presenting challenges to the national tax systems. This is because new
technologies are creating possibilities for tax avoidance and evasion.
For accurate tax computation, the tax authorities need a system which provides information
regarding the transacting parties, the volume of transaction and the date, time, and place of the
transaction.
While many experts believe that the existing regulations (domestic and international) are not enough
for e-commerce transactions, there is a need for modifying and adjusting the existing laws due to the
inherently global nature of e-commerce.
e-governance: According to the World Bank, e-governance is the efficient use of information and
technology by government agencies.
It helps them transform their relations with citizens, businesses, and other government agencies.
Also, e-governance involves the use of technology-enabled initiatives for improving –
The interaction between the government and citizens or businesses: e-services

2
The government’s internal operations: e-administration
The external interactions: e-society
Cyber laws support e-governance practices. They promote initiatives like electronic filing of
documents with Government agencies, use of digital signatures, etc.
Cyber Crimes: Cyber Crime is when an individual intentionally uses information technology to
produce destructive and harmful effects on the tangible and/or intangible property of others.
It has no national boundaries and is usually a term for criminal activities involving a computer or a
network as a tool or a target. Here are some common definitions of cybercrime:
A computer crime (cybercrime) is classified into three categories:
A crime where a computer is a target
Crimes where a computer is a tool
Crimes where a computer is tool and target both
Further computer crime into these three categories:
A computer is the subject of the crime – stolen or damaged
A computer is the site of the crime – a fraud or copyright infringement
Also, a computer used as the instrument of a crime – illegal access of other machines or hacking.
Also
Any illegal action where a computer is a tool or object of a crime.
Any incident associated with computers where a culprit intentionally tries to gain access
Computer abuse – any illegal unethical or unauthorized behavior pertaining to automatic processing
and transmission of data.
Digital contract or E-contract
An e-contract is an agreement created and "signed" in electronic form? no paper is used. An example
is a contract that you write on your computer and email to a business associate and that the business
associate emails back with an electronic signature indicating acceptance.
E-contract is one of the divisions of e-business. It holds a similar meaning of traditional business
wherein goods and services are switched for a particular amount of consideration. The only extra
element it has is that the contract here takes place through a digital mode of communication like the
internet. It provides an opportunity for the sellers to reach the end of consumer directly without the
involvement of the middlemen.
Contracts have become so common in day-to-day life that most of the time we do not even recognize
that we have entered into one. Right from buying a vegetable and hiring a Cab or to buying an airline
ticket online, uncountable thing in our daily exists is governed by contracts.
Benefits of Electronic contracts: speed, ease and efficiency. Imagine a contract that an Indian
manufacturer and an American exporter. the whole contract can be accomplished in seconds, with
both parties simply fixing their digital signatures to an electronic copy of the contract. There is no
need for behind couriers and additional travelling costs in such a situation.
An electronic contract also requires the following necessary requirements:

3
1. An offer requirements to be made
In many contacts (whether online or conventional) the offer is not made directly one-on-one. The
consumer ‘browses’ the available goods and services showed on the seller’s website and then chooses
what he would like to purchase. This offer is revocable at any time up to the time of acceptance. 
. 2 The offer needs to be acknowledged
Processes available for forming electronic contracts include:
I. E-mail: Offers and acceptances can be exchanged entirely by e-mail, or can be collective with paper
documents, faxes, telephonic discussions etc.
II. Web Site Forms: The seller can offer goods or services (e.g. air tickets, software etc.) through his
website. The customer places an order by completing and communicating the order form provided
on the website. The goods may be actually delivered later (e.g. in case of clothes, music CDs etc.) or
be directly delivered electronically (e.g. e-tickets, software, mp3 etc.).
III. Online Agreements: Users may need to take an online agreement in order to be able to avail of the
services e.g. clicking on “I accept” while connecting software or clicking on “I agree” while signing
up for an email account.
3. There has to be legal consideration
Any contract to be enforceable by law must have legal consideration, i.e., when both parties give and
receive something in return.
4. There has to be an intention to create lawful relations
If there is no intention on the part of the parties to create lawful relationships, then no contract is
possible between them. 
5. The parties must be able to contract.
Contracts by minors, lunatics etc. are void. All the parties to the contract must be lawfully competent
to enter into the contract.
6. There must be free and unaffected consent
Consent is said to be free when there is absence of misrepresentation, undue influence or fraud. In
other words, there must not be any agitation of the will of any party to the contract to enter such
contract. 
7. The object of the contract need to be lawful
A valid contract presumes a lawful object. Thus a contract for selling narcotic drugs or pornography
online is void.
8. There must be conviction and possibility of performance
A contract, to be enforceable, must not be ambiguous or unclear and there must be possibility of
performance. A contract, which is impossible to perform, cannot be enforced, e.g., where a website
promises to sell land on the moon.
TYPES OF ELECTRONIC CONTRACTS
Employment Contracts: The Information Technology is determined by manpower in Indian context
and thus employment contracts are vital. Firms hiring person need to include the relevant
employment contract of the place of action.
4
Consultant Agreements: The normal requirements of Indian Contracts Act of 1872 will apply on any
consultant agreement. In IT Sector proper care to be taken in Consultant agreements where issues of
Intellectual Property Rights, privacy will play an important role. If care is not taken it may lead to
cost of business and loss of clients.
Contractor Agreements: As manufacturing companies subcontract their business, Information
Technology also subcontract their work due to changing orders and would like to cut on the cost of
regular workforce and attendant legal and financial problems.
Sales, Re-Seller and Distributor Agreements: In software and Internet dealings though the order of
middle men are done away with, it still requires a circulation network and hence prescribed issues
come into play in that feature of business. In first place one needs to see whether software is a good in
the Sale of Goods Act.
Non-Disclosure Agreements: Non-Disclosure Agreements are part of IT contracts, which identify
binding agreements with employees apart from the standard confidentiality agreements.
Software Development and Licensing Agreements: A license is an authorization given to do a
specific manufacture/sales/marketing/distribution, which is legitimate. License plays a prevailing
form of contract in mass marketing activity of any kind including Information Technology. The
license agreement also protects the user from any copyright or other intellectual property violation of
the manufacturer. The licensing agreements become vital in Cyber Contracts.
Shrink Wrap Contracts: A Shrink Wrap contract is the former license agreement required upon the
buyer when he buys software. Before he or she tears the pack to use it, he or she is made mindful by
tearing the cover or the wrap that they are sure by the license agreement of the manufacture. This is
done as previous deliberated to protect the interests of the manufacturer where the consumer cannot
replicate the package, copy it or sell it or donate it to others moving the sale of the software. The
usual sections that are part of the shrink-wrap license are that of
a) prohibiting illegal creation of copies
b) prohibiting payments of the software
c) disclaimer of contracts in respect of the product sold
The reason and business sense is that to guard the manufacturer of the package, as it is easy to copy,
operates and duplicate under other brand name.
Source Code Escrow Agreements: In software development many principal firms who participate in
development are keen to guard the source code of the software, which is the most appreciated and
cautious part of the computer programme. Copyright owners of such source code may have to
disclose this to countless developers who will be developing definite software based on the source
code. In these conditions, the copyright owner will credit the source code to specified source code
escrow agents who will release the code on the development of the product upon agreed terms.
LEGAL FRAMEWORK RELATING TO E-CONTRACT
With the growing importance and value of e-contract in India and across the world, the different
stakeholders are continuously identifying and evaluating the legal outline relating to it. The
participation of different service providers in the transaction of e-contract, which includes a payment
gateway, the main website, the bank or card verification website, the security authorization website
and the final service provider which can also comprise the shipping agent has made the E-contract

5
business more complex. However, several laws acting in unification are trying to regulate the
business transactions of E-contract.
They are as follows:
Indian Contract Act,1872, Consumer Protection Act,1986, Information Technology Act,2000., Indian
Copyright Act,1957.

INTELLECTUAL PROPERTY RIGHTS (IPR)

PROPERTY
Tangible Intangible
INTELLECTUAL PROERTY RIGHTS (IPRs)
Movable Immovable

eg : Car eg: Building

Intellectual Property
Industrial Property Related Copyright Related
2 Patents, Designs, Trademarks, GIs
IPR
IPR= Induatrial design/ trademark/patents /copyrights/geographical indication
 Exclusive rights given to person over the creation of their minds for certain periods of time
 Legal right
 Intangible potential asset
 Monopoly
 Negative rights i.e., it prevents others to use his/her creation for a definite time
3 The intellectual property rights were essentially recognized and accepted all over the world due to
some very important reasons.
 To provide an incentive to individuals for new creations
PRPERTY RIGHTS (IPRs)
 To accord due recognition to the creators and inventors
 To ensure material reward for intellectual property
 To make available genuine and original products.
4 Patents:
 Inventions (Products, Processes, Materials, Compositions)
 Technical Solution to a Technical problem
Industrial Designs:
 External features appealing to the eye
 New Shape, Pattern or Configuration
Trade Marks:
 A visual symbol such as a Word, Name, Logo, Label, Monogram, Slogan etc.
 Applied on Article of Manufacture or Service
 Indicates the origin of goods and services
5 Copyrights:
 Artistic, literary, musical and dramatic creations
 Proprietary right
 Comes into existence as soon as the work is created

6
Geographical Indications (GIs):
VARIOUS KINDS OF IPRS
 Identifies agricultural, natural or manufactured goods originating from a definite territory in India
 Possessing special quality or reputation based upon unique characteristics of the geographical
location
Sr IPR Maximum Renewal Act/Rule
No. Protection
1 Patent 20 Yrs The Patents Act,1970
Amended in 2005
2 Trade Mark Life long After 10yrs The Trade Marks Act, 1999
Amended in 2010
3 Design 15 Yrs After 10 The Designs Act, 2000 &
years for Designs (Amendment)
next 5 years Rules, 2014

4 Copyright 60 years Not required The Copyright Act, 1957

Amended in 2012
5 Geographical Life long After 10 Yrs The Geographical
Indication(GI) Indications of Goods
(Registration and Protection)
Act, 1999

*Patents will cease and be transferred to public domain if Patents are not renewed within 6 month of
expiry of concerned year by paying renewal fee.

 The logo Coca-Cola is an example for TRADE MARK.

 Shape of the bottle – an INDUSTRIAL DESIGN.
 PATENT may have been obtained in respect of bottling equipment.
 COPYRIGHT – in respect of the text, database or artistic work appearing on its website.
i.e., A single product can be protected by more than one IPR.
 It is the exclusive right of inventor to prevent others from possessing, using, selling, manufacturing
and importing the patented invention or offering to do any of these with in a definite geographical
area.
 Patents have territorial jurisdiction i.e., we have to register the patents in all countries where we
have our interests.
 Patent application can be filed online in India by inventor or his assignee on www.ipindia.nic.in
16 Patent is an exclusive monopoly right:
 Granted by Government of India
 For an Invention
 To the Inventor or his Assignee
 As a Territorial Right
 In lieu of Disclosure of invention to the Government
 Term of Patent: 20 years from date of filing
PATENT ACT & RULES
 In India, Patent rights are governed by the Patents Act, 1970. At present 3rd amendment of Act
known as the Patent (Amendment) Act, 2005 is in force.

7
 For application of Patents Act, rules are made by the Government, which are known as “Patent
Rules, 2003”, as of now Patent (Amendment) Rule, 2006 and further updated in Sept’2015 are in force.
 For better understanding of Act & Rules, “Draft Manual of Patent Practice & Procedure (MPPP),
2008” is made by the patent office.
 There are 4 patent offices in India having work distribution according to their geographical
location viz. Kolkata, Delhi, Mumbai & Chennai
Criteria of Patentability:
 Novelty
 Inventive step or it must be non-obvious
 Capable of industrial application
 Not fall within the provision of section 3 & 4 of the Patents Act 1970
Patents Act 1970:
 Section3: List which are not inventions
 Frivolous or obvious
 Contrary to well established natural laws
 Injurious to Public Health
 Mere arrangement or re-arrangement,
 Discovery of Scientific principle
 Discovery of living thing or non-living substances in nature
 Method of agriculture or horticulture
 A mathematical or business method or a computer program
 Section4: Not-patentable: Atomic Energy related
Ornamental or aesthetic aspect of a useful article of industry.
 Aspect that gives special appearance
 Aspect which differentiates from current products
Only the aesthetic/visual form of a product
 not the Technical (Patents)
 nor Distinguishing Features (Trade Marks)
The ornamental or aesthetic aspects of an article consist of:
 Three dimensional features, such as the shape, surface or
texture of an article or
 Two dimensional features, such as patterns, lines or colours.
Design makes the product attractive and appealing to the consumers and adds to its commercial
value for that reason.
20 Exclusive right against unauthorized copying
 Protection normally lasts for an initial ten years, after which it can usually be renewed for, in most
cases, up to 15 years.
 Generally “Brand” or “Logo”
 A visual symbol which may be word signature, name, device, label, numerals or combination of
colors used by one undertaking on goods or services or other articles of commerce to distinguish it
from other similar goods or services originating from a different undertaking
 Any Name which is not unusual for trade to adopt as mark
 Device or Symbol or Monogram
 Shape of goods or their packing
 Combination of colors or even a single color in combination with word or device
22  COPYRIGHT
Copyright is a legal term describing rights given to creators for their literary and artistic works

8
 The works covered by Copyright include :
 literary works such as novels, poems, plays, reference works, newspapers and articles
 computer programs and databases
 films, musical compositions, dance & theatrical productions
 artistic works such as paintings, drawings, photographs and sculptures
 architecture, advertisements, maps, technical drawings and manuals.
 Copyright comes into existence as soon as the work is created and protects skill & labour employed
by the creator in production of his work.
GEOGRAPHICAL INDICATIONS
24  GIs identify agricultural, natural or manufactured goods associated with a
territory/region/locality. GI gives protection to the group of people or associations involved in the
production of the product using traditional skills and knowledge
 The manufactured goods should be produced or processed or prepared in that territory. This gives
a special quality to the product due to geographical/climatic environment, reputation, specific
manufacturing/farming skills, traditions and other characteristics attributable to origin.
 It consists of the name of the place of origin & originates from a definite geographical territory.
 Darjeeling Tea, Kancheepuram Saree, Kolhapuri Chappals, Tirupati Laddu, Nagpur Orange etc.

Cryptography is technique of securing information and communications through use of codes so

that only those person for whom the information is intended can understand it and process it. Thus
preventing unauthorized access to information. The prefix “crypt” means “hidden” and suffix
graphy means “writing”.
In Cryptography the techniques which are use to protect information are obtained from
mathematical concepts and a set of rule based calculations known as algorithms to convert
messages in ways that make it hard to decode it. These algorithms are used for cryptographic key
generation, digital signing, verification to protect data privacy, web browsing on internet and to
protect confidential transactions such as credit card and debit card transactions.

9
Techniques used For Cryptography:
In today’s age of computers cryptography is often associated with the process where an ordinary
plain text is converted to cipher text which is the text made such that intended receiver of the text
can only decode it and hence this process is known as encryption. The process of conversion of
cipher text to plain text this is known as decryption.
Features Of Cryptography are as follows:
1. Confidentiality:
Information can only be accessed by the person for whom it is intended and no other person
except him can access it.
2. Integrity:
Information cannot be modified in storage or transition between sender and intended receiver
without any addition to information being detected.
3. Non-repudiation:
The creator/sender of information cannot deny his or her intention to send information at later
stage.
4. Authentication:
The identities of sender and receiver are confirmed. As well as destination/origin of information
is confirmed.
Types Of Cryptography:
In general there are three types Of cryptography:
1. Symmetric Key Cryptography:
It is an encryption system where the sender and receiver of message use a single common key to
encrypt and decrypt messages. Symmetric Key Systems are faster and simpler but the problem
is that sender and receiver have to somehow exchange key in a secure manner. The most
popular symmetric key cryptography system is Data Encryption System(DES).
2. Hash Functions:
There is no usage of any key in this algorithm. A hash value with fixed length is calculated as
per the plain text which makes it impossible for contents of plain text to be recovered. Many
operating systems use hash functions to encrypt passwords.
3. Asymmetric Key Cryptography:
Under this system a pair of keys is used to encrypt and decrypt information. A public key is
used for encryption and a private key is used for decryption. Public key and Private Key are
different. Even if the public key is known by everyone the intended receiver can only decode it
because he alone knows the private key.

E-governance offers vital opportunities to employ electronic means to push sensible

governance. It applies data technology to government processes and functions to attain easy,
ethical, accountable, and clear governance. This includes the dissemination of data, and quick
and effective communication.
With the formation of a lot of comprehensive and multi-stakeholder approaches, e-governance
continues to incorporate electronic interactions, particularly interactions from government and
non-governmental organizations.
Benefits of e-Governance
Following are some of the benefits of applying e-Governance −
Reduced corruption
High transparency
Increased convenience Growth of GDP
10
Direct involvement of components
Reduction of total costs
Participating in the scope of the Government of e-overnight, the government plans to increase
the reporting and quality of information and services to the general public in a simple,
economical and effective way. The process is extremely complicated, requiring the correct
arrangement of hardware, software, networks, and indeed a deduction of all processes to
facilitate better delivery of services.
E-governance is possible only when the government is ready for it. This is not a one-day task, so
the government needs to make plans and implement them. Some of the activities include
investments in telecommunications infrastructure, budget resources, security, monitoring
assessments, internet connection speed, raising public awareness, support from all ministries
and government agencies, etc.
Types of Interaction in e-Governance
G2G (Government to Government) − When the information and services are exchanged on the
periphery of a government, it is called G2G interoperability.
G2C (Government to Citizen) − The interaction between government and the general public is
the G2C interaction. It establishes an interface between government and citizens that allows
citizens to access a wide range of government services. Citizens are free to share their views and
complaints about government policy anytime, anywhere.
G2B (Government to Business) − In such cases, e-government helps the business to
communicate with the government effortlessly. It aims to eliminate red printing, save time and
money, and make the business environment transparent when interacting with the government.
G2E (Government to Employees) − The government of each country is the largest employer, so
it cooperates with employees as regularly as other employers. Information and communication
technologies help the government to interact quickly and efficiently with workers and increase
their satisfaction with additional benefits and benefit

A digital signature : is a mathematical technique used to validate the authenticity and

integrity of a message, software or digital document. It's the digital equivalent of a handwritten
signature or stamped seal, but it offers far more inherent security.
A digital signature is intended to solve the problem of tampering in digital communications.
Digital signatures can provide evidence of origin, identity and status of electronic documents,
transactions or digital messages. Signers can also use them to acknowledge informed consent.
How do digital signatures work?
Digital signatures are based on public key cryptography, also known as asymmetric cryptography.
Using a public key algorithm, such as RSA (Rivest-Shamir-Adleman), two keys are generated,
creating a mathematically linked pair of keys, one private and one public.
The individual who creates the digital signature uses a private key to encrypt signature-related
data, while the only way to decrypt that data is with the signer's public key.
If the recipient can't open the document with the signer's public key, that's a sign there's a
problem with the document or the signature. This is how digital signatures are authenticated.
What are the benefits of digital signatures?
Security is the main benefit of digital signatures. Security capabilities embedded in digital
signatures ensure a document is not altered and signatures are legitimate. Security features and
methods used in digital signatures include the following:

11
Personal identification numbers (PINs), passwords and codes. Used to authenticate and verify
a signer's identity and approve their signature. Asymmetric cryptography. Employs a public
key algorithm that includes private and public key encryption and authentication.
Certificate authority (CA) validation. CAs issue digital signatures and act as trusted third
parties by accepting, authenticating, issuing and maintaining digital certificates. The use of CAs
helps avoid the creation of fake digital certificates.
Other benefits to using digital signatures include the following:
Timestamping. By providing the data and time of a digital signature, timestamping is useful
when timing is critical, such as for stock trades, lottery ticket issuance and legal proceedings.
Globally accepted and legally compliant. The public key infrastructure (PKI) standard ensures
vendor-generated keys are made and stored securely. Because of the international standard, a
growing number of countries are accepting digital signatures as legally binding.
Time savings. Digital signatures simplify the time-consuming processes of physical document
signing, storage and exchange, enabling businesses to quickly access and sign documents.
Cost savings. Organizations can go paperless and save money previously spent on the physical
resources and on the time, personnel and office space used to manage and transport them.
Traceability. Digital signatures create an audit trail that makes internal record-keeping easier
for business. With everything recorded and stored digitally, there are fewer opportunities for a
manual signee or record-keeper to make a mistake or misplace something.
Classes and types of digital signatures
There are three different classes of digital signature certificates (DSCs):
Class 1. Cannot be used for legal business documents as they are validated based only on an
email ID and username. Class 1 signatures provide a basic level of security and are used in
environments with a low risk of data compromise.
Class 2. Often used for electronic filing (e-filing) of tax documents, including income tax returns
and goods and services tax (GST) returns. Class 2 digital signatures authenticate a signer's
identity against a pre-verified database. Class 2 digital signatures are used in environments
where the risks and consequences of data compromise are moderate.
Class 3. The highest level of digital signatures, Class 3 signatures require a person or
organization to present in front of a certifying authority to prove their identity before signing.
Class 3 digital signatures are used for e-auctions, e-tendering, e-ticketing, court filings and in
other environments where threats to data or the consequences of a security failure are high.
Why use PKI or PGP with digital signatures?
Digital signatures use the PKI standard and the Pretty Good Privacy (PGP) encryption program
because both reduce potential security issues that come with transmitting public keys. They
validate that the sender's public key belongs to that individual and verify the sender's identity.
PKI is a framework for services that generate, distribute, control and account for public key
certificates.
PGP is a variation of the PKI standard that uses symmetric key and public key cryptography,
but it differs in how it binds public keys to user identities.
PKI uses CAs to validate and bind a user identity with a digital certificate, whereas PGP uses a
web of trust. Users of PGP choose who they trust and which identities get vetted.

Role and functions of certifying authorities:

1. NIC ( national informatics centre)
2. IRDBT ( reserve bank centre for research and development in banking technology)
3. SafeScrypt

12
 4. Ncode solutions
5. E-mudra
6. CDAC
7. NSDL
8. Capricon
9. Pantasign
10. Idsign
11. Verasys
12. Xtrust

Sections 17 to 34 of Chapter VI of the Act provide for the Controller of Certifying Authorities (CCA)
to license and regulate the working of Certifying Authorities (CAs). CCA also ensures that none of
the provisions of the Act are violated.
The regulation of certifying authorities or electronic signature infrastructure in India consists of :

Controller of Certifying Authority (CCA). The IT Act, 2000 provides for an appointment, functions,
powers, duties of CCA and other officers.
Certifying Authorities (CAs). A certifying authority is a trusted third party or entity that will get
license from the controller and will issue electronic signature certificate to the users of e-commerce.
Appointment of Controller and Other Officers
Section 17 provides that the Central Government may appoint a Controller of Certifying
Authorities for the purposes of this Act.
Functions of CCA (Secs. 18-25)
To act as regulator of certifying authorities (Sec. 18). The main functions of the controller are to
regulate the working of certifying authorities.
To exercise supervision over the activities of CAs;
To certify public keys of CAs;
To lay down the standards to be maintained by CAs;
To specify the qualifications and experience for employee of CAs;
To specify the conditions for conducting business by CAs;
To specify the terms and conditions for appointment of auditors and their remuneration;
To facilitate the establishment of any electronic system as well as regulation of such system;
To specify the manner of conducting dealings by CAs with the subscribers;
To resolve any conflict of interest between CAs and the subscribers;
To lay down the duties of CAs;
1. To maintain database for every CA
2. To recognise the foreign certifying authority (Sec. 19). 
3. To grant licence to CAs to issue electronic signature certificate (Sec. 21). The controller can
grant a licence to any person to issue electronic signature certificate provided he applies and
fulfils such requirements with respect to qualification, expertise, manpower, financial
resources and other infrastructure facilities which are necessary for the issue of Electronic
Signature Certificate
4. To suspend licence (Sec. 25). The controller may suspend licence if he is satisfied after
making an enquiry that CA has:
5. made a statement which is incorrect or false in material particulars in or relation to the
application for the issue or renewal of licence.
6. failed to comply with terms and conditions necessary for granting of licence.

13
 7. failed to maintain standards specified in Sec. 30.
8. contravened any provisions of the Act, rule, regulation or order made thereunder.
9. The notice of suspension or revocation may be published in the database maintained by the
controller (Sec. 26).

Signature certificates : Class I, Class II and Class III and each having different level of security.
Purpose of Digital Signature Certificate
A digital signature is deemed to be one of the strongest tools for cyber security. It serves the
following purposes:
1. It verifies the authenticity of the originator after any electronic message has been created.
2. A digital message cannot be modified, altered or tempered with and any change to the
content will render the signature invalid. Hence, it ensures integrity and confidentiality of
the content.
3. Digital Signature Certificates are legally admissible in a court of law as per the provisions of
the IT Act and hence it serves as an evidence under the law and signor cannot repudiate his
act subsequently.
4. Contents of Digital Signature Certificate (Rule 7)
5. A digital signature certificate includes the following :
6. Owner’s name, organisation and location ;
7. Issuer’s name, organisation and location ;
8. Date of issue and period of validity ;
9. Serial number of the certificate ;
10. Signature algorithm identifier which identifies the algorithm used by CA to sign DSC ;
11. Public key of the owner ;
12. Date of expiry ;
13. The issuer’s public key and the digital signature.
14. Procedures Relating to Electronic Signature Certificate (Secs. 35 – 39)

Duties of Certifying Authority (Secs. 30 – 34)

1. To follow certain procedures regarding security system (Sec. 30). 
2. It must : make use of hardware, software, and procedures that are secure from intrusion and
misuse ; provide a reasonable level of reliable services ; adhere to security procedures to
ensure the secrecy and privacy of electronic signatures ;be the repository of all Electronic
Signature Certificates ; publish information regarding its practices, Electronic Signature
Certificates and current status of such certificates ; and observe the specified standards.

3. The above stated security procedures must ensure the achievement of 4 objectives of a
security system : Confidentiality, accessibility of information, consistency of information and
authorized use of resources.
4. To ensure compliance of the Act (Sec. 31). The certifying authority must ensure that every
person employed or engaged by it complies with the provisions of the Act, rules, regulations
or order, made thereunder.
5. To display its licence (Sec. 32). The certifying authority must display its licence at a
conspicuous place in the premises in which it carries on its business.
6. To surrender its licence (Sec. 33). The certifying authority must surrender its licence to the
controller on its suspension or revocation.

14
7. To make certain disclosures (Sec. 34). The certifying authority is required to make the
following disclosures :
8. Disclosure of Electronic Signature Certificate ;
9. Disclosure of Certification Practice Statement (CPS) ;“Certificate Practice Statement” means
a statement issued by a certifying authority to specify the practices that the certifying
authority employs in issuing electronic signature certificates [Sec. 2(1)(k)]
Disclosure of notice of revocation and suspension of Certificates of Certifying Authority ;
10. Disclosure of adverse effects to affected person [Sec. 34(2)]. The authority is bound to
disclose to affected person about any event which may materially and adversely affect the
integrity of the computer system or the conditions under which electronic signature
certificate was granted.

Cyber Crimes & IT Act 2000

What is Cyberspace?
The world of connected computers and networks in which we today survive is simply
termed as cyberspace
What are Cybercrimes ?
‘’Cyber crimes are unlawful activities or Crimes , where Computers and now a days Mobiles
are heavily used for committing crimes”
‘’Cyber crimes are unlawful activities or Crimes , where Computers are used as a
weapon/tool or Target or sometimes both’’
Cyber forensic is the branch of computer science which deals with Collection of evidence ,
Analysis of evidence and Presentation of Forensically sound evidesnce in the court of LAW .
To study Types of Cyber Crimes we need to focus on following points?
Nature of crime
Target or possible victims
Culprits profile
Modus-operandi
Precautionary measures that can be implemented
Case Study or example
1. Hacking : To take complete control.
Hacking email id : Misuse mail id/ fake mails/threatening mails/ email terrorism

15
 Social networking profile : Upload /download images , send unwanted scraps , update
unwanted information , send friend requests etc (leading to Defacement/ Defamation)
Mail server : Risk of leaking confidential mails /information ( Leading to crimes like email
bombing/email flooding /possible try for DOS and a high risk of Virus dissemination )
Web server/ Corporate Industrial servers/Government Server : Website at risk (leading to
web Defacement /Espionage/publishing Unwanted /unrealistic Information putting the
Organizations reputation at stake ……)
2. Stealing data or Information .
Do not be judgmental regarding the importance of any Information .
3. Stealing Source code (software)
4. Stealing data for Net extortion (Medical or Corporate) Leaking Information for monetary
gains
Precautions : Restrict use of personal mails / scan Every mail /restrict the use of pen drives
or card readers/Install USB Blockers
5. Identity theft : Impersonating somebody else on Social Networking websites / emails
6. Defacement :- Spoiling image of a person by altering image and uploading (CEDT Case)
7. Defamation : Spreading rumors that can hamper some bodies reputation
8. Cyber Stalking : Posting or revealing Sensitive information in chat rooms/discussion
forums/message bulletins /email that could cause serious embarrassment
9. Pornography : Distributing porn images /uploading/downloading and Distributing Sexual
videos/ viewing Porn films in Public or on Mobile phones leads to
Dissatisfaction
Unreal expectations
portrays that sex with anybody anywhere is Ok like bestiality
Leads to desensitization
Against social norms leading to crimes like sexual assault, rape, etc
10. Paedophile : are middle aged psycho maniacs who are sexually attracted towards children ,
they usually come in contact with children through social networking websites or chat
rooms.
Many a times kids fall prey to such activities and loose their self morale.
Precaution : Monitoring children’s browsing or surfing activities.
Can use Parental firewall software.
11. Denial of service attack : Bringing down networks/Servers/System by hacking or virus
dissemination and prohibiting them to perform the desired service .
12. Software /Music/Movie/Books piracy : Leads to violation of IPR and hampers economic
gains of the Creators/Writers
13. Whatsapp crime : Misusing smartphone messenger app like whatsapp for spreading rumors
and controversial remarks on caste/Religion /sex etc
14. Email Spoofing : senders email address is altered so as to make it look like the mail
originated from a genuine source
15. Salami attack : insertion of a programming code into the source of the banking software
which results in debiting small amount from each account and crediting it to a Single
Account.
16. Ransom ware : is a type of malicious software from crypto virology that threatens to publish
the victim's data or Continuously block access to it unless a ransom is paid.

16
17. Credit-card or online banking fraud : collecting Information of customers bank accounts
and passwords via social engineering or by using key loggers in Internet café (updating
KYC or card is expiring)
Precaution : Avoid doing online transactions from Café’s or Public PC.
Keep your bank accounts details strictly confidential.
18. Online gambling : Online Gambling is banned in India.
Credit card details are often misused in online gambling
19. Sale of narcotics/illegal Stuff : many users misuse Social networking sites to sell items
barred by LAW. Social networking sites are often used as platforms for invitations to
prohibited rave parties.
20. Lottery : receiving emails/messages stating that your email ID has won lottery and
requesting to deposit a certain amount for claiming the Prize.
21. Phishing : An duplicate of genuine webpage is created and is used to gain user information
which can be misused in future.
22. Pharming: is Navigating user to other pages rather than to the page he/she desired.
Precaution : while performing banking always check the website shows HTTPS: rather than
http:
Banking website navigate from one page to another and never gives pop-ups
IT ACT 2000
An Act to provide legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to as
"electronic commerce", which involve the use of alternatives to paper-based methods of
communication and storage of information, to facilitate electronic filing of documents with
the Government agencies and further to amend the Indian Penal Code, the Indian Evidence
Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934
and for matters connected therewith or incidental thereto.
Citation Act No 21 of 2000
Date enacted 9 June 2000
Date assented to 9 June 2000
Date signed 9 May 2000
Date commenced 17 October 2000
Commission of cyber crime may be divided into three basic groups:
Individual, Organization, Society at Large
Against Individual
Harassment via Emails
Cyber Stalking
Dissemination of obscene material
Defamation
Hacking/Cracking
Indecent Exposure
Individual Property
Computer Vandalism
Transmit timing a Virus
Unauthorized Control over Computer System
Hacking/Cracking
Against Organization
Hacking & Cracking

17
Possession of unauthorized Information
Cyber- Terrorism against Government Organization
Distribution of Pirated Software Etc
Against Society at Large
Pornography
Polluting the youth through indecent exposure
Trafficking
The Act also amended various sections of Indian Penal Code, 1860, Indian Evidence Act, 1872,
Banker's Book Evidence Act, 1891, and Reserve Bank of India Act, 1934 to make them compliant
with new technologies. [3]
IT Act 2000 Objectives
Legal Recognition for E-Commerce
Digital Signatures and Regulatory Regime (ruling government) Electronic Documents at par
with paper documents
E-Governance
Electronic Filing of Documents
Police play limited role in moral wrong and civil wrong but plays a important role in legal
wrong
Offences are cognizable and non-cognizable
Civil Wrongs under IT Act
Chapter IX of IT Act, Section 43
 Whoever without permission of owner of the computer Secures access
 Not necessarily through a network Downloads, copies, extracts any data ,
 Introduces or causes to be introduced any viruses or contaminant Damages or causes
to be damaged any computer resource Destroy, alter, delete, add, modify or rearrange
Change the format of a file Disrupts or causes disruption of any computer resource
 Preventing normal continuance of Denies or causes denial of access by any means
Denial of service attacks
 Assisting any person to do any thing above Rogue Websites, Search Engines, Insiders
providing vulnerabilities , tampering or manipulating any computer resource Credit
card frauds, Internet time thefts Liable to pay damages not exceeding one crore to the
affected party
Section 65: Source Code
Most important asset of software companies
“Computer Source Code" means the listing of programmes, computer commands, design
and layout Ingredients , without Knowledge or intention Concealment, destruction,
alteration
computer source code required to be kept or maintained by law
Punishment : imprisonment up to three years, and / or fine up to Rs 2 lakh
Section 66: Hacking
Intention or Knowledge to cause wrongful loss or damage to the public or any person
Destruction, deletion, alteration, diminishing value or utility or injuriously affecting
information residing in a computer resource
Punishment imprisonment up to three years, and / or fine up to Rs 2 lakh Cognizable, Non
Bailable, JMFC
Covers crime like Trojan , virus, worms attacks , salami attack , logic bombs, internet time
theft and analysis of electromagnetic waves generated by computers
18
Sec. 67. Pornography
Publishing or transmitting or causing to be published in the electronic form, Obscene
material or pornographic material
Punishment On first conviction : imprisonment of either description up to five years and fine
up to Rs 1 lakh, On subsequent conviction : imprisonment of either description up to ten
years and fine up to Rs 2 lakh
Section covers: Internet Service Providers, Pornographic websites, Internet cafes
Sec 69: Decryption of information
Controller issues order to Government agency to intercept any information transmitted
through any computer resource.
Order is issued in the interest of the sovereignty or integrity of India, the security of the
State, friendly relations with foreign States, public order or preventing incitement for
commission of a cognizable offence Person in charge of the computer resource fails to extend
all facilities and technical assistance to decrypt the information.
Applicable to Email messages (If encrypted), Encrypted messages , Steganographic images,
Password protected files (?)
Sec 70 Protected System
Securing unauthorised access or attempting to secure unauthorised access to ‘protected
system’ Acts covered by this section:
Switching computer on / off , Using installed software / hardware Installing software /
hardware , Port scanning
Punishment: Imprisonment up to 10 years and fine
But Cyber crimes do not come under IT Act 2000 many cybercrimes come under IPC
(Indian Penal code)
23. Sr. 24. Types of crime 25. Section of IPC
No

26. 1 27. Sending threatening email 28. Sec 503 IPC

29. 2 30. Sending defamatory email 31. Sec 499 IPC

32. 3 33. Forgery of electronic record 34. Sec 463 IPC

35. 4 36. Bogus websites or cyber frauds 37. Sec 420 IPC

38. 5 39. Email spoofing 40. Sec 463 IPC

41. 6 42. Web jacking (phising or 43. Sec 383 IPC

pharming)
44. 7 45. Online sale of drugs 46. NDPS Act

47. 8 48. Online sale of Arms 49. Arms Act

NDPS Act 1985: Narcotic drugs and psychotropic substances

Arms Act 1959: covers illegal weapons and violence using illegal Arms and Ammunition
Systematic Investigation
A good investigation need network forensic, hardware forensic and software forensic.
19
 The general approach to investigating the technical aspects of any computer related crime is:
Eliminate the obvious.
Hypothesize the attack.
Collect evidence, including, possibly, the computer themselves.
Reconstruct the crime.
Perform a trace back to the source computer.
Analyze the source, target, and intermediate computer.
Turn your finding and evidentiary material over corporate investigators or law enforcement
for follow-up.
Preventive measure
1. Use updated anti-virus software and firewalls
2. Use genuine Operating system and update with critical security patches
3. DO NOT open emails or attachments from unknown sources
4. Use hard-to-guess and alphanumeric passwords. Remember that password cracking tools
exist!
5. Change your passwords on weekly basis and do not keep same passwords for different
accounts.
6. Back-up your computer data on disks or external Hard disk regularly.
7. Do not share your computers with strangers
8. Always password protect your Wi-Fi network
9. Disconnect from the Internet when not in use
10. Avoid using torrents for downloading .
11. Ask system admin to create fresh id and password while joining new jobs

Section Offence Penalty

Imprisonment up to three years, or/and with fine up

65 Tampering with computer source documents
to ₹200,000

Imprisonment up to three years, or/and with fine up

66 Hacking with computer system
to ₹500,000

Imprisonment up to three years, or/and with fine up

66B Receiving stolen computer or communication device
to ₹100,000

Imprisonment up to three years, or/and with fine up

66C Using password of another person
to ₹100,000

Imprisonment up to three years, or/and with fine up

66D Cheating using computer resource
to ₹100,000

66E Publishing private images of others Imprisonment up to three years, or/and with fine up

20
 to ₹200,000

66F Acts of cyberterrorism Imprisonment up to life.

Imprisonment up to five years, or/and with fine up

67 Publishing information which is obscene in electronic form.
to ₹1,000,000

Imprisonment up to seven years, or/and with fine up

67A Publishing images containing sexual acts
to ₹1,000,000

67C Failure to maintain records Imprisonment up to three years, or/and with fine.

Imprisonment up to 2 years, or/and with fine up

68 Failure/refusal to comply with orders
to ₹100,000

69 Failure/refusal to decrypt data Imprisonment up to seven years and possible fine.

Securing access or attempting to secure access to a protected

70 Imprisonment up to ten years, or/and with fine.
system

Imprisonment up to 2 years, or/and with fine up

71 Misrepresentation
to ₹100,000

Imprisonment up to 2 years, or/and with fine up

72 Breach of confidentiality and privacy
to ₹100,000

Imprisonment up to 3 years, or/and with fine up

72A Disclosure of information in breach of lawful contract
to ₹500,000

Publishing electronic signature certificate false in certain Imprisonment up to 2 years, or/and with fine up
73
particulars to ₹100,000

Imprisonment up to 2 years, or/and with fine up

74 Publication for fraudulent purpose
to ₹100,000

Issues in E-business management:

21
Cross-border Ecommerce
Identity Management
Jurisdiction
Privacy and Data Protection
Taxation
Contract
Intellectual Property Rights
Online Advertisement
Consumer Protection
Liability
Legal issues in Ecommerce

The United Nations Commission on International Trade Law

Major issues in Cyber evidence management: DEMS: digital evidence management system
What to collect and how to collect? (RAM DATA)
Don’t access image file and video?
Collect secondary storage devices with proper tagging
Collect mobile devices with proper care
Information Technology revolution has changed the way the world lives. Electronic gadgets and
devices exist in our society in myriad forms. Along with this development the amount of criminal
activities associated with electronic devices also started increasing. Every crime has an electronic
component associated with it. The investigation and analysis of these will be very pivotal in modern
crime investigations. So, investigators have to deal with large volumes of digital devices as material
evidence. These digital evidences have to undergo analysis and sometimes to be shared with external
agencies for detailed analysis. Maintaining chain of custody and managing the life cycle of evidence
is extremely difficult in such situations. The DEMS is mainly targeted for law enforcement agencies
and analysis labs for managing large volumes of digital evidence including the chain of custody.
Provision to include additional dynamic fields to capture all details of Cases and Evidences
DEMS provides:
Provision to securely upload all forms digital images belonging to hard disk, image files, audio files,
video files, Call Data Records (CDR) and mobile phones
Provide secure access to all digital images for authorized users
Extensive search and filter capabilities for Cases and Evidences
Multiple levels of authorization for users
Comprehensive analysis and reporting
Amendment to Cyber Law 2008 : A major amendment was made in 2008. It introduced Section 66A
which penalized sending "offensive messages". It also introduced Section 69, which gave authorities
22
the power of "interception or monitoring or decryption of any information through any computer
resource". Additionally, it introduced provisions addressing - pornography, child porn, cyber
terrorism and voyeurism. The amendment was passed on 22 December 2008 without any debate in
Lok Sabha.
Any person who sends by any means of a computer
resource any information that is grossly offensive or
Publishing
has a menacing character; or any information which he Imprisonment up
66 offensive, false or
knows to be false, but for the purpose of causing to three years,
A threatening
annoyance, inconvenience, danger, obstruction, insult with fine.
information
shall be punishable with imprisonment for a term
which may extend to three years and with fine.
Section 69A: On 29 June 2020, the Indian Government banned 59 Chinese mobile apps, most
notably TikTok, supported by Section 69A and citing national security interests. On 24 November
2020, another 43 Chinese mobile apps were banned supported by the same reasoning, most
notably AliExpress.
54 more apps including popular video game Free Fire were banned on 14 February 2022 under the
same section.
Section 69A and banning of mobile apps: The bans on Chinese apps based on Section 69A has been
criticized for possibly being in conflict with Article 19(1)(a) of the Constitution of India ensuring
freedom of speech and expression to all, as well as possibly in conflict with WTO agreements.
The Internet Freedom Foundation has criticized the ban for not following the required protocols and
thus lacking transparency and disclosure.
Banning internet services in particular states on in situations

23