Manoranjan 0659_manoranjan 1. Briefly examine the Aims and Objectives of the Information Technology Act, 2000?

Also examine the classification of Cyber Crimes into Cyber Contraventions and Cyber Offences under the Act? Indian legislature had enacted the Information Technology Act of 2000 in the background of the Model Law on Electronic Commerce adopted by the United Nations Commission on Trade Law, which is based on an analysis of the purposes and functions of the traditional paper-based requirement with a view to determine how those purposes or functions could be fulfilled through electronic-commerce techniques. The idea is that the adoption of the functionalequivalent approach should not result in imposing on users of electronic commerce more stringent standards of security and the related costs than in a paper-based environment. Government of India had enacted the Indias first ever information technology legislation soon after its adoption by the UN General Assembly for two reasons: (a) To facilitate to the development of a secure regulatory environment for ecommerce by providing a legal infrastructure to govern electronic contracts, authenticity and integrity of electronic transactions, the use of digital signatures and other issues related to electronic commerce; and (b) to showcase Indias growing IT knowledgebase and the role of Government in safeguarding and promoting IT sector. By virtue of the preamble of the Information Technology Act, 2000 it is an Act to provide legal recognition for transactions carried out by means of electronic communication, commonly referred to as electronic commerce which involves the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies. The Act also aims to ensure that it have an international perspective as advocated by the said Model Law. The Act is applicable to the whole of India, including the State of Jammu and Kashmir. The Act was amended, for the first time in 2006 and later in 2008. The Information Technology Act, 2000 acts as, (a) a facilitating Act, (b) an enabling Act, and (c) a regulating Act.

IT Act as a facilitating Act: The Information Technology Act, 2000 is said to be acting as a facilitating Act because it facilitates both ecommerce and e-governance. The amendment Acts of 2006 and 2008, has widened the scope of the parent Act, by bringing into its purview, even the intangibles. The Act is a proactive piece of legislation which unfolds various aspects of information technology, which has promoted the efficient delivery of Government services through e-governance, by giving validity to electronic records. The Chapter III of the Act is devoted to e-governance and e-governance practices. The Sections 4 to 10, of the Act deals with egovernance issues, which form the basic law related to electronic governance rights, which have been conferred to the persons and the Governments, i.e., both Central and State Governments. The Sections 10A to 14 of the Act deals with formation, validity and other necessities of a contract, including the communication of proposals, the acceptance of proposals, the revocation of proposals and acceptances, expressed in electronic form or by means of an electronic record. These sections from 10A to 13 were included by 2006 Amendment Act.
(a) (b)IT

Act as an enabling Act: The Act provides for Digital signatures (The term digital signature has been replaced with electronic signature to make the Act more technology neutral by the 2008 amendment Act), under Chapter III, which may be considered functional equivalent to physical world signatures capable of meeting all the fundamental requirements, like authenticity of the sender, message integrity and non-repudiation for making the electronic records legally binding. Thus the Information Technology Act, 2000 acts as an enabling Act. Act as a regulating Act: By providing the provisions to prosecute the cyber crime offenders, the Act functions as a regulating Act. The Act demarcates the cyber contraventions from cyber offences and provides separate redressal mechanisms for both. The Sections 63 & 64 of the IT Act, 2000(as amended by amendment Acts of 2006 & 2008) deals with the cyber contraventions. The Sections 65 to 67C of the Act deals with the cyber offences. The Act also seeks to fight terrorism. In view of the increasing threat of terrorism in the country, the 2008 Amendment to the Act has included an amended Section 69 giving power to the state to issue directions for interception or monitoring of decryption of any information through any

(c) IT

computer resource. Further, Sections 69 A and B, two new sections, grant power to the state to issue directions for blocking for public access of any information through any computer resource and to authorize to monitor and collect traffic data or information through any computer resource for cyber security. The Act also aims to protect the copyrights of a person. The proviso added to Section 81 of the Act, states that nothing contained in the Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957. Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime. Cyber crimes involve both cyber contraventions and cyber offences. The Act not only demarcates contraventions from offences, but also provides a separate redressal mechanism for both. Cyber contraventions, under the IT Act, deals primarily with unauthorized access to computer, computer system or computer network. Whereas, the cyber offences deal with computer, computer system or computer network related serious offences. S. 43 (a) to (h) of the IT Act deals with the cyber contraventions. By virtue of S. 43, if any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network (a) accesses or secures access to such computer, computer system or computer network or computer resource; (b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium; (c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network; (d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;

(e) disrupts or causes disruption of any computer, computer system or computer network; (f) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means; (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder; (h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network, shall amount to cyber contraventions under the Act. Judicial proceedings relating to the cyber contraventions are conducted before the Adjudicating Officer. In the case of cyber offences the judicial proceedings are to be held before the appropriate Court as per the nature of offence, whether cognizable or non-cognizable. Decisions in both cyber offences and contraventions are appealable. The power to investigate any contravention lies with the Adjudicating Officer, Controller or any officer, authorized by him. Whereas, in the case of cyber offences, the investigating power is vested with a police officer, not below the rank of Deputy Superintendent of Police. The commission of the cyber contravention may result in civil prosecution whereas the commission of any of the cyber offences may result in criminal prosecution. Before the 2008 amendment Act, a person who commits a cyber contravention was liable to pay under S.43, damages by way of compensation not exceeding one crore rupees to the person so affected. By virtue of 2008 amendment, such a person shall be liable to pay damages by way of compensation to the person so affected. By virtue of S.45, any person who contravenes any rules or regulations, for the contravention of which no penalty has been separately prescribed, to pay compensation not exceeding twenty-five thousand rupees to the person affected by such contravention or penalty not exceeding twenty-five thousand rupees. A cyber offender is punishable with imprisonment term or fine or with both.

2. What are the international legal instruments relating to Cyber Crimes? Examine the scope of these International Legal Instruments regulating Cyber world. The new technologies now allow the information and communications flow more easily around the world. Along with that, criminals are increasingly being located in places other than where their acts produce their effects. However, domestic laws are generally confined to a specific territory. Thus solutions to the problems posed must be addressed by international law, necessitating the adoption of adequate international legal instruments. Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of the definition of cyber crime. The various international instruments regarding cyber crimes are, the European Convention on Cyber Crime, which came into force in June 2001, The Hague Convention on Foreign Judgments in Civil and Commercial matters of 1971, and the EC Convention on Jurisdiction and the Enforcement of Judgments in Civil and Commercial Matters. The European convention on cyber crimes was signed for pursuing a common criminal policy on cyber crimes by the Council of Europe, along with Canada, United States and Japan. The Hague convention was adopted in 1971, with the aim of establishing common provisions on mutual recognition and enforcement of judicial decisions rendered in their respective countries. The international instruments like the Hague Convention and the EC convention on jurisdiction dealt with the question of recognising a foreign judgment in a case having a foreign element and, by virtue of these instruments, it was concluded that the recognition of a judgment shall be determined by lex fori, i.e., law of the forum or court. The European Convention on Cyber Crime is the first international treaty on crimes committed via the Internet and other computer networks. The Convention has defined the offences including illegal access, illegal interception, data interference, and system interference, misuse of devices, computer-related forgery, computer-related fraud, offences related to child pornography and offences related to copyright and neighbouring rights. The chapter II of the convention prescribes the measures to be taken at the national level by the signatories, and it contains 3 sections which deal with substantive criminal law, procedural law and jurisdiction.

The first section of Chapter II, dealing with substantive criminal law, divides the cyber crimes under five categories dealt under titles 1 to 5. Title 1of the section, requires the signatories to declare, the unauthorised intentional access and interception of private transmissions of computer data , hacking, and intentional and unauthorised serious hindering of the functioning of a computer system by hacking of the computer data, the intentional and unauthorised production, sale, import, distribution or otherwise making available, a device, including a computer program, a computer password, access code, or similar data by which the whole or any part of a computer system may be accessed for committing any of the above offences, and such similar offences against the confidentiality, integrity and availability of computer data and systems, as punishable . According to title 2of the section, the parties to the convention are required to consider, computer-related offences including, intentional and unauthorized, fabrication of false evidence by modification or destruction of data in any manner and causing loss of property to another by any interference with the functioning of a computer system, or fraudulently or dishonestly procuring, an economic benefit for oneself or for another as offences. Title 3 deals with the content related offences including child pornography, and requires the member countries to declare it as an offence. Title 4 relates to the offences related to the infringement of copyrights, and title 5 requires the offences related to abetment and attempt to commit offences and corporate liability be included in the domestic laws of the parties. The Convention, under title 1 of the section 2 of the chapter dealing with procedural law requires a convention country to establish the powers and procedures for the purpose of specific criminal investigations or proceedings. Title 2 of the chapter requires the members to enact laws to preserve computer data, which are vulnerable to loss or modification. Such laws should ensure the expeditious preservation of traffic data regardless of whether one or more service providers were involved in the transmission of that communication by providing for the expeditious disclosure to the Partys competent authority or a person designated by that authority, of a sufficient amount of traffic data to enable the Party to identify the service providers and the path through which the communication was transmitted. Article 19 under title 4 requires, a convention country to empower its competent authorities to

search or access a computer system and computer-data storage medium in which computer data may be stored in its territory which are lawfully accessible from or available to the initial system. By virtue of Section 3 of the chapter, the signatories are required to enact laws establishing jurisdiction over any of the offences under the Act if it has been committed in its territory or on board a ship flying the flag of that Party or on board an aircraft registered under the laws of that Party or by one of its nationals, if the offence is punishable under criminal law where it was committed or if the offence is committed outside the territorial jurisdiction of any State. Chapter III of the convention dealing with International Co-operation mandates that the parties shall co-operate with each other, in accordance with the provisions of this chapter, through application of relevant international instruments on international co-operation in criminal matters, arrangements agreed on the basis of uniform or reciprocal legislation and domestic laws. Title 2 of the chapter makes it obligatory for the state parties to include the offence created in this Convention in their extradition treaties. Title 3 consisting of articles 25 and 26 requires the parties to assist each other for investigation and enact laws to carry out obligations set forth in articles 27 to 35. Title 4 deals with the procedures pertaining to mutual assistance requests in the absence of applicable international agreements. The section 2 of the chapter deals with the provisions regarding mutual assistance. Title 1 consists of articles 29 and 30 which allows for mutual assistance among the parties in obtaining the expeditious preservation of electronic data, and with respect to the search or similar access, seizure or similar securing, or disclosure of the data for which dual criminality shall not be a condition prerequisite. Title 2 deals with mutual assistance regarding investigative powers. Title 3 contains article 35 which requires each party to designate a point of contact having the capacity to carry out communications with the point of contact of another party on an expedited basis, available on 24 x7 basis providing immediate assistance. In October 2002, the Commonwealth Secretariat prepared the Model Law on Computer and Computer Related Crime. Within the Commonwealths 53 member countries, the Model Law has had a wide influence on domestic legislation. Through this model law, the Convention on Cybercrime has become

one of the legislative choices in substantive criminal law, covering the offences of illegal access, interfering with data, interfering with computer systems, and illegal interception of data, illegal data, and child pornography. Compared with the Convention on Cybercrime, the Model Law expanded criminal liability, so as to include reckless liability, for the offences of interfering with data, interfering with computer systems, and using illegal devices. The Model Law also covered the problem of dual criminality by stating that the act applied to an act done or an omission made by a national of a state outside its territory, if the persons conduct would also constitute an offence under a law of the country where the offence was committed. This may lead to prosecution or extradition based on dual criminality, but not extradition as it is provided in the Convention on Cybercrime. Some of the member countries of the Commonwealth have made efforts to draft domestic law according to the model law, such as Bahamas and St. Lucia. In Barbados, Belize, and Guyana, the Model Law is being considered as a guide to the enactment of similar legislation. At the Okinawa Summit, the Okinawa Charter on Global Information Society, the G-8 countries adopted the principle of international collaboration and harmonization of cybercrime. In order to maximize the social and economic benefits of the information society, the Group of Eight agreed on principles and approaches for the protection of privacy, the free flow of information, and the security of transactions. The Charter recognized that the security of the information society necessitated coordinated action and effective policy responses. The OECD (The Organization for Economic Cooperation and Development) adopted Guidelines for the Security of Information Systems and Networks in July 2002, calling on member governments to establish a heightened priority for security planning and management, and to promote a culture of security among all participants as a means of protecting information systems and networks With the advancement of technology, cyber criminals are increasingly being located in places other than where their acts produce their effects. So these crimes take place under various national jurisdictions. A country may not be able to prosecute a person within the limits of its domestic laws. Recently, an army officer was arrested in Maharashtra for uploading obscene pictures of children into a website based in Germany. When such persons are prosecuted in one country the judgment based on the lex fori must be recognised by the lex

loci delicti commissi. Here comes the significance of the international legal instruments like, The Hague Convention on Foreign Judgments in Civil and Commercial matters of 1971, and the EC Convention on Jurisdiction and the Enforcement of Judgments in Civil and Commercial Matters. The Hague convention was adopted in 1971, with the aim of establishing common provisions on mutual recognition and enforcement of judicial decisions rendered in their respective countries. The EC Convention was adopted in December 2000 with the same aim. It was signed by, the Czech Republic, the Republic of Estonia, the Republic of Cyprus, the Republic of Latvia, the Republic of Lithuania, the Republic of Hungary, the Republic of Malta, the Republic of Poland, the Republic of Slovenia and the Slovak Republic. By virtue of these conventions the Recognition of judgment is determined by the lex fori, i.e., court where the suit is filed and the principles of comity. The regulations lay down rules governing the jurisdiction of courts in civil and commercial matters. A judgment given in a Member State is to be recognised without special proceedings, unless the recognition is contested. A declaration that a foreign judgment is enforceable is to be issued following purely formal checks of the documents supplied. A judgment given in a Member State is to be recognised in the other Member States without any special procedure being required. "Judgment" means any judgment given by a court or tribunal of a Member State, whatever the judgment may be called, including a decree, order, decision or writ of execution. Under no circumstances may a foreign judgment be reviewed as to its substance. A judgment will not be recognised if: 1. such recognition is manifestly contrary to public policy in the Member State in which recognition is sought; 2. the foreign court did not have personal jurisdiction over the defendant or over the subject matter; 3. the defendant was not served with the document that instituted the proceedings in sufficient time and in such a way as to enable the defendant to arrange for his/her defence; 4. it is irreconcilable with a judgment given in a dispute between the same parties in the Member State in which recognition is sought;

5. it is irreconcilable with an earlier judgment given in another Member State or in a third state involving the same cause of action and the same parties; 6. the judgment was rendered under a system which does not provide impartial tribunals or procedures compatible with the requirements of due process of law;

7. the judgement seeks to enforce the revenue and taxation laws of a foreign jurisdiction; A court in which recognition is sought of a judgment given in another Member State may stay the proceedings, if an ordinary appeal against the judgment has been lodged. A judgment is to be enforced in another Member State when, on the application of any interested party, it has been declared enforceable there. The parties may appeal against a decision on an application for a declaration of enforceability. Thus these conventions help in tracing and prosecuting the cyber criminals without the hindrances of International Boundaries.

3. Briefly explain Cyber Crimes and narrate the different classifications of Cyber Crimes? A crime is an act or omission which is prohibited by law as injurious to public and punished by the state. Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime. Criminal activities involving a computer or a computer network as a tool, a target, or a place of such criminal activity, may be termed as a cyber crime.So a computer may be both a tool and victim in a cyber crime. According to Marc M Goodman a computer crime can be classified into three main categories
(i)

crimes where the computer is the target;

(ii)crimes where computer is the tool of the crime; and (iii) crimes where the computer is incidental.

In the first category, a perpetrator intentionally attacks an innocent partys computer. In the second category, the computer is used to commit a traditional crime in a high-tech way. The third one is where a computer is mere incidental; in the sense the perpetrator might have committed the crime even if there was no computer. The computer is used as a tool in financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may be a target for unlawful acts like unauthorized access to computer or computer networks, theft of information contained in the electronic form, e-mail bombing, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system. These "cyber-space offences" are either committed against the integrity, availability, and confidentiality of computer systems and telecommunication networks or they consist of the use of such networks of their services to commit traditional offences. There are various factors, which makes the cyber world vulnerable to such crimes. The unique characteristic of the computer to store data in a very small space affords to remove or derive information either through physical or virtual medium easily. The complex working system of the computers consisting of millions of codes helps the cyber criminals to take advantage of minor lapses and penetrate into the computer system. Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation. Cyber criminals can be categorized based on the objective that they have in their mind. Children and teenagers in the group of 8 to 18 fall in one category. The other group of cyber criminals is the hackers, including professional and organised hackers. The cyber crimes may be broadly classified as crimes, i. against the individuals;

ii. against the organisations; and iii. against the society at large.

The cyber crimes against individuals may be classified under two heads: against the individuals person and against the individuals property Crimes, which can be committed against Individual persons shall include, harassment via e-mails, Cyber-stalking, Dissemination of obscene materials, Defamation, Unauthorized control/access over computer system, Indecent exposure, Email spoofing, Cheating and Fraud. Crimes committed against individual property shall include, Computer vandalism, Transmitting virus and worms, Netrespass, Unauthorized control/access over computer system, Intellectual Property crimes, and Internet time thefts. The crimes against organization shall include unauthorized control or access over computer system, Possession of unauthorized information, Cyber terrorism against the government organization and Distribution of pirated software. Pornography, polluting the youth through indecent exposure, trafficking, financial crimes, sale of illegal articles, online gambling, and forgery are considered as the offences against the society at large. Stalking means pursuing stealthily. Where a person uses Internet messaging service or any other electronic means to stalk someone it amounts to cyber stalking. The offence of dissemination of obscene materials is committed through pornographic websites, pornographic magazines produced using computers and the channel used to transmit and download these materials. Defaming a person through the cyber medium shall come within the ambit of cyber defamation. Unauthorized access means any kind of access without permission of the authorized owner or the person in charge of a computer, computer system or computer network. By virtue of Section 2(1)(a) of the IT Act access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. Common techniques used for unauthorized access are: Packet sniffing, tempest attack, password cracking and buffer overflow.

i. Packet Sniffing Packet Sniffing is done on the basis of data transmission. Sniffers which are applied to the network layer of the victim IP address screens the data packets copy the encrypted data and then translate the encrypted data into original form for the adversary. Sniffer attaches itself to the network devices like the modem or the Network Interface Card (NIC) that is used by the victim computer to send and receive data. This technology is mostly used by crackers and forensic experts. ii. Tempest attack TEMPEST is the abbreviation of Transient Electromagnetic Pulse Emanation Standard. It is the ability to monitor the electromagnetic emissions from the computer for reconstructing the data allowing remote monitoring of network cables or remotely viewing monitors. iii. Password cracking To crack a password means to bypass a protection scheme or to decrypt a password of a user. iv. Buffer overflow It is also known as buffer overrun, input overflow or unchecked buffer overflow. This method involves giving input excessive data into a computer which overflows into the other areas of the computer memory allowing the hacker to insert executable code along with the input, enabling the hacker to break into the computer. A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's origin to be different from which actually it originates. Email spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the email, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. The result is that, although the e-mail appears to come from the address indicated in the From field (found in the email headers), it actually comes from another source.

Online fraud and cheating may assume different forms including those pertaining to credit card crimes, contractual crimes, offering jobs, etc. Computer vandalism may include within its purview any kind of physical harm done to the computer of any person. Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network which usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly eating up all the available space on a computer's memory. Any unlawful act by which, the owner is deprived completely or partially of his intellectual property rights, is an offence. The common form of IPR violation may be said to be software piracy, copyright infringement, trademark and service mark violation, theft of computer source code, etc. Internet time thefts involve the using up of Internet surfing hours of the victim by another person. The other common categories of cyber crimes are: i. Hacking A hacker is that the one who maliciously breaks into computer networks with the intent to steal data or tamper files with the intention to cause wrongful loss or damage to any person, or with the knowledge that wrongful loss or damage will be caused to any person due to this act. ii. Denial of Service Attack This is a type of cyber crime which is initiated by flooding a computer resource with more request than it can handle, causing the resource to crash thereby denying authorized users the service offered by the resources. It is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a Denial of Service attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of Denial of Service attacks typically

target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, Denial of Service attacks are implemented by either forcing the targeted compute to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. Denial-of-service attacks are considered violations of the Internet Architecture Board's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. iii. Logic Bombs Logic bombs are event dependent programs which do something on the happening of a particular event. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Many viruses attack their host systems on specific dates, such as Friday the 13th or April fools Day. Trojans that activate on certain dates are often called "time bombs". To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs. iv. Salami Attacks Salami attacks are attacks on a computer network which involves the intruder siphoning off small amounts of money from a file and placing them in another file that he or she can access. The name salami attack comes from the fact that salami is cut into very thin slices. It is also known as salami shaving .These types of attacks are mainly seen in the financial area. This attack makes so small alterations so that it would go completely unnoticed. v. Data Diddling

This type of attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. They are also termed as slag code. It is the changing of data before or during entry into the computer system. For instance, forging or counterfeiting documents used for data entry and exchanging valid disks and tapes with modified replacements. vi. Email Bombing Email bombing involves sending a large number of e-mails to the victim and thus crashing the victims email account or mail servers. There are two methods of perpetrating an e-mail bomb: mass mailing and list linking. There are two methods of perpetrating an e-mail bomb: mass mailing and list linking. List linking means signing a particular email address up to several email list subscriptions. The victim then has to unsubscribe from these unwanted services manually. In order to prevent this type of bombing, most email subscription services send a confirmation email to a person's inbox when that email is used to register for a subscription. viii. Trojan Attacks This means an unauthorized programme, which passively gains control over anothers system by representing itself as an authorised programme. The most common form of installing a Trojan is through e-mail. It is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system. It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. Trojan horses may allow a hacker remote access to a target computer system and to perform various operations, limited by user privileges on the target computer system. ix. Web Jacking This occurs when a hacker forcefully takes the control of a website by gaining access and control over the other website by bypassing the password. The hacker may even change the information on the site as the actual owner of the site loses all the control over the information on the site. 4. Critically examine the various Copyright issues in the Cyber space? Analyse the various case laws on Copyright issues in the Cyber space?

Copy right violations have become rampant since the advent of Cyberspace and the development of related information technologies. According to copyright act 1957, copyright is a negative monopoly right which enables author of the work to prevent others to exercise that right which has been conferred on him. What an author creates he is an exclusive owner of that. The precise text to determine whether a person is entitled to copyright is to ascertain whether skill, judgment and experience or labour, and capital have been expended in creating the work. Copyright law today protects works such as literary, dramatic and artistic works; cinematography films; sound recording and computer programmes, data bases and compilations. In Feist publication v. Rural Telephone Service Co. Inc. , it was held that there must be at least some minimal degree of creativity and what should be protected by copyright were the fruits of intellectual labour and not just sweat of the brow. Any original work would exclusively belong to the owner of the copyright and any action with respect to the work done by any person without the owner's permission or consent would amount to infringement. Numerous factors like ease of sharing digital content, low cost of distribution and download, lack of supranational authority to regulate, difficulties in tracing violators, uncertainties in determining jurisdiction over infringing acts, etc., have contributed to increasing copyright infringements. The advent and growth of Internet has posed extremely serious threats to copyrights. The increased levels of copyright threats in cyberspace could be attributed to some of the unique characteristics of the Internet, the new possibilities it creates and its unprecedented growth worldwide. Also, the ubiquitous nature of Internet often makes it difficult to trace or attribute copyright violations to a particular jurisdiction. Internet has become a two edged sword for business fraternity. On the one hand, business firms look for greater development of network technologies in order to increase the viability and quality of digital content delivery. On the other hand, the growth of the very technology has resulted in increased levels of violation of their IPR. Taking content from one site, modifying it or just reproducing it on another site has been made possible by digital technology and this has posed new challenges for the traditional interpretation of individual rights and protection. Internet, as a channel for delivery of digital products, has opened up the Pandora box involving a range of threats including unauthorized online public

broadcasting, deep linking and free access to copyrighted products, illegal sale and distribution of copyrighted products, etc. A link is a selectable connection from one word, picture, or information object to another. Links allow quick access to information that otherwise could take much effort to find. When a link bypasses the home pages and goes straight to an internal page within the linked site, it is the case of deep linking. Deep links defeat a Web sites intended purpose and method of navigation. Further deep links may "steal" traffic from the linked sites homepage thereby decreasing the revenue that could be generated from advertising that is dependent on the traffic onto the site. In Ticket Master V. Microsoft Ticket Master sued Microsoft, as the Defendant in his website Seattle Sidewalks had established links on the Homepage of the plaintiff. The plaintiff alleged that the respondent was guilty of deceptive trade mark practices and dilution. The deep linking took the users to TicketMaster ordering pages, without the users visiting the TicketMaster Homepage, which as a consequence deprives the users to read the plaintiffs promotional materials on its home page. Inline link enables the user to disable the images and read the pages in text-only mode if he so desires. This code can also be used to target images on other sites, in the same way as an ordinary link except that the target images load automatically at the users computer. No copy of the image is made on the hosts server. The link could be used to build up a complete virtual document consisting of images sourced from other hosts - but which on the home host consists of nothing but a few lines of text with pointers to the URLs of the target images. Frames are HTML enhancements, which enables the website designer to split the screen into a number of separate areas or frames, which are used to subdivide web pages. Frames provide an opportunity to encase someone elses site in advertising generated by the linking site. When the user clicks on a link to another site from within a frame, instead of the target sites content completely replacing the pointing sites content, it appears surrounded by the material in the frames remaining from the pointing site. This undermines the assumptions on which advertising and sponsorship deals are done. Since it is possible for a site to call a frame's contents from a different location, a programmer might "frame" another's Web content beneath his own navigation or banners. This allows him to use creative content owned by another entity to sell by advertising on its on site.

Another major legal challenge in digital cyber copyrights today is that definitional and consensus may not be reached quickly and easily due to the infancy of the relevant legal regimes. When a copy righted work passes through different nodes in a network, a temporary copy is made in each of the intermittent computers or nodes. Also when the work is accessed in a particular terminal, a temporary RAM copy is made through caching even if the work was as such not saved intentionally. In MAl System Corp v. Is Peak Computers Inc, it was held that the temporary copies made into a computer RAM are copies. But in year 1995 in Religious Technology v. Netcom an US District court held that temporary copying involved in browsing is the functional equivalent of reading and does not implicate the copy right laws. This demonstrates the difficulty that although the underlying technical process is understood clearly, the legal challenge to define whether a copy right violation takes place or not, remains. P2P (peer to peer) networking has become a serious threat to the copyrights owners. In a p2p network 2 or more computers which are connected by software enables the computer to transfer files or data to other connected computers. Computer Software and Internet Piracy: There are three essential types of software which help to function the computer, micro code it is a programme which controls the details of execution, the operating system software which control the sources of a computer and manages routine tasks and is a necessary requirement for a computer to function and the third is a application software which is designed to perform a particular task. Piracy occurs when copyrighted software is made available to users to download without the express permission of the copyright owner. Such illegal software is offered over online sources such as online advertisements newsgroups bulletin board service and auction sites. Piracy hampers creativity, hinders the development of new software and local software industry and ultimately effects e-commerce. Caselaws In the case of Shetland Times, Ltd. v. Wills ([1997] FSR 604:1997 SLT 669), the plaintiff, the Shetland Times operated a Web site through which it made available many of the items in the printed version of its newspaper. Its primary function was to distribute news and other items. The defendants also owned and operated a Web site on which they published a news reporting service. Defendants reproduced verbatim a number of headlines appearing in the

Shetland Times. These headlines were hyperlinked to the plaintiffs site. Clicking on the headline took the reader to the internal pages in the plaintiffs site on which the related story was found. He found that the articles were being sent by the Shetland Times but through the Web site maintained by the defendants. In the process, the front page of the Shetland Times' site (on which paid advertisements appeared) was bypassed, significantly diminishing the value of the site to potential advertisers. The court barred the defendants from copying headlines, without the plaintiffs consent, from its newspaper onto their Web site, and creating hyperlinks from those headlines to the location on the plaintiffs site on which the article described in the headline appears. In Michael v. Internet - Group Inc., Court held that it is violation of copyright owners exclusive statutory right of display by making available videotape over the internet without authorisation and posting unauthorised copies of electronic clipart on web pages If a web designer creates a website by combining some special features of various web sites. This may amount to unauthorized adaptation of the plaintiff software and violation of plaintiffs copyright. In Intellectual Reserve Inc. v. Utah Lighthouse Ministry, Inc., (75.F. Supp.2d 1290[D Utah 1999] ), the court held that, posting a message on the website providing users with the location of the infringing materials and apparently aiding the users in viewing the infringing websites amount to contributory infringement of copyrights laws. A similar view was taken in Universal City Studio Inc.v. Reimerdes [82F Supp 2d 211 (SDNY 2000)]. The misuse of inlining links was brought before the court in Leslie A. Kelly v. Arriba Soft Corporation. In this case, the court had held that, held that that unauthorized inline linking to images residing on the copyright owner's Web site violates the copyright owner's right of public display. The court also, stated that inline linking diminishes the opportunities of the copyright owner to sell or licence the images on his own Web site. The gross exploitation by the misuse of Frame Technology was brought to light in the case Washington Post Co. v. Total News, Inc., [97 Civ.1190 (S.N.D.Y.)]. In this case the defendants had designed a parasitic website that republished the news and editorial contents of other websites (of the plaintiffs), so as to attract both advertisers and users. Such use of frames was held to be amounting to infringement. A similar view was held in, Futuredontics Inc. v. Applied

Anagramic, Inc. [1997 U.S Dist. LEXIS 13760(SDNY Sept.9 1999)]. In this case it was held that the addition of the frame somewhat modified the appearance of the linked site and such modifications could, without, authorisation could amount to infringement. One of the most famous cited lawsuits worldwide for digital copyright infringements using P2P networking is of the Napster Case (A&M Records v. Napster, 239 F.3d 1004 (9th Cir. 2001)), whereby the plaintiff was sued by the defendants, for P2P file sharing. In the instant matter, Napster provided software, whereby the user can share media files (MP3 Files) stored in his computer to other user of Napster. The court found that Napster was contributorily liable for the copyright infringement of its end-users because it "knowingly encourages and assists the infringement of plaintiffs' copyrights. The court found that Napster did receive a financial benefit, and had the right and ability to supervise the activity, meaning that the plaintiffs demonstrated a likelihood of success on the merits of their claim of vicarious infringement. The court denied all of Napster's defenses, including its claim of fair use. The next major peer-to-peer case was MGM v. Grokster, [545 U.S. 913 (2005)]. In this case, the Supreme Court found that even if Grokster was capable of substantial non-infringing uses, which the Sony court found was enough to relieve one of secondary copyright, liability, Grokster was still secondarily liable because it induced its users to infringe. In RIAA (Recording Industry Association of America) v. Verizon Internet Services, Inc., the court had held that not only the companies but also the individuals who downloaded the copyrighted content and the persons who make it possible namely the Internet Service Providers should be prosecuted in the case of such infringements. 5. Narrate the various kinds of E-Commerce? Examine the various dispute resolutions in E-Commerce? Electronic commerce or e-commerce refers to a wide range of online business activities for products and services. It also pertains to any form of business transaction in which the parties interact electronically rather than by physical exchanges or direct physical contact. E-commerce is usually associated with buying and selling over the Internet, or conducting any transaction involving the transfer of ownership or rights to use goods or services through a computer-mediated network. More precisely, E-commerce is the use

of electronic communications and digital information processing technology in business transactions to create, transform, and redefine relationships for value creation between or among organizations, and between organizations and individuals. In the emerging global economy, e-commerce has increasingly become a necessary component of business strategy and a strong catalyst for economic development. The integration of information and communications technology (ICT) in business has revolutionized relationships within organizations and those between and among organizations and individuals. Specifically, the use of ICT in business has enhanced productivity, encouraged greater customer participation, and enabled mass customization, besides reducing costs. E-Commerce may be classified into various types depending on the number and nature of parties at both ends of the transaction. Depending on the types of the participants, E-Commerce may be classified into the following types: 1. Business-to-Business (B2B); 2. Business-to-Consumer (B2C); 3. Business-to-Government (B2G); 4. Consumer-to-Consumer (C2C); 5. Intra-business E-Commerce; and 6. Mobile commerce (m-commerce). 1. Business to business (B2B) E-Commerce: B2B e-commerce may be simply defined as e-commerce between business establishments. This is the type of e-commerce that deals with relationships between and among businesses. It is also known as EDI (electronic data interchange). The B2B market has two primary components: e-frastructure and e-markets. E-frastructure is the architecture of B2B, primarily consisting of the following:

i. Logistics - transportation, warehousing and distribution (e.g., Procter and Gamble); ii. Application service providers - deployment, hosting and management of packaged software from a central facility (e.g., Oracle and Linkshare); iii. Outsourcing of functions in the process of e-commerce, such as Webhosting, security and customer care solutions (e.g., outsourcing providers such as eShare, NetSales, iXL Enterprises and Universal Access); iv. Auction solutions software for the operation and maintenance of real-time auctions in the Internet (e.g., Moai Technologies and OpenSite Technologies); v. Content management software for the facilitation of Web site content management and delivery (e.g., Interwoven and ProcureNet); and vi. Web-based commerce enablers (e.g., Commerce One, a browser-based, XMLenabled purchasing automation software). E-markets are simply defined as Web sites where buyers and sellers interact with each other and conduct transactions. Benefits of B2B E-Commerce: Transaction costs: There are three cost areas that are significantly reduced through the conduct of B2B e-commerce. First is the reduction of search costs, as buyers need not go through multiple intermediaries to search for information about suppliers, products and prices as in a traditional supply chain. In terms of effort, time and money spent, the Internet is a more efficient information channel than its traditional counterpart. In B2B markets, buyers and sellers are gathered together into a single online trading community, reducing search costs even further. Second is the reduction in the costs of processing transactions (e.g. invoices, purchase orders and payment schemes), as B2B allows for the automation of transaction processes and therefore, the quick implementation of the same compared to other channels (such as the telephone and fax). Efficiency in trading processes and transactions is also enhanced through the B2B e-markets ability to process sales through online auctions. Third, online processing improves inventory management and logistics.

Disintermediation: Through B2B e-markets, suppliers are able to interact and transact directly with buyers, thereby eliminating intermediaries and distributors Transparency in pricing: Among the more evident benefits of e-markets is the increase in price transparency. The gathering of a large number of buyers and sellers in a single e-market reveals market price information and transaction processing to participants. The Internet allows for the publication of information on a single purchase or transaction, making the information readily accessible and available to all members of the e-market. Increased price transparency has the effect of pulling down price differentials in the market. Moreover, B2B e-markets expand borders for dynamic and negotiated pricing wherein multiple buyers and sellers collectively participate in price-setting and two-way auctions. In such environments, prices can be set through automatic matching of bids and offers. In the e marketplace, the requirements of both buyers and sellers are thus aggregated to reach competitive prices, which are lower than those resulting from individual actions. Economies of scale and network effects: The rapid growth of B2B emarkets creates traditional supply-side cost-based economies of scale. Furthermore, the bringing together of a significant number of buyers and sellers provides the demand-side economies of scale or network effects. Each additional incremental participant in the e-market creates value for all participants in the demand side. 2. Business to Consumer (B2B) E-Commerce: Business-to-consumer (B2C) describes activities of businesses serving end consumers with products and or services. Business-to-consumer ecommerce, or commerce between companies and consumers, involves customers gathering information; purchasing physical goods or information goods and, for information goods, receiving products over an electronic network. The more common applications of this type of e-commerce are in the areas of purchasing products and information, and personal finance management, which pertain to the management of personal investments and finances with the use of online banking tools. Benefits of B2C E-Commerce:

B2C E commerce may be referred to as the extensions of the traditional merchant retailing stores. B2C e-commerce reduces transactions costs (particularly search costs) by increasing consumer access to information and allowing consumers to find the most competitive price for a product or service. B2C e-commerce also reduces market entry barriers since the cost of putting up and maintaining a Web site is much cheaper than installing a brick-and-mortar structure for a firm. In the case of information goods, B2C e-commerce saves firms from factoring in the additional cost of a physical distribution network. Moreover, for countries with a growing and robust Internet population, delivering information goods becomes increasingly feasible. It allows consumers to purchase customized and personalized products by forming a one-to-one relationship with the merchant. The consumer will be able to even purchase goods and services from a foreign market without being physically present there. 3. Business to Government (B2G) E commerce: Business-to-government e-commerce or B2G is generally defined as commerce between companies and the public sector. It refers to the use of the Internet for public procurement, licensing procedures, and other governmentrelated operations. Business-to-government is a derivative of B2B marketing and often referred to as a market definition of "public sector marketing" which encompasses marketing products and services to various government levels - including federal, state and local - through integrated marketing communications techniques such as strategic public relations, branding, advertising, and web-based communications. B2G networks provide a platform for businesses to bid on government opportunities which are presented as solicitations in the form of RFPs in a reverse auction fashion. This kind of ecommerce has two features: first, the public sector assumes a pilot/leading role in establishing e-commerce; and second, it is assumed that the public sector has the greatest need for making its procurement system more effective. Web-based purchasing policies increase the transparency of the procurement process, and reduce the risk of irregularities. To date, however, the size of the B2G ecommerce market as a component of total e-commerce is insignificant, as government-procurement systems remain undeveloped. 4. Consumer to Consumer (C2C) E-Commerce:

Consumer-to-consumer e-commerce or C2C is simply commerce between private individuals or consumers. This type of e-commerce is characterized by the growth of electronic marketplaces and online auctions, particularly in vertical industries where firms/businesses can bid for what they want from among multiple suppliers. The various forms of these types of E-Commerce are: i. Auctions facilitated at a portal, such as eBay, which allows online realtime bidding on items being sold in the Web; ii. Peer-to-peer systems, such as the Napster model (a protocol for sharing files between users used by chat forums similar to IRC) and other file exchange and later money exchange models; and iii. Classified ads at portal sites. 5. Intra-business E-Commerce: Electronic transactions taking place within the organization can be expressed as intra-business type of e-commerce. 6. Mobile E-Commerce (m-commerce) M-commerce (mobile commerce) is the buying and selling of goods and services through wireless technology-i.e., handheld devices such as cellular telephones and personal digital assistants (PDAs). Industries benefited by m-commerce include: Financial services, including mobile banking (when customers use their handheld devices to access their accounts and pay their bills), as well as brokerage services (in which stock quotes can be displayed and trading conducted from the same handheld device); Telecommunications, in which service changes, bill payment and account reviews can all be conducted from the same handheld device; Service/retail, as consumers are given the ability to place and pay for orders onthe-fly; and Information services, which include the delivery of entertainment, financial news, sports figures and traffic updates to a single mobile device.

The alternate dispute resolution methods in the medium of E-Commerce are termed as the Online Dispute Resolution (ODR).It is a branch of dispute resolution which uses technology to facilitate the resolution of disputes between parties. ODR was born from the synergy between ADR and ICT, as a method for resolving disputes that were arising online, and for which traditional means of dispute resolution were inefficient or unavailable. It primarily involves negotiation, mediation or arbitration, or a combination of all three. Dispute resolution techniques range from methods where parties have full control of the procedure, to methods where a third party is in control of both the process and the outcomes. These primary methods of resolving disputes may be complemented with Information and Communication Technology (ICT). ODRSs have become prevalent in the resolution of ecommerce disputes. ODRs are seen as a means to establish consumer trust in ecommerce, and as a product/service they could market. The techniques involved in the modern day e-Commerce may be broadly classified as consensual and adjudicative methods. Consensual methods includes, i. Automated negotiation; ii. Assisted negotiation; and iii. Online Negotiation-cum- Mediation.
i.

Automated Negotiation:

Automated Negotiation relates to those methods in which the technology takes over aspects of a negotiation. Most of the ODR services in this area are so-called 'blind-bidding' services. This is a negotiation process designed to determine economic settlements for claims in which liability is not challenged. The blind bidding service may be thought of as a type of auction mechanism where some or all information about the players' bids is hidden. There are two forms of automated negotiation, Double Blind Bidding, which is a method for single monetary issues between two parties, where the offer and demand are kept hidden during the negotiation and Visual Blind Bidding, which can be applied to negotiations with any number of parties and issues. The primary distinction of Visual Blind Bidding is in what is kept hidden from the other parties. In traditional Double Blind Bidding, the offers and demands are kept hidden, whereas with Visual Blind Bidding what is

kept hidden is what each party is willing to accept. This method can be effectively applied to the simplest single-value negotiations or the most complex negotiations between any number of parties and issues. Automated negotiation has proven to be particularly successful with insurance compensations and commercial activities. It is also a valuable tool for lawyers because they too can use it without revealing what theyre willing to accept (unless an agreement is reached) and more importantly, without waiving their right to access the court, in the case that the negotiation is unsuccessful.
ii.

Assisted Negotiation and Online Negotiation-cum- Mediation :

In Assisted Negotiation the technology assists the human negotiator in the negotiation process between the parties. The role of the technology may be to provide a certain process and/or to provide the parties with specific (evaluative) advice. In Online negotiation cum mediation a dual process of negotiation and mediation is adopted and the parties can initiate ODR process by opting online negotiation and make an attempt to negotiate their differences and reach a settlement. If this attempt fails, a mediator is appointed for conducting an online mediation. Mediators use information management skills encouraging parties to reach an amicable agreement by enabling them to communicate more effectively through the rephrasing of their arguments. Also, assisted negotiation procedures are designed to improve parties communications through the assistance of a third party or software. The major advantages of these processes, when used online, are their informality, simplicity and user friendliness. Smart settle and Square trade are two popular providers of ODRs. The adjudicative methods include, Online arbitration and Peer Jury. i. Online Arbitration: Arbitration is a process where a neutral third party (arbitrator) delivers a decision which is final, and binding on both parties. It can be defined as a quasijudicial procedure because the award replaces a judicial decision. Under online arbitration process, the whole process of arbitration is carried out through emails like filing of arbitration agreement, filing of disputes, filing of documentary evidence; written submissions, written hearing, closing statements etc are all done through email. The main challenge for online arbitration is that

if judicial enforcement is required then it partly defeats the purpose of having an online process. Alternatively, some processes have developed self-enforcement mechanisms such as technical enforcements, black lists and trustmarks. Uniform Domain Name Dispute Resolution Policy (UDRP) has developed a transparent global ODR process that allows trade mark owners to fight efficiently cybersquatting. The UDRP is used to resolve disputes between trade mark owners and those who have registered a domain name in bad faith for the purpose of reselling it for a profit, or taking advantage of the reputation of a trademark. ii. Peer Jury: It is another type of ODR where the volunteer jurors select disputes they would like to decide, review them, seek clarifications and give their decisions. They would decide a single dispute and the parties are given a summary of the decisions which contains the number of jurors decided in favour of and against each party.