LOVELY SCHOOL OF MANAGEMENT

SUBMITTED TO: - SUBMITTED BY:-

MR. Vaneet Kashyap GYAN PRAKASH

ROLL NO:-B46

SEC:-S1007

REG.ID:-11011236

 Introduction
Cyber law India is an organization that is dedicated to the passing of relevant
and dynamic Cyber laws in India. Considering India is one of the biggest
economies impacting electronic commerce and the biggest markets to target,
it is but natural to accept that India should have in place appropriate enabling
legal provisions for effective and secure cyber transactions.
Cyber law India as an organization has been active since late 1990’s in India.
Cyber law India was responsible for conducting various programmers
directing at creating more awareness about the needs for Cyber law in India.
The Information Technology Bill 1999 when presented in Parliament was
appropriately analyzed at Cyber law India. Mr. Pavan Duggal, President, Cyber
law India, was responsible for demonstrating various draw backs and lacuna
of the said legislation. After the passage of the Indian Information Technology
Act 2000, Cyber law India was engaged in initiatives, programmes and events
that were targeting at creating more awareness amongst the relevant stake
holders about the Indian Cyber law namely the Information Technology Act
2000, its salient features and how the said law impacts their day to day
operation. Cyber law India has been in the forefront of creating more
awareness about effectively strengthening the law impacting Internet and
computers within India. The Government of India had tabled the Information
Technology Amendment Bill of 2006 before Parliament. The Parliament
referred the said Bill to the Parliamentary Standing Committee for its
comments. Cyber law India was once again responsible for creating awareness
about the new proposed amendments to the Information Technology Act 2000
in India. The Government of India passed the Information Technology
Amendment Act of 2008 in December 2008. The said legislation has become
law with effect from 5th of February 2009. Cyber law India has been in the
forefront of creating more awareness about the new amendments to the
Information Technology Act 2000 and their ramifications and impact upon all
relevant stake holders and corporate world. Cyber law India believes that
India must have the best cyber legal regime in the world. Cyber law
Association aims to contribute to the ever evolving cyber legal jurisprudence
and emerging legal issues pertaining to Cyberspace, Internet and the World
Wide Web.  Cyber law Association is a not for profit association that was
found more than a decade ago to encourage the growth of Cyber law in
different jurisdictions. It was also initially devised to be meeting point of all
related similar thinking individuals and legal entities who had an interest in
the evolution, growth and development of Cyber Law, and Cyber Law legal
jurisprudence.  Cyber Law Association is the common meeting point of legal
professionals, scholars, jurists and other stakeholders who all are committed
to the growth of cyber law and cyber legal jurisprudence.

 What is the importance of Cyber law?

Cyber law is important because it touches almost all aspects of transactions
and activities on and concerning the Internet, the World Wide Web and
Cyberspace. Initially it may seem that Cyber laws are a very technical field and
that it does not have any bearing to most activities in Cyberspace. But the
actual truth is that nothing could be further than the truth. Whether we realize
it or not, every action and every reaction in Cyberspace has some legal and
Cyber legal perspectives.

 Need for Cyber Law

There are various reasons why it is extremely difficult for conventional law to
cope with cyberspace. Some of these are discussed below.
1. Cyberspace is an intangible dimension that is impossible to govern and
regulate using conventional law.
2. Cyberspace has complete disrespect for jurisdictional boundaries. A person
in India could break into a bank’s electronic vault hosted on a computer in
USA and transfer millions of Rupees to another bank in Switzerland, all within
minutes. All he would need is a laptop computer and a cell phone.
3. Cyberspace handles gigantic traffic volumes every second.
Billions of emails are crisscrossing the globe even as we read this, millions of
websites are being accessed every minute and billions of dollars are
electronically transferred around the world by banks every day.
4. Cyberspace is absolutely open to participation by all. A ten year- old in
Bhutan can have a live chat session with an eight year- old in Bali without any
regard for the distance or the anonymity between them.
5. Cyberspace offers enormous potential for anonymity to its members.
Readily available encryption software and steganography tools that
seamlessly hide information within image and sound files ensure the
confidentiality of information exchanged between cyber-citizens.
6. Cyberspace offers never-seen-before economic efficiency.
Billions of dollars’ worth of software can be traded over the
Internet without the need for any government licenses, shipping and handling
charges and without paying any customs duty.
7. Electronic information has become the main object of cybercrime. It is
characterized by extreme mobility, which exceeds by far the mobility of
persons, goods or other services. International computer networks can
transfer huge amounts of data around the globe in a matter of seconds.
8. A software source code worth crores of rupees or a movie can be pirated
across the globe within hours of their release.
9. Theft of corporeal information (e.g. books, papers, CD ROMs, floppy disks) is
easily covered by traditional penal provisions.
However, the problem begins when electronic records are copied quickly,
inconspicuously and often via telecommunication facilities. Here the “original”
information, so to say, remains in the “possession” of the “owner” and yet
information gets stolen.

 Advantages of Cyber Laws:-

The IT Act 2000 attempts to change outdated laws and provides ways to deal
with cybercrimes. We need such laws so that people can perform purchase
transactions over the Net through credit cards without fear of misuse. The Act
offers the much-needed legal framework so that information is not denied
legal effect, validity or enforceability, solely on the ground that it is in the form
of electronic records. The Act has also proposed a legal framework for the
authentication and origin of electronic records communications through
digital signature.

* Companies shall now be able to carry out electronic commerce using the
legal infrastructure provided by the Act.
* The Act throws open the doors for the entry of corporate companies in the
business of being Certifying Authorities for issuing Digital Signatures
Certificates.
* The Act now allows Government to issue notification on the web thus
heralding e-governance.

* Digital signatures have been given legal validity and sanction in the Act.

* From the perspective of e-commerce in India, the IT Act 2000 and its
provisions contain many positive aspects. Firstly, the implications of these
provisions for the e-businesses would be that email would now be a valid and
legal form of communication in our country that can be duly produced and
approved in a court of law.
* The Act enables the companies to file any form, application or any other
document with any office, authority, body or agency owned or controlled by
the appropriate Government in electronic form by means of such electronic
form as may be prescribed by the appropriate Government.
* The IT Act also addresses the important issues of security, which are so
critical to the success of electronic transactions. The Act has given a legal
definition to the concept of secure digital signatures that would be required to
have been passed through a system of a security procedure, as stipulated by
the Government at a later date.
* Under the IT Act, 2000, it shall now be possible for corporates to have a
statutory remedy in case if anyone breaks into their computer systems or
network and causes damages or copies data. The remedy provided by the Act
is in the form of monetary damages, not exceeding Rs. 1 crore.

*Companies shall now be able to carry out electronic commerce using the
legal infrastructure provided by the Act.

 Impact of Indian Cyber Laws

Offshore outsourcing to India is especially buoyant. Only last month Norwich
Union, Britain's biggest insurance company joined a host of other firms
including HSBC, Barclays, Marks & Spencer and Tesco, by deciding to ship jobs
to Asia. But some, including the Royal Bank of Scotland and Alliance &
Leicester, have pledged to keep jobs in Britain, partly in response to the
backlash that turned offshoring into a political hot potato.
With the growing fashion of the world’s biggest organizations to offshore
outsource their business processes, India has emerged as the world’s leader in
outsourcing industry. Let’s have a look at the reasons that have forced
companies to pack their bags and return to their homes by compromising
over their profits.
1. Even though India is through with its first cyber law, the IT Act 2000, the
service providers have been unable to provide satisfactory standard
security solutions because regulations, legislation, and consequently risk vary
vastly between industries and geographies.
2. Apart from this the companies bear a distrust feeling due to the lack of
regulatory protection in areas such as security and privacy. It is because the IT
Act 2000 does not include any clause similar to the Data Protection Act of
United Kingdoms. This naturally has lead companies to decide for
their home than to outsource.
3. India till date has not been able to achieve the recognition from European
Commission, which has framed certain standards covering data protection
compliance in contracts with offshore suppliers. It is because India has not
been able to rise up to the laid standards. But this not the end, the country is
working hard to frame up a data protection act and privacy regime that will be
scrutinized by the EC in due course.
4. The extremely slow India’s legal process in checking digital piracy which
includes both, software and movies, is also one of the reasons why companies
hesitate to outsource their business processes to India.
Developed nations like Hong-Kong and Singapore, on the other hand, have
stringent laws for the similar crimes.

The year saw high profile visits of CEOs of Microsoft and Intel, who have high
stakes in India. Microsoft CEO Steve Ballmer inaugurated a new campus
facility of the company in Hyderabad and said the firm would hire hundreds in
India and bring out MS Window in 14 Indian languages.
1. To hold their clients, most of the Indian Service providers agree to be
subjected by global acts and ready to be litigated in the court of the user’s
country.
2. Also, to stay in the competition and ensure security and integrity of the
data, most of the leading business process outsourcing companies has
implemented international standards for information security management
like the BS7799 and the ISO17799.
3. The outsourcing environment is becoming increasingly control-oriented
and the need for stronger cyber laws has been increasingly felt. The
government too realizes this and therefore promises to have a tighter data
protection and privacy regime in place later this year. It is conducting a
security audit of its 860 members and has proposed to amend the existing
cyber laws of India, the IT Act 2000 so as to cover up the issues of data
security and cybercrime.

 What is Cybercrime? 
When Internet was developed, the founding fathers of Internet hardly had any
inclination that Internet could also be misused for criminal activities. Today,
there are many disturbing things happening in cyberspace. Cybercrime refers
to all the activities done with criminal intent in cyberspace. These could be
either the criminal activities in the conventional sense or could be activities,
newly evolved with the growth of the new medium. Because of the
anonymous nature of the Internet, it is possible to engage into a variety of
criminal activities with impunity and people with intelligence, have been
grossly misusing this aspect of the Internet to perpetuate criminal activities in
cyberspace. The field of Cybercrime is just emerging and new forms of
criminal activities in cyberspace are coming to the forefront with the passing
of each new day.

What are the various categories of Cybercrimes? 

Cybercrimes can be basically divided into 3 major categories being
Cybercrimes against persons, property and Government.

Cybercrimes against persons?

Cybercrimes committed against persons include various crimes like
transmission of child-pornography, harassment of any one with the use of a
computer such as e-mail, and cyber-stalking.
The trafficking, distribution, posting, and dissemination of obscene material
including pornography, indecent exposure, and child pornography, constitutes
one of the most important Cybercrimes known today. The potential harm of
such a crime to humanity can hardly be overstated. This is one Cybercrime
which threatens to undermine the growth of the younger generation as also
leave irreparable scars and injury on the younger generation, if not controlled.
Cybercrimes against property?
The second category of Cybercrimes is that of Cybercrimes against all forms of
property. These crimes include unauthorized computer trespassing through
cyberspace, computer vandalism, transmission of harmful programs, and
unauthorized possession of computerized information.

Cybercrime against Government?

The third category of Cybercrimes relate to Cybercrimes against Government.
Cyber Terrorism is one distinct kind of crime in this category. The growth of
Internet has shown that the medium of Cyberspace is being used by
individuals and groups to threaten the international governments as also to
terrorize the citizens of a country. This crime manifests itself into terrorism
when an individual "cracks" into a government or military maintained
website.

Why Cyber laws In India

India became independent on 15th August, 1947. In the 49th year of Indian
independence, Internet was commercially introduced in our country. The
beginnings of Internet were extremely small and the growth of subscribers
painfully slows. However as Internet has grown in our country, the need has
been felt to enact the relevant Cyber laws which are necessary to regulate
Internet in India. This need for cyber laws was propelled by numerous factors.
Firstly, India has an extremely detailed and well-defined legal system in place.
Numerous laws have been enacted and implemented and the foremost
amongst them is The Constitution of India. We have interlaid, amongst others,
the Indian Penal Code, the Indian Evidence Act 1872, the Banker's Book
Evidence Act, 1891 and the Reserve Bank of India Act, 1934, the Companies
Act, and so on. However the arrival of Internet signaled the beginning of the
rise of new and complex legal issues. It may be pertinent to mention that all
the existing laws in place in India were enacted way back keeping in mind the
relevant political, social, economic, and cultural scenario of that relevant time.
Nobody then could really visualize about the Internet. Despite the brilliant
acumen of our master draftsmen, the requirements of cyberspace could
hardly ever be anticipated. As such, the coming of the Internet led to the
emergence of numerous ticklish legal issues and problems which necessitated
the enactment of Cyber laws. Secondly, the existing laws of India, even with
the most benevolent and liberal interpretation, could not be interpreted in the
light of the emerging cyberspace, to include all aspects relating to different
activities in cyberspace. In fact, the practical experience and the wisdom of
judgment found that it shall not be without major perils and pitfalls, if the
existing laws were to be interpreted in the scenario of emerging cyberspace,
without enacting new cyber laws. For example, the Net is used by a large
majority of users for email. Yet till today, email is not "legal" in our country.
There is no law in the country, which gives legal validity, and sanction to
email. Courts and judiciary in our country have been reluctant to grant judicial
recognition to the legality of email in the absence of any specific law having
been enacted by the Parliament. Fourthly, Internet requires an enabling and
supportive legal infrastructure in tune with the times. This legal infrastructure
can only be given by the enactment of the relevant Cyber laws as the
traditional laws have failed to grant the same. The Government of India
responded by coming up with the draft of the first Cyber law of India - The
Information Technology Bill, 1999.

Some Indian Case Studies:

(1)Pune Citibank Emphasis Call Center

Fraud US $ 3, 50,000 from accounts of four US customers was dishonestly

transferred to bogus accounts. This will give a lot of ammunition to those
lobbying against outsourcing in US. Such cases happen all over the world but
when it happens in India it are a serious matter and we cannot ignore it. It is a
case of sourcing engineering. Some employees gained the confidence of the
customer and obtained their PIN numbers to commit fraud. They got these
under the guise of helping the customers out of difficult situations. Highest
security prevails in the call centers in India as they know that they will lose
their business. There was not as much of breach of security but of sourcing
engineering.  The call center employees are checked when they go in and out
so they cannot copy down numbers and therefore they could not have noted
these down. They must have remembered these numbers, gone out
immediately to a cyber café and accessed the Citibank accounts of the
customers. All accounts were opened in Pune and the customers complained
that the money from their accounts was transferred to Pune accounts and
that’s how the criminals were traced. Police has been able to prove the
honesty of the call center and has frozen the accounts where the money was
transferred. There is need for a strict background check of the call center
executives. However, best of background checks cannot eliminate the bad
elements from coming in and breaching security. We must still ensure such
checks when a person is hired. There is need for a national ID and a national
data base where a name can be referred to. In this case preliminary
investigations do not reveal that the criminals had any crime history.
Customer education is very important so customers do not get taken for a
ride. Most banks are guilt of not doing this. 

(2) Baazee.com case

CEO of Baazee.com was arrested in December 2004 because a CD with
objectionable material was being sold on the website. The CD was also being
sold in the markets in Delhi. The Mumbai city police and the Delhi Police got
into action. The CEO was later released on bail. This opened up the question as
to what kind of distinction do we draw between Internet Service Provider and
Content Provider. The burden rests on the accused that he was the Service
Provider and not the Content Provider. It also raises a lot of issues regarding
how the police should handle the cybercrime cases and a lot of education is
required e.

(3)PARLIAMENT ATTACK CASE

Bureau of Police Research and Development at Hyderabad had handled some
of the top cyber cases, including analyzing and retrieving information from
the laptop recovered from terrorist, who attacked Parliament. The laptop
which was seized from the two terrorists, who were gunned down when
Parliament was under siege on December 13 2001, was sent to Computer
Forensics Division of BPRD after computer experts at Delhi failed to trace
much out of its contents. The laptop contained several evidences that
confirmed of the two terrorists’ motives, namely the sticker of the Ministry of
Home that they had made on the laptop and pasted on their ambassador car to
gain entry into Parliament House and the fake ID card that one of the two
terrorists was carrying with a Government of India emblem and seal. The
emblems (of the three lions) were carefully scanned and the seal was also
craftily made along with residential address of Jammu and Kashmir. But
careful detection proved that it was all forged and made on the laptop.
(4)Ritu Kohli Case:-

Ritu Kohli Case, being India's first case of cyber stalking, was indeed an
important revelation into the mind of the Indian cyber stalker. A young Indian
girl being cyber stalked by a former colleague of her husband, Ritu Kohl i’s
case took the imagination of India by storm. The case which got cracked
however predated the passing of the Indian Cyber law and hence it was just
registered as minor offences under the Indian Penal Code. The Delhi Police
has recently registered India’s First Case of Cyber stalking. One Mrs. Ritu Kohli
complained to the police against the person who was using her identity to
chat over the Internet at the website www.mirc.com, mostly in the Delhi
channel for four consecutive days. Mrs. Kohli further complained that the
person was chatting on the Net, using her name and giving her address and
was talking obscene language. The same person was also deliberately
giving her telephone number to other chatters encouraging them to call Ritu
Kohli at odd hours. Consequently, Mrs. Kohli received almost 40 calls in three
days mostly at odd hours from as far away as Kuwait, Cochin, Bombay and
Ahmedabad. The said calls created havoc in the personal life and mental peace
of Ritu Kohli who decided to report the matter. Consequently, the IP addresses
were traced and the police investigated the entire matter and ultimately
arrested Manish Kathuria on the said complaint. Manish apparently pleaded
guilty and was arrested. A case was registered under section 509, of the
Indian Penal Code (IPC). And thereafter he was released on bail. This is the
first time when a case of cyber stalking has been reported. Cyber stalking does
not have any one definition but it can be defined to mean threatening,
unwarranted behavior or advances directed by one net user to another user
using the medium of Internet and other forms of online communication. Cyber
stalking is a recent phenomenon and women generally are the main targets of
this cybercrime.

(5)State of Maharashtra v/s Anand Ashok Khare

This case related to the activities of the 23-year-old Telecom engineer Anand
Ashok Khare from Mumbai who posed as the famous hacker Dr Necker and
made several attempts to hack the Mumbai police Cyber Cell website.
(6)State of Uttar Pradesh v/s Sacket Sanghania
This case which was registered under Section 65 of the IT Act, related to theft
of computer source code. Sacket Singhania an engineer was sent by his
employer to America to develop a software program for the company.
Singhania, instead of working for the company, allegedly sold the source code
of the program me to an American client of his employer person to which his
employer suffered loss:

(7)State v/s Amit Prasad

State v/s Amit Prasad, was India's first case of hacking registered under
Section 66 of the Information Technology Act 2000. A case with unique facts,
this case demonstrated how the provisions of the Indian Cyber law could be
interpreted in any manner, depending on which side of the offence you were
on.

(8)State of Chhattisgarh v/s Prakash Yadav and Manoj Singhania

this was a case registered on the complaint of State Bank of India Raigarh
branch. Clearly a case of Spyware and Malware, this case demonstrated in
early days how the IT Act could be applicable to constantly different scenarios.

(9)MYSPACE CATCHES A MURDERER 

MySpace has played an important role in helping Oakland police apprehend a
19-year old man accused of shooting a San Leandro High School football
player Greg "Doody" Ballard, Jr. Oakland police had a street name of a suspect
and were able to identify Dwayne Stencil, 19 of Oakland from a picture they
found on a gang's MySpace page. Police brought the suspect to their
headquarters where detectives say he confessed. What was most troubling to
investigators was the lack of motive for the killing.

(10)Three people held guilty in on line credit card scam

Customer’s credit card details were misused through online means for
booking air-tickets. These culprits were caught by the city Cyber Crime
Investigation Cell in pune. It is found that details misused were belonging to
100 people. Mr. Parvesh Chauhan, ICICI Prudential Life Insurance officer had
complained on behalf of one of his customer. In this regard Mr. Sanjeet
Mahavir Singh Lukkad, Dharmendra Bhika Kale and Ahmead Sikandar Shaikh
were arrested. Lukkad being employed at a private institution, Kale was his
friend. Shaiklh was employed in one of the branches of State Bank of India.

According to the information provided by the police, one of the customers

received a SMS based alert for purchasing of the ticket even when the credit
card was being held by him. Customer was alert and came to know something
was fishy; he enquired and came to know about the misuse. He contacted the
Bank in this regards. Police observed involvement of many Banks in this
reference. The tickets were book through online means. Police requested for
the log details and got the information of the Private Institution. Investigation
revealed that the details were obtained from State Bank of India. Shaikh was
working in the credit card department; due to this he had access to credit card
details of some customers. He gave that information to Kale. Kale in return
passed this information to his friend Lukkad. Using the information obtained
from Kale Lukkad booked tickets. He used to sell these tickets to customers
and get money for the same. He had given few tickets to various other
institutions.

Cyber Cell head DCP Sunil Pulhari and PI Mohan Mohadikar A.P.I Kate were
involved in eight days of investigation and finally caught the culprits.

In this regards various Banks have been contacted; also four air-line
industries were contacted.
DCP Sunil Pulhari has requested customers who have fallen in to this trap to
inform police authorities on 2612-4452 or 2612-3346 if they have any
problems.

   
   
   
   
   
References:-

http://www.cyberlawsindia.net/cases.html
http://www.cyberlawindia.com/casestudies.php
http://www.cyberlawsindia.net/
http://www.cyberlawsindia.net/cyber-india.html
http://www.cyberlawindia.com/
http://infosecawareness.in/cyber-laws/cyber-law-in-india
http://dit.mp.gov.in/cyberlawt.htm