Q.

Types of electronic contracts

1. Shrink-wrap contracts

Shrink-wrap contracts are typically licensing agreements for software.

The name derives from the shrink wrap packaging of the CD-ROMs in which software used to
be distributed. In cases when licensing contracts are packaged along with the software, the
contract begins when the user tears open the shrink wrap to use the software.

Licensing agreements these day s are usually not delivered with the packaging and instead show
up before installing the software in question.

Shrink wrap contracts, have a decided advantage over other types of electronic contracts in that
their acceptance can be reversed by returning the product.

2. Clickwrap contracts

Clickwrap contracts refer to those familiar and long blocks of text that nobody reads, detailing
the terms and conditions for using a web-based service, software, etc.

They’re called clickwrap contracts because the user typically has to click a button or check a box
to indicate that they accept the contract.

clickwrap contracts are “less negotiable” than shrink-wrap contracts, i.e., they must be accepted
for the user to proceed to the next web page or gain access to an application, so forth.
Essentially, clickwrap agreements create a scenario in which the user is forced to either take it or
leave it.

This creates a slew of legal problems regarding the enforceability of clickwrap contract.

Specht v. Netscape

Dating back to 2002, this case is seen as the original clickwrap case. Plaintiffs downloaded
Netscape Communicator, which consists of Netscape Navigator and other web software, from
the Netscape website, when they clicked "Yes", indicating assent to the terms of the click-wrap
license agreement for Communicator.

When downloading SmartDownload, there was no click-wrap presentation. After downloading

the software, there was no further information about the plug-in [cookie violating privacy ] or the
existence of license terms. The reference to license terms was only visible if the plaintiffs
scrolled down beyond the Download button.
The SmartDownload license contained a provision requiring disputes related to the agreement to
be submitted to arbitration.

Claims related to SmartDownload are not covered by the license agreement for Netscape
Communicator, despite the fact that SmartDownload is meant to enhance the functioning of
Communicator. This means that when the plaintiffs clicked through Communicator's license
agreement, they were not agreeing to the SmartDownload agreement. Thus on the web page
users visited to download software, Netscape included language “Please review and agree to the
terms” at the bottom of the screen, but users weren’t required to agree to the terms in any other
way.

The court determined that a customer clicking a button didn’t necessarily indicate an agreement
to terms if the customer wasn’t aware of the existence of those terms, and did not enforce
Netscape’s terms.

Nguyen v. Barnes and Noble, Inc

Barnes & Noble included a link to the terms on the bottom left corner of every page on their site.
If a user clicked on the hyperlink to the terms, they would see the language at the very top of the
terms that by visiting or doing anything on the Barnes and Noble site, they have accepted the
Terms of Use.

Unfortunately, Barnes & Noble included the link at the bottom of each webpage and did not
otherwise call the terms out to the user or require them to take an action to explicitly assent to the
terms.

So, the court found that users were not put on reasonable notice.

3. Browse-wrap contracts

Browse-wrap contracts are something you’ve probably seen daily. They refer to pieces of text on
websites that go something like – “By continuing your use of these services, you agree to the
terms and conditions” or “By signing up I agree to the terms of use.”

Essentially, browse-wrap agreements are contracts that you agree to simply by continuing to use
the service or continuing to browse the web page, which is where the term originates.

Additionally, the terms of browse-wrap agreements can be viewed usually through a hyperlink.

Harris v. Blockbuster, Inc.

Blockbuster's user agreement included the following language:

Blockbuster may at any time, and at its sole discretion, modify these Terms and Conditions of
Use, including without limitation the Privacy Policy, with or without notice. Such modifications
will be effective immediately upon posting. You agree to review these Terms and Conditions of
Use periodically and your continued use of this Site following such modifications will indicate
your acceptance of these modified Terms and Conditions of Use. If you do not agree to any
modification these Terms and Conditions of Use, you must immediately stop using the Site.

The court found that this language made for portions of the agreement to be "illusory" because
they really could be changed at any time and with no actual notice and no actual acceptance or
agreement to the change.

This case showed that to really lock a user into the Terms of Service or Privacy Policy you
dictate for your web site or mobile app, you absolutely need to give actual notice that you have
terms, rules and policies and get an actual agreement to them.

Q.3

Elements Of E Contract

1. Offer

Offer is defined under Section 2(a), of the Indian Contract Act, 1872. It states that an offer is an
expression of the willingness of a person to enter into a legally binding contract with another
party. Advertisement on websites is considered to be an invitation to offer until and unless it is
specified clearly. Because offer and invitation to offer are two different concepts. An offer to any
person, is an invitation to it, until intention, is clearly conveyed. When a person responds via an
e-mail or fills in any forms available on the internet, they make an offer for a particular thing.
Now it's in the hand of the seller whether to accept it or reject it either by an express
confirmation or maybe by any conduct. As a result of which, we can say that an invitation to
offer is incapable of turning into a binding contract by accepting its terms and conditions until it
is accepted.

In Kleinwort Benson(parent) vs. Malaysia mining corporation Berhad(subsidiary), when

asked by MMCB to guarantee the debts of a subsidiary company stated that it is their policy to
ensure that their business of the subsidiary company is at all times in a position to meet its
liabilities. It was held that this was not a proposal and the words, it is our policy, merely
expressed an intention to do something but they were not made to get the offeree to assent to
them. Therefore, when the subsidiary was allowed to become insolvent by Kleinwort company,
MMCB could not claim for a breach of a contractual undertaking. The question that arises is, is it
applicable in electronic contracts also? Yes, it is applicable in electronic contracts also.

2. Acceptance

Once an offer is accepted, a contract comes into existence, except the postal acceptance rule
applies. The postal acceptance rule is an exception to the normal rule that acceptance of a
contract must be communicated to the offeror before a contract comes into existence. Under this
rule, acceptance of a contract is said to occur at the time when the acceptance is posted. Hence,
the communication of acceptance is complete, on part of the proposer when it is put in the course
of transmission to him and as on part of the acceptor when it comes to the knowledge of the
proposer that is when the acceptance enters into the designated computer resource. There is no
disparity between Indian and Common law in this regard as seen in Lalman Shukla v. Gauri
Dutt. Here the plaintiff is a munib. The defendant's nephew was absconded and the plaintiff
volunteered his services to search for the missing boy. In this case, wherein spite of the fact that
he found the boy whose uncle had promised to pay Rs. 501 to anyone who finds his nephew. But
the munib was denied the reward seeing that he came to know about the payment only after
finding the boy. Both offer and acceptance can be mainly done via email, website forms, and
online agreements.

3. Revocation Of Offer And Acceptance

The Information Technology Act of 2000 is not a complete one and as a result, the Indian
Contract Act of 1872 is still used for electronic contracts as well. However, both acts still
complete each other.

Section 5 which speaks of revocation will not be relevant as there is no much time in electronic
contracts. The dispatch and receipt of mail happen within few minutes and simultaneously.

In Re London And Northern Bank case we see that an offer to purchase shares was withdrawn
by a letter posted on 26th October and it reached the acceptor (addressee) on the next day at 8:30
a.m. The acceptor actually posted the letter of acceptance of the offer after 8:30 a.m. The offer
was held validly revoked.

4. Lawful Consideration

The Indian Contract Act of 1872 says that for a valid contract, there must be a lawful
consideration. The same applies to e-contracts too. In the present days, once an item has been
supplied and the payment is successfully done, the consideration is executed and the needs are
satisfied. The main problem arises at that time when the consideration is mere executory once.
Like in the case of online shopping sites which promise to supply any product(cash on delivery).
Another problem arises that Contract law can't be applied fully in e-contracts sometimes when an
autonomous computer is used.

Offline purchase: Give product and pay cash

Online purchase: Cash on delivery/ online payment first and then only delivery.

5. Lawful Object

The object which is used for entering into the contract should be a lawful one. Contracts that are
illegal or which violate public policy will not be enforceable by courts. Such types of contracts
are considered to be void. An agreement that calls for, the causing of a crime is illegal and
therefore void.

6. Competent Parties To Contract

It is generally accepted, that natural persons and legal persons both are capable of entering into
contracts. Computers don't come under natural persons, Neither English nor American contract
law, at present, consider them to be legal persons and therefore are not considered to be
competent parties to contracts. As a result, it is the buyer and the seller who are natural persons,
and, are capable of being parties to the contract. The autonomous computer, clearly cannot be a
contractual party to the contract.

7. Free Consent

The consent should be free from fraud, misrepresentation, mistake, etc. However, it becomes a
bit difficult sometimes to determine because the margin that is used to determine the strict rule of
free consent gets narrower.

8. Certainty Of Terms

Keeping a record of the contract as agreed is important and vital too. This leads to difficulty if
there are several email exchanges, each attaching documents intended to form part of the terms
of the contract including counter-offers and negotiations amongst the contracting parties. As
mentioned above, it leads to difficulty in such a case to determine who is the offeror and who has
accepted the offer, which may determine the party's terms and conditions applicable.

Q.5

Scope of cyber law

It has a wide and great scope in the corporate field. Students who are experts in cyber law are in
great demand and are paid handsomely. The rapid growth of the information technology has lead
to a situation where the existing laws are challenged. It deals with computer hackers and people
who introduce viruses to the computer. Cyber Law prevents or reduces the damage from cyber-
criminal activities by protecting information access, privacy, communications, intellectual
property (IP) and freedom of speech related to the use of the Internet, world wide web (www),
email, computers, cell phones, software and hardware, such as data storage devices.

The aims and objectives of the Cyber law are as follows:

 To create more awareness about cyber legal issues and challenges

 To provide advice, inputs as also guidance to people on their day-to-day legal issues
concerning the use of cyberspace
  To work on research and development on cutting-edge issues and challenges in
cyberspace
 To contribute to the global debate on evolving Cyber law jurisprudence
 To coordinate with other concerned stakeholders in the digital environment so as to
contribute to the evolving Cyber law jurisprudence
 To provide legal assistance and advice to people, who have been affected by misuse of
cyberspace and connected services

Need for Cyber Law

In today’s techno-savvy environment, the world is becoming more and more digitally
sophisticated and so are the crimes. Internet was initially developed as a research and
information sharing tool and was in an unregulated manner. As the time passed by it became
more transactional with e-business, e-commerce, e-governance and e-procurement etc. All legal
issues related to internet crime are dealt with through cyber laws. As the number of internet users
is on the rise, the need for cyber laws and their application has also gathered great momentum.

In today’s highly digitalized world, almost everyone is affected by cyber law. For example

 Almost all transactions in shares are in demat form.

 Almost all companies extensively depend upon their computer networks and keep their
valuable data in electronic form.
 Government forms including income tax returns, company law forms etc. are now filled
in electronic form.
 Consumers are increasingly using credit/debit cards for shopping.
 Most people are using email, phones and SMS messages for personal communication.

Even in “non-cyber-crime” cases, important evidence is found in computers/cell phones eg: in

cases of murder, divorce, kidnapping, tax evasion, organized crime, terrorist operations,
counterfeit currency etc.

Cybercrime cases such as online banking frauds, online share trading fraud, source code
theft, credit card fraud, tax evasion, virus attacks, cyber sabotage, phishing attacks, email
hijacking, denial of service, hacking, pornography etc. are becoming common.

Digital signatures and e-contracts are fast replacing conventional method of transacting business.

Technology per se is never a disputed issue but for whom and at what cost has been the issue in
the ambit of governance. The cyber revolution holds the promise of quickly reaching the masses
as opposed to the earlier technologies, which had a trickle-down effect. Such a promise and
potential can only be realized with an appropriate legal regime based on a given socio-economic
matrix.
UNIT 2

Q.2

Asymmetric Encryption

Can only be decrypted using a publicly available key known as the ‘Public Key’ provided by the
sender. The procedure has been under Section 2(1)(f) of the Information Technology Act, 2000.
Under this system, there is a pair of keys, a private key known only to the sender and a public
key known only to the receivers.

The message is encrypted by the private key of the sender, on the contrary, decryption can be
done by anyone who is having the public key. It depicts the authenticity of the sender. It is also
known as the ‘principle of irreversibility’ ie. the public key of the sender is known to many
users, but they do not have access to the private key of the sender which bars them from forging
the digital signature.

What is Symmetric Encryption?

Symmetric encryption is a type of encryption where only one key (a secret key) is used to both
encrypt and decrypt electronic information. The entities communicating via symmetric
encryption must exchange the key so that it can be used in the decryption process. This
encryption method differs from asymmetric encryption where a pair of keys, one public and one
private, is used to encrypt and decrypt messages.

By using symmetric encryption algorithms, data is converted to a form that cannot be understood
by anyone who does not possess the secret key to decrypt it. Once the intended recipient who
possesses the key has the message, the algorithm reverses its action so that the message is
returned to its original and understandable form. The secret key that the sender and recipient both
use could be a specific password/code or it can be random string of letters or numbers that have
been generated by a secure random number generator (RNG). For banking-grade encryption, the
symmetric keys must be created using an RNG that is certified according to industry standards,
such as FIPS 140-2.

There are two types of symmetric encryption algorithms:

Block algorithms: Set lengths of bits are encrypted in blocks of electronic data with the use of a
specific secret key. As the data is being encrypted, the system holds the data in its memory as it
waits for complete blocks.

Stream algorithms: Data is encrypted as it streams instead of being retained in the system’s
memory.

Some examples of symmetric encryption algorithms include:

AES (Advanced Encryption Standard)

DES (Data Encryption Standard)

IDEA (International Data Encryption Algorithm)

Blowfish (Drop-in replacement for DES or IDEA)

RC4 (Rivest Cipher 4)

RC5 (Rivest Cipher 5)

RC6 (Rivest Cipher 6)

AES, DES, IDEA, Blowfish, RC5 and RC6 are block ciphers. RC4 is stream cipher

What is Symmetric Encryption Used For?

While symmetric encryption is an older method of encryption, it is faster and more efficient than
asymmetric encryption, which takes a toll on networks due to performance issues with data size
and heavy CPU use. Due to the better performance and faster speed of symmetric encryption
(compared to asymmetric), symmetric cryptography is typically used for bulk encryption /
encrypting large amounts of data, e.g. for database encryption. In the case of a database, the
secret key might only be available to the database itself to encrypt or decrypt.

Some examples of where symmetric cryptography is used are:

 Payment applications, such as card transactions where PIN needs to be protected to

prevent identity theft or fraudulent charges
 Validations to confirm that the sender of a message is who he claims to be
 Random number generation or hashing

Q.3

Legal recognition of electronic records- Where any law provides that information or any other
matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything
contained in such law, such requirement shall be deemed to have been satisfied if such
information or matter is-

1. Rendered or made available in an electronic form; and

2. Accessible so as to be usable for a subsequent reference.

Sudershan Cargo Pvt. VS. M. Takewake Engineering Pvt. Ltd: Acknowledgement of debt by
e-mail constitutes valid and legal acknowledgement. Acknowledgement though not signed by
addressee would satisfy parameters of section 18 of Limitation Act.
Legal recognition of electronic signature- Where any law provides that information or any
other matter shall be authenticated by affixing the signature or any document shall be signed or
bear the signature of any person, then, notwithstanding, anything contained in such law, such
requirement shall be deemed to have been satisfied, if such information or matter is authenticated
by means of an electronic signature affixed in such manner as may be prescribed by the Central
govt.

Section 6: Use of electronic records and electronic signatures in Govt. and its agencies-

1. Where any law provides for-

 The filling of any form, application, or any other document with any office, authority,
body or agency owned or controlled by the appropriate Govt. in a particular manner;
 The issue or grant of any license, permit, sanction or approval by whatever name called
in a particular manner;
 The receipt or payment of money in a particular manner, then notwithstanding anything
contained in any other law for the first time being in force, such requirement shall be
deemed to have been satisfied if such filing, issue, grant, receipt, or payment, as the case
may be, is effected by means of such electronic form as may be prescribed by the
appropriate government.
2. The appropriate govt. may, for the purposes of sub-section (1), by rules, prescribe-
 The manner and format in which such electronic records shall be filed, created or issued;
 The manner or method of payment of any fee or charges for filing, creation or issue any
electronic record under clause

Section 7: Retention of electronic records- (1) Where any law provides that documents,
records or information shall be retained for any specific period, then, that requirement shall be
deemed to have been satisfied if such documents, records or information are retained in the
electronic form, if-

1. The information contained therein remains accessible so as to be usable for a

subsequent reference;
2. The electronic record is retained is the format in which it was originally generated,
sent or received or in a format which can be demonstrated to represent accurately the
information originally generated, sent or received;
3. The details which will facilitate the identification of the origin, destination, date and
time of dispatch or receipt of such electronic are available in the electronic record;

Provided that this clause does not apply to any information which is automatically generated
solely for the purpose of enabling an electronic record to be dispatched or received. Temporary
storing for dispatch is not covered under this section. Nothing in this section shall apply to any
law that expressly provides for the information for the retention of documents, records or
information in the form of electronic records.
Q.4 UNCITRAL Model Law on electronic signatures 2001

The purpose of UNCITRAL Model Law on Electronic Signatures 2001 provides the following
statement which signifies the importance of electronic signature.

“The increased use of electronic authentication techniques as substitutes for handwritten

signatures and other traditional authentication procedures has suggested the need for a specific
legal framework to reduce uncertainty as to the legal effect that may result from the use of such
modern techniques (which may be referred to generally as “electronic signatures”). The risk that
diverging legislative approaches be taken in various countries with respect to electronic
signatures calls for uniform legislative provisions to establish the basic rules of what is
inherently an international phenomenon, where legal harmony as well as technical
interoperability is a desirable objective.”

General Provisions

Article 2 of the Law provides six definitions, the most important one is of “Data message”. It is
defined as information generated, sent, received, or stored by electronic, optical, or similar
means. This definition has been attributed after taking into consideration the future technological
developments as well, which is the reason for inclusion of the term similar means. This wide
definition includes the notion of a record and even revocation and amendment.

The sphere of application that Article 1 talks about, is for the information in the form of data
messages, in the context of commercial activities. Article 1 talks about application – Information
in form of data messages in the realm of commercial activities.

The Model Laws give the interpretational tools (Article 3) which call for a standard of
international origin and uniformity in application of general principles of law.

(Article 4): There can be variation in the communication of data messages by the agreement of
the parties

Application of legal requirement to data messages

The principle of non-discrimination has been enforced by the means of Article 5 which
specifies that the information communicated via electronic mode, i.e., in the form of data
messages cannot be denied legal validity and effect. Information by the way of reference has also
been given legal validity and thus, the application of this law has been considerably widened.
This is of utmost importance in the context of international law.

The nations required the documents to be in writing and validation was only given to the hand
written signature as a form of authentication. By the means of provisions in Articles 6 & 7, the
Model has done away with both of the above obstacles. Accessibility of data messages does not
require the document to be in writing, and recognition of digital signature marks the approval
of the full structure of the contract. This provision is termed relevant for every circumstance
including a relevant agreement.

The notion of originality is defined in Article 8 which provides that data messages can fulfill the
legal requirement of presentation and retention of information in its original form subject to the
assurance of integrity and presentability of data messages. Presentability meaning the ability to
display the information where required. Article 9 specifies that the data messages cannot be
denied admissibility in the court of law solely on the basis that the information is in the form of a
data message. Thus, evidentiary value has been granted to data messages.

The requirement of retention of information is also met by retention of information in the form of
data messages subject to the accessibility, accuracy and originality of format and identity of
origin. (Article 10).

Communication of data messages

Offer and acceptance of offer, when communicated in the form of data messages, cannot be
denied legal validity and enforceability solely on the grounds that they are in the form of data
messages. Thus, the formation of a valid contract was made possible through the means of data
messages. (Article 11)

Article 12: Acknowledgement in the form of receipt of data messages has also been granted
legal validity.

Article 13: The data message is attributed to the originator if it is sent by him or by a person
authorised by him.

Article 14: provides that the receipt of the data message and its acknowledgement can also be
agreed upon by the parties beforehand.

Article 15: The transaction ensues (occurs) when the information goes out of control of the
sender. The place of dispatch is the place of business and the time is when the acceptance enters
the system of the addressee.

Specific provisions

Articles 16 & 17 talk about carriage of goods and transport documents. They enforce the ability
to achieve carriage of goods by the means of data messages and fulfillment of the requirement of
transport documents through the same as well. It is imperative for the objective of furtherance of
international trade.
Q.5

Concept of Digital Signature

A signature is a symbolic and essential representation of one’s identity. Signature of a person

holds a very significant place in the field of law as well as while carrying out transactions. When
a person signs a particular document, it means that such a person has read the whole document
carefully, has verified the facts and is aware of the contents of the document and therefore is
giving his assent to the best of his knowledge.

Under the contract law also, signature holds a vital position as it is considered as a sign of
acceptance of an offer. The Conventional form of signatures has evolved a lot due to
technological advancement. With the increased usage of online transactions and e-mails, the risk
of the data being hacked has also increased. Hence, the concept of online signatures has become
relatively important.

Features of Digital Signature

1. The authenticity of the sender

The person who receives the electronic message or document is able to realise who is the sender
of the message. The digital signature makes it possible to verify the name of the person signing
the message digitally.

2. The integrity of the message

The receiver of the electronic message is able to determine whether he/she has received the
original document or whether the document has been altered before the receipt or not.

3. Non- Repudiation

The sender of the message cannot refute the contents of the electronic message and cannot deny
that he/she had never sent the message.

DIFFERENCE

Basis Electronic Signature Digital Signature

It has been defined under Section 2(1)

It has been defined under Section 2(1)(p) of the
 Definition (ta) of the Information Technology Act,
Information Technology Act, 2000.
2000.

Technology It is technologically neutral, ie. no It follows a technology-specific approach such

specific technological process is to be as usage of hash functions etc.
followed to create an electronic
 signature.

It uses public key cryptography system to sign

It can be created by using various up for a particular message which requires a
Creation available technologies like attaching a pair of keys ie. a private key for encryption and
picture of your signature. a public key for decryption, computed by using
a hash function.

It can be in the form of a name typed at

It involves the usage of Cryptographic system
the end of an email, a digital version of a
Form of constructing the signature with a two-way
handwritten signature in the form of an
protection system.
attachment, a code or even a fingerprint.

Authenticit It is less authentic as compared to the It has more authenticity as compared to the
y digital signature. electronic signature.

It is verified through the signer’s

Verification It has a certificate-based digital 10 verification.
identity.

Use It is used for verifying a document. It is used as a means for securing a document.

Validity It has no expiration or validity period. It is valid up to a maximum of three years.

Security It is easily vulnerable to tampering. It is more secure and highly reliable.

E-GOVERNANCE

The e in e governance stands for electronic Governance refers to lawful rules for management,
control and administration. E governance is a public sector, use of information and
communication technologies with Aim of:

 Improving information and service delivery

 Encouraging the citizen to participate in decision making process
 Making the government more accountable, transparent and effective.

E governance generally considered as a wider concept than E government, since it bring change
in the way of citizen, relate to government and to each other. E governance can bring the concept
of citizenship. Its objectives is to enable, engage and empower the citizen.

E governance means application of electronic means in the interaction between:

1. Government and citizen

 2. Citizen and government
3. Government and business
4. Business and government
5. Internal government operation

Objectives of E governance:

1. E governance is not only providing information about the various activities and
organisations of the government but it involves citizens to communicate with government
and participate in decisions-making process.
2. Putting government rules and regulations online.
3. Putting information relating to government plans, budget, expenditures and performances
online.
4. Putting online key judicial decision like environment decision etc, which is important for
citizen and create precedence for future actions.
5. Making available contact addresses of local, regional, national and international officials
online.
6. Filing of grievances and receiving feedback from the citizens.
7. Making available the reports of enquiry committees or commission online.

Legal recognition of record (section 4): where any law requires that any information should be
in the typewritten or printed form then such requirement shall be deemed to be satisfied if it is an
electronic form. Therefore, section 4 confers validity on electronic record.

Legal recognition of electronic signatures (section 5): Where any law provides that only
information or other matters shall be authenticated by affixing the signature or any document
shall be signed or bear the signature of any person, then such information or matter is
authenticated by means of electronic signature affixed in such manner as may be prescribed by
the central government.

Use of electronic records and electronic signature in government and it's agencies (section
6): The filling of any form, application or other documents, creation, retention or perseverance of
record, issue or grant of any license or permit or payment in government offices and it's agencies
may be done through the means of electronic form.

Delivery of services by service provider (section 6A): For the purpose of E governance and for
efficient delivery of services to public through electronic means the appropriate government
may, by notification in the official gazette authorize any service provider to set up, maintain and
perform such other services as it may specify.

Retention of electronic records (section 7): The documents, records or information which to be
retained for any specified period shall be deemed to have been retained if the same is retained in
the electronic form provided the following conditions are satisfied:
  The information remains accessible so as to be usable subsequently.
 The electronic records is retained in its original format which accurately represent the
information contained.
 The detail which will facilitate the identification of the origin, destination, dates and time
of receipt of such electronic records are available there in.

Audit of documents etc. Maintained in electronic form (section 7A): where any law for time
being in force contains provision for audit of documents, record or information, then such
provision shall also be applicable for audit of documents, records or information processed and
maintain in electronic records.

Publication of rule, regulation etc in electronic gazette (section 8): Where any law provides
that any rule, regulation, order, bye law, notification or any other matter shall be published in
official gazette, then such requirements shall be deemed to have been satisfied if such rule,
regulation, order, bye law, notification or any other matter is published in official gazette or
electronic gazette.

No right to insist government office etc to interact in electronic form (section 9): No right is
conferred upon any person to insist any ministry or department of central government or state
government or any authority under any law or controlled or funded by central or state
government should accept, issue, create, retain and preserve any documents in the form of
electronic records or effect any monetary transaction in the electronic form.

Power to make rules by central government in respect of electronic signature (section 10):

The central government may prescribe:

 The type of electronic signature.

 The manner and format in which electronic signature should be affixed.
 The manner which facilitates identification of the person affixing the electronic signature.
 Control processes and procedure to ensures adequate integrity, security and confidential
of electronic records or payment.
 Any other matter which is necessary to give legal effect to electronic signatures.

Some E Governance Projects In India:

In India, the main thrust for E governance was provided by the launching of NICNET in 1987-
The National Satellite Based computer Network. This was followed by the launch of district
information system of national informatics Centre Programme to computerize all district offices
to the state government.
Parliament of Indian website: Website of Indian parliament carries information of the
parliament, the constitution of India, various budgets, resume of work, parliamentary debates,
committee and members of the house and links to other central and state government website.

E governance Centre at Haryana secretariat: The Haryana govt has set up E governance
Centre at the secretariat to effectively monitor information technology in the state.

Bhoomi: This project was started by the state of Karnataka which involves computerization of
more than 200 treasuries all over the state and it was mainly for computerization of land record
system.

Certifying Authorities for Cyber Crimes including ESC & DSC

Contents:

1. Introduction

2. Appointment of Controller and other Officers

3. Functions of CCA (Secs. 18-25)

4. Rules regarding issue of License

5. Powers of CCA

6. Duties of Certifying Authority (Secs. 30-34)

7. Electronic Signature Certificates (ESC)

8. Purpose of Digital Signature Certificate

9. Contents of Digital Signature Certificate (Rule 7)

10. Procedures relating to Electronic Signature Certificate (Secs. 35-39)

11. Duties of Subscribers

1. Introduction

Sections 17 to 34 of Chapter VI of the Act provide for the Controller of Certifying Authorities
(CCA) to licence and regulate the working of Certifying Authorities (CAs). CCA also ensures
that none of the provisions of the Act are violated. The regulation of certifying authorities or
electronic signature infrastructure in India consists of:

 Controller of Certifying Authority (CCA). The IT Act, 2000 provides for an appointment,
functions, powers, duties of CCA (the apex regulatory body for certifying authorities in
India) and other officers.
  Certifying Authorities (CAs). A certifying authority is a trusted third party or entity that
will get licence from the controller and will issue electronic signature certificate to the
users of e-commerce. These authorities will function under the supervision and control of
the controller of certifying authorities.

1. Appointment of Controller and Other Officers

Section 17:

- It provides that the Central Government may, by notification in the Official Gazette,
appoint a Controller of Certifying Authorities for the purposes of this Act. It may also be
the same or subsequent notification appoint such number of Deputy Controllers, Assistant
Controllers, other officers and employees as it deems fit. (Appointment)
- The controller has to function under the general control and directions of the Central
Government and the Deputy Controllers and Assistant Controllers have to function under
general superintendence and control of the controller. (Control and function)
- The controller shall have its head office at a place prescribed by the Central Government.
(Place of office)
- There shall be a seal of the office of the controller. (Seal)

2. Functions of CCA (Secs. 18-25)

a) To act as regulator of certifying authorities (Sec. 18). The main functions of the

controller are to regulate the working of certifying authorities. He performs the following
functions in this regard:

i. To exercise supervision over the activities of CAs;

ii. To certify public keys of CAs;

iii. To lay down the standards to be maintained by CAs;

iv. To specify the qualifications and experience for employee of CAs;

v. To specify the conditions for conducting business by CAs;

vi. To specify the terms and manner for maintenance of accounts by CAs;

vii. To specify the terms and conditions for appointment of auditors and their
remuneration;

viii. To facilitate the establishment of any electronic system as well as

regulation of such system;

ix. To specify the manner of conducting dealings by CAs with the

subscribers;
 x. To resolve any conflict of interest between CAs and the subscribers;

xi. To lay down the duties of CAs;

xii. To maintain database for every CA containing their disclosure record as

well as such particulars as may be specified by regulations, which shall be
accessible to public.

b) To recognise the foreign certifying authority (Sec. 19). The controller, with the prior
permission of the Central Government and by notification in the Official Gazette, may
recognise any foreign certifying authority for the purpose of this Act [Sec. 19(1)].The
controller may revoke such recognition by notification in the Official Gazette for reasons
to be recorded in writing [Sec. 19(3)].
c) To grant licence to CAs to issue electronic signature certificate (Sec. 21). The
controller can grant a licence to any person to issue electronic signature certificate
provided he applies and fulfils such requirements with respect to qualification, expertise,
manpower, financial resources and other infrastructure facilities which are necessary for
the issue of Electronic Signature Certificate [Sec. 21(1) and (2)].The controller may after
considering the documents and such other factors, as he deems fit, grant the licence or
reject the application. He may reject only after the applicant has been given a reasonable
opportunity of presenting his case (Sec. 24).
d) To suspend licence (Sec. 25). The controller may suspend licence if he is satisfied after
making an enquiry that CA has:

i. made a statement which is incorrect or false in material particulars

in or relation to the application for the issue or renewal of licence.

ii. failed to comply with terms and conditions necessary for granting
of license.

iii. failed to maintain standards specified in Sec. 30.

iv. contravened any provisions of the Act, rule, regulation or order

made thereunder.

The notice of suspension or revocation may be published in the database maintained by the
controller (Sec. 26).

3. Rules Regarding Issue of Licence

 Application for licence (Rule 8). The following persons may apply for grant of licence
to issue electronic signature certificate :

i. An individual, being a citizen of India and having a capital of 5 crore or

more in his business or profession ;
 ii. A company having:

- paid up capital of not less than 5 crore,

- net worth of not less than 50 crore
- Not eligible: NRI/ Foreign investors: equity share capital exceeding 49% of capital.

iii. A firm having capital subscribed by all partners of not less than ` 5 crore
and net worth of not less than ` 50 crore ; However, the firm, in which the
capital held in aggregate by any non-resident Indian and foreign national,
exceeds 49% of its capital, shall not be eligible for grant of licence ;

iv. Central Government or a State Government or any of the Ministries or

Departments, Agencies or Authorities of such Governments.

 Submission of application (Sec. 22 and Rule 10). Every application for the issue of a
licence shall be in such form as may be prescribed by the Central Government and shall
be accompanied by :

v. A Certificate Practice Statement (CPS) ;

vi. A statement including the procedures with respect to identification of the

applicant ;

vii. Payment of non-refundable fee of ` 25,000 ;

viii. Such other documents as may be prescribed by the Central Government.

 Validity of licence (Rule 13). A licence shall be valid for a period of 5 years from the
date of its issue and the licence shall be non-transferable or non-heritable.
 Issuance of licence (Sec. 24 and Rule 16)Note. For details refer point 3 of para 8.3.
 Renewal of licence (Sec. 23 and Rule 15). An application for renewal of a licence shall
be

ix. in such form as prescribed by the Central Government

x. accompanied by payment of non-refundable fee of ` 25,000 and

xi. made not less than 45 days before the date of expiry of the period of
validity of licence.

 Suspension of licence (Sec. 25 and Rule 14)Note. For details refer point 4 of para 8.3
No Certifying Authority whose licence has been suspended shall issue any electronic
signature certificate during such suspension [Sec. 25(3)].

4. Powers of CCA
The Act has conferred the following powers upon the controller of certifying authorities :

a) Power to authorise in writing, the deputy or the assistant controller or any officer to
exercise any of his powers (Sec. 27).
b) Power to investigate any contravention of the Act or rules or regulations made
thereunder. [Sec. 28(1)].
c) Power to direct a certifying authority or any employee of such authority to take such
measures or to cease to carry on such activities if these are necessary to ensure
compliance with the provisions of the Act, rules or any regulations made thereunder [Sec.
68(1)].
d) Power to direct any agency of the government to intercept any information transmitted
through any computer resource if it is necessary in the interest of the sovereignty or
integrity of India, security of state, friendly relations with foreign state etc. [Sec. 69(1)].
e) Power to issue directions for blocking the public access of any information through any
computer resource in the circumstances given under point No. 4 (Sec. 69A).
f) Power to authorize to monitor and collect traffic data or information through any
computer resource for cyber security (Sec. 69B).
g) Power to make regulations for carrying out the purposes of this Act after consultation
with the cyber regulatory advisory committee and previous approval of Central
Government. The regulations may pertain to the following :

i. Particulars regarding maintenance of database containing disclosure of

record of every CA [Sec. 18(n)]

ii. Conditions and recognition of Foreign Certifying Authority [Sec. 19(1)].

iii. Terms and conditions for grant of licence to CA [Sec. 21(3)].

iv. Standards to be observed by CA [Sec. 30(d)]

h) Power to exercise himself or through an authorized officer the following powers which
are conferred on Income Tax Authorities under Chapter XIII of the Income Tax Act,
1961 :

v. Power to inspect, enforce attendance of any person and examine him on

oath,

vi. Power to conduct search and seizure,

vii. Power to requisite books of account,

viii. Power to call for information,

ix. Power to inspect and take copies of register of members or debenture

holders,
 x. Power to make inquiries.

5. Duties of Certifying Authority (Secs. 30 – 34)

 To follow certain procedures regarding security system (Sec. 30). The Act has
laid down certain procedures relating to security system to be followed by the
certifying authority in the performance of its services. It must :

i. make use of hardware, software, and procedures that are secure from
intrusion and misuse ;

ii. provide a reasonable level of reliable services ;

iii. adhere to security procedures to ensure the secrecy and privacy of

electronic signatures ;

iv. be the repository (place of storing) of all Electronic Signature Certificates

v. publish information regarding its practices, Electronic Signature

Certificates and current status of such certificates ; and

vi. observe the specified standards.

The above stated security procedures must ensure the achievement of 4 objectives of a security
system:

Confidentiality, accessibility of information, consistency of information and authorized use of

resources.

 To ensure compliance of the Act (Sec. 31). The certifying authority must ensure
that every person employed or engaged by it complies with the provisions of the
Act, rules, regulations or order, made thereunder.

 To display its licence (Sec. 32). The certifying authority must display its licence
at a conspicuous place in the premises in which it carries on its business.

 To surrender its licence (Sec. 33). The certifying authority must surrender its
licence to the controller on its suspension or revocation.

 To make certain disclosures (Sec. 34). The certifying authority is required to

make the following disclosures :

i. Disclosure of Electronic Signature Certificate ;

ii. Disclosure of Certification Practice Statement (CPS) ;“Certificate

Practice Statement” means a statement issued by a certifying authority to
 specify the practices that the certifying authority employs in issuing
electronic signature certificates [Sec. 2(1)(k)]
It also outlines the CA’s policies, practices and procedures for verifying
keys and suspension, revocation and renewal of electronic signature
certificates.

iii. Disclosure of notice of revocation and suspension of Certificates of

Certifying Authority ;

iv. Disclosure of facts materially and adversely affecting the reliability of

electronic signature certificate ;

v. Disclosure of adverse effects to affected person [Sec. 34(2)]. The authority

is bound to disclose to affected person about any event which may
materially and adversely affect the integrity of the computer system or the
conditions under which electronic signature certificate was granted. The
certifying authority is required to act in accordance with the procedure
specified in its CPS to deal with such event or situation.

6. Electronic Signature Certificates

According to Sec. 2(1)(tb) ‘Electronic Signature Certificate’ means “an electronic signature
certificate issued under section 35 and includes Digital Signature Certificate.” Digital Signature
Certificates are the electronic equivalent of physical or paper certificates (e.g., drivers’ licence,
passport, membership card etc.). There are basically 3 types of digital signature certificates :
Class I, Class II and Class III and each having different level of security.

7. Purpose of Digital Signature Certificate

A digital signature is deemed to be one of the strongest tools for cyber security. It serves the
following purposes:

 It verifies the authenticity of the originator after any electronic message has been
created.

 A digital message cannot be modified, altered or tempered with and any change to
the content will render the signature invalid. Hence, it ensures integrity and
confidentiality of the content.

 Digital Signature Certificates are legally admissible in a court of law as per the
provisions of the IT Act and hence it serves as an evidence under the law and
signor cannot repudiate his act subsequently.

8. Contents of Digital Signature Certificate (Rule 7)

A digital signature certificate includes the following:

 Owner’s name, organisation and location ;

 Issuer’s name, organisation and location ;

 Date of issue and period of validity ;

 Serial number of the certificate ;

 Signature algorithm identifier which identifies the algorithm used by CA to

sign DSC ;

 Public key of the owner ;

 Date of expiry ;

 The issuer’s public key and the digital signature.

9. Procedures Relating to Digital Signature Certificate (Secs. 35 – 39)

 Issue of digital signature certificate

i. Making of application. To obtain an electronic signature

certificate, an application in the prescribed form shall be made to
the certifying authority. The application shall be accompanied :

a. by such fees not exceeding ` 25,000 as may be prescribed

by the Central Government. However, the Central
Government may prescribe different fees for different
classes of applicants.

b. by a ‘Certification Practice Statement’ or where there is no

such statement, a statement containing such particulars, as
may be specified by regulations.

ii. Grant of certificate. The certificate shall be granted only after the

authority is satisfied about the information furnished by the
applicant. According to section 36 of the Act, a certifying authority
has to make a declaration while issuing the DSC that it has
complied with the provisions of the Act and that it has fulfilled all
other obligations relating to the security of public and private keys
of the subscribers.
The subscriber has to convey his acceptance of the digital signature
certificate and its conditions in order to make it valid. A digital
 signature certificate is normally granted for 1 or 2 years, after
which it can be renewed.

iii. Rejection of application. The certifying authority may reject the

application for reasons to be recorded in writing. However, no
application shall be rejected unless the applicant has been given a
reasonable opportunity of showing cause against the proposed
rejection.

 Suspension of Digital Signature Certificate (Sec. 37). The certifying authority which

has issued a digital signature certificate may suspend such DSC in the following
circumstances :

iv. On the request of a subscriber or the person duly authorized by

him. [Sec. 37(1)]

v. In public interest, if the certifying authority has formed such

opinion.
However, such suspension cannot exceed a period of 15
days unless the subscriber has been given an opportunity of being
heard [Sec. 37(2)]. Further, the Certifying Authority shall
communicate the suspension to the subscriber [Sec. 37(3)].

 Revocation of Digital Signature Certificate (Sec. 38). A certifying authority can revoke
a DSC under any of the following circumstances :

vi. On the request of the subscriber or any other person authorized by

him.

vii. On the death of the subscriber.

viii. On the dissolution of the firm or winding up of company where

subscriber is a firm or a company.

ix. If Certifying Authority is of the opinion that :

a. a material fact represented in the DSC is false or has been

concealed.

b. a requirement for the issuance of the DSC was not satisfied.

c. the CA’s private key or security system was compromised

in a manner materially affecting the DSC’s reliability.
 d. the subscriber has been declared insolvent or dead or where
a subscriber is a firm or a company, which has been
dissolved, wound up or ceased to exist.

A DSC shall not be revoked unless the subscriber has been given an opportunity of being heard
in the matter [Sec. 38(1)]. Further, on revocation of a DSC under this section, the authority shall
communicate the same to the subscriber [Sec. 38(2)].

Notice of suspension or revocation (Sec. 39)

Where a DSC is suspended or revoked u/s 37 or u/s 38, the CA shall publish a notice of such
suspension or revocation in the repository specified in the DSC for publication of such notice
[Sec. 39(1)]. Further, where one or more repositories are specified, the CA shall publish notices
of such suspension or revocation in all such repositories.

Duties of Subscribers
Definition.
According to Sec. 2(1)(zg), “Subscriber” means a person in whose name the electronic signature
certificate is issued.

Sections 41 to 43 of Chapter VIII of Information Technology Act prescribe the following duties
of subscribers who have obtained the Digital Signature Certificate from some certifying
authority:

 Generating Key Pair (Sec. 40). Where any DSC has been accepted by the subscriber, he
has a duty to generate the key pair consisting of public key to which private key of the
subscriber corresponds and which is to be listed in the digital signature certificate by
applying the security procedure prescribed under Section 16.
 Duty of subscriber of Electronic Signature Certificate (Sec. 40A). In respect of
Electronic Signature Certificate the subscriber shall perform such duties as may be
prescribed [Inserted vide ITAA, 2008].
 Acceptance of Digital Signature Certificate (Sec. 41). Acceptance of digital certificate
entitles him to the rights under it as well as imposes some obligations upon him. Sub-
sections 1 and 2 of Section 41 provide the following provisions relating to acceptance of
certificate by the subscriber :

A subscriber shall be deemed to have accepted a DSC if he publishes or authorizes the

publication of Digital Signature Certificate:

 to one or more persons ;

 in a repository, or otherwise demonstrates his approval of DSC in any manner.
Acceptance of DSC amounts to certification by the subscriber to all who rely on the information
contained there-in that :

 the subscriber holds and is entitled to hold the private key corresponding to the public
key listed in the DSC.
 all representations made by the subscriber to the CA and all information contained in the
DSC are true.
 all information contained in the DSC that is within the knowledge of the subscriber is
true.

Control of Private Key (Sec. 42). 

Sub-sections (1) and (2) of Section 42 lay down the following duties of the subscriber relating to
the control of private key :

 Duty to exercise reasonable care to retain control of the private key corresponding to the
public key listed in the DSC.
 Duty to take all steps to prevent disclosure of private key.
 If the private key has been compromised (lost), duty to communicate the same to the
certifying authority without any delay.
 In case of compromise of private key till such information is given to the certifying
authority, the subscriber shall continue to be liable [Explanation to Sec. 42(2)].

Domain Name Disputes and Cybersquatting in India – Part I

INTRODUCTION

The internet has brought a massive revolution in the 19th century which can be equated with the
industrial revolution. The internet was launched for the purpose of communication between the
masses but within the few years only, it became one of the most important tools for the
communication for business transactions, governmental policies and social interaction. It has
provided the opportunities for the millions of people and brought liabilities in the field of
intellectual property, data privacy, etc.

The challenges that the law has faced in recent years is, how to foster the development of
intellectual property on the Internet while preventing its unauthorized use. We have addresses
for our homes and offices. In the same way, domain names are nothing but simple forms of
addresses on the internet. These addresses enable the users to locate websites on the net in
an easy manner. Domain name corresponds to various IP (Internet Protocol) numbers which
connect various computers and enable direct network routing system to direct data requests to
the correct addressee.

Cybersquatting and Domain Name Disputes, both are covered under Trademark Law. There are
so many instances of abusive domain name registration and infringement of trademarks on the
internet that law of trademark has extended its purview to domain names as well. Most of the
domain name disputes and cybersquatting cases are dealt under the passing off when there are
no specific provisions on the issue.

CYBERSQUATTING

Cybersquatting is a type of domain name dispute which is prevalent in the world. It is a practice
where individuals buy domain names reflecting the names of an existing companies, with a sole
intention to sell the names back to that company to attain profit when they want to set up their
own website.

There are various types of cybersquatting. Most commonly used is the typo squatting where a
cyber-squatter registers domain names containing variant of popular trademarks. Typo
squatters believe that the internet user will make the typographical errors while entering the
domain names into their web browsers.

Some common examples of typo squatting includes:

 The omission of the "." in the domain name: wwwexample.com;

 A common misspelling of the intended site: exemple.com
 A differently phrased domain name: examples.com
 A different top level domain:example.org

DOMAIN NAME

Internet domain name is a combination of typographic characters used to describe the location
of a specific location online. It is known as the Uniform Resource Locator or URL. It is
considered the identity of a Web site. The Internet domain name is very important for the small
businesses who want to establish their name on internet. The two organizations cannot have
same domain names.1 Example – www.google.com ; www.yahoo.com, etc.
  'WWW' means that site is linked to World Wide Web.
 'google' is the name you choose to your site, and ideally is readily identifiable with your
organization name or core business.
 '.com' is known as top-level domain name and it indicates that your organization name or
core business.
 Sometimes '.in' is being used in place of '.com' that means that company is registered in

India (For eg – ebay.in, olx.in, airtel.in, etc.)

In the above example only google.com is being used shows search results from Global servers,
Google.co.in is more targeted to local Indian Market. You will always see difference in search
results for both cases on Google.co.in you will get results of more India related sites, who
primary operate in or for India specific.

The last two or three letters of a domain nameor URL (e.g.- .com, .in, .org ) are known as its
top-level domain. The top-level domain which are used earlier are for Example '.org' generally
describes a nonprofit, charity, or cultural organization site; '.gov' indicates a governmental site;
and .net, which is most often used by network-related businesses. Some other common top-
level domains are country codes, like .us for United States and .au for Australia, etc.

Domain name registration system2 started on the basis of the "First come First serve" basis. The
registrant authority which was initially the "Internic" did not take the responsibility for checking
the ownership of the name. Later when the internet became popular, large popular companies
wanted to enter the internet with their own websites and often found that the domain name they
were seeking had already been booked. So companies which wanted the same domain name
had to pay a price, which were sometimes unimaginable. This increasing cost of buying back of
domains resulted in 'Meta society' trade mark owners coming together and claiming that their
intellectual property rights on a registered trade mark should be extended to "domain name".
This has resulted in considering "Registration of Domain Names without the intention of using
them" as cybersquatting.

TYPES OF DOMAIN NAME

1. Top-Level Domains(TLDs) – They appear in domain names as the string of letters

following the last (rightmost) ".", such as "net" in "www.example.net".Most commonly
used TLDs are .com, .net, .edu, .jp, .de, etc. Further, TLDs are classified into two broad
categories: generic top-level domains (gTLDs) and country-code top-level domains
(ccTLDs).
2. Generic Top-Level Domain (gTLDs)– It is a generic top-level domain name that identifies
the domain class it is associated with (.com, .org, .edu, etc).
3. Country Code Top-Level Domain (ccTLD)– It is a two-letter domain extension, such
as .uk or .fr, assigned to a country, geographic location or territory.
4. nTLDs– It refers to new top-level domain names that are geared towards brands
organizations and services, as they're more customized, flexible and relevant. Some of
the Examples of nTLDs include ".voyage", ".app", ".ninja", ".cool", etc.

RELATION BETWEEN DOMAIN NAME AND TRADEMARK

In today's world Domain name serves as an on-line trademark. It also indicates quality and a
repository of the goodwill of an organization. Alphabetical domain names were developed to
make the addresses easier for humans to remember and use when communicating on the
Internet. Such names are catchy words or well-known names of individuals or companies, for
example, "nokia.com" or "samsung.com".

A Domain name serves the same purpose online, which a trademark serves in the offline
business transactions. It helps the customers identify the source of goods/services provided by
the owner of such goods and services. Therefore, Domain names are of utmost importance in
online businesses. They are important because of the following reasons:

 Promotion of business and building up of customer base online and offline by way of
advertising on the web.
 Establishment of the credibility of the website and the business on the internet.
 Easy access to customers and prospective customers.

The existence of domain names without the requirement of the registration brought the concept
of "first come, first served". This has created the disputes among the owners of the trademark
because many speculators have started to register domain names in order to resell them for a
higher price to the trademark owners. The problem arose with the trademark owners because of
their entitlement to IP rights make them feel ripped off by this new practice named as
"cybersquatting".3 Thus, anyone who wishes to register a domain for the first time which is
trademarked can do so; whatever problems may arise will have to be faced later.4

The reason of the increase in the incidence is the growing importance of domain name in the e-
commerce trend. Domain name hold a good importance as there can be only one user of a
domain name unlike the trademark law where there can be two or more users of a same or
similar trademark for various classes of goods and services under the honest concurrent use if
such use does not amount to infringement or causing confusion or dilution. But this kind of
provision is not applicable in the case of domain names. Since, the domain registration system
follows the "first come, first served" policy. So, once a person registers a domain name similar
to a trademark, any other person using a similar mark is denied registration of another domain
name similar to that trademark. That means only one user is allowed to use a particular domain
name and any other application for the same domain name will be refused. This is the main
reason as to why trademark owners prefer to get their trademarks registered as their domain
names for business.

The cases of trademarks and domain names conflict mainly involve issues related to the use of
goodwill of a trademark by an infringer in the domain name to divert the potential customers of
the owner of the trademark to a website not associated with that trademark, or use of meta-tags
resulting in dilution of trademark or unauthorized registration of the trademark as domain name
with the intent to extort money or to prevent the owner from using the trademark.

The Cyber squatters quickly sell the domain names to other non-related entities, thereby
enabling passing off5 and diluting of famous trademark or trade names.6

Punishments for cyber crimes in IPC

Introduction

The advent of the computer is one of such remarkable innovations because it has determined the
living culture of today’s humans. The individuals from every age group and the organization’s
functioning in any kind of industry have become users of computers. Rather than giving a narrow
definition to the term ‘computer’, Section 2(I)(i) the IT Act, 2000 was drafted in such a manner
to include all the kinds of processing devices, computer networks, storage, and software. It
includes mobiles, smart devices, cameras, e-readers, etc. This technology has become the soul
and essence of many activities happening in the world.

Though the invention of the computer has numerous benefits like data storage, transfer of
information, and effectively contributed to making human life easier, there are negative facets
involved with the same device which affect life miserably. Herein, the attention must be drawn
to the fact that negative facets are the results of the misuse by very limited people and have
nothing to do with the invention itself. The possibility of misuse imbibed with the computer has
taken various shapes and some of such activities that are criminal in nature are recognized as
‘cybercrimes’. This kind of crime has become a major area of concern across all the countries in
the world, especially India. This is because of the government’s active drive to achieve digital
emancipation in a country where digital unawareness and low literacy are known to exist. This
contrast between the state’s aim and present circumstances is directly creating opportunities for
cybercriminals. In light of the aforementioned significance, this article deals with the
punishments available in the Indian Penal Code, 1860 for various cyber crimes apart from what
was mentioned in the IT Act, 2000.

Meaning and history of cyber crimes

The term cybercrime was used for the first time in 1995 by Sussman and Heuston who were
renowned legal scholars. The term cybercrime was seen as a collection of conducts and acts
rather than a single notion. These conduct usually involve manipulation or infiltration into data
or computer systems which amounts to illegal activities. It is also familiar as e-crime, technology
crime, information related crime, etc. As the manipulation of computers usually happens through
computer networks i.e internet, the term ‘cybercrimes’ has evolved from ‘cyberspace’ which
denotes the internet. But cyberspace is not the only platform for the commission of cybercrime
but they have even been committed offline i.e software attacks etc. The strange element of
cybercrimes, when compared to general crimes, is that the perpetrator and the victim might never
have direct contact with each other. The victim for cybercrime might be chosen by the
perpetrator by considering certain factors like digital vulnerability, illiteracy, personal agenda,
etc. A cybercrime would affect the physical or economic sovereignty, data privacy, social
relations, etc of the individuals. For achieving these purposes, the cyber attackers usually choose
countries in which the laws and the technology are not developed to an extent that provide
mechanisms to catch and punish the perpetrators. As far as India is concerned, the IT Act, 2000
extensively deals with numerous cybercrimes and their punishments. Along with this, the Indian
Penal Code, 1860 also contains certain provisions which concern themselves with a number of
cybercrimes.

As far as the history of cybercrime is concerned, the first cybercrime was committed within the
year of computer invention by Charles Babbage i.e 1820. In that year, Joseph- Marie Jacquard,
who was a renowned textile manufacturer in France created a loom in order to repeat the activity
of weaving. As the labourers who worked in the factory and did the same activity manually
became concerned about the loom as it has threatened the existence of their jobs directly, they
sabotaged the loom thus committing a cybercrime. Though this is a raw form of cybercrime, the
mechanisms to commit a cybercrime have evolved to a dangerous extent in the last two
centuries.

Cyber crimes with IPC implications

Apart from punishments in IT Act, 2000, there are certain crimes that are attracted by IPC
provisions as well. The following is the enumeration of the IPC provisions along with various
cyber crimes that are attracted by respective Sections and the punishment for the same.

Section 292 of IPC: Although this Section was drafted to deal with the sale of obscene material,
it has evolved in the current digital era to be concerned with various cybercrimes. The
publication and transmission of obscene material or sexually explicit act or exploit acts
containing children, etc which are in electronic form are also governed by this section. Though
the crimes mentioned above seem to be alike, they are recognized as different crimes by the IT
Act and IPC. The punishment imposed upon the commission of such acts is imprisonment and
fine up to 2 years and Rs. 2000. If any of the aforementioned crimes are committed for the
second time, the imprisonment could be up to 5 years and the fine could be imposed up to Rs.
5000.

Section 354C of IPC: The cybercrime dealt with under this provision is capturing or publication
of a picture of private parts or acts of a woman without such person’s consent. This section
exclusively deals with the crime of ‘voyeurism’ which also recognizes watching such acts of a
woman as a crime. If the essentials of this Section (such as gender) are not satisfied, Section 292
of IPC and Section 66E of IT Act, 2000 is broad enough to take the offenses of a similar kind
into consideration. The punishment includes 1 to 3 years of imprisonment for first-time offenders
and 3 to 7 years for second-time offenders.

Section 354D of IPC: This section describes and punishes ‘stalking’ including both physical and
cyberstalking. If the woman is being monitored through electronic communication, internet, or
email or is being bothered by a person to interact or contact despite her disinterest, it amounts to
cyber-stalking. The latter part of the Section states the punishment for this offense as
imprisonment extending up to 3 years for the first time and 5 years for the second time along
with a fine imposed in both the instances. In the case of Kalandi Charan Lenka v. The State of
Odisha (also State of Tamil Nadu v. Suhas Katti) , the victim received certain obscene messages
from an unknown number which are damaging her character. Moreover, emails were sent and the
fake Facebook account was created by the accused which contained morphed pictures of the
victim. Hence, the accused was found prima facie guilty for cyberstalking by the High Court
under various provisions of IT Act and Section 354D of IPC

Section 379 of IPC: If a mobile phone, the data from that mobile or the computer hardware is
stolen, Section 379 comes into the picture and the punishment for such crime can go up to 3
years of imprisonment or fine or both. But the attention must be given to the fact that these
provisions cannot be applied in case the special law i.e IT Act, 2000 provisions are attracted. In
this regard, in the case of Gagan Harsh Sharma v. The State of Maharashtra, one of the
employers found that the software and data were stolen and someone has breached the computers
and gave access to sensitive information to the employees. The employer gave information to the
police and they filed a case under Section 379, 408, and Section 420 of IPC and various other IT
Act provisions. The question in front of the court is whether the police can file a case under IPC
or not. The court decided that the case cannot be filed based on the IPC provisions as the IT Act
has an overriding effect.

Section 411 of IPC: This deals with a crime that follows the offenses committed and punished
under Section 379. If anyone receives a stolen mobile phone, computer, or data from the same,
they will be punished in accordance with Section 411 of IPC. It is not necessary that the thief
must possess the material. Even if it is held by a third party knowing it to be others, this
provision will be attracted. The punishment can be imposed in the form of imprisonment which
can be extended up to 3 years or fine or both.

Section 419 and Section 420 of IPC: These are related provisions as they deal with frauds. The
crimes of password theft for the purpose of meeting fraudulent objectives or the creation of
bogus websites and commission of cyber frauds are certain crimes that are extensively dealt with
by these two sections of IPC. On the other hand, email phishing by assuming someone’s identity
demanding password is exclusively concerned with Section 419 of IPC. The punishments under
these provisions are different based upon the gravity of the committed cybercrime. Section 419
carries a punishment up to 3 years of imprisonment or fine and Section 420 carries up to 7 years
of imprisonment or fine.

Section 465 of IPC: In the usual scenario, the punishment for forgery is dealt with in this
provision. In cyberspace, the offenses like email spoofing and preparation of false documents are
dealt with and punished under this Section which imbibes the imprisonment reaching up to 2
years or fine or both. In the case of Anil Kumar Srivastava v. Addl Director, MHFW, the
petitioner electronically forged signature of AD and later filed a case making false allegations
about the same person. The Court held that the petitioner was liable under Section 465 as well as
under Section 471 of IPC as the petitioner also tried to use it as a genuine document.
Section 468 of IPC: If the offenses of email spoofing or the online forgery are committed for the
purpose of committing other serious offenses i.e cheating, Section 468 comes into the picture
which contains the punishment of seven years of imprisonment or fine or both.

Section 469 of IPC: If the forgery is committed by anyone solely for the purpose of disreputing
a particular person or knowing that such forgery harms the reputation of a person, either in the
form of a physical document or through online, electronic forms, he/she can be imposed with the
imprisonment up to three years as well as fine.

Section 500 of IPC: This provision penalizes the defamation of any person. With respect to
cybercrimes, sending any kind of defamatory content or abusive messages through email will be
attracted by Section 500 of IPC. The imprisonment carried with this Section extends up to 2
years along with fine.

Section 504 of IPC: If anyone threatens, insults, or tries to provoke another person with the
intention of effecting peace through email or any other electronic form, it amounts to an offense
under Section 504 of IPC. The punishment for this offense extends up to 2 years of
imprisonment or fine or both.

Section 506 of IPC: If a person tries to criminally intimidate another person either physically or
through electronic means with respect to the life of a person, property destruction through fire or
chastity of a woman, it will amount to an offense under Section 506 of IPC and punishment of
imprisonment where the maximum period is extended up to seven years or fine or both.

Section 509 of IPC: This Section deals with the offense of uttering a word, showing a gesture,
and committing an act that has the potential to harm the modesty of a woman. It also includes the
sounds made and the acts committed infringing the privacy of a woman. If this offense is
committed either physically or through electronic modes, Section 509 gets attracted and the
punishment would be imprisonment of a maximum period of one year or fine or both.

Conclusion

As we already know for a fact that the IT Act, 2000 has an overriding effect over the IPC
provisions while governing the cybercrimes, there are a lot of instances where IPC provisions are
applied based on the subjective circumstances of every case. Though some people feel that IPC
should not have a realm to govern cybercrimes, there are numerous cybercrimes that are not
extensively dealt by the IT Act, 2000. Hence, after the due amendments are made to the IT Act
which contains with respect to every cybercrime, then the IPC can be withdrawn from governing
in the domain of cybercrimes.
 Section 46 of Information Technology Act, 2000

Power to adjudicate

(1) For the purpose of adjudging under this Chapter whether any person has committed a
contravention of any of the provisions of this Act or of any rule, regulation, 51 [direction or
order made thereunder which renders him liable to pay penalty or compensation] the Central
Government shall, subject to the provisions of sub-section (3), appoint any officer not below the
rank of a Director to the Government of India or an equivalent officer of a State Government to
be an adjudicating officer for holding an inquiry in the manner prescribed by the Central
Government.

52 [(1A) The adjudicating officer appointed under sub-section (1) shall exercise jurisdiction to
adjudicate matters in which the claim for injury or damage does not exceed rupees five crore:
Provided that the jurisdiction in respect of the claim for injury or damage exceeding rupees five
crore shall vest with the competent court.]

(2) The adjudicating officer shall, after giving the person referred to in sub- section (1) a
reasonable opportunity for making representation in the matter and if, on such inquiry, he is
satisfied that the person has committed the contravention, he may impose such penalty or award
such compensation as he thinks fit in accordance with the provisions of that section.

(3) No person shall be appointed as an adjudicating officer unless he possesses such experience
in the field of Information Technology and legal or judicial experience as may be prescribed by
the Central Government.

(4) Where more than one adjudicating officers are appointed, the Central Government shall
specify by order the matters and places with respect to which such officers shall exercise their
jurisdiction.

(5) Every adjudicating officer shall have the powers of a civil court which are conferred on the
Cyber Appellate Tribunal under sub-section (2) of section 58, and-

(a) all proceedings before it shall be deemed to be judicial proceedings within the meaning of
sections 193 and 228 of the Indian Penal Code (45 of 1860);

(b) shall be deemed to be a civil court for the purposes of sections 345 and 346 of the Code of
Criminal Procedure, 1973 (2 of 1974);

53 [(c) shall be deemed to be a civil court for purposes of Order XXI of the Civil Procedure
Code, 1908 (5 of 1908).]
 Cyber Appellate Tribunal: Section 62
Cyber Appellate Tribunal has been established under the Information Technology Act under the
aegis of Controller of Certifying Authorities (C.C.A.).

The first and the only Cyber Appellate Tribunal in the country has been established by the
Central Government in accordance with the provisions contained under Section 48(1) of the
Information Technology Act, 2000.

The Cyber Appellate Tribunal has, for the purposes of discharging its functions under the I.T.
Act, the same powers as are vested in a civil court under the Code of Civil Procedure, 1908.
However, the procedure laid down by the Code of Civil Procedure, 1908 applies but at the same
time the Tribunal is guided by the principles of natural justice.

Initially the Tribunal consisted of only one person who was referred to as the Presiding Officer
who was to be appointed by way of notification by the Central Government. Thereafter the Act
was amended in the year 2008 by which section 49 which provides for the composition of the
Cyber Appellate Tribunal has been changed. As per the amended section the Tribunal shall
consist of a Chairperson and such number of other Members as the Central Government may by
notification in the Official Gazette appoint. The selection of the Chairperson and Members of the
Tribunal is made by the Central Government in consultation with the Chief Justice of India. The
Presiding Officer of the Tribunal is now known as the Chairperson.

Any person aggrieved by an order made by the Controller or by an Adjudicating Officer

appointed under the Information Technology Act, 2000 can prefer an appeal before the Tribunal
within 45 days of receiving a copy of the order of the Controller or the Adjudicating Officer.

The Central Government may by notification in the Official Gazette appoint a Controller of
Certifying Authorities, and also Deputy and Assistant Controllers whose qualifications,
experience and terms and conditions of service may be prescribed by the Government, for
discharging the functions provided under section 18 of The Act. The Act empowers the Central
Government to appoint an officer not below the rank of a Director to the Government of India or
an equivalent officer of a State Government to be an adjudicating officer to hold an enquiry as
to whether any person has contravened any provisions of the Act or any rule, regulation or
direction or order made there under which renders him liable to pay penalty or compensation.
The adjudicating officer appointed under the Act can exercise jurisdiction to adjudicate matters
in which the claim for injury or damages does not exceed rupees 5 crore. In respect of claim for
injury or damage exceeding rupees five crores, the jurisdiction shall vest with the competent
court.
 Cryptography and its Types
Cryptography is technique of securing information and communications through use of codes so
that only those person for whom the information is intended can understand it and process it.
Thus preventing unauthorized access to information. The prefix “crypt” means “hidden” and
suffix graphy means “writing”.

In Cryptography the techniques which are used to protect information are obtained from
mathematical concepts and a set of rule based calculations known as algorithms to convert
messages in ways that make it hard to decode it. These algorithms are used for cryptographic key
generation, digital signing, verification to protect data privacy, web browsing on internet and to
protect confidential transactions such as credit card and debit card transactions.

Techniques used For Cryptography:

In today’s age of computers cryptography is often associated with the process where an ordinary
plain text is converted to cipher text which is the text made such that intended receiver of the text
can only decode it and hence this process is known as encryption. The process of conversion of
cipher text to plain text this is known as decryption.

Features Of Cryptography are as follows:

1. Confidentiality:
Information can only be accessed by the person for whom it is intended and no other
person except him can access it.

2. Integrity:
Information cannot be modified in storage or transition between sender and intended
receiver without any addition to information being detected.

3. Non-repudiation:
The creator/sender of information cannot deny his or her intention to send information at
later stage.

4. Authentication:
The identities of sender and receiver are confirmed. As well as destination/origin of
information is confirmed.

Types Of Cryptography:
In general there are three types Of cryptography:

1. Symmetric Key Cryptography:

It is an encryption system where the sender and receiver of message use a single common
key to encrypt and decrypt messages. Symmetric Key Systems are faster and simpler but
the problem is that sender and receiver have to somehow exchange key in a secure
 manner. The most popular symmetric key cryptography system is Data Encryption
System(DES).

2. Hash Functions:
There is no usage of any key in this algorithm. A hash value with fixed length is
calculated as per the plain text which makes it impossible for contents of plain text to be
recovered. Many operating systems use hash functions to encrypt passwords.

3. Asymmetric Key Cryptography:

Under this system a pair of keys is used to encrypt and decrypt information. A public key
is used for encryption and a private key is used for decryption. Public key and Private
Key are different. Even if the public key is known by everyone the intended receiver can
only decode it because he alone knows the private ke0y.

The Caesar Cipher technique is one of the earliest and simplest method of encryption
technique. It’s simply a type of substitution cipher, i.e., each letter of a given text is replaced
by a letter some fixed number of positions down the alphabet. For example with a shift of 1,
A would be replaced by B, B would become C, and so on. The method is apparently named
after Julius Caesar, who apparently used it to communicate with his officials.

Thus to cipher a given text we need an integer value, known as shift which indicates the
number of position each letter of the text has been moved down.

In the Rail fence cipher, the plaintext is written downwards diagonally on successive "rails"
of an imaginary fence, then moving up when the bottom rail is reached, down again when the
top rail is reached, and so on until the whole plaintext is written out. The ciphertext is then
read off in rows. For example, to encrypt the message 'WE ARE DISCOVERED. RUN AT
ONCE.' with 3 "rails". N is number of rails – decryption.

Substitution ciphers are probably the most common form of cipher. They work by replacing
each letter of the plaintext (and sometimes puntuation marks and spaces) with another letter
(or possibly even a random symbol).

Mono-alphabetic substitution cipher, also known as a simple substitution cipher, relies on

a fixed replacement structure. That is, the substitution is fixed for each letter of the alphabet.
Thus, if "a" is encrypted to "R", then every time we see the letter "a" in the plaintext, we
replace it with the letter "R" in the ciphertext.