MODULE 1 – INTODUCTION

OVERVIEW OF COMPUTER AND WEB TECHNOLOGY

Cyber Law, also called IT Law is the law regarding Information-

technology including computers and the internet. It is related to legal
informatics and supervises the digital circulation of information,
software, information security, and e-commerce.

According to the Ministry of Electronics and Information Technology,

Government of India :
Cyber Laws yields legal recognition to electronic documents and a
structure to support e-filing and e-commerce transactions and also
provides a legal structure to reduce, check cyber crimes.

IMPORTANCE OF CYBER LAW:

 It covers all transactions over the internet.

 It keeps eye on all activities over the internet.
 It touches every action and every reaction in cyberspace.

AREA OF CYBER LAW:

Cyber laws contain different types of purposes. Some laws create

rules for how individuals and companies may use computers and the
internet while some laws protect people from becoming the victims of
crime through unscrupulous activities on the internet. The major areas
of cyber law include:

1. Fraud:
Consumers depend on cyber laws to protect them from online
fraud. Laws are made to prevent identity theft, credit card theft,
and other financial crimes that happen online. A person who
commits identity theft may face confederate or state criminal
charges. They might also encounter a civil action brought by a
victim. Cyber lawyers work to both defend and prosecute
against allegations of fraud using the internet.

2. Copyright:
The internet has made copyright violations easier. In the early
days of online communication, copyright violations were too
easy. Both companies and individuals need lawyers to bring an
action to impose copyright protections. Copyright violation is an
area of cyber law that protects the rights of individuals and
companies to profit from their creative works.

3. Defamation:
Several personnel uses the internet to speak their mind. When
people use the internet to say things that are not true, it can cross
the line into defamation. Defamation laws are civil laws that
save individuals from fake public statements that can harm a
business or someone’s reputation. When people use the internet
to make statements that violate civil laws, that is called
Defamation law.

4. Harassment and Stalking:

Sometimes online statements can violate criminal laws that
forbid harassment and stalking. When a person makes
 threatening statements again and again about someone else
online, there is a violation of both civil and criminal laws. Cyber
lawyers both prosecute and defend people when stalking occurs
using the internet and other forms of electronic communication.

5. Freedom of Speech:
Freedom of speech is an important area of cyber law. Even
though cyber laws forbid certain behaviors online, freedom of
speech laws also allows people to speak their minds. Cyber
lawyers must advise their clients on the limits of free speech
including laws that prohibit obscenity. Cyber lawyers may also
defend their clients when there is a debate about whether their
actions consist of permissible free speech.

6. Trade Secrets:
Companies doing business online often depend on cyber laws to
protect their trade secrets. For example, Google and other online
search engines spend lots of time developing the algorithms that
produce search results. They also spend a great deal of time
developing other features like maps, intelligent assistance, and
flight search services to name a few. Cyber laws help these
companies to take legal action as necessary to protect their trade
secrets.

7. Contracts and Employment Law:

Every time you click a button that says you agree to the terms
and conditions of using a website, you have used cyber law.
There are terms and conditions for every website that are
somehow related to privacy concerns.

ADVANTAGES OF CYBER LAW:

  Organizations are now able to carry out e-commerce using the
legal infrastructure provided by the Act.

 Digital signatures have been given legal validity and sanction in

the Act.

 It has opened the doors for the entry of corporate companies for
issuing Digital Signatures Certificates in the business of being
Certifying Authorities.

 It allows Government to issue notifications on the web thus

heralding e-governance.

 It gives authority to the companies or organizations to file any

form, application, or any other document with any office,
authority, body, or agency owned or controlled by the suitable
Government in e-form using such e-form as may be prescribed
by the suitable Government.

 The IT Act also addresses the important issues of security, which

are so critical to the success of electronic transactions.

 Cyber Law provides both hardware and software security.

NEED FOR CYBERLAW

 To Cover Under a Defined Legal System − The primary purpose
of the law is to define and cover all such activities happen
through cyberspace; so that it can be governed under a defined
legal system.

 To Protect the Rights and Privacy of People and Businesses −

As the existing laws do not cover the new dimension of
computer technology; and, it may not cover the growing crimes
sufficiently; in such a condition, a specialized or specifically
cyber law is necessary to safeguard the rights, privacy, and other
personal data of individuals stored in the cyberspace. Likewise,
the specialized cyber law defines the legal standards for data
protection, online privacy, and digital rights and ensure that
individuals are not subject to unwarranted intrusion or violation
of their rights in cyberspace.

 To Provide Cybersecurity − The increasing incidence and threat

of cybercrimes such as hacking, data breaches, online fraud,
bank fraud, etc., essentially need specialized law that can
potentially provide a well-defined legal framework to curb and
prevent cyber-crimes. The defined rules can strengthen the legal
system to prosecute the cybercriminals properly and can
establish legal mechanisms for enhancing cybersecurity.

 To Provide Legal Validation to E-Commerce and Contracts −

Cyber law provides legal validation to the electronic commerce
by establishing the legal validity of electronic contracts and
transactions. It ensures that the online agreements are equally
valid and enforceable and the parties engaged in e- commerce
are protected under cyber law.
 To Provide Legal Validation to Digital Signatures and
Authentication − It validates the use of digital signatures for
authentication and verification of electronic documents, which
makes the digital transactions valid and legally binding and
secure.

 To Protect the Intellectual Property Rights − Cyber law protects

the intellectual property rights in digital form. It governs the
issues related to copyright infringement, online piracy, and
unauthorized distribution of digital content.

 To Provide Protection to Online Defamation and Cyberbullying

− Cyber law recognizes and provides a well-defined legal
remedies against online defamation, harassment, and
cyberbullying. It ensures that the victims of online harassment
or cyberbullying have legal recourse to protect their reputation
and well-being.

 To Regulate Online Content − Cyber law establishes defined

guidelines for the regulation of online content, ensuring the
harmful or illegal material is restricted or removed from the
internet. It maintains a balance between free speech and
preventing harmful online activities.

 To Resolve the Issues of Jurisdiction and Cross-Border

Problems − As the internet does not follow any physical or
political boundaries, cyber law specifically addresses
jurisdictional issues and determines which laws will be applied
in cross-border cybercrimes and disputes. Likewise, it helps to
resolve legal conflicts that cover multiple jurisdictions.
  To Provide National Security − In some of the cases, cyber law
plays a role in defining legal measures to protect critical national
infrastructure from cyber-attacks and threats.

 To Promote E-Governance − Cyber law provides the legal

framework for the implementation of e-governance initiatives
and ensure that digital interactions between citizens and
government are legally recognized and secure.

 To Provide Consumer Protection − Cyber law defines provisions

that provide consumer protection involved in e-commerce and
defines dispute resolution mechanisms.

TECHNOLOGY AND ITS IMPACT ON IT’S SOCIETY

POSITIVE IMPACTS OF TECHNOLOGY ON SOCIETY

 Improved Communication: Communication is the most

important part of society, we build or transfer our thoughts with
each other with the help of communication. Earlier people used
pigeons or birds to transfer their messages to their loved ones.
After that technology slowly grows and the medium of
transferring information is changed to mobile phones, email, etc.
Nowadays, we send messages to loved ones or known people
via email, social media platforms, etc. It is the fastest, efficient,
and effective medium. People can talk or share information with
their loved ones easily even if they are very far away from them.
 Improved Education and learning process: Technology enhances
the education and learning process. Nowadays, people can easily
 enhance their knowledge using the internet. Most of the data is
present on the internet is free of cost, and you can access this
data anytime and anywhere.
 Mechanized Agriculture: Technology changes the working
mechanism of farmers. Lots of machines and technical
instruments were introduced in the agricultural area which
makes farming very easy, effective, automated, etc.
 Easy to access information: We can easily access information
via the internet anytime and anywhere. Most of the information
is present on the internet are free of cost, so you can use them to
enhance your knowledge, skills, etc.

NEGATIVE IMPACTS OF TECHNOLOGY ON SOCIETY

 Increase in pollution: Not only humans but technology also

affecting our environment. Due to vehicles and machinery, the
rate of pollution is increasing continuously which causes global
warming, etc.
 Increase in health and mental concerns: Nowadays, technology
effecting the physical as well as mental health of human beings.
It makes people lazy, emotionally weak, sleeping problems,
reduce physical activity, also people are spending less time with
their family and friends.
 Increase in cybercrimes: Due to the excessive use of the
internet, the rate of cybercrimes are also increased. Some people
(attackers) harm innocent people (victims) or children for
money or fun.

GROWTH AND SIGNIFICANCE OF IT

Information Technology enables the sharing of knowledge throughout
the world. With IT today, not only students but teachers too are taking
advantage and staying up-to-date. For accurate sharing of knowledge
and information, teaching and learning, information technology is
important.

NEED FOR CYBER LAW

Cyber laws exist to protect people from online fraud. They prevent
online crimes, including credit card and identity theft. A person who
commits such thefts stands to face criminal charges.

Being highly sophisticated and developing every day, cyberspaces

have become common. Thus, the increase in cyber crimes is
inevitable. As of 2022, the approximate number of internet users
worldwide was 5.3 billion, up from 4.9 billion in 2021. Given this
rapid increase in the use of cyberspace, the implementation and use of
strict cyber rules help establish a safe environment for users.
With more and more transactions being conducted online, it is
imperative to have legal frameworks to regulate these transactions and
protect the interests of the parties involved.

These are some of the advantages of cyber law listed below:

 Cyber law protects individuals and businesses from various

cybercrimes, such as hacking, identity theft, online fraud, and
cyberbullying.
 Cyber law mandates the protection of personal information and
data privacy, ensuring that internet users have control over their
 personal information and that organizations take adequate
measures to protect such information.
 Cyber law provides a legal framework for e-commerce
transactions and helps establish trust between parties by
providing a secure and reliable platform for online transactions.
 These laws effectively regulate internet-related activities,
including online transactions, intellectual property rights, and
content regulation.
 Cyber laws encourage innovation by protecting intellectual
property rights, promoting technological research and
development, and enabling the creation of new digital products
and services.

JURISDICTIONL ISSUES IN CYBERSPACE

Cyber law’s jurisdiction depends on the kind of cybercrime and the

location from which it has been done. Jurisdiction gives power to the
appropriate court to hear a case and declare a judgment. In cybercrime
instances, the victim and the accused are generally from different
countries, and hence deciding which cyber jurisdiction will prevail is
conflicting. The internet as stated earlier has no boundaries; thus, no
specific jurisdiction in cyberspace can be titled over its use. A user is
free to access whatever he wishes to and from wherever he wishes to.
Till the time a user’s online activity is legal and not violative of any
law, till then there is no issue. However, when such actions become
illegal and criminal, jurisdiction has a crucial role to play.

For example, if a user commits a robbery in country ‘A’ while sitting

in country ‘B’ from the server of the country ‘C,’ then which country’s
jurisdiction will apply needs to be answered. In this case, the
transaction might have been done virtually, yet the people are present
physically in their respective countries governed by their laws and the
court generally decides the cyber jurisdiction of the country where the
crime has been committed.

In cyberspace, there are generally three parties involved in a

transaction: the user, the server host, and the person with whom the
transaction is taking place, with the need to be put within one
cyberspace jurisdiction.[2] All three parties in this illustration belong
to three different countries, now the laws of ‘A,’ ‘B’ or ’C’ will be
prevalent or not, or even municipal laws will be applicable or
international laws the issues of jurisdiction in cyberspace. The extent
of a court’s competency to hear a cross-border matter and apply
domestic state laws is another issue.

TYPES OF JURISDICTIONS

 Personal Jurisdiction – It is a type of jurisdiction where the court

can pass judgments on particular parties and persons. In the case of
Pennoyer v. Neff[3], The Supreme Court of the US observed that
the Due process enshrined in the constitution of the US constrains
the personal jurisdiction upon its implication on the non-resident,
hence there is no direct jurisdiction on the non-residents. However,
this restraint was curbed by the minimum contact theory which
allowed the jurisdiction over the non-residents as well.

 Subject-matter jurisdiction – It is a type of jurisdiction where the

court can hear and decide specific cases that include a particular
subject matter. If the specific subject matter is of one court but the
plaintiff had sued in any other court then the plea will be rejected
and the plaintiff will have to file the case in the court which is
related to that matter. For instance, a complaint regarding a
consumer good should be filed in the district consumer forum
 rather than district court as district consumer forums specifically
look at consumer-related cases. In the same manner, all
environmental-related cases are tried in NGT rather than a district
court.

 Pecuniary Jurisdiction – This type of jurisdiction mainly deals

with monetary matters. The value of the suit should not exceed the
pecuniary jurisdiction. There are various limits set for a court that
can try a case of a certain value beyond which it is tried in different
courts. For example, the district consumer forum looks at the
matter not exceeding 20 lakh rupees, the State consumer dispute
redressal commission has pecuniary jurisdiction of more than 20
lakh rupees but not exceeding 1 crore, the National consumer
dispute redressal commission has pecuniary jurisdiction involving
cases of more than 1 crore rupees in India. It is dependent upon the
claim made in proceedings and is structured in hierarchical order.

THEORIES OF JURISDICTION

 Subjective territoriality– It lays down that if the act is

committed in the territories of the forum state, then its laws will
be applicable to the parties. The act of the non-resident person in
the forum state is the key element under it. For example- A
country can make a law criminalizing an act in its territory, and
then the subject aspect of the territoriality will recognize it.

 Objective territoriality – It is invoked when an act is committed

outside the forum state’s territorial boundary, yet its impact is on
the forum state. It is also known as ‘Effect Jurisdiction.’ It was
 established in the case of United States v Thomas[4] in which
the defendant published phonographic material and to see and
download it, he provided the subscribers with a password after
getting a form filled out which included their personal details,
and the plaintiff claimed it to be violative of its domestic laws,
the court held that “the effect of the defendant’s criminal
conduct reached the Western District of Tennessee, and that
district was suitable for accurate fact-finding,” and the court has
the cyberspace jurisdiction.
In the landmark case of Playboy Enterprise, Inc. v Chuckleberry
Publishing, Inc.[5], the defendant operated a website in Italy on which
obscene photographs were displayed, and some of its users were
citizens of the USA. The court found it to be against US laws and
banned the website from falling under US jurisdiction; however, the
court does not have cyberspace jurisdiction to put a complete ban on
the use by other users of different states.

 Nationality – It is applied to the offender who is the national of

the state; for example, if a person of a state commits an offence
in a foreign country that is punishable by domestic laws, then
the state has the power to punish its citizen.
 Universality – The acts which are universally acclaimed as
crimes such as hijack, and child pornography. A cyber-criminal
can be convicted in any country for committing such a heinous
crime. It presumes that the country has cyber jurisdiction to
prosecute the offender of a cybercrime.

MININUM CONTACTS THEORY

This test is applicable where both or any of the parties are outside the
territorial jurisdiction of the court. In the landmark judgment in
Washington v International Shoe Company, this theory was evolved
by the US Supreme Court.

After this case, the court laid down three criteria-

 “The non-resident defendant must do some act or consummate
some transaction with the forum or perform some act by which
he purposefully avails himself of the privilege of conducting
activities in the forum, thereby invoking the benefits and
protections.
 the claim must be one which arises out of or results from the
defendant’s forum-related activities, and
 Exercise of jurisdiction must be reasonable.
In the case of CompuServe Inc v Patterson, The court held that
contracts related to cyberspace are also covered under the domain of
minimum contacts theory.

SLIDING SCALE THEORY

Sliding Scale theory is also known as Zippo Test. It is the most

accepted test in deciding personal jurisdiction in cyberspace cases. On
the basis of the interactivity of the websites, the jurisdiction is
decided. The more the number of interactivities, the more the courts
have personal jurisdiction over it in the forum state.

For a passive website, the courts have almost no jurisdiction, while in

the middle spectrum site, the court may or may not have jurisdiction;
however, in the case of a highly interactive site, the court has
cyberspace jurisdiction.
In the landmark case of Zippo Manufacturer v Zippo.Com, the
plaintiff Zippo Manufacturer of lighters in Pennsylvania sued the
defendant Zippo.com for an infringing trademark. The defendant had
a lot of interactivities; hence the personal jurisdiction will be
applicable to the defendant.

MODULE 2 – CONSTITUTIONAL AND HUMAN RIGHTS

ISSUES IN CYBERSPACE

FREEDOM OF SPEECH AND EXPRESSION IN

CYBERSPACE

INTRODUCTION:

In India individual freedom is an integral part of democracy.

However, freedom is not absolute. Absolute freedom to an individual
may lead to compromising other’s privacy, safety and rights. There
are laws to govern and restrict people's behaviour so as to maintain a
balance in the society.
Today we live in a connected world facilitated by Information and
Communication Technology. It has created multidimensional and
often unpredictable too. This has become one of the serious threats to
individual freedoms and rule of law which serves as the pillar of
democracy.

INTERNATIONAL PERSPECTIVE:

The right to freedom of speech and expression is widely protected

under international law and is recognized under Article 19 of the
Universal Declaration of Human Rights (UDHR) and Article 19(2) of
International Covenant on Civil and Political Rights (ICCPR). These
provisions define this right as the ‘freedom to hold opinions without
interference and to seek, receive and impart information and ideas
through any media and regardless of frontiers’. In recent years, the
United Nations has explicitly extended this right to online platforms.

INDIAN PERSPECTIVE:
India has the second largest Internet consumer base in the world, after
China. As the right to free speech includes the right to access and
gather information as well, the Indian Government has been working
on bridging the Digital Divide through its Digital India Initiative. In a
country with a growing reliance on the Internet, it becomes important
to understand the legal framework that governs speech online.

CONSTITUTIONAL PROVISION:

Article 19 (1)(a) of the Constitution of India guarantees to citizens the

fundamental right to freedom of speech and expression:
Article 19(1)(a) All citizens shall have the right to freedom of speech
and expression. This is a broad right that includes the right to
exchange thoughts with others, both within and outside India. It also
includes freedom of the press. This right is applicable to
communication on the Internet as well. However, this right is also
subject to certain restrictions which can only be imposed by a duly
enacted law.

Article 19(2) provides that the such reasonable restriction must be in

the interests of state security, friendly relations with foreign states,
public order, decency and morality, contempt of court, defamation,
incitement to an offense, and the sovereignty and integrity of India.
Alongside the freedom of speech, one must also consider the right to
privacy, which has been read into the right to life under Article 21 of
the Constitution.

LEGISLATIVE RESTICTION:

The Indian Penal Code (IPC) places some restrictions on free speech.
It criminalizes speech that is seditious, obscene, defamatory,
promoting enmity between different groups on ground of religion,
race, place of birth, residence, language, committing acts prejudicial
to maintenance of harmony, or consisting of statements, rumors, or
reports that may cause fear, alarm, disturb public tranquility, or
promote enmity or ill will.
The offender is liable to be punished with a jail term ranging from
two to seven years, if found guilty. Further, the Official Secrets Act
also contains a provision that criminalizes wrongful communication
of information that may have an adverse effect on the sovereignty and
integrity of India. All these provisions are applicable to Internet users
as well.

Another relevant legislation in this context is the Information

Technology Act (IT Act 2000), which criminalizes certain online
activity, such as the publication or transmission of obscene or sexually
explicit content in electronic form, as well as the creation,
transmission or browsing of child pornography. Section 66A of the
Act had criminalized any information that could be considered grossly
offensive, of a menacing character, or any information that is false,
but causes “annoyance, inconvenience, danger, obstruction, insult,
injury, criminal intimidation, enmity, hatred or ill will.” Several
arrests were also made for social media posts, on the basis of this
provision. But in the 2015 landmark case of Shreya Singhal v. Union
of India, the Supreme Court struck down Section 66A of the IT Act
2000 on grounds of violating Article 19 of the Constitution. In its
judgment, it categorically stated that the freedom of speech offline is
equal to freedom of speech online, a principle that has been clearly
stated by the UN as well. Section 66A was found to be an arbitrary
and disproportionate restriction on the right to free speech, and
outside the confines of the reasonable restrictions laid down in Article
19(2). This judgment is a critical step for free speech jurisprudence,
with the courts taking a firm stand in favour of the right to free speech
on the internet.

CURRENT SCENARIO:

Internet freedom in India has improved for the continuous second

year, according to the report "Freedom on the Net" published by
Freedom House, a US nonprofit organization that monitors freedom
worldwide. India has been categorized as "partly free" with score of
40 in 2015 from 42 in 2014. Further, the report notes positive
developments in the regulatory framework, decline in the detentions
for online speech and a steady increase in digital access. However,
increased website blocking, and intimidation of internet users
threatened to hamper steadily improving internet freedom in the
country.

A total of 136, 13, 10 and 492 social media websites were blocked in
2012, 2013, 2014 and 2015 (till 30.11.2015) respectively under
Section 69A of IT Act, 2000. Further, a total of 533, 432 and 352
social media websites were blocked in compliance with the directions
of the competent Courts of India in 2013, 2014 and 2015 (till
30.11.2015) respectively. Also, as per National Crime Records Bureau
(NCRB), a total of 4,192 cases were reported under section 66A of the
IT Act 2000 (under the offences of sending offensive messages
through communication services etc.) during 2014.

RIGHT TO ACCESS CYBERSPACE -ACCESS TO INTERNET

INTRODUCTION
The right to internet espouses two facets of the right to internet access
and the right to speak and express oneself over the internet, which are
the positive negative and forms respectively. There is a host of
conceptual and theoretical issues that underpin the right to internet.
The pertinent question that arises here is: what is the locus of the right
to internet within our legal system? Whether it is a right held only by
citizens only or by people universally? If it is taken in the former
sense, then it suggests the right is merely statutory and if understood
in the latter, a kind of human right. There is the question as to the
nature of the right: natural or fundamental.

Further, if it is accorded the status of a positive right, then the State

comes under an obligation to provide its citizens with meaningful
access to this right. In this article, we are looking at the scope of
judicial and intervention in recognizing the right to the internet, both
in its negative and positive forms.

RIGHT TO INTERNET UNDER 19(1)(A) AND 19(1)(G)

The right to freedom of speech and expression and right to practise

any profession, or to carry on any occupation, trade or business over
the medium of internet under Articles 19(1)(a) and 19(1)(g) has been
held to be constitutionally protected by the Hon’ble Supreme Court in
Anuradha Bhasin v. Union of India. Thus, a negative right to the
internet subject to restrictions under Articles 19(2) and 19(6) has been
recognized.

Any restriction to the right to freedom of speech and expression and

the right to practise any profession, or to carry on any occupation,
trade or business over the medium of internet, if imposed by the state,
under Article 19 have to pass muster of the proportionality test which
as enumerated by the decision in K.S Puttaswamy v. Union of India
that:

1. A law interfering with fundamental rights must be in pursuance

of a legitimate State aim;
2. The justification for rights infringing measures that interfere
with or limit the exercise of fundamental rights and liberties
must be based on the existence of a rational connection between
those measures, the situation in fact and the object sought to be
achieved;
3. The measures must be necessary to achieve the object and must
not infringe rights to an extent greater than is necessary to fulfil
the aim;
4. Restrictions must not only serve legitimate purposes; they must
also be necessary to protect them; and
5. The State must provide sufficient procedural safeguards.

The question of access to the internet in Anuradha Bhasin v. Union of

India, or the positive aspect of the Right to Internet, was left open to
be determined in an appropriate lis by the court since the pleadings in
this regard were not made. This takes us to the question whether and
how the right to access the internet can be determined within our legal
framework through judicial intervention in the future.
RIGHT TO INTERNET ACCESS

There are broadly two ideas that make a case for the recognition of
the right to meaningful access which has received much attention
from scholars. The first being that the right to meaningful internet
access can be brought in place if the State chooses to frame
regulations with regard to market conditions and distribution of
resources with a view to enable equitable access. This view has roots
in Article 19(1)(a) and 21 of the Constitution. The second advocates
that the right to internet be recognized by the State in the form of a
statutory, sui generis right to internet access from existing
international human rights obligations.

RIGHT TO INTERNET UNDER ARTICLE 21

In its recent judgment in Faheema Shirin v. State of Kerala, the High
court has recognized that mobile phones and internet access through it
are part and parcel of the day to day life. The court looked at
resolutions adopted by the United Nations Human Rights Council and
the General Assembly which unequivocally point to the fact that how
internet access plays a key role in accessing information and its close
link to education and knowledge. The court took the view that the
right to be able to access the internet has been read into the
fundamental right to life and liberty, as well as privacy under
Article 21. The court added that it constitutes an essential part of the
infrastructure of freedom of speech and expression.

As opposed to this is the argument of one of the fathers of the

internet, Mr. Vinton G. Cerf. He argued that while the internet is very
important, however, it cannot be elevated to the status of a human
right. Technology, according to him, is an enabler of rights and not a
right in and of itself.
The meaningful exercise of the right to freedom of speech and
expression over the medium of internet is dependent, invariably and
inextricably, upon the access to the available infrastructure.
Infrastructure in turn depends upon social and economic factors such
as the distribution of resources; the policies of the State and its
intervention in the nature of regulation of resources.

If I have the freedom to speak and express myself, then I must also
have the necessary means and avenues to echo the same. An
economic and social precondition, lurking in the backdrop, to the
exercise of the right under Article 19(1)(a) assumes significance here.
The role of the State in enabling this precondition has been the subject
of much debate in our country and more so in the United States under
their First Amendment jurisprudence.

Since the Hon’ble Supreme Court has recognized the right to freedom
of speech and expression over the medium of internet, we may peruse
its various decisions to see whether the right to internet access can be
recognized by the judiciary. The tectonic and conflicting shifts in the
jurisprudence of the Hon’ble Apex Court under Articles 19(1)(a) and
19(2) will help us understand this aspect.

THE LIBERTARIAN THEORY OF FREE SPEECH

The libertarian conception takes the existing distribution of income
and resources as a given, and the consequent unequal speaking power
that arises is left unaddressed. It prohibits any State intervention
designed to remedy the situation. This can be understood better if we
look at the decision of the American Supreme Court, when it first
struck down campaign finance regulations, in Buckley v. Valeo,
wherein it held, “the concept that government may restrict the speech
of some in order to enhance the relative voice of others is wholly
foreign to the First Amendment.
This theory reflects the libertarian thought which restricts the role of
the State and proscribes any government-imposed regulation on what
people can do within the existing structure of these laws. We find this
strain of thought in some of our decisions of the Hon’ble Supreme
Court as well.

In Sakal Papers v. Union of India, the government issued regulations

dealing with price-per-page. It essentially related the price of a
newspaper with its size. Owing to the regulation, the newspaper
agency had to maintain lower prices which meant that the newspapers
would have to reduce their size and consequentially the content too
would have to be reduced and vice versa. The newspapers came forth
with Article 19(1)(a) challenge.

The government responded to the challenge by terming this measure

as anti-monopolistic. Further, their aim was to ensure the proliferation
of aspiring, new newspapers. By having the already established
newspapers to keep their prices low meant doing away with the
blockage in the entry of other newspapers into the market. The Court
held this measure as one made in ‘public interest’. Yet, the ground of
‘public interest’ did not afford protection Article 19(2), the Court held
that this regulation was unconstitutional and upheld the claims of the
newspapers.

The ramification of this decision is that if an individual were to

establish a newspaper, the prevailing, expensive economic conditions
in the market made it impossible for him to do so. Thus, the aspiring
newspapers in this case suffered from an inability to meaningfully
exercise their freedom of expression. But the freedom was not
extinguished and therefore it still did not infringe upon their freedom
of speech or expression. Article 19(1)(a) affords protection to the
freedom of speech and expression, and not effective or meaningful
exercise of the freedom of speech and expression, hence there was no
constitutional violation.

Bennett Coleman v. Union of India was a case in which a challenge to

the Newsprint Order of 1962, and the Newsprint Policy of 1972 was
made in the court. The Newsprint Order restricted the conditions
under which newsprint could be imported and Newsprint Policy
prohibited ‘common ownership units’, limited the number of pages to
ten and permitted a 20 per cent increase in page level to newspapers
that had fewer than ten pages.

The Policy was defended by the State on grounds such as prevention

of monopolies and promotion of the growth of small newspapers. The
majority struck down the Policy because it had an effect on
circulation and according to them it amounted to a restraint upon the
freedom of speech, which was not saved by any of the grounds under
Article 19(2). The intervention by the State into the existing market in
the form of price-and-page controls is deemed to affect freedom. The
test was whether the ‘direct effect’ of a law is to abridge the freedom
of speech.

The above two decisions show us an inclination of the Supreme Court

towards the libertarian notion of free speech.

THE SOCIO-DEMOCRATIC THEORY OF FREE SPEECH

It may at times become incumbent upon the State to act to further the
robustness of public discourse and allocate public resources (hand out
megaphones; figuratively) to those whose voices would need to be
heard. It may even have to silence the voices of some in order to hear
the voices of the others. This is exactly in contradiction to the
libertarian view.

The Supreme Court’s decision in Express Newspapers v. Union of

India presents an interesting contrast to Sakal Newspapers and
Bennett Coleman. Express Newspapers involved a challenge to a
statute that determined the minimum wage to be paid to all working
journalists. It was argued that the fixed minimum wage had been too
high so as to drive newspapers out of business and that it was an
unreasonable restriction in terms of Article 19. In Express
Newspapers, however, the Court found that there was no abridgement
in the freedom of speech. The regulation was upheld because
according to the Court, the intention or ‘proximate effect’ of the
minimum wage legislation was rather to improve the economic
position of journalists. The argument that the eventual result would be
a fall in circulation was dismissed as incidental, remote and indirect.

Alexander Meiklejohn said with respect to the First Amendment of

the Constitution of U.S.A. that it does not forbid the abridging of
speech. But, at the same time, it does forbid the abridging of the
freedom of speech.

Justice Mathew’s celebrated dissent in Bennett Coleman v. Union of

India is based upon the Mieklejohnian difference between abridging
speech, and abridging the freedom of speech. In Bennett Coleman, the
scarcity of newsprint depended as much upon governmental action so
did the restriction on the number of pages a newspaper could have.
The freedom enumerated in Article 19(1)(a) is centered on the
individual and yet Justice Mathew gives us a larger, community
oriented goal that society needs to achieve. He observes that a
democracy has to be thriving and meaningful. It is only when there
exists multiplicity, diversity and variety of ideas and viewpoints that
we achieve the ideal of an informed society.

Justice Mathew subscribes to the view that for the larger community
to have access to infrastructure to exercise the freedom of speech, it
becomes necessary that the government regulates such access and
market conditions to ensure that resources are not concentrated in a
few hands. Since the Newsprint Policy, in its anti-monopolistic
objectives aimed to put in place a wide range of ideas in the public
domain, Justice Mathew held it to be constitutionally valid.He offers
us a much more nuanced and substantive version inbuilt in Article
19(1)(a).

The freedom of speech as we understand consists of both “speech”

and “non-speech” elements. A sufficiently important governmental
interest in regulating the non-speech element can justify incidental
limitations on freedom of speech. The Court further observed that a
Government regulation is sufficiently justified if it is within the
constitutional power of the Government; if it furthers an important or
substantial Governmental interest.

Lending credence to what Justice Holmes espoused in his First

Amendment decisions, Justice Mathew goes on to enumerate four
values required to be achieved by protection of free speech. Free
expression is necessary:

 for individual fulfilment,

 for attainment of truth,
 for participation by members of the society in political or social
decision-making, and
  for maintaining the balance between stability and change in
society.

Justice Mathew takes note of the Holmesian First Amendment view in

Abrams v. United States: “that the ultimate good desired is better
reached by free trade in ideas—that the best test of truth is the power
of thought to get itself accepted in the competition of the market. That
at any rate is the theory of our Constitution.”

“What is essential” according to Meiklejohn, “is not that everyone

shall speak, but that everything worth saying shall be said”.

Justice Mathew provides us with an interpretation of Article 19(1)(a)

which focuses on the idea that restraining the hand of the government
proves useless in assuring free speech, if a restraint on access is
effectively secured by private groups. A constitutional prohibition
against Governmental restriction on the expression is effective only if
the Constitution ensures an adequate opportunity for discussion.

The State is required to take into account the differing economic and
social conditions of its citizens and how those differences hinder
equal access to the exercise of their basic rights. Justice Mathew
reminds us of the constitutional obligation of the State to enable every
individual achieve substantive equality. He invokes the Directive
Principles of State Policy, though unenforceable, to argue that under
Article 39(b)the Constitution furnishes for distribution of the material
resources of the community to subserve the common good.

In Union of India v. Motion Picture Association the petitioners put

forth a challenge to government notifications and rules, and
provisions of the Cinematograph Act. This enabled the government to
have the films exhibited by the licensee and additionally other films
which the licensee was exhibiting. The Court did not find any merit in
the challenge. It held that under Article 19(1)(a) that this amounted to
promoting dissemination of ideas, information and knowledge to the
masses.

In this case, the impugned provisions were meant to further free

speech and expression and it did not result in curtailment of the same.
The issue was not framed as whether the restriction was based on one
of the grounds of justification under Article 19(2). Article 19(1)(a)
was looked at from the vantage point of a social good than
understanding it as an individual right.

In the case of LIC v. Manubhai D. Shah, the respondent had published

a paper wherein he highlighted certain issues related to LIC’s
insurance schemes. An LIC employee in turn published a response in
a newspaper to which the respondent countered with a rejoinder. The
LIC employee’s write up was at once published in LIC’s in-house
magazine as well, but when the respondent requested that his
rejoinder to be published there, it was rejected. The Court held that
the LIC’s stance was unfair and unreasonable. The court invoked the
doctrine of fairness (which has evolved in the United States) which
demands that both viewpoints ought to be placed before the readers.
The Court in this case lent credence to the larger, community goal of
ensuring that the public must have knowledge of a balanced account
of contentious issues.

Secretary, Ministry of Information and Broadcasting v. Cricket

Association of Bengal dealt with the Indian Telegraph Act which
vested in the government a monopoly over maintaining the
infrastructure for airwaves. The government did not permit the
Cricket Association of Bengal to telecast certain cricket matches. The
Board came up with the argument that this was a violation of its rights
under Article 19(1)(a) right to broadcast, as well as the viewers’ 19(1)
(a) right to watch. The government on the other hand argued that
airwaves being a scarce resource, it was its prerogative to selectively
distribute the airwave frequencies. This argument was not favoured by
the majority and that to own a frequency for the purposes of
broadcasting was then a costly affair. When there are surplus or
unlimited frequencies, it is only the affluent few who would be in a
position to own them and use it to suit it to their own interest.

A lurking danger to the freedom of speech and expression of the have-

nots by denying them access to truthful information on all sides of an
issue, necessary to form a considered opinion on any subject also
comes to the fore. The doctrine of fairness has evolved in the U.S. in
the context of the private broadcasters licensed to share the limited
frequencies with the central agency like the FCC to regulate the
programming to put an anti-monopolistic regime at place. Hence, the
importance of an independent body like the Press Council of India
was felt in this case, which would be entrusted with fair and not
selective distribution of airwave frequencies. The court, in this case,
favoured an equitable distribution representative of all sections of
society. A closer perusal of the judgment shows that the infrastructure
of speech is closely intertwined with the freedom of speech.

These are some decisions of the Supreme Court that advocate the
socio-democratic theory of free speech. Unregulated marketplaces do
not offer any safeguards against a monopoly and concentration of
resources. The market is an instrument and not an end in itself which
is used to bring about a diversity of ideas and opinions in the public
domain through intervention of regulations. Thus, if the State in the
future chooses to regulate the market and take anti-monopolistic
measures to ensure greater access of the masses to the internet as
opposed to concentration in the hands of a few it may do so.
RIGHT TO INTERNET AND NON-STATE ACTORS
Another important aspect of the Right to Internet is the regulation of
speech and expression by non-State actors such as social media
platforms. Does a citizen when a non-State actor like Twitter infringe
his right under Article 19(1)(a) have the remedy to enforce it in a
court of law? The recent case of Senior Advocate Sanjay Hegde
challenging Twitter’s decision to delete his account permanently
before the Delhi High Court, under Article 226 of the Constitution
takes us to this question. A perusal of case laws reveals that Indian
courts have not held any non-State actor as State just because they
perform a public function. The two tests used by the courts to hold a
private actor as State are:

 The function or service provided by the non-State actor must be

closely related to the sovereign functions of state; or
 The non-State actor should be “functionally, administratively
and financially” controlled by the government.

Since, private social media platforms clearly fail the second test, it is
unlikely that a citizen could have his rights enforced against them. No
doubt, social media platforms perform an important public function
by providing a platform for individuals to exercise their free speech
right.

CASE LAWS:
1. In the case of Anuradha Basin V. Union of India, Supreme Court
held that the right to freedom of speech and expression under
Article 19(1) (a) and the right to freedom of trade and commerce
under Article 19(1) (g) through internet is constitutionally
protected but subjected to reasonable restrictions.
 In the case of K.S. Puttaswamy V. Union of India, Supreme
Court of India held that any restrictions imposed by the state on
the right to freedom of speech and expression and right to
practice any profession or occupation over the medium internet
under Article 19 have to pass the proportionality test. The
proportionality test is used to measure the reasonability of the
government’s decision. Kerala High Court held that right to
have access to the internet is an integrated part of the
fundamental right to education and the right to privacy under
article 21 of the Indian Constitution.

CONCLUSION
Going by the more substantive vision that the socio-democratic theory
of free speech espouses, the right to internet needs to be recognized
expressly by the State. Concomitant to express recognition of the
right, there is a pressing need for the State to intervene and regulate
the market and lay down the policy with regard to meaningful access
to internet. The State largesse aimed at improving the conditions of
internet access further depends on whether the State chooses to roll
out a number of schemes and programmes such as Digital India and
the like in this regard, or whether it chooses to regulate the market of
data connectivity and by passing on the obligation to the non-state
actors (which might again be subject to an Article 19(1)(g) challenge).

Therefore, we see that the right to access the internet in India is

making strides at a great pace. In these trying times of the pandemic
when education and most of our day to day activities are hugely
dependent on the access to internet, it becomes pertinent and the most
opportune moment for this right to be recognized by the State for the
upliftment of the masses as a social measure.
RIGHT TO PRIVACY

INTRODUCTION
Human rights have always been a part of our human conscience. The
concept of human rights can be traced back to the natural law
philosophers, such as, Locke and Rosseau. The concept of human
rights protects individuals against the excesses of state. The concept
of human rights represents an attempt to protect the individual from
oppression and injustice. These human rights have been added into
the Indian Constitution in the form of ‘Fundamental Rights’.

Basically, the underlying idea is that the certain basic and

fundamental rights protect a person and takes them out of the reach of
transient political majorities. These are regarded as essential as these
should not be tampered, entrenched or violated. The written
constitution guarantees a few rights to the people and forbid the
governmental organizations to interfere with the same.

The Constitution which lays down the basic structure of a nation’s

polity is built on the foundations of certain fundamental values. The
vision of our founding fathers and the aims and objectives which they
wanted to achieve through the Constitution are contained in the
Preamble, the Fundamental Rights and the Directive Principles. These
three may be described as the soul of the Constitution and the
testament of the founding fathers to the succeeding generations
together with the later Part on Fundamental Duties.
One of these rights which cannot be denied to the person is the Right
to Privacy. It is a natural right and is derived from Articles 14, 19 and
21 of the Indian Constitution. It is a right which need not be given
expressly to a person because this is a human right which the person
gets by virtue of his birth.

WHAT IS “PRIVACY”?
The word “privacy” is a very simple yet very complicated word. This
word does have a specific definition because this is a very
multidimensional concept and cannot be explained. It has no legal
definition and deserves more enumeration than to be defined. This is a
very crucial term and has emerged recently.

The simplest definition of privacy was given by Judge Thomas

Cooley in Olmstead V United States, he called it, “the right to be let
alone,”. According to him, a person has the right to be left alone on
his own terms and one should not intrude into other’s life without his
permission. Invasion of privacy means “an unjustified exploitation of
one’s personality or intrusion into one’s personal activity, actionable
under tort law and sometimes under Constitutional law”.

In Gobind vs. State of Madhya Pradesh, Privacy, in its simplest sense,

allows each human being to be left alone in a core which is inviolable
yet the autonomy of the individual is conditioned by her relationships
with the rest of society.

According to etymological meaning of privacy has been taken from

Latin term ‘privatus’ which means’ separated from the rest’ deprived
of something, especially office, participation in the government’ and
from ‘privo’ which means ‘to deprive’, is the ability of an individual
or group to seclude themselves or Information about themselves and
there by reveal themselves selectively.

This clearly shows that Privacy is something which a person is

entitled to by birth and there is no need for any written law to confirm
it. It should be understood as it is and is a right which cannot be
infringed.

WHAT IS RIGHT TO PRIVACY?

According to Blackstone’s Law Dictionary, Right to Privacy means “a
right to be let alone”; the right of a person to be free from any
unwarranted interference.

Recently, a judgment was delivered by Justice D.Y. Chandrachud that

overruled the principles evolved in the Habeas Corpus case in the case
of Justice K.S. Puttaswamy and ors. v. Union of India, which evolved
as a landmark judgment in the history of India with regards to the
status of Right to Privacy.

The term Right to Privacy cannot be easily conceptualized. Privacy is

a value, a cultural state or condition that is intended towards
individual on collective self-realization varies from society to society.
Right to privacy as to right to be let alone thus regarded as a
manifestation of an inviolate personality, a hub of freedom and liberty
from which the human being had to be free from invasion.

The basic thought behind prefacing of such a principle was to protect

personal writings and personal productions and its scope extends not
only from theft and physical misuse but against publication in any
form.
Fundamental rights are basic rights which are inherited in every
human being and such rights should be endowed with every citizen of
the country along with proper remedies. Certain confidential and
furtive part of the human beings cannot be proclaimed at public
domain. After the passing of the recent case of 2017, right to privacy
has obtained impetus throughout the world and it has been renowned
as a fundamental right to privacy.

IMPORTANCE OF RIGHT TO PRIVACY

Be it the Ramayana or Mahabharata or Manu Smriti, they have all
considered privacy to be an important aspect of an individual’s life. A
review of these scriptures proves the existence of rules that would
respect the privacy of an individual in ancient Indian society. Kautilya
in his Arthashastra written around 321-296 B.C. has prescribed a
detailed procedure to ensure right to privacy while ministers were
consulted. So, looking from the historical point of view, privacy can
be considered to be civil liberty that is indispensable to the freedom
and dignity of an individual. From the ancient history of India, as we
gradually move further then we will find that by the nineteenth and
twentieth century, the so-called privacy was associated with that of
inviolability of house of property.

Even though a debate and discussion did take place in the Constituent
Assembly regarding right to privacy. The formal proceeding of the
Constituent Assembly started with the drafting of the in December
1946 and the Constituent Assembly constituted various committees
whose main work was to provide reports to the Drafting committee,
which would in turn formulate a draft of the Constitution. It was at the
Committee Stage that a Sub-Committee group did try to advocate the
right to privacy to be a part of the Fundamental Rights.
From the very beginning, there were strong differences of opinion
related to the right to privacy, members like B.N Rau, A. K Ayyar and
M.K. Panikkar had a strong objection to right to privacy to be
upraised to the status of a Fundamental Right. In fact the most open
criticism of right to privacy was done by Alladi Krishnaswami Ayyar
and B. N. Rau, who were the members of the Constituent Assembly,
the comments of both these members shows their resentment towards
the right to privacy.

Ayyar was of the opinion that granting the right to privacy and
secrecy in correspondence would be disastrous, it would elevate every
private/ civil communication to that of State papers. This would
adversely affect civil litigation where documents form an essential
part of the evidence and B.N. Rau was primarily concerned with the
interference of the right to privacy with investigative powers of the
police authorities. Later Both Rau and Ayyar were successful in
persuading the Advisory Committee to leave out provisions relating to
the right to privacy.

During the ongoing sessions of the Constituent Assembly, there had

been a couple of times when an endeavor was made to include right to
privacy within the chapter of fundamental rights. Like on 30th April
1947 one of the members of the Constituent Assembly Somnath
Lahiri had presented a proposal to make the right to privacy of
correspondence a fundamental right, ‘the privacy of correspondence
shall be inviolable and may be infringed only in cases provided by
law……..’ However this proposal failed to get a positive response in
the Assembly. Again after almost a year another attempt was made by
Kazi Syed Karimuddin on 3rd Dec 1948 to incorporate “The right of
the people to be secure in their persons, houses, papers and effects
against unreasonable searches and seizures shall not be violated and
no warrants shall issue but upon probable cause supported by oath or
affirmation and particularly describing the place to be searched and
the persons or things to be seized.’’

So, the Indian Constitution failed to recognize the right to privacy as a

part of the Fundamental Rights to be conferred to the citizens of India.
But over a period of time none other than the Supreme Court of India
has played an important role to addressed a number of cases that has
dealt with right to privacy in some form or the other and which has
helped the right to privacy attain its rightful position as a part of Right
to Life and Liberty under Article 21.

In one of the earliest cases, M.P. Sharma v. Satish Chandra, where the
Supreme Court on the issue of ‘power of search and seizure’ held that
privacy cannot be brought under fundamental rights as it was
something not related to the Indian Constitution. It was seen that the
Supreme Court had a narrow interpretation in this case, limiting itself
only to the prescribed statutory regulation.

A decade later there was another important case, which was Kharak
Singh v. The State of U.P.[10] that dealt with the issue of surveillance
and that whether the surveillance which was defined under the
Regulation 236 of the U.P. Police Regulation led to the infringement
of fundamental rights or not and that did right to privacy come under
fundamental right or not. The verdict that was given by the Supreme
Court denied that the right to privacy was a fundamental right and that
it was not a guaranteed right under our Constitution and therefore the
attempt to ascertain the movement of an individual merely in a way in
which privacy is invaded is not an infringement of a fundamental
right guaranteed under Part III of the Indian Constitution. And it
however held that Article 21(right to life) was the repository of
residuary personal rights and recognized the common law right to
privacy. However in this case Justice Subba Rao did say that privacy
is a facet of Liberty.

The next case was Govind v. State of M.P.[ Even though this case was
alike the Kharak Singh case the approach towards this case was very
different. It upheld the validity of Madhya Pradesh Police Regulation
Act of 1961, under reasonable restriction. The judicial approach was
that there is an existence of right to privacy in terms of the different
guarantees provided by Part III of the Indian Constitution. However,
the Supreme Court also observed that in the absence of legislative
enactment, the right to privacy will necessarily have to go through a
‘case-by-case development’ because just one single case will be
inadequate to see the exceptions and consequences of right to privacy.
But one cannot deny the fact that this case did broaden the scope of
Article 21 so that the right to privacy could fall into it.

In the case of ADM Jabalpur v. Shivakant Shukla, the Supreme Court

wanted to determine that whether the right to personal liberty is
restricted by any restriction other than those which are contained in
the Constitution and statute law and it establishes that the right to
privacy may not be expressly guaranteed, but it may be implicit due to
its inclusion in common law. Justice Khanna had observed: “Article
21 is not the sole repository of the right to personal liberty…no one
shall be deprived of his life and personal liberty without the authority
of laws follows not merely from common law, it flows equally from
statutory law like the penal law in force in India.”

Then it was the Maneka Gandhi v. Union of India case where the
Supreme Court in a broader sense interpreted Article 21. The Supreme
Court stated that the term ‘natural law’ which included the right to
personal liberty and rights of personal security were incorporated in
Article 21 of the Indian Constitution.
R. Rajagopal v. State of Tamil Nadu was one of the first cases which
elaborated the development and the span of right to privacy in a
detailed manner. The apex court had held that the right to privacy was
implicit to the right to life and liberty which Article 21 guaranteed. It
further recognized that a citizen has a right to safeguard the privacy of
his own, his family, marriage, procreation, motherhood, child bearing
and education amongst other matters. None can publish anything
concerning the above matters without any consent and also that the
right to privacy can be both an actionable claim and also a
fundamental right.

Unique Identification Authority of India & Anr. v. Central Bureau of

Investigation This was a case that involved the Central Bureau of
Investigation that had sought to access a huge database that had been
compiled by the Unique Identity Authority of India for investigative
purposes of criminal offences. However, the Supreme Court stated
that the UIDAI should not be transferring any biometrics information
who has been allotted the Aadhar number without the written consent
of the individual person to any agency or third party. More so, the
honorable Court also stated that no person shall be deprived of any
kind of services for want of Aadhar number in case he/she is
otherwise eligible/entitled. The various authorities would have to
modify their circulars/forms etc. so that compulsory requirement of
Aadhar Number is not required in order to meet the requirement of
the interim order passed by the Court forthwith.

JUSTICE K.S. PUTTUSWAMY (RETD.) & ANR. V. UNION OF

INDIA & ORS.[16]
The verdict was the outcome of a petition challenging the
constitutional validity of the Indian biometric identity scheme Aadhar.
This was a case relating to the Unique Identity Scheme that was
discussed along with the right to privacy. The question that was
placed before the court was whether a right like right to privacy was
guaranteed under the Constitution or not. The Attorney General of
India had however argued that privacy did not have a place in the
fundamental right guaranteed to Indian citizens. Eventually, the Court
decided that the question related to the right to privacy should be left
to be discussed by a larger constitutional basis because all those
judgments that denied the existence of the right to privacy were
declared by the larger benches than the cases where the right to
privacy was accepted as a fundamental right. Due to this an
unresolved controversy emerged, that compelled the Court to refer
this issue to a larger bench so that it could be settled.

The unanimous judgment by the Supreme Court of India (SCI) in

Justice K.S. Puttuswamy (Retd) vs. Union of India is a resounding
victory for privacy. The order signed by all nine judges declares: The
right to privacy is protected as an intrinsic part of the right to life and
personal liberty under Article 21 and as a part of the freedoms
guaranteed by Part III of the Constitution.

Finally, it was on 24th August 2017, that a historical judgement was

made by the Supreme Court of India that stated the right to privacy to
be a part of fundamental rights that was protected by the Indian
Constitution. The Supreme Court declared that the right to privacy
stems from the fundamental right to life and liberty and that it would
be having a long lasting consequence. The Nine- Judge bench of the
Supreme Court was involved in the case of Puttuswamy vs. Union of
India that declared the right to privacy to be protected under Part III
of the Constitution of India. The Judgment was in response to the
reference made in connection with the challenge to India’s National
Identity project called Aadhar.
RIGHT TO PRIVACY IN CYBER WORLD
Hacking into someone’s private property or stealing some one’s
intellectual work is a complete violation of his right to privacy. The
Indian constitution does not specifically provide the “right to privacy”
as one of the fundamental rights guaranteed to the Indian citizens but
it is protected under IPC.

Cyber space means a non-physical terrain created by computers. Most

often than not, in the recent times, citizens (also referred to as
‘netizens’) have been increasingly making use of the cyber space to
seclude themselves from their social circle. There is a general belief
that these people are private and want to secure their privacy. In
reality, it turns out that there is a serious threat of infringement of
privacy of an individual in the cyber space.

In order to recognize digital evidence and electronic records, the

Information Technology Act (hereinafter referred to as ‘the Act’)
came into force on and from 17.10.2000. The preamble of the act
would read as follows:- “An Act to provide legal recognition for
transactions carried out by means of electronic data interchange and
other means of electronic communication, commonly referred to as
“electronic commerce”, which involve the use of alternatives to
paper-based methods of communication and storage of information, to
facilitate electronic filing of documents with the Government agencies
and further to amend the Indian Penal Code, the Indian Evidence Act,
1872, the Bankers’ Books Evidence Act, 1891 and the Reserve Bank
of India Act, 1934 and for matters connected therewith or incidental
thereto.

The Act also recognized few forms of cyber crimes and provided for
punishments for the same. The cyber crimes made punishable under
the Act are set out from sections 65 to 85. The punishment prescribed
thereunder, ranges from imprisonment upto three years to
imprisonment to life and any fine amount could be imposed. An upper
ceiling limit ranging from Rs.1,00,000/- to Rs.5,00,000 is also
prescribed. The cyber crime is an evolving field and therefore with
changing times, more and more crimes that emerge from violations
committed in the cyber space is detected. The common forms of the
cyber crimes have been broadly categorized into cyber crimes against
person and cyber crimes against property.[18]

Right to privacy is an important natural need of every human being as

it creates boundaries around an individual where the other person’s
entry is restricted. The right to privacy prohibits interference or
intrusion in others private life. The apex court of India has clearly
affirmed in its judicial pronouncements that right to privacy is very
much a part of the fundamental right guaranteed under article 21 of
the Indian constitution.

Thus, right to privacy is coming under the expended ambit of article

21 of Indian constitution. So, whenever there is some cyber crime
which is related to the persons private property or its personal stuff
then the accused can be charged of violation of article 21 of Indian
constitution, and prescribed remedy can be invoked against the
accused.

The legislations with regard to the digital communications are only a

handful. Already, the Information and Technology Act has been
discussed. The other relevant piece of statute in this regard is The
Indian Telegraph Act, 1883 which governs the use of wired and
wireless telegraphy, telephones, teletype, radio communications and
digital data communications. It gives the Government of India
exclusive jurisdiction and privileges for establishing, maintaining,
operating, licensing and oversight of all forms of wired and wireless
communications within Indian territory. It also authorizes government
law enforcement agencies to monitor/intercept communications and
tap phone lines under conditions defined within the Indian
Constitution. The act came into force on October 1, 1885. Since that
time, numerous amendments have been passed to update the act to
respond to changes in technology.

The Telecom Commercial Communications Customer Preference

Regulations 2010 is one of the pieces of regulations, which prevents
the service providers from arbitrary sharing of personal information.
Thus, all the service providers have to take necessary measures to
protect the privacy and information shared on their networks.

The Hon’ble Supreme Court has also dealt with the right to privacy in
the context of interception of phone calls in the case of Amar Singh v.
Union of India[19].

The question, whether interception of telephonic message /tapping of

telephonic conversation constitutes a serious invasion of an individual
right to privacy was considered by Hon’ble Apex Court in detail in
the case of People’s Union case[20], wherein it was held as under:

“17. We have, therefore, no hesitation in holding that right to privacy

is a part of the right to “life” and “personal liberty” enshrined under
Article 21 of the Constitution. Once the facts in a given case
constitute a right to privacy, Article 21 is attracted. The said right
cannot be curtailed “except according to procedure established by law.

18. The right to privacy — by itself — has not been identified under
the Constitution. As a concept it may be too broad and moralistic to
define it judicially. Whether right to privacy can be claimed or has
been infringed in a given case would depend on the facts of the said
case. But the right to hold a telephone conversation in the privacy of
one’s home or office without interference can certainly be claimed as
“right to privacy”.

Conversations on the telephone are often of an intimate and

confidential character. Telephone conversation is a part of modern
man’s life. It is considered so important that more and more people
are carrying mobile telephone instruments in their pockets. Telephone
conversation is an important facet of a man’s private life. Right to
privacy would certainly include telephone conversation in the privacy
of one’s home or office. Telephone-tapping would, thus, infract
Article 21 of the Constitution of India unless it is permitted under the
procedure established by law.”

Recently, Whatsapp, widely used messaging app was also accused of

infringing the Right to Privacy of individuals for which Whatsapp
convinced its users that the messages sent by the users are encrypted
and thus does not infringes the privacy of the people

CONCLUSION
In conclusion, it is clear that Right to privacy had no place in the
Indian Constitution in the beginning because it was considered to be a
natural right which a person gets by virtue of his birth but then there
were no remedies in case the same got infringed. With time evolution
of the right took place with precedents and judgements and now has a
unique place in the Constitution. It is also found that each individual
accessing the cyber space ought to be better informed about the
advantages and disadvantages of using the same. It is necessary to be
a responsible user of the cyber space and awareness is the key. The
law in respect to the right to privacy with respect to cyber space is
still in its nascent stage and therefore, the individuals have a key role
to ensure that their rights to privacy are not intruded due to ignorance.

RIGHT TO DATA PROTECTION

INTRODUCTION

These days a term data protection has become synonymous with other
rights of the citizens which are guaranteed by the state. With the
beginning of the 21st century, there has been a sharp increase in the
development of technology, which subsequently has become an
integral part of human life. Today, these technologies have connected
to the day to day life of a human being in such a way that, these
technologies holds important data related to a user. That’s why data
protection has become so relevant in safeguarding the interest of an
individual.

This data related to an individual can also be collected by the

websites. We will look into these concepts in detail.

IMPORTANCE OF DATA PROTECTION IN CYBER LAW

With steady development in the Artificial Intelligence (AI) many

software applications like Facebook, Google etc. have developed
which not only collect and store the personal data of the user but can
also further process the data for any other purpose. In the year 2018,
the case of Cambridge Analytica has raised the eyes of many states
over the protection of personal data of their citizens. There are about
80 countries around the world who had implemented various privacy
policies like GDPR (General Data Protection Regulation) in European
Council, Brazil internet Act, 2014 in Brazil, Personal Information
Protection and Electronic Data Act (PIPEDA) in Canada, etc. to
protect their citizen’s personal data.

This huge number of countries apparently reflects the concerns of

many states over the security of their citizen’s personal data. The
implementation of various legislations around the world, therefore,
includes data protection as one of the branches in cyber law.

DATA PROTECTION UNDER GENERAL DATA PROTECTION

REGULATION (GDPR)

In recent time, GDPR was implemented by the European Council

(EU) in 2018 and comes as one of the stringent legislation to protect
the personal data of the people of the European Union. This regulation
has proved as a major development in the field of privacy law. With
the implementation of this regulation, there has been a major impact
on the big tech companies like Google, Facebook etc, and also on
many e-commerce sites. This regulation has certainly set new
jurisprudence in the space of cyber law. With the implementation of
GDPR, the whole domain of privacy rights has gone to the next level.
Let’s discuss some of its features briefly which has put this regulation
far way more ahead with the other regulations around the world.

1. Right to erasure– under GDPR, the data subjects have the right
to erase their data, having stored with any data controller or
processor.
 2. Right to data portability– under GDPR, the data subjects have
the right to port their personal data concerning
himself/themselves to one data controller or processor to
another.

DATA PROTECTION UNDER INDIAN LAW

In India, till now there is no exclusive law pertaining to the rights of

an individual’s privacy. Only there is Information Technology act,
2000, which deals with cyber crimes and provides remedies against
the violation of the act. The act contains few provisions related to the
individual’s privacy but they are not exhaustive in nature.

Under section 43A of the Information Technology Act, 2000[3], a

body corporate who is possessing, dealing or handling any sensitive
personal data or information of an individual, and is negligent in
implementing and maintaining reasonable security practices in
protecting the data and results in wrongful loss or wrongful gain to
any person, then such body corporate may be held liable to pay
damages to the person so affected. It is important to note that there is
no maximum limit specified in the act for the compensation that can
be claimed by the affected party in such circumstances.

Information Technology (Reasonable Security Practices and

Procedures and Sensitive Personal Data or Information) Rules, 2011
deals with the protection of “Sensitive personal data or information of
a person”, which includes the personal information relating to:

 Passwords;
  Financial information such as bank account or credit or debit
card or other payment instrument details;
 Sexual orientation;
 Medical records and history; and
 Biometric information.

Under section 72A of the Information Technology Act, 2000[4],

disclosure of information, knowingly and intentionally, without the
consent of the person concerned and in breach of the lawful contract
has been also made punishable with imprisonment for a term
extending to three years and fine extending to Rs 5,00,000.

Under Section 69 of the Act[5], which is an exception to the general

rule of maintenance of privacy and secrecy of the information,
provides that where the Government is satisfied that it is necessary for
the interest of:

 the sovereignty or integrity of India,

 defence of India,
 security of the State,
 friendly relations with foreign States,
 public order,
 for preventing incitement to the commission of any cognizable
offence relating to above, or
 for the investigation of any offence.

PENALTY FOR THE BREACH OF CONFIDENTIALTY AND

PRIVACY UNDER THE ACT
Section 72 of the Information Technology act, 2000 doesn’t specify
the provision relating to the breach of privacy by the data processor
but talks about a circumstance under which any person who, in
pursuance of any of the powers conferred under the IT Act Rules or
Regulations made thereunder, has secured access to any electronic
record, book, register, correspondence, information, document or
other material without the consent of the person concerned, discloses
such material to any other person, such person shall be punishable
with imprisonment for a term which may extend to two years, or with
fine which may extend to Rs 1,00,000 or with both.

WHAT IS PRIVACY POLICY?

A privacy policy is a legal document that discloses the way a party

gathers, uses, discloses, and manages a customer or client’s data. It
fulfils a legal requirement to protect a customer or client’s privacy.

Such privacy policy must provide the following:

1. clearly and easily accessible statements of its practices and

policies;
2. clearly state the type of personal and sensitive personal data or
information collected by the business;
3. purpose of collection and usage of such information;
4. about disclosure of information including sensitive personal data
or information collected; and
5. Reasonable security practices and procedures adopted by it.

ELEMENTS OF A PRIVACY POLICY

The following are the main elements which shall be consisted of a
privacy policy, are as follows:

1. Consent: The most crucial component of a privacy policy is

‘consent’. In this regard, the Supreme Court in K.S.
Puttuswamy[8] has made important observations.
2. Purpose of information collected.
3. Disclosure of information.
4. Security practices.

CONCLUSION

With the skyrocketing development in the field of technology,

interference of it in the life of human beings has been increasing. It is
well known that data is becoming the “New Oil” and Data protection
is becoming the “New Pollution Control”. The implementation of the
GDPR has provided, in a real sense, many rights to the Europeans
pertaining to protect their personal data from any unlawful processing
by the data controller. With the increase in the digital population of a
country like India, data protection and data privacy are key issues at
the moment. Every internet user intentionally or unintentionally
leaves her/ his digital footprint in the form of personal data when
browsing the internet. In such a scenario it becomes utmost important
to have exclusive legislation like GDPR to regulate data protection
and data privacy.

It is also important for the business to craft such a privacy policy,

which not only protects the rights or interests of a user/ client but also
fulfils the requirement of a business. The business should consider the
formation of terms of use and privacy policy as an art rather than just
a long-form.
 MODULE 3 – LEGAL RECOGNITION AND
AUTHENTICATION OF ELECTRONIC RECORD

UNCITRAL Model Law

In today’s world, many international trade transactions are carried out

by electronic data interchange and other means of communication,
commonly known as “electronic commerce”.

It uses alternatives to paper-based methods of communication and

storage of information.

The United Nations Commission on International Trade Law

(UNCITRAL), by the means of Model Law on Electronic Commerce
(MLEC), sought to provide a set of internationally acceptable rules
with an aim to remove legal obstacles and increase legal recognition
for e-commerce.

It has further improved the efficiency in international trade by

providing equal treatment to paper based and electronic information,
thus enabling the use of paperless communication.

It has adopted the following fundamental principles of the modern

electronic-commerce law:
 The principle of non-discrimination – It ensures that any document
would not be denied legal validity, effect, and enforceability solely
on the basis that it is in electronic form.

 The principle of technological neutrality – It mandates the adoption

of such provisions which are neutral with respect to technology
used. This aims at accommodating any future developments
without any further legislative work.

 The functional equivalence principle – It sets out the specific

requirements that e-communication ought to meet in order to fulfill
the same functions that traditional paper based system, seek to
achieve, for example, “writing”, “original”, “signed”, and “record”.

All the states have given favourable consideration to the model law
while enacting or revising their laws so that uniformity of the law
applicable to the alternatives to the paper-based methods of
communication is facilitated.

 Khoury v. Tomlinson is a landmark case decided by the Texas

Court of Appeal. The facts of this case are such that an
agreement was entered via e-mail which was not signed but only
the name of the originator appeared in the ‘from’ section.
Referring to the principles in Article 7 of the Model Law, the
court found sufficient evidence that the name in the ‘from’
section establishes the identity of the sender.

Concept of public and private key

PUBLIC KEY
Public Key Cryptography is also known as asymmetric cryptography.
It is an encryption technique that uses a pair of keys (public and
private key) for secure data communication.

In the pair of keys, the public key is for encrypting the plain text to
convert it into ciphertext, and the private key is used for decrypting
the ciphertext to read the message.

The private key is given to the receiver while the public key is
provided to the public.

All asymmetric key pairs are unique, so a message encrypted with a

public key can only be read by the person who has the corresponding
private key.

Public-key encryption is slower at the same time secure than private-

key encryption. In secret key encryption, a single shared key is used
to encrypt and decrypt the message, while in public-key encryption,
different two keys are used, both related to each other by a complex
mathematical process.

Therefore, we can say that encryption and decryption take more time
in public-key encryption.

APPLICATION OF PUBLIC KEY:

 Public key cryptography can be used to encrypt Emails to keep

their content confidential.
  Asymmetric cryptography or public-key cryptography is also
used in Secure socket layer (SSL) protocol to make secure
connections to websites.

 Public key is also used in Blockchain and cryptography

technology. For example, a pair of keys is generated, while
setting up a new cryptocurrency wallet.

 It can be used to create a digital signature in the Operating

System software such as Ubuntu, Red Hat Linux packages
distribution, etc.

Some examples of public key encryption include:

 Rivest-Shamir-Adleman (RSA)

 Elliptic Curve Cryptography (ECC)

 Diffie-Hellman

 Digital Signature Algorithm (DSA)

PRIVATE KEY:
 The secret key encryption algorithm is also known as symmetric
encryption algorithm because the private key, the same key (or
secret key) is used by both the parties, i.e., the sender and receiver,
for Encryption/Decryption technique.

The sender uses the secret key and encryption algorithm for
encryption, whereas for decryption, the receiver uses this key and
decryption algorithm.

In Secret Key Encryption/Decryption technique, the algorithm used

for encryption is the inverse of the algorithm used for decryption. It
means that if the combination of addition and multiplication is used
in the encryption algorithm, then the decryption algorithm will use
the combination of subtraction and division.

The mechanism of private key is faster than the mechanism of

public-key cryptography. The reason for this is that the size of the
key is small.

Some examples of private key encryption include:

 Block Ciphers

 Stream Ciphers

 Hash Functions

PUBLIC KEY VS PRIVATE KEY:

On the Public key Private key
basis of

Definition It is defined as the It is defined as the technique

technique that uses two that uses a single shared key
different keys for (secret key) to encrypt and
encryption and decryption. decrypt the message.

Known as It is also called as It is also called as

Asymmetric key symmetric key encryption.
encryption. It is because the same secret
key is used in bidirectional
communication.

Efficiency It is inefficient as this It is efficient as this

technique is used only for technique is recommended
short messages. for large amounts of text.

Speed It is slower as it uses two It is faster as it uses a single

different keys; both keys key for encryption and
are related to each other decryption.
through the complicated
mathematical process.

Secret It is free to use. Apart from the sender and

receiver, the private key is
kept secret and not public to
anyone.

Purpose The main purpose of the The main purpose of the

public key algorithm is to secret key algorithm is to
share the keys securely. transmit the bulk data.
 Loss of There is a less possibility There is a possibility of
key of key loss, as the key losing the key that renders
held publicly. the system void.

Additionally, some applications use public and private key encryption

combinations to secure data communications. Some of these include:

 Pretty Good Privacy software (PGP)

 Secure Sockets Layer (SSL)

Authentication of electronic records using digital signature

Authentication is a process used to confirm the identity of a person or

to prove the integrity of the information. Message authentication
involves determine its source and verifying that it had not been
modified or replaced in transit.

DEFINITIONS

Asymmetric crypto system – 2(1)(f)

Key pair – 2(1)(x)
Private key – 2(1)(zc)
Public key – 2(1)(zd)
Digital signature – 2(1)(p)
Digital signature certificate- 2(1)(q)
Electronic signature – 2(1)(ta)
Electronic signature certificate – 2(1)(h)
Affixing electronic signature – 2(1)(d)
Subscriber – 2(1)(zg)
Authentication – 3, read along with rule 3, 4 and 5 of certifying
authority rules, 2000

Rule 3 – manner of authentication by digital signature

Rule 4 – Process of creation of a digital signature
Rule 5 - Verification of digital signature

*Vinisha note*

Asymmetric cryptosystem and encryption

Asymmetric encryption, also known as public-key cryptography, is a

type of encryption that uses a pair of keys to encrypt and decrypt data.
The pair of keys includes a public key, which can be shared with
anyone, and a private key, which is kept secret by the owner.

In asymmetric encryption, the sender uses the recipient’s public key to

encrypt the data. The recipient then uses their private key to decrypt
the data. This approach allows for secure communication between two
parties without the need for both parties to have the same secret key.

Asymmetric encryption has several advantages over symmetric

encryption, which uses the same key for both encryption and
decryption. One of the main advantages is that it eliminates the need
to exchange secret keys, which can be a challenging process,
especially when communicating with multiple parties.

Asymmetric encryption is commonly used in various applications,

including secure online communication, digital signatures, and secure
data transfer. Examples of asymmetric encryption algorithms include
RSA, Diffie-Hellman, and Elliptic Curve Cryptography (ECC).

Anyone can encrypt a message using the public key, but only the
holder of the private key can unlock it. With no chance of the
communication being intercepted and read by a third party, anyone
can send a secure message to the public key’s owner.

Asymmetric encryption is frequently used for secure internet

communication, including email encryption, e-commerce, and online
banking. Digital signatures, which are used to confirm the legitimacy
of digital documents and messages, are another application for it.

ADVANTAGES OF ASYMMETRIC ENCRYPTION

Asymmetric encryption also known as public key cryptography is a
method of cryptography that uses two different keys to encrypt and
decrypt data, here are some advantages of asymmetric encryption: –

 Enhanced Security: Asymmetric encryption provides a higher level

of security compared to symmetric encryption where it is harder
for an attacker to intercept and decrypt the data.

 Authentication: Asymmetric encryption can be used for

authentication purposes which means that the receiver can verify
the sender s identity. This is achieved by the sender encrypting a
 message with their private key which can only be decrypted with
their public key if the receiver can successfully decrypt the
message, it proves that it was sent by the sender who has the
corresponding private key.

 Non-repudiation: Asymmetric encryption also provides non-

repudiation which means that the sender cannot deny sending a
message or altering its contents this is because the message is
encrypted with the sender s private key and only their public key
can decrypt it . Therefore, the receiver can be sure that the message
was sent by the sender and has not been tampered with.

 Key distribution: Asymmetric encryption eliminates the need for a

secure key distribution system that is required in symmetric
encryption with symmetric encryption, the same key is used for
both encryption and decryption and the key needs to be securely
shared between the sender and the receiver asymmetric encryption,
on the other hand, allows the public key to be shared openly and
the private key is kept secret by the receiver.

 Versatility: Asymmetric encryption can be used for a wide range of

applications including secure email communication online banking
transactions

Overall, the use of asymmetric encryption offers enhanced security

authentication non-repudiation key distribution, and versatility these
advantages make it a widely used and effective method for protecting
sensitive data in various applications.
THE MAIN FEATURES OF ASYMMETRIC ENCRYPTION (ALSO
KNOWN AS PUBLIC-KEY CRYPTOGRAPHY) ARE:

 Dual keys: Asymmetric encryption uses a pair of keys, including a

public key and a private key. The public key can be freely shared
with anyone, while the private key is kept secret and known only to
the key owner.
 Encryption and decryption: Asymmetric encryption uses the public
key to encrypt data and the private key to decrypt data. This allows
secure communication between two parties without the need to
exchange secret keys.
 Secure key exchange: Asymmetric encryption allows for secure
key exchange, which is a critical feature in secure communication.
For example, the Diffie-Hellman key exchange algorithm uses
asymmetric encryption to establish a shared secret key between
two parties without exchanging the key itself.
 Security: Asymmetric encryption is considered more secure than
symmetric encryption because it eliminates the need to exchange
secret keys, which can be a security risk. Additionally, the private
key is kept secret, which makes it harder for attackers to intercept
or tamper with the data.
 Slow processing: Asymmetric encryption is slower than symmetric
encryption because it involves more complex mathematical
operations. This can make it less suitable for applications that
require fast data processing.

DRAWBACKS:

 Speed: Asymmetric encryption is complex and, therefore, slow.

It’s not the best solution for bulk encryption–which means it
isn’t the best solution for encrypting servers, hard drives,
databases, etc.
  Complexity and Adoption: To be useful, all parties must use the
same form of encryption to share messages. In many cases, this
isn’t a problem. For example, all the major internet browsers
and providers utilize HTTPS, which means that they have
adopted certificate authorities and tools to ensure that HTTPS is
seamlessly integrated such that users never have to do a thing.
The same is true for email–almost all email providers will use
some form of TLS.

Hash Function

A hash function is a mathematical function or algorithm that simply

takes a variable number of characters (called a ”message”) and
converts it into a string with a fixed number of characters.

Hash Function is a function that has a huge role in making a System

Secure as it converts normal data given to it as an irregular value of
fixed length.

Hashing is a one-way mathematical function that turns data into a

string of nondescript text that cannot be reversed or decoded. In the
context of cybersecurity, hashing is a way to keep sensitive
information and data — including passwords, messages, and
documents — secure.
FEATURES OF HASH FUNCTIONS IN SYSTEM SECURITY:

 One-way function: Hash functions are designed to be one-way

functions, meaning that it is easy to compute the hash value for
a given input, but difficult to compute the input for a given hash
 value. This property makes hash functions useful for verifying
the integrity of data, as any changes to the data will result in a
different hash value.

 Deterministic: Hash functions are deterministic, meaning that

given the same input, the output will always be the same. This
makes hash functions useful for verifying the authenticity of
data, as any changes to the data will result in a different hash
value.

 Fixed-size output: Hash functions produce a fixed-size output,

regardless of the size of the input. This property makes hash
functions useful for storing and transmitting data, as the hash
value can be stored or transmitted more efficiently than the
original data.

 Collision resistance: Hash functions should be designed to be

collision resistant, meaning that it is difficult to find two
different inputs that produce the same hash value. This property
ensures that attackers cannot create a false message that has the
same hash value as a legitimate message.

 Non-reversible: Hash functions are non-reversible, meaning that

it is difficult or impossible to reverse the process of generating a
hash value to recover the original input. This property makes
hash functions useful for storing passwords or other sensitive
information, as the original input cannot be recovered from the
hash value.

ADVANTAGES:
  Data integrity: Hash functions are useful for ensuring the
integrity of data, as any changes to the data will result in a
different hash value. This property makes hash functions a
valuable tool for detecting data tampering or corruption.

 Message authentication: Hash functions are useful for verifying

the authenticity of messages, as any changes to the message will
result in a different hash value. This property makes hash
functions a valuable tool for verifying the source of a message
and detecting message tampering.

 Password storage: Hash functions are useful for storing

passwords in a secure manner. Hashing the password ensures
that the original password cannot be recovered from the hash
value, making it more difficult for attackers to access user
accounts.

DISADVANTAGES:
 Collision attacks: Hash functions are vulnerable to collision
attacks, where an attacker tries to find two different inputs that
produce the same hash value. This can compromise the security
of hash-based protocols, such as digital signatures or message
authentication codes.

 Rainbow table attacks: Hash functions are vulnerable to rainbow

table attacks, where an attacker precomputes a table of hash
values and their corresponding inputs, making it easier to crack
password hashes.
  Limited input size: Hash functions produce a fixed-size output,
regardless of the size of the input. This can lead to collisions if
the input size is larger than the hash function output size.

Public Key infrastructure and Hierarchy

Public key infrastructure or PKI is the governing body behind issuing

digital certificates. It is basically the entire organizational structure
that is responsible for establishing and maintaining of a reliable
system of public key cryptography.

The public key infrastructure uses a pair of keys: the public key and
the private key to achieve security. The public keys are prone to
attacks and thus an intact infrastructure is needed to maintain them.

The PKI is the medium that establishes the validity and legality of the
digital signatures used by the subscribers and of the bodies issuing the
digital signatures.

HIERARCHY OF PUBLIC KEY INFRASTRUCTURE

Controller of certifying authorities

 Certifying authorities

Subscriber

Controller of certifying Authorities

At the top of the hierarchy is the controller of certifying authorities

who licenses the Certifying Authority, who in turn issue digital
signature certificate to the subscribe.

Controller of certifying authority is the apex of PKI, who is appointed

by the Central government for supervision and control of the
Certifying authority.

Section 17 talks about the appointment of the controller, deputy

controllers, assistant controllers, and other employees of certifying
authorities.

The deputy controllers and assistant controllers are under the control
of the controller and perform the functions as specified by him. The
term, qualifications, experience and conditions of service of the
Controller of certifying authorities will be determined by the Central
Government. It will also decide the place of the head office of the
Controller.
FUNCTIONS OF CCA (SECS. 18-25)

 To act as regulator of certifying authorities (Sec. 18)

https://indiankanoon.org/doc/1210983/
 To recognize the foreign certifying authority (Sec. 19)
 To act as repository (Sec. 20)
 To grant license to CAs to issue electronic signature certificate
(Sec. 21).
 To suspend license (Sec. 25).

POWER OF CCA

 Power to delegate (Sec. 27).

 Power to investigate contraventions (Sec. 28).
 Access to computers and data (Sec. 29).

OTHER ROLES

 Supervises the activities of Certifying Authorities.

 Certifies public keys of the Certifying Authorities.

 Drafts the requirements to be maintained by way of Certifying

Authorities.

 Specifies the qualifications and revel in of employees of the

Certifying Authorities.
 Specifies the situations below which the Certifying Authority shall
conduct their business;

 Specifies the contents of written, revealed or visual materials and

commercials that may be distributed or utilized in a Digital
Signature Certificate and the general public key;

 Specifies the format and content of a Digital Signature Certificate

and the important thing;

 Specifies the layout wherein Certifying Authorities shall keep the

bills.

 Specifies the terms and situations for the appointment of the

auditors and their remuneration.

 Helps the Certifying Authorities in organizing any digital machine

and law of such gadget.

 Specifies the way wherein the Certifying Authorities shall address

the subscribers.

 Resolves any warfare that arises between the Certifying

Authorities and the subscribers;

 Lays down the duties of the Certifying Authorities;

 Maintains a database containing the disclosure record of ever

Certifying Authority.

 Maintains the database of public keys in a way that it is available to

the general public.
 Issues the license to issue the Digital Signature Certificate.

 Can suspend the license if he isn’t pleased with the validity of the
applicant.

The IT Act presents for the Controller of Certifying Authorities

(CCA) to license and adjust the running of Certifying Authorities.
The Certifying Authorities (CAs) issue digital signature certificates
for electronic authentication of users. The Controller of Certifying
Authorities (CCA) has been appointed with the aid of the Central
Government under phase 17 of the Act for functions of the IT Act.
The Office of the CCA came into existence on November 1, 2000.

It ambitions at selling the growth of E-Commerce and E-

Governance thru the wide use of virtual signatures. The Controller
of Certifying Authorities (CCA) has established the Root
Certifying Authority (RCAI) of India underneath section 18(b) of
the IT Act to digitally signal the general public keys of Certifying
Authorities (CA) within the country. The RCAI is operated as
according to the requirements laid down under the Act.

The CCA certifies the public keys of CAs the use of its own non-
public key, which permits customers in the our on-line world to
verify that a given certificate is issued by a licensed CA. For this
reason it operates, the Root Certifying Authority of India (RCAI).
The CCA additionally continues the Repository of Digital
Certificates, which incorporates all the certificates issued to the
CAs inside the country.
SUBSIDARY BODIES

The Root certifying authority of India – The CCA has established

the RCAI under section 18(b) of the IT Act to perform its functions of
licensing of CAs. This licensing is done through the issue of an X.509
certificate known as “root certificate” which certifies the public key of
CAs. It is the highest level of certification in India.

RCAI issues “certification practice statement “ – this is a statement

issued by a CA to specify the practice that the CA employs in issuing
electronic signature certificate.

National repository of digital signatures -In accordance with

Section 20 of the IT Act, NRDC is a national repository maintained
by the CCA that contains all Digital Signature Certificates and
Certificate Revocation Lists issued by all the licensed CAs. It also
contains all the Digital Signature Certificates and CRLs issued by the
CCA through its RCAI.

The duties of the NRDC are as follows:

 Publishing public key certificates of licensed CA’s
 Publishing CRLs

Certifying authorities

According to Section 2 (1) (g) of the Information technology

Act,2000 certifying authority is a person who has been granted a
license by the controller of certifying authority to issue electronic
signature certificates to the subscribers mentioned under sec 24.
A CA is authorized by the controller via a “root certificate”

The role played by the certifying authorities is similar to that of a

notary public in the real world. A notary attests that the person who
signs the documents is really that person . Similarly, a certifying
authority:
 grants digital signature certificates to subscribers
 proper identification and verification.

DUTIES OF CERTIFYING AUTHORITY (SECS. 30 – 34)

 To follow certain procedures regarding security system (Sec. 30).
 To ensure compliance of the Act (Sec. 31).
 To display its license (Sec. 32).
 To surrender its license (Sec. 33).
 To make certain disclosures (Sec. 34).

POWERS AND FUNCTION

 To issue the Digital Signature Certificate (section 35)
 To check the representations while issuing digital signature
certificate (Section36)
 To suspend the digital signature certificate (Section 37)
 To revoke the digital signature certificate (Section 38)”

List of licensed CA’s in India:

 Tata consultancy
 National informatics centre
 iTrust CA, IDRBT
 E- Mudhra

Subscriber

An applicant whose application for DSC has been received and

processed successfully. As the bottom of the PKI hierarchy is the
subscriber. The subscriber is imposed with the obligations of
obtaining a valid DSC from a licensed CA and thereafter, maintaining
its authenticity by suitably protecting the private key, A DSC acts as
proof linking a particular subscriber to a particular key pair. It
contains the following information.

1) Serial Number (assigning of serial number to the DSC by CA to

distinguish it from another certificate)
2) Signature Algorithm Identifier (which identifies the algorithm used
by CA to sign the DSC)
3) Issuer Name (name of the CA who issued the DSC).
4) Validity period of the DSC
5) Name of the subscriber (whose public key the certificate
identifies); and
6) Public key information of the subscriber

Thus, the DSC enables a relying party to identify the subscriber,

obtain the public key used by him, and verify the legality of the DSC
through the public key of the CA issuing it. The relying party, before
relying on the digital signature, should also verify the purpose of the
DSC, its validity period, key usage and class. Once verified both the
relying party and the subscriber are bound by the electronic
transaction.

PROCEDURE FOR ISSUE OF DSCs TO A SUBSCRIBER:

Any person can apply to a CA through its Registration Authority for a
DSC. The Registration Authority is the body of the CA which
interacts with the subscribers for the provision of CA services. The
procedure for the issue of DSCs as prescribed under the IT Act and
the CA Rules, and can be collectively summarized as follows:
1) Application shall be in the application form provided by the CA
and accompanied with:
 The prescribed fee, as per the class of the application.
 A certification practice statement or where there is no such
statement, a statement containing such particulars, as
specified by regulations.
2) DSCs are usually issued with a lifetime of one - two years.
3) On expiry of a DSC, application may be made for its' re-issue.
4) The CA may suspend/revoke the DSC:
 On receipt of a request from the subscriber/his agent.
 On the death of the subscriber.
 He subscriber is firm/a company, on its dissolution of
winding up.
 A material fact represented in the DSC is false/concealed.
 A condition for the issue of the DSC is not satisfied.
 There is a compromise in the CAs private key/security
system.
 There is compromise in the DSC owner's private key.
 There is misuse of the DSC
5) The CA must publish notices of such suspensions/revocation in the
CRIs.

DUTIES OF SUBSCRIBERS:
The duties of subscribers are covered under chapter VIII of the IT
Acts.

(i) Generate Key pair: On acceptance of a DSC, the subscriber shall

generate the key pair of which the public key is listed in the DSC.

(ii) Duties: The subscriber shall perform such duties as prescribed

with respect to an electronic signature.
(iii) Acceptance of DSC: A subscriber is deemed to have accepted a
DSC if be publishes it to one or more persons, or in a repository, or in
any other manner.

(iv) Certification of Subscriber: Upon acceptance of a DSC, the

subscriber certifies that he holds the corresponding private key, and
the representations made to the CA and the information in the DSC
are true.

(v) Control of Private Key. The subscriber shall exercise reasonable

care to retain control over the private key and prevent its disclosures.

(vi) Compromise of private key: to the event of a compromise of the

private key, the subscriber shall inform the CA of the same as soon as
possible. Until the CA is informed, the subscriber will continue to be
liable for the use of the private key.

Electronic records

According to section 2(t) “electronic record” means data, record or

data generated, image or sound stored, received or. sent in an
electronic form or micro film or computer generated micro fiche.

Electronic Health records – refer Rashida notes

Electronic Health Records, or EHRs, are digital versions of patient

medical records that are stored in a secure electronic system. They
contain information about a patient's medical history, diagnoses,
medications, allergies, lab results, and imaging studies.

BENEFITS OF ELECTRONIC HEALTH RECORDS

 With EHRs, everything is typed out and easy to read.

 EHRs reduce the risk of medical errors because all the

information is entered directly into the system.

 EHRs improve care coordination among healthcare providers.

 EHRs allow for better patient engagement. Patients can access

their own medical information and take a more active role in
their own care.

 EHRs improve patient safety by reducing the likelihood of

duplicate tests and medication errors.

 EHRs make it easier to share information with health insurance

companies and government agencies.

 EHRs save time and money by streamlining healthcare delivery.

No more wasting time sifting through paper files.
  EHRs offer better security for your medical information. Your
records are encrypted and password-protected, making it much
harder for unauthorised people to access your personal info.

EGovernance

According to the definition of E-governance provided by the World

Bank, it is the approach of governmental agencies to use technologies
related to communication and information for the purpose of
transforming and strengthening relations with businesses, citizens,
and other governmental agencies. The IT Act, 2000, defines one of its
prime objectives as electronic governance or e-governance promotion.

MENTION OF E-GOVERNANCE AND ASSOCIATED PROVISIONS

IN THE IT ACT, 2000

 Legal Recognition of Electronic Records (Mentioned in Section 4

of the Act) - For any important point to become a law, it is needed
to be written, printed, or typewritten. It can also be considered to
be a law if the information is provided in an electronic form.
However, the electronic form must be accessible all the time for
subsequent referencing.

 Legal Recognition of Signatures (Mentioned in Section 5 of the

Act)-Most of the documents related to a person are authenticated
by his or her signature. If the person can produce a digital form of
his signature acceptable by the central government, then the person
is legally allowed to validate the documents with the digital
signature. This is the summary of the legal recognition of digital
signature provision.
 Application of Digital Signature and Electronic Records in
Government and its Agencies (Mentioned in Section 6 of the Act) -
According to this provision, if the law allows a person

 To fill an application, form, or document related to

Government authorities or related agencies,

 To issue or grant sanction, licence, approval, or permit in a

particular way,

 To Pay or receive money in a certain manner then the

person can certainly do so in an electronic form if he
maintains the government-approved format.

Additionally, the manner and format of creating, issuing, and filing

electronic records, and the methods of payment of fees for the same
may be prescribed.

 Retention of Electronic Records (Mentioned in Section 7 of the

Act) -The law can also retain the electronic form of any
information, document, or record if it needs to do so. Retention of
records can take place if the records are accessible and available
for subsequent referencing, the format of the information is
unchanged, or accurately represent the original information, and
adequate information of the destination, origin, and date and time
of receipt or dispatch of the record. The law does not hold for
automatically generated information related to the dispatch or
receipt of the record. However, the provision does not apply to
laws that expressly provide for electronic retention of documents,
records, and information.
 Publications of rules and regulations in Electronic Gazette
(mentioned in Section 8 of the Act) -If the law requires to publish
any official rule, regulation, notification, by-law and related
matters in the Official Gazette, then it can also do so in the
Electronic Gazette. The publication date of such rules and
regulations will be the same as its first published date in any form
of the Gazette.

 Section 6, 7, and 8 does not Provide the Right to insist Acceptance

of an Electronic Form of the Document (Mentioned in Section 9 of
the Act) - The previous sections 6, 7, and 8 do not grant the right to
any person to insist on the issuance, acceptance, retention, or
creation of any document or monetary transactions directly from
the central or the state government, ministry of the department, or
associated agencies.

 Provide Power to the Central Government to Make Rules for Legal

Recognition of Digital Signatures (Mentioned in Section 10 of the
Act)- According to the IT Act, 2000, the central government has the
power to prescribe:

 Format and manner of affixation of the digital signature.

 Digital signature type.

 Identification procedure for the person who affixes the

digital signature.
  Determines the procedures to justify the security, integrity,
and confidentiality of electronic records.

 Any other legal procedures for digital signature.

Admissibility and Evidentiary value of Electronic records

https://blog.ipleaders.in/admissibility-evidentiary-value-electronic-
records/

MODULE 4 – NEW DIMENSIONS OF E-COMMERCE

E - CONTRACTS

Section 2(h), of the Indian Contract Act, 1872, tells us that the term
‘contract’ is an agreement that is enforceable under the law.

An electronic contract is an agreement formulated online. The parties

interact with one another in a digital format, rather than in-person or
over the phone. Although it is digital, an e-contract is still a contract.
It is an agreement between two individuals or companies to create a
binding mutual obligation that must include certain essential elements
to be enforceable:

 Offer: A specific offer from one party to the other to perform

some service or pay for some good.
  Acceptance: An acceptance from the other party agreeing to the
terms of the offer.
 Promise: A promise to do the action that has been accepted, such
as payment for certain goods.
 Consideration: Something of value given by one party to the other
in exchange for goods or services. For example, $5,000 for office
supplies.
 Capacity: Whether or not the signers understand the terms being
agreed to.
 Legality: The contract matter itself is legal.

KINDS OF E-CONTRACT

1. Contracts entered Into through E-mails: E-contracts may be in the

form of a contract that is entered into by way of communication
through an electronic medium like e-mails. This involves the
discussion of various stages of the formation of the contract such as
the communication of an offer, acceptance, etc. and other negotiations
of the various terms of the contract through the electronic medium.
The contract that is entered into is non-instantaneous and negotiable.
The Model Law and the IT Act provide the rules applicable to the
formation of contracts in this manner.

2. Standard Form E-Contracts: Alternatively, e-contracts can take the

form of non-negotiable and instantaneous contracts of the
following types:

 Click-Wrap Agreements: This is the most common form of e-

contracts found online. It consists of a list of terms and conditions,
to which the party can either agree to by clicking on the "I agree'
icon, or disagree by clicking the 'Cancel' T Disagree' icon. There is
no scope for any negotiation in these contracts. The party only has
 the option to reject or accept the terms of contract in their entirety.
Such agreements have been extensively challenged in the US
courts, primarily on the ground that such contracts do not provide
adequate notice to the internet user. A few important decisions are
discussed:

(i) In Forrest v. Verizon Communications Inc. a forum selection clause

present in a clickwrap agreement was enforced. It was held that the
fact that only a portion of the agreement could be viewed in a scroll
box did not imply that the notice to the user was inadequate.

(ii) In CoStar Realty Info., Inc. v. Field and Segal v. Amazon.com,

Inc., it was held that a click wrap agreement would be binding even if
the user had failed to read the contract before accepting it.

(iii) In Freja v. Facebook, Inc., the terms of service in the form of a

hyperlink below the sign up button was held to amount to adequate
notice to the user.

 Browse-Wrap Agreements: Browse-wrap agreements list out their

contract/terms and conditions (usually in the form of a hyperlink at
the bottom of the website) on the website being accessed or the
product being downloaded. Unlike a clickwrap agreement, where
the user must expressly accept the terms and conditions by clicking
on an "I agree" box, a browse-wrap agreement does not require this
type of express acceptance of the terms. Here, the mere use of the
product, for instance, browsing through the website or
downloading the product will amount to the user's assent to the
contract. The enforceability of these agreements is, however,
dependent on whether the user had actual or constructive notice of
the terms and conditions;
(i) In Specht v. Netscape Communciations Corp, the Second Circuit.
Court of Appeals held that a browse wrap agreement which was
contained in a hyperlink that could not be viewed unless the user
scrolled down to the next screen, did not constitute adequate notice to
the user, and the clicking of the download button did not amount to
consent to the agreement.

(ii) In Ticketmaster v. Tickets.com", it was held that knowledge of the

defendant ofthe terms and conditions to the website which were
contained at the bottom of the home page in small print would have to
be proved.

(iii) In Hubbertv. Dell Corp. The Illinois Court of Appeal held that the
a browse wrap agreement to which the consumers received repeated
exposure in the form of the words "All sales are subject to
Dell'sTerm[s] and Conditions of Sale in a series of pages which had to
be accessed to complete a purchase, and a conspicuous blue hyperlink
to the terms and conditions, was enforceable.

 Shrink Wrap Agreements: Shrink wrap agreements were found

inside the sealed packaging of tangible products, where one cannot
see the agreement until the product has been purchased or used.
For example, software CD came packaged in plastic with a notice
that by tearing the plastic, the user will be deemed to have assented
to the terms of use which are enclosed in the CD. The plastic
packaging usually contained some of the essential clauses of the
terms of use in brief so as to constitute adequate notice to the user.
Such agreements are likely to be found unenforceable on grounds
of inadequate notice to the user, unless constructive notice can be
established. It is from the term 'shrink wrap' that the terms 'click
wrap' and 'browse wrap' have been derived.
Thus, to ensure enforceability of standard form e-contracts, it is
essential for websites to provide adequate notice of the contract. A
good example of such notice is this caveat provided conspicuously on
the first page of the website:

"PLEASE READ THIS AGREEMENT CAREFULLY TO ENSURE

THAT YOU UNDERSTAND EACH PROVISION THIS
AGREEMENT CONTAINS A MANDATORY INDIVIDUAL
ARBITRATION"

Not only is the notice in large font, and in bold, caps and italics, it
also specifically mentions a key provision of the agreement (the
mandatory arbitration agreement) so that the user cannot deny notice
later in time by saying, for example. that she did not read the
agreement in entirety.

FORMATION OF E-CONTACTS - APPLICABILITY OF

CONTRACTS ACT

1. Contracts entered into electronically are referred to as electronic

contracts.

2. The Model Law recognizes electronic contracts.

3. This recognition comes in view of the increase in "electronic

commerce".

4. Electronic commerce involves the use of alternatives to paper-

based methods of communication and storage of information.
5. The importance of electronic commerce lies in its ability to
 improve the efficiency of commercial activities,
 enhance trade connections and
 allow new access opportunities for previously remote
parties and markets,
 displaying a fundamental role, in promoting trade and
economic development, both domestically and
internationally.

6. Model Law, along with the UN Convention on the Use of

Electronic Communications in International Contracts 2005,
provide for uniform rules to be adopted by member countries to
remove the obstacles and uncertainty created by the use of
electronic communications and creation of electronic contracts.

7. Regulation of E-Contracts in India:

A. E-contracts, like all contracts, are governed by the Indian

Contracts Act, 1872 (the "Indian Contract Act").
B. The IT Act merely recognizes the process of contract
formation through electronic means and establishes
functional equivalence between e-contracts and paper-based
contracts.
C. These provisions in the IT Act were introduced to give effect
to the corresponding provisions under the Model Law,

8. An e-contract in order to be valid will have to comply with the

provisions of the Indian Contract Act and any other law governing
the transaction.

9. Essentials of a Valid Contract:

 Proper offer and acceptance
 Intention to create legal relationship.
 Lawful consideration
  Free consent
 Capacity to contract
 Lawful object
 Certainty and possibility of performance
 Agreements not expressly.

LEGAL VALIDITY OF E-CONTACTS

1. S10A, IT Act: validity of contracts formed through electronic

means

A. Any stage may be electronic

B. No effect on law of contract formation
C. Based on Article 11, Model law

2. Section 10A: Validity of Contracts Formed Through Electronic

Means - S10A of the IT Act provides for the recognition of
contracts formed through electronic means:

"Where in a contract formation, the communication of proposals.

the acceptance of proposals, the revocation of proposals and
acceptances, as the case may be, are expressed in electronic form
or by means of an electronic record, such contract shall not be
deemed to be unenforceable solely on the ground that such
electronic form or means was used for that purpose."

A. Any stage in the formation of the contract, be it a proposal,

acceptance or revocation, may be expressed in an electronic
form or by means of an electronic record.
B. The section uses the words 'expressed in electronic form or
by means of an electronic record.
 C. The section does not specify how this communication reaches
the other party, for instance, it does not state that the
electronic record is to be transmitted electronically through
the means of a computer.
D. Therefore, this section will apply even to cases where an
electronic record is transferred manually; say in the form of a
magnetic disk which is delivered to the opposite party by
courier.

3. Article 11 of the Model Law: S10A of the IT Act has been drafted
along the lines of Articles 11 of the Model Law formation and
validity of contracts. It provides that: on the
A. In the context of contract formation, unless otherwise agreed
by the parties, an offer and the acceptance of on offer may be
expressed by means of data messages. Where a data message
is used in the formation of a contract, that contract shall not
be denied validity or enforceability on the sole ground that a
data message was used for that purpose.
B. The provisions of this article do not apply to the following:
(]."
4. No Effect on Law of Contract Formation:
A. S10A provides for a new means of forming contracts, but does
not in any way affect the Indian Contract Act or any other rules
of contract formation.
B. The Indian Contract Act in itself does not specify the means by
which the communication in the various stages of contract
formation should be made, which means that communication
may be made through any means which has the effect of
communicating the proposal acceptance or revocation.

C. The exception to this rule is when the method of

communication is specified, for instance, a specification by the
parties to the contract on how the acceptance is to be made.
D. This exception will apply even to cases where the contract is
formed through electronic means.
E. Thus, this section cannot be applied to hold a contract as
enforceable in cases where a mode of communication other
than by electronic means was specified by one of the parties,
but, the communication was instead made by the other party
through electronic means.
F. Additionally, this section does not affect any other rules that
may be applicable for the validity of the contract, for instance,
the requirement of notarization.
G. This is in line with the intention behind Article 11 of the
Model Law. With respect to this Article, the Guide to the
Model Law that are annexed with the text of the Model Law as
to their interpretation stated that the main purpose behind this
article was not to interfere with the national law of contract
formation, but, instead to settle the prevalent uncertainties in
various countries as to the validity of a contract that is
concluded through electronic mean
H. However, the provision is needed in view of the remaining
uncertainties in a considerable number of countries as to
whether contracts can validly be concluded by electronic
means.
I. Such uncertainties may stem from the fact that, in certain
cases, the data messages expressing offer and acceptance are
generated by computers without immediate human
intervention, thus raising doubts as to the expression of intent
by the parties.
J. Another reason for such uncertainties is inherent in the mode
of communication and results from the absence of a paper
document.
K. Though the IT Act is modelled on the Model law, there are
many differences in the actual wording of the Act.
L. Therefore, it is to be seen if the Guide to the Model Law will
be accepted by the Courts as a guide to the interpretation of the
clauses of the IT Act.
 M. For instance, the judgments and literature under the
UNCITRAL Model Law on International Commercial
Arbitration were not accepted by the Supreme Court as a guide
to the interpretation of the Arbitration and Conciliation Act,
1996. However, the Guide may still provide direction as to the
intent behind and scope of the clauses of the IT Act which are
similar to the

ELECTRONIC DATA INTERCHANGE

https://www.geeksforgeeks.org/what-is-edi-electronic-data-
interchange/

E-COMMERCE

1. E-commerce is conducting, managing and executing business

transactions using modern information technology.

2. E-commerce is a 'commerce based on bytes E-commerce defined

simply is the commercial transaction of services in an electronic
format.
3. The World Trade Organization (WTO) ministerial declaration on E-
Commerce defines e-commerce as, "the production, distribution,
marketing, sales or delivery of goods and services by electronic
means."

4. The six main instruments of e-commerce that have been recognized

by the WTO are
 telephone,
 fax,
 TV,
 electronic payment and money transfer systems,
  EDI (Electronic Data Interchange) and
 the internet.

5. The development of e-commerce is like a roller-coaster ride. It is

growing but is facing bumps as well. One may say it is part of the
growing up process.

6. The first phase of e-commerce threw up a new business

nomenclature using various permutations and combinations of
Business and consumers like Business-to-business (B2B), Business
to Consumers (B2C), Consumer-to- Business (C2B) and
Consumer-to consumer (C2C).

7. Models:
 Business-to-consumer (B2C)
 Business-to-business (B2B)
 Business-to-government (B2G)
 Consumer-to-consumer (C2C)
 Consumer-to-business (C2B)
 Consumer-to-government (C2G)
https://www.tutorialspoint.com/e_commerce/
e_commerce_business_models.htm
For everything below read Rashida notes
E-GOVERNANCE

WHAT IS E-GOVERNANCE
E-GOVERNANCE PROJECT IN INDIA
THE NATIONAL E-GOVERNANCE PLAN (Ne-GP)
E-COURTS MISSION MODE PROJECT OF INDIA
E-BANKING TRANSCATION
ONLINE PAYMENT OPTIONS
FIRST VIRTUAL
CYBER CASH
SECURED ELECTRONIC TRANSCATION

TAXATION ISSUES IN CYBERSPACE

PERMANENT ESTABLISHMENT
DOUBLE TAXATION AVOIDANCE AGGREEMENT
MODEL TAX TREATY
OECD (Organization for economic co-operation and development)
MODEL TAX TREATY AND UN MODEL TAX TREATY

MODULE 5 – CYBER CRIMES

MEANING

NATURE AND SCOPE

MENS REA
ACTUS REUS

CYBER CONTRAVENTIONS AND CYBER OFFENCES

UNDER IT ACT

CYBER CRIMES AGAINST

PERSON
PROPERTY
GOVERNMENT

CYBER CRIME UNDER IT ACT AND POSCO

HACKING
HIJACKING
DIGITAL FORGERY
CYBER PONOGRAPHY
CHILD PORNOGRAPHY
CYBER STALKING
CYBER BULLYING
PHISHING
IDENTITY THEFT AND FRAUD
CYBER MURDER
VIRUS ATTACH
CYBER TERRORISM
CYBER WELFARE
CYBER DEFAMATION

ADJUDICATION UNDER IT ACT

ADJUDICATORY OFFICER
CYBER APPELATE TRIBUNAL
MODULE 6 – INTELLECTUAL PROPERTY ISSUES IN
CYBERSPACE