CYBERCRIMES

AND
DUE DILIGENCE
 A PRESENTATION
BY
PAVAN DUGGAL,
ADVOCATE, SUPREME COURT OF
INDIA
PRESIDENT,CYBERLAW ASIA
CYBERLAW CONSULTANT,
MEMBER, MAC, ICANN
NIRC-ICAI SEMINAR
1-4-2006 , DELHI
 CYBERCRIMES GALORE

• DPS MMS CASE

• ARIF AZIM CASE
• KARAN BAHREE CASE
• SHEKHAR VERMA CASE
• CYBERSYS INFOTECH LIMITED CASE
• MANY MANY MORE THAT OCCUR BUT
ARE NEVER REPORTED
 GROSS UNDER
REPORTING
• FOR EVERY
CYBERCRIMES
500 INSTANCES
THAT OCCUR
OF
IN
INDIA,
• ONLY 50 ARE REPORTED AND
• OUT OF THE SAME, ONLY ONE CASE
GETS REGISTERED BY THE POLICE.
• UNDER REPORTING DOES NOT EQUAL
TO ABSENCE OF CYBERCRIME
 CYBERCRIME
DEFINITION
• Cybercrime refers to all the activities done
with criminal intent in cyberspace or using
the medium of Internet.
• These could be either the criminal activities
in the conventional sense or may be activities
newly evolved with the growth of the new
medium.
 CYBERCRIME IMPACT
ON IT
• Cybercrime adversely impacts various activities in
the electronic medium using computers, computer
systems and computer networks
• Effect is not just destruction or adverse impact on
data.
• Cybercrimes also have the ability to disrupt or
damage computers, computer systems and
computer networks as also data or information
resident therein
• Cybercrimes directly inhibit e-commerce and the
free use of the Internet and computers.
 CYBERCRIME
CATEGORIES
• Cybercrimes can be basically
divided into 3 major categories
being Cybercrimes
– against persons
– against property
– against Government
 STATISTICS
• The Asian School of Cyberlaws’
Computer Crime and Abuse Report
(India) 2001-02 reports that Data Theft
at 33% makes up largest category of
reported incidents of Cybercrime.
• Of this 37% of data stolen is the
Source/Object Code.
 INFORMATION
TECHNOLOGY ACT, 2000 &
CYBERCRIME
• Various cyber offences defined

• Cyber offences to be investigated only by

a Police Officer not below the rank of the
Deputy Superintendent of Police.
 CYBER OFFENCES UNDER
THE IT ACT
• Tampering with computer source
documents – Section 65
• Hacking - Section 66
• Publishing of information which is
obscene in electronic form - Section 67
 SECTION 65
• Tampering with computer source documents
• Knowingly or intentionally concealing,
destroying or altering or intentionally or
knowingly causing another to conceal, destroy
or alter any computer source code used for
computer, computer programme, computer
system or computer network, when the
computer source code is required to be kept or
maintained by law for the time being in force
 PUNISHMENT FOR
TAMPERING COMPUTER
SOURCE DOCUMENTS

• Imprisonment up to three years, or with

fine which may extend up to two lakh
rupees, or with both.
 SECTION 66
• Hacking with computer system
• Occurs when there is intent to cause or
knowledge that one is likely to cause wrongful
loss or damage to the public or any person by
destroying or deleting or altering any
information residing in a computer resource or
diminishing its value or utility or affecting it
injuriously by any means
 PUNISHMENT FOR
HACKING

• Imprisonment up to three years, or with

fine which may extend upto two lakh
rupees, or with both.
 SECTION 67
• Publishing of information which is obscene in
electronic form
• Publishing or transmitting or causing to be
published in the electronic form, any material
which is lascivious or appeals to the prurient
interest or if its effect is such as to tend to
deprave and corrupt persons who are likely,
having regard to all relevant circumstances, to
read, see or hear the matter contained or
embodied in it
 PUNISHMENT FOR
PUBLISHING OBSCENE
INFORMATION IN
ELECTRONIC FORM
• On first conviction - imprisonment of either
description for a term which may extend to five
years and with fine which may extend to one
lakh rupees
• Second or subsequent conviction -
imprisonment of either description for a term
which may extend to ten years and also with
fine which may extend to two lakh rupees.
CYBER OFFENCES UNDER
THE IT ACT (contd)

• Breach of confidentiality and privacy

• Misrepresentation
• Publishing Digital Signature Certificate
false in certain particulars and
publication for fraudulent purposes.
NEW MANIFESTATIONS
• NEW FORMS AND
MANIFESTATIONS OF
CYBERCRIMES EMERGING
EVERYDAY.
 IT ACT DEFICIENT
• The offences defines in the IT Act are by
no means exhaustive.
• However, the drafting of the relevant
provisions of the IT Act make it appear as
if the offences detailed in the said IT Act
are the only Cyber offences possible and
existing.
 NEED FOR
INGENUITY

• Just as human mind is ingenious enough to

devise new ways for perpetuating crime,
similarly, human ingenuity needs to be
channelised into developing effective legal and
regulatory mechanisms to control and prevent
Cybercrimes.
 BREACH OF SECURITY
• Breach of security attracts consequences of civil
liability.
• If a person without the permission of owner or
any other person in charge of a computer,
computer system or computer network, accesses
or secures access to such computer, computer
system or computer network, he is liable to pay
statutory damages by way of compensation, not
exceeding one crore rupees to the person so
affected.
 CIVIL LIABILITY

• Downloading, copying or extracting any data,

computer database or information from such
system or introducing any computer virus into
the same or damaging, destructing or causing
to be damaged or disruption of the same or
denying the access to any authorized person
of the same, and providing any assistance to
any person for doing any of the acts mentioned
above, would also attract the civil liability of
damages by way of compensation not
exceeding rupees one crore.
 BREACH OF
SECURITY (contd.)
• Breach of security is also implicitly
recognized as a penal offence in the form
of hacking.
• This offence is declared as a penal
offence punishable with three years
imprisonment and two lakh rupees fine.
 INVESTIGATION

• For the purpose of investigating the

offences detailed under the IT Act, 2000,
police officers not below the rank of
Deputy Superintendent of Police have
been duly authorized and who have also
been given the power of entry, search
and arrest without warrant in public
places.
 Section 79
• For the removal of doubts, it is hereby declared
that no person providing any service as a
network service provider shall be liable under
this Act, rules or regulations made thereunder
for any third party information or data made
available by him if he proves that the offence or
contravention was committed without his
knowledge or that he had exercised all due
diligence to prevent the commission of such
offence or contravention.
 Network Service Providers:
When Not Liable
• Explanation.—For the purposes of this section,
—
(a) "network service provider" means an
intermediary;
(b) "third party information" means any
information dealt with by a network service
provider in his capacity as an intermediary.
 OFFENCES BY
COMPANIES
Where a person committing a contravention of any
of the provisions of this Act or of any rule, direction
or order made thereunder is a company, every
person who, at the time the contravention was
committed, was in charge of, and was responsible
to, the company for the conduct of business of the
company as well as the company, shall be guilty of
the contravention and shall be liable to be
proceeded against and punished accordingly:
 OFFENCES BY
COMPANIES(contd)

Provided that nothing contained in this

sub-section shall render any such person
liable to punishment if he proves that the
contravention took place without his
knowledge or that he exercised all due
diligence to prevent such contravention.
 CLAUSE 49, SEBI
• FOR LISTED COMPANIES
• CERTIFICATIONS BY CEO AND THE
COMPLAINCE OFFICER
• CERTIFICATION OF DATA ,
INFORMATION, COMPUTERS, COMPUTER
SYSTEMS AND COMPUTER NETWORKS
• NEED FOR CYBER LEGAL DUE DILIGENCE
 DUE DILIGENCE

• Compliance with IT Act, IT Rules, notifications etc.

• Compliance with Indian Evidence Act.

• Information Technology Security Policy

• Legal Authentication of E- records.

• Retention of E-records as per law.

 CONCLUSION

• Techno-Legal Risks in today’s Business Environment.

• Need to have a systematic plan for to measure risk of

exposure to the same.

• Due Diligence and Compliance only mantra of

survival in today’s E- world.

PDA DUE DILIGENCE VER 1.

• PAVAN DUGGAL ASSOCIATES

• PAVAN DUGGAL DUE DILIGENCE

VERSION 1.

• 33 PARAMETERS, COMPLIANCE WITH

THE IT ACT, 2000

 CONCLUSION(contd)

• Limiting your liability for criminal activities

done on your computers, computers and

computer networks by others is absolutely

essential lest we face some unpleasant

situations.
 CONCLUSION(contd)
• CYBERLAW AUDIT OF YOUR OPERATIONS USING

COMPUTERS, COMPTUER SYSTEMS AND COMPUTER

NETWORKS CRITICAL FOR YOUR CONTINUED

GROWTH.

• PAVAN DUGGAL ASSOCIATES UNDERTAKES

CYBERLAW AUDITS FOR CLIENTS FOR LIMITING

THEIR LIABILITY
THAT WAS A PRESENTATION
BY
PAVAN DUGGAL,
ADVOCATE, SUPREME COURT
OF INDIA
HEAD, PAVAN DUGGAL
ASSOCIATES,
PRESIDENT,CYBERLAWS.NET
EMAIL : pduggal@vsnl.com
pduggal@gmail.com