Professional Documents
Culture Documents
Unit 4
Unit 4
1. Intellectual property
3. Freedom of expression
The Indian parliament passed its first cyberlaw, the ITA 2000- aimed at providing
the legal infrastructure for E-commerce in India.
The reason for enactment of cyberlaws in India are
The original ITA 2000 contained 94 sections, divided into 13 chapters and 4
schedules.
Sections relevant to the discussions of cybercrime in legal
context
He/she shall be punishable with imprisonment up to 3 years, or with fin which may
extend up to 2 lakh rupees or with both.
Section 66: Computer-related offences
Whoever is intent to cause wrongful loss or damage to the public or any person
destroy or alter or delete the information residing in the computer resource or
diminishes its value or utility or commits hack.
He/she shall be punished with imprisonment for three years and with fine of 5 lakh
rupees or with imprisonment of three years and with fine of 10 lakh rupees.
Section 71: Penalty for misrepresentation
Whoever makes any misrepresentation to, or suppresses any material fact from,
the controller or the certifying authority for obtaining any license or digital
signature certificate.
He/she shall be punished with imprisonment for a term which may extend to 2
years, or with fine which may extend to 1 lakh rupees, or both.
Section 72: Penalty for breach of confidentiality and privacy
He/she shall be punished with imprisonment for a term which may extend to 2
years, or with fine up to 1 lakh rupees.
Section 73: Penalty for publishing Digital Signature Certificate false in certain
particulars
No person shall publish a Digital Signature Certificate or otherwise make it available
to any other person with the knowledge that:
1. The certifying Authority listed in the certificate has not issued it; or
He/she shall be punished with the imprisonment for 2 years or fine up to 1 lakh
rupees or with both.
Section 74: Publication of fraudulent purpose
From the perspective of the corporate sector, companies are able to carry out E-
Commerce using legal infrastructure provided by the ITA 2000.
Corporate will now be able to use digital signature to carry out their transactions
online.
A remedy is provided to the company by the ITA 2000 in the form of monetary
damages, via compensation, not exceeding Rs 10,000,000.
It does not pay any heed on Domain Name related issues. It does not deal with the
rights and liabilities of domain name holders
It does not cover various evolving forms and manifestations of cybercrimes such
as:
• Cyber theft
• Cyber stalking
• Cyber harassment
• Cyber defamation
• Cyber fraud
• Misuse of credit card numbers
• Theft of Internet hour
It is not explicit about regulations of electronic payments.
ITA 2000 does not deal for Proper Intellectual Property Protection for Electronic
Information and Data. Contentious yet very important issues concerning online
copyrights, trademarks and patents have been left unnoticed by the law, thereby
leaving many loopholes.
The most serious concern about the Indian cyberlaw relates to its implementation.
Objectives of IT Act 2000
To provide legal recognition for all the transactions that are carried out by means
of electronic data interchange or electronic commerce in place of paper-based
methods of communication.
To grant legal recognition to digital signatures for the authentication of any matter
or information that requires authentication under any law.
To facilitate the electronic filing of Government documents with the respective
departments. Also, it facilitates the electronic storage of data.
To provide legal sanction for the transfer of funds electronically to and between
financial institutions and banks.
To grant legal recognition for keeping the books of accounts in an electronic
format for the bankers.
To promote legal infrastructure and e-commerce along with secure information
systems. At the same time, amended the Indian Penal Code, Bankers Book
Evidence Act, 1891, and RBI Act, 1934.
To enforce certain laws that would manage and reduce cyber-crimes at national
and international levels. The IT Act 2000 governs all internet activities in India,
and it is applicable to all online transactions. It provides for the penalties and
prosecution for all the non-compliances.
Public-Key Infrastructure Technology(PKI)
Types of Encryption
1. Symmetric Encryption
2. Asymmetric Encryption
Asymmetric Cryptography is also known as public-key cryptography. It uses
public and private keys to encrypt and decrypt data.
PKI is a framework for services that generate, distribute, control and account for
public key certificates. PKI uses certification Authority(CA) to validate and bind a
user identity with a digital certificate
1. Certificate user
2. Public-key certificate
3. Certification Authority(CA)
4. Registration Authority(RA)
6. Certificate repository
Digital Signature
A digital signature is an electronic, encrypted stamp of authentication on digital
information such as messages. The digital signature confirms the integrity of the
message.
The CA issues a digital certificate containing the applicant’s public key and a
variety of other identification information.
3. Expiration dates.
Trusted person who issue digital certificates and public-private key pairs.
It assures that the one who is transferring the certificate is, in fact, he or she
claims to be/ proves the owner of the certificate.
Certifying authorities verifies the physical documents of the person who is willing
to get digital certificate.
Licensing of Certificate Authorities(CA)
IT Act 2000 had prescribed digital signatures based on Asymmetric cryptosystem
and hash system as the only acceptable form of authentication of electronic
documents recognized as equivalent to “signatures” in paper form.
Section 21 of the Act defines the licensing procedure for CAs. The applicant
should fulfil all the necessary requirements of “qualification”, “expertise”, “man-
power”, “financial resources” and “infrastructural facilities” which are necessary
to issue digital certificates prescribed by the central government.
The license period should be long enough to make the business viable.
Steps followed in creating digital signature
1. Message digest is computed by applying hash function on the message and then
message digest is encrypted using private key of sender to form the digital
signature.
3. Receiver decrypts the digital signature using the public key of sender.
5. The receiver can compute the message digest from the message.
6. The message digest computed by receiver and the message digest (got by
decryption on digital signature) need to be same for ensuring integrity.
X.509 Certificates
X.509 is a digital certificate that is built on top of a widely trusted standard known
as ITU or International Telecommunication Union X.509 standard, in which the
format of PKI certificates is defined.
Some of the most widely visible application of X.509 certificates today is in web
browsers that support the secure socket layer(SSL) protocol.
The X.509 certificate includes
• Subject name;
• Signature of issuer;
1. Authenticity
2. Integrity
3. Non-Repudiation
As digital signatures go through greater lengths to record transactions and verify
identity, they’re considered to be more secure than regular electronic signatures
Licence Certifying Authorities in India
Safescrypt
E-Mudhra
Capricorn
Electronic Signature
In comparison to digital signatures, basic electronic signatures are a lot simpler;
they’re essentially a digital version of an ink signature.
An electronic signature can be anything from a typed/drawn out name, a tick box
plus declaration, symbol, or PIN.
The main characteristic of an electronic signature is that it reveals the signer's intent
to sign the document. It usually complies with contracts or other agreements that are
entered into by two parties
Cybercrime ,which are more harmful acts committed from or against a computer
or network, differs from most terrestrial crimes in four ways