PARUL UNIVERSITY

DEPARTMENT OF BCA
SEMESTER 3
CYBER SECURITY
(06010103UE02)
UNIT-3
CYBER LAW
CYBER LAW

• Cyber law addresses legal issues related to the internet, digital transactions,
and cyber crimes.
• The need for cyber law arises from the necessity to regulate and safeguard
digital information, systems, and communication.
 Legal and
Privacy and
Ethical Issues
Data
in
Protection
Cyberspace

Need for
Cyber Law Cyber
Protection of
Security and
Intellectual
National
Property
Security

Regulation of Protection
E-commerce Against
and Digital Cyber
Transactions Crimes
CYBER LAW

• Cyber Jurisprudence:
• Cyber jurisprudence refers to the legal theories and philosophies concerning
the regulation and governance of cyberspace.
• It involves the interpretation and application of laws to issues arising in
the digital world.
• Given the borderless nature of the internet, cyber jurisprudence
encompasses both international and national frameworks to address cyber
law effectively.
 International
Cyber
Jurisprudence

General Data United Nations Tallinn Manual on

Budapest
Protection Framework the International
Convention on
Regulation addressing Cyber Law Applicable to
Cybercrime
(GDPR) by EU Security Cyber Warfare

UN Group of
Governmental
Experts (GGE)

International
Telecommunicatio
n Union (ITU)
CYBER LAW

• International Cyber Jurisprudence

• Budapest Convention on Cybercrime: The Budapest Convention on
Cybercrime, also known as the Council of Europe Convention on
Cybercrime, is the first international treaty aimed at addressing internet
and computer crime by harmonizing national laws, improving investigative
techniques, and fostering international cooperation.
• Adopted in Budapest, Hungary, on November 23, 2001.
• Provides a comprehensive framework for tackling cybercrime through
international cooperation.
CYBER LAW

• International Cyber Jurisprudence

• General Data Protection Regulation (GDPR): The General Data
Protection Regulation (GDPR) is a comprehensive data protection law
enacted by the European Union (EU) to enhance individual privacy
rights and simplify regulatory environments for international business.
• It came into effect on May 25, 2018, and applies to all EU member states,
impacting organizations worldwide that process the personal data of EU
citizens.
CYBER LAW

• International Cyber Jurisprudence

• United Nations Framework addressing Cyber Security:
• UN Group of Governmental Experts (GGE): Established by the United
Nations, the GGE brings together experts from various countries to discuss
and develop norms, rules, and principles for responsible state behavior in
cyberspace.
CYBER LAW

• International Cyber Jurisprudence

• United Nations Framework addressing Cyber Security:
• International Telecommunication Union (ITU): The International
Telecommunication Union (ITU) is a specialized agency of the United
Nations responsible for issues related to information and communication
technologies (ICTs).
• ITU-T Recommendations- The ITU Telecommunication Standardization
Sector (ITU-T) develops international standards that are essential for
ensuring the security and interoperability of global ICT systems
CYBER LAW
• International Cyber Jurisprudence
• Tallinn Manual on the International Law Applicable to Cyber Warfare
• The Tallinn Manual is a comprehensive guide on how existing international law
applies to cyber warfare. Initially published in 2013, and updated in 2017 as the
Tallinn Manual 2.0, it was developed by a group of international legal
experts at the invitation of the NATO Cooperative Cyber Defence Centre of
Excellence (CCDCOE) in Tallinn, Estonia.
• The manual provides a detailed analysis of how traditional principles of
international law, including the law of armed conflict, apply in the context
of cyber operations.
 INFORMATION TECHNOLOGY ACT, 2000
• The Information Technology Act, 2000 (IT Act) is the primary law in India
dealing with cybercrime and electronic commerce.
• The Information Technology Act was passed as a response to the developments
in the IT Sector, to facilitate e-commerce and e-governance, and to control
cybercrimes.
• It was approved in 2000 by the Indian Parliament to provide legal recognition
for transactions carried out by means of electronic data interchange and other
means of electronic communication.
• The Information Technology Act also amended the Indian Penal Code, the
Indian Evidence Act, and the Banker’s Books Evidence Act to incorporate
provisions dealing with cybercrime.
INFORMATION TECHNOLOGY ACT, 2000
• The IT Act with 13 chapters, and 2 schedules in total, is a comprehensive law
that covers a wide range of issues related to information technology,
including:
• Chapter II deals with Use of Digital Signature to authenticate an electronic
record.
• Chapter-III of the Act details about Electronic Governance
• Chapter-IV of the said Act gives a scheme for Regulation of Certifying
Authorities.
• Chapter-IX of the said Act talks about penalties and adjudication for
various offences.
INFORMATION TECHNOLOGY ACT, 2000

• The IT Act with 13 chapters, and 2 schedules in total, is a comprehensive law

that covers a wide range of issues related to information technology,
including:
• Chapter-XI of the Act talks about various offences and the said offences shall
be investigated only by a Police Officer not below the rank of the Deputy
Superintendent of Police.
• The Act also provides for the constitution of the Cyber Regulations
Advisory Committee, which shall advice the government as regards any
rules, or for any other purpose connected with the said act.
INFORMATION TECHNOLOGY ACT, 2000

• Features of Information Technology Act 2000:

• It provides legal recognition for electronic signatures and digital
signatures, which can be used to authenticate electronic records and
documents.
• It facilitates the electronic filing of documents with government agencies.
• It provides a framework for electronic commerce and online transactions.
• It defines and penalizes cybercrimes such as hacking, data theft, and online
fraud.
INFORMATION TECHNOLOGY ACT, 2000

• Features of Information Technology Act 2000:

• It gives the government the power to intercept and monitor electronic
communications in certain cases.
• It provides for the establishment of a national nodal agency for cyber
security and incident response. (Guess the name)
• The IT Act has been amended several times since it was enacted in 2000, to
keep up with the changing landscape of information technology and
cybercrime. The most recent amendment was the Information Technology
(Amendment) Act, of 2023, which was enacted in August 2023.
INFORMATION TECHNOLOGY ACT, 2000

• Objectives of Information Technology Act 2000:

• Grant legal recognition to Electronic Records and Digital Signatures
• Facilitate Electronic Governance and Commerce
• Define and Penalize Cybercrimes
• Regulate Cyber Activity
• Establish Institutional Mechanisms: adjudicating officers, appellate tribunals,
and regulatory authorities
• Enable Data Protection
• Promote growth of the IT Sector and Foster Innovation.
INFORMATION TECHNOLOGY ACT, 2000
AND ITS AMENDMENTS
• Amendment Act, 2008 IT Act 2008
• The Act introduced several definitions to bring in more clarity and make it
more inclusive:
• Electronic signature
• Communication Device
• Cyber café
• Cyber Security “means protecting information, equipment, devices, computer,
computer resource, communication device and information stored therein from
unauthorized access, use, disclosure, disruption, modification or destruction.”
INFORMATION TECHNOLOGY ACT, 2000
AND ITS AMENDMENTS
• The Act also revised the definition of "Intermediary with respect to any
particular electronic records, means any person who on behalf of another
person receives, stores or transmits that record or provides any service
with respect to that record and includes telecom service providers,
network service providers, internet service providers, web hosting
service providers, search engines, online payment sites, online-auction
sites, online market places and cyber cafes.
INFORMATION TECHNOLOGY ACT, 2000
AND ITS AMENDMENTS
• Assignment: Write a brief summary of Information Technology Rules, 2021
and Information Technology Amendment Rules, 2023. Information
Technology Amendment Rules, 2023. Illustrate with examples the scope,
application and future implication of Information Technology Amendment
Rules, 2023.
 LAWS IN INDIA REGARDING POSTING OF
INAPPROPRIATE CONTENT
• Information Technology (IT) Act, 2000
• Section 66A: Initially, this section dealt with the punishment for sending
offensive messages through communication services, etc. However, it was struck
down by the Supreme Court of India in 2015 in the Shreya Singhal v. Union of
India case as it was deemed to violate freedom of speech and expression.
• Section 67: publication or transmission of obscene content in electronic form. It
prescribes penalties for publishing or transmitting obscene material.
• Section 67A: Deals with the publication or transmission of material containing sexually
explicit content.
• Section 67B: Specifically targets the depiction of children in sexually explicit acts or conduct.
LAWS IN INDIA REGARDING POSTING OF
INAPPROPRIATE CONTENT
• Protection of Children from Sexual Offences (POCSO) Act, 2012:
Addresses the sexual exploitation and abuse of children and includes
provisions for dealing with child pornography.
• Indecent Representation of Women (Prohibition) Act, 1986: Prohibits
indecent representation of women through advertisements or in publications,
writings, paintings, figures, or in any other manner.
• Intermediary Guidelines and Digital Media Ethics Code, 2021: These
guidelines require intermediaries (such as social media platforms) to observe
due diligence, including the removal of illegal content based on court orders
or notifications by the appropriate government or its agency.
THE PAYMENT AND SETTLEMENT
SYSTEMS ACT, 2007
• The Payment and Settlement Systems Act 2007 (Total chapters = 8), set up
by the RBI, provides for the regulation and supervision of payment systems
in India.
• It came into force with effect from 12th August 2008.
• Objectives:
• To provide regulation and supervision of payment methods in India.
THE PAYMENT AND SETTLEMENT
SYSTEMS ACT, 2007
• To designate RBI, the apex institution as authority for purposes related to
payment systems in India and other purposes for which RBI is authorized to
constitute a central authority known as the Board for Regulation and
Supervision of Payment and Settlement Systems (BPSS).
• To constitute such regularities by RBI to exercise its power and perform its
functions.
• To provide a legal basis for “netting” and “settlement finality”.
THE PAYMENT AND SETTLEMENT
SYSTEMS ACT, 2007
• Two regulations made under the Act through RBI:
• Board for Regulation and Supervision of Payment and Settlement Systems Regulations,
2008
• the Payment and Settlement Systems Regulations, 2008
• Section 2(1) deals with the definitions of the important words used in the Act.
• Payment Obligation, Payment Instructions, Settlement, Payment System, System
Providers etc.

• Section 34 of the PSS Act states that stock exchange or clearing corporations
set up under stock exchange are not applicable under this Act.
THE PAYMENT AND SETTLEMENT
SYSTEMS ACT, 2007
• According to Section 4 of the PSS Act, only RBI has an authority to operate
or commence any payment system and if any person or system providers
desire to operate or commence a payment system then he has to apply for
authorization from RBI under Section 5 of the Act.
• The Act doesn’t differentiate or discriminate between domestic and foreign
entities. It uses the expression “No Person” under Section 4 of the Act. Thus,
foreign entities are allowed to operate the payment system in India.
• Financial Market Infrastructure refers to Central Securities Depositories
(CSDs), Securities Settlement Systems (SSSs), Central Counter Parties (CCPs),
and Trade Repositories (TRs) as “payment systems” under the Act, to facilitate
the clearing, settlement, and recording of financial transactions.
THE PAYMENT AND SETTLEMENT
SYSTEMS ACT, 2007

• Section 24 of the Act prescribes for the system provider to make provisions
for the creation of a panel to decide the dispute between the system
participants and if any dispute arises between two or more system
participants then they shall refer the matter to the panel.
• If the system participants are not satisfied with the decision of the panel or
the dispute arises between any system participant and system provider then
the dispute shall be referred to the Reserve Bank of India.
• Section 26, 27, 28, 29, 30, and 31 deals with the provisions related to
offences and penalties.
THE PAYMENT AND SETTLEMENT
SYSTEMS ACT, 2007
• Powers of RBI under this act:
• Section 7(3) of the Act, RBI can refuse to grant authorization to the application
by giving a written notice stating the reasons for refusal of the application.
• Section 8 of the Act empowers RBI to revoke the authorization granted by it.
• Section 7 empowers the RBI to collect authorization fees.
• Section 15(3) gives an authority to RBI to disclose any document or information
obtained by it to any person or authority to whom it considers necessary for the
protection of the integrity, effectiveness or security of the payment system, or it is
necessary to disclose in the interest of banking or monetary policy or operation of
payment system or it is in the interest of the general public.
THE PAYMENT AND SETTLEMENT
SYSTEMS ACT, 2007
• Section 14 of the Act empowers the RBI to ensure compliance with the
provisions of the Act. RBI is authorized to conduct an on-site inspection.
• Section 17 and Section 18 of the Act authorizes the RBI to issue directions
to a payment system or system participant to cease or prohibit from
committing any act or omission, or it can direct to perform any act, or it can
also issue directions for smooth function of the payment system.
• For committing any of the offences, RBI is empowered to initiate a
criminal proceeding against the offender.
ORGANIZATIONS DEALING WITH CYBER-
CRIME AND CYBER SECURITY IN INDIA
• Government Bodies:
1. Ministry of Home Affairs (MHA):
• Indian Cyber Crime Coordination Centre (I4C)
2. Ministry of Electronics and Information Technology (MeitY):
• Indian Computer Emergency Response Team (CERT-In)
• Cyber Swachhta Kendra
3. National Security Council Secretariat (NSCS):
• National Critical Information Infrastructure Protection Centre (NCIIPC)
4. Centre for Development of Advanced Computing (C-DAC)
ORGANIZATIONS DEALING WITH CYBER-
CRIME AND CYBER SECURITY IN INDIA
• Private Sector and Industry Associations
1. Data Security Council of India (DSCI)
2. NASSCOM Cyber Security Task Force