Cyber Law

Author Dr. Padmavathi Ganapathi Dean - School of Physical Sciences and Computational Sciences Professor Department of Computer Science Avinashilingam Institute for Home Science and Higher Education for Women (Deemed to be University) Coimbatore-641043 Tamil Nadu INDIA. Co - authors Dr. Sridaran Rajagopal Professor and Dean, Faculty of Computer Applications Marwadi Education Foundation's Group of Institutions Rajkot - Morbi Road, Rajkot 360 003, Gujarat. [email protected] Mr. Ravichandran Swaminathan Member, Cyber Society of India Data Security Council of India Cyber Crime Investigation Consultant [email protected]

1

Cyber Law Author (s) Padmavathi Ganapathi a*, Sridaran Rajagopal b, Ravichandran Swaminathan c a

Dean - School of Physical Sciences and Computational Sciences, Professor, Department of Computer Science, Avinashilingam Institute for Home Science and Higher Education for Women (Deemed to be University), Coimbatore, Tamilnadu, India. [email protected] b

Professor and Dean, Faculty of Computer Applications, Marwadi Education Foundation's Group of Institutions, Rajkot - Morbi Road, Rajkot 360 003, Gujarat. [email protected] c

Member, Cyber Society of India, Data Security Council of India, Cyber Crime Investigation Consultant. [email protected]

First Edition 2022 ISBN: 9798887335506

@Copyright (2022): Authors. The licensee is the Publisher (Notion Press).

2

Preface Cyber Attacks and Cyber Crimes are increasing tremendously due to the growth of technology day by day. On one hand, technology provides a faster development and solution for many industrial demands. On the other hand, the cyber criminals are in search of loopholes in the systems with information and communication technologies to steal the authentic information without the knowledge of the user. These types of activities may lead to cyber attacks and cyber threats in the form of malware, phishing, ransomware and many more. Cyber crimes are committed with the help of technology and cyber crimes are punishable according to cyber law. Cyber law and its associated cyber acts and sections pave the way to identify the criminal activities. Information Technology Act 2000 and its amendments provide the legal framework to handle cyber crimes. The book on ―Cyber Law‖ deals with evolution of cyber law, ethical concerns, cyber policies, cyber strategies, Information Technology Act 2000, Amendment of Information Technology Act 2008, evidentiary value of E-Mail / SMS, Cyber crimes and offences dealt with IPC, Intellectual Property Rights in India, Anti – Money Laundering Act and comparison among various cyber laws. This material is useful for every citizen to know about their rights and offensive activities according to cyber law. It is also useful for cyber security specialists, lawyers and cyber crime officers to explore the cyber regulations and policies. This material can also be used to create awareness among the public about the legal implications of certain activities in cyber space.

PADMAVATHI GANAPATHI Dean - School of Physical Sciences and Computational Sciences Professor - Department of Computer Science Avinashilingam Institute for Home Science and Higher Education for Women (Deemed to be University) Coimbatore - 641043. 3

Acknowledgment I, the Course Co-ordinator, is thankful to MHRD-UGC for sanctioning the MOOC on Cyber Security under SWAYAM platform. The entire resources are prepared for the SWAYAM-MOOC learners to offer the course free of cost. I would also like to place on record my sincere gratitude to all the administrators of Avinashilingam Institute for Home Science and Higher Education for Women (Deemed to be University), Coimbatore for their support and inspiration. I am grateful to all the subject experts who reviewed the scripts and the content writers who extended their fullest co-operation and timely help for preparing the script and running the course. I also would like to acknowledge the support of UGC-SWAYAM team for their excellent monitoring and execution of the program through their technical support and extraordinary enthusiasm. Finally, I acknowledge and thank the services rendered by Ms. Miruthula, M. Sc towards technical and secretarial assistance.

PADMAVATHI GANAPATHI Dean - School of Physical Sciences and Computational Sciences Professor - Department of Computer Science Avinashilingam Institute for Home Science and Higher Education for Women (Deemed to be University) Coimbatore - 641043. 4

Brief Contents S.No

Contents

1.

Evolution of Cyber Law

2.

Ethical Concerns, Cyber Policies and Strategies

3.

Information Technology Act 2000 and ITA 2008

4.

Evidentiary Value of E – mail / SMS

5.

Cyber Crimes and Offences dealt with IPC

6.

Intellectual Property Rights in India

7.

Anti – Money Laundering Act

8.

Comparison of Indian Cyber Laws Exercises

Appendix A: Learn More Appendix B: Glossary Appendix C: Acronyms and Abbreviations Appendix D: Other Exercises Answers to the Objective Type Questions

**********************************************************************************

5

Contents S.No Chapter 1 1.1

Contents Evolution of Cyber Law Evolution of Cyber Law

1.1.1

Cyber Law Definition

1.1.2

Significance of Cyber Law

1.1.3

Basics approaches for creation of Cyber Laws

1.2 1.2.1

Legal, Ethical and Privacy Concerns Legal Aspects

1.2.1.1

Domain Name Issues

1.2.1.2

Spam

1.3 Chapter 2 2.1

Conclusion Ethical Concerns, Cyber Policies and Strategies Ethical Concerns in Computing

2.1.1

Personal Privacy

2.1.2

Access Right

2.1.3

Harmful Actions

2.2

Privacy Issues

2.2.1

Cookies

2.2.2

Web Bugs

2.2.3

Hacking

2.2.4

Spamming

2.3

Security Policies and Strategies

2.3.1

Guidelines associated with Security

2.3.2

Security Strategies

2.4 Chapter 3

Conclusion Information Technology Act 2000 and ITA 2008

3.1

Introduction Technology Act 2000 – ITA - 2008

3.1.1

Introduction to Information Technology Act 2000

3.1.2

Amendments Brought in by the IT Act 2000

3.1.3

Highlights of the Amended Act

6

3.1.4

Salient Features of the IT Act

3.1.5

Scheme of IT Act

3.1.6

Applications of the IT Act

3.1.7

Indian Act for Cyber Crime

3.1.8

Positive Aspects of the ITA 2000

3.1.9

Weak Areas of the ITA 2000

3.1.10

Disputes to Indian Law and Cyber Crime Schemes in India

3.1.11

Consequences of not addressing the Weakness in IT Act

3.1.12

ITAA 2008

3.2

Amendments with Special Reference to Cyber Crimes

3.3

Information Technology Amendment Act, 2008

3.4

Conclusion

Chapter 4 4.1

Evidentiary Value of E – Mail / SMS Evidentiary Value of E – Mail / SMS

4.1.1

Introduction to Evidentiary Value of E – Mail / SMS

4.1.2

Evidentiary Value of E-Mail

4.1.3

Evidentiary Value of SMS

4.2 Chapter 5

Conclusion Cyber Crimes and Offences Dealt with IPC

5.1

Cyber Crime and Offences Dealt with IPC

5.1.1

Introduction to Cyber Crime and Offences

5.1.2

Cyber Law

5.1.3

Indian Penal Code Act in India

5.2

Reserve Bank of India Act

5.2.1

Salient Features of Reserve Bank of India Act, 1934

5.2.2

Acts Governing RBI

5.2.3

RBI Dealing with Frauds (Crimes)

5.3 Chapter 6

Conclusion Intellectual Property Rights in India

6.1.1

Categories of Intellectual Assets

6.1.2

Privileges protected under Intellectual Property

6.2

Conclusion

7

Chapter 7 7.1

Anti – Money Laundering Act Anti – Money Laundering Act

7.1.1

Prevention of Money Laundering Act, 2002

7.1.2

Objectives of PMLA

7.1.3

Vital characteristics of the Anti – Money Laundering Act

7.2

Jurisdiction of Cyber Crime

7.3

Conclusion

Chapter 8

Comparison of Indian Cyber Laws

8.1

Comparison of Indian Cyber Law with other Countries

8.2

Cyber Security Awareness Tips

8.3

Conclusion Exercises Appendix A: Learn More Appendix B: Glossary Appendix C: Acronyms and Abbreviations Appendix D: Other Exercises Answers to the Objective Type Questions

**********************************************************************************

8

Chapter 1 Evolution of Cyber Law 1.1 Evolution of Cyber Law 1.1.1 Cyber Law Definition The legal issues associated with the use of communicative, transactional and distributed aspects of the network connected devices and technologies are encapsulated in a single form known as the Cyber law. The law that governs the cyber space is known as the Cyber law and is a broad term that covers the overall Internet and the World Wide Web with respect to legal and regulatory aspects. Anything concerned with or related to or emanating from any legal aspects or issues concerning any activity of citizens and others, in cyberspace comes within the ambit of cyber law. The existence of cyber law was due to the increase in the crimes committed over the internet, cyberspace or through the use of computer resources. Cyber law can also be defined as a term to describe lawful issues in relation to the use of computer or any communication technology. A framework that was designed to give legal recognition to every risk that arises with the usage of computer and its related networks is the Indian Context Cyber law. Several aspects that come under cyber law are intellectual property, data protection and privacy, freedom of expression and crimes committed using computers. 1.1.2 Significance of Cyber Law The cyber law scenario is globally more complicated than traditional laws due to the reason that a wide range of activities which are governed by these laws are largely technology driven, an area which is dynamically changing and is beyond anyone‘s control. While dealing with some serious legal problems, people expect the need of cyber laws to govern the new virtual world. The aim of cyber laws or cyber related laws worldwide is to harmonize the existing laws. Cyber laws are made to lessen the legal issues in future. Cyber law plays a predominant role in today‘s technology era as every transactions

and

communications

are

concerned

with

Internet

or

other

communication devices. Every action in the cyberspace has its own corresponding reaction that possess legal and cyber legal views even if one is ignorant about it. 9

1.1.3 Basic approaches for creation of Cyber Laws Following are the basic approaches for creation of Cyber Laws, which will ensure the smooth governance of Internet globally: 

Formulation of new laws and amendment of existing laws by nations within their present territorial boundaries thereby attempting to regulate all actions on the Internet that have any impact on their own population.



Nations may enter into multi-lateral international agreements to establish new and uniform rules specifically applicable to conduct on the Internet.



Creation of an entirely new international organisation, which can establish new rules and new means of enforcing those rules.



Guidelines and rules may naturally emerge from individual decisions like domain name and IP address registrations and by websites and users deciding about whom will they patronize. 1.2 Legal, Ethical and Privacy Concerns 1.2.1 Legal Aspects Making services and products available over the world wide web has paved

way to human advancement by means of cyberspace. The percentage of illegal offences such as cheating, and fraud were found to be high due to the virtual exchange of money and other transactions over the Internet. Despite being attractive, the cyber space seems to be dangerous too. Though the stored data in the web may appear to be safe from physical damage, it suffers from the virtual threat invasion. Hence, it is essential to step safer on the virtual terrains. Some of the legal issues that exists in cyber space can be generally divided into two types as displayed in figure 1.1 Domain Name Issues

Typo squatting Cyber squatting Pagejacking

Legal Aspects e-mailing in general Spam

e-mail from work

Figure 1.1 Legal Aspects in Cyberspace 10

1.2.1.1 Domain Name Issues The domain name issues are of three types namely: ˗ Typo squatting ˗ Cyber squatting ˗ Page jacking 

Typo Squatting When user tries to search for a particular domain site name, the cyber space

intentionally provides him/her with typographic errors. Here, the attacker registers a similar domain name of a high traffic site with minor typo error. The typo squatter receives an income for every time the user is fed with typographic errors. These sites may appear to be real but actually they are fake sites embedded with links that are redirected to paid advertisements, competitor‘s sites or sometimes pornographic sites. This results in the diversion of network traffic of the intended websites. An example for Typo squatting is displayed in figure 1.2.

Figure 1.2 An Example for Typo squatting 

Cyber Squatting It refers to the practice of registering names, especially a well-known

company or brand names with absolute trademark as Internet domains, in the hope of reselling them at a higher profit. An example for cyber squatting is displayed in figure 1.3. 11

Figure 1.3 An Example for Pagejacking 

Pagejacking It is the process of illegally copying legitimate website content to another

website design to replicate the original website. To accomplish this process, a fraudulent pagejacker copies a favorite webpage from a reputable site with its actual HTML code. An example for pagejacking is displayed in figure 1.4.

Figure 1.4 An Example for Pagejacking

12

1.2.1.2 Spam It is also referred to as the ―Unsolicited Bulk Email‖. An E-mail that is transmitted from one end to the other end experiences many difficulties in reaching its destination. This creates insecurity of the email contents as hackers modify it in the half-way. Some of the issues to be considered while sending email are as follows: ˗ E-mailing in general ˗ E-mail from work 

E-mailing in General The Internet Service Provider must release the contents of the email to those

government agents having a valid warrant. Hence, apart from hackers these agents are also capable of accessing an individual‘s email account. 

E-mail from Work Every mail that are generated, sent and received in the work place are

monitored by the administrator for reserved assessment and for getting approval from the organization. Hence, the employee‘s privacy are relatively very lessas he/she makes use of the work place equipment for this purpose. 1.3 Conclusion The rise and proliferation of newly developed technologies in recent years has led to the rise of various cybercrimes posing a major threat to individuals and organizations. Hence, this forced the country‘s social, cultural and security aspects to find ways in protecting themselves against cybercrime and its related attacks. This chapter deals with the evolution of cyber law, significance of cyber law, basic approaches for creation of cyber laws, legal, ethical and privacy concerns.

**********************************************************************************

13

Chapter 2 Ethical Concerns, Cyber Policies and Strategies 2.1 Ethical Concerns in Computing Information Technology (IT) plays a major role in commerce, industry, government, medicine, education, entertainment and society. Its economic and social benefits hardly need explanation. Like any other technologies, IT also has problematic implications and some negative impacts on the society. It poses and creates problems related to ethics. There are in general three main types of ethical issues that is displayed in figure 2.1. -Persona l privacy

Ethical Issues Harmful actions

-Access Rights

Figure 2.1 Ethical Issues in Computing 2.1.1 Personal Privacy In terms of personal privacy, IT enables data exchange of information on a large scale from anyone, from any locations or parts of the world, at any time. This increases the potential of disclosing information and violating the privacy of any individual and groups of people due to its widespread disseminations worldwide. It is a great challenge and responsibility to maintain the privacy and integrity of data regarding individuals. This also includes taking precautions to ensure the accuracy of data, as well as protecting it from unauthorized access or accidental disclosure to inappropriate individuals. 2.1.2 Access Right The second aspect of ethical issues in computing systems is access right. Due to the increasing popularity of international commerce on the Internet, the topic of computer security and access right has moved quickly from being a low priority for corporations and government agencies to a high priority. This interest has been 14

heightened by computer break-ins at places like Los Alamos National Laboratories and NASA in the US. Many attempts of such illegal access to United States government and military computers by computer hackers have been widely reported. Without implementation of proper computer security policies and strategies, network connections on the Internet can‘t be made secure from illegal accesses. 2.1.3 Harmful Actions In computer ethics, harmful action means injury or negative consequences, such as undesirable loss of information, loss of property, property damage, or unwanted environmental impacts. This principle prohibits use of computing technology in ways that result in harm to any of users, the general public, employees, and employers. Harmful actions include intentional destruction or modification of files and programs leading to serious loss of resources or unnecessary expenditure of human resources such as the time and effort required to purge systems from "computer viruses". 2.2 Privacy Issues With Information and Communication Revolution (ICR) pacing fast to broaden its horizon, the most reckless means of communication has been the Internet that took forms of e-mails, chats, browsing, etc. This led many people to rely on computers for fastest and easier way of communication. The cyber world and its related crimes have no territorial barriers, and this makes everything complex because evidence is very hard to come by. The vulnerability multiplies itself, as the border of global companies and governments extend to e-market places for their business processes. The major concern with these e-markets were privacy issues that play a dominating role in damaging every aspect of the individual. What is of far greater serious concern is that cyber worms can turn everything upside down. Along with these damages there exists various harassment techniques that targets an individual or a group of people thereby discarding all privacy barriers who carry out their activities online. With the privacy issue at centre stage, the important areas of discussion where insecurity from the technological front arises are displayed in figure 2.2.

15